Learn to hack: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
(40 intermediate revisions by 2 users not shown)
Line 25: Line 25:


General references:
General references:
* https://www.ired.team/
* https://www.ired.team
* http://pwnwiki.io/
* http://pwnwiki.io
* https://dmcxblue.gitbook.io/red-team-notes-2-0/
* https://dmcxblue.gitbook.io/red-team-notes-2-0
* https://github.com/swisskyrepo/PayloadsAllTheThings
* https://github.com/swisskyrepo/PayloadsAllTheThings
* https://github.com/S3cur3Th1sSh1t/Pentest-Tools
* https://github.com/S3cur3Th1sSh1t/Pentest-Tools
* https://github.com/offensive-security/exploitdb
* https://github.com/offensive-security/exploitdb
* https://github.com/payloadbox/
* https://github.com/payloadbox
* Collection of malware source code: https://github.com/vxunderground/MalwareSourceCode/
* Collection of malware source code: https://github.com/vxunderground/MalwareSourceCode
* https://github.com/jhaddix/tbhm
* https://github.com/jhaddix/tbhm
* https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
* https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
* https://www.metasploit.com
* https://github.com/emilyanncr/Windows-Post-Exploitation
* https://github.com/infosecn1nja/Red-Teaming-Toolkit
* https://github.com/edoardottt/awesome-hacker-search-engines
* https://github.com/Hack-with-Github/Awesome-Hacking
* https://github.com/LOLBAS-Project/LOLBAS
* https://docs.anarchy-farm.com
* https://book.hacktricks.xyz
* https://github.com/RistBS/Awesome-RedTeam-Cheatsheet
* https://github.com/0dayCTF/reverse-shell-generator
* https://0xsp.com/offensive/red-teaming-toolkit-collection/
* https://pwncat.org/
* https://gtfobins.github.io/
* https://codex-7.gitbook.io/
* https://github.com/qazbnm456/awesome-web-security
* https://githubmemory.com/repo/Qing-Q/awesome-hacking-lists


== Active Directory ==
== Active Directory ==
Line 53: Line 69:
* kerberos background: https://www.tarlogic.com/blog/how-kerberos-works/
* kerberos background: https://www.tarlogic.com/blog/how-kerberos-works/
* A good overview of different lateral movement techniques: https://hackmag.com/security/lateral-guide/
* A good overview of different lateral movement techniques: https://hackmag.com/security/lateral-guide/
* https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet#active-directory-exploitation-cheat-sheet


=== Tools ===
=== Tools ===
Line 81: Line 98:
* https://github.com/dirkjanm/ROADtools
* https://github.com/dirkjanm/ROADtools
* https://github.com/fox-it/adconnectdump
* https://github.com/fox-it/adconnectdump
* https://github.com/LMGsec/o365creeper
* https://github.com/LMGsec/o365creeper
* https://bloodhound.readthedocs.io/en/latest/data-collection/azurehound.html
* https://bloodhound.readthedocs.io/en/latest/data-collection/azurehound.html
Line 146: Line 162:
* https://getgophish.com/ Be sure to [https://www.sprocketsecurity.com/blog/never-had-a-bad-day-phishing-how-to-set-up-gophish-to-evade-security-controls remove the identifying headers gophish adds]
* https://getgophish.com/ Be sure to [https://www.sprocketsecurity.com/blog/never-had-a-bad-day-phishing-how-to-set-up-gophish-to-evade-security-controls remove the identifying headers gophish adds]
* https://github.com/curtbraz/PhishAPI
* https://github.com/curtbraz/PhishAPI
* https://github.com/edoverflow/can-i-take-over-xyz
* https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/


=== Password spraying ===
=== Password spraying ===
Line 154: Line 172:


=== Buying Access ===
=== Buying Access ===
https://genesis.market/
* https://genesis.market/
 
=== CVE POCs ===
* https://github.com/nomi-sec/PoC-in-GitHub


== Scanning and Recon ==
== Scanning and Recon ==
Line 162: Line 183:
* https://www.shodan.io/
* https://www.shodan.io/
* https://www.zoomeye.org/
* https://www.zoomeye.org/
* https://search.censys.io/
* https://hunter.io/
* https://fullhunt.io/
* https://www.onyphe.io/
* https://binaryedge.io/
* https://ivre.rocks/
* https://vulners.com/
* https://pulsedive.com/
* https://www.exploit-db.com
* https://github.com/six2dez/reconftw
* https://github.com/six2dez/reconftw
* https://search.censys.io/
* https://github.com/lanmaster53/recon-ng
* https://github.com/lanmaster53/recon-ng
* https://github.com/jaeles-project/jaeles
* https://github.com/jaeles-project/jaeles
* https://github.com/1N3/Sn1per
* https://github.com/1N3/Sn1per
* https://github.com/projectdiscovery/nuclei
* https://github.com/projectdiscovery/nuclei
* https://github.com/wpscanteam/wpscan
* https://github.com/OWASP/joomscan
* https://github.com/immunIT/drupwn
* https://github.com/Tuhinshubhra/RED_HAWK
* https://github.com/root-tanishq/userefuzz
=== Web Crawlers ===
* https://github.com/jaeles-project/gospider
* https://github.com/hakluke/hakrawler


== Wordlists ==
== Wordlists ==
Line 180: Line 218:
* https://github.com/jivoi/awesome-osint
* https://github.com/jivoi/awesome-osint
* [https://start.me/p/ZME8nR/osint osintframework.de]
* [https://start.me/p/ZME8nR/osint osintframework.de]
* https://www.maltego.com/
* https://github.com/vysecurity/LinkedInt
* https://www.osintdojo.com/
* https://inteltechniques.com/
* https://github.com/uosint-project/uosint


== API Hacking ==
== API Hacking ==
* https://github.com/arainho/awesome-api-security
* https://github.com/arainho/awesome-api-security
== Intercepting Proxies ==
These let you view, edit, and replay requests, and are extremely useful for finding vulnerabilities in web applications.
* https://portswigger.net/burp
* https://www.zaproxy.org/
* https://mitmproxy.org/


== Opsec ==
== Opsec ==

Revision as of 19:15, 15 October 2022

This page aims to compile high quality resources for hackers. All books listed on this page can be found on Library Genesis and Z-Library

General Resources

Resources that assume little to no background knowledge:

Resources that assume minimal tech background:

Resources that assume a tech or hacking background:

Practice labs:

General references:

Active Directory

Tools

Office 365 & Azure

Tools

GSuite

https://www.slideshare.net/dafthack/ok-google-how-do-i-red-team-gsuite

C2 Frameworks

Antivirus & EDR Evasion

VMware

RocketChat

Microsoft Exchange

ProxyLogon is dead. It's mitigated by Defender. ProxyShell is not. AMSI catches unmodified public exploits.

Initial Access

Phishing

Password spraying

Buying Access

CVE POCs

Scanning and Recon

Web Crawlers

Wordlists

OSINT

Open-source intelligence Tools/Resources

API Hacking

Intercepting Proxies

These let you view, edit, and replay requests, and are extremely useful for finding vulnerabilities in web applications.

Opsec

Any illegal activity should be done from an encrypted and separate computer or virtual machine, with all traffic over Tor.

Secure Messaging

Best practise is for your connections to go over Tor and for your messages to be end-to-end encrypted. For Jabber/XMPP make sure to enable OTR or OMEMO encryption. For email use PGP for encryption. For file sharing use onionshare.