Hacking tutorial part1

Course : Overview

Build your own ethical hacking lab
Steps for Ethical hacking
Scanning with Nmap
Scanning with Nessus
Exploits with Metasploit
Working with Backdoors
Post Exploit : Meterpreter
Gather, Present, and Monitor your report

In order to complete this course :

Memory 4GB
Storage 50 GB free
Proc, any processor supporting Virtual Box VMware

Welcome to penetration testing with Metasploit 4
Exploring VirtualBox
Section 1 Build you own Lab.

We will need to install Kali Linux, Window 10 and Metasploitable on Virtualbox, if we did not have this kind of technology we will need to have three separate machines in order to do all this tasks

Safe working environment ( Machine can be deleted, added, cloned )
Virtually have multiple machine
Internal network option ( separated from our main network )
Free of charge

You will have to go to https://www.virtualbox.org/ and download the version for your machine, Linux, Mac, or MAC.

On windows you will have an exe file, and have to maybe disable any antivirus during install. On Mac open the DMG file and follow the steps

When you first open Virtualbox, you will have a vanilla configuration

On the same download page, you will have also to install the extension pack.

Now you are ready to install any OS on Your virtual Box

Hacker Jargon

Reconnaissance, passive information gathering using open source tools, social media, dumpster diving, Linkedin announcements, Netcraft. where you will get Background, Network, Hosting History, E-Mail settings, Technology related informations Go to https://www.netcraft.com to analyze a website, enter the url, and then go on site report Reconnaissance, passive information gathering using open source tools, social media, dumpster diving, Linkedin announcements, Netcraft. where you will get Background, Network, Hosting History, E-Mail settings, Technology related informations

Netcraft also calculate a risk rating.
Zenmap is the ideal tool to learn Nmap, as we can chose the type of scan we want to run from the profil. The more intense the scan is, the more chance we have to get noticed by the system, the company may run an Intrusion detection system called an IDS.

We are in the active information gathering phase right now, so the the target computer might understand something is going on, and might block you.

Try to do a quick scan, and we get open port. Then an intense scan, no ping to get more detailed information, try until we get the information we need. So if we go to the Ports / Hosts we will have the version of the software they are running, and then we can check according to the version if an exploit actually exist

Mostly used by industry professionals
In-depth analysis
Expensive tool
Nessus home edition

https://www.tenable.com/downloads/nessus

This is where you download Nessus Home edition, make sure you download the 64 bits editions.

To install a Debian package on Kali Linux use :
Exit
root@kali#dpkg -I *.deb
root@kali#service nessusd status
root@kali#service nessusd start
root@kali#service nessusd stop

When your installation is complete, it will take you to a dashboard that look like this. This is the starting point, where you decide which kind of scan you decide to perform

We can also install Nessus on a Mac, or a windows machine.

Once Installed, you will have to open a browser on go to the following url : https://localhost:8834

The results look like this : rom Critical to Info level.
Back to your Nessus Dashboard.

Agressive Network Scan
then, we will have an agressive network scan. Same give it a Name, Description, an target IP ( Metasploitable2 ), and then click on save, then if we need to make a change, we can go back to configuration, otherwise we can just run the scan. If you go to the configuration, you will find the Nessus Plugin, these are used for more in depth scan, if we are scanning a Linux target, of course we can disable all the Linux and the ones we don’t need for the scan to go faster.

Special important Options :

We can add known credential
Enable Safe Checks if uncheck Nessus will work faster, but we might get noticed easily.

Advanced scan takes longer to run than Basic ones, again let have a look at the results.

Section 5 Exploits with Metasploit

Section 6 Backdoors
Understanding Trojan Backdoors
Install Veil on Kali
This will fo the trick to install veil on Kali

root@kali:~# apt-get -y install veil
root@kali:~# /opt/Veil/config/setup.sh --force --silent

Other important apt command on kali linux

root@kali:~# apt-get update
root@kali:~# apt-get upgrade
root@kali:~# apt-get autoremove
root@kali:~# apt search packetname

Now we will deliver the backdoor to the windows machine.

So let’s start an apache server to deliver the payload, then copy the payload at the root of the apache server.

root@kali:~# service apache2 start
root@kali:~# cp /var/lib/veil/output/compiled/test_payload.exe /var/www/

Or an other solution is to use python to server the file as follow :

root@kali:/var/lib/veil/output/compiled# python -m SimpleHTTPServer 8000

Apache will be listening on port 80 as defaults, and python http server on port 8000

UPDATE NEXT WEEK