There are many free sites and utilities you can use to learn more about attack vectors.
DO NOT RUN THESE IN PRODUCTION.
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project OWASP top 10 scenarios.
https://www.hackthissite.org/ Lots of web hacking scenarios.
http://www.dvwa.co.uk/ Vulnerable web app.
https://github.com/Subterfuge-Framework/Subterfuge/blob/master/README.md easy MITM. Not even fair. Try learning the old ways with Ettercap, arpspoof etc.
https://github.com/beefproject/beef BeEF browser hooking. XSS someone and control their browser, then pivot to other hosts or tools.
https://www.shellterproject.com/introducing-shellter/Example, add code to a legit .exe so that it opens a reverse shell to your metasploit server. With BeEF you can do this inline as well so that all 32/64 bit PE files are slipstreamed.
https://github.com/beefproject/beef/wiki/Metasploit BeEF integration with metasploit. Again, not even fair.
https://www.offensive-security.com/metasploit-unleashed/ free Metasploit training.
https://github.com/n1nj4sec/pupy Get to know the different RATs out there. Cybergate, poison ivy, pupy, etc.
https://tuts4you.com/Endless supply of tutorials on reverse engineering, coding, etc.
https://www.vulnhub.com/ Tons of vulnerable VMs to try to hack.
https://www.corelan.be/ Lots of hacking tuts.
http://thestarman.pcministry.com/asm/ Learn assembly code. It’s fun!
0 Comments