Priv_checker Recon script && Free material

 

 

Hi All,

Been a while since posting. Gone through a lot in a YEAR, but I think that will be for another posting. I am more excited about some scripts I have been working on.

I am planning to take the OSCP challenge in June so I thought I would automate some things. So far automating the checking for privilege checking on windows and Unix boxes and automating recon.

 

Python Privilege Checker

The first I would like to present is my Python privilege checking script. This one I gained the idea off of a blog for an OSCP review. Which can be found at Securitysift. Also @securitysift.

He writes it in Python as well, and as I am a great fan of Python I decided to write it in the same language.

My focus is that the output is to be reviewed by me so I did not need to create a HTML template. As it is for when being on a box I wanted to use native windows/Linux command to create text files for my output.

The most basic flow of my script is:

• Check if Linux or Windows OS
  • If Linux: run all Linux system commands
  • If Windows: run all Windows command

 

The code is on Pastebin for the month. I am figuring out an easier way to highlight my python code.

I have also created a start of a batch file in case the windows box does not a) have python installed or b) does not allow me to run executables (py installer). A shell script is almost in the making in case I find my self on a Unix box unable to run python scripts.

http://pastebin.com/zfDihegh

 

 

 

Recon script

I also gained the idea from the same blog from @securitysift.

My recon script at the moment does a simple nmap scan on all ports, parses the output from an XML file and runs other nmap scans based on the ports it finds. I wanted to use the GREP format so as to not copy cat @securitysift but found that it is difficult to parse GREP and XML was much easier. So why re-invent the wheel.

The code again can be found here:

http://pastebin.com/8pGG4fG6

 

My code is in draft, aka work in progress. It does not run other scripts off every port nor does it run every tool for the main ports. I thought I would work on it more when I am in the labs  and can see what more I need, or even if any problems are arising.

@securitysift did the great idea of having separate python scripts that the main executes, so that they can be used individually if needed, for example dns_recon.py is a script focused on dns. Mine at the current time does not do that. As the focus is oscp I feel that its not necessary, but for real work who knows, or for team exercises @securitysift module based scripts would be great.

 

 

 

Mentioning of Free material

#Infosec is great for sharing resources and most people you would consider l33t are really open to questions as long as you have done some research or considered options. Obviously there are exceptions to every rule and not all people are so open, but in generally I feel it is a great community.

A shout out I want to do is for Cybrary.IT. You may have seen their funding campaign or presence on twitter (@cybraryIT).  Go to their courses list at http://www.cybrary.it/courses/ and you will see a gigantic list of FREE material. You will notice that have Network Administration and Systems administration and a BIG focus on  security, which I really like.

So say for aspiring pentesters (yes I am still one) they have a great source of foundational material as well as post exploitation (once you get on a box). Many skilled pen testers / red teamers already have had experience in Admin experience so do not discount the other ‘not so infosecy courses’.

 

The one course I like is the Penetration Testing course, you could follow this and learn a LOT of stuff. It covers basics like footprinting yes, but the way it is white boarded in the video really helps you gain the concepts. Having a quick look at additional study material includes other free and not free materials (as shown below). Their recommendations are valid, I am currently working through TheHackerPlaybook and its great.

 

Just a little shout out to them, if you are wanting to upskill or learn a little more, hit Cybrary.IT up. Its free, its good quality, just be consistent keep at it and push through. So many materials I have that I jump from and too, I am finally learning to stick to one! This is a great path.

 

Testing the hooking in Beef

 

 

COPY PASTE FROM THEIR WEBSITE BELOW:

Recommended Additional Study Material

• Penetration Testing: A Hands-On Guide by Georgia Weidman
• HackThisSite
• America’s Cyber Future: Security and Prosperity in the Information Age
• The Hacker Playbook
• Free CEH Study Guide
• Member Contributed Content:
  • Vulnerabilities vs Penetration Testing (pptx) – By Michael Lassiter Jr.
  • Information Security & Cyber Security White Paper (pdf) – By Michael Lassiter Jr.
• Free Sponsor White Papers:
  • Three Ways Companies Can Avoid DDoS Attacks *NEW*
  • Know Your Enemy: 5 Ways Identity Theft Can Occur *NEW*
  • Network Security Report: The State of Network Security in Schools *NEW*
  • Protecting Your Website With Always On SSL
  • How to Secure Multiple Domains with SSL