Академический Документы
Профессиональный Документы
Культура Документы
hacker
deepdotmy original
Preface
If you are the kind of person who can read through a 300 pages guide, you won’t be here. This is
why James and I try to make this guide as short as possible. In this guide, we will tell you what the
real hackers think are the essential skills and knowledge any pen tester should know.
There are only 2 parts in this guide. In part A you will find all the essential tools and knowledge one
must learn to become efficient and skilled at penetration testing. In part B you will learn why these
things are important.
This is merely a guide to show you where to start and what direction you should be heading, I
strongly suggest you find books on each of these subjects before you say you understand how
this works.
PART A: THE ESSENTIAL
1. Start by learning how TCP/UDP works(networking):
TCP : https://technet.microsoft.com/en-us/library/cc786128(v=ws.10).aspx
UDP : https://2buntu.com/articles/1209/udp-untangled-overview-of-how-udp-works/
2. You must know the fundamentals of HTTP and how Structured Query Language
databases work.
3. There is no one single hacker who doesn’t know how to code, but it takes time to learn
coding, this is why you should start with Python, it’s easy to learn.
4. Learn HTML, install a Linux OS preferably KALI Linux on a virtualization program like
VirtualBox(free) or VMWARE(paid)
5. Learn basic Debian commands to feel comfortable using KALI and download the KALI
hand-book.
Tor: https://www.torproject.org/
proxychains: https://www.sunnyhoi.com/how-to-setup-proxychains-with-tor-in-kali-linux/
Whonix: https://scottlinux.com/2015/09/01/use-kali-linux-through-tor-with-whonix-gateway/
Mac Spoofing: https://scottlinux.com/2015/09/01/use-kali-linux-through-tor-with-whonix-
gateway/
DNS Spoofing: https://null-byte.wonderhowto.com/how-to/tutorial-dns-spoofing-0167796/
7. Learn to use BurpSuite, nmap, and once you really understand SQL, try Sqlmap
BurpSuite: https://www.pentestgeek.com/web-applications/burp-suite-tutorial-1
nmap: https://hackertarget.com/nmap-tutorial/
Sqlmap: http://www.binarytides.com/sqlmap-hacking-tutorial/
8. Learn your way around Metasploit ( = ) Armitage but before that understand the
different OS vulnerabilities by search their CVE.
9. Understand WEP/WPA/WPS/KRACK
10. Once you done step 9, you should find out about air-ng suite, aircrack-ng, aireplay-ng and
others
16. Learn how to create a backdoor, what shells are and the definition of a 0-day.
DNS: https://www.lifewire.com/what-is-a-dns-server-2625854
23. Research different scripting languages, check Rubber Ducky and these kind of hardware
tools everybody talks about
24. Learn how to create java-drive-by’s and browser based infection methods.
25. Understand how Antivirus work and how to create malware and how to crypt them.
Robert Cialdini Influence and Manipulation: buy the book or google it, I’m not allowed to give
you the book here.
End of part A
PART B: GLOSSARY
TCP/IP (Networking)
Computers themselves speak to each other across a network through the use of packets. In
essence the base unit of communications in the world of computer networks is the packet.
Packets themselves are most commonly built using the TCP/IP stack, which is part of the
computer's operating system. Each operating system has some unique values coded into its
implementation of the TCP/IP stack. This is how OS fingerprinting works, by studying these
unique values such as MSS and MTU among others. It has been said before that to recognize
the abnormal you must first understand what is normal. This is why we need to understand
what a normal TCP/IP packet looks like and how TCP/IP itself sets up communications between
computers.
You don't have to use a VM but it allows you to run KALI and your default OS simultaneously, its
facilitates some anonymity features and doesn't force use to boot from a USB or install in on
the Hard drive of your computer.
Why learn Debian commands?
Don't need spoilers for that one, in my opinion it is important to know your way around the
system you use and learn the basic terminal commands that are packed within.
ProxyChains is proxifier for linux system. It allows TCP and DNS tunneling through proxies. It
supports HTTP, SOCKS4 and SOCKS5 proxy servers. It uses multiple proxies at a time, so it is
called Proxy Chaining. In the tutorial you will be taught to use proxychains through the Tor
network.
Whonix is also a very good way to stay anonymous and makes use of the Tor network with its
own gateway.
MAC Spoofing allows you to change your MAC adress which is your computer's ID. Your MAC
address points to your PC's brand and can lead to you when deep searching.
Tor alone will not help you stay anonymous, that’s why you need a VPN that doesn’t keep log
In its simplest form, Burpsuite can be classified as an Interception Proxy. A penetration tester
configures their Internet browser to route traffic through the proxy which then acts as a sort of
Man In The Middle by capturing and analyzing each request and response to and from the
target web application. Individual HTTP requests can be paused, manipulated and replayed
back to the web server for targeted analysis of parameter specific injection points. Injection
points can be specified for manual as well as automated fuzzing attacks to discover potentially
unintended application behaviors, crashes and error messages.
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and
security auditing. Many systems and network administrators also find it useful for tasks such as
network inventory, managing service upgrade schedules, and monitoring host or service
uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the
network, what services (application name and version) those hosts are offering, what operating
systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and
dozens of other characteristics. It was designed to rapidly scan large networks, but works fine
against single hosts. Nmap runs on all major computer operating systems, and official binary
packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-
line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap),
a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan
results (Ndiff), and a packet generation and response analysis tool (Nping).
sqlmap is an open source penetration testing tool that automates the process of detecting and
exploiting SQL injection flaws and taking over of database servers. It comes with a powerful
detection engine, many niche features for the ultimate penetration tester and a broad range of
switches lasting from database fingerprinting, over data fetching from the database, to
accessing the underlying file system and executing commands on the operating system via out-
of-band connections.
Why learn how to perform MITM (man in the middle) attacks, sniff networks and tamper
data?
In a sense, a man-in-the-middle attack (MITM) is like eavesdropping. Data is sent from point A
(computer) to point B (server/website), and an attacker can get in-between these transmissions.
They then set up tools programmed to “listen in” on transmissions, intercept data that is
specifically targeted as valuable, and capture the data. Sometimes this data can be modified in
the process of transmission to try to trick the end user to divulge sensitive information, such as
log in credentials. Once the user has fallen for the bait, the data is collected from the target,
and the original data is then forwarded to the intended destination unaltered.
Sniffing and snooping. They refer to listening to a conversation. For example, if you login to a
website that uses no encryption, your username and password can be sniffed off the network
by someone who can capture the network traffic between you and the web site.
Spoofing refers to actively introducing network traffic pretending to be someone else. For
example, spoofing is sending a command to computer A pretending to be computer B. It is
typically used in a scenario where you generate network packets that say they originated by
computer B while they really originated by computer C. Spoofing in an email context means
sending an email pretending to be someone else.
Tamper Data is an add-on for Firefox that lets you view and modify HTTP requests before they
are sent. It shows what information the web browser is sending on your behalf, such as cookies
and hidden form fields. Use of this plugin can reveal web applications that trust the client not
to misbehave.
What is Bruteforcing ?
A brute-force attack consists of an attacker trying many passwords or passphrases with the
hope of eventually guessing correctly. The attacker systematically checks all possible passwords
and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess
the key which is typically created from the password using a key derivation function. This is
known as an exhaustive key search.
Remote File inclusion (RFI) refers to an inclusion attack wherein an attacker can cause the web
application to include a remote file by exploiting a web application that dynamically includes
external files or scripts. The consequences of a successful RFI attack include Information
Disclosure and Cross-site Scripting (XSS) to Remote Code Execution.
Remote File Inclusion (RFI) usually occurs, when an application receives the path to the file that
has to be included as an input without properly sanitizing it. This would allow an external URL
to be supplied to the include statement.
Local File inclusion (LFI), or simply File Inclusion, refers to an inclusion attack through which an
attacker can trick the web application in including files on the web server by exploiting
functionality that dynamically includes local files or scripts. The consequence of a successful LFI
attack includes Directory Traversal and Information Disclosure as well as Remote Code
Execution.
Typically, Local File Inclusion (LFI) occurs, when an application gets the path to the file that has
to be included as an input without treating it as untrusted input. This would allow a local file to
be supplied to the include statement.
End of part B