Attacking Kerberos

Views: 21Kerberos Kerberos is the default authentication service for Microsoft Windows domains. It is intended to be more “secure” than NTLM by using third party ticket authorization as well as stronger encryption. Even though NTLM has a lot more attack vectors to choose from Kerberos still has a handful of underlying vulnerabilities just like NTLM … Read more

Linux Privilege Escalation

Views: 12Privilege escalation is all about: Collect – Enumeration, more enumeration and some more enumeration. Process – Sort through data, analyse and prioritisation. Search – Know what to search for and where to find the exploit code. Adapt – Customize the exploit, so it fits. Not every exploit work for every system “out of the … Read more

LINUX 101

Views: 8Linux File System Path Description / The top-level directory is the root filesystem and contains all of the files required to boot the operating system before other filesystems are mounted as well as the files required to boot the other filesystems. After boot, all of the other filesystems are mounted at standard mount points … Read more

Attacking Drupal

Views: 37Leveraging Known Vulnerabilities Over the years, Drupal core has suffered from a few serious remote code execution vulnerabilities, each dubbed Drupalgeddon. At the time of writing, there are 3 Drupalgeddon vulnerabilities in existence. Drupalgeddon Manual exploitation As stated previously, this flaw can be exploited by leveraging a pre-authentication SQL injection which can be used to … Read more

PenTest 101 – Cheat Sheet

Views: 36 Command Description sudo nano /etc/hosts Opens the /etc/hosts with nano to start adding hostnames sudo nmap -p 80,443,8000,8080,8180,8888,10000 –open -oA web_discovery -iL scope_list Runs an nmap scan using common web application ports based on a scope list (scope_list) and outputs to a file (web_discovery) in all formats (-oA) eyewitness –web -x web_discovery.xml -d <nameofdirectorytobecreated> Runs eyewitness using a … Read more

Gobuster Cheat Sheet

Views: 60Common Gobuster Commands dir Mode With content length dns Mode With Show IP Base domain validation warning when the base domain fails to resolve Wildcard DNS is also detected properly: vhost Mode s3 Mode Available Modes Switch Description dir Directory brute-forcing mode dns DNS subdomain brute-forcing mode vhost Virtual host brute-forcing mode (not the … Read more

Fuff – Cheat Sheet

Views: 48Ffuf commands Command Description ffuf -h ffuf help ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ Directory Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ Extension Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php Page Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v Recursive Fuzzing ffuf -w wordlist.txt:FUZZ -u https://FUZZ.nlabs.local/ Sub-domain Fuzzing ffuf -w wordlist.txt:FUZZ -u http://nlabs.local:PORT/ … Read more