Foot-printing and Reconnaissance



PortsServicesOperating SystemsHow-to
21FTP vsftpd - vsFTPd 2.3.4Ubuntu/DebianHow to exploit vsftpd backdoor – Metasploitable2

How to exploit vsftpd backdoor (manually) – Metasploitable2
22SSH - OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)Ubuntu/DebianHow to brute force SSH – Metasploitable2

How to exploit Predictable PRNG Bruteforce OpenSSH – Metasploitable2

How to login SSH by using private key – Metasploitable2

How to login SSH by using the attacker’s private key – Metasploitable2
25SMTPUbuntu/DebianHow to enumerate SMTP user – Metasploitable2
80Apache/2.2.8 (Ubuntu) DAV/2Ubuntu/DebianHow to exploit WebDav – Metasploitable2
80, 8080, 8180Apache Tomcat/Coyote JSP engine 1.1 Tomcat/5.5Ubuntu/DebianHow to exploit TOMCAT – Metasploitable2
139, 445netbios-ssnWindowsHow to exploit MS_08067netapi using Metasploit Framework GUI
139, 445netbios-ssn, SAMBA - smbd 3.XUbuntu/DebianHow to exploit SAMBA, usermap_script (CVE-2007-2447) – Metasploitable2

How to exploit Samba Symlink Directory Traversal – Metasploitable2
512, 513, 514"r" servicesUbuntu/DebianHow to connect “r” services – Metasploitable2
1099Java RMIUbuntu/DebianHow to exploit the Java RMI Server – Metasploitable2
1524“ingreslock” backdoorUbuntu/DebianHow to connect “ingreslock” backdoor – Metasploitable2
2049NFSUbuntu/DebianHow to mount Network File System (NFS) – Metasploitable2
3260SkuzzyUbuntu/DebianHow to connect skuzzy without credentials - Ew_Skuzzy
How to brute force MySQL – Metasploitable2
How to read the password file via MySQL – Metasploitable2
How to use Mysqladmin Commands for Database Administration

How to reset the Mysql Password in Kali linux
How to fix MySQL (Can’t connect) in Kali linux2
3632distcc daemon - v1, 2.xUbuntu/DebianHow to exploit the distcc daemon – Metasploitable2
5432postgresql Ubuntu/DebianHow to brute force PostgreSQL – Metasploitable2

How to exploit the OS file system via PostgreSQL – Metasploitable2
6777Unreal ircd - to exploit the UnrealIRCD (Backdoor Command Execution) – Metasploitable2

How to exploit the UnrealIRCD manually (Backdoor Command Execution) – Metasploitable2
8787Ruby DRb RMI server - 1.8Ubuntu/DebianHow to exploit Ruby DRb RMI – Metasploitable2
80, 7001WebLogic Server Application
Ubuntu/DockerHow to exploit WebLogic server via Java De-serialization Vulnerabilities

Privilege Escalation

Operating SystemsVersions/KernelVulnerabilitiesHow-to
LinuxUbantu 8.04, 2.6.24-16udev < 141How to escalate the privilege by UDEV < 141 – Metasploitable2
LinuxUbantu 14.01, 3.13.0-32-genericApport/Abrt < 2.17.1How to escalate the privilege by Apport (Installed packages) – Sedna
Chkrootkit 0.49How to escalate the privilege by Chkrootkit 0.49 (Configuration files) – Sedna
LinuxUbantu 11.10, 3.0.0-12-genericSUIDHow to find SUID permission – Nebula 00
$PATHHow to modify $PATH (environment variable) - Nebula 01
environmental variable + command injectionHow to inject command through the environmental variable – Nebula 02
crontab + improper permissionHow to escalate the privileges through improper contrab implementation – Nebula 03
bypass the filename filter + SUIDHow to bypass the filename filter to execute the SUID file – Nebula 04
hidden backed file + disclosure of private key of SSHHow to find the hidden file and login SSH through private key – Nebula 05
hashed password in passwd + crack password hashHow to crack the hash contained in passwd – Nebula 06
OS command injection through CGI + improper privilege assignment of web server How to inject the OS command through CGI – Nebula 07
disclosure .pcap file containing the password + improper file permission settingHow to disclose the password through the .pcap file – Nebula 08
Windows to escalate the privileges through MS16-041 (Post-exploitation due to non-fully patch Windows platform)

Password Cracking