Giving back to the InfoSec community is something I’ve always strived towards. Other professionals have always had time for me and it’s only right that if I can, I would relay my experiences to other people.
Penetration Testing with Kali Linux
Some may know that I took up this monumental challenge around 200 days ago. I say monumental because I was a lost lamb with limited knowledge of Pen Testing before I enrolled in PWK.
Like many, I had such a fear of the course. I read so many stories, reviews and some scare mongering from various online resources. I’m a “into the deep end” type of guy and I needed something to focus on. PWK was that focus. It wasn’t plain sailing at the start so to help ease the stress or preconceived ideas about PWK that would otherwise put you off, I’ve put together a few things to help you out.
I’ll break it down into parts.
- Kali Tips
- Lab Tips
- If you get stuck
This is based on my own experience of what I would do differently, having been on the course for 200 days ( I know, I’m a slow burner at times). Your experience may differ.
- Create directories for each target. Dump all exploit scripts, enumeration files and anything related to that target in that directory.
- Use symbolic names for your exploit code or document it in your notes. For example, 3456.c doesn’t mean anything at a glance. Months later you’ll come across it in your file system and if you didn’t document it’s use or change its name it is useless to you.
- Create a directory for your ‘fixed’ exploits. Find your own way of doing this. You could use CVE numbers, exploit name or anything that you can call on later. Remember to document any change made to the code and name of the file.
- Work on your speed of execution and how you can utilise your hardware to execute a task faster. For example, using more threads while using Dirbuster.
- Don’t be foolish and neglect the use of Metasploit. It’s an amazing tool, and can build confidence.
- Don’t jump into the labs instantly if you are new. Read the course materials and watch the videos. The information is extremely useful.
- Revert each machine before you enumerate it.
- If a machine was reverted in the last few hours, someone may be working on it. Be kind, and move on.
- Check the forums for the machine in question to see if it requires frequent reverts.
- Run the fullest enumeration scan possible, full TCP scan, and UDP scan
- DO NOT shy away from anything in the labs. Despite any rumours you may have heard about certain targets, try your hand at everything to have a better shot at the challenge.
- Read G0tmilks tutorial on Alpha on the forums. It gives a great insight on how to report. Also this can give a great entry point and feel for how it’s done.
- Read through the Offsec dummy report –> https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
- Use the Reporting template from Offsec. It’s a good baseline. No point in reinventing the wheel.
- I will add that using something like Keepnote is essential. Even more important to that step is keeping good notes. If you don’t, you will have nothing to report. Remember, you will need to explain these steps to someone who can follow them exactly as you did.
If you get stuck
- Offsec Forums are fantastic for tips
- Offsec chat function has been really helpful for me at times. Cleverly delivered tips that sometimes show you an answer without even giving you a hint. Great resource.
- There’s the IRC channel too. Personally I never used it.
- Refer to the course materials, and videos.
I could likely add more into this post as time goes on. No matter what stage you are at, you are always learning. Despite me failing the exam challenge twice and rooting 30 of the lab machines, I still have a lot to learn from PWK. The learning never stops. Enjoy the time you have in the labs. It’s an amazing experience.