Pentest VM Setup
Root User
Her komutun başına sudo eklemekten sıkıldıysan kullanabilirsin.
sudo su
passwd
rebootKlavye
nano /etc/default/keyboard
rebootSunum Modu
Scriptlerin yarıda kesilmesinden sıkıldıysan sunum modunu açabilirsin böylece hiçbir zaman uyku moduna girmeyecek.
Rockyou.txt Dosyası
Brute-force denemelerinde sıkça kullanılan bu wordlisti aşağıdaki komut ile çıkartıyoruz.
gzip -d /usr/share/wordlists/rockyou.txt.gzUpdate
Bütün araçları ve işletim sistemini güncellemek için aşağıdaki komutu kullanabiliriz.
export DEBIAN_FRONTEND=noninteractive
apt update && apt full-upgrade -y && apt autoremove -y && apt autoclean && apt clean
rebootTools
Bu blogdaki bütün anlatılan toolları aşağıdaki şekilde yükleyebilirsin.
apt install -y coercer apktool krb5-user assetfinder beef-xss bloodhound.py dirsearch dnscat2-client dnscat2-server docker.io enum4linux-ng evolution feroxbuster gdb ghidra git-cola golang-go gospider jq keepass2 build-essential libbz2-dev libffi-dev liblzma-dev libncurses-dev libpcap-dev libreadline-dev libreoffice libreoffice-gtk4 libreoffice-gtk4 libsqlite3-dev libssl-dev zlib1g-dev tk-dev mingw-w64 pipx python3-wsgidav remmina rlwrap sliver snmp-mibs-downloader terminator thunderbird wafw00f xclip xrdp zaproxy zenmap micro kali-wallpapers-all hcxdumptool hcxtools wifiphisher
sliver > armory install all
pipx ensurepath
pipx install shcheck mitmproxy git-dumper updog uro apkleaks reflutter adidnsdump
pipx install git+https://github.com/blacklanternsecurity/MANSPIDER
pipx install git+https://github.com/Pennyw0rth/NetExec
pipx upgrade-all
echo 'export PATH="$HOME/go/bin:$PATH"' >> ~/.zshrc
go install github.com/projectdiscovery/pdtm/cmd/pdtm@latest
pdtm -ia
pdtm -ua
pdtm -up
nuclei -ut
micro /root/.config/subfinder/provider-config.yaml
rm /usr/bin/httpx
go install github.com/tomnomnom/anew@latest
go install github.com/tomnomnom/gf@latest
go install github.com/tomnomnom/qsreplace@latest
go install github.com/tomnomnom/waybackurls@latest
go install github.com/sensepost/gowitness@latest
go install github.com/bitquark/shortscan/cmd/shortscan@latest
go install github.com/lc/gau/v2/cmd/gau@latest
go install github.com/ropnop/kerbrute@latest
go install github.com/hakluke/hakrawler@latest
go install github.com/hahwul/dalfox/v2@latest
go install github.com/ndelphit/apkurlgrep@latest
echo 'source /root/go/pkg/mod/github.com/tomnomnom/gf@v0.0.0-20200618134122-dcd4c361f9f5/gf-completion.zsh' >> ~/.zshrc
mkdir ~/.gf
cp -r /root/go/pkg/mod/github.com/tomnomnom/gf@v0.0.0-20200618134122-dcd4c361f9f5/examples/*.json ~/.gf
git clone https://github.com/1ndianl33t/Gf-Patterns
mv /root/Desktop/Gf-Patterns/*.json ~/.gf
rm -r Gf-Patterns
source ~/.zshrcBurp Pro: https://portswigger.net/burp/releases#professional
Foxyproxy: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
Wapplyzer: https://addons.mozilla.org/tr/firefox/addon/wappalyzer/
Default Applications
Default terminal -> terminator
Pyenv
Birden fazla python versiyonu kullanmak isterseniz pyenv aracını kullanabilirsiniz.
curl https://pyenv.run | bash
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.zshrc
echo '[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.zshrc
echo 'eval "$(pyenv init -)"' >> ~/.zshrc
exec $SHELL
# Kullanım
pyenv versions
pyenv install 2.7
pyenv install 3.11
pyenv local 3.11
pyenv global 3.11
pyenv global systemGerekli Dosyalar
mkdir tools
cd tools
git clone https://github.com/urbanadventurer/username-anarchy.git
git clone https://github.com/Ridter/noPac.git
git clone https://github.com/cube0x0/CVE-2021-1675.git
git clone https://github.com/ly4k/PetitPotam.git
git clone https://github.com/dirkjanm/PKINITtools
git clone https://github.com/ticarpi/jwt_tool.git
git clone https://github.com/Greenwolf/ntlm_theft
git clone https://github.com/dirkjanm/krbrelayx.git
git clone https://github.com/HavocFramework/Havoc.git
git clone https://github.com/fox-it/cve-2019-1040-scanner.git
git clone https://github.com/Greenwolf/ntlm_theft.git
git clone https://github.com/Wh04m1001/DFSCoerce.git
cd ..
mkdir server
cd server
wget -q https://github.com/tylerdotrar/SigmaPotato/releases/latest/download/SigmaPotato.exe
wget -q https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh
wget -q https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASx64.exe
wget -q https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/refs/heads/master/Rubeus.exe
wget -q https://github.com/nicocha30/ligolo-ng/releases/download/v0.7.2-alpha/ligolo-ng_proxy_0.7.2-alpha_windows_amd64.zip
wget -q https://github.com/nicocha30/ligolo-ng/releases/download/v0.7.2-alpha/ligolo-ng_proxy_0.7.2-alpha_linux_amd64.tar.gz
wget -q https://github.com/nicocha30/ligolo-ng/releases/download/v0.7.2-alpha/ligolo-ng_agent_0.7.2-alpha_linux_amd64.tar.gz
wget -q https://github.com/nicocha30/ligolo-ng/releases/download/v0.7.2-alpha/ligolo-ng_agent_0.7.2-alpha_windows_amd64.zip
wget -q https://github.com/jpillora/chisel/releases/download/v1.10.0/chisel_1.10.0_windows_amd64.gz
wget -q https://github.com/jpillora/chisel/releases/download/v1.10.0/chisel_1.10.0_linux_amd64.gz
wget -q https://github.com/int0x33/nc.exe/raw/refs/heads/master/nc.exe
wget -q https://github.com/ParrotSec/mimikatz/raw/refs/heads/master/x64/mimikatz.exe
wget -q https://github.com/BloodHoundAD/SharpHound/releases/download/v2.5.7/SharpHound-v2.5.7-debug.zip
wget -q https://github.com/antonioCoco/RunasCs/releases/latest/download/RunasCs.zip
wget -q https://github.com/besimorhino/powercat/raw/refs/heads/master/powercat.ps1
wget -q https://github.com/AlessandroZ/LaZagne/releases/download/v2.4.6/LaZagne.exe
wget -q https://github.com/PowerShellMafia/PowerSploit/raw/refs/heads/master/Recon/PowerView.ps1
wget -q https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker/raw/refs/heads/main/dpipe.sh
wget -q https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits/raw/refs/heads/main/exploit-1.c -O dpipe1.c
wget -q https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits/raw/refs/heads/main/exploit-2.c -O dpipe2.c
wget -q https://github.com/worawit/CVE-2021-3156/raw/refs/heads/main/exploit_nss.py -O sudo_lpe.py
wget -q https://github.com/flozz/p0wny-shell/raw/refs/heads/master/shell.php -O powny.php
wget -q https://github.com/YasserREED/screen-v4.5.0-priv-escalate/raw/refs/heads/main/full-exploit.sh -O screen_remote.sh
wget -q https://github.com/YasserREED/screen-v4.5.0-priv-escalate/raw/refs/heads/main/exploit.sh -O screen_local.sh
wget -q https://github.com/ly4k/PwnKit/raw/refs/heads/main/PwnKit
wget -q https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy64
wget -q https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcp.ps1Burp Extensions
Param Miner
JSON Web Tokens
Active Scan++
Retire.js
Authorize
Turbo Intruder
JS Miner
J2EEScan
Content Type Converter
403 Bypasser
JS Link Finder
Software Vulnerability Scanner
HTTP Request Smuggler
Hackvertor
Logger++
JWT Editor
Bypass WAF
INQL
CO2
Reflected Paramaters
Java Deserialization Scanner
Backslash Powered Scanner
Upload Scanner
Software Version Reporter
SSL Scanner
NoSQLi Scanner
Error Message Checks
CORS
IIS Tilde
Freddy Deserialization Scanner
ExifTool Scanner
UUID Detector
Bloodhound Community
# Bloodhound CE icin bunla tariyoruz
git clone https://github.com/dirkjanm/BloodHound.py.git
cd BloodHound.py
git checkout bloodhound-ce
pyenv local 3.11
pip install .
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "bookworm") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
apt install docker-compose-plugin -y
# Bloodhound CE
wget https://github.com/SpecterOps/bloodhound-cli/releases/latest/download/bloodhound-cli-linux-amd64.tar.gz
tar -xvzf bloodhound-cli-linux-amd64.tar.gz
rm bloodhound-cli-linux-amd64.tar.gz
./bloodhound-cli install
./bloodhound-cli config
./bloodhound-cli containers stop
./bloodhound-cli containers start
./bloodhound-cli containers down
./bloodhound-cli update
# Eğer externaldan erişmek istiyorsak ports kısımını aşağıdaki gibi yap (87.satır)
# - 0.0.0.0:8080:8080
micro docker-compose.yml
#admin:random
http://127.0.0.1:8080/ui/loginTmux + OhMyZSH
cd
git clone https://github.com/gpakosz/.tmux.git
ln -s -f .tmux/.tmux.conf
cp .tmux/.tmux.conf.local .
micro .tmux.conf.local
set -g history-limit 9999999
set -g mouse on
set -gu prefix2
unbind C-a
set -g @plugin 'tmux-plugins/tmux-logging'
set -g @plugin 'tmux-plugins/tmux-copycat'
set -g @plugin 'tmux-plugins/tmux-yank'
tmux kill-server
tmux ls
tmux new -s session1
tmux a -t session1
mouse + y # Kopyalama
CTRL b + d # Ayrılma
CTRL b + w # Listeleme
CTRL b + c # Yeni Windows
ctrl b + m # Mouse mode
CTRL B + - # Yatay Bolme
CTRL B + _ # Dikey Bolme
CTRL B + z # Bolmeye Odaklan
CTRL B + ! # Bolmeyi Pencere Yap
ctrl B + / # Search
ctrl B + alt + shift + pSSH ve RDP Server
Root kullanıcısını ssh ile bağlanabilmemizi sağlar.
micro /etc/ssh/sshd_config
#PermitRootLogin yes
#PasswordAuthentication yes
service ssh restart
service xrdp restartDelete History
rm -f ~/.zsh_history && kill -9 $$Terminator History ve Background
Profiles > Scrolling -> Infinite Scrollback
Profiles > Background -> Solid Color
Last updated
Was this helpful?