commit
6502e37763
@ -55,3 +55,26 @@ PORT STATE SERVICE VERSION
|
|||||||
|
|
||||||
{% page-ref page="pentesting-smb.md" %}
|
{% page-ref page="pentesting-smb.md" %}
|
||||||
|
|
||||||
|
## HackTricks Automatic Commands
|
||||||
|
|
||||||
|
```
|
||||||
|
Protocol_Name: Netbios #Protocol Abbreviation if there is one.
|
||||||
|
Port_Number: 137,138,139 #Comma separated if there is more than one.
|
||||||
|
Protocol_Description: Netbios #Protocol Abbreviation Spelled out
|
||||||
|
|
||||||
|
Name: Notes
|
||||||
|
Description: Notes for NetBios
|
||||||
|
Note: """
|
||||||
|
Name service for name registration and resolution (ports: 137/udp and 137/tcp).
|
||||||
|
Datagram distribution service for connectionless communication (port: 138/udp).
|
||||||
|
Session service for connection-oriented communication (port: 139/tcp).
|
||||||
|
|
||||||
|
Every machine should have a name inside the NetBios network. To request a name, a machine should send a "Name Query" packet in broadcast and if anyone answer that it is already using that name, the machine can use that name. If there is a Name Service server, the computer could ask the Name Service server if someone is using the name that it wants to use.
|
||||||
|
|
||||||
|
https://book.hacktricks.xyz/pentesting/137-138-139-pentesting-netbios
|
||||||
|
"""
|
||||||
|
|
||||||
|
Name: Find Names
|
||||||
|
Description: Three scans to find the names of the server
|
||||||
|
Command: """nmblookup -A {IP} &&&& nbtscan {IP}/30 &&&& nmap -sU -sV -T4 --script nbstat.nse -p 137 -Pn -n {IP}"""
|
||||||
|
```
|
||||||
|
@ -368,5 +368,60 @@ Now that a comprehensive enumeration of the web application has been performed i
|
|||||||
|
|
||||||
TODO: Complete the list of vulnerabilities and techniques with [https://six2dez.gitbook.io/pentest-book/others/web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist) and [https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web\_application\_security\_testing/configuration\_and\_deployment\_management\_testing.html](https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web_application_security_testing/configuration_and_deployment_management_testing.html), [https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection](https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection)
|
TODO: Complete the list of vulnerabilities and techniques with [https://six2dez.gitbook.io/pentest-book/others/web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist) and [https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web\_application\_security\_testing/configuration\_and\_deployment\_management\_testing.html](https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web_application_security_testing/configuration_and_deployment_management_testing.html), [https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection](https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection)
|
||||||
|
|
||||||
|
## HackTricks Automatic Commands
|
||||||
|
|
||||||
|
```
|
||||||
|
Protocol_Name: Web #Protocol Abbreviation if there is one.
|
||||||
|
Port_Number: 80,443 #Comma separated if there is more than one.
|
||||||
|
Protocol_Description: Web #Protocol Abbreviation Spelled out
|
||||||
|
|
||||||
|
Name: Notes
|
||||||
|
Description: Notes for Web
|
||||||
|
Note: """
|
||||||
|
The web service is the most common and extensive service and a lot of different types of vulnerabilities exists.
|
||||||
|
|
||||||
|
https://book.hacktricks.xyz/pentesting/pentesting-web
|
||||||
|
"""
|
||||||
|
|
||||||
|
Name: Quick Web Scan
|
||||||
|
Description: Nikto and GoBuster
|
||||||
|
Command: """nikto -host {Web_Proto}://{IP}:{Web_Port} &&&& gobuster dir -w {Small_Dirlist} -u {Web_Proto}://{IP}:{Web_Port} && gobuster dir -w {Big_Dirlist} -u {Web_Proto}://{IP}:{Web_Port}"""
|
||||||
|
|
||||||
|
Name: Nikto
|
||||||
|
Description: Basic Site Info via Nikto
|
||||||
|
Command: """nikto -host {Web_Proto}://{IP}:{Web_Port}"""
|
||||||
|
|
||||||
|
Name: WhatWeb
|
||||||
|
Description: General purpose auto scanner
|
||||||
|
Command: """whatweb -a 4 {IP}"""
|
||||||
|
|
||||||
|
Name: Directory Brute Force Non-Recursive
|
||||||
|
Description: Non-Recursive Directory Brute Force
|
||||||
|
Command: """gobuster dir -w {Big_Dirlist} -u {Web_Proto}://{IP}:{Web_Port}"""
|
||||||
|
|
||||||
|
Name: Directory Brute Force Recursive
|
||||||
|
Description: Recursive Directory Brute Force
|
||||||
|
Command: """python3 {Tool_Dir}dirsearch/dirsearch.py -w {Small_Dirlist} -e php,exe,sh,py,html,pl -f -t 20 -u {Web_Proto}://{IP}:{Web_Port} -r 10"""
|
||||||
|
|
||||||
|
Name: Directory Brute Force CGI
|
||||||
|
Description: Common Gateway Interface Brute Force
|
||||||
|
Command: """gobuster dir -u {Web_Proto}://{IP}:{Web_Port}/ -w /usr/share/seclists/Discovery/Web-Content/CGIs.txt -s 200"""
|
||||||
|
|
||||||
|
Name: Nmap Web Vuln Scan
|
||||||
|
Description: Tailored Nmap Scan for web Vulnerabilities
|
||||||
|
Command: """nmap -vv --reason -Pn -sV -p {Web_Port} --script=`banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)` {IP}"""
|
||||||
|
|
||||||
|
Name: Drupal
|
||||||
|
Description: Drupal Enumeration Notes
|
||||||
|
Notes: """
|
||||||
|
git clone https://github.com/immunIT/drupwn.git for low hanging fruit and git clone https://github.com/droope/droopescan.git for deeper enumeration
|
||||||
|
"""
|
||||||
|
|
||||||
|
Name: WordPress
|
||||||
|
Description: WordPress Enumeration with WPScan
|
||||||
|
Command: """
|
||||||
|
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
|
||||||
|
wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --passwords {Big_Passwordlist} -e
|
||||||
|
"""
|
||||||
|
```
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user