Master Ethical Hacking 2019 Course Curriculum!

  • 1
    Introduction and installation!
    • Before we begin!
    • Virtual Box install tutorial
    • Kali Linux install tutorial
    • Going full screen in Kali Linux!
  • 2
    Basic commands!
    • Basic commands - part 1
    • Basic commands - part 2
    • Basic commands - part 3
  • 3
    Prepare your lab!
    • Changing IP address and setting up wireless adapter
    • Creating bootable Kali USB
    • Important networking terms
    • Important hacking terms
    • Few things to do after installing Kali Linux
    • Changing our Mac Address - Macchanger
  • 4
    Footprinting!
    • Google hacking
    • Nikto basics
    • Whois tool
    • Email harvesting
    • Shodan
    • Zone transfer with dig
  • 5
    Scanning!
    • Installing Metasploitable
    • Nmap - part 1
    • Nmap - part 2
    • Nmap - part 3
    • Zenmap
    • TCP scans
    • Nmap bypassing defences
    • Nmap scripts 1
    • Nmap scripts 2
  • 6
    Web penetration testing!
    • Installing Owasp
    • HTTP request
    • HTTP response
    • Burpsuite configuration
    • Editing packets in Burpsuite
    • Whatweb & Dirb
    • Password recovery attack
    • Burpsuite login bruteforce
    • Hydra login bruteforce
    • Session fixation
    • Injection attacks
    • Simple command injection
    • Exploiting command injection vulnerability
    • Finding blind command injection
    • Webpentest - basics of SQL
    • Manual SQL injection - part 1
    • Manual SQL injection - part 2
    • SQLmap basics
    • XML injection
    • Installing XCAT and preventing injection attacks
    • Reflected XSS
    • Stored XSS
    • Changing HTML code with XSS
    • XSSer & XSSsniper
  • 7
    WPA2 cracking
    • Wireless attacks theory
    • Putting network card in monitor mode
    • Capturing handshake with Airodump
    • RockYou.txt
    • Cracking with Aircrack
    • Cracking with Hashcat
    • Making password lists with Crunch
    • Making password lists with Cupp
    • Rainbowtables - part 1
    • Rainbowtables - part 2
    • Installing fluxion
    • Finding and cracking hidden network
    • Preventing wireless attacks
  • 8
    Man in the middle
    • ARP protocol basics
    • MITM attack theory
    • Installing MITMf
    • Manual Arpspoofing
    • Problems while installing MITMf
    • HTTP traffic sniffing
    • DNS spoofing and HTTPS password sniffing
    • Hooking browsers with BEEF
    • Screenshotting targets browser
    • Cloning any webpage
    • Ettercap basics
  • 9
    System hacking
    • MSFconsole enviroment
    • Metasploit modules explained
    • Bruteforcing SSH with Metasploit
    • Attacking Tomcat with Metasploit
    • Getting Meterpreter with command injection
    • PHP code injection
    • 2 Metasploitable exploits
    • Wine installation
    • Crafting Windows payloads with Msfvenom
    • Encoders & Hexeditor
    • Windows 10 Meterpreter shell
    • Meterpreter enviroment
    • Windows 10 privilege escalation
    • Preventing privilege escalation
    • Post exploitation modules
    • Getting Meterpreter over Internet with port forwarding
    • Eternalblue exploit
    • Persistence module
    • Hacking over Internet with Ngrok
    • Android device attack with Venom
    • Real hacking begins now!
  • 10
    Python basics
    • Variables
    • raw_input
    • IF ELSE statement
    • FOR loop
    • WHILE loop
    • Python lists
    • Functions
    • Classes
    • Importing libraries
    • Files in Python
    • Try and Except rule
  • 11
    Coding advance backdoor
    • Theory behind reverse shell
    • Simple server code
    • Connection with reverse shell
    • Sending and receiving messages
    • Sending messages with while true loop
    • Executing commands on target system
    • Fixing backdoor bugs & adding functions
    • Installing Pyinstaller
    • First performance test of our backdoor
    • Trying to connect every 20 seconds
    • Creating persistence - part 1
    • Creating persistence - part 2
    • Changing directory
    • Uploading & downloading files
    • Downloading files from Internet
    • Starting programs from our backdoor
    • Capturing screenshot on target PC
    • Embedding backdoor in image - part 1
    • Embedding backdoor in image - part 2
    • Checking for administrator privileges
    • Adding help option
  • 12
    Creating keylogger for backdoor
    • Importing Pynput
    • Simple keylogger
    • Adding report function
    • Writing keystrokes to a file
    • Adding keylogger to our reverse shell - part 1
    • Adding keylogger to our reverse shell - part 2
    • Final project test
  • 13
    Basic authentication bruteforcer
    • Printing banner
    • Adding available options
    • Starting threads for bruteforce
    • Making function to run the attack
    • Bruteforcing router login
    • Bypassing antivirus with all your future programs
    • Sending malware with spoofed email
    • What's next

What Does This Course Include?

  • Lifetime access to 25+ hours of ethical hacking video tutorials filmed in 2019!

  • Access to our Facebook group and Discord server for answers to questions!

  • Download every video and then watch anywhere with no internet connection!

  • You will love this course or we will give you a full refund within 30 days!

Start Watching on YouTube!


Student Questions, Instructor Answers!

Enroll in the course to enjoy answers to your questions from the instructor as seen below!

Student

Someone know how to download pass txt. Is impossible?


Instructor

Which password list you want to download exactly ? Right here at this link https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt    You have a github repository for a password list with 1000000 passwords! There you can git clone that page or if that doesnt work you can go to the Raw part of the page where you will see list of all passwords then press CTRL + A to select all and copy it in any .txt file

GitHub

danielmiessler/SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, ...


Another option would be to go on your Kali Linux machine and navigate to folder /usr/share/wordlists! You can do that with this command "cd /usr/share/wordlists". There you will have some password lists that already come preinstalled in Kali Linux and you can choose which one suits you the best!


Student

Could is be possible that my IP address has been blocked from installing VirtualBox/Kali Linux in my system?


Instructor

You cant access the internet on your Kali Linux machine or what exactly is the problem ? If so try clicking on your kali linux machine and go to settings, then go to network settings and if you want your local IP address to belong to your local network change the NAT option to Bridged Adapter and select your adapter there! If you are talking about not being able to install Virtual Box at all I dont think your IP address could be blocked from doing that. If this is not the case could you explain your problem a little bit more in detail so I could help you with solving it!


Student

The problem is that, I have tried all I could to download VIRTUAL BOX and KALI LINUX but could not install on my system. The first time i tried it, Everything was fine. but when I got to ISO Image. That one could not, then I UNINSTALL and since then to install it back has become a big problem now for me for the past two weeks

It can only allow the installation of the old version , but KALI LINUX could not  install

It' s really disappointing


Instructor

If you are having problem installing or downloading kali linux try with different version. For example if you tried installing the 64 bit version on your VirtualBox try to install 32bit now and see if that will work? If it gives out any error let me know what does it say. The alternative to Kali Linux if nothing works could be Parrot OS! It is in my opinion as good as kali linux and it is used in security and pen testing as well. Here is a link to their website where you can download it!  https://www.parrotsec.org/

Parrot Security

The best choice for security experts, developers and crypto-addict...

Discover our awesome cyber security GNU/Linux environment. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own software or protect your privacy with anonymity and crypto tools.


Student

Alright Thanks very much, let me try it at once.


Instructor

No problem! Feel free to show us if you got any error while doing it so we can resolve it and get your kali Linux or parrot OS working!


Student

Still encountering the same problem.

Is Kali Linux the same as Ubuntu Linux?


Student

Not the same, but similar. Kali, as well as Ubuntu, are both built off of the Debian codebase.


If you are trying to install a virtual instance, Offensive security.com has downloads for both VMWare and Virtual box.


Follow this link to download whichever you need. https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/

Kali Linux Downloads – Virtual Images


Student

My system could only allow the installation of the old version of Virtual box. Does this Kali Linux has old version too? Secondly is it { Kali Linux VMware Images} or {Kali Linux VirtualBox Images} which of them should I install?

Again Kali Linux, is it ISO or OVA?


Instructor

You can use older version of Virtual Box It shouldn’t present any problems! If it does please post the error here so we can resolve it! Also you want to download Kali Linux VirtualBox Image which will give you a .iso file with newest Kali Linux being the size of around 3.3GB large. Just make sure to first check out of your PC is 64bit or 32bit and if virtualization is enabled in your bios. This can cause a problem when installing 32bit version of Kali Linux. If the New version of Kali Linux presents problem while trying to install it on older version of virtualbox you can install the older version of kali Linux no problem! Most of the stuff if not all of the needed stuff will be exactly the same in both of them! If you need any help with something else feel free to post here.

The difference between ISO and OVA is that ISO file for kali linux is something that you use during installation of kali linux or if you want to burn the disk image onto your USB drive for example. The OVA you will typically encounter when exporting a certain virtual machine, it will be saved with name something.ova


Student

Can you send me a link of old version of Kali Linux? Let me try it too. because the new version after installing it, To add it to Virtual box is the main problem. I don't know how else to do it?


Instructor

There doesn’t seem to be a link on google for it as they all get redirected to newest Kali Linux version. If you want to download older version best place is to search it on torrent and download it from there! Could you give us some detailed look at the error you are getting? Maybe I can help you resolve it. What does it say when you try to add new version of kali linux to virtualbox?


Student

FATAL: No bootable medium found! System halted

Here is what is displayed on the screen.

I am waiting for it to give me the option to select Graphic..... something like that. But it never displayed anything ,  just stand still.


Instructor

Can you try and follow the instruction from this video right here https://youtu.be/OonETK7oIcA  Try to execute everything the same and see if it still prompts you with an error!

YouTube

Codexual

How to install Kali Linux 2018.2 on VirtualBox


Also check out forum right here where people have encountered similar error and here they say how they were able to solve it! https://askubuntu.com/questions/413594/what-does-no-bootable-medium-found-mean-in-virtualbox

Ask Ubuntu

What does "No bootable medium found" mean in VirtualBox?

I have recently been trying to install VirtualBox, when this message came up:


No bootable medium found!

Can somebody please tell me what went wrong?


Student

Alright, Thanks. Let me try it out carefully.


Instructor

Hello, I just checked and I am able to connect and access everything on Uthena. Are you still having problem connecting to it?


Student

hello sir in master ethical hacking course while downloading tilix and tor ot ws showing error there is no package so please reply me to resolve this one


Student

Just got the ethical hacking course bundle excited to get started


Instructor

Can you please send a screenshot of the error or copy paste the error right here so I can know in more detail what the error is about ? This will help me in better understanding where the problem is occurring and then we can get it resolved as soon as possible!


I hope you will enjoy all the ethical hacking courses in that bundle. If you have any questions regarding any errors or problems you might encounter feel free to post them here so we can fix them!


For the no Package found error with Tor I will refer you to this link https://unix.stackexchange.com/questions/259592/problem-installing-tor-on-kali-linux  Here someone had similar problem and solved it with the following commands specified in the answer part!

Unix & Linux Stack Exchange

Problem installing tor on Kali Linux

I'm trying to install tor on my Kali Linux 2016.1 (kali-rolling). When I type apt-get install tor in Terminal, this error appears:


Reading package lists... Done

Building dependency tree 

Rea...


Student 

Can you enter to my computer and solution exploit finished but no session was created

Please

Someone knows how to solution exploit finished but no session was created


Instructor

Can you please tell me which lecture was it or what attack were you doing so I can help you with the error?


Student

How can I get a solution these someone help me please isn’t showing any apps?


Instructor

The reason why no files or directories are being displayed is probably because there aren’t any in that certain directory? Are you sure you had any files in there before and that they aren’t by any chance in some other directory?


Student 

Guys a have a question to hack pc with payload you need to have good internet because when I open virus it take me long to load and it didn’t load.


Instructor

Does the payload eventually connect after certain period of time or does it just hang there without ever connecting ? Are you sure you specified LHOST IP Address to be the same IP Address as your output IP from the "ifconfig" command ? If you have Network Settings set to NAT could you change it to be Bridged Adapter and make sure to specify the adapter that you are using and that is also supported by Kali Linux! Also double check if the information you specified in payload creation such as Local IP to listen on and Local Port are same as the settings you specify in your metasploit multi handler!


Student 

man you are the best.

Guys I have other problem

I don’t know if I need to install another windows because when I exploit it exploits the meter prefer only my pc and the other that I have no I am thinking that I have before other viruses created that why no

My pc shows meterpreter the other not exploits? When I activate virus?


Instructor

If you have windows as main host operating system and kali linux as virtual machine you can attack your windows host from kali linux! However make sure to first check whether your Windows OS is 32 or 64bit. If it is 32bit you can must use windows/meterpreter/reverse_tcp! If it is 64bit you can use widows/meterpreter/reverse_tcp as well as windows/x64/meterpreter/reverse_tcp since on 64bit OS you can run both 32bit and 64bit programs so both should work. If you are running a virtual machine thats running windows and you are trying to attack that machine make sure to specify it to be on Bridged Adapter the same you did for Kali Linux Virtual Machine!


Student

Guys does it work for windows 10 or only windows10 because is launching long.  man I perform it … wtf why?


Instructor

No it does not work on Windows 10. Double-pulsar attack can only be performed on Windows 7 Host that hasn’t been updated for at least 2 years!


Student

Guys why it’s not working the hack multi/handler payload

In my own pc it works.  On the others no and I tried?  Does it work for windows?


Instructor

You are trying to attack your router at IP of 192.168.1.1 which most likely doesn’t have tomcat or isn’t vulnerable to the attack. Make sure to test attacks on vulnerable targets!


Student

Guys I have a question.  when I download the owasp.  I will be able to hack others pc like not mines?


Instructor

The owasp is made vulnerable on purpose so you can test and practice already known exploits! It has nothing to do with hacking other PCs. The only way to hack other PCs is if they haven’t been updated for a long time or if they are running a vulnerable software which can be exploited. The only current way for hacking up to date PCs is over meterpreter payload which needs to be delivered either over some link, gmail, usb or similar!


Student

So the payload dont works to connect others pcs.  yeah that’s what I am saying sending payload for example image does it work to hack pc?


Instructor

The payload you specified in the screenshot doesn’t work to hack other PCs.


Student

I don’t get any error it just exploits my pc the others no?


Instructor

Make sure to be on the same Local Network as the other PC as you are running the attack with local IP address specified as LHOST. If your target is not in your LAN the attack will not work unless you perform a port forward or use ngrok!

Why Learn Cyber Security in 2019?

You are about to experience an awesome ethical hacking course completely for free with brand new tutorials just created in February 2019 that will empower you to go from knowing absolutely nothing about hacking into getting started today.

You might wonder, why would I want to learn ethical hacking? What is it?

Ethical hacking is just hacking used for good, to help people secure their websites, their applications, and their online properties.

Ethical hacking is an extremely valuable job skill that the more applications, the more website, the more software that is created, the more ethical hackers are needed to keep these things secure, to proactively find the vulnerabilities before real hackers or black hat hackers find them.

This is a very valuable job skill that you can work on Upwork and other websites online, and you can get a full-time job in this almost anywhere in the world. You can see people right here on Upwork earning a fortune and earning great hourly rates all over the world to do ethical hacking.

I just put in “ethical hacking,” and I filtered for 10K plus earned to show you the ones who have been working consistently in ethical hacking.

You can see anywhere from $10 an hour at the very lowest as a security consultant to over $100 an hour to be an ethical hacker that is certified and experienced with a consistent job success.

This is why I have executive produced this video course for you, to give you this free very valuable skills here to help you get these same results in your life online.

What you are about to watch is a free preview from our “Master Ethical Hacking in 2019“ course available on hour next-generation educational marketplace, Uthena.com.

You can see that as of today, the course has got six sections of videos from introduction and installation, basic commands, prepare your lab, footprinting, scanning, and web penetration testing.

All of these are included for you for free in what you are about to read or watch on YouTube, starting with the introduction from your instructor, then a Virtual Box installation tutorial, next a Kali Linux installation tutorial, then going full screen in Kali Linux followed by basic commands, preparing your lab from changing IP address and setting up a wireless adapter to creating a bootable Kali USB, and different terms you need to know for networking and hacking, and a few things to do after making the installation, changing your mac address.

All of these you can look in the description of the YouTube video and find a time point that allows you to skip straight to that time. If for example, you just want to go straight to important networking terms, then jump back to change your IP address, then go into footprinting, you can look for the time points and click down in the video, and skip straight to those sections.

After you are done with footprinting, then we have got scanning, including Metasploitable, Nmap, Zenmap, TCPscans, then into web penetration testing.

These are the videos that we have produced in just three weeks for this course working together with the instructor. We have planned 20 plus hours total for this course for you over the next few weeks. We have got seven hours already in the course, all that you are going to get to watch in this video.

When you buy the course on Uthena, you also get lifetime access and first immediate access to all the videos that come up. You get no ads on it and you get a 30-day money back guarantee.

You will either love this course, or we will be happy to give you a refund. You also get a Facebook group and Discord channel that you can join where you can ask questions and network with your fellow students.

If you would like to buy the course, will you please buy it today because I imagine you will love watching the course on Uthena with no ads and no distractions.

If you would like the very best value, you can get the Ethical Hacking Forever Course Bundle, which has three new courses that are actively being produced right now.

There are over 10 hours of video in this bundle now. I imagine there will be hundreds of hours of bundles soon.

The “Ethical Hacking Forever Course Bundle” gives you all of the ethical hacking courses I make forever, which means the ones for 2020 and 2021, and all of the advanced courses, all of these will go in this Ethical Hacking Forever Course Bundle that I’ve just launched today with this video, starting with these three courses to begin and all of the courses to come.

A forever bundle means that you buy this one bundle and I indefinitely add courses to it for you. Every time there is a new version of the course, you will get that right away for $48.81 today.

Thank you very much for getting started with “Master Ethical Hacking in 2019.”

It’s time now to start with the “Before We Begin!” section with your instructor.

I’m Jerry Banfield.

Thank you very much for reading this.

I imagine you are going to love what’s next.

Best Hacking Course for Beginners in 2019?

Hello everyone, and welcome to this “Online Ethical Hacking” course.

Now, before we begin, I would like to talk about a few things that you might be interested in, such as the legal side of using the things that you will learn in this course.

You are probably wondering what could possibly make this course different from any other course you attended online or any other course you watched on YouTube, Udemy, or basically anywhere else.

Let me first answer the second question.

There is a difference between this course and other courses that you probably watched.

First of all, I decided to split this course into three sections, the beginner section, the intermediate section, and the advanced section.

Now, the thing that differs in this course from other courses is the advanced section.

What we will be doing in the advanced section is making our own tools, we will be coding our own advanced tools, and not the basic kinds of tools. Most likely we will be coding our own Metasploit framework, for example.

This means we will be coding our own command and control center that can receive many connections from other PCs, not just one. We will be coding in the advanced reverse shell, backdoor, keyloggers and many other tools used by ethical hackers.

Now, if you don’t know what these tools do yet, we will be covering all those in the beginner and in the intermediate section, but we will be covering the tools from other people. In the advanced section, we will be making the same tools just by ourselves.

Now, the programming languages that we will be using are Python and C because I find those programming languages mostly used by ethical hackers.

C is a low-level language and it is harder than Python, and things that you can do with Python in like three lines takes you about 20 lines in C.

We will be covering both of those programming languages, Python so that you can make things faster and C so that you can understand things better.

We will also be covering in the advanced section a little bit of assembly language, which we will be using for our exploit development part.

Now, for you that are wondering what we will be doing in the beginner section, we will be covering the installation of Virtual Box and Kali Linux.

Virtual Box is basically a program that allows us to make our own virtual machine. We use a virtual machine so we don’t crash anything in our main machine. If we make a mistake, or if we delete a file we shouldn’t delete, it will basically just stay on the virtual machine, and if it doesn’t work anymore, we can just delete it and start over again.

This file is the Kali Linux.

Kali Linux is a Linux distribution, or an operating system that is used for ethical hacking and penetration testing.

Now you might be asking, why is it used for that?

Well, basically it comes preinstalled with some of the best-known tools used for ethical hacking.

It comes with a bunch of programs that we will use and cover in the next tutorials. In the intermediate section, we will be covering those tools that are pre-built into Kali Linux and also some of the tools that are not built into the Kali Linux.

We will be downloading those tools from the online GitHub repository from other people who made them.

As I said, later in the advanced course, we will be making our own tools.

Now, there is also one more important thing I should mention, which is the legal use of these methods that you will learn in this course.

You should not be using these methods on any device or website you do not own or on any device or website you do not have permission to use. It can get you into some serious trouble and possibly jail time if you make a big mistake.

So please, do not test any of these methods on devices you do not own. We can make all of the things we need in our virtual environment and we can do our attacks from there.

Now that’s about it.

I hope you will enjoy this course and I hope I see you in the next lecture where we will be downloading Virtual Boxand Kali Linux.

I hope I see you there and take care.

VirtualBox Installation Tutorial 2019

In this post I’m going to show you how to download the VirtualBox program and the Kali Linux distribution that we need in order to start hacking.

First, just open up your Google Chrome or Firefox and type “Virtualbox” in the search bar.

It should lead you to this page where you just click on the first link, which is virtualbox.org and basically as you can see right here, we have this green button that says: “Download VirtualBox 6.0.”

At this time, the version is currently 6.0, but it might be a higher version when you start this tutorial depending on whether they upgrade the version or not.

So, just click on the green button to download VirtualBox 6.0 and it will lead us to this site where we can choose our platform.

I am running this on Windows 10, so I will click on the “Windows host.” If you are running this on Linux, which I honestly doubt, you can click here on the Linux distributions, and we also have “OS X hosts” and “Solaris hosts.”

It started downloading the setup program for the VirtualBox and it is 210 megabytes large, which will take me some time because my Internet is not that fast. It is around one megabyte per second, so this will take around three minutes.

Now, while this is downloading, we will go to the Kali Linux page, which you can find by simply typing “Kali Linux”in your search engine. This will lead you to this first link right here, which says, “Kali Linux, penetration testing and ethical hacking on Linux distribution.”

Here we can see the developer Offensive Security. The initial release was on 13 March 2013, which was five years ago.

We just click on the first link and it will lead us to the official site of Kali Linux.

Now, what we want to do is download the distribution. So we just click on the “Downloads” menu and select “Download Kali Linux.”

Basically it will give us a bunch of these options, a bunch of these different versions of Kali Linux.

Now, the two versions that you will be interested in are these two: Kali Linux 64 Bit and Kali Linux 32 Bit.

My machine is a 64-bit machine, so I will be downloading the 64-bit Kali Linux, but if you are running this on a 32-bit machine, you can download the Kali Linux 32-bit version.

They are basically both around the same size. The 32 Bit is a little bit larger. I don’t know why, but both are around three gigabytes large. The current version of the Kali Linux is 2018.4, and at the time you are downloading, this might be a higher version.

We will just click here on HTTP, you can download over Torrent if you want to, but I will download through my browser and I will just click the link and it should start the download for me.

As I said earlier, my Internet is really slow, so this will take around 6 hours for me.

We won’t be waiting that much, so I will just cut the tutorial until this download finishes and we can continue from there.

As you can see right here, we got the two files that we need, the VirtualBox setup program and the Kali Linux ISOfile, which is our operating system that we will install.

First of all, we will install the VirtualBox.

So, just double click on the file that you downloaded and it should start up a welcome box first that says, “Welcome to the Oracle VM VirtualBox.”

Basically, this is just a welcome message for you and we will just click “Next” right here, and it will lead us to this setup window.

Now, if you want to, you can change your things, but I really don’t like to mess with this stuff. It’s basically already configured as you will need it, so I won’t change here anything.

I will just go to “Next.”

Here on this window, you can just check if you want to make a desktop shortcut or if you want to create Start menu entries.

Basically, I just leave all of these checked. If you do not want a desktop shortcut, just uncheck it, simple as that, and we can proceed to the next step.

Now, this is a warning that pops up every time you install the VirtualBox. It basically says that while installing you might be disconnected from the Internet, which hasn’t happened to me and I installed this like a lot of times.

It might happen to you, so if you are running this or if you are running anything important in the background over the Internet, you might want to wait until that download or anything you are doing finishes before you press “Yes”right here.

Since I’m not running anything at the moment, I will just click “Yes” and we can click “Install” to begin the installation.

Now, this might take a few minutes, around 5 minutes I believe. That’s how long it took me last time.

So I will just wait until this finishes and I will get back to you as soon as this is done.

Here we are.

It finished the installation process of the VirtualBox.

Now, in the point of installation it asked me for the administrator password, so it probably asked you as well. Just type in your administrator password and it will continue the installation.

We want to check here to start Oracle VirtualBox after installation and we just click here “Finish.”

So right now, it should open up a window for your VirtualBox.

Note that you won’t be having any of these machines right here.

These are just my machines that I previously made even before the installation in the previous version.

You won’t be having any of these Kali, Kali Linux, win7, and any of these machines right here.

This will all be empty for you.

What we want to do basically is to create a new machine together.

So, just find wherever on your version of your VirtualBox is this blue button which says “New.”

Click on it and it will open this little window right here where it will ask you for the name and the operating system you want to install.

So, basically, I will just name this “ethical hacking machine.”

You can change the machine folder if you want to. It is saved right here for me, and we want to install Linux. For me, it automatically puts Oracle (64-bit), which I want to change since Kali Linux is a Debian based distribution.

I will just find Debian (64-bit) since I installed the Kali Linux 64-bit version. Once you check all of this and once you make sure it is Debian 64-bit, we can continue on the next step.

Right here it will ask you for your memory size that you want to use. Basically, RAM memory which you want to give to this machine.

So, for example, I have 8 gigabytes of RAM memory and I will give around 4 gigabytes for this machine, which means that I will be leaving the rest of the 4 gigabytes for my main machine to run.

Now, be careful here. You do not want to over give the RAM memory because it might make your PC a lot slower and it might make the virtual machine unusable. Basically, it might even crash your PC if you just put in all the RAM memory for your VirtualBox machine.

If you have around 4 gigabytes of RAM, 2 gigabytes will be more than enough for your virtual machine, but just in case I would put here 4 since I can leave the other 4 for my main machine.

So, right now I will click on “Next” after putting 4 gigabytes of RAM and it will lead us to this window where it will basically ask us for our hard disk.

Now, it says here that the recommended size of the hard disk is 8 gigabytes, but later when it gives us that option we want to change that. We want to increase the size of the hard disk for this virtual machine.

Here it asks us if we want to create a virtual hard disk now or do not add a virtual hard disk. You want to check “Create a virtual hard disk now” and proceed with the installation.

So, here we click “Create.”

It asks now for the hard disk file type. We want the VirtualBox disk image to be checked, so just check the dot here and click on “Next.”

Basically, here it asks if you want to make your hard disk dynamically allocated or fixed size.

It depends on what you want.

“Fixed size” will already use the entire memory you gave to the hard disk. So if I give 20 gigabytes of memory from my hard disk, it will already mark those in those gigabytes as used while if you pick “dynamically allocated,” it will just fill in as the time goes. This means it won’t allocate any memory for your hard disk, it will just dynamically fill in while you install some of the files on your VirtualBox machine.

So because “fixed size” takes a little bit more time to create, we will just click “dynamically allocated,” but you can put here “fixed size” as it will make your machine a little bit faster.

Right now, I will just click on “dynamically allocated” and click on “Next.”

Here it asks us for the size of our hard disk, which is preset with 8 gigabytes. The recommended size is at least 8gigabytes.

I will put here around 30 gigabytes for this virtual machine, but around 15 or 20 will be more than enough for you since the files of Linux are not that big and we won’t be downloading any major files, possibly around a few megabytes big files.

So I will just click here on 30. Let’s see 30 or we can leave on 29.9 and click on “Create.”

Now, as you can see right here, it created the “ethical hacking machine” for us or whatever name you put it, and it is currently in the state of powered off.

What we want to do before powering on the machine is to give it the Kali Linux ISO file that we previously installed from the Kali Linux page.

We want to plug in our operating system, and how do we do that?

We will basically just click on the machine, which in my case is “ethical hacking machine” and go here on “Settings.”

It will open up this window with a bunch of different settings as you can see: General, System, Display and Storage.

Let’s go through all of this.

Here, in “General,” is what we set at the beginning.

So, Linux Debian 64.

The “Advanced” tab with “Snapshot folder, Shared clipboard, Drag and drop.”

Well, basically these options right here allow you to drag files from your main machine to your virtual machine. You can just take a folder and drag it onto the desktop of your virtual machine, which I will show later. We do not care about this now.

Then, “Disk Encryption.”

We did not put any disk encryption and we won’t until the advanced section. Basically what “disk encryption”means is that you will encrypt your entire hard disk of the virtual machine, so even if someone knows your login password, they won’t be able to log in unless they know the password of the encryption.

The encryption I believe that is used is AES 256-bit. I’m not really sure. It basically encrypts your entire operating system and all of the files you have on your PC or in this case on your virtual machine.

We will be covering the disk encryption in the advanced section when we will be installing Kali Linux again just with the disk encryption enabled.

So now we go to the “System” and here we can see our base memory, which I set on 4 gigabytes of RAM.

You might have set on 2 gigabytes, which is also enough.

The “Processor” part.

I have 4 cores on my CPU and here it gave only one core automatically to my virtual machine, which is more than enough, but I like to put 2 because it makes it work a little bit faster and it might help in some use of other programs later on.

Down here on the “Execution Cap” is the amount percentage that you want each CPU to use. If I put here 1 CPUand 53%, it will only use the 53% of one of the cores of my quad-core CPU.

So I will just put here a 100% and 2 CPUs right here.

You do not need this much, one core is more than enough for this, but if you want and if you have more cores to spare, you can set here 2.

On the “Display,” we don’t really care about this and here on the “Storage,” we want to insert our Kali Linux ISO file.

Now, under the “Controller IDE,” we want to go to this “Empty” here and right click to then click “Remove Attachment.”

It will ask you if you are sure you want to delete.

Yes, we are.

Click “Remove.”

Now, under the “Controller IDE,” you click on the disk with the “+” sign and you click here on “Choose disk.”

It will basically open this up and it will ask you to search for the Kali Linux ISO file.

For me, it is right here on the desktop. For you, wherever you set it.

So, I will just select this file and click on “Choose.”

Right now, we have set our operating system and we are good to go.

So, for this time all of this and the other settings don’t really matter for us.

We will be covering, after the installation, the network part of the settings, but for now, we are good to go.

So if you have this set right here, just click “OK” and you are ready to start the machine.

Now, I will continue the installation of Kali Linux in the next tutorial, so I hope I will see you there.

Bye.

Kali Linux Installation Tutorial

In the last tutorial we installed VirtualBox and we set up all of the settings for our virtual machine.

If you have done all the things in the previous tutorial and you have double-checked these settings, we are good to go right now.

Just click here on the “Start” button to start the machine. Make sure you set the right machine “ethical hacking machine” and you can have a look at your settings.

It will start the process of installation of our Kali Linux right now. You might be wondering if this machine will be a little bit slow.

Well, basically, it depends on your entire PC. If you have a good PC, the virtual machine should not have a problem to run.

As we can see right here, it basically gave us the boot menu of Kali Linux and there are a bunch of these options, which are basically just live versions of the Kali Linux.

We do not want to boot into the live version since there is no point to do that. Basically, the two options that we are interested in are “install” or “graphical install.”

Now you can pick any of these two you like. I usually go with the install, but graphical install is also the same as the install, just a little bit more prettier.

I got used to the install, so I will just click on here. You can go to the graphical if you want to.

I will just click on the “install” and we can see that it takes some time.

The first thing that pops up is the language selection. Here you can select any language you pretty much like depending wherever you are from. For the purpose of this tutorial, I will be selecting “English.”

I just found “English” and I will click “Enter” right here.

You might notice that your cursor does not work on the virtual machine for now because we are in the process of installing the operating system, so you need to navigate all the settings with your keyboard, most likely with your arrows.

Right now, it asks us to select our location.

I am from Europe, but I will just select here United States because it doesn’t really matter. We can change it later if we want to.

For now, I will just leave it on United States.

This is the keyboard configuration window. It basically asks you what kind of keyboard you want.

Now, I didn’t even know there are this much configuration for keyboards. I always pick here American English, so I will do the same right now.

You can take any of these if you would like to. I just don’t know what kind of keyboard configuration tiers are, but if you know, you can pick here Belgian or any other like Arabic or Albanian, it doesn’t really matter.

So, I will just pick here American English and right here it is loading some additional components as it says on the screen.

Basically, this process of installation will take some time.

Once it starts installing all the files it needs, it will pretty much take around 30 to 40 minutes for it to finish and, in the meantime, it will ask some of the questions, which I will cover, of course, but it actually depends for different virtual machines and how much the process will take.

So, here it says, “Configuring the network.”

You can name it basically whatever you want.

I will just click on “Continue” and for configuring the domain name, I will just leave it blank because I don’t really need it.

As you can see right here it says, “The domain name is the part of your Internet address to the right of your host name. It is often something that ends in .com, .net, .edu or .org.”

Now, if you need it, you can put it right here, but I don’t need it right now, so I will just click on “Continue” and here it will ask us for our root password.

You might be asking, if you are a beginner, what is root?

Well, root is like an administrator on the Windows machine, just basically with a lot more privilege.

With root account, you can basically do whatever you want on the machine and there are no limits.

If you would like to delete all the files from the machine or crash the entire computer, you can do that with a simple command in root user.

Now into Kali Linux, we will be almost always using the root user since as I said it has most of the privileges and it can do things some other users can’t.

So, you are just setting the password for a root user and that password can be anything you like.

Here I will just type in “test1234.”

You can check it to show the password in clear if you would like to.

Now, just click on “Continue” right here, then it will ask me to reconfirm the password.

So I will just type here again “test1234” and I will go on “Continue.”

This is the clock configuration.

Select your time zone as it says right here. You can select any time zone you want.

I will just go with the “Eastern” and right now I believe it should start the process of installation.

Oh, yes. I forgot about this.

For the partitioning disk, now this is the part where I talked about before in the settings area where it asks if you want to encrypt your hard disk or not.

Right now, since this is a beginner section, we do not want an encrypted hard disk, but later on, I will show you how to install the version with the entire hard disk encrypted.

So just go here on “Guided – use the entire disk,” click “Enter” and select the disk to partition and click “Enter” right here.

Here it says 32 gigabytes since the last tutorial, we selected our hard disk to be 32 gigabytes large.

Just click on “Enter” and basically, here it asks if you want to separate the /home, /var, and /tmp partitions, but for the new users it is recommended not to do that.

Basically, we will just go with the four files in one partition.

So select that option and click “Enter.”

And here it just basically re-asks us if we want to undo some of the previous configurations. We do not want that, we want to click on “Finish partitioning and write the changes to the disk.”

Then it will ask us “Write the change to disk, yes or no?”

We click here, “Yes.”

Right now it started the process of installing the system. This will take around 30 to 40 minutes, maybe less, maybe more, depending on your computer.

So I will see you when this finishes.

All right, my process of installation has finished.

It took around I believe 15 minutes, so it shouldn’t take much more for you and here we have the first question that popped up, which is, “Do you want to use a network mirror?”

Here it says, “A network mirror can be used to supplement the software that is included in the CD-ROM. This may also make newer versions of software available.”

So, here you want to click on “Yes” and proceed to the next question, which it will ask you for the HTTP proxy information. We will just leave blank for none. We do not care about that at the moment.

So just go on and continue, and right now it will basically just configure the APT and I believe the next question will be something about the GRUB boot loader or master boot loader, which asks us if we have another operating system running on this machine.

If we don’t, we want to install the master boot loader and if we do have, which I honestly doubt since we are installing a virtual machine and this is the only operating system on it, you want to be careful if you are putting this on to your main PC since it might mess up with your Windows 10 if you are dual booting it with Kali Linux.

So, you want to be careful, but if you are running this as an only operating system whether it is in the virtual machine or just as a main operating system on your host machine, you want to install GRUB.

I believe the question will pop up in a few seconds, so we will just wait for it a little bit.

Here it is.

It is installing GRUB loader and I believe in a few seconds or possibly a minute or two, it will prompt us with the last question, I believe.

After that, it should finish the process of installation and it should put us into our Kali Linux login screen.

We will just wait on this and here it is.

So basically it says, “Install the GRUB boot loader on a hard disk” and we will read this so you understand it a little bit better.

“It seems that this new installation is the only operating system on this computer. If so, it should be safe to install the GRUB boot loader to the master boot record of your first hard drive.”

So it just says that if this is the only operating system, you should be installing the GRUB boot loader to the master boot record, but be aware if it is not, if you are dual booting it with another system, it might cause some trouble.

But since we are not, we will just click on “Yes” because we want to install and here it will ask if we want to enter the device manually. We do not want to and we just go down here on /dev/sda and hit “Enter.”

Right now it should finish the installation and in a few seconds we should be booting up into our Kali Linuxmachine.

I just noticed that there was another question that popped up. This is more directed to those who installed the Kali Linux in the host machine because they would probably be installing it from the USB Drive and it basically just says that if the installation is complete, you can remove the USB Drive so you just don’t reboot into the installation process again.

Since we are on a virtual machine and we didn’t put in from the USB Drive, we will just click on “Continue” without taking any action.

So just click here “Continue.”

If you did, however, boot from the USB Drive on your host machine, you want to remove the USB Drive, and then click on the “Continue” button.

So here it is.

The finishing installation is on 60%.

After a few minutes, our installation has finished and now we are booting in.

While this process is taking, just don’t click on anything.

Now, my installation has finished and we are booting into our Kali Linux machine.

For the first time, it might take you a few minutes to boot in. It surely will take for me at least like five minutes to just load up the desktop, but don’t worry.

After the installation is finished we will install some of the programs we need in order to run this, for example, as a full screen, because if I spread this window the machine itself won’t go full screen.

It will just stay this big and basically will have this white space around it. We will fix that in the next tutorial.

From now on, let’s just log in.

So, you might not know this but it will prompt you with a username first and it will prompt you for a username for your root account, and on all the Linux distributions the username for the root account is “root.”

Basically it’s just “root.”

So just type in “root.”

It will be the same for you and click on the “Next” button and it will ask you for your password now, whatever your password was that you typed in the process of installation, just type it again right here.

For me, it is “test1234” and just click on the “Sign in” button, and it should open up our desktop.

Now, this might take a few seconds or minutes because it’s the first time, so we will just wait and here it is.

It opened up my desktop.

Now as I said we will be installing the full-screen mode for the Kali Linux in the next tutorial.

From now on, if you want to, you can experiment with a little bit of this. We will be covering all these programs and we will be covering all of these commands in the terminal.

But more about that later and in the next section, we are going to install the full screen and I hope I see you there.

Peace.

Going Full Screen in Kali Linux!

In this tutorial, we will be installing full-screen mode in Kali Linux.

In previous tutorials, we installed Virtual Box and we put up our Kali Linux machine. 

So right now you should be seeing same as I do in this little screen right here. The first thing we want to do for this tutorial, you basically just want to follow up with my commands. 

I will explain all these commands later on, but for now, just for the sake of installing the full-screen mode, you want to click on this right here, which is the Linux terminal. 

It should open up this box which basically we use to give commands to the operating system to the machine itself.

Now as you can see, the root part basically represents the account that we are on. So currently we are on the root account and the Kali is the host name you gave to this machine. 

So this part should be the same for us and this part could be anything you named it in the process of installation. Just for now, we want to go to the Firefox, which is at the top of the list of the programs. You want to go to the Firefox and click on this. 

I believe it will open up the Kali Linux page automatically, which we need in this case in order to take some of the things it provides us right here. 

So just one second. It says "Welcome to Firefox."

Here we can see as the most visited sites, even though we haven't visited anything yet, it basically just says Offensive Security, Kali Linux, Kali Docs, Kali Tools and Exploit-DB.

We basically right now want to go to the Kali Docs and it is a little bit slow. It should load up any moment. It might be just taking a lot of time because this is the first time opening Firefox in this virtual machine. 

There it is. It opened it.  

Now, once it loaded this page as I said you want to go to Kali docs and you want to scroll down. Basically, you want to find the "social sources" of these repositories. It should be anywhere here. 

Here it is: "Kali sources.list repositories." 

It should be named the same for you, and just click here on that. It will lead us to this page where we want to copy the "Kali regular repositories."

It says here on a standard clean install of Kali Linux, you should have the following entry present in etc/apt/sources.lists. 

Now, we will copy this just in case we don't have it, but we probably do. Just in case, we will copy it. You can close this page now. 

And now we want to use our terminal for the first time. So just follow up with these commands. You do not need to wonder at the moment what they do. Just type in the same as I do and you should be good to go. 

We want to go to the etc/apt/sources.lists. 

Pardon me. 

Just go cd/etc/apt and as you can see we changed our directory to etc/apt, and we want to open sources.list. 

So just type in "nano sources.list." 

Click enter and it should open up this page. 

Now it should look similar as mine does, and basically, these are just a bunch of Linux repositories from where you will do your updates of the system. All of these, which have hash before them are not being used while you are updating the system. 

So if we delete this hash, something that was after the hash will be used in the updating section, but currently, we only want this here. So if you do not have this, just copy paste the thing that we copied from the repository, and just click here.

Right click, paste and it will basically copy the same thing right here. You didn't need to do that because it was already there. But in case it wasn't there, you want to copy and paste it right here. 

Basically, I know you can copy it at the top or at the bottom because all of these others with hash will not be used. So we want to save this file and it says right here to write out, which means to save. We want to press CTRL + O.

It will ask us "File Name to Write: sources.lists."

Just click here Enter.

In order to close this, click CTRL+Y or Z depending on your keyboard. So once again, we want to go to nano sources.list. 

This is just me recapturing what just happened. You copy and paste this right here without hash. So this thing that we copied from the website. You press CTRL + O to save, Enter, and then CTRL + Y or Z. 

There we go. So now that you did that, you want to go with "apt update" command. This shall update our apt which will basically just, if in case we change something in the sources of this, it will update that.

But since we didn't, we only just copy and pasted the thing that was already there, we do not need to do this, but we will do it just in case. 

So click here on "apt update" and it will connect to the Kali download or basically any site that you have linked in the sources.lists file, and it will check for any updates there. Since we only have one repository listed there, it only took it from there, but there are currently no new updates, only upgrades that we will do at the end of this tutorial. 

So right now what you want to do is go type in this command. First off, if you want to clear the screen and make it a little bit prettier, just type in "clear" and it will clear everything from here.

Now what we want to do is type in "apt install linux-headers-$(uname -r)."

We want to type in this command, which in most cases won't work. Right now, as you can see, it will give us some of the errors. 

"Unable to locate package and Linux headers."

These Linux headers, it is unable to locate it. 

So now what we want to do first of all to check what your Linux header version is, you can type "uname –r."

Just type in that and it will give us our current headers version, which is 4.18.0. 

Now, what we want to do is basically find the new Linux headers version. We want to type "apt install linux-headers-."

I'm not really sure how it's called in English, but this is basically on SHIFT + 8 for me. It is probably for you as well. Just click here, Enter, and it will give us a bunch of these options which we do not want to install.

So it will say, "Do you want to continue?"

We want to press here, "No." We just wanted to check here for the Linux headers current version, which is usually going to be the first one, but basically, you are just searching something that looks like this.

We can see right here since our version was 4.18.O, the current and new version one is 4.19.0. So we just need to copy this part of the section. So "4.19.0-kali1-amd64."

Just copy it, and now that we copy that, you can clear the screen again. Type in this command: "Apt install linux-image."

And here now we paste the thing that we copied, which is our new version, which is 4.19.0-kali1-amd64. 

Now, in the time of you watching this, it might not be this version. So don't just type in what I type here and follow the process and just copy the current version, the newer version and use it in this command. 

So, apt install linux-image-4.19.0, which we query and it will basically download the new version or Linux headers. 

Now after this process, which will take I believe, a few minutes, maybe even less, we want to reboot the system. 

I will catch up when these finishes. 

Now we can see that it finished the installation of Linux headers. So first thing we want to do after that is reboot our machine. Just type in "reboot" and it will restart your Kali Linux machine. We want to just click X on this, so it doesn't bother us, and now we wait for the machine to boot up and a few more commands right after that, then we are ready to go.  

After the installation of full-screen mode, I will be showing you some of the basic commands in the Linux terminal, which you need to know in order to continue with the learning of ethical hacking.

Those were just some of the basics you must know in order to get yourself used to the Linux operating system and in order to run some of the programs. So it is essential for you to learn them. There are like thousands and thousands of commands. You do not need to know all of them, just like 20 basic commands and all of the others, you can search on the Internet for your own needs.

So here it put it up into our login screen. Once again, we type in "root" as username and password, which is "test1234" for me, and right now we want to install Linux headers. 

We downloaded them last time, the image version of our headers version and now we want to install the current Linux headers from the terminal. So just go on the terminal. If you do not have it for some reason right here, you can open it with right click on the desktop.

Now we want to run this command, which is "apt install." 

Here we go, "apt install linux-headers-$(uname -r)."

Now, basically what this means, in case you are wondering the dollar sign means that after this minus sign, it will just put the output of this comment. So let's delete this.  

As I showed you before, the output "uname -r" command will be our current Linux headers version, which was before 4.18.0, but since we updated it, it should be 4.19.0. 

As we can see, we successfully updated it last time. So now when we run this command that we typed a few seconds ago, "apt install linux-headers-$(uname -r)" it will just paste the output of "uname –r" instead of the dollar sign.

Just click here Enter on this command. It will ask you, "Do you want to continue?"

We want to click here, y. 

Just type here "y" for Yes, "N" for No. 

We want to continue and it will install our Linux headers new version. Now I'm not sure how long this will take. It could take a few seconds or a few minutes. I will be back when it is over. 

Now as we can see, this has finished. It basically took around one to two minutes.

The next thing we want to go is on the devices in the upper left corner, fifth from the start. So devices and we want to go insert "Guest Additions Image."

It will ask us a question if we want to automatically start it. We intended it to be on. We do not want to automatically start it since it will not work. 

Now, we want to run this command: "cd/media/cdrom."

Once you type that, you will go to this directory, which is /media/cdrom and here if you type "ls," which is listing all the files in that directory, it will give us a bunch of files. In most, we are not even interested. So we are only interested in this file, VboxLinuxAdditions.run

Now what we want to do is change the mode of this VboxLinuxAdditions.run. If it is not already an executable for you, you just type in this command, which basically this "chmod" stands for change mode, +x stands for making it an executable. 

We want to type the name of the file. You can type it like me or you can just copy and paste it. Here I will show you. Copy paste and it will change the mode. 

Now it will say that changing permissions is read-only file system. It doesn't matter for now. It might work for you, it might not work for you. Basically, it just doesn't matter since it is already an executable for me. 

So you just type in the next command, which is the last command and we just copy paste the same thing. So "sh ./VboxLinuxAdditions.run" and then the name of the file, and you just run this and it should install the Virtual Box Guest Additions, which will hopefully make our machine full screen. This shouldn't take a lot of time I believe. We will see. After the installation of this, our machine should be full screen.

My virtual machine crashed for some reason. Not really sure why. After the last command is finished, which was "sh ./VboxLinuxAdditions.run" it crashed after that. 

So I just restarted the machine and now it is full screen. In case yours crashes as well, just try rebooting the machine and it should go full screen. 

Right now if I type in "root" and "test1234" you can see that the machine is right now going full screen. There is no white space around the virtual machine. It is full screen and if you want to remove the lower and upper part as well, you can just go on "View" and go full-screen mode. 

Right now our machine is full screen. We can open a terminal, we can enlarge it, and now we have a platform to work on. 

So basically, that is that from this tutorial. 

If you had any problems or any errors, which are common in installing Virtual Box Guest Additions, there are lots of errors that occur from time to time, just copy the error and paste it in Google, and most likely you will find a solution to the problem, which will probably be just a simple command or something. 

Now, in my case, I didn't really have any error except from my virtual machine crashing, but we got the full screen and we are set to go.

Now, in the next lecture, we will cover some of the basic commands that you will almost always use from now on. 

I hope I see you there and take care. 

Basic Linux Commands Part 1!

Hello everyone and welcome back to this lecture. 

Now in this tutorial, we will be covering some of the basic Linux commands, and in order for you to get to know Linux better, the good way would be to start off with learning these basic commands that I will teach you right now. 

So to start off we just want to open up our terminal, which is this icon right here, so just click on it. It should open up this terminal and if you want to, you can enlarge it a little bit so you can see things better. 

From this box right here we will be running most of our programs, and we will be running all of the algo commands, so you better get used to this as we will be doing most of our work from here. 

So the first command I want to show you is "pwd" which stands for Print Working Directory.

So it basically just prints out the current directory that you are in, which in my case is /root. 

Now, if we wanted to change directory, we will firstly need to know what subdirectories are in /root.

In order to list all the files and all the subdirectories in /root, we can just type here "ls" which will show us all of the current subdirectories that are located in the /root directory.

As we can see, we have desktop documents, downloads, music, pictures, public and two more.  

So if for example you want to list all the files that are in the /root directory, you would do it with "ls - la" command. 

What this does is basically it will print out also these subdirectories, but it will also print out the hidden files and hidden subdirectories. We can see right here that it printed out more files than this command right here. 

As you can see, all of these files that start with a dot are not being seen in the "ls" command, and if you want to take a wide view on all of the current files in this /root directory, you can do it with the "ls - la" command. 

Now, also one important command is to clear the screen so you don't see all of this all the time. You can do it with a simple command, which basically as it says just clears. 

So type here "clear" and it should remove all of the commands that we ran previously. It should give us a new and freshly open terminal. 

For example, let's say you wanted to go to the desktop directory, which is a subdirectory of /root, you can do that with a simple two-letter command, which is basically just "cd desktop."

This "cd" stands for change directory and it will basically just put us in the desktop directory right now. As you can see right here, the terminal is now located in the /Desktop directory. 

If we type here the "pwd" command once again, it will show us that now our current directory is /root /Desktop. 

Now, let's say for example you wanted to create a file in the desktop directory. You can do that with the simple command, which is "touch" and let's say file.txt for example.

Now, if we type here "ls" which will list all the files in this directory, it will just print out the file.txt. We created the file.txt with this command right here.

So basically, the "touch" command creates files. 

Let's say that we wanted to remove this file. How do we remove that file? We remove it with also a two letter command, which is just "rm" which stands for Remove.

So we just type up here "rm file.txt" and if we type "ls" once again, which will list all the files in the directory, we will see nothing because the only file that was there was the file that we previously created, and then after deleted it. 

So let's cover that once again. 

We are currently in the /root/Desktop directory and if we want to create a file we basically type "touch file.txt."

Now, this doesn't have to be file.txt, it can be anything.txt. It can just basically be anything. 

So, for example, it doesn't even have to be .txt. 

So "touch anything" and if we type "ls" once again, we can see there is a file called "anything."

So let's do again. Let's remove it. 

We type here "rm anything" and if we type "ls" once again, it won't be there anymore. 

Now, we covered how to make files right now, but let's say we wanted to create a subdirectory in this desktop directory. So to make a directory, which is basically just a folder, you want to type the command "mkdir" which stands for Make Directory, and then type here the directory name you want to make.  

So, let's say we want to make a directory called "kali" and let's say we list right here the current desktop directory, it will have a subdirectory called "kali" that we just created. 

Now, you might notice that the subdirectories are a different color than the basic file. So let's make our file1 again, file1.txt and let's list again. You can see that the file1.txt is white while the subdirectory is blue.

So files will be a different color than subdirectories. You should know that. 

Well, it's not that important, but you will get used to it in time. 

So let's delete the file once again with the "rm" command. 

Now to delete the subdirectory, you want to use the same "rm" command, which is kali, but you will notice that if we want to delete the kali directory, it will say "cannot remove kali: Is a directory."

Now, in order for us to delete a directory, we need to add a "-r" at the end of the command. So just type here again "rm kali" and just add here "-r."

As you can see, the command works properly and if we type "ls" again, it won't be there. There is no kali directory anymore. 

So let's clear our screen with the "clear" command. 

Right now, I just want to tell you before I cut this tutorial right here that the command "rm -r" is very dangerous.

Now, you might be asking, why? 

Well, basically I will show you why. 

For example, let's create a directory called "file" for example. Here we can see with the "ls" command it's right there, and we want to change our current directory into the file directory.

We do it like this and you can see that our current path right now is /Desktop /file and we are in the directory that we previously created. 

So now let's say that we create three files right here "touch file1, touch file2, touch file3." If we type "ls" here, we can see that right now we have three files right here.

Now, why is the "rm -r" command so dangerous?

Well, if you are a root account and you just type here "rm *–r" the "-r" command deleted everything. You might be wondering so what we just deleted are three files in one command, which basically this star right here is referring to all the files in the subdirectory. 

So if you type here this command, which is "rm * -r" it will delete all of the files in the current directory, and as you can see we don't have any file left. 

Now, the reason this is so dangerous is because if we go to the root directory and type here the same command "rm * -r" it will basically delete all the files on the Linux system, which will make your Kali Linux machine crash and not work anymore.

Now, I'm not sure if they updated it and if it asks for some confirmation in order to run this command, but we will not test it right here because you will be deleting all of the files in this system. 

So for this part one tutorial that would be it. 

We will cover other commands in the part two tutorial with the basic Linux commands and I hope I see you there. 

Bye.

Basic Linux Commands Part 2

Hello everybody and welcome back to the Linux commands part two tutorial.

Now as you may see right here, I have two terminals opened. One I will just write the commands as we do them and in the other one, I will put them in a text file. 

So I will open this command.txt. 

You don't have to open this file. This is just for me so I know which commands I covered, and which I didn't, and the other one, we will just test the commands in this one.

So before we begin, I just want to mention the command that we did in the previous video, which is the "cd" command. You now know that it stands for change directory and basically just change the directory to another directory from this terminal. 

Now, for example, let's say we want to go to the documents directory. We could just type here "cd Documents." But the question now is, if for example you wanted to go one directory back, how do you do that? 

Well, there comes the simple command which also starts with "cd," but instead of typing here a directory you can just here type ‘..’ which will basically lead you one directory back. 

So if I press enter right here, it will lead me back to the previous directory, to the root directory as you can see right here, print working directory we are again in the root. 

And if we type "ls" to list the current folders and files in this directory, we will once again see the documents right here. So basically I just wanted to mention that you can change directory with the "cd" command and you can also go one directory back.

So for example if you had let's say a directory in the documents directory, I just created it with the "mkdir" command, we also covered that in the previous video, it stands for Make Directory, you can see that now in the documents directory we have another one, another directory which I basically called just "directory". 

Also, let's go to that directory and you can see that our current path right now is /Documents/directory. 

Now, in order to go back two directories, you can just type here two times "cd," and then two dots, and then "cd," then two dots and now we are going to be back once again in the root directory.

So now that we got that out of the way, I will just type it right here so I know I covered that command, and we will clear the screen for the next command. 

Now, this one is a simple command for example if you wanted to check out on which account you are currently, which most likely you will be on the root account, you can just type here the command, which basically does what it says. 

It's "whoami."

The command basically just asks, “Who is the current user of this terminal?”

Right now, as we can see, it is root. 

You can just read it from here. You don't need to even write this command. You can just read it from this first word right here, which will most likely be root unless you have another account. 

We will cover in some next videos how to make another account, which could be useful because we do not want to run all our programs as a root user because it can be dangerous. 

So in another video, we will cover how to make another user, which you could use for some potentially dangerous programs. 

So now I will just write it right here. 

This is not really that useful command, but in case you forget or in case a user is named something differently than root you can just check here with the "whoami" command.

Now, there is a command that I used in the previous videos, but never really explained what it does. It's an important command, especially if you are running some of the programs or downloading the programs which are not executables and you want to make them an executable so you can run them in your terminal. 

Now, in order to demonstrate this command, I will just go and make a folder called "programs." As we can see, it is right here and I will change my directory into that program. 

Right now I will basically just create a simple Python program that we can just call "program.py." 

It doesn't really matter. 

Right here, I will just code a simple addition program. Just give me one second. It doesn't matter at the moment what I am doing, but we will be also covering Python later on.

For example, Enter first number, b will be for example Enter second number, and c will equal a * b.

Now, this is simple to understand. We basically ask for an input for two numbers you know, just making an addition and storing it in c. Then, we can basically just print that number, that c number, the result.

So we will just type here Result equals to “+ str(c)).

I hope this works. It should probably work.

So we have here a program called "program.py" now it is a Python program, but you might notice that if we try to run that program and you do that by typing here "." then "/" and then the name of the program, you will notice that it won't work.

It will say, “Permission denied.” 

Now, why is the permission denied? 

Well, if we use a command that we covered in the previous video, which is "ls - la" we can see all the files in the current directory, also the hidden files and our program.py.

Now, what interests us here is this part right here. Basically, these are just mods that are enabled for this file. 

R stands for Read, W that stands for Write, and X stands for Execute. 

Now, you might notice that in our program.py, we don't have an X which stands for Execute, therefore, we cannot really execute that program. In order to make that program executable we want to type here "chmod + x" and then the name of the program. 

Now, if I click here enter and type here "ls - la" again, you can see now that the program changed its color and not only the color, it also added the X which stands for, as I said, "executable." 

You can see the difference from here and from here, and that's how you can check if the program is executable or not. 

So now, let's clear the screen.

Now, if you wanted to, you can run the program. 

It will ask us, “Enter first number,” let's say 3, “Enter second number,” four, and it will say, “Result equals to 12.” 

Now, this command is important and you should learn.

It can be used to make any program that is not executable an executable. So now that we have got that command out of the way, I will just remove this. Well, actually I will leave it right here. Maybe we will use it for another command such as "cat." 

Let's cover that command right now.

The command "cat" basically just prints out the contents of the file into our own terminal as an output. 

So if we type here "cat" and then the name of our file, it will just print out the code that we just typed as you can see right here. It can be used so you don't really open the file in order to read it like this. You can just print it out in the terminal with the "cat" command and it will just print out all the contents from the file.

Now, that is not the main use of this command. Basically, the main use of this command would probably be in some of the bigger files where you just want to find a certain thing in them. 

In order to demonstrate what I mean, we will combine the "cat" command with another command called "grep." 

Now, basically what "grep" does is if you want to list for example a huge file with a bunch of words, and from that huge file you want to put aside all the words that contain "password" in them. 

Let me just demonstrate. Maybe it's easier if I demonstrate it. 

Now, we will create in programs file another file, which will be called words.txt and here we will just type here a bunch of words, then 123password123, then a bunch of words, and for example abcpasswordx, for example, and then a bunch of other random stuff.

Now, if we save this file, CTRL + O to save, enter to save under that name and CTRL + X to close.

We can see that right here we have that words.txt file. 

Now, in order to see the contents of that file, as I said we can just type "cat words.txt" and we will see all of those words. Here we can with our own eyes find all the words that contain "password" in them.

But let's say for example that this file was much bigger with millions and millions of words, you couldn't possibly just go through all of those words and just find by yourself all of those words that contain "password" in them. 

So what you want to do is combine the "cat" command with the "grep" command.

How do we do that? 

Well, basically we just start off the same command "cat words.txt" and then we basically pipe the "grep" command.

How do we pipe? 

Well, basically this straight line, just type it right here, then you type here "grep" and then the word that you want to be contained in the other words.

So for example "password" in our case. 

Now, what this will do, it will list all the words that contain the word "password" in them. As we see, it only listed two words which is "abcpasswordx" and "123password123."

So it is also a very important mix of two commands, which we will be using a lot. At least, I am using it a lot in my case. 

Let's continue with another command, which can be right now "echo."

Basically, with "echo" you can just add a word into another file without opening it. 

So, if we want to add "John" as a word into file words.txt. you just type "echo John" then this arrow that points to the right, and then "words.txt." 

As you can see, the command worked and right now if we "cat words.txt" it will only be "John."

Now, you might be asking, “Where did the other words go?” 

Well, if you use the "echo" command, it will basically rewrite the entire text file. So from those bunch of words, it basically deleted all of them and just put "John" in there. 

Now, if we use another word, let's say "echo Jake" into words.txt and we "cat" once again words.txt, we can see that John is no longer there, it's only "Jake."

So let me just type here the "echo" command.

One more thing you want to know, which I probably should have mentioned at the beginning and it is really important, is this command right here "apt update""apt -upgrade."

Now, this basically is referring to your Kali Linux repositories, and it will basically just check for the updates from there, and in case there are some updates it will download them and you can install the updates with the "apt upgrade" command.

Now, you want to run this command as you finish the installation of Kali Linux, but we will be doing that command in our next video because the "apt upgrade" command will take, after the installation, I believe about an hour in order to finish.

It will download just a bunch of other files and upgrade them, and I don't even know what not. It will just take a lot of time. That's what I know. So we will be doing that command at the end.

So right now, if you want to check out the history of all of the commands you typed previously in this current session of terminal, you can just do that with the simple command which says "history."

It just print right here all the commands that I ran before. So as you can see right here, these are all the commands that we ran before. It's not that useful, but you might need it sometime. I don't use it that much. 

The next command we want to do, let's say for example you want to copy the program.py file into another directory. 

So we will just create another directory in this programs directory. We will call it "test" for example, and now you can see that we have the "test" directory, which is blue and the green program.py file, which is an executable. 

Now, for example, you want to copy this file into the "test" directory. We do that with a simple "cp" command. Well, "cp" basically stands for "copy" and you just type here the file that you want to copy, which in our case is "program.py" and then you type here the directory you want to copy it in, and in our case it is "test."

So just press enter and basically, as you can see right now, if we change directory to "test" we will have also a program.py there and they are identical.

So if we "cat" this program.py in "test" directory, then we go one directory back and "cat" here a program.py, they are basically identical because we copied them. 

So let me just put here the "cp" command. We finish that command. But let's say for example you didn't want to copy that file. Let me just delete it from the "text" directory. You wanted to move it. It is no longer here.  

If you wanted to remove it from the "programs" directory into the "test" directory, you do that with the "mv" command, which stands for "move," to move program.py to the directory where we want to move it, "test" in our case. 

You can see right now that if we type here "ls" in order to list all the files, we can see that the program.py is no longer here, it is now moved to the "test" directory.

So we type here "ls" in the "test" directory, and now it is only here. 

Now, this command can be used for two things. In order to move files from one directory to another directory, and in order to rename files.

So for example, if I type here "move program.py" and then I don't specify a directory where I want to move it, but I specify another name for the file. Let's say "anothername.py" which is not a directory, it is a file, it will rename the "program.py" into "anothername.py."

As we can see right here, there is no program.py now, the program is called "anothername.py" and if we "cat" it right here, we can see that it is the same program that we typed before.

So it is also important to know that it can be used for two things, which is rename and move, just so you know. 

Right now, we can cover some of the more basic commands such as "man."

Now, this command basically is used for opening a manual for any other command.  

So, if we type here "man cat" it will open us a file which will basically give you all the options available for the "cat" command.

As you can see right here, it can be used for any other command. So basically if you type here "man cp" it will open up a manual for the "cp" command where you can see what else you can do with the "cp" command. As it says right here, copy files and directories.

Now, for example, you can type here "man history."

I don't know if it has a manual, let's see. Yes, it has the manual from the history. Basically, it shows the manual for all the other commands. These manuals are already pre-installed on Linux. You will have them with the installation of it.

You can just check out if you forget what some command does or something like that. You can just type here "man" and then "grep" and it will basically open you up with a manual, and you can just read right here and use the command. 

So now that we got that out of the way, you will be using manual a lot in the programs later on which you do not know how they work. 

So you will be opening up a lot of manuals in order to find out the command that you need to use in order to run that program. 

Also, if we wanted to let's say locate one of the files we forgot where we saved it, and we want to locate it, we can do that with a simple command called "locate."

So, let me just try here with anothername.py. Yeah, I don't think it will work like this. Not really sure why. But for example, you want to locate every file in the system which has a word in it, you can just type here "locate" and you will see that it will print a bunch of these files, and they all have in some of the part, they have a word in it. 

As you can see, this file has a word in it right here. So kali - password, and then something else.  All of these files will have a word in it. Let's say you want to locate everything that has "wordlist" it will also print out all the files that have "wordlist" in it as you can see: wordlist, wordlist, wordlist, then wordlists.list and so on and so on. 

So we covered that command as well. 

Now, this is about it for this tutorial and in the next one, we will cover some of the commands which are more towards the system that you are using. 

For example, in order to check some of the system settings you will be running the commands that I will show you in the next video such as for example shutdown, ps, uname, restart, reboot and so on and so on, and ifconfig, a bunch of those network commands. 

So you should learn this. You should remember like these are some of the more important commands that you will be using all the time.

That's about it for this tutorial.

I hope I see you in the next one. 

Bye. 

Basic Linux Commands Part 3

Hello everyone and welcome back to the part three of Linux basic commands. In this tutorial, we will cover some of the commands mostly used in order to communicate with the system. 

Let me just open the two terminals once again so I can write the commands in one terminal and execute them in another terminal. We will basically just cover some of the commands for networking, the most known and basic ones, and some of the commands in order to check the running processes or check the version of your headers and so on. 

First of all, let me just nano command.txt right here.

The first command that I want to cover, which is a simple command, and you probably already know what it does is for example "shutdown." 

Now, most of you that know this command will know that this command won't really shut down my PC right away. For example, if I click here, enter right here, it will say, “Shutdown scheduled for Monday,” and then the time. 

I believe this is one minute from me typing "enter" to this command. 

So in about 50 seconds, this Linux machine will shut down. 

We do not want that since we have other commands to cover. We will just cancel it with "shutdown -c" and right now our machine will not shut down. 

Now, if you want to restart from terminal, for example, you will type here the "reboot" command. The "reboot" command most of you probably expected it to be restart, but the restart command does not exist in Linux. 

In order for you to restart the system, you want to type here in the terminal "reboot."

Now, don't click enter here since it will shut down your PC. Well, it will restart it, but automatically it doesn't have a one minute delay as it has with the shutdown command. So we will not run this command. 

I'm just basically showing you if you click here "enter" it will restart the machine. So let me just type the commands here. We will delete it here since we do not want to run it. 

Now, some of the commands that are towards the processes that are running in this machine are for example "ps" which will give you the processes running in the current terminal that we have open.

So this batch will be always open. You do not need to run anything in order for this process to be here, and the "ps" process is the process that we just ran as you can see right here.

This is just the processes that this Linux terminal is running. Now, if you want to check all of the processes, let me just enlarge this terminal for one second and type here "top." 

This will open up all of the processes currently running on your Kali Linux machine. Now, most of this we don't even start ourselves as this is just a bunch of processes that Linux itself starts up as it boots.

You can also see some of the outputs right here such as CPU percentage usage, and tasks with 2 running and 176 sleeping, available memory, swap memory, and a bunch of other options.

So right here you can also check who is running the processes. In our case, I believe all the processes will be root since we don't even have any other account. So all that will be root. 

Now that we got that out of the way, in order to close this you just press here CTRL + X or Y and it will just basically close this top command which shows us the processes in real-time. 

Now, you can see that it stopped so we can just clear here the screen and put this terminal back to its size. 

Let me just type here "ps" and "top." 

We covered those four from now on. Now, another command, which is a really simple command is "uname." So basically this will give you out the name of your operating system, which in our case is Linux.

So it's just "uname." 

Now, in order to check out all the options for this command, you can just type here "man uname" and it will open up manual for this command and you can see things it is possible to do with this command. 

So for example "- r" which we used in order to install our headers before, if you remember, well basically to check our current headers it will print out the kernel release.

The "- s" will print out as it says right here the kernel name an "- a" will print all. So let's try "- a" and it will print out the full name as you can see. 

Linux Kali, this is our headers version that we downloaded in that image. As I said, it is Debian based and there are a bunch of other additions to this command. So this is not really that important command. We used it only in the process of installing the VirtualBox guest additions.

So we might be using it from time to time, but it's not that important really. 

Now, the next command that is important however is the command where you check out your IP address.

Now, some of you may know, that in Windows, in order for you to check your IP address you type "ipconfig." 

Well, in Linux it is basically the same command except the second letter is switched with f so it basically is "ifconfig." 

This command will print out all the network interfaces that are currently connected to the Kali Linux machine and also the IP addresses of those interfaces if they are connected to the Internet. 

So we can see that right now we only have one interface. 

Well basically two, but one is a loopback interface. You will all have this one and you will probably all have this one as well, which will be named the same, but in case for example that you plug in a wireless adapter, you will be given another name for the wireless interface, which can be different for all of you. 

Here we can see our IP address, which will probably be the same for you if you didn't configure it in the network settings. 

Now, in order for us to change this, I will cover that in the next video where we changed this IP address to an IP address that basically belongs to our own local network.

Now, what do I mean by that? 

Well, all the other machines in my local network are starting with 192.168.1 and here we have a machine that starts with 10.0.2 and basically those do not belong to the same local network. 

So we want to make this machine have the IP address that starts with 192.168.1. But we will cover that in the next tutorial. 

For now, this is just the command to check out your IP address and it is very important. You should remember it as you will be using it extensively. 

So the next command is "netstat."

Now, this is a pretty big command because it has a bunch of options. For example, you want to type here "netstat" and for example "- nr."

This command right here will basically give you a gateway, as you can see right here, the IP address of the gateway that you can check out. I use it a lot in order to find out what is the IP address of the router on some of the Wi-Fis that I do not know the IP address of the router.

In this case, it is 10.0.2.2, but this is only because we are using the net in order to connect to the Internet. Once we configure the network in the next tutorial we will be sharing I believe 192.168.1.1 as that is my router IP address. 

So with "netstat," you can also check out your current connection's TCP connections and right now we don't have any TCP connection as you can see. Let me just check here without a "–" and no, it doesn't have. 

So, basically, we are not connected anywhere right now, which is good because we are not even on the Internet and we didn't run any program in order to connect somewhere.

So we won't be having any connections to the other IP addresses or servers right here. But if you run some of the programs, run for example "Tor" or open "Firefox," so let’s just open "Firefox," it should open up connection I believe. 

Let's just open up and wait for it to connect, and it is connected right now. If you want to run the same command, you can see that we are connected to a bunch of different IP addresses, which are basically just the IP addresses of this website.

Here you can see that the process, the program that is making the connection is Firefox and the program ID is 1669. 

So if we close this right here, it shouldn't have them anymore. Well, it basically just has them because before we closed it, it was an established connection and right now we have a time wait state, which basically means we are not connected anymore. So we cannot make communication with that site anymore.

Since here it was established as we were opening that website and here as we closed it, there is no connection anymore. 

I believe this will disappear in a few seconds or minutes, but we won't be waiting for that, let’s just clean the screen and type here "netstat" as we cover that. 

Now, there are probably two most important commands that you want to run. 

Most people teach this at the beginning as one of the first commands, but I only taught it right here at the end because basically one of these commands will take an hour to finish, at least for me. When I install a new Kali Linux machine it takes about an hour to finish.

So, the first command is "apt update" or you can just type your "apt-get update." What this will do, it will connect to the Linux repositories that you have linked in these sources.list file and it will check for any updates. 

Now, you can see right here it is connecting to kali.download and it will check if there are any current updates right there. 

Now, once that command finishes, you want to go with "apt get upgrade" and as you can see, this will print out a bunch of new files that need to be upgraded, and it will possibly be the same for you.

If you click here Y which we  want to, this will take a lot of time to finish, but you must do it. 

Now, not a lot of time, but about an hour or maybe 40 minutes. I'm not really sure. It depends. We won't be waiting of course for that to finish. We will just cut to the next tutorial.

For that time, I want to show you the simple last command in order to communicate with the terminal and system, which is basically just "exit" and maybe we will need to run it twice because it has some processes opened. 

So, if you type here "exit," it will basically just close the terminal, simple as that. 

Now, if you run this command "apt upgrade" which you should have and you should wait for this basically to finish, it might ask you some of the questions along the process of installation of these files and you basically want to answer "Yes" to all of them. 

So we won't be waiting for this to finish right now, we will just cut it right here and I hope I see you in the next tutorial where we will be configuring our IP address in network settings.

Hope I see you there and take care.

Changing IP address on Linux and setting up Wireless Adapter!

Welcome back everybody and in this tutorial, we will cover some of the network settings where we will be changing our IP address. 

Now, as we saw in the previous tutorial, if we type "ifconfig" you will notice that we get this IP address, which probably does not belong to your local network. As you can see right here, if I open the command prompt from windows and run the "ipconfig" command, you will notice that my IP address is 192.168.1.3. 

So you can see that it doesn't even start the same as the IP address of this command. 

Now, we want to make sure that the Kali machine gets the same IP address, well not the same IP address, but the same start of the IP address and how do we do that?

Well, basically just go on "machine," then "settings."

Once you go there scroll down to the network and you will notice that right now it is attached to NAT.

I believe this is set by default and that is basically "Network Address Translations."

You want to go on the advanced and check if the cable is connected. So if this is unchecked, check it, but I believe it is cable connected as default. Here you want to go to the bridged adapter not NAT, but bridged adapter and pick your interface, network interface. 

Now, my network interface that I use is basically the first one right here. For you, it probably is named differently and you want to pick the one you want to use. For example, if you want to use a wireless interface, a wireless network card, you can just plug it in. Let me just show you for one second. Here I have my wireless card and I will plug it in, in order to show you how to pick your wireless network interface.

Right here it should be plugged in and if we scroll right here, let me just close and reopen this. So if we go to the machine settings and once again a network, we should have four right now. 

You remember we had these three and the wireless LAN network adapter was not here. 

Now, once you click on the wireless network adapter, there is a possibility that it won't be supported by the Kali Linux. For example, I don't think it is, so if I click here "Okay" and right now if I reboot my machine, which I won't do, my wireless card will not work.

I won't be able to connect to the Wi-Fi. 

Now, yours might work, so you want to try that, but in my case, this one doesn't work for me. So I just connect on my PC over cable and make sure once again that the cable is connected and you just click here "Okay."

Once you pick "bridged adapter" and once you pick the network interface, you want to just click here "Okay." 

Now, if we type here "ifconfig" once again, you will notice that now our IP address has changed. It doesn't anymore start with 10.0.2, it starts with 192.168.1.5. It basically now belongs to our local network IP range.

As you can see, here is .5 and here is .3. We can check by pinging 192.168.1.3 and you can see that we will receive packets from our Windows machine, which means we are on the local network.

We can also ping google.com in order to check that, and this will take a few more seconds because our Windows machine is much closer than google.com and basically this is a virtual machine. 

It is a little slower, but in a few seconds, we should be receiving the packets from Google.

Here we go, we got the Google's IP address, and right now we should start receiving the packets. Here they are. As you can see, we received four packets from Google and this means we are able to connect to the Internet. 

So that's about it. 

We just wanted to set our IP address correctly in order to continue doing some of the other stuff.

This was rather a short tutorial and in the next one, I will show you how to burn an ISO Kali Linux image onto the USB Drive. For those who want to install it directly on their main PC, they will need to burn the operating system onto the USB Drive. 

So I hope I see you in the next tutorial and take care. 

Creating Bootable Kali USB!

Hello everybody and welcome back. 

In this tutorial, we will make a bootable USB Drive with our Kali Linux. 

You might need this if you want to boot Kali Linux on your main machine. So you will need the USB drive that has the ISO image burnt on it in order to start up the operating system. 

Now, for this, you will need two things and those two are the ISO image or basically Kali Linux or any other operating system you want, and you will need this program called Rufus.

Now, you can download that program from this website right here. You basically just navigate down here to the download section and click on "Rufus 3.4." 

Now, I won't be downloading it right now since I already downloaded it a few seconds ago. Basically, you can see that the size is not really that big, it is only one megabyte. So once you download that, you just double click on it. It will ask you for your administrator password, which in my case is nothing. I just click here on "Yes" and it should open up our program.

Basically, this is the entire program. You can see that here it automatically found my USB Drive which Kingston 32 gigabytes and the only one currently. It will ask you right here, “What do you want to do?”

You do not want "non bootable" or "FreeDOS," you want here to have checked "disk" or "ISO image." 

Now, you can just leave it on this. You want to select which image you want to boot and you go here on desktop or wherever you saved it and click on the ISO image.

I will pick here Kali Linux and you can see that it will set all the other settings automatically. 

Now, the only thing you want to do from here is click on "start." 

But before you do that, you will notice that it will give you basically some warning. 

Yes, right here there was a warning for some "syslinux" files. I'm not really sure what that was. But basically, another important thing to note is that if you do this, it will delete all the files you had on your USB Drive. 

So if you have anything important on your USB Drive, make sure to move it to another folder before you continue with this process or you will lose all your other files.

Now, here it will ask us if we want to write an ISO image or in "DD image" mode. We want to write in the "ISO image" mode and click here on "Okay."

Here is the warning: "All data on device Kingston will be destroyed. To continue with this operation click OK, to quit click cancel."

So, that's what I was saying, if you have any important files, please move them so you don't lose them in this process of making a bootable USB Drive. 

Now, since I don't have anything on this USB Drive, I will just click here on "Okay."

You can see that right now, it is deleting partitions as it says right here, and it is currently making our USB Drive bootable. Now, this might take a few seconds to finish. It shouldn't take that long.

You can see right here all the files that it is basically making in our USB Drive in order to make it a bootable. You just basically wait for this process to finish. Then, you will have your bootable USB Drive, which you can later on just plug into your computer or laptop, or whatever you are using, and boot your Kali Linux on your main machine.

Now, it is also important to know that Kali Linux might not be supported on all the chipsets on your machine. I couldn't boot the Kali Linux on my laptop.

So, later on, I installed Linux Mint.

If it doesn't work, if the installation of Kali Linux doesn't work on your main machine, that's probably because some of the components isn't supporting Kali Linux or isn't supported by Kali Linux.

So, in that case, you would probably need to download any other Linux such as Ubuntu, which we have right here and make sure you install this. 

Now, basically, Ubuntu and Kali Linux are very similar.

Well, not that similar, but Kali Linux basically is a Linux operating system, it just comes here pre-installed with all the other hacking tools. The only problem would be if you install any other Linux, you will need to download all these tools that Kali Linux already has once you install it, which can take some time. 

For example, it took me weeks to install all of the programs I needed on my "Linux Mint" machine since I couldn't freely install Kali Linux on it.

So you should know that this process is taking a little bit of time. 

I thought it would finish faster, so I will just cut the tutorial short here and we will continue learning in the next lecture.

I hope I see you there and take care.

Important Linux Networking Terms!

Hello everybody and welcome back.

In the previous tutorials, we finished setting up our Kali Linux machine and setting up our ethical hacking environment. 

We are almost ready to start learning the methods and the attacks of hackers, but before we do that, I need to introduce you to some of the networking terms, and some of the ethical hacking terms that you need to know in order to be able to follow with this course.

This is just some of the basic terms that you all probably already know, but just in case, we will cover them shortly one by one. 

So in this part one, we will cover only networking terms and in the next part, we will cover the ethical hacking terms.

So let's start off with the basic one which is "TCP/IP model."

Well, "TCP/IP model" basically uses client-server model of communication in which a user or a machine, for example, is provided a service like sending a webpage by another computer in the network. 

So there are seven layers of this module and they go in order as a physical layer, data layer, network layer, transport layer, session layer, presentation layer and the last one is application layer.

So the next thing we need to cover is IP addresses and I already ran the command "ifconfig" which we covered before. You can see that here I have two interfaces, the wl0 interface and the n01 interface. 

If they were both to be connected to the Internet they would both have different IP addresses, local IP addresses.

Now, I'm connected over the wireless card interface, which is wl01 and my ipv4 address is 192.168.1.15.

So basically, what an IP address is, it is a numerical number or label that is used to identify the machine on the Internet and also used as a location addressing. 

There are two types of IP addresses: ipv4 and ipv6.

Ipv4 is mostly used over ipv6. 

Now, there is also one thing you should differentiate, which is the "local IP address" and "global IP address." 

The local IP address is the IP address that you see right here, which is 192.168.1.15 and it is only usable on this local network.

This basically means if you were to type here this ipv4 address in your Firefox or Google Chrome, you won't be able to connect to me because this is a local IP address, and it only works on a local network. 

Now, the global IP address is used by a router to communicate with the entire Internet. 

For example, you can find out what your global IP address is by typing in Google: "What is my IP?"

Just click on the first link and it will show you what your global IP address is. 

The next thing you should cover is the MAC address. 

The MAC address or Media Access Control is basically a physical address given to a network adapter when it is manufactured. You can find out what your MAC address is by typing in the same command, which is "ifconfig," which will also show you the different MAC addresses for all your interfaces, for all your network interfaces.

Now, here we can see this is the MAC address of my wireless interface. It is right here. My other network interface, which is not connected to the Internet at the moment has this MAC address. 

It is a physical MAC address and it is also a unique MAC address. It is hardwired or hard-coded onto your computer's network interface card.

The next thing are routers. 

For routers, we all have them at our own home. It is a common device we usually call it a router, but it is actually a piece of network hardware that allows communication between your local home network and the Internet. It is also a layer of protection for your local machines.

The next things you should know are TCP and UDP protocols. 

Those are the most known protocols and the most basic protocols. They are used basically for communication and they are used to establish a connection between one computer and another computer. 

For example, TCP stands for Transmission Control Protocol. It is different than UDP because it is a connection-oriented protocol while UDP is a connectionless protocol.

This means that in TCP there is something called a three-way handshake, which means that the two computers have to agree that the message came whole from one computer to another before sending the next packet. 

In the UDP protocol, packets are just thrown at the other machine and it doesn't matter if some of those packets is malfunctioned or didn't even get there. The machine will just start sending other packets to the other computer. 

UDP is mostly used for streaming or basically for your Skype calls, for example, while TCP is used to transfer packets that are important to go in a certain way.

Those packets are labeled with different numbers so that when one machine sends to the other machine a program or a file, it should all come in order that follows those numbers. 

So basically, for the TCP, there is a guarantee that the data transfer remains intact and arrives in the same order in which it was sent, while in the UTP, it's not like that. 

Now, the next one is the ARP protocol, which stands for the Address Resolution Protocol. It is a communication protocol used for discovering the link layer address such as MAC address associated with a given Internet layer address. 

Now, this mapping is a critical function in the Internet protocol suite. It basically has two types of ARP protocols, the "request type" and the "reply type." 

The "request type" requests a certain MAC address of a machine of which it knows the IP address and just wants to find out what its MAC address is, and the "reply type" is the reply sent by that machine which says, "Hey, I am 192.168.1.5 and this is my MAC address."

That is ARP protocol. It is used for ARP spoofing in man-in-the-middle attacks, which we will be covering later on. 

There are a bunch of other protocols that you should check out if you don't know what they do such as TCP, FTP, SMTP, ICMP and many more,but the most important protocols for us are the HTTP and HTTPS protocols. 

Now, you might be asking, what is the difference between those two? 

Well, basically in HTTP protocol there is no data encryption implemented and if you are visiting an HTTP site and you are putting in a username and password, there it can be seen in a plain text by anyone that is interfering with the connection between you and that website.

As in the HTTPS, there is the addition "S" as you can see, which stands for SSL or TLS, which is Secure Sockets Layer and Transport Layer Security, which basically encrypts your data and doesn't allow anyone who is interfering with the connection to see your data in plain text.

They are encrypted and hard to decrypt. For example, there are some SSL vulnerabilities out there that's why most HTTP websites nowadays use TLS. There are three versions of TLS, I believe, one, two and three and they are secure. 

The last thing that you need to know is the DNS which basically you use all day every time you visit a website. It is useful for us humans because we cannot remember numbers that well as we can remember words. 

So, for example, if you want to visit facebook.com without DNS, you will need to know Facebook's IP address and you would type it in the Google search bar instead of facebook.com.

DNS allows us to, instead of the IP address, remember just the name, and then it translates the name into the IP address.

It is a very important thing in the networking protocols and it is also one of the main things to attack. We will be doing DNS attacks later on as we go with the course.

Now, the DHCP is basically only used for giving you the IP address. Mostly it is also pre-built into your router and every time you connect to the Internet, it basically just gives you an available ipv4 address.

So, that's about it for these networking terms. 

You should all learn more about them if you want to. I won't be covering this in the networking course. You should just search them up on Google and basically just read more about them if you want to. 

For now, this will be enough and in the next lecture we will cover some of the ethical hacking terms that you also need to know in order to follow the course.

I hope to see you there and take care. 

Important Hacking Terms!

Hello everybody and welcome back. 

In the previous tutorial, we covered some of the basic networking terms, which you will need to know in order to follow up with this course. 

Now, those were just some of the basic terms not really widely explained. If you want to know more about some of those terms that I covered in the previous video, you can always google any of them and just learn more about them. 

But in this video, we will cover some of the hacking terms that you need to know in order to better understand what we will be doing in the next lectures. 

So, I will just write here, I will open Leafpad, which is basically something like Notepad for Linux and here I will write one by one the terms that we cover. 

Now, the first hacking term which is also a beginning process in ethical hacking is called "footprinting." 

You might be asking now, what is footprinting?

Well, basically it is just the same as it says it is. It's just getting as many information about, for example, a company as you can before you attack them. Now, let's say a client asks you to test his company website and you want to get as much information as you can. 

Now, one of the most common methods for doing that would probably be Google hacking, which is basically just opening Google and searching for files or anything that is uploaded on the Internet, which may help you in further attacks. 

There is also a website called "Shodan" and it is basically used to discover vulnerable devices on the Internet.

You can use that in order to check if any of those devices that belong to the company is vulnerable to any of the known attacks. 

Now, we will cover all of those tools. 

Don't worry. 

We will cover them one by one in detail and you will know what I am talking about. 

But also there is one more tool which I don't think it is that known, but it is called Harvester. I'm not sure we even have it installed in the Kali Linux. We might have. If we don't, we will install it. 

Harvester is basically used for gathering the emails for a certain domain. For example, you want to gather all of the emails that belong to the Apple company. You just type the domain name and the Harvester will basically automatically go over Google and there are a bunch of other options that I will show.

But plainly it will go over to Google and search for all the emails available that belong to that domain. 

So, it will basically get a list of all the emails that belong to a certain company that you are attacking. 

Now, that is basically footprinting, so we will cover that firstly in one of the next lectures. Once you finish footprinting, there comes the next thing, the next process in the process of ethical hacking which is scanning and enumeration. 

I will just write that out right here: scanning and enumeration. 

Now, footprinting basically gets you the information without actually testing or without actually attacking the company itself or the website or whatever it is you are testing. 

The scanning basically does as it says. It is just scanning the company network, for example, in order to discover what versions of software they are running, what ports they have open, what operating system they are running on their machines and more and more.  

Now, you might have heard of this program, you probably have if you have any ethical hacking knowledge from before, it is called "Nmap."

Let me just type here nmap. 

This is the program that we will cover in details. It is basically used to scan a network. You can use it to scan a website or a range of IP addresses if you want to. You can discover with it what ports are open on a certain website or on a certain machine or on more machines. 

You can also discover what operating system it has. It basically just prints you out with a bunch of operating systems and it shows the possibility of having that operating system in percentage. 

It is most likely accurate, but there are times when it just gives you a wrong operating system, but those I didn't have that much. Now, also what "Nmap" can do is discover the version of software running on an open port. 

So, for example, you have an HTTP port open and you are running a website, the Nmap has the ability to discover what web server you are running on that port. 

It might print out "Apache 2" or anything else that you are running there, which basically just gives out the banner in order for us to grab it and find out what version you are running.

Now, as I said, we will cover all of that in the details. For now on, you just need to know theoretically what it basically does and we will cover it practically later on. 

The next thing you also need to know is system hacking. This is a very important part because this is actually the part where we discover a way to enter the machine, for example. 

Now, system hacking is usually done with back doors. A back door is a program that you run on a victim PC and it basically gives you the full access to that PC without the victim knowing that. 

Now, back doors usually have some of the options such as being able to execute commands on the victims PC, being able to access the microphone, the web camera, being able to screenshot the screen, being able to upload and download files, change files and upload a key logger, which will give us back keystrokes that the victim is typing on their keyboard.  

Basically, back doors are detectable. The ones we will cover in the intermediate section can be detected because they are mostly widely used by every ethical hacker ever. 

So, in the advanced section, we will code our own back doors that will be fully undetectable by any antivirus available. 

Now that we have covered system hacking, we can go on with the malware. You most likely know what malware is, but basically, malware is a malicious program. Now by malicious, I mean it can be any program that does damage to your PC.

Let's say you make a program, a simple program that just creates files in an infinite loop. So, basically, it creates infinite files. Now that program will most likely make your PC crash before you get to close it. 

So, it is basically a version of a malware since it makes your PC crash and it doesn't do any good. Now, most known terms for malware are worms, Trojans, and viruses. We will be also coding some of the malware, but we are not really interested in that for now since those programs really don't have any use except to destroy someone's machine.

