██╗ ██╗ █████╗ ██████╗██╗ ██╗███████╗██████╗ ███████╗ ██╗ █████╗ ██████╗
██║ ██║██╔══██╗██╔════╝██║ ██╔╝██╔════╝██╔══██╗██╔════╝ ██║ ██╔══██╗██╔══██╗
███████║███████║██║ █████╔╝ █████╗ ██████╔╝███████╗ ██║ ███████║██████╔╝
██╔══██║██╔══██║██║ ██╔═██╗ ██╔══╝ ██╔══██╗╚════██║ ██║ ██╔══██║██╔══██╗
██║ ██║██║ ██║╚██████╗██║ ██╗███████╗██║ ██║███████║ ███████╗██║ ██║██████╔╝
╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚══════╝ ╚══════╝╚═╝ ╚═╝╚═════╝
"To defend a system, you must first understand how to break it."
This repository documents my hands-on journey through offensive security, practicing real-world attack techniques, exploitation methods, and system compromise simulations in a controlled lab environment.
Each lab is a battle fought, a skill earned.
[*] Understand how real-world cyber attacks are executed
[*] Gain hands-on exploitation experience across multiple vectors
[*] Learn attacker methodologies: initial access → escalation → persistence
[*] Build a professional cybersecurity portfolio through practical work
[*] Bridge the gap between theory and real-world security scenarios
| Domain | Techniques |
|---|---|
| 🌐 Network Exploitation | Port scanning, service enumeration, banner grabbing |
| 💉 Web Application Attacks | SQLi, XSS, file upload abuse, directory brute-force |
| 🐚 Reverse Shells & Access | Netcat shells, TTY upgrades, web shells |
| 🔺 Privilege Escalation | Sudo misconfigs, SUID binaries, cron job abuse |
| 🔍 Enumeration | LinPEAS, manual recon, service fingerprinting |
| 🔑 Password Attacks | Hash cracking with John the Ripper & Hashcat |
| 👣 Persistence | Backdoors, startup manipulation |
| 🎯 Red Team Methodology | Full attack chain simulation |
lab-xx-topic/
│
├── 📄 README.md ← Objective, Setup, Attack Steps, Results
├── 📁 screenshots/ ← Visual proof of exploitation
└── 📝 notes.md ← Additional findings & references
Each lab contains:
- Objective — What we're exploiting and why
- Setup — Environment configuration
- Attack Steps — Step-by-step execution
- Explanation — How and why the attack works
- Results — Outcome and evidence
- Key Learnings — Takeaways and defense insights
| # | Lab | Status |
|---|---|---|
| 01 | 🐚 Reverse Shell (Netcat) | ✅ Completed |
| 02 | 💉 Web Exploitation – SQL Injection | ⏳ Pending |
| 03 | 🎭 Cross-Site Scripting (XSS) | ⏳ Pending |
| 04 | 📂 Directory Bruteforce (Gobuster) | ⏳ Pending |
| # | Lab | Status |
|---|---|---|
| 05 | 📤 File Upload Vulnerabilities | ⏳ Pending |
| 06 | 🌐 Web Shell Injection | ⏳ Pending |
| 07 | 🔧 Reverse Shell Upgrade (TTY Shell) | ⏳ Pending |
| 08 | 🔑 Password Cracking (John / Hashcat) | ⏳ Pending |
| # | Lab | Status |
|---|---|---|
| 09 | 🔍 Linux Enumeration (linPEAS) | ⏳ Pending |
| 10 | ⚙️ Sudo Misconfiguration Exploitation | ⏳ Pending |
| 11 | 🔏 SUID Binary Exploitation | ⏳ Pending |
| 12 | ⏰ Cron Job Exploitation | ⏳ Pending |
| # | Lab | Status |
|---|---|---|
| 13 | 🔗 Full Attack Chain (Web → Shell → Root) | ⏳ Pending |
| 14 | 👣 Persistence Techniques | ⏳ Pending |
| 15 | 💥 Metasploit Exploitation | ⏳ Pending |
| 16 | 🎮 Multi-Step Attack Simulation | ⏳ Pending |
[+] Detecting attacks using system logs
[+] Monitoring suspicious network activity
[+] Basic incident response practices
Total Labs Planned : 16
Labs Completed : 1
Labs In Progress : 0
Completion : [█░░░░░░░░░░░░░░░░░░░] 6%
Progress bar updates as labs are completed. Follow to stay notified.
╔══════════════════════════════════════════════════════════╗
║ ⚠️ EDUCATIONAL USE ONLY ║
║ ║
║ All techniques in this repository are performed ║
║ exclusively in controlled, isolated lab environments. ║
║ ║
║ Unauthorized use of these techniques against systems ║
║ without explicit permission is ILLEGAL. ║
║ ║
║ The author holds no responsibility for misuse. ║
╚══════════════════════════════════════════════════════════╝
