Kismet | Wireless Network Detector, Sniffer,Intrusion Detection System | Digital Hacker

Digital Hacker


What is Kismet?

Kismet is an 802.11 layer-2 wireless network detector, sniffer, and intrusion detection system. It will work with any wireless card that supports raw monitoring (rfmon) mode, and can sniff 802.11a/b/g/n traffic. It can use other programs to play audio alarms for network events, read out network summaries, or provide GPS coordinates. This is the main package containing the core, client, and server.

How to install ?

1)open terminal (ctrl+alt+t)
2) sudo apt-get install kismet

Tools included in the kismet package :

kismet_server – The Kismet server component
root@kali:~# kismet_server -h
Usage: kismet_server [OPTION]
Nearly all of these options are run-time overrides for values in the
kismet.conf configuration file.  Permanent changes should be made to
the configuration file.
*** Generic Options ***
-v, –version                Show version
-f, –config-file     Use alternate configuration file
–no-line-wrap           Turn…

View original post 932 more words


Penetration testing and webapp cheat sheets

I do not think I have collected them all yet, but here's what I have so far. Please suggest more. mobile application pentesting: Pentesting XSS Vectors and cookie stealing Penetration testing tools Penetration testing & exploit development Printer security testing Nmap (Printable, 2013): Nmap (Not printable, date unknown):…Read more Penetration testing and webapp cheat sheets

A cheat-sheet for password crackers

In this article I am going to share some bash scripting commands and regular expressions which I find useful in password cracking. Most of the time, we find hashes to crack via shared pastes websites (the most popular of them being Pastebin.) Isolating the hashes by hand can be a time consuming process; for that…Read more A cheat-sheet for password crackers

Manual pentesting cheatsheet (Windows)


This is a list of commands that can be useful when you have a shell on a Windows box and you want to do local discovery, escalate privileges and pivot (without using tools as Metasploit):

View your current user: whoami
View information about the current user: net user myuser(for a local user)
net user myuser /domain (for a domain user)
View the local groups: net localgroup
View the local administrators: net localgroup Administrators
Add a new user: net user myuser mypass /add
Add a user in the local Administrators group: net localgroup Administrators myuser /add
View the domain name of current machine: net config workstation
net config server
View the name of the domain controller: reg query "HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionGroup Policy History" /v DCName
View the list of domain admins: net group "Domain Admins" /domain
View the list of started services (search for antivirus): net start
sc query
Stop a…

View original post 212 more words


PIVOTING TO THE INTERNAL NETWORK A few months ago I ran into WordPress on a penetration test. It was a generic web application security assessment, but in this case, I was able to compromise the server and most noteworthy to do pivoting thru the internal network. I thought I’d take the compromise walk-through and turn…Read more COMPROMISING A WORDPRESS SITE AND PIVOTING TO THE INTERNAL NETWORK

Using APT tactics and techniques in your pentests   APT tactics I have a student that has been asking me about internal network penetration testing. As a result, I figured I’d write a blog post about APT tactics. I was trying to explain to him that there is so much more to it than just…Read more

UAC Bypass – SDCLT

Penetration Testing Lab

SDCLT is a Microsoft binary that is used in Windows systems (Windows 7 and above) to allow the user to perform backup and restore operations. However it is one of the Microsoft binaries that has been configured to have the autoElevate setting to “true”. This can be verified by using the Sigcheck tool from sysinternals and exploring its manifest file:

sdclt - autoelevate set to true sdclt – autoelevate is set to true

Matt Nelson discovered two methods that can allow  a user to bypass UAC through this binary in Windows 10 environments. Both methods require to construct a specific registry structure however they differ from each other since one method can take command parameters while the other method the full path of a binary that will executed.

App Paths

The backup and restore operation is part of the control panel. This means that when the sdclt.exe process starts the control panel is starting as well…

View original post 359 more words