Learn to hack: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
(43 intermediate revisions by the same user not shown)
Line 1: Line 1:
This page aims to compile high quality resources for hackers. All books listed on this page can be found on [https://libgen.fun/ Library Genesis] and [https://z-lib.org/ Z-Library]
This page aims to compile high quality resources for hackers. All books listed on this page can be found on [https://libgen.fun/ Library Genesis] and [https://z-lib.org/ Z-Library].
 
Make sure that you follow good OPSEC when carrying out your operations! See [https://enlacehacktivista.org/index.php?title=Learn_to_hack#Operational_security OPSEC]


== General Resources ==  
== General Resources ==  
Line 24: Line 26:
* https://overthewire.org/wargames/
* https://overthewire.org/wargames/


General references:
Appsec:
* https://www.ired.team
* https://github.com/paragonie/awesome-appsec
* http://pwnwiki.io
 
* https://dmcxblue.gitbook.io/red-team-notes-2-0
== General references ==
* https://github.com/swisskyrepo/PayloadsAllTheThings
 
* https://github.com/S3cur3Th1sSh1t/Pentest-Tools
General resources you may find useful for learning. see [[General]]
* https://github.com/offensive-security/exploitdb
 
* https://github.com/payloadbox
[https://owasp.org/www-project-top-ten/ OWASP Top 10] is a broad consensus about the most critical security risks to web applications.
* Collection of malware source code: https://github.com/vxunderground/MalwareSourceCode
 
* https://github.com/jhaddix/tbhm
== Red Team Tools for post exploitation (Windows) ==
* https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
Find common vulnerabilities and misconfigurations in a windows environment to escalate your privileges: [https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS winPEAS]
* https://www.metasploit.com
 
* https://github.com/emilyanncr/Windows-Post-Exploitation
== Red Team Tools for post exploitation (Linux) ==
* https://github.com/infosecn1nja/Red-Teaming-Toolkit
Rooting: [[Rooting linux]]
* https://github.com/edoardottt/awesome-hacker-search-engines
* https://github.com/Hack-with-Github/Awesome-Hacking
* https://github.com/LOLBAS-Project/LOLBAS
* https://docs.anarchy-farm.com
* https://book.hacktricks.xyz
* https://github.com/RistBS/Awesome-RedTeam-Cheatsheet
* https://github.com/0dayCTF/reverse-shell-generator
* https://0xsp.com/offensive/red-teaming-toolkit-collection/
* https://pwncat.org/
* https://gtfobins.github.io/


== Active Directory ==
== Active Directory ==


* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md An excellent practical reference]
Active Directory General Tools & resources you may find useful for learning. see [[Active Directory]]
* [https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet A practical reference focused on powershell]
* https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
* https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html
* https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/
* https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
* https://wadcoms.github.io/
* https://www.blackhillsinfosec.com/webcast-attack-tactics-5-zero-to-hero-attack/
* https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
* https://www.trustedsec.com/blog/a-comprehensive-guide-on-relaying-anno-2022/
* https://en.hackndo.com/ntlm-relay/
* https://s3cur3th1ssh1t.github.io/The-most-common-on-premise-vulnerabilities-and-misconfigurations/
* A very thorough technical background: https://zer1t0.gitlab.io/posts/attacking_ad/
* kerberos background: https://www.tarlogic.com/blog/how-kerberos-works/
* A good overview of different lateral movement techniques: https://hackmag.com/security/lateral-guide/
* https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet#active-directory-exploitation-cheat-sheet


=== Tools ===
=== Tools ===
Line 143: Line 120:
* Automatic ProxyShell Exploit: https://github.com/Udyz/proxyshell-auto
* Automatic ProxyShell Exploit: https://github.com/Udyz/proxyshell-auto


== Initial Access ==  
== Initial Access ==
 
There are many ways to get a foothold into a targets network, from phishing, buying credential access, buying infected machines in corporate networks, password spraying, performing a targeted penetration test and spray and pray scanning for vulnerabilities and hacking in. Here we list some resources in these regards.


=== Phishing ===
For more information on gaining a foothold, see [[Initial Access Tactics, techniques and procedures]]
* https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html
 
* https://medium.com/maltrak/com-objects-p-2-your-stealthy-fileless-attack-bf78318d9165
== Scanning and Recon ==
* https://infosecwriteups.com/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55
* https://www.xanthus.io/mastering-the-simulated-phishing-attack
* https://github.com/Arno0x/EmbedInHTML
* https://github.com/L4bF0x/PhishingPretexts
* http://lockboxx.blogspot.com/2018/12/gophish-evilginx2-for-phishing.html
* https://book.hacktricks.xyz/phishing-methodology
* https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective
* https://delta.navisec.io/a-pentesters-guide-part-4-grabbing-hashes-and-forging-external-footholds/
* https://www.rootshellsecurity.net/ntlm_theft-a-tool-for-file-based-forced-ntlm-hash-disclosure/
* https://getgophish.com/ Be sure to [https://www.sprocketsecurity.com/blog/never-had-a-bad-day-phishing-how-to-set-up-gophish-to-evade-security-controls remove the identifying headers gophish adds]
* https://github.com/curtbraz/PhishAPI
* https://github.com/edoverflow/can-i-take-over-xyz
* https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/


=== Password spraying ===
For scanning and Recon tools. see [[Scanning and Recon]]
* https://github.com/dafthack/MSOLSpray
* https://pentestlab.blog/2019/09/05/microsoft-exchange-password-spraying/
* https://github.com/blacklanternsecurity/TREVORspray
* https://github.com/x90skysn3k/brutespray


=== Buying Access ===
== Search Engines ==
* https://genesis.market/


=== CVE POCs ===
Search engines are a useful tool for gathering information and intelligence from publicly available sources. Some are paid and some are not. Make sure to operate good OPSEC whenever placing a purchase for any service that will be used in your recon on a target.
* https://github.com/nomi-sec/PoC-in-GitHub


== Scanning and Recon ==
For more information on recommended search engines, see [[Search Engines Resources]]
* https://github.com/robertdavidgraham/masscan
* https://github.com/projectdiscovery/naabu
* https://github.com/OWASP/Amass
* https://www.shodan.io/
* https://www.zoomeye.org/
* https://search.censys.io/
* https://hunter.io/
* https://fullhunt.io/
* https://www.onyphe.io/
* https://binaryedge.io/
* https://ivre.rocks/
* https://vulners.com/
* https://pulsedive.com/
* https://www.exploit-db.com
* https://github.com/six2dez/reconftw
* https://github.com/lanmaster53/recon-ng
* https://github.com/jaeles-project/jaeles
* https://github.com/1N3/Sn1per
* https://github.com/projectdiscovery/nuclei
* https://github.com/wpscanteam/wpscan
* https://github.com/OWASP/joomscan
* https://github.com/immunIT/drupwn
* https://github.com/Tuhinshubhra/RED_HAWK
* https://github.com/root-tanishq/userefuzz


=== Web Crawlers ===
=== Web Crawlers ===
Line 210: Line 146:


== OSINT ==
== OSINT ==
Open-source intelligence Tools/Resources
 
* https://osintframework.com/
Open-source intelligence (OSINT) refers to the collection and analysis of information from publicly available sources.
* https://www.tracelabs.org/initiatives/osint-vm
 
* https://github.com/jivoi/awesome-osint
For more information on recommended tools and resources, see [[OSINT Tools and Resources]]
* [https://start.me/p/ZME8nR/osint osintframework.de]
* https://www.maltego.com/
* https://github.com/vysecurity/LinkedInt
* https://www.osintdojo.com/
* https://inteltechniques.com/
* https://github.com/uosint-project/uosint


== API Hacking ==
== API Hacking ==
* https://github.com/arainho/awesome-api-security
* https://github.com/arainho/awesome-api-security
* [https://owasp.org/www-project-api-security/ OWASP API Security]
=== practice ===
* https://github.com/Checkmarx/capital
== IoT Hacking ==
* https://github.com/V33RU/IoTSecurity101


== Intercepting Proxies ==
== Intercepting Proxies ==
Line 230: Line 167:
* https://mitmproxy.org/
* https://mitmproxy.org/


== Opsec ==
== Operational security ==
Any illegal activity should be done from an encrypted and separate computer or virtual machine, with all traffic over Tor.
 
* https://www.qubes-os.org/
Operational security (Opsec) is crucial for protecting oneself from surveillance and maintaining anonymity while conducting hacktivist activities.
* https://www.whonix.org/
 
* https://tails.boum.org/
=== Recommended Measures ===
* The whonix wiki has lots of great info on anonymity even if you're not using whonix: https://www.whonix.org/wiki/Documentation
 
* https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy
Any illegal hacktivity should be done from an encrypted and separate computer or virtual machine, with all traffic over Tor.
* https://veracrypt.fr/
 
* https://www.torproject.org/
For more information on recommended measures, see [[Opsec Measures]]
* Disable javascript (set Security Level to "Safest" in Tor Browser)


== Secure Messaging ==
== Secure Messaging ==
Best practise is for your connections to go over Tor and for your messages to be end-to-end encrypted. For Jabber/XMPP make sure to enable OTR or OMEMO encryption. For email use PGP for encryption. For file sharing use onionshare.
 
* [https://tails.boum.org/ Tails] comes with onionshare for file sharing, pidgin with OTR for encrypted chat, and thunderbird with GPG for encrypted email
Best practice for secure messaging includes using connections over Tor and end-to-end encryption for messages.
* Probably the most mature jabber client with a focus on security and privacy is [https://coy.im/ CoyIM]
 
* https://cwtch.im/
=== Recommended Applications ===
* https://www.thunderbird.net/ A email client with built-in support for [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq PGP encryption]
 
* https://onionshare.org/
For Jabber/XMPP, make sure to enable OTR or OMEMO encryption. For email use PGP for encryption. For file sharing use onionshare.
* See [https://www.whonix.org/wiki/Chat the whonix wiki] for a more detailed comparison of secure messaging software
 
For more information on recommended applications, see [[Secure Messaging Applications]]

Revision as of 15:51, 5 February 2023

This page aims to compile high quality resources for hackers. All books listed on this page can be found on Library Genesis and Z-Library.

Make sure that you follow good OPSEC when carrying out your operations! See OPSEC

General Resources

Resources that assume little to no background knowledge:

Resources that assume minimal tech background:

Resources that assume a tech or hacking background:

Practice labs:

Appsec:

General references

General resources you may find useful for learning. see General

OWASP Top 10 is a broad consensus about the most critical security risks to web applications.

Red Team Tools for post exploitation (Windows)

Find common vulnerabilities and misconfigurations in a windows environment to escalate your privileges: winPEAS

Red Team Tools for post exploitation (Linux)

Rooting: Rooting linux

Active Directory

Active Directory General Tools & resources you may find useful for learning. see Active Directory

Tools

Office 365 & Azure

Tools

GSuite

https://www.slideshare.net/dafthack/ok-google-how-do-i-red-team-gsuite

C2 Frameworks

Antivirus & EDR Evasion

VMware

RocketChat

Microsoft Exchange

ProxyLogon is dead. It's mitigated by Defender. ProxyShell is not. AMSI catches unmodified public exploits.

Initial Access

There are many ways to get a foothold into a targets network, from phishing, buying credential access, buying infected machines in corporate networks, password spraying, performing a targeted penetration test and spray and pray scanning for vulnerabilities and hacking in. Here we list some resources in these regards.

For more information on gaining a foothold, see Initial Access Tactics, techniques and procedures

Scanning and Recon

For scanning and Recon tools. see Scanning and Recon

Search Engines

Search engines are a useful tool for gathering information and intelligence from publicly available sources. Some are paid and some are not. Make sure to operate good OPSEC whenever placing a purchase for any service that will be used in your recon on a target.

For more information on recommended search engines, see Search Engines Resources

Web Crawlers

Wordlists

OSINT

Open-source intelligence (OSINT) refers to the collection and analysis of information from publicly available sources.

For more information on recommended tools and resources, see OSINT Tools and Resources

API Hacking

practice

IoT Hacking

Intercepting Proxies

These let you view, edit, and replay requests, and are extremely useful for finding vulnerabilities in web applications.

Operational security

Operational security (Opsec) is crucial for protecting oneself from surveillance and maintaining anonymity while conducting hacktivist activities.

Recommended Measures

Any illegal hacktivity should be done from an encrypted and separate computer or virtual machine, with all traffic over Tor.

For more information on recommended measures, see Opsec Measures

Secure Messaging

Best practice for secure messaging includes using connections over Tor and end-to-end encryption for messages.

Recommended Applications

For Jabber/XMPP, make sure to enable OTR or OMEMO encryption. For email use PGP for encryption. For file sharing use onionshare.

For more information on recommended applications, see Secure Messaging Applications