close(x)

The basics of Hacking and Penetration Testing By Jdsingh


hacking tutorial

hacking tutorials

I wanted me to keep track of myself and for others, books I read while getting some cyber security education to better understand the industry and what it takes to be a hat or painter for a while is. Of course, to date I have read many security books, but have not documented them in a blog or anywhere else.
I’ll close things:

“The Basics of Hacking and Penetration Testing” by jdsingh

If anyone reads this blog, note that I still recommend that the book be read, as I will only write here what is a good idea to do, and that I did not consider it before reading the book:

Chapter 2 Quick Notes – Reconnaissance:
– This is the lowest technical phase
– New people in the world of hacking are believed to be a big mistake
– Keep a strategy while reconciling
– You can install HTTrack in Kali with the command:
# apt-get install webhttrack
, So know that running a tool against a website is considered to be easily detectable and aggressive
– Read / learn about Google hacking (see Johnny Long’s Defcon video presentation)
– Always use the latest version of Harvester (to collect email and subdomains)
– Dedicate as much as possible a dedicated angle to gather and practice information
– Use tools / commands like Whois, Netcraft, Host, nslookup, digger, Metagoofil
– Do not forget about gathering DNS information
– Learn social engineering (for example: call someone on leave and resort to call or email technology to reset your password in the email account to gain access to the email account)
– You can intentionally leave a USB thumb drive around, with a malicious code, and wait for someone to gain access to the person’s computer or the company’s computer, hence the network.
– Always protect the data you collect in this process, stay within the boundaries of the Pentest, or ask for the Pentest scope to be broadened to include new findings.
– Look into the Maltego paterva tool that collects information from the public database with details about the target company
– Happy reconnaissance !!!

 

Chapter 3 – Scanning

-Using a ping-sweep Fping and dump the result into a file
for example:
fping -a -g 172.16.128.1 172.16.128.254> host.txt

– Always scan intentionally for UDP and TCP ports
ex: nmap -sT and -sU
Use scan switch to scan all ports ‘-p -‘
– If ping requests are prevented from using the ‘switch -PN’ switch

– Scan for all TCP ports even if there is a ping block
nmap -sT -p- -PN 192.168.1.1-254

– To find the version of UDP protocol services:
nmap -sUV 192.168.1.5

– For vulnerability scanning use:
Remember to use Nessus, and plug-ins (a small block of code that is sent to the target machine to check for a known vulnerability).

 

Chapter 4 – Exploitation

 

An exploitation is a perception of vulnerability.

Lack of order and structure in an entrance exam often leads to frustration and failure!
Always collect data in the information gathering phase. Spend most of the time in this phase.

Tools for online password cracking: Medusa and Hydra.

for example:
Medusa-h target-ip -u username-path-to-dictionary-m authentication-service-to-crack

In the old days, prior to Metasploit, security researchers had only available canvass absorbent frameworks of core Impact and immunities.

 

Chapter 5 – Web Based Exploitation

Nikto:
perl nikto.pl
perl nikto.pl -h 172.16.45.129 -p 1-1000

Windows Payload:
windows / adduser = Create a new user in the local admin group on the target machine
Windows / execution = execute a windows binary (.exe) on the target machine
windows / shell_bind_tcp = Open a command shell on the target machine and wait for the connection
Windows / shell_brave_tcap = target machine connects back to the attacker and opens the command shell (on target)
windows / meterpreter / bind_tcp = target machine installs the meterter and waits for a connection
windows / meterpreter / reverse_tcp = installs Metpreter on the target machine then creates a connection for the attacker
Windows / vncinject / bind_tcp = Install VNC on target machine and wait for connection
Windows / vncinject / reverse_tcp = Installs VNC on target machine and sends VNC connection back to target

Use Metasploit!

 

Instead of throwing indiscriminate exploits at a target, find a way to match known system vulnerabilities with prepackaged exploits in Metasploit.

Use Nessus as a vulnerability scanner.

Build your understanding of buffer overflow and exploitation. Commit yourself to truly understanding exploitation.
VNC injection, rarely used in PT (penetration test).

Run programs with the most restrictive privileges, and avoid running anything as root or administrator.

Older systems threaten your entire network.

For Linux:
./unshadow / etc / passwd / etc / shadow> /tmp/linux_hashes.txt

By default most network cards operate in nonprocessor mode. Nonpromiscuous mode of nausea.

Have any Question or Comment?

One comment on “The basics of Hacking and Penetration Testing By Jdsingh

There is apparently a bunch to know about this. I suppose you made certain nice points in features also.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Help

If you need any kind of hacking tools and software, then contact me.

