Tutor/support

[dondef]

Hello hackers..

so, I'm trying to learn how to hack.. and by learn I mean, took paid classes online, set up my vm lab(desktop) 2 winXP, win8.1, a winserver 2008 in the future..and installed dual boot kali and Ubuntu on my 3 year old laptop.. everything boots and works..

anyway, I cant hack to save my life.. and I mean I follow lessons in the class, watch some youtube videos containing same topic to help if im stuck, etc.

the problem is this.. I get stuck.. a lot.. and for days.. so I need a tutor.. someone that can say "do this.. or "have you tried this?" or "you should read on this" etc.. you know what I mean.. like an advisor. just because I don't want to look like an idiot in the class dashboard asking 100 questions a day.

anyway, conditions are, you wont get access to my pc #1.. hahahaha obviously you and I need to be careful.. screenshots etc can easily be shared through Skype anyway.. 2. nothing outside the lab or anything illegal.. we can hackthissite a lot if you want.. as they said, they want this site hacked so if you can teach me that, that will be so awesome, something to put on my resume.. hahahaaha

who I am.. I was in law enforcement in Oakland, ca before. resigned.. not retired. im 32.. family man. avid moba gamer. sc2 dota pretty much I play every moba game that make people rage.. bachelor's degree not related in computer.. but I do know how to work myself a bit software and hardware. I guess novice.. but not a beginner.. about to take my a+ exam next month. in the future, cept, ceh n+ +security.

my goal. stay in white hat, but become scary good in infiltrating mobiles and network of companies.. freelance pentester?

anyway, I hope someone is interested to help me get a really good foundation..

oh I almost forgot, jobless right now.. hoping to get a job in IT asap, so for now I cant provide anything for your time.. maybe in the future? or maybe in the future, I hack the pentagon, get away with it and you say I taught him how to do that.. hahahaahahahahaha

[Jbraithwaite]

If you want a bit of confidence in doing successful hacks, run WinServer 2000 or 2003, Windows XP and a vulnerable Linux Server called Metasploitable. There's a lot of open hacks still for those servers. Server 2008 is still pretty well patched even in the default installation state. I work with Server 2008 R2 everyday and try my best on it.

Metasploitable is a deliberate vulnerable server designed to hack. It's really useful and runs in a virtual environment. Loads of tutorials on line for how to do things on it too.

Things you want to be trying to do on Windows is enumerating shares and users over SMB/NetBIOS. Enable Telnet on the Server 2008 box and have a play with that. Using Pen Testing scripts from Github too as they can be helpful.

For a few weeks I was in the same boat but because I work in IT I can come in at another angle. I just asked myself how would someone get in. Think about standard user accounts, their permissions to files and folders and what those permissions can do for a hacker. This will likely lead you on to Privilege Escalation techniques. Going from a standard user, onto Administrator and then onto SYSTEM just by Hijacking DLL files.

Using software DLL's found in things like Flash installs to spring board up to Admin accounts can be really useful. I'll point you to a couple of videos on the subject.

PenTester Academy
https://www.youtube.com/watch?v=e_l5TCgw3wo

Brett Moore
https://www.youtube.com/watch?v=kMG8IsCohHA

Both really good videos, not long but it gives you something to think about. Learning how to use Windows SysInternals tools can be really helpful too.

Hope that helps for now. There's no reason to stop at an Nmap scan and think "I don't know where to go next" Think about other things. LIke Wireshark to listen on port 445, 139 and SMB/SMB2 protocols. View TCP streams and see what you can get out of the outputs. It's very interesting.

Also think about using DNS scanning to enumerate other servers. Not useful on a lab with one server, but it's a part of a real process. Works on Web Pentesting too.

Just a few things

[dondef]

thanks for the reply.. I've watched those videos twice, read your comment 3x and still stuck..

I'm not asking for someone to hold my hand.. just someone to guide it? I mean answer elementary questions I guess..

an example would be,

Me: why have cant I get a handshake when I use airodump -ng?

I've tried running it for 24 hours, devices are connected to it, but it doesn't get a handshake. something like that. very elementary but I cant figure it out.

then you will Skype me and say : well have you checked if your hardware can inject?

Me: yes. I checked and im getting these results.. then paste a screenshot.

then you will give me other suggestions. something like that.. like I said, a tutor.

Please help me out. anyone. someone. I really want to get this done but for a month, haven't gotten any other response.. I'm starting to get desperate but I don't really want to beg, but I am already begging..

[Jbraithwaite]

Scrap my advice above. Get yourself on to Vulnhub.com and download some of the vulnerable VM capture the Flag challenge servers and run them locally on your machine. Do these things on everything you test.

Detect the IP on your home network

ifconfig on your own Linux box and detect the network in use. I use NAT on both Kali and server VM's so the IP is always 10.0.2.x. Nmap scan the range in your network to find the server IP

nmap -sP 10.0.2.0/24

Once you find the server

nmap -sSV IPADDRESS - This will list the ports open on the server. This is also a very basic scan to get going. If port 80 HTTP is open you would naturally visit the IPADDRESS in your browser to see any websites the server has. Most Vulnhub VM's have associated websites to attack. From there it's a version detection hunt and a vulnerability hunt and this is where you turn to google. For instance Drupal version 7 exploit would turn up an exploit-db page with steps on what to do next.

Essentially the goal is to hack the server and get ROOT privileges on the box to find the flag.txt file. Every VM is different. Some are a pure drain like Tr0ll 2, but here's a list of ones I've done in order of how easy they were.

Simple CTF
Seattle Sounds
Sick OS 1.1
Droopy
Sick OS 1.2
Lord of the Root
Skydog CTF

They all have the same make up. Document as you go using Keepnote so you can refer back to it, if you get interrupted. I often have several things open at the same time in my Kali box and use the Windows Key + Tab to switch between them.

*Burpsuite - I proxy all websites I visit for hidden directories. Saves time over using Dirb or Dirbuster.
*Terminal with several tabs scanning
*Firefox for searching for vulnerabilities in software versions I find.

Over everything, you need to document anything you find.

Server version
Webserver version
Any Web Access firewall? (WAF)
Is Cloudflare detected? Not on VM's but later when you get into real life stuff.
What software is running on the ports? -sSV helps with that in nmap

If you're really still stuck after all that, then start from the beginning again and learn the fundamentals on how systems work. How a client gets a website. What happens in the background. How you connect to a server over a network, that sort of thing. Learn to map it out in your head and even drawing it on paper. Do anything you can to forge that shit into your grey matter.

That's a starter to be honest, and it'll get you going. There's a lot more to it, but going through all the walkthroughs on the site will help you understand it a lot more.

Also check out Pentester Lab for downloadable vulnerable websites where you can perform Cross Site Scripting attacks, SQL Injection attacks and loads of other top attack vectors.

There really is no shortage of places to learn and practice. You just need to get a wee hint sometimes. To be honest you really are in for a rough ride if you're totally new to this with no prior experience of even just basic IT. It's not impossible to learn it, but I'd stop following Youtube videos totally, and concentrate on reading books and doing VM's like the above sites.