Skip to content

anggrdwjy/basic-pentest

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
img
img
 
 
README.md
README.md
 
 

Repository files navigation

A. Overview Pentest

Information

B. Basic Network

1. Vuln of OSI Layer

Type Vuln Layer Description Example
Host Layer Exploit 7 Application HTTP, TELNET, FTP, SMTP, DNS, DHCP, TFTP, POP, Web Browser, Email Client
Host Layer Phishing 6 Presentation SSL/TLS "enkripsi data", format JPEG, MP3, GIF
Host Layer Hijacking 5 Session Sesi login SSH, NetBIOS, RPC
Host Layer Reconnaissance / Denial-of-Service 4 Transport TCP (menjamin paket yang dikirim sampai tujuan), UDP (tidak menjamin paket yang dikirim sampai tujuan)
Media Layer Man-in-the-Middle 3 Network Router, IP Address, Protocol IPv4/IPv6, ICMP
Media Layer Spoofing 2 Data Link Switch, ARP, Mac Address, Ethernet Frame
Media Layer Snffing 1 Physical Hub, Repeater, Ethernet Cable, Antennas, Network Adapter

2. OSI Layer vs TCP/IP Model

Layer OSI Model TCP/IP Model Example
7 Application Application HTTP, HTTPS, FTP, TFTP, Telnet, SSH, SMTP, SNMP, NTP, DNS, DHCP, NFS, X Window, dan LPD
6 Presentation Application
5 Session Application
4 Transport Transport TCP, UDP
3 Network Internet IPv4, IPv6, ICMP
2 Data Link Network Access MAC, Ethernet, WLAN, NIC
1 Physical Network Access

3. IP Address

  • IP Localhost : 127.0.0.1
  • IP Private : IP address yang digunakan dalam jaringan lokal (LAN)
  • IP Public : IP address yang digunakan untuk berkomunikasi di internet
Class Address Range Description
Class A 1.0.0.0 - 126.255.255.255 128 Jaringan = 16.777.214 host. Setara ISP atau Perusahaan Besar
Class B 128.0.0.0 - 191.255.255.255 16.384 Jaringan = 65.534 host. Setara Universitas atau Perusahan
Class C 192.0.0.0 - 223.255.255.255 2.097.152 Jaringan = 254 host. Setara Jaringan Kecil atau Kantor
Class D 224.0.0.0 - 239.255.255.255 Digunakan untuk multicast
Class E 240.0.0.0 - 255.255.255.255 Eksperimental
Type Address Octet Binary Host
IPv4 (32bit) 192.168.1.1 8bit.8bit.8bit.8bit 11111111.11111111.11111111.00000000 (0-255) 4.3 Milliar alamat IP
IPv6 (128bit) 2001:abcd:1234:0000:0000:1234:eeff:0001 16bit:16bit:16bit:16bit:16bit:16bit:16bit:16bit 10000000000001:1010101111001101:1001000110100:0:0:1001000110100:1110111011111111:1 (0-F) Triliunan alamat IP

