HTB CPTS: Study session (Note taking apps, Webserver tools, Shells)

Some good note taking options

• Notepad++

• GitBook (has fetures to host a page or make wiki page)

• Cherrytree

• Evernote

• Sublime Text

• Notion

• Visual Studio Code

It is important to make sure that any client data is only stored locally and not synced to the cloud if using one of these tools on real-world assessments.

Every infosec professional should maintain a knowledge base.

Start early with documentation.

• Usage of a VPN service does not guarantee anonymity or privacy but is useful for bypassing certain network/firewall restrictions or when connected to a possible hostile network

Services

• There are some really useful NMAP scripts for use. They are located at:

  •     /usr/share/nmap/scripts/
    

    Syntax for using NMAP scripts is:

  • nmap --script <script name> -p<port> <host>

• A good tool for bruteforcing community string names is onesixtyone.

Web Services

• To find hidden files or directories on the webserver that are not intended for public access we can use these tools:

  • ffuf

  • GoBuster

  • whatweb

  • curl - it is also important to be familiar with curl usage methods

• It is important to get familiar with HTTP status codes. We can find them here

Shells

• Reverse Shell is the most common type of shell.

• Web shell is typically a web script like PHP or ASPX that accepts our command through HTTP request.

• A great benefit of a web shell is that it would bypass any firewall restriction in place, as it will not open a new connection on a port but run on the web port on 80 or 443, or whatever port the web application is using.

• Another great benefit is that if the compromised host is rebooted, the web shell would still be in place, and we can access it and get command execution without exploiting the remote host again.