This repository will contain various notes, code snippets, hints and different sources related to all kinds of cybersecurity topics, dropped by our team members.

• Where to start
• Basic Knowledge
• First Steps
• Checklist
• Tool Recommendations
• Trainings
• Hacking Resources & Tutorials

• It is recommended to work in a virtual environment like an Kali Linux instance running on VirtualBox or VMware Player.
• Make sure you downloaded the correct .ovpn file to connect to the network and access your box.

$ sudo openvpn /PATH/TO/OVPNFILE/<USERNAME>.ovpn

• Wordlists are usually located in /usr/share/wordlists/. The mostly used ones are:
  • rockyou.txt (sudo gunzip /usr/share/wordlists/rockyou.txt.gz)
  • /usr/share/wordlists/seclists (https://github.com/danielmiessler/SecLists)
• If you are missing some tools, try to install them from the Kali Linux repository.

$ sudo apt-get install kali-linux-everything

• If a website is not reachable via IP address and redirects you, try to add it to the /etc/hosts file.
• Always familiarize yourself with the tools you use and checkout their documentation as well as the parameter -h.
• Don't run exploits from the internet without understanding what they are doing.

There are some basic things you should be aware about when you approaching a new box.

• Make sure to take proper notes. Probably you want to concider to write them in Markdown and Obsidian for example. Here are a few alternatives:
  • cherrytree
  • Sublime Text
  • Dillinger.io
• Always keep some sort of reconnaissance running in the background like directory busting with Gobuster, which can take some time.
• Make sure to enumerate every service and every endpoint properly. On a website for example, check for usernames, email address schemes, check the source of the website click or hover over every link you can find to see if they lead to something.
• Check for already known vulnerabilities and exploits. Therefore you can just use Google. Here are a few examples:
  • <APPLICATION> vulnerability
  • <APPLICATION> <VERSION> vulnerability
  • <APPLICATION> <VERSION> exploit
  • <APPLICATION> <VERSION> poc
  • <APPLICATION> <VERSION> github
  • <APPLICATION> <VERSION> github poc Alternatively check Exploit Database, Sploitus or use searchsploit from the command line.

$ searchsploit <APPLICATION>

• Try default credentials (https://github.com/ihebski/DefaultCreds-cheat-sheet) or admin:admin. Especially on web applications.
• If you find credentials or just a password, always go for credential reuse and try if they work for another user as well.

Depending on what a box offers to you, you can go through the following checklist.

1. Run nmap!

$ sudo nmap -sC -sV -p- <RHOST>
$ sudo nmap -sC -sV -Pn -p- <RHOST>
$ sudo nmap -sV -sU <RHOST>

2. If a webserver is available, check robots.txt.

http://RHOST/robots.txt

3. Also, give whatweb a try.

$ whatweb http://<RHOST>

4. Ob websites, try directory busting with different wordlists.

$ gobuster dir -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt

5. Checking for subdomains. If a box offers you a vhost entry like http://openadmin.htb/ for example, it is always worth it to see if there are more vhosts configured.

$ gobuster vhost -u <RHOST> -t 50 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
$ gobuster vhost -u <RHOST> -t 50 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain

$ ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.openadmin.htb" -u http://openadmin.htb --mc all --fs <NUMBER>

6. Intercept web requests with Burp Suite. Without getting to deep into the usage of Burp Suite, here are the steps to configure it in your browser.

• Start Burp Suite and open your browser on http://burp.
• Then download the CA Certificate.
• Depending on your browser, switch to settings and then to certificates.
• Import the certificate.
• We recommend to use FoxyProxy and configure it there but you can also go with the proxy settings of your browser.

• In Burp Suite switch to Target > Proxy settings and select Use advanced scope control.
• Add the IP address of the box you are approaching.
• Switch to the Proxy tab, move to Intercept and click on Intercept is off to enable it.
• At last switch the proxy in FoxyProxy to the Burp Suite configuration and access the website. Now you can intercept the web traffic coming from and going to the box and modify as you want.

Below you find just a few tools to start with. Of course this is not a complete list and there are always better tools for the job out there. Take small steps and get comfy with tools and techniques to develop and at last improve your unique approach on a system.

• Nmap
• masscan
• RustScan

• nikto

• WhatWeb
• Burp Suite
• Gobuster
• dirsearch
• ffuf
• wfuzz
• WPScan

• sqlmap

• thc-hydra
• hashcat
• NetExec

• Metasploit
• BloodHound
• Impacket
• enum4Linux-ng
• PEASS-ng
• PSPY
• Evil-WinRM

If you feel you need to learn fundamentals of a new topic or to improve you knowledge in specific areas, I would recommend checking out TryHackMe which provides valuable learning paths to various topics.

Here are a few room recommendations for beginners.

• Learning Cyber Security
• Introductory Networking
• Intro to Offensive Security
• Linux Fundamentals Part 1
• Linux Fundamentals Part 2
• Linux Fundamentals Part 3
• Windows Fundamentals 1
• Windows Fundamentals 2
• Windows Fundamentals 3
• Pentesting Fundamentals
• Active Reconnaissance
• Nmap
• Burp Suite: The Basics
• Web Application Security
• OWASP Top 10
• SQL Injection
• Hydra
• Metasploit: Introduction

Here are a few resources and knowledgebases to cover various topics. Starting with writeup videos of IppSec is always a good call.

• ippsec.rocks
• Hacking Articles
• HackTricks
• netbiosX/checklists
• The Penetration Testing Grimoire
• pentestmonkey
• PayloadsAllTheThings
• GTFOBins

Also feel free to get in touch with us on our Discord, we are all willing to help!