sahil Posted March 27, 2017 Share Posted March 27, 2017 (edited) I am fuzzing around with Metasploitable and I ran a vulnerability scan with Nessus. I obviously got a bunch of critical vulnerabilities but I am clueless on what they are and how the exploit works. I did google it but their explanations are rather vague or just complex for me to understand (I am a stereotypical Script Kiddie, feel free to call me dumb). Can someone please tell me how and from where do I search more about the vulnerability and the exploit. Often the exploits are written in ruby (or languages that I am not fluent in, even the pro's aren't good in every language are they?) and I am just starting to learn it. (I am good in python though, I can understand most of the code). I am reading networking books along the lines and am good with Linux. Other than researching exploits and vulnerabilities can you explain how you got into and better with penetration testing? Thank you. Edited March 27, 2017 by sahil Quote Link to comment Share on other sites More sharing options...
digininja Posted March 27, 2017 Share Posted March 27, 2017 Google "metasploitable walkthrough" and you'll get lots of help with it. Quote Link to comment Share on other sites More sharing options...
sahil Posted March 27, 2017 Author Share Posted March 27, 2017 Oh I already did that and it was really insightful but I am talking about vulnerabilities in general. I want to make it as a peniteration tester, I am not asking for a go to place everytime I see a vulnerability just point me in a helpful direction. Also, does reading books such as The hacker's Playbook and books like that? Quote Link to comment Share on other sites More sharing options...
digininja Posted March 27, 2017 Share Posted March 27, 2017 If you want to understand how exploits actually work then for a lot of them you'll need to learn to at least read different languages. Get yourself comfortable with Ruby and Python then go to exploit-db and pick some to play with. Most will have a link to the write up on how they were found and what they do. If you can read the source you should be able to start to understand what they are actually doing. If you have some cash to spend, look at the courses on SecurityTube, they do all sorts of good stuff. Quote Link to comment Share on other sites More sharing options...
sahil Posted March 27, 2017 Author Share Posted March 27, 2017 Thank you, I am comfortable in Python and able to understand most of the code and will fasten the pace for ruby. Could you tell me about the books weather they are helpful or am I just wasting my time reading those. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 27, 2017 Share Posted March 27, 2017 Don't know, haven't read any security books for a long time. Quote Link to comment Share on other sites More sharing options...
sahil Posted March 27, 2017 Author Share Posted March 27, 2017 Alright, thank you so much for answering the question. I will try and better my skills. Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted April 6, 2017 Share Posted April 6, 2017 (edited) On 27/03/2017 at 9:57 PM, sahil said: Could you tell me about the books weather they are helpful or am I just wasting my time reading those. Books are OK to have for reference, for pentesting, but nothing beats real experience. I'd recommend PluralSight, if you can afford the license. Very good training video site, they cover Ruby, Python and PowerShell in-depth, as well as all of the infrastructure you'll ever need to know. And they have a huge amount of dedicated courses/paths for pentesting itself. Codecademy is also excellent for actually getting you to write code in real-time, in the browser, and is free. Edited April 6, 2017 by haze1434 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.