How to be a Hacker – Learn Hacking from Beginner to Advanced

With an increase in technology, lots and lots of vulnerabilities are popping up daily. To keep up with such fast technology growth, everyone needs to update themselves with the latest hacking and exploitation tactics. Just knowing how the technology works are of no use, you need to practice hard to improve yourself. 


You could say I am using commercial tools, implemented dev-ops and defense-in-depth concepts in my organization – I am secure. NO, you are not. It's not just for organizations; it's for every individual, no Anti-virus can block all kinds of attacks and malware – you need to be aware of the attacks and their process to secure yourself. There are many attacks which tools cannot recognize and because of which many organizations and individuals are getting hacked daily.



There are many kinds of penetration testers, some of the pen testers are web application pen testers, Network penetration testers, wireless pen testers, IOT pen testers, Blockchain pen testers and many more. Choose what you want to start with. Eventually to become an omniscient hacker you need to learn everything for sure. Hacking is not just penetration testing, you should be able to code, perform malware analysis, think out of the box, perform forensic analysis and most important qualification is Never give up, try and try until you or the system die.

How do I Start to learn Learning Hacking?

Hacking is quite a long process, Never jump to exploitations directly, start with reading books & watching videos on security and hacking basics. There are many free books online through which you can get a lot of understanding of how things work. For web application pen testing I would suggest Web Hacking 101 book which describes web application penetration testing very clearly.
 It's not possible to learn hacking overnight, the more practice you do, the much better hacker you become. There should always be a process to start anything, it's the same for hacking as well. There is something called the cyber kill chain framework or the order or phases to be followed to hack something. Even if you are trying any advanced techniques, these phases are mandatory. 

Books:

Basics of Networking  (This is enough to start with)


Web Hacking 101  (Very Clear Explanation of Web Application Pentesting)

There are many books which are of hundreds of pages, but these two books are enough to start with. I don't want to get you bored with lots of stuff. Reading books will never get you anywhere (of course books are important to gain knowledge), but ultimately you need to practice on your own. Start with these books and in this article I mentioned a few other platforms to improve your hacking skills to a great extent. You can test and improve your hacking and penetration testing skills. You can check out the Free Ethical Hacking Course Which covers almost all basics.

Step by Step Process to Learn Hacking in a Professional way:

Security professionals, ethical hackers, and even black hat hackers follow this way for the smooth flow of process and documentation. Documentation and recording your progress is mandatory to avoid any kind of issues.  If you can follow these processes and practice more you can learn to hack from beginner to advanced level in a short amount of time compared to some random trial and error methods. By reading this you will know the process to start with. All you need to is practice and enumerate more, without enumeration you will get nowhere. Enumeration is the main and hardest step in hacking anything, by practice you will learn to enumerate faster.

Phases of the Cyber Kill Chain Framework

1)   Reconnaissance
2)   Weaponization
3)   Delivery
4)   Exploitation
5)   Installation
6)   Command and Control
7)   Actions on Objectives.

Phases to Hack/ Pen Test an Application/ Network/Operating System

1.   Reconnaissance:

Reconnaissance or information gathering is the first step in hacking or performing a penetration test. In the information getting phase, you need to gather all the required information to hack or pen test an application or a network. Without gathering the information it's like running on the path that you don't know of. So, it’s good to start with information gathering first. you need to perform a vulnerability assessment on the target machine which can be done through nmap, Nikto, enum4linux, smbmap.

What to collect in Information Gathering?

Server details, Application platforms, languages used, find all open ports, Applications along with their Versions Email address, usernames, IP address, images/videos/docs, IM’s, Public records, location, blogs and lot more

Tools for Information Gathering:

Whois, Nslookup, ping, Maltego, Recon-ng, shodan, nmap, Wappalyzer (chrome plugin)

2.   Weaponization:

Based on the information gathered a payload (a malicious piece of code which is to be run on a target machine) has to be developed which is used to hack the target machine. A payload can be of any type or can be developed in any language – a payload should be selected based on the vulnerability available on the target machine. Payload should always be of a very low size and undetectable.

Tools to create a Payload:

Msfvenom (can create any kind of payload), Empire, web shells (thousands of web shells are available online)

3.   Delivery:

Always target might not be in our network or sometimes we might perform a black box testing and don’t have access to all the resources. So, we need to create a path for ourselves and move on. We need to create a vulnerability or make someone create a vulnerability and send our payload to the target.

How to deliver the Payload?

Via email, IM’s, USB drive, embed with a pdf/word/image/audio/video file, upload it on the target server, by finding file upload vulnerability.

Tools to deliver a payload

Metasploit, SET (Social Engineering toolkit), Go-Deliver Github

4.   Exploitation:

After delivering the payload, you need to exploit the target by exploiting the vulnerability present on the target machine to execute the payload (Code). Most used exploits are Multi/handler and EternalBlue (just to name few). Exploitation doesn’t only help you send the payload to the victim, Exploitation can also be defined as cracking something using any kind of algorithm/method/technique.

Tools for exploitation:

Metasploit, Empire, Aircrack-ng, Joth-the ripper, sqlmap

5.   Installation:

In the Installation phase of hacking a network or an application - you need not do much, just run the payload that you delivered to the target, using the exploit.  Sometimes delivery, exploitation and installation might happen at the same time – that might happen if there is any severe vulnerability like “File Upload Vulnerability”. If you find this kind vulnerability it’s very simple to take over the whole server just by uploading a suitable payload and getting the required access.

For security, it's better to run your applications with a low privileged access user account. That way even if the Application is exploited, a hacker needs to gain access to the root to get potential information. Getting a root from a user level is kind of difficult, Privilege Escalation attacks are to be performed to gain root access. Which makes it harder for the hacker to hack the system.

6.   Command & Control:

Just installing the payload on the target machine is not enough, you need to set up a communication channel between the target and the hacker. To maintain command and control or in short C&C, hackers need to maintain the payload in a persistence behavior. This is done by setting a listening port on the hacker machine and running the payload on the target machine or a simple reverse shell.

How to maintain a Persistence communication between the target and the hacker/attacker:

In most of the cases maintaining a persistent connection is pretty hard, a persistent connection can be achieved by binding the payload with the running process or the process which starts with the system boot/startup like "Time".

Tools for Command and Control:

Netcat, ncat, reverse shells

7.   Actions on Objectives:

Now you got a persistence command and control connection over the target machine. Finally, time to get the required potential information from the target machine. You can use search functions to get the required data and send those required files over the server by creating your own file transfer session using any programming languages or tools.

Tools for Data Transfer:

Python HTTP server, PHP server, netcat, nc

Deleting Traces?

Just getting your information is not enough, you need to clear tracks of your arrival and departure XD. I mean whatever you do on any system, a log and an event are generated. A black hat hacker never leaves any traces behind – what they do is "delete all the logs of their activity" and disrupt their connection with the target machine as if nothing happened.

So, how do a forensic investigator or a Security Expert Detect/Mitigate Hacking activity?

Let's take a scenario in which an attack already took place and the security experts are unaware of the attack before it happened and got to know about it only after the data loss. What Forensic investigator or a security expert does is they go through all the log activity and the running processes on the victim machine. Usually, in a corporate environment, there exists a defense in depth-in-depth concept in which logs are shared to the Security incident and event management (SIEM) devices at a certain time interval, in which a log backup is always stored and analyzed. In case all the logs were deleted on the victim machine, all those deleted logs can be fetched from the SIEM.  Thus by reading the logs security experts can take action.

I will say once again “Enumeration is the key to Hacking – Enumerate more and more. Even if you think you already hacked a device – Enumerate it more, you might find some juicy information or you can improve your knowledge”.

Here comes a question, how do I improve? Well, there are lots of platforms to improve your hacking and penetration testing skills and keep up the pace with the hackers. So, here are the best Platforms to improve your hacking skills, some of them are applications, websites, operating systems and forums. You need to work on all of the tools to be a Pro. But practicing few can make you a lot stronger technically and mentally.  

To hack or crack a real-time machine you need to think out of the box, there are thousands to ways to hack an application, but only a few works, we need to enumerate every process and applications available on the target machine and exploit it. 

All of this might not happen in a day or two, you need a hell lot of patience and practice. So, to help you increase your ethical hacking skills here is the list of platforms that I think are best to improve your hacking skills. There are lots and lots of walkthroughs and tutorials online for the Platforms that I provided here.

Best Platforms to Improve Your Hacking Skills

1)  DVWA: Damn Vulnerable Web Application

This is one of the best and basic applications available for learning web application penetration testing and to improve your ethical hacking skills legally, DVWA is an open source PHP/Mysql based web application. DVWA does not contain all kinds of attacks to practice but this is the best one to start and test your skills. In DVWA all the Vulnerabilities are classified into 4 difficulty levels – Low, medium, Hard, Advanced. You can start with low and try Advancing to Advanced level. Try exploiting everything.

This can be easily installed on windows by copying into XAMP/MAMP/WAMP Servers, you can easily download and install them. For Linux, you can either run it on a LAMP Server or you can even paste it into /var/www/html and run apache2 server. You need to manually setup a few things for it to work.

Default Credentials for DVWA is admin/password

Vulnerabilities to Practice on DVWA:

·         Brute Force
·         Command Execution
·         Cross-Site Request Forgery
·         File Inclusion
·         Insecure CAPTCHA
·         SQL Injection
·         SQL Injection (BLIND)
·         Upload
·         XSS Reflected
·         XSS Stored
·         XSS DOM




2)   Multillidae 2 – OWASP:

Multillidae is an Open Source Web application to test, practice and improve your ethical hacking skills. This is one of the projects by owasp. Multillidae contains all owasp top 10 vulnerability of 2007, 2010, 2013 and 2017 as a separate category to practice. Same as DVWA Multillidae has difficulty levels. Multillidae can be run on windows as well as Linux. This is pre-installed on Metasploitable and can be accessed very easily. Multillidae can work on XAMP, WAMP, MAMP and LAMP

