pentestbook
Introduction
Todo
Random tools
The Basics
Linux
Bash-scripting
Basics of Linux
Vim
Windows
Basics of Windows
PowerShell
PowerShell Scripting
CMD
Scripting With Python
Python Fundamentals
Useful Scripts
Transferring Files
Transfering Files on Linux
Transfering files on Windows
Firewalls
General tips and tricks
Recon and Information Gathering Phase
Passive Information Gatherig
Identify IP-addresses and Subdomains
Identify IP-addresses
Find Subdomains
DNS Basics
Finding subdomains
DNS Zone Transfer Attack
Identifying People
Search Engine Discovery
Identifying Technology Stack
Active Information Gathering
Port Scanning
Active Directory mapping
Vulnerability analysis
Server-side Vulnerabilities
Common ports\/services and how to use them
Port Knocking
HTTP - Web Vulnerabilities
Common Web-services
WAF - Web Application Firewall
Attacking the System
Local File Inclusion
Remote File Inclusion
Hidden Files and Directories
SQL-Injections
Nosql-Injections
XML External Entity Attack
Bypass File Upload Filtering
Exposed Version Control
Failure to Restrict URL Access
Attacking the User
Clickjacking
Broken Authentication or Session Management
Text\/content-injection
Subdomain Takeover
Cross Site Request Forgery
Cross-site-scripting
Examples
DOM-based XSS
Browser Vulnerabilities
Java Applet
Insecure Direct Object Reference (IDOR)
web notes
Automated Vulnerability Scanners
Exploiting
Social Engineering - Phishing
Default Layout of Apache on Different Versions
Shells
Webshell
Generate Shellcode
Editing Exploits
Compiling windows exploits
Post Exploitation
Spawning Shells
Meterpreter for Post-Exploitation
Privilege Escalation - Linux
Privilege Escalation - Windows
Escaping Restricted Shell
Bypassing antivirus
Loot and Enumerate
Loot Windows
Loot Linux
Persistence
Cover your tracks
Password Cracking
Generate Custom Wordlist
Offline Password Cracking
Online Password Cracking
Pass the Hash - Reusing Hashes
Pivoting - Port forwarding - Tunneling
Network traffic analysis
Arp-spoofing
SSL-strip
DNS-spoofing
Wireshark
Wifi
WEP
WPS
WPA
Physical access to machine
Malicious USB drives
Literature
OSCP
Writeups
Vulnhub
Quaoar
Pluck 1
kioptrix 1
kioptrix 2
SANS Holiday Hack 2016
nsm hack
roadmap
Powered by
GitBook
Password Cracking
Password Cracking
Generate wordlists
Offline
Online
Pass the hash
results matching "
"
No results matching "
"