Professional Documents
Culture Documents
Infra
Infra
By Null Bhubaneswar
SETTING THE EXPECTATION RIGHT!!!
• https://hackertarget.com/ssl-check/ D
• Sslscan xyz.com D
INITIAL ACCESS
• dvwa-start
• dvwa-stop
TOOLS/TECHNIQUES AND TRADES
• We found a ssh private key but it is passphrase protected. How to solve it?
• Crack it using john
• ssh2john Desktop/id_rsa > id_rsa.hash
• john --wordlist=Desktop/pass.txt id_rsa.hash
• Now login using private key and passphrase.
• What if I am running a command and my ssh session closed. How to solve this
issue? $
TMUX
• Nmap –help
• Check live host: nmap -sn 192.168.0.1/24 (Ping sweep)
• nmap -T4 192.168.0.1 (What will this do?) $
• nmap -T4 -p- 192.168.0.1 (What will this do?) $
• Indepth scan: nmap -T4 -A -p 80,443 192.168.0.1
• In case no TCP open: sudo nmap -sU -sC -Pn --top-ports 20 10.10.10.116
• When ping is blocked: nmap -sT -Pn -p- -n 10.11.1.10
• To find vulnerability: nmap --script vuln -p139,445 10.11.1.227
• In CTF and bugbounty: nmap –sC –sV –Pn 192.168.0.1
1ST BOX
• https://tryhackme.com/r/room/brooklynninenine
2ND BOX
• https://tryhackme.com/r/room/ignite
CTF CHALLENGE
• https://tryhackme.com/r/room/source
• Solve this without Metasploit ($)
• Solve this using burp ($$$)
THINGS TO REMEMBER
• Always note own the source and scope with timing when performing scans.
• Always double check the scope before testing.
• Try to avoid tools like Metasploit.
• Do not trust any exploit code blindly, it might have backdoor.
• Practice more and learn more.
• Free certification: https://itmasters.edu.au/short-courses/pen-testing/
• Free training: https://www.youtube.com/watch?v=fNzpcB7ODxQ
Q/A
osintguy@gmail.com
@TheOsintGuy