PentesterLab Bootcamp: Start Your InfoSec Journey

• Try to: Install Linux: Retrieve a virtualisation system (VirtualBox, VM player) and install Linux. Use a traditional distribution like Ubuntu not a security related one.
• Learn the basics of a scripting language: Pick between Ruby (Try Ruby), Python (Online) or Perl and learn its syntax and data types. You will need it to keep going.

• Try to: Install Apache inside your vm, change the home page of the hosted site using vim. Access this page in your browser (on the host).
• Change your host file to access the Linux system under the following names: vulnerable.
• Write an HTTP client to retrieve the home page of your site using an http library (for example net/http in ruby).
• Write an HTTP client to retrieve the home page of your site using a socket.
• Download Burp Suite (free version) and visit a website and see what requests are sent and what responses are received.

• Try to: Install PHP in your virtual machine (using your previous Apache installation), write a script that echoes back a parameter in the URL.
• Install Mysql and create a script that retrieves information from it, like article.php?id=1 returns a book and article.php?id=2 returns a computer.
• Create a page that sends data to itself using a POST request.
• Install the command line tool dig in your vm. Find what name servers and mail servers are used by PentesterLab.
• Obtain information about pentesterlab.com using the whois tool.

• Try to: Enable HTTPs on your web server. Make sure you disabled all the weak ciphers.
• Write a SSL client using an HTTP library. Write a SSL client using a socket.
• Access your SSL server with your previous HTTP script and socat to do the connection socket<->ssl-socket.

• Try to: Fully script From SQL injection to Shell (use Burp to help you debugging).
• Do From SQL injection to shell: PostgreSQL edition without reading the course.
• Check if the code you wrote during Week 3 is vulnerable to SQL injection and XSS.

• Try to: Install and use Wireshark: inspect the traffic sent by your HTTP client (use "Follow TCP stream") and HTTPs client (check the SSL handshake).
• Install a FTP server on your system. Write a FTP client using a socket.

• Try to: Use Nmap to find the open ports on your VM. Use Nmap to find the open ports on your VM while blocking ICMP using iptables.
• Use iptables to close one of the open ports, check that it works using Nmap.
• Find a local security meetup (Ruxmon, 2600...) and go there.
• Follow CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability (read the course and test on the ISO).

• Try to: Setup a Wifi network using WEP and crack the key.
• Follow Rack Cookies and Commands Injection (Read the course and test on the ISO).

• Try to: Download and solve the levels 05 to 09 of Nebula (mirror) from exploit.education.
• Do the exercises from Web For Pentester.

Technical Books

A list of technical books we find useful. Think there is one we are missing? Send us an email: support@pentesterlab.com

Non-Technical Books

A list of non-technical books we think you will find enjoyable when you are not hacking.