-
Fingerprintjs2 collects a vast amount of browser configurations. Victims could be brought to visit a site which contains this JS which sends the information back to the attacker. See OSCP 414ff
-
General objectives Organizing template Web ressources Tools Notes
-
General notes NC / Netcat Try netcat first on interesting ports or narrow port ranges to be more silent Network scan Choose a port which is probably open on systems on this network. E.g. 445 for Windows hosts or 22 for Linux hosts. for i in $(seq 1 254); do nc -zv -w 1 10.10.10.$i 445;…
-
Linux Detect IPv6 hosts There is no arp table like in Ethernet/IPv4. But we can simulate is as follows to list all neightbours / directly reachable hosts: ping6 -c 5 ff02::1%eth0 >/dev/null ip -6 neigh Bonus: ip neigh shows the IPv4 address resolution table like the arp command does. Detect IPv6 addresses for known IPv4 addresses Scenario:…
-
Passive OS fingerprinting http://tools.kali.org/information-gathering/p0f
-
Distributed port scanning. Install dnmap_client on many machines and install one dnsmap_server. The server controls the clients to split port scans. http://tools.kali.org/information-gathering/dnmap
-
Active Information Gathering tool. See http://tools.kali.org/information-gathering/dmitry
-
Analyses SSL https://github.com/nabla-c0d3/sslyze python ‑m sslyze –regular URL
-
=> https://www.exploit-db.com/google-hacking-database => https://ahrefs.com/blog/google-advanced-search-operators/ => https://searchdns.netcraft.com/ Github Search for file names within repos of users: user:megacorpone filename:users Tools Google Looking for directory listings: site:URL intitle:index.of Looking for configuration files: site:URL ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini Looking for datebase files: site:URL ext:sql | ext:dbf |…