📘 SEC 335 - tconklin-champlain/Tech-Journal GitHub Wiki
Class Notes
Passive Recon [1/21/22]
Targets
- Network Info
- Ip / Range
- Domain Info
- Systems
- Server names/IPs
- Applications
- What are they running?
- Security Tools
- Firewall
- IPS
- Endpoint Protection
- People
- Admins, Engineers
- Others
- Partners
- Vendors
Google Hacking
Google Dorking
- GHDB
- SHODAN
- TheH/harvester
- query multiple search engines
- Pull it from github
- Netcraft
- Metagoofil
💡 Use Archive websites to do passive recon without touching the site you are targeting!
Scripts From Activity 2.1
nmap -sn 10.0.5.2-50 > sweep.txt
#!/bin/bash
hostfile=$1
portfile=$2
echo "host,port"
for host in $(cat $hostfile); do
for port in $(cat $portfile); do
timeout .1 bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null && echo "$host,$port"
done
done
Enabling Remote Desktop Windows 10
- GUI type RDP and enable it in settings
- Powershell
Invoke–Command –Computername “server1”, “Server2” –ScriptBlock {Set–ItemProperty –Path “HKLM:\System\CurrentControlSet\Control\Terminal Server” –Name “fDenyTSConnections” –Value }
- Command Prompt:
Reg add “\\computername\HKLM \SYSTEM\CurentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 1 /f
Assignment 5.1 Breaking into Kali
Kali is kicking user out die to lack of diskspace, What can we do? Or even better what if you have access to a box but no password?
Enter single user mode
- Reboot the system or send a Ctrl+Alt+Del
- Hit spacebar to bring up boot menu
- Select Kali GNU Linux and PRESS E
- Shift to go down a few lines and find
Loading Linux
- Add
single init=/bin/bash
afterquiet splash
- Ctrl + X
- Once in root prompt type
mount -rw -o remount /
Now usepasswd
to change root passwd - If debugging now you can!
Assignment 5.1 Password Guessing
CEWL
Commands Crawling a page
- Two options with built in spider, -d or depth is defaulted to 2, and -o if you want it to go offsite
Assignment F.1 Home Pentesting Lab
- Create 3 New VMnets through Virtual network editor
- Use whatever ip you want for ease we did 10.0.x.0 where x was the vmnet number
- For each connection make it host only with no connection to host adapter and no dhcp
Side project always hated the history staying just reminds me of previous failure heres how to fix that.
open ~/.zshrc
add the following line
alias clear_history='echo "" > ~/.zsh_history & exec $SHELL -l'
Save and close the file
Close the console or type zsh
if you to see the result directly, but this will open another zsh shell in the old one
Now you can clear the console typing clear_history
vyos setup
configure
set interfaces ethernet eth0 address '192.168.229.10/24'
set interfaces ethernet eth0 description 'Nat on VMware Host'
set interfaces ethernet eth1 address '10.0.5.2/24'
set interfaces ethernet eth1 description 'VMNET5-RANGE'
set protocols static route 0.0.0.0/0 next-hop 192.168.229.2
set service ssh listen-address '192.168.229.10'
set system name-server '192.168.229.2'
set service ssh listen-address 192.168.229.10
commit
save
configure
set service dhcp-server global-parameters 'local-address 10.0.5.2;'
set service dhcp-server shared-network-name DHCPPOOL authoritative
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 default-router '10.0.5.2'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 domain-name 'range.local'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 lease '86400'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 range POOL1 start '10.0.5.50'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 range POOL1 stop '10.0.5.100'
commit
save
generate wireguard default-keypair
configure
set interfaces wireguard wg0 private-key default
set interfaces wireguard wg0 address '10.0.99.1/24'
set interfaces wireguard wg0 peer namegoeshere allowed-ips '10.0.99.100/32'
set interfaces wireguard wg0 peer namegoeshere public-key client public key
set interfaces wireguard wg0 port '51820'
commit
save
exit
wireguard setup
[Interface]
PrivateKey = client privatekey
Address = 10.0.99.100/24
[Peer]
PublicKey = vyos public key
EndPoint = 192.168.188.130:51820
AllowedIPs = 10.0.99.1/32, 10.0.5.0/24