Advanced Penetration Testing Notes
Information Gathering (part 2) Domain Name Services
whois Domain by proxy – pay extra to hide information like registrant name, organisation etc… nslookup for mail server, set type=mx for name server, set type = ns Zone files – zone transfer- all dns information – transfer form [view]
Acceso a ftp servers
acceso [view]
Ataque transversañ
XML con los passwords de FileZilla server a través de ataque de directorio transversal en el campo URL [view]
Injection code
comandos a través de la web la shell de php [view]
servidores web
Ip/WebDAV servicio en un website permite subir archivos (ej wamp) put test.txt se pueden subir webshells a /usr/share/webshells en php msfvenom is a combination of Msfpayload and Msfencode bisquedas de exploits msf > search xampp [view]
Arpspoofing MIM en SSL
arpspoof -I eth0 -t ip_1 ip_2 [view]
nmap
You can send requests through nc -sS is unfinished SYN Scan. Opens TCP connection. Some call it stealthy scan. -sT is TCP Connect. -sU is UDP, harder to detect, much slower These should be able to bypass filters { -sN (Null scan) sends no bits -sF (F [view]
recon
recon-ng show modules use [module] set source [src] run exit exit exploit-db.com/ghdb [view]
info gath i
theharvester maltego shodan.io netcraft.com [view]
Commands
apt-get install (Program) [view]
« First ‹ Previous 1 89 179 187 188 189 190 191 199 243 Next › Last »