100% tevredenheidsgarantie Direct beschikbaar na betaling Zowel online als in PDF Je zit nergens aan vast
logo-home
Eerder door jou gezocht
Eerder door jou gezocht
logo
Notes complètes et détaillées pour la certification eJPT v2 ! €25,00   In winkelwagen
Snel navigeren naar
Voorbeeld
  2.  
  3. EJPT V2
  4.  
  5. EJPT V2
  6.  
  7. EJPT v2

College aantekeningen

Notes complètes et détaillées pour la certification eJPT v2 !
 23 keer bekeken  0 keer verkocht
  • Vak
  • EJPT v2
  • Instelling
  • EJPT V2

Collection complète des commandes pour la certification eJPT v2 ! Préparez-vous efficacement pour l'examen eJPT v2 avec cette collection exhaustive de commandes essentielles. Idéale pour ceux qui veulent se concentrer sur la pratique et les aspects techniques de la certification. ### Ce qu...

[Meer zien]

Voorbeeld 4 van de 164  pagina's

Document informatie

  • 17 juli 2024
  • 164
  • 2023/2024
  • College aantekeningen
  • Ine
  • Alle colleges

Onderwerpen

  • commandes

Geschreven voor

  • EJPT v2
Alle documenten voor dit vak (1)

Verkoper

avatar-seller
sambozz

Voorbeeld van de inhoud

I. Assessment Methodologies : Information Gathering......................................................5
1) Passive information gathering........................................................................................5
2) Active information gathering...........................................................................................6
a) DNS Zone Transfer.................................................................................................. 6
b) Host Discovery with nmap........................................................................................7
c) Port Scanning with nmap......................................................................................... 7
II. Assessment Methodologies : Footprinting & Scanning................................................ 8
1) Network Mapping........................................................................................................... 8
2) Port scanning................................................................................................................. 8
III. Assessment Methodologies : Enumeration................................................................... 9
1) SMB............................................................................................................................... 9
A) SMB Windows Discover and Mount........................................................................ 9
B) Nmap scripts (enumeration)...................................................................................11
C) SmbMap................................................................................................................ 12
D) SMB sur linux : Samba (port 445)......................................................................... 12
E) SMB Dictionary Attack........................................................................................... 13
2) FTP.............................................................................................................................. 14
3) SSH..............................................................................................................................15
a) Enumeration........................................................................................................... 15
b) bruteforce............................................................................................................... 15
4) HTTP reconnaissance..................................................................................................16
5) SQL.............................................................................................................................. 17
A) MySQL database Enumeration..............................................................................17
B) MySql Dictionary attack......................................................................................... 19
C) Microsoft SQL server énumération........................................................................ 19
D) MsSql enum & bruteforce...................................................................................... 20
IV. Assessment Methodologies : Vulnerability Assessment............................................21
V. Host & Network Penetration Testing : System/Host Based Attacks........................... 22
1) Windows vulnerabilities exploitation.............................................................................22
A) Exploiting WebDAV running on a Microsoft IIS server by uploading a webshell... 22
B) Exploiting WebDAV running on a Microsoft IIS server with Metasploit.................. 24
C) Exploiting SMB with PsExec..................................................................................25
D) Exploiting MS17-010 SMB vulnerability.................................................................26
E) Exploiting RDP.......................................................................................................26
F) Exploiting Windows CVE 2019-0708 RDP vulnerability (BlueKeep)......................27
G) Exploiting WinRM with crackmapexec, Evil WinRM, & Msf...................................27
2) Windows privilege escalation....................................................................................... 28
A) Kernel exploitation................................................................................................. 28
B) Bypassing UAC with UACMe.................................................................................29
C) Windows Access token impersonation.................................................................. 31
3) Windows file system Vulnerabilities : Alternate Data Streams..................................... 32
4) Windows Credential Dumping......................................................................................33
A) Searching for passwords in windows configuration files (Unattend.xml)............... 33

