mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-15 01:17:36 +00:00
Update pentesting-methodology.md
This commit is contained in:
parent
5d25eafe62
commit
71d928256f
1 changed files with 11 additions and 13 deletions
|
@ -62,17 +62,15 @@ In some scenarios a **Brute-Force** could be useful to **compromise** a **servic
|
||||||
|
|
||||||
## 6- [Phishing](phishing-methodology/)
|
## 6- [Phishing](phishing-methodology/)
|
||||||
|
|
||||||
If at this point you haven't found any interesting vulnerability you **may need to try some phishing** in order to get inside the network. You can read my phishing methodology here:
|
If at this point you haven't found any interesting vulnerability you **may need to try some phishing** in order to get inside the network. You can read my phishing methodology [here](phishing-methodology/):
|
||||||
|
|
||||||
{% page-ref page="phishing-methodology/" %}
|
## **7-** [**Getting Shell**](shells/shells/)
|
||||||
|
|
||||||
## **6-** [**Getting Shell**](shells/shells/)
|
|
||||||
|
|
||||||
Somehow you should have found **some way to execute code** in the victim. Then, [a list of possible tools inside the system that you can use to get a reverse shell would be very useful](shells/shells/).
|
Somehow you should have found **some way to execute code** in the victim. Then, [a list of possible tools inside the system that you can use to get a reverse shell would be very useful](shells/shells/).
|
||||||
|
|
||||||
Specially in Windows you could need some help to **avoid antiviruses**: **\*\*\[**Check this page**\]\(windows/av-bypass.md\)**.\*\*
|
Specially in Windows you could need some help to **avoid antiviruses**: **\*\*\[**Check this page**\]\(windows/av-bypass.md\)**.\*\*
|
||||||
|
|
||||||
## 7- Inside
|
## 8- Inside
|
||||||
|
|
||||||
If you have troubles with the shell, you can find here a small **compilation of the most useful commands** for pentesters:
|
If you have troubles with the shell, you can find here a small **compilation of the most useful commands** for pentesters:
|
||||||
|
|
||||||
|
@ -80,13 +78,13 @@ If you have troubles with the shell, you can find here a small **compilation of
|
||||||
* [**Windows \(CMD\)**](windows/basic-cmd-for-pentesters.md)
|
* [**Windows \(CMD\)**](windows/basic-cmd-for-pentesters.md)
|
||||||
* [**Winodows \(PS\)**](windows/basic-powershell-for-pentesters/)
|
* [**Winodows \(PS\)**](windows/basic-powershell-for-pentesters/)
|
||||||
|
|
||||||
## **8 -** [**Exfiltration**](exfiltration.md)
|
## **9 -** [**Exfiltration**](exfiltration.md)
|
||||||
|
|
||||||
You will probably need to **extract some data from the victim** or even **introduce something** \(like privilege escalation scripts\). **Here you have a** [**post about common tools that you can use with these purposes**](exfiltration.md)**.**
|
You will probably need to **extract some data from the victim** or even **introduce something** \(like privilege escalation scripts\). **Here you have a** [**post about common tools that you can use with these purposes**](exfiltration.md)**.**
|
||||||
|
|
||||||
## **9- Privilege Escalation**
|
## **10- Privilege Escalation**
|
||||||
|
|
||||||
### **9.1- Local Privesc**
|
### **10.1- Local Privesc**
|
||||||
|
|
||||||
If you are **not root/Administrator** inside the box, you should find a way to **escalate privileges.**
|
If you are **not root/Administrator** inside the box, you should find a way to **escalate privileges.**
|
||||||
Here you can find a **guide to escalate privileges locally in** [**Linux**](linux-unix/privilege-escalation/) **and in** [**Windows**](windows/windows-local-privilege-escalation/)**.**
|
Here you can find a **guide to escalate privileges locally in** [**Linux**](linux-unix/privilege-escalation/) **and in** [**Windows**](windows/windows-local-privilege-escalation/)**.**
|
||||||
|
@ -99,25 +97,25 @@ You should also check this pages about how does **Windows work**:
|
||||||
|
|
||||||
**Don't forget to checkout the best tools to enumerate Windows and Linux local Privilege Escalation paths:** [**Suite PEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)
|
**Don't forget to checkout the best tools to enumerate Windows and Linux local Privilege Escalation paths:** [**Suite PEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)
|
||||||
|
|
||||||
### **9.2- Domain Privesc**
|
### **10.2- Domain Privesc**
|
||||||
|
|
||||||
Here you can find a [**methodology explaining the most common actions to enumerate, escalate privileges and persist on an Active Directory**](windows/active-directory-methodology/). Even if this is just a subsection of a section, this process could be **extremely delicate** on a Pentesting/Red Team assignment.
|
Here you can find a [**methodology explaining the most common actions to enumerate, escalate privileges and persist on an Active Directory**](windows/active-directory-methodology/). Even if this is just a subsection of a section, this process could be **extremely delicate** on a Pentesting/Red Team assignment.
|
||||||
|
|
||||||
## 10 - POST
|
## 11 - POST
|
||||||
|
|
||||||
### **10**.1 - Looting
|
### **11**.1 - Looting
|
||||||
|
|
||||||
Check if you can find more **passwords** inside the host or if you have **access to other machines** with the **privileges** of your **user**.
|
Check if you can find more **passwords** inside the host or if you have **access to other machines** with the **privileges** of your **user**.
|
||||||
Find here different ways to [**dump passwords in Windows**](windows/stealing-credentials/).
|
Find here different ways to [**dump passwords in Windows**](windows/stealing-credentials/).
|
||||||
|
|
||||||
### 10.2 - Persistence
|
### 11.2 - Persistence
|
||||||
|
|
||||||
**Use 2 o 3 different types of persistence mechanism so you won't need to exploit the system again.
|
**Use 2 o 3 different types of persistence mechanism so you won't need to exploit the system again.
|
||||||
Here you can find some** [**persistence tricks on active directory**](windows/active-directory-methodology/#persistence)**.**
|
Here you can find some** [**persistence tricks on active directory**](windows/active-directory-methodology/#persistence)**.**
|
||||||
|
|
||||||
TODO: Complete persistence Post in Windows & Linux
|
TODO: Complete persistence Post in Windows & Linux
|
||||||
|
|
||||||
## 11 - Pivoting
|
## 12 - Pivoting
|
||||||
|
|
||||||
With the **gathered credentials** you could have access to other machines, or maybe you need to **discover and scan new hosts** \(start the Pentesting Methodology again\) inside new networks where your victim is connected.
|
With the **gathered credentials** you could have access to other machines, or maybe you need to **discover and scan new hosts** \(start the Pentesting Methodology again\) inside new networks where your victim is connected.
|
||||||
In this case tunnelling could be necessary. Here you can find [**a post talking about tunnelling**](tunneling-and-port-forwarding.md).
|
In this case tunnelling could be necessary. Here you can find [**a post talking about tunnelling**](tunneling-and-port-forwarding.md).
|
||||||
|
|
Loading…
Reference in a new issue