Pen-Testing Comps
Monday, 22 January 2024

+ A few initial steps when attacking a target
- I'm assuming you know the IP
    or you need to do host detection
- Port scan to discover services
- Public exploit search for services
- Web server?
    - Poke around, with and without Burp Suite
        - File upload?
        - Directory traversal? Local/remote file inclusion?
        - SQL injection?
    - directory enumeration (gobuster)
    - subdomain enumeration (gobuster) (not relevant for us, since
        we'll just be using IPs and not domain names this term)
        (although, wait a sec...maybe...I'll think about it)
    - ...
- Password spraying

+ Host detection

    nmap -sn 172.16.41.0/24

+ "Enumeration": port scanning
- I like this for starters:

    nmap -sV -oN OUTPUT_FILE -Pn IP_OF_TARGET

This tests the most common 1000 ports and gives a little
info about them. The "-Pn" is only if you are sure the
computer is there at the IP address you have in hand.

- -p- tests all 2^16 ports, but it's slow

- -sC (in addition to -sV) finds more info about common services

- -Pn