III Hack&Beers
Detección del SO:
> nmap -n -O 10.211.55.57
Factores que determinan la identificación del sistema remoto:
Archivo PDF
TTL:
Kernel: sysctl -w net.ipv4.ip_default_ttl=64
> nmap -n -O 10.211.55.57
Tamaño de ventana
sysctl -w net.ipv4.tcp_rmem="8192 87380 6291456"
sysctl -w net.ipv4.tcp_wmem="8192 16384 4194304"
> nmap -n -O 10.211.55.57
Primer puerto:
Servidor web:
nginx.conf
http {
## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_tokens off; # version number in error pages # server_name_in_redirect off; # if off, nginx will use therequested Host header
# server_names_hash_bucket_size 64; # server_name_in_redirect off;
include /etc/nginx/mime.types; default_type application/octet-stream;
## # Logging Settings ##
access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; …..
apt-get install nginx-extrasmore_set_headers "Server: Microsoft-IIS/7.5";
Wordpress:
Medios de identificación:
Archivo PDF
Herramientas: Plecost
> python plecost.py -nb http://merri_crismas_manue.org/
sites-enabled/wordpress
if ($uri ~ "readme\.|(html|txt)$" ) { return 500; }
if ($uri ~ "readme\.|(html|txt)$" ) { return 301 /; }
Modo enfermizo:
wp-includes/general-template.php
Reset Kernel
sysctl -w net.ipv4.ip_default_ttl=64sysctl -w net.ipv4.ip_local_port_range="32768 61000"sysctl -w net.ipv4.tcp_rmem="4096 87380 6291456"sysctl -w net.ipv4.tcp_wmem="4096 16384 4194304"
Acces Wordpress info:
urlu: manuesoyyop: 10sdk8j2