ddouhine
ddouhine
/ Extended file attributes #nix
Created
December 16, 2014 15:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| setuid (4000) | |
| ---s------ allow owner rights temporarily (eg: mount) | |
| chmod 4755 : | |
| -rwxr-xr-x | |
| -rwsr-xr-x | |
| setgid (2000) | |
| ------s--- allow owner group rights temporarily | |
| chmod 2744 : | |
| -rwxr--r-- |
ddouhine
/ GWT support with webscanners #pentest
Created
December 16, 2014 14:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GWT support (according to the vendors): | |
| Acunetix | |
| NTOSpider | |
| WebInspect | |
| AppScan | |
| ZAP | |
| Tested: | |
| Burp + Gwtscan.jar: works ~ | |
| GWT-Penetration-Testing-Toolset: |
ddouhine
/ Convert IBM-AIX passwd to crack with john #pentest
Created
December 16, 2014 14:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| grep : /etc/security/passwd > pt1; grep passw passwd | awk '{print $3}' > pt2; paste -d' ' pt1 pt2 > pt3; sed -e 's/ //g' pt3 > passwd_w_shadow; rm pt* |
ddouhine
/ AD domain offline cracking #pentest
Last active
July 18, 2019 07:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Microsoft stores the Active Directory data in tables in a proprietary ESE database format. The database is contained in the NTDS.dit (%SystemRoot%\ntds\NTDS.dit) file. | |
| This file is encrypted to prevent any data extraction, so we will need to acquire the key to be able to perform the extraction of the target data. | |
| The required Password Encryption Key is stored in the NTDS.dit file, but is encrypted itself with the BOOTKEY. | |
| To obtain this BOOTKEY, we need to acquire a copy of the SYSTEM registry hive (%SystemRoot%\System32\config\System) from the same Domain Controller as we acquired the NTDS.dit file. | |
| Extract NTDS/SYSTEM from a domain controller: | |
| net start vss | |
| vssadmin create shadow /for=c: | |
| vssadmin list shadows | |
| copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\ntds\ntds.dit C:\temp |
ddouhine
/ wkhtmltopdf for web info grabing #pentest
Created
December 16, 2014 14:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #use to speed up recon when targeting large ip ranges | |
| 1. scan targets with nessus | |
| 2. filter using #10107 plugin | |
| 3. save html report | |
| 4. extract urls using this: | |
| #extract IP | |
| grep "<H2 style=\"COLOR" nessus_10107.html | awk -F ">" '{print $2}' > col1 | |
| #extract ports | |
| grep ")</H2><SPAN class=" nessus_10107.html | awk -F "/" '{print $2}' | awk -F ")" '{print $1}' > col2 | |
| #merge IP:ports |
NewerOlder