akde/infosec

Information security is ultimately about managing risk


  • Like OSX­col­lec­tor, but for Win­dows. Col­lects infor­ma­tion on a host for lat­er analyzation. https://www.fireeye.com/services/freeware/redline.html


  • osx­col­lec­tor http://yelp.github.io/osxcollector/ Stand alone python script. Exe­cute it on a Mac which should be analysed. It cre­ates an archive with “every­thing” inter­esst­ing which the vic­tim can hand over an expert. See red­line for Windows


  • See also the Wire­shark post PSnuffle Metas­ploit mod­ule; analyse the live traf­fic for cre­den­tials of var­i­ous protocols. msf > use auxiliary/sniffer/psnuffle PCredz PCredz uses a PCAP file and extracts hash­es and oth­er credentials. pcredz -f dump.pcap Zeek GitHub — zeek/zeek: Zeek is a pow­er­ful net­work analy­sis frame­work that is much dif­fer­ent from the typ­i­cal IDS you…


  • Sniff­ing and live con­tent fil­ter­ing. Oper­a­tion modes: Uni­fied:  sniffs all pack­ets from one inter­face. Pack­ets for an attack host are end­ing here, but are direct­ly for­ward­ed after receiving Brid­get: For­wards traf­fic from one inter­face to anoth­er. Absolute­ly secret because there is real­ly no one “between the cable” Usage ettercap OPTIONS TARGET1 TARGET2 Tar­gets are defined as MAC/IPv4s/IPv6s/PORT…


  • Pas­sive OS fingerprinting http://tools.kali.org/information-gathering/p0f


  • Dis­trib­uted port scan­ning. Install dnmap_client on many machines and install one dnsmap_server. The serv­er con­trols the clients to split port scans. http://tools.kali.org/information-gathering/dnmap


  • Active Infor­ma­tion Gath­er­ing tool. See http://tools.kali.org/information-gathering/dmitry


  • Analy­ses SSL https://github.com/nabla-c0d3/sslyze python ‑m sslyze –reg­u­lar URL


  • => https://www.exploit-db.com/google-hacking-database => https://ahrefs.com/blog/google-advanced-search-operators/ => https://searchdns.netcraft.com/ Github Search for file names with­in repos of users: user:megacorpone filename:users Tools Google Look­ing for direc­to­ry listings: site:URL intitle:index.of Look­ing for con­fig­u­ra­tion files: site:URL ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini Look­ing for date­base files: site:URL ext:sql | ext:dbf |…


  • Enumeration Github wpscan --url $target Maybe an API token could be use­ful — then, the Word­Press Vul­ner­a­bil­i­ty Data­base is used. Login brute force hydra -l thinc -P best110.txt 10.11.1.234 -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location' Check users: http://spectra.htb/main/?author=1 http://spectra.htb/main/?author=2 … Most beautiful wordpress plugin XSS injection If there is a way to inject code some­where (e.g. via a plu­g­in)…


  • Web serv­er scanner ./nikto.pl ‑host <IP> scans a host and cre­ates a report with details and pos­si­ble vulnerabilities. Inter­est­ing parameters: -eva­sion [12345678AB] (see options) -mutate (see options) -Pause -Save -T (see options)


About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';