GitBook: [master] 17 pages and 28 assets modified

This commit is contained in:
CPol 2021-08-15 22:19:51 +00:00 committed by gitbook-bot
parent 3ec5598e2d
commit aca0a36b21
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
31 changed files with 25 additions and 14 deletions

View file

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 40 KiB

View file

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

View file

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

View file

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

View file

Before

Width:  |  Height:  |  Size: 1.3 MiB

After

Width:  |  Height:  |  Size: 1.3 MiB

View file

Before

Width:  |  Height:  |  Size: 1.3 MiB

After

Width:  |  Height:  |  Size: 1.3 MiB

View file

Before

Width:  |  Height:  |  Size: 1.3 MiB

After

Width:  |  Height:  |  Size: 1.3 MiB

View file

Before

Width:  |  Height:  |  Size: 1.3 MiB

After

Width:  |  Height:  |  Size: 1.3 MiB

View file

Before

Width:  |  Height:  |  Size: 740 KiB

After

Width:  |  Height:  |  Size: 740 KiB

View file

Before

Width:  |  Height:  |  Size: 740 KiB

After

Width:  |  Height:  |  Size: 740 KiB

View file

@ -1428,6 +1428,11 @@ Files that ships in packages downloaded from distribution repository go into `/u
{% page-ref page="cisco-vmanage.md" %} {% page-ref page="cisco-vmanage.md" %}
### Kernel Security Protections
* [https://github.com/a13xp0p0v/kconfig-hardened-check](https://github.com/a13xp0p0v/kconfig-hardened-check)
* [https://github.com/a13xp0p0v/linux-kernel-defence-map](https://github.com/a13xp0p0v/linux-kernel-defence-map)
## More help ## More help
[Static impacket binaries](https://github.com/ropnop/impacket_static_binaries) [Static impacket binaries](https://github.com/ropnop/impacket_static_binaries)

View file

@ -115,7 +115,7 @@ The response is a JSON dictionary with some important data like:
* Signed using the **device identity certificate \(from APNS\)** * Signed using the **device identity certificate \(from APNS\)**
* **Certificate chain** includes expired **Apple iPhone Device CA** * **Certificate chain** includes expired **Apple iPhone Device CA**
![](../../.gitbook/assets/image%20%28567%29%20%281%29.png) ![](../../.gitbook/assets/image%20%28567%29%20%281%29%20%282%29.png)
### Step 6: Profile Installation ### Step 6: Profile Installation

View file

@ -6,7 +6,7 @@
## Attacks Graphic ## Attacks Graphic
![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png) ![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
## Tool ## Tool

View file

@ -265,5 +265,5 @@ Entry_1:
print(s.run_ps('ipconfig')) print(s.run_ps('ipconfig'))
https://book.hacktricks.xyz/pentesting/pentesting-winrm https://book.hacktricks.xyz/pentesting/pentesting-winrm
``` ```

View file

@ -239,3 +239,4 @@ Entry_5:
Description: Eunuerate a DC via DNS Description: Eunuerate a DC via DNS
Command: dig -t _gc._{Domain_Name} && dig -t _ldap._{Domain_Name} && dig -t _kerberos._{Domain_Name} && dig -t _kpasswd._{Domain_Name} && nmap --script dns-srv-enum --script-args "dns-srv-enum.domain={Domain_Name}" Command: dig -t _gc._{Domain_Name} && dig -t _ldap._{Domain_Name} && dig -t _kerberos._{Domain_Name} && dig -t _kpasswd._{Domain_Name} && nmap --script dns-srv-enum --script-args "dns-srv-enum.domain={Domain_Name}"
``` ```

View file

@ -183,3 +183,4 @@ Entry_3:
Description: Banner Grab 993 Description: Banner Grab 993
Command: openssl s_client -connect {IP}:993 -quiet Command: openssl s_client -connect {IP}:993 -quiet
``` ```

View file

@ -58,6 +58,5 @@ Entry_4:
Name: With Creds Name: With Creds
Description: Attempt to get a list of user service principal names Description: Attempt to get a list of user service principal names
Command: GetUserSPNs.py -request -dc-ip {IP} active.htb/svc_tgs Command: GetUserSPNs.py -request -dc-ip {IP} active.htb/svc_tgs
``` ```

View file

@ -375,3 +375,4 @@ Entry_5:
Description: Need Naming Context to do big dump Description: Need Naming Context to do big dump
Command: ldapsearch -h {IP} -x -b "{Naming_Context}" Command: ldapsearch -h {IP} -x -b "{Naming_Context}"
``` ```

View file

@ -269,3 +269,4 @@ Entry_2:
Description: Nmap with SQL Scripts Description: Nmap with SQL Scripts
Command: nmap --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER -sV -p 1433 {IP} Command: nmap --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER -sV -p 1433 {IP}
``` ```

View file

@ -67,3 +67,4 @@ Entry_2:
Description: Enumerate NTP Description: Enumerate NTP
Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP} Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP}
``` ```

View file

@ -479,3 +479,4 @@ Entry_6:
Description: Find MX servers of an organization Description: Find MX servers of an organization
Command: dig +short mx {Domain_Name} Command: dig +short mx {Domain_Name}
``` ```

View file

@ -211,3 +211,4 @@ Entry_4:
Description: Nmap snmp (no brute) Description: Nmap snmp (no brute)
Command: nmap --script "snmp* and not snmp-brute" {IP} Command: nmap --script "snmp* and not snmp-brute" {IP}
``` ```

View file

@ -430,5 +430,5 @@ Entry_10:
Command: | Command: |
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php ?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --passwords {Big_Passwordlist} -e wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --passwords {Big_Passwordlist} -e
``` ```

View file

@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml
If you see an error like the following one: If you see an error like the following one:
![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29.png) ![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29%20%283%29.png)
It means that the server **didn't receive the correct domain name** inside the Host header. It means that the server **didn't receive the correct domain name** inside the Host header.
In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one. In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one.

View file

@ -339,7 +339,7 @@ The page www.mail-tester.com can indicate you if you your domain is being blocke
* Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._ * Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._
* You can leave blank the username and password, but make sure to check the Ignore Certificate Errors * You can leave blank the username and password, but make sure to check the Ignore Certificate Errors
![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29.png) ![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29%20%285%29.png)
{% hint style="info" %} {% hint style="info" %}
It's recommended to use the "**Send Test Email**" functionality to test that everything is working. It's recommended to use the "**Send Test Email**" functionality to test that everything is working.