Hello fellow hackers and cyber security enthusiasts!
I hope so far the posts I have made have helped people on their journeys through the wonderful world of penetration testing and CTFs. I know it has been a bit quiet on here for the last few weeks, but unfortunately I am between jobs and need to get something moving ASAP… so my time has been focused on that instead. In saying that though, I do have a few things to announce for the future of this blog and it’s content… so let’s get to it! 😉
CTFs and Answers
When I first posted Holo it was uncensored with all the relevant answers still left in the post… in fact, if someone wanted to cheat that room they only had to scroll down to the first Task (Task 4) and submit all the flags (not that I could understand why you would want to – it was a GREAT learning experience and I highly recommend completing it properly).
During my journey to learn ethical hacking, I myself used others write-ups to help me if I got really stuck – there is no shame in that whatsoever! However, I do recognize that people might want a hint, but not spoil the process by having the answers in plain sight… so I have gone through and modified both Holo, Wreath and all other CTF posts and hidden the answers. This means that if for any reason you need the actual answer to a question in the room it is still there, but you need to click on the relevant heading to see it. These "headings" will appear either purple coloured, or sometimes red coloured with either CREDS (for credentials) or FLAG at the start of the heading. They will also have "[+]" rather than ">" to show they are expandable (and will change to "[-]" once expanded). If you hover your mouse over these headings (or touch on mobile) it will have an animated "glow" effect to signify that you can click on the heading to reveal the answer / credentials / flag (and you can click it again to hide it).
- Here is an example of an answer that is clickable to reveal:
- Here is an example of a "CREDS" heading that has been expanded (note that the "[+]" has changed to "[-]" to show it has been expanded):
Hopefully this will keep these posts both complete, but also won’t spoil it for anyone simply looking for an idea of how to proceed when they are stuck… although, even though the answers are still there, I highly recommend going through the steps to obtain them yourself, rather than simply copying the relevant answer / flag and skipping that process.
Study Notes
Along my journey studying penetration testing on TryHackMe, I started taking notes on the rooms I was studying – sometimes these notes were completely written in my own words, sometimes I copypasta’d bits directly from the TryHackMe room… but there are notes in these posts that you will not find covered in the TryHackMe rooms that I have included myself.
Unfortunately I only started taking detailed notes around the beginning of the "Offensive Pentesting" learning path (and I had already completed both the "Pre Security" and "Jr Penetration Testing" learning paths by then), so I cannot share all my notes on a complete learning path… but I do believe some of the notes I have will be of great use to someone.
The next few posts (and later in the future), rather than just share completed CTFs (and I do have more to come), I will start sharing some of those notes here in the hopes that someone finds use of them… these are based on TryHackMe learning paths or "Modules" (mini learning paths) and will also include all the answers to said room (hidden away as I do on the CTFs).
The topics I currently have ready to go are:
- Active Directory (both introduction and explaining different attack methods)
- PowerShell (basic usage and creating scripts for penetration testing)
- Python (same as with PowerShell, basic coding and using python to write pentesting tools)
- Linux and Windows privilege escalation methods
- Shells
- Detailed breakdowns on penetration testing tools such as:
- NMAP
- Burp Suite
- Hydra
- Web hacking fundamentals, OWASP Top 10 and step-by-step guides for the "OWASP Juice Shop" room
… plus many more to come! Keep watching this blog for more juicy notes!
Report Writing
One topic I have not covered myself yet is writing a detailed penetration testing report, the kind you would submit to a client after completing a penetration test. This is a valuable skill to have in this industry, as the job is not all fun and hacking (unfortunate, but we can’t have fun all the time or it wouldn’t be a job)!
Part of the Wreath room was an optional task to write one of these reports, and they were even giving away prizes to the first few people who submitted an approved, detailed report (this has now passed unfortunately). At the time I did Wreath I just wanted to complete it and move on, but I thought that it would be a great idea to go back and practise writing a detailed penetration testing report on this room… so sometime in the future I will do exactly that – and provide that report here for anyone to read. It will also come with a post breaking down the fundamental steps to generating these reports… but this may be later in the future… I am simply too busy trying to get some coin up for my family to concentrate on doing this right now.
In Closing…
Anyway, with all that being said, I’d like to thank you for checking out the content on my blog, and I hope that it has helped you in some form or another… The main reason I do this (apart from it being a great resume piece for any future penetration testing jobs I apply for) is to share my journey with you, in the hopes that it will help you get closer to your goals as well, no matter how little or how much it helps.
Stay safe, and keep on hacking! 🙂
–> stimpz0r