Tryhackme:CC: Pen Testing(PART-1)

A crash course on various topics in penetration testing

[Section 1 — Network Utilities] — nmap:

nmap is one of the most important tools in a pen testers arsenal. It allows a pen tester to see which ports are open, and information about which services are running on those ports. Ergo this task will focus on showing you nmap’s various flags. The beginning questions can be completed by using the nmap man page; The final questions will require you to deploy the machine.


3.How do you do a “ping scan”(just tests if the host(s) is up)?


4.What is the flag for a UDP scan?


5.How do you run default scripts?


6.How do you enable “aggressive mode”(Enables OS detection, version detection, script scanning, and traceroute)


7.What flag enables OS detection


8.How do you get the versions of services running on the target machine


9.Deploy the machine


11.What service is running on the machine?

[Section 1 — Network Utilities] — Netcat:

Netcat aka nc is an extremely versatile tool. It allows users to connect to specific ports and send and receive data. It also allows machines to receive data and connections on specific ports, which makes nc a very popular tool to gain a Reverse Shell.


2.How do you enable verbose mode(allows you to see who connected to you)?


3.How do you specify a port to listen on


4.How do you specify which program to execute after you connect to a host(One of the most infamous)?


5.How do you connect to udp ports


[Section 2 — Web Enumeration] — gobuster:

One of the main problems of web penetration testing is not knowing where anything is. Basic reconnaissance can tell you where some files and directories are; however, some of the more hidden stuff is often hidden away from the eyes of users. This is where gobuster comes in, the idea behind gobuster is that it tries to find valid directories from a wordlist of possible directories. gobuster can also be used to valid subdomains using the same method.

[Section 2 — Web Enumeration] — nikto:

nikto is a popular web scanning tool that allows users to find common web vulnerabilities. It is commonly used to check for common CVE’s such as shellshock, and to get general information about the web server that you’re enumerating.

[Section 3 — Metasploit]: Intro:

[Section 3 Metasploit]: Setting Up:

Once you have installed metasploit through either the installer or your distributions repos, you will have many new commands available to you. This section will primarily focus on the msfconsole command.

[Section 3 — Metasploit]: — Selecting a module:

Once you have found the module for the specific machine that you want to exploit, you need to select it and set the proper options. This task will take you through selecting and setting options for one of the most popular metasploit modules “eternalblue”. All basic commands that could be run before selecting a module can also be done while a module is selected.

[Section 3 — Metasploit]: meterpreter:

[Section 3 — Metasploit]: Final Walkthrough:

It’s time to put all the other metasploit tasks together and test them on an example machine. This machine is currently vulnerable to the metasploit module exploit/multi/http/nostromo_code_execon port 80, and this task will take you through the process of exploiting it and gaining a shell on the machine.

Section 4 — Hash Cracking]: Intro:

Often times during a pen test, you will gain access to a database. When you investigate the database you will often find a users table, which contains usernames and often hashed passwords. It is often necessary to know how to crack hashed passwords to gain authentication to a website(or if you’re lucky a hashed password may work for ssh!).

[Section 4 — Hash Cracking]: Salting and Formatting:

No matter what tool you use, virtually all of them have the exact same format. A file with the hash(s) in it with each hash being separated by a newline.

CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics