GitBook: [#3593] No subject
BIN
.gitbook/assets/image (2) (6) (1).png
Normal file
After Width: | Height: | Size: 142 KiB |
Before Width: | Height: | Size: 142 KiB After Width: | Height: | Size: 12 KiB |
Before Width: | Height: | Size: 12 KiB After Width: | Height: | Size: 25 KiB |
Before Width: | Height: | Size: 25 KiB After Width: | Height: | Size: 92 KiB |
|
@ -105,7 +105,7 @@ Thus, after establishing the neighborhood, we know about the existence of these
|
||||||
|
|
||||||
**I have found that generating and quickly sending out mass EIGRP hello packets overloads the router’s CPU, which in turn can open the door to a DoS attack.** I have developed a little [**helloflooding.py**](https://github.com/in9uz/EIGRPWN/blob/main/helloflooding.py) **** script, but it seems to me that the script lacks the speed of sending out the packets. **It’s caused by GIL**, which prevents the **sprayhello** function from running in multiple threads per second. **Eventually I’ll rewrite the script in C.**
|
**I have found that generating and quickly sending out mass EIGRP hello packets overloads the router’s CPU, which in turn can open the door to a DoS attack.** I have developed a little [**helloflooding.py**](https://github.com/in9uz/EIGRPWN/blob/main/helloflooding.py) **** script, but it seems to me that the script lacks the speed of sending out the packets. **It’s caused by GIL**, which prevents the **sprayhello** function from running in multiple threads per second. **Eventually I’ll rewrite the script in C.**
|
||||||
|
|
||||||
<figure><img src="../../.gitbook/assets/image (2) (6).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="../../.gitbook/assets/image (2) (6) (1).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
Arguments of the script:
|
Arguments of the script:
|
||||||
|
|
||||||
|
|
|
@ -210,7 +210,7 @@ Using the correct credentials you can upload a file. In the response the path wi
|
||||||
|
|
||||||
Also there is a **faster way** to brute-force credentials using **`system.multicall`** as you can try several credentials on the same request:
|
Also there is a **faster way** to brute-force credentials using **`system.multicall`** as you can try several credentials on the same request:
|
||||||
|
|
||||||
![](https://firebasestorage.googleapis.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L\_2uGJGU7AVNRcqRvEi%2Fuploads%2FFX0g2BLsdfdQnq1xXx3N%2Ffile.jpeg?alt=media)
|
<figure><img src="../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
**Bypass 2FA**
|
**Bypass 2FA**
|
||||||
|
|
||||||
|
|
|
@ -116,7 +116,7 @@ winrs -r:http://bizintel:5446 -u:ta\redsuit -p:2600leet hostname
|
||||||
|
|
||||||
Like `Invoke-Command`, this can be easily scripted so the attacker can simply issue system commands as an argument. A generic batch script example _winrm.bat_:
|
Like `Invoke-Command`, this can be easily scripted so the attacker can simply issue system commands as an argument. A generic batch script example _winrm.bat_:
|
||||||
|
|
||||||
<figure><img src="../../.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="../../.gitbook/assets/image (2) (6).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
### OpenSSH <a href="#openssh" id="openssh"></a>
|
### OpenSSH <a href="#openssh" id="openssh"></a>
|
||||||
|
|
||||||
|
@ -136,7 +136,7 @@ Download the latest [OpenSSH Release zip from github](https://github.com/PowerSh
|
||||||
|
|
||||||
Uncompress the zip to where you’d like. Then, run the install script - `Install-sshd.ps1`
|
Uncompress the zip to where you’d like. Then, run the install script - `Install-sshd.ps1`
|
||||||
|
|
||||||
<figure><img src="../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="../../.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
Lastly, just add a firewall rule to **open port 22**. Verify the SSH services are installed, and start them. Both of these services will need to be running for SSH to work.
|
Lastly, just add a firewall rule to **open port 22**. Verify the SSH services are installed, and start them. Both of these services will need to be running for SSH to work.
|
||||||
|
|
||||||
|
|