# Infrastructure testing - [Enumeration](https://infra.newerasec.com/infrastructure-testing/enumeration.md) - [Packet Capture](https://infra.newerasec.com/infrastructure-testing/enumeration/packet-capture.md): Packet capture is a computer networking term for intercepting a data packet that is crossing or moving over a specific computer network. - [Host Discovery](https://infra.newerasec.com/infrastructure-testing/enumeration/host-disocvery.md) - [Services / Ports](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports.md): Specific services/ports enumeration - [21 - FTP](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/ftp.md): The File Transfer Protocol is a standard network protocol used for the transfer of computer files between a client and server on a computer network. - [22 - SSH](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/ssh.md): Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. applications include remote command-line, login, and remote command execution. - [25 - SMTP](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/smtp.md): The Simple Mail Transfer Protocol is a communication protocol for electronic mail transmission. - [53 - DNS](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/dns.md): The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. - [67 - DHCP](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/dhcp.md): The Dynamic Host Configuration Protocol is a network management protocol used on Internet Protocol networks whereby a DHCP server dynamically assigns an IP address. - [69 - TFTP](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/69-tftp.md): Trivial File Transfer Protocol is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. - [79 - Finger](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/finger.md): Finger is a program you can use to find information about computer users. - [88 - Kerberos](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/88-kerberos.md): Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure way. - [111 - RPC](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/rpc.md): Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer on a network without having to understand the network's details. - [113 - ident](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/ident.md): Internet protocol that helps identify the user of a particular TCP connection. One popular daemon program for providing the ident service is identd. - [135 - MSRPC](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/135-msrpc.md): Microsoft RPC is a modified version of DCE/RPC. - [137 - Netbios](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/netbios.md): NetBIOS is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local. - [139/445 - SMB](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/smb.md): The Microsoft Server Message Block protocol was often used with NetBIOS over TCP/IP (NBT) over UDP, using port numbers 137 and 138, and TCP port numbers 137 and 139. - [161 - SNMP](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/snmp.md): UDP 161 - Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices. - [177 - XDMCP](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/xdmcp.md) - [363 - LDAP](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/ldap.md): The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services. - [443 - HTTPS](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/443-https.md) - [500 - IKE (IPSEC)](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/ike.md): IKE is aprt of IPSec protocol, which is part of VPN's, it uses UDP port 500 - [512/513/514 - R Services](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/rservices.md): The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer. - [623 - IPMI](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/ipmi.md): Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently. - [873 - RSYNC](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/873-rsync.md): Rsync is a utility for transferring and synchronizing files between two servers (usually Linux). - [1099 - Java RMI](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/1099-java-rmi.md): Java Remote Method Invocation (Java RMI) is a Java API that performs remote method invocation, the object-oriented equivalent of remote procedure calls (RPC) - [1433 - Microsoft SQL](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/1433-microsoft-sql.md): Microsoft SQL Server is a relational database management system developed by Microsoft. - [1521 - Oracle DB](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/1521-oracle-db.md): Oracle Database is a multi-model database management system produced and marketed by Oracle Corporation. - [2049 - NFS](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/nfs.md): NFS security is partially based on the remote user mounting the filesystem having the same UID (User ID) and GID (Group ID) as the owner of that share. - [3306 - MySQL](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/3306-mysql.md): MySQL is a very popular open-source relational database management system. - [3389 - RDP](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/3389-rdp.md): Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. - [5432 - PostgresSQL](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/5432-postgressql.md): PostgreSQL is an open source database which can be found mostly in Linux operating systems. - [5900 - VNC](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/vnc.md): Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events - [5985 - WinRM](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/winrm.md): Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based. Usaully run on port 5985. - [6000 - X11](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/x11.md): The X Window System (X11, or simply X) is a windowing system for bitmap displays, common on Unix-like operating systems. X provides the basic framework for a GUI environment. - [6379 - Redis](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/redis.md): Redis is an in-memory data structure project implementing a distributed, in-memory key-value database with optional durability. Redis supports different kinds of abstract data structures, such as stri - [8080 - Jenkins](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/8080-jenkins.md) - [11211 - Memcached](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/memcached.md): Memcached is a general-purpose distributed memory-caching system. It is often used to speed up dynamic database-driven websites by caching data and objects in RAM to reduce the number of times an exte - [RDS](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/rds.md): RDS can be utilized to provide users with remote access to an entire desktop or just specific applications and programs required for their day-to-day work. RDS is server-based and allows for multiple - [SQLite](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/sqlite.md): SQLite is a relational database management system contained in a C library. In contrast to many other database management systems - [Docker](https://infra.newerasec.com/infrastructure-testing/enumeration/services-ports/docker.md) - [IPV6](https://infra.newerasec.com/infrastructure-testing/enumeration/ipv6.md) - [Scanning](https://infra.newerasec.com/infrastructure-testing/enumeration/ipv6/scanning.md): Find your IPv6 and find other hosts - [Enumeration](https://infra.newerasec.com/infrastructure-testing/enumeration/ipv6/enumeration.md): Credit to Roxana Kovaci (https://twitter.com/RoxanaKovaci) and her SteelCon IPv6 workshop - [Transfering files](https://infra.newerasec.com/infrastructure-testing/enumeration/ipv6/transfering-files.md): Credit to Roxana Kovaci (https://twitter.com/RoxanaKovaci) and her SteelCon IPv6 workshop - [Pivoting and routes](https://infra.newerasec.com/infrastructure-testing/enumeration/ipv6/pivoting-and-routes.md): Credit to Roxana Kovaci (https://twitter.com/RoxanaKovaci) and her SteelCon IPv6 workshop - [THC IPv6](https://infra.newerasec.com/infrastructure-testing/enumeration/ipv6/thc-ipv6.md): THC-IPV6-ATTACK-TOOLKIT (c) 2005-2020 vh@thc.org https://github.com/vanhauser-thc/thc-ipv6 - [Gaining Access](https://infra.newerasec.com/infrastructure-testing/gaining-access.md) - [IP Forwarding](https://infra.newerasec.com/infrastructure-testing/gaining-access/ip-forwarding.md) - [VLAN Information](https://infra.newerasec.com/infrastructure-testing/gaining-access/vlan-hopping.md) - [Psexec](https://infra.newerasec.com/infrastructure-testing/gaining-access/psexec.md): Execute a command-line process on a remote machine. - [Upgrading shell](https://infra.newerasec.com/infrastructure-testing/gaining-access/upgrading-shell.md): Have fully interactive shell - [Reverse Shells One-Liners](https://infra.newerasec.com/infrastructure-testing/gaining-access/reverse-shells-one-liners.md): Common reverse shells - [Bruteforce](https://infra.newerasec.com/infrastructure-testing/gaining-access/bruteforce.md): force your way through - [MITM cleartext protocols](https://infra.newerasec.com/infrastructure-testing/gaining-access/mitm-cleartext-protocols.md) - [Null session](https://infra.newerasec.com/infrastructure-testing/gaining-access/null-session.md): null session is an anonymous connection to an inter-process communication network service on Windows-based computers - [LLMNR / NBT NS Spoofing](https://infra.newerasec.com/infrastructure-testing/gaining-access/llmnr-nbt-ns-spoofing.md) - [Port knocking](https://infra.newerasec.com/infrastructure-testing/gaining-access/port-knocking.md): Port Knocking is a well-established method used by both defenders and adversaries to hide open ports from access. - [Downloading/Transfer files](https://infra.newerasec.com/infrastructure-testing/gaining-access/downloading-transfer-files.md): Download files to the victim machine - [Remote Desktop](https://infra.newerasec.com/infrastructure-testing/gaining-access/remote-desktop.md): How to use RDP (Remote desktop protocol) to gain access to a host, rdp runs on port 3389 by default in windows. - [NAC Bypass](https://infra.newerasec.com/infrastructure-testing/gaining-access/nac-bypass.md): Bypassing annoying network access controls - [Pass-The-Hash](https://infra.newerasec.com/infrastructure-testing/gaining-access/pass-the-hash.md): Pass the hash is a hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password. - [Exploitation](https://infra.newerasec.com/infrastructure-testing/exploitation.md) - [Solaris](https://infra.newerasec.com/infrastructure-testing/exploitation/solaris.md): Information gathering and exploitation - [IPv6](https://infra.newerasec.com/infrastructure-testing/exploitation/ipv6.md) - [Windows](https://infra.newerasec.com/infrastructure-testing/exploitation/windows.md) - [Compiling Code](https://infra.newerasec.com/infrastructure-testing/exploitation/windows/compiling-code.md): Compiling a C code for exploitation, such as adding users - [SMB Vulnerabilities](https://infra.newerasec.com/infrastructure-testing/exploitation/windows/smb-vulnaribilites.md): Common smb vulns - [Kerberos Attacks](https://infra.newerasec.com/infrastructure-testing/exploitation/windows/kerberos-attacks.md) - [Privilege Escalation](https://infra.newerasec.com/infrastructure-testing/privilege-esclation.md) - [Situational Awareness](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/situational-awareness.md): A common step in the life-cycle of a red team engagement is to gather as much information is possible for the compromised environments. - [Linux](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/situational-awareness/linux.md) - [Windows](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/situational-awareness/windows.md) - [Registry](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/situational-awareness/windows/registry.md) - [PowerView](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/situational-awareness/windows/powerview.md): PowerView is a PowerShell tool to gain network situational awareness on Windows domains. - [FSMO Roles](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/situational-awareness/windows/fsmo-roles.md): Flexible single master operation (FSMO) is a Microsoft Active Directory feature that is a specialized domain controller task used when standard data transfer and update methods are inadequate. - [Windows](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/windows.md): manual techniques for privilege escalation - [Disable Apps and Firewall](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/windows/disable-apps-and-firewall.md) - [Add user script](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/windows/add-user-script.md): If your able to run a executable to escalate privilege, you can use the following code to add a new user in the administratior group - [UAC Bypass](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/windows/uac-bypass.md): Windows User Account Control (UAC) allows a program to elevate its privileges to perform a task under administrator-level permissions by prompting the user for confirmation. - [icacls](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/windows/icacls.md): icacls is a command-line utility that can be used to modify NTFS file system permissions in Windows. - [Running services](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/windows/running-services.md) - [Common Exploits](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/windows/common-exploits.md) - [Linux](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/linux.md): Manual privilege escalation techniques to look for - [SUID Shell script](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/linux/suid-shell-script.md): If your able to run a executable to escalate privilege, you can use the following code to gain root privileges: - [CVE-2019-14287](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/linux/cve-2019-14287.md) - [Kernel exploit](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/linux/kernel-exploit.md) - [Solaris](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/solaris.md) - [FreeBSD](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/freebsd.md) - [Automated tools](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/automated-tools.md): Tools which will make your life easier in a search for privilege escalation paths - [Metasploit Modules](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/metasploit-modules.md): useful metasploit modules for privilege escalation - [Password Dumping](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/password-dumping.md): process of obtaining account login and password information, normally in the form of a hash or a clear text password. - [Breakout](https://infra.newerasec.com/infrastructure-testing/breakout.md): Gained access to a lockdown host and need to find way to escape the restrict shell? - [LOLBas](https://infra.newerasec.com/infrastructure-testing/breakout/lolbas.md): Living Off The Land Binaries And Scripts - [powershell constrained language byass](https://infra.newerasec.com/infrastructure-testing/breakout/powershell-constrained-language-byass.md): methods to bypass powershell constrained language mode - [Alternatives to command prompt](https://infra.newerasec.com/infrastructure-testing/breakout/alternatives-to-command-prompt.md): Different options to cmd and powershell - [Windows utilities](https://infra.newerasec.com/infrastructure-testing/breakout/windows-utilities.md): Windows utilities that can be used to bypass restrictions - [Applocker](https://infra.newerasec.com/infrastructure-testing/breakout/applocker.md): advances the app control features and functionality of Software Restriction Policies. - [Restricted shells](https://infra.newerasec.com/infrastructure-testing/breakout/restricted-shells.md): Bypass restricted shells - [Environmental Variables / Bypassing Path Restrictions](https://infra.newerasec.com/infrastructure-testing/breakout/environmental-variables-bypassing-path-restrictions.md) - [Docker escape](https://infra.newerasec.com/infrastructure-testing/breakout/docker-escape.md) - [Just Enough Administration (JEA)](https://infra.newerasec.com/infrastructure-testing/breakout/just-enough-administration-jea.md): Just Enough Administration, or JEA. It allows administrators to limit the commands that specific users can run - [Presistance](https://infra.newerasec.com/infrastructure-testing/presistance.md): Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access - [Windows](https://infra.newerasec.com/infrastructure-testing/presistance/windows.md) - [Pivoting](https://infra.newerasec.com/infrastructure-testing/pivoting.md): Pivoting is a set of techniques used during red team/pentest engagements which make use of attacker-controlled hosts as logical network hops with the aim of amplifying network visibility. - [Adding routes](https://infra.newerasec.com/infrastructure-testing/pivoting/adding-routes.md) - [Password Cracking](https://infra.newerasec.com/infrastructure-testing/password-cracking.md) - [Hashcat](https://infra.newerasec.com/infrastructure-testing/password-cracking/hashcat.md): Advanced password recovery - [John](https://infra.newerasec.com/infrastructure-testing/password-cracking/john.md): John (aka John the Ripper) is a fast password cracker, currently available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS - [Cisco Passwords](https://infra.newerasec.com/infrastructure-testing/password-cracking/cisco-passwords.md): Breaking different types of cisco passwords which can be obtained from the configuration file - [Passwords Lists](https://infra.newerasec.com/infrastructure-testing/password-cracking/passwords-lists.md): Common passwords lists - [Generating wordlist](https://infra.newerasec.com/infrastructure-testing/password-cracking/generating-wordlist.md) - [Tools](https://infra.newerasec.com/infrastructure-testing/tools.md) - [Nishang](https://infra.newerasec.com/infrastructure-testing/tools/nishang.md): Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of pene - [UACME](https://infra.newerasec.com/infrastructure-testing/tools/uacme.md): Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. - [Bypass-UAC](https://infra.newerasec.com/infrastructure-testing/tools/bypass-uac.md): Bypass-UAC provides a framework to perform UAC bypasses based on auto elevating IFileOperation COM object method calls. - [MSBuildAPICaller](https://infra.newerasec.com/infrastructure-testing/tools/msbuildapicaller.md): MSBuild Without MSBuild.exe - [Impacket](https://infra.newerasec.com/infrastructure-testing/tools/impacket.md) - [SharpPersist](https://infra.newerasec.com/infrastructure-testing/tools/sharppersist.md): Windows persistence toolkit written in C# - [Terminals](https://infra.newerasec.com/infrastructure-testing/tools/terminals.md): Different type of terminals and shells - [IP Calculation](https://infra.newerasec.com/infrastructure-testing/tools/ip-calculation.md): Useful tools to calculate subnets and ranges - [pwsh](https://infra.newerasec.com/infrastructure-testing/tools/pwsh.md): powershell on kali ( = Linux) - [psTools / Sysinternals](https://infra.newerasec.com/infrastructure-testing/tools/pstools-sysinternals.md): PsTools is a suite of tools developed by Sysinternals (now Microsoft). They're a great complement to any pen test, and many of my Nmap scripts are loosely based on them. - [Unlock applocker](https://infra.newerasec.com/infrastructure-testing/tools/unlock-applocker.md): Microsoft Applocker evasion tool - [enum4linux](https://infra.newerasec.com/infrastructure-testing/tools/enum4linux.md) - [Bloodhound](https://infra.newerasec.com/infrastructure-testing/tools/bloodhound.md) - [aclpwn](https://infra.newerasec.com/infrastructure-testing/tools/bloodhound/aclpwn.md): Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. - [mitm6](https://infra.newerasec.com/infrastructure-testing/tools/mitm6.md) - [Enyx](https://infra.newerasec.com/infrastructure-testing/tools/enyx.md): Enyx SNMP IPv6 Enumeration Tool - [nfsshell](https://infra.newerasec.com/infrastructure-testing/tools/nfsshell.md): Userspace NFS client shell - [PowerUpSQL](https://infra.newerasec.com/infrastructure-testing/tools/powerupsql.md) - [Metasploit](https://infra.newerasec.com/infrastructure-testing/tools/metasploit.md) - [msfvenom](https://infra.newerasec.com/infrastructure-testing/tools/metasploit/msfvenom.md): MsfVenom is a Metasploit standalone payload generator as a replacement for msfpayload and msfencode. - [Others](https://infra.newerasec.com/infrastructure-testing/others.md): other miscellaneous --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://infra.newerasec.com/infrastructure-testing.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.