Red-Teamer Diaries: Insights and Techniques for Effective Penetration Testing

Publicly accessible notes about my pentesting/red teaming experiments tested on several controlled environments/infrastructures that involve playing with various tools and techniques used by penetration testers and redteamers during a security assessment.

Contribute

We welcome contributions as github pull requests.
Kudos and thanks for the people who did the hard stuff

Goals

• Pentest/red team cheatsheet that collects snippets of codes and commands to help pentester during an engagement(saving time/fast search for a specific command).
• Understand how the attacks can be performed
• take notes for future reference

Mapping the Network

RunFinger.py

Gather information about the Domain name and windows machine running in the network

bash$ cd /usr/share/Responder/tools
bash$ sudo python RunFinger.py -i 192.168.1.1/24

or

bash$ responder-RunFinger

Nbtscan

Scanning IP networks for NetBIOS name information.

bash$ sudo nbtscan -v -s : 192.168.1.0/24

Crackmapexec v 4.0

Scan the network range based on the SMB information

bash$ cme smb 192.168.1.1/24

Nmap scan

Scan all the machine network and save the outputs .

• -oA options : Means output with all format
• -T4 : Fast scan

Fast Scan

bash$ nmap -p 1-65535 -sV -sS -T4 -oA output target_IP  

Intensive Scan (Note recommended):

bash$ nmap -p 1-65535 -Pn -A -oA output target_IP 

Scan with enumeration of the running services version :

• -sC : default scripts Equivalent to –script=default
• -sV : Get the service version

bash$ nmap -sC -sV -oA output target