, B) Dumping Hashes with Mimikatz.............................................................................35
C) Pass the hash with MSF PsExec module & Crackmapexec................................. 36
5) Linux vulnerabilities exploitation...................................................................................37
A) Exploiting Shellshock CVE-2014-6271.................................................................. 37
B) Exploiting FTP....................................................................................................... 41
C) Exploiting SSH.......................................................................................................42
D) Exploiting SAMBA................................................................................................. 43
6) Linux privilege escalation............................................................................................. 43
B) Exploiting Misconfigured Cron Jobs...................................................................... 45
C) Exploiting SUID Binaries....................................................................................... 46
7) Linux passwords hashes Dumping.............................................................................. 47
VI. Host & Network Penetration Testing : Network Based Attacks..................................49
1) Tshark basics and filters...............................................................................................49
2) ARP Poisoning............................................................................................................. 50
VII. Host & Network Penetration Testing : The Metasploit Framework........................... 51
1) Overview, installation & fundamentals......................................................................... 51
2) Information Gathering & Enumeration..........................................................................55
A) Nmap & MSF......................................................................................................... 55
B) Port scanning with auxiliary modules & Pivoting................................................... 55
C) FTP enumeration & bruteforce.............................................................................. 56
D) SMB Enumeration & bruteforce............................................................................. 57
E) Web server enumeration & bruteforce................................................................... 57
F) MySQL enum & bruteforce.................................................................................... 58
G) SSH Enum & bruteforce........................................................................................ 60
H) SMTP Enum.......................................................................................................... 61
3) Vulnerability Scanning with MSF..................................................................................61
A) Metasploitable 3 manual vulnerability scanning.................................................... 61
B) Nessus with MSF................................................................................................... 63
C) Web Apps vulnerability scanning with WMAP....................................................... 65
4) Client-Side attacks....................................................................................................... 66
A) Generating payloads with Msfvenom & Transferring payload & Setup a listener.. 66
B) Encoding payloads with Msfvenom....................................................................... 67
C) Injecting encoded payloads into Windows Portable Executables..........................67
D) Automating MSF with resource scripts.................................................................. 69
5) Windows Exploitation................................................................................................... 70
A) Exploiting a vulnerable HTTP File server (HFS) : Rejetto..................................... 70
B) Exploiting SMB with Eternal Blue.......................................................................... 70
C) Exploiting WinRM.................................................................................................. 71
D) Exploiting a vulnerable Apache Tomcat Web Server.............................................73
6) Linux Exploitation......................................................................................................... 75
A) Exploiting a vulnerable FTP server (vsftpd) & upgrade shell to meterpreter......... 75
B) Exploiting Samba v3.5.0........................................................................................ 75
C) Exploiting a vulnerable SSH server (libssh V0.6.0 - 0.8.0)....................................76
D) Exploiting a vulnerable SMTP Server.................................................................... 77

, 7) Post exploitation fundamentals.................................................................................... 77
8) Windows post exploitation (privileges escalation, persistence & clearing traces)........80
A) Windows post exploitation modules & Meterpreter commands............................. 80
B) Windows Privilege Escalation : Bypassing UAC....................................................83
C) Windows Privilege Escalation : Token Impersonation with Incognito.................... 84
D) Dumping hashes & clear text passwords with Mimicatz & Kiwi............................. 86
E) Pass the hash with Psexec MSF module via SMB................................................ 87
F) Establishing persistence on Windows....................................................................88
G) Enabling RDP........................................................................................................ 88
H) Windows Keylogging............................................................................................. 89
I) Clearing Windows Event logs................................................................................. 90
J) Pivoting & port forwarding...................................................................................... 90
9) Linux Post exploitation (privileges escalation, dumping hashes & persistence).......... 93
A) Linux post exploitation modules.............................................................................93
B) Linux privileges escalation : Exploiting a vulnerable program (chkrootkit)............ 96
C) Dumping hashes with Hashdump MSF module & other post exploitation modules..
98
D) Establishing persistence on linux.......................................................................... 99
10) Armitage : Port scanning, enumeration, exploitation, post exploitation & pivoting...101
VIII. Host & Network Penetration Testing : Exploitation................................................. 111
1) Vulnerability scanning.................................................................................................111
A) Banner grabbing (SSH target)..............................................................................111
B) Vulnerability scanning with Nmap scripts (HTTP target)...................................... 111
C) Vulnerability scanning with MSF (SMB target).....................................................112
2) Exploits.......................................................................................................................113
A) Searching for publicly available exploits.............................................................. 113
B) Searching for exploits with searchsploit............................................................... 113
C) Fixing exploits...................................................................................................... 114
D) Cross-compiling exploit........................................................................................115
3) Shells..........................................................................................................................117
A) Netcat fundamentals............................................................................................ 117
B) Bind shells with nc................................................................................................119
C) Reverse shells with nc......................................................................................... 120
D) Reverse shell Cheat Sheet..................................................................................120
4) Frameworks............................................................................................................... 122
A) MSF..................................................................................................................... 122
B) Powershell empire............................................................................................... 124
5) Windows exploitation - black box pentest scenario....................................................124
A) Port scanning & enumeration.............................................................................. 124
B) Targeting microsoft IIS FTP................................................................................. 126
C) Targeting OpenSSH.............................................................................................128
D) Targeting SMB..................................................................................................... 128
E) Targeting MySQL database server...................................................................... 130
6) Linux exploitation - black box pentest scenario..........................................................134

