for i in $(cat list); do sudo apt install $i -y; done
- Client Risk analysis
- Consider specific risk level for areas of client concern
- design pentest based on client risk areas
- Intel gathering / Perform Reconnaissance
- Scanning and Enumeration
- nmap scan — review findings
- Port 80/443 or Web App Pentesting
- /etc/hosts — run Nikto
- run FFuF or sublist3r
- Broken Access Control
- source code
- Cross Site Scripting (XSS)
- SQL Injection
- review the other open ports/services for potential initial attack vectors
- Port 21 (FTP) login anonymously and download or upload files
- Port 22 (SSH) brute force the credentials and login
- Port 5985 (Windows Remote Management (WinRM) any credentials to use EvilWinRM or crackmapexec
- Gaining access / Exploitation
- Escalation of privilege
- Windows
- Linux(https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist)
- search every directory and cat or type
*.txtfiles - find next attack vector
- additional users
- running processes
- cron jobs
- out of date software
- kernel exploits
- WinPEAS/ LinPEAS
- dump credentials, hashes, or tickets with Mimikatz
- Escalation of privilege
- Maintain access
- Cover tracks and insert backdoors
- document and screenshot
- BloodHound: Displays visual of AD environment
- CrackMapExec: Do Some Research
- Impacket: Great for abusing Windows Network Protocols
- LinPEAS: Displays Lin Priv Esc Vectors
- WinPEAS: Displays Windows Priv Esc Vectors
- PowerView: Allows for enumeration of an AD environment
- PowerUp: Displays Windows Priv Esc Vectors based on system misconfigs
- Mimikatz: Credential Stealer
- Chisel/SSHuttle: Port Forwarding (pivoting)
- hashcat / John : Cracking hashes