Instagram

Facebook

twitter

Youtube

Recent Posts

Categories

google Adsense

Hacking tools list

Binders (23):

amokjoiner
Bl0b B!nder 0.2.0 + USG
blackhole Binder
F.B.I. Binder
Predator 1.6
PureBiND3R by d3will
Schniedelwutz Binder 1.0
Simple Binder by Stonedinfect
sp1r1tus Binder 1.0
Tool-Store Binder 1.0
Tool-Store Toasty Binder 1.0
Yet Another Binder 2.0
Albertino_Binder
bl0b_bind
EESBinder10
Kbw-Binder
Public_27.12
Rapid_Binder_v_1.0
Sadaf_Binder
SaLiXeM_File_Binder
Sh!T_Multi_Binder_Free-
vBinder
yab201

“““““““““““““““““““““““““““““““

Cracking Tools (16):

Access Driver
Ares
Attack Toolkit v4.1 & source code included
Brutus
Golden eye 2005
HellLabs Proxy Checker v7.4.18
HostScan v1.6.5.531
Invisible Browsing v4.0
IPScanner v1.86
Net Tools Suite Pack Abril
NFO-Tools All In One
Patchs All In One 2005
Sentry20
SoftIce 4.05 -Win 2000-XP
VNC Crack
WWWHack

“““““““““““““““““““““““““““““““

Crypters (24):

Bifrost Crypter by ArexX 2
Cryptable Seduction 1.0 by DizzY
Crypter by Permabatt
Crypter bY YoDa
Cryptic 1.5
Daemon Crypt 2 Public
Deception 4 by [RaGe]
Destructor Crypter
EXECrypt 1 M0d by CARDX
Fuzz Buzz 1.2 by BulletProof
OSC-Crypter by haZl0oh M0d
Poison Ivy Crypt M0d by CARDX
SaW V1 Mod by LEGIONPR
Skorpien007 Crypter 3.1
Stonedinfect Crypter 1.0
Trojka Crypter 1.1 by tr1p0d
Builder
Carb0n_Crypter_1.8
Sick Crypter
Sikandar’s_Crypter_Version_1.0_Public
Simple+Crypter
Test1
Triloko_Crypter
XxVtecman9xX_Crypter

“““““““““““““““““““““““““““““““

DDosers (53):

assault_1.0
click_2.2
crazyping_1.1
death_n_destruction
donut_http_flooder_1.4
fed_up_2.0
firewall_killer_1.3
igmp_nuke_1.0
illusion DOS
krate_port_bomber
meliksah_nuke_2.5
nemesy_1.3
NetBot_Attacker 1.4 English
panther_2.0
spoofed_irc_nuker_1.3
~FuCk_It!~_DOS
ass4ult
b4ttl3p0ng
bd0rk’s DoS Killer
BFF_DoS_%28Ping%29_v1.0
BioHazard
clik2
CS_DoS
DDOS
denden_ddos
DoS 5.5 Fina Cold_Assassin69l
Dos Attacker Alpha 1.1
doshttp_setup
fortune
FUBAR
Hartz4Flooder_v0.2.
IFRAME_DDoS_v1.0
iGirls_DoS_Tool
IP Port Ddos
IRAN DoS
Longcat_TCP_HTTP_UDP_Flooder_v2.3_Final
MegaDeath
PM2
Private_ddos_tool_by_pureedee_v3.0
rDos
RocketV1_0
rpcnuke
ServerAttack
Site_Hog_v1_release
SMFH_DOS
SuPeRdDoS_1.0
Supernova 5
SYN-flood
t3c4i3_s_Dos_Tool_v2.00
Website_Crasherv4.7
XDos
zDoS

“““““““““““““““““““““““““““““““

Fake Programs (24):

Cod_Mw2_Keygen-Idecrypt
CoD-Mw2-Keygen
ddoser_3.6
Dice_RiggerDoXiE__1.2
emblem_crypter
FAKE_Steam_Keygen
FlexBot_Runescape
Flooder
Gamebattles_Credit_Adder
Microsoft_Point_Generator
MSDN_admin
MSN_Password_Cracker
Multi-Hacker
MW2_Serial_Generator
Norton_2010_Keygen
Paypal_Money_hack
PayPal_Money_Hacker
Poker_Hack
Rapidshare%20Extender
Runescape_Stat_Changer
teamviewer_patch
Windows_7_Serial_Generater
Windows_Activator
WoW_account_hacker
XBox_360_Account_Hacker

“““““““““““““““““““““““““““““““

Host Boosters (8):

BioZombie
dbot
DDoSeR_3.4
Host_Booter
Metus_GB_Edition
MeTuS-Delphi-2.8
X-R
z3r0xb0t_Final_Public_Release_[v2.0]

“““““““““““““““““““““““““““““““

Phishing Pages (56):

eBay.com
Fake Login Page(Tut)
Gmail.de
Playstation Underground
RapidShare.com
RapidShare.de
Abbey ( CC ) Phisher
Abbey Phisher
AceMailer-v1
Adult Friend Finder Phisher
AIM Phisher
Amazon Phisher
AnonymousMailer
astatalk Phisher
Chase Phisher
DeviantArt Phisher
Dynamic_RapidShare_Phisher_v0.8
E-Trade Phisher
facebook Phisher
FileFront Phisher
FreeWebs Phisher
Friendster Phisher
Gaia Gold generator Fake login
Gmail Phisher
GoDaddy Phisher
Habbo Phisher
Hi 5 Phisher
hotmail Phisher
HP ( Shop ) Phisher
IMVU Phisher
IP Hider
Jiffy Gmail Account Creator
MySpace Phisher
Nationwide Phisher
PayPal Phisher
Phisher Maker!
Phishing Letters
Photobucker Phiser
PornoTube Phisher
RapidExtract
Regions Phisher
Ripway Phisher
RuneScape Phisher
SendSpace Phisher
Skype Phisher
SourceForge Phisher
Steam Phiser
Tagged Phisher
Tarantula
thisis50 Phisher
Warez-bb Phisher
Wells Fargo Phisher
WoW Phisher
WWE Phisher
XboxLive Phisher
YouTube Phisher

“““““““““““““““““““““““““““““““

Remote Administration Tools: (86)

bn135
SubSeven 2.2
[BUGFIX]Schwarze Sonne RAT 0.8.1
[BUGFIX]SS-RAT 0.4 Final
A32s (fifth) RAT
Apocalypse144
Arabian-Attacker v1.2.2
Arabian-Attacker v1.4.0
Archelaus Beta
Arctic R.A.T. 0.0.1 Alpha
Beast v2.07
Bifrost12
Cerberus RAT 1.03.4 Beta
Cerberus
Char0n
CIA_v1.3
CyberGate v1.00.1
CyberGate v1.02.0
CyberGate v1.03.0
CyberGate v1.04.8
CyberGate_v1.01.8
CyberGate-v1.00.0
Daleth RAT 1.0(ss rat src)
DarkComet2RC1
DarkComet2RC5
DarkComet-RAT 2.0 Final RC2
DarkComet-RAT 2.0 Final
DarkComet-RAT 2.0 LAST BETA
DarkComet-RAT 2.0b 2
DarkComet-RAT 2.0b3
DarkComet-RAT Beta Test 01
DarkMoon v4.11
Deeper 1.0 Beta10 – Fix1
Deeper_1.0_Beta8
Deeper_1.0_Beta9
DRAT 2009 V4.0 Build 1201
DRAT 2009 V4.2 Build 1216
Golden Phoenix Rat 0.2
GraphicBooting RAT Beta v0.3
Lost Door 4.2.2
Lost Door V2.2 Stable Public edition
Lost Door v4.3.1
Lost_Door_V4.2_light
MiniMo v0.7a PublicBeta
MiniMo_v0.7a_PublicBeta
miniRAT 0.6 Beta
MofoTro
NetDevil_v1.5
NovaLite_final5
NyTrojan_RAT
Optix v1.33
Optix_v1.33
PaiN RAT 0.1 Beta 9
painrat0.1Beta9
PI2.3.2
Pocket RAT
Poison Ivy 2.3.2
ProRat_v1.9 SE
Schwarze Sonne 0.2 Final
Schwarze Sonne RAT 0.1 Final
Schwarze Sonne RAT 0.1 Public Beta 2
Schwarze Sonne RAT 0.1 Public Beta
Schwarze Sonne RAT 0.2 Beta
Schwarze Sonne RAT 0.7
Schwarze Sonne RAT 0.8
Schwarze_Sonne_0.5_Beta
Seed1.1
sharK_3
SharpEye-Rat1-0_beta2
solitude_1.0_cracked_by_DizzY_D
Spt-Net_[RAT]_v2.6
Spy-Net 2.7
SS-RAT 0.3 Beta
SS-RAT 0.5 Final
SS-RAT 0.6 Final_bugfix
SS-RAT 0.6 Public Beta
SubSeven_2.3
Turkojan4
Vanguard
Venomous Ivy
vibe1909_10giayFamatech.Radmin.v3.1.Remote.Control.Cracked-NoGRP
VorteX RAT
xHacker.3.
xtremeRAT
Y3kRat2k5RC10

“““““““““““““““““““““““““““““““
Scanners: (23)

Advanced IP Scanner
Advanced Port Scanner
Bitching Threads
BluePortScan
LanSpy
NeoTracePro
NetScan Tools
ProPort
Putty_0.6
SuperScan [Fav]
Trojan Hunter 15
ZenMap – NMap V5.21 [Win]
angry_ip_scanner
bitchinthreads
bluesprtscn
bobup
DD7s_Port_Scanner
HLDL-5967freeipscanner
ProPort
superscan4
te_port_scanner
TrojanHunter15
xss_scanner

“““““““““““““““““““““““““““““““

Sniffers: (2)

Cain & Abel Self Installer [WinXP]
WireShark Self-Installer [Win32]

“““““““““““““““““““““““““““““““

SQL Injection Tools: (14)

Vbulletin 3.6.5 Sql Injection
GYNshell.php
Havij_1.08
Hexjector v1.0.7.3SE
MySQLi_Dumper_v.1.2_BIN
Pangolin_Professinal_Edition_v3.0.0.1011
SPInjv1.2
Sql Hack pack -Updated
sql.txt
SQL_Exploiter_Pro_2.15
SQL_Injection_Tool_v2.1a
SQLDEFACER
V3MoHackzSQLExplt
yourleetdefacepage.html

“““““““““““““““““““““““““““““““

Stealers: (75)

1337 SteamACC Stealer Private
Allround Stealer
Armageddon Stealer 1.0 by Krusty
bl0b Recovery 1.0
Blade Stealer 1.0 PUBLIC
Codesoft PW Stealer 0.35
Codesoft PW Stealer 0.50
Dark Screen Stealer 2
Dimension Stealer 2 by Gumball
FileZilla Stealer 1.0 PUBLIC
FileZilla Stealer by Stonedinfect
Firefox Password Stealer – Steamcafe
Fly Stealer 0.1
Fudsonly Stealer 0.1
Hackbase Steam Phisher 1.2 BETA
Hackhound 0.0.1.4
Hackhound Stealer
HardCore Soft 0.0.0.1
ICQ Steal0r
IStealer 4.0
IStealer 6.0 Legends
Keyloggers
LabStealer by Xash
Multi Password Stealer 1.6
Papst Steale.NET
Pass Stealer 3.0
Pesca Stealer 0.2
pixel Stealer 1.3.0 SC
pixel Stealer 1.4.0
ProStealer
Public Firefox 3 Stealer
Pure-Steam 1.0 CS
Pw Stealer by Killer110
PWStealer 2.0
Remote Penetration 2.2
SC LiteStealer 1
SimpleStealer 2.1
SPS Stealer
SStealer by till7
Steam Stealer 1.0 by ghstoy
Steam Stealer by till7
Stupid Stealer 6 mit PHP Logger
System Stealer 2
The Simpsons Stealer 0.2
Tool-Store FileZilla Stealer 1.0
Trojan Horses
Ultimate Stealer 1.0
Universal1337 – The Account Stealer
Universal1337 2
Universal1337 3
Viotto Keylogger 2.0
[Release]Hackhound_Stealer
1337_SteamACC_Stealer_Private
AuraStealer
BKL_Public_Edition_v2.0
Builder
Dark_IP_Stealer_-_by_mana5olia
Dark_Screen_Stealer_V2
FF_Stealer_steamcafe
iStealer_3,0
iStealer_4.0
istealer_5.0
iStealer_6.3_Legends
jps18
LabStealer
lps
Midnight_Stealer_1.5
Multi_Password_Stealer_1.6
PassStealer_v3.0
PWstealer_v2.0
Ref_Stealer_-_99__FUD
Remote_Penetration_v2.2
SimpleStealer_v1.2.4.1
Universal1337_V2
UNLIMITED_PW_STEALER_0.4

“““““““““““““““““““““““““““““““
Virus Builders: (10)

DELmE’s Batch Virus Generator v 2.0
DrVBS
hellp2p
In_Shadow_Batch_Virus_Gen_-_5.0.0_-_MOD
Kill_Switch
Nathans_Image_Worm
Pokes-Worm-Gen-2
Power Of Batch.txt
Tera_Bit
vbswg2
Virus-O-Matic

“““““““““““““““““““““““““““““““

Vulnerability Scanners and Exploiters: (2)

Metasploit Framework V3.4.0 [Win]
Nessus [Win32]

*********************************************************************************************************
*********************************************************************************************************