Pentesting for Beginners - Short Stories
By Robot
()
About this ebook
Introducing Pentesting for Beginners - Short Stories, an engaging collection of short stories that takes you on a journey into the mind of hackers and the unique way they think. Each story is a fast-paced adventure that follows a hacker with a distinct name and personality as they navigate the world of hacking and push the boundaries of conventional thinking. Written in a story format, this book is a fun and informative guide that encourages readers to think outside the box and embrace a hacker's mentality. It's easy to read and understand, but don't be fooled - it's packed with all the information you need to know about hacking. It's been carefully crafted to avoid the typical technical manual territory and wasted space, giving you a comprehensive and enjoyable experience. Perfect for anyone interested in cybersecurity, technology, and creative problem-solving. Get ready to be inspired and entertained as you learn about the art of hacking.
Related to Pentesting for Beginners - Short Stories
Related ebooks
Hacking of Computer Networks: Full Course on Hacking of Computer Networks Rating: 0 out of 5 stars0 ratingsOnline Hacker Survival Guide Rating: 0 out of 5 stars0 ratingsUnderstanding Network Hacks: Attack and Defense with Python Rating: 0 out of 5 stars0 ratingsHackercool Sept 2016: 0, #0 Rating: 5 out of 5 stars5/5A First Course In Ethical Hacking Rating: 0 out of 5 stars0 ratingsCompsec: For the Home User Rating: 0 out of 5 stars0 ratingsBeginning Ethical Hacking with Kali Linux: Computational Techniques for Resolving Security Issues Rating: 0 out of 5 stars0 ratingsHackerTools Crack With Disassembling Rating: 2 out of 5 stars2/5Hack Computer System For Noobee Rating: 1 out of 5 stars1/5BackTrack: Testing Wireless Network Security Rating: 0 out of 5 stars0 ratingsUltimate Hacking Challenge: Hacking the Planet, #3 Rating: 5 out of 5 stars5/5How to Investigate Like a Rockstar: Hacking the Planet Rating: 0 out of 5 stars0 ratingsPHP Security and Session Management: Managing Sessions and Ensuring PHP Security (2022 Guide for Beginners) Rating: 3 out of 5 stars3/5How to Hack Like a GOD: Hacking the Planet, #2 Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar: Hacking the Planet, #1 Rating: 5 out of 5 stars5/5Kali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratingsHacking: Computer Hacking for beginners, how to hack, and understanding computer security! Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Penetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK Rating: 5 out of 5 stars5/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Hack into your Friends Computer Rating: 0 out of 5 stars0 ratingsCyber Security for Beginners: How to Become a Cybersecurity Professional Without a Technical Background (2022 Guide for Newbies) Rating: 0 out of 5 stars0 ratingsWeb Penetration Testing: Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsTor and the Deep Web Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5
Technology & Engineering For You
The Big Book of Hacks: 264 Amazing DIY Tech Projects Rating: 4 out of 5 stars4/5The Big Book of Maker Skills: Tools & Techniques for Building Great Tech Projects Rating: 4 out of 5 stars4/5Artificial Intelligence: A Guide for Thinking Humans Rating: 4 out of 5 stars4/5The Art of War Rating: 4 out of 5 stars4/5The ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratings80/20 Principle: The Secret to Working Less and Making More Rating: 5 out of 5 stars5/5Logic Pro X For Dummies Rating: 0 out of 5 stars0 ratingsThe CIA Lockpicking Manual Rating: 5 out of 5 stars5/5The Fast Track to Your Technician Class Ham Radio License: For Exams July 1, 2022 - June 30, 2026 Rating: 5 out of 5 stars5/5Ultralearning: Master Hard Skills, Outsmart the Competition, and Accelerate Your Career Rating: 4 out of 5 stars4/5The 48 Laws of Power in Practice: The 3 Most Powerful Laws & The 4 Indispensable Power Principles Rating: 5 out of 5 stars5/5The Total Inventor's Manual: Transform Your Idea into a Top-Selling Product Rating: 1 out of 5 stars1/5The Total Motorcycling Manual: 291 Essential Skills Rating: 5 out of 5 stars5/5The Art of Tinkering: Meet 150+ Makers Working at the Intersection of Art, Science & Technology Rating: 4 out of 5 stars4/5Electrical Engineering 101: Everything You Should Have Learned in School...but Probably Didn't Rating: 5 out of 5 stars5/5The Systems Thinker: Essential Thinking Skills For Solving Problems, Managing Chaos, Rating: 4 out of 5 stars4/5Broken Money: Why Our Financial System is Failing Us and How We Can Make it Better Rating: 5 out of 5 stars5/5My Inventions: The Autobiography of Nikola Tesla Rating: 4 out of 5 stars4/5The Art of War Rating: 4 out of 5 stars4/5How to Disappear and Live Off the Grid: A CIA Insider's Guide Rating: 0 out of 5 stars0 ratingsNo Nonsense Technician Class License Study Guide: for Tests Given Between July 2018 and June 2022 Rating: 5 out of 5 stars5/5The Invisible Rainbow: A History of Electricity and Life Rating: 4 out of 5 stars4/5The Wuhan Cover-Up: And the Terrifying Bioweapons Arms Race Rating: 0 out of 5 stars0 ratingsUnderstanding Media: The Extensions of Man Rating: 4 out of 5 stars4/5Smart Phone Dumb Phone: Free Yourself from Digital Addiction Rating: 0 out of 5 stars0 ratingsVanderbilt: The Rise and Fall of an American Dynasty Rating: 4 out of 5 stars4/5The Complete Titanic Chronicles: A Night to Remember and The Night Lives On Rating: 4 out of 5 stars4/5
Reviews for Pentesting for Beginners - Short Stories
0 ratings0 reviews
Book preview
Pentesting for Beginners - Short Stories - Robot
Websites you should know
Websites everyone must know about - Go through each one to see what they offer and do. This is not just some list
- make sure to understand what each is and does.
https://haveibeenpwned.com/
https://leak-lookup.com/search
https://securitytrails.com/app/account
https://viewdns.info/
https://archive.org/web/
https://webkay.robinlinus.com/
https://gtfobins.github.io/
https://tryhackme.com/p/tryhackmecourse
https://github.com/
https://stackoverflow.com/
https://shop.hak5.org/
https://www.kali.org/
https://semgrep.dev/
https://iknowwhatyoudownload.com/en/peer/
https://www.smartlook.com/
https://wigle.net/
https://www.zimperium.com/zanti-mobile-penetration-testing https://kon-boot.com/
https://subdomainfinder.c99.nl/
https://wpscan.com/wordpress-security-scanner
https://qifi.org/
https://temp-mail.org/en/
https://www.fakenamegenerator.com/
https://gchq.github.io/CyberChef/
https://covertinstruments.com/
https://dnsdumpster.com/
https://www.revshells.com/
https://crackstation.net/
https://hashes.com/en/decrypt/hash
https://github.com/EdOverflow/can-i-take-over-xyz
https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS https://dirtycow.ninja/
https://hackforums.net/
https://book.hacktricks.xyz/welcome/readme
The most important things to remember in hacking is it’s all the developers fault…
All jokes aside, the main types of exploit you’ll see doesn’t revolve around you getting root over machines all the time. That’s mainly for post exploitation however can be the most fun part.
Jobs and bug bounties will usually stop at the initial foothold stage and from my experience here is a quick look at the most common things you will come across:
IDOR: Insecure direct object reference.
In short, when a server for example looks like https://mywebsite.com/?user=1
This example uses an insecure reference directly to the user page, where if we change it to ?user=2 we could see all of the private account details of user=2.
This also commonly happens in Cookies.
XSS (Cross-Site Scripting):
XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into a website viewed by other users. This can be achieved by sending specially crafted requests to the website, or by storing malicious scripts in vulnerable fields such as search fields or comment sections. The injected scripts can then be executed by other users who view the affected pages, allowing the attacker to steal sensitive information such as user credentials or manipulate the display of the website.
Knowing the difference between stored and reflected XSS is a big deal. Stored XSS refers to a scenario where the malicious script is permanently stored on the target website, and is executed every time a user visits the affected page. This is typically achieved by storing the malicious payload in a database, such as in a comment section or search field.
Reflective XSS, on the other hand, occurs when the malicious script is injected into a website through a user's request, but is immediately reflected back to the user's browser without being stored. In this case, the malicious script is only executed when the specific user visits the affected page such as when clicked on or sent directly from the hacker, and is not permanently stored on the target website. Both types of XSS can have serious consequences, so it is important to understand the differences and take steps to prevent them.
XSS is mainly used to steal cookies from logged in users which can then be manually put into the hackers browser to login as if they were you. A lot of websites will expire cookies when you click the logout button which will also logout the hacker. Knowing this can be a crucial step if you are unsure if a hacker as your cookies.
SQL Injection:
SQL injection attacks can be used to steal sensitive data, modify or delete existing data, or gain unauthorized access to the underlying system. For example, an attacker may use SQL injection to bypass login authentication by submitting a specially crafted username and password, such as ' OR 1=1-- which would always evaluate to true. An attacker can also use SQL injection to extract sensitive information, such as credit card numbers or personally identifiable information, from a database by crafting SQL statements that dynamically select and display this information. Additionally, an attacker may use SQL injection to execute arbitrary code on the target system or to launch a denial-of-service attack by overloading the database with excessive requests. These examples illustrate the potential consequences of SQL injection and why it is important to take steps to prevent it.
Error-based blind is what I find most frequent which essentially means the website responds differently if a character a-z for example exists or doesn’t exist in a certain column like abc? Where we try d in the column where ? is. We can essentially enumerate
the database very slowly by trying every combination possible one letter at a time.
LFI (Local File Inclusion):
LFI is a type of vulnerability that allows an attacker to include and execute local files on a target system, potentially leading to information disclosure or code execution. It occurs when user-supplied data, such as a URL parameter, is used to specify the location of a file that will be included by the target system such as ?view.php=image.jpg. An attacker can use LFI to gain unauthorized access to sensitive information stored on the target system, such as configuration files or source code, by including files that contain this information. In some cases, LFI can lead to RCE (Remote Code Execution) or Log Poisoning
. RCE is a technique that would call on programs built within the operating system above the website to run commands as if you were interacting with it normally like cat, ls, cd.
Log poisining would use RCE in a similar way. You would put code as your user-agent, cookie or referrer for example when accessing the page (a normal page or a page that doesn’t exist) to get the access.log or error.log to store a session of you trying to access those pages.
Upon then using Local File Inclusion to view those pages, you can get your code to execute as it is stored on the website in the log file.
An example of