### Install and Run Hacker101 Locally with Jekyll Source: https://context7.com/hacker0x01/hacker101/llms.txt This snippet details the steps to set up the Hacker101 development environment locally using Ruby and Jekyll. It includes installing dependencies and serving the site. ```bash # Prerequisites: Ruby installed via rbenv (recommended) # Install bundler if not already installed gem install bundler # Clone the repository git clone https://github.com/Hacker0x01/hacker101.git cd hacker101 # Install dependencies bundle install # Build and serve the site locally bundle exec jekyll serve # Access the site at http://localhost:4000 ``` -------------------------------- ### Hacker101 Burp Suite Session Structure (YAML) Source: https://context7.com/hacker0x01/hacker101/llms.txt Provides an example structure for a Burp Suite session lesson in Hacker101, including layout, title, subtitle, video source, and navigation to the next session. It also lists covered topics. ```yaml --- layout: page title: Burp 101 subtitle: Getting Started video_src: https://www.youtube-nocookie.com/embed/LSqC9qgEMi0 next_url: burp201 --- # Topics covered: # - Getting and configuring Burp Proxy # - Firefox proxy setup # - UI overview (Target, Proxy, Spider, Intruder, Repeater, Sequencer, Decoder, Comparer) # - Using site maps and setting scope # - HTTP history filtering and request interception # - Match and replace rules # - Request manipulation for XSS detection ``` -------------------------------- ### Web Hacking Tools and Workflow (Bash) Source: https://context7.com/hacker0x01/hacker101/llms.txt A curated list of essential web hacking tools for reconnaissance, scanning, and exploitation, along with an example bash workflow for subdomain enumeration. This uses bash scripting. ```bash # Reconnaissance tools: # - Amass: OWASP subdomain enumeration # - Subfinder: Passive subdomain discovery # - Sublist3r: Multi-source subdomain enumeration # - Aquatone: Visual inspection of websites # Scanning tools: # - Burp Suite: Web proxy and scanner # - OWASP ZAP: Open source web app scanner # - Nikto: Web server vulnerability scanner # - Nuclei: Template-based vulnerability scanner # Exploitation tools: # - sqlmap: SQL injection automation # - ffuf: Fast web fuzzer # - wfuzz: Web application fuzzer # Example subdomain enumeration workflow: subfinder -d target.com -o subdomains.txt cat subdomains.txt | httprobe > live-hosts.txt cat live-hosts.txt | aquatone -out screenshots/ ``` -------------------------------- ### Vulnerability Report Structure (Markdown) Source: https://context7.com/hacker0x01/hacker101/llms.txt Guidelines for writing effective vulnerability reports, including recommended structure, CVSS scoring components, and example reproduction steps. This is a Markdown formatted guide. ```markdown # Report structure: 1. Title: Vulnerability type + endpoint + impact Example: "Stored XSS in profile.php via user's signature on app.acme.org leads to account takeover" 2. CWE & CVSS Score - Attack Vector: Network/Adjacent/Local/Physical - Attack Complexity: Low/High - Privileges Required: None/Low/High - User Interaction: None/Required - Scope: Unchanged/Changed - Confidentiality/Integrity/Availability: None/Low/High 3. Reproduction Steps - Description/Introduction - Working proof of concept - HTTP request (as text, not screenshot) - HTTP Response or DOM - Impact Statement # Example CVSS for Stored XSS: Attack Vector: Network Attack Complexity: Low Privileges Required: None (or Low if auth needed) User Interaction: Required (or None for trivial interaction) Scope: Changed (browser impacted, not just server) Confidentiality: Low (DOM access) Integrity: Low (defacement possible) Availability: None ``` -------------------------------- ### Mentorship Mondays Topics (YAML) Source: https://context7.com/hacker0x01/hacker101/llms.txt Outlines topics covered in Mentorship Mondays sessions, including career development, specific security techniques, and community subjects, organized by season. This is a YAML formatted list of topics. ```yaml # Season 1 topics (sessions/mm/s01/): # - CTF vs Bug Bounty comparison # - HackerOne Elite program # - Government hacking programs # - How to pentest effectively # - Using Shodan for recon # - Mental health in security # - Mobile hacking introduction # Season 2 topics (sessions/mm/s02/): # - Getting started in security # - How to pick targets # - Writing effective reports # - Industry certifications # - Starting a security career ``` -------------------------------- ### Hacker101 Newcomers Playlist Structure (YAML) Source: https://context7.com/hacker0x01/hacker101/llms.txt Defines the structure for the 'Newcomers Playlist' in Hacker101, outlining the layout, title, and video series source. It also lists the included lessons. ```yaml --- layout: page title: Newcomers Playlist video_src: https://www.youtube-nocookie.com/embed/videoseries?list=PLxhvVyxYRviZsAKXZEbmfsVMZp3s0KaVE --- # Included lessons: # - Introduction # - The Web in Depth # - Writing Good Reports ``` -------------------------------- ### Navigation Links Rendering (Liquid) Source: https://github.com/hacker0x01/hacker101/blob/master/_layouts/page.html This snippet handles the rendering of previous and next video navigation links, along with an optional call-to-action description. It uses default text if specific labels are not provided. This is commonly found at the end of content pages. ```liquid {% if page.previous_url or page.next_url %} * * * {% if page.cta_description %} {{ page.cta_description }} {% endif %} {% if page.previous_url %} [{{ page.previous_text | default: "Previous video" }}]({{ page.previous_url }}) {% endif %} {% if page.next_url %} [{{ page.next_text | default: "Next video" }}]({{ page.next_url }}) {% endif %} {% endif %} ``` -------------------------------- ### Sidebar