Category: Ethical Hacking

Posted on by

Complete Metasploit System Hacking Tutorial

Hello everyone and welcome to this Metasploit system hacking tutorial! Let’s start with familiarizing ourselves with the Metasploit framework. The Metasploit framework is a penetration testing tool and it comes pre-installed in Kali Linux. It is mostly used for the exploitation of systems. You can also use it for scanning. In Metasploit you will utilize modules, payloads, nops and many other pre-made programs. Before we begin using them, let’s define and make them understandable. After that we will execute our first exploit. For a limited time, you can enroll in the complete course on Udemy for only $9.99!

As I said, the Metasploit framework is a tool for developing and executing code against a remote, target machine. In Metasploit you have access to the MSF payload creator which makes this process relatively simple. You can access Metasploit with the following Linux command:

msfconsole

There is also a program called Armitage which enables you to interface with the Metasploit framework using a GUI.

The two most important terms we will be using throughout this section are exploit and payload. An exploit is a vulnerability in a computer system. For example, if we detect that a target is running a vulnerable piece of software, we can take advantage of it and exploit it. A zero day exploit is a vulnerable system that hasn’t been previously discovered. That is why it’s referred to as a zero day, it hasn’t been fixed yet. There are different types of zero day attacks. Some can be far more dangerous than others.

One of the most infamous zero day vulnerabilities was EternalBlue. EternalBlue was discovered in 2017 and allowed anyone to access a Windows 7 machine, without the user executing anything. So you could connect to the same network and exploit the Windows 7 machine if it was running a 445 open port. We will target the EternalBlue vulnerability later on in this tutorial. Now it is highly unlikely that we will discover any zero day vulnerabilities. We will be exploiting targets with already known exploits with our reverse shells.

That brings us to payloads, which is what reverse shell is. Once we exploit the vulnerable software we will deliver a payload. A payload is a piece of software that enables you to connect to a target machine and then perform some action or extract information. Now we will cover the different payloads in great detail in the upcoming tutorials, but for now, let us start up the Metasploit framework and take a look at the environment.

Now before we use the msfconsole command to start Metasploit, let’s execute the following command in our Linux terminal:

service postgresql start

This will make Metasploit run faster since it is using the database. Now you do not need to do this if you don’t want to, but it will help Metasploit run faster.

Let’s open up Metasploit framework. In order to do that you just need to execute the following Linux command:

msfconsole

Since this is a virtual machine, this might take a few seconds to open depending on your PC speed. The first thing you will notice is this banner right here. Take notice of all of the tools available to us in Metasploit. Currently at this time, March 2019, we have 1854 available exploits, 1049 auxiliary modules, 325 post-exploitation modules, 546 payloads, 44 encoders, 10 nops, 2 evasion. We will cover what all of these are in the next lecture, but for now let us cover how we can navigate through this framework.

So the first logical thing that we should do is type “help”. The help command will give us the available commands that we can run. We will be using the “use” command quite a bit throughout this tutorial. In Metasploit, you typically type “use” followed by the exploit that you want to use. Since we are beginners and do not know the names of the modules or exploits, we can also use the search command in order to find out them.

If you just type here “search”, and let’s say we want to find Windows exploits. So type the following in your Linux terminal:

search windows

This command will give us all of the available Windows exploits available in the Metasploit. As I said previously, there’s over 1800 exploits in the Metasploit framework. We will cover only a few of them. If we were to cover all of the available exploits this course would be hundreds of hours long.

We will not be running any exploits, for now, since we don’t have a vulnerable target. I just wanted to show you some of the commands that you will use in order to select your exploits. We will begin exploiting targets in the next lectures right after we cover the basic structure of the Metasploit framework itself. I will explain what nops, encoders, payloads, exploits, post exploitation tools are in the next video.

Before we finish, you might have noticed that I can type “ifconfig” in the terminal once we have entered a Metasploit session. You can run system commands from this command tool. You can run all of the commands that you can run from a simple terminal in the Metasploit framework command line. So you can also run nmap or netstat, and you can also run any other system command through this tool as well.

So that would be about it for this tutorial. Now you might have further questions about Metaploit, don’t worry, we will cover this framework in great detail moving forward. I just wanted to show you the simple environment of the Metasploit framework itself, and some of the more important commands that we will be using. I will explain the modules that we have in the Metasploit framework in the following lecture. Bye!

You can get The Complete Ethical Hacking Course Bundle to get access to this and 7 other courses! Our Forever Course Bundle gets you every course I produce, for life!

Posted on by

Complete Python Hacking Tutorial

Hello everybody and welcome to the beginning of our new Python for ethical hacking course. In this Udemy course we will be coding our own penetration testing tools. If this is your first ethical hacking course, I’ll be sure to make this course beginner friendly, and explain everything as we go. For a limited time, you can enroll in the complete course on Udemy for only $9.99!

We’ll start off by installing our environment and setting up our Kali Linux machine. If you are not a beginner and have watched other ethical hacking courses, you probably already have the Kali Linux machine installed. If so, you can skip the introductory part and go right into the coding section.

What we will be doing in this course, as it says, is we will be coding our own tools that we will use for ethical hacking attacks. Most ethical hacking courses consist of scanning, enumeration, exploitation, backdoors, keyloggers, bruteforcers and many other attacks on the websites. There are many other activities covered as well, but most are performed with tools created by other people. What we want to do is actually code some of our own tools and make them useful for our future attacks. We will begin with coding a port scanner. We will try to create something similar to nmap. We will start off our attack by scanning the port, scanning the target and checking out the banners for the versions of software running on the target system. Then we will proceed to actual exploitation and attacking, brute forcing SSH, brute forcing FTP and on other protocols as well.

We will also code a reverse shell. If you’re coming from my previous ethical hacking course, you probably already have an idea of what a reverse shell is, since I covered it in that course. We will build off of what we coded in the previous course, as well as add additional functionality in this one. Now if you didn’t take my previous course don’t worry. I will cover everything in great detail for those of you who unfamiliar with both ethical hacking and Python.

I will not actually be showing you how to code in Python. This is not a Python course. I will, however, explain everything as we go through and code our own tools. Since teaching you how to code in Python would consume too much of our time, I will explain to you everything that we are doing in great detail. So, don’t worry even if you don’t have any previous experience. You can still attend this course and learn a lot from it.

Now, as I said, we will begin by creating our virtual environment. We will use VirtualBox and Kali Linux for this purpose. The Kali Linux machine is where we will run our attacks, where we will code our own tools, where we will compile them and run them.

You can code on Windows or MAC if you wish. If you have Python installed on another system, you can actually code all of these tools in that environment. If we run into something that can’t be run on a Windows environment, I will make sure to actually say that before we start coding. I would advise you to download Kali Linux if you wish to follow this course. For those of you who don’t have it installed, I will show you how you can download and setup a Kali Linux machine.

So, that’ll be about it for this introductory post. I hope you will enjoy this course and I hope you learn a lot from it. Please use it for your own purposes, as long as they are on the legal side. Please don’t use this information for anything that isn’t legal, such as scanning targets you do not own, attacking targets you do not have permission to attack, or basically anything that is illegal.

So, that would be about it for this post. I hope I see you in the next lecture where I’ll show you how you can download VirtualBox, the newest version, and Kali Linux 2019. I hope you enjoy this preview video and I hope I see you in the course!

You can get The Complete Ethical Hacking Course Bundle to get access to this and 7 other courses! Our Forever Course Bundle gets you every course I produce, for life!