Resources! Resources! Resources!

This is going to be an initial, high-level overview, list of resources that I found to be immensely helpful from the start. This is not an all-encompassing list as that would take me a few hours to compile, if not days. No worries though, I will eventually post everything I have, own, find, etc! Other posts will be more specific such as Linux post exploitation enumeration or getting tab completion on reverse shells. The information below does not have a ton of scripts, programs, or any automation tools as of yet as there should be things you need to know how to manually manipulate. This information assumes you have a good understanding of networks, Windows & Linux OS’s, BASH scripting, and some programming background.

Learning, Training, Methods, Cheat Sheets, and More

Pre-Exploitation:

  1. Google Sheet Learning Resources: Anything from Offensive and Defensive techniques and training to books, and OSCP specific information.
  2. OSCP GoldMine: A gitbook dedicated to required OSCP knowledge. (Scanning, reverse shells, enumeration, RBASH escapes!).
  3. NMAP Cheat Sheet: A must have.
  4. Port Enumeration: A simple breakdown on what port enumeration should look like and the steps that are involved. Understand though, this is just a rough breakdown and each case will be subject to its own set of variables that you need to take into account.
  5. User Enumeration: Another overview on enumeration, this time focusing on user enumeration.
  6. Reverse Shell Cheat Sheet: This is a daily go-to for me and others. Keep it handy.

Post-Exploitation:

  1. Linux Enumeration & Privilege Escalation Cheat Sheet: There are a ton of useful bash and python scripts that automate this for you but, this is information that you need to know how to get without a script so, know this stuff in and out or at least have this cheat sheet handy.
  2. Escaping Restricted Shells: Every now and then you might get stuck with a restricted shell and you need to escape, have this handy as it is a lifesaver!
  3. Windows Enumeration Commands
  4. Windows Privilege Escalation (Common Vectors): Again, not a script but, necessary information!
  5. Windows Privilege Escalation #2: A more detailed account of common windows privesc methods.

 

Practice & Persistence Makes Perfect

Starting off, you need a safe place to practice. Preferably, a place that you can easily manipulate to build your confidence and your skills. Luckily, there are now a ton of options for you to start hacking, ethically that is. Below is a short list of the best places and methods that are readily at your disposal and will set you on the right track.

  1. Hack The Box: By far, the top online hacking platform I have found. It’s free but there is also a payment option which gives you access to servers that are closer to you. They have Windows, Linux, and FreeBSD machines. They also release new machines each month at varying skill levels (Easy to Mindfuck). And, the machines they retire are available and an awesome HTB moderator (Ippsec) does an extraordinary awesome how-to video on the retired machines giving you some of the best insight on how to go about hacking.
    1. Ippsec Youtube Channel
  2. VulnHub.com: Virtual machines that have been designed vulnerable at varying skill levels so you can start easy and progressively move to more difficult machines. Now, this requires you to have your flavor of a hypervisor (Vmware Workstation/Fusion, or VirtualBox) to host the machine on your network. If you do not have the resources or money to stab into the resources to host machines well, take a look at option #3.
  3. Root-Me.org: Many of the popular VulnHub machines are available on the Root-Me servers. This is a cool platform because you and friends can spool up an instance of the machine you want and work on it together. There are time limits for each machine (2-4 hours) but, you can start a new instance if you were unable to root the machine.

 

Feedback and Help

You’re going to get stuck, you’re going to have questions, and you’re going to get frustrated as hell. It’s all part of the process. There are a lot of good communities out there that are more than willing to give hints, point you in the right direction, and really make you try harder.

  1. /r/hackthebox: This is hack the box specific, but, there are a bunch of good people on here that are more than willing to help but, not give any answers.
  2. Hack The Box Forums and chat: self-explanatory.
  3. Discord: There are literally dozens of different discord chats out there with very helpful people. Here are just a few:
    1. Datastream Cowboys
    2. Ethical Hacking, by invite only.
    3. Netcat.us

 

This should be more than enough to get the ball rolling. The next posts will include more specifics on scripts and tools with a more detailed approach showing the what and how.

2 Comments
  • Steve
    Reply January 5, 2018at11:11 pm

    Hi Joshua. I’m looking forward to this effort. It looks like my employer is willing to pick up the tab for the course materials and certification costs so I’m going to start preparing as much as I can over the next few months before moving forward with the online materials and lab access. I appreciate anything you are able to constibute.

Post a Comment