Sometimes during our pentests we are facing the situation when we can not bring our own laptop with the whole great set of tools installed and prepared. We can only 'pentest' the target (box/app/scope) from the machine prepared by the Client. It can be annoying when you can't use tools like nmap or netcat but we'll try to fix that. Here we go...
This time we will start here:
Our first ('example') goal is very simple: read the list of 'links' (IPs or hostnames) from TXT file and try to do a GET request to the link. Let's start from creating a simple file (links.txt), for example:
---<cut>---
http://host.one
https://host.two
http://host.three:8443
---</cut>---
To read the file and do a request we'll use this one code:
Easy like that.
Next case - 'lack of nmap'. For sure we can use PowerShell again and find the way to scan remote ports. For example we can use Test-NetConnection, like below:
So far, so good.
To scan more (ports) we can use a simple loop with Net.Sockets.TcpClient for each port. I defined to scan only few TCP ports (from 20 to 30) on my 'remote target' (Kali VM):
Spoiler alert: yes, it will scan slowly. ;)
At this stage I decided to prepare a small script in PS1 to automate it a little bit. Code should:
- read argv[1] from command line
- 'scan' ports on remote (argv[1]) host
Let's try:
Results (against my Kali VM) below:
Simple enough to continue. ;)
Next case - probably one of my favourite ;) no netcat. So? in case of testing bugs like SSRF or other injections we can try to build a little listener using PowerShell. Like this one (based on multiple StackOverflow's hints ;)):
I hope you'll find IT useful. ;)
Special thanks goes to my new Patreon's:
- Daniel
- julianvolodia
Thank you! You are AWSOME! ;)
See you next time!
Cheers
Brak komentarzy:
Prześlij komentarz