Hye , I am pretty much noob in this area . Started studying the OWASP and then watched some tutorials on how to access website login page using Burpsuite . Now when I first saw the invite code challenge to get myself in this HackBox I just did it . But , now I am completely lost (ex. Where I should actually start or what should I actually study for ) . Someone please help me I am becoming more and more depressed in the meantime .
The best place to start learning in my opinion is writeups. It’s how I learnt and I’m sure it’s how a lot of other people learnt.
I’ll paste a few related to the ones I started on, which are usually vulnhub machines. I started out just following along with these as they gave me a methodology to follow.
Also check out the writeup section of the forum, which has quite a few boxes listed. Even if you’re on the free tier and can’t access them, they’ll still give you insight into someone else’s way of thinking. Speaking of that the best resource in my opinion are ippsec’s videos for seeing someone else’s viewpoint on things.
Also try this on Linux boxes LinEnum/LinEnum.sh at master · rebootuser/LinEnum · GitHub It’s not the be all and end all but it does help you work out what looks normal on a box. I’ve learnt so much about linux misconfigurations from this script to be honest as well as Basic Linux Privilege Escalation - g0tmi1k.
We probably should have a newbie guide to be honest. Most importantly however, just read around the subject, we all started where you are now.
Thank You very much Guru Booj . I will go through these valuable links . Thank you very much again .
+1 to the above. Also you can watch the video tutorials and read the writeups for the retired machines, that should help you out as well.
Watch ippsec’s & r00k’s walkthroughs
My two cents on this subject: https://rot.fi/2018/03/08/1274/ . I wholeheartedly agree that the writeups are a very good way to get going. This is essentially learning by doing so doing is important once you start getting somewhere (I still suck at that “guessing” game with these machines.)