Penetration-testing

Penetration testing (shortened pentesting) is the art of assessing the security of an environment and, eventually, discovering vulnerabilities (sometimes also exploiting vulnerabilities to confirm them). Penetration-testing is also called hacking (hackers, white hats), and differs from cracking (crackers, black hats) in the motivations. The hacker is a security professional who acts with ethics whereas crackers act without rules. Crackers' motivations are challenges (e.g. deface a web site), data theft, vandalism and destruction.

Seclists

https://github.com/danielmiessler/SecLists

Web

Web application attacks

Common web application attacks (XSS, LFI, RFI, sessions, ...) are here: Web-applications-attacks

Read file

Here are some commands that enable to read a file:

• cat <file>
• head <file>
• more <file>
• less <file>
• tail <file>
• xxd <file>
• nano <file>
• vim <file>
• vi <file>
• grep <file>
• grep -R . (reads all files in the directory)
• echo < readme.txt
• while read line; do echo $line; done < clue.txt
• rev /home/ubuntu/flag5.txt | rev

Hacking tutorials

• Webgoat
• Hack This Site
• Kioptrix4
• Hackademic-RTB1
• Hackademic-RTB2

Comments