Welcome to Ptest Method’s documentation!

This Repo will be my knowledge database about Pentesting skills. It has been inspired by https://bitvijays.github.io And some of the content will be the same as a starting point.

Always keep in mind when you have a problem just launch a search over internet about it, 99 % of the time the comunity already sollved this issue.

The Essentials Series

The Essentials Series covers the essential concepts/ skills for somebody who wants to enter the field of CyberSecurity.

• CyberSecurity in an Enterprise : IT Technical challenges faced by a company during their transformation from a start-up of two people growing to Micro, Small, Medium-sized, larger size company and their solutions.
• Linux Basics : Essential linux commands and concepts required in the Infosec field.

The Essentials

• Cybersecurity in an Enterprise
  • Nomenclature
  • New Company
  • Micro Enterprise
  • Small Enterprise
  • Security Breach 1
  • Medium Enterprise
  • Vulnerability Assessment
  • Security Breach 2
• Linux Basics
  • Vi : Powerful Editor
  • Bash configuration files - For Debian/Ubuntu based Systems
  • System Administration
  • Programming
  • Gathering Information
  • Useful Utilities/ Commands
  • Bash
  • Important Definitions
  • Tips and tricks
  • Practice
  • Interesting Stuff

Infrastructure Pentest Series

The Infrastructure Pentest Series cover all the phases of Infrastructure Pentest as described by The Penetration Testing Execution Standard.

• Intelligence Gathering : Technical steps to perform during the information gathering phase of an organization and figuring out the attack-surface area.
• Vulnerability Analysis : Exploring different services running on different ports of a machine by utilizing metasploit-fu, nmap or other tools.
• Exploitation : Enumeration methods that can be used after compromising a domain user credentials and Remote code execution methods after compromising administrative credentials.
• Post Exploitation : Different methods to gather credentials after getting an administrative remote shell. Also, performing post-exploitation to leave high-impact to C-Level executives is also covered in this section.
• Reporting : Open-source ways to automate report writing after a successfull Pentest.
• Configuration Review : Methods to perform configuration review for the switches, routers, firewall and endpoint devices.

Pentest Stages

• Intelligence Gathering
  • Fingerprinting
  • Passive Fingerprinting:
  • Active Fingerprinting
  • Attack Surface Area - Reconnaissance Tools
  • MyGoTo
• Vulnerability Analysis
  • FTP - Port 21
  • SSH - Port 22
  • Telnet - Port 23
  • SMTP | Port 25 and Submission Port 587
  • DNS - Port 53
  • Finger - Port 79
  • HTTP
  • Kerberos - Port 88
  • POP3 - Port 110
  • RPCInfo - Port 111
  • Ident - Port 113
  • NNTP Network News Transfer Protocol
  • NetBios
  • SNMP - Port 161
  • Check Point FireWall-1 Topology - Port 264
  • LDAP - Port 389
  • SMB - Port 445
  • rexec - Port 512
  • rlogin - Port 513
  • RSH - port 514
  • AFP - Apple Filing Protocol - Port 548
  • Microsoft Windows RPC Services | Port 135 and Microsoft RPC Services over HTTP | Port 593
  • HTTPS - Port 443 and 8443
  • RTSP - Port 554 and 8554
  • Rsync - Port 873
  • Java RMI - Port 1099
  • MS-SQL | Port 1433
  • Oracle - Port 1521
  • NFS - Port 2049
  • ISCSI - Port 3260
  • SAP Router | Port 3299
  • MySQL | Port 3306
  • Postgresql - Port 5432
  • HPDataProtector RCE - Port 5555
  • VNC - Port 5900
  • CouchDB - Port 5984
  • X11 - Port 6000
  • Redis - Port 6379
  • AJP Apache JServ Protocol - Port 8009
  • PJL - Port 9100
  • Apache Cassandra - Port 9160
  • Network Data Management Protocol (ndmp) - Port 10000
  • Memcache - Port 11211
  • MongoDB - Port 27017 and Port 27018
  • EthernetIP-TCP-UDP - Port 44818
  • UDP BACNet - Port 47808
• Exploitation
  • Active Directory Reconnaissance
  • Remote Code Execution Methods
  • Useful Stuff
  • Appendix-I : Interesting Stories
• Post Exploitation
  • Situational awarness
  • Disabling AntiVirus/Firewall
  • Gather Windows Credentials
  • Scaning the network
  • High Impact Exploitation
  • Appendix-I : Windows Credentials
  • Appendix-II Cracking Hashes
  • Appendix-III Interesting Stories
  • Appendix-IV Simple AV-Evading
• Reporting
  • Open-Source Reporting Tools
  • Open-Source Data-Management Tools
• Configuration Review
  • Introduction
  • Cisco Devices
  • Tools
  • End-Point Review
• Wireless Pentesting
  • Basics
  • WEP

Hardening Series

The Hardening Series cover all the procedures needed to be more secure.

• Securing Debian : Technical steps to harden Debian systems.

Hardening

• Securing your Debian
  • Set up a GRUB password
  • Providing secure user access
  • User login actions
  • Log files Permissions
  • Useful packages
  • Kernel Hardening: Sysctl Values
  • Legal Banner
  • Harden compilers
  • Disable drivers

Metasploit Documentation

Here you will find the documentation of some tools.

• Metasploit Fundamentals : How to use Metasploit. Forked from metasploit unlished.

Metasploit Fundamentals

• Fundamentals
  • MsfCli
  • msfconsole
  • Exploits
  • payloads
• Information Gathering
  • Port Scanning
  • Hunting for MSSQL
  • Service Identification
  • Password Sniffing
  • SNMP Sweeping
  • Writing Your Own Security Scanner
  • Windows Patch Enumeration
• Vulnerability Scanning
  • SMB Login Check
  • VNC Authentication
  • WMAP Web Scanner
  • Working with NeXpose
  • Working with Nessus
• Fuzzers
  • Writing a Simple Fuzzer
  • Simple TFTP Fuzzer
  • Simple IMAP Fuzzer
• Exploit Development
  • Goals
  • Exploit Module Format
  • Banner Grabbing : Sample check() Method
  • Exploit Mixins
  • Exploit Targets
  • Exploit Payloads
  • Writing an Exploit
  • Using the Egghunter Mixin
  • Porting Exploits
• Client Sides attacks
  • Binary Payloads
  • Client Side Exploits
  • VBScript Infection Methods
• MSF Post Exploitation
  • Running Powershell scripts
  • Privilege Escalation
  • PSExec Pass the Hash
  • Event Log Management
  • Fun with Incognito
  • Interacting with the Registry
  • Enabling Remote Desktop
  • Packet Sniffing
  • Pivoting
  • TimeStomp
  • Screen Capture
  • Searching for Content
  • John the Ripper
• Meterpreter Scripting
  • Existing Scripts
  • Writing Meterpreter Scripts
  • Custom Scripting
  • Useful API Calls
  • Useful Functions
• Maintaining Access
  • Pivoting to Maintain Access
  • Keylogging
  • Meterpreter Backdoor
  • Persistent Backdoors
• MSF Extended Usage
  • Mimikatz
  • Backdooring EXE Files
  • Karmetasploit
  • MSF vs OS X
  • File-Upload Backdoors
  • File Inclusion Vulnerabilities
  • Web Delivery
• Post Module Reference
  • Windows
  • Linux
  • OS X
  • Multiple OS
• Auxiliary Module

Other Tools

Other Tools

• Pupy
  • Installation
  • Features
  • Implemented Transports
  • Implemented Launchers (not up to date, cf. ./pupygen.py -h)
  • Implemented Modules (not up to date)
  • Build payloads from sources
  • Generate payloads
  • Setting up the server
  • The shell
  • Writing a module
• CrackMapExec
  • General
  • Using Credentials
  • Getting Shells

Obligatory Disclaimer

This blog is purely intended for educational purposes. We do not want anyone to use this information (or any information on this blog) to hack into computers where they do not have permission for or do other illegal things. Therefore we don’t want to be held responsible for the acts of other people who took parts of this document and used it for illegal purposes. If you don’t agree, we kindly ask you to leave this website.

Indices and tables

• Index
• Module Index
• Search Page