Posted on

Learn Ethical Hacking Episode #10: Starting Kali Linux, Configuring the Network, and Updating Software

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial! I have the Kali Linux machine running. I left the installation process in the last tutorial because it was, quite frankly, pointless to just sit and wait through it, and wait for it to complete. The Kali Linux installation tends to be a bit longer than the installation of other Linux operating systems because of the prepackaged tools that come with it. However, there were a few screenshots that I have taken which show some of the options that you were given throughout the installation process.

So, there were three options given during the installation. I’m just going to go ahead and open them up here. So, the first one was, do you want to use a network mirror to supplement the software that is included on the CD-rom? This may also make newer versions of software available. I said no because I’m going to do an update as soon as I finish the installation process, and as soon as I configure everything in a proper way. No, I do not want to use any mirrors. I’m going to say no and go ahead and proceed with the installation. So, next up is the grub bootloader. So it is asking me, do you want to install the grub boot loader to the Master Boot Record? Yes, I do. Just click on it, as this is the only operating system on this machine, on this computer. There is nothing that I can mess up by installing the grub boot loader to the Master Boot Record, of the first hard drive, as it is stated here in the instructions. You can use the grub bootloader in order to configure dual boots, or you can put three, four, five operating systems, as many as you like, as many as your hardware can support. Not at the same time of course, but at boot time you will be prompted and asked which operating system you wish to boot. That’s also one of the options that you can have with grub. There’s a final step, it simply states that the installation is complete. If you have used a CD to complete this installation, or a USB, you will need to remove that media and reboot the system, in order for all of this to function. So, that is it. I was prompted with those three very simple questions, and you have the answers here. Just go through them, it will not make much of a difference in the final account of things.

Go ahead and close this, and now I’m going to go ahead and login into my Kali Linux virtual machine. So the username is…this is actually one of the rare occasions where I log into the GUI with root. But, as you can see, as you will soon realize, in Kali Linux everybody just logs in with root. You are not using Kali Linux to browse the web, you are usually using it, 99% of the time, to perform some sort of an attack. And for all of those tools you need to, pretty much for all those tools, you need to be a root user, or have root privileges. Most of the time, there’s no point in having any other users on a Kali Linux distro. So, type in root, press Enter, password was test, press Enter. Your password is whatever you created during the setup. Okay, first I need to do a few things, like updates, in order for me to be able to install VirtualBox Guest Additions. Guest Additions will enable us to use full screen and the shared clipboard, etc. Let me just go ahead and change this. Open up my terminal. Set the view. This is non-technical stuff, this you can configure any way you would like. I’m just zooming it in for the purposes of this tutorial, so that you may see the screen better. But, before we can do updates, before we can do anything, we must verify that we have connectivity to the Internet. So, ping yahoo.com. Nothing is happening. So I cannot ping yahoo.com, meaning that I don’t have access to the external network. I cannot access the Internet. That’s a pretty big problem because pretty much whatever we do will need Internet connectivity for it in order to download packets from the repositories, to perform updates, and to conduct possible scans. So just go ahead and click on devices, find network, network settings, and here you can see by default it will be set to NAT. But, you don’t want NAT, you want bridged adapter, and you want to choose your adapter here. Mine is p8p1, see what yours is, and click allow VMs, virtual machines. So, OK, if you don’t know what the adapter on your machine is, and you are using a Linux system, just go ahead open up your terminal and type in ifconfig. Here you will be able to see a listing of adapters that you have. So you have lo which is loopback, you have p8p1 which is my ethernet connection, this is for some virtual machines as well, and I have wlp2s0 which is my wireless interface. So I know that for a fact that I’m using p8p1, because my network manager tells me that I am. You see connected to p8p1. This is also a better way of actually checking what you are connected to, which adapter you are using. So just open up your network manager in the upper right corner, and p8p1 says connected. Your network managers position can vary depending on how you configure your system. By default it will be in the bottom right corner, but that is easy enough to find either way. Let’s just go ahead and close this terminal. Now we know that we have actually configured our network. But, still, I’m pretty sure I won’t have internet connectivity. Let me just try pinging again, and you see it is simply not working. So let’s just go ahead and check the Kali Linux network manager, and it says wired network but device not managed. That can be a problem, and that is a general problem which you will face with wired interfaces pretty much all of the time. There’s a relatively easy fix to it. You just navigate over in the terminal, type in cd, which stands for change directory, to /etc/NetworkManager. Let’s see what’s in it. We have NetworkManager.conf. I’m going to go ahead and type in nano, which is the text editor that I’m going to be using, and then type in NetworkManager.conf. Press Enter, there we go. It opens up the configuration file. You do need to be root in order to make any changes here. It says main plugins ifupdown, keyfile, ifupdown, managed = false. So where it says “false” just delete this and replace it with “true”. Ctrl + O to save, press Enter, Ctrl + X to exit. Now we need to actually restart our network manager. So just go ahead and type in service network, there we go network manager, restart. Stopping and starting, excellent! Connection established. You are now connected to if updown eth0. Let’s check the connectivity. So ping yahoo.com, excellent! So now we have Internet connectivity. These steps here are quite important. Not so much for the ethical hacking as they are to actually setting up the environment. Setting up the environment itself can be troublesome, you can encounter multiple problems, bugs, etc., and then instead of having to go from one forum to the other trying to find the solution, you can just go through this tutorial. Pay attention and I will show you how to resolve pretty much all of the issues that you might encounter. I myself am doing a fresh install here, and I would be encountering the same problems that anybody else would, and I would like to go over them. More likely than not, if you are performing a virtual machine installation, you will encounter similar problems as I have. Although, should you encounter any other problems please, please feel free to post questions, and I will be more than happy to provide any answers that I can. So let’s just go ahead and clear the screen.

Now that we have Internet connectivity, I would like to perform some necessary updates. Believe me, you need to perform regular updates of the system because you will find that certain things will not work after a while. So let me just change the directory, clear the screen again, type in apt-get update. So I could do this with one command in Fedora, but here I’m going to need two of them. So it’s picking up things from the repositories, excellent! Now I need to type in apt-get upgrade, press Enter, and you see it says after this operation 73 megabytes of additional disk space will be used. That is quite a bit in terms of updates. I mean look at all of the packages, these are all the packages that are going to be updated. The list goes on and on. So, anyway, just type in yes, you don’t actually need to type in a capital Y, you can just type in y, press ENTER, and the update process will begin. Now depending on your internet internet connection, this might take shorter or longer amounts of time. I will leave it here until the updates actually finish, because I don’t want to be standing here in front of the screen. But in any case, these updates will be completed. You’re not going to be posed with any questions like in the Kali installation process. You might be notified of some things, a screen might pop up with some text, that’s perfectly fine. You can read through it and then close it. Those are readme files specifying the characteristics of certain packages and what has been upgraded. Later on, if you wish, you can do further exploration and actually discover what each of these packages contains. In any case, we will continue this process in the follow up tutorial. Until then, I bid you all farewell.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #9: Kali Linux Installation

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will continue with the installation of Kali Linux within a virtual environment.

You may have noticed that I have two screens on which is written Kali Linux, and they are exactly the same except one has a bigger font and a zoomed in picture. So over here, on the left side, this is my virtual machine. The window which I’m moving now is the actual virtual machine, and the window on the right side is just a zooming in app that I have installed in order for you to be able to better see what I am about to show you here. I do not have guest additions installed on the virtual machine, and you cannot install it until you have actually installed the operating system. I will perform the work there, on the left side, and you can monitor what I am doing on the right. There is no difference between left and right in terms of actions, only in terms of font size.

Anyway, I’m just going to go ahead and scroll down to install, press ENTER, and the installation procedure will commence. By the way, if you boot into the live version, the default password for root is just root in reverse, so toor. Just a bit of a brief mention there. Moving along, pick whatever language is suitable for you. You can also pick the uppermost option where it says C, no localization. So if you would prefer a greater degree of anonymity, you can even pick that. But for the sake of this tutorial, there really isn’t a need. If you do pick a language, and I mean a lot of people choose English, you will not be leaving much of a footprint. Press ENTER and here you can choose a country, territory, or area. You can choose whatever you would like here. I’m just going to go ahead and click UK because it immediately offers me a British keyboard that I use, so that’s very nice in terms of settings. In any case, even if you do not choose the correct setting here it doesn’t matter. Later on, after the installation, you can configure it any way you like.

The installation is now underway. I’m going to unbind my mouse because it seems to get stuck in a loop there. Basically, you bind and unbind your keys by simply pressing the right control key. Let me just move this a bit so you can see it a bit better, expand, there we go. There’s some auto configuration going on now, nothing really noteworthy. Let me just change this a bit. There we go. You can pick a host name here. You can just leave it as default, you can leave Kali, or you can actually write whatever you want your computer to be called. So, I’m just going to leave it as the default, but as I said you can write whatever you wish to write there. So, just go ahead and continue. By the way, you don’t have a mouse option here while you’re performing this installation, so pressing tab switches between fields and options. Pressing space allows you to mark the field, and tab means switching fields. So use tab, space, and enter to actually call a function to execute something. I’m going to select continue. Here you can type in your domain name. No, I do not want a domain name at this time. Keep in mind that you can configure this later on as well, should there be a need for it. Just click on continue or hit enter.

Now for the root password I would suggest picking something ridiculously complex and complicated. A lot of people worry that they won’t remember their passwords if they’re long and complicated, but assign a certain logic to your password. Something that reflects the way you think. And then the password can increase in length, and you you will still manage to remember it. So, for example, you can insert a certain word that you use, or that you’re attached to, or something like that. You don’t need to spell the word correctly in the English language, rather instead you can spell it incorrectly and then add exclamation marks, question marks, greater than signs, less than signs, ampersands, and so on. But choose something that reflects your logic, your way of thinking, and make sure that it is more than eight characters. Greater than eight characters is a must-have. It needs to contain capital letters, a few of them not just one. You also need multiple different signs. You should use three or four of them in combination. The more the better. Don’t just type in a word in the English language, and then type in numbers, and then type in signs. You are already assigning a very strict order, so, any brute-forcing attack will go much easier. Try to have a mixture, try to randomize the position of the types of characters that you’re going to put in your password. For the time being, for the sake of this tutorial, I’m going to use one of the dumbest passwords possible. I’m going to type in test. That’s gonna be the password of this virtual machine, and I’m going to hit the continue button. It’s going to ask you to verify it by forcing you to re-enter it, and there we go. But once again I emphasize to use a strong password.

So now we have partitioning methods. If this was my main machine, if this was my host machine, I would definitely do this manually. I would want my partitions to be configured in a certain way. But since this is a virtual machine, I’m just going to go ahead and say guided, use entire disk. It doesn’t matter to me as there is only one partition anyway, and it’s 138 gigabytes. Press Enter. All files in one partition recommended for new users. Sure, we can do that. You can separate the home partition, you can separate all of these partitions. For example, this is something that I did on my host machine. You have a lot of things that are separate, and my main drives are also full fully encrypted. So, even if I lost my laptop, or it got stolen, it would be really difficult to access pretty much anything. Even the BIOS is locked, so you can’t even reinstall it. You would have to open up the laptop, take the BIOS battery out which is underneath my main processor, and you’re more likely to basically permanently damage the motherboard than you are to actually remove and put back the battery in order to reset the BIOS. That’s one of the very nice fail safes for devices, especially for compact laptops. But, in this case, we don’t need any of that. Such configuration and such things are generally done on the host machine. You encrypt your partitions there, you lock the BIOS there, and so on.. While on the other hand, with virtual machines there’s no need to do anything of a kind. The host machines are the fail-safe. If that fails, everything else will fail. So, you don’t need to worry about it, you don’t need those unnecessary layers I would say. They will slow you down in the greater scheme of things. So, press enter, finish partitioning, and write changes to disk. Before I do that, let me just go ahead and explain our partitioning layout here. So you have primary, #1 primary 126.5 gigabytes, space f, space ext4 space /. Now all these things have a meaning, but what you need to know is that like in Windows you have NTFS partitions, in Linux you have ext4 partitions. They are a bit faster, that’s one thing that goes in the favor of Linux, and during the partitioning of the disk, with a Linux system, there is only one partition which is a must-have, which is an absolute requirement, and that is this first partition that I have selected. It’s notation is just a slash, that is the root partition, and you always need to configure it, always. Without it manual partitioning will not work, you will get error messages saying that you must specify a root partition.

Down below we have swap. Swap is basically a fail-safe method. So when you run out of RAM memory you basically tell your system OK, you can have this portion of the hard drive, and you can use it as RAM, which functions in a very slow manner, but it will prevent your machine from crashing. Usually, swap partitions are configured to be double the size of your RAM. My RAM is 8 gigabytes, but here the computer has been assigned 4 because this is a virtual machine, and if you remember at the beginning I have assigned 2 gigabytes of RAM to this virtual machine. So, it just multiplied it by 2. It wasn’t exactly 2, it was just above 2, so I get 4.3 gigabytes of swap space. Now on most of the modern systems, on most of the modern computers, you will not require swap partitions. If you don’t make it you’ll get a warning, but rare are the cases when you will need a swap partition, when you will waste all 8 gigabytes of RAM. I mean it happens to me from time to time, but usually if it happens there’s something wrong with the system, and I don’t want it to continue consuming resources. I want it to stop there.

