Posted on

Learn Ethical Hacking Episode #6: VirtualBox Installation Using the Linux Package Manager

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you another, more reliable way to install VirtualBox. If you are wondering why I showed you the previous method, using rpm, it’s always good to have another option. Plus, the procedure is exactly the same if you’re installing any other rpm package. So you just type in rpm -i, and then you type in the name of the package that you have downloaded, so the procedure is exactly the same. I would recommend passing an h argument as well to give you a status bar. It will install without any problems of course, but without the h argument you won’t know what is going on in the background. You might think it’s bugged, or something like that, during the installation procedure.

What we want to do now is install virtualbox using the default packet manager called yum, and pull the package from the repositories. What are repositories? Repositories are places where software packages are stored for Linux distros. You can pull these packets, from your Linux distro, using the default packet manager. It’s very simple, it’s extremely easy, and it’s one of those things that you will absolutely need to know how to do. You will be installing and uninstalling a lot of things during the course of your pentesting career, during the course of pretty much any pentesting exercise in general. So, let me just demonstrate this for you. You type in yum and then you give it a command. I’m using Fedora so I will be calling yum, but if I was using some sort of a Debian distro it would be aptitude, or apt-get. Other distros have their own packet managers, but we’re not going to get into those now. Later on I will show you which package manager Kali Linux uses. So, first off, you type in yum, as I said, and then type in search, which is telling yum what to do. We want it to search for something, so you just type in search. Then you want to search for an approximate name of the package you are looking for. So, perhaps you don’t know the full name, or something like that, don’t worry about it. Just type in a portion of the name, it will suffice, and pretty much everything that contains that portion of the name will be displayed. So we know what we want, it’s VirtualBox, and you might think that this is the full name of the package. It is not, soon you will see. There we go. It has printed out every packet, every package, that contains VirtualBox in its name, in the name of the package, or in the description of the package. You have the name of the package here, colon, and then you have the description of the package. There are a lot of things that have the name VirtualBox, and you’re perhaps wondering which one to install. Well, you need the kmod one. Here you have the kernel version and the Fedora version. So fc would be the Fedora version, and here you have the architecture, it’s 64. I can select it, there we go. It’s 64, and here you have the kernel version. So you can compare it to what system you have. You can use any other distro, the procedure is fairly similar. If you’re using, for example, a Debian based distro, or an openSUSE, or something like that, feel free to ask me if you can’t manage to install it. I will help you out, no problems.

For the time being, I’m just going to go ahead and install it here. Let me just go ahead and clear the screen. In order to install the package you need to type yum install, and then you need to go ahead and type the name of your package, which would be the last one for us. The name is a bit long so I’m just gonna go ahead and copy it, but you see there is one fundamental problem here. The VirtualBox package is not found in the default repositories of Fedora, and that is a bit of a problem. None of these commands would actually work if I did not previously import the RPM fusion repositories. RPM fusion is simply the name for a certain type of repositories containing certain types of packets. So I have imported those repositories, and now I can pull information and packages from them. If I did not do that previously, I would not have been able to do any of these things. Yum search VirtualBox would yield no results, I would get a blank screen, I would get like a message here saying that no packages were found that matched this particular name, and then just a blank screen, that’s it. So that’s going to be problematic.

In order to solve that problem you need to go ahead and open up your favorite browser. I already have this website open to save a bit of time, it says rpmfusion.org/configuration, but here I can just go ahead and search for it. So type into any search engine rpmfusion, so it’s rpmfusion.org. Click on the website, open it up, and here you are going to get instructions immediately. It’s a very simplistic website, it just says for users and says enable rpm fusion on your system. Just click on the link and there you go. You get a listing of downloads, it says free and non-free. Don’t be intimidated with this non-free. You don’t need to pay for anything. It is non-free for redistributable software that is not open-source software, as defined by the Fedora licensing guidelines. Down here you have the actual RPM packages. I will download the first one and then install it using my using my RPM software. Just type in rpm -i and then I would pass this filename as an argument, and it would install it without any problems.

I also want to show you a different way of doing this. If you’re wondering why it is being repeated twice, this is for free, and this is for non-free. What we want is the command line set up using rpm. It says here Fedora 14 is the most current, so mine is 20, it will work without any problems. So you have this very long command, and you don’t really need to know what every single portion of this command is or what it does. Basically, it imports a repository into your system that you are going to use later on. We will go ahead and copy/paste this and run it. You are using your default package manager, you’re using the local install option, you are not checking for certain types of keys, you are giving it the place from which to pull it, etc. Later on as we progress through this tutorial, we will deal extensively with the Linux command line. So, only then will these things become clear to you. Once I actually explain some of the basic and fundamental things, then you will be able to understand things such as those listed within the parenteses. Sorry, not bracket, within the confines of this parentheses. If I start explaining it now it would make no sense, and it would simply complicate things further. As I said, later on when we get into the command line interface of Linux. I will begin from scratch, and move you from a beginner to advanced user in a relatively short amount of time, and then you will be able to understand what all of these things mean. For the time being, just copy this content which is within the confines of these quotation marks, and paste it into your terminal. You will need root access and I am no longer root, as you can see. Just type in su, type in your password, paste this, and press ENTER. It will not install here because I already have it installed. But, on your system, where you do not have RPM fusion installed, this procedure should work without any problems. Go ahead and clear the screen.

Anyway, I would like to show you something else that I neglected to mention a moment ago. This command that we’ve ran installs free and non-free repositories. If you just take a closer look to what I am highlighting at the moment, this is the free one. So it says
http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release. Down below you have the second address, again, download1.rpmfusion.org, and it says non free. So I’m highlighting the entire thing here, let me just zoom it in a bit more so everybody can see, and there you go. You have two completely, well they’re not completely different addresses, but they are definitely different addresses referring to different types of repositories. Anyway, now you can go back to your terminal, stay root because you will need root privileges in order to do this. Type in yum search VirtualBox, press enter. Use the last one, or whichever one suits your current kernel. You can check the current kernel by typing in uname -a, and here we go. So it’s 3.18.7-100.fc20, and then you have the architecture listed here as well. So, clear the screen, type in yum install, paste the name of the package, press space – y, and if you have this command just press ENTER and it will install. I have already installed VirtualBox to save some time. After you’ve installed it, do not forget to type in yum update as well. So, let the system just run through the updates so you make sure that you have the latest version. In any case, that will be it for this tutorial. In the next one I will start VirtualBox up, explain some of it’s features, and hopefully begin installing an operating system within my virtual machine. Thank you for watching, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on 2 Comments

Learn Ethical Hacking Episode #5: Installing VirtualBox with RPM

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, we will be covering our working environment. I will show you how you can set it up.

So, first off, we need to install VirtualBox. Now it doesn’t matter if you’re running Mac OS, Linux, or Windows, you will still need to do this, for several reasons. We’re going to be editing configuration files, and we are going to be be doing it as a root user, so we are always facing the prospect that we might break something. If we do mess something up, it’s much better to be working within a virtual environment. Even if you do mess something up, and even if you don’t know how to fix it, it doesn’t really matter. It is only a virtual machine. You don’t really have any data of importance on it. However, if you mess something up on your main machine, that can be problematic. If you’re forced to reinstall it, you will need to back all of your data up, you will need to figure out where everything is, etc. You may try fixing the problem, and depending on what that is, it could consume a large amount of your time. So, just take my advice install VirtualBox. It’s not that complicated, it’s pretty simple, I’ll show you how to do it in a minute.

There is another reason why we’re installing a virtual machine, and that is safety. We are going to be downloading a lot of stuff from the net, and even though I will be using websites that I consider to be safe, and that many other people consider to be safe, it is always good to have that extra layer of protection. So, even if something happens in your virtual machine, even if it is compromised, it’s fine. It’s a virtual machine. There is nothing of importance there. Your private information is not there, your credit card is not there, there is literally nothing there aside from the free tools that we will be using. So, without further ado, let’s just go ahead and see how VirtualBox is installed.

Now, there are two ways of completeing the installation process. One is preferable over the other. So, the first method is a lot simpler. Go ahead open up your favorite browser, mine is Firefox, and use your favorite search engine. Type in VirtualBox, press enter, and there you go. You can also use the following link:

https://www.virtualbox.org/wiki/Downloads

Straight off the bat you have Oracle’s official site for VirtualBox. Go ahead and open it, and in the upper-left corner it says About, Screenshots, Downloads, Documentation, etc. For the time being click on Downloads, excellent! So here you have a list of host machines. We have VirtualBox for Windows hosts, for OS X hosts, for Linux hosts, Solaris hosts. Actually, for Solaris you can download it from the repositories immediately, but for the time being we cannot use the repositories. We first need to configure them in Linux, and repositories in Linux are places from where you pull your software for your Linux distribution. Anyway, we will need VirtualBox for Linux hosts. I have already downloaded it in order to save time in this tutorial, but you just click on it and then it prompts the download.

VirtualBox is available for multiple Linux distributions. So you have Ubuntu, you have Debian. I am not sure why they have separated Ubuntu and Debian, as Ubuntu is based on Debian, and pretty much everything that works on Ubuntu will work on Debian as well. You have openSUSE, but for the time being I am interested in Fedora. At the time of recording this, Fedora 21 is available, but Fedora 18 will work perfectly fine. It will run without any problems. Anyway, right next to it you have i386 and amd64. This is referring to the 32-bit and 64-bit architectures. If you do not know what your machine is, whether it’s 32-bit or 64-bit, not a problem. Go ahead and open up your terminal, type in uname -a, and press Enter. You don’t need to be root to do this, you can do this as pretty much any user, and you get a listing of information here. So you have the Linux platform, localhost, domain, kernel version, and Fedora distribution as well, it’s number 20, and then you have the architecture. So, it’s x86_64. There we go, 64-bit architecture. Fantastic! Now that we know our system architecture, you can go ahead and click on the corrresponding link. If you’re using a 32-bit system, just click on the 32-bit version. The procedure is absolutely the same, there are literally no differences. It gives me an option to save a file, so just click save, and then click OK. You will find the file in the default downloads folder unless you have configured it in a different fashion. I’m just going to go ahead and cancel it because, as I said, I’ve downloaded it previously in order to save some time in this tutorial.

So, go to your terminal window, clear the screen, you will need to be root in order to perform this. Just type in su and press enter, and type in your password. There is a tool for managing rpm packets, as this is a Red Hat distro. All of the software packets for it have the extension .rpm. Now, I am currently using the Linux terminal, and I will give you detailed instructions throughout the course, but for the time being just follow along. So there’s a command called ls, and then I want to go to the folder downloads. Chronic, that’s me, that’s the username, downloads, and VirtualBox, there we go, press ENTER. I’m going to clear the screen one more time, there we go. Anyway, you see this extension that I have marked, it says .rpm. Now, .rpm represents a type of packet that is meant specifically for certain Linux distributions, such as Red Hat, Fedora, CentOS, and a few others. What you can do is use your default rpm software, so just type in rpm -i, the -i argument is for install, and then specify the path to your packet, to your package, so /home/Chronic/Downloads/VirtualBox, and press enter. Now, this process is automated, there isn’t much that you need to do here. You may need to press yes, and that’s it. However, this is not the method that you should be using. This is a method that you can use, but I wouldn’t advise it. If you do install it like this it tends to break with newer updates, so it can be a bit problematic. I will show you another method in the next tutorial where you can actually use yum, which is default packet manager in order to install this packet, and then update it accordingly. In any case, I bid you farewell, and I’ll see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #4: Basic Terminology (Continued)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. I’m going to continue from where I left off in the previous video. If you have not seen the previous tutorial, I strongly urge you to do so, as the two are closely interrelated. Anyway, previously, we’ve discussed some of these concepts such as DoS, RATS, Phishing, and so on. In this video we are going to cover SQL injections, VPNs, Proxies, TOR, VPS, and keyloggers. Each topic will receive it’s own video in the course where we will go into much greater depth discussing the concept.

For the time being, we have SQL injections, which are simply passing SQL queries to HTTP requests. If they are not properly formatted within the PHP code on the server side, this can present a serious problem. This is always one of the primary considerations for all professional web developers. Later on in the course, I will demonstrate how you can use SQL injections and formulate them. There continue to be a large (mostly unmanaged) number of websites that are vulnerable to SQL injections, because the frameworks on which they are based are vulnerable as well.

Next up, we have virtual private networks, or VPNs. These are services that enable you to anonymize your activity online. Basically, you have a VPN provider somewhere, and if you want to anonymize yourself, you will route all of your traffic through this VPN provider. All of this traffic between you and the VPN provider will be heavily encrypted. So, any other server that is receiving requests from you, it is actually receiving them from the VPN provider. There is no real way of detecting you or finding your physical location unless the VPN provider actually gives it up, which doesn’t tend to happen if you pick the right one.

Down below we have proxies. Now, proxies are a less reliable way of staying anonymous, but you should always make it your common practice to use socks5 proxies. I will explain what these are, I will introduce them to you when we do proxy chains, and then I will explain to you how you can actually stay anonymous while conducting these sorts of activities. You can route your connection through several proxies, but you will soon come to realize that it doesn’t always work. In movies you will see people going through 10, 20 different proxies, but in reality that would be very difficult to implement. The average internet speed, and available bandwidth, simply would now allow it. Most of the free proxies available on the net are not very fast, and routing your connection through several of them will make it very difficult for you to do anything in a reasonable amount of time. There are of course paid proxies, but when you pay for a proxy you leave a digital footprint somewhere, so you can be traced.

Moving along we have TOR. TOR is absolutely free, open source, and it is much faster than using proxies. It’s not faster than VPNs, but it is faster than proxies. The TOR network gives you the ability to “torify” your applications, which in essence means simply routing traffic through certain routes, and using certain devices on the internet for your packets, for your connection to go through. It can be slow from time to time, it is not a 100% reliable, but you will be anonymous to a very large extent if you are using TOR. There are ways of detecting you, but they are highly unlikely to happen. 99.99% of the time you will be almost 100% anonymous. Also, you have the TOR browser which enables you to access the dark web, or the hidden web, whatever you wish to call it. Basically, these websites consist of .onion domains, and they are not indexed by any search engines, and they cannot be accessed by normal internet route, from the typical internet browsing perspective. If you do not have your internet connection configured in a proper way to connect to the TOR network, you will not be able to access any of the hidden web, or the dark net’s websites. I will show you how to access dark web and how to use it, as it has a vast amount of resources that are at your disposal.

Down below you have VPS, or virtual private servers. They can be viewed as an additional security layer. For example, if you have an Apache server running on your physical machine, you can have a virtual machine within that physical machine which will serve as a SQL server for that Apache server. This is done so that the SQL server cannot be accessed from the outside, and so you don’t have a SQL port open on your physical machine. So, only programs and users from that particular machine will be able to access the virtual machine where the SQL Server is. When I show the examples, when we get into it, you will understand it. Here I am just introducing you to the terminology and giving you an idea of what is to come.

We also have keyloggers, which are tools that are used to steal credentials. Not only credentials, but also used to extract information. If you manage to deploy a keylogger on a machine, you can configure it to record all keystrokes, and then to send them to a mail address, to an FTP server. Today, keyloggers are advanced to the extent that they have over hundred options or so, configurable to the fullest of extents, and you can do pretty much whatever you want with them. I mean, they have their basic functionalities still, the basic functionality is still there, to record the keystrokes. But, not only do they record keystrokes, for example, they can extract existing information as well. You can configure their behavior, the stealth level of the keylogger, how it will conceal itself, where it will go, where it will be installed, what sort of information you want to extract. Whether you want to monitor particular folders for activity and do you want to record it. Whether you want to configure them to take screenshots. You can configure them to use the camera on the device from which you have deployed a keylogger to take a picture every five minutes, or something like that. That wouldn’t be the brightest of ideas because obviously somebody would see that you are taking a picture, but those are just examples of what you can do with them. Later on we will actually download a genuine keylogger, install it, deploy it through the methods of deployment, and discuss how you can configure it as well. Although, you should be very careful from where you download your tools, such as keyloggers, remote administration tools, root kits, etc. You never want to download a un-compiled binary file that is not open source, because you have no way of knowing what’s in it, and you absolutely never want to run it on your computer. You might get what you want, the keylogger in this specific example, but your computer might get infected with exactly the same keylogger that you plan to deploy somewhere, or with exactly the same rat that you intend to deploy somewhere. So, that’s not a very bright idea. You should use verified sources for such tools. I will show a few of them later on as I browse the internet and download them, but I’m just making it very clear here that you should be very careful with these things. One of the foolproof methods of doing this is actually configuring a virtual machine, and conducting this sort of activity on that virtual machine. So, even if you get infected, or something like that, it doesn’t matter. It’s a virtual machine. You can reinstall it anytime you would like, very fast, pretty much no information will be lost. More importantly, the primary file system on your main, physical machine will not be accessible from the virtual machine.

Anyway, down below you have the terminal. The terminal is basically an interface, for you, that allows you to control your operating system. Now, the Linux terminal is very powerful, and we will be using it extensively throughout this course. I will familiarize you with it, I will teach you how to use it. To some people it might seem a bit difficult, or a bit tricky at first. There are a lot of commands to type in, it takes some time to memorize them all. You need to learn what to use where. But, believe me, there is a certain logic to it, and once you figure it out you unlock the full potential of the operating system. I have memorized roughly 30% of the available Unix commands, and the rest I simply figure out with -age, or –help. The system pretty much tells you everything you need to know, it helps you out to a great extent, and you are able to figure out a lot of things from just understanding the basic logic of how it works. Now there is some, there will always of course be debate regarding why you would use terminals. Why wouldn’t you just use GUI tools, or something like that? The simple answer is because they are not nearly as powerful as the terminal tools are. Plus, terminal tools have far less dependencies, and most of the hacking tools are basically designed for the terminals. They don’t have GUIs. Many of them do have them these days, but I might not cover over them because the GUI interfaces are not that relevant. When you figure out how to do it in the terminal, you will automatically, by default, know how to do it with the graphical user interface, for that particular program.

Continuing along, we have firewalls. Now the firewall in Linux is configured to the IP table commands. You keep on passing arguments and configuring these firewalls, and this is one of the main reasons why you should not be using any distribution of Windows for this particular tutorial. The Linux firewall is open source, and it has a ridiculous amount of options, a ridiculous amount. I’m not kidding, you can do pretty much whatever you want with it. You can close open ports, forward connections via ports or by IP addresses, forbid certain protocols on certain ports, forbid certain protocols for certain IP addresses, do all manner of forwarding and redirection, etc. This is all available for free with a Linux firewall, whilst in Windows you will have a much more limited scope of options regarding configuration. We want to keep it budget-friendly, and we want to have a powerful firewall. Now, there will be two ways of configuring this firewall, and if you are afraid of messing it up don’t worry about it, because most of the configurations will be short-lived configurations, so to say. All of the configurations made to the firewall from the iptables command, unless specified otherwise, will be temporary, and they will hold until the next system reset. There is a way to circumvent this of course and to configure the firewall rules in the configuration file directly, and thereby making the changes permanent, which is also one of the ways of doing it, but I don’t generally prefer it. I prefer to have a script somewhere which you can run at any time, and it will configure your firewall by default. This is primarily because you can put your tool set on a USB stick, or somewhere online, and you have these quick scripts which you generate, and then they perform these tasks for you in an automated fashion. It’s really simple. I will show you how to make these scripts. You do not necessarily need advanced programming knowledge. Basically, these scripts consist of lists of Linux terminal commands, which we will do anyway. So, basically, the script would consist of a list of those commands, and then you just change the mod of the of the script to be an executable file, run it, and all those commands are passed to the system.

The final thing that I wish to address here is reverse shells. So, there are hundreds, if not thousands, of reverse shells out there that you can use. I will pick a few that we will use depending on the framework, depending on the environment of course, that we want to infect. But, in essence, what reverse shells are, as the name itself says, you have a program with which you infect another device, and then that program opens up a reverse connection from that device back to you. So you can keep on passing commands, you can keep on controlling the system, even though you are nowhere near it. There are different types, of course. Today, with routers and firewalls you do need to do a lot of extra configuration, and there are problems that need to be solved and addressed. You will see how when you are trying to break into a single computer, sometimes you need to break into the router first. Usually, you need to break into the router first. Unless, you’re performing these phishing sort of attacks, or there’s a web server, running in the background. But, attacking a private device, a private computer, which is usually what people do, preludes to bigger hacks, because they want to extract some sort of information from, let’s say, a company’s employee that’s a network administrator, or somebody like that. One of the basic vectors would be to attack a home router, change the DNS settings there, and try to steal the credentials in such a way, or put the computer in the DMZ of the router, Demilitarized Zone, so that the router is no longer effective for that device. It would just forward all traffic to that device, regardless. So, those are just some of the types of attacks that you can do, but reverse shells will depend on the environment that you are trying to infect, and it will depend on the choice of your attack route as well.

In any case, I hope you got some basic introduction to these terms. Again, if you didn’t figure it out all immediately, don’t worry about it. We will cover of this in great detail, with a lot of examples, and you will understand it. It’s not complicated, do not allow fear to dissuade or stop you, just keep on going in spite of it. If you can just stick in until the end of this course, I guarantee you will understand it. With just a bit of focus, and a bit of curiosity, you will be able to obtain the necessary skills needed in order to become a pen-tester, or an ethical hacker. I bid you all farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #3: Basic Terminology

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will be talking about some of the basic terms which you will need in order to follow along with this course.

So, first off, you have three main categories of people. There are White Hat hackers, Gray Hat hackers, and Black Hat hackers. Everything that we will be doing throughout this course will fall into the White Hat category. Those are people whose activities are within the confines of the law. There are people such as penetration testers, ethical hackers, people like you and me, and so on. Next, you have Gray Hat hackers whose activities are bordering between legal and illegal. It’s a bit of a shady area. In addition to that, you have the most known category which is Black Hat hackers. Usually, and unfortunately, every time somebody hears the term hacking it is associated with people from the Black Hat world. There are people who conduct all sorts of illegal activities, or conduct activities without any regard for the law. These activities include extracting information from certain servers, user credentials, credit card information, and take services down for some sort of financial gain.

Moving along, you have footprinting. The act of footprinting is essentially information gathering. You are conducting some sort of reconnaissance work. This can include figuring out the IP address of a server, figuring out which ports are open, and with that you can conclude which services are running. Footprinting doesn’t necessarily need to be confined to the digital world. The act of footprinting can also consist of visiting the physical property of your target. You just walk into the building where the target’s servers are located and have a look around. You can attempt to gather some information there on site. You can dig into their trash containers to look for confidential information. Also, people have been known to go into parking lots to see who the employees are, who works there, all sorts of things. So, this is just general information gathering in regards to your chosen target. It doesn’t need to be confined to the digital world.

Anyway, down below you have certain types of attacks: you have DoS and DDoS. Both are the same thing implemented in a different way. DoS stands for denial of service. These are usually referred to as childish attacks because they are relatively easy to implement. Then you have DDoS attacks which are on a much, much larger scale. In general, what happens here is that you perform a certain amount of requests, more requests than a server can handle, and then the server begins dropping connections. For example, an Apache web server, I believe by default, can handle up to 10,000 connections or so. If you can make more than 10,000 requests, anybody else making any sort of requests will not be able to access the website, because their connection will be dropped. The Apache server will say, OK, I have too many users, I have more users than I can handle, all the other connections will be dropped by default. Thereby, making the site inaccessible even though you haven’t broken into the server. You haven’t really broken through any firewalls, or stolen any passwords, or anything of a kind. But, when you’re DoS’ing something it’s just you. So, all the requests are coming from your own computer. Generally, this will only work if there is a flaw in the way in which requests are processed. However, that is why you have DDoS attacks. When you have multiple computers, multiple connections, and they are all making simultaneous requests to a certain server. This can be extremely difficult to fight off. You need to have a clever configuration of your firewall, and you need to have quite a good firewall as well. Usually, you need a physical firewall to prevent DDoS attacks, and by physical I mean a router firewall.

DDoS attacks are difficult to perform because it is difficult to make the necessary preparations. First of all, you need to go about infecting other devices which you will use, which you will enslave and use in order to perform this sort of an attack. This is the difficult part. The DDoS part is quite easy comparatively. For that, in order for you to infect other computers, you need two things. You need RATs, remote administration tools, and you need to be FUD, fully undetectable. So, it just means that they cannot be detected by anti viruses, or the more precise term would be that they are not labeled as something malicious by an antivirus program. Most of the time you don’t actually need to make your own applications fully undetectable. There are plenty of pen-testing companies out there, and not just pen-testing companies but other companies as well, who will pay very good sums of money if you can make their programs fully undetectable by antivirus programs. Remote administration tools usually go on a USB stick, are sent via an e-mail attachment, or attached to a zip file, and in such a way that they can infect other computers, other devices. These programs then enslave them, and then you can use all of those computers to conduct different sorts of activities. This is beneficial for the attacker because it anonymizes them to a very large extent.

Next we have rootkits. A rootkit is a tool which you install onto an operating system, and it is able to hide running processes from the system itself. So, when you, for example, start task manager in Windows, the purpose of a rootkit would be to hide the processes from the task manager. Basically, how it works is that the task manager requests information from the system, from the kernel, and then the kernel of the system responds, which is the core of the system where all the drivers and the key functionalities are. The kernel of the system then responds, hey, I have this, this, this, and this process running, here you go. What a rootkit would do is redirect those requests from the task manager to itself, and would say, I don’t have such processes running. So, very, very dangerous and potent combinations here that we will use later on as we progress through this tutorial. For the time being, I just wanted to provide you with a bit of an introduction to the course and give you an idea of what we shall be doing throughout some of the demonstrations.

Finally, we have phishing attacks. Phishing attacks are basically when you apply some sort of bait, somebody bites it, then you pull on it. Simple as that, right. The same way you go fishing? Well, not quite. Phishing attacks are when you get an email from someone and there’s a link in it, you click on it, and it throws you onto some website. It may look legitimate. It perhaps looks like a website that you are using, but it is not. You might pass in your credentials, and that can be a problem. This is generally avoided today. What happens these days is that the DNS servers get changed on your routers, and once that happens all the requests that you make on your web browser would get redirected. So, for example, if you type in facebook.com, you’re gonna get the domain with facebook.com from a private DNS server, god knows where, whose MX records have been altered, and they have been configured, for example, to redirect facebook.com to a certain IP address that does not belong to Facebook. So, you open up your Facebook, it looks exactly the same, there is no way to tell because in the upper left corner of the screen you have the domain name written, it’s www.facebook.com, and basically you provide login credentials. Once you do that, they’re gone, somebody has them. One of the ways to detect this would be to check whether the protocol is HTTPS, instead of HTTP. Usually, if these kind of attacks are conducted it’s not going to be HTTPS, as that is much harder to implement. But, if it is HTTPS there really wouldn’t be any legit way of figuring it out other than actually checking the keys, checking their certificates, and no one actually does that. Maybe not anyone, but 99% of users are not going bother to go about conducting such checks. Anyway, I know it sounds a bit complex, but, believe me, I will explain this in great detail. I will give you several demonstrations, and by the end of this course you will understand and know how to do this with great ease. It will not present a significant obstacle in your line of work. Now that we have approximately half of these out of our way, I will continue covering the terms in the follow-up tutorial. I hope to see you all there!

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #2: Course Prerequisites

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will be covering some of the required prerequisites if you wish to follow along with this course. One of the first things that you need to be familiarized with is your working environment. So, for myself, I have chosen to use two Linux distributions. One will be Fedora, which is the operating system I will be running on my host computer. I assume many of you following along will be using Windows, and this is perfectly fine for following along with this course. I will also install a virtual machine that will run Kali Linux. Kali is a Linux distribution which contains a great deal of pen-testing tools, so it’s very useful in that sense. In the following tutorials I will go into great detail covering the installation process, such as how to setup a virtual machine, how to install Kali Linux, etc.

Should you wish to exclusively use Windows, that is definitely not advisable for this kind of activity. Since I’m doing this in the environment that I own, it doesn’t really matter to me if I’m anonymous or not. But, in the real world, all the pen-testing that is done in the real world, you are always trying to anonymize yourself. You’re trying to be as invisible as possible, as often as possible. You do not want administrators figuring out where the attack is coming from. You want to wipe your trail. Windows is not very good for these sorts of things, so there your anonymity level will be very low. Most of the tools that we are going to be using are native to the Linux kernel. They were made for Linux. So, you may experience problems configuring these tools to work with Windows. You can still use Windows if you would like, because you’re not hiding from anyone, but since I’m recreating the real-life scenario, I will be using proxies, VPNs, etc. I would like the demonstrations to be as accurate as possible.

For all the Mac users out there, if you’re using Mac OSX, it doesn’t really matter which version. Many of the tools should work without any problems. The procedures are fairly similar. The command-line tools are the same. How you install them differs, but you will be able to run the same commands as me. So, there shouldn’t be any problems there. Your anonymity level with Mac OS should be relatively good. But, on Linux you have the greatest anonymity, and you are rather safe in that sense.

Moving on from your working environment, you will also require a working internet connection. Even though all of these exercises will work much better with an extremely fast internet connection, some of these attacks are actually conducted from public Wi-Fi, in real life anyway. I will set up a wireless access point in my office and load it so that it’s similar to the public Wi-Fi, which is very slow. Some of these attacks, as I said, they go over public Wi-Fi. And as we all know, and as we’ve all painfully learned, public Wi-Fi is not the fastest internet connection out there. You have a lot of people that are connected to the network, and there’s a lot of data going through. They are not the safest networks out there either. But, as I said, if you want to absolutely anonymize yourself, and that is what some people do. They go out and connect to a public Wi-Fi, or they go to a bar, or something of a kind, and conduct their attacks from there. Now, before they do that they need to figure out whether the bandwidth of that Wi-Fi can sustain their attack. So, they need to minimize, they need to downsize it, and that is how they become absolutely anonymous.

Finally, the last thing that you will absolutely need is a working wireless card. When I say working wireless card, most devices have them. Pretty much all laptops from 2008 were standardized with wireless cards. If you are using a desktop machine that doesn’t have a wireless card, you should acquire one to follow along with the exercises, but you don’t need to. However, you won’t be able to follow along with a large portion of this course. External USB wireless cards are pretty cheap. You should be able to acquire one for $10-15, so they’re not that expensive, and you can get them pretty much anywhere. Anyway, as I was saying, what I mean by a functional wireless network card is that it is recognized by your operating system. So, if you are using a Linux distro, like I am, you need to make sure this Linux distro, that the kernel of this Linux distro, actually has the necessary drivers for the wireless card that you will be using. If you’re using an Atheros card you should be fine. Most Linux kernels support a large number of Atheros devices, if not all of them, in terms of network cards. So, that should be fine. There were some problems with Broadcom, but as far as I’m informed that has been solved. So, no big deal there. If you’re uncertain how to check whether your wireless card functions under your Linux distro, just try connecting to Wi-Fi. If you can connect to a Wi-Fi access point, obviously it works. If you can’t, it doesn’t work. But, don’t jump to the conclusion that it doesn’t work. Try resetting it, turning it off and on, we will cover this in greater detail in the follow up tutorials where we actually go over the installation process.

Before we begin with the Kali Linux installation, I would like to cover some basic terminology that you will need in order to be able to follow along with this course. In any case, I bid you farewell, and I thank you for watching.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #1: Introduction

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this introductory video! Today, I will be talking about ethical hacking, and I will also introduce you to the course itself.

You might have noticed that the term ethical hacking is composed out of two words: you have ethical, and you have hacking. Now hacking, the definition of hacking, is quite broad. The act of hacking consists of compromising any system, not just computer or digital systems. For example, lock picking is a form of hacking. The ethical side of it would be when you have permission to do it, when it’s within the constraints of the law.

Anyway, this course will focus on computer systems. We will cover how to penetrate networks, how to exploit systems, how to break into computers, how to compromise routers, etc. After you have finished the course, after you have absorbed all of the information in it, you will gain the ability to do some serious damage. Now, because of this, I wish to give a disclaimer. First off, I do not encourage any sort of illegal activity. Furthermore, I strongly advise against it. This tutorial is purely for education purposes.

The field of network security is growing rapidly, and many networks tend to be insecure. There are many opportunities for knowledgeable pen-testers, and I hope you find the tutorials useful!

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Enroll in the 14 Course Holiday Bundle!

Enroll now in our Black Friday/Cyber Monday Course Bundle for 2017! This bundle of Udemy courses includes all 14 technology courses listed on the website by Joseph DelgadilloNick Germaine, and Ermin Kreponic! Get 98% off some of the best-selling courses covering ethical hacking, Linux administration, programming languages, and development!

26 Course Forever Bundle!

Below is a list of every course included in the bundle:

The Complete Ethical Hacking Course: Beginner to Advanced!

Join 200,000+ students in the most popular ethical hacking course on Udemy! Learn penetration testing, web testing, and WiFi hacking using Kali Linux.

The Complete Ethical Hacking Course for 2016/2017!

This course is the successor to The Complete Ethical Hacking Course: Beginner to Advanced! Gain the knowledge hackers use to compromise systems and use it to protect your own.

Build an Advanced Keylogger Using C++ for Ethical Hacking!

Take this course to learn how to code a fully functional keylogger in C++ for use in Windows!

The Complete Python 3 Course: Beginner to Advanced!

Learn to code in Python with projects covering game & web development, web scraping, MongoDB, Django, PyQt, and data visualization!

The Complete Front-End Web Development Course!

Get started as a front-end web developer using HTML, CSS, JavaScript, jQuery, and Bootstrap. Use this course to launch your own career as a freelance web developer!

Learn and Understand C++

Take this course to learn C++ which you can use for ethical hacking, game development, and most software you use daily!

Learn Angular 2 from Beginner to Adavanced

Learn how to develop web applications using Angular 2!

The Complete Python 3 Course: Go from Beginner to Advanced!

Complete guide to learning how to program in Python. Go from a beginner to advanced level in Python with coding exercises!

A Beginner’s Guide to Linux System Administration!

Get started with Linux, app development, server configuration, networking, and move on to a career as a system administrator!

CentOS and Red Hat Linux to Certified System Administrator!

Learn the basics of CentOS, and Red Hat Linux. Prepare and pass the Red Hat Certified System Administrator (RHCSA) exam!

BASH Programming Course: Master the Linux Command Line!

Go from beginner to advanced with the Linux command line in this BASH programming course!

The Complete Wireshark Course: Go from Beginner to Advanced!

Learn to use Wireshark as a networking professional including troubleshooting, analysis, and protocol development!

Design and Build Your Own Personal Computer!

Learn everything required to build your first custom PC for work, home, or gaming!

Certified Ethical Hacker Boot Camp for 2017!

Gain the knowledge necessary for passing the CEH exam and move on to a career as professional pentester!

When you purchase this course bundle you will receive lifetime access to the classes, 1 on 1 assistance with the tutorials, and a certificate of completion through Udemy. Each course is fully subtitled in English.

Thank you for taking the time to read this and we hope to see you in the classes. Happy holidays!

26 Course Forever Bundle!

Posted on

Learn Python Episode #24: Final Project

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

Welcome back everyone! We are on the last video of this tutorial series which means you now have a basic understanding of Python. You actually have enough knowledge right now to start building basic programs. We have covered some of the core concepts, as well as the language syntax, and we currently know how to create loops, if-elif-else statements, variables, etc. So, we are going to finish off the series with a project, specifically building a calculator in Python. Let’s go ahead an open up our ide.

import re

print("Our Magical Calculator")
print("Type 'quit to exit\n'")

previous = 0
run = True

def performMath():
global run
global previous
equation = ""
if previous == 0:
equation = input("Enter equation:")
else:
equation = input (str(previous))

 

if equation == 'quit':
print("Goodbye, human.")
run = false
else:
equation = re.sub('[a-zA-Z,.:()" "]', ' ', equation)

if previous == 0:
previous = eval(equation)
else:
previous = eval(str(previous) + equation)

 

while run:
performMath()

At the top of the script we are going to import the regex library, write a print statement welcoming our user, and inform our user how to exit the program. Next, we will define the previous and run variables. The previous variable will define the default value upon starting the program, and the run variable will determine whether the program is running or not.

Next, we will get into the meat of our calculator program. We will begin by defining the performMath function. Since the run and previous variables do not exist within our function, we will need to import them as global variables. Finally, we will define the equation variable.

Now that the performMath function is created, we will need to tell it what to do. The first if-else statement will request an input from the user. The second if-else statement will tell the program how to handle the user input. If the user types “quit”, the program will end and print “Goodbye, human.” Otherwise, the program will run a regex request on the input. Remember from the previous tutorial, we can use the regex library to identify and replace different sets of characters. We do not want the user inputting anything other than basic math. In the same block of code, we are going to run the eval function on the input from the user. If the user has already run a calculation, our program will take that result and add it to any additional calculations.

Lastly, we will create a while loop to run our performMath function. This is a very basic program and I would be interested to see any additions you make to it! Thank you to everyone who followed along with this tutorial series. I hope you found the information valuable!

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato

Posted on

Learn Python Episode #23: Importing Libraries into a Script

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

In this tutorial we are going to learn how to import different modules into a Python script. So, what is a module? A module is an external library that you can include and use in your project, without having to write the additional functionality yourself. Let’s import the regex library.

import re

Re is included with Python, so there’s nothing that we need to install in order to use it. Regex is basically a mini-programming language that you can use within most other languages. Regex gives us a way to match certain characters and then do something based on that. Let’s cover some basic re usage.

string = "'I AM NOT YELLING', she said. Though we knew it to not be true."

print(string)

This particular string has capital letters, lower-case letters, a comma, a period, and quotations. Let’s play around with this a bit.

new = re.sub('[A-Z]', '', string)

What we’re going here is instantiating the re object that we imported at the top of the script, and we’re calling the sub, or substitute, function on the re object. So just like calling any other function, we need to provide parameters to the object. We haven’t discussed classes or objects yet, and we will get to them later, but this is what we need to know for the sake of this video. The three parameters that this substitute function will take is the matches we want to make, what we want to replace them with, and then string that we’re going to manipulate. Take note that rules in regex are contained within square brackets.

print(new)

As you can see, we took the capital letters A-Z and replaced them with blank space. There are all sorts of different applications for regex, and we will be using it when creating a calculator in the next video.

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato

Posted on

Learn Python Episode #22: For/While Loops

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

In this tutorial we are going to cover the two loops types in Python. The first one is a for loop. A for loop will allow you to iterate over a list in Python. In other words, you can do something for each item in the list. So, let’s go ahead and create a list.

numbers = [1, 2, 3, 4, 5]

for item in numbers
print(item)

When we run this each number in our list will be printed out in the console. Let’s add names to our list instead of numbers.

names = ["Nick", "Someone", "Another Person"]

for item in names
print("This persons name is", item)

That is a for loop, and basically the second parameter is to access the list, and then the first parameter is what you want each item in the list to be called while inside it’s little block of code. Now we’re going to learn about a while loop.

run = True
current = 1

while run:
if current == 100:
run = False
else:
print(current)
current += 1

In this bit of code we are creating two variables, while, and then we write what we want to happen while the program is running. In this case, we are going to check to see if current = 100. If not, we are going to add 1 to the total, and we are starting from 1. Once the total hits 100 the program will stop running. We will be using loops quite a bit throughout this course, so make sure you’ve mastered this concept.

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato