mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-21 20:23:18 +00:00
GitBook: [master] 5 pages and 10 assets modified
This commit is contained in:
CPol
gitbook-bot
parent
b4af99059c
commit
353938b47c
10 changed files with 26 additions and 18 deletions
|
Before Width: | Height: | Size: 341 KiB After Width: | Height: | Size: 341 KiB |
|
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 10 KiB |
|
Before Width: | Height: | Size: 15 KiB After Width: | Height: | Size: 15 KiB |
|
Before Width: | Height: | Size: 29 KiB After Width: | Height: | Size: 29 KiB |
|
Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 13 KiB |
|
|
@ -284,6 +284,7 @@
|
||||||
* [631 - Internet Printing Protocol\(IPP\)](pentesting/pentesting-631-internet-printing-protocol-ipp.md)
|
* [631 - Internet Printing Protocol\(IPP\)](pentesting/pentesting-631-internet-printing-protocol-ipp.md)
|
||||||
* [873 - Pentesting Rsync](pentesting/873-pentesting-rsync.md)
|
* [873 - Pentesting Rsync](pentesting/873-pentesting-rsync.md)
|
||||||
* [1026 - Pentesting Rusersd](pentesting/1026-pentesting-rusersd.md)
|
* [1026 - Pentesting Rusersd](pentesting/1026-pentesting-rusersd.md)
|
||||||
|
* [1080 - Pentesting Socks](pentesting/1080-pentesting-socks.md)
|
||||||
* [1098/1099 - Pentesting Java RMI](pentesting/1099-pentesting-java-rmi.md)
|
* [1098/1099 - Pentesting Java RMI](pentesting/1099-pentesting-java-rmi.md)
|
||||||
* [1433 - Pentesting MSSQL - Microsoft SQL Server](pentesting/pentesting-mssql-microsoft-sql-server.md)
|
* [1433 - Pentesting MSSQL - Microsoft SQL Server](pentesting/pentesting-mssql-microsoft-sql-server.md)
|
||||||
* [1521,1522-1529 - Pentesting Oracle TNS Listener](pentesting/1521-1522-1529-pentesting-oracle-listener/README.md)
|
* [1521,1522-1529 - Pentesting Oracle TNS Listener](pentesting/1521-1522-1529-pentesting-oracle-listener/README.md)
|
||||||
|
|
|
||||||
|
|
@ -127,7 +127,7 @@ The files in the folder WPDNSE are a copy of the original ones, then won't survi
|
||||||
|
|
||||||
Check the file `C:\Windows\inf\setupapi.dev.log` to get the timestamps about when the USB connection was produced \(search for `Section start`\).
|
Check the file `C:\Windows\inf\setupapi.dev.log` to get the timestamps about when the USB connection was produced \(search for `Section start`\).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### USB Detective
|
### USB Detective
|
||||||
|
|
||||||
|
|
@ -217,7 +217,7 @@ Having these files you can sue the tool [**Rifiuti**](https://github.com/abelche
|
||||||
.\rifiuti-vista.exe C:\Users\student\Desktop\Recycle
|
.\rifiuti-vista.exe C:\Users\student\Desktop\Recycle
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Programs Executed
|
## Programs Executed
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -135,7 +135,7 @@ Within this registry it's possible to find:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Moreover, checking the registry `HKLM\SYSTEM\ControlSet001\Enum\USB` and comparing the values of the sub-keys it's possible to find the VID value
|
Moreover, checking the registry `HKLM\SYSTEM\ControlSet001\Enum\USB` and comparing the values of the sub-keys it's possible to find the VID value
|
||||||
|
|
||||||
|
|
@ -157,7 +157,7 @@ Having the **{GUID}** of the device it's now possible to **check all the NTUDER.
|
||||||
|
|
||||||
Checking the registry `System\MoutedDevices` it's possible to find out **which device was the last one mounted**. In the following image check how the last device mounted in `E:` is the Thoshiba one \(using the tool Registry Explorer\).
|
Checking the registry `System\MoutedDevices` it's possible to find out **which device was the last one mounted**. In the following image check how the last device mounted in `E:` is the Thoshiba one \(using the tool Registry Explorer\).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Volume Serial Number
|
### Volume Serial Number
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -593,7 +593,7 @@ Many apps log informative \(and potentially sensitive\) messages to the console
|
||||||
5. Reproduce the problem.
|
5. Reproduce the problem.
|
||||||
6. Click on the **Open Console** button located in the upper right-hand area of the Devices window to view the console logs on a separate window.
|
6. Click on the **Open Console** button located in the upper right-hand area of the Devices window to view the console logs on a separate window.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
You can also connect to the device shell as explained in Accessing the Device Shell, install **socat** via **apt-get** and run the following command:
|
You can also connect to the device shell as explained in Accessing the Device Shell, install **socat** via **apt-get** and run the following command:
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
# 1080 - Pentesting Socks 4/5
|
# 1080 - Pentesting Socks
|
||||||
|
|
||||||
## Basic Information
|
## Basic Information
|
||||||
|
|
||||||
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication,
|
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication,
|
||||||
so only authorized users may access a server.
|
so only authorized users may access a server.
|
||||||
|
|
||||||
Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
|
Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
|
||||||
SOCKS performs at Layer 5 of the OSI model
|
SOCKS performs at Layer 5 of the OSI model
|
||||||
|
|
||||||
**Default Port:** 1080
|
**Default Port:** 1080
|
||||||
|
|
||||||
|
|
@ -18,20 +18,23 @@ SOCKS performs at Layer 5 of the OSI model
|
||||||
nmap -p 1080 <ip> --script socks-auth-info
|
nmap -p 1080 <ip> --script socks-auth-info
|
||||||
```
|
```
|
||||||
|
|
||||||
## Brute Force
|
### Brute Force
|
||||||
|
|
||||||
|
#### Basic usage
|
||||||
|
|
||||||
### Basic usage
|
|
||||||
```bash
|
```bash
|
||||||
nmap --script socks-brute -p 1080 <ip>
|
nmap --script socks-brute -p 1080 <ip>
|
||||||
```
|
```
|
||||||
### Advanced usage
|
|
||||||
|
#### Advanced usage
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
nmap --script socks-brute --script-args userdb=users.txt,passdb=rockyou.txt,unpwdb.timelimit=30m -p 1080 <ip>
|
nmap --script socks-brute --script-args userdb=users.txt,passdb=rockyou.txt,unpwdb.timelimit=30m -p 1080 <ip>
|
||||||
```
|
```
|
||||||
|
|
||||||
### Output
|
#### Output
|
||||||
|
|
||||||
```bash
|
```text
|
||||||
PORT STATE SERVICE
|
PORT STATE SERVICE
|
||||||
1080/tcp open socks
|
1080/tcp open socks
|
||||||
| socks-brute:
|
| socks-brute:
|
||||||
|
|
@ -46,18 +49,22 @@ PORT STATE SERVICE
|
||||||
### Basic proxychains usage
|
### Basic proxychains usage
|
||||||
|
|
||||||
Setup proxy chains to use socks proxy
|
Setup proxy chains to use socks proxy
|
||||||
```bash
|
|
||||||
|
```text
|
||||||
nano /etc/proxychains4.conf
|
nano /etc/proxychains4.conf
|
||||||
```
|
```
|
||||||
|
|
||||||
Edit the bottom and add your proxy
|
Edit the bottom and add your proxy
|
||||||
```bash
|
|
||||||
|
```text
|
||||||
socks5 10.10.10.10 1080
|
socks5 10.10.10.10 1080
|
||||||
```
|
```
|
||||||
|
|
||||||
With auth
|
With auth
|
||||||
```bash
|
|
||||||
|
```text
|
||||||
socks5 10.10.10.10 1080 username password
|
socks5 10.10.10.10 1080 username password
|
||||||
```
|
```
|
||||||
|
|
||||||
## More info: [Tunneling and Port Forwarding](../tunneling-and-port-forwarding.md)
|
#### More info: [Tunneling and Port Forwarding](../tunneling-and-port-forwarding.md)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue