Autor: [Israel
Nada](https://twitter.com/perito_inf/status/1178741955561492481)l
A través de su cuenta de Twitter, publico un hilo donde explicaba de
forma sencilla y concreta, su metodología para realizar un Pentesting.
Guía para realizar un Pentesting de Israel Nadal
ESCANEO DE LA RED
<span
style=“background-color: #f5f8fa; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>nmap
-sn 10.11.1.* nmap -sL 10.11.1.* nbtscan -r 10.11.1.0/24 smbtree
netdiscover
<span
style=“background-color: #f5f8fa; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>
ESCANEO AL HOST
<span
style=“background-color: #f5f8fa; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>nmap
–top-ports 20 –open -iL iplist.txt nmap -sS -A -sV -O -p- ipaddress
nmap -sU ipaddress
ESCANEO DE LOS SERVICIOS
<span
style=“background-color: #f5f8fa; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>**SERVICIOS
WEB**Nikto dirb dirbuster wpscan otdotpwn view source davtest\cadevar
droopscan joomscan LFI\RFI Test S.O. LINUX/WINDOWSsnmpwalk -c
public -v1 ipaddress 1 smbclient -L //ipaddress showmount -e ipaddress
port rpcinfo Enum4Linux
<span
style=“background-color: #f5f8fa; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>
<span
style=“background-color: white; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>OTROSnmap
scripts (locate *nse* | grep servicename) MSF Aux Modules
POST EXPLOTACIÓN
<span
class=“css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0”
style=“border: 0px solid black; box-sizing: border-box; color: inherit; display: inline; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: 1.3125; margin: 0px; min-width: 0px; overflow-wrap: break-word; padding: 0px; white-space: inherit;“><span
class=“underline”>LINUXlinux-local-enum.sh<span
class=“css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0”
style=“border: 0px solid black; box-sizing: border-box; color: inherit; display: inline; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: 1.3125; margin: 0px; min-width: 0px; overflow-wrap: break-word; padding: 0px; white-space: inherit;“>inuxprivchecker.py<span
class=“css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0”
style=“border: 0px solid black; box-sizing: border-box; color: inherit; display: inline; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: 1.3125; margin: 0px; min-width: 0px; overflow-wrap: break-word; padding: 0px; white-space: inherit;“>linux-exploit-suggestor.sh<span
class=“css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0”
style=“border: 0px solid black; box-sizing: border-box; color: inherit; display: inline; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: 1.3125; margin: 0px; min-width: 0px; overflow-wrap: break-word; padding: 0px; white-space: inherit;“>unix-privesc-check.py<span
class=“css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0”
style=“border: 0px solid black; box-sizing: border-box; color: inherit; display: inline; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: 1.3125; margin: 0px; min-width: 0px; overflow-wrap: break-word; padding: 0px; white-space: inherit;“>
<span
class=“css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0”
style=“border: 0px solid black; box-sizing: border-box; color: inherit; display: inline; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: 1.3125; margin: 0px; min-width: 0px; overflow-wrap: break-word; padding: 0px; white-space: inherit;“><span
class=“underline”>WINDOWS<span
class=“css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0”
style=“border: 0px solid black; box-sizing: border-box; color: inherit; display: inline; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: 1.3125; margin: 0px; min-width: 0px; overflow-wrap: break-word; padding: 0px; white-space: inherit;“>wpc.exe
windows-exploit-suggestor.py<span
class=“css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0”
style=“border: 0px solid black; box-sizing: border-box; color: inherit; display: inline; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: 1.3125; margin: 0px; min-width: 0px; overflow-wrap: break-word; padding: 0px; white-space: inherit;“>windows_privesc_check.py
windows-privesc-check2.exe
ESCALADA DE PRIVILEGIOS
<span
style=“background-color: #f5f8fa; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>Acceso
a servicios internos (portfwd) Añadir una cuenta WINDOWS Lista de
exploits LINUX Sudo su KernelDB Searchsploit
<span
style=“background-color: #f5f8fa; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>
FINALIZACIÓN
<span
style=“background-color: white; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>Capturas
de pantalla IPConfig\WhoamI Dump hashes Dump SSH Keys Borrado de
archivos Documentación final.
<span
style=“background-color: white; color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", sans-serif; font-size: 15px; white-space: pre-wrap;“>
<span
style=“color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, sans-serif;“><span
style=“background-color: white; font-size: 15px; white-space: pre-wrap;“>Me
he tomado la liberta de “compartir” esta pequeña guian en el Blog para
que no caiga en el olvido del timeline de Twitter.
<span
style=“color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, sans-serif;“><span
style=“background-color: white; font-size: 15px; white-space: pre-wrap;“>
<span
style=“color: #14171a; font-family: system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, sans-serif;“><span
style=“background-color: white; font-size: 15px; white-space: pre-wrap;“>Gracias
Israel por
compartir