Tools and Commands learned from PTS → elearnsecurity:-

Tools:-

  1. wireshark:-is a protocol analyzer network sniffer, which allows to see the data transmitted over the network. (you will see if the data sent in clear-text or encrypted)
  2. Burp suit:- used to send http\https requests and analyze the requests and responses.
  3. subdomain enumeration tools:

Commands (linux OS):-

  1. To view router table:- ip route
  2. To add a route manually:- sudo ip route add network-ip via gateway-ip
  3. To view ARP Cache:- ip neighbour
  4. To view network statistics and protocols status:- netstat
  5. To do reverse DNS resolution (from DNS name to ip):- ping
  6. To write or read something from web site and send http requests and analyze the requests and responses:- netcat\nc
  7. To write or read something from web site and send https requests and analyze the requests and responses:- openssl $_client -connect.
  8. subdomain enumeration (collect DNS data from various sources: sublist3r, amass
  9. To check if a machine is alive or not we use:-ping
  10. To perform ping sweep:- fping -a -g therange.
GET:- to request web pages and pass arguments.
POST: to submit data in web forms.
HEAD: to show only the header of the responses.
PUT: to upload files to web servers.
DELETE: to remove a file from web servers.
OPTIONS: to query the web server for enabled http verbs.
TCP connection between client and server.
UDP connection between client and server.
TCP connection between client and server and executing shell commands.
  • -u → to assign url target.
  • -p → to specify parameters and if we have only one parameter we can ignore it.
  • - -dbms= to specify database name.
  • - -technique= to specify sql injection technique.
  • -b/- -banner → to view banner information.
  • - -tables
  • - -columns
  • - -dump → to view tables entries.
  • - -wizard → to enumerate database for beginners.
  • -U → for viewing details about a module.
  • -L →To lunch a usernames list inside a file.
  • -P →To lunch a passwords list inside a file.
  • module name: target → to specify a module.
  • -N →force a tool to not ask for a password.

sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

35. to intercept traffic on a switched LAN using Dsniff tools (MITM attack) :-arpspoof -i <interface> -t <target> -r <host>

  • search → to search about for a given term or module.
  • show exploits → to display exploits.
  • use the path of exploits → to use an exploit.
  • back → to cancel exploitations.
  • info → to display related information.
  • show options → to check exploitation options.
  • set options → to configure options.
  • show payload →to show executable payloads
  • set payload path →to choose payload
  • exploit → lunching an exploit.
  • reverse_tcp performs a TCP connection back to the attacker machine →set payload linux/x86/meterpreter/reverse_tcp
  • bypassuac bypass the restriction use exploit/windows/local/bypassuac
  • background → to switch from a Meterpreter session to the console.
  • sessions -l → list opened sessions.
  • sessions -i number of session → to switch toan opened session.
  • sysinfo →retrieve information about the exploited machine.
  • ifconfig →prints the network configuration.
  • route →prints the routing information.
  • getuid — To know which user is running the process.
  • getsystem → privilege escalation.
  • shell → run standard command shell.
  • help →to display all Meterpreter commands.
The code in attacker server to save the cookies receive it from victim browser.
Code inserted in web site to infect it.

Commands (Windows OS):-

  1. Tool to display information about the target(file share):-nbtstat
  • A → display information about the target.
  • <00> →means workstation.
  • <02>means there is files sharing.
  • -U → enumerate users
  • -P →check the password policy

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store