Anyway, now that you know what some of these options here mean, you have notation for the disk here, it’s SDA. But, we’ll get into that later as we configure the system. So you also have some other options here. It says configure encrypted volumes, configure logical volume manager, (LVM), configure raid, and you can go back to guided partitioning. So these are all very nice options that come for free, and you might think oh, well, that’s no big deal, but believe me when I tell you these things, in proprietary operating systems, they cost a lot of money. While here they are free, and generally work better. What we will be interested in today will not be raid, because we don’t actually need it. You can configure encrypted volumes as well. I will demonstrate this at a later time, encryption methods. You don’t need to encrypt your volumes on a virtual machine, but you can encrypt certain files or folders if you don’t want to grant access to them. However, my hard drives here on my host machine are encrypted, so I am pretty safe in that regard. I’m just going to go ahead now to the bottom, press enter, and finish partitioning, and write changes to disk. Excellent! Let me just move this a little bit so you can see it. Basically, it is asking me for a confirmation, so if you continue the changes listed below will be written to disk. Otherwise, you will be able to make further changes manually. Now it is informing me of the changes to be made and telling me, basically, that all the information will be lost should there be anything there. So write changes to disks, yes. Go ahead and continue with the procedure. The installation process is now underway and this is going to take a while. So, while this is going on I just want to go ahead and pause the video here and finish this tutorial. In the next tutorial, once the installation is complete, I will actually get into Kali, start configuring it, and introduce you to it’s interface. In any case, I bid you farewell, and I hope to see you all in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #8: Installing VirtualBox on Windows

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you how to install VirtualBox within a Windows environment.

Previously, I have shown you how to install VirtualBox within a Linux environment, and it is a bit more complex there because you do need to add repositories, and then pull the packet from the repositories. However, on Windows the process is fairly straightforward. Go ahead and open up your favorite browser, mine is Firefox, and navigate to the following website:

https://www.virtualbox.org/

Click on downloads and choose VirtualBox 5.2.8 for Windows hosts. So just go ahead and click on the link to prompt the download. I’m just going to go ahead and navigate over to my downloads folder, then I’m going to go ahead and double click on the VirtuablBox file in order to initiate the installation wizard.

Keep in mind that this Windows system I am currently using is actually a virtual machine, and I am conducting an installation of VirtualBox within a machine that is being run within yet another virtual machine. You can see I’ve minimized it and I can pull it now around, but it works just fine. The installation process will go smoothly without any problems. So, just go ahead and click Next, and you can actually browse for a different installation location here, but the default one will do just fine. Just go ahead and click Next, create shortcuts, register file Association, sure why not. Click Next. Here it is telling you that it will reset your network connection, so if you don’t want that to happen you might hold the installation process. Anyway, just go ahead and click yes, install, and there we go. Don’t worry about this, it’s not an error, it’s just Windows asking for our permission. Anyway, the installation process has started here without any problems. And as I was talking about it previously, this is a virtual machine within a virtual machine. The installation of the program will finish without any problems. However, if you plan to run another virtual machine within this VirtualBox, within this virtual machine, you might encounter some problems. So, start the VirtualBox after installation finish, sure, why not.

In any case, we have our VirtualBox manager here, and the process of creating new virtual machines is exactly the same, more or less, the options are in the same places. I’m just going to go ahead and close it now. I will go ahead and uninstall it from this Windows system because I will be runnning it on Fedora Linux. I hope that this guide was the helpful for all of the Windows users out there. Much of the world uses Windows, however, for pentesting purposes, for ethical hacking, Windows is not the best operating system to use. It’s a lot harder to make yourself anonymous with Windows, and most of the pentesting tools were actually designed for Linux, Unix like environments, to work in combination with their terminals. However, the choice of the operating system is completely up to you. I will be working with Fedora Linux, and I will most likely be using this Windows machine as some sort of a victim, which we will be attacking and exploiting. Anyway, I bid you all farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #7: Virtual Machine Configuration

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will go ahead and download Kali Linux, and demonstrate the installation procedure within a virtual environment.

So, first off, go ahead and open up your browser, type in Kali Linux, press enter, and click the link which directs you to www.kali.org. It’s https, don’t forget to check that. Go ahead and navigate over to downloads. You can either direct download the ISO file, or you can download it via torrent. Kali Linux, due to the amount of tools that it has that come pre-installed, is fairly large for a Linux distribution. It’s 3 gigabytes, which is huge. I don’t know what sort of internet connection you are working with, but for the sake of this tutorial I have already downloaded it. What you want to do, in case you didn’t already begin the download, is go ahead and click on ISO, click to save, click OK, and the download procedure will begin. The progress will be displayed here in the upper right corner of the browser (Firefox). If you would like to download Kali via torrent, you click on torrents, save file, open up what is displayed here, and it should open up transmission. Yep, there we go. So, it has a few files marked here, you can just go ahead and click open, and it’s going to begin the download process. This might be a bit of a faster option depending on the status of seeders, but it’s really up to you. You can’t really go wrong, especially if you have a faster internet connection. The download speed will not differ much.

Now I need to go ahead and navigate over to my start menu and type in VirtualBox, and as soon as you start typing it gives you a list of options. So, just go ahead and pick this one. You might want to pin it to the taskbar for easier accessibility. I have elected to append it to my left panel here. Go ahead and open up VirtualBox. I have a few virtual machines setup here, as you can see. I have one, two, three, four, five, I have five virtual machines set up. I can’t run them all at the same time, well maybe I could if I reduce the amount of resources that I allot to each one of them. But, I will not be doing that. For the time being, I want to setup a brand new Kali Linux machine. Before I can do that, I need to configure the virtual machine. So, first off, I need to create a new environment in which this machine will be installed. Go ahead and click on new, type in whatever name you wish, I’m going to name it Kali, the choice is entirely up to you. Type, it’s obviously not Microsoft Windows. It’s Linux. And it’s not Ubuntu 64, but since it’s based on Debian, I suppose I can type in Debian 64 bit here. Unfortunately, VirtualBox does not have an option for Kali. Just click Next, and that’s it. Here you will allot the amount of RAM that you want to make available to the virtual machine. Linux is not RAM intensive, it should work fine as it is by default, but I have a habit of allotting it above 1 gigabyte. For the sake of this tutorial, I will allot it 2 gigabytes of RAM. We will be working with some of the programs that can be demanding, and that can be resource intensive, so I want to do this. But, don’t worry about it. If you’ve given it too much RAM, or too little RAM, you can always change this later on. Go ahead and click create a virtual hard drive now. This is the drive that this machine will be using, and just select VDI, VirtualBox disk image. Click Next. Dynamically allocated, that’s very important, and you can read here what dynamically allocated means. Basically, this hard drive file will only use space on your physical hard drive as it fills up to the maximum fixed size. Click Next. Here you will allot the drive space. Now, I have a lot of drive space so I’m just going to allot 120 gigabytes. That is going to be more than enough for this undertaking. Go ahead and click create, and that’s it. Now we have our environment under the name Kali set up.

