Pentesting

I am not a professional pentester or something these are just the things that I have learned while doing Vulnerable VMs from websites like Vulnhub, HackTheBox, TryHackMe etc.

General

  • If you have downloaded the VM from Website like Vulnhub or any other website then make sure you run it in host-only mode. Even though Vulnhub can be super trusted but still it's good to be paranoid.

    • Most of the VM with bridged as their default network setting.

    • Also if you want to be super paranoid then go for NAT setting but I've had issues with some VMs in NAT network setting.

  • Enumeration is the Key but only till a certain level. Lot of times the way is too guessy, too CTF type and that point enumeration doesn't help at all. So if you have done the basics of enumeration like for HTTP service fuzzing, dirsearch etc then don't worry it's totally okay to ask for a damn hint.

  • Always take a good look of what you've found

  • php file type can be bypassed by php5

  • If in a file upload the output is shown meaning it's processing the upload

    • exploit it with command injection in filename like "shell.txt;id"

  • Change Static IP

    • sudo ifconfig vmnet1 10.10.10.11 netmask 255.255.255.0

  • VMware /dev/vmmon not loaded

    • sudo vmware-modconfig --console --install-all

  • sudo vmware-modconfig --console --install-all

    • Fix the issue of vmware modprobe error

  • If cracking password for kdbx takes longer time then try finding a key file for it.

  • For git repos always check out the git logs

  • If for some reason dirsearch or gobuster doesn't work on any URL or if they show every URL as the right try to use wfuzz

    • wfuzz -c -w wordlist --hw 12 --hc 400 URL