Here’s how I started:
- Setup a basic Kali (I’d say Kali is mandatory)
- Setup a basic CommandoVM (optional; CommandoVM can make things easier when attacking windows)
- Watch all Technique videos from IPPSEC on youtube.
- Then watch two or three walkthroughs of HTB boxes by IPPSEC. (This is so you have some ideas on what to start with on your first box)
a. Choose the easiest Box you haven’t pwned yet.
b. Try your best, fail, cry.
c. Pick yourself up, do some research. (This Forum is full of hints, Google is always your friend, https://ippsec.rocks has a search for ippsecs videos by timestamp, very useful for finding the right video to watch)
d. Crack the box and enjoy the rush pwning a system gives you.
e. Make notes on how you did it, what techniques you used and what commands/tools helped.
It’s a long process, but for me it was the most effective. That way you slowly build up knowledge and tools.
Also don’t be afraid to ask on this forum about the box you are currently attacking (spoiler free of course). If you get really really stuck maybe ask for someone to PM you or scour the forums for people who already cracked it and offered help via PM.
Especially in the beginning don’t go like “Oh, if I get help I haven’t earned the box.”. Look at it in this way: Even if you haven’t “earned” this box, you still have learned a lot that will help you do the next box with less and less help. No shame in getting help!
That being said, I studied computer science and was already versed in Linux before starting this. So depending on your current knowledge you might want to read up on a bit of Networking basics (TCP/IP in particular and a bit of UDP) and get to know Linux and your way around the command line. If you want to attack windows, you should also know how to use the command line and powershell (not necessarily writing scripts, but using the cli at least) and some things about administration of windows via registry, the
net command and its siblings.
PS: Studying CS is by no means mandatory! Just be curious, ask the right questions and do your research and you’ll get there.