If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port. This page deals with the former. Your options for creating a reverse shell are limited … Read more Penetration Testing Red Team Reverse Shell Cheat Sheet
Be careful, it might not all be malware, adware, PUPs and innocuous traffic is in play. Download PCAP : netstream VM executables used will be included in the next post. 2016-08-25 20:40:37.831293 IP 192.168.1.102.51776 > 126.96.36.199.80: Flags [P.], seq 0:267, ack 1, win 256, length 267: HTTP: GET /cgi-bin/get_protect.cgi?checking=true&version=gmsd_us_233&forceGEO=US HTTP/1.1 E..3?…..~^…f%….@.P.._.p?..P…^…GET /cgi-bin/get_protect.cgi?checking=true&version=gmsd_us_233&forceGEO=US HTTP/1.1 Content-Type: application/x-www-form-urlencoded … Read more Malware PCAP Traffic Analysis – Can you name the different types of malware?
Watch this hacker find an unsuspecting target – A PRINTER! and compromise it using the web admin portal and load tools onto the printer to further compromise printers and use a DDoS tool from the printer. Most assessments that I have been on and through consulting I have made it a priority to print a … Read more Are your printers secure? Cyber Security Video how Hackers are hacking Printers and Backdooring them
Here are some simple command line tricks to help while doing recon on your target network/host A simple way to automatically resolve domain names, can be used with a for loop to resolve a massive list of domain names, you can also add a cronjob and create an .out file if you want to track … Read more Penetration Testing Reconassaince Command Line Tricks Dig, Mass Domain Resolution, Ping Sweeping
Network Pivoting using SSH tunneling and forwarding: Is Microsoft Network Monitor was installed? If so, depending on which version, you may have to run netmon, netcap, or nmcap, each of which has slightly different features and syntax. For example, if Network Monitor 3 is installed running, you could execute the following command at a shell prompt: C:\> … Read more Cheat Sheet How to pass the OSCP Offensive Security Certified Professional Exam Step-by-Step Guide – Network Pivoting – PART 7
SQL Injection Commands SELECT * FROM Users WHERE Username=’$username’ AND Password=’$password’ A similar query is generally used from the web application in order to authenticate a user. If the query returns a value it means that inside the database a user with that set of credentials exists, then the user is allowed to login … Read more Cheat Sheet How to pass the OSCP Offensive Security Certified Professional Exam Step-by-Step Guide- SQLi XSS Web App Attacks – PART 5
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 33,000 in total (as of December 2013). All OpenVAS products are Free Software. … Read more Cheat Sheet How to pass the OSCP Offensive Security Certified Professional Exam Step-by-Step Guide- Vulnerability Scanning – PART 4
Directory Brute Forcing and Service Brute Forcing The OSCP exam will almost certainly have a service that you can brute force a local or admin account on, there will also be webservers that will have unlinked content that you can find such as password files, user accounts and developer portals that provide easy access. You … Read more Cheat Sheet How to pass the OSCP Offensive Security Certified Professional Exam Step-by-Step Guide- Directory/Service Brute Forcing – PART 3