Hack the world

 Run docker  sudo docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge honeynet/conpot:latest /bin/sh set alias echo 'alias conpot="/home/conpot/.local/lib/python3.6/site-packages/conpot-0.6.0-py3.6.egg/bin/conpot"' >> ~/.bashrc source .bashrc run conpot conpot -f --template default change configuration: /home/conpot/.local/lib/python3.6/site-packages/conpot-0.6.0-py3.6.egg/conpot/testing.cfg Set json as True, set the log file place.

  GoBuster is a tool used to brute-force URIs (directories and files), DNS subdomains and virtual host names. For this machine, we will focus on using it to brute-force directories. gobuster dir -u http://$IP:$port -w /usr/share/wordlists/dirb/common.txt  Find specific file, for example 'php'.  gobuster dir -u http://$IP:$port -x php -w /usr/share/wordlists/dirb/common.txt  -e :Print the full URLs in your console -u :The target URL -w :Path to your wordlist -U and -P :Username and Password for Basic Auth -p <x> :Proxy to use for requests -c <http cookies> :Specify a cookie for simulating your auth

  nmap is an free, open-source and powerful tool used to discover hosts and services on a computer network. In our example, we are using nmap to scan this machine to identify all services that are running on a particular port. nmap has many capabilities, below is a table summarising some of the functionality it provides. Common example: nmap -sV -sC -Pn $IP nmap -A -sC -oN $text_name $IP  common parameters: -sV :Attempts to determine the version of the services running -p <x> or -p- :Port scan for port <x> or scan all ports -Pn :Disable host discovery and just scan for open ports -A :Enables OS and version detection, executes in-build scripts for further enumeration  -sC :Scan with the default nmap scripts -v :Verbose mode -sU :UDP port scan -sS :TCP SYN port scan -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,      and Grepable format, respectively, to the given filename.

Hydra brute force against SNMP hydra -P password-file.txt -v $ip snmp Hydra FTP known user and rockyou password list hydra -t 1 -l admin -P /usr/share/wordlists/rockyou.txt -vV $ip ftp Hydra SSH using list of users and passwords hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u $ip ssh Hydra SSH using a known password and a username list hydra -v -V -u -L users.txt -p "" -t 1 -u $ip ssh Hydra SSH Against Known username on port 22 hydra $ip -s 22 ssh -l -P big_wordlist.txt Hydra POP3 Brute Force hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f $ip pop3 -V Hydra SMTP Brute Force hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V Hydra attack http get 401 login with a dictionary hydra -L ./webapp.txt -P ./webapp.txt $ip http-get /admin Hydra attack Windows Remote Desktop with rockyou hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$ip Hydra brute force SMB user with rockyou: hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt $...

Diffie-hellman key Exchange (D-H) is a security protocol. It allows both parties to set up a key over an insecure channel without any prior information from the other party. This key can be used as a symmetric key in subsequent communications to encrypt the communication content.  Alice and Bob  publicly agree to use a modulus  p  =  23  and base  g  =  5  (which is a primitive root modulo 23). Alice chooses a secret integer  a  = 4, then sends Bob  A  =  g a  mod  p A  =  5 4  mod  23  =  4 Bob chooses a secret integer  b  = 3, then sends Alice  B  =  g b  mod  p B  =  5 3  mod  23  =  10 Alice computes  s  =  B a  mod  p s  =  10 4  mod  23  =  18 Bob computes  s  =  A b  mod  p s  =  4 3  mod  23  =...

Step 1: use reconnaissance to find victim. I use zenmap to find the victim, it's my boyfriend. 😆. 24 means find all the subnet in the segment. This is equal to the command: nmap -T4 -A -v 192.168.3.16/24 I found there are two apple machines, one is his, the other is mine.  His IP is 192.168.3.11 Step 2: do SYN flood attack with hping3  We’re sending 15000 packets (-c 15000) at a size of 120 bytes (-d 120) each. We’re specifying that the SYN Flag (-S) should be enabled, with a TCP window size of 64 (-w 64). To direct the attack to our victum’s HTTP web server we specify port 80 (-p 80) and use the --flood flag to send packets as fast as possible. As you’d expect, the --rand-source flag generates spoofed IP addresses to disguise the real source and avoid detection but at the same time stop the victim’s SYN-ACK reply packets from reaching the attacker. Step 3： check the result  He is going to kill me.😈