In this guide we are going to cover the following vulnerabilities.
These vulnerabilities are the ones that we can find the most in CTF or machines and some are defined by OWASP
The platforms that we are going to use through the guide are the following :
An online platform to test and advance your skills in penetration testing and cyber security. From this machine we are going to use some challenges. We will create our account later, don't worry about it.
URL: https://www.hackthebox.eu/Hack Instantly. Learn, practice and complete! Get hands on and practise your skills in a real-world environment by completing guided and interactive tasks.
Feel free to go and create your account if you don't have one and also explore the platform.
URL: https://tryhackme.com/Root Me is a platform for everyone to test and improve knowledge in computer security and hacking.
Feel free to go and create your account if you don't have one and also explore the platform.
URL: https://www.root-me.org/picoCTF is a free computer security game targeted at middle and high school students, created by security experts at Carnegie Mellon University. The game consists of a series of challenges centered around a unique storyline where participants must reverse engineer, break, hack, decrypt, or do whatever it takes to solve the challenge.
URL: https://picoctf.com/RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills through hacking challenges. Register and get a flag for every challenge.
CTFlearn is an ethical hacking platform that enables tens of thousands to learn, practice, and compete.
We host an ever-changing array of user-submitted and community-verified challenges in a wide range of topics.
URL: https://ctflearn.com/This platform offers lots of things, but we only need the web academy, but you should see all the cool stuff in here.
URL: https://portswigger.net/CTFchallenge is a series of web application hacking challenges created by @adamtlangley. Each challenge is built on its own domain and acts like a real functioning website or application.
URL: https://ctfchallenge.co.uk/This is an academy with labs that have vulnerabilities, we are going to use this as practice.
URL: https://pentesterlab.com/Feel free to jump this section if you have installed all the programs in this list or if you have a machine running Kali Linux.
I highly recommend to install Kali linux the only reason is because it comes with all the tools that we are going to need. I recommend these videos.
We just need some installed software components, which I am going to ask you to do the research on how to install and make sure it works properly.
The way I see it, it's not just playing CTF or try to solve CTF challenges, sometimes we can do it by doing some research and we'll learn something, but it's not the easiest way to do it. I highly recommend spending some time learning new concepts an the theoretical stuff that it's behind the CTF challenges, try to understand every behind a vulnerability. I consider that the theoretical information is really important, it's just as important the practical.
Knowing some theoretical information will mean that sometimes we can identify a vulnerability and know a better way to exploit it, which saves us time and frustrations.
This is just my opinion and experience. The guide then will have 2 sections the learning section and the challenge section for each vulnerability.
This section will focus only on learning things, learn theory, learn how to use tools and everything that has to do with learning. This section will include CTF challenges, sites, blogs, videos and everything we may need.
In this section feel free to try everything, to explore, to read everything you need, to review and to break everything you find in your way. Remember something from Bob Ross!
Don't rush, it's worth it. In this section we are only here to learn, here it does not matter the places, skills or points on the CTF platforms. Take your time!
Feel free to DM me if you think that something could be added or changed in this section of any vulnerability.You'll get to this point once you have understood the vulnerability and the theory and you have a very good understanding. In this section You'll face CTF challenges, according to the vulnerability studied. You'll keep learning, but here you'll be able to identify the vulnerability and know how to exploit it. You'll never stop learning, and CTF challenges will help us here, to take your level of under to the next level.
I'll put little hints, but the challenge will be accorded the knowledge and level that you should already have. If you think that you're failing or if you are having a bad time, feel free to go back, do some research or try harder.
Feel free to DM me if you think that something could be added or changed in this section of any vulnerability.It's not only taking notes of everything, but instead try to do ordered notes. It is useless to have many notes if when you need something you can not find it or it takes a long time.
Your notes are for consultation things that you have not yet memorized
I also recommend taking notes with images, but if you add an image also add an explanation of what happens in the image, sometimes the text is useless without image and vice versa.
This is just a recommendation, you'll find a way that just fits you.
These are some applications that can help you with your notes, feel free to use any of them:
A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in a single xml or sqlite file.
A little blog about cherry tree
We use Joplin for our notes, just for the Markdown language.
Just take your time, try harder and be patient.
Sorry for the long page but it was necessary.