Jan 26 2023

Cloud Pentesting Cheatsheet

Category: Cheat Sheet,Cloud computing,Pen TestDISC @ 12:09 pm

Cloud Pentesting for Noobs. An introduction to peneration testing… | by Jon  Helmus | Medium

Checkout our previous posts on Cheat Sheet

InfoSec books | InfoSec tools | InfoSec services

Tags: cheat sheet, Cloud Pentesting


Jan 18 2023

Wireless Penetration Testing Checklist – A Detailed Cheat Sheet

Category: Cheat Sheet,Pen Test,Wi-Fi SecurityDISC @ 4:13 pm

Wireless Penetration testing actively examines the process of Information security Measures which is Placed in WiFi Networks and also analyses the Weakness, technical flows, and Critical wireless Vulnerabilities.

The most important countermeasures we should focus on are Threat  Assessment, Data theft Detection, security control auditing, Risk prevention and Detection, information system Management, and Upgrade infrastructure and a Detailed report should be prepared.What is Wireless Penetration Testing?

Wireless Penetration Testing is aimed to test wireless infrastructure to find vulnerabilities in the network. Testing involves both manual testing techniques and automated scans to simulate a real-world attack and identify risks.Why is wireless penetration testing important?

Usage of Wi-Fi access dramatically increased nowadays, and the quality of Wi-Fi security is in question. By using Wi-Fi access thousands of transaction processing every minute.
If the network is vulnerable it allows hackers to launch various attacks and intercept the data.

Common Wireless Network Vulnerabilities

  • Deployment of Vulnerable WEP Protocol
  • Man-in-the-Middle Attacks
  • Default SSIDs and Passwords
  • Misconfigured Firewalls
  • WPA2 Krack Vulnerability
  • NetSpectre – Remote Spectre Exploit
  • Warshipping
  • Packet Sniffing
  • Warshipping

Wireless Penetration Testing Checklist

Let’s take a detailed look at the Wireless Penetration Testing Checklist and the steps to be followed.

Framework for Wireless Penetration Testing

  1. Discover the Devices connected with  Wireless Networks.
  2. Document all the findings if Wireless Device is Found.
  3. If a wireless Device is found using Wifi Networks, then perform common wifi Attacks and check the devices using WEP Encryption.
  4. If you found WLAN using WEP Encryption then Perform WEP Encryption Pentesting.
  5. Check whether WLAN Using WPA/WPA2 Encryption. If yes then perform WPA/WPA2 pen-testing.
  6. Check Whether WLAN using LEAP Encryption. If yes then perform LEAP Pentesting.
  7. No other Encryption Method was used which I mentioned above, Then Check whether WLAN using unencrypted.
  8. If WLAN is unencrypted then perform common wifi network attacks, check the vulnerability which is placed in the unencrypted method and generate a report.
  9. Before generating a Report make sure no damage has been caused to the pentesting assets.

Wireless Pentesting with WEP Encrypted WLAN

  1. Check the SSID and analyze whether SSID is Visible or Hidden.
  2. Check for networks using WEP encryption.
  3. If you find the SSID as visible mode then try to sniff the traffic and check the packet capturing status.
  4. If the packet has been successfully captured and injected then it’s time to break the WEP  key by using a WiFi cracking tool such as Aircrack-ng, or WEPcrack.
  5. If packets are not reliably captured then sniff the traffic again and capture the Packet.
  6. If you find SSID is the Hidden mode, then do Deauthentication for the target client by using some deauthentication tools such as Commview and Airplay-ng.
  7. Once successfully Authenticated with the client and Discovered the SSID is, then again follow the Above Procedure which is already used for discovering SSID in earlier steps.
  8. Check if the Authentication method used is OPN (Open Authentication) or SKA (Shared Key Authentication). If SKA is used, then bypassing mechanism needs to be performed.
  9. Check if the STA (stations/clients) are connected to AP (Access Point) or not. This information is necessary to perform the attack accordingly.

If clients are connected to the AP, an Interactive packet replay or ARP replay attack needs to be performed to gather IV packets which can be then used to crack the WEP key.

If there’s no client connected to the AP, Fragmentation Attack or Korex Chop Chop attack needs to be performed to generate the keystream which will be further used to reply to ARP packets.

10. Once the WEP key is cracked, try to connect to the network using WPA-supplicant and check if the AP is allotting any IP address or not.”EAPOL handshake“.

Wireless Penetration Testing with WPA/WPA2 Encrypted WLAN

  1. Start and Deauthenticate with WPA/WPA2 Protected WLAN client by using WLAN tools Such as Hotspotter, Airsnarf, Karma, etc.
  2. If the Client is Deaauthenticated, then sniff the traffic and check the status of captured EAPOL Handshake.
  3. If the client is not Deauthenticate then do it again.
  4. Check whether the EAPOL handshake is captured or Not.
  5. Once you captured the EAPOL handshake, then perform a PSK Dictionary attack using coWPAtty, Aircrack-ng to gain confidential information.
  6. Add Time-memory trade-off method (Rainbow tables) also known as WPA-PSK Precomputation attack for cracking WPA/2 passphrase. Genpmk can be used to generate pre-computed hashes.
  7. If it’s Failed then Deauthenticate again and try to capture again and redo the above steps.

LEAP Encrypted WLAN

  1. Check and Confirm whether WLAN is protected by LEAP Encryption or not.
  2. De-authenticate the LEAP Protected Client using tools such as karma, hotspotter, etc.
  3. If the client is De authenticated then break the LEAP Encryption using a tool such as asleapto steal the confidential information
  4. If the process dropped then de-authenticate again

Wireless Penetration Testing with Unencrypted WLAN

  1. Check whether SSID is Visible or not
  2. Sniff for IP range if SSID is visible then check the status of MAC Filtering.
  3. If MAC filtering is enabled then spoof the MAC Address by using tools such as SMAC
  4. Try to connect to AP using IP within the discovered range.
  5. If SSID is hidden then discover the SSID using Aircrack-ng and follow the procedure of visible SSID which I Declared above.

Wireless Penetration Testing

Checkout our previous posts on InfoSec “Cheat Sheet”

InfoSec books | InfoSec tools | InfoSec services

Tags: cheat sheet


Jan 17 2023

Windows PowerShell Cheat Sheet

Powershell

Checkout our previous posts on “PowerShell Security”

More latest Titles on PowerShell…


InfoSec books | InfoSec tools | InfoSec services

Tags: Powershell Security


Jan 16 2023

Most Important Network Penetration Testing Checklist

Category: Cheat Sheet,Network security,Pen TestDISC @ 11:05 am

Network Penetration Testing determines vulnerabilities in the network posture by discovering Open ports, Troubleshooting live systems, services and grabbing system banners.

The pen-testing helps administrator to close unused ports, additional services, Hide or Customize banners, Troubleshooting services and to calibrate firewall rules.You should test in all ways to guarantee there is no security loophole.

Let’s see how we conduct a step by step Network penetration testing by using some famous network scanners.

Network Penetration Testing

1.HOST DISCOVERY

Footprinting is the first and important phase were one gather information about their target system.

DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, CNAME) resolving to the target domain.

  • A – A record is used to point the domain name such as gbhackers.com to the IP address of it’s hosting server.
  •  MX – Records responsible for Email exchange.
  • NS – NS records are to identify DNS servers responsible for the domain.
  • SRV – Records to distinguish the service hosted on specific servers.
  • PTR – Reverse DNS lookup, with the help of IP you can get domain’s associated with it.
  • SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
  • CNAME – Cname record maps a domain name to another domain name.

We can detect live hosts, accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, NESSUS.

Ping&Ping Sweep:

root@kali:~# nmap -sn 192.168.169.128root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IProot@kali:~# nmap -sn 192.168.169.* Wildcardroot@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois Information 

To obtain Whois information and name server of a webisteroot@kali:~# whois testdomain.com

  1. http://whois.domaintools.com/
  2. https://whois.icann.org/en

Traceroute

Network Diagonastic tool that displays route path and transit delay in packetsroot@kali:~# traceroute google.com

Online Tools

  1. http://www.monitis.com/traceroute/
  2. http://ping.eu/traceroute/

2.PORT SCANNING

Perform port scanning using tools such as Nmap, Hping3, Netscan tools, Network monitor. These tools help us to probe a server or host on the target network for open ports.

Open ports are the gateway for attackers to enter in and to install malicious backdoor applications.root@kali:~# nmap –open gbhackers.com             To find all open portsroot@kali:~# nmap -p 80 192.168.169.128           Specific Portroot@kali:~# nmap -p 80-200 192.168.169.128   Range of portsroot@kali:~# nmap -p “*” 192.168.169.128          To scan all ports

Online Tools

  1. http://www.yougetsignal.com/
  2. https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3.Banner Grabbing/OS Fingerprinting

Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, NMAP determines the operating system of the target host and the operating system.

Once you know the version and operating system of the target, we need to find the vulnerabilities and exploit.Try to gain control over the system.root@kali:~# nmap -A 192.168.169.128root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level

IDserve another good tool for Banner Grabbing.

Networkpentesting Flowchart

Online Tools

  1. https://www.netcraft.com/
  2. https://w3dt.net/tools/httprecon
  3. https://www.shodan.io/

4.Scan for Vulnerabilities

Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.

These tools help us in finding vulnerabilities with the target system and operating systems.With this steps, you can find loopholes in the target network system.

GFILanguard

It acts as a security consultant and offers patch Management, Vulnerability assessment, and network auditing services.

Nessus

Nessus a vulnerability scanner tool that searches bug in the software and finds a specific way to violate the security of a software product.

  • Data gathering.
  • Host identification.
  • Port scan.
  • Plug-in selection.
  • Reporting of data.

5.Draw Network Diagrams

Draw a network diagram about the organization that helps you to understand logical connection path to the target host in the network.

The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, Network view.

6.Prepare Proxies

Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.

With proxy servers, we can anonymize web browsing and filter unwanted contents such as ads and many other.

Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide yourself from being caught.

6.Document all Findings

The last and the very important step is to document all the Findings from Penetration testing.

This document will help you in finding potential vulnerabilities in your network. Once you determine the Vulnerabilities you can plan counteractions accordingly.

You can download rules and scope Worksheet here – Rules and Scope sheet 

Thus, penetration testing helps in assessing your network before it gets into real trouble that may cause severe loss in terms of value and finance.

Important Tools used for Network Pentesting

Frameworks

Kali Linux, Backtrack5 R3, Security Onion

Reconnaisance

Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft

Discovery

Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager

Port Scanning

Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap

Enumeration

Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan

Scanning

Nessus, GFI Languard, Retina,SAINT, Nexpose

Password Cracking

Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack

Sniffing

Wireshark, Ettercap, Capsa Network Analyzer

MiTM Attacks

Cain & Abel, Ettercap

Exploitation

 Metasploit, Core ImpactThese are the Most important checklist you should concentrate with Network penetration Testing .

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Checkout our previous posts on Pen Testing…

Contact DISC InfoSec

InfoSec books | InfoSec tools | InfoSec services

Tags: Penetration Testing Checklist


Jan 02 2023

Windows PowerShell Tutorial and Cheat Sheet

PowerShell Cheat Sheet

Powershell : The Complete Ultimate Windows Powershell Beginners Guide. Learn Powershell Scripting In A Day!

Mastering PowerShell Scripting: Automate and manage your environment using PowerShell


Infosec books
 | InfoSec tools | InfoSec services

Tags: Powershell Security


Dec 29 2022

Active Directory Exploitation Cheat Sheet

Category: Cheat Sheet,Windows SecurityDISC @ 12:59 pm

https://ethicalhackersacademy.com/blogs/ethical-hackers-academy/active-directory

Active Directory is a Microsoft service run in the Server that predominantly used to manage various permission and resources around the network, also it performs an authenticates and authorizes all users and computers in a Windows domain type networks.

Recent cyber-attacks are frequently targeting the vulnerable active directory services used in enterprise networks where the organization handling the 1000’s of computers in the single point of control called “Domain controller” which is one of the main targeted services by the APT Hackers.

Though exploiting Active directory is a challenging task, It is certain to activate directory exploitation Cheat Sheet which contains common enumeration and attack methods which including the several following phases to make it simple.

  • Recon
  • Domain Enum
  • Local Privilege Escalation
  • User Hunting
  • Domain Admin Privileges
  • Database Hunting
  • Data Exfiltration
  • Active Directory Exploitation Tools

Reconnaissance

Recon Phase contains various modules, including Port scan that performs the following operations.

PORT SCAN
Import-Module Invoke-Portscan.ps1
<#
Invoke-Portscan -Hosts "websrv.domain.local,wsus.domain.local,apps.domain.local" -TopPorts 50 echo websrv.domain.local | Invoke-Portscan -oG test.gnmap -f -ports "80,443,8080" Invoke-Portscan -Hosts 172.16.0.0/24 -T 4 -TopPorts 25 -oA localnet
#>

AD MODULE WITHOUT RSAT

The secret to being able to run AD enumeration commands from the AD Powershell module on a system without RSAT installed, is the DLL located in C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.ActiveDirectory.Management on a system that has the RSAT installed.

