07 2019 档案
摘要:Pivoting 1. Edit the virtual network settings of the Vmware. 2. Set the Network Adapter(s) of Kali Linux, IE8-Win7 and Kioptrix Level 1 as showed in t
阅读全文
摘要:Post-Exploit Password Attacks 1. Crack using the tool - john (Too slow in real world) Locate the rockyou file. Conbine the files and save as unshadow.
阅读全文
摘要:Windows Post Exploitation Target Server: IE8-Win 7 VM 1. Download and upload the fgdump, PwDump7, wce and netcat into the IEUser folder on Windows 7.
阅读全文
摘要:Linux Post Exploitation Target Sever: Kioptrix Level 1 1. Search the payloads types. All the payload type in Metasploit are showing as below: 2.Try to
阅读全文
摘要:Privilege Escalation Download the Basic-penetration testing virtual machine from the following website: https://www.vulnhub.com/entry/basic-pentesting
阅读全文
摘要:Metasploit Attack Target Server: IE8 on WinXP 1.Start the Metasploit. 2.Select 2)Website Attack Vectors. 3.Select 1)Java Applet Attack Method. 4.Selec
阅读全文
摘要:Metasploit Target Server: Kioptrix Level 1 (1) Start the Metasploit on Kali Linux. (2) Set the module and options. (3)Exploit the Kioptrix Level 1 ser
阅读全文
摘要:File transfer type: 1. HTTP Transfer files through the website. 2.wget 3.FTP python FTP (1)Install python FTP on the Kali Linux. (2)Move to the target
阅读全文
摘要:Remote File Inclusion[RFI] Prepare: Download the DVWA from the following website and deploy it on your server. http://www.dvwa.co.uk/ Install XAMPP an
阅读全文
摘要:Local File Inclusion[LFI] Target Pentester Lab: Download from the following website: https://www.vulnhub.com/entry/pentester-lab-php-include-and-post-
阅读全文
摘要:SQL Injection[SQLi] Refrence: SQL Injection Authentication Bypass Cheat Sheet https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-c
阅读全文
摘要:Cross-Site Scripting(XSS) 1. Using the tool - netdiscover to find the IP of target server. 2.Browser the website http://10.0.0.21 through Firefox. 3.
阅读全文
摘要:Installing XSS&MySQL FILE Download the Pentester Lab: XSS and MySQL FILE from the following website: https://www.vulnhub.com/entry/pentester-lab-xss-a
阅读全文
摘要:Tool: Metasploit 1. Start the msfconsole tool. 2.Search ssh related modules. 3.Use the "auxiliary/scanner/ssh/ssh_login" module and set the options, s
阅读全文
摘要:Tools: 3. hydra Hydra v8.9.1 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Synt
阅读全文
摘要:Pre-Exploit Password Attacks Tools: 1. ncrack Ncrack 0.6 ( http://ncrack.org )Usage: ncrack [Options] {target and service specification}TARGET SPECIFI
阅读全文
摘要:Antivirus Bypassing Tools: Kali Linux Detection Platform: https://www.virustotal.com/gui/home/upload 1. 2. 3.
阅读全文
摘要:Java Applet Attacks Download virtual machines from the following website: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ 1. Reset the
阅读全文
摘要:Client Side Attacks Tool: setoolkit 1. Start setoolkit on Kali Linux. 2. Select 1) Social-Engineering Attacks 3. Select 2)Website Attack Vectors. 4. S
阅读全文
摘要:Modifying Shellcode 1. Search “vulnserver exploit code” on the Internet. Find the following website: http://sh3llc0d3r.com/vulnserver-trun-command-buf
阅读全文
摘要:Compiling an Exploit Exercise: samba exploit 1. Search and download the samba exploit source code from Exploit Database. https://www.exploit-db.com/ex
阅读全文
摘要:Gaining Root with Metasploit Platform: Kali Linux, Kioptrix Level 1 1. Find the IP of Kioptirx 2. Scan the Kioptrix server and analyst the result. 3.
阅读全文
摘要:Generating Shellcode & Gaining Root 1.Generate the shellcode on Kali Linux. LHOST is the IP of Kali Linux. 2. Write the exploit.py and chmod the 777 r
阅读全文
摘要:Finding the Right Module(mona) Mona Module Project website: https://github.com/corelan/mona 1. Download mona.py, and drop it into the 'OyCommands' fil
阅读全文
