Tryhackme:CC: PenTesting(PART-2)

[Section 4 — Hash Cracking]: hashcat:

#command:hashcat -a 3 -m 0 md5.hash ?a?a?a?a?a

#command:hashcat -a 0 -m 900 md4.hash rockyou.txt

[Section 4 — Hash Cracking]: John The Ripper:

command:sudo john — format=RAW-MD5 — wordlist=rockyou.txt md5.txt , john — format=RAW-MD5 md5.txt

command:sudo john — format=RAW-SHA1 — wordlist=rockyou.txt md5.txt , john — format=RAW-SHA1 md5.txt

[Section 5 — SQL Injection]: Intro:

SQL injection is the art of modifying a SQL query so you can get access to the target’s database. This technique is often used to get user’s data such as passwords, emails etc. SQL injection is one of the most common web vulnerabilities, and as such, it is highly worth checking for

Section 5 — SQL Injection]: sqlmap:

Section 5 — SQL Injection]: A Note on Manual SQL Injection:

Occasionally you will be unable to use sqlmap. This can be for a variety of reasons, such as a the target has set up a firewall or a request limit. In this case it is worth knowing how to do basic manual SQL Injection, if only to confirm that there is SQL Injection. A list of ways to check for SQL Injection can be found here.

[Section 5 — SQL Injection]: Vulnerable Web Application:

To demonstrate how to use sqlmap to check for vulnerabilities and dump table data, I will be walking you through an example web app. Deploy the machine and let’s get started!

command:sqlmap -u <target-ip> — forms — level=1 — dbs

[Section 6 — Samba]: Intro:

Most of the pentesting techniques and tools you’ve seen so far can be used on both Windows and Linux. However, one of the things you’ll find most often when pen testing Windows machines is samba, and it is worth making a section dedicated to enumerating it.

[Section 6 — Samba]: smbmap:

[Section 6 — Samba]: smbclient:

[Section 6 — Samba]: A note about impacket:

impacket is a collection of extremely useful windows scripts. It is worth mentioning here, as it has many scripts available that use samba to enumerate and even gain shell access to windows machines. All scripts can be found here.

[Miscellaneous]: A note on privilege escalation:

privilege escalation is such a large topic that it would be impossible to do it proper justice in this type of room. However, it is a necessary topic that must be covered, so rather than making a task with questions, I shall provide you all with some resources.

[Section 7 — Final Exam]: Good Luck :D:

Throughout this course, you have learned many tactics and tools to pentesting. This is where it all gets put to the test, I have put together a beginner level ctf, that contains 2 flags. Good luck and have fun



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics