# Fedora Pentesting Checklist The goal of this document is to provide an environment similar to the kali-linux debian-based distribution ## DNF Packages * `sudo dnf update` * `sudo dnf install dig, whois, nmap, hashcat, metasploit-framework, hping3, kismet, aircrack-ng, hydra, docker, docker-compose, VirtualBox, wireshark` ## Third-Party Apps * openvas vulnerability scanner - https://greenbone.github.io/docs/latest/22.4/container/ * Responder (Responder is an LLMNR, NBT-NS and MDNS poisoner) - https://github.com/lgandx/Responder\ * rockyou.txt wordlist - https://gitlab.com/kalilinux/packages/wordlists * metasploit-framework - https://docs.rapid7.com/metasploit/installing-the-metasploit-framework * Metasploitable2 (insecure vm) - https://sourceforge.net/projects/metasploitable/files/Metasploitable2/ * vulnerability sample list - https://docs.rapid7.com/metasploit/metasploitable-2-exploitability-guide * to use hydra with Metasploitable2 update crypto policies * `sudo update-crypto-policies --set LEAGACY` * `sudo reboot` * `hydra -l user -P /usr/share/wordlists/rockyou.txt -t 4 x.x.x.x ssh` * Metasploitable3 - https://github.com/rapid7/metasploitable3 * The Social Engineer Toolkit - https://github.com/trustedsec/social-engineer-toolkit.git * for the `logintrepr.h` no such file error install Anaconda - https://www.anaconda.com/ * `./anaconda3/bin/conda init bash` * close and reopen shell * downgrade to python 3.8 `conda create -n downgrade python=3.8 anaconda` * `conda activate downgrade` * Browser Exploitation Framework - https://github.com/beefproject/beef * OWSAP ZAP Web App Scanner - https://www.zaproxy.org/download/ * Powersploit - https://github.com/PowerShellMafia/PowerSploit * apkx - https://github.com/muellerberndt/apkx * find-sec-bugs - https://github.com/find-sec-bugs/find-sec-bugs ## Pentest Flow 1. dig, host, whois, nmap etc. (recon, scanning) 2. openvas - docker-compose up, http://127.0.0.1:9392 3. scan host and analyze report for vulnerabilities 4. exploit and pivot with metasploit payloads 5. network exploitations, hydra, mitm, wireshark, Responder.py 6. social exploitations - SET, Beef 7. application exploitations - injections, XSS, XSRF attacks, ZAP proxy 8. host vulnerabilities - privilege escalation, sudo, password cracking 9. reporting - https://www.hackthebox.com/storage/press/samplereport/sample-penetration-testing-report-template.pdf ## Exploits * the following Metasploitable3 CVE's below have verified meterpreter shells on Fedora 38 * search for exploit via the msfconsole command `search type:exploit cve:cve-XXXX-XXXX` * set payload with the command `set payload windows/meterpreter/bind_tcp` * target host with `set rhost xxx.xxx.xx.x` * smb payloads require the `smbpass` and `smbuser` options to be set to `vagrant` * CVE list: * CVE-2017-(0143-0148) - SMB * CVE-2015-8249 - Manage Engine Reference: Comptia Pentest Study guide