Hacking Notes
  • Hacking Notes
  • Penetration Testing Methodology
    • Host Discovery
    • Information Gathering
    • Exploit Research
    • Exploit Development
    • Exploit Testing
    • Exploiting
    • Information Gathering
    • Privilege Escalation
  • Shells
    • Reverse Shell Cheat Sheet
    • Bind Shell Cheat Sheet
    • Webshells
    • C Shell
  • Stuck?
  • LICENSE
  • Windows
    • Windows Information Gathering
    • Windows PrivEsc
      • Method
      • PE Scripts
      • Potatos
      • Windows Privs
    • Transferring Files
    • Active Directory
      • ad-attacks
      • auth-enumeration
      • unauth-enumeration
      • authentication-delegation
      • reference
      • Kerberos
        • Authentication Delegation
      • mind-map
    • LNK Files
    • SCF Files
    • Compile Code
    • Tips & Tricks
  • Linux
    • Linux OS Information Gathering
    • Linux PrivEsc
      • methodology
      • Privilege Escalation Scripts
        • LinEnum
    • Hosting Files
    • Linux File System
    • Scheduling Jobs
    • POSIX
      • Scripting
      • Notes
  • Web Application Testing
    • Methodology
    • Enumeration
    • Attacks
      • SQLi
      • File Inclusion
      • Directory Traversal
      • Cross-Site Scripting
      • Login Forms
      • Content Injection
      • XSS
    • Assessment Tools
      • ZAP
      • ffuf
      • Nikto
      • wpscan
      • zap
    • Wordpress
      • wpscan
    • Apache
    • Nostromo
  • Services
    • Services
      • Active Directory Administration
      • Cups
      • DFSR
      • DHCP Client
      • DHCP Server
      • DNS
      • FTP
      • HTTP
      • HTTP(S)
      • IIS
      • Imap Encrypted
      • IMAP
      • IPsec
        • Kerberos
        • LDAP
        • ldaps
        • MSRPC
        • MSSQL
        • MySQL
        • Netbios Datagram Service
        • Netbios Name Service
        • Netbios Session Service
        • NFS
        • NNTP
        • NTP
        • Oracle
        • POP3
        • POP3 Encrypted
        • RDP
      • Redis
        • RFSP
        • RPCbind / Portmapper
        • RSIP
        • RTSP
      • RSYNC
        • SMB
        • SMTP
        • SNMP
        • SSH
        • Telnet
        • TFTP
        • VNC
      • VNC Remote Desktop
      • VNC Web Interface
        • WinRM
      • Wins
  • Containers
    • Docker
  • Buffer Overflow
    • Buffer Overflow
    • win32
  • Tools
    • Windows
      • chisel
      • mimikatz
      • mssqlclient.py
      • plink
      • psexec.py
      • smbeagle
      • winexe
    • Linux
      • chisel
      • evil-winrm
      • exiftool
      • Impacket
        • GetADUsers
        • GetNPUsers
        • getST
        • getTGT
        • GetUserSPNS
        • secretsdump
        • smbclient
        • wmiexec
      • jd-gui
      • ldapsearch
      • strings
      • smbeagle
      • Helpful Sites
  • Misc
    • Tunneling
    • Cryptography
    • Regex
    • Tools to Checkout
  • Password Cracking
    • Hashcat
    • John The Ripper
  • Tunneling
    • Tunnels
  • Web3
    • Introduction
    • Audit Process
    • Report Writing
    • List of Tools
    • Web3 References
Powered by GitBook
On this page
  • Penetration Testing Methodology
  • Important Notes
  • Methodology Outline
  • Tips

Was this helpful?

Penetration Testing Methodology

PreviousHacking NotesNextHost Discovery

Last updated 3 years ago

Was this helpful?

Penetration Testing Methodology

The overall penetration testing methodology is something that one develops over time. As my methodology is still being developed, this methodology is probably going to have holes and will not cover everything. It will most likely change as well.

Important Notes

When you are in the Information Gathering phases (yes, you will go through information gathering multiple times), do not jump out of that phase to the exploit phase until you are finished with harvesting all that you can. While in the Information Gathering phase note "Things to try later" so you have a list of possible things you can attempt to exploit. This can help avoid being stuck in rabbit holes for too long.

Methodology Outline

  • Recon

  • Initial Access

  • Persistence

  • Privilege Escalation

  • Lateral Movement

  • Covering Tracks

  • Exfiltration

Each "step" does not strictly follow the one before it. There are occasions where some steps may be completely skipped (Privilege Escalation, Lateral Movement, Covering Tracks, Exfiltration) because they are not required for that particular engagement.

Tips

Here are some tips to consider:

  • Complete one phase before moving on to the next.

    • Do not try start exploit research until you have completed information gathering.

  • Reflect on what you know about the system.

  • Think about your assumption and question them.

  • Develop hypothesis and challenge them.

    • What is/are your assumption(s) about the machine?

    • What is your evidence?

    • How confident are you that the assumptions are correct?

    • What can you do to test your assumptions? (Try to disprove them.)

  • Take a break around every 90 minutes.

  • Reflect on what you know and your assumptions frequently.

    • At least do this between each phase.

  • Don't skip code analysis.

  • Always get the most interactive and robust shell possible before escalating privileges.

Vulnerability Research
Exploit Development
Exploitation
Windows Privilege Escalation
Linux Privilege Escalation