Began archiving things for HTB enumeration
John Hammond
parent
81af5e81e7
commit
442e6acc69
90
README.md
90
README.md
|
|
@ -13,6 +13,67 @@ Hopefully, at some point I will develop software that will run through a lot of
|
|||
|
||||
---------------
|
||||
|
||||
Port Enumeration
|
||||
====================
|
||||
|
||||
|
||||
445 (smb/Samba)
|
||||
-----------------------
|
||||
|
||||
* `smbmap`
|
||||
|
||||
|
||||
To try and list shares as the anonymous use **DO THIS** (this doesn't always work for some weird reason)
|
||||
|
||||
```
|
||||
smbmap -H 10.10.10.125 -u anonymous
|
||||
```
|
||||
|
||||
Or you can attempt just:
|
||||
|
||||
```
|
||||
smbmap -H 10.10.10.125
|
||||
```
|
||||
|
||||
And you can specify a domain like so:
|
||||
|
||||
```
|
||||
smbmap -H 10.10.10.125 -u anonymous -D HTB.LOCAL
|
||||
```
|
||||
|
||||
Worth trying `localhost` as a domain, if that gets "NO_LOGON_SERVERS"
|
||||
|
||||
```
|
||||
smbmap -H 10.10.10.125 -u anonymous -D localhost
|
||||
```
|
||||
|
||||
|
||||
* `enum4linux`
|
||||
|
||||
|
||||
```
|
||||
enum4linux 10.10.10.125
|
||||
```
|
||||
|
||||
* `smbclient`
|
||||
|
||||
|
||||
|
||||
```
|
||||
smbclient -N -L //10.10.10.125/
|
||||
```
|
||||
|
||||
|
||||
SNMP
|
||||
=======================
|
||||
|
||||
* snmp-check
|
||||
|
||||
```
|
||||
snmp-check 10.10.10.125
|
||||
```
|
||||
|
||||
|
||||
Known Exploits
|
||||
------------------
|
||||
|
||||
|
|
@ -879,7 +940,12 @@ VisualBasicScript Reversing
|
|||
Miscellaneous
|
||||
----------
|
||||
|
||||
* GameBiy ROMS
|
||||
* Punchcards
|
||||
|
||||
Sometimes it sucks to do these manually, but you can here: [http://tyleregeto.com/article/punch-card-emulator](http://tyleregeto.com/article/punch-card-emulator)
|
||||
|
||||
|
||||
* GameBoy ROMS
|
||||
|
||||
You have options to run GameBoy ROMs... one is using VisualBoyAdvance, the oher is RetroArch (which is supposedly better):
|
||||
|
||||
|
|
@ -1027,6 +1093,28 @@ Sometimes you're jailed in an environment where you can potentially execute code
|
|||
`().__class__.__base__.__subclasses__()` - Gives access to `object` subclasses
|
||||
|
||||
|
||||
Trivia
|
||||
-------------
|
||||
|
||||
* The British used this machine to crack the German Enigma machine messages.
|
||||
|
||||
```
|
||||
Bombe
|
||||
```
|
||||
|
||||
* What is the Windows LM hash for a blank password?
|
||||
|
||||
```
|
||||
aad3b435b51404eeaad3b435b51404ee
|
||||
```
|
||||
|
||||
* for Windows LM hashing, after the password is split into two 7 character chunks, they are used as DES keys to encrypt what string?
|
||||
|
||||
```
|
||||
KGS!@#$%
|
||||
```
|
||||
|
||||
|
||||
|
||||
[steghide]: http://steghide.sourceforge.net/
|
||||
[snow]: http://www.darkside.com.au/snow/
|
||||
|
|
|
|||
Loading…
Reference in New Issue