References and Resources¶

Essential resources for penetration testing and service enumeration.

Vulnerability Databases¶

• Exploit Database - https://www.exploit-db.com/
• CVE Database - https://cve.mitre.org/
• NVD - https://nvd.nist.gov/

Testing Methodologies¶

• OWASP Testing Guide - https://owasp.org/www-project-web-security-testing-guide/
• PTES - Penetration Testing Execution Standard
• NIST SP 800-115 - Security Testing Guide

Documentation¶

• MySQL - https://dev.mysql.com/doc/
• Oracle - https://docs.oracle.com/database/
• Microsoft SQL - https://docs.microsoft.com/en-us/sql/

Default Credentials¶

Database Services¶

MySQL:    root / (blank), root / root
MSSQL:    sa / (blank), sa / sa  
Oracle:   sys / change_on_install, scott / tiger

Network Devices¶

SNMP:     public, private, community
Router:   admin / admin, cisco / cisco

Common Ports¶

21    FTP       25    SMTP      80    HTTP      139   NetBIOS
110   POP3      143   IMAP      161   SNMP      389   LDAP
443   HTTPS     445   SMB       993   IMAPS     995   POP3S
1433  MSSQL     1521  Oracle    2049  NFS       3306  MySQL
3389  RDP       5432  PostgreSQL

Training Resources¶

Online Platforms¶

• Hack The Box - https://www.hackthebox.eu/
• TryHackMe - https://tryhackme.com/
• VulnHub - https://www.vulnhub.com/

Certifications¶

• Entry: CompTIA Security+, PenTest+, CEH
• Advanced: OSCP, GPEN
• Expert: OSEE, GXPN

Legal Notice¶

Always ensure proper authorization before testing any systems. Unauthorized access is illegal and unethical.