eJPT - eLearnSecurity Junior Penetration Tester Cheat Sheet
What is eJPT? The eJPT is a 100% hands-on certification for penetration testing and essential information security skills.
I'm more than happy to share my personal cheat sheet of the #eJPT Preparation exam.
Subdomain enumeration
| Tool + Cheat sheet |
What it does |
| Google dorks |
Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using. |
| Sublist3r |
Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS. |
| crt.sh |
It collects information about SSL certificates. If you visit a domain and it contains a certificate you can extract other subdomain by using the View Certificate functionality. |
| dnscan |
Python wordlist-based DNS subdomain scanner. |
| amass |
In depth DNS Enumeration and network mapping. |
| Tool + Cheat sheet |
What it does |
| ping |
ping works by sending one or more special ICMP packets (Type 8 - echo request) to a host. If the destination host replies with ICMP echo reply packets, then the host is alive. |
| fping |
Linux tool which is an improved version of the ping utility. |
| nmap |
Network Mapper is an open source tool for network exploration and security auditing. Free and open-source scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packages and analyzing the responses. |
| p0f |
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. |
| masscan |
Masscan was designed to deal with large networks and to scan thousands of Ip addresses at once. It’s faster than nmap but probably less accurate. |
| Tool + Cheat sheet |
URL |
|
| dirb |
DIRB is a web content fingerprinting tool. It scans the web server for directories using a dictionary file |
|
| feroxbuster |
FEROXBUSTER is a web content fingerprintinf tool that uses brute force combined with a wordlist to search for unlinked content in target directories. |
|
| httprint |
HTTPRINT is a web server fingerprinting tool. It identifies web servers and detects web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. |
|
| wpscan |
WPSCAN is a wordpress security scanner. |
|
Dictionaries
List of dictionaries.
| Tool + Cheat sheet |
What it does |
| crunch |
Generate combinations of words and manglings to be used later off as attacking dictionaries. |
|
|
Vulnerability assessment: scanners
| Tool + Cheat sheet |
What it does |
|
| netcat |
netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. |
|
| openSSL |
OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites. |
|
| Registry creation |
Registries in the victim machine may be used to save a connection to the attacker machine. |
|
Web pentesting
| Vulnerability / Technique |
What it does |
Tool |
| Backdoors with netcat |
|
|
| Buffer Overflow attacks |
A buffer is an area in the RAM (Random Access Memory) reserved for temporary data storage. If a developer does not enforce buffer’s limits, an attacker could find a way to write data beyond those limits. |
|
| Remote Code Execution |
RCE attacks involve attackers manipulating network traffic by exploiting code vulnerabilities to access a corporate system. |
|
| XSS attack - Cross-site Scripting attack |
Cross-Site Scripting attacks or XSS attacks enable attackers to inject client-side scripts into web pages. This is done through an URL than the attacker sends. Crafted in the URL, this js payload is injected. |
xsser |
| SQL injection |
SQL stands for Structure Query Language. SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. |
sqlmap |
Password cracker
| Tool + Cheat sheet |
What it does |
|
| ophcrack |
Ophcrack is a free Windows password cracker based on rainbow tables. It is a efficient implementation of rainbow tables. It comes with a Graphical User Interface and runs on multiple platforms. |
|
| hashcat |
Hashcat is a password recovery tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, OS X, and Windows. wikipedia. |
|
| John the Ripper |
John the Ripper is one of those tools that can be used for several things: hash cracker and dictionary attack. |
|
| hydra |
Hydra can attack nearly 50 services including: Cisco auth, FTP, HTTP, IMAP, RDP, SMB, SSH, Telnet... It uses modules for each protocol. |
|
Dictionary attacks
| Tool + Cheat sheet |
What it does |
| John the Ripper |
John the Ripper is one of those tools that can be used for several things: hash cracker and dictionary attack. |
| hydra |
Hydra can attack nearly 50 services including: Cisco auth, FTP, HTTP, IMAP, RDP, SMB, SSH, Telnet... It uses modules for each protocol. |
Windows
Introduction about NetBIOS.
Linux
Spawn a shell.
msfvenom.
Lateral movements
Lateral movements
Last update: 2024-03-29
Created: January 3, 2023 02:04:20