localhost exposed

« Previous | Next »

Path to OSCP - Part 4

https://www.youtube.com/watch?v=i6qC5_6o3Eg

[Note: This and future vlog posts might seem incoherent unless you actually watch the vlog. This text is mostly just additional docs for future reference.]

I have been mostly been thinking about how to do documentation.

Get all tools ready

  • Documentation
    • KeepNote
    • Dropbox Paper
    • Github / Markdown
    • Word w/ Offsec pentest report from start?
  • Excel or some sort of network diagram for recon findings

One of the things I forgot to mention during the video was that I have recently been doing post-assessment for an actual pen-test that I have done previously and found that I had ... misplaced ... some of the exploit/recon code that I had written in C# for the test. Lesson learned: Keep everything organized and do not trust your future self to remember anything. DOCUMENT EVER... ALL THE THINGS!

15720379

 

Starting to learn to think like an attacker, from the OffSec pentest report template:

John added administrator and root level accounts on all systems compromised. In addition to the administrative/root access, a Metasploit meterpreter service was installed on the machine to ensure that additional access could be established.

Pentest standard - http://www.pentest-standard.org/index.php/Main_Page

Windows VulnHub - Scream writeup by RastaMouse

Lessons learned from above:

  • Always do UDP scans also to find rarer services like TFTP
  • How to craft MS-DOS (and other) raw payloads with msfpayload and other tools

OffSec Exam Guide - https://www.offensive-security.com/exams/#!index.md

You can only use Metasploit Auxiliary, Exploit, and Post modules against one target machine of your choice

You can use the following against all of the target machines:
multi handler (aka exploit/multi/handler)
meterpreter
msfpayload & msfencode
msfvenom
T minus 0 days.

 

« Previous | Next »