Poison

First of all i’m new to this entire hacking stuff. I have very little exposure to real world hacking. In poison i was easily able to find the open ports in the machine. But i do not know how to move forward from this initial stage.
I don’t want any spoilers or direct clues from anyone. I want to think on my own. So it would be awesome of u guys to refer some websites or books.

Thanks in advance. =)

@fastbyte90 said:
First of all i’m new to this entire hacking stuff. I have very little exposure to real world hacking. In poison i was easily able to find the open ports in the machine. But i do not know how to move forward from this initial stage.
I don’t want any spoilers or direct clues from anyone. I want to think on my own. So it would be awesome of u guys to refer some websites or books.

Thanks in advance. =)

Penetration Testing A Hands on Introduction
The Hacker Playbook 2 (also just updated with a 3rd edition but I haven’t reviewed that one yet)
The Web Application Hackers Handbook

That’ll be plenty to get you on your way

Can I add

  • Web Hacking 101 by Peter Yaworski
  • OWASP Testing Guide

Also, enumerate enumerate enumerate.

i have both hackers playbook and web application

so is it a good idea to try out all the exploits available in metasploit to plant a shell in the website

And is it necessary to use burpsuite for this machine

@fastbyte90 said:
so is it a good idea to try out all the exploits available in metasploit to plant a shell in the website

You definitely don’t need to.

@fastbyte90 said:
And is it necessary to use burpsuite for this machine

Nope. But having Burp running in the background is never a bad idea.

Thnx a lot for ur suggestions.