CHECKLIST
Note Taking: Obsidian, notion, GitBook, Joplin, OneNote, notepad++,
Screen Shotting: Greenshot, Snipping Tool, ShareX (GIF/video)
Network Eyewitness, Gowitness, Aquatone (Network)
OSINT
Social: Sherlock, WhatsMyName
Email: phonebook.cz,
External Enumeration
Internal Enumeration
Basic Setup:
☐
ROE Signed?
☐
Scope checked?
☐
Jumpbox ready?
☐
Connection checks
☐
Folders created
☐
Tools installed/updated
☐
Wireshark/tcpdump setup?
☐
Metasploit:
Updated?
☐
Metasploit DB started?
☐
Capturing output of modules?
☐
Set global variables
☐
DNS:
☐
Kerberos Abuse/NTLM:
☐
MS-RPRN RPC:
☐
SMB/SNMP/RPC:
☐
smbclient
☐
Brute-Forcing:
☐
Accounts Sprayed?
☐
Hashes cracked? Mimikatz, John, Hashcat
☐
Usernames/passwords exported to file
☐
Credentials stuffed?
☐
Default credentials checked?
☐
Specific Scans:
☐
Telnet
☐
SSH
☐
FTP
☐
SNMP
☐
Specialized Scans:
☐
☐
Includes Apache Commons
☐
Fuzzers:
☐
☐
Create Lists for:
☐
DC's, Exchange, SQL, FTP, Printers, VOIP, Mail, etc..
☐
Information Disclosures
☐
Post Exploitation/Privesc
Tools:
☐
Permissions/Information:
☐
System
☐
Services
☐
History
☐
Users
☐
Passwords
☐
Network
☐
Writeable Checks:
☐
/dev/shm
☐
/tmp/
☐
/var/tmp/
☐
/var/spool/vbox
☐
/var/spool/samba
☐
hostname | uname -a
cat /proc/version | cat /etc/issue | lscpu
services
ps au | ps aux | grep root
find / -perm -u=s -type f 2>/dev/null #(finds all perms with s)
ls -la /etc/cron.daily/
whoami | id -u (for 0 response) | id -un | logname
/[moomaddafucka]??/b??/[whatever]ho???
ls -la /home/ | ls -l ~/.ssh
cat /etc/passwd | cut -d : -f 1 | cat /etc/shadow | cat /etc/group
history | sudo su -
network: ifconfig | ip a | ip route | arp a | ip neigh | netstat -ano
passwords
grep --color=auto -rnw '/' -ie "PASSWORD=" --color==always 2> /dev/null
locate password | more
find / -name '*yourtstring*'
find / -name authorized_keys
find / -name id_rsa 2> /dev/null
find . -writable (For all files under the current directory that are writable by the current user)
find . ! -writable
find / -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \;
find/ -path /proc -prune -o -type d -perm -o+w 2>/dev/null #find writable dirs
find/ -path /proc -prune -o -type f -perm -o+w 2>/dev/null #find writable files
Last updated