Pentest: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older edit
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
 
(27 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[File:Practice.png|center|20px|thumb]]
==Referensi==
==Referensi==


* https://pentester.land/tutorials
* http://www.computersecuritystudent.com/
* http://www.computersecuritystudent.com/
* http://pentestlab.wordpress.com/
* http://pentestlab.wordpress.com/
* http://minhnhatssc.blogspot.com/
* http://minhnhatssc.blogspot.com/
* http://www.amanhardikar.com/mindmaps/Practice.html
* https://www.amanhardikar.com/mindmaps/Practice.html
* https://www.vulnhub.com/
===Vulnerable Apps===
* https://information.rapid7.com/download-metasploitable-2017.html
* https://www.vulnhub.com/
* http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/
* http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/
* https://www.vulnhub.com/#
* http://www.dvwa.co.uk/
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/2/
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/3/
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/4/
* http://damnvulnerableiosapp.com
* BadStore http://www.badstore.net/
* BodgeIt Store http://code.google.com/p/bodgeit/
* Butterfly Security Project http://thebutterflytmp.sourceforge.net/
* bWAPP http://www.mmeit.be/bwapp/
* http://sourceforge.net/projects/bwapp/files/bee-box/
* Commix https://github.com/stasinopoulos/commix-testbed
* CryptOMG https://github.com/SpiderLabs/CryptOMG
* Damn Vulnerable Node Application (DVNA) https://github.com/quantumfoam/DVNA/
* Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/
* Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/
* Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
* Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
* Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
* Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
* Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
* Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
* Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
* GameOver http://sourceforge.net/projects/null-gameover/
* hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
* Hackazon https://github.com/rapid7/hackazon
* LAMPSecurity http://sourceforge.net/projects/lampsecurity/
* Moth http://www.bonsai-sec.com/en/research/moth.php
* NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/
* OWASP BWA http://code.google.com/p/owaspbwa/
* OWASP Hackademic http://hackademic1.teilar.gr/
* OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
* OWASP Bricks http://sourceforge.net/projects/owaspbricks/
* OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
* PentesterLab https://pentesterlab.com/
* PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
* SecuriBench http://suif.stanford.edu/~livshits/securibench/
* SentinelTestbed https://github.com/dobin/SentinelTestbed
* SocketToMe http://digi.ninja/projects/sockettome.php
* sqli-labs https://github.com/Audi-1/sqli-labs
* MCIR (Magical Code Injection Rainbow) https://github.com/SpiderLabs/MCIR
* sqlilabs https://github.com/himadriganguly/sqlilabs
* VulnApp http://www.nth-dimension.org.uk/blog.php?id=88
* PuzzleMall http://code.google.com/p/puzzlemall/
* WackoPicko https://github.com/adamdoupe/WackoPicko
* WAED http://www.waed.info
* WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/
* WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/
* XVWA https://github.com/s4n7h0/xvwa
* Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip


==Vulnerable OS==
* 21LTR http://21ltr.com/scenes/
* Damn Vulnerable Linux http://sourceforge.net/projects/virtualhacking/files/os/dvl/
* exploit-exercises - nebula, protostar, fusion http://exploit-exercises.com/download
* heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
* http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
* http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
* http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
* hackerdemia - http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
* Holynix http://sourceforge.net/projects/holynix/files/
* Kioptrix http://www.kioptrix.com/blog/
* LAMPSecurity http://sourceforge.net/projects/lampsecurity/
* Metasploitable http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
* neutronstar http://neutronstar.org/goatselinux.html
* PenTest Laboratory http://pentestlab.org/lab-in-a-box/
* Pentester Lab https://www.pentesterlab.com/exercises
* pWnOS http://www.pwnos.com/
* RebootUser Vulnix http://www.rebootuser.com/?page_id=1041
* SecGame # 1: Sauron http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
* scriptjunkie.us http://www.scriptjunkie.us/2012/04/the-hacker-games/
* UltimateLAMP http://www.amanhardikar.com/mindmaps/practice-links.html
* TurnKey Linux http://www.turnkeylinux.org/
* Bitnami https://bitnami.com/stacks
* Elastic Server http://elasticserver.com
* OS Boxes http://www.osboxes.org
* VirtualBoxes http://virtualboxes.org/images/
* VirtualBox Virtual Appliances https://virtualboximages.com/
* CentOS http://www.centos.org/
* Default Windows Clients https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
* https://dev.windows.com/en-us/microsoft-edge/tools/vms/
* Default Windows Server https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview
* Default VMWare vSphere http://www.vmware.com/products/vsphere/


===Setup Pentest Lab===
===Setup Pentest Lab===
Line 15: Line 112:
* http://kanishkashowto.com/2013/09/05/how-to-create-free-pentest-lab-using-virtualbox/
* http://kanishkashowto.com/2013/09/05/how-to-create-free-pentest-lab-using-virtualbox/
* http://pen-testing-lab.blogspot.com/2011/12/setting-up-pen-test-lab-with-vulnerable.html
* http://pen-testing-lab.blogspot.com/2011/12/setting-up-pen-test-lab-with-vulnerable.html
* http://sourceforge.net/projects/virtualhacking/files/os/
* https://pentestlab.blog/


===Metasploit===
===Metasploit===
Line 24: Line 123:
* http://minhnhatssc.blogspot.com/2013/11/metasploit-ms08-067-establishing-shell.html
* http://minhnhatssc.blogspot.com/2013/11/metasploit-ms08-067-establishing-shell.html


===Vulnerable System===
* https://www.vulnhub.com/#
* http://www.dvwa.co.uk/
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/2/
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/3/
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/4/
* http://damnvulnerableiosapp.com


===Capture The Flag===
===Capture The Flag===


* https://www.vulnhub.com/entry/devrandom-relativity-v101,55/
* https://www.vulnhub.com/entry/devrandom-relativity-v101,55/
* http://www.slideshare.net/null0x00/how-to-setup-a-pen-test-lab-and-how-to-play-ctf
* https://github.com/ctfs/resources
* https://github.com/ctfs/resources/tree/master/topics
* https://github.com/ctfs/resources/tree/master/tools
* https://ctftime.org/
* http://ctfwriteups.blogspot.com/2013/12/basic-tips-on-hacking-challenges-in.html
* https://picoctf.com/


===VoIP===
===VoIP===
Line 42: Line 139:
* http://pentestlab.wordpress.com/category/voip/
* http://pentestlab.wordpress.com/category/voip/
* http://pentestlab.wordpress.com/2014/07/14/caller-id-spoofing/
* http://pentestlab.wordpress.com/2014/07/14/caller-id-spoofing/
===Attack pWnOS===
* http://www.backtrack-linux.org/forums/showthread.php?t=2748
===Password Attack===
* [[hydra]]
===Wordlist===
* https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
* http://hashcat.net/forum/thread-1236.html
* http://wordlist.aspell.net/
* http://cyberwarzone.com/cyberwarfare/password-cracking-mega-collection-password-cracking-word-lists
* http://hashcrack.blogspot.de/p/wordlist-downloads_29.html
* http://www.skullsecurity.org/wiki/index.php/Passwords
* http://packetstormsecurity.org/Crackers/wordlists/
* http://www.isdpodcast.com/resources/62k-common-passwords
* http://g0tmi1k.blogspot.com/2011/06/dictionaries-wordlists.html
* http://www.md5this.com/tools/wordlists.html
* http://www.md5decrypter.co.uk/downloads.aspx
* http://360percents.com/wordlist/
* http://360percents.com/posts/wordlist-by-scraping/
* http://360percents.com/posts/wordlist-creator-script-2/
===Pentest SQL===
* https://pentestlab.blog/2013/03/18/penetration-testing-sql-servers/
==Pentest Android==
* [[andrax]]
==Report==
* [[Pentest: Membuat Laporan Hasil Penetration Test (Pentest)]]

Latest revision as of 05:34, 1 August 2020

Error creating thumbnail: File with dimensions greater than 12.5 MP

Referensi

Vulnerable Apps

Vulnerable OS

Setup Pentest Lab

Metasploit


Capture The Flag

VoIP


Attack pWnOS


Password Attack

Wordlist

Pentest SQL


Pentest Android


Report

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=Pentest&oldid=62166"