-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrevision-for-gpen-day-1.html
250 lines (227 loc) · 11.9 KB
/
revision-for-gpen-day-1.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
<!doctype html>
<html class="no-js" lang="en">
<head>
<link rel="shortcut icon" href="" />
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="author" content="FishermansEnemy" />
<title>Revision for GPEN - Day 1</title>
<meta name="description" content="<p>This week I'm starting my revision for SEC560 and the GPEN cert. I'm
currently just finishing the day 2 mp3 by Ed Skoudis, and considering
it's just Ed talking through the slides I'm finding it as good as when I
was in the class. There is lots of insight into …</p>" />
<!--[if !IE 7]>
<style type="text/css">
#main-content {display:table;height:100%}
</style>
<![endif]-->
<link rel="stylesheet" href="https://fishermansenemy.com/theme/css/backdrop.css" />
<link rel="stylesheet" href="https://fishermansenemy.com/theme/css/pygments.css" />
<script src="https://fishermansenemy.com/theme/js/modernizr.js"></script>
</head>
<body>
<div class="master-row">
<div class="content-pane main-content">
<nav class="top-bar" data-topbar role="navigation">
<ul class="title-area">
<li class="name"><!-- Leave this empty --></li>
<li class="toggle-topbar menu-icon"><a href="#"><span></span></a></li>
</ul>
<section class="top-bar-section">
<ul class="left">
</ul>
<ul class="right">
<li><a href="https://fishermansenemy.com/category/gaming.html">Gaming</a></li>
<li><a href="https://fishermansenemy.com/category/general.html">General</a></li>
<li><a href="https://fishermansenemy.com/category/hardware.html">Hardware</a></li>
<li class="active"><a href="https://fishermansenemy.com/category/infosec.html">InfoSec</a></li>
<li><a href="https://fishermansenemy.com/category/random.html">Random</a></li>
<li><a href="https://fishermansenemy.com/category/rant.html">Rant</a></li>
<li><a href="https://fishermansenemy.com/category/uncategorized.html">Uncategorized</a></li>
</ul>
</section>
</nav>
<div class="row title-bar">
<div class="small-12 columns">
<h1><a href="https://fishermansenemy.com">FishermansEnemy</a></h1><h2> <small>Musings of an infosec nerd</small></h2>
<hr>
</div>
</div>
<div id="contents">
<div class="row">
<div class="small-12 columns article">
<h2>Revision for GPEN - Day 1</h2>
<div class="row info-bar" style="margin-left:0rem;margin-bottom:6px;">
<div class="small-12 columns">
<ul class="inline-list">
<li><span><i class="fa fa-calendar"></i> Thu 20 January 2011</span></li>
<li><span><i class="fa fa-folder-open"></i> <a href="https://fishermansenemy.com/category/infosec.html">InfoSec</a></span></li>
</ul>
</div>
</div>
<section class="article">
<p>This week I'm starting my revision for SEC560 and the GPEN cert. I'm
currently just finishing the day 2 mp3 by Ed Skoudis, and considering
it's just Ed talking through the slides I'm finding it as good as when I
was in the class. There is lots of insight into the tools that are being
described, as you would expect from having the author of the course
delivering it live. TODO so far:</p>
<p>Learn the following tools inside out:</p>
<div class="line-block">
<div class="line">hping3</div>
<div class="line-block">
<div class="line">nmap NSE</div>
<div class="line">Dig</div>
<div class="line">BiLE</div>
<div class="line">ExifTool</div>
<div class="line">FOCA</div>
<div class="line">GHDB</div>
<div class="line">Sid2user and User2sid</div>
<div class="line">Enum</div>
<div class="line">nc forwarding</div>
</div>
</div>
<p>So far I've covered the planning, scoping and recon stage of the pen
test. This covers the initial contact between the tester and the
customer and defines the rules of engagement and scope of the test. The
rules of engagement details how the testers are going to interact with
the environment they are testing and the techniques that they are
allowed to use. Examples of what should be in the RoE are the dates
between which the test is going to be conducted, the communications that
will take place between the testers and the customer etc. The scope
defines what will be tested, and includes the IP's to be targeted and
whether social engineering or physical testing is allowed. Obviously
these are only examples, for the full beef go and do SEC560 :-)</p>
<p>Also covered on day 1 is recon, including interesting web searches,
google hacking, document metadata extraction, whois searches etc. There
is so much information that individuals and companies make publicly
available that the tester can leverage to gain access to systems that
they should not be able to. As an example of this, imagine the company
you are testing has a minimal footprint on the internet that you can
access. This footprint is fire walled, patched and behind WAF's and
