-
Initial (network) enumeration Check where a service is hosted by quering the nameserver records for our target domain: host -t ns $domain Get more information / confirmation via a whois query to one previously found domain. whois $previouslyFoundDomain Check where a host is running: host $domainhost $ipFromTheDomain Check more domains of this organisation / of…
-
Mirroring gittyleaks: Execute within a local repository the command gittyleaks --find-anything. git-secrets: Scans (only) commit messages for sensitive information with git secrets --scan-history. truffleHog: Scans repos and prints out information with a high entropy: Execute it with trufflehog $repo_dir. git-secret-scanner: Scans a repo with git-secret-scanner scan -d $git_repo. Other tools
-
responder: Listen with responder on a network and wait for AD systems to ask for a DC. This can reveal a NTLM hash. (Source) Start responder on the own system: sudo responder -I tun0 --wpad Connect from the target system to this system via smb. In the Windows explorer, or in the command line via dir…
-
General objectives Organizing template Web ressources Tools Notes
-
Enumeration Aktuell angemeldete Benutzer anzeigen finger @ip Benutzer-Enumeration for username in $(cat cirt-default-usernames.txt); do finger $username@10.10.10.76 >> /tmp/finger; done Enumeration mit Metasploit: msf5 > use auxiliary/scanner/finger/finger_users msf5 auxiliary(scanner/finger/finger_users) > set rhosts 10.10.10.76 rhosts => 10.10.10.76 msf5 auxiliary(scanner/finger/finger_users) > run Exploits Auf sehr alten Systemen konnte man https://insecure.org/sploits_all.html zufolge Befehle ausführen, etwa mit finger "|/bin/id@host'
-
tcpdump Get incoming ICMP packets: sudo tcpdump -i any icmp and src host $target Nützliche Parameter Domains nicht auflösen, IPs anzeigen -n Dump der Daten anzeigen -X Paket in ASCII anzeigen -A Umgang mit Dateien Dump in Datei schreiben tcpdump -w file Dump aus Datei lesen tcpdump -r file Standard-Abfragen tcpdump -n src|dst 10.10.10.10 and port…
-
See a packet in its context Kontextmenü, Follow auswählen Show only ICMP packets from a host tcpdump host 10.11.1.128 and icmp -i tun0 Show other systems communicating outside the own address ip.addr == 10.11.1.0/24 && !(ip.addr == 192.168.119.0/24) && ! dns && !browser && !ssdp && !nbns && !llmnr Record audio Wireshark can transform captured audio…
-
Routing-Tabelle ansehen netstat -r Schnelle Ausgabe ohne DNS-Auflösung, nur IPs: netstat -n Nur TCP-Verbindungen anzeigen netstat -t Nur UDP-Verbindungen anzeigen netstat -u Programm anzeigen, dass offene Verbindung benutzt netstat -p Netzwerkstatistik anzeigen netstat -s
-
See also the Wireshark post PSnuffle Metasploit module; analyse the live traffic for credentials of various protocols. msf > use auxiliary/sniffer/psnuffle PCredz PCredz uses a PCAP file and extracts hashes and other credentials. pcredz -f dump.pcap Zeek GitHub — zeek/zeek: Zeek is a powerful network analysis framework that is much different from the typical IDS you…
-
Sniffing and live content filtering. Operation modes: Unified: sniffs all packets from one interface. Packets for an attack host are ending here, but are directly forwarded after receiving Bridget: Forwards traffic from one interface to another. Absolutely secret because there is really no one “between the cable” Usage ettercap OPTIONS TARGET1 TARGET2 Targets are defined as MAC/IPv4s/IPv6s/PORT…
-
Passive OS fingerprinting http://tools.kali.org/information-gathering/p0f
-
Active Information Gathering tool. See http://tools.kali.org/information-gathering/dmitry
-
=> https://www.exploit-db.com/google-hacking-database => https://ahrefs.com/blog/google-advanced-search-operators/ => https://searchdns.netcraft.com/ Github Search for file names within repos of users: user:megacorpone filename:users Tools Google Looking for directory listings: site:URL intitle:index.of Looking for configuration files: site:URL ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini Looking for datebase files: site:URL ext:sql | ext:dbf |…