Cheetsheet For useful quick commands during pentest engagements.

Scenario 1 - BruteForce
Lets say we need to brute force an HTTP authentication prompt.
When looking at the headers we see that the password is passed only as an authcode that is sent as
username:password then base64 encoded.

Therefore we can't easily use hydra or ncrack as we have no values to pass..

What we can do, as we know the format is create a custom wordlist and base64 the output then send this to the Intruder module of BurpSuite.

For an inital test lets try to start with the username of 'admin'

So therefore now we must add "admin:" to the start of each line of the password file.

sed -i 's/^/admin:/' INPUTFILE.TXT

Now we have the formatting correct lets read n each line of the inputfile and convert each line to base64. Then lets output this to a new file.

while read line; do echo -n  $line | base64 >> OUTPUT-FILE.txt ; done < INPUTFILE.txt

 Now we can run this on the BurpSuite Intruder and hopefully find the password.

How to Check the System Info of a Windows PC from the prompt 
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" 
rdesktop -u sp00ks -p sp00ks
rdesktop -u administrator -p sp00ks -g1600x800

Find all users except this user
find . \! -user foo -print

No comments:

Post a Comment