Posted on

Learn Ethical Hacking Episode #13: Command Line Essentials (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will go over a few basic commands which you will need in order to follow this course through. These basic commands are used in order to navigate within the terminal, or through the file system, to figure out where you are at the moment, to copy things, move things, get listings of files, folders, see the contents, remove them, change the ownership of files, or change the modes of files.

So, first off, we have CD which is change directory. If I type in cd /home/ I am going to navigate over to my home directory. CD stands for change directory, as I said before, you are literally changing your working directory. If you type in cd .. you will always go one step back, so double dot is always the previous folder.

Next up we have LS. LS shows you the listing of the current folders contents, but you can also use ls /, for example home, and you get the listing of a specified folder as well. Typing LS in will give you the listing of the current folder, as opposed to typing LS and then a path to a folder which will give you a listing of a specified folder. In addition to that, you also have ls -l which will give you a long listing. It will tell you who the owners are, the size, the date, the type, the permissions, and so on and so forth. However, one of the more common usages of ls is -la to show the hidden files as well.

Next up is PWD, which prints the working directory, and you might find this a bit confusing, but slash in all Linux/UNIX-like systems simply refers to the root directory, to the beginning, to the root directory. I’m going to navigate over to home and then to PWD. You can see that I am in home at the moment. So print working directory does exactly what the name itself says, it prints your current working directory.

Next up, we have the CP command, which we already have used in order to copy VirtualBox guest additions from one place to another. Fairly simple. So if I, for example, go ahead and type in cp VBoxLinuxAdditions.run, and if I want to copy it somewhere, let’s say that I wish to copy it to var. I will delete this of course, and I will show you how to do that as well, but it’s fairly simple. So with cp you specify what you want to copy and where you want to copy it to. Keep in mind that you could have actually typed in here a folder, a full path to VirtualBoxguestadditions.run, you didn’t actually need to be in the home directory. The -v flag gives us this, so it tells us what was copied where. Let me show you what would happen if I didn’t have that, just like this. Nothing. There is no output. Now this is fairly simple when you have one very small file, but when you have a large file, let’s say 20 gigabytes or so, and you are copying it, you’re going have a blank screen below. Nothing will be happening. You will not be able to figure out where the copying process is going on, or whether it has actually crashed, bugged, or something of a kind. We’re passing the -v flag because the machine actually tells you what it is doing.

Now you might have noticed that all of these commands, more or less, have their own arguments which can be passed to them in order to modify what the command does. You can view a listing of these arguments, you do not need to memorize them all. So let’s use cp in this example. I’m going to type –help, so this is a universal way of getting help on a particular subject within the terminal. You type in the command, –help, press Enter, and you get a listing of possibilities. So I know it looks a bit messy and a bit difficult to see, but you don’t actually need to look at all of these things here. You can just scroll upwards and see all the arguments, they are listed clearly here. You have the argument here, and then you have an explanation of what the argument does. For the time being, you’re not going to be able to memorize all of these. But as you practice more and more, and as you start actually using these commands, you will begin to remember more and more. Basically, you’ll begin caching the information. Anyway, over here, in the upper part of this help menu, you’ll get usage. So in the usage you get the format, or the syntax, of the command. So with CP you pass an option, and then you specify your source and destination. Very simple. This is universal for all of the commands. You can always use the help menu.

In addition to the help menu, you also have the man pages. So if I type in man, and I’m going to use the command PWD, the man page on PWD gives me a ton of information. It gives you the name, it’s called synopsis here, but basically the syntax of the command. You get a full description of what the command does. Full description of the arguments. You even get the author who actually wrote it, some notes, copyright, etc. This is a very short man page because PWD is a very short command, and a very basic command. But, for example, if I was to type in man grep, you can see that the man page is a lot. Grep is a multi-purpose command which I will show to you in a moment, but I just wanted to show you the difference between a basic and a more complex command. Let me just go ahead and clear the screen.

Next up we have move, so MV. That will cause a folder to move. This is how you rename folders too, or files. So let’s just go ahead and navigate over to var where I have actually copied this file, ls, excellent! So if I say mv VBoxLinuxAdditions.run, I can either move it to a different folder, under a different name, or I can rename it within my current folder. So if I just type it in, I don’t know, let’s say RandomIsNotSoRandom. I’m just going to rename it to that and say .run. You can put whatever extension you want, of course it functions the same, but I’m just showing you the way of renaming a file. If I type ls again, you see that VBoxLinuxAdditions.run has been successfully renamed to RandomIsNotSoRandom.run. I can also move RandomIsNotSoRandom.run to my home directory. And if I type ls, and then specify a path to my home directory, and press enter, you can see that I have actually moved it here. But,
unlike the copy command, it doesn’t retain the original file, within the original folder. So, once you move it it will be deleted from the original folder. Also, be very careful with deleting files in Linux, because once you delete them from the terminal you will not be able to recover them. There are a few complex procedures that might give you a fraction of what you wanted to recover, but if you remove it from the terminal it’s very difficult. It’s not like Windows when you delete something. In Windows you can always recover a file, you basically didn’t even delete it. You just don’t see it. When you delete something on Linux it’s gone, permanently. So take great caution, take great care. So, I’ll just go ahead and clear the screen.

Next up we have CAT. Now cat gives us, well let me show you what cat does. Let’s navigate over to home, and let’s cat RandomIsNotSoRandom.run. It shows you the the entire contents of that file, whatever that might be. This content is not pretty at all, it is difficult to read like this. Let’s create another file, and I’m going to cat it. Nano is my favorite text editor from the terminal. You will need to learn how to use terminal text editors, because you don’t want to be switching back and forth between GUI text editors and working on something in terminal. It’s extremely time consuming, and plus here, you can actually edit things with root. However, if you are, for example, using another Linux distribution, most of the GUI text editors will not allow you to run them as root. You will receive an error message. So that can be a bit problematic. So just type in nano, and type in the name of the file that you wish to create. So, for example, I’m going to go ahead and type in test. This is going to be a test file, no need to give it any extensions. Now we are in the Nano text editor. So here I can, for example, write some text. Some random text goes here. Let’s just do that. Okay, so you have a wide variety of options down here. Well, maybe not a wide variety, but certainly a good amount. So this ^X simply means control + X. So if you press control + X you’re going to exit. Control + O is WriteOut, that’s basically save. Where Is is basically the way to search things, so control + V, and let’s say random, press enter, and there you go. It’s going to point to random. Cut text is also very nice because it allows you to remove large portions of text at a relatively fast rate. So if I press ctrl + K, it’s going to remove the current line where the cursor is, not what you have selected with your mouse. I will continue discussing basic terminal commands in the follow up tutorial. Until then, I bid you farewell.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #12: Introduction to the Terminal

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will introduce you to the Linux terminal and show you some of its basic functionalities.

In Kali Linux, the terminal icon is located in the upper left corner. So just click on it, and there you go. You have the terminal up and running. By default, it will open up a root terminal in Kali. You don’t actually need to do anything else to get started, however 99% of the time people will configure the terminal to suit their own needs and purposes. For example, I will almost always increase the font size so that it’s clear and visible, and so that I have a better view of what I am doing. It is also said that this can reduce eyestrain. Anyway, just go ahead and right-click anywhere on the terminal itself, and then you have show menu bar. Go ahead and click on edit. You can click on profiles as well and create new profiles here by just clicking on new, giving it a name, and then configuring it in the preferences. We’re going to be configuring the default profile since there really is no need to create any additional ones. Go ahead and click on profile preferences, and here you have a great number of options. One of the first ones that you will see is that you can use a system fixed width font. This is not good. As you can see, this is very small. I always need to change this. I have mono space 20. If you click on it, you can change the font size here, if you wish. You have some other very simple options here. You have show menu bar by default in new terminals. I generally click it. You have the cursor shape here. So you have a block and you have an underline. I prefer a block, but you can use whatever you wish. You have title and command. We don’t actually need to change anything there. We have colors. So, I think that this color scheme is appropriate and fitting for me, but you can change it any way you like. You can change the text color, the background color, you have the color pallet here, so you can do whatever you would like here. You have built-in schemes, so it says white on black. I can say green on black. Does it have blue on black? Oh, this is bad. I wouldn’t be able to work with this combination. So, let’s just leave it on white on black. This is one of the best color schemes. Personally, I use blue on black with Fedora, but I’m just going to leave it as it is here. No need to actually change anything. Now in background you have three features. You have a solid color like this one here, and you can choose a background image. You can download anything you would like from the internet, you can configure it to be transparent or image background, and you also have the ability to have a fully transparent background. If you click on transparent background, it’s pretty much the same as having a background image. I’m just going to configure the transparency levels, and that’s pretty good. Except, in this case your background image will be your desktop image, depending on where your terminal window is. In scrolling there’s an important feature here, it’s scroll back. So, if you don’t want to be limited to 512 lines, you want to go ahead and click on unlimited, unless you’re severely limited in terms of RAM. In any case, it’s better to have the full output displayed. You don’t need to do anything here in terms of compatibility. I’m just going to go ahead and close this. I have selected a transparent background, and you see this only works for a desktop image. It doesn’t actually show icons, or anything of a kind. If I open up my web browser it’s not going to show it in the background, it’s still going to keep the desktop background image, so the desktop wallpaper. There’s a slight delay when it goes about updating, but that’s fine.

In any case, you can go ahead and click on file, and open tab. I’m going to go ahead and open myself four tabs, three new ones, and one that I already had opened. So here you can switch in between them. For example, if I press open up a new terminal, I have to click here, and then I have to click here, I just want to show you what it’s like to have four individual windows. So, yeah, this can be difficult to manage, especially because you don’t know what actions you are performing in each terminal. People sometimes split their screens into terminals. I sometimes do that, it’s very nice, but we will deal with that a bit later on when we get into some serious stuff, when we actually need multiple terminals. But, tabbing these terminals is very nice, primarily because you can actually see what you’re doing on each one of them in the header. See these things that I’m selecting, that I’m clicking on now? They’re the headers of the terminal. If, for example, in this terminal I want you to go into home, change directory to home, and if I change it here to var, and if I change it here to var/logs, and if I want to go here to tmp folder, excellent! So, on each of these tabs, in their headers, I can see where I am. So this one it’s home, this one is tmp, I don’t need to click on it to know. This one is log, so I can know what I’m doing in each particular terminal. And even though you can have a program running, or something like that, it’s still going to write it out in the header, and you’re going to get some extra information there. It’s very nice, very useful, and it’s going to help you out a lot as we progress through this course, and as we get into more complicated topics.

Anyway, I just wanted to introduce you to the Linux terminal. We have done some work with it before during the installation of VirtualBox, and VirtualBox guest additions, but basically there I’ve just given you the command, and you were just rewriting it, or copy/pasting it. In the follow up tutorial, I will start explaining the fundamental Linux terminal commands, the most common ones, the basic ones, and there you will be able to see the logic of things, and how this Linux terminal works and functions. Once you actually learn that, it gives you a huge amount of power. All the power of the operating system rests on it’s terminal, because it’s a direct interface to the kernel of the system, and it’s a lot faster than the graphical user interface. One more key note that I would like to make here, once I teach you how to use the Linux terminal, and once you get into the habit of typing in commands, you can use them for a wide variety of purposes. You don’t necessarily need to use these things for pen-testing, or something like that, you can use these commands for network administration, or you can use them in order to troubleshoot problems with the system, and so on and so forth. So you get a far wider spectrum of options in terms of jobs, as opposed to just learning pen-testing applications. In any case, I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on 8 Comments

Learn Ethical Hacking Episode #11: Installing VirtualBox Guest Additions

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will continue from where I left off in the previous video. Now if you remember we issued the apt-get update and apt-get upgrade commands that took a bit of time to finish and process. I was prompted once, I was given a readme file in regards to the wget packet, and the way you handle it is you press Q to exit. You do not close the terminal and terminate the updates, you just press Q to exit the readme file, and the update process will continue without any problems.

Now we need to configure the sources list. These are the list of repositories from which your Linux distro actually pulls various packets and information from. If you go onto the Kali Linux website, you will find links to the official repository list:

https://docs.kali.org/general-use/kali-linux-sources-list-repositories

To manually add the repositories in Kali Linux, open up terminal, type in cd /etc.apt/, ls, and you will see sources.list. Go ahead and type nano sources.list, press ENTER, and you are now in the repository file. This is where they are listed, this is where you can add/remove them. So let’s go ahead and copy these two. Duplicate repositories are not going to break anything. The system is smart enough to realize that for itself. Just copy all four of them, press Ctrl + O, Enter, Ctrl + X to exit, and there you go. So, once again, Ctrl + O to save a file, so press Ctrl + O, Enter, and then Ctrl + X to exit. Excellent! Go ahead and clear your terminal. Now we need to enter apt-get update. So we’re not upgrading the system, we’re just updating the repository lists. This should go through relatively fast, and at the end it is most likely going to report duplicates, but that is fine. Why are we doing this? Well, we do need these repositories in order to install the necessary headers for the Kali Linux kernel, which we will need in order to install VirtualBox guest additions. If we continue to work in this smaller screen it wouldn’t be ideal, trust me. We’re going to be multi-tasking, we’re going to have multiple windows open, and a small screen would present difficulties. We received an error. It’s a w, so it’s a warning. It says duplicate sources.list, duplicate sources.list, duplicate sources.list, no big deal. We can correct these problems later on, if we wish, but for the time being there is no need. Let me just go ahead and clear the screen.

Now what we need to do is install two more packages which will allow us to install and run VirtualBox guest additions. I have a prebuilt command here that I’m going to run. You have apt-get, you’re calling the packet manager, you’re telling it to do an update. Since we already did a few updates, I don’t actually need that portion of the command. I’m just going to go ahead and use apt-get install -y, and then I have dkms, that’s one package. And then I have another package, because you can specify multiple packages here, and then I have linux-headers- This is a variable, this dollar sign, this is some sort of variable, a string, and whatever this command uname -r outputs will be stored into this variable, and it will be added to this text line here. So let me just show you. I have uname -r that I ran here on my terminal, and what I got was the kernel version and the system architecture, 64 or 32 bit. I’m going go ahead and press Enter. There is nothing to do as I have previously installed them. I didn’t want to waste time during this tutorial. This command should process without any problems. The -y argument tells your packet manager to answer any questions with yes. I’m going to go ahead and run apt-get upgrade, and let me clear the screen.

