Full and detailed notes for the eJPT v2 certification!
23 views 0 purchase
Course
EJPT v2
Institution
EJPT V2
Complete collection of orders for eJPT v2 certification!
Prepare effectively for the eJPT v2 exam with this comprehensive collection of essential commands. Ideal for those who want to focus on the practical and technical aspects of certification.
### What you'll get:
- **All commands needed*...
I. Assessment Methodologies : Information Gathering......................................................5
1) Passive information gathering........................................................................................5
2) Active information gathering...........................................................................................6
a) DNS Zone Transfer.................................................................................................. 6
b) Host Discovery with nmap........................................................................................7
c) Port Scanning with nmap......................................................................................... 7
II. Assessment Methodologies : Footprinting & Scanning................................................ 8
1) Network Mapping........................................................................................................... 8
2) Port scanning................................................................................................................. 8
III. Assessment Methodologies : Enumeration................................................................... 9
1) SMB............................................................................................................................... 9
A) SMB Windows Discover and Mount........................................................................ 9
B) Nmap scripts (enumeration)...................................................................................11
C) SmbMap................................................................................................................ 12
D) SMB sur linux : Samba (port 445)......................................................................... 12
E) SMB Dictionary Attack........................................................................................... 13
2) FTP.............................................................................................................................. 14
3) SSH..............................................................................................................................15
a) Enumeration........................................................................................................... 15
b) bruteforce............................................................................................................... 15
4) HTTP reconnaissance..................................................................................................16
5) SQL.............................................................................................................................. 17
A) MySQL database Enumeration..............................................................................17
B) MySql Dictionary attack......................................................................................... 19
C) Microsoft SQL server énumération........................................................................ 19
D) MsSql enum & bruteforce...................................................................................... 20
IV. Assessment Methodologies : Vulnerability Assessment............................................21
V. Host & Network Penetration Testing : System/Host Based Attacks........................... 22
1) Windows vulnerabilities exploitation.............................................................................22
A) Exploiting WebDAV running on a Microsoft IIS server by uploading a webshell... 22
B) Exploiting WebDAV running on a Microsoft IIS server with Metasploit.................. 24
C) Exploiting SMB with PsExec..................................................................................25
D) Exploiting MS17-010 SMB vulnerability.................................................................26
E) Exploiting RDP.......................................................................................................26
F) Exploiting Windows CVE 2019-0708 RDP vulnerability (BlueKeep)......................27
G) Exploiting WinRM with crackmapexec, Evil WinRM, & Msf...................................27
2) Windows privilege escalation....................................................................................... 28
A) Kernel exploitation................................................................................................. 28
B) Bypassing UAC with UACMe.................................................................................29
C) Windows Access token impersonation.................................................................. 31
3) Windows file system Vulnerabilities : Alternate Data Streams..................................... 32
4) Windows Credential Dumping......................................................................................33
A) Searching for passwords in windows configuration files (Unattend.xml)............... 33
, B) Dumping Hashes with Mimikatz.............................................................................35
C) Pass the hash with MSF PsExec module & Crackmapexec................................. 36
5) Linux vulnerabilities exploitation...................................................................................37
A) Exploiting Shellshock CVE-2014-6271.................................................................. 37
B) Exploiting FTP....................................................................................................... 41
C) Exploiting SSH.......................................................................................................42
D) Exploiting SAMBA................................................................................................. 43
6) Linux privilege escalation............................................................................................. 43
B) Exploiting Misconfigured Cron Jobs...................................................................... 45
C) Exploiting SUID Binaries....................................................................................... 46
7) Linux passwords hashes Dumping.............................................................................. 47
VI. Host & Network Penetration Testing : Network Based Attacks..................................49
1) Tshark basics and filters...............................................................................................49
2) ARP Poisoning............................................................................................................. 50
VII. Host & Network Penetration Testing : The Metasploit Framework........................... 51
1) Overview, installation & fundamentals......................................................................... 51
2) Information Gathering & Enumeration..........................................................................55
A) Nmap & MSF......................................................................................................... 55
B) Port scanning with auxiliary modules & Pivoting................................................... 55
C) FTP enumeration & bruteforce.............................................................................. 56
D) SMB Enumeration & bruteforce............................................................................. 57
E) Web server enumeration & bruteforce................................................................... 57
F) MySQL enum & bruteforce.................................................................................... 58
G) SSH Enum & bruteforce........................................................................................ 60
H) SMTP Enum.......................................................................................................... 61
3) Vulnerability Scanning with MSF..................................................................................61
A) Metasploitable 3 manual vulnerability scanning.................................................... 61
B) Nessus with MSF................................................................................................... 63
C) Web Apps vulnerability scanning with WMAP....................................................... 65
4) Client-Side attacks....................................................................................................... 66
A) Generating payloads with Msfvenom & Transferring payload & Setup a listener.. 66
B) Encoding payloads with Msfvenom....................................................................... 67
C) Injecting encoded payloads into Windows Portable Executables..........................67
D) Automating MSF with resource scripts.................................................................. 69
5) Windows Exploitation................................................................................................... 70
A) Exploiting a vulnerable HTTP File server (HFS) : Rejetto..................................... 70
B) Exploiting SMB with Eternal Blue.......................................................................... 70
C) Exploiting WinRM.................................................................................................. 71
D) Exploiting a vulnerable Apache Tomcat Web Server.............................................73
6) Linux Exploitation......................................................................................................... 75
A) Exploiting a vulnerable FTP server (vsftpd) & upgrade shell to meterpreter......... 75
B) Exploiting Samba v3.5.0........................................................................................ 75
C) Exploiting a vulnerable SSH server (libssh V0.6.0 - 0.8.0)....................................76
D) Exploiting a vulnerable SMTP Server.................................................................... 77
, 7) Post exploitation fundamentals.................................................................................... 77
8) Windows post exploitation (privileges escalation, persistence & clearing traces)........80
A) Windows post exploitation modules & Meterpreter commands............................. 80
B) Windows Privilege Escalation : Bypassing UAC....................................................83
C) Windows Privilege Escalation : Token Impersonation with Incognito.................... 84
D) Dumping hashes & clear text passwords with Mimicatz & Kiwi............................. 86
E) Pass the hash with Psexec MSF module via SMB................................................ 87
F) Establishing persistence on Windows....................................................................88
G) Enabling RDP........................................................................................................ 88
H) Windows Keylogging............................................................................................. 89
I) Clearing Windows Event logs................................................................................. 90
J) Pivoting & port forwarding...................................................................................... 90
9) Linux Post exploitation (privileges escalation, dumping hashes & persistence).......... 93
A) Linux post exploitation modules.............................................................................93
B) Linux privileges escalation : Exploiting a vulnerable program (chkrootkit)............ 96
C) Dumping hashes with Hashdump MSF module & other post exploitation modules..
98
D) Establishing persistence on linux.......................................................................... 99
10) Armitage : Port scanning, enumeration, exploitation, post exploitation & pivoting...101
VIII. Host & Network Penetration Testing : Exploitation................................................. 111
1) Vulnerability scanning.................................................................................................111
A) Banner grabbing (SSH target)..............................................................................111
B) Vulnerability scanning with Nmap scripts (HTTP target)...................................... 111
C) Vulnerability scanning with MSF (SMB target).....................................................112
2) Exploits.......................................................................................................................113
A) Searching for publicly available exploits.............................................................. 113
B) Searching for exploits with searchsploit............................................................... 113
C) Fixing exploits...................................................................................................... 114
D) Cross-compiling exploit........................................................................................115
3) Shells..........................................................................................................................117
A) Netcat fundamentals............................................................................................ 117
B) Bind shells with nc................................................................................................119
C) Reverse shells with nc......................................................................................... 120
D) Reverse shell Cheat Sheet..................................................................................120
4) Frameworks............................................................................................................... 122
A) MSF..................................................................................................................... 122
B) Powershell empire............................................................................................... 124
5) Windows exploitation - black box pentest scenario....................................................124
A) Port scanning & enumeration.............................................................................. 124
B) Targeting microsoft IIS FTP................................................................................. 126
C) Targeting OpenSSH.............................................................................................128
D) Targeting SMB..................................................................................................... 128
E) Targeting MySQL database server...................................................................... 130
6) Linux exploitation - black box pentest scenario..........................................................134
, A) Port scanning & enumeration.............................................................................. 134
B) Targeting vs FTPd................................................................................................136
C) Targeting PHP..................................................................................................... 136
D) Targeting SAMBA................................................................................................ 138
7) Obfuscation................................................................................................................ 139
IX. Host & Network Penetration Testing : Post Exploitation.......................................... 141
1) Windows local enumeration....................................................................................... 141
A) Enumerating system information......................................................................... 141
B) Enumerating users and groups............................................................................142
C) Enumerating network information (Important pour pivoting)................................143
D) Enumerating processes and services & scheduled tasks................................... 143
E) Automating windows local enumeration.............................................................. 144
2) Linux local enumeration............................................................................................. 147
A) Enumerating system information......................................................................... 147
B) Enumerating users & groups............................................................................... 147
C) Enumerating network information (pivoting)........................................................ 147
D) Enumerating processes & Cron jobs................................................................... 148
E) Automating linux local enumeration.....................................................................148
3) Transferring files to windows & linux targets.............................................................. 150
A) Setting up a Web server with Python...................................................................150
B) Transferring files to windows targets................................................................... 150
C) Transferring files to linux targets..........................................................................150
4) Upgrading shells........................................................................................................ 150
5) Windows privileges escalation................................................................................... 151
A) Identifying Windows Privilege Escalation Vulnerabilities..................................... 151
B) Windows privileges escalation (Suite du A) > Winlogon).....................................152
6) Linux privileges escalationlation.................................................................................153
A) Weak permissions................................................................................................153
B) SUDO privileges.................................................................................................. 154
7) Persistence................................................................................................................ 154
A) Windows persistence via services....................................................................... 154
B) Windows persistence via RDP with a backdoor user.......................................... 155
C) Linux persistence via SSH keys.......................................................................... 155
D) Linux persistence via Cron Jobs..........................................................................155
8) Dumping & cracking................................................................................................... 156
A) Dumping & cracking Windows NTLM hashes......................................................156
B) Dumping & cracking Linux password hashes...................................................... 157
9) Pivoting & port forwarding.......................................................................................... 158
X. Web Application Penetration Testing : Intro to the Web and HTTP Protocol.......... 159
1) HTTP Method Enumeration with Curl........................................................................ 159
2) Directory enumeration with Gobuster.........................................................................160
3) Scanning web application with Nikto..........................................................................161
4) Attacking HTTP Login Form with Hydra.....................................................................162
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller sambozz. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $27.61. You're not tied to anything after your purchase.
