Hacking Methodology
Hack Responsibly.
Always ensure you have explicit permission to access any computer system before using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here.
Not much here yet...please feel free to contribute at my GitHub page.
MITRE ATT&CK
Categories
The hacking methodology categories align with the enterprise attack tactics in the MITRE ATT&CK matrix. The categories are:
Initial access - Gaining initial entry to the target network, usually involving password-guessing, exploits, or phishing emails
Execution - Launching attacker tools and malicious code, including RATs and backdoors
Persistence - Creating autostart extensibility points (ASEPs) to remain active and survive system restarts
Privilege escalation - Obtaining higher permission levels for code by running it in the context of a privileged process or account
Defense evasion - Avoiding security controls by, for example, turning off security apps, deleting implants, and running rootkits
Credential access - Obtaining valid credentials to extend control over devices and other resources in the network
Discovery - Gathering information about important devices and resources, such as administrator computers, domain controllers, and file servers
Lateral movement - Moving between devices in the target network to reach critical resources or gain network persistence
Collection - Locating and collecting data for exfiltration
Command and control - Connecting to attacker-controlled network infrastructure to relay data or receive commands
Exfiltration - Extracting data from the network to an external, attacker-controlled location
General methodology
Log all commands of the current session
Use Joplin, OneNote, CherryTree or other notetaking program to document findings
Set the Target IP Address to the
$ip
system variableRun
nmap -sCV
for all TCP and UDP portsFor every open port TCP/UDP
Find service and version
Find known service bugs
Find configuration issues
Do banner grabbing
Google/Web-search
Every unknown service/program
Every error message
Every URL path
Every parameter to find versions/apps/bugs
Every service version + exploit db
Every service version + vulnerability
searchsploit
every serviceIf app has authentication:
User enumeration
Password brute force
Default credentials google search
Run nmap vuln scan
Run metasploit enum
Run metasploit exploits
Privilege Escalation Standard Operating Procedures
Proper and thorough enumeration is the key to a successful engagement. Privilege escalation is all about:
Collecting - Enumeration, more enumeration, and some more enumeration.
Processing - Sort through data, analyze, and prioritize.
Searching - Know what to search for and where to find the exploit code.
Adapting - Customize the exploit so it fits. Not every exploit works for every system "out of the box".
Trying - Get ready for (lots of) trial and error.
If you like this content and would like to see more, please consider buying me a coffee!
Last updated