refabr1k's Pentest Notebook
Search
⌃K
refabr1k's Pentest Notebook
Search
⌃K
refabr1k's Pentest Notebook
Steganography
Kali USB with persistence memory
useful tools
Understanding ICACLS permissions
INFO GATHERING
Port Knocking
22 tcp - SSH
25 tcp - SMTP
53 tcp/udp - DNS
88 tcp - Kerberos
161 udp - SNMP
445 tcp - SMB
1098,1099 tcp - Java RMI
8009 tcp - AJP
5901,5902 tcp - VNC
Web
XSS cookie stealing
PHP
Webdav
Wordpress
XML RPC
SQL Injection
SSRF
EXPLOITATION
File Transfers
Buffer Overflow
Bruteforce
PHP rce
Compiling
msfvenom
Reverse shell
Using ENV to escape Bad Characters
shellshock
Ncat Persistent Backdoor
PRIVESC - LINUX
Basic checks
Upgrading Shells
SUID
Privesc - Windows
Basic checks / powershell
Privesc Openings
LonelyPotato - SeImpersonatePrivilege
Enable RDP @ Firewall
NTLM (Pass The Hash)
Windows
NTDS.dit
Responder / SMB Relay
Attacking AD
Metasploit
Basic Usage
Meterpreter
Unsorted
other notes
eLearnSecurity eJPT
eJPT notes
OSWP
Getting started
WEP Attacks
WPA/WPA2 Attacks
Scripts
get port from nmap
Curl response
ping sweep
iptables-counter.sh
(DNS) zonetransfer_check.sh
(DNS) dns-rev-brute.sh
(DNS) dns-fwd-brute.sh
(SMB) vuln-scan.sh
(SMB) samba-checker.sh
(SMTP) vrfy.py
(SNMP) mib-check.sh
Zeroday vulnerabilities explained
2020-12 Solarwind supply chain
Powered By
GitBook
8009 tcp - AJP
Apache JServ Protocol (AJP)
ENUMERATION
nmap
-sV
--script
ajp-auth,ajp-headers,ajp-methods,ajp-request
-n
-p
8009
<
IP
>
Bruteforce
nmap
--script
ajp-brute
-p
8009
<
IP
>
INFO GATHERING - Previous
1098,1099 tcp - Java RMI
Next - INFO GATHERING
5901,5902 tcp - VNC
Last modified
2yr ago
