Oct 25, 2021

11 min read

The Best Learning Resource For Aspiring Hackers | TryHackMe

Hello cyber security enthusiasts! No doubt you’ve stumbled across this blog on your search for “how to become a hacker”. Well look no further! TryHackMe is back with another awesome learning path: Jr Penetration Tester.

This brand new learning path is the best possible way to learn the fundamentals (and some advanced concepts) of ethical hacking and penetration testing. This learning path is comprised of seven sections, each specializing in its own area of penetration testing. In this blog, I will be breaking down each section and discussing what you will learn.

If you cannot contain your excitement and just want to get your hands dirty, click the link below which will take you to the TryHackMe website. Once you’re there, you can register for a FREE account and begin hacking! From now until October 27th, when you complete a room on this learning path, you will earn tickets (see end of article for more information). These tickets can earn you some seriously cool prizes, so the more hacking you do, the more likely you are to win something! Good luck!

TryHackMe: Jr Penetration Tester

Now, for those of you who stayed, let’s get into the details.

Introduction to Pentesting

This section serves as a brief introduction to the world of penetration testing. By the end of it you will understand what a penetration test involves, including testing techniques and methodologies every pentester should know.

The first room, Pentesting Fundamentals gives you an overview of the important ethics and methodologies behind every pentest. Before you dive into the technical stuff, you must understand the responsibilities you have as a penetration tester and the processes you have to abide by.

In particular, you will learn the different types of hackers, the importance of the Rules of Engagement, types of penetration testing, and the frameworks which real penetration testers use everyday.

The next room, Principles of Security, teaches you the principles of information security and how systems are secured. You will learn what the CIA Triad is, the principles of privacy, and two of the main security models which govern information systems: Bell-LaPadula model and Biba model. You will also understand how this relates to threat modelling and incident response by looking at STRIDE and PASTA, which are used to outline various attack methods, and CSIRT, which is often referred to as the six phases of incident response.

Introduction to Web Hacking

Now onto the hands-on rooms! In this section, you will learn about (and exploit) some of the most popular web vulnerabilities in the world today.

Firstly, in Walking an Application, you will learn how to manually review a web application and look for potential security issues. This is only using the tools available to you in your browser, such as View Source, and the developer tools (Inspector, Debugger, Network, etc.).

Next, the Content Discovery room will teach you ways of discovering hidden/private content which is stored on the webserver that could lead to potential security issues. This includes looking at Robots.txt, Sitemap.xml, HTTP headers for manual discovery and using various open-source resources for OSINT (Open-Source Intelligence), such as Google Dorks, Wappalyzer, Wayback Machine, and more. It will also introduce you to automatic discovery using ffuf, dirb, and gobuster.

Using these tools, you will then learn about Subdomain Enumeration, which is the process of finding valid subdomains for a given domain. This is so you can expand your attack surface and find more potential vulnerabilities. It will discuss the three main ways of doing this: OSINT, Bruteforce, and Virtual Hosts.

Once you understand how to enumerate and gather information on a given domain, you need to know how to exploit it and get it to do things it wasn’t intended to. The Authentication Bypass room will teach you the ways website authentication methods can be bypassed, using ffuf and curl. Often, these vulnerabilities are critical and lead to personal data leakage.

Next you will learn how to locate and exploit IDOR (Insecure Direct Object Reference) vulnerabilities. These vulnerabilities give you access to data which you shouldn’t have. This sometimes happens when a web server receives a user-supplied input to receive objects like files or documents. In these cases, too much trust has been placed on user-supplied data, and is therefore not properly validated on the server-side, leading to vulnerabilities.

This room nicely leads onto File Inclusion. It provides you examples of both Local File Inclusion (LFI) and Remote File Inclusion (RFI) and allows you to demonstrate this knowledge through a specially crafted virtual lab.

You will then learn about SSRF (Server-Side Request Forgery) which allow you to cause a webserver to make additional or edited HTTP request to an attacker’s resource. It gives you the knowledge of how to find these vulnerabilities and how to defeat common defense mechanisms.

Then, you move onto learn about Cross-Site Scripting (XSS). Even though this room requires a basic understanding of JavaScript, it is still a great room for beginners to learn how these vulnerabilities can be used to take control of other users’ browsers. It takes a deep dive into each type of XSS and how to develop your XSS payload and allows you to showcase your skills against a vulnerable web application.

Next, you will learn about Command Injection, which allows you to execute commands through a vulnerable web application. This room teaches you how to discover and test for these vulnerabilities as well as how to prevent this type of vulnerability from happening. Lastly, you will get to practice this theory by performing injection against a vulnerable application.

Finally, you will learn about how to detect and exploit SQL Injection (SQLi) vulnerabilities. This attack involves sending malicious queries which are executed on the web-server. This is a very common vulnerability found in most web applications and can result in the loss and/or theft of sensitive data. You will learn the different types of SQLi, including in-band and blind, as well as remediation techniques which developers use to protect their applications.

Burp Suite

In this part, you will learn how to use Burp Suite for web application penetration tests. Burp Suite is a tool that is widely used in industry to test the security mechanisms on web applications.

In the first room, Burp Suite: The Basics, you will the fundamentals behind the tool, including how to install and set it up, its features, and how basic attacks are carried out.

Next, you will learn how to use The Repeater, to duplicate requests. This way you craft and/or relay intercepted requests to a web application. For example, this is commonly used to test for SQL Injection vulnerabilities, bypass firewall filters, or change parameters in a form submission.

Then, the Burp Suite: Intruder room teaches you how to use Intruder to automate requests. The Intruder is Burp Suite’s built-in fuzzing tool and can be used to fuzz for subdomains, endpoints, or virtual hosts, and to bruteforce login forms by swapping out usernames and passwords using a wordlist.

The Burp Suite: Other Modules room will give you a brief overview into Burp Suite’s other features. Specifically, it looks at the Decoder, Comparer, and Sequencer which allow you to encode and compare sets of text, analyse captured tokens.

Finally, you will learn how to use Extender which allows you extend the existing functionality of Burp Suite through various modules.

Network Security

Moving on from web applications, in this next part, you will learn the basics of passive and active network information gathering. By the end, you will have a good understanding of networks, their protocols, how they work, and how they are attacked.

In the first room, you will learn about Passive Reconnaissance. This room covers various tools such as whois, nslookup, and dig, and how each are used to gather information on a target.

Following on from this you will understand how to use simple tools such as traceroute, ping, telnet, and even a web browser to perform Active Reconnaissance.

The next four rooms cover Nmap. The first teaches you how to perform Host Discovery using ARP scans, ICMP scans, and TCP/UDP ping scans. The second tells you how to perform Basic Port Scans and gives you an in-depth knowledge of how TCP connect scans, TCP SYN port scans, and UDP port scans work. Next, you learn various Advanced Port Scans such as null, FIN, Xmas, and idle (zombie) scans, as well as advanced techniques like spoofing and IDS (Intrusion Detection System) evasion. Finally, you will learn various Post Port Scans, including how to use Nmap for service and OS detection, as well as using the in-built Nmap Scripting Engine to enumerate specific hosts and services.

Following on from this, the next two rooms give you a in-depth understanding of common protocols, common network attacks, and mitigation techniques. Specifically, the first Protocols and Servers 1 teaches you about HTTP, FTP, POP3, SMTP, and IMAP, as well as covering their respective vulnerabilities. The secon Protocols and Servers 2, covers common password attacks and how to perform Man-in-the-Middle (MITM) attacks as well as covering Transport Layer Security (TLS) and Secure Shell (SSH).

Finally, this section concludes with a Net Sec Challenge. In this room, you will have to use your skills you learned to enumerate a host, and find hidden information in HTTP and SSH server headers, and exploit a FTP server to find flags.

Vulnerability Research

After you’ve mastered network security, you can familiarise yourself with the resources which are used to exploit vulnerable systems and applications.

