# Main Methodology - [1. Reconnaissance](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/1.-reconnaissance.md) - [Google Dorking](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/1.-reconnaissance/google-dorking.md) - [Metadata Reader/Writer](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/1.-reconnaissance/metadata-reader-writer.md) - [Steghide - Stegnography](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/1.-reconnaissance/steghide-stegnography.md) - [OSINT Framework](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/1.-reconnaissance/osint-framework.md) - [2. Enumeration/Scanning](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning.md) - [NFS Enumeration Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/nfs-enumeration-tools.md) - [NMAP - Port Scanning](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/nmap-port-scanning.md) - [Web Enumeration Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/web-enumeration-tools.md) - [SMB Enumeration Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/smb-enumeration-tools.md) - [SMTP Enumeration Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/smtp-enumeration-tools.md) - [Shodan - IOT Search Engine](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/shodan-iot-search-engine.md) - [FTP Enumeration Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/ftp-enumeration-tools.md) - [Wordpress Enumeration Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/wordpress-enumeration-tools.md) - [OWASP ZAP - WebApp Testing](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/owasp-zap-webapp-testing.md) - [BurpSuite - WebApp Testing](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/burpsuite-webapp-testing.md) - [MySQL Enumeration Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/mysql-enumeration-tools.md) - [Wordlists](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/2.-enumeration-scanning/wordlists.md) - [3. Gaining Access / Exploitation](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation.md) - [Buffer Overflow](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow.md): Stack based buffer overflow - [1. Immunity Debugger](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/1.-immunity-debugger.md) - [2. Mona Setup](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/2.-mona-setup.md) - [3. Spiking](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/3.-spiking.md) - [4. Fuzzing](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/4.-fuzzing.md) - [5. Crash Replication & Controlling EIP](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/5.-crash-replication-and-controlling-eip.md) - [6. Finding Bad Characters](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/6.-finding-bad-characters.md) - [7. Find a Jump Point](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/7.-find-a-jump-point.md) - [8. Generate Payload](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/8.-generate-payload.md) - [9. Prepend NOPs](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/9.-prepend-nops.md) - [10. Final Buffer](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/buffer-overflow/10.-final-buffer.md) - [Cryptography](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/cryptography.md) - [Hash Crack Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/cryptography/hash-crack-tools.md) - [Online Password Cracking Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/cryptography/online-password-cracking-tools.md) - [Encryption](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/cryptography/encryption.md) - [John the Ripper](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/cryptography/john-the-ripper.md) - [Evasion Techniques](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/evasion-techniques.md) - [Shells](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/shells.md) - [Powershell](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/shells/powershell.md) - [Msfvenom](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/shells/msfvenom.md) - [Meterpreter](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/shells/meterpreter.md) - [Metasploit -- multi/handler](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/shells/metasploit-multi-handler.md) - [Netcat](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/shells/netcat.md) - [Socat](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/shells/socat.md) - [Web Applications](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications.md) - [OWASP Top 10](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/owasp-top-10.md) - [File Upload Vulnerabilities](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/file-upload-vulnerabilities.md) - [Authentication Vulnerability](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/authentication-vulnerability.md) - [XML External Entity (XXE)](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/xml-external-entity-xxe.md) - [Cross-Site Scripting (XSS)](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/cross-site-scripting-xss.md) - [ZTH: Obscure Web Vulns](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/zth-obscure-web-vulns.md) - [Server Side Request Forgery (SSRF)](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/server-side-request-forgery-ssrf.md) - [Insecure Direct Object Reference (IDOR)](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/insecure-direct-object-reference-idor.md) - [ZTH : Continued](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/zth-continued.md) - [File Inclusion Vulnerability](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/file-inclusion-vulnerability.md) - [Local File Inclusion (LFI)](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/file-inclusion-vulnerability/local-file-inclusion-lfi.md) - [Log Poisoning Attack (LFI to RCE via Log files)](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/web-applications/file-inclusion-vulnerability/log-poisoning-attack-lfi-to-rce-via-log-files.md) - [Windows Applications](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications.md) - [Jenkins](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/jenkins.md) - [Windows Active Directory](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory.md) - [Impacket's secretsdump.py](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/impackets-secretsdump.py.md): Retrieve User Account's Synced Password Hashes - [Kerberos](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos.md) - [Enumerating Users with Kerbrute](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/enumerating-users-with-kerbrute.md) - [Enumerating SPN Accounts with Powershell](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/enumerating-spn-accounts-with-powershell.md) - [Get SPN Account Ticket with Invoke-Kerberoast](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/get-spn-account-ticket-with-invoke-kerberoast.md) - [Kerberoasting with Rubeus & Impacket](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/kerberoasting-with-rubeus-and-impacket.md) - [AS-REP Roasting with Rubeus/GetNPUsers.py](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/as-rep-roasting-with-rubeus-getnpusers.py.md) - [Pass the Ticket with mimikatz](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/pass-the-ticket-with-mimikatz.md) - [Golden/Silver Ticket Attacks with mimikatz](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/golden-silver-ticket-attacks-with-mimikatz.md) - [Kerberos Backdoors with mimikatz](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/kerberos-backdoors-with-mimikatz.md) - [Harvesting and Brute-Forcing with Rubeus](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/harvesting-and-brute-forcing-with-rubeus.md) - [Conclusion and Resources](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/3.-gaining-access-exploitation/windows-applications/windows-active-directory/kerberos/conclusion-and-resources.md) - [4. Post Exploitation](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation.md) - [Privilege Escalation](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation.md) - [Linux](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux.md) - [1. Introduction](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/1.-introduction.md) - [2. Scripts](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/2.-scripts.md) - [3. Kernel Exploits](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/3.-kernel-exploits.md) - [4. Service Exploits](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/4.-service-exploits.md) - [5. Weak File Permissions](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/5.-weak-file-permissions.md) - [6. Sudo](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/6.-sudo.md) - [7. Cron jobs](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/7.-cron-jobs.md) - [8. SUID/SGID Executable](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/8.-suid-sgid-executable.md) - [9. CAP\_SETUID Capabilities Executable](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/9.-cap_setuid-capabilities-executable.md) - [10. Passwords & Keys](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/10.-passwords-and-keys.md) - [11. NFS](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/11.-nfs.md) - [PrivEsc CTF Checklists](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/linux/privesc-ctf-checklists.md) - [Windows](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/windows.md) - [Token Impersonation](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/windows/token-impersonation.md) - [PrivEsc CTF Checklists](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/windows/privesc-ctf-checklists.md) - [Permission](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/windows/permission.md) - [Scripts](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/windows/scripts.md) - [Unquoted Service Path](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/privilege-escalation/windows/unquoted-service-path.md) - [Tools](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/tools.md) - [Meterpreter Modules](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/tools/meterpreter-modules.md) - [Impacket's Psexec](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/tools/impackets-psexec.md): MIcrosoft Remote Connect - [Impacket's mssqlclient.py](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/tools/impackets-mssqlclient.py.md) - [Firefox Decryptor](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/tools/firefox-decryptor.md) - [Socat - Reverse TCP Tunnel](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/tools/socat-reverse-tcp-tunnel.md) - [Windows Active Directory](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/windows-active-directory.md) - [Enumeration with Powerview](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/windows-active-directory/enumeration-with-powerview.md) - [Enumeration with Bloodhound (GUI)](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/windows-active-directory/enumeration-with-bloodhound-gui.md) - [Dumping Hashes with mimikatz](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/windows-active-directory/dumping-hashes-with-mimikatz.md) - [Golden Ticket Attacks with mimikatz](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/windows-active-directory/golden-ticket-attacks-with-mimikatz.md) - [Enumeration with Server Manager](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/windows-active-directory/enumeration-with-server-manager.md) - [Maintaining Access](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/windows-active-directory/maintaining-access.md) - [Additional Resources](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/4.-post-exploitation/windows-active-directory/additional-resources.md) - [5. Covering Tracks](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/5.-covering-tracks.md) - [6. Reporting](https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/6.-reporting.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.