Merge pull request #825 from manesec/master

Add more tools and small update mssql
2024-11-15 01:17:36 +00:00 · 2024-03-26 20:16:08 +01:00 · 2024-03-26 20:16:08 +01:00 · 2c57874949
commit 2c57874949
parent 61e2eb2350 050679bad4
2 changed files with 11 additions and 1 deletions
--- a/generic-methodologies-and-resources/pentesting-wifi/README.md
+++ b/generic-methodologies-and-resources/pentesting-wifi/README.md
@ -39,9 +39,11 @@ airmon-ng start wlan0 #Monitor mode
 airmon-ng stop wlan0mon #Managed mode
 airodump-ng wlan0mon #Scan (default 2.4Ghz)
 airodump-ng wlan0mon --band a #Scan 5Ghz
+airodump-ng wlan0mon --wps #Scan WPS
 iwconfig wlan0 mode monitor #Put in mode monitor
 iwconfig wlan0mon mode managed #Quit mode monitor - managed mode
 iw dev wlan0 scan | grep "^BSS\|SSID\|WSP\|Authentication\|WPS\|WPA" #Scan available wifis
+iwlist wlan0 scan #Scan available wifis
 ```

 ## Tools
@ -273,6 +275,13 @@ reaver -i wlan1mon -b 00:C0:CA:78:B1:37 -c 9 -K 1 -N -vv
 bully  wlan1mon -b 00:C0:CA:78:B1:37 -d -v 3
 ```

+If you don't want to switch the device into monitor mode, or `reaver` and `bully` have some problem, you can try [OneShot-C](https://github.com/nikita-yfh/OneShot-C).
+This tools can performs Pixie Dust attack without having to switch to monitor mode.
+
+```bash
+./oneshot -i wlan0 -K -b 00:C0:CA:78:B1:37
+```
+
 ### Null Pin attack

 Some poorly designed systems even let a **Null PIN** (an empty or nonexistent PIN) grant access, which is quite unusual. The tool **Reaver** is capable of testing for this vulnerability, unlike **Bully**.
--- a/windows-hardening/active-directory-methodology/abusing-ad-mssql.md
+++ b/windows-hardening/active-directory-methodology/abusing-ad-mssql.md
@ -155,7 +155,8 @@ _Login using Windows authentication:_
 #### Find Trustable Links

 ```sql
-select * from master..sysservers
+select * from master..sysservers;
+EXEC sp_linkedservers;
 ```

 ![](<../../.gitbook/assets/image (168).png>)