This is a short memo for the people who already knows the basic of the pentest. This will not cover the Lateral Movement and only cover how to get shell and to escalate privilege. The example command is based on this environment.
TARGET HOST=192.241.248.137
TARGET URL=https://shinobot.com
LOCAL HOST=59.106.208.91
The contents is separated to 3 parts.
- Initial Information Gathering
- Exploit (Getting the shell)
- Post Exploitation (Getting the root privilege)
sudo apt-get install -y nmap
sudo yum install -y nmap
You can find the zip file in https://cirt.net/Nikto2.
sudo yum install openssl-devel perl perl-Net-SSLeay perl-Crypt-SSLeay
sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libio-pty-perl libmd5-perl
wget https://github.com/sullo/nikto/archive/master.zip
unzip master.zip
git clone https://github.com/m4ll0k/Konan.git
cd Konan
pip install -r requirements.txt
pip install pathlib
git clone https://github.com/offensive-security/exploitdb.git /opt/exploit-database
ln -sf /opt/exploit-database/searchsploit /usr/local/bin/searchsploit
searchsploit -u
wget http://www.openwall.com/john/j/john-1.8.0.tar.gz
tar xzf john-1.8.0.tar.gz