Advanced Penetration Testing Notes
traffic cap - analyze network protocol
captures traffic on network turn off permiscuous mode go to cli and connect to networks or ping or ftp and capture trafic convert hex? ftp credentials will be sent in plain text in packets [view]
directory traversal
manual testing directory traversal allows you to move out of the webserver directory to access other parts of the file system  netcat a port -> show options -> then you can do things like use the verify option to verify a user account exists [view]
vuln scan part 5
xampp might have webdav on it you can talk to wbdav via cadava if it asks for credentials look them aup on google theres a metasploit for that webdav is used to upload files  section2: check xampp for url/phpmyadmin on web servers Tool1: dirbuster  [view]
Metsploit vuln scanning
service postgresql start service metasploit start 1) use ausiliary/scanner/ftp/anonymous 2) show options 3) set RHOSTS (options) can use gnmap cat of file to grep ex: cat classscan.gnmap | grep Up | cut -d ” ” -f 2 sort -u > live hos [view]
NMAP scripting Engine
nmap –script-help =  show help options for categories ex: nmap –script-help smb-check-vulnb directory for nmap scripts = /usr/share/nmap/scripts some nmap scripts can bring down a service 1) nmap -sC ’ip’ ’ip’ [view]
vul scanner
do manual analysis verify results nesus: service nessusd start   = to start nessus apache server nessus port is 8834  ms-0867 [view]
mod5 port scanning
Part 5 NMAP and Port Scanning netcat nc ’ip’ ’port’  = will check if port is open nc -v ’ip’ port’   = verbosely man nmap OR nmap.org  =  reference nmap ’scan-type’ ’host/ip’ - [view]
FOR Loop
for i in `seq 1 254` ; do ping $ip.$i done [view]
11
SSL = Secure Socket Layer [view]
1
Wireshark [view]
« First ‹ Previous 1 104 194 202 203 204 205 206 214 243 Next › Last »