What is Offensive Security?
Recently I have developed interest in learning how bad actors exploiting the Information System and so I started spending most of my time understanding, practicing and identifying the vulnerable components in the application (Ethical way) to enhance my knowledge so that it will be useful to securely implement and protect the application from adversaries.
Offensive Security teaches penetration testing methodologies to find out the weakness in the system.
How do I get started?
My manager introduced me to offensive security and encouraged to learn the weakness of the system and exploit the weakness. So it got hook me in to Hack the Box (HTB) Labs to learn the Techniques, Tactics and Procedures(TTPs). My initial approach was is easy because I am good in Linux ,Automation and command line tools but later found out it requires more than that and mostly the patience is the key skill.
My recommendation for anyone wants to start exploring pen testing is to have the following: (not the definitive list)
- Good Computer (CPU, Memory) – HTB may come with personal machine access based on the subscription
- Kali OS – Must have for beginners because it comes with lot of handy pen testing tools to make your life easier
- Lot of time googling techniques, researching and viewing someone exploiting the system
I have started following the ippsec.rocks religiously everyday watching his videos and I would recommend the same to keep you motivated.
Steps Involved to exploit?
This is my experience based on HTB challenge. Goal of the HTB box is to get shell access of the system and capture the user and root flags planted on the system. You may chose Windows or Linux box for the challenge and only clue from HTB whether its windows or Linux OS.
- Start with NMAP with the given IP address
- NMAP is powerful tool able to scan the open ports and run the scripts to identify the app
- Lot of Reconnaissance a.k.a Recon – its one of the critical step before moving further into exploitation
- Identify the vulnerability in the app
- Most of the time exploitation based on web application using OWASP top 10 so its good to understand front and back.
- Exploitation to get shell access – Getting shell access it depends on the vulnerability and there may be a chance to chain multiple vulnerabilities
- Final step is to escalate the shell to root
HTB box rated as very easy, easy, medium, hard and insane.
Conclusion
Start with easy box to get familiar with different tools and techniques. Watch lot of youtube videos of ippsec.rocks, John Hammond. Start documenting the exploitation steps and improve the skills. Finally and more important it requires lot of patience to master the skill.
Reference Materials
- https://ippsec.rocks/
- https://0xdf.gitlab.io/
- https://gtfobins.github.io/
- https://pentestmonkey.net/
- https://github.com/swisskyrepo/PayloadsAllTheThings