Penetration Testing

This page contains notes that I have collected and used for penetration testing.

I am in the process of migrating my personal notes to this directory. My goal is to keep them updated and build them as I complete certifications, CTFs, and client assessments.

Disclaimer: I am a cybersecurity enthusiast and CTF player who aspires to hack professionally. These are my own notes compiled during CTF engagements and cybersecurity certifications. This website (electronicsreference.com) is my playground for all things related to electronics, programming, and hacking. I don’t claim that my notes are the best, and there are (many!) other websites with lots of great notes from people who are much better hackers than I am. However, I do double/triple/quadruple check everything I publish for correctness and try to optimize my notes for clarity. Thanks for being here! Please only use these notes for ethical purposes. Scammers and those out to exploit or harm decent folk are not welcome here. If you have any comments/questions/complaints, please reach out to me at [email protected]

For the sake of organization, I have divided these notes into the following sections and sub-sections:

Pentesting Prerequisites
- IT and networking for hackers
- Using Virtual Machines (VMs)
- Linux for hackers
  - Kali Linux
- Windows for hackers
- Programming and scripting for hackers
  - Bash scripting for hackers
  - Python scripting for hackers
Introduction to Pentesting
- The stages of pentesting: (1) pre-engagement (2) recon, (3) scanning & enumeration, (4) exploitation, (5) post-exploitation (6) reporting (7) remediation
Stage One: Pre-engagement
- Pentesting scope
Stage Two: Recon
- OSINT
- WHOIS enumeration
- DNS Enumeration
- DNS Zone Transfers
- Subdomain enumeration
- Google Dorks
Stage Three: Scanning & enumeration
- Scanning with nmap
- Scanning with metasploit
- Scanning with Nessus
- Enumerating common services:
  - SSH
  - FTP
  - HTTP
  - SMB (Windows)
  - SAMBA (Linux)
Stage Four: Exploitation
- Searching for and exploiting CVEs
- Vulnerability scanning with nmap
- Vulnerability scanning with metasploit
- Working with netcat
- Transferring files to/from Linux systems
- Bind and reverse shells
Stage Five: Post-exploitation
- Linux enumeration: enumerating the system, users, groups, processes & services, and network information.
  - Manual Linux enumeration
  - Automated Linux enumeration
- Windows enumeration: enumerating the system, users, groups, processes, cron jobs, and network information.
  - Manual Windows enumeration
  - Automated Windows enumeration
- Transferring files
  - Using a Python web server
- Transferring files to/from Linux systems
- Transferring files to/from Windows systems
- Upgrading a shell
- Linux Privilege Escalation
  - Exploiting weak privileges
  - Exploiting SUDO privileges
  - Exploiting SUID privileges
  - Cron Jobs
- Windows Privilege escalation
- Dumping and cracking Linux hashes
- Dumping and cracking Windows hashes
- Pivoting
- Linux Persistence
  - Persistence using Cron Jobs
  - Persistence using SSH keys
- Windows Persistence
  - Persistence using services
  - Persistence using RDP
- Clearing your tracks on Linux
- Clearing your tracks on Windows
Stage Six: Reporting
- Writing a good report
- Example reports
Stage Seven: Remediation

How to Get Better at Penetration Testing

The following are my own notes / recommendations for my future self but may work for you, too!

Practice using CTFs like those on TryHackMe
Take your own notes and actively update them
Trying to keep a healthy lifestyle may be more important (in the long run) than your hacking on any specific day
Push yourself hard, but not so hard you stop having fun
Get some certifications
Try some bug bounties
Develop tangential skills: learn programming, computer science, electronic circuits and systems
Try to learn more than you forget
Stay sane and humble because you’re awesome and so is everyone else!

Further Study

Active Directory
Web App Pentesting
Wireless Pentesting