Network Pentesting Map:

Phase 1: Info Gathering

Phase 2: Scanning & Enumeration

  • Host Discovery:

    • Find Live Hosts :
      • Ping Sweep
      • No Ping
    • Tools :
      • NMAP
      • Hping3

  • Port Scanning:

    • NMAP :
      • TCP Scan:
        • TCP Connect (Active)
        • TCP SYN (Half Open)
      • Protocol Scan
      • UDP Scan
    • NMAP NSE
    • Hping3
    • Fping
    • Wireshark

  • DNS Enumeration:

    • Discover DNS hosts
    • Enumeration DNS records
      • Forward Lookup
      • Reverse Lookup
    • Zone transfer
    • Tools:
      • nslookup
      • dig
      • dnsbruteforce

  • OS Fingerprinting:

    • NMAP NSE
    • NMAP
    • Mestasploit
    • Xprobe

  • Service Detection:

    • NMAP
    • Banner Grabbing
      • Netcat
      • FTP
      • Telnet

  • Idle Scan :

    • Find a Zombie / Trusted Host
    • Start Idle Scan

Phase 3: NetBIOS Enumeration:

  • Goals:
    • Testing NetBIOS and SMB shares
    • Exploit weak passwords
    • Exploit Null session
  • Tasks:
    • Check open ports
    • Enumerate File Shares
    • Check if possible to list files and shares using Null Session
    • Try SMB Brute Force
    • Enumerate Shares and Info
    • Exploit The machine
  • Tools:
    • Enum4Linux
    • Metasploit
    • Nmap
    • SMBClient

Phase 4: SNMP Enumeration

  • Goals:
    • Get a shell
  • Tasks:
    • Scan ports and services
    • Find the community string
    • Gather as much information about the machines (SNMP)
    • Bruteforce the SMB host
    • Get a shell
  • Tools:
    • Nmap
    • Onesixtyone
    • SNUMEnum
    • Metasploit
    • Hydra

Phase 5 : Exploitation

  • Goals:
    • Obtaining a shell

  • Tasks:

    • Run Nessus on the live hosts
    • Detect the vulnerabilities
    • Look for an exploit in Metasploit modules

    • Get the hashes

    • Use PSExec exploit to get access to other machines

  • Tools:

    • Nessus
    • Metasploit

Phase 6 : Post-Exploitation

  • Gather information about the system:

    • System Architecture

    • Account Status

    • Account Persmission

    • Running Services and their permission level

    • Map the network

  • Privilege Escalation:

    • UAC Bypass
    • Exploit service misconfiguration
      • Choosing the right service :
        • Has high privileges:
          • Look for the write permission folders, drives,etc
        • Can run on low privileges
        • Can run on a reboot :
          • Check the booting/ start mode (auto)
        • Can be DOS (service can be crashed by the DOS), to force Windows OS to reboot
    • Pivoting

  • Gather artifacts:

    • Passwords
    • Tokens

  • Tools:

    • Metasplooit
    • Mimikatz
    • Incognito
    • winenum
    • win_piv
    • bypassuac

results matching ""

    No results matching ""