CHECKLIST

Last updated 1 year ago

CHECKLIST

A working/living curated checklist that can be modified as needed for various penetration testing engagements. Please feel free to build, modify and edit this list as you like.

Note taking: , , , , , Screen shots: , , (GIF/video creation) Network Screenshots: , ,

PROJECT LINKS: DATE RANGE: January 1st 2024 - January 8th, 2024 EXTRA NOTES:

Passive Enumeration

Task Completion

Websites:

☐

DNS:

☐

OSINT

Task Completion

Social Media Checks:

☐

Cross-Platform Checks:

☐

Email:

☐

Google Dorks:

info:

☐

define:

☐

insite:

☐

inurl

☐

filetype:

☐

Breaches & Business:

☐

Images:

☐

External Enumeration

Task Completion

Major scanners:

☐

Directory Searches:

☐

Web:

☐

WAF:

☐

Scans:

☐

Do initial scans require further testing?

☐

Scans exported

☐

VAPT created/modified

☐

Draft report created

☐

Report reviewed

☐

Screenshots and Notes Included?

☐

Internal Enumeration

Task Completion

Basic Setup:

☐

ROE Signed?

☐

Scope checked?

☐

Jumpbox ready?

☐

Connection checks

☐

Folders created

☐

Tools installed/updated

☐

Wireshark/tcpdump setup?

☐

Metasploit:

Updated?

☐

Metasploit DB started?

☐

Capturing output of modules?

☐

Set global variables

☐

DNS:

☐

Kerberos Abuse/NTLM:

☐

MS-RPRN RPC:

☐

SMB/SNMP/RPC:

☐

smbclient

☐

Brute-Forcing:

☐

Accounts Sprayed?

☐

Hashes cracked? Mimikatz, John, Hashcat

☐

Usernames/passwords exported to file

☐

Credentials stuffed?

☐

Default credentials checked?

☐

Specific Scans:

☐

Telnet

☐

SSH

☐

FTP

☐

SNMP

☐

Specialized Scans:

☐

Includes Apache Commons

☐

Fuzzers:

☐

Create Lists for:

☐

DC's, Exchange, SQL, FTP, Printers, VOIP, Mail, etc..

☐

Information Disclosures

☐

Post Exploitation/Privesc

Post Exploitation

Task Completion

Tools:

☐

Permissions/Information:

☐

System

☐

Services

☐

History

☐

Users

☐

Passwords

☐

Network

☐

Writeable Checks:

☐

/dev/shm

☐

/tmp/

☐

/var/tmp/

☐

/var/spool/vbox

☐

/var/spool/samba

☐

hostname | uname -a  
cat /proc/version | cat /etc/issue | lscpu 

services
ps au | ps aux | grep root
find / -perm -u=s -type f 2>/dev/null #(finds all perms with s)
ls -la /etc/cron.daily/

whoami | id -u  (for 0 response) | id -un | logname 
/[moomaddafucka]??/b??/[whatever]ho???
ls -la /home/ | ls -l ~/.ssh
cat /etc/passwd | cut -d : -f 1 | cat /etc/shadow | cat /etc/group
history | sudo su -  

network: ifconfig | ip a | ip route | arp a | ip neigh | netstat -ano

passwords
grep --color=auto -rnw '/' -ie "PASSWORD=" --color==always 2> /dev/null
locate password | more
find / -name '*yourtstring*' 
find / -name authorized_keys
find / -name id_rsa 2> /dev/null
find . -writable (For all files under the current directory that are writable by the current user)
find . ! -writable
find / -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \;

find/ -path /proc -prune -o -type d -perm -o+w 2>/dev/null #find writable dirs
find/ -path /proc -prune -o -type f -perm -o+w 2>/dev/null #find writable files

PreviousPENTESTING NextREPORTING

Last updated 1 year ago