Penetration Testing Workflow

• Create folder structure: mkdir ~/Documents/pentests/{IP} && cd ~/Documents/pentests/{IP} && mkdir scans exploit loot && cd scans

Service Enumeration

Overview

sudo nmap -p0-65535 -Pn -sT -sV --version-all -O --open -oA overview-TCP-all {IP}

sudo nmap --top-ports 25 -Pn -sU -sV --version-all -O --open -oA overview-UDP-top25 {IP}

Get service overview of a individual host or network

Service Enumeration & Locating Public Exploits

Service Enumeration and Locating Public Exploits

Exploitation

Exploitation

To Note:

• OS: “
• Hostname: “
• Users: “

To Try:

• THC-Hydra
• [ ]

Post-Exploitation Enumeration

Post-Exploitation Enumeration

Privilege Escalation

Privilege Escalation

To Note:

To Try:

• [ ]

Proof

• Linux
  • id OR whoami
  • ip a OR /sbin/ifconfig
  • cat /root/proof.txt
  • find / -name network-secret.txt
• Windows
  • whoami
  • whoami /groups
  • C:\Windows\System32\ipconfig.exe /all
  • type C:\Users\Administrator\Desktop\proof.txt
  • where /r c:\ network-secret.txt OR Get-ChildItem -Path C:\ -Filter network-secret.txt -Recurse -ErrorAction SilentlyContinue -Force

Persistence

Persistence

Post-Escalation Enumeration

Post-Escalation Enumeration

Credentials

Pivoting

Pivoting

---

Relevant Note(s):