Difference between revisions of "Pentest"

From OnnoWiki
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
[[File:Practice.png|center|20px|thumb]]
 +
 
==Referensi==
 
==Referensi==
  
 +
* https://pentester.land/tutorials
 
* http://www.computersecuritystudent.com/
 
* http://www.computersecuritystudent.com/
 
* http://pentestlab.wordpress.com/
 
* http://pentestlab.wordpress.com/
 
* http://minhnhatssc.blogspot.com/
 
* http://minhnhatssc.blogspot.com/
 
* http://www.amanhardikar.com/mindmaps/Practice.html
 
* http://www.amanhardikar.com/mindmaps/Practice.html
 +
* https://www.amanhardikar.com/mindmaps/Practice.html
 
* https://www.vulnhub.com/
 
* https://www.vulnhub.com/
  
 
===Vulnerable Apps===
 
===Vulnerable Apps===
  
 +
* https://information.rapid7.com/download-metasploitable-2017.html
 
* https://www.vulnhub.com/
 
* https://www.vulnhub.com/
 
* http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/
 
* http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/
Line 19: Line 24:
 
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/4/
 
* http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/4/
 
* http://damnvulnerableiosapp.com
 
* http://damnvulnerableiosapp.com
 +
* BadStore http://www.badstore.net/
 +
* BodgeIt Store http://code.google.com/p/bodgeit/
 +
* Butterfly Security Project http://thebutterflytmp.sourceforge.net/
 +
* bWAPP http://www.mmeit.be/bwapp/
 +
* http://sourceforge.net/projects/bwapp/files/bee-box/
 +
* Commix https://github.com/stasinopoulos/commix-testbed
 +
* CryptOMG https://github.com/SpiderLabs/CryptOMG
 +
* Damn Vulnerable Node Application (DVNA) https://github.com/quantumfoam/DVNA/
 +
* Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/
 +
* Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/
 +
* Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
 +
* Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
 +
* Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
 +
* Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
 +
* Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
 +
* Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
 +
* Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
 +
* GameOver http://sourceforge.net/projects/null-gameover/
 +
* hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
 +
* Hackazon https://github.com/rapid7/hackazon
 +
* LAMPSecurity http://sourceforge.net/projects/lampsecurity/
 +
* Moth http://www.bonsai-sec.com/en/research/moth.php
 +
* NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/
 +
* OWASP BWA http://code.google.com/p/owaspbwa/
 +
* OWASP Hackademic http://hackademic1.teilar.gr/
 +
* OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
 +
* OWASP Bricks http://sourceforge.net/projects/owaspbricks/
 +
* OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
 +
* PentesterLab https://pentesterlab.com/
 +
* PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
 +
* SecuriBench http://suif.stanford.edu/~livshits/securibench/
 +
* SentinelTestbed https://github.com/dobin/SentinelTestbed
 +
* SocketToMe http://digi.ninja/projects/sockettome.php
 +
* sqli-labs https://github.com/Audi-1/sqli-labs
 +
* MCIR (Magical Code Injection Rainbow) https://github.com/SpiderLabs/MCIR
 +
* sqlilabs https://github.com/himadriganguly/sqlilabs
 +
* VulnApp http://www.nth-dimension.org.uk/blog.php?id=88
 +
* PuzzleMall http://code.google.com/p/puzzlemall/
 +
* WackoPicko https://github.com/adamdoupe/WackoPicko
 +
* WAED http://www.waed.info
 +
* WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/
 +
* WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/
 +
* XVWA https://github.com/s4n7h0/xvwa
 +
* Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
  
 +
==Vulnerable OS==
  
 +
* 21LTR http://21ltr.com/scenes/
 +
* Damn Vulnerable Linux http://sourceforge.net/projects/virtualhacking/files/os/dvl/
 +
* exploit-exercises - nebula, protostar, fusion http://exploit-exercises.com/download
 +
* heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
 +
* http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
 +
* http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
 +
* http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
 +
* hackerdemia - http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
 +
* Holynix http://sourceforge.net/projects/holynix/files/
 +
* Kioptrix http://www.kioptrix.com/blog/
 +
* LAMPSecurity http://sourceforge.net/projects/lampsecurity/
 +
* Metasploitable http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
 +
* neutronstar http://neutronstar.org/goatselinux.html
 +
* PenTest Laboratory http://pentestlab.org/lab-in-a-box/
 +
* Pentester Lab https://www.pentesterlab.com/exercises
 +
* pWnOS http://www.pwnos.com/
 +
* RebootUser Vulnix http://www.rebootuser.com/?page_id=1041
 +
* SecGame # 1: Sauron http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
 +
* scriptjunkie.us http://www.scriptjunkie.us/2012/04/the-hacker-games/
 +
* UltimateLAMP http://www.amanhardikar.com/mindmaps/practice-links.html
 +
* TurnKey Linux http://www.turnkeylinux.org/
 +
* Bitnami https://bitnami.com/stacks
 +
* Elastic Server http://elasticserver.com
 +
* OS Boxes http://www.osboxes.org
 +
* VirtualBoxes http://virtualboxes.org/images/
 +
* VirtualBox Virtual Appliances https://virtualboximages.com/
 +
* CentOS http://www.centos.org/
 +
* Default Windows Clients https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
 +
* https://dev.windows.com/en-us/microsoft-edge/tools/vms/
 +
* Default Windows Server https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview
 +
* Default VMWare vSphere http://www.vmware.com/products/vsphere/
  
 
===Setup Pentest Lab===
 
===Setup Pentest Lab===
Line 32: Line 113:
 
* http://pen-testing-lab.blogspot.com/2011/12/setting-up-pen-test-lab-with-vulnerable.html
 
* http://pen-testing-lab.blogspot.com/2011/12/setting-up-pen-test-lab-with-vulnerable.html
 
* http://sourceforge.net/projects/virtualhacking/files/os/
 
* http://sourceforge.net/projects/virtualhacking/files/os/
 +
* https://pentestlab.blog/
  
 
===Metasploit===
 
===Metasploit===
Line 46: Line 128:
 
* https://www.vulnhub.com/entry/devrandom-relativity-v101,55/
 
* https://www.vulnhub.com/entry/devrandom-relativity-v101,55/
 
* http://www.slideshare.net/null0x00/how-to-setup-a-pen-test-lab-and-how-to-play-ctf
 
* http://www.slideshare.net/null0x00/how-to-setup-a-pen-test-lab-and-how-to-play-ctf
 +
* https://github.com/ctfs/resources
 +
* https://github.com/ctfs/resources/tree/master/topics
 +
* https://github.com/ctfs/resources/tree/master/tools
 +
* https://ctftime.org/
 +
* http://ctfwriteups.blogspot.com/2013/12/basic-tips-on-hacking-challenges-in.html
 +
* https://picoctf.com/
  
 
===VoIP===
 
===VoIP===
Line 78: Line 166:
 
* http://360percents.com/posts/wordlist-by-scraping/
 
* http://360percents.com/posts/wordlist-by-scraping/
 
* http://360percents.com/posts/wordlist-creator-script-2/
 
* http://360percents.com/posts/wordlist-creator-script-2/
 +
 +
===Pentest SQL===
 +
 +
* https://pentestlab.blog/2013/03/18/penetration-testing-sql-servers/
 +
 +
 +
==Pentest Android==
 +
 +
* [[andrax]]
 +
 +
 +
 +
==Report==
 +
 +
* [[Pentest: Membuat Laporan Hasil Penetration Test (Pentest)]]

Latest revision as of 12:34, 1 August 2020

Error creating thumbnail: File with dimensions greater than 12.5 MP

Referensi

Vulnerable Apps

Vulnerable OS

Setup Pentest Lab

Metasploit


Capture The Flag

VoIP


Attack pWnOS


Password Attack

Wordlist

Pentest SQL


Pentest Android


Report