Info&Resources

يرجى الملاحظة هذا ليس cheat sheet ، وإنما خريطة عامة قد لا تشمل بعض التفاصيل وذكرت الـTools وأهم Services مع بعض المصادر للتدرب مثل TryHackMe ,HackTheBox وبعض الـMachines وروابط لمحتويات عربية ,ولا يعني أنه يجب عليكم تجربة المصادر كاملة ، ولا يعني أيضا أنه لا يوجد أكثر من تحدي في المنصات المذكورة التي قد تساعدك في الممارسة فانصح بالبحث عن اسم الموضوع الذي تريد الممارسة فيه إن كنت تريد التدرب أكثر

يوجد كثير من الأدوات وأداة تشبه أدةً أخرى ، تذكر أن في الاختبار ليس عليك استخدام جميعها ولا داعي للفزع ، استخدم ما تحتاجه

Videos

• https://www.youtube.com/@HackerSploit

• https://www.youtube.com/watch?v=qaNZKH5NohQ&t=11291s

• https://www.youtube.com/watch?v=uThOnvh1zJw&t=1850s

TryHackMe

Rooms

Useful Path

• https://tryhackme.com/paths(check command injection)

SQLmap:

https://tryhackme.com/room/sqlmap

Rooms

• https://tryhackme.com/room/ice

• https://tryhackme.com/room/blue

• https://tryhackme.com/room/tomghost

• https://tryhackme.com/room/gamezone

• https://tryhackme.com/room/ra

• https://tryhackme.com/room/anonymous

HackTheBox

rooms

• Armageddon

  my goal is to know what is Drupal

Machines

• https://www.vulnhub.com/entry/dc-1,292/

• Metasploitable 2 or Metasploitable 3

Wordlists

/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
/usr/share/metasploit-framework/data/wordlists/unix_users.txt
/usr/share/wordlists/metasploit/root_userpass.txt 
/usr/share/commix/src/txt/usernames.txt
/usr/share/wordlists/rockyou.txt
usr/share/metasploit-framework/data/wordlists/directory.txt
/usr/share/metasploit-framework/data/wordlists/sensitive_files.txt

1- Assessment Methodologies

Technology Lookup

//this is an online tool or extension

• BuiltWith

• Wapplyzer

• Netcraft

Google Dorks

https://tryhackme.com/room/googledorking

google hacking database

commands

Labs in TryHAckme

https://tryhackme.com/room/passiverecon

https://tryhackme.com/room/redteamrecon

https://tryhackme.com/room/activerecon

2- Host & Network Penetration Testing

Network-bead Attack Topics:

Wireshark

Tshark

Arp poisoning

-- https://tryhackme.com/room/layer2

-- https://www.javatpoint.com/arp-spoofing-using-arpspoof

-- https://techyrick.com/arpspoof-full-tutorial/

Summary of Important Services

• SMB

• Samba

• FTP

• SSH

• HTTP

• MYSQL

• SMTP

• RDP

• apache PHP-CGI

• WordPress

• Microsoft IIS

Summary of tool and commands

Windows

Frequently Exploited Windows Services

• WebDAV

• WinRM

• SMB With PsExec

• Windows MS17-010 SMB (EternalBlue)

• Exploiting RDP

• CVE-2019-0708 - BlueKeep

Windows Privilege Escalation

• PrivescCheck - script aims to enumerate common Windows ( example)

• Bypassing UAC

• Token Impersonation With Incognito

Linux

Frequently Exploited Linux Services

• Bash CVE-2014-6271 Vulnerability (Shellshock)-->bash-cgi

• Exploiting SSH

• Exploiting SAMBA

• Exploiting FTP

Linux Privilege Escalation

LinEnum - bash script to enum and identify privilege escalation

• Linux Kernel Exploits

• Misconfigured Cron Jobs

• SUID Binaries

• Weak Permissions

Dumping & Cracking

• Dumping & Cracking NTLM Hashes -->Windows

• Mimikatz

• Hashcat

• John The Ripper

• Pass-the-Hash attack: is a technique where an attacker captures a password hash

Pivoting

• Port Forwarding: is like when you say (I want you to redirect the traffic from the specific port on a Target system that you would like to compromise and I want you to forward the traffic to a local port on my system so that we can access that system)

Bind & Reverse Shells

• you should know how to do both.

Reverse shell

cheatsheet

reverse shell generator

3- Web

important Topics

• HTTP Login using Hydra

• SQL Injection

• XSS

Tools

// Softwares
Burp Suite 
ZAProxy
//commands  
Nikto 
Drib 
Gobuster
XSSer 
sqlmap