PentesterLab Bootcamp: Everything you need to get started in Infosec
Bootcamp provides a learning path to get into security and especially web penetration testing.
This course is a list of things to read and do. No solutions are provided since it is, in my opinion, the best and only way to learn. If you don't manage to get one of the items done, just try harder. Spend more time googling until you find the solution. Finding something by yourself is the best way to remember it.
Dudes, The TC file type is dubious at best. Most of them are taken from a Cam image or a little better with a telesinc (TS) audio. Best is to stay away instead of wasting your time, go for the largest, 1.xx to 4.xx not much bigger, 720p or the 1080p especially if they are some form of Blu-Ray. Next, download and launch the UNetbottin utility. Select the “Diskimage” radio button, click “” to select a bootable ISO image. After locating your Windows 10 ISO file, click on Open. Choose Type as USB Drive and select the device name of your USB drive (you probably would’ve noted it down earlier, so refer to that). Dudes, The TC file type is dubious at best. Most of them are taken from a Cam image or a little better with a telesinc (TS) audio. Best is to stay away instead of wasting your time, go for the largest, 1.xx to 4.xx not much bigger, 720p or the 1080p especially if they are some form of Blu-Ray. Installing Windows on a Mac should be a piece of cake with Bootcamp, but that rarely is the case. In fact, I would personally say that Boot Camp Assistant is one of the worst apps that comes with OS X and unlike the rest, it doesn’t work seamlessly. A few of its drawbacks: It only supports a drive with a single partition.
Linux and Scripting!
Reading list:
Hands on:
- Install Linux: Retrieve a virtualisation system (VirtualBox, VM player) and install Linux. Use a traditional distribution like Ubuntu not a security related one.
- Learn the basics of a scripting language: Pick between Ruby (Try Ruby), Python (Online) or Perl and learn its syntax and data types. You will need it to keep going.
HTTP
Reading list:
Hands on:
- Install Apache inside your vm, change the home page of the hosted site using vim. Access this page in your browser (on the host).
- Change your host file to access the Linux system under the following names: vulnerable.
- Write an HTTP client to retrieve the home page of your site using an http library (for example net/http in ruby).
- Write an HTTP client to retrieve the home page of your site using a socket.
- Download Burp Suite (free version) and visit a website and see what requests are sent and what responses are received.
PHP and DNS
Reading list:
Hands on:
- PHP basics:
- Install PHP in your virtual machine (using your previous Apache installation), write a script that echoes back a parameter in the URL. For example, accessing http://vulnerable/hello.php?name=Louis will return 'Hello Louis'.
- Install Mysql and create a script that retrieves information from it, like article.php?id=1 returns a book and article.php?id=2 returns a computer.
- Create a page that sends data to itself using a POST request.
- DNS and whois:
- Install the command line tool dig in your vm.
- Find what name servers are used by PentesterLab, find what Mail servers are used by pentesterlab and find the Ip address of www.pentesterlab.com
- Obtain information about pentesterlab.com using the whois tool.
SSL/TLS
Reading list:
Hands on:
- Setup SSL:
- enable HTTPs on your web server
- make sure you disabled all the weak ciphers.
- Play with SSL:
- write a SSL client using an HTTP library.
- write a SSL client using a socket.
- access your SSL server with your previous HTTP script and socat to do the connection socket<->ssl-socket.
SQL injection & Local File Include
Reading list:
Hands on:
- Follow 'From SQL injection to Shell': read the course and test on the ISO
- Follow 'PHP Include And Post Exploitation': read the course and test on the ISO
More SQL Injections
Reading list:
Hands on:
- Fully script From SQL injection to Shell (use Burp to help you debugging)
- Do From SQL injection to shell: PostgreSQL edition without reading the course
- Check if the code you wrote during Week 3 is vulnerable to SQL injection and XSS
FTP and Traffic analysis
Reading list:
Hands on:
Iso Download Games
- Install and use Wireshark: inspect the traffic send by your HTTP client (use 'Follow TCP stream) and HTTPs client (check the SSL handshake)
- FTP:
- Install a FTP server on your system:
- Write a FTP client using a socket
Linux Review and Code Execution
Reading list:
Hands on:
- Follow Introduction to Linux Host Review (read the course and test on the ISO)
- Follow CVE-2012-1823: PHP CGI (read the course and test on the ISO)
HTTP Server and Firewall
Reading list:
Hands on:
- HTTP server
- Write a HTTP server (use fork to handle more than one connection)
- Connect to your HTTP server with your browser and check the requests done by your browser
- Iptables
- If enabled, disable iptables in your vm
- Use iptables to block ICMP requests, test if it works using ping
Nmap and crypto attacks
Reading list:
Hands on:
- Nmap
- Use Nmap to find the open ports on your VM.
- Use Nmap to find the open ports on your VM while blocking ICMP using iptables.
- Use iptables to close one of the open ports, check that it works using Nmap.
- Find a local security meetup (Ruxmon, 2600...) and go there
- Follow CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability (read the course and test on the ISO)
Wifi
Reading list:
Hands on:
- Setup a Wifi network using WEP and crack the key
- Follow Rack Cookies and Commands Injection (Read the course and test on the ISO)
Linux Exploitation
Reading list:
Hands on:
- Download and solve the levels 00 to 04 of Nebula (mirror) from exploit.education
SSL Pinning and Linux Exploitation
Reading list:
Hands on:
- Solve the levels 05 to 09 of Nebula (mirror) from exploit.education
- Follow From SQL injection to SHELL II
Web For Pentester
Reading list:
- Read Web For Pentester
Hands on:
- Solve the levels 10 to 14 of Nebula (mirror) from exploit.education
- Do the exercises from Web For Pentester
Web For Pentester II
Bootcamp Iso Converter Download
Reading list:
- Read Web For Pentester II
Iso Download Windows 10
Hands on:
- Solve the levels 15 to 19 of Nebula (mirror) from exploit.education
- Follow the exercises from Web For Pentester II
Books
Technical books:
- ...
Non-Technical books:
- ...