method_0_intro
This is an old revision of the document!
PenTest Methodology
During a PenTest you generally follow these six steps:
- Pre-Engagement: Planning & Scope
- Recon: Information Gathering
- Scanning
- Exploitation
- Post-Exploitation
- Post-Engagement: Report
Most important out of the six:
- Recon (info gathering)
- Scanning & Enumeration
- If you do those two right and well, you should have no problem getting to where you need to go.
- Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration.
Enumeration: All enumeration means is “build a list.” You enumerate throughout this process, and it is essential for a successful hack.
Practice
VulnHub has a lot of practice machines you can download.
- VulnHub machines are virtual machines (VMs) and are built for VMWare.
- Debian 10 (Buster) runs VMWare Workstation fine. Debian 11 (Bullseye)… not so much.
List of VulHub machines similar to OSCP:
method_0_intro.1664031376.txt.gz · Last modified: by gman