maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

f

Browse Source
This commit is contained in:
Carlos Polop 2025-04-19 19:08:44 +02:00
parent c2d538875e
commit 1215fdd163
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/generic-methodologies-and-resources/pentesting-methodology.md
View File

@ -9,11 +9,11 @@
_Hacktricks logos designed by_ [_@ppiernacho_](https://www.instagram.com/ppieranacho/)_._
### 0- Physical Attacks
### **0- Physical Attacks**
Do you have **physical access** to the machine that you want to attack? You should read some [**tricks about physical attacks**](../hardware-physical-access/physical-attacks.md) and others about [**escaping from GUI applications**](../hardware-physical-access/escaping-from-gui-applications.md).
### 1 - [Discovering hosts inside the network ](pentesting-network/index.html#discovering-hosts)/ [Discovering Assets of the company](external-recon-methodology/index.html)
### **1-** [**Discovering hosts inside the network**](pentesting-network/index.html#discovering-hosts)/ [Discovering Assets of the company](external-recon-methodology/index.html)
**Depending** if the **test** you are perform is an **internal or external test** you may be interested on finding **hosts inside the company network** (internal test) or **finding assets of the company on the internet** (external test).
@ -25,7 +25,7 @@ Do you have **physical access** to the machine that you want to attack? You shou
**This section only applies if you are performing an internal test.**\
Before attacking a host maybe you prefer to **steal some credentials** **from the network** or **sniff** some **data** to learn **passively/actively(MitM)** what can you find inside the network. You can read [**Pentesting Network**](pentesting-network/index.html#sniffing).
### 3- [Port Scan - Service discovery](pentesting-network/index.html#scanning-hosts)
### **3-** [**Port Scan - Service discovery**](pentesting-network/index.html#scanning-hosts)
The first thing to do when **looking for vulnerabilities in a host** is to know which **services are running** in which ports. Let's see the[ **basic tools to scan ports of hosts**](pentesting-network/index.html#scanning-hosts).
@ -70,7 +70,7 @@ If you have troubles with the shell, you can find here a small **compilation of
- [**Windows (CMD)**](../windows-hardening/basic-cmd-for-pentesters.md)
- [**Windows (PS)**](../windows-hardening/basic-powershell-for-pentesters/index.html)
### **9 -** [**Exfiltration**](../generic-hacking/exfiltration.md)
### **9-** [**Exfiltration**](../generic-hacking/exfiltration.md)
You will probably need to **extract some data from the victim** or even **introduce something** (like privilege escalation scripts). **Here you have a** [**post about common tools that you can use with these purposes**](../generic-hacking/exfiltration.md)**.**