This repository will contain various notes, code snippets, hints and different sources related to all kinds of cybersecurity topics, dropped by our team members.
- Where to start
- Basic Knowledge
- First Steps
- Checklist
- Tool Recommendations
- Trainings
- Hacking Resources & Tutorials
- Purplestorm Wallpapers
- It is recommended to work in a virtual environment like an
Kali Linux
instance running onVirtualBox
orVMware Player
. - Make sure you downloaded the correct
.ovpn
file to connect to the network and access your box.
$ sudo openvpn /PATH/TO/OVPNFILE/<USERNAME>.ovpn
- Wordlists are usually located in
/usr/share/wordlists/
. The mostly used ones are:- rockyou.txt (sudo gunzip /usr/share/wordlists/rockyou.txt.gz)
- /usr/share/wordlists/seclists (https://github.com/danielmiessler/SecLists)
- If you are missing some tools, try to install them from the
Kali Linux repository
.
$ sudo apt-get install kali-linux-everything
- If a website is not reachable via
IP address
and redirects you, try to add it to the/etc/hosts
file. - Always familiarize yourself with the tools you use and checkout their documentation as well as the parameter
-h
. - Don't run exploits from the internet without understanding what they are doing.
There are some basic things you should be aware about when you approaching a new box.
- Make sure to take proper
notes
. Probably you want to concider to write them inMarkdown
andObsidian
for example. Here are a few alternatives: - Always keep some sort of
reconnaissance
running in the background likedirectory busting
withGobuster
, which can take some time. - Make sure to
enumerate
every service and every endpoint properly. On a website for example, check forusernames
,email address schemes
, check thesource
of the websiteclick
orhover over
everylink
you can find to see if they lead to something. - Check for already known
vulnerabilities
andexploits
. Therefore you can just useGoogle
. Here are a few examples:<APPLICATION> vulnerability
<APPLICATION> <VERSION> vulnerability
<APPLICATION> <VERSION> exploit
<APPLICATION> <VERSION> poc
<APPLICATION> <VERSION> github
<APPLICATION> <VERSION> github poc
Alternatively check Exploit Database, Sploitus or usesearchsploit
from the command line.
$ searchsploit <APPLICATION>
- Try
default credentials
(https://github.com/ihebski/DefaultCreds-cheat-sheet) oradmin:admin
. Especially onweb applications
. - If you find credentials or just a password, always go for
credential reuse
and try if they work for another user as well.
Depending on what a box offers to you, you can go through the following checklist.
- Run nmap!
$ sudo nmap -sC -sV -p- <RHOST>
$ sudo nmap -sC -sV -Pn -p- <RHOST>
$ sudo nmap -sV -sU <RHOST>
- If a webserver is available, check
robots.txt
.
- Also, give
whatweb
a try.
$ whatweb http://<RHOST>
- Ob websites, try
directory busting
with different wordlists.
$ gobuster dir -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
- Checking for
subdomains
. If a box offers you avhost
entry likehttp://openadmin.htb/
for example, it is always worth it to see if there are morevhosts
configured.
$ gobuster vhost -u <RHOST> -t 50 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
$ gobuster vhost -u <RHOST> -t 50 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain
$ ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.openadmin.htb" -u http://openadmin.htb --mc all --fs <NUMBER>
- Intercept
web requests
withBurp Suite
. Without getting to deep into the usage ofBurp Suite
, here are the steps to configure it in your browser.
- Start
Burp Suite
and open your browser onhttp://burp
. - Then download the
CA Certificate
. - Depending on your browser, switch to
settings
and then tocertificates
. - Import the
certificate
. - We recommend to use FoxyProxy and configure it there but you can also go with the
proxy settings
of your browser.
Setting | Value |
---|---|
Proxy Type | HTTP |
Proxy IP address or DNS name | 127.0.0.1 |
Port | 8080 |
- In
Burp Suite
switch toTarget
>Proxy settings
and selectUse advanced scope control
. - Add the
IP address
of the box you are approaching. - Switch to the
Proxy
tab, move toIntercept
and click onIntercept is off
to enable it. - At last switch the proxy in
FoxyProxy
to theBurp Suite configuration
and access the website. Now you can intercept the web traffic coming from and going to the box and modify as you want.
Below you find just a few tools to start with. Of course this is not a complete list and there are always better tools for the job out there. Take small steps and get comfy with tools and techniques to develop and at last improve your unique approach on a system.
If you feel you need to learn fundamentals of a new topic or to improve you knowledge in specific areas, I would recommend checking out TryHackMe which provides valuable learning paths to various topics.
Here are a few room recommendations for beginners.
- Learning Cyber Security
- Introductory Networking
- Intro to Offensive Security
- Linux Fundamentals Part 1
- Linux Fundamentals Part 2
- Linux Fundamentals Part 3
- Windows Fundamentals 1
- Windows Fundamentals 2
- Windows Fundamentals 3
- Pentesting Fundamentals
- Active Reconnaissance
- Nmap
- Burp Suite: The Basics
- Web Application Security
- OWASP Top 10
- SQL Injection
- Hydra
- Metasploit: Introduction
Here are a few resources and knowledgebases to cover various topics. Starting with writeup videos of IppSec
is always a good call.
- ippsec.rocks
- Hacking Articles
- HackTricks
- netbiosX/checklists
- The Penetration Testing Grimoire
- pentestmonkey
- PayloadsAllTheThings
- GTFOBins
With a little modifications to gorgeus Daena Key and Dominik Mayer art, we present you to use and download Purplestorm Wallpapers
.
Also feel free to get in touch with us on our Discord, we are all willing to help!