pentest-notes
Penetration Testing Notes
Finding Initials Foothole
- Find public Exploit in server
- Try to enumerate the services
- Use some SE techniques
Pivoting and VPN
Simple Tun
- download and compile server code
1 | https://github.com/aoak/Simpletun |
install client on target machine
- put npf.sys file in C:\windows\system32\driver
put packet.dll and wpcap.dll in C:\windows\system32\syswow64
run install.bat from https://github.com/3gstudent/Winpcap_Install
download and run client.exe from https://github.com/rsmudge/Layer2-Pivoting-Client
- run client.exe server port localip
Proxy Chain
- route from meterpreter
1 | meterpreter > run autoroute -s 192.168.1.1/24 |
- start sock4 server
1 | use auxiliary/server/sock4 |
- use proxychain to run some scripts like python , nmap
- be aware some scanning techniques in nmap won’t work with proxy chain
- recommend scan is TCP connect
1 | nmap -Pn -sTV 192.168.1.1 --script smb-enu-users |
netsh in windows
- use portproxy
1 | netsh interface portproxy add listenaddress=<LOCAL_ADDRESS> listenport=<LOCALPORT> connectaddress=<REMOTEADDRESS> connectport=<REMOTEPORT> |
SSH in windows
use ssh to forward port
Remote port forward
1 | ssh -R 9000:localhost:3000 user@example.com |
- Local port forward
1 | ssh -L 9000:imgur.com:80 user@example.com |
Enumerate the target
Bloodhound or sharphound
- try to use bloodhound to see relationships within an Active Directory
it will need pre set up , it use neo4js to view graph
- download neo4j community edition and install
- install bloodhound
import blood script from empire or cobalt strike
1 |