Penetration Testing – discussing exploits,  vulnerabilities, fixes and tools

Here I will be discussing exploits,  vulnerabilities, fixes and tools dedicated to the two areas of personal interest to me within Penetration Testing. Infrastructure and Web Application Testing.

Infrastructure Testing

• Networking Pivoting via SSH – Scanning with Nessus Professional behind a Firewall or NAT.
• Searchsploit command line shortcut options -m and -x.
• Self Signed Certificates + Remote Desktop Protocol = MiTM and Creds – This is a problem, don’t ignore it!
• Problems with VirtualBox Guest Additions in Kali – Quick Tip!
• NTLM/NTLMv2 Relaying in Windows with PowerShell and Inveigh!
• Linux Privilege Escalation with Setuid and Nmap
• Creating and mangling custom word lists!
• Setting up a quick DHCP server in Linux with dnsmasq
• Pivoting through SSH with dynamic port forwarding.
• Adding your own or custom exploits to Metasploit! Eternalblue, SambaCry?

Web Application Testing

• Searchsploit command line shortcut options -m and -x.
• Burp Suite Macro: Auto Login (session re-authentication)
• Hardening Microsoft IIS 8.5 Security Headers
• MiTM Thick Client Web Services Testing.
• Server Hardening: HTTP TRACE TRACK Methods Allowed – Part1 Apache