Posted on

Learn Ethical Hacking Episode #17: Staying Anonymous with ProxyChains (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will be talking about how you can configure proxychains to work in combination with tor in order to anonymize traffic. Not only web browsing traffic, but rather instead, all network related traffic generated by pretty much all of your applications. Now there are a few applications which will not work in combination with proxychains. Namely, one such application is Metasploit. Now Metasploit is practically a hacking framework, and it is of crucial importance for pretty much any sort of hacking activity in today’s world. It allows automated generation of the code needed to break certain systems, and it also contains a list of vulnerabilities as well. However, what I want to do here today is show you how you can anonymize pretty much all footprinting traffic, or traffic generated by nmap when you’re gathering information, or even when you are web browsing, and how you can cover your tracks in general.

One of the first things that you do need to do, in Kali Linux they come pre-installed, is download tor and proxychains. You may need to install these two software packages on other systems. Tor can be difficult. I have seen systems where tor is not installed by default, and I have shown in the previous tutorial how to install tor without any problems. What we will need to do here on Kali Linux is simply configure the software, and not install anything. So, let’s just navigate over to the etc proxychains configuration file, nano/etc/proxychains.conf, press ENTER, and there we go, we are in the configuration file. What is proxychains? Well, it gives you the ability to route your traffic through a series of proxy servers and stay anonymous by hiding behind them, or by having them forward your request so that it looks as if your requests are coming from them, as opposed to from you. Surprisingly enough, there is a large number of free proxy servers available that you can use, but they’re not very stable, they tend to go up and down, and they’re not very fast. So, for specific targets they can be useful, but not for any form of brute forcing attack. If you are doing something to a certain target, if you’re trying to log in or you’re already logged in, you can definitely do it through proxychains, and it will be reasonably fast and stable. If you’re performing some sort of mass scanning, or you’re brute forcing a password, proxychains with a list of proxies selected from the internet, free proxies that is, will not be very stable. I mean, it’s going to work eventually in a technical sense, but it will consume more time than you can spare. And by more time than you can spare, I mean a month or two to do a simple scan. For the time being, I want to show you how to use proxychains, how to configure them, because they are really useful useful. I use them fairly often, many people do, and it’s a fantastic piece of software.

First off, you have different types of proxies here which you can use. You have HTTP, socks4, and socks5. Now there are fundamental differences between these protocols. You always want to find yourselves a socks5 proxy, as that is the most advanced protocol, and it has the ability to anonymize all sorts of traffic. HTTP, well as the name itself says, it’s for HTTP traffic, and socks4 is very similar to socks5 but it does not support the ipv6 protocol, and it does not support the UDP protocol. So, socks4 can be rather problematic. You always want to make sure that you’re using sock5 whenever possible. Anyway, down below you have these options which we will go over. To enable these options you don’t need to type in any complex lines of code, or anything of a kind, you just delete the hash and that’s it. Save the file, the option is enabled. This hash presents a commented out line, meaning that the system reading this file will ignore it if there is a hash. If there isn’t a hash it will take it into consideration and interpret it accordingly. Anyway, what we have here are statements which allow us to specify how we want our traffic to be routed. So, first off, we have dynamic chain. Dynamic chain is an option which you will find people using the most. It is the most commonly used option, a preferable one, and I honestly think it’s the best one because it’s the most stable one. Here’s why. Suppose you have ABCD proxies, so those are some servers with IP addresses with open ports. If you have a strict chain policy like we have here, you will only be able to access any site by going through ABCD. So, you have to go through all of them, and you have to go through them in that specific order, ABCD. I am sure you can already see how that could present problems. I mean, if you’re paying for five proxies that’s not a problem because they will always be operational, they will always be up. That’s not a bad option at all. However, most people use free proxies, and they don’t tend to pay for them. Why would you pay for 5-10 proxies for a simple scan? They’re not free, they cost money, they’re not that expensive either, but still, the act of paying itself identifies you, and it diminishes the amount of anonymity you have on the net. There are some complex payment methods with which you can use to anonymize yourself, such as cryptocurrency, but still, it’s far simpler to use dynamic chains. So I’m going to go ahead and un-comment this line of code. Strict chains will no longer be used. I will be using dynamic chains. One more thing to note here is that if you want to use proxychains in combination with tor, so if you want to route all of your traffic through the Tor network, not just web traffic, you must enable dynamic chains. I mean there is a chance that it will work with strict chains, but due to the instability of tor nodes it is highly unlikely. Anyway, if you are using dynamic chains it gives you the ability to go from ABCD, to your desired destination, by not having to adhere to any order. So let’s say that C is down. You would go through ABD and it would work without any problems. If B was down you would go through AD, and you would still reach your destination. So, as long as one single proxy is functional it’s going to work, and it doesn’t require a specific order.

Down below you have random chain. Now random chains are, in effect, basically the same thing as resetting your services. If you’re resetting tor you will be assigned a new IP address, I mean tor assigns you a new IP address every 10 minutes or so, but with the random chain option you can specify a list of IPs. And then you can tell your computer, OK, I want you to connect to this point, and every time you connect, every time you transmit a packet, I want you to use a different proxy. We can do that as well, that’s definitely a viable option. You can say, OK, use this one five times and then change it to another one, or something like that. There are a lot of options to specify here, primarily the chain length. If we go ahead down below there’s the quiet mode, and you don’t really need that. Proxy DNS requests – no leak for DNS data, this is very important. You cannot have any DNS leaks. Let me explain to you what DNS leaks are. Even though somebody cannot get your particular IP address, they can get the IP address of the DNS server that you are using. What DNS servers do is resolve the domains to IP addresses, and vice-versa. So, for example, if you typed in youtube.com, the DNS server of your local ISP provider will resolve that into some sort of an IP address that YouTube has, and it will make a request. You do not want that happening because your local DNS server will be discovered, and that information can be used in order to figure out your personal IP address, and then your physical location is pretty much compromised. You definitely need proxy DNS here. It might slow you down a bit, but without it you won’t be anonymous. It is just a matter of time before somebody finds you. If you go down below we have some other options here, but we’re not really interested in them at the moment. What we got here are formats for entering proxies, and I’m going leave it at that. We will cover the rest in the follow-up tutorial. But, just a key note before you go onto the next tutorial, have a look at these. You don’t need to go on the internet and read anything about it, just have a look at the format here, how they are written. This is an example of proxychains and how you can write them down. So you have a type of proxy, you have an IP address, figure out what this number is, what this name is, and what this word here is. I will of course explain all of this in the next tutorial, but just try to figure it out on your own. It’s pretty simple. In any case, I bid you farewell, and I’ll see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #16: Accessing the Dark Web Using the Tor Browser (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this follow-up tutorial. Today, I will show you how to install TOR itself. We’ll go through the installation procedure, and in order for us to do that we will need to use the new user that we have created, test.

First, we will need to switch users. In order for you to do that you need to log out, and in order for you to log out in Kali Linux just go ahead and click in the upper right corner where it says root, scroll down to switch user, and there we go. Excellent! It now says the active user is test. I’m already logged in as test because I have done this previously, but it’s going to prompt me for a password as well. So, just go ahead and type in the password for your user, press enter, very simple. There is a browser icon in the upper left corner, it’s blue, it’s a reliable browser. Go ahead and click on the icon, navigate to your favorite search engine, type in tor, press enter, and open the first site in the search results. It should read tor project: anonymity online. Make sure, absolutely make sure, that you are downloading this browser from the official source. In the browser it says “https”, make sure there is an “s” at the end. Make sure that the domain is correct as well, so torproject.org. It’s not .com, it’s not dot some country extension, it’s .org. Anyway, go ahead and click on download tor, and I need the 64-bit tor browser for gnu/linux. In case you’re using another operating system, over here you have it for Microsoft Windows, Apple OSX, etc. We are going to go ahead and use the Linux/UNIX version. There are some addition resources here on the site, you have forums, questions, FAQ, and some other things as well. I would strongly advise that you browse around the site for a bit. For the time being, I’m going to go ahead and click on download, yes I wish to save a file, and the download will proceed. It should only take about a minute or less to download.

What you do with tor is simply route your traffic to go through certain points, and every time it hops there is an encryption layer. It makes your connection very secure and there are these things that are called inner nodes. So, for example, you go from one computer, nodes are basically computers or servers through which you go, so you make a request to a certain website, and then your connection goes from your computer to some other computer, and then from that computer to some other, and so on and so forth, until it reaches the exit node. All of these devices are a part of the TOR network. Once it reaches the exit node, it is the exit node that actually makes the request for the site that you wanted. Basically, you are using a lot of proxies, that would be the very basic explanation, but there is a lot more to it. The encryption being the major part of it. So, there are multiple layers of encryption there and it is nearly impossible to figure out where a request is coming from, unless you are controlling these nodes, or something like that, which is highly unlikely. Basically, using the TOR network is a fantastic way of staying anonymous. You do not need to necessarily use the tor browser just to access the hidden web, rather instead you can use TOR to torrify, that is the term, to torrify your applications. Once you torrify them all of traffic generated by those applications will be routed through the TOR network, and you will be anonymous to a very large extent. Although, keep in mind that connections, all things using TOR, are very slow because your connection is being routed through a lot of devices, and there are a lot of people out there that are using those devices. Anybody can contribute, really. You can find additional information on the TOR official website.

In this particular tutorial I wanted to introduce you to TOR and show you the dark web. So, go ahead and click on the file you downloaded. It says reading archive please wait, excellent! I am going to extract it to test/desktop, so go ahead and proceed. Let’s see if it’s going to succeed. Extracting files from archive, don’t cancel it just quit it, excellent! Go ahead and open up this folder and start the TOR browser. Just go ahead and click on start tor browser, run, and this process might take a bit of time. Now you might ask yourselves, what is so special about this TOR browser? It looks like a regular internet browser. The TOR browser gives you the ability to access the .onion domains, and here’s how we do that. The first thing that I’m going to do is type in hidden wiki. The hidden wiki links to a large number of other .onion domains, to those of significance anyway, and it’s URL continuously changes. That is why I am searching for it in the video, as opposed to pre-loading it, primarily to show you how you can find it. It’s not really that difficult, you can just type it in to the search engine. So, let’s just go ahead and open up a couple of these websites. So here we have .onion domains, a list of them, quite a large list, but I’m not actually interested in those. Here it tells us that the hidden wiki has been hacked, this is the new URL, spread it. Don’t worry about this, this happens like all of the time. This is just one of those things that you have to learn to live with. I know it’s a bit inconvenient to have to search for the URL all of the time, but if you want to access the dark web things are not as stable as they are on the on the regular web. So it says, welcome to the hidden wiki, new hidden wiki URL added to bookmarks and spread it, excellent!

Let me explain where we are. This is a rather large list of links for .onion domains, as I said, and you have many different resources here. Some of them are illegal and we will not go into those, basically where you have people who are selling PayPal accounts, credit card numbers, and so on and so forth. That is not somewhere we should go. Perhaps, if you would like to check out if your PayPal has been hacked, or something like that, you can go on to those websites and search for it to see if it’s actually there. Other than that, I really see no other reason why you should visit them. There are also a lot of things concerned with the anonymity of payment online, so Bitcoin, prepaid cards, etc. Anyway, down below you have commercial services. I wouldn’t recommend buying anything that needs to be shipped to a physical address. They have an anonymity and security section. Here you have some things concerning proxies, the TOR network, etc. The primary purpose of why I am showing you how to access the hidden web is so you can use a large amount of these external resources during your pen-testing exercises. What we are mainly interested in are the forums. So you have forums, boards, chans, and so on and so forth. Let’s take a look at a few of them. Keep in mind that they tend to be down, that the URLs tend change, and this can be problematic. So let’s try BlackBook, HackForum…yeah, you see there’s a problem loading this page. This is not going to open. Hack The Planet, let’s see what they got there. The Intel Exchange, excellent! I think this is one of the better forums. Let’s go through these pages and see if we can find anything of use. We are in the intel exchange. This is one of the forums where you will need to register, but I mean nobody’s asking for your credit card information. Just fill in the basic information like your user name, password, how you wish to be addressed, and so on and so forth. You have general discussions, we don’t really want that, we have software, excellent! This is what we were looking for, software. So hacking, programming, TOR, and everything else about software. Let’s see what’s here. By the way, whatever code you download from these websites you will need to run within a virtual environment, or do not run it at all. I’m just going to go ahead and say that you should not run it on your regular machines, or on anybody’s regular machines, because that’s never a good idea. So, what do we have here? Best programming language for making an OS. Well, we don’t you really need that. That can be rather complicated. Down below, is it safe to download PDFs on TOR? You shouldn’t do that, you shouldn’t download anything on TOR that you will use on your regular machine. So we have some fairly silly things here which we will never use, but there are some very nice resources. We have IP address questions. So, what can you do with an IP address, and so on and so forth. I can’t open any of these because I’m not registered, but I have been on these forums and they can be quite useful. I don’t think I’ve been on this one in particular, but I have been on forums on the darknet, and you can find some interesting things that people have done, some interesting methods. Usually things tend to be published here first and then they hit the general public, or they regular web. We have keyloggers here. So you can find some information on keyloggers, how to use them, where to find them, but I was just reading the reviews mainly here, and the suggestions, and then figuring out where you download it. It is important to check if software is open or closed source. If it’s open source perhaps you can go to their website and download it from there and be safe in that manner. So that’s not a bad idea. You see hacking tools, SQL injections, operating systems for hacking, root kits, and so on and so forth. You have a ton of information here which I would strongly recommend you explore. Do not do anything illegal, just go ahead and visit the forums and see what sort of information can you extract from it. That’s all. In any case, this will conclude the tutorial here. I hope you find the dark web to be a useful asset in your pen-testing career, or your pen testing activities in general. I believe it is. You can find a lot of useful things as I keep restating. The connections can be rather slow, but it is safe to install the TOR browser on your regular machine so long as you download it from the official site, which is torproject.org, under the https protocol. In any case, I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #15: Accessing the Dark Web Using the Tor Browser (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will open up a chapter on how to stay anonymous.

So, there are several methods that you can use. First off, you’ve probably heard of proxies. Proxies route your connection through several different points. This can be very slow depending on the speed of the proxies, and you also know nothing of the other side. You know nothing of the server’s through which your packets are going. If you’re using proxies to log in somewhere with your password credentials that is potentially dangerous, and you should not do that. The other option is to use a VPN service to encrypt your traffic. A VPN can be very fast, especially if you use a reputable provider. A yearly subscription will cost you around $100, and a monthly subscription is roughly $10. You will get a dedicated VPN, static IP address, and you shouldn’t notice any delays with your connection to the internet. Furthermore, your traffic is encrypted, and the only way to lose anonymity is if the VPN service provider relinquishes your information. However, this does not happen often, especially if you get a VPN in certain parts of the world where they value privacy. What we are going to be using VPNs and proxies for is to bypass firewall settings, or firewall limitations.

Here’s a real-life example that people are using pretty much on a daily basis. Netflix, for example, has a certain range of IP addresses from which it allows connections. So, if you are elsewhere in the world, and \do not belong to that IP address range, it will not allow you to view anything on the website. However, if you use a proxy, a good one, or if you use a VPN, you will be able to access the site as though you were coming from the country which falls within the IP address range list. That’s just one of the common examples for why people use VPNs. Not exactly legal, but people have been doing it. It’s not exactly harmful, you’re not taking servers down, or something like that. People use VPNs in order to watch Netflix from a cell phone while they’re traveling, or something like that. In any case, there are numerous other examples of when you want to bypass certain firewall settings. For example, if you have a certain server whose traffic is mainly generated from a single area, from a single country, and you do not want to be, for example, scanning from an IP address in China. A network administrator would see that IP address and they will know that it’s an anomaly of some sort, and that it doesn’t belong there. This will draw unnecessary attention to yourself. You want to be accessing the server from where all the other users are.

In any case, that is what we shall be doing in this chapter, but for the time being, for this tutorial, I want to show you how you can access the dark web, or the hidden web, whatever you wish to refer to it as. Now rumor has it that the dark web is a lot bigger than the regular internet, that there’s a lot more information there. To access it you will need to install the tor browser, and with the tor browser you will be able to access the darknet. It is not installed by default on Kali, and this is one of the rare situations where we will actually need a different user other than root in order to be able to do anything with tor, in order to be able to start it. So, first off, I’m going to go ahead and create a new user. Open up your virtual machine, you see mine is already opened up here, and I have my terminal up and running here. Just open up your terminal and type in the following commands. First off, we need tor. I will explain what tor is in a moment, but you just type in apt-get install tor -y, and press ENTER. You will of course need an active internet connection to install the software. The -y argument in the command simply tells the system to answer “yes” to any prompts within the setup. Let’s just go ahead and clear the screen.

The next thing that we need to do is create a new user. Go ahead and type in the command adduser. Just a key note here, there is also a command called useradd. Do not use this command for the time being because it causes some unnecessary complications. So just go ahead and type in adduser, and now you can name your user whatever you wish. You cannot use capital letters if I remember correctly, that’s the rule in Debian systems, so I’m just going to call my user test. It says adding user test, adding new group test, adding new user test with group test. It will also create a home directory for that user. You will need this folder because we are going to be doing things here which you cannot do with root. Now go ahead and type in your password here. It doesn’t show anything when you type because that’s the standard way of UNIX passwords, in order to prevent anybody from seeing the length of your password on the screen. Go ahead and press Enter. Now you are prompted here for some information in regards to that user. Completely irrelevant for our purpose today, so we don’t type in the full name, room number, work phone, home phone, other, etc. Press ENTER, and there we go. We have just effectively created our new user, test, to which we need to login, and then from there conduct our work. Now a key thing to note here is that even though there is a way of configuring the tor browser to run as root, don’t. It’s not even a good idea to browse the Internet as a root user. If you pick a virus up, any sort of malicious code, it’s going to run as root. Not good, even if it is a virtual machine. I don’t want you to develop any bad habits. Otherwise, we will be using the root user throughout the majority of the course. All of the pen-testing tools require, more or less, root permission. Anyway, I will cut the tutorial here, and I’ll see you in the second part of it.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #14: Command Line Essentials (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to part two of this command line essentials tutorial.

Let’s go ahead and save the file, so press ctrl + O to write the output to the file. It says File Named to Write, you can actually modify it here. So you can type in some letters, or whatever you would like. You can change the name here, or you can even change the extension if you would like, but there is no need for the time being. I’m going to go ahead and save it as test. Press Enter, there you go. It says wrote one line. Control + X to exit, there we go. Clear the screen, and now I’m going to use the cat command to get a listing of this particular file, which is far more reasonable than the previous one which we couldn’t read. The cat command was functioning properly, but it was mostly a binary file. Therefore, it gave you a listing, but you couldn’t really read anything from it. So let’s just go ahead and type in cat test, and there we go. It says, some random text goes here. That is the text that we have typed into the test file, and you can cat it like this. The cat command is especially useful if you would like to to quickly see what is located within a file.

There is another way of doing this, the command is called LESS, and let’s go ahead and navigate over /etc/apt/, ls, and here we have plenty of files to work with. Let’s take sources.list as an example here. So, if I do cat sources.list, I’m going to get everything that is within that file, as before, and it’s going to be listed in my terminal. But, there is another command which I can use, let me just go ahead and clear the screen. It is called less. If I type in less sources.list, I’m going to be prompted with a new workspace within the terminal itself, and when I press Q it’s gonna exit, and nothing will be displayed here. So, very nice in terms of being neat and organized. So less and cat are very useful commands.

Next up, we have the GREP command. With grep you grab something from something else. Here’s what I mean. You type in cat sources.list, and you type in a pipe. This symbol here is called a pipe. This means that whatever the output of this is, pipe it to whatever command comes here. I’m going type in grep, and let’s say I want to type in src. Press Enter, excellent! So, it will only print lines that have src in them. Linux is case sensitive so when you are greping, it’s going to check the case of the letters by default. You can tell it to ignore case like this, -i means it will ignore the case. You’re going to get the same output because there are not any different things within this file, but you get the general idea. So this is how you would use cat with grep in order to pull things out of a file. Very important! This is a huge function of the Linux terminal, filtering through text files. We’re going to be conducting large network scans, and we will want to create files from which we will be able to pool useful information, which we will later pass to other tools to do something with. Anyway, let me just go ahead and clear the screen.

Continuing along, we have the ECHO command. So, echo, and I give it open quotation marks. Let’s say, “I AM ALIVE.” Close the quotation marks, and it will echo these words. It literally is an echo. You type something into it and it echoes them here. Let’s go back to the home directory, get a listing, and use exactly the same command echo “I AM ALIVE.” By the way, you can scroll through the previous commands by using arrow keys. So, using the up arrow key and down arrow key you can scroll back through previously used commands, and you don’t need to retype them. So, “I AM ALIVE”, and I’m going to insert this, so I’m going to use a greater than sign, and type in test. So this will echo “I AM ALIVE” into our test file. If I type cat test, you see it has replaced the contents of test, which was some random text goes here, with I AM ALIVE. You can change variable names and values with echo, and so on and so forth. We will use this a bit more as we progress through the course. I don’t want to get in depth here because later on when we have clearer examples that directly relate to pen-testing. Then you will see more advanced usage of pretty much all of these commands, especially grep.

We have the TOUCH command. Touch is a quick way to create files. So, for example, I can type touch, and I can say file1, file2, file 3. Press ENTER, ls, and you see it has immediately created three files. Touch is a very quick way of creating any number of files that you wish, and you can specify folder paths, you can create this file in home, this one in var, and so on and so forth.

Anyway, down below you have MKDIR. So, if I go ahead and type in mkdir, it stands for make directory. Let’s name this directory placeToBe. If I ls, there we go. It states that this file is actually a directory, which is placeToBe. I can even navigate to it and say placeToBe, ls, there is nothing in it, but you get the idea.

Next up is the CHOWN command. Chown allows you to change the ownership of a particular file. Now since we only have a single user here which is root, there isn’t really any point in doing so unless we create new users. We are not going to do that as we don’t need them, but let’s do a quick example. If the owner of a file was not root, and if you wanted to change it to root, he would do the following. So, chown, and then you would type the username, colon, the user group. So the user group and the user name are usually the same on your home PCs, unless you’re a part of a larger server, or something like that. Then you just specify the name of the file. We can type in test, there we go. So it will effectively change the ownership of file test to the username root, who is from the user group root. If I type ls -la, you can see here it states who the owners are, and which groups actually own the files as well. Clear the screen.

There is another, more common, command called CHMOD, and this command allows you to change file permissions. So, this is something that you will need to use quite often. If I have an executable file in Linux, for example, let’s just go ahead and type in echo “echo hello” close quotation marks, and I want to output this to test, and I want to move test to test.sh. Sh is a BASH script for Linux. You can use BASH scripts to automate tasks. We will deal with this in greater depth as we proceed through the course. BASH scripting is very similar to the terminal itself. Almost all of the commands that you use in the terminal you can use while BASH scripting as well. Now I want execute test.sh. The way to start executables is ./, as I have stated previously, and if I type in test and I press tab, it doesn’t give me a list of possibilities. Why? Surely, now test.sh is an executable, but no. You see it doesn’t have permission to be an executable file. If we just take a look at this file, and take a look at this file, this one is green, this one is not. Now look at their permissions. So, you see it has a notation that it is executable for all groups, users, etc. While this one up here, test.sh, does not have such permissions. You need to change that. The way you change it is chmod, and you will type in +x. So if you want the file to be writable, you type in +w. If you want it to be executable, +x. If you want to be able to read the file, +r. Very simple. There is also a way of doing this with numbers. You can type in 755, don’t memorize all of those modes. Whatever you need you can go on the net and check, it can be quite complicated, but these three you need to know. It’s +w, +r, and +x, and also 777, which is a global mode. 777 is not recommended for actual usage, but you can use chmod to actually test or troubleshoot things. For example, if you want to be absolutely sure that certain actions are not being prevented due to file permissions, you change the mode of those files to 777, which is the global mode that anybody can do anything with the file. If you still have an error message you know that it is absolutely not related to anything in regards to permissions. So those four things you do need to know. So let me just go ahead and type in +x, type in test.sh, press ENTER, and if I do ls -la, you will see that test.sh is now executable. Let me just run it, and there you go. If I run this it’s going to echo hello onto my terminal screen.

There is one more command that I would like to show to you. It can be a very dangerous command, it can mess you up in ways you can’t even begin to imagine yet, and that is the command RM. So rm is remove, and once you remove things with this command it’s next to impossible to recover pretty much anything. So if I type in rm test.sh, it’s going remove it, and it’s no longer going to be there. If I navigate over to placeToBe, and touch test, it’s going to make a new file there. If I go ahead and say rm placeToBe, it’s going say rm cannot remove placeToBe because it is a directory. This is a fail-safe for the rm command so you do not accidentally delete a full directory. What you can do is type in rm -f, and then placeToBe, cannot remove directory. Okay, not a problem. I’m deliberately going to leave this part in this tutorial to troubleshoot it. So if we type in –help, and here you have recursive, remove directories and their contents recursively. Let’s go ahead and do that because this will go into the folder, and remove everything within the folder, and the folder itself. So let’s just go ahead and type in rm -r placeToBe, press Enter, there you go. It has deleted all of it, and it is no longer there. The -f function, -f that I have used, is forced. It will not ask you any questions, it will delete the folder or file which can also be very dangerous. Ideally, you want to be asked for confirmation. In any case, as I said, I have deliberately left this in order to show you that even if you get stuck, don’t worry about it. I get stuck all of the time. If you don’t know what to type in, which argument to pass, just type in –help. Take a look at what you can actually type, read a little bit, and then use the options available to you. If you can’t figure it out from the help menu just type in man rm, and you can read pretty much everything there is to know about this command here. If you still can’t perform the task, if you can’t find anything useful here, then forums are your next best bet.

In any case, this was a brief introduction to some of the basic commands that we will use throughout the course. Please make sure that you know what each one of these commands does, at least the basic functions, and then later on we will get in-depth and do more advanced stuff. In any case, I bid you all farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #13: Command Line Essentials (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will go over a few basic commands which you will need in order to follow this course through. These basic commands are used in order to navigate within the terminal, or through the file system, to figure out where you are at the moment, to copy things, move things, get listings of files, folders, see the contents, remove them, change the ownership of files, or change the modes of files.

So, first off, we have CD which is change directory. If I type in cd /home/ I am going to navigate over to my home directory. CD stands for change directory, as I said before, you are literally changing your working directory. If you type in cd .. you will always go one step back, so double dot is always the previous folder.

Next up we have LS. LS shows you the listing of the current folders contents, but you can also use ls /, for example home, and you get the listing of a specified folder as well. Typing LS in will give you the listing of the current folder, as opposed to typing LS and then a path to a folder which will give you a listing of a specified folder. In addition to that, you also have ls -l which will give you a long listing. It will tell you who the owners are, the size, the date, the type, the permissions, and so on and so forth. However, one of the more common usages of ls is -la to show the hidden files as well.

Next up is PWD, which prints the working directory, and you might find this a bit confusing, but slash in all Linux/UNIX-like systems simply refers to the root directory, to the beginning, to the root directory. I’m going to navigate over to home and then to PWD. You can see that I am in home at the moment. So print working directory does exactly what the name itself says, it prints your current working directory.

Next up, we have the CP command, which we already have used in order to copy VirtualBox guest additions from one place to another. Fairly simple. So if I, for example, go ahead and type in cp VBoxLinuxAdditions.run, and if I want to copy it somewhere, let’s say that I wish to copy it to var. I will delete this of course, and I will show you how to do that as well, but it’s fairly simple. So with cp you specify what you want to copy and where you want to copy it to. Keep in mind that you could have actually typed in here a folder, a full path to VirtualBoxguestadditions.run, you didn’t actually need to be in the home directory. The -v flag gives us this, so it tells us what was copied where. Let me show you what would happen if I didn’t have that, just like this. Nothing. There is no output. Now this is fairly simple when you have one very small file, but when you have a large file, let’s say 20 gigabytes or so, and you are copying it, you’re going have a blank screen below. Nothing will be happening. You will not be able to figure out where the copying process is going on, or whether it has actually crashed, bugged, or something of a kind. We’re passing the -v flag because the machine actually tells you what it is doing.

Now you might have noticed that all of these commands, more or less, have their own arguments which can be passed to them in order to modify what the command does. You can view a listing of these arguments, you do not need to memorize them all. So let’s use cp in this example. I’m going to type –help, so this is a universal way of getting help on a particular subject within the terminal. You type in the command, –help, press Enter, and you get a listing of possibilities. So I know it looks a bit messy and a bit difficult to see, but you don’t actually need to look at all of these things here. You can just scroll upwards and see all the arguments, they are listed clearly here. You have the argument here, and then you have an explanation of what the argument does. For the time being, you’re not going to be able to memorize all of these. But as you practice more and more, and as you start actually using these commands, you will begin to remember more and more. Basically, you’ll begin caching the information. Anyway, over here, in the upper part of this help menu, you’ll get usage. So in the usage you get the format, or the syntax, of the command. So with CP you pass an option, and then you specify your source and destination. Very simple. This is universal for all of the commands. You can always use the help menu.

In addition to the help menu, you also have the man pages. So if I type in man, and I’m going to use the command PWD, the man page on PWD gives me a ton of information. It gives you the name, it’s called synopsis here, but basically the syntax of the command. You get a full description of what the command does. Full description of the arguments. You even get the author who actually wrote it, some notes, copyright, etc. This is a very short man page because PWD is a very short command, and a very basic command. But, for example, if I was to type in man grep, you can see that the man page is a lot. Grep is a multi-purpose command which I will show to you in a moment, but I just wanted to show you the difference between a basic and a more complex command. Let me just go ahead and clear the screen.

Next up we have move, so MV. That will cause a folder to move. This is how you rename folders too, or files. So let’s just go ahead and navigate over to var where I have actually copied this file, ls, excellent! So if I say mv VBoxLinuxAdditions.run, I can either move it to a different folder, under a different name, or I can rename it within my current folder. So if I just type it in, I don’t know, let’s say RandomIsNotSoRandom. I’m just going to rename it to that and say .run. You can put whatever extension you want, of course it functions the same, but I’m just showing you the way of renaming a file. If I type ls again, you see that VBoxLinuxAdditions.run has been successfully renamed to RandomIsNotSoRandom.run. I can also move RandomIsNotSoRandom.run to my home directory. And if I type ls, and then specify a path to my home directory, and press enter, you can see that I have actually moved it here. But,
unlike the copy command, it doesn’t retain the original file, within the original folder. So, once you move it it will be deleted from the original folder. Also, be very careful with deleting files in Linux, because once you delete them from the terminal you will not be able to recover them. There are a few complex procedures that might give you a fraction of what you wanted to recover, but if you remove it from the terminal it’s very difficult. It’s not like Windows when you delete something. In Windows you can always recover a file, you basically didn’t even delete it. You just don’t see it. When you delete something on Linux it’s gone, permanently. So take great caution, take great care. So, I’ll just go ahead and clear the screen.

Next up we have CAT. Now cat gives us, well let me show you what cat does. Let’s navigate over to home, and let’s cat RandomIsNotSoRandom.run. It shows you the the entire contents of that file, whatever that might be. This content is not pretty at all, it is difficult to read like this. Let’s create another file, and I’m going to cat it. Nano is my favorite text editor from the terminal. You will need to learn how to use terminal text editors, because you don’t want to be switching back and forth between GUI text editors and working on something in terminal. It’s extremely time consuming, and plus here, you can actually edit things with root. However, if you are, for example, using another Linux distribution, most of the GUI text editors will not allow you to run them as root. You will receive an error message. So that can be a bit problematic. So just type in nano, and type in the name of the file that you wish to create. So, for example, I’m going to go ahead and type in test. This is going to be a test file, no need to give it any extensions. Now we are in the Nano text editor. So here I can, for example, write some text. Some random text goes here. Let’s just do that. Okay, so you have a wide variety of options down here. Well, maybe not a wide variety, but certainly a good amount. So this ^X simply means control + X. So if you press control + X you’re going to exit. Control + O is WriteOut, that’s basically save. Where Is is basically the way to search things, so control + V, and let’s say random, press enter, and there you go. It’s going to point to random. Cut text is also very nice because it allows you to remove large portions of text at a relatively fast rate. So if I press ctrl + K, it’s going to remove the current line where the cursor is, not what you have selected with your mouse. I will continue discussing basic terminal commands in the follow up tutorial. Until then, I bid you farewell.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #12: Introduction to the Terminal

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will introduce you to the Linux terminal and show you some of its basic functionalities.

In Kali Linux, the terminal icon is located in the upper left corner. So just click on it, and there you go. You have the terminal up and running. By default, it will open up a root terminal in Kali. You don’t actually need to do anything else to get started, however 99% of the time people will configure the terminal to suit their own needs and purposes. For example, I will almost always increase the font size so that it’s clear and visible, and so that I have a better view of what I am doing. It is also said that this can reduce eyestrain. Anyway, just go ahead and right-click anywhere on the terminal itself, and then you have show menu bar. Go ahead and click on edit. You can click on profiles as well and create new profiles here by just clicking on new, giving it a name, and then configuring it in the preferences. We’re going to be configuring the default profile since there really is no need to create any additional ones. Go ahead and click on profile preferences, and here you have a great number of options. One of the first ones that you will see is that you can use a system fixed width font. This is not good. As you can see, this is very small. I always need to change this. I have mono space 20. If you click on it, you can change the font size here, if you wish. You have some other very simple options here. You have show menu bar by default in new terminals. I generally click it. You have the cursor shape here. So you have a block and you have an underline. I prefer a block, but you can use whatever you wish. You have title and command. We don’t actually need to change anything there. We have colors. So, I think that this color scheme is appropriate and fitting for me, but you can change it any way you like. You can change the text color, the background color, you have the color pallet here, so you can do whatever you would like here. You have built-in schemes, so it says white on black. I can say green on black. Does it have blue on black? Oh, this is bad. I wouldn’t be able to work with this combination. So, let’s just leave it on white on black. This is one of the best color schemes. Personally, I use blue on black with Fedora, but I’m just going to leave it as it is here. No need to actually change anything. Now in background you have three features. You have a solid color like this one here, and you can choose a background image. You can download anything you would like from the internet, you can configure it to be transparent or image background, and you also have the ability to have a fully transparent background. If you click on transparent background, it’s pretty much the same as having a background image. I’m just going to configure the transparency levels, and that’s pretty good. Except, in this case your background image will be your desktop image, depending on where your terminal window is. In scrolling there’s an important feature here, it’s scroll back. So, if you don’t want to be limited to 512 lines, you want to go ahead and click on unlimited, unless you’re severely limited in terms of RAM. In any case, it’s better to have the full output displayed. You don’t need to do anything here in terms of compatibility. I’m just going to go ahead and close this. I have selected a transparent background, and you see this only works for a desktop image. It doesn’t actually show icons, or anything of a kind. If I open up my web browser it’s not going to show it in the background, it’s still going to keep the desktop background image, so the desktop wallpaper. There’s a slight delay when it goes about updating, but that’s fine.

In any case, you can go ahead and click on file, and open tab. I’m going to go ahead and open myself four tabs, three new ones, and one that I already had opened. So here you can switch in between them. For example, if I press open up a new terminal, I have to click here, and then I have to click here, I just want to show you what it’s like to have four individual windows. So, yeah, this can be difficult to manage, especially because you don’t know what actions you are performing in each terminal. People sometimes split their screens into terminals. I sometimes do that, it’s very nice, but we will deal with that a bit later on when we get into some serious stuff, when we actually need multiple terminals. But, tabbing these terminals is very nice, primarily because you can actually see what you’re doing on each one of them in the header. See these things that I’m selecting, that I’m clicking on now? They’re the headers of the terminal. If, for example, in this terminal I want you to go into home, change directory to home, and if I change it here to var, and if I change it here to var/logs, and if I want to go here to tmp folder, excellent! So, on each of these tabs, in their headers, I can see where I am. So this one it’s home, this one is tmp, I don’t need to click on it to know. This one is log, so I can know what I’m doing in each particular terminal. And even though you can have a program running, or something like that, it’s still going to write it out in the header, and you’re going to get some extra information there. It’s very nice, very useful, and it’s going to help you out a lot as we progress through this course, and as we get into more complicated topics.

Anyway, I just wanted to introduce you to the Linux terminal. We have done some work with it before during the installation of VirtualBox, and VirtualBox guest additions, but basically there I’ve just given you the command, and you were just rewriting it, or copy/pasting it. In the follow up tutorial, I will start explaining the fundamental Linux terminal commands, the most common ones, the basic ones, and there you will be able to see the logic of things, and how this Linux terminal works and functions. Once you actually learn that, it gives you a huge amount of power. All the power of the operating system rests on it’s terminal, because it’s a direct interface to the kernel of the system, and it’s a lot faster than the graphical user interface. One more key note that I would like to make here, once I teach you how to use the Linux terminal, and once you get into the habit of typing in commands, you can use them for a wide variety of purposes. You don’t necessarily need to use these things for pen-testing, or something like that, you can use these commands for network administration, or you can use them in order to troubleshoot problems with the system, and so on and so forth. So you get a far wider spectrum of options in terms of jobs, as opposed to just learning pen-testing applications. In any case, I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on 8 Comments

Learn Ethical Hacking Episode #11: Installing VirtualBox Guest Additions

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will continue from where I left off in the previous video. Now if you remember we issued the apt-get update and apt-get upgrade commands that took a bit of time to finish and process. I was prompted once, I was given a readme file in regards to the wget packet, and the way you handle it is you press Q to exit. You do not close the terminal and terminate the updates, you just press Q to exit the readme file, and the update process will continue without any problems.

Now we need to configure the sources list. These are the list of repositories from which your Linux distro actually pulls various packets and information from. If you go onto the Kali Linux website, you will find links to the official repository list:

https://docs.kali.org/general-use/kali-linux-sources-list-repositories

To manually add the repositories in Kali Linux, open up terminal, type in cd /etc.apt/, ls, and you will see sources.list. Go ahead and type nano sources.list, press ENTER, and you are now in the repository file. This is where they are listed, this is where you can add/remove them. So let’s go ahead and copy these two. Duplicate repositories are not going to break anything. The system is smart enough to realize that for itself. Just copy all four of them, press Ctrl + O, Enter, Ctrl + X to exit, and there you go. So, once again, Ctrl + O to save a file, so press Ctrl + O, Enter, and then Ctrl + X to exit. Excellent! Go ahead and clear your terminal. Now we need to enter apt-get update. So we’re not upgrading the system, we’re just updating the repository lists. This should go through relatively fast, and at the end it is most likely going to report duplicates, but that is fine. Why are we doing this? Well, we do need these repositories in order to install the necessary headers for the Kali Linux kernel, which we will need in order to install VirtualBox guest additions. If we continue to work in this smaller screen it wouldn’t be ideal, trust me. We’re going to be multi-tasking, we’re going to have multiple windows open, and a small screen would present difficulties. We received an error. It’s a w, so it’s a warning. It says duplicate sources.list, duplicate sources.list, duplicate sources.list, no big deal. We can correct these problems later on, if we wish, but for the time being there is no need. Let me just go ahead and clear the screen.

Now what we need to do is install two more packages which will allow us to install and run VirtualBox guest additions. I have a prebuilt command here that I’m going to run. You have apt-get, you’re calling the packet manager, you’re telling it to do an update. Since we already did a few updates, I don’t actually need that portion of the command. I’m just going to go ahead and use apt-get install -y, and then I have dkms, that’s one package. And then I have another package, because you can specify multiple packages here, and then I have linux-headers- This is a variable, this dollar sign, this is some sort of variable, a string, and whatever this command uname -r outputs will be stored into this variable, and it will be added to this text line here. So let me just show you. I have uname -r that I ran here on my terminal, and what I got was the kernel version and the system architecture, 64 or 32 bit. I’m going go ahead and press Enter. There is nothing to do as I have previously installed them. I didn’t want to waste time during this tutorial. This command should process without any problems. The -y argument tells your packet manager to answer any questions with yes. I’m going to go ahead and run apt-get upgrade, and let me clear the screen.

Let’s proceed with he VirtualBox guest additions installation. Go ahead and click on devices, insert the guest additions CD image, and there we go. This is a warning of the Kali Linux issues, and the many other Linux operating system issues. If you have content that is on a CD, or a USB, or something like that, and if it’s configured to run automatically, the system will block it, and then it will ask you for permission to run it. So, the medium contains software intended to be automatically started. Would you like to run it? I’m going to go ahead and click run and most likely get an error. There we go, error autotorunning software, cannot find the autorun program. Now the error message, yeah, it doesn’t really tell us much in this case. I suppose we could take a look at the log files, but here is the solution which you can apply as this is a common problem that people encounter. So just go ahead and type cd in the terminal to change the working directory. Navigate over to where the VirtualBox guest additions CD is, you can use the same path that I’m using. So, media and then ls, and cd cdrom0/. So we are now here, and I have a listing of pretty much all of the contents of the CD. This is a virtual CD, it’s not a real one, but it works pretty much the same. So this is the file that I want. I want to move it from here, so I’m just gonna go ahead and use the command co. You can also use the move command, but you’re permanently going to remove it from here, and that is not what we want to do. So just type in cp for copy, type the name of whatever you wish to copy, very simple, and then specify the path to where you want the file to be copied. I want it to be copied in my home directory. Press ENTER, and there we go. Now navigate over to your home directory, get a listing, there it is. To run a script in Linux, any executable file in general, type ./ and then the name of that file, press Enter. There we go, it is running. The guest additions are being installed. I have attempted this process before just to make sure everything would run smoothly, and that’s why it says removing existing things. Anyway, it might take a while for it to finish, but I assure you it will. There is a lot of things to do, and that’s why it’s taking a bit more of your time. Now aside from the full screen functionality that we’re going to get by installing VirtualBox guest additions, just in case you think it’s a bit of a pointless effort if you are a student, you also have other devices, drag-and-drop, and shared clipboard. What are these? Well, drag and drop, the name itself is self-explanatory. You just pull a file from somewhere and then pull it onto your virtual machine, or vice versa, but I don’t like to enable drag-and-drop. What I do like to do is enable shared clipboard, host to guest. Now, here’s why. I use my web browser on my host to watch YouTube videos, and you don’t want to bother with installing flash on Kali Linux, it can be problematic. So, host guest copy pasting is very useful and you will need it, I assure you. There is a shared folder settings. You can either construct a shared folder or you can have a localized web server on both machines where you can pull the information from, and put the information there if configured properly, but shared folders are better for such purposes. Anyway, you can view what has happened here, it has been listed here. The most important part of it all is that you don’t have any reports of anything failing. Let’s go ahead and type reboot in terminal and press Enter. Let me just load the full screen, and let us see if it will actually happen, if the VirtualBox guest additions that we have installed will work. If they do work, great. If they don’t, we’re going to have to try something else, as these things do have a tendency to break. Okay, I need to login first to root, and test below, excellent, there we go. I have a full screen, and the image is being adjusted, excellent! So we have Kali Linux now running in full-screen mode which is fantastic. If you were using KaliLinux as your main machine, as your host machine, you wouldn’t need to bother with install guest additions. But, as I stated previously, it is not recommended.

In any case, that will be it for this tutorial. These are pretty much all of the preparations that you needed to make, and next up we’re going to get into the Linux command line interface. I need to acquaint you with it. Even though we have covered aa few of the commands, they are a very small portion of what we need to learn, and I do need to explain them in greater depth. And with that I bid you farewell, and sincerely hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #10: Starting Kali Linux, Configuring the Network, and Updating Software

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial! I have the Kali Linux machine running. I left the installation process in the last tutorial because it was, quite frankly, pointless to just sit and wait through it, and wait for it to complete. The Kali Linux installation tends to be a bit longer than the installation of other Linux operating systems because of the prepackaged tools that come with it. However, there were a few screenshots that I have taken which show some of the options that you were given throughout the installation process.

So, there were three options given during the installation. I’m just going to go ahead and open them up here. So, the first one was, do you want to use a network mirror to supplement the software that is included on the CD-rom? This may also make newer versions of software available. I said no because I’m going to do an update as soon as I finish the installation process, and as soon as I configure everything in a proper way. No, I do not want to use any mirrors. I’m going to say no and go ahead and proceed with the installation. So, next up is the grub bootloader. So it is asking me, do you want to install the grub boot loader to the Master Boot Record? Yes, I do. Just click on it, as this is the only operating system on this machine, on this computer. There is nothing that I can mess up by installing the grub boot loader to the Master Boot Record, of the first hard drive, as it is stated here in the instructions. You can use the grub bootloader in order to configure dual boots, or you can put three, four, five operating systems, as many as you like, as many as your hardware can support. Not at the same time of course, but at boot time you will be prompted and asked which operating system you wish to boot. That’s also one of the options that you can have with grub. There’s a final step, it simply states that the installation is complete. If you have used a CD to complete this installation, or a USB, you will need to remove that media and reboot the system, in order for all of this to function. So, that is it. I was prompted with those three very simple questions, and you have the answers here. Just go through them, it will not make much of a difference in the final account of things.

Go ahead and close this, and now I’m going to go ahead and login into my Kali Linux virtual machine. So the username is…this is actually one of the rare occasions where I log into the GUI with root. But, as you can see, as you will soon realize, in Kali Linux everybody just logs in with root. You are not using Kali Linux to browse the web, you are usually using it, 99% of the time, to perform some sort of an attack. And for all of those tools you need to, pretty much for all those tools, you need to be a root user, or have root privileges. Most of the time, there’s no point in having any other users on a Kali Linux distro. So, type in root, press Enter, password was test, press Enter. Your password is whatever you created during the setup. Okay, first I need to do a few things, like updates, in order for me to be able to install VirtualBox Guest Additions. Guest Additions will enable us to use full screen and the shared clipboard, etc. Let me just go ahead and change this. Open up my terminal. Set the view. This is non-technical stuff, this you can configure any way you would like. I’m just zooming it in for the purposes of this tutorial, so that you may see the screen better. But, before we can do updates, before we can do anything, we must verify that we have connectivity to the Internet. So, ping yahoo.com. Nothing is happening. So I cannot ping yahoo.com, meaning that I don’t have access to the external network. I cannot access the Internet. That’s a pretty big problem because pretty much whatever we do will need Internet connectivity for it in order to download packets from the repositories, to perform updates, and to conduct possible scans. So just go ahead and click on devices, find network, network settings, and here you can see by default it will be set to NAT. But, you don’t want NAT, you want bridged adapter, and you want to choose your adapter here. Mine is p8p1, see what yours is, and click allow VMs, virtual machines. So, OK, if you don’t know what the adapter on your machine is, and you are using a Linux system, just go ahead open up your terminal and type in ifconfig. Here you will be able to see a listing of adapters that you have. So you have lo which is loopback, you have p8p1 which is my ethernet connection, this is for some virtual machines as well, and I have wlp2s0 which is my wireless interface. So I know that for a fact that I’m using p8p1, because my network manager tells me that I am. You see connected to p8p1. This is also a better way of actually checking what you are connected to, which adapter you are using. So just open up your network manager in the upper right corner, and p8p1 says connected. Your network managers position can vary depending on how you configure your system. By default it will be in the bottom right corner, but that is easy enough to find either way. Let’s just go ahead and close this terminal. Now we know that we have actually configured our network. But, still, I’m pretty sure I won’t have internet connectivity. Let me just try pinging again, and you see it is simply not working. So let’s just go ahead and check the Kali Linux network manager, and it says wired network but device not managed. That can be a problem, and that is a general problem which you will face with wired interfaces pretty much all of the time. There’s a relatively easy fix to it. You just navigate over in the terminal, type in cd, which stands for change directory, to /etc/NetworkManager. Let’s see what’s in it. We have NetworkManager.conf. I’m going to go ahead and type in nano, which is the text editor that I’m going to be using, and then type in NetworkManager.conf. Press Enter, there we go. It opens up the configuration file. You do need to be root in order to make any changes here. It says main plugins ifupdown, keyfile, ifupdown, managed = false. So where it says “false” just delete this and replace it with “true”. Ctrl + O to save, press Enter, Ctrl + X to exit. Now we need to actually restart our network manager. So just go ahead and type in service network, there we go network manager, restart. Stopping and starting, excellent! Connection established. You are now connected to if updown eth0. Let’s check the connectivity. So ping yahoo.com, excellent! So now we have Internet connectivity. These steps here are quite important. Not so much for the ethical hacking as they are to actually setting up the environment. Setting up the environment itself can be troublesome, you can encounter multiple problems, bugs, etc., and then instead of having to go from one forum to the other trying to find the solution, you can just go through this tutorial. Pay attention and I will show you how to resolve pretty much all of the issues that you might encounter. I myself am doing a fresh install here, and I would be encountering the same problems that anybody else would, and I would like to go over them. More likely than not, if you are performing a virtual machine installation, you will encounter similar problems as I have. Although, should you encounter any other problems please, please feel free to post questions, and I will be more than happy to provide any answers that I can. So let’s just go ahead and clear the screen.

Now that we have Internet connectivity, I would like to perform some necessary updates. Believe me, you need to perform regular updates of the system because you will find that certain things will not work after a while. So let me just change the directory, clear the screen again, type in apt-get update. So I could do this with one command in Fedora, but here I’m going to need two of them. So it’s picking up things from the repositories, excellent! Now I need to type in apt-get upgrade, press Enter, and you see it says after this operation 73 megabytes of additional disk space will be used. That is quite a bit in terms of updates. I mean look at all of the packages, these are all the packages that are going to be updated. The list goes on and on. So, anyway, just type in yes, you don’t actually need to type in a capital Y, you can just type in y, press ENTER, and the update process will begin. Now depending on your internet internet connection, this might take shorter or longer amounts of time. I will leave it here until the updates actually finish, because I don’t want to be standing here in front of the screen. But in any case, these updates will be completed. You’re not going to be posed with any questions like in the Kali installation process. You might be notified of some things, a screen might pop up with some text, that’s perfectly fine. You can read through it and then close it. Those are readme files specifying the characteristics of certain packages and what has been upgraded. Later on, if you wish, you can do further exploration and actually discover what each of these packages contains. In any case, we will continue this process in the follow up tutorial. Until then, I bid you all farewell.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #9: Kali Linux Installation

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will continue with the installation of Kali Linux within a virtual environment.

You may have noticed that I have two screens on which is written Kali Linux, and they are exactly the same except one has a bigger font and a zoomed in picture. So over here, on the left side, this is my virtual machine. The window which I’m moving now is the actual virtual machine, and the window on the right side is just a zooming in app that I have installed in order for you to be able to better see what I am about to show you here. I do not have guest additions installed on the virtual machine, and you cannot install it until you have actually installed the operating system. I will perform the work there, on the left side, and you can monitor what I am doing on the right. There is no difference between left and right in terms of actions, only in terms of font size.

Anyway, I’m just going to go ahead and scroll down to install, press ENTER, and the installation procedure will commence. By the way, if you boot into the live version, the default password for root is just root in reverse, so toor. Just a bit of a brief mention there. Moving along, pick whatever language is suitable for you. You can also pick the uppermost option where it says C, no localization. So if you would prefer a greater degree of anonymity, you can even pick that. But for the sake of this tutorial, there really isn’t a need. If you do pick a language, and I mean a lot of people choose English, you will not be leaving much of a footprint. Press ENTER and here you can choose a country, territory, or area. You can choose whatever you would like here. I’m just going to go ahead and click UK because it immediately offers me a British keyboard that I use, so that’s very nice in terms of settings. In any case, even if you do not choose the correct setting here it doesn’t matter. Later on, after the installation, you can configure it any way you like.

The installation is now underway. I’m going to unbind my mouse because it seems to get stuck in a loop there. Basically, you bind and unbind your keys by simply pressing the right control key. Let me just move this a bit so you can see it a bit better, expand, there we go. There’s some auto configuration going on now, nothing really noteworthy. Let me just change this a bit. There we go. You can pick a host name here. You can just leave it as default, you can leave Kali, or you can actually write whatever you want your computer to be called. So, I’m just going to leave it as the default, but as I said you can write whatever you wish to write there. So, just go ahead and continue. By the way, you don’t have a mouse option here while you’re performing this installation, so pressing tab switches between fields and options. Pressing space allows you to mark the field, and tab means switching fields. So use tab, space, and enter to actually call a function to execute something. I’m going to select continue. Here you can type in your domain name. No, I do not want a domain name at this time. Keep in mind that you can configure this later on as well, should there be a need for it. Just click on continue or hit enter.

Now for the root password I would suggest picking something ridiculously complex and complicated. A lot of people worry that they won’t remember their passwords if they’re long and complicated, but assign a certain logic to your password. Something that reflects the way you think. And then the password can increase in length, and you you will still manage to remember it. So, for example, you can insert a certain word that you use, or that you’re attached to, or something like that. You don’t need to spell the word correctly in the English language, rather instead you can spell it incorrectly and then add exclamation marks, question marks, greater than signs, less than signs, ampersands, and so on. But choose something that reflects your logic, your way of thinking, and make sure that it is more than eight characters. Greater than eight characters is a must-have. It needs to contain capital letters, a few of them not just one. You also need multiple different signs. You should use three or four of them in combination. The more the better. Don’t just type in a word in the English language, and then type in numbers, and then type in signs. You are already assigning a very strict order, so, any brute-forcing attack will go much easier. Try to have a mixture, try to randomize the position of the types of characters that you’re going to put in your password. For the time being, for the sake of this tutorial, I’m going to use one of the dumbest passwords possible. I’m going to type in test. That’s gonna be the password of this virtual machine, and I’m going to hit the continue button. It’s going to ask you to verify it by forcing you to re-enter it, and there we go. But once again I emphasize to use a strong password.

So now we have partitioning methods. If this was my main machine, if this was my host machine, I would definitely do this manually. I would want my partitions to be configured in a certain way. But since this is a virtual machine, I’m just going to go ahead and say guided, use entire disk. It doesn’t matter to me as there is only one partition anyway, and it’s 138 gigabytes. Press Enter. All files in one partition recommended for new users. Sure, we can do that. You can separate the home partition, you can separate all of these partitions. For example, this is something that I did on my host machine. You have a lot of things that are separate, and my main drives are also full fully encrypted. So, even if I lost my laptop, or it got stolen, it would be really difficult to access pretty much anything. Even the BIOS is locked, so you can’t even reinstall it. You would have to open up the laptop, take the BIOS battery out which is underneath my main processor, and you’re more likely to basically permanently damage the motherboard than you are to actually remove and put back the battery in order to reset the BIOS. That’s one of the very nice fail safes for devices, especially for compact laptops. But, in this case, we don’t need any of that. Such configuration and such things are generally done on the host machine. You encrypt your partitions there, you lock the BIOS there, and so on.. While on the other hand, with virtual machines there’s no need to do anything of a kind. The host machines are the fail-safe. If that fails, everything else will fail. So, you don’t need to worry about it, you don’t need those unnecessary layers I would say. They will slow you down in the greater scheme of things. So, press enter, finish partitioning, and write changes to disk. Before I do that, let me just go ahead and explain our partitioning layout here. So you have primary, #1 primary 126.5 gigabytes, space f, space ext4 space /. Now all these things have a meaning, but what you need to know is that like in Windows you have NTFS partitions, in Linux you have ext4 partitions. They are a bit faster, that’s one thing that goes in the favor of Linux, and during the partitioning of the disk, with a Linux system, there is only one partition which is a must-have, which is an absolute requirement, and that is this first partition that I have selected. It’s notation is just a slash, that is the root partition, and you always need to configure it, always. Without it manual partitioning will not work, you will get error messages saying that you must specify a root partition.

Down below we have swap. Swap is basically a fail-safe method. So when you run out of RAM memory you basically tell your system OK, you can have this portion of the hard drive, and you can use it as RAM, which functions in a very slow manner, but it will prevent your machine from crashing. Usually, swap partitions are configured to be double the size of your RAM. My RAM is 8 gigabytes, but here the computer has been assigned 4 because this is a virtual machine, and if you remember at the beginning I have assigned 2 gigabytes of RAM to this virtual machine. So, it just multiplied it by 2. It wasn’t exactly 2, it was just above 2, so I get 4.3 gigabytes of swap space. Now on most of the modern systems, on most of the modern computers, you will not require swap partitions. If you don’t make it you’ll get a warning, but rare are the cases when you will need a swap partition, when you will waste all 8 gigabytes of RAM. I mean it happens to me from time to time, but usually if it happens there’s something wrong with the system, and I don’t want it to continue consuming resources. I want it to stop there.

Anyway, now that you know what some of these options here mean, you have notation for the disk here, it’s SDA. But, we’ll get into that later as we configure the system. So you also have some other options here. It says configure encrypted volumes, configure logical volume manager, (LVM), configure raid, and you can go back to guided partitioning. So these are all very nice options that come for free, and you might think oh, well, that’s no big deal, but believe me when I tell you these things, in proprietary operating systems, they cost a lot of money. While here they are free, and generally work better. What we will be interested in today will not be raid, because we don’t actually need it. You can configure encrypted volumes as well. I will demonstrate this at a later time, encryption methods. You don’t need to encrypt your volumes on a virtual machine, but you can encrypt certain files or folders if you don’t want to grant access to them. However, my hard drives here on my host machine are encrypted, so I am pretty safe in that regard. I’m just going to go ahead now to the bottom, press enter, and finish partitioning, and write changes to disk. Excellent! Let me just move this a little bit so you can see it. Basically, it is asking me for a confirmation, so if you continue the changes listed below will be written to disk. Otherwise, you will be able to make further changes manually. Now it is informing me of the changes to be made and telling me, basically, that all the information will be lost should there be anything there. So write changes to disks, yes. Go ahead and continue with the procedure. The installation process is now underway and this is going to take a while. So, while this is going on I just want to go ahead and pause the video here and finish this tutorial. In the next tutorial, once the installation is complete, I will actually get into Kali, start configuring it, and introduce you to it’s interface. In any case, I bid you farewell, and I hope to see you all in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #8: Installing VirtualBox on Windows

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you how to install VirtualBox within a Windows environment.

Previously, I have shown you how to install VirtualBox within a Linux environment, and it is a bit more complex there because you do need to add repositories, and then pull the packet from the repositories. However, on Windows the process is fairly straightforward. Go ahead and open up your favorite browser, mine is Firefox, and navigate to the following website:

https://www.virtualbox.org/

Click on downloads and choose VirtualBox 5.2.8 for Windows hosts. So just go ahead and click on the link to prompt the download. I’m just going to go ahead and navigate over to my downloads folder, then I’m going to go ahead and double click on the VirtuablBox file in order to initiate the installation wizard.

Keep in mind that this Windows system I am currently using is actually a virtual machine, and I am conducting an installation of VirtualBox within a machine that is being run within yet another virtual machine. You can see I’ve minimized it and I can pull it now around, but it works just fine. The installation process will go smoothly without any problems. So, just go ahead and click Next, and you can actually browse for a different installation location here, but the default one will do just fine. Just go ahead and click Next, create shortcuts, register file Association, sure why not. Click Next. Here it is telling you that it will reset your network connection, so if you don’t want that to happen you might hold the installation process. Anyway, just go ahead and click yes, install, and there we go. Don’t worry about this, it’s not an error, it’s just Windows asking for our permission. Anyway, the installation process has started here without any problems. And as I was talking about it previously, this is a virtual machine within a virtual machine. The installation of the program will finish without any problems. However, if you plan to run another virtual machine within this VirtualBox, within this virtual machine, you might encounter some problems. So, start the VirtualBox after installation finish, sure, why not.

In any case, we have our VirtualBox manager here, and the process of creating new virtual machines is exactly the same, more or less, the options are in the same places. I’m just going to go ahead and close it now. I will go ahead and uninstall it from this Windows system because I will be runnning it on Fedora Linux. I hope that this guide was the helpful for all of the Windows users out there. Much of the world uses Windows, however, for pentesting purposes, for ethical hacking, Windows is not the best operating system to use. It’s a lot harder to make yourself anonymous with Windows, and most of the pentesting tools were actually designed for Linux, Unix like environments, to work in combination with their terminals. However, the choice of the operating system is completely up to you. I will be working with Fedora Linux, and I will most likely be using this Windows machine as some sort of a victim, which we will be attacking and exploiting. Anyway, I bid you all farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato