So I’ve just broken into my first machine, the Kioptrix #1 (VulnHub-link)!
It was an absolute blast! Not only did I learn a bunch, but I also had a great time doing so. There is a special thrill about breaking something and investigating the pieces. However I did realize just how easy it is to unkowningly be creating / maintaining an unsecure system.
Some of you might remember saving your money in piggy banks; you know those small pigs that you put coins into for safe-keeping? This experience has been similar to when you smash your bank and realize just how brittle the pig in fact was and how easy it was to smash it.
I’ve asked people in the (penetration-testing) industry about what way to perform these tests, if there is any reasons to go follow the “Five phases of penetration testing” or if there are other ways of doing it.
The responses have been somewhat mixed, some saying it might be good to follow a pre-defined and already tested route where you (as a beginner) might get an idea of how to perform an actual live test. Others have thought that you shouldn’t be confining yourself to a certain route because there is a risk of it limiting you.
Taking those arguments into consideration I’ve decided that it will most likely benefit me more following the ‘Five phases’ through the initial stages of my journey and later on focus on becoming more dynamic.
So the following blogposts I’ll be adding will be covering how I gained access to machines by following the ‘Five phases’ methodology.