CTF-Notes is a comprehensive educational resource compiling notes, tools, and best practices for penetration testing and red teaming from beginner to advanced levels.
From Zero To Hero
This repository serves as a practical guide and reference for cybersecurity enthusiasts and professionals preparing for Capture The Flag (CTF) challenges or real-world penetration tests. Users can leverage curated notes, tool recommendations, and step-by-step methodologies to improve their hacking skills and streamline their workflow.
Users should familiarize themselves with tools and exploits before running them to avoid unintended consequences. Maintaining detailed notes in Markdown or tools like Obsidian is highly recommended for effective learning and tracking progress. Using virtual environments such as Kali Linux VMs ensures a safe and controlled testing setup.
Use a virtual environment such as Kali Linux on VirtualBox or VMware Player
Install missing tools from Kali Linux repository using: sudo apt-get install kali-linux-everything
Download the correct .ovpn file to connect to the target network
Decompress common wordlists like rockyou.txt with: sudo gunzip /usr/share/wordlists/rockyou.txt.gzsudo openvpn /PATH/TO/OVPNFILE/<USERNAME>.ovpn
Connects to the VPN network to access the target box
sudo apt-get install kali-linux-everything
Installs all Kali Linux penetration testing tools
sudo nmap -sC -sV -p- <RHOST>
Performs a full TCP port scan with default scripts and version detection
sudo nmap -sC -sV -Pn -p- <RHOST>
Same as above but skips host discovery (useful if ping is blocked)
sudo nmap -sV -sU <RHOST>
Scans UDP ports with version detection
whatweb http://<RHOST>
Identifies technologies used by a web server
gobuster dir -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt
Performs directory busting on a web server using a large wordlist
searchsploit <APPLICATION>
Searches local exploit database for vulnerabilities related to the specified application