Pentesting

Brainpan1 - Buffer Overflow

Dec 1, 2020 buffer overflow wine mona immunity debugger

Recon Let’s get started with the nmap scan. 1# nmap -Pn -A -T4 -oN brainpan1.nmap.txt 10.10.20.69 2Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower. 3Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-01 16:24 EST 4Nmap scan report for 10.10.20.69 5Host is up …

Gatekeeper - Buffer Overflow

Nov 29, 2020 buffer overflow windows mona immunity debugger

TryHackMe link: https://tryhackme.com/room/gatekeeper Recon Let’s get started with the nmap scan. I also kicked off the threader3000 port scanner script (https://github.com/dievus/threader3000.git) which I have started to like a lot since it often reveals ports that were missed by nmap scans. 1# nmap -Pn -A -T4 …

Brainstorm - Buffer Overflow

Nov 28, 2020 buffer overflow windows mona immunity debugger

Reconnaissance Run a port scanner to check for open ports on the target system. 1------------------------------------------------------------ 2 Threader 3000 - Multi-threaded Port Scanner 3 Version 1.0.6 4 A project by The Mayor 5------------------------------------------------------------ 6Enter your target IP address …

Internal - Pentesting Challenge @THM

Nov 25, 2020 nmap ctf hydra jenkins

Reconnaissance 1# nmap -A -T4 -oN internal-pentesting.nmap.txt 10.10.188.67 2Starting Nmap 7.91 ( https://nmap.org ) at 2020-11-25 20:29 EST 3Nmap scan report for 10.10.188.67 4Host is up (0.080s latency). 5Not shown: 998 closed ports 6PORT STATE SERVICE VERSION 722/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu …

Online Resources for Pentesters

Oct 3, 2020 tools pentesting

Notes SMB enumeration - https://0xdf.gitlab.io/2018/12/02/pwk-notes-smb-enumeration-checklist-update1.html Scripts Threader3000, a light weight port scanner script. Online Tools Pentest.ws https://pentest.ws/tools/venom-builder https://pentest.ws/tools/shells https://pentest.ws/tools/cyberchef Reporting …

Tips and Tricks

Oct 3, 2020 tools tips tricks

OSCP Notes Best Practices Always put an /etc/hosts entry for the servers you are working on, especially with the webapps so that you can explore vhosts. Its a good practice to search for all files under - find /home -type f -printf "%f\t%p\t%u\t%g\t%m" , followed by suid binary search - find / -perm -4000 …

Relevant

Oct 3, 2020 Windows PrivEsc IIS

Scope of work The client requests that an engineer conducts an assessment of the provided virtual environment. The client has asked that minimal information be provided about the assessment, wanting the engagement conducted from the eyes of a malicious actor (black box penetration test). The client has asked that you …

Daily Bugle

Sep 27, 2020 untagged

Recon Lets kick off the nmap scan and since we know this machine is running a website, lets visit the webpage from browser while scan is running. 1$ nmap -A -T4 -oN dailybugle.nmap.txt 10.10.185.129 2Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-27 12:51 EDT 3Nmap scan report for 10.10.185.129 4Host is up (0.081s …

Gamezone

Sep 20, 2020 john the ripper burpsuite sql injection

Recon 1nmap -A -T4 -Pn -oA nmap1000.gamezone.txt 10.10.139.135 2 3Output: 4Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-21 21:02 EDT 5Nmap scan report for 10.10.139.135 6Host is up (0.078s latency). 7Not shown: 998 closed ports 8PORT STATE SERVICE VERSION 922/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.7 (Ubuntu …

Skynet - Tryhackme

Sep 20, 2020 smb

Recon Lets kick off the Nmap scan. 1$ nmap -A -T4 -oN skynet.nmap.txt 10.10.0.50 2Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-26 14:28 EDT 3Nmap scan report for 10.10.0.50 4Host is up (0.081s latency). 5Not shown: 994 closed ports 6PORT STATE SERVICE VERSION 722/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 …