III Hack&Beers

Detección del SO:

> nmap -n -O 10.211.55.57

Factores que determinan la identificación del sistema remoto:

Archivo PDF

TTL:

Kernel: sysctl -w net.ipv4.ip_default_ttl=64

> nmap -n -O 10.211.55.57

Tamaño de ventana

sysctl -w net.ipv4.tcp_rmem="8192 87380 6291456"

sysctl -w net.ipv4.tcp_wmem="8192 16384 4194304"

> nmap -n -O 10.211.55.57

Primer puerto:

Servidor web:

nginx.conf

http {

## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_tokens off; # version number in error pages # server_name_in_redirect off; # if off, nginx will use therequested Host header

# server_names_hash_bucket_size 64; # server_name_in_redirect off;

include /etc/nginx/mime.types; default_type application/octet-stream;

## # Logging Settings ##

access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; …..

apt-get install nginx-extrasmore_set_headers "Server: Microsoft-IIS/7.5";

Wordpress:

Medios de identificación:

Archivo PDF

Herramientas: Plecost

> python plecost.py -nb http://merri_crismas_manue.org/

sites-enabled/wordpress

if ($uri ~ "readme\.|(html|txt)$" ) { return 500; }

if ($uri ~ "readme\.|(html|txt)$" ) { return 301 /; }

Modo enfermizo:

wp-includes/general-template.php

Reset Kernel

sysctl -w net.ipv4.ip_default_ttl=64sysctl -w net.ipv4.ip_local_port_range="32768 61000"sysctl -w net.ipv4.tcp_rmem="4096 87380 6291456"sysctl -w net.ipv4.tcp_wmem="4096 16384 4194304"

Acces Wordpress info:

urlu: manuesoyyop: 10sdk8j2