simon/CTF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
afeda2d6f9cf90c78dbbe0216eb91068a037f6da
CTF/HTB/admirer/results/scans/_manual_commands.txt
Simon 82b0759f1e init htb 
old htb folders
2023-08-29 21:53:22 +02:00

241 lines
18 KiB
Plaintext
Raw Blame History

[*] ftp on tcp/21
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_hydra.txt" ftp://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 21 -O "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_medusa.txt" -M ftp -h admirer.htb
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h admirer.htb
[*] http on tcp/80
[-] (gobuster v3) Multi-threaded directory/file enumeration for web servers using various wordlists:
gobuster dir -u http://admirer.htb:80/ -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -x "php,html,txt" -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_gobuster_dirbuster.txt"
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://admirer.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h admirer.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://admirer.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h admirer.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://admirer.htb:80 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://admirer.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ftp on tcp/21
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_hydra.txt" ftp://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 21 -O "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_medusa.txt" -M ftp -h admirer.htb
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h admirer.htb
[*] http on tcp/80
[-] (gobuster v3) Multi-threaded directory/file enumeration for web servers using various wordlists:
gobuster dir -u http://admirer.htb:80/ -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -x "php,html,txt" -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_gobuster_dirbuster.txt"
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://admirer.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h admirer.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://admirer.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h admirer.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://admirer.htb:80 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://admirer.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ftp on tcp/21
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_hydra.txt" ftp://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 21 -O "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_medusa.txt" -M ftp -h admirer.htb
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h admirer.htb
[*] http on tcp/80
[-] (dirb) Recursive directory/file enumeration for web servers using various wordlists:
dirb http://admirer.htb:80/ /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -l -r -X ",.php,.html,.txt" -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_dirb_dirbuster.txt"
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://admirer.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h admirer.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://admirer.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h admirer.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://admirer.htb:80 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://admirer.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ftp on tcp/21
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_hydra.txt" ftp://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 21 -O "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_medusa.txt" -M ftp -h admirer.htb
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h admirer.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://admirer.htb:80 -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://admirer.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h admirer.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://admirer.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h admirer.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://admirer.htb:80 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://admirer.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ftp on tcp/21
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_hydra.txt" ftp://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 21 -O "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_medusa.txt" -M ftp -h admirer.htb
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h admirer.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://admirer.htb:80 -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://admirer.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h admirer.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://admirer.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h admirer.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://admirer.htb:80 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://admirer.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_wpscan.txt"
[*] ftp on tcp/21
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_hydra.txt" ftp://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 21 -O "/home/simon/htb/admirer/results/scans/tcp21/tcp_21_ftp_medusa.txt" -M ftp -h admirer.htb
[*] ssh on tcp/22
[-] Bruteforce logins:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_hydra.txt" ssh://admirer.htb
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 22 -O "/home/simon/htb/admirer/results/scans/tcp22/tcp_22_ssh_medusa.txt" -M ssh -h admirer.htb
[*] http on tcp/80
[-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:
feroxbuster -u http://admirer.htb:80 -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -e -o /home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt
[-] Credential bruteforcing commands (don't run these without modifying them):
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://admirer.htb/path/to/auth/area
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h admirer.htb -m DIR:/path/to/auth/area
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://admirer.htb/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message"
medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h admirer.htb -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"
[-] (nikto) old but generally reliable web server enumeration tool:
nikto -ask=no -h http://admirer.htb:80 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_nikto.txt"
[-] (wpscan) WordPress Security Scanner (useful if WordPress is found):
wpscan --url http://admirer.htb:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/htb/admirer/results/scans/tcp80/tcp_80_http_wpscan.txt"
Reference in New Issue View Git Blame Copy Permalink