Lord777
Professional
- Messages
- 2,578
- Reaction score
- 1,532
- Points
- 113
Content
The IT sector is developing by leaps and bounds, computer technology is penetrating deeper into life, digital systems are becoming more complex, and, accordingly, the attack surface is growing. This, in turn, creates a demand for security specialists, including white hackers.
An ethical hacker should be well versed in all the specifics of the dark side: if you know how to break, and keep this knowledge up-to-date, then you can also make recommendations for protection. In general, the main thing here is practice, but how to do it without breaking the law?
In the early 2000s, many cybersecurity enthusiasts became criminals, although often the crime was only curiosity. Every now and then one could find stories about hacking of real systems written in the first person on the web.
The fact is that then there were no alternatives, and curiosity was rife. But this could not last long. Times changed and hackers had to find ways to improve their offensive security skills legally. Today there are a number of venues where everyone is given the opportunity to practice without risking falling under the heavy hand of the law.
This article focuses on relatively free platforms that do not require a subscription purchase to access their infrastructure. Of the paid counterparts that provide their clients with, among other things, advanced teaching materials, we can single out Virtual Hacking Labs and PentesterLab Pro, which are similar to the PWK course.
Hacking training and practice sites
There are several directions that a particular resource offering pentesting practice can adhere to. Usually, they all fall into one of three large sections.
Let's take a closer look at the largest and most famous sites where you can pamper your inner hacker.
Hack the box
Hack The Box (or HTB) is my favorite resource that allows you to hone the art of penetration testing and part-time, perhaps one of the largest platforms for learning hacking in practice, where 127 vulnerable machines are currently available, 65 Task Based CTF- tasks and several types of hardcore virtual forests AD. That is, as you already understood, there are all the areas described above.
Hack the box
Over the past few years, Hack The Box has become the most popular among security researchers of all stripes: it features a user-friendly web interface for managing active instances of virtual machines, responsive technical support and, most importantly, a constantly updated list of vulnerable hosts.
The schedule for the release of a new car "online" is very simple: every week a new car is released and becomes available for hacking to all players registered on the resource; at the same time, one of the machines that has been “hanging” online up to this point goes into the pool of recalled machines. In total, there are 20 machines online at the same time. But this is only on a free server. When you sign up for a VIP subscription (£ 10 / month or £ 100 / year), you can independently pull any "outdated" host from the pool online on a dedicated server and run your tests. Also, along with this superpower, you will have access to the official walkthroughs in PDF format, which are made by the resource staff themselves.
Registration for Hack The Box involves solving a trivial web task for receiving an invitation code, so I have always conventionally considered this resource to be half-closed. Why conditionally? Because the task is really elementary, and at one time I even wrote a one-liner to generate the next invite. We will not analyze the process itself within the framework of this article, since it would be impolite to disclose all the details of the solution and devalue the work of the HTB team. Nevertheless, there are plenty of guides on the net.
hackthebox.eu/invite
However, what surprised me in the process of writing this article is that the registration restriction turns out to be easily circumvented by simply going to the registration page. I don't know if this is a bug or a feature, and whether it was so initially, but the fact remains - now it works.
hackthebox.eu/register
I would rate the threshold for entering this platform as medium: despite the fact that most of the active instances are virtual machines of high complexity, you can find simple machines on the site that are recommended for specialists who are beginning their journey. A flexible filter system will allow you to choose a car to your liking.
Filtering the list of existing VMs
It is worth noting that Hack The Box uses DigitalOcean's services to deploy its cloud infrastructure, and since RKN blocks many DigitalOcean IP addresses, access to some HTB resources from our country may be difficult. However, in this case, we are mainly talking about the web tasks of the CTF section, where vulnerable servers "look" directly to the Internet, and not hidden behind a VPN, like the main laboratory with virtual machines.
Root me
Root Me is another unique platform for practicing pentesting and CTF-style puzzle solving. If we look again at our list of resource varieties at the beginning of the article, we can say that this platform includes the first area and a kind of combination of the next two.
Root Me Hacking Training Platform
The section with CTF tasks is really impressive: it includes 11 sections with 344 tasks in total.
CTF Tasks - Root Me
The peculiarity of many of them is that you will need to interact with the remote host, and not just deal with local task files. Conveniently, you can use WebSSH to connect directly from your browser.
WebSSH session from Firefox browser
However, the main feature of the site is the CTF all day section: in this mode you can choose from twenty “rooms”, each of which is active for four hours. By joining any of them, you will receive a brief summary of the target of attack and information on the location of the flags. Some rooms are full-fledged laboratories with a bunch of several virtual machines with an AD controller and a common legend. You have to try hard to overcome such rooms.
CTF all day - 20 active rooms
As for the overall difficulty level, in my opinion, it is slightly lower than that of Hack The Box. Despite this, the greater variety of CTF tasks and the opportunity to train on lighter polygons with Active Directory put the Root Me site in the list of "must have" resources for pentesting practice.
VulnHub hacking training platform
One of the biggest advantages of VulnHub is the huge number of virtual machine readups available on the network, and the absence of any restrictions on their publication (Hack The Box and Root Me impose a time frame during which a ban on posting passages on the network is in effect - otherwise In case, there is a risk of getting banned if you publish under your nickname).
VulnHub's large selection of machines and writeups make it a great starting point for people who don't know where to start their first steps in hacking.
Cons:
A complete list of virtual machines available on VulnHub can be found here.
Recommendations for beginners
In the abstracts, I will try to outline the main points that will definitely come in handy for those who plan to start working with any of the above resources for studying hacking.
First, about setting up the environment.
Now directly about the process of researching vulnerable virtual machines.
- 1. Platforms for training and practice of hacking
- 1.1 Hack The Box
- 1.2 Root Me
- 1.3 VulnHub
- 2. Tips for beginners
The IT sector is developing by leaps and bounds, computer technology is penetrating deeper into life, digital systems are becoming more complex, and, accordingly, the attack surface is growing. This, in turn, creates a demand for security specialists, including white hackers.
An ethical hacker should be well versed in all the specifics of the dark side: if you know how to break, and keep this knowledge up-to-date, then you can also make recommendations for protection. In general, the main thing here is practice, but how to do it without breaking the law?
In the early 2000s, many cybersecurity enthusiasts became criminals, although often the crime was only curiosity. Every now and then one could find stories about hacking of real systems written in the first person on the web.
The fact is that then there were no alternatives, and curiosity was rife. But this could not last long. Times changed and hackers had to find ways to improve their offensive security skills legally. Today there are a number of venues where everyone is given the opportunity to practice without risking falling under the heavy hand of the law.
This article focuses on relatively free platforms that do not require a subscription purchase to access their infrastructure. Of the paid counterparts that provide their clients with, among other things, advanced teaching materials, we can single out Virtual Hacking Labs and PentesterLab Pro, which are similar to the PWK course.
Hacking training and practice sites
There are several directions that a particular resource offering pentesting practice can adhere to. Usually, they all fall into one of three large sections.
- CTF tasks are well-known Capture the Flag, which are separate tasks on a specific topic. Typically, there are categories such as Reverse, Exploit (or PWN), Web, Crypto, Stego, Forensics, OSINT, and Misc. Slightly less often PPC (sports programming) is added to them. The process of performing such a task is quite straightforward: you download the files that are part of the task to your car, find the flag, enter it on the resource and get your reward.
- Vulnerable virtual machines are a more realistic test that involves hacking a known vulnerable host. The ultimate goal is to gain control over the privileged account of the system. Demonstration of the ability to read files (also containing a kind of "flag") available to users with appropriate privileges is usually the proof of the final takeover of the machine. The process of passing such a virtual machine differs depending on the device of the site itself, on which the vulnerable host lives: it can be either "live" hosts that are currently directly on the network on the servers of the site (online laboratory), or downloadable images for independent run in a virtual environment.
- VLANs - as a rule, virtual Active Directory forest where requires participants to grab a controller and a foothold in the network. During the passage, a variety of methods can be used to advance through the infrastructure: from competitive intelligence and phishing to exploiting 0-day vulnerabilities. The complexity of such tasks is comparable to real cases, and often even surpasses them. Access to laboratories of this type is usually paid, and their services can be most useful for people preparing for professional certifications such as OSCP.
Let's take a closer look at the largest and most famous sites where you can pamper your inner hacker.
Hack the box
Hack The Box (or HTB) is my favorite resource that allows you to hone the art of penetration testing and part-time, perhaps one of the largest platforms for learning hacking in practice, where 127 vulnerable machines are currently available, 65 Task Based CTF- tasks and several types of hardcore virtual forests AD. That is, as you already understood, there are all the areas described above.
Hack the box
Over the past few years, Hack The Box has become the most popular among security researchers of all stripes: it features a user-friendly web interface for managing active instances of virtual machines, responsive technical support and, most importantly, a constantly updated list of vulnerable hosts.
The schedule for the release of a new car "online" is very simple: every week a new car is released and becomes available for hacking to all players registered on the resource; at the same time, one of the machines that has been “hanging” online up to this point goes into the pool of recalled machines. In total, there are 20 machines online at the same time. But this is only on a free server. When you sign up for a VIP subscription (£ 10 / month or £ 100 / year), you can independently pull any "outdated" host from the pool online on a dedicated server and run your tests. Also, along with this superpower, you will have access to the official walkthroughs in PDF format, which are made by the resource staff themselves.
Registration for Hack The Box involves solving a trivial web task for receiving an invitation code, so I have always conventionally considered this resource to be half-closed. Why conditionally? Because the task is really elementary, and at one time I even wrote a one-liner to generate the next invite. We will not analyze the process itself within the framework of this article, since it would be impolite to disclose all the details of the solution and devalue the work of the HTB team. Nevertheless, there are plenty of guides on the net.
hackthebox.eu/invite
However, what surprised me in the process of writing this article is that the registration restriction turns out to be easily circumvented by simply going to the registration page. I don't know if this is a bug or a feature, and whether it was so initially, but the fact remains - now it works.
hackthebox.eu/register
I would rate the threshold for entering this platform as medium: despite the fact that most of the active instances are virtual machines of high complexity, you can find simple machines on the site that are recommended for specialists who are beginning their journey. A flexible filter system will allow you to choose a car to your liking.
Filtering the list of existing VMs
It is worth noting that Hack The Box uses DigitalOcean's services to deploy its cloud infrastructure, and since RKN blocks many DigitalOcean IP addresses, access to some HTB resources from our country may be difficult. However, in this case, we are mainly talking about the web tasks of the CTF section, where vulnerable servers "look" directly to the Internet, and not hidden behind a VPN, like the main laboratory with virtual machines.
Root me
Root Me is another unique platform for practicing pentesting and CTF-style puzzle solving. If we look again at our list of resource varieties at the beginning of the article, we can say that this platform includes the first area and a kind of combination of the next two.
Root Me Hacking Training Platform
The section with CTF tasks is really impressive: it includes 11 sections with 344 tasks in total.
CTF Tasks - Root Me
The peculiarity of many of them is that you will need to interact with the remote host, and not just deal with local task files. Conveniently, you can use WebSSH to connect directly from your browser.
WebSSH session from Firefox browser
However, the main feature of the site is the CTF all day section: in this mode you can choose from twenty “rooms”, each of which is active for four hours. By joining any of them, you will receive a brief summary of the target of attack and information on the location of the flags. Some rooms are full-fledged laboratories with a bunch of several virtual machines with an AD controller and a common legend. You have to try hard to overcome such rooms.
CTF all day - 20 active rooms
As for the overall difficulty level, in my opinion, it is slightly lower than that of Hack The Box. Despite this, the greater variety of CTF tasks and the opportunity to train on lighter polygons with Active Directory put the Root Me site in the list of "must have" resources for pentesting practice.
VulnHub
VulnHub is a vintage image dump of vulnerable virtual machines maintained by enthusiasts. This is a completely free source, from where anyone can download the virtual machine they like and start looking for flags.VulnHub hacking training platform
One of the biggest advantages of VulnHub is the huge number of virtual machine readups available on the network, and the absence of any restrictions on their publication (Hack The Box and Root Me impose a time frame during which a ban on posting passages on the network is in effect - otherwise In case, there is a risk of getting banned if you publish under your nickname).
VulnHub's large selection of machines and writeups make it a great starting point for people who don't know where to start their first steps in hacking.
Cons:
- Often there is no clear description for machines that would make it possible to understand what a machine is. Since all the variety of machines existing on VulnHub can be roughly divided into two categories (with a focus on the Task Based CTF genre and virtual machines closer to real life), then each time you upload a new image, in essence, you take a pig in a poke and don't know , what type of task you have to face.
- Total absence of Windows machines. Well, it's understandable - it's still an open source resource.
A complete list of virtual machines available on VulnHub can be found here.
Recommendations for beginners
In the abstracts, I will try to outline the main points that will definitely come in handy for those who plan to start working with any of the above resources for studying hacking.
First, about setting up the environment.
- Virtualization tools are your friends. Choose from imaging solutions for virtual machines (VirtualBox or VMware for Windows, KVM for Linux) and stick with it. The ability to quickly deploy guest operating systems is useful for more than just security.
- Pentest-oriented distributions are cool. Kali Linux, Parrot OS, BlackArch Linux, Commando VM - it doesn't matter which one you choose, the main thing is that they are easy to install and practical to use (in the initial stages, I would stop at Kali or Parrot). Regardless of what you decide to install, install also strictly as a virtual machine: this way you reduce the risks of unwanted influences from other, perhaps less ethical hackers, if you plan to connect to online labs (that is, dedicated virtual networks) via VPN.
- Explore the console and reduce your use of the OS GUI - this is a useful skill for almost any area of IT. Working in the command line will significantly increase your productivity, learn to better concentrate on the current problem (rather than switching between open windows) and will not be helpless when the graphical interface is not at hand at all. At the same point, I strongly recommend that you learn how to handle any terminal multiplexer (I prefer tmux, although I am sure that many will not agree with me in this choice), so as not to switch between tabs in the terminal emulator window.
Now directly about the process of researching vulnerable virtual machines.
- "Enumeration is the Key" is the most frequent answer along with "Try Harder!" to cries for help on all kinds of forums. The initial collection of information about the target of the attack is perhaps the most painstaking stage of the entire campaign, and sometimes the most time-consuming. The more initial data, the more material for analysis, the larger the surface of possible attacks. Always leave some scouting utility running in the background to check for the next infiltration vector.
- Know your tools. The ability to apply the right software in the right situation is half the success of the operation. There are many lists of useful hacking tools on the web, but these lists are worthless if you have never tried the tool live. Therefore, when working with something new, do not neglect the man command and the --help option to get a basic understanding of the program's capabilities.
- Do not hesitate to search for information on the net, "google - it's not a shame!". The sphere of computer security is colossally large, it is very difficult to grasp it entirely, and it is not always necessary if you can quickly find something on the Internet. This is not the same as being a script kiddie - as long as you can clearly explain how you achieved this or that result (with technical details), there is nothing to worry about.
- Read blogs and read-ups of your colleagues - even if you have already overcome some kind of car. Looking at the same problem from different angles helps to expand the framework of thinking and accumulate versatile experience in solving similar problems. This can be very useful in a resource-limited setting (more than one thing will work).
- Do not be lazy to take notes - both directly during the penetration test to keep the work organized (CherryTree or KeepNote can help here), and after the successful completion of the hack to systematize the knowledge gained. An excellent option would be to write a read-up to a defeated car, because in the process of explaining your passage to others, you reinforce the information you have learned once more.