IPS's. You just cannot find a way to exploit anything to start pivoting
your way into the network. Are you done? nope; go onto their website
with a spider and download all the documents you can. Run these docs
through Exiftool and find out the version of office/acrobat etc that the
company are using, then go to the "vacancies" section on their website
and apply for some jobs with a CV that also happens to contain exploits
for the software you know they are using. Include links to a website
that is hosting browser exploits or the completely evil browser-autopwn
from Metasploit and start feeding them Meterpreter shells. This is only
the beginning.</p>
<p>Day 2 covers scanning, which is why I have a loooong list of tools I
need to learn. I'll write up a summary when I'm happy that I understand
all the evil things that I can do with them ;-)</p>
</section>
</div>
</div>
</div>
<footer class="show-for-large-up">
<div class="row">
<div class="small-6 medium-3 columns">
<ul class="left-nav">
<li><a href="https://fishermansenemy.com">Home <i class="fa fa-home fa-fw"></i></a></li>
<li><a href="https://fishermansenemy.com/categories.html">Categories <i class="fa fa-folder-open fa-fw"></i></a></li>
</ul>
</div>
<div class="small-6 medium-3 medium-push-6 columns">
<ul class="right-nav">
<li><a href="https://fishermansenemy.com/archives.html"><i class="fa fa-archive fa-fw"></i> Archives</a></li>
</ul>
</div>
<div class="small-12 medium-6 medium-pull-3 columns text-center">
</div>
<div class="small-12 columns sub-footer">
<hr>
<div class="small-12 medium-6 columns">
<p class="small-text-center medium-text-left">
© FishermansEnemy
<!-- <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/"><img alt="Creative Commons License" style="border-width:0" src="cc.png" /></a>-->
</p>
</div>
<div class="small-12 medium-6 columns">
<p class="small-text-center medium-text-right">
Proudly powered by <a href="http://blog.getpelican.com/">Pelican</a>,
which takes great advantage of <a href="https://www.python.org/">Python</a>.
</p>
</div>
</div>
</div> </footer>
</div>
<div class="image-pane main-content" style="background: url('https://fishermansenemy.com/images/backdrop.jpg'); background-size:cover; background-position: right;">
<div class="row">
<div class="small-12 medium-4 large-12 columns">
<h5 class='text-center'>About</h5>
<div class="about-me">
<div class="hide-for-medium-only small-3 columns no-buffer">
<a class="th" href="https://fishermansenemy.com/images/profileimage.jpg">
<img src="https://fishermansenemy.com/images/profileimage.jpg">
</a>
</div>
<div class="small-9 medium-12 large-9 columns text-justify">
The personal blog of a UK based penetration tester
</div>
<div class="small-12 columns">
<ul class="inline-center social-list">
<li><a href="http://twitter.com/FishermansEnemy"><i class="fa fa-twitter"></i> Twitter</a></li>
<li><a href="http://www.youtube.com/user/MrFishermansEnemy"><i class="fa fa-youtube"></i> YouTube</a></li>
<li><a href="http://twitch.tv/FishermansEnemyTV"><i class="fa fa-twitch"></i> Twitch</a></li>
</ul>
</div>
</div>
</div>
<div class="small-12 medium-4 large-12 columns link-list">
</div>
<!--
<div class="small-12 medium-3 large-12 columns">
</div>
-->
</div>
</div>
</div>
<div class="row">
<footer class="hide-for-large-up">
<div class="row">
<div class="small-6 medium-3 columns">
<ul class="left-nav">
<li><a href="https://fishermansenemy.com">Home <i class="fa fa-home fa-fw"></i></a></li>
<li><a href="https://fishermansenemy.com/categories.html">Categories <i class="fa fa-folder-open fa-fw"></i></a></li>
</ul>
</div>
<div class="small-6 medium-3 medium-push-6 columns">
<ul class="right-nav">
<li><a href="https://fishermansenemy.com/archives.html"><i class="fa fa-archive fa-fw"></i> Archives</a></li>
</ul>
</div>
<div class="small-12 medium-6 medium-pull-3 columns text-center">
</div>
<div class="small-12 columns sub-footer">
<hr>
<div class="small-12 medium-6 columns">
<p class="small-text-center medium-text-left">
© FishermansEnemy
<!-- <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/"><img alt="Creative Commons License" style="border-width:0" src="cc.png" /></a>-->
</p>
</div>
<div class="small-12 medium-6 columns">
<p class="small-text-center medium-text-right">
Proudly powered by <a href="http://blog.getpelican.com/">Pelican</a>,
which takes great advantage of <a href="https://www.python.org/">Python</a>.
</p>
</div>
</div>
</div> </footer>
</div>
<script src="https://fishermansenemy.com/theme/js/jquery.min.js"></script>
<script src="https://fishermansenemy.com/theme/js/foundation.min.js"></script>
<script src="https://fishermansenemy.com/theme/js/app.js"></script>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-20157586-1', 'auto');
ga('send', 'pageview');
</script>
</body>
</html>