Pentest Library {P.L.}

Last week we participated in a virtual network pentest in order to test our skills and the security of the network as well. During the pentest we encountered various problems during the host pivoting, so we wrote down the difficulties that we faced and how to solve them. Among various problems that we have faced was the initial beacon from the DMZ zone. Since, the web delivery could not executed, we have moving into https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcp.ps1 , a powershell script from nishang tool which is created from Nikhil Mittal. As the most real case scenarios so and this, the internal network seating behind a DMZ zone. So our first objective is to compromise somehow the external DMZ network and then we will use MSF and CobaltStrike to hope between hosts.   CobaltStrike Pivoting After enumerating the external network which we managed to upload a php file and execute system commands on the remote m

Let's say that your server has LFI vulnerability or the attacker could upload an evil php script on your web server. In this case i will explore the first condition which is LFI. Let's create a little more difficult scenario for attacker and something more secure for the victim :) Webserver has Windows 7 machine + Xampp but has one small misconfiguration problem which can lead to a disastrous for a webserver. The admin forgot to disable those variables in php.ini file register_globals and allow_url and allow for an attacker to include a local or remote file into running php code. Attacker send this code to webserver log file through Netcat

Steganography is a technique of hiding  a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data. An attacker can use steganography to hide messages such as  source code for hacking tools, usernames and passwords, plans for future attacks and many more. Below i will explain how could this achieved in practice using Snow tool. 1)Create a simple txt file and browse to snow directory with command prompt and write the command below.   2)After creating the encrypt txt file you can open it and observe the differences.Have they got the same size?No. What else you could see ? 3)Decrypt the file and extract the hidden message. References: https://en.wikipedia.org/wiki/Steganography

Netcat is simple command-line utility available for linux,Unix and Windows platforms. It is designed to read information from connections using TCP or UDP and do simple port redirection on them as configured.However Netcat has one drawback and an attacker can exploit it by passively sniffing your communication channel. Cryptcat=Netcat + Encryption (TwoFish) Instead of Netcat you can use Cryptcat to secure your communication channel.You are not the only one who can use it as well as attacker can do that.See the pictures and observe the difference in Wireshark

What wikipedia says about Snort ( https://en.wikipedia.org/wiki/Snort_(software) ) Snort's open source network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching and matching. These basic services have many purposes including application-aware triggered quality of service , to de-prioritize bulk traffic when latency-sensitive applications are in use. [1] The program can also be used to detect probes or attacks , including, but not limited to, operating system fingerprinting attempts, common gateway interface , buffer overflows , server message block probes, and stealth port scans . [10] Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection. [11] In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program wi