• compile the code:
1
2
3

make clean
make
make install
  • update the dependencies:depmod -a
  • Find loaded modules:lsmod
  • Update the local package index with the latest changes made in the repositories:apt-get update

  • Upgrade the existing packages:apt-get upgrade

  • Upgrade to the latest version(if available):apt-get dist-upgrade

  • Install nessuss and squid3

  • Setting up ProxyChains

    • open the proxychains configuration file:vim /etc/proxychains.conf
    • uncomment the chaining type we want to use;dynamic_chain
    • add some proxy servers to the list
    • proxyresolv www.targethost.com
    • proxychains msfconsole

  • install virtualbox

http://www.distrowatch.com

http://www.turnkeylinux.org ->to download for test

  • wpscan to attack wordpress-sites

Information Gathering

  1. Service enumeraion:

  • DNS enumeration:dnsdnum

  • SNMP enumeration:

    1
2
3

    snmpwalk -c public 192.168.10.200 -v 2c
snmpwalk -c public 192.168.10.200 -v 1| grep hrSWInstalledName
for tcp port scan:snmpwalk -c public 192.168.10.200 -v 1| grep tcpConnState | cut -d "." -f6 | sort -nu

  • snmpcheck(get information via SNMP protocols):snmpcheck -t 192.168.10.200

  • domain scan with fierce:

    1
2

    fierce -dns internet.com
fierce -dns internet.com -wordlist hosts.txt -file /tmp/output.txt

  • to start an smtp enumeration of the users on smtp server:smtp-user-enum -M VRFY -U /tmp/users.txt -t 192.168.10.200

  • Determining network range

    • Deepmagic Information Gathering Tooldmitry:dmitry -wnspb targethost.com -o /root/Desktop/dmitry-result
    • to issue an ICMP netmask request:netmask -s targethost.com
    • scapy

  • Identifying active machines

    • nmap -sP 216.27.130.162
    • nping(Nmap suite):nping --echo-client "public" echo.nmap.org
    • send some hex data to a specified port:nping -tcp -p 445 -data AF56A43D 216.27.130.162

  • Finding open ports

    1. nmap 192.168.56.101
    • explicitly specify the ports to scan:nmap -p 1-1000 192.168.56.101
    • scan all the organization’s network on TCP port 22:Nmap -p 22 192.168.56.*
    • explicitly - to output a file:Nmap -p 22 192.168.56.* -oG /tmp/Nmap-targethost-tcp445.txt
    • Zenmap

  • Operating system fingerprinting:

    • nmap -o 192.168.56.102
    • Use p0f to analyze a Wireshark capture file:p0f -s /tmp/targethost.pcap -0 p0f-result.log -l

  • Service fingerprinting

    • nmap -sV IPadderss
    • Using amap to idenfity the application running a specific port or a range of ports:amap -bq 192.168.10.200 200-300

  • Threat assessment with Maltego

  • Mapping the network

    • casefile

Vulnerability Assessment

  1. install nessuss(8843 port)
  • install openvas(9392 port)

Exploiting Vulnerabilities

  1. download a Linux-based operating system named metasploitable2 .

Escalating Privileges

  1. use incognito in meterpreter of metasploit

  • use getsystem in meterpreter of metasploit

  • setoolkit

  • Cleaning up the tracks

    • use irb in metasploit

  • Create a persistent backdoor -run persistence -h in metasploit

  • MITM attack

Password attack

  1. hydra
  2. brute-force attack using Medusa

  • Password profiling:

    • configure Ettercap:
      1
2

      locate etter.conf
vi /etc/etterconf
    • use auxiliary/gather/search_email_collector in metasploit

  • cracking a windows password using john the ripper

  • utilize Crunch to generate own password dictionary

  • using rainbow tables to crack:

    1
2

    cd /usr/share/rainbowcrack/
./rtgen md5 loweralpha-numeric 1 5 0 3800 33554422 0(rtgen to generate an MD5-based rainbow table )

  • cracking passwords with GPU using 0calhashcat

  • sucrack:allows for brute-force cracking of local accounts via su;it will fill up the log files rather quickly so please be sure to clean the log files after completion.

Wireless Attacks

  1. Cracking wep with aircrack-suite:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10

airmon-ng
/*need to stop the wlan0 interface and take it down so that changes MAC address */
airmon-ng stop
ifconfig wlan0 down
/*change the MAC address of interface.the MAC adderss of machine idenfity you on any network*/
macchanger --mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0
airodump-ng wlan0
aireplay-ng
aircrack-ng -b MACaddress wirelessattack.capture
  1. Automating wireless network cracking:Gerix
  • Accessing clients using a fake AP:Gerix
  • URL traffic manipulation:
    1
2
3
4

    sudo echo 1 >>/proc/sys/net/ipv4/ip_forward #configure IP tables  that allow our machine to route traffic
/*arpspoof attack*/
arpspoof -i wlan0 -t(target) 192.168.10.115 192.168.10.1
arpspoof -i wlan0 -t 192.168.10.115 192.168.10.1