In the first room, Vulnerabilities 101, you will have a general understanding of what a vulnerability is, how they are rated, and what resources/frameworks exist which contribute to vulnerability research. In particular, this room covers CVSS (Common Vulnerability Scoring System) and VPR (Vulnerability Priority Rating) — two common methods used to score vulnerabilities. It also discusses online vulnerability databases like NVD (National Vulnerability Database) and Exploit-DB.

The next room, Exploit Vulnerabilities, teaches you about some of the tools and techniques used to exploit vulnerabilities. You will learn about automated and manual research techniques as well as how to manually exploit a target web application through previously mentioned online resources.

Finally, you will apply this knowledge in the Vulnerability Capstone room. In this room, you will enumerate a vulnerable web application and find a vulnerability based on the version information of the running application. You will then use this vulnerability to remotely execute code on the system and get the flag.

Metasploit

Now, you’re going to learn about Metasploit and how to use it for exploitation and post-exploitation.

Metasploit: Introduction, will give you a general understanding of Metasploit’s main components such as msfconsole, its modules, and tools. It gives you hands-on experience on interacting with modules and how to configure them for specific targets.

Next, you will learn how to use Metasploit for Exploitation. This covers the basics of scanning, vulnerability assessment and how to generate payloads with msfvenom to exploit a target system. Each technique is also accompanied by an interactive lab so that you can apply your knowledge and utilise real modules and exploits.

Finally, you will learn how the Metasploit: Meterpreter works, how to use payloads for post-exploitation, and how to use meterpreter’s commands to navigate through an exploited system.

Privilege Escalation

In this final module, you will learn the techniques which allow you to escalate your privileges on both Linux and Windows systems. By the end of this you will be more comfortable navigating through a system and will have a deep understanding of the process.

In the first room, you will learn about Linux Privilege Escalation. Here you cover basic enumeration and common privilege escalation techniques through interactive labs. Specifically, you will learn how to elevate your privileges through kernel exploits, sudo, SUID, cron jobs, PATH, and NFS.

Finally, you will learn about Windows Privilege Escalation. In particular, you will learn how to enumerate users on the systems, and how to escalate privileges through vulnerable software, DLL hijacking, and token impersonation.

Final Thoughts

As a beginner, I know this can be a very daunting and overwhelming process. One thing you have to keep in mind is that everyone was a beginner at one point. TryHackMe is a great learning resource and I would highly recommend you take a look at this learning path and others.

Once you complete this learning path, you will have a much better knowledge of Cyber Security and Penetration Testing, and you will be able to practically demonstrate your skills with confidence. TryHackMe has hundreds of rooms and more learning paths for you to expand your knowledge, most of which are completely free, so take advantage of it!

I personally try to do at least 30 minutes of TryHackMe per day to make sure I’m constantly learning and staying up-to-date. At the time of writing this, I have maintained a streak of 155 days, but most importantly, I am way more confident and comfortable tackling problems than I was when I started learning!

As I mentioned at the start, TryHackMe is running a ticket promotion until the 27th of October. If you complete a room, you can earn a ticket (or two if you are subscribed to premium), and if you collect three of the same tickets, you can win a prize. There are currently over $7,000 worth of prizes up for grabs:

Pentester Title
1 Day Streak Freeze
£3 Swag Voucher (350 to claim)
10% Swag Discount (50 to claim)
7 Day Streak Freeze
1 Month THM Voucher Worth $10 (30 to claim)
£20 Swag Voucher (20 to claim)
Throwback Voucher Worth $60 (15 to claim)
eJPT Voucher Worth $200 (4 to claim)
3 Month THM Voucher Worth $30 (12 to claim)
Hak5 WiFi Pineapple Worth $100 (2 to claim)
OSCP Voucher Worth $1000 Each (2 to claim)

For more information, check out the Learn to Win Prizes #2 room.

I really hope you enjoyed this post just as much as I enjoyed making it. I would really appreciate if you shared this with others who are keen on learning and expanding their knowledge in a new area of technology.