4. Port Number

  • Port bekerja pada Transport Layer (Lapisan 4 OSI) Bersama TCP dan UDP
  • Port Number terdiri dari 16bit (0-65535)
  • Example : 192.168.1.1:80 atau 192.168.1.10:443
Type Port Number Description
Well-Known Port 0 - 1023 Port standard untuk layanan umum (HTTP,HTTPS,FTP,SSH)
Registerd Port 1024 - 49151 Port yang didaftarkan untuk aplikasi tertentu
Dynamic/Private Port 49152 - 65535 Digunakan secara dinamis oleh aplikasi atau OS
Port Number Service Name Transport Layer Description
7 Echo TCP, UDP Echo service
20 FTP-data TCP, SCTP File Transfer Protocol data transfer
21 FTP TCP, UDP, SCTP File Transfer Protocol (FTP) control connection
22 SSH-SCP TCP, UDP, SCTP Secure Shell, secure logins, file transfers (scp, sftp), and port forwarding
23 Telnet TCP Telnet protocol—unencrypted text communications
25 SMTP TCP Simple Mail Transfer Protocol, used for email routing between mail servers
53 DNS TCP, UDP Domain Name System name resolver
69 TFTP UDP Trivial File Transfer Protocol
80 HTTP TCP, UDP, SCTP Hypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP
88 Kerberos TCP, UDP Network authentication system
110 POP3 TCP Post Office Protocol, version 3 (POP3)
135 Microsoft EPMAP TCP, UDP Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, used to remotely manage services including DHCP server, DNS server, and WINS. Also used by DCOM
137 NetBIOS-ns TCP, UDP NetBIOS Name Service, used for name registration and resolution
139 NetBIOS-ssn TCP, UDP NetBIOS Session Service
143 IMAP4 TCP, UDP Internet Message Access Protocol (IMAP), management of electronic mail messages on a server
443 HTTP over SSL TCP, UDP, SCTP Hypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP.
464 Kerberos TCP, UDP Kerberos Change/Set password
465 SMTP over TLS/SSL, SSM TCP Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for SSM (Cisco protocol)
587 SMTP TCP Email message submission
636 LDAP over TLS/SSL TCP, UDP
691 MS Exchange TCP MS Exchange Routing
902 VMware Server unofficial VMware ESXi
989 FTP over SSL TCP, UDP FTPS Protocol (data), FTP over TLS/SSL
990 FTP over SSL TCP, UDP FTPS Protocol (control), FTP over TLS/SSL
993 IMAP4 over SSL TCP Internet Message Access Protocol over TLS/SSL (IMAPS)
995 POP3 over SSL TCP, UDP Post Office Protocol 3 over TLS/SSL
1194 OpenVPN TCP, UDP OpenVPN
1589 Cisco VQP TCP, UDP Cisco VLAN Query Protocol (VQP)
2082 cPanel unofficial cPanel default
2083 radsec, cPanel TCP, UDP Secure RADIUS Service (radsec), cPanel default SSL
2967 Symantec AV TCP, UDP Symantec System Center agent (SSC-AGENT)
3306 MySQL TCP MySQL database system
4664 Google Desktop unofficial Google Desktop Search
5432 PostgreSQL TCP PostgreSQL database system
5900 RFB/VNC Server TCP, UDP virtual Network Computing (VNC) Remote Frame Buffer RFB protocol
8222 VMware Server TCP, UDP VMware Server Management User Interface (insecure Web interface).
10000 BackupExec unofficial Webmin, Web-based Unix/Linux system administration tool (default port)
12345 NetBus unofficial NetBus remote administration tool (often Trojan horse).

C. Virtualization

Virtualisasi server, desktop, dan jaringan, yang memungkinkan pengujian berbagai sistem operasi (Windows, Linux, macOS) di satu mesin tanpa mengganggu sistem utama.

  • VMWare Workstation
  • Virtual Box
  • Proxmox (LXC and KVM)
  • Docker (Container)

D. Linux Overview

1. KaliLinux

Linux adalah OS open-source dikembangkaln Linus Torvalds pada tahun 1991 berbasis OS Unix dan dirancang untuk menjadi stabil, aman, dan flexible. Ubuntu (General Uses), Kali, Parrot, Blackbox dan dll (Pentest)

  • Alat Keamanan Terintegrasi
  • Open-Source
  • Dukungan berbagai Arsitektur (Dekstop, Server, dan ARM)

2. Metasploitable (Lab Testing)

OS berbasis Ubuntu yang dikonfigurasi dengan berbagai kerentanan keamanan untuk tujuan pengujian penetrasi dan berbagai keamanan siber.

  • Berbagai Layanan Rentan : SSH, FTP, HTTP, Samba, PostgreSQL, MySQL
  • Eksploitasi dengan Metasploitable Framework : Dirancang untuk diuji menggunakan Metasploit Framework
  • Kerentanan Web : DVWA (Damn Vuln Web App) dan Multilidae yang membantu dalam pengujian serangan web seperti SQL Injection, XSS, dan RFI

3. Setup Lab (Testing on Proxmox)

  • Download metasploitable-linux-2.0.0.zip
wget https://twds.dl.sourceforge.net/project/metasploitable/Metasploitable2/metasploitable-linux-2.0.0.zip?viasf=1
  • Unzip metasploitable-linux-2.0.0
unzip metasploitable-linux-2.0.0.zip
  • Import metasploitable-linux-2.0.0
cd Metasploitable2-Linux/
qm importdisk <qm-id> Metasploitable.vmdk local --format qcow2
  • Running metasploitable-linux-2.0.0

E. Basic Linux Command

Command Example
sudo su (root access)
apt update or sudo apt update (updating OS)
apt install "package" apt install nano -y
ls (list directory) ls -l
pwd (print work directory)
mkdir (make directory) mkdir "folder"
cd (navigate between directory) cd /home/test
cd ..
touch (create multiple files) touch "file.txt"
nano, vi, vim (editor CLI) nano "file.txt"
rm (remove file) rm file.txt
rmdir (remove empty directory) rmdir /directory
rmdir -rf (remove direcoty with files) rmdir -rf /directory
cat (printing content of files) cat file.txt
cp (copy file) cp file.txt /directory
mv (move file) mv file.txt /home/backup/file.txt
mv (rename file) mv file.txt files.log
file (checks file type) TXT, PDF, or other
zip (compresses files ZIP archive) zip file.txt
unzip (extract a compressed file) unzip file.zip
tar (bundles multiple files or directories archive withour compression) tar file.tar
grep (global reqular expression print) ls -l I grep "file.txt"
date (check date localhost)

F. Pentest Overview

Pentest adalah simulasi serangan siber terhadap system, jaringan atau aplikasi (web, apk, apps) untuk mengidentifikasi dan mengevaluasi kerentanannya. Tujuan Pentest, mengidentifikasi mengevaluasi dan mengatasi kerentanan keamanan dalam system, jaringan atau aplikasi sebelum di eksploitasi.

Step Information
Reconnaissance Information Gathering
Scanning Scanning Kerentanan
Exploitation Eksploitasi Kerentanan
Post-Exploitation Access Administrator and Backdoor Shell Installation
Reporting Result Pentesting
Remediation and Retesting Make Sure Patching or Fixing Exploitation

G. Reconnaissance

Mengumpulkan informasi awal tentang target menggunakan teknik passive dan active reconnaissance

1. Passive Reconnaissance

  • Shodan
  • Maltego
  • Google Dorking (Profilling via Internet)

2. Active Reconnaissance

  • NMAP
  • Recon-ng
  • Amass

3. Example

  • Shodan

  • Maltego

  • Google Droking (Profilling via Internet)

  • NMAP

  • Recon-ng

  • Amass

H. Scanning

Melakukan pemindahan terhadap target untuk menentukan layanan terbuka, versi software dan potensi kerentanan

1. Vuln Scanning

  • Nessus
  • OpenVAS
  • Nikto
  • NMAP Vuln Scanning

2. Lab Example

  • Nessus
  • OpenVAS
  • Nikto
  • NMAP Vuln Scanning

I. Exploitation

Mengeksploitasi celah keamanan yang sudah ditemukan pada fase Scanning untuk mendapatkan akses tidak sah ke system

1. Framework Exploitation

  • Metasploit
  • Exploit-DB
  • SQLmap

2. Password Cracking

  • John the Ripper
  • Hashcat

3. Web Exploitation

  • Brup Suite
  • XSS Hunter

4. Lab Example

  • Metasploit
  • Exploit-DB
  • SQLmap
  • John the Ripper
  • Hashcat
  • Brup Suite
  • XSS Hunter

J. Post-Exploitation

1. Privilege Escalation

  • LinPEAS
  • WinPEAS

2. Persistence

  • Empire
  • Mimikatz
  • Metasploit

3. Data Exfiltration

  • Netcat
  • PowerShell Empire

4. Lab Example

  • LinPEAS
  • WinPEAS
  • Empire
  • Mimikatz
  • Metasploit
  • Netcat
  • PowerShell Empire

K. Reporting Overview

Mendokumentasikan temuan secara terstruktur untuk diberikan kepada tim keamanan atau manajemen.

1. Report Writing

  • Dradis
  • Faraday
  • Serpico

2. Sample Pentest Report

  • Document :

L. Remediation

Menindaklanjuti hasil pentest dengan memperbaiki kerentanan yang ditemukan (Scope Disisi End-User)

1. Patch Management

  • Ivanti Patch Management
  • IBM Big Fix
  • Microsoft SCCM

2. Remediation Tracking

  • Jira
  • Trello
  • Service Now

Support

Bugs

Please open an issue on GitHub with as much information as possible if you found a bug.

  • Your Testing and Bug OS
  • All the logs and message outputted
  • etc

About

Basic Penetration Testing of Information Gathering, Scanning, Exploitation, Post-Exploitation, and Reporting

Topics

reporting cybersecurity pentesting post-exploitation fundamentals nessus scanning exploitation kali-linux openvas metasploit-framework metasploitable network-security nmap-scripts reconnaissance

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors