Advanced Penetration Testing Notes

Information Gathering (part 2) Domain Name Services

whois Domain by proxy – pay extra to hide information like registrant name, organisation etc… nslookup for mail server, set type=mx for name server, set type = ns Zone files – zone transfer- all dns information – transfer form [view]

By: lsec0ni | Related Lesson: Information Gathering (part 2) Domain Name Services | Modified: January 18, 2017

Acceso a ftp servers

acceso  [view]

By: rperaltad | Related Lesson: Exploitation (part 5) Using Backdoor to Access an FTP Server | Modified: January 18, 2017

Ataque transversañ

XML con los passwords de FileZilla server a través de ataque de directorio transversal en el campo URL [view]

By: rperaltad | Related Lesson: Exploitation (part 3) Directory Traversal | Modified: January 18, 2017

Injection code

comandos a través de la web   la shell de php [view]

By: rperaltad | Related Lesson: Exploitation (part 2) SQL Commands | Modified: January 18, 2017

servidores web

Ip/WebDAV servicio en un website permite subir archivos (ej wamp)   put test.txt se pueden subir webshells a /usr/share/webshells en php msfvenom is a combination of Msfpayload and Msfencode   bisquedas de exploits msf > search xampp [view]

By: rperaltad | Related Lesson: Exploitation (part 1) Direct Exploitation | Modified: January 18, 2017

Arpspoofing MIM en SSL

arpspoof -I eth0 -t ip_1 ip_2 [view]

By: rperaltad | Related Lesson: Traffic Capture (part 5) ettercap | Modified: January 18, 2017

nmap

You can send requests through nc -sS is unfinished SYN Scan. Opens TCP connection. Some call it stealthy scan. -sT is TCP Connect. -sU is UDP, harder to detect, much slower These should be able to bypass filters { -sN (Null scan) sends no bits -sF (F [view]

By: Keegan Kuhn | Related Lesson: Information Gathering (part 5) NMAP and PortScanning | Modified: January 18, 2017

recon

recon-ng show modules use [module] set source [src] run exit exit   exploit-db.com/ghdb [view]

By: Keegan Kuhn | Related Lesson: Information Gathering (part 4) recon-ng and google operators | Modified: January 18, 2017

info gath i

theharvester maltego shodan.io netcraft.com [view]

By: Keegan Kuhn | Related Lesson: Information Gathering (part 3) Targeting Email and Maltego | Modified: January 18, 2017

Commands

apt-get install (Program)   [view]

By: joycody | Related Lesson: Linux (part 4) chmod, manipulation and packages | Modified: January 17, 2017

« First ‹ Previous 1 89 179 187 188 189 190 191 199 243 Next › Last »

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 334 / December 14, 2019
How do I Get MTA Certified?
Views: 926 / December 12, 2019
How much does your PAM software really cost?
Views: 1379 / December 10, 2019
How Do I Get into Android Development?
Views: 1757 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel