Tiêu đề ITSafe - Infra .pdf ✅

1 | P a g e Pen Testing Study Notes Based on OSCP Materials and ITSafe Academy by CySource Yarden Suisa ------------------------------------------------------------- All the materials and labs in this file are based on the Infrastructure course from ITSafe academy by CySource and Instructor Shay Alfasi. However, there's more information added by me. Contents Phases Involved Hacking ................................................................................................................................. 2 Hacking Terminology ...................................................................................................................................... 2 Hacking Technologies ..................................................................................................................................... 3 Basic Tools ..................................................................................................................................................... 3 Reverse Shell .................................................................................................................................................. 4 WireShark ....................................................................................................................................................... 5 Reconnaissance Tools ..................................................................................................................................... 5 Port Scanning ................................................................................................................................................. 9 Exploits ......................................................................................................................................................... 14 Brute Force ................................................................................................................................................... 16 Enumeration ................................................................................................................................................. 21 Trojans ......................................................................................................................................................... 25 Web Control ................................................................................................................................................. 27 Shell Code Injection ...................................................................................................................................... 31 Persistency ................................................................................................................................................... 33 File Management .......................................................................................................................................... 33 Port Brute Force ............................................................................................................................................ 37 Web Shell ..................................................................................................................................................... 38 File Inclusion ................................................................................................................................................. 42 CMS .............................................................................................................................................................. 46 File Transferring ........................................................................................................................................... 51 Privilege Escalation - Windows ..................................................................................................................... 57 Privilege Escalation - Linux ........................................................................................................................... 70 Buffer Overflow ............................................................................................................................................ 92 Passwords ................................................................................................................................................... 100 Hashing ....................................................................................................................................................... 101
| P a g e 2 Phases Involved Hacking Phase 1 – Reconnaissance • Passive Reconnaissance – Involves gathering Information regarding a potential target without the target individual's or company's knowledge. • Active Reconnaissance – Involves probing the network to discover individual's host, IP addresses, and services on the network. • With active reconnaissance, there's "noise", a risk of being detected. • Good reconnaissance includes a combination of passive and active together. Phase 2 – Scanning • Involves taking information discover during the recon and using it to examine the network Phase 3 – Gaining Access • This is the phase where the real hacking takes place, Vulnerabilities discovered during the recon and scanning phase are now exploited to gain access. • Gaining access is possible through backdoors, more recon, privilege escalation, and lateral movement. Phase 4 – Maintaining Access • Once an attacker has gained access, they want to keep that access for future exploitation and attacks. • Sometimes hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors. • Phase 5 – Covering Tracks • Once attackers have been able to gain and maintain access to the system, they cover their tracks to avoid detection by security personnel, continue to use the owned system, remove evidence of hacking, or avoid legal action. Hacking Terminology • Threat – A threat is an environment or situation that could lead to a potential breach of security. • Exploit – Exploit a piece of code that takes advantage of a bug or vulnerability to give an attacker some control. o The remote exploit works over a network and exploits security vulnerabilities without any prior access to the vulnerable system. o The local exploit requires prior access to the vulnerable system to increase privileges. • Vulnerability – Vulnerability is an existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing bad or damaging instructions to the system. • Attack – An attack occurs when a system is compromised based on a vulnerability.

| P a g e 4 NetCat – Reverse Shell Scenario • Alice needs help from Bob. However, Alice has no control over the router in her office, and therefore cannot forward traffic from the router to her internal machine. Transferring Files Using NetCat • NetCat can also be used to transfer files, both text, and binary, from one computer to another. • Send a file from the Linux machine to the Windows machine: Port Scan with NetCat • Using NetCat to check if TCP port 445 (the smb service) is open on a Windows machine:
| P a g e 5 WireShark • Learning how to use a network packet sniffer is vital for day-to-day operations. • Wireshark is useful for: o Trying to understand a protocol o Debug a network client o Analyze network traffic Reconnaissance Tools Google Hacking • Using Exploit DB's google dorks to search for all kinds of information. • Link to Exploit Data Base.