Let’s proceed with he VirtualBox guest additions installation. Go ahead and click on devices, insert the guest additions CD image, and there we go. This is a warning of the Kali Linux issues, and the many other Linux operating system issues. If you have content that is on a CD, or a USB, or something like that, and if it’s configured to run automatically, the system will block it, and then it will ask you for permission to run it. So, the medium contains software intended to be automatically started. Would you like to run it? I’m going to go ahead and click run and most likely get an error. There we go, error autotorunning software, cannot find the autorun program. Now the error message, yeah, it doesn’t really tell us much in this case. I suppose we could take a look at the log files, but here is the solution which you can apply as this is a common problem that people encounter. So just go ahead and type cd in the terminal to change the working directory. Navigate over to where the VirtualBox guest additions CD is, you can use the same path that I’m using. So, media and then ls, and cd cdrom0/. So we are now here, and I have a listing of pretty much all of the contents of the CD. This is a virtual CD, it’s not a real one, but it works pretty much the same. So this is the file that I want. I want to move it from here, so I’m just gonna go ahead and use the command co. You can also use the move command, but you’re permanently going to remove it from here, and that is not what we want to do. So just type in cp for copy, type the name of whatever you wish to copy, very simple, and then specify the path to where you want the file to be copied. I want it to be copied in my home directory. Press ENTER, and there we go. Now navigate over to your home directory, get a listing, there it is. To run a script in Linux, any executable file in general, type ./ and then the name of that file, press Enter. There we go, it is running. The guest additions are being installed. I have attempted this process before just to make sure everything would run smoothly, and that’s why it says removing existing things. Anyway, it might take a while for it to finish, but I assure you it will. There is a lot of things to do, and that’s why it’s taking a bit more of your time. Now aside from the full screen functionality that we’re going to get by installing VirtualBox guest additions, just in case you think it’s a bit of a pointless effort if you are a student, you also have other devices, drag-and-drop, and shared clipboard. What are these? Well, drag and drop, the name itself is self-explanatory. You just pull a file from somewhere and then pull it onto your virtual machine, or vice versa, but I don’t like to enable drag-and-drop. What I do like to do is enable shared clipboard, host to guest. Now, here’s why. I use my web browser on my host to watch YouTube videos, and you don’t want to bother with installing flash on Kali Linux, it can be problematic. So, host guest copy pasting is very useful and you will need it, I assure you. There is a shared folder settings. You can either construct a shared folder or you can have a localized web server on both machines where you can pull the information from, and put the information there if configured properly, but shared folders are better for such purposes. Anyway, you can view what has happened here, it has been listed here. The most important part of it all is that you don’t have any reports of anything failing. Let’s go ahead and type reboot in terminal and press Enter. Let me just load the full screen, and let us see if it will actually happen, if the VirtualBox guest additions that we have installed will work. If they do work, great. If they don’t, we’re going to have to try something else, as these things do have a tendency to break. Okay, I need to login first to root, and test below, excellent, there we go. I have a full screen, and the image is being adjusted, excellent! So we have Kali Linux now running in full-screen mode which is fantastic. If you were using KaliLinux as your main machine, as your host machine, you wouldn’t need to bother with install guest additions. But, as I stated previously, it is not recommended.

In any case, that will be it for this tutorial. These are pretty much all of the preparations that you needed to make, and next up we’re going to get into the Linux command line interface. I need to acquaint you with it. Even though we have covered aa few of the commands, they are a very small portion of what we need to learn, and I do need to explain them in greater depth. And with that I bid you farewell, and sincerely hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #10: Starting Kali Linux, Configuring the Network, and Updating Software

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial! I have the Kali Linux machine running. I left the installation process in the last tutorial because it was, quite frankly, pointless to just sit and wait through it, and wait for it to complete. The Kali Linux installation tends to be a bit longer than the installation of other Linux operating systems because of the prepackaged tools that come with it. However, there were a few screenshots that I have taken which show some of the options that you were given throughout the installation process.

So, there were three options given during the installation. I’m just going to go ahead and open them up here. So, the first one was, do you want to use a network mirror to supplement the software that is included on the CD-rom? This may also make newer versions of software available. I said no because I’m going to do an update as soon as I finish the installation process, and as soon as I configure everything in a proper way. No, I do not want to use any mirrors. I’m going to say no and go ahead and proceed with the installation. So, next up is the grub bootloader. So it is asking me, do you want to install the grub boot loader to the Master Boot Record? Yes, I do. Just click on it, as this is the only operating system on this machine, on this computer. There is nothing that I can mess up by installing the grub boot loader to the Master Boot Record, of the first hard drive, as it is stated here in the instructions. You can use the grub bootloader in order to configure dual boots, or you can put three, four, five operating systems, as many as you like, as many as your hardware can support. Not at the same time of course, but at boot time you will be prompted and asked which operating system you wish to boot. That’s also one of the options that you can have with grub. There’s a final step, it simply states that the installation is complete. If you have used a CD to complete this installation, or a USB, you will need to remove that media and reboot the system, in order for all of this to function. So, that is it. I was prompted with those three very simple questions, and you have the answers here. Just go through them, it will not make much of a difference in the final account of things.

Go ahead and close this, and now I’m going to go ahead and login into my Kali Linux virtual machine. So the username is…this is actually one of the rare occasions where I log into the GUI with root. But, as you can see, as you will soon realize, in Kali Linux everybody just logs in with root. You are not using Kali Linux to browse the web, you are usually using it, 99% of the time, to perform some sort of an attack. And for all of those tools you need to, pretty much for all those tools, you need to be a root user, or have root privileges. Most of the time, there’s no point in having any other users on a Kali Linux distro. So, type in root, press Enter, password was test, press Enter. Your password is whatever you created during the setup. Okay, first I need to do a few things, like updates, in order for me to be able to install VirtualBox Guest Additions. Guest Additions will enable us to use full screen and the shared clipboard, etc. Let me just go ahead and change this. Open up my terminal. Set the view. This is non-technical stuff, this you can configure any way you would like. I’m just zooming it in for the purposes of this tutorial, so that you may see the screen better. But, before we can do updates, before we can do anything, we must verify that we have connectivity to the Internet. So, ping yahoo.com. Nothing is happening. So I cannot ping yahoo.com, meaning that I don’t have access to the external network. I cannot access the Internet. That’s a pretty big problem because pretty much whatever we do will need Internet connectivity for it in order to download packets from the repositories, to perform updates, and to conduct possible scans. So just go ahead and click on devices, find network, network settings, and here you can see by default it will be set to NAT. But, you don’t want NAT, you want bridged adapter, and you want to choose your adapter here. Mine is p8p1, see what yours is, and click allow VMs, virtual machines. So, OK, if you don’t know what the adapter on your machine is, and you are using a Linux system, just go ahead open up your terminal and type in ifconfig. Here you will be able to see a listing of adapters that you have. So you have lo which is loopback, you have p8p1 which is my ethernet connection, this is for some virtual machines as well, and I have wlp2s0 which is my wireless interface. So I know that for a fact that I’m using p8p1, because my network manager tells me that I am. You see connected to p8p1. This is also a better way of actually checking what you are connected to, which adapter you are using. So just open up your network manager in the upper right corner, and p8p1 says connected. Your network managers position can vary depending on how you configure your system. By default it will be in the bottom right corner, but that is easy enough to find either way. Let’s just go ahead and close this terminal. Now we know that we have actually configured our network. But, still, I’m pretty sure I won’t have internet connectivity. Let me just try pinging again, and you see it is simply not working. So let’s just go ahead and check the Kali Linux network manager, and it says wired network but device not managed. That can be a problem, and that is a general problem which you will face with wired interfaces pretty much all of the time. There’s a relatively easy fix to it. You just navigate over in the terminal, type in cd, which stands for change directory, to /etc/NetworkManager. Let’s see what’s in it. We have NetworkManager.conf. I’m going to go ahead and type in nano, which is the text editor that I’m going to be using, and then type in NetworkManager.conf. Press Enter, there we go. It opens up the configuration file. You do need to be root in order to make any changes here. It says main plugins ifupdown, keyfile, ifupdown, managed = false. So where it says “false” just delete this and replace it with “true”. Ctrl + O to save, press Enter, Ctrl + X to exit. Now we need to actually restart our network manager. So just go ahead and type in service network, there we go network manager, restart. Stopping and starting, excellent! Connection established. You are now connected to if updown eth0. Let’s check the connectivity. So ping yahoo.com, excellent! So now we have Internet connectivity. These steps here are quite important. Not so much for the ethical hacking as they are to actually setting up the environment. Setting up the environment itself can be troublesome, you can encounter multiple problems, bugs, etc., and then instead of having to go from one forum to the other trying to find the solution, you can just go through this tutorial. Pay attention and I will show you how to resolve pretty much all of the issues that you might encounter. I myself am doing a fresh install here, and I would be encountering the same problems that anybody else would, and I would like to go over them. More likely than not, if you are performing a virtual machine installation, you will encounter similar problems as I have. Although, should you encounter any other problems please, please feel free to post questions, and I will be more than happy to provide any answers that I can. So let’s just go ahead and clear the screen.

