Home

Ethical Hacking & Penetration Testing

• Week 1:
  • Learned about Passive Recon which is the process of gathering information on an intended target to prepare for an attack without alerting the target. This can be done using resources such as Search engines and databases to find publicly available information, as well as Leaks that target has sustained.
• Week 2:
• Week 3: dns-resolver.sh
• Week 4: Cupcake
• Week 5: Debian-Single-user-mode-Hack Reflection: Most of my own passwords are not guessable as they are randomly generated. Due to random generation I don't use repeat passwords. I keep my passwords as secure as I can but there is always the possibility that some services do not keep our passwords safe. I could improve my password tradecraft by increasing how many characters my passwords contain to make them even more difficult to crack. My password managers and randomized passwords have greatly increased my personal password security.
• Week 6:
• Week 7: PHP Web Server one liner * Making-an-executable-file
• Week 8: Weevely-Lab-8.1 Reverse Shells Lab 8.2
• Week 9: 9.2 Gloin
• Week 10: 10.1 Linux Permission Vulnerabilities 10.2---Exploiting-nancurunir
• Week 11: Metasploit-11.1
• Week 12:
• Week 13:
• Week 14:
• Week 15:

Passive Recon

• The main idea is collecting data using publicly available sources.
• Things to look for when gathering information:
  • Company subdomains
  • Websites
  • Public IP's
  • Leaked Internal IP's
  • Leaked credentials
  • Business phone numbers, and financial information
  • Company social media & Public Employee information
• Internet Search Engines can allow for extensive information gathering without crossing the passive barrier of reconnaissance.
• Potential resources for gathering information include:
  • Shodan
  • Google Queries
  • Kali Linux
  • Whois Database
  • TheHarvester
  • DMitry
  • Maltego
  • Transform Hub

Host Discovery

• Nmap Scanning