How do i learn hacking/penetration testing?

1 answers

Anonymous

_____ _ _ U _____ u _ _ U ___ u U ___ u ____ ____ _ _ ____ U _____ u _____ ___
|_ " _| |'| |'| \| ___"|/ | \ |"| \/"_ \/ \/"_ \/U | __")u U /"___|uU |"|u| | ___ | _"\ \| ___"|/ |___"/u / _"\ u
| | /| |_| |\ | _|" <| \| |> | | | | | | | | \| _ \/ \| | _ / \| |\| | |_"_| /| | | | | _|" U_|_ \/ | / U |/
/| |\ U| _ |u | |___ U| |\ |u.-,_| |_| |.-,_| |_| | | |_) | | |_| | | |_| | | | U| |_| |\| |___ ___) | | \// |,-.
u |_|U |_| |_| |_____| |_| \_| \_)-\___/ \_)-\___/ |____/ \____| <<\___/ U/| |\u |____/ u|_____| |____/ _\___/(_/
_// \\_ // \\ << >> || \\,-. \\ \\ _|| \\_ _)(|_ (__) )(.-,_|___|_,-.|||_ << >> _// \\(")//
(__) (__)(_") ("_)(__) (__) (_") (_/ (__) (__) (__) (__) (__)__) (__)\_)-' '-(_/(__)_) (__) (__) (__)(__)"(__)


Hello again everyone! This is the the second time the original Noob Guide was re-made. This is also on ghostbin. The link is https://ghostbin.com/paste/pv3pd

------
Intro:
------
You are a noob. You may think you aren't because you did some fancy think like watch Star Wars IV on a terminal or ssh into another computer.
Although those are places to start, hacking is something else special. Hacking is a very broad term though. Hacking literally means to modify
something to use it not as intended. There are some great walkthroughs and books talking about this that i will link you to later in this guide.


=============
Staying safe:
=============
Hacking a computer network is by all means, illegal. And you don't want to be caught doing bad stuff (unless you're edgy ( ͡° ͜ʖ ͡°)).
To stay safe on the internet, a few things are HIGHLY RECOMMENDED. Just remember that you are never 100% anonymous on the internet

-------------
Using a proxy
-------------
A proxy is a server that you can route all of your internet traffic through. Although proxies are slow, they still help with anonymizing yourself.
A quick google search should give you a huge list of proxies in your respective country. You can also make a proxy from your house and route all
traffic through there {1}

------
Tor
------
Tor is a large network of proxies from around the globe to help you anonymize yourself. Tor is also a hub for illegal activities like drug
trafficking, hitmen and loads of other bullshit{2}. Although Tor helps with anonymity, it is VERY SLOW, so don't hack directly from tor.
Download Link >>> https://www.torproject.org/download/download-easy.html.en

------
VPN
------
A VPN, or Virtual Private Network, is similar to a proxy, but it (should) encrypt all of your data through a tunnel and essentially completely
replace your ISP. Some VPN's allow you to choose what country you're browsing from. So if your country restricts your internet, you can browse
that are outside of your countries firewall. A VPN is also usually faster than a proxy and much faster than tor. {3}



{1} http://www.youngzsoft.net/ccproxy/set-up-proxy-server.htm
{2} http://www.planetdolan.com/10-disturbing-stories-from-the-deep-web/
{3} strongvpn.com/difference_between_proxy_and_vpn.html

=====================
Information Gathering
=====================
Information Gathering is often an overlooked step of hacking someone. In my opinion it is the most important step. HackBack has some great step by step
walkthroughs of his hacks. {1}{2} Information gathering is getting as much information as possible about the company/persons network; for example, using
nmap{3}, you can find out the OS of a server on their network, identify open TCP ports{4}. There are also some other great tools for Info gathering,
vulnerability scanning etc.
-------
nmap
------
Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks,
although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what
services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network
administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Download link>>> https://nmap.org/download.html

------------
theHarvester
------------
theHarvester is a great python script that searches in social media like linkedin and twitter to find out employee names and emails. theHarvester
can also be used to find subdomains of websites.

---------
Recon-ng
---------
Recon-ng is a framework to find out as much info as possible about a company. In my opinion, it is fairly hard to get into it, but when you do,
it can be really useful. recon has a bunch of useful scanners that you can use to your hearts content.

-------
fierce
-------
Fierce is a great little perl script that is solely for finding subdomains of a website.
Download link >>> https://github.com/davidpepper/fierce-domain-scanner

---------
Maltego
---------
Maltego is an all in one info gatherer, finding emails from that domain, subdomains, dns servers etc. It only comes on Kali Linux which is unfortunate
but Kali isn't hard to get

-Vulnerability scanners:

--------
Nessus
--------
Nessus is a mainly browser based vulnerability/info gatherer. It not only looks good but it works fast and well.
There are free and paid pro versions of Nessus.
Download link >>> http://www.tenable.com/products/nessus/select-your-operating-system

------
Vega
------
Vega is another vulnerability scanner made in Java that works well and scans a domain or ip scope for various vulnerabilities that could
possibly be exploited.

----------
Metasploit
----------
Metasploit is a framework that does much much more than vuln scanning but has the capability to scan for vulns. I will go more in depth on this later.


{1} https://ghostbin.com/paste/6kho7
{2} http://pastebin.com/raw/cRYvK4jb
{3} https://nmap.org/
{4} https://en.wikipedia.org/wiki/Port_(computer_networking)


==================
Social engineering
==================
Social engineering is more of an art than just a step to a hack. Social engineering is getting someone (yes a human) to give you information that you
weren't allowed to get. This can include calling a company and trying to change someone account password so only you know it, figuring out what OS a
companies computers are using and etc.

Social Engineering examples:
http://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering
https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411

===========
OS picking
===========
Choosing your OS is an important part of the starting out process. Although you will most likely be using a few different OS's. ALWAYS KEEP YOUR OS'S ON
A VIRTUAL MACHINE. UNLESS IT IS A LIVE DISK.

What I mean by that is use a VM manager like VirtualBox {1} or VMWare {2} and store your virtual disks on an (hopefully) encrypted drive.

------------
Which OS?
------------
When hacking, you generally want to stay away from Windows. Windows is not known for its user security and most tools won't work natively on Windows.
You can google all of these so I won't be including a download link.

1. Ubuntu Linux - By far the most popular Linux Distribution with the general public, it is based off of Debian Linux {3}. It looks good and
works well

2. Kali Linux - Most people say to not use Kali unless you know what you're doing, which is right. But if you want to learn various tools,
then use Kali. Kali is also Debian based and comes with some Kali exclusive tools like Maltego.

3. Tails Linux - Tails is a live OS {4} that routes all of your internet traffic through Tor. Also Debian based.

4. OSX - Yes, OSX. OSX is Unix based, as is Linux. OSX has the bash terminal and should be able to run MOST command line programs that Linux can.
This should not be your first choice of operating systems.

5. Other Linux Distros - There are many other versions of Linux that vary on one way or another, you can google different versions of Linux and
get the one you prefer.

{1} https://www.virtualbox.org/
{2} https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/12_0
{3} https://www.debian.org/
{4} https://en.wikipedia.org/wiki/Live_USB

===========
Dos & DDoS
===========
DoSing (Denial of Service) and DDoS (Distributed Denial of Service) pretty much flood your target with so many empty packets that the server has to
shut down. Although this isn't really considered "hacking" people still do it to send a message.

Some tools to use for Dosing and DDoSing are:

1. torshammer - this is a slow POST DoS tool that can shut down most low level apache servers pretty quickly. You can anonymize the traffic through
Tor if you desire to.

2. slowloris - slowloris is a perl script that uses low bandwidth and is a HTTP client.

3. UFOnet - this very cool tool that pretty much builds a botnet{1} for you. It uses open redirect{2} vulnerabilities and makes those vulnerable websites
a 'zombie'

P.S. DO NOT USE LOIC, HOIC OR THE SORT. THESE TOOLS COMPROMISE YOUR LOCATION AND PRIVACY. THERE HAVE BEEN CASES OF ARRESTS FOR USING THESE TOOLS.

