Difference between revisions of "Pentest"

Referensi

• https://pentester.land/tutorials
• http://www.computersecuritystudent.com/
• http://pentestlab.wordpress.com/
• http://minhnhatssc.blogspot.com/
• http://www.amanhardikar.com/mindmaps/Practice.html
• https://www.amanhardikar.com/mindmaps/Practice.html
• https://www.vulnhub.com/

Vulnerable Apps

• https://information.rapid7.com/download-metasploitable-2017.html
• https://www.vulnhub.com/
• http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/
• http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/
• https://www.vulnhub.com/#
• http://www.dvwa.co.uk/
• http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/
• http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/2/
• http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/3/
• http://www.felipemartins.info/2013/08/pentest-lab-making-a-vulnerable-windows-xp/4/
• http://damnvulnerableiosapp.com
• BadStore http://www.badstore.net/
• BodgeIt Store http://code.google.com/p/bodgeit/
• Butterfly Security Project http://thebutterflytmp.sourceforge.net/
• bWAPP http://www.mmeit.be/bwapp/
• http://sourceforge.net/projects/bwapp/files/bee-box/
• Commix https://github.com/stasinopoulos/commix-testbed
• CryptOMG https://github.com/SpiderLabs/CryptOMG
• Damn Vulnerable Node Application (DVNA) https://github.com/quantumfoam/DVNA/
• Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/
• Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/
• Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
• Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
• Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
• Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
• Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
• Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
• Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
• GameOver http://sourceforge.net/projects/null-gameover/
• hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
• Hackazon https://github.com/rapid7/hackazon
• LAMPSecurity http://sourceforge.net/projects/lampsecurity/
• Moth http://www.bonsai-sec.com/en/research/moth.php
• NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/
• OWASP BWA http://code.google.com/p/owaspbwa/
• OWASP Hackademic http://hackademic1.teilar.gr/
• OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
• OWASP Bricks http://sourceforge.net/projects/owaspbricks/
• OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
• PentesterLab https://pentesterlab.com/
• PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
• SecuriBench http://suif.stanford.edu/~livshits/securibench/
• SentinelTestbed https://github.com/dobin/SentinelTestbed
• SocketToMe http://digi.ninja/projects/sockettome.php
• sqli-labs https://github.com/Audi-1/sqli-labs
• MCIR (Magical Code Injection Rainbow) https://github.com/SpiderLabs/MCIR
• sqlilabs https://github.com/himadriganguly/sqlilabs
• VulnApp http://www.nth-dimension.org.uk/blog.php?id=88
• PuzzleMall http://code.google.com/p/puzzlemall/
• WackoPicko https://github.com/adamdoupe/WackoPicko
• WAED http://www.waed.info
• WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/
• WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/
• XVWA https://github.com/s4n7h0/xvwa
• Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip

Vulnerable OS

• 21LTR http://21ltr.com/scenes/
• Damn Vulnerable Linux http://sourceforge.net/projects/virtualhacking/files/os/dvl/
• exploit-exercises - nebula, protostar, fusion http://exploit-exercises.com/download
• heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
• http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
• http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
• http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
• hackerdemia - http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
• Holynix http://sourceforge.net/projects/holynix/files/
• Kioptrix http://www.kioptrix.com/blog/
• LAMPSecurity http://sourceforge.net/projects/lampsecurity/
• Metasploitable http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
• neutronstar http://neutronstar.org/goatselinux.html
• PenTest Laboratory http://pentestlab.org/lab-in-a-box/
• Pentester Lab https://www.pentesterlab.com/exercises
• pWnOS http://www.pwnos.com/
• RebootUser Vulnix http://www.rebootuser.com/?page_id=1041
• SecGame # 1: Sauron http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
• scriptjunkie.us http://www.scriptjunkie.us/2012/04/the-hacker-games/
• UltimateLAMP http://www.amanhardikar.com/mindmaps/practice-links.html
• TurnKey Linux http://www.turnkeylinux.org/
• Bitnami https://bitnami.com/stacks
• Elastic Server http://elasticserver.com
• OS Boxes http://www.osboxes.org
• VirtualBoxes http://virtualboxes.org/images/
• VirtualBox Virtual Appliances https://virtualboximages.com/
• CentOS http://www.centos.org/
• Default Windows Clients https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
• https://dev.windows.com/en-us/microsoft-edge/tools/vms/
• Default Windows Server https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview
• Default VMWare vSphere http://www.vmware.com/products/vsphere/

Setup Pentest Lab

• https://community.rapid7.com/docs/DOC-2196
• https://www.vulnhub.com/entry/ultimatelamp_02,36/
• http://blog.netinfiltration.com/2013/12/03/setting-up-a-pentest-lab-for-beginners/
• http://resources.infosecinstitute.com/hacking-lab/
• http://securityxploded.com/setup-your-pentest-hacker-network.php
• http://kanishkashowto.com/2013/09/05/how-to-create-free-pentest-lab-using-virtualbox/
• http://pen-testing-lab.blogspot.com/2011/12/setting-up-pen-test-lab-with-vulnerable.html
• http://sourceforge.net/projects/virtualhacking/files/os/
• https://pentestlab.blog/

Metasploit

• http://www.metasploit.com/help/test-lab.jsp
• https://community.rapid7.com/docs/DOC-2227
• http://kanishkashowto.com/2013/09/05/how-to-install-metasploitable-in-virtualbox/
• http://sourceforge.net/projects/metasploitable/files/Metasploitable2/README.txt/download
• http://minhnhatssc.blogspot.com/2013/11/metasploit-ms08-067-establishing-shell.html

Capture The Flag

• https://www.vulnhub.com/entry/devrandom-relativity-v101,55/
• http://www.slideshare.net/null0x00/how-to-setup-a-pen-test-lab-and-how-to-play-ctf
• https://github.com/ctfs/resources
• https://github.com/ctfs/resources/tree/master/topics
• https://github.com/ctfs/resources/tree/master/tools
• https://ctftime.org/
• http://ctfwriteups.blogspot.com/2013/12/basic-tips-on-hacking-challenges-in.html
• https://picoctf.com/

VoIP

• http://pentestlab.wordpress.com/category/voip/
• http://pentestlab.wordpress.com/2014/07/14/caller-id-spoofing/

Attack pWnOS

• http://www.backtrack-linux.org/forums/showthread.php?t=2748

Password Attack

• hydra

Wordlist

• https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
• http://hashcat.net/forum/thread-1236.html
• http://wordlist.aspell.net/
• http://cyberwarzone.com/cyberwarfare/password-cracking-mega-collection-password-cracking-word-lists
• http://hashcrack.blogspot.de/p/wordlist-downloads_29.html
• http://www.skullsecurity.org/wiki/index.php/Passwords
• http://packetstormsecurity.org/Crackers/wordlists/
• http://www.isdpodcast.com/resources/62k-common-passwords
• http://g0tmi1k.blogspot.com/2011/06/dictionaries-wordlists.html
• http://www.md5this.com/tools/wordlists.html
• http://www.md5decrypter.co.uk/downloads.aspx
• http://360percents.com/wordlist/
• http://360percents.com/posts/wordlist-by-scraping/
• http://360percents.com/posts/wordlist-creator-script-2/

Pentest SQL

• https://pentestlab.blog/2013/03/18/penetration-testing-sql-servers/

Pentest Android

• andrax

Report

• Pentest: Membuat Laporan Hasil Penetration Test (Pentest)