Advanced Penetration Testing Notes

Information Gathering (part 2) Domain Name Services

whois Domain by proxy – pay extra to hide information like registrant name, organisation etc… nslookup for mail server, set type=mx for name server, set type = ns Zone files – zone transfer- all dns information – transfer form [view]

By: lsec0ni | Related Lesson: Information Gathering (part 2) Domain Name Services | Modified: January 18, 2017

Acceso a ftp servers

acceso [view]

By: rperaltad | Related Lesson: Exploitation (part 5) Using Backdoor to Access an FTP Server | Modified: January 18, 2017

Ataque transversañ

XML con los passwords de FileZilla server a través de ataque de directorio transversal en el campo URL [view]

By: rperaltad | Related Lesson: Exploitation (part 3) Directory Traversal | Modified: January 18, 2017

Injection code

comandos a través de la web la shell de php [view]

By: rperaltad | Related Lesson: Exploitation (part 2) SQL Commands | Modified: January 18, 2017

servidores web

Ip/WebDAV servicio en un website permite subir archivos (ej wamp) put test.txt se pueden subir webshells a /usr/share/webshells en php msfvenom is a combination of Msfpayload and Msfencode bisquedas de exploits msf > search xampp [view]

By: rperaltad | Related Lesson: Exploitation (part 1) Direct Exploitation | Modified: January 18, 2017

Arpspoofing MIM en SSL

arpspoof -I eth0 -t ip_1 ip_2 [view]

By: rperaltad | Related Lesson: Traffic Capture (part 5) ettercap | Modified: January 18, 2017

nmap

You can send requests through nc -sS is unfinished SYN Scan. Opens TCP connection. Some call it stealthy scan. -sT is TCP Connect. -sU is UDP, harder to detect, much slower These should be able to bypass filters { -sN (Null scan) sends no bits -sF (F [view]