Content Rendering (Liquid) Source: https://github.com/hacker0x01/hacker101/blob/master/_layouts/page.html This code block iterates through a 'sidebar' array to render section titles, subtitles, and links. It also includes logic to potentially render resources using an include. This is used for displaying supplementary information alongside the main content. ```liquid {% if page.sidebar %} {% for section in page.sidebar %} {% if section.title %} {{ section.title }} {% endif %} {% if section.subtitle %} {{ section.subtitle }} {% endif %} {% if section.links %} {% for link in section.links %}* [{{ link.text }}]({{) {% if link.updated %} Updated! {% endif %} {% endfor %} {% endif %} {% if section.resources %} {% include resources_sidebar.html %} {% endif %} {% endfor %} {% endif %} ``` -------------------------------- ### Jekyll Site Configuration Overview (YAML) Source: https://context7.com/hacker0x01/hacker101/llms.txt Describes the Jekyll site configuration, noting its use of Bootstrap styling and various plugins for SEO and navigation. This is a YAML formatted configuration overview. ```yaml # The site uses Jekyll with Bootstrap styling and various plugins for SEO and navigation. ``` -------------------------------- ### Render Page Title and Subtitle (Liquid) Source: https://github.com/hacker0x01/hacker101/blob/master/_layouts/page.html This snippet demonstrates how to conditionally render a page's title and subtitle using Liquid templating. It escapes the output to prevent cross-site scripting vulnerabilities. No external dependencies are required. ```liquid {%- if page.title -%} {{ page.title | escape }} ========================= {{ page.subtitle | escape }} {%- endif -%} ``` -------------------------------- ### Hacker101 SQL Injection Lesson Structure (YAML) Source: https://context7.com/hacker0x01/hacker101/llms.txt Outlines the YAML structure for the SQL Injection lesson in Hacker101, including layout, title, video source, and a list of covered topics related to SQL injection and related vulnerabilities. ```yaml --- layout: page title: SQL Injection and Friends video_src: https://www.youtube-nocookie.com/embed/bIB3Hi6KeZU --- # Topics: # - Directory traversal exploitation and mitigation # - Command injection real-world scenarios # - Basic SQLi exploitation # - Blind SQLi (boolean-based and time-based) ``` -------------------------------- ### Hacker101 CTF Platform Overview (YAML) Source: https://context7.com/hacker0x01/hacker101/llms.txt Provides information about the Hacker101 CTF platform, including its purpose, how it works, and a recommended learning path for participants. This is a YAML formatted description. ```yaml # CTF Platform: https://ctf.hacker101.com/ # How it works: # 1. Complete CTF challenges to find flags # 2. Flags mark progress and unlock achievements # 3. Earn invitations to private bug bounty programs on HackerOne # 4. Apply learned skills to real vulnerability research # Recommended learning path: # 1. Complete Newcomers playlist # 2. Work through Burp Suite tutorials # 3. Start CTF challenges # 4. Watch additional video lessons as needed # 5. Apply for private programs on HackerOne ``` -------------------------------- ### Conditional Video Rendering (Liquid) Source: https://github.com/hacker0x01/hacker101/blob/master/_layouts/page.html This code snippet shows how to conditionally display a video section based on the presence of a 'video_src' variable. It also dynamically sets the query string symbol ('?' or '&') for the video URL. This logic is part of the page layout. ```liquid {% if page.video_src %} Video ----- {% if page.video_src contains "?" %} {% assign symbol = "&" %} {% else %} {% assign symbol = "?" %} {% endif %} {% endif %} ``` -------------------------------- ### List Blog Posts in Jekyll Source: https://github.com/hacker0x01/hacker101/blob/master/_layouts/home.html This snippet demonstrates how to list blog posts in a Jekyll site. It checks if there are any posts, sets a default list title, and then iterates through each post to display its date, title, and excerpt if enabled. ```liquid {%- if site.posts.size > 0 -% {{ page.list_title | default: "Posts" }} {%- for post in site.posts -%}* {%- assign date_format = "%b %-d, %Y" -%} {{ post.date | date: date_format }} [{{ post.title | escape }}]({{ post.url | relative_url }}) {%- if site.show_excerpts -%} {{ post.excerpt }} {%- endif -%} {%- endfor -%} subscribe [via RSS]({{ ) {%- endif -% } ``` -------------------------------- ### iOS Security Sessions Overview (YAML) Source: https://context7.com/hacker0x01/hacker101/llms.txt Lists available sessions for iOS application security fundamentals, covering topics like filesystem, inter-app communication, webviews, and transport security. This is a YAML formatted list of markdown files. ```yaml # iOS sessions available: # sessions/iOS/ios_quickstart.md - Getting started # sessions/iOS/application_basics.md - Application fundamentals # sessions/iOS/filesystem.md - Filesystem security # sessions/iOS/interapp_communication.md - Inter-app communication # sessions/iOS/webviews.md - WebView vulnerabilities # sessions/iOS/app_transport.md - App Transport Security ``` -------------------------------- ### Android Security Sessions Overview (YAML) Source: https://context7.com/hacker0x01/hacker101/llms.txt Lists available sessions for Android application security testing, including common vulnerabilities and practical workshops. This is a YAML formatted list of markdown files. ```yaml # Android sessions available: # sessions/android/quickstart.md - Getting started with Android hacking # sessions/android/common_android_bugs_1.md - Common vulnerabilities part 1 # sessions/android/common_android_bugs_2.md - Common vulnerabilities part 2 # sessions/android/hacking_workshop_b3nac.md - Practical workshop ```