原文鏈接

Ps:
PentesterLab推出了一個滲透師的學習課程,看了一下感覺挺有條理,可以順著這個學習路徑鞏固知識或者從新學習.
課程地址 ———— http://pentesterlab.com/bootcamp/
課程總共分為15周,這里我也以其為區(qū)分,這個學習路徑我感覺還是非常不錯的.

0×01 Week 1 – Linux and scripting
—————————————————————
參考列表:
Hypertext Transfer Protocol – http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
Domain Name System – http://en.wikipedia.org/wiki/Domain_Name_System
Whois – http://en.wikipedia.org/wiki/Whois
Network socket – http://en.wikipedia.org/wiki/Network_socket
實踐:
安裝Linux:挑選一款虛擬機軟件(Vbox,VM)并安裝Linux,可以使用類似Ubuntu這樣的傳統(tǒng)發(fā)行版.
學習基本的腳本語言: 從Ruby (Try Ruby: http://tryruby.org/)、Python (Online: http://repl.it/languages/Python) 或者 Perl 中挑選一門,學習語法和他的數(shù)據(jù)類型.這是一個持之以恒的過程.
—————————————————————

0×02 Week 2 – HTTP
—————————————————————
參考列表:
TCP/IP – http://en.wikipedia.org/wiki/Internet_protocol_suite
Secure Sockets Layer – http://en.wikipedia.org/wiki/Secure_Sockets_Layer
實踐:
在虛擬機中安裝Apache,使用VIM更改主站的首頁,并通過瀏覽器訪問這個頁面.
更改你的Host文件,使其可以用vulnerable這個名稱訪問到.
使用HTTP庫(比如使用Ruby的net/http)寫一個HTTP客戶端來接收你當前站點的返回包.
使用Socket寫一個HTTP客戶端來接收你當前站點的返回包.
下載BurpSuite并訪問一個站點,看看發(fā)送了神馬請求返回了什么數(shù)據(jù).
—————————————————————

0×03 Week 3 – PHP and DNS
—————————————————————
參考列表:
Learn about virtual hosting – http://en.wikipedia.org/wiki/Virtual_hosting
and how to setup vhosts with Apache – http://httpd.apache.org/docs/2.2/vhosts/name-based.html
Zone transfer – http://www.digininja.org/projects/zonetransferme.php
實踐:
PHP基礎:
在你之前裝過Apache的虛擬機中安裝PHP,寫一個腳本響應有參數(shù)的URL,比如訪問http://vulnerable/hello.php?name=Louis將返回”Hello Louis”.
安裝MySQL并寫一個能響應SQL查詢的腳本,比如article.php?id=1可以返回a book而article.php?id=2可以返回a computer.
寫一個頁面使用POST方式向其自己傳輸數(shù)據(jù).
DNS and whois:
在虛擬機中安裝命令行工具 dig.
找出PentesterLab所屬的Name server,Mail server,并且找出www.pentesterlab.com的真實IP地址
使用whois工具找出pentesterlab.com域名擁有者的注冊信息.
—————————————————————

0×04 Week 4 – SSL
—————————————————————
參考列表:
SQL injection – http://en.wikipedia.org/wiki/SQL_injection
Remote File Inclusion – http://en.wikipedia.org/wiki/Remote_file_inclusion
實踐:
配置SSL – 在你的Webserver使用HTTPS
玩轉(zhuǎn)SSL -
用HTTP庫寫一個SSL客戶端
用Socket寫一個SSL客戶端
使用socat工具建立 socket<->ssl-socket連接來訪問你之前寫的腳本.
—————————————————————

0×05 Week 5 – SQL injection & Local File Include
—————————————————————
參考列表:
MIME – http://en.wikipedia.org/wiki/MIME
實踐:
跟隨《SQL injection to Shell》這篇文章學習

https://pentesterlab.com/exercises/from_sqli_to_shell/

跟隨《PHP Include And Post Exploitation》這篇文章學習

https://pentesterlab.com/exercises/php_include_and_post_exploitation/

—————————————————————

0×06 Week 6 – More SQL injection
—————————————————————
參考列表:
Antisec Movement – http://en.wikipedia.org/wiki/Antisec_Movement
DHCP – http://en.wikipedia.org/wiki/DHCP
FTP – http://en.wikipedia.org/wiki/FTP
Request for Comments – http://en.wikipedia.org/wiki/Request_for_Comments
實踐:
學習《SQL injection to Shell》編寫腳本（使用Burp幫助調(diào)試）

https://pentesterlab.com/exercises/from_sqli_to_shell/

實踐《SQL injection to shell》在Postgres的數(shù)據(jù)庫環(huán)境下,不要對著PDF做

https://pentesterlab.com/exercises/from_sqli_to_shell_pg_edition/

檢查你在Week3所寫的PHP代碼是否有漏洞(SQL檢索數(shù)據(jù)那部分)
—————————————————————

0×07 Week 7 – FTP and traffic analysis
—————————————————————
參考列表:
Phrack – http://en.wikipedia.org/wiki/Phrack
Phrack: Happy Hacking – http://phrack.org/issues.html?issue=68&id=7#article
Phrack profile on FX – http://phrack.org/issues.html?issue=68&id=2#article
實踐:
安裝和使用WireShark –
檢查你寫的HTTP客戶端的通信(使用”Follow TCP Stream”)和HTTPS客戶端的同學(檢查SSL握手包)
FTP -
在虛擬機中安裝FTP服務
使用Socket寫一個FTP客戶端
—————————————————————

0×08 Week 8 – Linux review and Code Exec
—————————————————————
參考列表:
Iptables – http://en.wikipedia.org/wiki/Iptables
Internet Control Message Protocol – http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
Cryptography – http://en.wikipedia.org/wiki/Cryptography
Cryptographic hash function – http://en.wikipedia.org/wiki/Cryptographic_hash_functions
實踐:
學習《Introduction to Linux Host Review》

https://pentesterlab.com/exercises/linux_host_review/

學習《CVE-2012-1823: PHP CGI》

https://pentesterlab.com/exercises/cve-2012-1823/

—————————————————————

0×09 Week 9 – Linux review and Code Exec
—————————————————————
參考列表:
C (programming language) – http://en.wikipedia.org/wiki/C_(programming_language)
Nmap – http://en.wikipedia.org/wiki/Nmap
Setuid – http://en.wikipedia.org/wiki/Setuid
實踐:
HTTP服務
寫一個HTTP服務(使用fork來處理更多的連接)
Connect to your HTTP server with your browser and check the requests done by your browser
Iptables學習
如果Iptable開啟了那么在你的虛擬機中關閉它
使用Iptables組織ICMP請求,使用Ping來檢查它是否工作
—————————————————————

0×10 Week 10 – Nmap and Crypto Attacks
—————————————————————
參考列表:
Wifi – http://en.wikipedia.org/wiki/Wifi
WEP – http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
WAP – http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
實踐:
Nmap
使用Nmap掃描你虛擬機打開的端口
使用Nmap掃描你虛擬機打開的端口,但是前提是使用Iptables阻止了ICMP請求的情況下
使用Iptable來關閉一個打開的端口,使用Nmap來檢測是否有效
找一個本地的會議(Ruxmon, 2600…)去瞅瞅
學習《CVE-2008-1930: WordPress 2.5 Cookie Integrity Protection Vulnerability》

https://pentesterlab.com/exercises/cve-2008-1930/

—————————————————————

0×11 Week 11 – WIFI
—————————————————————
參考列表:
Environment Variables – https://wiki.archlinux.org/index.php/Environment_Variables
Network Time Protocol – http://en.wikipedia.org/wiki/Network_Time_Protocol
SMB – http://en.wikipedia.org/wiki/Server_Message_Block
實踐:
設立一個WEP加密方式的WIFI熱點,然后破掉他的Key
學習《Rack Cookies and Commands Injection》

https://pentesterlab.com/exercises/rack_cookies_and_commands_injection/

—————————————————————

0×12 Week 12 – Linux Exploitation
—————————————————————
參考列表:
Memory management – http://en.wikipedia.org/wiki/Memory_management
Stack – http://en.wikipedia.org/wiki/Call_stack
Stack protection – http://en.wikipedia.org/wiki/Stack_protection
實踐:
下載并搞定Nebula(http://exploit-exercises.com/nebula)的levels 00到04
從exploit-exercises(http://exploit-exercises.com/)
—————————————————————

0×13 Week 13 – SSL Pinning and Linux Exploitation
—————————————————————
參考列表:
Public key pinning – https://www.imperialviolet.org/2011/05/04/pinning.html
Your app shouldn’t suffer SSL’s problems – http://www.thoughtcrime.org/blog/authenticity-is-broken-in-ssl-but-your-app-ha/
Guardian’s StrongTrustManager Vulnerabilities – http://www.thoughtcrime.org/blog/strongtrustmanager-mitm/
實踐:
下載并搞定Nubla的levels 05到09,從exploit-exercises
學習《From SQL injection to SHELL 2》

https://pentesterlab.com/exercises/from_sqli_to_shell_II/

—————————————————————

0×14 Week 14 – Web For Pentester
—————————————————————
參考列表:
閱讀 Web For Pentester – https://pentesterlab.com/exercises/web_for_pentester/
實踐:
搞定Nebula的levels 10到14,從exploit-exercises
做《Web For Pentester》中的練習
—————————————————————

0×15 Week 15 – Web For Pentester II
—————————————————————
參考列表:

實踐:
搞定Nebula的levels 15到19,從exploit-exercises
做《Web For Pentester II》中的練習

https://pentesterlab.com/exercises/web_for_pentester_II/

—————————————————————

作者推薦的一些書籍
—————————————————————
技術書籍:
《The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities》
《The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws》
《Hacking: The Art of Exploitation, 2nd Edition》
《The Tangled Web: A Guide to Securing Modern Web Applications》
…

非技術書記:
《Underground》
《Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell》
《The Pleasure of Finding Things Out: The Best Short Works of Richard P. Feynman (Helix Books)》
…
—————————————————————

俺的一點總結(jié):
總結(jié)完了整個列表,覺得參考的部分有點亂和零碎,不過依據(jù)這個學習路徑應該是可以使知識系統(tǒng)起落的,但是滲透的活兒始終是個面兒的問題.所以還需要不斷的積累和實踐.