Protected: OSCP Prep

Last Updated on January 25, 2022 by aghanim Table Of ContentsIntro  Proxy Target Definition TASKS  Tasks Tasks Tasks Tasks  Intro   Burp Suite is a framework of web appliccation pentesting tool. It is used to perform web app testing.   To install burp suite follow this guide. https://portswigger.net/burp/documentation/desktop/getting-started  Overview of Features  Proxy – What allows us to funnel traffic through Burp Suite for further analysis  Target – How we set the scope of our project. We can also use this to effectively create a…

Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding SMB Enumerating SMB Exploiting SMB  Understanding SMB  SMB – Server Message Block Protocol – is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.   Servers make file systems and other resources available to clients on the network. Client computers may have their own hard disks, but they also want access to the shared file systems and printers on the servers.   The SMB protocol is known as a…

Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding FTP Enumerating FTP Exploiting FTP  Understanding FTP  What is FTP? File transfer protocol is a protocol used to allow remote transfer of files over a network. It uses a client-server model to do this. It relays command and data in a very efficient way.   How does FTP work?  A typical FTP session operates using two channels:  A command channel   A data channel  The command channel is used for transmitting commands as well as replies to those commands, while the data channel is used for transferring data.  …

Last Updated on January 25, 2022 by aghanim This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Table Of ContentsDirection og Privilege EscalationEnumerationAbusing SUID/GUID FilesFinding SUID BinariesExploiting Wriitable /etc/passwdEscaping Vi EditorExploiting CrontabExploitning…

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsBriefOSINT – SSL/TLS CertificatesSSL/TLS CertificatesOSINT – Search EngineSearch EnginesDNS BruteforceOSINT – Sublist3rAutomation Using Sublist3rVirtual Hosts Brief Subdomain enumeration is the…

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsUsername EnumerationBrute ForceLogical FlawWhat is a Logical Flaw?Logical Flaw ExampleLogic Flaw PracticalCookie TamperingPlain TextHashingEncoding Username Enumeration A helpful exercise to…