Advanced Penetration Testing Notes

Linux Part 3 - Directories, myfile, and Nano

  touch myfile – creates a file mkdir mydirectory – creates directory cp  ../myfile . – copy file cp /home/Georgia/myfile  /home/Georgia/mydirectory/myfile- copies file into absolute path mv myfile myfile2 – moves file into [view]

By: Bishop | Related Lesson: Linux (part 3) - Directories, myfile and Nano | Modified: July 1, 2017

commands

pwd [view]

By: abraham17 | Related Lesson: Linux (part 2) Kali Linux Commands | Modified: July 1, 2017

Metasploite

www.exploite-db.com for readiing [view]

By: dhaval317 | Related Lesson: Metasploit (part 2) Fundamentals | Modified: July 1, 2017

attaching to an IP

attaching to an IP- showmount -e ip a network file system which is exportable mkdir /tmp/tmpdir mount -t nfs IP:/export/name /tmp/tmpdir can now copy .ssh key and now you can ssh into the machine with the cred of the user which was compromised pretty [view]

By: sirrush | Related Lesson: Exploitation (part 6) Attaching to an IP Address | Modified: July 3, 2017

backdoor ftp

backdoor in ftp no real exploit only googling old backdoor using a :) after any supposed login it opens a backdoor on another port, after that attempted login which will fail. [view]

By: sirrush | Related Lesson: Exploitation (part 5) Using Backdoor to Access an FTP Server | Modified: July 1, 2017

open src

exploiting tikiwiki using msf as there are several flaws with that current versoin of tikiwiki     [view]

By: sirrush | Related Lesson: Exploitation (part 4) Open Source Vulnerability | Modified: July 1, 2017

directory traversal

directory traversal the old ../../../../../ stuff to break out of the www directory and go into the filesystem and various folders. filezilla ftp where it downloads the xml file which contains user and passwds for ftp which may be the same as actual [view]

By: sirrush | Related Lesson: Exploitation (part 3) Directory Traversal | Modified: July 1, 2017

SQL commands

sql commands unprotected admin page allowed access to mysql queries page if you got this page then you can go ahead and setup a simple php backdoor to get a cmd the shell is basically executing blind RCE where it sends information to a text and so th [view]

By: sirrush | Related Lesson: Exploitation (part 2) SQL Commands | Modified: July 1, 2017

direct exploitation

direct exploitation found default creds getting code to execute /usr/share/webshells prebuilt webshells can use msfvenom to create a script of several different types of scripting languages and file formats. setting exitonsession false that will allo [view]

By: sirrush | Related Lesson: Exploitation (part 1) Direct Exploitation | Modified: July 1, 2017

ssl stripping

stripping the ssl cert using sslstrip it makes a valid cert attacker gets the ssl but then strips and sends to target as http. when the target tries to access a SSL site and requests are sent to the attacker machine where it uses SSL to forward to de [view]

By: sirrush | Related Lesson: Traffic Capture (part 6) SSL Stripping | Modified: July 1, 2017

« First ‹ Previous 1 23 113 121 122 123 124 125 133 223 243 Next › Last »

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel