Hacking Learning Path

Topic

Pentesting
OSINT
- Introduction to Research
Linux
- Linux Fundamentals
- Linux Privilage Escalation
- Linux Challenges
  - Abusing SUID/GUID
  - Security Misconfiguration
  - Misconfigured Binaries
  - Exploitation LXC/Docker
  - Exploiting Crontab
  - Capabilities
  - Exploiting PATH Variable
Networking
- Networking Fundamentals
- Network Enumeration
- Port Poking
- SMB Fundamentals, Enumeration, Exploitation
- Telnet Fundamentals, Enumeration, Exploitation
- FTP Fundamentals, Enumeration, Exploitation
- NFS Fundamentals, Enumeratuion, Exploitation
- SMTP Fundamentals, Enumeratuion, Exploitation
- DNS Enumeration
- Pop3 Enumeration
- Reverse Shells
- Network Tunneling
Web Application Security
- Web Application Security Fundamentals
- Web Application Challenges
- Web Poking
  - Insecure Direct Object Reference
  - Forced Browsing
  - API bypassing
- Command Injection
  - Blind Command Injection
  - Active Command Injection
  - Privileged Remote and Client-Side Command Execution
  - Cause
    - Cross-site Scripting
    - Directory Traversal
    - Log Poisoning
    - Server Side request forgery
    - XML External Entity
    - SQL Injection
  - Effect
    - OS Command Injection
    - Local File Inclusion
    - Remote File Inclusion
    - Cross-site XMLHttpRequest
Cryptography
- Character Encoding
  - Leet Speak 1337
  - URL Encoding
  - HTML Entity
- Arithmetics Encoding
  - Decimal
  - Binary
  - Hex
- Substitution Cipher
  - ROT11
  - ROT13
  - ROT13 (Amount 14)
  - ROT47
- Poly-Alphabetic Cipher
  - Vigenère
- Binary-to-text encoding
  - Base10
  - Base16
  - Base32
  - Base58
  - Base62
  - Base64
  - Base85
  - Base91
- Programming Language
  - Brainfuck
  - Spoon
- Communication System
  - Morse Code
  - Morse Code (Audio)
- Modern Cryptography
  - AES
  - RSA
Steganography
Common Vulnerabilities and Exposures (CVE)
- CVE-2004-1561 - Icecast 2.0.1
- CVE-2014-0160 - OpenSSL 1.0.1 - 1.0.1f
- CVE-2014-0346 - OpenSSL 1.0.1 - 1.0.1f
- CVE-2014-6271 - shellshock
- CVE-2014-6287 - Rejetto HTTP File Server (HFS) 2.3.x
- CVE-2015-1328 - Linux Kernel 3.13.0 < 3.19
- CVE-2015-7501 - Jboss Java Deserialization
- CVE-2017-0213 - Windows COM Aggregate Marshaler/IRemUnknown2
- CVE-2017-8917 - Joomla! 3.7.0
- CVE-2019-6714 - BlogEngine.NET 3.3.6
- CVE-2019-7609 - Kibana Timelion < 5.6.15 and 6.6.1
- CVE-2019-9053 - CMS Made Simple < 2.2.10
- CVE-2019-14287 - Sudo < 1.8.28
- CVE-2019-15949 - Nagios XI
- CVE-2017-16995 - Linux Kernel < 4.13.9
- CVE-2018-17057 - LimeSurvey < 3.16
- CVE-2019-18634 - Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
- CVE-2020-1938 - Apache Tomcat
- CVE-2020-12772 - Spark 2.8.3
Exploitation
- Metasploit
- Metasploit Challenges
Hash Cracking
Brute Forcing
- Brute Forcing Challenges
- Brute Forcing (Zip)
- Brute Forcing (FTP)
- Brute Forcing (http-get)
- Brute Forcing (http-post-form)
- Brute Forcing (Burp Intruder)
- Brute Forcing (Wordpress)
- Brute Forcing (Joomla)
- Brute Forcing (Json API)
- Brute FOrcing (SSH)
- Brute Forcing (SSH Key)
- Brute Forcing (pfx)
- Brute Forcing (Hash)
- Brute Forcing (Vigenere)
- Brute Forcing (NTML)
- Brute Forcing (Binary)
- Brute Forcing (GPG)
- Brute Forcing (KDBX KeePass)
Windows
- Windows Fundamentals
- Windows Privilage Escalation
- Windows Post-Exploitation
- Windows Challenges
Databases
Scripting
- Scripting Challenges
Forensic
- System Forensic
- Network Forensic
Reverse Engineering
- Reverse Engineering Challenges
Puzzle Challenges
Miscellaneous

TryHackMe

Tutorial
- TryHackMe Tutorial
Kali Machine
- TryHackMe Tutorial
Getting Started
- TryHackMe Tutorial
- Web Poking
Starting Out In Cyber Sec
- TryHackMe Tutorial
- Cyber Security Career Paths

Open Source Intelligence (Walkthroughs)

Introductory Researching
- OSINT
- Vulnerability Analysis
- Linux Fundamentals
Google Dorking
- OSINT
OhSINT
- OSINT
- Steganography
- Passive Web Enumeration
Geolocating Images
- Geolocating
- OSINT
Shodan.io
- Shodan.io Fundamentals
- OSINT
Sublist3r
- Sublist3r Fundamentals
- OSINT
- Web Enumeration

Linux Fundamentals (Walkthroughs)

Learn Linux
- Linux Fundamentals
NIS - Linux Part I
- Linux Fundamentals
The find command
- Linux Fundamentals
- Linux find Command
Ninja Skills
- Linux Fundamentals
- Linux find Command
Linux: Local Enumeration
- Linux Fundamentals
- Linux Local Enumeration
Linux Challenges
- Linux Fundamentals
- Linux find Command
- Privilage Escalation
- Cryptography
  - Base64
  - Hex
- SQL Enumeration

Networking Fundamentals (Walkthroughs)

Networking
- Network Fundamentals
Nmap
- NMAP Fundamentals
- Network Enumeration
Wireshark 101
- Wireshark Fundamentals
- Network Forensics
Introductory Networking
- Network Fundamentals
- Network Forensics
- Network Enumeration
Network Services
- SMB Fundamentals
- SMB Enumeration
- SMB Exploitation
- Telnet Fundamentals
- Telnet Enumeration
- Telnet Exploitation
- FTP Fundamentals
- FTP Enumeration
- FTP Exploitation
Network Services 2
- NFS Fundamentals
- NFS Enumeratuion
- NFS Exploitation
- SMTP Fundamentals
- SMTP Enumeratuion
- SMTP Exploitation
- MySQL Fundamentals
- MySQL Enumeratuion
- MySQL Exploitation

Web Application Security (Walkthroughs)

Web Fundamentals
- Web Fundamentals
Burp Suite
- Web Application Analysis
- Burp Suite Fundamentals
Web Scanning
- Web Application Analysis
- OWASP Zap Fundamentals
OWASP ZAP
- Web Application Analysis
- OWASP Zap Fundamentals
Nessus
- Web Application Analysis
- Nesus Fundamentals
Content Security Policy
- Content Security Policy Fundamentals
- Bypass Content Security Policy
Upload Vulnerabilities
- Bypassing Client-Side Filtering
- Bypassing Server-Side Filtering: File Extensions
- Bypassing Server-Side Filtering: Magic Numbers
Cross-site Scripting
- Stored XSS
- Reflected XSS
- DOM-Based XSS
- Filter Evasion
Authenticate
- Brute Force (http-post-form)
- Re-registration
- JSON Web Token
SSRF
- Server Side request forgery (SSRF)
XXE
- XML Fundamentals
- XML External Entity (XXE)
ZTH: Web 2
- Insecure Direct Object Reference
- Forced Browsing
- API Authentication Bypass
OWASP Top 10
- Injection
- OS Command Injection
- Command Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entity
- Broken Access Control
- Security Misconfiguration
- Cross-site Scripting
- Insecure Deserialization
- Known Vulnerabilities
- Insufficient Logging and Monitoring
OWASP Juice Shop
- Web Poking
- OSINT
- Email Injection
- Brute Forcing (Burp Intruder)
- Sensitive Data Exposure
- Poison Null Byte
- Broken Access Control
- Cross-site Scripting
WebAppSec 101
- Network Enumeration
- Web Poking
- Security Misconfiguration
- Cross-site Scripting
- Injection
- Logic Flaws
ZTH: Obscure Web Vulns
- Server Side Template Injection (SSTI)
- Cross-site Request Forgery (CSRT)
- Json Web Token (JWT)
- XML External Entity Injection (XXE)
CTF collection Vol.2
- Network Enumeration
- Web Enumeration
- Web Poking
- Cryptography
  - Hex
  - URL encoding
  - Base64
- SQL Enumeration
- Brute Forcing Hash
- Web Cookie Manipulation
- Web Header Manipulation
- Python Scripting (Decoder)
- Reverse Engineering

Web Application Security (Challenges)

UNSOLVED: Internal
- Network Enumeration
- Web Enumeration
- Enumeration (Wordpress)
- Exploitation (Wordpress)
Avengers Blog
- Cookie Enumeration
- Web Header Eumeration
- Network Enumeration
- Web Poking
- FTP Enumeration
- SQL Injection
- Command Injection
AttackerKB
- Network Enumeration
- Webmin 1.890 Exploit
- Metasploit (webmin_backdoor)
ToolsRus
- Web Enumeration
- Web Application Analysis
- Network Enumeration
- Brute Forcing HTTP-GET
- Exploitation Tomcat
Vulnversity
- Network Enumeration
- Web Enumeration
- Exploitation Upload
- Abusing SUID/GUID
Ignite
- Network Enumeration
- Web Enumeration
- Security Misconfiguration
- Exploitation Upload
- Stored Passwords & Keys
Dav
- Network Enumeration
- Web Enumeration
- Security Misconfiguration
- WebDav Enumeration
- Misconfigured Binaries
Tartarus
- Network Enumeration
- Web Enumeration
- FTP Enumeration
- Brute Forcing (http-post-form)
- Exploitation Upload
- Security Misconfiguration
Mr Robot CTF
- Network Enumeration
- Web Enumeration
- Brute Forcing (Wordpress)
- Brute Forcing (Hash)
- Abusing SUID/GUID
Boiler CTF
- FTP Enumeration
- Network Enumeration
- Web Enumeration
- Exploitation Joomle Sar2HTML 3.2.1
- Stored Passwords & Keys
- Abusing SUID/GUID
ConvertMyVideo
- Network Enumeration
- Web Enumeration
- Web Poking
- Remote File Inclusion
- Brute Forcing (Hash)

Command Injection (Walkthroughs)

Injection
- Command Injection Fundamentals
- Blind Command Injection
- Active Command Injection
LFI Basics
- Local File Inclusion Fundamentals
- Directory Traversal
- Log Poisoning
LFI
- Local File Inclusion
- Directory Traversal
- Misconfigured Binaries (/bin/journalctl)

Command Injection (Challenges)

Inclusion
- Network Enumeration
- Directory Traversal
- Brute Forcing Hash
- Misconfigured Binaries
dogcat
- Network Enumeration
- Web Enumeration
- Web Poking
- Local File Inclusion
- Directory Traversal
- Python Scripting (Log Poisoning)
- Log Poisoning
- Abusing SUID/GUID
- Misconfigured Binaries
Develpy
- Network Enumeration
- Code Injection (RCE)
- Exploiting Crontab
Carpe Diem 1
- Network Enumeration
- Web Poking
- Web Enumeration
- Cross-site XMLHttpRequest
- Enumeration (GraphQL)
- Brute Forcing (KDBX KeePass)

SQL Injection (Challenges)

Game Zone
- SQL Injection
- Brute Forcing (Hash)
- SSH Tunneling
- Privileged Remote and Client-Side Command Execution
Jurassic Park
- Network Enumeration
- Web Enermeration
- Bash SCripting (Fuzzing)
- SQL Enumeration
- SQL Injection
- Linux Enumeration
- Misconfigured Binaries

Cryptography & Steganography (Walkthroughs)

CC: Steganography
- Steganography
Musical Stego
- Steganography
c4ptur3-th3-fl4g
- Cryptography
  - L33t
  - Binary
  - Base32
  - Base64
  - Hex
  - ROT13
  - ROT47
  - Morse Code
  - Decimal
- Steganography
CTF collection Vol.1
- Cryptography
  - Base64
  - Base58
  - ROT13
  - Caesar
  - Brainfuck
  - Hex
  - Vigenère
  - Decimal
- Steganography
- Revers Engineering
- Web Poking

Cryptography & Steganography (Challenges)

The Impossible Challenge
- Cryptography
  - ROT13
  - ROT47
  - Hex
  - Base64
- Web Poking
- Steganography
Pickle Rick
- Network Enumeration
- Web Enumeration
- Web Poking
- Cryptography
  - Base64
- Misconfigured Binaries
Cicada-3301 Vol:1
- Steganography
- Cryptography
  - Base64
  - Vigenère

Reverse Shells (Walkthroughs)

What the Shell?
- Reverse Shell Fundamentals
- Shell Stabilisation
- Common Shell Payloads
- Metasploit (multi/handler)
- Msfvenom (Payloads)
- WebShells

Pentesting (Walkthroughs)

BasicPentesting
- Web Enumeration
- Linux Enumeration
- Brute Forcing Hash
- Brute Forcing SSH Key
CC: Pen Testing
- Network Enumaration
- Web Enumeration
- Exploitation
- SQL Injection
- SMB Enumaration
- Brute Forcing Hash
- Misconfigured Binaries

Common Vulnerabilities and Exposures (CVE)

Sudo Security Bypass
- Misconfigured Binaries
- CVE-2019-14287 - Sudo < 1.8.28
Sudo Buffer Overflow
- Misconfigured Binaries
- CVE-2019-18634 - Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
kiba
- Network Enumeration
- CVE-2019-7609 - Kibana Timelion < 5.6.15 and 6.6.1
- Capabilities
tomghost
- Network Enumeration
- CVE-2020-1938 - Apache Tomcat
- Brute Forcing (GPG)
- Misconfigured Binaries
hackerNote
- Network Enumeration
- Web Enumeration
- Username timing attack
- Brute Forcing (http-post-form)
- CVE-2019-18634 - Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
Agent Sudo
- Network Enumeration
- Web Header Manipulation
- Brute Forcing (FTP)
- Brute Forcing (Zip)
- Steganography
- Cryptography
  - Base64
- OSINT
- CVE-2019-14287 - Sudo < 1.8.28
Ghizer
- Network Enumeration
- Security Misconfiguration
- CVE-2018-17057 - LimeSurvey < 3.16
- Stored Passwords & Keys
- Abusing SUID/GUID
NerdHerd
- Network Enumeration
- Linux Enumeration
- FTP Enumeration
- SMB Enumeration
- Steganography
- Cryptography
  - Base64
  - Vigenère
- CVE-2017-16995 - Linux Kernel < 4.13.9
Daily Bugle
- Network Enumeration
- Web Poking
- Enumeration (Joomla)
- CVE-2017-8917 - Joomla! 3.7.0
- Brute Forcing (Joomla)
- Stored Passwords & Keys
- Misconfigured Binaries
UNSOLVED: GoldenEye
- Network Enumeration
- Cryptography
  - HTML Entity
  - Base64
- Pop3 Enumeration
- Brute Force (Pop3)
- Stored Passwords & Keys
- Steganography
- CVE-2015-1328 - Linux Kernel 3.13.0 < 3.19
Simple CTF
- Web Enumeration
- Network Enumeration
- CVE-2019-9053 - CMS Made Simple < 2.2.10
- Brute Forcing (SSH)
- Misconfigured Binaries
Tony the Tiger
- Network Enumeration
- Web Poking
- CVE-2015-7501 - Jboss Java Deserialization
- Stored Passwords & Keys
- Misconfigured Binaries
- Brute Forcing (Hash)
HeartBleed
- HeartBleed
- CVE-2014-0346 - OpenSSL 1.0.1 - 1.0.1f
- CVE-2014-0160 - OpenSSL 1.0.1 - 1.0.1f

Metasploit (Walkthroughs)

Metaspliot
- Metasploit Fundamentals
- Networking
- Network Enumeration
- Vulnerability Analysis
- Reverse Shell
- Exploitation
- Network Tunneling

Metasploit (Challenges)

Source
- Network Enumeration
- Metasploit (webmin_backdoor)
Bolt
- Network Enumeration
- Web Enumeration
- Web Poking
- Security Misconfiguration
- Using Metasploit
- Exploitation Bolt CMS 3.7.0
Blue
- Network Enumeration
- Metasploit (MS17-010)
- Metasploit (hashdump)
- Brute Forcing (Hash)
Ice
- Network Enumeration
- CVE-2004-1561 - Icecast 2.0.1
- Metasploit (local_exploit_suggester)
- Metasploit (bypassuac_eventvwr)
Blog
- Network Enumeration
- Enumeration (Wordpress)
- Metasploit (wp_crop_rce)
- Abusing SUID/GUID
Nax
- Network Enumeration
- Steganography
- CVE-2019-15949 - Nagios XI
- Metasploit (nagios_xi_authenticated_rce)
Poster
- Network Enumeration
- Metasploit (postgres_login)
- Metasploit (postgres_sql)
- Metasploit (postgres_hashdump)
- Metasploit (postgres_readfile)
- Metasploit (postgres_copy_from_program_cmd_exec)
- Stored Passwords & Keys
- Misconfigured Binaries

Brute Forcing (Walkthroughs)

Encryption - Crypto 101
- Brute Forcing
Hashing - Crypto 101
- Brute Forcing
Hydra
- Hydra Fundamentals
- Brute Forcing (FTP
- Brute Forcing (SSH)
- Brute Forcing (http-post-form)

Brute Forcing (Challenges)

UNSOLVED: Crack the hash
- Brute Forcing
Brute It
- Network Enumeration
- Web Enumeration
- Souce Code Enumeration
- Brute Forcing (http-post-form)
- Brute Forcing (SSH)
- Misconfigure Binary (/bin/cat)
- Brute Forcing (Hash)
Mnemonic
- Network Enumeration
- Web Poking
- Web Enumeration
- Brute Forcing (Zip)
- Brute Forcing (FTP)
- Brute Forcing (SSH)
- Cryptography
  - Base64
- Misconfigured Binaries
CherryBlossom
- Network Enumeration
- Web Enumeration
- Rerverse Engineering
- Brute Forcing (Zip)
- Brute Forcing (Hash)
- Brute Forcing (SSH)
- Brute Forcing (Hash)
- CVE-2019-18634 - Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
Anonforce
- Network Enumeration
- FTP Enumeration
- Brute Forcing GPG
- Backup Poking
- Brute Forcing Hash
Tempus Fugit Durius
- Network Enumeration
- Code Injection
- Stored Passwords & Keys
- Exploitation FTP
- DNS Enumeration
- SQL Enumeration
- Brute Forcing (Hash)

Linux Privilage Escalation (Walkthroughs)

Common Linux Privesc
- Privilege Escalation Fundamentals
- Privilege Escalation Enumeration
- Abusing SUID/GUID
- Exploiting Writeable
- Misconfigured Binaries
- Exploiting Crontab
- Exploiting PATH Variable
Linux PrivEsc
- Misconfigured Services
- Exploiting Writeable
- Brute Forcing Hash
- Misconfigured Binaries
- Exploiting PATH Variable
- Exploiting Crontab
- Abusing SUID/GUID
- Linux Enumeration
- Stored Passwords & Keys
- NFS Enumaration
- Kernel Exploits
Linux PrivEsc Arena
- Kernel Exploits
- Stored Passwords & Keys
- Misconfigured Binaries
- Abusing SUID/GUID
- Capabilities
- Exploiting Crontab
- NFS Enumaration

Abusing SUID/GUID

RootMe
- Network Enumeration
- Web Enumeration
- Abusing SUID/GUID
Anonymous
- Network Enumeration
- SMB Enumeration
- FTP Enumeration
- Security Misconfiguration
- Abusing SUID/GUID
Jack-of-All-Trades
- Network Enumeration
- Web Poking
- Cryptography
  - Base64
  - Base32
  - Hex
  - ROT13
- Steganography
- Code Injection (RCE)
- Brute Forcing SSH
- Abusing SUID/GUID
harder
- Network Enumeration
- Web Enumeration
- Security Misconfiguration
- Enumeration (Git)
- Code Injection
- Exploiting Crontab
- Abusing SUID/GUID
Racetrack Bank
- Network Enumeration
- Web Enumeration
- Code Injection
- Abusing SUID/GUID

Security Misconfiguration

Kenobi
- Network Enumeration
- SMB Enumeration
- SMB Exploitation
- Abusing SUID/GUID
- Network Enumeration
- FTP Enumeration
- Brute Forcing SSH
- Security Misconfiguration

Misconfigured Binaries

Erit Securus I
- Network Enuemration
- Exploitation Bolt CMS 3.7.0
- SQL Enumeration
- Brute Forcing (Hash)
- Misconfigured Binaries (/usr/bin/zip)
Brooklyn Nine Nine
Wgel CTF
- Network Enumeration
- Web Enumeration
- Web Poking
- Security Misconfiguration
- Misconfigured Binaries
LazyAdmin
- Network Enumeration
- Web Enumeration
- Backup Poking
- Brute Forcing (Hash)
- Misconfigured Binaries
Revenge
- Network Enumeration
- SQL Enumeration
- Brute Forcing (Hash)
- Misconfigured Binaries
StuxCTF
- Network Enumeration
- Web Poking
- Cryptography
  - AES
- Local File Inclusion
- Misconfigured Binaries
Year of the Pig
- Network Enumeration
- Web Enumeration
- Brute Forcing (http-get)
- Local File Inclusion
- SQL Enumeration
- Misconfigured Binaries
Bounty Hacker
- Network Enumeration
- FTP Enumeration
- Brute Forcing (SSH)
- Misconfigured Binaries
symfonos6
- Network Enumeration
- Web Enumeration
- Cross-site Scripting
- Stored Passwords & Keys
- Code Injection
- Misconfigured Binaries
Overpass
- Network Enumeration
- Web Enumeration
- Web Poking
- Cookie Manipulation
- Brute Forcing (SSH)
- Cryptography
  - ROT47
- Linux Enumeration
- Exploiting Crontab
- Abusing SUID/GUID
- Misconfigured Binaries
Misguided Ghosts
- Network Enumeration
- FTP Enumeration
- Port Knocking
- Web Enumeration
- SSL Enumeration
- Cookie Manipulation
- Code Injection
- Brute Forcing (Vigenere)
- SMB Enumeration
- Brute FOrcing (SSH)
- Misconfigured Binaries
Library
- Network Enumeration
- Web Enumeration
- Web Poking
- Brute Forcing (SSH)
- Misconfigured Binaries
- Python Scripting (Rev Shell)
Year of the Fox
- Network Enumeration
- SMB Enumeration
- Linux Enumeration
- Brute Force (http-get)
- Code Injection
- Network Tunneling
- Brute Force (SSH)
- Misconfigured Binaries
Inoculation
- Network Enumeration
- Web Enumeration
- Web Poking
- Misconfigured Binaries
- Kernal Exploitation

Exploitation LXC/Docker

GamingServer
- Network Enumeration
- Web Enumeration
- Web Poking
- Security Misconfiguration
- Brute Forcing Hash
- Exploitation LXC
HA Joker CTF
- Network Enumeration
- Web Enumeration
- Brute Forcing (http-get)
- Backup Poking
- Brute Forcing (Zip)
- Stored Passwords & Keys
- SQL Enumeration
- Brute Forcing (Hash)
- Exploitation (LXC)
For Business Reasons
- Network Enumeration
- Web Enumeration
- Enumeration (Wordpress)
- Brute Forcing (Wordpress)
- Exploitation (Wordpress)
- Security Misconfiguration
- Stored Passwords & Keys
- Network Tunneling
- Exploitation (LXC)
UltraTech
- Network Enumeration
- Web Enumeration
- Web Poking
- Command Injection
- Brute Forcing Hash
- Exploitation Docker
The Marketplace
- Network Enumeration
- Web Enumeration
- Web Cookie Manipulation
- SQL Enumeration
- Misconfigured Binaries
- Exploitation Docker
Year of the Dog
- Network Enumeration
- SQL Injection
- Reverse Engineering
- SQL Manupilation
- Git Hook Exploitation
- Docker Escape

Exploiting Crontab

CMesS
- Network Enumeration
- Web Enumeration
- DNS Enumeration
- Stored Passwords & Keys
- SQL Enumeration
- Backup Poking
- Exploiting Crontab
Jack
- Network Enumeration
- Web Enumeration
- Enumeration (Wordpress)
- Brute Forcing (Wordpress)
- Code Injection (RCE)
- Exploiting Crontab
Skynet
- Network Enumeration
- Web Enumeration
- SMB Enumeration
- Brute Forcing (http-post-form)
- Local File Inclusion
- Directory Traversal
- Exploiting Crontab
Easy Peasy
- Network Enumeration
- Web Enumeration
- Cryptography
  - Base64
  - Base62
  - Binary
- Web Poking
- Brute Forcing (Hash)
- Stegangraphy
- Exploiting Crontab
Anonymous Playground
- Network Enumeration
- Web Poking
- Cookie Manipulation
- Python Scripting (Decoding)
- Reverse Engineering
- Exploiting Crontab
Thompson
- Network Enumeration
- Web Enumeration
- Web Poking
- Stored Passwords & Keys
- Metasploit (jsp_shell_reverse_tcp)
- Exploiting Crontab

Capabilities

Mindgames
- Network Enumeration
- Web Poking
- Code Injection (RCE)
- Capabilities
Undiscovered
- Network Enumeration
- Web Enumeration
- Brute Forcing (http-post-form)
- Exploitation Upload
- Exploitation NFS
- Exploitation User ID
- Abusing SUID/GUID
- Capabilities

Exploiting PATH Variable

WWBuddy
- Network Enumeration
- Web Enumeration
- Cross-site Scripting
- Brute Forcing (SSH)
- Exploiting PATH Variable

Windows (Walkthroughs)

Hacking with Powershell
- PowerShell Fundamentals
Active Directory Basics
- Active Directory Fundamentals

Windows Privilage Escalation (Walkthroughs)

Windows Post-Exploitation (Walkthroughs)

Post-Exploitation Basics
- Windows Post-Exploitation Fundamentals
PS Empire
Empire
Persistence

Windows (Challenges)

Steel Mountain
- Network Enumeration
- CVE-2014-6287 - Rejetto HTTP File Server (HFS) 2.3.x
Alfred
- Network Enumeration
- Abusing Token Privileges For LPE
Blueprint
- Network Enumeration
- Code Injection
- Brute Forcing (NTML)
HackPark
- Brute Forcing (http-post-form)
- CVE-2019-6714 - BlogEngine.NET 3.3.6
- Directory Traversal
- Windows Enumeration
- Exploiting Scheduler
Retro
- Network Enumeration
- Web Enumeration
- Web Poking
- CVE-2017-0213 - Windows COM Aggregate Marshaler/IRemUnknown2
Anthem
- Network Enumeration
- Web Poking
- OSINT
- Security Misconfiguration
- Backup Poking
Relevant
- Network Enumeration
- SMB Enumeration
- Cryptography
  - Base64
- Security Misconfiguration
- msfvenom (Aspx)
- Abusing Impersonation Privileges (PrintSpoofer)
Iron Corp
- Network Enumeration
- Web Enumeration
- DNS Enumeration
- Brute Forcing (http-get)
- Web Poking
- Remote File Inclusion
- Metasploit (Delegation Tokens)
Ra
- Network Enumeration
- Web Poking
- SMB Enumeration
- CVE-2020-12772 - Spark 2.8.3
- Brute Forcing (NTML)
- Evil-WinRM
- Code Injection
Ra 2
- Network Enumeration
- Web Enumeration
- DNS Enumeration
- Brute Forcing (pfx)
- Brute Forcing (NTML)
- Abusing Impersonation Privileges (PrintSpoofer)
Set
- Network Enumeration
- SSL Enumeration
- Web Poking
- Metasploit (smb_login)
- Linux Enumeration
- SMB Enumeration
- Brute Forcing (Hash)
0day
- Network Enumeration
- Web Enumeration
- CVE-2014-6271 - shellshock
- DirtyCow

Network Forensic (Challenges)

Startup
- Network Enumeration
- Web Enumeration
- FTP Enumeration
- FTP Exploitation
- Network Forensic
- Crontab Manipulation
Smag Grotto
- Network Enueration
- Web Enumeration
- Network Forensics
- Stored Passwords & Keys
- Misconfigured Binaries
Overpass 2 - Hacked
- Network Forensic
- Code Injection
- Brute Forcing (Hash)
- Reverse Engineering (Go)
- Misconfigured Binaries

System Forensic (Walkthroughs)

Forensics
- System Forensic
- Volatility Framework
Volatility
- System Forensic
- Volatility Framework
Splunk
- Splunk Fundamentals
- System Forensic

Databases (Challenges)

Res
- Redis (RCE)
- Security Misconfiguration
- Abusing SUID/GUID
- Brute Forcing (Hash)
- Misconfigured Binaries
Jacob the Boss
- Network Enumeration
- Jboss (Exploitation)
- Abusing SUID/GUID
GraphQL
- GraphQL Fundamentals
- GraphQL Exploitation

Coding (Walkthroughs)

JavaScript Basics
- JavaScript Fundamentals
- Cross-Site Scripting
Jupyter 101
Intro to Python
- Coding Python
- Python Fundamemtals
Scripting
- Coding Python
- Python Scripting
Introduction to Django
- Coding Python
- Django Fundamentals

Coding (Challenges)

Peak Hill
- Network Enumeration
- FTP Enumeration
- Cryptography
  - Binary
- Python Scripting (Decoder)
- Reverse Enginierung
- Misconfigured Binaries
Python Playground
- Network Enumeration
- Web Enumeration
- Web Poking
- Python Scripting (Decoder)
- Misconfigured Binaries
Spring
- Network Enumeration
- Web Enumeration
- Git Enumeation
- Exploitation (Spring Boot)
- Brute Forcing (Hash)
- Brute Forcing (SSH Key)
HaskHell
- Network Enumeration
- Web Enumeration
- Misconfigured Binaries
- Exploiting PATH Variable
- Exploiting Python Flesk

Reverse Engineering (Walkthroughs)

Intro to x86-64
- Reverse Engineering
- Radar 2 Fundamentals
CC: Radare2
- Reverse Engineering
- Radar 2 Fundamentals
Reversing ELF
- Reverse Engineering
- Cryptography
  - Base64
  - Hex
Basic Malware RE
- Reverse Engineering
Buffer Overflow Prep
- Reverse Engineering
- Buffer Overflow

Reverse Engineering (Challenges)

Aster
- Network Enumeration
- Reverse Engineering (Python)
- Metasploit (asterisk_login)
- Asterisk Call Manager
- Reverse Engineering (Java)
Recovery
- Network Enumeration
- Reverse Engineering (Bash)
- Exploiting Crontab
- Reverse Engineering (Cpp)
Binex
- Network Enumeration
- Linux Enumeration
- SMB Enumeration
- Brute Forcing (SSH)
- Abusing SUID/GUID
- Buffer Overflow
- Exploiting PATH Variable
Brainstorm
- Network Enumeration
- FTP Enumeration
- Reverse Engineering
- Buffer Overflow
Dave's Blog
- Network Enumeration
- Web Enumeration
- Web Poking
- Code Injection
- MongoDB Enumeration
- Misconfigured Binaries
- Reverse Engineering
The Blob Blog
- Network Enumeration
- Web Enumeration
- Cryptography
  - Base64
  - Brainfuck
  - Base58
  - Vigenère
- Port Knocking
- Stored Passwords & Keys
- FTP Enumeration
- Steganography
- Code Injection
- Rerverse Engineering
Gatekeeper
- Network Enumeration
- SMB Enumeration
- Reverse Engineering
- Buffer Overflow
- Meterpreter (enum_applications)
- Meterpreter (firefox_creds)

Puzzle Challenges

Psycho Break
- Network Enumeration
- Web Poking
- Cryptography
  - Vigenère
  - Morse Code (Audio)
- OSINT
- Web Enumeration
- Directory Traversal
- Reverse Engineering
- Steganography
- Brute Forcing (Binary)
- Exploitation Crontab
Madness
- Web Poking
- Reverse Engineering
- Python Scripting (Fuzzing)
- Steganography
- Abusing SUID/GUID
Lian_Yu
- Network Enumeration
- Web Enumeration
- Web Poking
- Cryptography
  - Base58
- Steganography
- Misconfigured Binaries
The Server From Hell
- Port Poking
- Bash Scripting (Port Scanning)
- NFS Enumeration
- NFS Exploitation
- Brute Forcing (Zip)
- Escape Ruby Shell
- Capabilities (Tar)
Break Out The Cage
- Network ENumeration
- FTP Enumeration
- Cryptography
  - Base64
  - Vigenère
- Abusing SUID/GUID
- Stored Passwords & Keys
Gotta Catch'em All!
- Network Enumeration
- Web Poking
- Cryptography
  - Hex
  - ROT13 (Amount 14)
  - Base64
- Reverse Enigeering
Willow
- Network Enumeration
- Web Poking
- Cryptography
  - RSA
  - Hex
- Brute Forcing (SSH)
- Misconfigured Binaries
- Stored Passwords & Keys
- Steganography
Biohazard
- Network Enumeration
- Web Poking
- Cryptography
  - Base64
  - Base32
  - Vigenère
  - ROT13
  - Base58
  - Binary
  - Hex
- FTP Enumeration
- Steganography
- Stored Passwords & Keys
Year of the Rabbit
- Network Enumeration
- Web Poking
- Steganography
- Stored Passwords & Keys
- Brute Forcing (FTP)
- Cryptography
  - Brainfuck
- Abusing SUID/GUID
Adventure Time
- Network Enumeration
- FTP Enumeration
- Bash Scripting (Loop)
- Staganography
- Web Poking
- Web Enumeration
- SSL Enumeration
- Cryptography
  - Base32
  - ROT11
  - Binary
  - Morse Code
  - AES
  - Vigenère
  - Spoon
- Brute Forcing (SSH)
Wonderland
- Network Enumeration
- Web ENumeration
- Steganography
- Web Poking
- Misconfigured Binaries
- Reverse Engineering
Looking Glass
- Network Enumeration
- SSH Enumeration
- Cryptography
  - Vigenère
- Exploiting Crontab
- Misconfigured Binaries
One Piece
- Network Enumeration
- FTP Enumeration
- Steganography
- Web Poking
- Crypthography
  - Base32
  - Base64
  - Base85
  - Base91
  - Morse Code
  - Binary
  - Hex
- Web Enumeration
- Reverse Enigieering
- Stored Passwords & Keys
Motunui
- Network Enumeration
- SMB Enumeration
- Web Enumeration
- Brute Forcing (Json API)
- Network Forensic

Miscellaneous

Toolbox: Vim
- Linux Tools
tmux
- Linux Tools
REmux The Tmux
- Linux Tools
The Docker Rodeo
- Docker Escaping
Git Happens
- Network Enumeration
- Enumeration Git
Tor
History of Malware
Printer Hacking 101
Advent of Cyber
Advent of Cyber 2
HARD: Borderlands
Attacking ICS Plant #1

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
0day		0day
Active Directory Basics		Active Directory Basics
Advent of Cyber 2		Advent of Cyber 2
Advent of Cyber		Advent of Cyber
Adventure Time		Adventure Time
Agent Sudo		Agent Sudo
Alfred		Alfred
Anonforce		Anonforce
Anonymous Playground		Anonymous Playground
Anonymous		Anonymous
Anthem		Anthem
Aster		Aster
AttackerKB		AttackerKB
Attacking ICS Plant 1		Attacking ICS Plant 1
Attacking Kerberos		Attacking Kerberos
Attacktive Directory		Attacktive Directory
Authenticate		Authenticate
Avengers Blog		Avengers Blog
Basic Malware RE		Basic Malware RE
BasicPentesting		BasicPentesting
Binex		Binex
Biohazard		Biohazard
Blog		Blog
Blue		Blue
Blueprint		Blueprint
Boiler CTF		Boiler CTF
Bolt		Bolt
Borderlands		Borderlands
Bounty Hacker		Bounty Hacker
Brainstorm		Brainstorm
Break Out The Cage		Break Out The Cage
Break it		Break it
Brooklyn Nine Nine		Brooklyn Nine Nine
Brute It		Brute It
Buffer Overflow Prep		Buffer Overflow Prep
Burp Suite		Burp Suite
CC Pen Testing		CC Pen Testing
CC Radare2		CC Radare2
CC Steganography		CC Steganography
CMesS		CMesS
CTF collection Vol.1		CTF collection Vol.1
CTF collection Vol.2		CTF collection Vol.2
Carpe Diem 1		Carpe Diem 1
CherryBlossom		CherryBlossom
Cicada-3301 Vol.1		Cicada-3301 Vol.1
Common Linux Privesc		Common Linux Privesc
Content Security Policy		Content Security Policy
ConvertMyVideo		ConvertMyVideo
Crack the hash		Crack the hash
Cross-site Scripting		Cross-site Scripting
Daily Bugle		Daily Bugle
Dav		Dav
Daves Blog		Daves Blog
Develpy		Develpy
Easy Peasy		Easy Peasy
Empire		Empire
Encryption - Crypto 101		Encryption - Crypto 101
Erit Securus I		Erit Securus I
For Business Reasons		For Business Reasons
Forensics		Forensics
Game Zone		Game Zone
GamingServer		GamingServer
Gatekeeper		Gatekeeper
Geolocating Images		Geolocating Images
Getting Started		Getting Started
Ghizer		Ghizer
Git Happens		Git Happens
GoldenEye		GoldenEye
Google Dorking		Google Dorking
Gotta Catchem All		Gotta Catchem All
GraphQL		GraphQL
HA Joker CTF		HA Joker CTF
HackPark		HackPark
Hacking with Powershell		Hacking with Powershell
Hashing - Crypto 101		Hashing - Crypto 101
HaskHell		HaskHell
HeartBleed		HeartBleed
History of Malware		History of Malware
Hydra		Hydra
Ice		Ice
Ignite		Ignite
Inclusion		Inclusion
Injection		Injection
Inoculation		Inoculation
Internal		Internal
Intro to Python		Intro to Python
Intro to x86-64		Intro to x86-64
Introduction to Django		Introduction to Django
Introductory Networking		Introductory Networking
Introductory Researching		Introductory Researching
Investigating Windows		Investigating Windows
Iron Corp		Iron Corp
Jack-of-All-Trades		Jack-of-All-Trades
Jack		Jack
Jacob the Boss		Jacob the Boss
JavaScript Basics		JavaScript Basics
Jeff		Jeff
Jupyter 101		Jupyter 101
Jurassic Park		Jurassic Park
Kali Machine		Kali Machine

Folders and files

Latest commit

History

Repository files navigation

Hacking Learning Path

Topic

TryHackMe

Open Source Intelligence (Walkthroughs)

Linux Fundamentals (Walkthroughs)

Networking Fundamentals (Walkthroughs)

Web Application Security (Walkthroughs)

Web Application Security (Challenges)

Command Injection (Walkthroughs)

Command Injection (Challenges)

SQL Injection (Challenges)

Cryptography & Steganography (Walkthroughs)

Cryptography & Steganography (Challenges)

Reverse Shells (Walkthroughs)

Pentesting (Walkthroughs)

Common Vulnerabilities and Exposures (CVE)

Metasploit (Walkthroughs)

Metasploit (Challenges)

Brute Forcing (Walkthroughs)

Brute Forcing (Challenges)

Linux Privilage Escalation (Walkthroughs)

Abusing SUID/GUID

Security Misconfiguration

Misconfigured Binaries

Exploitation LXC/Docker

Exploiting Crontab

Capabilities

Exploiting PATH Variable

Windows (Walkthroughs)

Windows Privilage Escalation (Walkthroughs)

Windows Post-Exploitation (Walkthroughs)

Windows (Challenges)

Network Forensic (Challenges)

System Forensic (Walkthroughs)

Databases (Challenges)

Coding (Walkthroughs)

Coding (Challenges)

Reverse Engineering (Walkthroughs)

Reverse Engineering (Challenges)

Puzzle Challenges

Miscellaneous

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 1

Packages