From Zero to Hero
Thead Owner : QueenStrike,
Category : General Hacking,
2 Comment,
830 Read
Viewers:
1 Guest(s)
05-20-2021, 12:46 AM
Hacking or Pentesting I have seen many people wanting to learn or even advance their own skillsetsI always suggest hands on learning as you will learn much more so Networking a simple tutorial can get you started (eg https://www.tutorialspoint.com/data_comm.../index.htm ) . From here you want that hands on check out GSN3 it is a free and open source network simulator.
https://www.gns3.com/
Operating systems which you will need to learn will be Linux/Windows 7-10 and lastly Windows Server 2008-2016. Learn how to work with the least amount of gui as possible for example Windows Server you have a management console it's gui I can tell you that there is nothing there which you cannot do in PowerShell so learn using a cli (command line interface) this also extends to Linux where you use BASH/ZSH for the majority of your learning. Consider using VM's for all this learning Microsoft has Windows 7-10 and Windows Server VMs which are an invaluable tool to learn.
Programming is kind of dependent on what kind of hacking you are interested in, for example WebApp hacking you will be learning PHP/SQL/JavaScript and HTML also remember it may differ depending on what the particular webapp is written in. Python seems to be good all around it can be used to whip up scripts to interact or exploit what you have discovered. If you are looking at network hacking then you will be interacting with the OS much more so C/CPP/GoLang/Powershell/BASH/Python will be more up your ally let us not forget that PowerShell interprets Javascript. Now further identifying your niche for example exploit development you will want to include assembly in this. I guess you can hack with out being a programmer but at that point you are at the mercy of whatever tools and some concepts may not make sense.
Lastly hacking basically here you are getting caught up with the how it's done, if you know the networking and OS sections well then you can do things which tooling may not provide. Let me give an example hacking one machine isn't the entire idea actually being able to use that machine to launch further attacks within the network and become a shadow admin is more along the lines of what I think of when I am working. So if a tool is not able to provide you with a pivot to attack other resources in the network you can manually pivot, setup routes to route your traffic to the internal network of a target.
I will suggest a few books personally I like to see people who are rather well rounded although there are some really niche hacking subjects which one can entirely specialize in.
Penetration Testing: A Hands on introduction to hacking Web Application Hackers hand Book
The most important thing is to be able to learn on your own and being motivated to learn, it's easy enough to want to do something for a day or a week but realistically to be competent not just rely on luck where every exploit is thrown at a system and not understanding why they fail or even if they should work is probably 3 months of 12 hour days.
Linux/Unix
https://www.tutorialspoint.com/unix/unix...ration.htm
https://www.tutorialspoint.com/unix/shell_scripting.htm
Windows
https://www.tutorialspoint.com/windows_s.../index.htm
https://www.tutorialspoint.com/powershel...ipting.htm
Consider joining MicroSoft Virtual Academy and FreeCodeCamp as well but these should give you the absolute basics of the foundations of hacking. Once again MicroSoft offers free VMs
Windows
https://developer.microsoft.com/en-us/mi...tools/vms/ (7-10)
https://www.microsoft.com/en-us/evalcent...ows-server (Server)
Linux you can create VM's from ISO's I suggest using VMware it's more friendly but if you need free VirtualBox can't be beat and you will learn more because from experience installing guest additions is generally done manually (you just run a script). Another thing I will say it read source code before you run something someone gives you like a script or program read the code even now 20+ years later I rarely just run a binary usually I check out the source then compile on my machine.
WebApp https://portswigger.net/web-security
Exploit Development https://github.com/wtsxDev/Exploit-Development
Vulnerable Machines https://www.vulnhub.com/
https://www.gns3.com/
Operating systems which you will need to learn will be Linux/Windows 7-10 and lastly Windows Server 2008-2016. Learn how to work with the least amount of gui as possible for example Windows Server you have a management console it's gui I can tell you that there is nothing there which you cannot do in PowerShell so learn using a cli (command line interface) this also extends to Linux where you use BASH/ZSH for the majority of your learning. Consider using VM's for all this learning Microsoft has Windows 7-10 and Windows Server VMs which are an invaluable tool to learn.
Programming is kind of dependent on what kind of hacking you are interested in, for example WebApp hacking you will be learning PHP/SQL/JavaScript and HTML also remember it may differ depending on what the particular webapp is written in. Python seems to be good all around it can be used to whip up scripts to interact or exploit what you have discovered. If you are looking at network hacking then you will be interacting with the OS much more so C/CPP/GoLang/Powershell/BASH/Python will be more up your ally let us not forget that PowerShell interprets Javascript. Now further identifying your niche for example exploit development you will want to include assembly in this. I guess you can hack with out being a programmer but at that point you are at the mercy of whatever tools and some concepts may not make sense.
Lastly hacking basically here you are getting caught up with the how it's done, if you know the networking and OS sections well then you can do things which tooling may not provide. Let me give an example hacking one machine isn't the entire idea actually being able to use that machine to launch further attacks within the network and become a shadow admin is more along the lines of what I think of when I am working. So if a tool is not able to provide you with a pivot to attack other resources in the network you can manually pivot, setup routes to route your traffic to the internal network of a target.
I will suggest a few books personally I like to see people who are rather well rounded although there are some really niche hacking subjects which one can entirely specialize in.
Penetration Testing: A Hands on introduction to hacking Web Application Hackers hand Book
The most important thing is to be able to learn on your own and being motivated to learn, it's easy enough to want to do something for a day or a week but realistically to be competent not just rely on luck where every exploit is thrown at a system and not understanding why they fail or even if they should work is probably 3 months of 12 hour days.
Linux/Unix
https://www.tutorialspoint.com/unix/unix...ration.htm
https://www.tutorialspoint.com/unix/shell_scripting.htm
Windows
https://www.tutorialspoint.com/windows_s.../index.htm
https://www.tutorialspoint.com/powershel...ipting.htm
Consider joining MicroSoft Virtual Academy and FreeCodeCamp as well but these should give you the absolute basics of the foundations of hacking. Once again MicroSoft offers free VMs
Windows
https://developer.microsoft.com/en-us/mi...tools/vms/ (7-10)
https://www.microsoft.com/en-us/evalcent...ows-server (Server)
Linux you can create VM's from ISO's I suggest using VMware it's more friendly but if you need free VirtualBox can't be beat and you will learn more because from experience installing guest additions is generally done manually (you just run a script). Another thing I will say it read source code before you run something someone gives you like a script or program read the code even now 20+ years later I rarely just run a binary usually I check out the source then compile on my machine.
WebApp https://portswigger.net/web-security
Exploit Development https://github.com/wtsxDev/Exploit-Development
Vulnerable Machines https://www.vulnhub.com/
05-20-2021, 04:39 AM
There will be more to come I plan on doing one on lateral movement in a network with active directory.