EJPTV2 Cheat Sheet by - Yash Mehta
  • Information Gathering & Enumeration
    • Reconnaissance
      • Passive information gathering
      • Active information gathering
    • Enumeration
      • SMTP
      • MySQL Enum
        • Metasploit
        • Mysql tool,Brute force
        • Nmap
      • HTTP Enum
        • random tools
        • Nmap
        • Metasploit
      • SSH Enum
        • Nmap,Login,Hydra
        • Metasploit Modules
        • Metasploit Brute force
      • FTP Enum
        • nmap,hydra,Login
        • Metasploit
      • SMB Enum
        • smbmap
        • nmap
        • smbclient,rpcclient,enum4linux
        • metasploit,hydra
      • SMTP Enum
    • Vulnerability Scanning
      • WMAP(web application vulnerability scanner)
      • Nessus
      • Metasploit
  • Vulnerabilities in services
    • IIS WEBDAV
    • SMB/SAMBA
    • RDP
    • WinRm
    • APACHE
    • FTP
    • SSH
    • HTTP
    • SMTP
    • PHP
    • MySQL
    • Sun Glassfish
    • Workflow platform(Processmaker)
  • Exploitation
    • Windows Exploitation
      • IIS WebDav
        • msfvenom,metasploit
      • SMB
        • Brute force and Login
        • Eternal blue vulnerability
      • RDP
        • Bruteforce and Login
        • Bluekeep
      • WinRm
        • Brute force and Authentication
      • HTTP
        • HttpFileServer httpd 2.3(Rejetto)
        • BadBlue httpd 2.7
      • MySQL
      • Workflow platform(Processmaker)
      • Sun GlassFish
      • CVE-2021-44228 - Apache Log4j
      • Apache Tomcat
    • Linux Exploitation
      • Apache httpd 2.4.7-XODA Vulnerability
      • Sun Glassfish
      • Apache-Shellshock(Bash)
        • Metasploit Exploitation
      • FTP
        • Brute Force
        • ProFTPD 1.3.3c
        • vsftpd 2.3.4 - Backdoor Command Execution
      • SSH
        • Brute Force
        • libssh Authentication Bypass Scanner
      • SAMBA
        • Brute Force
        • Samba smbd 3.X - 4.X (Samba 3.5.0 -RCE)
      • SMTP
        • Brute Force
        • Haraka < 2.8.9 - Remote Command Execution
      • PHP
        • PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection
      • CVE-2021-44228 - Apache Log4j
    • Payloads
      • Encoding Payloads
      • Injecting Payloads into PEs
  • Post Exploitation
    • Privilege Escalation
      • Windows Privilege Escalation
        • Win Kernel Privesc
        • UAC Bypass Akagai64.exe
        • UAC Bypass:Memory Injection
        • PrivescCheck script
        • Access Token
        • Credentials Dumping
      • Linux Privilege Escalation
        • Cron Jobs
        • SUID
        • chkrootkit 0.49
        • Misconfigured Permissions Files
        • Misconfigured SUDO Privileges
        • Credentials Dumping
    • Hash Dumping
      • Windows hash dumping
        • MimiKatz,Kiwi
        • Pass the hash
      • Linux Hash Dumping
      • Crack the Hash
        • Windows Hash cracking
        • Linux Hash Cracking
        • Metasploit
    • Pivoting
    • Transferring Files
    • Meterpreter
      • Commands
      • Shell to Meterpreter
    • Persistence
      • Windows Persistence
        • persistence_service msf module
        • Enabling RDP(msf,admin password change)
        • Enabling RDP & New user
      • Linux Persistence
        • Adding backdoor user
        • SSHkey persistence module
        • Persistence via SSH Keys
        • Cron Jobs
    • Clearing Tracks
      • Windows clearing tracks
      • Linux clearing tracks
    • Local Enumeration
      • Windows Local Enumeration
      • Linux Local Enumeration
  • Web App Pentesting
Powered by GitBook
On this page
  1. Information Gathering & Enumeration

Reconnaissance

Information gathering (Reconnaissance) is the initial stage of any penetration test and one of the most important phase.

  • It involves finding out as much information as possible about a targeted individual, website, company or system.

  • The more information a pentester has on a target, the more successful and easier the latter stages of a pentest will be. It depends on the scope of the penetration test too.

  • E.g.1 - Pentest on a Website: web technology, vulnerabilities, IP address of the hosting server.

  • E.g.2 - Pentest on a public facing assets and some internal systems, there can be more attack vectors:

    • gain access to the internal network through the public facing web server (one access vector)

    • during the info-gathering phase, learn more about the company employees (names, email addresses, credentials), getting this important information (useful for exploitation or initial access) by using phishing attacks, malicious attachments via email (another access vector)

PreviousInformation Gathering & EnumerationNextPassive information gathering

Last updated 1 year ago