== PentesterLab Weeks 1 and 2 ==

18 Oct 2017

* All information in this write-up is, to the best of my knowledge,  
* truthful and accurate. However, I am only new to this, and I am   
* learning as I go, so it is entirely possible something contained  
* within this write-up is incorrect in some way. Never execute any  
* command, without knowing for sure what it is you are doing. Look  
* at the man pages of all commands if you do not understand them.  
*
* I take no responsibility if you decide to use this information   
* to commit illegal acts. If you attempt to use these techniques  
* against devices or networks you do not either own, or have    
* permission to attack, you could end up in prison.

For my first series in the journey throung web-pentest-tutorials, I will do my best to work through all the content for each week in PentesterLab’s bootcamp. I will read through the reading list material and point out some aspects i feel need a deeper dive however, my focus for in these series of posts, will document my progress through the hands on sections.

Week 1

This week’s hands on, we will install a traditional distribution of Linux in a virtualisation system, and also learn the basics of a scripting language.

I am already using VirtualBox, and decided to install the latest 17.0 version of Ubuntu as my Linux distribution, i used the 16.4 previously however at the time of writing I decided to use the latest version feel free to use any distro of your choice is mentioned in the bootcamp notes. The Gnome looks good. (justSaying)This should be fairly easy to do since there is already a lot of choices out there, Just Google It.

I will be using Python as a scripting language for writing but i will also spend some time looking our the ruby syntax since most of the pentesterlab platform is built on Ruby. Python that’s what I will be using for the rest of the bootcamp. I found Code Academy Learn Python exercises useful but they need an update.

Week 2

These are the following tasks we need to complete in Week 2

sudo apt-get install virtualbox-5.0

-Install Apache and change the home page of the hosted site using vim, then access it from another machine Change your host file to access the Linux system under the name vulnerable. Write an HTTP client to retrieve the site using an HTTP library. Write an HTTP client to retrieve the site using just socket. Examine sent requests and responses with Burp Suite

Installing Apache and changing the web page

-Installing Apache is quite simple and there are a number of guides out there. I find the Digital Ocean tutorials quite helpful, and used a LAMP Stack tutorial which will also be useful for week 3.

As far as changing the web page, I just made a new index.html file in

$ sudo nano /var/www/html/index.html

You extened the looks of the page with some simple html nothing complicated for this section my modified page cab be found below

<!DOCTYPE html>
<html>
    <body>
        <h1>Vulnerable Web Server</h1>
        <p>PentesterLab bootcamp week 2</p>
    </body>
</html>

Writing the HTTP Client

#!/usr/bin/python
# HTTP Client 

import urllib2

r = urllib2.urlopen('http://vulnerable/')

print r.read()

r.close()