Knowledge Base for Penetration Testing
Method 1: Python pty module One of my go-to commands for a long time after catching a dumb shell was to use Python to spawn a pty. The pty module let’s you spawn a psuedo-terminal that can fool commands like su into thinking they are being executed in a proper terminal. Spawn /bin/bash using Python’s PTY module, and connect the controlling shell […]
In this Walkthrough, we will be hacking the machine Hutch from Proving Grounds Practice. To begin, we will utilize the ability to perform an anonymous LDAP search to dump account information where we will find a password. With valid credentials, we will run Bloodhound remotely to query the DC and find that our user has […]
Chisel is a fast TCP/UDP tunnel, transported over HTTP, and secured via SSH. It uses a single executable for establishing connections as the client or server. Chisel is written in Go (golang). It is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into any network. Proxychains […]
Tools PowerUp Get services with unquoted paths and a space in their name Get services where the currentuser can write to its binary path or change argument to the binary Get the services whose configuration current user can modify Open a reverse shell listening using powercat
Prereq – Have a local instance of Kali running and finish the Metasploit lab. https://hack.technoherder.com/vm-setup-kali-metasploitable2/ https://hack.technoherder.com/metasploit-2/ Part 1 – John the Ripper Let’s say you have password hashes from an earlier exploit. (Such as the password hashes obtain in the Metasploit Lab). While that was helpful by itself to see what usernames exist, it would […]
by 