Pentesterlab Bootcamp

EVERYTHING YOU NEED TO GET STARTED IN INFOSEC

Linux and Scripting!

Try to: Install Linux: Retrieve a virtualisation system (VirtualBox, VM player) and install Linux. Use a traditional distribution like Ubuntu not a security related one.

Learn the basics of a scripting language: Pick between Ruby (Try Ruby), Python (Online) or Perl and learn its syntax and data types. You will need it to keep going.

READING LIST

Hypertext Transfer Protocol

Domain Name System

Scoping a Pentest

READING LIST

Secure Sockets Layer

Keeping notes during a pentest

HTTP

Try to: Install Apache inside your vm, change the home page of the hosted site using vim. Access this page in your browser (on the host).

Change your host file to access the Linux system under the following names: vulnerable.

Write an HTTP client to retrieve the home page of your site using an http library (for example net/http in ruby).

Write an HTTP client to retrieve the home page of your site using a socket.

Download Burp Suite (free version) and visit a website and see what requests are sent and what responses are received.

>LEARN MORE

PHP and DNS

Try to:Install PHP in your virtual machine (using your previous Apache installation), write a script that echoes back a parameter in the URL. For example, accessing http://vulnerable/hello.php?name=Louis will return "Hello Louis".

Install Mysql and create a script that retrieves information from it, like article.php?id=1 returns a book and article.php?id=2 returns a computer.

Create a page that sends data to itself using a POST request.

Install the command line tool dig in your vm.

Find what name servers are used by PentesterLab, find what Mail servers are used by pentesterlab and find the Ip address of www.pentesterlab.com

Obtain information about pentesterlab.com using the whois tool.

READING LIST

Learn about virtual hosting

and how to setup vhosts with Apache

READING LIST

Remote File Inclusion

SSL/TLS

Try to: Enable HTTPs on your web server

Make sure you disabled all the weak ciphers.

Write a SSL client using an HTTP library.

Write a SSL client using a socket.

Access your SSL server with your previous HTTP script and socat to do the connection socket<->ssl-socket.

SQL injection & Local File Include

Try to: Follow "From SQL injection to Shell": read the course and test on the ISO

Follow "PHP Include And Post Exploitation": read the course and test on the ISO

READING LIST

READING LIST

Antisec Movement

Request for Comments

More SQL Injections

Try to: Fully script From SQL injection to Shell (use Burp to help you debugging)

Do From SQL injection to shell: PostgreSQL edition without reading the course

Check if the code you wrote during Week 3 is vulnerable to SQL injection and XSS

FTP and Traffic analysis

Try to: Install and use Wireshark: inspect the traffic sent by your HTTP client (use "Follow TCP stream) and HTTPs client (check the SSL handshake)

Install a FTP server on your system.

Write a FTP client using a socket

READING LIST

Phrack: Happy Hacking

Phrack profile on FX

READING LIST

Internet Control Message Protocol

Cryptographic hash function

Linux Review and Code Execution

Try to: Follow Introduction to Linux Host Review (read the course and test on the ISO)

Follow CVE-2012-1823: PHP CGI (read the course and test on the ISO)

HTTP Server and Firewall

Try to: Follow "From SQL injection to Shell": read the course and test on the ISO

Follow "PHP Include And Post Exploitation": read the course and test on the ISO

READING LIST

C (programming language)

READING LIST

Nmap and crypto attacks

Try to: Use Nmap to find the open ports on your VM.

Use Nmap to find the open ports on your VM while blocking ICMP using iptables.

Use iptables to close one of the open ports, check that it works using Nmap.

Find a local security meetup (Ruxmon, 2600...) and go there.

Follow CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability (read the course and test on the ISO)

Wifi

Try to: Setup a Wifi network using WEP and crack the key

Follow Rack Cookies and Commands Injection (Read the course and test on the ISO)

READING LIST

Environment Variables

Network Time Protocol

READING LIST

Memory management

Stack protection

Linux Exploitation

Try to: Download and solve the levels 00 to 04 of Nebula (mirror) from exploit.education

SSL Pinning and Linux Exploitation

Try to: Download and solve the levels 10 to 14 of Nebula (mirror) from exploit.education

Follow From SQL injection to SHELL II

READING LIST

Public key pinning

Your app shouldn't suffer SSL's problems

READING LIST

Web For Pentester

Web For Pentester

Try to: Download and solve the levels 05 to 09 of Nebula (mirror) from exploit.education

Use Nmap to find the open ports on your VM while blocking ICMP using iptables.

Do the exercises from Web For Pentester

Web For Pentester II

Try to: Download and solve the levels 15 to 19 of Nebula (mirror) from exploit.education

Follow the exercises from Web For Pentester II

READING LIST

Web For Pentester II

READING LIST

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

Hacking: The Art of Exploitation, 2nd Edition

The Tangled Web: A Guide to Securing Modern Web Applications

Technical Books

A list of technical books we find useful in helping you level up. Think there is one we are missing? Send us a email: support@pentesterlab.com

Non-Technical books

A list of non-technical books we think you'll find enjoyable when your not hacking.

READING LIST

Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell

The Pleasure of Finding Things Out: The Best Short Works of Richard P. Feynman (Helix Books)