So you’re looking to get into the wonderful world of penetration testing, but have no clue where to start? Don’t worry I was just like you (hence why started this blog). In this post I’ll provide some resources to help get you started.
is a good site to help you learn these languages, they offer great tutorials in all these languages and more.
Basic Exploitation walk-through.
Now that you have learnt how a web apps are put together, how do you start exploiting a site or a companies network? Penetration Testing: A hands on introduction to hacking is a great resource for beginners. It covers the basics in the penetration testing process and some of the tools used in each process. It definitely helped me get started and wrap my head around some of the tools used.
Another great resource to help you get started with basic web application testing is pentesterlab, particularly the web for pentesters series give you a great solid understanding of the type of exploits that are found on web applications. P.S I have a basic walk through of the first web for pentesters vm on my blog.
How do I sharpen my skills?
Now that you know the basics, you need to practice your skills, but how? Pentesterlab
has some more advanced tutorials for you to try. Another similar vulnerable vm is webgoat
, it has a similar style to pentesterslab vm, where they walk through with each of the exploits and explain why the exploit exists.
Whats that, you want something a little more challenging? Well then vulnhub
has you covered. They offer community made virtual machines and the solutions offered are made by people who have completed the challenge. They are challenging, but not impossible and if you get stuck you can always look at the solutions and see how that person solved it.
Write your own exploits.
A great book to learn how to write your exploits, one that I am currently working through, violent python
. This book teaches you how to write your own exploits, botnet, viruses in python. This is of course is a little advanced and could be something to build up to.
Lastly, I’ll leave you with some advice that I wish I knew earlier. PRACTICE,PRACTICE,PRACTICE. Just practice and really spend the time understanding how an exploit happens and why. Also build applications yourself, exploit them and patch them. This will help you understand what to look for when trying to find exploits in a system or web application.
If you have any questions or suggestions, drop me a line in the comment section below. Until next time, keep on hacking.