How to get started with pentesting?

When people ask me about how to get into pentesting, the first i say is that practice is essential. But how to practice pentesting on your own? How to get started with virtual machines?

In this article i am going to explain, how to create a virtual attacking machine. With this machine, you will be able to practice on platforms that have « boxes ». Boxes are vulnerable machines that can be hacked. I will then present some of the website you can use for practice.

Practicing this way is very helpful because it is the closest way to understand pentest (it is not realistic but you will get the core techniques used for pentest)

How to get started ?

Create your virtual attacking machine with Kali Linux

  1. Download Virtualbox and install it: https://www.virtualbox.org/  
  2. Download Virtualbox and install it from here  
  3. Download the lastest kali linux virtualbox image (it is going to be our attacker machine) Make sure to take the virtualbox image and not the vmware one:
  1. Install Kali:
  • Go to virtualbox and click on « File » > « Import Appliance… »
  • Click on the yellow folder and navigate to the image of kali you downloaded, select it and click on open
  • Click on next and then click on import. It will take a little while… And then launch it for the first time. Username should be kali and password kali but you can find this info on their website or on the description of your machine in virtualbox
A screenshot of a social media post

Description generated with very high confidence

What website can you use?

Some great starters

First i would recommend to create an account on tryHackMe here, it’s free! Then you will have to download your configuration file and access to the VPN so you can start hacking away on their machines.

What is awesome about tryhackme is that you even have box to learn how to get started on their platform here. This other box will tell you everything about OpenVPN and how to access the boxes. So it will not only be useful on tryhackme but also on other platforms and in your daily practice as a pentester (we do sometimes need a VPN to access our customer system to test).

If you are not familiar with VPN here is a wikipedia article explaining what it is. But simply put you can see a VPN as a tool that will give you access to another computer or environment remotely. TryHackMe and other website for pentesting practice will require a VPN so that you can access your practicing environment, usually a vulnerable machine hack.

If you are not familiar with linux, TryHackMe has a box that explains it very well, you even get a cool badge by completing it! You can also practice on overthewire.org, this website is a wargame you will be able to learn about linux and security concepts. If you want a little more explainations on concepts you should definitely go on linuxjourney.

After this you can have a look at the box on TryHackMe that introduces you to pentesting: basic pentesting.

Here is a list of great box (all free) on tryhackmefor beginners:

There are plenty more i really recommend you to have a look around.

Push your skills further with other platforms

You have covered your beginners skills? You want to go further? Here are some useful resources for this.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *