How to Exercise Your Hacking Skills in a Controlled Environment





How to Exercise Your Hacking Skills in a Controlled Environment

Hey guys, this tutorial is aimed to anyone, with few or good hacking skills. By "Hacking skills" I mean every competence (except Social Engineering) needed to a Hacker. Here are some pre-requisite :
  • Basic knowledge of Linux commands
  • Nice programming knowledge - at least, be able to read a code and deternmine how it works, it function, language-
  • Some basic knowledge about reverse-engineering - at least now how a program is built, and some basic ASM knowledge -
  • Basic knowledge of how webservers works, what's PHP SQL ....
/!\ THIS IS NOT A TUTORIAL IT'S A COMPILATION OF LINKS AND PLACES YOU'LL HAVE TO CHECK AND DIG /!\
This might be obvious or you might think you already know this, nice.
For those who doesn't have this knowledge, what I'll show you below will help you learn BUT THIS WILL NOT BE SUFFICIENT.
YOU CANNOT ONLY LEARN BY EXERCISE. You'll need to train with other exercises, and not only 'hacking' oriented exercises.


My advice would be to learn basics of programmation and computer and network, so you'll hve at least a good comprehenson of what I mentionned above.
I'll also give links to places where you'll learn some hacking-oriented skills for beginners-medium


First, I'd like to thanks one guy :
"The Humble Observer".
I've read two of his article on leaksource, and I must share it with you.
http://leaksource.info/2014/08/09/hack-back-a-diy-guide-for-those-without-the-patience-to-wait-for-whistleblowers/
http://leaksource.info/2014/11/09/recommendations-for-the-hacktivist-community/
The first link will describe you a nice writeup about his intrusion into FinFisher's systems. So you'll have a detailled view on how an attack works.
The second link will make you paranoid and you'll have recommendations for hacking and discretion.
/!\ First link : You've got lots of useful links at the end of the article /!\
  • https://www.vulnhub.com/
YOU DEFINITLY should use theses links.
  • vulnhub is the place for vulnerable servers images, you'll find a vast variety of Challenge and Capture the flag games, difficulty from beginner to advanced
  • Pentester labs offers iso images for offline exercising on a specific kind of vulnerability
  • Over the wire provies variety of exercises from basic linux commads to steganography)
  • Hackthissite will also provide a lot of challenge -maybe less variety than in Over The Wire -
  • Smash the stack will get you familliar with Buffers Overflows
Over The Wire recommend you to do the levels in this orer so you'll really have a complete overview :
1.Bandit
2.Leviathan or Natas or Krypton
3.Narnia
4.Behemoth
5.Utumno
6.Maze
7.…
That's only a few places to train, and there's much more links in the articles. Just search for "wargames" to find more onlines games OR "ISO" files you'll boot in a VM to train offline
 
About ISOs : 
Using virtual images of webservers in order to hack them is one of the best way to train "safely" : Just download an image, and run it into VirtualBox : 

apt-get install virtualbox

You can download Metasploitable for example, or one of the many isos available on :
VulnHub : https://www.vulnhub.com/
 
Then use the "bridged mode" or "host only" mode in virutalbox :)




BOOKS :
Yup, reading books will help you improve your skills.
Here are various links, still stolen from the first article :
https://leaksource.files.wordpress.com/2014/08/the-web-application-hackers-handbook.pdf
http://leaksource.files.wordpress.com/2014/08/hacking-the-art-of-exploitation.pdf
https://leaksource.files.wordpress.com/2014/08/the-database-hackers-handbook.pdf
https://leaksource.files.wordpress.com/2014/08/the-art-of-software-security-assessment.pdf
https://leaksource.files.wordpress.com/2014/08/a-bug-hunters-diary.pdfhttps://leaksource.files.wordpress.com/2014/08/underground-tales-of-hacking-madness-and-obsession-on-the-electronic-frontier.pdf
https://leaksource.files.wordpress.com/2014/08/tcp_ip-illustrated-vol-1.pdf
https://leaksource.files.wordpress.com/2014/08/tcp_ip-illustrated-vol-2.pdf
https://leaksource.files.wordpress.com/2014/08/tcp_ip-illustrated-vol-3.pdf
VIDEOS :
http://www.cybrary.it/
This is a nice place for beginners, it'll provide you steps by steps videos
OTHER SITES :
http://resources.infosecinstitute.com/
I really appreciate this site, it has pertinent and developped articles
Well here was a little compilation of links, now PUT YOUR ASS TO WORK !!
Oh and also, this won't get you thrpugh ALL aspects of hacking, so still learn to use your hacking Tools at home on a private network.
Good luck !
~~~~~~~~~~~/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\~~~~~~~~~~~~~~~~~~~
WARNING :
In this world nothing is free. Hosting services on webservers, and involving to time to get them workng costs money. LOT OF MONEY. And as thoses services are "free" even if you can donate, there's a fck somewhere. Where dos the money come from ?
Who do maintain thoses servers ? Hack this site xas created by Jeremy Hammond (who worked with Wikileaks) even if i think he's trustful, NEVER FORGET you're beeing watched and i'm sure those websites are Under heavy surveillance. So keep this warning in mind. At least you'll have a safe place to train as it's still legal to hack thoses sites, and it's better than hackng illegally other serves but.... you know.
~~~~~~~~~~~/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\/!\~~~~~~~~~~~~~~~~~~~
 

Aucun commentaire:

Enregistrer un commentaire