PentesterLab Bootcamp
Everything you need to get started in infosec. Follow this structured path from the basics to advanced exploitation.
Your Learning Path
Follow the steps below, week by week, to build a solid infosec foundation.
1
Linux and Scripting
- Try to: Install Linux: Retrieve a virtualisation system (VirtualBox, VM player) and install Linux. Use a traditional distribution like Ubuntu not a security related one.
- Learn the basics of a scripting language: Pick between Ruby (Try Ruby), Python (Online) or Perl and learn its syntax and data types. You will need it to keep going.
Reading List
2
HTTP
- Try to: Install Apache inside your vm, change the home page of the hosted site using vim. Access this page in your browser (on the host).
- Change your host file to access the Linux system under the following names: vulnerable.
- Write an HTTP client to retrieve the home page of your site using an http library (for example net/http in ruby).
- Write an HTTP client to retrieve the home page of your site using a socket.
- Download Burp Suite (free version) and visit a website and see what requests are sent and what responses are received.
Reading List
3
PHP and DNS
- Try to: Install PHP in your virtual machine (using your previous Apache installation), write a script that echoes back a parameter in the URL.
- Install Mysql and create a script that retrieves information from it, like article.php?id=1 returns a book and article.php?id=2 returns a computer.
- Create a page that sends data to itself using a POST request.
- Install the command line tool dig in your vm. Find what name servers and mail servers are used by PentesterLab.
- Obtain information about pentesterlab.com using the whois tool.
Reading List
4
SSL/TLS
- Try to: Enable HTTPs on your web server. Make sure you disabled all the weak ciphers.
- Write a SSL client using an HTTP library. Write a SSL client using a socket.
- Access your SSL server with your previous HTTP script and socat to do the connection socket<->ssl-socket.
Reading List
5
SQL Injection & Local File Include
- Try to: Follow "From SQL injection to Shell": read the course and test on the ISO.
- Follow "PHP Include And Post Exploitation": read the course and test on the ISO.
Reading List
6
More SQL Injections
- Try to: Fully script From SQL injection to Shell (use Burp to help you debugging).
- Do From SQL injection to shell: PostgreSQL edition without reading the course.
- Check if the code you wrote during Week 3 is vulnerable to SQL injection and XSS.
7
FTP and Traffic Analysis
- Try to: Install and use Wireshark: inspect the traffic sent by your HTTP client (use "Follow TCP stream") and HTTPs client (check the SSL handshake).
- Install a FTP server on your system. Write a FTP client using a socket.
Reading List
8
Linux Review and Code Execution
- Try to: Follow Introduction to Linux Host Review (read the course and test on the ISO).
- Follow CVE-2012-1823: PHP CGI (read the course and test on the ISO).
Reading List
9
HTTP Server and Firewall
- Try to: Follow "From SQL injection to Shell": read the course and test on the ISO.
- Follow "PHP Include And Post Exploitation": read the course and test on the ISO.
Reading List
10
Nmap and Crypto Attacks
- Try to: Use Nmap to find the open ports on your VM. Use Nmap to find the open ports on your VM while blocking ICMP using iptables.
- Use iptables to close one of the open ports, check that it works using Nmap.
- Find a local security meetup (Ruxmon, 2600...) and go there.
- Follow CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability (read the course and test on the ISO).
11
Wifi
- Try to: Setup a Wifi network using WEP and crack the key.
- Follow Rack Cookies and Commands Injection (Read the course and test on the ISO).
Reading List
12
Linux Exploitation
- Try to: Download and solve the levels 00 to 04 of Nebula (mirror) from exploit.education.
Reading List
13
SSL Pinning and Linux Exploitation
- Try to: Download and solve the levels 10 to 14 of Nebula (mirror) from exploit.education.
- Follow From SQL injection to SHELL II.
Reading List
14
Web For Pentester
- Try to: Download and solve the levels 05 to 09 of Nebula (mirror) from exploit.education.
- Do the exercises from Web For Pentester.
Reading List
15
Web For Pentester II
- Try to: Download and solve the levels 15 to 19 of Nebula (mirror) from exploit.education.
- Follow the exercises from Web For Pentester II.
Reading List
Recommended Books
Resources to deepen your understanding of security.
Technical Books
A list of technical books we find useful. Think there is one we are missing? Send us an email: support@pentesterlab.com
Non-Technical Books
A list of non-technical books we think you will find enjoyable when you are not hacking.
Ready to Start?
Sign up and start working through the bootcamp exercises at your own pace.