Overview

In this online, instructor led training course students will get a hands-on feel for penetration testing. The instructor goes through many of the tools available through demonstrations allowing you to scan multiple port numbers and protocols. This course will be useful for any students who are wanting to do penetration testing in the real world.

Course Instructor: Alex Achs

Course Outline

01. Discovering hosts via Ping Scan

  • nmap -sn 10.0.0.0/8
  • What difference TTL means

02. TCP Scanning:

  • nmap -v -p- -sT
  • unicornscan -i -I -mT $IP:a

03. UDP Scanning:

  • nmap -v -p- -sU
  • unicornscan -i -I -mU $IP:a

04. Searchsploit (Searches exploitdb)

05. Some common ports and what to do:

  • 21 – FTP
  • Fingerprint version
  • Check for Anonymous access
  • Brute Forcing
  • MITM (Requires more setup)

06. SSH

  • Fingerprint version
  • Brute Force

07. Telnet

  • Fingerprint version
  • Brute Force

08. SMTP

  • Fingerprint version
  • Enumerate Users

09. DNS

  • Fingerprint version
  • Zone transfer
  • DNSRecon
  • DNSEnum

10. FINGER

  • User enumeration
  • Potential command execution

11. WEB

  • Fingerprint version
  • robots.txt
  • Nikto
  • Dirbuster Gobuster
  • Local Remote File Inclusion (LFI & RFI)

12. SNMP

  • Default Community Strings
  • MIBS
  • .1.3.6.1.2.1.1.5 Hostnames
  • .1.3.6.1.4.1.77.1.4.2 Domain Name
  • .1.3.6.1.4.1.77.1.2.25 Usernames
  • .1.3.6.1.4.1.77.1.2.3.1.1 Running Services
  • .1.3.6.1.4.1.77.1.2.27 Share Information
  • snmpwalk
  • SNMP Bruteforce

13. LDAP

  • Enumeration

14. SMB

  • enum4linux
  • smbclient
  • Mounting Shares

    Skills Learned

    After completing this online training course, students will be able to:

    • Introduction to TCP and UDP scanning
    • FTP scanning of Linux OS
    • SSH scanning of Linux OS
    • Real world application of penetration testing tools
    • Scan protocols such as LDAP, SMB, and SNMP