Table of Content

• Pentest
  • Frameworks
  • Phases
  • Pre-engagment
  • Intelligence gathering
    • Tools
    • Google Hacks / dorks
    • Knowledge databases
    • Network scanning
    • Port scanning
    • Ports
  • Reporting
• Training
• Attacks
  • Xmas attack
  • Null attack
  • XSS
  • SQL Injection
  • Buffer overflow
• Data exfiltration
  • ICMP - Internet Control Message Protocol
• Privilege Escalation
  • Windows
  • Linux
• Lexical
• Learning

Pentest

Frameworks

• https://attack.mitre.org/
• https://owasp.org/

Phases

• Pre-engagement
• Interactions
• Intelligence Gathering
• Threat Modeling
• Vulnerability Analysis
• Exploitation
• Post Exploitation
• Reporting

Pre-engagement

Write an agreement (out of prison card)

• Scope
• Timeframe

Separate

• Ransomeware
• DDoS
• Social engineering

Intelligence gathering

Tools

See tools page

Google Hacks / dorks

• camera linksys inurl:main.cgi
• intitle:"toshiba network camera - User login"
• ext:php
• "SquirrelMail vesion 1.4" inurl:src ext:php
• intitle:"Welcome to Windows Small Business Server 2003"
• ext:pwd inurl:(service|authors|administrators|users) "# - Frontpage"
• intitle:"index of /" password.txt

Knowledge databases

• https://www.exploit-db.com/ - Exploit DB
• https://www.mend.io/vulnerability-database/ - Vulns DB
• https://cve.mitre.org/data/refs/refmap/source-OSVDB.html - OSVDB to CVE
• https://www.shodan.io/ - Connected devices

VirtualBox network

MiniServ (Webmin) - 10000, 20000

Go to https://<ip>:10000/

NETBIOS-SSN / SMB - 139, 445

enum4linux -a <ip> >> /kali-share/enum4linux-<ip>.txt

Reporting

https://pentestreports.com/

Training

See the training page

Attacks

Xmas attack

sudo nmap -sX <ip> -p<port>

For UDP use -sU

Null attack

sudo nmap -sN <ip> -p<port>

For UDP use -sU

Lexical

Samba

Search also: smb

Learning

• Offensive Security - Penetrations Testing Bootcamp