pentesting-cookbook

A set of recipes useful in pentesting and red teaming scenarios

Snippets, code samples and hints used in penetration tests stored in a single repository so it can be quickly accessed and searched during the assessments.

Structure

• bin Handy utilities to be run locally
• snippets All things useful to be run remotely, code snippets, examples etc
• Notes.* All sort of helpers, lists and notes not necessarily related to specific service or stage
• Target.Host.OS.* - Things that can be done once foothold is established
• Target.Host.Service.* - Commands useful in enumeration and exploitation of particular service
• Target.Network.* - Commands related to scanning and moving around networks
• Target.Recon.* - Typical recon like DNS enumeration, OSINT etc.

Formatting rules

• If there are more than three levels of hierarchy the file needs to be split.
• Sources (scripts) are located in the snippets directory (referenced by @).
• Conventions:
  • ~ commands
  • @ file references
  • - lists
  • -- comments (above the commented line)
  • OS specific commands:
    • ~$ (Linux, defaults to Bash)
    • ~# (Linux - root required)
    • ~> (Windows)
  • Shell specific commands:
    • ~PS> (Powershell)
• Variables:
  • VAR_ATTACKER_HOST
  • VAR_ATTACKER_PORT
  • VAR_TARGET_DOMAIN
  • VAR_TARGET_HOST
  • VAR_TARGET_PORT
  • VAR_TARGET_CIDR
  • VAR_TARGET_RANGE
  • VAR_TARGET_FILE
  • VAR_USERNAME
  • VAR_PASSWORD
  • VAR_NT_HASH
  • VAR_LM_HASH (blank LM hash: aad3b435b51404eeaad3b435b51404ee)
  • VAR_STRING
  • VAR_INTEGER
  • VAR_HEX
  • VAR_WORDLIST
  • VAR_WORDLIST_* (VAR_WORDLIST_USERNAME, VAR_WORDLIST_PASSWORD etc)
  • VAR_*_HOST (VAR_FTP_HOST, VAR_ZOMBIE_HOST, VAR_PROXY_HOST etc)