metasploit

Hack with Metasploit – Exploitation

If you have been following along with our Hacker Methodology series you’ll remember that conducting a hack on a target is a logical process. So far we have completed recon of our target machine in our hack lab. Our next step in hacker methodology is the exploitation phase. This is the phase where we gain access to the target machine.

We will go deeper into metasploit, its commands and its features a bit later, this is a brief overview combined with an example to get you thinking about some of the things that you can do.

(more…)

Best Wifi Hacking Adapter

Lets very quickly define WiFi hacking. WiFi hacking is gaining access to network via wireless means. Gaining access to a wireless access point would be the same thing as being plugged into a switch on a network. In short, we’re on the network.

But how do we get onto networks? What makes one wireless antenna better than another?

There are literally hundreds of wireless antennas that exist. If you are going to be using Aircrack-ng consult the compatibility list. The compatibility list is not complete, but use it as a gauge.

To classify what is the best WiFi adapter for hacking we need to get into a little antenna and radio frequency theory.

(more…)

Hack Methods – Active Recon With Nmap

Overview

If you have not reviewed the Hacker Methodology write up now is a good time to check it out. It will provide you with a much better overview of how we are logically gathering intelligence in order to create a solid basis for the later phases of hacking or penetration testing.

In this overview we’re going to learn about some of the common uses of nmap, go over a few of the switches or options and how they work and then wrap it up with an example of a scan.

Disclaimer: nmap is considered to be recon for further action and can be taken as hostile intent. It’s a grey area between illegal and not, depending on how good of a lawyer you have. I recommend ONLY using this in our Hacker Lab. Used incorrectly it is VERY obvious when you are scanning.

(more…)

Basic Hacker Methodology – Steps to the Hacking Process

Overview

Many beginners don’t understand that hacking or penetration testing follows a very logical process and when broken down can really clarify tasks and goals. During this write-up I will use a fake company as an example and use very general examples of how each step is completed. Our target will be a fake company called SillyVictim and all we know is that they have a webpage and they have an internal company network. Our goal is infiltrate this company and obtain admin privileges. I’ll be using my metasploitable and Kali VM’s from my previous lesson as examples on how to apply this methodology.

(more…)

Building a Hack Lab For Free: Part 1

Overview

A frequently asked question is “How do I practice?”. Well today we’re going to show you how to safely create your own hack lab environment completely free on a Windows machine.  You can do this on a *nix or even OSX, VirtualBox supports any of them and is the only installation required. The best part about having your lab in a VM is that if you have any problems, you and quickly reset your machine to a previous state without compromising your main machine.

Part 2 of this tutorial can be found here.

(more…)

How do I start Hacking?

Often times on the /r/howtohack subreddit you’ll find a post that’s similar to “I want to be a hacker, how do I start?”. My problem with a question like this is its so open ended. Its not precise enough, its not focused. One of the most popular “How to be a hacker” posts defines the term as “most having to do with technical adeptness and a delight in solving problems and overcoming limits”. Most people who have this innate problem solving personality would have already scoured the internet but the sheer level of information out there today is mind boggling. Where do you even start?

That’s what I did, I searched until my eyes bled, Googling my way through trash tutorial after another and marveling in how much information there was. For me, the problem was there was too much of it and I had no idea where to begin. I bounced from project to project which gave me no real results. I found my way through formal education and job experience and I hope to relay some of that structure here with the Roadmap.

(more…)