Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Penetration Testing: Celestial


Published on

Prior knowledge for penetration testing the Hack the Box machine Celestial

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Penetration Testing: Celestial

  1. 1. Penetration Testing Wednesday, August 29
  2. 2. Quick Information Join us on Discord - Firetalks
  3. 3. Quick Overview 1. Recon = Finding background information on target without interfacing with the target. (Since we are doing Hack-the-Box we won’t be doing this) 2. Enumeration = Scanning machines for information; this involves scanning for open ports, services, things that we can exploit. We want to understand how everything is operating so we can exploit it 3. Exploitation = The fun part; we will use the information from enumeration to craft an exploit in order to gain access to something we want but they don’t want access too. 4. Escalation = Once we get access we want to gain more access; Going from a user account to root in this case 5. Persistence = Being able to get back in case our exploit breaks or they patch the way we initially broke in 6. Clean up= Leaving no trace we were there ;)
  4. 4. Our Target (recon) Hack the Box = Celestial ● IP Address = ● Operating System = Linux ● And … thats about all we know so far
  5. 5. Enumeration ● It’s always a good idea to have a scan going in the background ● Two types of scans we will focus on today ○ Network/Service Scanning ■ Nmap ■ Nessus ○ Web server Scanning ■ Gobuster ■ Nikto ■ WPScan (only for wordpress)
  6. 6. NMAP Results
  7. 7. Exploitation
  8. 8. Escalation
  9. 9. More Escalation… or is this called Pivoting?
  10. 10. Clean up ● Lets delete anything that might show we were there