how the metadata files reterived from any given website

Custom user lists
• So, lets take some word docs and pull out the user names and first and last names!
• What about Web?
wget -r -l1 --no-parent -A.doc http://www.somewebsite.com/ | exiftool -r -a -u -Author -
LastSavedBy * >users.txt |strings users.txt | cut -d":" -f2 | grep -v "\=" | grep -v "\image files read" |
tr '[:space:]' '\n' | sort | uniq >cleanusers.txt
• local disk?
exiftool -r -a -u -Author -LastSavedBy * >users.txt |strings users.txt | cut -d":" -f2 | grep -v "\=" |
grep -v "\image files read" | tr '[:space:]' '\n' | sort | uniq >cleanusers.txt

More info at http://www.pauldotcom.com/Metadata_the_Silent_Killer_NS2009.pdf

================================================================

exclude hml, php, asp and cgi extensions

# wget -nd -r -R htm,html,php,asp,aspx,cgi -P /home/tools/metadata_from_[website_name] [target_domain]

alternatively, we coul have included only pdf, word and excel extensions using the following command

# wget -nd -e -A pdf,doc,docx,xlx,xlsx -P /home/tools/metadata_from_[website_name] [target_domain]

-nd = no directories (places all files in specified directorty)
-r = recursive download
-P [directory] = prefix output file location with directory
-R/A= Restrict or allow file types or pattern

Comments

28 VM SecOS-1

Walkthru: Notes: A. https://c0d3g33k.blogspot.com/2017/01/secos.html [capture admin cookie using 127.0.0.1 in a code test.html with cross site scripting vulnerability, CSRF attack, use exploit 37088 for priv escalation ] B. http://oldsmokingjoe.blogspot.com/2016/01/walkthrough-secos-1.html [ Hacking Node.js and MangoDB ] c. http://oldsmokingjoe.blogspot.com/2016/01/walkthrough-secos-1.html [use wget to post data from CLI. Add other cmds to ping cmd using curl and wget] D. https://chousensha.github.io/blog/2015/02/04/pentest-lab-secos/ [SSH tunnel so we can access the ping site from Kali and dont have to pass via CLI] Notes: # Nmap 7.70 scan initiated Thu Jul 19 09:26:05 2018 as: nmap -sV -O -oN ../reports/192.168.117.6/192.168.117.6.nmap 192.168.117.6 Nmap scan report for 192.168.117.6 Host is up (0.00042s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh ...

VM 9 : PHP Include And Post Exploitation

Walkthrough 1. https://medium.com/@Kan1shka9/pentesterlab-php-include-and-post-exploitation-walkthrough-8a85bcfa7b1d 2. Ine [] 3. http://megwhite.com.au/pentester-lab-bootcamp-walkthrough-php-include-post-exploitation/ 4. http://fallensnow-jack.blogspot.com/2014/07/pentester-lab-php-lfi-post-exploitation.html Notes: root@kali:~# nmap 10.0.0.12 Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-30 12:23 EDT Nmap scan report for 10.0.0.12 Host is up (0.00035s latency). Not shown: 999 filtered ports PORT STATE SERVICE 80/tcp open http MAC Address: 08:00:27:1F:12:24 (Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 5.31 seconds root@kali:~# Enumerating port 80 Run dirb root@kali:~# dirb http://10.0.0.12/ ----------------- DIRB v2.22 By The Dark Raver...

VM 15: Kioptix 2014

Walkthru Notes 2nd approach using nc via web using php reverse shell 3rd approach w/o metasploit =================== walkthru: 1. Updating OpenFuck Exploit(764) but it didnt work here @ https://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/ 2. ============== Notes: 80/tcp open http Apache httpd 2.2.21 ((FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8) MAC Address: 08:00:27:82:89:F9 (Oracle VirtualBox virtual NIC) Running: FreeBSD 9.X|10.X OS CPE: cpe:/o:freebsd:freebsd:9 cpe:/o:freebsd:freebsd:10 OS details: FreeBSD 9.0-RELEASE - 10.3-RELEASE PORT STATE SERVICE VERSION 8080/tcp open http Apache httpd 2.2.21 ((FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8) |_http-server-header: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8 |_http-title: 403 Forbidden MAC Address: 08:00:27:82:89:F9 (Oracle VirtualBox...

nagpentest

Search This Blog