anonymus Posted June 30, 2017 Share Posted June 30, 2017 So where do I begin?....... I am a complete noob and basically have zero idea where to start. I am very much interested in learning Pentesting and Ethical Hacking. I also have a healthy interest in wanting to learn Linux and how to use the command line. I just have zero idea where to begin....... I know Kali is probably not the best/easiest platform for a beginner to learn on. So I ask you, all the great people in Hak5 Forum land, can you steer a FNG in the proper direction and help him get started? Any and all help will be appreciated. Also, yes I already do subscribe to Hak5 youth channel before anyone asks. Again thanks for any and all help. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted June 30, 2017 Share Posted June 30, 2017 (edited) I bought a Bunny. Free shoutout for Hak5? No....No no no...Definitely not. Honestly though, a Bunny really did help. It utilises lots of different languages - Bash is the most prominent, but there is also Python, Powershell, HTML, CSS and even a bit of Ducky script :P (among others) However, I understand if one does not want to spend $100 USD to start learning how to pentest when you can just play around with simple tools. I was always interested in programming (especially security-based programs), hacking and the like. Maybe think about getting a Raspberry Pi and start playing around with that? Installing VMs and then playing around with multiboot USBs that can remove passwords from Windows, boot up live Linux distros (that's always cool)..asking your mum to borrow her PC so you can hack into it and show her what you've learnt (you know, show her what you've learnt...yea, okay not wise..), make security systems around your house, play with a VPN so you can access your network from the internet (outside of home) etc..(VPN is tricky - don't do this unless you really know what you're doing otherwise other people on the internet will have access to your network..) Because hacking is just 'unauthorised access', you can basically set up anything and then find a way to get around the security you or someone else has put there. Bit of fun :) Also, for the multiboot USB, I recommend looking at YUMI and Hiren's Boot CD (you can put HBCD on a YUMI boot USB with other distros, and even Windows). Edited June 30, 2017 by Dave-ee Jones Quote Link to comment Share on other sites More sharing options...
Rkiver Posted June 30, 2017 Share Posted June 30, 2017 I say this every time, learn how to use a search function. There is a full huge topic on it already. If that seems harsh, I'm sorry, but you need to be able and willing to look for yourself. Next? Learn how your computer works, how it responds to things, perhaps setup a little pen testing enviroment in virtual machines. Learn how networks work. Or if you have a specific goal, learn what leads up to that. The skies are the limit with this. You set a goal, and start learning. Quote Link to comment Share on other sites More sharing options...
digip Posted June 30, 2017 Share Posted June 30, 2017 (edited) Kali(and any other distro) are just tools. It's not any harder or easier to use, but will make using pre-installed tools easier than having to set them up yourself, which many, do not always work out of the box across all distros or could be outdated and not work on any other distro, if they've managed to keep a supported copy working, which probably won't be something happening down the road. In BackTrack days you might have seen this since it was more trying to support every tool, but now it's more refined and lean, clean, what is installed should work out of the box. That said, don't be afraid to try it and other distros to get your feet wet with Linux. BackTrack 2 and Fedora 3 or 4 were the first distros I started with, which at the time BT was slax based I believe, and Fedora, well, is Red Hat for desktop folks and a lot of bloat(at least when I used it back then seemed that way). Edited June 30, 2017 by digip Quote Link to comment Share on other sites More sharing options...
anonymus Posted July 1, 2017 Author Share Posted July 1, 2017 10 hours ago, Rkiver said: I say this every time, learn how to use a search function. There is a full huge topic on it already. If that seems harsh, I'm sorry, but you need to be able and willing to look for yourself. Next? Learn how your computer works, how it responds to things, perhaps setup a little pen testing enviroment in virtual machines. Learn how networks work. Or if you have a specific goal, learn what leads up to that. The skies are the limit with this. You set a goal, and start learning. I do appreciate the response and with all due respect, I actually looked at that threat before posting. The issue I had with it was it was started over a decade ago, some of the links are no longer good and the fact that there really hasn't been any valuable informational updates to it in some time now. Last post I saw on it was in April and if I am not mistaken it was actually a question of "if that thread had been updated since it was a decade old thread". I 100% agree that I should and am willing to search and look on my own. I have actually, there were a couple of threads that I looked at after posting this and checked out the links in those. I apologize if I offended you or if its a question that gets asked everyday and it gets old, trust me I get it and completely understand. My issue is that the INFOSEC/Security Ops field is extremely vast and I am just trying to get a little direction on a good starting point. Again I appreciate your response and I apologize if my post aggravated you in any way. Quote Link to comment Share on other sites More sharing options...
anonymus Posted July 1, 2017 Author Share Posted July 1, 2017 19 hours ago, Dave-ee Jones said: I bought a Bunny. Free shoutout for Hak5? No....No no no...Definitely not. Honestly though, a Bunny really did help. It utilises lots of different languages - Bash is the most prominent, but there is also Python, Powershell, HTML, CSS and even a bit of Ducky script :P (among others) However, I understand if one does not want to spend $100 USD to start learning how to pentest when you can just play around with simple tools. I was always interested in programming (especially security-based programs), hacking and the like. Maybe think about getting a Raspberry Pi and start playing around with that? Installing VMs and then playing around with multiboot USBs that can remove passwords from Windows, boot up live Linux distros (that's always cool)..asking your mum to borrow her PC so you can hack into it and show her what you've learnt (you know, show her what you've learnt...yea, okay not wise..), make security systems around your house, play with a VPN so you can access your network from the internet (outside of home) etc..(VPN is tricky - don't do this unless you really know what you're doing otherwise other people on the internet will have access to your network..) Because hacking is just 'unauthorised access', you can basically set up anything and then find a way to get around the security you or someone else has put there. Bit of fun :) Also, for the multiboot USB, I recommend looking at YUMI and Hiren's Boot CD (you can put HBCD on a YUMI boot USB with other distros, and even Windows). Thank you. I will check that out. Quote Link to comment Share on other sites More sharing options...
digip Posted July 1, 2017 Share Posted July 1, 2017 7 hours ago, anonymus said: I do appreciate the response and with all due respect, I actually looked at that threat before posting. The issue I had with it was it was started over a decade ago, some of the links are no longer good and the fact that there really hasn't been any valuable informational updates to it in some time now. Last post I saw on it was in April and if I am not mistaken it was actually a question of "if that thread had been updated since it was a decade old thread". I 100% agree that I should and am willing to search and look on my own. I have actually, there were a couple of threads that I looked at after posting this and checked out the links in those. I apologize if I offended you or if its a question that gets asked everyday and it gets old, trust me I get it and completely understand. My issue is that the INFOSEC/Security Ops field is extremely vast and I am just trying to get a little direction on a good starting point. Again I appreciate your response and I apologize if my post aggravated you in any way. I managed to grab some of the links from the topics first post, and found their archives. This is to say, "searching" is part of learning, and those educational links, are not so much out dated, as they were just harder to find. They all still apply, and history, even if new methods and techniques exist, still holds value with much of the above thread is still relevant today. These should help anyone else who couldn't find those links as well, and maybe an OP can add/update the missing links at the same time. http://www.lessig.org/freeculture/free.html > https://www.youtube.com/watch?v=xlLnK4ugTLc http://neonatus.net/C/index.html > https://web.archive.org/web/20061107202512/http://neonatus.net/C/index.html http://maven.smith.edu/~thiebaut/ArtOfAssembly/artofasm.html > https://web.archive.org/web/20070203065001/http://maven.smith.edu/~thiebaut/ArtOfAssembly/artofasm.html http://www.milw0rm.com/ > https://www.exploit-db.com (no really, we imported Milw0rm years ago into our DB when they closed doors, so it still exists, just as part of EDB) Quote Link to comment Share on other sites More sharing options...
Rkiver Posted July 1, 2017 Share Posted July 1, 2017 15 hours ago, anonymus said: Again I appreciate your response and I apologize if my post aggravated you in any way. Nothing to apologise for, at all. It's just that's a good place to start, even with it being a bit on the old side, it points the direction to go in. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.