Scribd
Upload
223 views4 pages

30 Days of Practice PenTest

The document outlines a 30-day penetration testing practice plan consisting of various hacking challenges and labs focused on web, mobile, Linux and Windows vulnerabilities. It provides 30 links to resources on TryHackMe, Portswigger Academy, Vulnhub, and Hack The Box covering topics like OS command injection, buffer overflows, XSS, JWT, and insecure deserialization. The plan is unstructured and can be completed over 30 non-consecutive days, with the goal of learning as much as possible from free online resources before moving to a 30-day Vulnhub challenge.

Uploaded by

kngdrgn13
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
223 views4 pages

30 Days of Practice PenTest

The document outlines a 30-day penetration testing practice plan consisting of various hacking challenges and labs focused on web, mobile, Linux and Windows vulnerabilities. It provides 30 links to resources on TryHackMe, Portswigger Academy, Vulnhub, and Hack The Box covering topics like OS command injection, buffer overflows, XSS, JWT, and insecure deserialization. The plan is unstructured and can be completed over 30 non-consecutive days, with the goal of learning as much as possible from free online resources before moving to a 30-day Vulnhub challenge.

Uploaded by

kngdrgn13
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

30 days of Practice PenTest?

#30DAYSOFPENTEST

Organize as you wish, it has no focus, no deadline, 30 days does not necessarily mean 30
consecutive days

Make sure you learn and absorb as much of the free as you can extract. Then I do a 30 days
of vulnhub ;)

#Web #Mobile #Linux #Windows #Bufferoverflow #Activedirectory

1) Try Hack Me Room Owasp top 10


https://tryhackme.com/room/owasptop10

2) Try Hack Me Room Owasp Juice Shop


https://tryhackme.com/room/owaspjuiceshop

3) Try Hack Me Room Windows Fundamentals


https://tryhackme.com/room/windowsfundamentals1xbx
https://tryhackme.com/room/winadbasics

4) Information Disclosure Portswigger Academy


https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-in-error-me
ssages

https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-in-version-
control-history

https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-authenticat
ion-bypass

5) XSS Portswigger Academy


https://portswigger.net/web-security/cross-site-scripting/reflected/lab-html-context-nothing-en
coded

https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-enco
ded

https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink

https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-jquery-href-attribute-
sink

6) Mr r3b0t Vulnhub
https://www.vulnhub.com/entry/bizarre-adventure-mrr3b0t,561/
7) Try Hack Me Room Active Directory Attack
https://tryhackme.com/room/breachingad

8) XXE Portswigger Academy


https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files

https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-perform-ssrf

https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload

9) SSRF Portswigger Academy


https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-backend-system

https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost

https://portswigger.net/web-security/ssrf/lab-ssrf-filter-bypass-via-open-redirection

10) Rickdiculouslyeasy Vulnhub


https://www.vulnhub.com/entry/rickdiculouslyeasy-1,207/

11) Stickyfingers Vulnhub


https://www.vulnhub.com/entry/bizarre-adventure-sticky-fingers,560/

12) Kioptrix Level 1.3 Vulnhub


https://www.vulnhub.com/entry/kioptrix-level-13-4,25/

13) Bellatrix Vulnhub


https://www.vulnhub.com/entry/hogwarts-bellatrix,609/

14) Try Hack Me Room Buffer Overflow Prep


https://tryhackme.com/room/bufferoverflowprep

15) OS Command Injection Portswigger Academy


https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-
template-injection-basic

https://portswigger.net/web-security/os-command-injection/lab-simple

https://portswigger.net/web-security/os-command-injection/lab-blind-time-delays

16) File Upload Vulnerabilities Portswigger Academy


https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-we
b-shell-upload

https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-content-t
ype-restriction-bypass
https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-race-con
dition

17) Busqueda Hack The Box


https://app.hackthebox.com/machines/Busqueda

18) JWT Portswigger Academy


https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-unverified-signatur
e

https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-flawed-signature-v
erification

https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-weak-signing-key

https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jwk-header-injectio
n

https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jku-header-injectio
n

https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-kid-header-path-tra
versal

https://portswigger.net/web-security/jwt/algorithm-confusion/lab-jwt-authentication-bypass-via
-algorithm-confusion

19) Cat Mobile Hack The Box


https://app.hackthebox.com/challenges/cat

20) SuperMarket Hack The Box


https://app.hackthebox.com/challenges/supermarket

21) Joker Hack The Box


https://app.hackthebox.com/challenges/joker

22) Seattle Lab Buffer Overflow


https://ys2k-iwnl.medium.com/buffer-overflow-exploiting-seattle-lab-mail-slmail-61b1f659c8d
c

https://github.com/CyberSecurityUP/Buffer-Overflow-Labs

23) OnlyforYou Hack The Box


https://app.hackthebox.com/machines/OnlyForYou

24) Escape Hack The Box


https://app.hackthebox.com/machines/Escape
25) Insecure Deserialization Portswigger Academy
https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-modifying-s
erialized-data-types

https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-using-applic
ation-functionality-to-exploit-insecure-deserialization

https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-arbitrary-obj
ect-injection-in-php

https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-developing-
a-custom-gadget-chain-for-java-deserialization

26) Djinn3 Proving Ground Lab


https://portal.offsec.com/

27) InsanityHosting Proving Ground Lab


https://portal.offsec.com/

28) Flight Hack The Box


https://app.hackthebox.com/machines/Flight

29) Absolute Hack The Box


https://app.hackthebox.com/machines/Absolute

30) Joestar Vulnhub


https://www.vulnhub.com/entry/bizarre-adventure-joestar,590/

Sometimes I draw some things or play some vouchers, sometimes it's to help, sometimes it's
for me to feel good and useful with myself.

My LinkedIn: https://www.linkedin.com/in/joas-antonio-dos-santos

You might also like