hello , what vulnerability should i search for after i select my target . and where do i start with .
-
XSS.stack #1 – первый литературный журнал от юзеров форума
what vulnerability should i look and start with
- Автор темы godslucy
- Дата начала
but really, run sqlmap on all endpoints, run masscan on all ports, use fofa to find more surface, and ffuf using seclists on the websites. if you find external vpn look for logs or 1day for service.
- Автор темы
- Добавить закладку
- #3
are there any tutorials out there , if they can you shred your light towards it bro?
This
You might not consider or think of this, but you get started like this, nobody will give you tutorials or spoon feed you here or on any forum, you will learn by practice and making mistakes, at least that is what my experience has been, read posts on here, understand the basics and then start getting hands on practice.
There are many great resources to learn from such as Jason Haddix [1] [2] and Zseano [3] Mehtodology, Bassterlord manuals [4] [5], Phineas Fisher HackBack DIY Guides [6] [7] [8] [9], some other breaches [10] [11] and Guacamaya HackBack videos [12] [13] and the Conti playbok [14] are a great start here.
[1]
[4] BassterLord FishEye Networking Manual
[5] BassterLord Network Manual v2
[6] https://enlacehacktivista.org/images/6/69/Hack_back1.txt
[7] https://enlacehacktivista.org/images/a/a3/Hack_back2_en.txt
[8] https://theanarchistlibrary.org/library/subcowmandante-marcos-hack-back
[9]
[11] https://enlacehacktivista.org/images/8/8f/Flexispy.txt
[12] https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T
[13] https://kolektiva.media/w/9hvdC2ef18UNx1RSJxf1gi
[14] The Conti Play Book
Also you could go through his older posts, a lot of useful resources there and how to go about finding initial access, I learned a lot from his and other members like him who post guides and how to go about things on here.
it depends on your target what i will do first i scan the network , check js files maybe there requests so maybe can find ssrf
then check for back ups files maybe on server one last world you should read and watch courses about bug hunting and redteaming
then check for back ups files maybe on server one last world you should read and watch courses about bug hunting and redteaming
Amazing resources above from the great Prokhorenco as always btw.
I'm a little late, but here are my 2 cents.
For me, there are 3 fundamental pillars :
- How you manage your Ops (machines, scanners, vps, etc.)
- The pentesting technique itself (that is, your skill about how you exploit the objective)
- How do you benefit from the loot obtained from the exploited target.
You have asked which vulnerability to choose and how to start, but that is the second step. If you have not previously prepared your infra, it will not turn out well.
Let's assume you already have it. What I recommend is that you start using search engines, such as Shodan, LeakIX, etc., and focus on 1-2 types of vulnes (or missconfigurations). Remember that not all exploits necessarily come from a vulnerability, sometimes a bad configuration gives you root with a single click.
Learn to look for those vulnerabilities, learn to use nuclei, and when you have exploited some targets, before moving on to another vulnerability, try to automate it.
Start with small targets, single servers. Then, you will move to corporate networks.
Surely, if you have exploited 10 targets, you will be able to understand the process and automate the exploitation (or identification) of hundreds of targets quickly.
Repeat the process, and increase your vuln-set.
And above all, enjoy what you do and if you can, take advantage of it
:
I'm a little late, but here are my 2 cents.
For me, there are 3 fundamental pillars :
- How you manage your Ops (machines, scanners, vps, etc.)
- The pentesting technique itself (that is, your skill about how you exploit the objective)
- How do you benefit from the loot obtained from the exploited target.
You have asked which vulnerability to choose and how to start, but that is the second step. If you have not previously prepared your infra, it will not turn out well.
Let's assume you already have it. What I recommend is that you start using search engines, such as Shodan, LeakIX, etc., and focus on 1-2 types of vulnes (or missconfigurations). Remember that not all exploits necessarily come from a vulnerability, sometimes a bad configuration gives you root with a single click.
Learn to look for those vulnerabilities, learn to use nuclei, and when you have exploited some targets, before moving on to another vulnerability, try to automate it.
Start with small targets, single servers. Then, you will move to corporate networks.
Surely, if you have exploited 10 targets, you will be able to understand the process and automate the exploitation (or identification) of hundreds of targets quickly.
Repeat the process, and increase your vuln-set.
And above all, enjoy what you do and if you can, take advantage of it
: