Pentesting with G0tD4un1k

Sometimes its just easier to use social engineering skills :) Scenario: You are on a  laptop that is connected to a Wifi network - But you don't know the key (Password). WINDOWS: Start > Run >cmd 1] wmic > enter 2] quit 3] netsh wlan show profiles - You will see the available Wifi 4] netsh wlan show profiles name-wifi - Replace name-wifi with the name of the wifi network 5] netsh wlan show profiles  name-wifi key=clear The wifi password will be available in clear text !!!! Have fun MAC OS 1] Open Terminal 2] security find-generic-password -wa  name-wifi 3] Enter the system credentials ( Yes this is not easy as windows) 4] Wifi password will be on screen in clear text Linux 1] sudo cat /etc/NetworkManager/system-connections/ name-wifi  | grep psk=

All of know that we can authenticate to a box without password if you have the SSH keys. The Kali images have known ssh keys and must be changed.  Here is how you can do this:  Move the default Kali ssh keys to a new folder: cd /etc/ssh/ mkdir default_kali_keys mv ssh_host_* default_kali_keys/ This will move your default keys to the new folder... Regenerate the keys: dpkg-reconfigure openssh-server Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... insserv: warning: current start runlevel(s) (empty) of script `ssh' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (2 3 4 5) of script `ssh' overrides LSB defaults (empty). Verify ssh key hashes are different: md5sum ssh_host_* Compare new key hashes to the hashes below) cd default_kali_keys/ md5sum * b9419ea3a8fff086c258740e89ca86b8 ssh_host_dsa_key f9a5b57d7004e3740d07c5b037d15730 ssh_host_dsa_key.p...

I have always been using vulnhub for getting exciting challenges for practice. I am very thankful to team vulnhub. Recently few of my friends who are good penetration testers failed a challenge as they could not discover anything except a web port. When I asked them if they checked the port knocking on the target ???? Well I thought this is a great opportunity to start submitting my attempts to vulnhub challenges. I wrote this challenge while explaining this to my friends. 1] Discovering target 2] nmap scan 3] Interacting with target on open port clicking on the Wooah opened up a pcap file: 4] Looking at tte TCP traffic for Dst Port and Seq: 0 and Len: 0 we get the following ports in following sequence: 7000 8000 9000 7000 8000 9000 8888 looking at this it is very clear that this is a port knocking challenge: So lets knock the ports - we can write a script for this however since this is just 7 ports we will directly knock the ports: 5] now we have port 8888 open and a new directory /b...

While it is very important to keep the screenshots and the results of your tools logged and recorded correctly, consistently and extensively, it is equally important to keep your console logs. This is very helpful when you are done with your penetration test and recall later during the results analysis / report writing that - what was the result of 'that' command I ran??? It is very commonly missed out by most pentesters - at least the beginners. While there are many ways in which you can do this: 1] copy paste the console logs and save it in your fav text editor 2] use a systematic approach I am sure method [1] is known to all :) Let's learn method [2] - Use script yes there is in inbuilt tool / script in linux that you can make use of: script usage: script filename.log This will start a process and it will keep logging the console output to this file. Once you are done just 'exit' Not to mention that care must be taken that you do not exit this process in between ...

As a pentester most of the times you work on a linux destro and it important that you have the basics right so that you do not search for the commands every-time you try to do something. Best is to train yourself on linux 1st before you get into this side. I will try to keep this concise and keep updating it as & when I can think of something: ----------------------------------------------------------------------------------- Common Internet Searches from the terminal :) ----------------------------------------------------------------------------------- [A] Google search:     firefox www.google.com/search?q=Harshwardhan\ Kamdi         (Use the '\' seperator to continue the query. If the '\' seperator is not used then each word seperated by space will be treated as a new website. For e.g. in above example if the '\' is not used then firefox will open google and search for Harshwardhan and then it will open another tab and search for Kamdi....

I had presented this slide deck during null meet at Pune sometime back.