There is one more thing that we need to do. We need to select the location of the Kali Linux ISO file so our new virtual machine can boot off of it. There is this disk icon here, and when you click on it it says choose a virtual CD disk file. So I have a few here, but none of these are what I actually need. If you have something in your CD-ROM drive you can just go ahead and click here, and it’s going to pull an image from a CD. We have an ISO file that we want to use. So just go ahead and open it up, click on home, and I have it in my downloads folder. It should be around here somewhere, yep, Kali-Linux-1.0.9-amd64. I do believe that I am slightly behind the latest version, but we’re going to fix that with updates once we install Kali. Open it up, it says Kali-Linux-1.0.9-AMD-64.ISO, and that is the type of file that we’re looking for, .ISO. It’s now inserted. You can see it here, marked in blue. So, click OK, double click on Kali, and it says starting.

Now that it’s running, you have a few options here to utilize. You have live AMD 64, live forensic mode, USB persistence, live USB encrypted persistence, or just go ahead and install it. What do these options mean? Live boots can be a USB, CDs, or something of a kind, where the system is booted from an external device. You have failsafe mode, live failsafe mode, well most systems have a failsafe mode. Today, it’s basic boot, and it simply loads the basic applications and services, and this is practically guaranteed to boot. Every time you boot into failsafe mode, unless you’ve messed something up that is in a very, very serious way, failsafe mode will almost always boot. Forensic mode is for investigators, such as auditors. We are not going to be dealing with this mode because we want the full installation. You have live USB persistence which is a very nice feature. You can have, for example, Kali Linux, or many other distros, installed on a USB stick. All of your work will be saved on that USB hard drive, so you can make permanent changes to your system. You also have a live USB option with encrypted persistence. This means that all the information contained on your live USB will be encrypted, and if you happen to lose it, nobody will be able to access your data. So if you lose it, if you have some passwords or something like that stored there, no big deal. You know it’s encrypted. In any case, in the follow up tutorial I will go ahead and proceed with the Kali Linux installation. Also, we will need to install VirtualBox Guest Additions. Guest Additions enable full screen displays of virtual machines. But, more of that to come in the next tutorial, and I hope I’ll see you all there.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #6: VirtualBox Installation Using the Linux Package Manager

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you another, more reliable way to install VirtualBox. If you are wondering why I showed you the previous method, using rpm, it’s always good to have another option. Plus, the procedure is exactly the same if you’re installing any other rpm package. So you just type in rpm -i, and then you type in the name of the package that you have downloaded, so the procedure is exactly the same. I would recommend passing an h argument as well to give you a status bar. It will install without any problems of course, but without the h argument you won’t know what is going on in the background. You might think it’s bugged, or something like that, during the installation procedure.

What we want to do now is install virtualbox using the default packet manager called yum, and pull the package from the repositories. What are repositories? Repositories are places where software packages are stored for Linux distros. You can pull these packets, from your Linux distro, using the default packet manager. It’s very simple, it’s extremely easy, and it’s one of those things that you will absolutely need to know how to do. You will be installing and uninstalling a lot of things during the course of your pentesting career, during the course of pretty much any pentesting exercise in general. So, let me just demonstrate this for you. You type in yum and then you give it a command. I’m using Fedora so I will be calling yum, but if I was using some sort of a Debian distro it would be aptitude, or apt-get. Other distros have their own packet managers, but we’re not going to get into those now. Later on I will show you which package manager Kali Linux uses. So, first off, you type in yum, as I said, and then type in search, which is telling yum what to do. We want it to search for something, so you just type in search. Then you want to search for an approximate name of the package you are looking for. So, perhaps you don’t know the full name, or something like that, don’t worry about it. Just type in a portion of the name, it will suffice, and pretty much everything that contains that portion of the name will be displayed. So we know what we want, it’s VirtualBox, and you might think that this is the full name of the package. It is not, soon you will see. There we go. It has printed out every packet, every package, that contains VirtualBox in its name, in the name of the package, or in the description of the package. You have the name of the package here, colon, and then you have the description of the package. There are a lot of things that have the name VirtualBox, and you’re perhaps wondering which one to install. Well, you need the kmod one. Here you have the kernel version and the Fedora version. So fc would be the Fedora version, and here you have the architecture, it’s 64. I can select it, there we go. It’s 64, and here you have the kernel version. So you can compare it to what system you have. You can use any other distro, the procedure is fairly similar. If you’re using, for example, a Debian based distro, or an openSUSE, or something like that, feel free to ask me if you can’t manage to install it. I will help you out, no problems.

For the time being, I’m just going to go ahead and install it here. Let me just go ahead and clear the screen. In order to install the package you need to type yum install, and then you need to go ahead and type the name of your package, which would be the last one for us. The name is a bit long so I’m just gonna go ahead and copy it, but you see there is one fundamental problem here. The VirtualBox package is not found in the default repositories of Fedora, and that is a bit of a problem. None of these commands would actually work if I did not previously import the RPM fusion repositories. RPM fusion is simply the name for a certain type of repositories containing certain types of packets. So I have imported those repositories, and now I can pull information and packages from them. If I did not do that previously, I would not have been able to do any of these things. Yum search VirtualBox would yield no results, I would get a blank screen, I would get like a message here saying that no packages were found that matched this particular name, and then just a blank screen, that’s it. So that’s going to be problematic.

In order to solve that problem you need to go ahead and open up your favorite browser. I already have this website open to save a bit of time, it says rpmfusion.org/configuration, but here I can just go ahead and search for it. So type into any search engine rpmfusion, so it’s rpmfusion.org. Click on the website, open it up, and here you are going to get instructions immediately. It’s a very simplistic website, it just says for users and says enable rpm fusion on your system. Just click on the link and there you go. You get a listing of downloads, it says free and non-free. Don’t be intimidated with this non-free. You don’t need to pay for anything. It is non-free for redistributable software that is not open-source software, as defined by the Fedora licensing guidelines. Down here you have the actual RPM packages. I will download the first one and then install it using my using my RPM software. Just type in rpm -i and then I would pass this filename as an argument, and it would install it without any problems.

I also want to show you a different way of doing this. If you’re wondering why it is being repeated twice, this is for free, and this is for non-free. What we want is the command line set up using rpm. It says here Fedora 14 is the most current, so mine is 20, it will work without any problems. So you have this very long command, and you don’t really need to know what every single portion of this command is or what it does. Basically, it imports a repository into your system that you are going to use later on. We will go ahead and copy/paste this and run it. You are using your default package manager, you’re using the local install option, you are not checking for certain types of keys, you are giving it the place from which to pull it, etc. Later on as we progress through this tutorial, we will deal extensively with the Linux command line. So, only then will these things become clear to you. Once I actually explain some of the basic and fundamental things, then you will be able to understand things such as those listed within the parenteses. Sorry, not bracket, within the confines of this parentheses. If I start explaining it now it would make no sense, and it would simply complicate things further. As I said, later on when we get into the command line interface of Linux. I will begin from scratch, and move you from a beginner to advanced user in a relatively short amount of time, and then you will be able to understand what all of these things mean. For the time being, just copy this content which is within the confines of these quotation marks, and paste it into your terminal. You will need root access and I am no longer root, as you can see. Just type in su, type in your password, paste this, and press ENTER. It will not install here because I already have it installed. But, on your system, where you do not have RPM fusion installed, this procedure should work without any problems. Go ahead and clear the screen.