P.P.S. there are tutorials on how to use all of these tools on youtube, do go look up whichever one you choose to use.


{1} https://en.wikipedia.org/wiki/Botnet
{2} https://www.owasp.org/index.php/Open_redirect


=================
Password cracking
=================
Cracking a password can be easy or hard depending on how dumb the user is. If the user has a password like: '123456Seven' it can be cracked in seconds.
However, if it is longer and more complex, it could take up to decades to crack. But most likely it is not a 32-character password with special characters,
so these tools can help you crack wifi passwords, HTML password forms, ssh password cracking and the sort.

Some useful cracking tools are:
1. THC-Hydra - this is a very useful tool for cracking ssh, HTML, ftp and a bunch of other protocols. It is pretty fast and uses a wordlist if
provided by the user.

2. aircrack-ng - this well known tool is used to very quickly crack WPA and WPA2 passwords. JackkTutorials on youtube has a great tutorial on how
to use this tool.

3. Hashcat - although hashcat does not brute force logins, it cracks received hashes using your GPU. If you don't know the difference between a
CPU and a GPU, educate yourself by going to {1}.

4. John the Ripper - John the Ripper is a fast password cracker for UNIX/Linux and Mac OS X.. Its primary purpose is to detect weak Unix
passwords, though it supports hashes for many other platforms as well. There is an official free version, a community-enhanced version
(with many contributed patches but not as much quality assurance), and an inexpensive pro version.

5. Ophcrack - Ophcrack is a free rainbow-table {2} based cracker for Windows passwords (though the tool itself runs on Linux, Windows, and Mac).
Features include LM and NTLM hash cracking, a GUI, the ability to load hashes from encrypted SAM recovered from a Windows partition,
and a Live CD version. Some tables are provided as a free download but larger ones have to be bought from Objectif Sécurité

{1} https://blogs.nvidia.com/blog/2009/12/16/whats-the-difference-between-a-cpu-and-a-gpu/
{2} https://en.wikipedia.org/wiki/Rainbow_table

================================
Man in the Middle attacks (MITM)
================================
A Man in the Middle attack is an attacker(most likely you) is looking at the traffic of someone else on your currently connected network and seeing if
there is any important information left in plain text.

Some useful tools for this kind of attack are:

1. Wireshark - Wireshark is a very well known packet sniffer. It sniffs ALL of the traffic on your network and displays it in a nice GUI.

2. Ettercap - This tool was built for MITM attacks. It comes with many plugins that you can use to collect various information about your target.

3. tcpdump - tcpdump is less of a MITM tool and more of an overall network sniffer. Hak5 {1} has some great tutorials on how to use tcpdump.

{1} https://www.youtube.com/user/Hak5Darren

==================
System exploiting
==================
Now for the fun stuff, finding an exploit and exploiting it. This should be a separate tutorial, but exploits can be very useful for getting into
internal networks. There are tens of thousands of public exploits{1} and many other exploits that are being exploited in the wild{2}.

Some great tools for exploitation are:

1. Metasploit-Framework - the metasploit framework is the king when it comes to exploits, payloads, nops etc. Metasploit is a favorite of mine
and many other security professionals. Offensive security has a very in depth tutorial on how to use various functions of metasploit{3}. Hak5's
'Metasploit Minute' with Mubix has some excellent tutorials on metasploit.{4}

2. beEf - beEf (browser exploitation framework) is a framework that exploits the web browser and can be used to phish the victim into giving you
various passwords and many other things. beef can be used in conjunction with Metasploit.

3. sqlmap - sqlmap is a great tool for fingerprinting servers backend DBMS, automating SQL injection{5} etc. USE THIS TOOL.



{1} https://exploit-db.com
{2} http://searchsecurity.techtarget.com/definition/in-the-wild
{3} https://www.offensive-security.com/metasploit-unleashed/
{4} https://www.youtube.com/user/Hak5Darren
{5} https://www.owasp.org/index.php/SQL_Injection

==================
Post-Exploitation
==================
So what do you do after you get into a network? You usually run modules or programs to find out information about other computers on the network or info
about internal servers. You use different programs to move around to different computers on the network.

Some tools to use for post-exploitation are:
1. Metasploit - Again, Metasploit has a wide array of post-exploitation modules that can be run on compromised targets to gather evidence,
pivot deeper into a target network, and much more.

2. Armitage - Armitage is a graphical version of metasploit that some other people prefer. It finds potential exploits and executes them.
It also has all of the post modules in a list that you can use.

================
Communication
================
This probably should have been put somewhere in the beginning of the guide. But communicating with other anons is very important if you want to learn
some new stuff. Talking with anons can also get you info about protests, OP's etc. The most secure way to communicate is through IRC. And in my opinion,
OnionIRC is the place to be when it comes to hacking (The OnionIRC server is onionirchubx5363.onion:6697). There, they have weekly classes to learn all
of hacking skills so you are less of a skiddie (which you are now). The room on OnionIRC for classes is #school4lulz.

Some IRC clients are:

1. Hexchat >>> https://hexchat.github.io/

2. XChat >>> http://xchat.org/

3. Tor messenger (The best way to connect to onionirc) >>> https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily


Some other sites to visit are:

1. 4chan.org - the birthplace of Anonymous

2. anonboards.com - a board for planning marches, protests etc.

===============================
General things you need to know
===============================
1. Basic Linux terminal commands - When using Linux, it is almost essential to know the following commands and some more:
(Google all of these for more info or in terminal do --> man [command]
- ping
- cd/ls/nano(or vi)
- dig
- nslookup
- git (needs a separate install, google 'git' for more info)

2. The TCP/IP suite - The TCP/IP suite is an extensive package of multiple internet protocols. Eli The Computer Guy{1} on Youtube
explains the TCP/IP suite very well as well as other networking subjects.

3. Basics and concepts of programming - if you really want to go through with a hack, you might have to write your own tools to use.
Languages like Python, HTML, Ruby, SQL, Java/JavaScript(not interchangeable languages) are great to learn the basics of.
Knowing these will not only help you in hacking, but in computer science and software development as well.

4. How to not be an idiot on the internet - NEVER GIVE AWAY ANY PERSONAL INFORMATION ON THE INTERNET EVER. IF YOU HAVE A PERSONAL
SOCIAL MEDIA ACCOUNT, DO NOT ASSOCIATE IT WITH YOUR HACKING NICKNAME. NEVER. EVER.


{1} https://www.youtube.com/user/elithecomputerguy

==================
Other useful stuff
==================

1. builtwith.com - this website tells you what a website is built on.

2. whatweb{1} - this program does the same thing as builtwith but searches for SQL{2} errors, email addresses and other stuff

3. sectools.org - this website has a bunch of lists about security programs that you can use.

4. GHDB{3} - the Google Hacking Database has a very long list of Google 'Dorks'{4} you can use to find vulnerable sites

5. codecademy.com - This educational website teaches you multiple programming languages like Python{5}, Java, SQL, Ruby and many others.

6. root-me.org - This is a website built for penetration testers. You choose a hacking challenge to do and if you do it, you get points.
This is a great place to practice your skills.

7. wikileaks{6} - I'm sure you already know what this is because it's made it to international news.

8. hackread.com - a news source on hacks, doxxes, security issues etc.


{1} https://www.morningstarsecurity.com/research/whatweb
{2} https://en.wikipedia.org/wiki/SQL
{3} https://www.exploit-db.com/google-hacking-database/
{4} http://whatis.techtarget.com/definition/Google-dork-query
{5} https://www.python.org/
{6} https://wikileaks.org/

=============
In the end...
=============
All in all, be careful out there, stay safe, and don't be an idiot and hack without a vpn/proxy or in public, you'll get yourself arrested.
Remember, security is a myth, trust no one unless you know them IRL. I AM NOT RESPONSIBLE FOR ANYTHING STUPID YOU DO. Happy Hunting!


Your's truly,
Warden




More questions

2 answers

Why do you exist?