Path to become a real

hacker
deepdotmy original
 Preface

If you are the kind of person who can read through a 300 pages guide, you won’t be here. This is
why James and I try to make this guide as short as possible. In this guide, we will tell you what the
real hackers think are the essential skills and knowledge any pen tester should know.

There are only 2 parts in this guide. In part A you will find all the essential tools and knowledge one
must learn to become efficient and skilled at penetration testing. In part B you will learn why these
things are important.

This is merely a guide to show you where to start and what direction you should be heading, I
strongly suggest you find books on each of these subjects before you say you understand how
this works.
PART A: THE ESSENTIAL
1. Start by learning how TCP/UDP works(networking):

TCP : https://technet.microsoft.com/en-us/library/cc786128(v=ws.10).aspx
UDP : https://2buntu.com/articles/1209/udp-untangled-overview-of-how-udp-works/

2. You must know the fundamentals of HTTP and how Structured Query Language
databases work.

HTTP fundamentals: http://www.garshol.priv.no/download/text/http-tut.html

SQL: https://www.w3schools.com/sql/

3. There is no one single hacker who doesn’t know how to code, but it takes time to learn
coding, this is why you should start with Python, it’s easy to learn.

Learn Python: https://www.codecademy.com/learn/learn-python

4. Learn HTML, install a Linux OS preferably KALI Linux on a virtualization program like
VirtualBox(free) or VMWARE(paid)

Learn HTML: https://www.w3schools.com/html/

Download Kali: https://www.kali.org/
Download VirtualBox: https://www.virtualbox.org/

5. Learn basic Debian commands to feel comfortable using KALI and download the KALI
hand-book.

Basic Debian commands: https://wiki.debian.org/ShellCommands/

Kali hand-book: https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf
6. Learn how to be anonymous using Tor, proxychains, Whonix and VPN’s that don’t keep
logs, MAC spoofing, DNS spoofing.

Tor: https://www.torproject.org/
proxychains: https://www.sunnyhoi.com/how-to-setup-proxychains-with-tor-in-kali-linux/
Whonix: https://scottlinux.com/2015/09/01/use-kali-linux-through-tor-with-whonix-gateway/
Mac Spoofing: https://scottlinux.com/2015/09/01/use-kali-linux-through-tor-with-whonix-
gateway/
DNS Spoofing: https://null-byte.wonderhowto.com/how-to/tutorial-dns-spoofing-0167796/

7. Learn to use BurpSuite, nmap, and once you really understand SQL, try Sqlmap

BurpSuite: https://www.pentestgeek.com/web-applications/burp-suite-tutorial-1
nmap: https://hackertarget.com/nmap-tutorial/
Sqlmap: http://www.binarytides.com/sqlmap-hacking-tutorial/

8. Learn your way around Metasploit ( = ) Armitage but before that understand the
different OS vulnerabilities by search their CVE.

Metasploit Framework: https://www.tutorialspoint.com/metasploit/index.htm

CVE Website: https://cve.mitre.org/

9. Understand WEP/WPA/WPS/KRACK

WPA-WEP info: http://www.ezlan.net/wpa_wep.html

KRACK: https://www.krackattacks.com/

10. Once you done step 9, you should find out about air-ng suite, aircrack-ng, aireplay-ng and
others

Air-ng suite – How to crack Wireless Networks: https://www.aircrack-

ng.org/doku.php?id=tutorial
11. Learn how to use tamper data, sniff networks and to accomplish MITM attacks.

Tamper Data: https://addons.mozilla.org/fr/firefox/addon/tamper-data/

Sniff with Wireshark: https://www.lifewire.com/wireshark-tutorial-4143298
MITM: https://ourcodeworld.com/articles/read/422/how-to-perform-a-man-in-the-middle-
mitm-attack-with-kali-linux

12. Learn about wireless adapters and their different modes

Different modes: https://wiki.wireshark.org/CaptureSetup/WLAN

13. Learn how to “automate” vulnerabilities scanning with Nessus

Nessus Guide: https://static.tenable.com/prod_docs/Nessus_6.8_User_Guide.pdf

14. Learn about XSS, RFI, LFI. And DDOS

XSS-LFI-RFI Tutorial: https://cambuz.blogspot.fr/2012/05/lfirfissixss-all-in-one-tutorial.html

15. Understand the in and out of the OSI model.

Layers of OSI Model: https://www.geeksforgeeks.org/layers-osi-model/

16. Learn how to create a backdoor, what shells are and the definition of a 0-day.

Create a backdoor: https://www.wikihow.com/Create-a-Nearly-Undetectable-Backdoor-using-

MSFvenom-in-Kali-Linux

17. Brute-forcing and Dictionary attacks

Crack passwords with Hydra: https://gbhackers.com/online-password-bruteforce-attack-thc-

hydra-tool-tutorial/
18. Hash cracking

John the ripper: https://www.tunnelsup.com/getting-started-cracking-password-hashes/

19. Learn how to use google dorks (google hacking)

Google hacking database: https://www.exploit-db.com/google-hacking-database/

20. Learn what are DNS, hwo to do whois lookups.

DNS: https://www.lifewire.com/what-is-a-dns-server-2625854

21. Learn the most important port numbers

Port number list: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

22. How to spoof a phone number

Caller ID spoofing: https://pentestlab.blog/2014/07/14/caller-id-spoofing/

23. Research different scripting languages, check Rubber Ducky and these kind of hardware
tools everybody talks about

Rubber Ducky: https://hakshop.com/products/usb-rubber-ducky-deluxe

24. Learn how to create java-drive-by’s and browser based infection methods.

Java Drive By: [outdated, removed]

25. Understand how Antivirus work and how to create malware and how to crypt them.

Basic Antivirus Detection Methods: https://www.malwarefox.com/how-antivirus-works/

Create a crypter: [removed, will be updated soon]
26. Social engineering.

Robert Cialdini Influence and Manipulation: buy the book or google it, I’m not allowed to give
you the book here.

End of part A
PART B: GLOSSARY
TCP/IP (Networking)
Computers themselves speak to each other across a network through the use of packets. In
essence the base unit of communications in the world of computer networks is the packet.
Packets themselves are most commonly built using the TCP/IP stack, which is part of the
computer's operating system. Each operating system has some unique values coded into its
implementation of the TCP/IP stack. This is how OS fingerprinting works, by studying these
unique values such as MSS and MTU among others. It has been said before that to recognize
the abnormal you must first understand what is normal. This is why we need to understand
what a normal TCP/IP packet looks like and how TCP/IP itself sets up communications between
computers.

Why is HTML important in pen-testing?

First because everything page you see on the web are displayed to some extent using HTML. It
is the minimum to know the most basic language which carries the most content on internet.
Also HTML injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS
vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only
allows the injection of certain HTML tags. When an application does not properly handle user
supplied data, an attacker can supply valid HTML code, typically via a parameter value, and
inject their own content into the page. This attack is typically used in conjunction with some
form of social engineering, as the attack is exploiting a code-based vulnerability and a user's
trust.

Why Kali Linux and why in a Virtual Machine?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and
Security Auditing. Kali contains several hundred tools which are geared towards various
information security tasks, such as Penetration Testing, Security research, Computer Forensics
and Reverse Engineering

- More than 600 penetration testing tools included.

- Free and always will be.
- Open source
- Developed in a secure environment
- Multi-language support

You don't have to use a VM but it allows you to run KALI and your default OS simultaneously, its
facilitates some anonymity features and doesn't force use to boot from a USB or install in on
the Hard drive of your computer.
Why learn Debian commands?
Don't need spoilers for that one, in my opinion it is important to know your way around the
system you use and learn the basic terminal commands that are packed within.

Why use Tor, Proxychains, Whonix and a VPN

During the penetration testing or vulnerability assessment or hacking, staying anonymous is
one of the important factors. If you are a black hat, you also don't want to get caught. Without
it, the internet connection will reveal your identity.

ProxyChains is proxifier for linux system. It allows TCP and DNS tunneling through proxies. It
supports HTTP, SOCKS4 and SOCKS5 proxy servers. It uses multiple proxies at a time, so it is
called Proxy Chaining. In the tutorial you will be taught to use proxychains through the Tor
network.

Whonix is also a very good way to stay anonymous and makes use of the Tor network with its
own gateway.

MAC Spoofing allows you to change your MAC adress which is your computer's ID. Your MAC
address points to your PC's brand and can lead to you when deep searching.

Tor alone will not help you stay anonymous, that’s why you need a VPN that doesn’t keep log

Why use nmap, Burpsuite and SQLMAP?

BurpSuite is a Java based Web Penetration Testing framework. It has become an industry
standard suite of tools used by information security professionals to identify vulnerabilities and
verify attack vectors for web-based applications.

In its simplest form, Burpsuite can be classified as an Interception Proxy. A penetration tester
configures their Internet browser to route traffic through the proxy which then acts as a sort of
Man In The Middle by capturing and analyzing each request and response to and from the
target web application. Individual HTTP requests can be paused, manipulated and replayed
back to the web server for targeted analysis of parameter specific injection points. Injection
points can be specified for manual as well as automated fuzzing attacks to discover potentially
unintended application behaviors, crashes and error messages.

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and
security auditing. Many systems and network administrators also find it useful for tasks such as
network inventory, managing service upgrade schedules, and monitoring host or service
uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the
network, what services (application name and version) those hosts are offering, what operating
systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and
dozens of other characteristics. It was designed to rapidly scan large networks, but works fine
against single hosts. Nmap runs on all major computer operating systems, and official binary
packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-
line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap),
a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan
results (Ndiff), and a packet generation and response analysis tool (Nping).

sqlmap is an open source penetration testing tool that automates the process of detecting and
exploiting SQL injection flaws and taking over of database servers. It comes with a powerful
detection engine, many niche features for the ultimate penetration tester and a broad range of
switches lasting from database fingerprinting, over data fetching from the database, to
accessing the underlying file system and executing commands on the operating system via out-
of-band connections.

Why learn to use the Metasploit Framework?

Metaspoit Framework is a open source penetration tool used for developing and executing
exploit code against a remote target machine it, Metasploit framework has the world’s largest
database of public, tested exploits. In simple words, Metasploit can be used to test the
Vulnerability of computer systems in order to protect them and on the other hand it can also
be used to break into remote systems. It is the most renown framework used to exploit
systems.

Why understand WEP/WPA?

If you want to become a professional pen-tester you will have to learn about WEP/WPA
encryption because the whole wireless ecosystem resolves around these encryption,
understand these will give you greater power when cracking wireless networks.

Why master the air-ng suite (use for wireless hacking)?

Most if not every Wi-FI cracking methods involve using aircrack-ng. Learning how to use these
tools will allow you to crack most wireless network.

Why learn how to perform MITM (man in the middle) attacks, sniff networks and tamper
data?
In a sense, a man-in-the-middle attack (MITM) is like eavesdropping. Data is sent from point A
(computer) to point B (server/website), and an attacker can get in-between these transmissions.
They then set up tools programmed to “listen in” on transmissions, intercept data that is
specifically targeted as valuable, and capture the data. Sometimes this data can be modified in
the process of transmission to try to trick the end user to divulge sensitive information, such as
log in credentials. Once the user has fallen for the bait, the data is collected from the target,
and the original data is then forwarded to the intended destination unaltered.

Sniffing and snooping. They refer to listening to a conversation. For example, if you login to a
website that uses no encryption, your username and password can be sniffed off the network
by someone who can capture the network traffic between you and the web site.

Spoofing refers to actively introducing network traffic pretending to be someone else. For
example, spoofing is sending a command to computer A pretending to be computer B. It is
typically used in a scenario where you generate network packets that say they originated by
computer B while they really originated by computer C. Spoofing in an email context means
sending an email pretending to be someone else.

Tamper Data is an add-on for Firefox that lets you view and modify HTTP requests before they
are sent. It shows what information the web browser is sending on your behalf, such as cookies
and hidden form fields. Use of this plugin can reveal web applications that trust the client not
to misbehave.

What is Bruteforcing ?
A brute-force attack consists of an attacker trying many passwords or passphrases with the
hope of eventually guessing correctly. The attacker systematically checks all possible passwords
and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess
the key which is typically created from the password using a key derivation function. This is
known as an exhaustive key search.

Why learn XSS, LFI, RFI?

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can
execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate
website or web application. XSS is amongst the most rampant of web application vulnerabilities
and occurs when a web application makes use of unvalidated or unencoded user input within
the output it generates.

Remote File inclusion (RFI) refers to an inclusion attack wherein an attacker can cause the web
application to include a remote file by exploiting a web application that dynamically includes
external files or scripts. The consequences of a successful RFI attack include Information
Disclosure and Cross-site Scripting (XSS) to Remote Code Execution.

Remote File Inclusion (RFI) usually occurs, when an application receives the path to the file that
has to be included as an input without properly sanitizing it. This would allow an external URL
to be supplied to the include statement.
Local File inclusion (LFI), or simply File Inclusion, refers to an inclusion attack through which an
attacker can trick the web application in including files on the web server by exploiting
functionality that dynamically includes local files or scripts. The consequence of a successful LFI
attack includes Directory Traversal and Information Disclosure as well as Remote Code
Execution.

Typically, Local File Inclusion (LFI) occurs, when an application gets the path to the file that has
to be included as an input without treating it as untrusted input. This would allow a local file to
be supplied to the include statement.

What is a backdoor in Pen-testing ?

Attackers can install their own backdoor on a targeted system. Doing so allows them to come
and go as they please and gives them remote access to the system. Malware installed on
systems for this purpose is often called a remote access Trojan, or a RAT, and can be used to
install other malware on the system or exfiltrate data.

End of part B