Vulnerabilities to Practice on Multillidae: All OWASP TOP Vulnerabilities

OWASP Top 10 2007

A1 - Cross Site Scripting (XSS)
A2 - Injection Flaws
A3 - Malicious File Execution
A4 - Insecure Direct Object Reference
A5 - Cross-Site Request Forgery (CSRF)
A6 - Information Leakage and Improper Error Handling
A7 - Broken Authentication and Session Management
A8 - Insecure Cryptographic Storage
A9 - Insecure Communications
A10 - Failure to Restrict URL Access

OWASP Top 10 2010

A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards

OWASP Top 10 2013

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards

OWASP Top 10 2017

A1:2017-Injection
A2:2017-Broken Authentication
A3:2017-Sensitive Data Exposure
A4:2017-XML External Entities (XXE)
A5:2017-Broken Access Control
A6:2017-Security Misconfiguration
A7:2017-Cross-Site Scripting (XSS)
A8:2017-Insecure Deserialization
A9:2017-Using Components with Known Vulnerabilities
A10:2017-Insufficient Logging & Monitoring

                             Download Multillidae From Here

3)   VulnHub:

One of the best sites to test and improve your hacking skills. VulnHub provides a lot of vulnerable machines, it contains all kinds of operating systems with all kinds of difficulties. The best thing about VulnHub is you can find a lot of walkthroughs for every vulnerable machine. You need to download the vulnerable operating system – import the operating system into your virtual machine and run netdiscover –r IPAddress/Range on your Kali Linux or any other Linux Machine. Find the Ip address and start the cyber kill chain framework.

I guess there are more than 100 vulnerable machines to test and improve your hacking skill. Almost all of the machines are not more than 1GB in size which is a fair size to download and learn. Just by hacking the vulnerable operating systems from VulnHub you can become an advanced hacker from beginner.

PROS of VulnHub:
1)  Best Community – New Vulnerable Operating systems will be added regularly
2)  Available for both VMware and Virtual Machine
3)  Walkthrough available for all machines
4)  All Flavors of Operating Systems available
5)  Special Operating systems for Web Pen testing/ Network Pen testing Available
6)  OS size is not more than 1GB (Almost all of them)
7)  You can submit your own VM or a Walkthrough
8)  Root 2 Boot Devices available 
9) CTF Type Vulnerable machines Available 

How to Run VulnHub Vulnerable Operating systems:

1)   Download any OS
2)   Import the OS into VMWARE/ Virtual Box
3)   Make sure both the Operating Systems (kali and the Vulnerable OS) are either on NAT or on Bridge.
4)   Run “netdiscover –r IP/range
Example: netdiscover –r 192.168.1.1/24

4)   HackTheBox:

Hackthebox is clearly not for beginners, first test your skills on vulnhub then go for HacktheBox. To enter HackTheBox you need to solve a very simple challenge. Once you solve the hackthebox registration challenge, you can have access to hackthebox labs which are too good. They even have challenges that are like CTF and the vulnerable machines which are of boot 2 root type and updated regularly.

Hackthebox divides everything into Active and retired. Every new machine or the challenge added to the hackthebox will be in the Active Category. Once the machines become old or if the fan base is too low or for any other reasons they take down its status and categorize that machine or challenge as Retired. Unlike VulnHub, Walkthroughs should not be published for active machines and active challenges in hackthebox. Once a machine is retired anyone can publish a walkthrough. It is done so that, the vulnerable machines are challenging.

CONS of HackTheBox:

1)   Not all retired machines are free to access, only 2 retired machines will be given to free users. You need to purchase a VIP
2)   VIP costs 10 Euros/Month. The price is quite low for the quality of the machines.
3)   You cannot download the operating system and freely use whenever your want
4) Free users cannot reset the machines

PROS of HackTheBox:

1)   All of the vulnerable machines represent real world scenarios
2)   No walkthrough for active machines until they are retied.
3)   Awesome Forum support – Lot of people available online to help you achieve your goal by providing hints
4)   Windows Servers/ Active Directory vulnerable machines are also available
5)   No need to download anything, just connect to the HackTheBox servers via VPN.
6)   Required very less bandwidth
7)   Europe and US Servers available to access
8) Jobs Portal available inside HackTheBox – you can opt for one.



Now you got to know about all the processes and phases to be followed to start and learn to hack. So, what are you waiting for?

Conclusion:


Well, that’s all I wanted to share in this post. So, give it a try – always follow cyber kill chain framework and you can succeed in any attack. Just seeing and reading is never enough, you need to practice harder to become elite hacker. Even a beginner can start this and succeed in hacking just by practicing enough. Never try to hack or do a pentest on the system that you don't have access to or written permission to perform a penetration test. 

When you are not able to get something Google it, Google can provide you an answer for everything. If you are not able to hack something means you didn't try enough. Always Enumerate More and More. Enumeration is the key to success in hacking or penetration testing. Start with DVWA/ Multillidae and then go for VulnHub Machines and HacktheBox. If you aspire to be a network penetration tester VulnHub and HacktheBox are the best available resources for you.

Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment