├── README.md ├── SMB and NETBIOS.txt ├── dnscat.txt ├── Google Dorks.txt ├── username_update.txt ├── Links.txt ├── LICENSE ├── nmap.txt └── bashrc.txt /README.md: -------------------------------------------------------------------------------- 1 | # Kali-for-Penetration-Testers 2 | Kali for Penetration Testers, by EC-Council 3 | -------------------------------------------------------------------------------- /SMB and NETBIOS.txt: -------------------------------------------------------------------------------- 1 | nmap –v –p 139,445 –oG smb.txt 192.168.211.129 2 | Enum4linux –a 192.168.211.129 3 | Nbtscan –r 192.168.211.129 -------------------------------------------------------------------------------- /dnscat.txt: -------------------------------------------------------------------------------- 1 | apt-get update 2 | apt-get -y install ruby-dev git make g++ 3 | gem install bundler 4 | git clone https://github.com/iagox86/dnscat2.git 5 | cd dnscat2/server 6 | bundle install 7 | 8 | ruby ./dnscat2.rb -------------------------------------------------------------------------------- /Google Dorks.txt: -------------------------------------------------------------------------------- 1 | Confidential Governmental Documents site:.gov type:pdf "this document is CONFIDENTIAL" 2 | Live Camera Access inurl:ViewerFrame?Mode= (Panasonic web cams) 3 | Passwords “your password is” filetype:log 4 | Printers intitle:”Network Print Server” filetype:shtm 5 | Final Grades inurl:final_grades.html site:edu -------------------------------------------------------------------------------- /username_update.txt: -------------------------------------------------------------------------------- 1 | There is an update for the default username in KALI. It is no more root/toor. 2 | The default credentials are kali/kali. 3 | You must use sudo before the commands we are using in this course. 4 | Or use the command sudo apt install -y kali-grant-root && sudo dpkg-reconfigure kali-grant-root in order to have a passwordless interaction with the terminal. 5 | ----------- 6 | kali@kali:~$ ls /root 7 | ls: cannot open directory '/root': Permission denied 8 | kali@kali:~$ 9 | kali@kali:~$ sudo ls /root 10 | [sudo] password for kali: 11 | hello 12 | kali@kali:~$ sudo apt install -y kali-grant-root && sudo dpkg-reconfigure kali-grant-root 13 | kali@kali:~$ 14 | kali@kali:~$ sudo ls /root 15 | hello 16 | kali@kali:~$ -------------------------------------------------------------------------------- /Links.txt: -------------------------------------------------------------------------------- 1 | KALI Linux: 2 | https://www.kali.org/downloads/ 3 | 4 | Windows 10 trial VMWARE image 5 | https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ 6 | 7 | Workstation player 8 | https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html 9 | 10 | Win32 Disk Imager: 11 | https://sourceforge.net/projects/win32diskimager/ 12 | 13 | Metasploitable: 14 | https://metasploit.help.rapid7.com/docs/metasploitable-2 15 | 16 | Exploit Database: 17 | https://www.exploit-db.com/ 18 | 19 | NetCat 20 | https://github.com/diegocr/netcat 21 | https://eternallybored.org/misc/netcat/ 22 | 23 | ProGuard: 24 | https://www.guardsquare.com/en/products/proguard 25 | 26 | Netcat 27 | https://github.com/diegocr/netcat 28 | 29 | Hidden Tear Ransomware 30 | https://github.com/goliate/hidden-tear 31 | 32 | Pentest.ws: 33 | https://pentest.ws/ 34 | 35 | No IP: 36 | noip.com 37 | 38 | Commands reference 39 | https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 CodeRed by EC-Council 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /nmap.txt: -------------------------------------------------------------------------------- 1 | Scan a single IP nmap 192.168.211.129 2 | Scan a host nmap www.hostname.com 3 | Scan a range of IPs nmap 192.168.211.129-139 4 | Scan a subnet nmap 192.168.211.0/24 5 | Scan targets from a text file nmap -iL list-of-ips.txt 6 | Scan a single port nmap -p 22 192.168.211.129 7 | Scan a range of ports nmap -p 1-100 192.168.211.129 8 | Scan 100 most common ports (Fast) nmap -F 192.168.211.129 9 | Scan all 65535 ports nmap -p- 192.168.211.129 10 | Intense scan all TCP ports nmap -p 1-65535 -T4 -A -v 192.168.211.129 11 | Scan using TCP connect nmap -sT 192.168.211.129 12 | Scan using TCP SYN scan (default) nmap -sS 192.168.211.129 13 | Scan UDP ports nmap -sU -p 123,161,162 192.168.211.129 14 | Detect OS and Services nmap -A 192.168.211.129 15 | Standard service detection nmap -sV 192.168.211.129 16 | Quick scan plus OS fingerprinting and banner grabbing nmap -sV -T4 -O -F --version-light 192.168.211.129 17 | Intense scan no ping nmap -T4 -A -v -Pn 192.168.211.129 18 | Ping/sweep scan nmap -sn 192.168.211.129 19 | Save results as XML nmap -oX outputfile.xml 192.168.211.129 20 | Save results in a format for grep nmap -oG outputfile.txt 192.168.211.129 -------------------------------------------------------------------------------- /bashrc.txt: -------------------------------------------------------------------------------- 1 | # ~/.bashrc: executed by bash(1) for non-login shells. 2 | # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) 3 | # for examples 4 | 5 | # If not running interactively, don't do anything 6 | case $- in 7 | *i*) ;; 8 | *) return;; 9 | esac 10 | 11 | # don't put duplicate lines or lines starting with space in the history. 12 | # See bash(1) for more options 13 | HISTCONTROL=ignoreboth 14 | 15 | # append to the history file, don't overwrite it 16 | shopt -s histappend 17 | 18 | # for setting history length see HISTSIZE and HISTFILESIZE in bash(1) 19 | HISTSIZE=1000 20 | HISTFILESIZE=2000 21 | 22 | # check the window size after each command and, if necessary, 23 | # update the values of LINES and COLUMNS. 24 | shopt -s checkwinsize 25 | 26 | # If set, the pattern "**" used in a pathname expansion context will 27 | # match all files and zero or more directories and subdirectories. 28 | #shopt -s globstar 29 | 30 | # make less more friendly for non-text input files, see lesspipe(1) 31 | #[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" 32 | 33 | # set variable identifying the chroot you work in (used in the prompt below) 34 | if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then 35 | debian_chroot=$(cat /etc/debian_chroot) 36 | fi 37 | 38 | # set a fancy prompt (non-color, unless we know we "want" color) 39 | case "$TERM" in 40 | xterm-color) color_prompt=yes;; 41 | esac 42 | 43 | # uncomment for a colored prompt, if the terminal has the capability; turned 44 | # off by default to not distract the user: the focus in a terminal window 45 | # should be on the output of commands, not on the prompt 46 | force_color_prompt=yes 47 | 48 | if [ -n "$force_color_prompt" ]; then 49 | if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then 50 | # We have color support; assume it's compliant with Ecma-48 51 | # (ISO/IEC-6429). (Lack of such support is extremely rare, and such 52 | # a case would tend to support setf rather than setaf.) 53 | color_prompt=yes 54 | else 55 | color_prompt= 56 | fi 57 | fi 58 | 59 | if [ "$color_prompt" = yes ]; then 60 | PS1='${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u@\h\[\033[00m \]:\[\033[01;34m\]\w\[\033[00m\]\$ ' 61 | else 62 | PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' 63 | fi 64 | unset color_prompt force_color_prompt 65 | 66 | # If this is an xterm set the title to user@host:dir 67 | case "$TERM" in 68 | xterm*|rxvt*) 69 | PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" 70 | ;; 71 | *) 72 | ;; 73 | esac 74 | 75 | # enable color support of ls and also add handy aliases 76 | if [ -x /usr/bin/dircolors ]; then 77 | test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" 78 | alias ls='ls --color=auto' 79 | #alias dir='dir --color=auto' 80 | #alias vdir='vdir --color=auto' 81 | 82 | #alias grep='grep --color=auto' 83 | #alias fgrep='fgrep --color=auto' 84 | #alias egrep='egrep --color=auto' 85 | fi 86 | 87 | # some more ls aliases 88 | #alias ll='ls -l' 89 | #alias la='ls -A' 90 | #alias l='ls -CF' 91 | 92 | # Alias definitions. 93 | # You may want to put all your additions into a separate file like 94 | # ~/.bash_aliases, instead of adding them here directly. 95 | # See /usr/share/doc/bash-doc/examples in the bash-doc package. 96 | 97 | if [ -f ~/.bash_aliases ]; then 98 | . ~/.bash_aliases 99 | fi 100 | 101 | # enable programmable completion features (you don't need to enable 102 | # this, if it's already enabled in /etc/bash.bashrc and /etc/profile 103 | # sources /etc/bash.bashrc). 104 | if ! shopt -oq posix; then 105 | if [ -f /usr/share/bash-completion/bash_completion ]; then 106 | . /usr/share/bash-completion/bash_completion 107 | elif [ -f /etc/bash_completion ]; then 108 | . /etc/bash_completion 109 | fi 110 | fi --------------------------------------------------------------------------------