Tag: hacking

OSINT

OSINT – Part 2

Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence. OSINT includes all publicly accessible sources of information, such as: – Media – Web-based …

Metasploit

Setup Metasploit Database

Try reconfigure Metasploit dpkg-reconfigure metasploit-frameworkdpkg-reconfigure metasploit-framework Start postgresql systemctl start postgresql.servicesystemctl start postgresql.service Initialize database msfdb initmsfdb init Run metasploit msfconsolemsfconsole Connect to database db_connect -y /usr/share/metasploit-framework/config/database.ymldb_connect -y /usr/share/metasploit-framework/config/database.yml Rebuild cache db_rebuild_cachedb_rebuild_cache Run postgresql at startup systemctl enable postgresql.servicesystemctl enable postgresql.service

OSINT

OSINT – Part 1

Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence. OSINT includes all publicly accessible sources of information, such as: – Media – Web-based …

Hacking, Penetration Testing

Install latest Wireshark on Debian

Add backports to your sources.list For jessie add this line: deb http://ftp.debian.org/debian jessie-backports maindeb http://ftp.debian.org/debian jessie-backports main to your sources.list sudo apt-get updatesudo apt-get update ..the public key is not available.. gpg –keyserver pgpkeys.mit.edu –recv-key xxxxxxxxxxxxxxxxxgpg –keyserver pgpkeys.mit.edu –recv-key xxxxxxxxxxxxxxxxx gpg -a –export xxxxxxxxxxxxxxxxx | sudo apt-key add -gpg -a –export xxxxxxxxxxxxxxxxx | sudo apt-key …

Hacking, Penetration Testing

Exploit Database – a repository for exploits and PoCs

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit …

Hacking, Metasploit, RedTeaming

Simple Background HTTPS Reverse Meterpreter

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more. Msfvenom is the combination of payload generation and encoding. msfvenom usage Usage: …

Disassembling, Radare2, Reversing

Disassembling functions with Radare2

Analyze binary file and its symbols Method 1 radare2 -A c:\Windows\SysWOW64\ntdll.dllradare2 -A c:\Windows\SysWOW64\ntdll.dll Method 2 radare2 c:\Windows\SysWOW64\ntdll.dllradare2 c:\Windows\SysWOW64\ntdll.dll Inside radare2 terminal, type: aaaaaa and hit enter. Disassembling a function Inside radare2 terminal, type: pdf @ sym.ntdll.dll_RtlCreateRegistryKeypdf @ sym.ntdll.dll_RtlCreateRegistryKey You can use tab completion here. Try this instead: pdf @ sym.ntdll.dll_RtlCreateRpdf @ sym.ntdll.dll_RtlCreateR and hit Tab.

SMB

Identify valid credentials within a network

CredNinja is a multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB. This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations (including some additions below), it …

Active Directory

Active Directory enumeration from non-domain system

ADEnumerator allows red teamers to query LDAP with a standard user account from a system not joined to a domain. It’s common that during a red team assessment you will harvest credentials from printers, files, etc. But sometimes you don’t know what these credentials do. Instead of throwing the one set of credentials you got …

Nessus

Nessus _qdb_open: invalid table of contents

1. You start Nessus and you get an error while connecting to https://127.0.0.1:8834. 2. You run nessuscli and you get an error indicating: blah blah _qdb_open: invalid table of contents Stop Nessus service service nessusd stopservice nessusd stop Repair Nessus /opt/nessus/sbin/nessusd -R/opt/nessus/sbin/nessusd -R Start Nessus service service nessusd startservice nessusd start