Being a beginner, following videos tutorials is overwhelming. Any suggestions

I watched couple of videos in the "video tutorials" but frankly the information squeezed in those 2.5 hours is overwhelming for me as a beginner. I am trying to takes notes of methodology, tools used, commands used etc etc but I feel like its a hell lot to remember. So either after watching a tutorial I keep doing same machine until I can do it on my own? Or is there any better way to practice those tools individually before I work on solving the machines. I am confused on the best way to proceed. Your suggestions will be highly appreciated.

cheers

Comments

  • edited April 1

    Just watch and try to repeat on the box shown. First time it will be hard to understand, but the more you do the more understand.
    After trying read help/articles about tool used.
    Sometimes a bit of theory if useful, especially in crypto -- try to find articles about.
    Play CTFs/wargames to sharpen skill in particular areas such as BOF, SQLi etc.

    YanTayga

  • edited April 1

    start with beginner machines on vulnhub, they have walkthroughs; read, watch, learn, make challenges root-me
    all machines have 5 steps about. it's just to figure out.
    --------------------------first goal: getting a shell on the remote machine -------------------------------
    1.enumeration -> nmap, nikto, dirbuster etc
    2. finding vulns -> google, lfi, rfi, xss, sqli
    3. exploiting -> searchsploit / exploit-db, google, Buffer overflows, exploit dev
    4. shell, reverse shells, metasploit
    ------------------------------ 2nd goasl :getting privileges root / administrator -----------------------------
    5. priv esc

    peek

  • You could try to practice techniques in isolation first and then apply them here. At least that is how i did it.

    For getting an overview into basic SQL injections you can try

    The juice shop project is nice for learning about attacks on web applications:
    https://bkimminich.github.io/juice-shop/#/

    Here is a beginner tutorial that shows a range of techniques (PHP exploitation, SQL injections, basic linux navigation, ...):
    http://overthewire.org/wargames/bandit/

    In general found the levels hosted at overthewire.org very useful because they give you a good starting point and then guide you through the increasingly difficult challenges.

  • Type your comment> @prokaryont said:

    You could try to practice techniques in isolation first and then apply them here. At least that is how i did it.

    For getting an overview into basic SQL injections you can try

    The juice shop project is nice for learning about attacks on web applications:
    https://bkimminich.github.io/juice-shop/#/

    Here is a beginner tutorial that shows a range of techniques (PHP exploitation, SQL injections, basic linux navigation, ...):
    http://overthewire.org/wargames/bandit/

    In general found the levels hosted at overthewire.org very useful because they give you a good starting point and then guide you through the increasingly difficult challenges.

    Thanks. Good list.

    sesha569

  • Take it one step at a time. I know a 2.5 hour ippsec video is super long. but if he spends 10 minutes on something, maybe you spend an hour on it. if youre new to gobuster, run gobuster the way he runs it. then try different switches. read the man page. dont just look at it to solve the challenge he's solving. try to understand everything that's being done. play games with yourself - "if i change this argument, this will be different in the output". if you're right, you understand it. if not, figure out why.

    also, take notes. break down into sections like recon, web recon, database, etc. start a big outline. everything you learn a new tool, write it down in there.

    at the end of the day, you just have to practice and practice. it will come.

  • Practice. Practice. Practice. If it feels overwhelming then you are probably on the right track and just need to break what you are trying to learn into smaller tasks to research. It honestly feels like I am not learning much at all until I look back a year and think about how much I actually have learned.

    Before I got into HackTheBox I was using intentionally vulnerable virtual machines I downloaded from vulnhub which usually had a handful of walkthroughs available by a few different users who completed it already. I found that was a little easier to start than HackTheBox.

Sign In to comment.