These are just some notes that may be useful for anyone creating any kind of report, after performing a penetration test,
Record for the duration of the test in high quality so that screenshots can be made from it later, but at a lower FPS so that it doesn’t bog down your machine.
Screenshot EVERYTHING.
Only format the text of the unmodified and modified exploit code nicely, and place into the report.
For each machine in the penetration test, make sure that you have the following:
AutoRecon Scan
- Show where to download AutoRecon
- What command was used to run it
- Show the AutoRecon scan’s entire directory output in a screenshot, so that you can show what ports / services were scanned
Scanning
- Name of scan that was interesting
- The scan’s command that was issued to get the information
- The URL to obtain the scanning software
- Screenshots of the scan’s output
- Highlight of what was interesting about the scan, that led you to the exploit
- Service enumeration version discovery
- Show searching for the exploit, via
searchsploit
orgoogle
.- Name of the exploit found
- Location of the exploit code
- Putting exploit code on local machine
- Transfer of the exploit to the victim’s computer
- ORIGINAL exploit code – formatted nicely
- MODIFIED exploit code – formatted nicely, highlighting in red any changes that were made
- Show any
msfvenom
commands that were used to generate the payload
Reverse Shell
- Where can the reverse shell can be found?
- If transferring file, make sure to show how / what was used to transfer the file
- Screenshot of the command that was used to catch the reverse shell,
nc -nlvp x
, and the resulting shell. - Show the
ifconfig / ipconfig
of the machine, and show that you have access to the key files.
- Screenshot of the command that was used to catch the reverse shell,
Privilege Escalation
- Show the transfer of the PrivEsc scripts to the victim’s computer.
- Make sure to show scan output in SCREENSHOTS, highlight what stood out to you, led to exploit
- Show commands or query that was used to search for exploit, in
searchsploit
and/orgoogle
.- ORIGINAL exploit code – formatted nicely
- MODIFIED exploit code – formatted nicely, highlighting in red any changes that were made
- Show any
msfvenom
commands that were used to generate the payload - Show the transfer of the exploit to the victim’s machine. Screenshots, and commands used.
- Show the
chmod x
on linux machines, or how you were able to run it on the Windows machine. - Show the screenshot and the command that was used to run the PrivEsc exploit.
- Show the
nc -nlvp x
and the reverse shell being caught. - When you have the admin account, show
ifconfig / ipconfig
, and that you have access to the key files.
Get in the mindset of a client. Can you copy/paste, and follow along in every step to reproduce what is needed to exploit these machines?
Screenshots, lots of screenshots.