Lazimi tool-lar

So You Want To Be A Hacker: 2021 Edition - https://tcm-sec.com/so-you-want-to-be-a-hacker-2021-edition/

nmap Automator

git clone https://github.com/asafahmadov/nmapAutomator.git

Network range scanner

netdiscover -r 10.0.2.0/24

nmap -sn 10.0.2.0/24

Directory SCAN

NMAP

sudo nmap -script http-enum.nse 10.11.1.35

Dirsearch

dirsearch.py -e php,html,js -u https://10.0.2.6 -w /usr/share/wordlist

./dirsearch.py –u http://192.18.1.5/dvwa -e php -f -x 400,403,404
# –e is use for generating one entry for php extension; 
# -x hide responses with the specified code/lines/words/chars.

Metasploit

use auxiliary/scanner/http/dir_scanner   
msf auxiliary(dir_scanner) >set dictionary /usr/share/wordlists/dirb/common.txt
msf auxiliary(dir_scanner) >set rhosts 10.0.2.6
msf auxiliary(dir_scanner) > set path /dvwa
msf auxiliary(dir_scanner) >exploit

Wordpress scan

wpscan --url 10.0.2.6 --enumerate u

wpscan --url http://10.0.2.6/ -e u,vp,vt --ignore-main-redirect --force

Download remote file

curl 10.0.2.6/fsocity.dic > wordlist.txt

Creating Metasploit Payloads

Creating Metasploit PayloadsNetSec

MSFVenom - CheatSheetHackTricks

Meterpreter shell

msf6> use exploit/multi/handler
msf6> exploit(/multi/handler) > options
msf6> exploit(/multi/handler) > set payload windows/meterpreter/reverse_tcp

Password Hash Cracker

https://crackstation.net/

NextExtra resurslar

Last updated 3 years ago

Was this helpful?