Help full tools for Noob

Please provide a help full tools list and resources like password, directory worlists. thank you

MrB0LTv2

Comments

  • you will add new tools by practicing challenges and boxes, though Dostovesky made notes public:
    https://github.com/dostoevskylabs/dostoevsky-pentest-notes

    peek

  • edited December 2017

    Just wanted to mention that all the things you are looking for are already in any download of Kali Linux. If you wanted to keep things simple that OS is specifically designed to be used for things like this. Probably would have more then you need to get going. Doing things like "find / -name wordlists" "find / -name webshells" will show you where these things are placed on the system. Also just using the Application menu in the upper left hand corner will show you a lot of tools organized by topic that you can jump in a learn about. Might be worth a look. Also to see practical examples of these tools just check out any of the @ippsec videos in the Video Tutorials section here in the forums. https://forum.hackthebox.eu/categories/video-tutorials

  • Install tmux or terminator for better terminal usage. You can use tmux within terminator as well which is an awesome feature. Check out ippsec's youtube video on tmux.

  • A little helper for tmux:
    It was little bit annoying to always search for the local ip address of my Kali so I put in the .tmux.conf this:
    set -g status-right '#[fg=black]#(ip a | egrep -oh "inet 10.10.1".{7})'
    and now I can see it on the status bar of tmux.
    There are maybe better solutions but this one was fast and it works.

  • @sodomak hell yes!! Thank you for this!

  • This one worked a bit better for me :)

    ip a | egrep -oh "inet 10.10.".{4} | cut -c6-16

  • Here's a small list of things you need to get your started:

    1. All the tools you need are in the install of Kali Linux. I recommend downloading VirtualBox and booting up Kali on it, but if you have an old PC you could install Kali on, even better.

    2. There's a few essential tools that every good pentester knows how to use, this is like the holy bible of pentesting. These would be the terminal, nmap, metasploit, burpsuite or owasp zap, sqlmap, netcat, john the ripper or hashcat, wireshark, hydra, dirbuster or gobuster and a vulnerability scanner (there's quite a few, but nikto, nmap and nessus are popular). These are what I and I'm sure many others would consider essential tools, they'll help you do everything from port scanning and vulnerability scanning to packet sniffing and password cracking. If anyone else wants to add to the list, feel free to.

    3. Learn how to program, it's an essential skill. Like a wise pentester once told me: "The difference between a script kiddie and a hacker is the ability to program". learning how to program in both bash and python will help you greatly. It will reduce the amount of manual work you'll have to do and being able to edit and understand exploits will help your knowledge in proramming. I know a lot of people don't do this, but I personally read most of the pre-written exploits I use just to gain an understanding of what it's actually doing. It's just something I like to do and I feel like it's helped me understand how exploits work a bit better.

    4. If you have absolutely no experience with pentesting then I'd recommend watching some videos and there's a couple places I'd recommend. If you want a course-like structure, then Cybrary or Udemy have some good courses. IppSec's youtube videos are also really good, he's like the holy grail of hack the box. He has heaps of videos going over the solution to most of the retired HTB boxes.

    5. Google is your best friend. Pentesting is 50% research and 50% waiting for your tool to finish. If you find a service that you don't know about or discover a vulnerability you don't know much about, google it. There will always be articles, youtube videos or other resources on google that will help.

    6. It's not essential, but I recommended getting comfortable with tmux, it helps with organisation and workflow efficiency. I recommend watching IppSec's video on tmux.

    Hopefully this helps get you started :)

    TimeLoad

  • Thanks but I get bored watching videos, any blog where one can read articles to learn more, I prefer to read
  • Killer breakdown TimeLoad. (and yes, kali is the way to go) Kali has loads and loads of tools, but it can be hard to know you already have a tool that you're imagining, browse this for inspiration: https://tools.kali.org/kali-metapackages

    I'd also add:

    • wechall for other challenges and discovery of other wargame sites
    • depending on your skill level, OTW is good for getting started and practicing fundamentals
    • searchsploit (in kali), local copy of exploitdb. Most POCs included work out of the box, but I've run into some nerfed ones that need tweaking. Very Handy.
    • To echo TimeLoad, get coding. Hackerrank has good stuff for several languages and it gives potential employers something to look at to get a feel of your skills
  • @krzivn
    He's referring to (OTW) Over the Wire: http://overthewire.org/wargames/ .
    There is also under the wire: http://underthewire.tech/ for Powershell.

  • @6h057Un1c0rn said:
    @krzivn
    He's referring to (OTW) Over the Wire: http://overthewire.org/wargames/ .
    There is also under the wire: http://underthewire.tech/ for Powershell.

    TY for these ..always good to have more to test skills against

    Hack The Box

  • This site has a bunch of really good tools and simple descriptions. A lot of them are installed on kali or parrot sec os by default, but definitely not all of them.

    --Skunkfoot

  • IS there a short key for duplicating a pane in TMUX?

    I am in my boxe's directory running Nmap and I want to open another pane WITHOUT TYPING IN THE DIRECTORY ADDRESS AGAIN. IS there a short key for pane duplication?

    cheers gang

  • edited January 22

    ctrl + b then either
    shift % vertical split
    shift " horizontal split
    it wont duplicate but will have two panes you can work in swicth with
    ctrl + b up or down arrow

    also editing your ~/.tmux.conf will help a lot also with copy paste and scrolling

    https://pastebin.com/95YzeR4p

Sign In to comment.