_ _ _ _ _ _
| | | | | | | | | | | |
_ __ ___ _ __ | |_ ___ ___| |_ ______ ___| |__ ___ __ _| |_ ___| |__ ___ ___| |_
| '_ \ / _ \ '_ \| __/ _ \/ __| __|______/ __| '_ \ / _ \/ _` | __/ __| '_ \ / _ \/ _ \ __|
| |_) | __/ | | | || __/\__ \ |_ | (__| | | | __/ (_| | |_\__ \ | | | __/ __/ |_
| .__/ \___|_| |_|\__\___||___/\__| \___|_| |_|\___|\__,_|\__|___/_| |_|\___|\___|\__|
| |
|_|
pentest-cheatsheet is designed for Boot2Root or Penetration Test by kai6u.
The pentest-cheatsheet is an xmind-based Graphical CheatSheet created to serve as a reference when doing Boot2Root-style CTFs and Penetration Tests. The basic concept is to describe the procedure for each Windows/Linux OS by dividing the flow from Recon to Exploit to obtain the user flag and the Privilege Escalation procedure to obtain the root flag. In this way, the CheatSheet can be referred to according to the order of the Pentests, reducing the number of omissions to be checked.
Please note that the contents of the CheatSheet are only intended as a basis for creating your own CheatSheet, so please add to it as necessary. For example, Below contents is not included.
- Docker Breakout
- Cloud Exploit
- Active Directory
kai6u
2024-05-26
- Please change the string part enclosed by <> to the target's IP address, URL, host name or domain name, etc.
<Target> -> change to target ip address<Target URL> -> change to target URL<Target HostName> -> change to target hostname<Target Domain> -> change to target domain name- etc...