–> Root Hub <–

Tryhackme Methodology (WEB orientated)

By the Gray Hatter

Hi everyone im the Gray Hatter and this is my blog.

Cibersecurity, as the same that other disciplines and sciences requires following a list of steps to orientate the investigación in the right way, avoiding false conclusions and making sure every step give you the truth of something real. Thats called Scientific Method. In cibersecurity and in the subgenres that evolves is not exactly the same but is quite similar. You need to start from 0 to 100 doing test that can give to you information progressive. As much that information increase, more test are require.

In pentesting a methodology is a schema that help you orientate the test right following the rules that i said before.

The methodology that i want to present to you was made by me doing labs and ctf in tryhackme.

https://tryhackme.com

Is a very helpfull methodology that can help in a easy/medium machine and even in some hard that requires some enumeration. It work for me and it helped me in so much rabbits hole sitiations.

I will publish it in my methodologies section but with the full content and im only going to post a light schema of it here inviting the readers to visit my page.

Note: the following methodology is still under development, any sugestion is accepted

THM Methodology

Web orientated

1. Port Scanning and Services

1.1 Operative System ID

1.2 nmap Port scanning

1.2.1 nmap [ip] -sS -sV -sC «-A optional»
1.2.2 nmap –script discovery
1.2.3 nmap –script vuln

1.3 Nikto

1.3.1 Nikto -h [ip] -nossl

2.Web Scanning

Note: search for subdomains // DNS // /etc/hosts

2.1 Whatweb // wanalizer (plugin)

2.2 Dirsearch

2.2.1 dirsearch -u (url) -f -e * -r -w ‘wordlist’ [full scan] «see option -x»

2.3 Cmscan // cms Scanner [Maybe requiere manual enumeration]

2.3.1 Wpscan — wps
2.3.2 joomscan — joomla
2.3.3 searchsploit

2.4 User And Passwd enum

2.4.1 cewl
2.5.2 ZAP

2.5 Burpsuite

2.5.1 Multiple exploiting and scanning options.

2.6 Attack vertors Scheme

2.6.1 CherryTree

3. Exploitation

3.1 Payloads

3.1.1 msfvenom
3.1.2 Wordlist payloads
3.1.3 Custom payloads

3.2 Gain remote Shell

3.2.1 netcat
3.2.2 bypass firewalls and rules

3.3 Import pty shell

3.3.1 python – c ‘import pty; pty.spawn («/bin/sh»)’

4. Privilege Escalation [Linux Version]

4.1 Weak Config enumeration (searching root)

4.1.1 Identificate Escalation vectors
  • Horizontal
  • Vertical
4.1.2 linpeas
4.1.3 sudo -l

4.2 Vulnerable versions

4.2.1 exploitdb // github
4.2.2. Kernel exploits(C Compiler)

4.3 Weak file\folders permisions

4.3.1 Binary files
4.3.2 SUIDs
4.3.3 PATHS
4.3.4 Cronjobs

Hey there, thats all my post , see you in the HUB. Have a Good Weekend.

Keep in touch

Deja un comentario

Diseña un sitio como este con WordPress.com
Comenzar