1
00:00:00,270 --> 00:00:04,140
‫Here we have some scripts which are very helpful in penetration tests.

2
00:00:05,190 --> 00:00:10,710
‫The scripts that end with brute perform, brute force password guessing against the name services.

3
00:00:12,000 --> 00:00:16,050
‫The scripts ending with info gets the information about the named services.

4
00:00:17,230 --> 00:00:26,860
‫DNS recursion checks of a DNS server allows queries for third party names, DNS zone transfer request,

5
00:00:26,950 --> 00:00:30,370
‫zone transfer access FR from a DNS server.

6
00:00:31,000 --> 00:00:37,090
‫If the query is successful, all domains and domain types are returned, along with common type specific

7
00:00:37,090 --> 00:00:47,080
‫data as a way, Amex and SPDR or a HTP slow loris check test, a web server for vulnerability to the

8
00:00:47,080 --> 00:00:52,000
‫slow Loris DDoS attack without actually launching a DDoS attack.

9
00:00:52,450 --> 00:01:00,610
‫Ms SQL Info attempts to determine configuration and version information for Microsoft SQL Server instances.

10
00:01:01,180 --> 00:01:01,600
‫Ms.

11
00:01:01,780 --> 00:01:10,000
‫SQL dump hashes dumps the password hashes from an MySQL server in a format suitable for cracking bi

12
00:01:10,000 --> 00:01:17,200
‫tools such as John the River and Beast that attempts to retrieve the target's net bios, names and Mac

13
00:01:17,200 --> 00:01:17,620
‫address.

14
00:01:18,400 --> 00:01:21,970
‫By default, the script displays the name of their computer and the logged in user.

15
00:01:22,570 --> 00:01:27,220
‫If the verbosity is turned up, it displays all the names the system thinks it owns.

16
00:01:27,970 --> 00:01:35,260
‫SMB Enum users attempts to enumerate the users on a remote Windows system with as much information as

17
00:01:35,260 --> 00:01:35,860
‫possible.

18
00:01:36,860 --> 00:01:41,750
‫The goal of this script is to discover all user accounts that exist on a remote system.

19
00:01:42,110 --> 00:01:49,070
‫This can be helpful for administration by seeing who has an account on a server or for penetration testing

20
00:01:49,070 --> 00:01:53,630
‫or network foot printing by determining which accounts exist on a system.

21
00:01:54,550 --> 00:02:02,000
‫SMB Inam shares attempts to list shares finding open shares is useful to a penetration tester because

22
00:02:02,000 --> 00:02:06,290
‫there may be private files shared or if it's readable.

23
00:02:06,530 --> 00:02:11,840
‫It could be a good place to drop a Trojan or who, in fact, a file that's already there.

24
00:02:12,980 --> 00:02:18,620
‫Knowing where the share is could make those kinds of tests more useful, except the determining where

25
00:02:18,620 --> 00:02:22,430
‫the share is requires administrative privileges already.

26
00:02:23,310 --> 00:02:28,160
‫And a penetration test, you should try the pass the hash method to compromise systems.

27
00:02:28,200 --> 00:02:32,640
‫And the last three scripts will be very helpful for your pass the hash attacks.

28
00:02:33,120 --> 00:02:41,400
‫Here you see some useful brute force or dictionary attack scripts for FTP databases such as my sequel

29
00:02:41,490 --> 00:02:44,550
‫Oracle or MSI Equal S&P.

30
00:02:45,740 --> 00:02:47,150
‫Telnet, cetera.