📘 SEC 335 - tconklin-champlain/Tech-Journal GitHub Wiki

Class Notes

Passive Recon [1/21/22]

Targets

  • Network Info
    • Ip / Range
    • Domain Info
  • Systems
    • Server names/IPs
  • Applications
    • What are they running?
  • Security Tools
    • Firewall
    • IPS
    • Endpoint Protection
  • People
    • Admins, Engineers
    • Others
  • Partners
    • Vendors

Google Hacking

Google Dorking

  • GHDB
  • SHODAN
  • TheH/harvester
    • query multiple search engines
    • Pull it from github
  • Netcraft
  • Metagoofil

💡 Use Archive websites to do passive recon without touching the site you are targeting!

Scripts From Activity 2.1

nmap -sn 10.0.5.2-50 > sweep.txt

#!/bin/bash

hostfile=$1
portfile=$2
echo "host,port"
for host in $(cat $hostfile); do
    for port in $(cat $portfile); do
        timeout .1 bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null && echo "$host,$port"
    done
done

Enabling Remote Desktop Windows 10

  1. GUI type RDP and enable it in settings
  2. Powershell
Invoke–Command –Computername “server1”, “Server2” –ScriptBlock {Set–ItemProperty –Path “HKLM:\System\CurrentControlSet\Control\Terminal Server” –Name “fDenyTSConnections” –Value }
  1. Command Prompt:
Reg add “\\computername\HKLM \SYSTEM\CurentControlSet\Control\Terminal Server”  /v fDenyTSConnections /t REG_DWORD /d 1 /f

Source

Assignment 5.1 Breaking into Kali

Kali is kicking user out die to lack of diskspace, What can we do? Or even better what if you have access to a box but no password?

Enter single user mode

  1. Reboot the system or send a Ctrl+Alt+Del
  2. Hit spacebar to bring up boot menu
  3. Select Kali GNU Linux and PRESS E
  4. Shift to go down a few lines and find Loading Linux
  5. Add single init=/bin/bash after quiet splash
  6. Ctrl + X
  7. Once in root prompt type mount -rw -o remount / Now use passwd to change root passwd
  8. If debugging now you can!

Assignment 5.1 Password Guessing

CEWL

Commands Crawling a page

  1. Two options with built in spider, -d or depth is defaulted to 2, and -o if you want it to go offsite

Assignment F.1 Home Pentesting Lab

  1. Create 3 New VMnets through Virtual network editor
  2. Use whatever ip you want for ease we did 10.0.x.0 where x was the vmnet number
  3. For each connection make it host only with no connection to host adapter and no dhcp

Side project always hated the history staying just reminds me of previous failure heres how to fix that.

    open ~/.zshrc

    add the following line

    alias clear_history='echo "" > ~/.zsh_history & exec $SHELL -l'

    Save and close the file
    Close the console or type zsh
    if you to see the result directly, but this will open another zsh shell in the old one
    Now you can clear the console typing clear_history

vyos setup

configure
set interfaces ethernet eth0 address '192.168.229.10/24'
set interfaces ethernet eth0 description 'Nat on VMware Host'
set interfaces ethernet eth1 address '10.0.5.2/24'
set interfaces ethernet eth1 description 'VMNET5-RANGE'
set protocols static route 0.0.0.0/0 next-hop 192.168.229.2
set service ssh listen-address '192.168.229.10'
set system name-server '192.168.229.2'
set service ssh listen-address 192.168.229.10
commit
save

configure 
set service dhcp-server global-parameters 'local-address 10.0.5.2;'
set service dhcp-server shared-network-name DHCPPOOL authoritative
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 default-router '10.0.5.2'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 domain-name 'range.local'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 lease '86400'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 range POOL1 start '10.0.5.50'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 range POOL1 stop '10.0.5.100'
commit
save

generate wireguard default-keypair
configure
set interfaces wireguard wg0 private-key default
set interfaces wireguard wg0 address '10.0.99.1/24'
set interfaces wireguard wg0 peer namegoeshere allowed-ips '10.0.99.100/32'
set interfaces wireguard wg0 peer namegoeshere public-key client public key
set interfaces wireguard wg0 port '51820'
commit
save
exit

wireguard setup

[Interface]
PrivateKey = client privatekey
Address = 10.0.99.100/24
[Peer]
PublicKey = vyos public key
EndPoint = 192.168.188.130:51820
AllowedIPs = 10.0.99.1/32, 10.0.5.0/24