Resources for security, penetration testing and the OSCP certification
###Requirements
- You have adminstrator privileges on the host
- Git for Windows is installed
<path to Git software directory>/bin/ssh.exeis in%PATH%variable- Virtualbox is installed
- Vagrant is installed
- vagrant-hostmanager plugin is installed
###Set-up
-
Clone pentest-lab repo locally (or just download the zip file):
> git clone https://github.com/jhwohlgemuth/pentest-lab.git -
Change into pentest-lab directory:
> cd pentest-lab -
Create Vagrant VM environment:
> vagrant up
Note: You will have to acknowledge Windows UAC dialogues twice during this step to set the host names of the VMs
-
Access the kali client with
> vagrant ssh kali-client -
Navigate to dvwa.server.io/setup.php in you favorite browser and click "Create / Reset Database"
-
Administer the DVWA from dvwa.server.io
Username:
adminPassword:
password
###Help
- Vagrant
- DVWA - PHP/MySQL web application that is d*** vulnerable
- Mutillidae - free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest
##Resources
- Kali Linux
- OSCP
- Penetration Testing/Security Cheatsheets
- Metasploit Unleashed
- Basic Linux Privilege Escalation
- Windows Privilege Escalation Fundamentals
- Reverse Shell Cheat Sheet
- The Art of the Command Line - Master the command line, in one page
- Vulnerable by Design
- Exploit Database - Archive of Exploits, Shellcode, and Security Papers
- webpwnized YouTube Channel - Short, topic-focused videos detailing web application pen testing, secure web development, and the tools used to test web applications
- OpenVAS on Open Hub
##To-do
- Configure autonomous OpenVAS configuration
- Add Mutillidae (?)