Now that we have Internet connectivity, I would like to perform some necessary updates. Believe me, you need to perform regular updates of the system because you will find that certain things will not work after a while. So let me just change the directory, clear the screen again, type in apt-get update. So I could do this with one command in Fedora, but here I’m going to need two of them. So it’s picking up things from the repositories, excellent! Now I need to type in apt-get upgrade, press Enter, and you see it says after this operation 73 megabytes of additional disk space will be used. That is quite a bit in terms of updates. I mean look at all of the packages, these are all the packages that are going to be updated. The list goes on and on. So, anyway, just type in yes, you don’t actually need to type in a capital Y, you can just type in y, press ENTER, and the update process will begin. Now depending on your internet internet connection, this might take shorter or longer amounts of time. I will leave it here until the updates actually finish, because I don’t want to be standing here in front of the screen. But in any case, these updates will be completed. You’re not going to be posed with any questions like in the Kali installation process. You might be notified of some things, a screen might pop up with some text, that’s perfectly fine. You can read through it and then close it. Those are readme files specifying the characteristics of certain packages and what has been upgraded. Later on, if you wish, you can do further exploration and actually discover what each of these packages contains. In any case, we will continue this process in the follow up tutorial. Until then, I bid you all farewell.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #9: Kali Linux Installation

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will continue with the installation of Kali Linux within a virtual environment.

You may have noticed that I have two screens on which is written Kali Linux, and they are exactly the same except one has a bigger font and a zoomed in picture. So over here, on the left side, this is my virtual machine. The window which I’m moving now is the actual virtual machine, and the window on the right side is just a zooming in app that I have installed in order for you to be able to better see what I am about to show you here. I do not have guest additions installed on the virtual machine, and you cannot install it until you have actually installed the operating system. I will perform the work there, on the left side, and you can monitor what I am doing on the right. There is no difference between left and right in terms of actions, only in terms of font size.

Anyway, I’m just going to go ahead and scroll down to install, press ENTER, and the installation procedure will commence. By the way, if you boot into the live version, the default password for root is just root in reverse, so toor. Just a bit of a brief mention there. Moving along, pick whatever language is suitable for you. You can also pick the uppermost option where it says C, no localization. So if you would prefer a greater degree of anonymity, you can even pick that. But for the sake of this tutorial, there really isn’t a need. If you do pick a language, and I mean a lot of people choose English, you will not be leaving much of a footprint. Press ENTER and here you can choose a country, territory, or area. You can choose whatever you would like here. I’m just going to go ahead and click UK because it immediately offers me a British keyboard that I use, so that’s very nice in terms of settings. In any case, even if you do not choose the correct setting here it doesn’t matter. Later on, after the installation, you can configure it any way you like.

The installation is now underway. I’m going to unbind my mouse because it seems to get stuck in a loop there. Basically, you bind and unbind your keys by simply pressing the right control key. Let me just move this a bit so you can see it a bit better, expand, there we go. There’s some auto configuration going on now, nothing really noteworthy. Let me just change this a bit. There we go. You can pick a host name here. You can just leave it as default, you can leave Kali, or you can actually write whatever you want your computer to be called. So, I’m just going to leave it as the default, but as I said you can write whatever you wish to write there. So, just go ahead and continue. By the way, you don’t have a mouse option here while you’re performing this installation, so pressing tab switches between fields and options. Pressing space allows you to mark the field, and tab means switching fields. So use tab, space, and enter to actually call a function to execute something. I’m going to select continue. Here you can type in your domain name. No, I do not want a domain name at this time. Keep in mind that you can configure this later on as well, should there be a need for it. Just click on continue or hit enter.

Now for the root password I would suggest picking something ridiculously complex and complicated. A lot of people worry that they won’t remember their passwords if they’re long and complicated, but assign a certain logic to your password. Something that reflects the way you think. And then the password can increase in length, and you you will still manage to remember it. So, for example, you can insert a certain word that you use, or that you’re attached to, or something like that. You don’t need to spell the word correctly in the English language, rather instead you can spell it incorrectly and then add exclamation marks, question marks, greater than signs, less than signs, ampersands, and so on. But choose something that reflects your logic, your way of thinking, and make sure that it is more than eight characters. Greater than eight characters is a must-have. It needs to contain capital letters, a few of them not just one. You also need multiple different signs. You should use three or four of them in combination. The more the better. Don’t just type in a word in the English language, and then type in numbers, and then type in signs. You are already assigning a very strict order, so, any brute-forcing attack will go much easier. Try to have a mixture, try to randomize the position of the types of characters that you’re going to put in your password. For the time being, for the sake of this tutorial, I’m going to use one of the dumbest passwords possible. I’m going to type in test. That’s gonna be the password of this virtual machine, and I’m going to hit the continue button. It’s going to ask you to verify it by forcing you to re-enter it, and there we go. But once again I emphasize to use a strong password.

So now we have partitioning methods. If this was my main machine, if this was my host machine, I would definitely do this manually. I would want my partitions to be configured in a certain way. But since this is a virtual machine, I’m just going to go ahead and say guided, use entire disk. It doesn’t matter to me as there is only one partition anyway, and it’s 138 gigabytes. Press Enter. All files in one partition recommended for new users. Sure, we can do that. You can separate the home partition, you can separate all of these partitions. For example, this is something that I did on my host machine. You have a lot of things that are separate, and my main drives are also full fully encrypted. So, even if I lost my laptop, or it got stolen, it would be really difficult to access pretty much anything. Even the BIOS is locked, so you can’t even reinstall it. You would have to open up the laptop, take the BIOS battery out which is underneath my main processor, and you’re more likely to basically permanently damage the motherboard than you are to actually remove and put back the battery in order to reset the BIOS. That’s one of the very nice fail safes for devices, especially for compact laptops. But, in this case, we don’t need any of that. Such configuration and such things are generally done on the host machine. You encrypt your partitions there, you lock the BIOS there, and so on.. While on the other hand, with virtual machines there’s no need to do anything of a kind. The host machines are the fail-safe. If that fails, everything else will fail. So, you don’t need to worry about it, you don’t need those unnecessary layers I would say. They will slow you down in the greater scheme of things. So, press enter, finish partitioning, and write changes to disk. Before I do that, let me just go ahead and explain our partitioning layout here. So you have primary, #1 primary 126.5 gigabytes, space f, space ext4 space /. Now all these things have a meaning, but what you need to know is that like in Windows you have NTFS partitions, in Linux you have ext4 partitions. They are a bit faster, that’s one thing that goes in the favor of Linux, and during the partitioning of the disk, with a Linux system, there is only one partition which is a must-have, which is an absolute requirement, and that is this first partition that I have selected. It’s notation is just a slash, that is the root partition, and you always need to configure it, always. Without it manual partitioning will not work, you will get error messages saying that you must specify a root partition.

Down below we have swap. Swap is basically a fail-safe method. So when you run out of RAM memory you basically tell your system OK, you can have this portion of the hard drive, and you can use it as RAM, which functions in a very slow manner, but it will prevent your machine from crashing. Usually, swap partitions are configured to be double the size of your RAM. My RAM is 8 gigabytes, but here the computer has been assigned 4 because this is a virtual machine, and if you remember at the beginning I have assigned 2 gigabytes of RAM to this virtual machine. So, it just multiplied it by 2. It wasn’t exactly 2, it was just above 2, so I get 4.3 gigabytes of swap space. Now on most of the modern systems, on most of the modern computers, you will not require swap partitions. If you don’t make it you’ll get a warning, but rare are the cases when you will need a swap partition, when you will waste all 8 gigabytes of RAM. I mean it happens to me from time to time, but usually if it happens there’s something wrong with the system, and I don’t want it to continue consuming resources. I want it to stop there.

Anyway, now that you know what some of these options here mean, you have notation for the disk here, it’s SDA. But, we’ll get into that later as we configure the system. So you also have some other options here. It says configure encrypted volumes, configure logical volume manager, (LVM), configure raid, and you can go back to guided partitioning. So these are all very nice options that come for free, and you might think oh, well, that’s no big deal, but believe me when I tell you these things, in proprietary operating systems, they cost a lot of money. While here they are free, and generally work better. What we will be interested in today will not be raid, because we don’t actually need it. You can configure encrypted volumes as well. I will demonstrate this at a later time, encryption methods. You don’t need to encrypt your volumes on a virtual machine, but you can encrypt certain files or folders if you don’t want to grant access to them. However, my hard drives here on my host machine are encrypted, so I am pretty safe in that regard. I’m just going to go ahead now to the bottom, press enter, and finish partitioning, and write changes to disk. Excellent! Let me just move this a little bit so you can see it. Basically, it is asking me for a confirmation, so if you continue the changes listed below will be written to disk. Otherwise, you will be able to make further changes manually. Now it is informing me of the changes to be made and telling me, basically, that all the information will be lost should there be anything there. So write changes to disks, yes. Go ahead and continue with the procedure. The installation process is now underway and this is going to take a while. So, while this is going on I just want to go ahead and pause the video here and finish this tutorial. In the next tutorial, once the installation is complete, I will actually get into Kali, start configuring it, and introduce you to it’s interface. In any case, I bid you farewell, and I hope to see you all in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #8: Installing VirtualBox on Windows

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you how to install VirtualBox within a Windows environment.

Previously, I have shown you how to install VirtualBox within a Linux environment, and it is a bit more complex there because you do need to add repositories, and then pull the packet from the repositories. However, on Windows the process is fairly straightforward. Go ahead and open up your favorite browser, mine is Firefox, and navigate to the following website:

https://www.virtualbox.org/

Click on downloads and choose VirtualBox 5.2.8 for Windows hosts. So just go ahead and click on the link to prompt the download. I’m just going to go ahead and navigate over to my downloads folder, then I’m going to go ahead and double click on the VirtuablBox file in order to initiate the installation wizard.

Keep in mind that this Windows system I am currently using is actually a virtual machine, and I am conducting an installation of VirtualBox within a machine that is being run within yet another virtual machine. You can see I’ve minimized it and I can pull it now around, but it works just fine. The installation process will go smoothly without any problems. So, just go ahead and click Next, and you can actually browse for a different installation location here, but the default one will do just fine. Just go ahead and click Next, create shortcuts, register file Association, sure why not. Click Next. Here it is telling you that it will reset your network connection, so if you don’t want that to happen you might hold the installation process. Anyway, just go ahead and click yes, install, and there we go. Don’t worry about this, it’s not an error, it’s just Windows asking for our permission. Anyway, the installation process has started here without any problems. And as I was talking about it previously, this is a virtual machine within a virtual machine. The installation of the program will finish without any problems. However, if you plan to run another virtual machine within this VirtualBox, within this virtual machine, you might encounter some problems. So, start the VirtualBox after installation finish, sure, why not.

In any case, we have our VirtualBox manager here, and the process of creating new virtual machines is exactly the same, more or less, the options are in the same places. I’m just going to go ahead and close it now. I will go ahead and uninstall it from this Windows system because I will be runnning it on Fedora Linux. I hope that this guide was the helpful for all of the Windows users out there. Much of the world uses Windows, however, for pentesting purposes, for ethical hacking, Windows is not the best operating system to use. It’s a lot harder to make yourself anonymous with Windows, and most of the pentesting tools were actually designed for Linux, Unix like environments, to work in combination with their terminals. However, the choice of the operating system is completely up to you. I will be working with Fedora Linux, and I will most likely be using this Windows machine as some sort of a victim, which we will be attacking and exploiting. Anyway, I bid you all farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #7: Virtual Machine Configuration

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will go ahead and download Kali Linux, and demonstrate the installation procedure within a virtual environment.

So, first off, go ahead and open up your browser, type in Kali Linux, press enter, and click the link which directs you to www.kali.org. It’s https, don’t forget to check that. Go ahead and navigate over to downloads. You can either direct download the ISO file, or you can download it via torrent. Kali Linux, due to the amount of tools that it has that come pre-installed, is fairly large for a Linux distribution. It’s 3 gigabytes, which is huge. I don’t know what sort of internet connection you are working with, but for the sake of this tutorial I have already downloaded it. What you want to do, in case you didn’t already begin the download, is go ahead and click on ISO, click to save, click OK, and the download procedure will begin. The progress will be displayed here in the upper right corner of the browser (Firefox). If you would like to download Kali via torrent, you click on torrents, save file, open up what is displayed here, and it should open up transmission. Yep, there we go. So, it has a few files marked here, you can just go ahead and click open, and it’s going to begin the download process. This might be a bit of a faster option depending on the status of seeders, but it’s really up to you. You can’t really go wrong, especially if you have a faster internet connection. The download speed will not differ much.

Now I need to go ahead and navigate over to my start menu and type in VirtualBox, and as soon as you start typing it gives you a list of options. So, just go ahead and pick this one. You might want to pin it to the taskbar for easier accessibility. I have elected to append it to my left panel here. Go ahead and open up VirtualBox. I have a few virtual machines setup here, as you can see. I have one, two, three, four, five, I have five virtual machines set up. I can’t run them all at the same time, well maybe I could if I reduce the amount of resources that I allot to each one of them. But, I will not be doing that. For the time being, I want to setup a brand new Kali Linux machine. Before I can do that, I need to configure the virtual machine. So, first off, I need to create a new environment in which this machine will be installed. Go ahead and click on new, type in whatever name you wish, I’m going to name it Kali, the choice is entirely up to you. Type, it’s obviously not Microsoft Windows. It’s Linux. And it’s not Ubuntu 64, but since it’s based on Debian, I suppose I can type in Debian 64 bit here. Unfortunately, VirtualBox does not have an option for Kali. Just click Next, and that’s it. Here you will allot the amount of RAM that you want to make available to the virtual machine. Linux is not RAM intensive, it should work fine as it is by default, but I have a habit of allotting it above 1 gigabyte. For the sake of this tutorial, I will allot it 2 gigabytes of RAM. We will be working with some of the programs that can be demanding, and that can be resource intensive, so I want to do this. But, don’t worry about it. If you’ve given it too much RAM, or too little RAM, you can always change this later on. Go ahead and click create a virtual hard drive now. This is the drive that this machine will be using, and just select VDI, VirtualBox disk image. Click Next. Dynamically allocated, that’s very important, and you can read here what dynamically allocated means. Basically, this hard drive file will only use space on your physical hard drive as it fills up to the maximum fixed size. Click Next. Here you will allot the drive space. Now, I have a lot of drive space so I’m just going to allot 120 gigabytes. That is going to be more than enough for this undertaking. Go ahead and click create, and that’s it. Now we have our environment under the name Kali set up.

There is one more thing that we need to do. We need to select the location of the Kali Linux ISO file so our new virtual machine can boot off of it. There is this disk icon here, and when you click on it it says choose a virtual CD disk file. So I have a few here, but none of these are what I actually need. If you have something in your CD-ROM drive you can just go ahead and click here, and it’s going to pull an image from a CD. We have an ISO file that we want to use. So just go ahead and open it up, click on home, and I have it in my downloads folder. It should be around here somewhere, yep, Kali-Linux-1.0.9-amd64. I do believe that I am slightly behind the latest version, but we’re going to fix that with updates once we install Kali. Open it up, it says Kali-Linux-1.0.9-AMD-64.ISO, and that is the type of file that we’re looking for, .ISO. It’s now inserted. You can see it here, marked in blue. So, click OK, double click on Kali, and it says starting.

Now that it’s running, you have a few options here to utilize. You have live AMD 64, live forensic mode, USB persistence, live USB encrypted persistence, or just go ahead and install it. What do these options mean? Live boots can be a USB, CDs, or something of a kind, where the system is booted from an external device. You have failsafe mode, live failsafe mode, well most systems have a failsafe mode. Today, it’s basic boot, and it simply loads the basic applications and services, and this is practically guaranteed to boot. Every time you boot into failsafe mode, unless you’ve messed something up that is in a very, very serious way, failsafe mode will almost always boot. Forensic mode is for investigators, such as auditors. We are not going to be dealing with this mode because we want the full installation. You have live USB persistence which is a very nice feature. You can have, for example, Kali Linux, or many other distros, installed on a USB stick. All of your work will be saved on that USB hard drive, so you can make permanent changes to your system. You also have a live USB option with encrypted persistence. This means that all the information contained on your live USB will be encrypted, and if you happen to lose it, nobody will be able to access your data. So if you lose it, if you have some passwords or something like that stored there, no big deal. You know it’s encrypted. In any case, in the follow up tutorial I will go ahead and proceed with the Kali Linux installation. Also, we will need to install VirtualBox Guest Additions. Guest Additions enable full screen displays of virtual machines. But, more of that to come in the next tutorial, and I hope I’ll see you all there.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #6: VirtualBox Installation Using the Linux Package Manager

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you another, more reliable way to install VirtualBox. If you are wondering why I showed you the previous method, using rpm, it’s always good to have another option. Plus, the procedure is exactly the same if you’re installing any other rpm package. So you just type in rpm -i, and then you type in the name of the package that you have downloaded, so the procedure is exactly the same. I would recommend passing an h argument as well to give you a status bar. It will install without any problems of course, but without the h argument you won’t know what is going on in the background. You might think it’s bugged, or something like that, during the installation procedure.

What we want to do now is install virtualbox using the default packet manager called yum, and pull the package from the repositories. What are repositories? Repositories are places where software packages are stored for Linux distros. You can pull these packets, from your Linux distro, using the default packet manager. It’s very simple, it’s extremely easy, and it’s one of those things that you will absolutely need to know how to do. You will be installing and uninstalling a lot of things during the course of your pentesting career, during the course of pretty much any pentesting exercise in general. So, let me just demonstrate this for you. You type in yum and then you give it a command. I’m using Fedora so I will be calling yum, but if I was using some sort of a Debian distro it would be aptitude, or apt-get. Other distros have their own packet managers, but we’re not going to get into those now. Later on I will show you which package manager Kali Linux uses. So, first off, you type in yum, as I said, and then type in search, which is telling yum what to do. We want it to search for something, so you just type in search. Then you want to search for an approximate name of the package you are looking for. So, perhaps you don’t know the full name, or something like that, don’t worry about it. Just type in a portion of the name, it will suffice, and pretty much everything that contains that portion of the name will be displayed. So we know what we want, it’s VirtualBox, and you might think that this is the full name of the package. It is not, soon you will see. There we go. It has printed out every packet, every package, that contains VirtualBox in its name, in the name of the package, or in the description of the package. You have the name of the package here, colon, and then you have the description of the package. There are a lot of things that have the name VirtualBox, and you’re perhaps wondering which one to install. Well, you need the kmod one. Here you have the kernel version and the Fedora version. So fc would be the Fedora version, and here you have the architecture, it’s 64. I can select it, there we go. It’s 64, and here you have the kernel version. So you can compare it to what system you have. You can use any other distro, the procedure is fairly similar. If you’re using, for example, a Debian based distro, or an openSUSE, or something like that, feel free to ask me if you can’t manage to install it. I will help you out, no problems.

For the time being, I’m just going to go ahead and install it here. Let me just go ahead and clear the screen. In order to install the package you need to type yum install, and then you need to go ahead and type the name of your package, which would be the last one for us. The name is a bit long so I’m just gonna go ahead and copy it, but you see there is one fundamental problem here. The VirtualBox package is not found in the default repositories of Fedora, and that is a bit of a problem. None of these commands would actually work if I did not previously import the RPM fusion repositories. RPM fusion is simply the name for a certain type of repositories containing certain types of packets. So I have imported those repositories, and now I can pull information and packages from them. If I did not do that previously, I would not have been able to do any of these things. Yum search VirtualBox would yield no results, I would get a blank screen, I would get like a message here saying that no packages were found that matched this particular name, and then just a blank screen, that’s it. So that’s going to be problematic.

In order to solve that problem you need to go ahead and open up your favorite browser. I already have this website open to save a bit of time, it says rpmfusion.org/configuration, but here I can just go ahead and search for it. So type into any search engine rpmfusion, so it’s rpmfusion.org. Click on the website, open it up, and here you are going to get instructions immediately. It’s a very simplistic website, it just says for users and says enable rpm fusion on your system. Just click on the link and there you go. You get a listing of downloads, it says free and non-free. Don’t be intimidated with this non-free. You don’t need to pay for anything. It is non-free for redistributable software that is not open-source software, as defined by the Fedora licensing guidelines. Down here you have the actual RPM packages. I will download the first one and then install it using my using my RPM software. Just type in rpm -i and then I would pass this filename as an argument, and it would install it without any problems.

I also want to show you a different way of doing this. If you’re wondering why it is being repeated twice, this is for free, and this is for non-free. What we want is the command line set up using rpm. It says here Fedora 14 is the most current, so mine is 20, it will work without any problems. So you have this very long command, and you don’t really need to know what every single portion of this command is or what it does. Basically, it imports a repository into your system that you are going to use later on. We will go ahead and copy/paste this and run it. You are using your default package manager, you’re using the local install option, you are not checking for certain types of keys, you are giving it the place from which to pull it, etc. Later on as we progress through this tutorial, we will deal extensively with the Linux command line. So, only then will these things become clear to you. Once I actually explain some of the basic and fundamental things, then you will be able to understand things such as those listed within the parenteses. Sorry, not bracket, within the confines of this parentheses. If I start explaining it now it would make no sense, and it would simply complicate things further. As I said, later on when we get into the command line interface of Linux. I will begin from scratch, and move you from a beginner to advanced user in a relatively short amount of time, and then you will be able to understand what all of these things mean. For the time being, just copy this content which is within the confines of these quotation marks, and paste it into your terminal. You will need root access and I am no longer root, as you can see. Just type in su, type in your password, paste this, and press ENTER. It will not install here because I already have it installed. But, on your system, where you do not have RPM fusion installed, this procedure should work without any problems. Go ahead and clear the screen.

Anyway, I would like to show you something else that I neglected to mention a moment ago. This command that we’ve ran installs free and non-free repositories. If you just take a closer look to what I am highlighting at the moment, this is the free one. So it says
http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release. Down below you have the second address, again, download1.rpmfusion.org, and it says non free. So I’m highlighting the entire thing here, let me just zoom it in a bit more so everybody can see, and there you go. You have two completely, well they’re not completely different addresses, but they are definitely different addresses referring to different types of repositories. Anyway, now you can go back to your terminal, stay root because you will need root privileges in order to do this. Type in yum search VirtualBox, press enter. Use the last one, or whichever one suits your current kernel. You can check the current kernel by typing in uname -a, and here we go. So it’s 3.18.7-100.fc20, and then you have the architecture listed here as well. So, clear the screen, type in yum install, paste the name of the package, press space – y, and if you have this command just press ENTER and it will install. I have already installed VirtualBox to save some time. After you’ve installed it, do not forget to type in yum update as well. So, let the system just run through the updates so you make sure that you have the latest version. In any case, that will be it for this tutorial. In the next one I will start VirtualBox up, explain some of it’s features, and hopefully begin installing an operating system within my virtual machine. Thank you for watching, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on 2 Comments

Learn Ethical Hacking Episode #5: Installing VirtualBox with RPM

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, we will be covering our working environment. I will show you how you can set it up.

So, first off, we need to install VirtualBox. Now it doesn’t matter if you’re running Mac OS, Linux, or Windows, you will still need to do this, for several reasons. We’re going to be editing configuration files, and we are going to be be doing it as a root user, so we are always facing the prospect that we might break something. If we do mess something up, it’s much better to be working within a virtual environment. Even if you do mess something up, and even if you don’t know how to fix it, it doesn’t really matter. It is only a virtual machine. You don’t really have any data of importance on it. However, if you mess something up on your main machine, that can be problematic. If you’re forced to reinstall it, you will need to back all of your data up, you will need to figure out where everything is, etc. You may try fixing the problem, and depending on what that is, it could consume a large amount of your time. So, just take my advice install VirtualBox. It’s not that complicated, it’s pretty simple, I’ll show you how to do it in a minute.

There is another reason why we’re installing a virtual machine, and that is safety. We are going to be downloading a lot of stuff from the net, and even though I will be using websites that I consider to be safe, and that many other people consider to be safe, it is always good to have that extra layer of protection. So, even if something happens in your virtual machine, even if it is compromised, it’s fine. It’s a virtual machine. There is nothing of importance there. Your private information is not there, your credit card is not there, there is literally nothing there aside from the free tools that we will be using. So, without further ado, let’s just go ahead and see how VirtualBox is installed.

Now, there are two ways of completeing the installation process. One is preferable over the other. So, the first method is a lot simpler. Go ahead open up your favorite browser, mine is Firefox, and use your favorite search engine. Type in VirtualBox, press enter, and there you go. You can also use the following link:

https://www.virtualbox.org/wiki/Downloads

Straight off the bat you have Oracle’s official site for VirtualBox. Go ahead and open it, and in the upper-left corner it says About, Screenshots, Downloads, Documentation, etc. For the time being click on Downloads, excellent! So here you have a list of host machines. We have VirtualBox for Windows hosts, for OS X hosts, for Linux hosts, Solaris hosts. Actually, for Solaris you can download it from the repositories immediately, but for the time being we cannot use the repositories. We first need to configure them in Linux, and repositories in Linux are places from where you pull your software for your Linux distribution. Anyway, we will need VirtualBox for Linux hosts. I have already downloaded it in order to save time in this tutorial, but you just click on it and then it prompts the download.

VirtualBox is available for multiple Linux distributions. So you have Ubuntu, you have Debian. I am not sure why they have separated Ubuntu and Debian, as Ubuntu is based on Debian, and pretty much everything that works on Ubuntu will work on Debian as well. You have openSUSE, but for the time being I am interested in Fedora. At the time of recording this, Fedora 21 is available, but Fedora 18 will work perfectly fine. It will run without any problems. Anyway, right next to it you have i386 and amd64. This is referring to the 32-bit and 64-bit architectures. If you do not know what your machine is, whether it’s 32-bit or 64-bit, not a problem. Go ahead and open up your terminal, type in uname -a, and press Enter. You don’t need to be root to do this, you can do this as pretty much any user, and you get a listing of information here. So you have the Linux platform, localhost, domain, kernel version, and Fedora distribution as well, it’s number 20, and then you have the architecture. So, it’s x86_64. There we go, 64-bit architecture. Fantastic! Now that we know our system architecture, you can go ahead and click on the corrresponding link. If you’re using a 32-bit system, just click on the 32-bit version. The procedure is absolutely the same, there are literally no differences. It gives me an option to save a file, so just click save, and then click OK. You will find the file in the default downloads folder unless you have configured it in a different fashion. I’m just going to go ahead and cancel it because, as I said, I’ve downloaded it previously in order to save some time in this tutorial.

So, go to your terminal window, clear the screen, you will need to be root in order to perform this. Just type in su and press enter, and type in your password. There is a tool for managing rpm packets, as this is a Red Hat distro. All of the software packets for it have the extension .rpm. Now, I am currently using the Linux terminal, and I will give you detailed instructions throughout the course, but for the time being just follow along. So there’s a command called ls, and then I want to go to the folder downloads. Chronic, that’s me, that’s the username, downloads, and VirtualBox, there we go, press ENTER. I’m going to clear the screen one more time, there we go. Anyway, you see this extension that I have marked, it says .rpm. Now, .rpm represents a type of packet that is meant specifically for certain Linux distributions, such as Red Hat, Fedora, CentOS, and a few others. What you can do is use your default rpm software, so just type in rpm -i, the -i argument is for install, and then specify the path to your packet, to your package, so /home/Chronic/Downloads/VirtualBox, and press enter. Now, this process is automated, there isn’t much that you need to do here. You may need to press yes, and that’s it. However, this is not the method that you should be using. This is a method that you can use, but I wouldn’t advise it. If you do install it like this it tends to break with newer updates, so it can be a bit problematic. I will show you another method in the next tutorial where you can actually use yum, which is default packet manager in order to install this packet, and then update it accordingly. In any case, I bid you farewell, and I’ll see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #4: Basic Terminology (Continued)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. I’m going to continue from where I left off in the previous video. If you have not seen the previous tutorial, I strongly urge you to do so, as the two are closely interrelated. Anyway, previously, we’ve discussed some of these concepts such as DoS, RATS, Phishing, and so on. In this video we are going to cover SQL injections, VPNs, Proxies, TOR, VPS, and keyloggers. Each topic will receive it’s own video in the course where we will go into much greater depth discussing the concept.

For the time being, we have SQL injections, which are simply passing SQL queries to HTTP requests. If they are not properly formatted within the PHP code on the server side, this can present a serious problem. This is always one of the primary considerations for all professional web developers. Later on in the course, I will demonstrate how you can use SQL injections and formulate them. There continue to be a large (mostly unmanaged) number of websites that are vulnerable to SQL injections, because the frameworks on which they are based are vulnerable as well.

Next up, we have virtual private networks, or VPNs. These are services that enable you to anonymize your activity online. Basically, you have a VPN provider somewhere, and if you want to anonymize yourself, you will route all of your traffic through this VPN provider. All of this traffic between you and the VPN provider will be heavily encrypted. So, any other server that is receiving requests from you, it is actually receiving them from the VPN provider. There is no real way of detecting you or finding your physical location unless the VPN provider actually gives it up, which doesn’t tend to happen if you pick the right one.

Down below we have proxies. Now, proxies are a less reliable way of staying anonymous, but you should always make it your common practice to use socks5 proxies. I will explain what these are, I will introduce them to you when we do proxy chains, and then I will explain to you how you can actually stay anonymous while conducting these sorts of activities. You can route your connection through several proxies, but you will soon come to realize that it doesn’t always work. In movies you will see people going through 10, 20 different proxies, but in reality that would be very difficult to implement. The average internet speed, and available bandwidth, simply would now allow it. Most of the free proxies available on the net are not very fast, and routing your connection through several of them will make it very difficult for you to do anything in a reasonable amount of time. There are of course paid proxies, but when you pay for a proxy you leave a digital footprint somewhere, so you can be traced.

Moving along we have TOR. TOR is absolutely free, open source, and it is much faster than using proxies. It’s not faster than VPNs, but it is faster than proxies. The TOR network gives you the ability to “torify” your applications, which in essence means simply routing traffic through certain routes, and using certain devices on the internet for your packets, for your connection to go through. It can be slow from time to time, it is not a 100% reliable, but you will be anonymous to a very large extent if you are using TOR. There are ways of detecting you, but they are highly unlikely to happen. 99.99% of the time you will be almost 100% anonymous. Also, you have the TOR browser which enables you to access the dark web, or the hidden web, whatever you wish to call it. Basically, these websites consist of .onion domains, and they are not indexed by any search engines, and they cannot be accessed by normal internet route, from the typical internet browsing perspective. If you do not have your internet connection configured in a proper way to connect to the TOR network, you will not be able to access any of the hidden web, or the dark net’s websites. I will show you how to access dark web and how to use it, as it has a vast amount of resources that are at your disposal.

Down below you have VPS, or virtual private servers. They can be viewed as an additional security layer. For example, if you have an Apache server running on your physical machine, you can have a virtual machine within that physical machine which will serve as a SQL server for that Apache server. This is done so that the SQL server cannot be accessed from the outside, and so you don’t have a SQL port open on your physical machine. So, only programs and users from that particular machine will be able to access the virtual machine where the SQL Server is. When I show the examples, when we get into it, you will understand it. Here I am just introducing you to the terminology and giving you an idea of what is to come.

We also have keyloggers, which are tools that are used to steal credentials. Not only credentials, but also used to extract information. If you manage to deploy a keylogger on a machine, you can configure it to record all keystrokes, and then to send them to a mail address, to an FTP server. Today, keyloggers are advanced to the extent that they have over hundred options or so, configurable to the fullest of extents, and you can do pretty much whatever you want with them. I mean, they have their basic functionalities still, the basic functionality is still there, to record the keystrokes. But, not only do they record keystrokes, for example, they can extract existing information as well. You can configure their behavior, the stealth level of the keylogger, how it will conceal itself, where it will go, where it will be installed, what sort of information you want to extract. Whether you want to monitor particular folders for activity and do you want to record it. Whether you want to configure them to take screenshots. You can configure them to use the camera on the device from which you have deployed a keylogger to take a picture every five minutes, or something like that. That wouldn’t be the brightest of ideas because obviously somebody would see that you are taking a picture, but those are just examples of what you can do with them. Later on we will actually download a genuine keylogger, install it, deploy it through the methods of deployment, and discuss how you can configure it as well. Although, you should be very careful from where you download your tools, such as keyloggers, remote administration tools, root kits, etc. You never want to download a un-compiled binary file that is not open source, because you have no way of knowing what’s in it, and you absolutely never want to run it on your computer. You might get what you want, the keylogger in this specific example, but your computer might get infected with exactly the same keylogger that you plan to deploy somewhere, or with exactly the same rat that you intend to deploy somewhere. So, that’s not a very bright idea. You should use verified sources for such tools. I will show a few of them later on as I browse the internet and download them, but I’m just making it very clear here that you should be very careful with these things. One of the foolproof methods of doing this is actually configuring a virtual machine, and conducting this sort of activity on that virtual machine. So, even if you get infected, or something like that, it doesn’t matter. It’s a virtual machine. You can reinstall it anytime you would like, very fast, pretty much no information will be lost. More importantly, the primary file system on your main, physical machine will not be accessible from the virtual machine.

Anyway, down below you have the terminal. The terminal is basically an interface, for you, that allows you to control your operating system. Now, the Linux terminal is very powerful, and we will be using it extensively throughout this course. I will familiarize you with it, I will teach you how to use it. To some people it might seem a bit difficult, or a bit tricky at first. There are a lot of commands to type in, it takes some time to memorize them all. You need to learn what to use where. But, believe me, there is a certain logic to it, and once you figure it out you unlock the full potential of the operating system. I have memorized roughly 30% of the available Unix commands, and the rest I simply figure out with -age, or –help. The system pretty much tells you everything you need to know, it helps you out to a great extent, and you are able to figure out a lot of things from just understanding the basic logic of how it works. Now there is some, there will always of course be debate regarding why you would use terminals. Why wouldn’t you just use GUI tools, or something like that? The simple answer is because they are not nearly as powerful as the terminal tools are. Plus, terminal tools have far less dependencies, and most of the hacking tools are basically designed for the terminals. They don’t have GUIs. Many of them do have them these days, but I might not cover over them because the GUI interfaces are not that relevant. When you figure out how to do it in the terminal, you will automatically, by default, know how to do it with the graphical user interface, for that particular program.

Continuing along, we have firewalls. Now the firewall in Linux is configured to the IP table commands. You keep on passing arguments and configuring these firewalls, and this is one of the main reasons why you should not be using any distribution of Windows for this particular tutorial. The Linux firewall is open source, and it has a ridiculous amount of options, a ridiculous amount. I’m not kidding, you can do pretty much whatever you want with it. You can close open ports, forward connections via ports or by IP addresses, forbid certain protocols on certain ports, forbid certain protocols for certain IP addresses, do all manner of forwarding and redirection, etc. This is all available for free with a Linux firewall, whilst in Windows you will have a much more limited scope of options regarding configuration. We want to keep it budget-friendly, and we want to have a powerful firewall. Now, there will be two ways of configuring this firewall, and if you are afraid of messing it up don’t worry about it, because most of the configurations will be short-lived configurations, so to say. All of the configurations made to the firewall from the iptables command, unless specified otherwise, will be temporary, and they will hold until the next system reset. There is a way to circumvent this of course and to configure the firewall rules in the configuration file directly, and thereby making the changes permanent, which is also one of the ways of doing it, but I don’t generally prefer it. I prefer to have a script somewhere which you can run at any time, and it will configure your firewall by default. This is primarily because you can put your tool set on a USB stick, or somewhere online, and you have these quick scripts which you generate, and then they perform these tasks for you in an automated fashion. It’s really simple. I will show you how to make these scripts. You do not necessarily need advanced programming knowledge. Basically, these scripts consist of lists of Linux terminal commands, which we will do anyway. So, basically, the script would consist of a list of those commands, and then you just change the mod of the of the script to be an executable file, run it, and all those commands are passed to the system.

The final thing that I wish to address here is reverse shells. So, there are hundreds, if not thousands, of reverse shells out there that you can use. I will pick a few that we will use depending on the framework, depending on the environment of course, that we want to infect. But, in essence, what reverse shells are, as the name itself says, you have a program with which you infect another device, and then that program opens up a reverse connection from that device back to you. So you can keep on passing commands, you can keep on controlling the system, even though you are nowhere near it. There are different types, of course. Today, with routers and firewalls you do need to do a lot of extra configuration, and there are problems that need to be solved and addressed. You will see how when you are trying to break into a single computer, sometimes you need to break into the router first. Usually, you need to break into the router first. Unless, you’re performing these phishing sort of attacks, or there’s a web server, running in the background. But, attacking a private device, a private computer, which is usually what people do, preludes to bigger hacks, because they want to extract some sort of information from, let’s say, a company’s employee that’s a network administrator, or somebody like that. One of the basic vectors would be to attack a home router, change the DNS settings there, and try to steal the credentials in such a way, or put the computer in the DMZ of the router, Demilitarized Zone, so that the router is no longer effective for that device. It would just forward all traffic to that device, regardless. So, those are just some of the types of attacks that you can do, but reverse shells will depend on the environment that you are trying to infect, and it will depend on the choice of your attack route as well.

In any case, I hope you got some basic introduction to these terms. Again, if you didn’t figure it out all immediately, don’t worry about it. We will cover of this in great detail, with a lot of examples, and you will understand it. It’s not complicated, do not allow fear to dissuade or stop you, just keep on going in spite of it. If you can just stick in until the end of this course, I guarantee you will understand it. With just a bit of focus, and a bit of curiosity, you will be able to obtain the necessary skills needed in order to become a pen-tester, or an ethical hacker. I bid you all farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato