I’ve come to you in a time of perpetual frustration; the way I go about researching vulnerabilities is inefficient, and the way I gain footholds is nonexistent needs improvement.
###What I know
Enumeration
–* Network Enumeration
–* Service Enumeration
###What I need
I’d like to get a good understanding of what to do. MSFConsole can get me nowhere real quick and don’t like relying on others for hints and nudges. Is there any advice or resource short of do more boxes or git gud that you believe will help me? Any books that cover exploit development or research methods in regards to service vulnerabilities. I really appreciate your help in advance, and I look forward to working with you all.
Unfortunately, that process is usually individual for most penetration testers and ctf players and really does come down to building your own methods through experience and repetition. Hacking is more of an art than a science when it comes to methodologies.
That said, one thing that might help you (and this is more of a general advice) and is underutilized by newbies is to get on twitter and start following a bunch of infosec people. A lot of new exploits and tools are shared there and usually you’ll remember “that one article you saw on twitter” when a relevant box comes up later. The tag “bugbountytip” also has tons and tons of good tips on it.
@Xentropy said:
Unfortunately, that process is usually individual for most penetration testers and ctf players and really does come down to building your own methods through experience and repetition. Hacking is more of an art than a science when it comes to methodologies.
That said, one thing that might help you (and this is more of a general advice) and is underutilized by newbies is to get on twitter and start following a bunch of infosec people. A lot of new exploits and tools are shared there and usually you’ll remember “that one article you saw on twitter” when a relevant box comes up later. The tag “bugbountytip” also has tons and tons of good tips on it.
Hey thank you so much for that, there are a few people I can think to follow and I’ll dig deeper for some more. Also, it’s appreciated that you touch on how methodologies are different. I was delusional I guess, and thought there’s a scientific best practice for facing the boxes. Your consideration means a lot and thank you again for the pointers.