Meta: Penetration Testing Execution Standard (PTES)
| Step | Task |
|---|---|
| 1. | Get the user flag on your own |
| 2. | Get the root flag on your own |
| 3. | Write your technical documentation |
| 4. | Write your non-technical documentation |
| 5. | Compare your notes with the official write-up |
| 6. | Create a list of information you have missed |
| 7. | Watch video or read blog walkthrough and compare it with your notes - https://www.youtube.com/@ippsec/videos - https://ippsec.rocks/?# - https://www.youtube.com/@vbscrub/videos - https://www.youtube.com/watch?v=CU9Iafc-Igs&list=PLF7JR1a3dLONdkRYU_8-5OcgOzrWe2549 - https://www.youtube.com/@LiveOverflow/videos \ |
| 8. | Expand your notes and documentation by adding the missed parts |
PowerShell: https://underthewire.tech/wargames
Linux Terminal: https://overthewire.org/wargames/
Tmux:
Vim:
📦 Recommended Retired Boxes
| Box | |
|---|---|
| OWASP Juice Shop | Is a modern vulnerable web application written in Node.js, Express, and Angular which showcases the entire OWASP Top Ten along with many other real-world application security flaws. |
| Metasploitable 2 | Is a purposefully vulnerable Ubuntu Linux VM that can be used to practice enumeration, automated, and manual exploitation. |
| Metasploitable 3 | Is a template for building a vulnerable Windows VM configured with a wide range of vulnerabilities. |
| DVWA | This is a vulnerable PHP/MySQL web application showcasing many common web application vulnerabilities with varying degrees of difficulty. |