OffSec Blog

“The quieter you become, the more you are able to hear”
Menu Menu
  • Enumeration and Recon
    • Recon Tools
    • OSINT
    • Vulnerability Scanning
    • Windows Enumeration
    • Linux Enumeration
    • SNMP Enum
    • SMB Enum
    • Web Enum
    • CMS Enum
    • Phishing
  • Exploiting Vulnerabilities
    • Buffer Overflow
    • Windows
    • Linux
    • Web
      • Bypassing File Upload Restrictions
      • LFI/RFI
      • SQL Injection
      • XSS
    • Reverse Shell
    • Metasploit Payloads
  • Post Exploitation
    • General
    • Linux
    • Windows
    • Pivoting

Category: Category: Enumeration and Recon

Protected: Bug Bounty Recon – Notes

July 29, 2019
 |  No Comments
 |  Bug Bounties, Enumeration and Recon

There is no excerpt because this is a protected post.

Read More →

Decrypting SSL/TLS Traffic with SSLSESSIONKEY and Wireshark

April 15, 2019
 |  No Comments
 |  Network Mapping, Recon Tools, Web Enum

Decrypting SSL/TLS traffic from browser (Firefox / Chrome) is possible by using a SSL Session Key, that gets written […]

Read More →

Port scanning – alternative

March 17, 2019
 |  No Comments
 |  Enumeration and Recon, Network Mapping

Alternative port scanning tools. Portscan with netcat Scans specific IP between tcp port 20 – 65000.

1
2
for i in $(seq 20 65000); do nc -zv 10.xx.xx.xx $i 2>&1;done | grep open
 

Check open […]

Read More →

SMB Enumeration

March 16, 2019
 |  No Comments
 |  Enumeration and Recon, SMB Enum

SMB Enumeration and recon notes. SMB null sessions are unauthenticated sessions against smb shares, and anonymous access to hidden […]

Read More →

Monitor bandwidth consumption with iptables

March 15, 2019
 |  No Comments
 |  Enumeration and Recon, Network Mapping

A method to measure how much bandwidth is consumed for e.g. a nmap scan against a specific host can […]

Read More →

SNMP Enumeration

March 14, 2019
 |  No Comments
 |  Enumeration and Recon, SNMP Enum

  Scan for SNMP and filter out IP addresses that runs SNMP:

1
2
nmap -sU --open -p 161 10.10.10.1-254 -oG -| awk '/Up$/{print $2}'
 

or generate IP hosts with following […]

Read More →

Port knocking

 |  No Comments
 |  Enumeration and Recon, Network Mapping

Port knocking is a method of obscuring the services that you have running on your machine. It allows your […]

Read More →

Linux Enum

February 26, 2019
 |  No Comments
 |  Linux Enumeration

Useful tools and methods to do Linux Enumeration. LinEnum.sh Collect Linux info – exploit suggest and priv escalation https://github.com/rebootuser/LinEnum.git […]

Read More →

Vulnerability Scanning – OpenVAS

February 25, 2019
 |  No Comments
 |  Vulnerability Scanning

This post covers setting up OpenVAS9 Greenbone Security Assistant. The Dashboard: OpenVAS (Open Vulnerability Assessment System) is an opensource […]

Read More →

XXE/XML Attack

February 24, 2019
 |  No Comments
 |  Web Enum

Malicious DTD Following snippet can be used to get Local File Inclusion or Remote Command Execution on vulnerable XML. […]

Read More →

Posts navigation

1 2 Next

Category

  • Enumeration and Recon
    • Bug Bounties
    • CMS Enum
    • Linux Enumeration
    • Network Mapping
    • Recon Tools
    • SMB Enum
    • SNMP Enum
    • Vulnerability Scanning
    • Web Enum
    • Windows Enumeration
  • Exploiting Vulnerabilities
    • Metasploit Payloads
    • Reverse Shell
    • Web Exploiting
      • Bypassing File Upload Restrictions
      • LFI/RFI
      • SQL Injection
      • XSS
    • Windows
  • Post Exploitation
    • General
    • Linux
    • Pivoting
    • Windows
  • Uncategorized

Archives

  • July 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019

Meta

  • Log in
ClOSE SIDEBAR
OPEN SIDEBAR
Full Page