Advanced Penetration Testing Notes

Traffic Capture: ettercap

ettercap is a tool used to break ssl connections (Man-in-the-Middle) Should use SSL Secure Socket Layer should be used when sending sensitive data cross the network. https ettercap -Ti eth0 -M arp:remote /192/168.1.1 /192/168/1/76 arpspoof -i eth0 19 [view]

By: rspeight10 | Related Lesson: Traffic Capture (part 5) ettercap | Modified: May 16, 2017

DNS

DNS (Domain Name Service) DNS translate www.gmail to its IP address DNS can be spoofed DNS Cache Poisoning dnsspoof -i reth0 -f host.txt arpspoof -i eth0 -t 192.168.1.1 192.168.1.80 (gateway) arpspoof -i eth0 -t 192.168.1.80 192.168.1.1 (gateway) htt [view]

By: rspeight10 | Related Lesson: Traffic Capture (part 4) DNS | Modified: May 16, 2017

Address Resolution Protocol

Address Resolution Protocol (ARP) it translate the IP address to a MAC address. ARP spoofing (network switch, gateway) Tools – Arpspoof — Logged onto server 192.168.1.76 arpspoof -i eth0 -t 192.168.1.76 192.168.1.80 (will have to forward [view]

By: rspeight10 | Related Lesson: Traffic Capture (part 3) Address Resolution Protocol ARP | Modified: May 16, 2017

Analyzing Network Pt. 2

wireshark (network protocol analyzer) captures traffic turn off promiscuous mode switch network should niot be able to see other networks unable to see traffic in plain text (Ftp), to see plain text you will need to reverse engineer ip.dst==192.168.1 [view]


Vulnerability "Zervit"

Zervit Zervit Dir Listing 192.168.1.76:3232 192.168.1.76:3232/index.html?   [view]

By: rspeight10 | Related Lesson: Vulnerability Scanning (part 6) Directory Transversals | Modified: May 16, 2017

WebApp

Tomcat Apache Jboss Powermgmt MySQL -h 192.168.1.76 https://192.h https://192.168.1.76/webdev cavdaver http://192.168.1.76/webdev xampp 1.7.2 wampp xampp //192.168.1.76/phpmyadmin (brings up MySQL gui) Apache 192.168.1.80 192.168.1.80./tomcat dirbust [view]

By: rspeight10 | Related Lesson: Vulnerability Scanning (part 5) WebApp, XAMPP, WEBDAV, nikto | Modified: May 16, 2017

metaploit "Auxiliary"

msfconsole service postgresel start service metaploit start use auxiliary/scanner/ftp/anonymous set RHOST file:/root/livehosts.txt cat classscn.gnmap cat classcan.gnmap| grep Up cat classcan.gnmap| grep Up | cut -d ” ” .f 2 cat classcan.g [view]

By: rspeight10 | Related Lesson: Vulnerability Scanning (part 4) Metasploit | Modified: May 16, 2017

Kali Linux

Kali Linux is the tool we are going to be using [view]

By: Kelvin Karnga | Related Lesson: Linux (part 1) | Modified: May 13, 2017

python.py

#!/usr/bin/python import socket ip = raw_input(”Enter the IP address: ”) port = input(”Enter the port number: ”) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if sock.connect_ex((ip,port)) :              [view]

By: hareeshachu | Related Lesson: Programming (part 4) Python for Port Scanning | Modified: May 13, 2017

ping.sh

#!/bin/bash if [ ”$1” == ”” ] then echo ”Usage: ./ping.sh [network] echo ”Example: ./ping.sh 192.168.1” esle for x in ’seq 1 254’ ; d0 ping -c 1 $1.$x | grep ”64 bytes” | cut -d ” [view]

By: hareeshachu | Related Lesson: Programming (part 3) Network Pings | Modified: May 13, 2017

« First ‹ Previous 1 43 133 141 142 143 144 145 153 243 Next › Last »

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel