Tag: pentest

C/C++, libCurl

Send email using Gmail, C and libcurl – Part 1

libcurl is a free and easy-to-use client-side URL transfer library, supporting DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, …

OWASP, Penetration Testing

OWASP Secure Headers

OWASP Secure Headers Project involves setting headers from the server is easy and often doesn’t require any code changes. Once set, they can restrict modern browsers from running into easily preventable vulnerabilities. OWASP Secure Headers Project intends to raise awareness and use of these headers. – https://www.owasp.org/index.php/OWASP_Secure_Headers_Project Response Headers * HTTP Strict Transport Security (HSTS) …

Web Penetration Testing

Web application bruteforcer

Wfuzz is a tool designed to brutefore web applications, it’s very flexible, it supports: Recursion (when doing directory discovery) Post data bruteforcing Header bruteforcing Output to HTML (easy for just clicking the links and checking the page, even with postdata!) Colored output Hide results by return code, word numbers, line numbers, etc. Url encoding Cookies …

Hacking, OSINT, Penetration Testing, Reconnaissance

Passive information gathering

Search Engines Gather information using search engines results Google Bing Reverse IP lookup using Bing: IP:x.y.z.yIP:x.y.z.y Yahoo Social Networking Sites Gather information using social networking websites Google+ LinkedIn Instagram Facebook Twitter Online databases Gather information using online databases whois shodan netcraft robtex dnshistory Online Tools Gather information using online tools mxtoolbox domain tools SSL Server …

Hacking, Penetration Testing

Exploit Database – a repository for exploits and PoCs

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit …

Penetration Testing, Phishing, Social Engineering

Prepare your Debian server to host a phishing site

It should be noted that the following guide has been tested and it is working for Debian 8.5-8.6. Update your system sudo apt-get updatesudo apt-get update sudo apt-get dist-upgradesudo apt-get dist-upgrade Install MySQL sudo apt-get install mysql-serversudo apt-get install mysql-server Activate MySQL sudo mysql_install_dbsudo mysql_install_db Configure MySQL sudo /usr/bin/mysql_secure_installationsudo /usr/bin/mysql_secure_installation Install PHP sudo apt-get install …

SMB

Identify valid credentials within a network

CredNinja is a multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB. This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations (including some additions below), it …

Active Directory

Active Directory enumeration from non-domain system

ADEnumerator allows red teamers to query LDAP with a standard user account from a system not joined to a domain. It’s common that during a red team assessment you will harvest credentials from printers, files, etc. But sometimes you don’t know what these credentials do. Instead of throwing the one set of credentials you got …

Nessus

Nessus _qdb_open: invalid table of contents

1. You start Nessus and you get an error while connecting to https://127.0.0.1:8834. 2. You run nessuscli and you get an error indicating: blah blah _qdb_open: invalid table of contents Stop Nessus service service nessusd stopservice nessusd stop Repair Nessus /opt/nessus/sbin/nessusd -R/opt/nessus/sbin/nessusd -R Start Nessus service service nessusd startservice nessusd start

Vulnerabilities

Black box WordPress vulnerability scanner

WPScan is a black box WordPress vulnerability scanner. WPSCAN ARGUMENTS –update Update the database to the latest version. –url | -u The WordPress URL/domain to scan. –force | -f Forces WPScan to not check if the remote site is running WordPress. –enumerate | -e [option(s)] Enumeration. option : u usernames from id 1 to 10 …