HomepageStake NowLog in ->

Pentest to the server

Legal Notice: Never perform these actions without explicit authorization.

Cybersecurity Guide – Pentest

The goals of penetration testing are:

  1. To determine whether and how a malicious user can gain unauthorized access to assets that affect the fundamental security of the system, files, logs and/or cardholder data.

  2. To confirm that the applicable controls—such as scope, vulnerability management, methodology, and segmentation—are in place

See more at:

https://listings.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf

Methodology and Phases

Before the engagement or testing begins, it is recommended that all parties involved (the organization, the tester, and where applicable, the assessor) be informed of the types of testing (i.e., internal, external) to be performed, how testing will be performed, and what the testing will target. By coordinating these details first, issues where the scope is defined improperly or other issues arise that would require a retest might be avoided. This information may be gathered by conducting a pre-engagement call or during an on-site pre-engagement meeting.

Scoping

✅ Solana Testnet

✅ Solana Mainnet

Documentation

✅ Kali Linux VM

✅ Vul Scan, Greenbone, Nessus

✅ CVE Database: https://nvd.nist.gov/vuln

Success Criteria

✅ Direct observation of restricted services or data in the absence of expected access controls

✅ Compromise of an intermediary device used by privileged users to access

✅ No compromise of the target systems

The success criteria will be different for every environment and should be established during initial pre-engagement meeting prior to testing.

Reconnaissance, Scanning and Enumeration

✅ Run the full reconnaissance Bash Script:

This script performs a full reconnaissance of the server, please be patient and wait for the results.

We are not responsible for malicious use by malicious actors.

7KB
aut_pentest_solana_et1_v3.1.sh

Exploitation Post-Exploitation

✅ Auxiliary vulnerability analysis on detected ports. Data cross-referencing.

✅ Gather information on detected vulnerabilities. https://cve.mitre.org/.

✅ Study of PoC sugested

✅ Execution script bash

✅ Testing the selected exploit. PoC information

✅ Run the exploitation and post-exploitation script:

We are not responsible for malicious use by malicious actors.

6KB
aut_pentest_solana_et2_v3.2.sh

Reporting

Write a report with all the information collected above. This will help you conduct a more thorough investigation of your surroundings.

PreviousBastion Host SetupNextKey Security 101

Last updated

Was this helpful?