update backtrack and shortcuts

======updates==========Update the Package Index: The APT package index is essentially a database of available packages from the repositories defined in the /etc/apt/sources.list file. To update the local package index with the latest changes made in repositories, type the following:

sudo apt-get update

Upgrade Packages: Over time, updated versions of packages currently installed on your computer may become available from the package repositories (for example security updates). To upgrade your system, first update your package index as outlined above, and then type:

sudo apt-get upgrade
======change the IP address BEGIN==========
1. Login to the system and open up /etc/network/interfaces 
 sub0@natty:~$ sudo nano /etc/network/interfaces 
2. Modify the last line:
 iface eth0 inet static 
3. Change the ip. The primary network interface auto eth0 
 iface eth0 inet  
 static address 192.168.1.5 
 netmask 255.255.255.0
 gateway 192.168.1.1 
4. save it. and run 
 sub0@natty:~$ sudo ifdown eth0 
 sub0@natty:~$ sudo ifup eth0

======update meterpreter==========
1. msfupdate
more info @ https://community.rapid7.com/docs/DOC-1306
======update BackTrack==========

apt-get update
apt-get upgrade

======start dradis=========
1. root@bt:~# cd /pentest/misc/dradis/
root@bt:/pentest/misc/dradis# ./start.sh
2. Navigate to https://localhost:3004/
3. user and password = dradis
4. db_import didnt import so import from the web interface
======Installing Metasploit Framework + PostgreSQL DB Backend Under Ubuntu 12.04 LTS==========
http://dangertux.wordpress.com/2011/12/08/installing-metasploit-framework-postgresql-db-backend-under-ubuntu-12-04-lts/

======adding Metasploit and the Pcaprub wrapper=========
http://blog.carlosgarciaprado.com/?tag=metasploit-pcaprub-pentesting
http://redmine.backtrack-linux.org:8080/issues/148

Comments

VM 13 : Basic Pentest 1 csec

Notes: Walkthru: 1. https://medium.com/@evire/basic-pentesting-1-7251fb3e3f9e [ w/metasploi t using Wordpress t] 2. https://prasannakumar.in/infosec/vulnhub-basic-pentesting-1-writeup/ [ w/metasploit using ftp ] 3. https://www.ceos3c.com/hacking/basic-pentesting-1-walkthrough/ [ by uploading php-reverse-shell in wordpress ] 4. http://k3ramas.blogspot.com/2018/02/basic-pentesting-1-walkthrough.html [ access wordpress config file to get pwd and access the DB ] 5. https://cowsayroot.com/walkthrough-basic-pentesting-1/ [ Wpscan, ftp metasploit vulnerability, phpbash ] 6. http://www.hackingarticles.in/hack-the-basic-penetration-vm-boot2root-challenge/ [use msfvenom to create to create php shell to be uploaded in Wordpress ] 7. https://d7x.promiselabs.net/2018/01/30/ctf-basic-pentesting-a-guide-for-beginners/ [adding command using using PHP] Notes: Ports - 21...ProFTPD 1.3.3c - 22 openSSH 7.2p2 ubuntu ...

VM 5: Vulnix :

Walkthru: A. https://mrh4sh.github.io/vulnix-solution [SMTP and Finger enumeration, creating linux user with specific UID, root squashing, ssh pwd cracking using medusa & hydra, logging using ssh keys, updating /usr/sbin/exportfs] B. http://overflowsecurity.com/hacklab-vulnix/ [ same as above. create ssh keys for root and copied to victim to login as root w/o recovering pwd] C. https://www.rebootuser.com/?p=988[ local bash shell from nfs] B. https://www.vulnhub.com/?q=vulnix&sort=date-des&type=vm [list of solutions] D. https://www.rebootuser.com/?p=988 [User Enumeration #1 – SMTP, Finger; Entry Point including hydra, Putty(using rlogin service), nfs (showmount,mount) ] Notes: - As you can see the root user is the only account which is logged on the remote host.Now that we have a specific username we can use it in order to obtain more information about this user with the command finger root@host . - Another effective use of the finger...

VM 15: Kioptix 2014

Walkthru Notes 2nd approach using nc via web using php reverse shell 3rd approach w/o metasploit =================== walkthru: 1. Updating OpenFuck Exploit(764) but it didnt work here @ https://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/ 2. ============== Notes: 80/tcp open http Apache httpd 2.2.21 ((FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8) MAC Address: 08:00:27:82:89:F9 (Oracle VirtualBox virtual NIC) Running: FreeBSD 9.X|10.X OS CPE: cpe:/o:freebsd:freebsd:9 cpe:/o:freebsd:freebsd:10 OS details: FreeBSD 9.0-RELEASE - 10.3-RELEASE PORT STATE SERVICE VERSION 8080/tcp open http Apache httpd 2.2.21 ((FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8) |_http-server-header: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8 |_http-title: 403 Forbidden MAC Address: 08:00:27:82:89:F9 (Oracle VirtualBox...

nagpentest

Search This Blog