Tag: pentesting

Penetration Testing

Debugging Telegram

Debug Mode To enable debug mode, type debugmode in the settings page of Telegram desktop and confirm it. Log files * /home/username/.TelegramDesktop/log.txt * /home/user/.TelegramDesktop/DebugLogs/tcp_xx_xx.txt * /home/user/.TelegramDesktop/DebugLogs/mtp_xx_xx.txt * /home/user/.TelegramDesktop/DebugLogs/log_xx_xx.txt To disable the debug mode, type in debugmode again. Burp Proxy Intercept * Open Telegram settings -> Advanced settings -> Connection type -> HTTP with custom http-proxy. …

Penetration Testing

Exploits – Advisories

Offensive Security’s Exploit Database Archive The Exploit Database – ultimate archive of Exploits, Shellcode, and Security Papers. Packet Storm Security Exploits and Advisories A list of exploits, advisories, tools and more. Securityfocus Vulnerabilities Search for vulnerabilities. National Vulnerability Database NVD is the U.S. government repository of standards based vulnerability management data represented using the Security …

OSINT

OSINT – Part 3

Information gathering types Passive During passive information gathering you should never send any type of traffic directly to the target. Passive I.G. allows the greatest amount of anonymity. Active During active information gathering you are sending requests to remote services and receiving responses based on the service type. This method includes, but is not limited …

OSINT

OSINT – Github Dorks

Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of Github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pentesting of systems. GitHub …

OSINT

OSINT – Part 2

Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence. OSINT includes all publicly accessible sources of information, such as: – Media – Web-based …

OSINT

OSINT – Part 1

Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence. OSINT includes all publicly accessible sources of information, such as: – Media – Web-based …

Hacking, Penetration Testing

Install latest Wireshark on Debian

Add backports to your sources.list For jessie add this line: deb http://ftp.debian.org/debian jessie-backports maindeb http://ftp.debian.org/debian jessie-backports main to your sources.list sudo apt-get updatesudo apt-get update ..the public key is not available.. gpg –keyserver pgpkeys.mit.edu –recv-key xxxxxxxxxxxxxxxxxgpg –keyserver pgpkeys.mit.edu –recv-key xxxxxxxxxxxxxxxxx gpg -a –export xxxxxxxxxxxxxxxxx | sudo apt-key add -gpg -a –export xxxxxxxxxxxxxxxxx | sudo apt-key …

Hacking, Metasploit, RedTeaming

Simple Background HTTPS Reverse Meterpreter

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more. Msfvenom is the combination of payload generation and encoding. msfvenom usage Usage: …