Set up your AD VM, install RSAT, extract the dll and drop it to the target system used to enumerate the active directory.

Import-Module .\Microsoft.ActiveDirectory.Management.dll
Get-Command get-adcom*

Domain Enumeration

DOMAIN

  • Get current domain
Get-NetDomain (PowerView)
Get-ADDomain (ActiveDirectory Module)
  • Get object of another domain
Get-NetDomain -Domain domain.local
Get-ADDomain -Identity domain.local
  • Get domain SID for the current domain
Get-DomainSID
(Get-ADDomain).DomainSID
  • Get domain policy for the current domain
Get-DomainPolicy
(Get-DomainPolicy)."system access"
  • Get domain policy for another domain
(Get-DomainPolicy -domain domain.local)."system access"
  • Get domain controllers for the current domain
Get-NetDomainController
Get-ADDomainController
  • Get domain controllers for another domain
Get-NetDomainController -Domain domain.local
Get-ADDomainController -DomainName domain.local -Discover

NETUSER
More on: To Get a list of users in the current domain





Infosec books | InfoSec tools | InfoSec services






Tags: Active Directory Exploitation Cheat Sheet


Dec 21 2022

VirusTotal INTELLIGENCE CHEAT SHEET

Category: Antivirus,Cheat Sheet,MalwareDISC @ 9:21 am

VirusTotal cheat sheet makes it easy to search for specific results

Opening the Blackbox of VirusTotal, analyzing online phishing scan engines

The Antivirus Hacker’s Handbook

Mastering Malware Analysis

Infosec books | InfoSec tools | InfoSec services

Tags: VirusTotal, VirusTotal INTELLIGENCE CHEAT SHEET


Apr 13 2022

Cross-site scripting (XSS) cheat sheet

Category: Cheat Sheet,Security vulnerabilitiesDISC @ 10:41 am

This cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for every vector.

You can download a PDF version of the XSS cheat sheet.

Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures

Tags: cheat sheet, Cross-site scripting, Cross-Site Scripting Attacks


Jan 13 2022

CPRA Cheat sheet

Download ISO/IEC 27701 2019 Standard and Toolkit

CPRA compliance gap assessment tool 

Tags: CPRA, CPRA Cheat sheet, CPRA compliance gap assessment tool, ISO 27701 2019 Standard and Toolkit


Jan 08 2022

WireShark Cheat Sheet

Category: Cheat Sheet,Network securityDISC @ 11:08 am

Learn Wireshark: Confidently navigate the Wireshark interface and solve real-world networking problems

Tags: WireShark Cheat Sheet


Dec 23 2021

WireShark Cheat sheet

Category: Cheat Sheet,Network securityDISC @ 11:13 am

Tags: wireshark


Dec 13 2021

Hacking tools cheat sheet

Category: Cheat Sheet,Hacking,Security ToolsDISC @ 10:35 am

Tags: Hacking tools cheat sheet


Feb 24 2021

Nmap Cheat Sheet

Category: Cheat Sheet,Network security,Risk AssessmentDISC @ 9:52 am

Nmap Cheat Sheet – Infographic by SANS Institute

Tags: Nmap, Nmap network scanning


Apr 26 2020

Blue Team Cheat Sheets

Category: Blue team,Cheat Sheet,cyber security,HackingDISC @ 3:47 pm

 

Blue Team Cheat Sheets

Open a PDF file The best practice guide for an effective infoSec function.

Cyber Security Fundamentals: What is a Blue team?
httpv://www.youtube.com/watch?v=kHLbmmPBBCg

 



Subscribe to DISC InfoSec blog by Email




Tags: Blue team, Red team


Apr 17 2019

Two-factor authentication: A cheat sheet

Category: 2FA,Cheat SheetDISC @ 10:55 am

A password alone will not protect sensitive information from hackers–two-factor authentication is also necessary. Here’s what security pros and users need to know about two-factor authentication.

Source: Two-factor authentication: A cheat sheet



 Subscribe in a reader




Tags: 2FA, two factor auth


Apr 06 2019

Metasploit Cheat Sheet

Category: Cheat Sheet,Security ToolsDISC @ 4:59 pm

Metasploit Cheat Sheet by TerrorByte


Enter your email address:

Delivered by FeedBurner





Mar 23 2019

Python Cheat Sheets

Category: Cheat Sheet,Hacking,Python,Security ToolsDISC @ 8:59 pm

Beginner’s Python Cheat Sheet

Python Crash Course – Cheat Sheets