Knowledge Base for Penetration Testing
Prereq – Have a local Kali instance running and Metasploitable2 for a target. https://hack.technoherder.com/vm-setup-kali-metasploitable2/ Part 1 – Setup Launch both Kali Linux and the Metasploitable2 VM and ensure that they are on the same isolated network. Chech which version of nmap you have installed. The nmap commands have evolved slightly over time. It’s important to […]
Part 1 – Autonomous Systems (AS) Many organizations, such as University of the Pacific, have configured their networks as Autonomous Systems (AS), providing them the ability to use multiple internet service providers and route traffic between them as desired. References: There are many online tools that allow you to look up Autonomous System information for […]
Website enumeration involves discovering resources that the web server is using, as well as the underlying technology that the web server is running on. This information can help you choose more effective vectors to use in an attack, as well as exploit vulnerabilities in specific versions of web server software. You can use several tools […]
Most organizations make files available on the internal network for users to access. This is typically done through the use of network shares, which are directories that can be accessed by using a network sharing protocol. These network shares might hold sensitive files or information that is otherwise useful to the pen test. On most […]
Enumeration Enumeration is the process of using various techniques that query a device or service for information about its configuration and resources. It is a common step in active reconnaissance and crucial to penetration testing. Once you have connected to a host, you can interrogate it for details that will reveal additional attack vectors. The […]
Google dork your targetsite: google.com Also go to the site and click View CertificateGo to DetailsLook for data like subdomains The tool nmap can also be used to search for vulnerabilities Run sublist3r on your target Execute subbrute on your target Enumerate subdomains Run traceroute Execute a dig on your target Check DNS with dnsenum […]
by 