Git Product home page Git Product logo

pentesthandbook's Introduction

PentestHandBook

私人手册 仅供参考(不定时更新)

形而上学

  • 动作越少痕迹越少
  • 渗透过程中不要让目标的机器变卡
  • 数据一定要加密传输
  • 不要在物理机搞渗透
  • 不要用自己家的网搞渗透
  • shell不会无缘无故的掉
  • 使用的工具讲究不卡不慢不弹

信息收集

  • 收集子域名不仅可以暴力跑还可以利用passivetotal来查
  • 从ssl证书中提取域名

Web

  • OWASP top 10仔细研究一下
  • Windows上很多tomcat使用系统权限跑的,iis pool权限一般可以向tomcat的目录写文件,可利用此来进行提权
  • 对于托管的网站可以利用水坑攻击
  • 搞进去一定清除日志
  • Groovy反弹shell
  • Tomcat curl部署war包 curl --upload-file <path to warfile> "http://<tomcat username>:<tomcat password>@<hostname>:<port>/manager/deploy?path=/<context>&update=true"

内网渗透

  • 收集杀软 ip 主机名 MAC地址
  • net use 去猜弱口令是很好用的
  • win10最新的windows defender要杀mimikatz、msf的powershell版的
  • windows自带的ftp可以用来探测端口,wget亦可
  • mimikatz不交互mimikatz.exe "command1" "command2" "exit" >>log.txt
  • windows日志可以使用nsa工具进行删除
  • 一些windows家庭版没有的cmd命令可以用wmic实现
    • 例如query user(wmic netlogin get lastlogon)
  • 利用windows防火墙转发
  • 利用iptables转发
  • 利用ssh转发
  • 系统权限切到其他用户session使用tscon可以不输入密码

后门

  • shift后门可以利用winrar加密码
  • 对于开3389的机器shift后门也很好用,如果觉得动静替换shift动作太大,可以使用影像劫持
  • 不要把远控放在vps上,ssh可以进行端口转发,windows可以使用putty进行转发
  • 开启WinRM也可以作为后门
  • Linux可以用openssh做后门
  • test

pentesthandbook's People

Contributors

acklee avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.