Anyway, I would like to show you something else that I neglected to mention a moment ago. This command that we’ve ran installs free and non-free repositories. If you just take a closer look to what I am highlighting at the moment, this is the free one. So it says
http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release. Down below you have the second address, again, download1.rpmfusion.org, and it says non free. So I’m highlighting the entire thing here, let me just zoom it in a bit more so everybody can see, and there you go. You have two completely, well they’re not completely different addresses, but they are definitely different addresses referring to different types of repositories. Anyway, now you can go back to your terminal, stay root because you will need root privileges in order to do this. Type in yum search VirtualBox, press enter. Use the last one, or whichever one suits your current kernel. You can check the current kernel by typing in uname -a, and here we go. So it’s 3.18.7-100.fc20, and then you have the architecture listed here as well. So, clear the screen, type in yum install, paste the name of the package, press space – y, and if you have this command just press ENTER and it will install. I have already installed VirtualBox to save some time. After you’ve installed it, do not forget to type in yum update as well. So, let the system just run through the updates so you make sure that you have the latest version. In any case, that will be it for this tutorial. In the next one I will start VirtualBox up, explain some of it’s features, and hopefully begin installing an operating system within my virtual machine. Thank you for watching, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on 2 Comments

Learn Ethical Hacking Episode #5: Installing VirtualBox with RPM

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, we will be covering our working environment. I will show you how you can set it up.

So, first off, we need to install VirtualBox. Now it doesn’t matter if you’re running Mac OS, Linux, or Windows, you will still need to do this, for several reasons. We’re going to be editing configuration files, and we are going to be be doing it as a root user, so we are always facing the prospect that we might break something. If we do mess something up, it’s much better to be working within a virtual environment. Even if you do mess something up, and even if you don’t know how to fix it, it doesn’t really matter. It is only a virtual machine. You don’t really have any data of importance on it. However, if you mess something up on your main machine, that can be problematic. If you’re forced to reinstall it, you will need to back all of your data up, you will need to figure out where everything is, etc. You may try fixing the problem, and depending on what that is, it could consume a large amount of your time. So, just take my advice install VirtualBox. It’s not that complicated, it’s pretty simple, I’ll show you how to do it in a minute.

There is another reason why we’re installing a virtual machine, and that is safety. We are going to be downloading a lot of stuff from the net, and even though I will be using websites that I consider to be safe, and that many other people consider to be safe, it is always good to have that extra layer of protection. So, even if something happens in your virtual machine, even if it is compromised, it’s fine. It’s a virtual machine. There is nothing of importance there. Your private information is not there, your credit card is not there, there is literally nothing there aside from the free tools that we will be using. So, without further ado, let’s just go ahead and see how VirtualBox is installed.

Now, there are two ways of completeing the installation process. One is preferable over the other. So, the first method is a lot simpler. Go ahead open up your favorite browser, mine is Firefox, and use your favorite search engine. Type in VirtualBox, press enter, and there you go. You can also use the following link:

https://www.virtualbox.org/wiki/Downloads

Straight off the bat you have Oracle’s official site for VirtualBox. Go ahead and open it, and in the upper-left corner it says About, Screenshots, Downloads, Documentation, etc. For the time being click on Downloads, excellent! So here you have a list of host machines. We have VirtualBox for Windows hosts, for OS X hosts, for Linux hosts, Solaris hosts. Actually, for Solaris you can download it from the repositories immediately, but for the time being we cannot use the repositories. We first need to configure them in Linux, and repositories in Linux are places from where you pull your software for your Linux distribution. Anyway, we will need VirtualBox for Linux hosts. I have already downloaded it in order to save time in this tutorial, but you just click on it and then it prompts the download.

VirtualBox is available for multiple Linux distributions. So you have Ubuntu, you have Debian. I am not sure why they have separated Ubuntu and Debian, as Ubuntu is based on Debian, and pretty much everything that works on Ubuntu will work on Debian as well. You have openSUSE, but for the time being I am interested in Fedora. At the time of recording this, Fedora 21 is available, but Fedora 18 will work perfectly fine. It will run without any problems. Anyway, right next to it you have i386 and amd64. This is referring to the 32-bit and 64-bit architectures. If you do not know what your machine is, whether it’s 32-bit or 64-bit, not a problem. Go ahead and open up your terminal, type in uname -a, and press Enter. You don’t need to be root to do this, you can do this as pretty much any user, and you get a listing of information here. So you have the Linux platform, localhost, domain, kernel version, and Fedora distribution as well, it’s number 20, and then you have the architecture. So, it’s x86_64. There we go, 64-bit architecture. Fantastic! Now that we know our system architecture, you can go ahead and click on the corrresponding link. If you’re using a 32-bit system, just click on the 32-bit version. The procedure is absolutely the same, there are literally no differences. It gives me an option to save a file, so just click save, and then click OK. You will find the file in the default downloads folder unless you have configured it in a different fashion. I’m just going to go ahead and cancel it because, as I said, I’ve downloaded it previously in order to save some time in this tutorial.

So, go to your terminal window, clear the screen, you will need to be root in order to perform this. Just type in su and press enter, and type in your password. There is a tool for managing rpm packets, as this is a Red Hat distro. All of the software packets for it have the extension .rpm. Now, I am currently using the Linux terminal, and I will give you detailed instructions throughout the course, but for the time being just follow along. So there’s a command called ls, and then I want to go to the folder downloads. Chronic, that’s me, that’s the username, downloads, and VirtualBox, there we go, press ENTER. I’m going to clear the screen one more time, there we go. Anyway, you see this extension that I have marked, it says .rpm. Now, .rpm represents a type of packet that is meant specifically for certain Linux distributions, such as Red Hat, Fedora, CentOS, and a few others. What you can do is use your default rpm software, so just type in rpm -i, the -i argument is for install, and then specify the path to your packet, to your package, so /home/Chronic/Downloads/VirtualBox, and press enter. Now, this process is automated, there isn’t much that you need to do here. You may need to press yes, and that’s it. However, this is not the method that you should be using. This is a method that you can use, but I wouldn’t advise it. If you do install it like this it tends to break with newer updates, so it can be a bit problematic. I will show you another method in the next tutorial where you can actually use yum, which is default packet manager in order to install this packet, and then update it accordingly. In any case, I bid you farewell, and I’ll see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #4: Basic Terminology (Continued)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. I’m going to continue from where I left off in the previous video. If you have not seen the previous tutorial, I strongly urge you to do so, as the two are closely interrelated. Anyway, previously, we’ve discussed some of these concepts such as DoS, RATS, Phishing, and so on. In this video we are going to cover SQL injections, VPNs, Proxies, TOR, VPS, and keyloggers. Each topic will receive it’s own video in the course where we will go into much greater depth discussing the concept.

For the time being, we have SQL injections, which are simply passing SQL queries to HTTP requests. If they are not properly formatted within the PHP code on the server side, this can present a serious problem. This is always one of the primary considerations for all professional web developers. Later on in the course, I will demonstrate how you can use SQL injections and formulate them. There continue to be a large (mostly unmanaged) number of websites that are vulnerable to SQL injections, because the frameworks on which they are based are vulnerable as well.

Next up, we have virtual private networks, or VPNs. These are services that enable you to anonymize your activity online. Basically, you have a VPN provider somewhere, and if you want to anonymize yourself, you will route all of your traffic through this VPN provider. All of this traffic between you and the VPN provider will be heavily encrypted. So, any other server that is receiving requests from you, it is actually receiving them from the VPN provider. There is no real way of detecting you or finding your physical location unless the VPN provider actually gives it up, which doesn’t tend to happen if you pick the right one.

Down below we have proxies. Now, proxies are a less reliable way of staying anonymous, but you should always make it your common practice to use socks5 proxies. I will explain what these are, I will introduce them to you when we do proxy chains, and then I will explain to you how you can actually stay anonymous while conducting these sorts of activities. You can route your connection through several proxies, but you will soon come to realize that it doesn’t always work. In movies you will see people going through 10, 20 different proxies, but in reality that would be very difficult to implement. The average internet speed, and available bandwidth, simply would now allow it. Most of the free proxies available on the net are not very fast, and routing your connection through several of them will make it very difficult for you to do anything in a reasonable amount of time. There are of course paid proxies, but when you pay for a proxy you leave a digital footprint somewhere, so you can be traced.

Moving along we have TOR. TOR is absolutely free, open source, and it is much faster than using proxies. It’s not faster than VPNs, but it is faster than proxies. The TOR network gives you the ability to “torify” your applications, which in essence means simply routing traffic through certain routes, and using certain devices on the internet for your packets, for your connection to go through. It can be slow from time to time, it is not a 100% reliable, but you will be anonymous to a very large extent if you are using TOR. There are ways of detecting you, but they are highly unlikely to happen. 99.99% of the time you will be almost 100% anonymous. Also, you have the TOR browser which enables you to access the dark web, or the hidden web, whatever you wish to call it. Basically, these websites consist of .onion domains, and they are not indexed by any search engines, and they cannot be accessed by normal internet route, from the typical internet browsing perspective. If you do not have your internet connection configured in a proper way to connect to the TOR network, you will not be able to access any of the hidden web, or the dark net’s websites. I will show you how to access dark web and how to use it, as it has a vast amount of resources that are at your disposal.

Down below you have VPS, or virtual private servers. They can be viewed as an additional security layer. For example, if you have an Apache server running on your physical machine, you can have a virtual machine within that physical machine which will serve as a SQL server for that Apache server. This is done so that the SQL server cannot be accessed from the outside, and so you don’t have a SQL port open on your physical machine. So, only programs and users from that particular machine will be able to access the virtual machine where the SQL Server is. When I show the examples, when we get into it, you will understand it. Here I am just introducing you to the terminology and giving you an idea of what is to come.

We also have keyloggers, which are tools that are used to steal credentials. Not only credentials, but also used to extract information. If you manage to deploy a keylogger on a machine, you can configure it to record all keystrokes, and then to send them to a mail address, to an FTP server. Today, keyloggers are advanced to the extent that they have over hundred options or so, configurable to the fullest of extents, and you can do pretty much whatever you want with them. I mean, they have their basic functionalities still, the basic functionality is still there, to record the keystrokes. But, not only do they record keystrokes, for example, they can extract existing information as well. You can configure their behavior, the stealth level of the keylogger, how it will conceal itself, where it will go, where it will be installed, what sort of information you want to extract. Whether you want to monitor particular folders for activity and do you want to record it. Whether you want to configure them to take screenshots. You can configure them to use the camera on the device from which you have deployed a keylogger to take a picture every five minutes, or something like that. That wouldn’t be the brightest of ideas because obviously somebody would see that you are taking a picture, but those are just examples of what you can do with them. Later on we will actually download a genuine keylogger, install it, deploy it through the methods of deployment, and discuss how you can configure it as well. Although, you should be very careful from where you download your tools, such as keyloggers, remote administration tools, root kits, etc. You never want to download a un-compiled binary file that is not open source, because you have no way of knowing what’s in it, and you absolutely never want to run it on your computer. You might get what you want, the keylogger in this specific example, but your computer might get infected with exactly the same keylogger that you plan to deploy somewhere, or with exactly the same rat that you intend to deploy somewhere. So, that’s not a very bright idea. You should use verified sources for such tools. I will show a few of them later on as I browse the internet and download them, but I’m just making it very clear here that you should be very careful with these things. One of the foolproof methods of doing this is actually configuring a virtual machine, and conducting this sort of activity on that virtual machine. So, even if you get infected, or something like that, it doesn’t matter. It’s a virtual machine. You can reinstall it anytime you would like, very fast, pretty much no information will be lost. More importantly, the primary file system on your main, physical machine will not be accessible from the virtual machine.

Anyway, down below you have the terminal. The terminal is basically an interface, for you, that allows you to control your operating system. Now, the Linux terminal is very powerful, and we will be using it extensively throughout this course. I will familiarize you with it, I will teach you how to use it. To some people it might seem a bit difficult, or a bit tricky at first. There are a lot of commands to type in, it takes some time to memorize them all. You need to learn what to use where. But, believe me, there is a certain logic to it, and once you figure it out you unlock the full potential of the operating system. I have memorized roughly 30% of the available Unix commands, and the rest I simply figure out with -age, or –help. The system pretty much tells you everything you need to know, it helps you out to a great extent, and you are able to figure out a lot of things from just understanding the basic logic of how it works. Now there is some, there will always of course be debate regarding why you would use terminals. Why wouldn’t you just use GUI tools, or something like that? The simple answer is because they are not nearly as powerful as the terminal tools are. Plus, terminal tools have far less dependencies, and most of the hacking tools are basically designed for the terminals. They don’t have GUIs. Many of them do have them these days, but I might not cover over them because the GUI interfaces are not that relevant. When you figure out how to do it in the terminal, you will automatically, by default, know how to do it with the graphical user interface, for that particular program.

Continuing along, we have firewalls. Now the firewall in Linux is configured to the IP table commands. You keep on passing arguments and configuring these firewalls, and this is one of the main reasons why you should not be using any distribution of Windows for this particular tutorial. The Linux firewall is open source, and it has a ridiculous amount of options, a ridiculous amount. I’m not kidding, you can do pretty much whatever you want with it. You can close open ports, forward connections via ports or by IP addresses, forbid certain protocols on certain ports, forbid certain protocols for certain IP addresses, do all manner of forwarding and redirection, etc. This is all available for free with a Linux firewall, whilst in Windows you will have a much more limited scope of options regarding configuration. We want to keep it budget-friendly, and we want to have a powerful firewall. Now, there will be two ways of configuring this firewall, and if you are afraid of messing it up don’t worry about it, because most of the configurations will be short-lived configurations, so to say. All of the configurations made to the firewall from the iptables command, unless specified otherwise, will be temporary, and they will hold until the next system reset. There is a way to circumvent this of course and to configure the firewall rules in the configuration file directly, and thereby making the changes permanent, which is also one of the ways of doing it, but I don’t generally prefer it. I prefer to have a script somewhere which you can run at any time, and it will configure your firewall by default. This is primarily because you can put your tool set on a USB stick, or somewhere online, and you have these quick scripts which you generate, and then they perform these tasks for you in an automated fashion. It’s really simple. I will show you how to make these scripts. You do not necessarily need advanced programming knowledge. Basically, these scripts consist of lists of Linux terminal commands, which we will do anyway. So, basically, the script would consist of a list of those commands, and then you just change the mod of the of the script to be an executable file, run it, and all those commands are passed to the system.

The final thing that I wish to address here is reverse shells. So, there are hundreds, if not thousands, of reverse shells out there that you can use. I will pick a few that we will use depending on the framework, depending on the environment of course, that we want to infect. But, in essence, what reverse shells are, as the name itself says, you have a program with which you infect another device, and then that program opens up a reverse connection from that device back to you. So you can keep on passing commands, you can keep on controlling the system, even though you are nowhere near it. There are different types, of course. Today, with routers and firewalls you do need to do a lot of extra configuration, and there are problems that need to be solved and addressed. You will see how when you are trying to break into a single computer, sometimes you need to break into the router first. Usually, you need to break into the router first. Unless, you’re performing these phishing sort of attacks, or there’s a web server, running in the background. But, attacking a private device, a private computer, which is usually what people do, preludes to bigger hacks, because they want to extract some sort of information from, let’s say, a company’s employee that’s a network administrator, or somebody like that. One of the basic vectors would be to attack a home router, change the DNS settings there, and try to steal the credentials in such a way, or put the computer in the DMZ of the router, Demilitarized Zone, so that the router is no longer effective for that device. It would just forward all traffic to that device, regardless. So, those are just some of the types of attacks that you can do, but reverse shells will depend on the environment that you are trying to infect, and it will depend on the choice of your attack route as well.

In any case, I hope you got some basic introduction to these terms. Again, if you didn’t figure it out all immediately, don’t worry about it. We will cover of this in great detail, with a lot of examples, and you will understand it. It’s not complicated, do not allow fear to dissuade or stop you, just keep on going in spite of it. If you can just stick in until the end of this course, I guarantee you will understand it. With just a bit of focus, and a bit of curiosity, you will be able to obtain the necessary skills needed in order to become a pen-tester, or an ethical hacker. I bid you all farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #3: Basic Terminology

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will be talking about some of the basic terms which you will need in order to follow along with this course.

So, first off, you have three main categories of people. There are White Hat hackers, Gray Hat hackers, and Black Hat hackers. Everything that we will be doing throughout this course will fall into the White Hat category. Those are people whose activities are within the confines of the law. There are people such as penetration testers, ethical hackers, people like you and me, and so on. Next, you have Gray Hat hackers whose activities are bordering between legal and illegal. It’s a bit of a shady area. In addition to that, you have the most known category which is Black Hat hackers. Usually, and unfortunately, every time somebody hears the term hacking it is associated with people from the Black Hat world. There are people who conduct all sorts of illegal activities, or conduct activities without any regard for the law. These activities include extracting information from certain servers, user credentials, credit card information, and take services down for some sort of financial gain.

Moving along, you have footprinting. The act of footprinting is essentially information gathering. You are conducting some sort of reconnaissance work. This can include figuring out the IP address of a server, figuring out which ports are open, and with that you can conclude which services are running. Footprinting doesn’t necessarily need to be confined to the digital world. The act of footprinting can also consist of visiting the physical property of your target. You just walk into the building where the target’s servers are located and have a look around. You can attempt to gather some information there on site. You can dig into their trash containers to look for confidential information. Also, people have been known to go into parking lots to see who the employees are, who works there, all sorts of things. So, this is just general information gathering in regards to your chosen target. It doesn’t need to be confined to the digital world.

Anyway, down below you have certain types of attacks: you have DoS and DDoS. Both are the same thing implemented in a different way. DoS stands for denial of service. These are usually referred to as childish attacks because they are relatively easy to implement. Then you have DDoS attacks which are on a much, much larger scale. In general, what happens here is that you perform a certain amount of requests, more requests than a server can handle, and then the server begins dropping connections. For example, an Apache web server, I believe by default, can handle up to 10,000 connections or so. If you can make more than 10,000 requests, anybody else making any sort of requests will not be able to access the website, because their connection will be dropped. The Apache server will say, OK, I have too many users, I have more users than I can handle, all the other connections will be dropped by default. Thereby, making the site inaccessible even though you haven’t broken into the server. You haven’t really broken through any firewalls, or stolen any passwords, or anything of a kind. But, when you’re DoS’ing something it’s just you. So, all the requests are coming from your own computer. Generally, this will only work if there is a flaw in the way in which requests are processed. However, that is why you have DDoS attacks. When you have multiple computers, multiple connections, and they are all making simultaneous requests to a certain server. This can be extremely difficult to fight off. You need to have a clever configuration of your firewall, and you need to have quite a good firewall as well. Usually, you need a physical firewall to prevent DDoS attacks, and by physical I mean a router firewall.

DDoS attacks are difficult to perform because it is difficult to make the necessary preparations. First of all, you need to go about infecting other devices which you will use, which you will enslave and use in order to perform this sort of an attack. This is the difficult part. The DDoS part is quite easy comparatively. For that, in order for you to infect other computers, you need two things. You need RATs, remote administration tools, and you need to be FUD, fully undetectable. So, it just means that they cannot be detected by anti viruses, or the more precise term would be that they are not labeled as something malicious by an antivirus program. Most of the time you don’t actually need to make your own applications fully undetectable. There are plenty of pen-testing companies out there, and not just pen-testing companies but other companies as well, who will pay very good sums of money if you can make their programs fully undetectable by antivirus programs. Remote administration tools usually go on a USB stick, are sent via an e-mail attachment, or attached to a zip file, and in such a way that they can infect other computers, other devices. These programs then enslave them, and then you can use all of those computers to conduct different sorts of activities. This is beneficial for the attacker because it anonymizes them to a very large extent.

Next we have rootkits. A rootkit is a tool which you install onto an operating system, and it is able to hide running processes from the system itself. So, when you, for example, start task manager in Windows, the purpose of a rootkit would be to hide the processes from the task manager. Basically, how it works is that the task manager requests information from the system, from the kernel, and then the kernel of the system responds, which is the core of the system where all the drivers and the key functionalities are. The kernel of the system then responds, hey, I have this, this, this, and this process running, here you go. What a rootkit would do is redirect those requests from the task manager to itself, and would say, I don’t have such processes running. So, very, very dangerous and potent combinations here that we will use later on as we progress through this tutorial. For the time being, I just wanted to provide you with a bit of an introduction to the course and give you an idea of what we shall be doing throughout some of the demonstrations.

Finally, we have phishing attacks. Phishing attacks are basically when you apply some sort of bait, somebody bites it, then you pull on it. Simple as that, right. The same way you go fishing? Well, not quite. Phishing attacks are when you get an email from someone and there’s a link in it, you click on it, and it throws you onto some website. It may look legitimate. It perhaps looks like a website that you are using, but it is not. You might pass in your credentials, and that can be a problem. This is generally avoided today. What happens these days is that the DNS servers get changed on your routers, and once that happens all the requests that you make on your web browser would get redirected. So, for example, if you type in facebook.com, you’re gonna get the domain with facebook.com from a private DNS server, god knows where, whose MX records have been altered, and they have been configured, for example, to redirect facebook.com to a certain IP address that does not belong to Facebook. So, you open up your Facebook, it looks exactly the same, there is no way to tell because in the upper left corner of the screen you have the domain name written, it’s www.facebook.com, and basically you provide login credentials. Once you do that, they’re gone, somebody has them. One of the ways to detect this would be to check whether the protocol is HTTPS, instead of HTTP. Usually, if these kind of attacks are conducted it’s not going to be HTTPS, as that is much harder to implement. But, if it is HTTPS there really wouldn’t be any legit way of figuring it out other than actually checking the keys, checking their certificates, and no one actually does that. Maybe not anyone, but 99% of users are not going bother to go about conducting such checks. Anyway, I know it sounds a bit complex, but, believe me, I will explain this in great detail. I will give you several demonstrations, and by the end of this course you will understand and know how to do this with great ease. It will not present a significant obstacle in your line of work. Now that we have approximately half of these out of our way, I will continue covering the terms in the follow-up tutorial. I hope to see you all there!

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #2: Course Prerequisites

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will be covering some of the required prerequisites if you wish to follow along with this course. One of the first things that you need to be familiarized with is your working environment. So, for myself, I have chosen to use two Linux distributions. One will be Fedora, which is the operating system I will be running on my host computer. I assume many of you following along will be using Windows, and this is perfectly fine for following along with this course. I will also install a virtual machine that will run Kali Linux. Kali is a Linux distribution which contains a great deal of pen-testing tools, so it’s very useful in that sense. In the following tutorials I will go into great detail covering the installation process, such as how to setup a virtual machine, how to install Kali Linux, etc.

Should you wish to exclusively use Windows, that is definitely not advisable for this kind of activity. Since I’m doing this in the environment that I own, it doesn’t really matter to me if I’m anonymous or not. But, in the real world, all the pen-testing that is done in the real world, you are always trying to anonymize yourself. You’re trying to be as invisible as possible, as often as possible. You do not want administrators figuring out where the attack is coming from. You want to wipe your trail. Windows is not very good for these sorts of things, so there your anonymity level will be very low. Most of the tools that we are going to be using are native to the Linux kernel. They were made for Linux. So, you may experience problems configuring these tools to work with Windows. You can still use Windows if you would like, because you’re not hiding from anyone, but since I’m recreating the real-life scenario, I will be using proxies, VPNs, etc. I would like the demonstrations to be as accurate as possible.

For all the Mac users out there, if you’re using Mac OSX, it doesn’t really matter which version. Many of the tools should work without any problems. The procedures are fairly similar. The command-line tools are the same. How you install them differs, but you will be able to run the same commands as me. So, there shouldn’t be any problems there. Your anonymity level with Mac OS should be relatively good. But, on Linux you have the greatest anonymity, and you are rather safe in that sense.

Moving on from your working environment, you will also require a working internet connection. Even though all of these exercises will work much better with an extremely fast internet connection, some of these attacks are actually conducted from public Wi-Fi, in real life anyway. I will set up a wireless access point in my office and load it so that it’s similar to the public Wi-Fi, which is very slow. Some of these attacks, as I said, they go over public Wi-Fi. And as we all know, and as we’ve all painfully learned, public Wi-Fi is not the fastest internet connection out there. You have a lot of people that are connected to the network, and there’s a lot of data going through. They are not the safest networks out there either. But, as I said, if you want to absolutely anonymize yourself, and that is what some people do. They go out and connect to a public Wi-Fi, or they go to a bar, or something of a kind, and conduct their attacks from there. Now, before they do that they need to figure out whether the bandwidth of that Wi-Fi can sustain their attack. So, they need to minimize, they need to downsize it, and that is how they become absolutely anonymous.

Finally, the last thing that you will absolutely need is a working wireless card. When I say working wireless card, most devices have them. Pretty much all laptops from 2008 were standardized with wireless cards. If you are using a desktop machine that doesn’t have a wireless card, you should acquire one to follow along with the exercises, but you don’t need to. However, you won’t be able to follow along with a large portion of this course. External USB wireless cards are pretty cheap. You should be able to acquire one for $10-15, so they’re not that expensive, and you can get them pretty much anywhere. Anyway, as I was saying, what I mean by a functional wireless network card is that it is recognized by your operating system. So, if you are using a Linux distro, like I am, you need to make sure this Linux distro, that the kernel of this Linux distro, actually has the necessary drivers for the wireless card that you will be using. If you’re using an Atheros card you should be fine. Most Linux kernels support a large number of Atheros devices, if not all of them, in terms of network cards. So, that should be fine. There were some problems with Broadcom, but as far as I’m informed that has been solved. So, no big deal there. If you’re uncertain how to check whether your wireless card functions under your Linux distro, just try connecting to Wi-Fi. If you can connect to a Wi-Fi access point, obviously it works. If you can’t, it doesn’t work. But, don’t jump to the conclusion that it doesn’t work. Try resetting it, turning it off and on, we will cover this in greater detail in the follow up tutorials where we actually go over the installation process.

Before we begin with the Kali Linux installation, I would like to cover some basic terminology that you will need in order to be able to follow along with this course. In any case, I bid you farewell, and I thank you for watching.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #1: Introduction

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this introductory video! Today, I will be talking about ethical hacking, and I will also introduce you to the course itself.

You might have noticed that the term ethical hacking is composed out of two words: you have ethical, and you have hacking. Now hacking, the definition of hacking, is quite broad. The act of hacking consists of compromising any system, not just computer or digital systems. For example, lock picking is a form of hacking. The ethical side of it would be when you have permission to do it, when it’s within the constraints of the law.

Anyway, this course will focus on computer systems. We will cover how to penetrate networks, how to exploit systems, how to break into computers, how to compromise routers, etc. After you have finished the course, after you have absorbed all of the information in it, you will gain the ability to do some serious damage. Now, because of this, I wish to give a disclaimer. First off, I do not encourage any sort of illegal activity. Furthermore, I strongly advise against it. This tutorial is purely for education purposes.

The field of network security is growing rapidly, and many networks tend to be insecure. There are many opportunities for knowledgeable pen-testers, and I hope you find the tutorials useful!

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato