# Basic Tools & Techniques ### Best Resources 1. [Hacktrics ](https://book.hacktricks.xyz/) 2. [Pentesting Book](https://pentestbook.six2dez.com/) 3. [Rana Khalil OSCP](https://rana-khalil.gitbook.io/hack-the-box-oscp-preparation/my-oscp-journey-a-review) 4. ### Getting Manual Help * man - opens manual eg: man telnet * tlds - short commands eg: tlds redis-cls * \--help * -h * apropas - short description ### Encoding Decoding 1. [Cyber chef](https://gchq.github.io/CyberChef/) 2. [dcode.fr](https://www.dcode.fr/) ### Simple encryption 1. [cryptii](https://cryptii.com/) ### Other Tools List 1. FTP ftp 2. redis-cli 3. smbclient ### Check reputation of a file (to search for reputation of a file) ## SSH error ``` ssh user@10.10.45.205 -oHostKeyAlgorithms=+ssh-rsa ```
MachinePlatformTopic
Fawn(v.easy)HTBFTP anonymous user
Blue(easy)THMEternal Blue, MSF exploit suggester
Flaws.cloudFlaws.cloudCloud pentesting, s3 , IAM,EC2
Dancing(v.easy)HTB

Smb unauthenticated

smbclient

Redeemer(v.easy)HTBunauthenticated Redis
LameHTBSMB, usermap metasploit, exploit/multi/samba/usermap_script
DevelHTBAnonymous FTP, upload reverse shell aspx,Priviledge escaltatiion by MS10-015
OptimumHTBHFS, msf, exploit suggester
SourceTHMWebmin / msf
Eavesdropper(easy)THMLinux priv escalation with sudo hijacking
Takeover(easy)THMSubdomain enumeration
Simple CTF (easy)THM simple CMS CVE-2019-9053, priv escalation through vim
AmbassadorHTBGhafran manual exploitation. priv escalation with https://github.com/GatoGamer1155/Hashicorp-Consul-RCE-via-API
Vulnversity(easy)THMphp reverse shell by checking allowed extension through burp, priv escalation SUID systemctl
Basic Pentesting (easy)THMSSH brute forcing, priv escalation from private key in the .ssh folder. Break its encryption with john
Kenobi(easy)THMsmb shares enumeration, proftpd 1.3.5 exploit for copying files. Priv escalation with SUID binary path exploit
Steel Mountain(easy)THMHFS exploitation msf and manual exploitation. Priv escalation with unquoted path
Tiki (v easy)VulnhubTiki CMS, dir busting, sudo -i priv esc
Beep(easy)HTBelastix LFI, RCE, shell shock, nmap priv esc
Forest(Med)HTBActive directory, dcsync, kerberosting, impacket
Active(easy)HTBActive directory, kerberosting,smbmap detail,groups.xml cracking
{% embed url="" %} Lainkusanagi OSCP Like {% endembed %} ### Recommended Courses to get started in **practical pentesting and hacking** [Practical Hacking and Pentesting Course for Beginners](https://www.udemy.com/course/practical-hacking-pentesting-guide/?referralCode=CE0BCED85E7608ACC031) [Complete Windows password hacking course](https://www.udemy.com/course/crack-windows-passwords/?referralCode=82D81C6B54BA4DB70A15) [Cracking office files passwords(excel,PowerPoint,word)](https://www.udemy.com/course/office-password-cracking/?referralCode=3AC1F35BD17DC4739BC0) [CEHV13 Practical certification preparation course with hands on labs](https://www.udemy.com/course/training-for-ceh-practical/?referralCode=289CF01CF51246BCAD6C) [IoT Hands-on Hacking and Pentesting course for beginners](https://www.udemy.com/course/iot-security-beginners/?referralCode=997AF261C2E6F99BC914) [Practical Malware Analysis for Beginners](https://www.udemy.com/course/practical-malware-analysis-for-beginners/?referralCode=CF1C47BF5371D1B9F20A) [Practical OSINT Course for Beginners](https://www.udemy.com/course/practical-osint/?referralCode=0848C4EC66BBAC2534D6) [Practical AI redteaming and hacking course](https://www.udemy.com/course/ai-red-teaming/?referralCode=E1EC6DD5FBC422498668) ### **Best Hacking Books** * [Hacking: The Art of Exploitation, 2nd Edition](https://amzn.to/3FwAi3z) * [OSINT Techniques: Resources for Uncovering Online Information](https://amzn.to/4bxUMF8) * [Hacking APIs: Breaking Web Application Programming Interfaces](https://amzn.to/4bv93T4) * [The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws](https://amzn.to/41UvtIO)