Changes

7,298 bytes added , 20:19, 7 February 2020

m

→‎Examples

Line 1: Line 1:

[http://tools.kali.org/tools-listing Tools list]

−

== crunch==

+

==crunch==

−

Word list creation

+

Word list creation. Example:

+

crunch 6 6 + + + + -o 6charcapslowernumber.txt

+

generates: 6 char pwd list, lowercase, uppercase and numbers

+

+ = wildchar, order is: lower, caps, numbers, special chars

+

-o --> output file

−

== ~~Hydra~~ ==

+

==Examples==

−

~~SSH bruteforce~~

+

−

~~hidra -s 22 -v -V -l root -P~~ <~~path_to_wordlist~~> -e -ns -~~t 16 192.168.0~~.~~101 ssh~~

+

+

crunch 8 8 -f /usr/share/rainbowcrack/charset.txt loweralpha-numeric -o loweralpha-numeric_8_8.lst

−

== patator ==

+

crunch 8 10 -f /usr/share/rainbowcrack/charset.txt mixalpha-numericdot -d 1@ -d 1, -d 1% | parallel -j6 python wallet_bruteforce_simple.py

+

</syntaxhighlight>

+

===Charsets (-f)===

+

crunch 8 8 -f /usr/share/rainbowcrack/charset.txt mixalpha -o /root/alphawordlist.lst

+

charset.txt:

+

+

numeric = [0123456789]

+

alpha = [ABCDEFGHIJKLMNOPQRSTUVWXYZ]

+

alpha-numeric = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]

+

loweralpha = [abcdefghijklmnopqrstuvwxyz]

+

loweralpha-numeric = [abcdefghijklmnopqrstuvwxyz0123456789]

+

mixalpha = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ]

+

mixalpha-numeric = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]

+

ascii-32-95 = [ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~]

+

ascii-32-65-123-4 = [ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`{|}~]

+

alpha-numeric-symbol32-space = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ]</nowiki>

+

Specifiying charsets on command line:

+

crunch 6 6 0123456789ABCDEF

+

escape char: \

+

ABC\!\@\#\$

+

===Patterns (-t)===

+

crunch 8 8 -t @@@@@@56 -o /root/birthdaywordlist.lst

+

-t <pattern> = Giving crunch the pattern @@@@@@56. This word generate passwords up to 8 characters (6 lower case variable and 4 fixed) long that all ended with 56.

+

+

@ -- lower case alpha characters

+

, -- upper case alhpa characters

+

% -- numeric characters

+

^ -- special characters (including space)</nowiki>

+

To specify diferent character set for @ follow this example where @ can be one of [123abcDEF]:

+

crunch 8 8 123abcDEF -t TEST@@@@

+

Enclose the character set whith "" if space is included

+

crunch "123abcDEF " -t TEST@@@@

+

To escape @ in a pattern use -l:

+

crunch 6 6 -t b@d%%% -l @

+

crunch 8 8 -f charset.lst mixalpha -t pass@,%^ -l %^

+

will treat @ as a fixed character

+

Pattern with limited characters:

+

crunch 8 8 abcdef ABCDEF 12345 @#$%- -t @@,,%%^^

+

crunch 8 8 abcdef + 12345 + -t @@,,%%^^

+

===Limits the number of duplicate characters (-d numbersymbol)===

+

Limits the number of duplicate characters. -d 2@ limits the lower case alphabet to output like aab and aac. aaa would not be generated as

+

that is 3 consecutive letters of a. The format is number then symbol where number is the maximum number of consecutive characters and sym‐

+

bol is the symbol of the the character set you want to limit i.e. @,%^ See examples 17-19.

+

===Divided output (-b | -c)===

+

crunch 6 6 0123456789 -b 1mb -o START

+

Creates 1mb files

+

Size definition can be in: kb, mb, gb or kib, mib, gib (ib--> 1024 base; mb --> 1000 base)

+

-o START must be specified as it is

+

crunch 6 6 0123456789 -c 200000 -o START

+

Divide into files with no more than 200000 lines

+

===Stop at certain word (-e)===

+

crunch 6 6 -t %%%%%% -e 333333

+

Creates 6 char numeric wordlist until 333333

+

===Invert direction from left->wright to wright->left (-i)===

+

===Words/Characters permutations (-p | -q)===

+

-p: command line

+

-q: file

+

Words permutations:

+

crunch 1 1 -p bird cat dog

+

Letter permutations:

+

crunch 1 1 -p abcd

+

-p MUST be the last switch

+

crunch 1 1 -q test.txt

+

being test.txt a word list (1 word per line)

+

===Stop/Resume Wordlist creation (ctrl+c/... -r)===

+

crunch 8 8 0123456789 -o test.txt

+

Stop the creation with a Ctrl C, then restart with ;

+

crunch 8 8 0123456789 -o test.txt -r

+

Note: if -s was used it must be removed at the resume line

+

===Start from specific position (-s)===

+

crunch 7 7 0123456789 -s 9670549 -o test.txt

+

Will start at 9670549

+

===Piping Crunch===

+

use: -u |

+

crunch 8 8 -t %%%%%%%% -u | aircrack-ng -e SSID -w - /pathto/capfile.cap

+

crunch 8 8 -t %%%%%%%% -u | cowpatty -f - -r /pathto/capfile.cap -s SSID

+

crunch 8 8 -t %%%%%%%% -u | pyrit -i - -r /pathto/capfile.cap -e ESSID attack_passthrough

+

===Compressing (-z)===

+

*gzip (quick)

+

*bzip

+

*lzma (smallest)

+

crunch 6 6 -f charset.lst lalpha -o test.txt -z gzip

+

crunch 6 6 -f charset.lst lalpha -o test.txt -z bzip2

+

crunch 6 6 -f charset.lst lalpha -o test.txt -z lzma

+

==Hydra==

+

===Website Bruteforce===

+

hydra www.example.com -L /usr/share/wordlists/users.txt -P /usr/share/wordlists/passwords.txt -V -f http-get /members

+

===SSH bruteforce===

+

hydra -s 22 -v -V -l root -P <path_to_wordlist> -e -ns -t 16 192.168.0.101 ssh

+

===RDP Bruteforce (Port: 3389)===

+

hydra -t 2 -V -f -l administrator -P rockyou.txt rdp://10.28.0.196

+

With ncrack

+

ncrack -vv -U common.usr -P top50000.pwd -T 4 10.28.0.161:3389

+

==metagoofil==

+

python metagoofil.py –d www.victima.com –l 20 –f pdf –o out.html –t out-files”

+

-d = dominio de la victima

+

-l = numero de archives maximos a descargar

+

-f = tipo de archivos (pdf, doc, xls, all)

+

-o = como se guardara el resultado

+

-t = directorio que contendrá los archivos descargado

+

==patator==

<nowiki>Patator v0.5 (http://code.google.com/p/patator/)

−

Usage: patator.py module --help

+

Usage: patator.py module --help

−

+

−

Available modules:

+

Available modules:

−

+ ftp_login : Brute-force FTP

+

+ ftp_login : Brute-force FTP

−

+ ssh_login : Brute-force SSH

+

+ ssh_login : Brute-force SSH

−

+ telnet_login : Brute-force Telnet

+

+ telnet_login : Brute-force Telnet

−

+ smtp_login : Brute-force SMTP

+

+ smtp_login : Brute-force SMTP

−

+ smtp_vrfy : Enumerate valid users using SMTP VRFY

+

+ smtp_vrfy : Enumerate valid users using SMTP VRFY

−

+ smtp_rcpt : Enumerate valid users using SMTP RCPT TO

+

+ smtp_rcpt : Enumerate valid users using SMTP RCPT TO

−

+ finger_lookup : Enumerate valid users using Finger

+

+ finger_lookup : Enumerate valid users using Finger

−

+ http_fuzz : Brute-force HTTP

+

+ http_fuzz : Brute-force HTTP

−

+ pop_login : Brute-force POP3

+

+ pop_login : Brute-force POP3

−

+ pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)

+

+ pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)

−

+ imap_login : Brute-force IMAP4

+

+ imap_login : Brute-force IMAP4

−

+ ldap_login : Brute-force LDAP

+

+ ldap_login : Brute-force LDAP

−

+ smb_login : Brute-force SMB

+

+ smb_login : Brute-force SMB

−

+ smb_lookupsid : Brute-force SMB SID-lookup

+

+ smb_lookupsid : Brute-force SMB SID-lookup

−

+ vmauthd_login : Brute-force VMware Authentication Daemon

+

+ vmauthd_login : Brute-force VMware Authentication Daemon

−

+ mssql_login : Brute-force MSSQL

+

+ mssql_login : Brute-force MSSQL

−

+ oracle_login : Brute-force Oracle

+

+ oracle_login : Brute-force Oracle

−

+ mysql_login : Brute-force MySQL

+

+ mysql_login : Brute-force MySQL

−

+ mysql_query : Brute-force MySQL queries

+

+ mysql_query : Brute-force MySQL queries

−

+ pgsql_login : Brute-force PostgreSQL

+

+ pgsql_login : Brute-force PostgreSQL

−

+ vnc_login : Brute-force VNC

+

+ vnc_login : Brute-force VNC

−

+ dns_forward : Forward lookup names

+

+ dns_forward : Forward lookup names

−

+ dns_reverse : Reverse lookup subnets

+

+ dns_reverse : Reverse lookup subnets

−

+ snmp_login : Brute-force SNMP v1/2/3

+

+ snmp_login : Brute-force SNMP v1/2/3

−

+ unzip_pass : Brute-force the password of encrypted ZIP files

+

+ unzip_pass : Brute-force the password of encrypted ZIP files

−

+ keystore_pass : Brute-force the password of Java keystore files

+

+ keystore_pass : Brute-force the password of Java keystore files

−

+ tcp_fuzz : Fuzz TCP services

+

+ tcp_fuzz : Fuzz TCP services

−

+ dummy_test : Testing module

+

+ dummy_test : Testing module

−

</nowiki>

+

</nowiki>

−

== webscarab ==

+

==webscarab==

−

== smali ==

+

==smali==

−

usage: java -jar smali.jar [options] [--] [<smali-file>|folder]*

+

usage: java -jar smali.jar [options] [--] [<smali-file>|folder]*

−

assembles a set of smali files into a dex file

+

assembles a set of smali files into a dex file

−

-?,--help prints the help message then exits. Specify twice for debug options

+

-?,--help prints the help message then exits. Specify twice for debug options

−

-a,--api-level <API_LEVEL> The numeric api-level of the file to generate, e.g. 14 for ICS. If not

+

-a,--api-level <API_LEVEL> The numeric api-level of the file to generate, e.g. 14 for ICS. If not

−

specified, it defaults to 14 (ICS).

+

specified, it defaults to 14 (ICS).

−

-o,--output <FILE> the name of the dex file that will be written. The default is out.dex

+

-o,--output <FILE> the name of the dex file that will be written. The default is out.dex

−

-v,--version prints the version then exits

+

-v,--version prints the version then exits

−

-x,--allow-odex-instructions allow odex instructions to be compiled into the dex file. Only a few

+

-x,--allow-odex-instructions allow odex instructions to be compiled into the dex file. Only a few

−

instructions are supported - the ones that can exist in a dead code path and

+

instructions are supported - the ones that can exist in a dead code path and

−

not cause dalvik to reject the class

+

not cause dalvik to reject the class

−

</nowiki>

+

</nowiki>

−

== paros ==

+

==paros==

Gui crawler

−

== oscanner ==

+

==oscanner==

−

Oracle Scanner 1.0.6 by patrik@cqure.net

+

Oracle Scanner 1.0.6 by patrik@cqure.net

−

--------------------------------------

+

--------------------------------------

−

OracleScanner -s <ip> -r <repfile> [options]

+

OracleScanner -s <ip> -r <repfile> [options]

−

-s <servername>

+

-s <servername>

−

-f <serverlist>

+

-f <serverlist>

−

-P <portnr>

+

-P <portnr>

−

-v be verbose

+

-v be verbose

−

</nowiki>

+

</nowiki>

−

== dirbuster ==

+

==dirbuster==

another bruteforce application

−

== dbpwaudit ==

+

==dirb==

+

Bruteforce URL's with wordlist

+

dirb http://10.28.0.161/

+

==hash-identifier==

+

==dbpwaudit==

<nowiki> DBPwAudit v0.8 by Patrik Karlsson <patrik@cqure.net>

−

----------------------------------------------------

+

----------------------------------------------------

−

DBPwAudit -s <server> -d <db> -D <driver> -U <users> -P <passwords> [options]

+

DBPwAudit -s <server> -d <db> -D <driver> -U <users> -P <passwords> [options]

+

-s - Server name or address.

+

-p - Port of database server/instance.

+

-d - Database/Instance name to audit.

+

-D - The alias of the driver to use (-L for aliases)

+

-U - File containing usernames to guess.

+

-P - File containing passwords to guess.

+

-L - List driver aliases.

+

</nowiki>

+

==casefile==

+

==Vulnerability Scan uniscan==

+

+

####################################

+

# Uniscan project #

+

# http://uniscan.sourceforge.net/ #

+

####################################

+

V. 6.2

+

OPTIONS:

+

-h help

+

-u <url> example: https://www.example.com/

+

-f <file> list of url's

+

-b Uniscan go to background

+

-q Enable Directory checks

+

-w Enable File checks

+

-e Enable robots.txt and sitemap.xml check

+

-d Enable Dynamic checks

+

-s Enable Static checks

+

-r Enable Stress checks

+

-i <dork> Bing search

+

-o <dork> Google search

+

-g Web fingerprint

+

-j Server fingerprint

+

usage:

+

[1] perl ./uniscan.pl -u http://www.example.com/ -qweds

+

[2] perl ./uniscan.pl -f sites.txt -bqweds

+

[3] perl ./uniscan.pl -i uniscan

+

[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"

+

[5] perl ./uniscan.pl -o "inurl:test"

+

[6] perl ./uniscan.pl -u https://www.example.com/ -r

+

report saved to: /usr/share/uniscan/report/www.example.com.html</nowiki>

−

~~-s - Server name or address~~.

+

vega (GUI)

−

~~-p - Port of database server~~/~~instance~~.

+

==Rebind==

−

-d - ~~Database/Instance~~ name ~~to audit.~~

+

IP rebind attack for routers

−

-D - ~~The alias of~~ the ~~driver to use (~~-~~L for aliases)~~

+

https://www.youtube.com/watch?v=0duYxPIx8gU

−

-U - ~~File containing usernames to guess.~~

+

http://rebind.googlecode.com

−

-P - ~~File containing passwords~~ to ~~guess.~~

+

−

-~~L - List driver aliases.~~

+

Rebind v0.3.4

−

</nowiki>

+

−

== ~~casefile~~ ==

+

Usage: rebind [OPTIONS]

+

-i <interface> Specify the network interface to bind to

+

-d <fqdn> Specify your registered domain name

+

-u <user> Specify the Basic Authentication user name [admin]

+

-a <pass> Specify the Basic Authentication password [admin]

+

-r <path> Specify the initial URL request path [/]

+

-t <ip> Specify a comma separated list of target IP addresses [client IP]

+

-n <time> Specify the callback interval in milliseconds [2000]

+

-p <port> Specify the target port [80]

+

-c <port> Specify the callback port [81]

+

-C <value> Specify a cookie to set for the client

+

-H <file> Specify a file of HTTP headers for the client to send to the target</nowiki>

+

==websploit==

+

[[Kali_Linux:_Wifi_Jamming|Wifi Jamming]]

Rafahsolis

Bureaucrats, Administrators

2,306

edits

Changes

Kali tools (view source)

Revision as of 20:19, 7 February 2020

Navigation menu

Search