{% hint style="success" %} Hack Responsibly.
Always ensure you have explicit permission to access any computer system before using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here. {% endhint %}
{% hint style="danger" %} Not much here yet...please feel free to contribute at my GitHub page. {% endhint %}
{% embed url="https://attack.mitre.org" %}
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|
The hacking methodology categories align with the enterprise attack tactics in the MITRE ATT&CK matrix. The categories are:
- Initial access - Gaining initial entry to the target network, usually involving password-guessing, exploits, or phishing emails
- Execution - Launching attacker tools and malicious code, including RATs and backdoors
- Persistence - Creating autostart extensibility points (ASEPs) to remain active and survive system restarts
- Privilege escalation - Obtaining higher permission levels for code by running it in the context of a privileged process or account
- Defense evasion - Avoiding security controls by, for example, turning off security apps, deleting implants, and running rootkits
- Credential access - Obtaining valid credentials to extend control over devices and other resources in the network
- Discovery - Gathering information about important devices and resources, such as administrator computers, domain controllers, and file servers
- Lateral movement - Moving between devices in the target network to reach critical resources or gain network persistence
- Collection - Locating and collecting data for exfiltration
- Command and control - Connecting to attacker-controlled network infrastructure to relay data or receive commands
- Exfiltration - Extracting data from the network to an external, attacker-controlled location
-
Log all commands of the current session
script $session_name.log #when finished exit
-
Use Joplin, OneNote, CherryTree or other notetaking program to document findings
-
Set the Target IP Address to the
$ip
system variableexport ip=target_ip
-
Run
nmap -sCV
for all TCP and UDP ports -
For every open port TCP/UDP
- Find service and version
- Find known service bugs
- Find configuration issues
- Do banner grabbing
-
Google/Web-search
- Every unknown service/program
- Every error message
- Every URL path
- Every parameter to find versions/apps/bugs
- Every service version + exploit db
- Every service version + vulnerability
-
searchsploit
every service -
If app has authentication:
- User enumeration
- Password brute force
- Default credentials google search
-
Run nmap vuln scan
-
Run metasploit enum
-
Run metasploit exploits
Proper and thorough enumeration is the key to a successful engagement. Privilege escalation is all about:
- Collecting - Enumeration, more enumeration, and some more enumeration.
- Processing - Sort through data, analyze, and prioritize.
- Searching - Know what to search for and where to find the exploit code.
- Adapting - Customize the exploit so it fits. Not every exploit works for every system "out of the box".
- Trying - Get ready for (lots of) trial and error.
If you like this content and would like to see more, please consider buying me a coffee!