Pentesting tutorials
Hi, y'all!
For all n00bs and 1337s interested in learning more web hacking, you should not miss PentesterLab.com. It contains free tutorials for learning basic skills.
Today, July 15 2013, they released 'Web For Pentester II' by Louis Nyffenegger. I have already tried it out. You download a .iso-file, start it up in a VM and there you have it! An exploitable web server in the privacy of your own computer. Also it comes with a complete tutorial guide in pdf. If you don't have VMware, you could try VirtualBox or Qemu. Or even install it on a box or drive. It requires 1 GB RAM.
The exercises are:
SQL injections 9 Authentication 6 Captcha 9 Authorization 3 Mass Assignment 3 Randomness Issues 4 MongoDB injection 2
It took me only five minutes to download, start the server and complete exercise one. So it's easy to get started, and its fun!
The fun part, is that the vulnerabilities are really there, so you get good error messages and can perfect your exploit based on them.
For any students out there, I think this free thing could teach you more than going to Las Vegas and pay 1000 USD for a training. I guess there are such a thing as free lunch. They also have a 12 week boot camp with suggested reading material and things to do to learn more about web penetration testing. Also FREE.
I am making a new thread about this, because it was too large for the shoutbox, and to small for an article.
If others know of good resources for perfecting our skills, I would certainly like to hear about it.
i remeber like 5 years ago i found a php cms/script that is built to be buggy from a to z, had fun finding the bugs in it, some found through direct input/trial and error, and most found through code reading :)
try installing that on a local server and test what you could find, but can not remember what its named and im too lazy to google.