Advanced Penetration Testing Notes

XSS

cross-site scripting – reflected – a one time shot where it can be in a malicious URL stored – for example a message board what allows for code to be put into the message and you place the code into your message attacking anyone who [view]

By: sirrush | Related Lesson: WebApp (part 5) Cross Site Scripting XSS | Modified: August 6, 2017

LFI/RFI

being able to see files on the server hosting the webserverLFI local file inclusionRFI remote file inclusion remote you load up a file from another server which could be malicious. [view]

By: sirrush | Related Lesson: WebApp (part 4) File Inclusion | Modified: August 5, 2017

SQlI

SQLI – being able to coax values from a database such as usernames and passwds. LDAP/Xpath injecitons usually you want to check manually remember even if they are using javascript to check if it is valid code it will throw an error with a ̵ [view]

By: sirrush | Related Lesson: WebApp (part 3) SQL Injection | Modified: August 5, 2017

Vuln Web Apps

Use a vulnerable web app there are several VMs for this on vulnhub   Burp Suite/Vega/ZAP A good foundation in understanding the generic coding mistakes . Burp is an intercepting proxy so you can edit and change values before it is forwarded to the t [view]

By: sirrush | Related Lesson: WebApp (part 2) Vulnerable Web Applications | Modified: August 5, 2017

Setting up a domain

domain controller using smbexec tool for smb.  here you can also pass the hash using mimikatz or popping the passwd hash using responder Getting a domain level admin is the main goal of working with windows DC. Although for the initial engagement yo [view]

By: sirrush | Related Lesson: Post Exploitation (part 4) Setting Up a Domain Controller | Modified: August 5, 2017

pivot

Pivotingafter comprimising a machine often it maybe multihomed where in it has two NICs one public facing and the other is for the internal network. So pivoting allows traffic from your machine to the victim and into the network of the target. add th [view]

By: sirrush | Related Lesson: Post Exploitation (part 3) Pivoting | Modified: August 5, 2017

Metasploit (part 3)

1. [view]

By: codeitch | Related Lesson: Metasploit (part 3) Operation | Modified: August 5, 2017

Metasploit (part 2)

1. default port for metasploit => 4444 [view]

By: codeitch | Related Lesson: Metasploit (part 2) Fundamentals | Modified: August 5, 2017

Ping Shell Script

——————————- #!/bin/bash if  [ ’$1 == ””] then echo ”usage : ./ping.sh [network]” echo ”example: ./ping.sh 192.168.1” else for x in seq 1 254 : do p [view]

By: yog_sat | Related Lesson: Programming (part 3) Network Pings | Modified: August 4, 2017

Exploitation direct exploitation

Kali > cadaver http://192.168.1.76/webdav user:wampp pw: zampp dav: /webdav/> put test.txt web> http://192.168.1.76 kali> cd /user/share/webshells/ >ls >cd php >simple-backdoor.php > cadaver http://192.168.1.76/webdav > ser [view]

By: Oishi | Related Lesson: Exploitation (part 1) Direct Exploitation | Modified: August 4, 2017

« First ‹ Previous 1 7 97 105 106 107 108 109 117 207 243 Next › Last »

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel