1
00:00:00,300 --> 00:00:06,750
Here we have some scripts which are very helpful in penetration tests. The scripts that end with “brute”

2
00:00:07,440 --> 00:00:14,270
perform brute-­force password guessing against the named services. Scripts ending with “­info” gets the

3
00:00:14,270 --> 00:00:23,390
information about the named services. "dns­recursion" checks of a DNS server allows queries for third-party

4
00:00:23,390 --> 00:00:23,960
names.

5
00:00:24,020 --> 00:00:30,950
dns­zone­transfer  request zone transfer A(AXFR) from a DNS server.

6
00:00:31,070 --> 00:00:37,100
If the query is successful all domains and domain types are returned along with common type-specific

7
00:00:37,100 --> 00:00:47,420
data (SOA, MX, NS, PTR or A). http­slowloris­check tests a web server for vulnerability to the Slowloris DoS

8
00:00:47,420 --> 00:00:52,290
attack without actually launching a DoS attack.

9
00:00:52,420 --> 00:00:58,960
ms-­sql-­info attempts to determine configuration and version information for Microsoft

10
00:00:59,030 --> 00:01:07,010
SQL Server instances.  ms­sql­dump­hashes dumps the password hashes from an MS-SQL server

11
00:01:07,760 --> 00:01:14,930
in a format suitable for cracking by tools such as John-the-ripper. nbstat attempts to retrieve

12
00:01:14,930 --> 00:01:15,570
the target's

13
00:01:15,560 --> 00:01:18,070
NetBIOS names and MAC address.

14
00:01:18,470 --> 00:01:22,640
By default the script displays the name of the computer and the logged-in user.

15
00:01:22,640 --> 00:01:28,040
If the verbosity is turned up, it displays all the names the system thinks it owns.

16
00:01:28,040 --> 00:01:35,240
smb-­enum-­users attempts to enumerate the users on a remote window system with as much information as

17
00:01:35,240 --> 00:01:36,020
possible.

18
00:01:36,890 --> 00:01:42,130
The goal of this script is to discover all user accounts that exist on a remote system.

19
00:01:42,140 --> 00:01:49,040
This can be helpful for administration by seeing who has an account on a server or for penetration testing

20
00:01:49,130 --> 00:01:56,610
or network foot printing by determining which accounts exist on a system. smbenumshares

21
00:01:56,630 --> 00:02:03,650
attempts to list shares finding open shares is useful to a penetration tester because there may be private

22
00:02:03,650 --> 00:02:10,850
files shared or if it's writable it could be a good place to drop a Trojan or to infect a file that's

23
00:02:10,910 --> 00:02:12,260
already there.

24
00:02:13,020 --> 00:02:18,600
Knowing where the share is could make those kinds of tests more useful except that determining where

25
00:02:18,600 --> 00:02:24,760
the share is requires administrative privileges already in a penetration test.

26
00:02:24,760 --> 00:02:28,230
You should try the pass the hash method to compromise system.

27
00:02:28,300 --> 00:02:33,140
And the last three scripts will be very helpful for your pass the hash attacks.

28
00:02:33,160 --> 00:02:41,380
Here you see some useful brute force or dictionary attack scripts for FTP, Databases such as My SQL,

29
00:02:41,560 --> 00:02:43,660
Oracle, or MS SQL,

30
00:02:43,750 --> 00:02:47,130
SNMP, Telnet etc.