Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Cyulas/pentest_notes

Pentesting notes
https://github.com/Cyulas/pentest_notes

Last synced: 30 days ago
JSON representation

Pentesting notes

Host: GitHub
URL: https://github.com/Cyulas/pentest_notes
Owner: Cyulas
Created: 2024-08-08T15:36:03.000Z (5 months ago)
Default Branch: main
Last Pushed: 2024-12-09T21:12:09.000Z (about 1 month ago)
Last Synced: 2024-12-09T22:23:16.845Z (about 1 month ago)
Homepage:
Size: 417 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-rainmana - Cyulas/pentest_notes - Pentesting notes (Others)

README

        
# Introduction

An attempt to organize the notes I've taken during my time in working through TryHackMe, HacktheBox, and other CTF content. This is very much a work in progress and no guarantees are made to how accurate this content is. 

This is for educational purposes only and you should never perform any commands, actions, or steps documented here on systems you are not authorized to perform testing on. I have done my utmost to write these notes in my own words from the various training resources, however all credit should go to the content creators of the various rooms. 

- [Introduction](#introduction)

  - [Operating Systems](#operating-systems)

  - [Recon and Enumeration](#recon-and-enumeration)

    - [Passive Recon](#passive-recon)

    - [Active](#active)

    - [Enumeration](#enumeration)

  - [Gaining Access](#gaining-access)

  - [Privilege Escalation](#privilege-escalation)

  - [Persistance and Exfiltration](#persistance-and-exfiltration)

## Operating Systems

Operating System fundamentals involving explanations on the file system, what to read and change permissions, and common commands to run from the commandline.

-  [Linux](/content/Linux.md)

    - [File System](/content/Linux.md/#file-system)

    - [Permissions](/content/Linux.md/#permissions--files)

    - [Common Commands](/content/Linux.md/#common-commands)

-  [Windows](/content/windows.md)

    - [File System](/content/Windows.md/#file-system)

    - [Permissions](/content/Windows.md/#permissions--files)

    - [Common Commands](/content/Windows.md/#common-commands)

## Recon and Enumeration

Reconnaissance consists of both Passive and Active surveillance methods. It is the first phase in the [MITRE ATT&CK Framework](https://attack.mitre.org/#) and Ethical Hacking process.

### Passive Recon

Footprinting method used to collect information about a target without directly interacting with the target. Common methods might be using an intermediary that interacts with the target or already has information about the target. Tools like [Shodan.io](https://www.shodan.io/), [The Wayback Machine](https://web.archive.org/), [WHOIS](who.is), are examples of this.

### Active

Direct interaction with the company and services, such as visiting the company website or social media pages.

### Enumeration

Direct interaction with company resources in an effort to uncover information relavent to discovering vulnerabilities and additional means of gaining access.

- [HOST](/content/tools.md#host) - Host IP and Services Identification.

- [NMAP](/content/tools.md#nmap) - Commonly used tool for port scanning IP addresses and enumerating services / ports.

- [GoBuster](/content/tools.md#gobuster) - Webpage directory enumeration.

- [DNS](/content/enumeration.md#dns)

## Gaining Access

Gain initial access to a system, likely a low level or public user. 

- [Password Cracking](/content/passwordcracking.md#passwordcracking)

- [File Upload Vulnerability](/content/fileuploadvuln.md#fileuploadvuln)

- [SQL Injection](/content/sqlinjection.md#sqlinjection)

## Privilege Escalation

- [Linux](/content/Linux.md/#privilege-escalation)

- [Windows](/content/Windows.md/#privilege-escalation)

## Persistance and Exfiltration