Ethical Hacking And Cyber Security Hackersploit Notes

Welcome to the best ethical hacking course on the interent, i will be taking you through all you need to know from terminology to sql Everything you need to get started as a hacker and take your hacking skills to an expert level is included in this series. Begin with the basics of hacking including what is ethical hacking, introduction to hacking terms, and how hackers setup their computers. Follow along as you see exactly what software you need including VirtualBox and Kali Linux. See what to do next after you download VirtualBox, create your virtual environment, and install Kali Linux. Meet the Linux terminal you will use to do your work in including the basic functionalities and Linux Command Line Interface (CLI). See how to navigate in Kali Linux and then get started with the real hacking! Learn Tor, proxychains, Virtual Private Networks (VPN), Macchanger, Nmap, and get an introduction to wifi hacker cracking for WPA and WPA2 security with aircrack and reaver.

Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools. Some of the best tools that come with Parrot OS are: 

1 Aircrack-ng 

2 Reaver

3 Pixiewps 

4 Wifite 

5 Wireshark 

6 oclHashcat 

7 Fern Wifi Cracker 

8 Wash 

NMAP 

Welcome to Nmap for beginners! Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.

 OS Compatibility: Linux,Windows & Mac( Pre-Installed in Kali linux,BlackArch & parrot OS) Commands used:

nmap --help

 nmap -vv 

nmap -oG

 nmap -p

 nmap -0

 nmap -A 

nmap -sV 

nmap -F

nmap --open

 

KATOOLIN

Katoolin is a script that helps to install Kali Linux tools on your Linux distribution of choice. For those of us who like to use penetration testing tools provided by Kali Linux development team can effectively do that on their preferred Linux distribution by using Katoolin. 

 OS Compatibility: Any Debian Distro Commands:-

1) apt-get install git 

2) git clone https://github.com/LionSec/katoolin.git​ && cp katoolin/katoolin.py /usr/bin/katoolin

 3) chmod +x /usr/bin/katoolin 

4) katoolin

Katoolin git: https://github.com/LionSec/katoolin

 

ZENMAP

Welcome to Zenmap for beginners! Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing- 

Nmap: https://nmap.org/​ 

Zenmap: https://nmap.org/zenmap/​ 

Scanme: http://scanme.nmap.org/ ​

 

Proxychains in Kali Linux to stay anonymous

 How to setup Proxychains in Kali Linux to stay anonymous while performing Nmaps Scans or SQLInjection.Kali Linux 2.0 , an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments. proxychains - a tool that forces any TCP connection made by any given application. to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP. proxyresolv - DNS resolving. Used to resolve host names via proxy or TOR.

 MAC address spoofing is a technique for temporarily changing your Media Access Control (MAC) address on a network device. A MAC Address is a unique and hardcoded address programmed into network devices which cannot be changed permanently. The MAC address is in the 2nd OSI layer and should be seen as the physical address of your interface. Macchanger is a tool that is included with any version of Kali Linux including the 2016 rolling edition and can change the MAC address to any desired address until the next reboot. In this tutorial we will be spoofing the MAC address of our wireless adapter with a random MAC address generated by Macchanger on Kali Linux. Kali Linux 2.0 , an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments. 

 

ANOTHER WAY TO ANONYMISE OUR ENTIRE SYSTEM

Anonsurf will anonymize the entire system under TOR using IPTables. It will also allow you to start and stop i2p as well. Und3rf10w forked ParrotSec’s git and made a version for Kali Linux which is very easy and straight forward to install. His repo contains the sources of both the anonsurf and pandora packages from ParrotSec combined into one. Und3rf10w also made some small modifications to the DNS servers to use of Private Internet Access (instead of using FrozenDNS) and added some fixes for users who don’t use the resolvconf application. He also removed some functionality such as the GUI and IceWeasel/Firefox in RAM. There’s a installer script which makes it really easy to install it. You can review the installer script to find out more. This forked version should now work with any Debian or Ubuntu system, but this has only been tested to work on a kali-rolling amd64 system. I am also using the same system but users are advised to test and verify it in their own distro. If it works, then you will be able to hide your IP and gain anonymity as long you’re not signed into any website such as Google, Yahoo etc. I wrote a nice long article comparing different methods i.e. TOR vs VPN vs Proxy on top of each other. Kali Linux 2.0 , an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.

 Commands: 

git clone https://github.com/Und3rf10w/kali-ano...​ 

cd kali-anonsurf/ ./installer.sh

 anonsurf start 

NOTE :- restart anonsurf 

DNS and VPN 

DNS Spoofing (sometimes referred to as DNS Cache Poisoning) is an attack whereby a host with no authority is directing a Domain Name Server (DNS) and all of its requests. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. 

 Commands:

 ----------------------- 

cat /etc/resolv.conf 

nano /etc/dhcp/dhclient.conf

Uncomment prepend domain-name-servers IP1,IP2 ;

Here Ip1 Ip1 is two name servers ip's which we have to change from default setting

service network-manager restart

 ----------------------- 

TAILS OPERATING SYSTEM

Tails or The Amnesic Incognito Live System is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. All its outgoing connections are forced to go through Tor, and non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so. The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard search engines for any reason. The content is hidden behind HTML forms. It is estimated that the deep web makes up 96 % of the whole internet. The opposite term to the deep web is the surface web. 

Links:

 Tails OS: https://tails.boum.org/

STEGANOGRAPHY

Steganography is the hiding of a secret message within an ordinary message and the extraction of it at its destination. Steganography takes cryptography a step further by hiding an encrypted message so that no one suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted data. Cryptography or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiationare central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include military communications, electronic commerce, ATM cards, and computer passwords.

 Website

 FinerCoder Website : http://finercoder.com/​ 

Links 

Stegosuite: https://stegosuite.org/​ 

Pixabay: https://pixabay.com/

 

The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!

Kali Linux has over 600 pre-installed penetration-testing programs, including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper password cracker, Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners. Kali Linux can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

 Links:

 Lazy Script Link: https://github.com/arismelachroinos/l...​  

 

Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities. 

 Netcat Download Link -

 Windows: https://eternallybored.org/misc/netcat/

Gaining Access - Web Server Hacking - Metasploitable - #1

hacking/gaining access to the Metasploitable web server! 

Metasploit Link: https://sourceforge.net/projects/meta...​ 

  

#21 

TERMINATOR

Kali Linux has over 600 pre-installed penetration-testing programs, including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper password cracker, Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners.Kali Linux can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or it can run on a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

 Terminator is a Linux terminal emulator that provides several features that your default terminal app does not support. It provides the ability to create multiple terminals in one window and faster your work progress. Other than multiple windows, it allows you to change other properties such as, terminal fonts, fonts color, background color and so on. Let's see how we can install and use Terminator in different Linux distributions. 

 TO INSTALL TERMINATOR:-

                                cmd:-  apt install terminator

 PureVPN: https://billing.purevpn.com/aff.php?a...​ 

VMware: https://www.vmware.com/​ 

Kali Linux: https://www.kali.org/

 

Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI

Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are meta-data the server sends back to the client. This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server. Shodan collects data mostly on web servers (HTTP/HTTPS - port 80, 8080, 443, 8443), as well as FTP (port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), SIP (port 5060), and Real Time Streaming Protocol (RTSP, port 554). The latter can be used to access webcams and their video stream.

 

Metasploit Community Web GUI - Installation And Overview

When it comes to vulnerability verification, penetration testers often have an array of tools at their disposal. Metasploit Community Edition provides us with a graphical user interface (GUI) that simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nessus, Nexpose, and so forth. 

Metasploit Community: https://www.rapid7.com/products/metas...​  

 

#27 
QuasarRAT

QuasarRAT a Remote Administration Tool for Windows. 

 QuasarRAT: https://github.com/quasar/QuasarRAT​ 

 Features:

 TCP network stream (IPv4 & IPv6 support)

 Fast network serialization (NetSerializer) 

Compressed (QuickLZ) & Encrypted (AES-128) communication

 Multi-Threaded 

UPnP Support

 No-Ip.com Support

 Visit Website (hidden & visible)

 Show Messagebox

 Task Manager 

File Manager

 Startup Manager 

Remote Desktop

 Remote Webcam 

Remote Shell 

Download & Execute 

Upload & Execute 

System Information 

Computer Commands (Restart, Shutdown, Standby) 

Keylogger (Unicode Support)

 Reverse Proxy (SOCKS5) 

Password Recovery (Common Browsers and FTP Clients)

 Registry Editor

 Requirements

 .NET Framework 4.0 Client Profile (Download)

 Supported Operating Systems (32- and 64-bit)

 Windows XP SP3 

Windows Server 2003

 Windows Vista

 Windows Server 2008

 Windows 7 

Windows Server 2012 

Windows 8/8.1 

Windows 10

 #28

Metasploit Framework

The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. At its core, the Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development.

Accessing MSFconsole

MSFconsole provides a command line interface to access and work with the Metasploit Framework. The MSFconsole is the most commonly used interface to work with the Metasploit Framework. The console lets you do things like scan targets, exploit vulnerabilities, and collect data.

 

#32 

ARP spoofing 

ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address. ARP spoofing can enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area networks that utilize the Address Resolution Protocol.

 

#35 

  MITM with Ettercap

 We will be looking at how to perform a MITM with Ettercap. Ettercap is a comprehensive suite for man-in-the-middle attacks. It features sniffing of live connections, content filtering on the fly, and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis

 

#44

EternalBlue exploit that was used as part of the worldwide WannaCry ransomware attack. Module Name: exploit/windows/smb/ms17_010_eternalblue 

 Links:

 Rapid7: https://www.rapid7.com/db/modules/exp...​ 

Scanner: https://github.com/rapid7/metasploit-...​ 

Doublepulsar exploit: https://github.com/ElevenPaths/Eterna...

 For more  about eternalblue click here:-   https://bloggofaditya.blogspot.com/2021/04/eternal-blue-using-termux.html​

 #47 PentestBox

PentestBox, a portable penetration testing environment for Windows.

 PentestBox: https://pentestbox.org/  

#48 XFCE4 installation

how to install the xfce4 desktop environment on the Windows 10 Kali Linux WSL. And how to access it with remote desktop. 

 Commands:

 XFCE

 Link: wget https://kali.sh/xfce4.sh

#56 

The PenTesters Framework - Install Penetration Testing Tools On Any Distribution

how to use the PenTesters Framework to configure and install a penetration testing environment on any Debian or Arch based distribution.

 

 The PenTesters Framework: https://github.com/trustedsec/ptf

 

 #61
SearchSploit

SearchSploit is a command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.

 

#63

KRACK Attack - Proof Of Concept

What is a KRACK attack?

Key reinstallation attacks (KRACK) are a type of cyberattack that exploit a vulnerability in WPA2 for the purpose of stealing data transmitted over networks. These attacks can result in the theft of sensitive information like login credentials, credit card numbers, private chats, and any other data the victim transmits over the web. KRACKs can also be used to perform on-path attacks, serving the victim a fake website or injecting malicious code into a legitimate site.

What is WPA2?

Wi-Fi Protected Access II (WPA2) is a security protocol that protects virtually all secured WiFi networks. WPA2 uses strong encryption to protect communications between a user’s device and the device providing the WiFi. This is meant to stop anyone who might intercept the communication from making sense of the captured data.

How do KRACK attacks work?

An encrypted WPA2 connection is initiated with a four-way handshake sequence, although the entire sequence isn’t required for a reconnect. In order to enable faster reconnections, only the third part of the four-way handshake needs to be retransmitted. When a user reconnects to a familiar WiFi network, the WiFi network resends them the third part of the handshake sequence; this resending can occur multiple times to ensure the connection succeeds. This repeatable step is the vulnerability that can be exploited.

An attacker can set up a clone of a WiFi network that the victim has previously connected to. The malicious clone network can provide access to the Internet, so the victim won’t notice a difference. When the victim tries to reconnect to the network, the attacker can force them to join the clone network instead, positioning themselves as a on-path attacker. During the connection process, the attacker can keep resending the third part of the handshake to the victim’s device. Each time the user accepts the connection request, a small piece of data is decrypted. The attacker can aggregate this series of communications to crack the encryption key.

Once the WPA2 encryption has been compromised, the attacker can use software to capture all the data transmitted by the victim over the WiFi network. This won’t work for websites that use SSL/TLS encryption, but the attacker can use a tool like ‘SSLStrip’ to force the victim to visit HTTP versions of websites. The victim may not notice that the site is unprotected, and may end up entering sensitive information that the attacker will intercept.

It should be noted that KRACK attacks require proximity to work. An attacker cannot target someone across the globe or even across town; the attacker and victim must both be in range of the same WiFi network to carry out the attack.

How to protect against KRACK attacks

Fortunately, security experts discovered the KRACK vulnerability before attackers started using it, so there aren’t currently any reports of KRACK attacks in the wild. Even so, operating systems have been patching the vulnerability to ensure it isn’t used against their devices.

Windows, OSX, Linux, Android, and iOS have all patched their software to address KRACK attacks. Users should update their operating systems to ensure they are protected. Additionally, when surfing the web, users should always browse over HTTPS when possible – this can be verified in most browsers by a symbol marking a secure connection. For websites and API looking to increase security easily, Cloudflare offers free SSL in an effort to keep the Internet as protected as possible.

#80 

Whonix is a desktop operating system designed for advanced security and privacy. Whonix mitigates the threat of common attack vectors while maintaining usability. Online anonymity is realized via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP address leaks. Commonly used applications are pre-installed and safely pre-configured for immediate use. The user is not jeopardized by installing additional applications or personalizing the desktop. Whonix is under active development and is the only operating system designed to be run inside a VM and paired with Tor. 

 LINKS USED  https://www.whonix.org/wiki/VirtualBo... 

 https://www.whonix.org/wiki/Main_Page

 

 

 #95

Docker 

I explain the importance of Docker and how it can be utilized for pentesting & bug bounty hunting. I also showcase how to set up Kali Linux, OWASP Juice Shop & Bug Bounty Toolkit on Docker. Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels. 

The write-up for this video can be found on our blog at: https://hsploit.com/docker-for-penetr... 

Links:

 BugBountyToolkit: https://github.com/AlexisAhmed/BugBou... 

Kali Linux: https://hub.docker.com/r/kalilinux/ka... 

OWASP Juice Shop: https://hub.docker.com/r/bkimminich/j... 

 

 

#96

I demonstrate how to setup and install Metasploitable3 on Windows with VirtualBox and Vagrant. Metasploitable3 is a virtual machine that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with Metasploit.

 LINKS USED IN VIDEO:

 Rapid7 Blog Post: https://blog.rapid7.com/2016/11/15/te... 

Metasploitable3 Github Repo: https://github.com/rapid7/metasploita... 

PREREQUISITES: Packer: https://www.packer.io/docs/install/in... 

Vagrant: https://www.vagrantup.com/docs/instal... 

VirtualBox: https://www.virtualbox.org/wiki/Downl...  

  #99

how to bypass Windows authentication with Kon-Boot. Kon-Boot (aka kon boot, konboot) is a tool that allows accessing the target computer without knowing the user's password. Unlike other solutions Kon-Boot does not reset or modify the user's password and all changes are reverted back to the previous state after the system restarts. It has been on the market since 2009 and the free version was downloaded more than 5 000 000 times. 

Kon-Boot: https://kon-boot.com/index.html 

 

 #101 and 102 

Tmux is a terminal multiplexer for Unix-like operating systems. It allows multiple terminal sessions to be accessed simultaneously in a single window. It is useful for running more than one command-line program at the same time.  

 Links:

 Github: https://github.com/AlexisAhmed/BugBou... 

Docker Hub: https://hub.docker.com/r/hackersploit...

 

 #103 Passive Reconaissance 

WHOIS

WHOIS is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system but is also used for a wider range of other information .

 eg:- whois abc.com, whois abc.com  > -/Desktop/whois.txt  to save scan

  

theHarvester

how to use theHarvester for email harvesting. theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

 Maltego

Maltego is a software used for open-source intelligence and forensics, developed by Paterva. Maltego focuses on providing a library of transforms for discovery of data from open sources and visualizing that information in a graph format, suitable for link analysis and data mining.