, A) Port scanning & enumeration.............................................................................. 134
B) Targeting vs FTPd................................................................................................136
C) Targeting PHP..................................................................................................... 136
D) Targeting SAMBA................................................................................................ 138
7) Obfuscation................................................................................................................ 139
IX. Host & Network Penetration Testing : Post Exploitation.......................................... 141
1) Windows local enumeration....................................................................................... 141
A) Enumerating system information......................................................................... 141
B) Enumerating users and groups............................................................................142
C) Enumerating network information (Important pour pivoting)................................143
D) Enumerating processes and services & scheduled tasks................................... 143
E) Automating windows local enumeration.............................................................. 144
2) Linux local enumeration............................................................................................. 147
A) Enumerating system information......................................................................... 147
B) Enumerating users & groups............................................................................... 147
C) Enumerating network information (pivoting)........................................................ 147
D) Enumerating processes & Cron jobs................................................................... 148
E) Automating linux local enumeration.....................................................................148
3) Transferring files to windows & linux targets.............................................................. 150
A) Setting up a Web server with Python...................................................................150
B) Transferring files to windows targets................................................................... 150
C) Transferring files to linux targets..........................................................................150
4) Upgrading shells........................................................................................................ 150
5) Windows privileges escalation................................................................................... 151
A) Identifying Windows Privilege Escalation Vulnerabilities..................................... 151
B) Windows privileges escalation (Suite du A) > Winlogon).....................................152
6) Linux privileges escalationlation.................................................................................153
A) Weak permissions................................................................................................153
B) SUDO privileges.................................................................................................. 154
7) Persistence................................................................................................................ 154
A) Windows persistence via services....................................................................... 154
B) Windows persistence via RDP with a backdoor user.......................................... 155
C) Linux persistence via SSH keys.......................................................................... 155
D) Linux persistence via Cron Jobs..........................................................................155
8) Dumping & cracking................................................................................................... 156
A) Dumping & cracking Windows NTLM hashes......................................................156
B) Dumping & cracking Linux password hashes...................................................... 157
9) Pivoting & port forwarding.......................................................................................... 158
X. Web Application Penetration Testing : Intro to the Web and HTTP Protocol.......... 159
1) HTTP Method Enumeration with Curl........................................................................ 159
2) Directory enumeration with Gobuster.........................................................................160
3) Scanning web application with Nikto..........................................................................161
4) Attacking HTTP Login Form with Hydra.....................................................................162

Voordelen van het kopen van samenvattingen bij Stuvia op een rij:

√ Verzekerd van kwaliteit door reviews

√ Verzekerd van kwaliteit door reviews

Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!

Snel en makkelijk kopen

Snel en makkelijk kopen

Je betaalt supersnel en eenmalig met iDeal, Bancontact of creditcard voor de samenvatting. Zonder lidmaatschap.

Focus op de essentie

Focus op de essentie

Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!

Veelgestelde vragen

Wat krijg ik als ik dit document koop?

Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.

Tevredenheidsgarantie: hoe werkt dat?

Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.

Van wie koop ik deze samenvatting?

Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper sambozz. Stuvia faciliteert de betaling aan de verkoper.

Zit ik meteen vast aan een abonnement?

Nee, je koopt alleen deze samenvatting voor €25,00. Je zit daarna nergens aan vast.

Is Stuvia te vertrouwen?

4,6 sterren op Google & Trustpilot (+1000 reviews)

Afgelopen 30 dagen zijn er 75323 samenvattingen verkocht

Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen

Start met verkopen
€25,00
  • (0)
  Kopen