Welcome to Ptest Method’s documentation!¶
This Repo will be my knowledge database about Pentesting skills. It has been inspired by https://bitvijays.github.io And some of the content will be the same as a starting point.
Always keep in mind when you have a problem just launch a search over internet about it, 99 % of the time the comunity already sollved this issue.
The Essentials Series¶
The Essentials Series covers the essential concepts/ skills for somebody who wants to enter the field of CyberSecurity.
- CyberSecurity in an Enterprise : IT Technical challenges faced by a company during their transformation from a start-up of two people growing to Micro, Small, Medium-sized, larger size company and their solutions.
- Linux Basics : Essential linux commands and concepts required in the Infosec field.
- Cybersecurity in an Enterprise
- Linux Basics
Infrastructure Pentest Series¶
The Infrastructure Pentest Series cover all the phases of Infrastructure Pentest as described by The Penetration Testing Execution Standard.
- Intelligence Gathering : Technical steps to perform during the information gathering phase of an organization and figuring out the attack-surface area.
- Vulnerability Analysis : Exploring different services running on different ports of a machine by utilizing metasploit-fu, nmap or other tools.
- Exploitation : Enumeration methods that can be used after compromising a domain user credentials and Remote code execution methods after compromising administrative credentials.
- Post Exploitation : Different methods to gather credentials after getting an administrative remote shell. Also, performing post-exploitation to leave high-impact to C-Level executives is also covered in this section.
- Reporting : Open-source ways to automate report writing after a successfull Pentest.
- Configuration Review : Methods to perform configuration review for the switches, routers, firewall and endpoint devices.
- Intelligence Gathering
- Vulnerability Analysis
- FTP - Port 21
- SSH - Port 22
- Telnet - Port 23
- SMTP | Port 25 and Submission Port 587
- DNS - Port 53
- Finger - Port 79
- Kerberos - Port 88
- POP3 - Port 110
- RPCInfo - Port 111
- Ident - Port 113
- NNTP Network News Transfer Protocol
- SNMP - Port 161
- Check Point FireWall-1 Topology - Port 264
- LDAP - Port 389
- SMB - Port 445
- rexec - Port 512
- rlogin - Port 513
- RSH - port 514
- AFP - Apple Filing Protocol - Port 548
- Microsoft Windows RPC Services | Port 135 and Microsoft RPC Services over HTTP | Port 593
- HTTPS - Port 443 and 8443
- RTSP - Port 554 and 8554
- Rsync - Port 873
- Java RMI - Port 1099
- MS-SQL | Port 1433
- Oracle - Port 1521
- NFS - Port 2049
- ISCSI - Port 3260
- SAP Router | Port 3299
- MySQL | Port 3306
- Postgresql - Port 5432
- HPDataProtector RCE - Port 5555
- VNC - Port 5900
- CouchDB - Port 5984
- X11 - Port 6000
- Redis - Port 6379
- AJP Apache JServ Protocol - Port 8009
- PJL - Port 9100
- Apache Cassandra - Port 9160
- Network Data Management Protocol (ndmp) - Port 10000
- Memcache - Port 11211
- MongoDB - Port 27017 and Port 27018
- EthernetIP-TCP-UDP - Port 44818
- UDP BACNet - Port 47808
- Post Exploitation
- Configuration Review
- Wireless Pentesting
The Hardening Series cover all the procedures needed to be more secure.
- Securing Debian : Technical steps to harden Debian systems.
Here you will find the documentation of some tools.
- Metasploit Fundamentals : How to use Metasploit. Forked from metasploit unlished.
- Information Gathering
- Vulnerability Scanning
- Exploit Development
- Client Sides attacks
- MSF Post Exploitation
- Meterpreter Scripting
- Maintaining Access
- MSF Extended Usage
- Post Module Reference
- Auxiliary Module
This blog is purely intended for educational purposes. We do not want anyone to use this information (or any information on this blog) to hack into computers where they do not have permission for or do other illegal things. Therefore we don’t want to be held responsible for the acts of other people who took parts of this document and used it for illegal purposes. If you don’t agree, we kindly ask you to leave this website.