So, we won't be covering that much of malware, but we will surely go over it. 

Now, the next thing you want to know is what is sniffing? 

Sorry, I can type at the moment.  

Well, basically, sniffing is an action where you, as it says, sniff someone else's packets. Now, you shouldn't be doing that, but in some cases, in some ethical hacking projects, you might need to do that in order to gather some of the information. 

For example, a password can be hacked through sniffing. On a local network, if you run a man-in-the-middle attack and you sniff other's packets, if someone logs in to a website that isn't HTTPS, you will see their password in plain text.

The tool that you most likely will use for sniffing is called Wireshark. It is a widely known tool and it is used to just basically go over the packets that are going through your network interface card. 

So, now that we covered what sniffing is, we can go to social engineering. 

Now, this is something very important as it is most likely to get you into a company or any other machine, or basically to hack anything you want to since in the social engineering attacks you don't really attack the machine itself as much as you attack the person. 

So, for example, I always say, why would you hack a Wi-Fi from a restaurant if you can just ask someone, what is the Wi-Fi password? 

Now it is a simple use of social engineering. Not really that good one, but it is an example. So social engineering basically means attacking people. 

Now, what do I mean by attacking people? 

Well, let's say, for example, I make a back door, I code a back door.  

Now, what are the chances of someone opening an executable file that looks suspicious? 

Well, not big chances. 

But if you, for example, change the icon of that file to be a picture and you change the name of that file to be a .jpg or PNG, the chances of someone opening that file increased drastically. 

So, let's say that you know something about the person that you want to hack and you just send them a fake email from someone they know and in the email you send basically that picture, which is a hidden backdoor and they open the picture and the back door just installs itself deeply in the system without them even knowing that.

That is basically what social engineering is. It is a method of attacking people and not the machine. Now that we covered that, we can go onto the next step which is denial of service. 

Now, denial of service is basically what it says. It is used to crash someone's website or machine. So, basically, you just send a lot of packets, which the website cannot handle and basically just crashes and nobody else is able to connect to it anymore.

Now, in order to perform denial of service attacks, you will need a bunch of PCs in order to be able to crash anything. So you can't perform a denial of service attack with one PC. 

You won't be crashing anything because there are not enough packets that can be sent in order to crash a website. But if you make a command and control center, for example, and send bunch of back doors to a bunch of PCs and they all run the same command at the same time, which is sending packets to the website they will be able to crash it. 

Now, depending on the website, some of them are easier to crash and some of them are harder to crash, but you get the basic idea.

Now, we will cover SQL and XSS cross-site scripting. 

Let me just find this. 

Well, basically here we exploit any input. For example, the basic example of SQL injection would be, let's say you have an online shop and someone didn't filter out the requests that you put in the search bar well enough. 

So, if you type here a code, for example, it will be read by the website as a part of their website code and you will be running code on their website, and you should not be able to do that. 

Now, these attacks are only available because of the poor programming of their website. They didn't program it well enough. They didn't filter out the user input.

So that is SQL.

Now, we will cover also Wi-Fi hacking in detail. 

Now, there are a bunch of methods to attack Wi-Fi with the CPU, GPU, whatever you want. Most of the courses that I saw do not even cover the attacking of Wi-Fi with GPU. 

I don't know why because well basically the most common method is with Aircrack program, which tries to break the password of Wi-Fi with the CPU. 

Now the power of the CPU is fast, but the power of your graphics card will be much much better for hacking Wi-Fi because when you hack Wi-Fi, you basically get the hashed password and you don't see it in plain text, and you need the power of your CPU or power of your graphics card in order to crack that password hash, and the much faster method is to crack with your graphics card.

We will also cover the attacking of Wi-Fi on an enterprise wireless, which we will basically use to make a fake login page where someone will enter their password for the wireless. 

We can also make an "evil twin," which is basically a method where you reproduce the exact same wireless hotspot and with enough signal available to the victims. You can make them connect to your wireless instead of their real wireless. 

So, basically you just authenticate everyone from the real wireless and they will automatically connect back to your wireless, and therefore, you can watch all of the data that is going through and also if they need login in order to use the wireless, you will capture their password. 

Now we will also cover mobile hacking. 

In mostly mobile hacking, we will cover the Android attacks because there are more Android than iOS, but we will also cover some of the Apple attacks, where for example, let's say you make an application which looks like a legit application, and you install it on someone's mobile phone. 

You will then be able to access all of their messages, calls, send messages, you can watch files, pictures, download, upload and do all of that without them knowing it. 

Now, how we do that?

Well, basically we need to create something like a back door just for the Android device. The problem with this method is that they need to click on a certain part which can be suspicious. 

I will show you when we get to that. We will try to make that as less suspicious as we can. 

Now, there is also one more thing we need to cover, which is cryptography. 

Well, you probably know what cryptography is, but that is basically a method of protecting your information.  

Now, for example, you have password hashes. They are hashed for a reason so some of the attacks such as sniffing can't be used to seek the password and steal it. 

You can steal the password, but it won't be in plain text. It will be encrypted and you will need to decrypt it. If the password is big and uses numbers, letters, symbols and all of that, it will be very hard for the attacker to decrypt your password. 

Now, cryptography basically uses coding so that only those for whom the information is intended can read and process it and nobody else can. 

We will cover some of the basic cryptography methods, but we will only touch it a little bit since cryptography is a course itself. It has a lot of stuff to it and we won't be able to cover all that, but we will just barely touch it in order for you to understand what that is. 

So, that's about it for these basic terms now as well as the networking terms if you want to search more about these online and read about them. 

But we will cover all of them theoretically and practically later on in the intermediate section, and basically, we will code some of our own tools in the advanced section.

The footprinting part, I will cover now in the beginner section. 

I will show you Google hacking, the Shodan website, and the Harvester in order to get emails and until then, I hope you have a great day and I will see you later. 

Bye.

Few Things to Do After Installing Kali Linux

Hello everybody and welcome back. 

Now before we begin with the footprinting lessons, I would like to just show you some of the things you might want to install before we begin.

So the first thing I want you to install is "GitHub repository."

Basically, if you do not already have it, you just type here "apt install git."

Now, if you encounter this error, just basically delete these locks from the path that is specified right here.

So just take this path, copy it, type here the "rm" command that we covered, which stands for remove, then paste the file. 

Now, it might ask you to remove other locks as well. This one is also here, we want to remove this one as well. Basically, just copy the path and delete it. Let's just paste and let's see if there is something else.

There is one more lock in the cache, which we also want to remove. So copy the third one and I believe this one is the last one. 

So now that you deleted it, you can install "git" which is already installed for me. You just type here "apt install git."

How do we use git? 

Now let me just show you. 

You just go here on the GitHub website. 

Basically, any program that is not pre-installed in the Kali Linux, you will probably be downloading it over GitHub. 

So let's say, for example, I know a name of one program that is called "Instashell." It does not come pre-installed in the Kali Linux, but you can download it in from GitHub. 

I will show you the command right now. 

So basically, it is the first one. You can see that the site is GitHub and the path is what you want to copy.  

If you just enlarge this, it is the website and this is the program that I want to download. It is used for Instagram hacking. 

We will be covering it later on. 

For now on, I just want to show you how to install any program on GitHub. So basically, you just find the program you want to download and you copy the link right here, and once you go copy the link, you just go to your terminal. 

Let me see just where we are. 

We are in the /root directory and if we type here "git clone" which is basically the start of the command, and then you paste the link and just add ".git" it will download the program into our root directory. 

So, as you can see right here now, we have the full program downloaded. It is as simple as that, and now you can go to the program and basically use the program. 

So, if you do not have a git installed, you basically just install it with the command, "apt install git."

The next thing I want to show you is, for example, if you want to run a program that is not available to run as a root user or doesn't allow you to run as a root user, you might want to add a non-root user, which is simple, and you just type here the command "add user" and then basically any name you want.

So, let's say we want a user called John. It will ask you some of the questions for the new user, which you can answer correctly or not depending on you. It will ask you firstly for the password, which I will set as 1234. 

It will ask you to retype the password. I will retype it as 1234 and now it will ask some of the personal information, which I will skip. I will just paste the wrong thing so it doesn't really matter if this information is correct. 

Just type here "Yes" and you have a new user.  

Now, in order to add that user into a "sudo group," which basically means you will be able to run these root commands with that user just using the password from root. 

So the command for that is "usermod – aG" and "sudo," and then the name of the account you created, which in my case is John, and it will basically add John as a sudo user and he will be able to execute root commands if he provides the root password. 

Now, at the rebooting, you can basically login into your user account, but I will just stay here as a root user for now on and we will install the next thing you might want to have, which is "Tilix." 

Tilix is a program which basically allows you to execute multiple commands from the same terminal. 

Now, it could be useful if you are running a bunch of the commands and you want to see what is going on so you just run multiple commands from the same terminal and see the output of all of those commands. 

That's why I will install it just in case. I am not really sure if we will use it, but it is good to have it.

Now, this will take a few seconds to install and I believe once it is installed, we can run it basically with a simple command, which is just Tilix. 

Here we go, 5% installed. We will wait for this to finish and we will run it right away so I can show you how it works. It's basically the same terminal we have here. 

If we want to, we can split it in two parts.

The installation has finished and now I will show you how to run it. 

In order to run Tilix we just type "your telex" and it will open up a terminal as you can see right here, which is basically the same as this one, just it is white and if we want to we can split it on this button, and here we can make multiple terminal windows basically in one terminal.

So, if we want to, we can type one command right here, the other command here, and basically here the third command. It could be useful once you run big things like for example multiple commands for some program and you want to see what is going on, you basically use Tilix.

Now that we have Tilix, we can close it. We don't need it right now. The next thing and the last thing I want you to do is install "Tor."

Now Tor is a browser which is used to accept the onion routers on your links basically, which basically leads you to the Deep Web. 

Now, you can go "apt-get install tor" and just here you want to press Y. 

Basically, we need Tor for multiple things. Multiple programs require Tor in order to run. For example, the previous program we just installed, which was Instashell, which we will cover later on uses Tor in order to switch IP addresses in the process of brute-forcing Instagram accounts. Now, that is not the only program that uses Tor.

There is a bunch of programs that use it and you also might want to visit the Deep Web sometime, so you can just download it and we will have it for all the future purposes.

So this should finish relatively fast. 

Here we go. 

It is finished. 

We will clear the screen and in order to start Tor as a service, we just type here "service tor start" and it will open up Tor. 

Now, if you want to run Tor, you just type your Tor, which will say — Yes. Could not bind to this. Address already in use. Is Tor already running? 

Yeah. We're basically already running Tor so it just gives us an error that Tor is already running.  

So, if you want to stop it, for example, we can just stop with this command "service tor stop."

Now, that is about it for some of the basic things you might need in the future and in the next lecture I will show you how to change your MAC address in a simple program that is already pre-built in the Kali Linux. It is called "Mac changer." 

So we will cover that in the next tutorial and after that, we will go on to the Google hacking, Harvester, and Shodan.

Now, I hope I see you in the next lecture and take care. 

Bye. 

Changing Our MAC Address - Macchanger

Hello everybody and welcome back. Now, in this lecture, we will cover our first program that we will use, which is called "Macchanger."

It allows us to change our MAC address, which can be used for multiple things such as, for example, if on a particular wireless network there is a blacklist or whitelist which is based on the MAC addresses, you can bypass that with simply changing your MAC address. 

Now the program that we will use is called "Macchanger." If you just type here in the terminal "machanger" you will notice that it will print the usage of the command. 

So here it says we need to type "macchanger options" and then the device. Now, in order to check out our available options, we can type here as it says "try macchanger — help."

So we will type "macchanger — help."

It will basically show us right here some of the available options that we can use right now. In order to find out what our MAC address is, we want to use this option which is "- show" or "- s."

Now, if we just type here "macchanger - s" it will say that we incorrectly used this program because we didn't specify the device. 

Now, this device basically means your network interface card. You might be having multiple interface cards, so we want to pick one. 

If you type here "ifconfig" as we covered in the previous tutorials, it will print you up with your network interfaces. 

Here I only have "lo" interface and the "etho" interface witch I use to connect to the Internet. 

So, I will use this one.

If I just repeat the command "macchanger - s" and then "etho" it will read my current MAC address and my permanent MAC address, which in this case are both the same because we didn't change it yet.

Now, if you have multiple interfaces, just pick the one you use currently and just specify it at the end of the command. 

Let's type here once again "macchanger — help" in order to see what else we can do with this program. 

So we covered this part, which is showing our current MAC address. 

Now let's say we want to change the MAC address, we can look at some of the options here. It says set fully random MAC address, which we can do with the "- r" or "— random."

So, let's try to put the random MAC address and see what happens. If we type here "macchanger - r" which stands for this option right here, which is set fully random address, and then we specify once again our network interface, we can see that right now our MAC address has changed.

As you can see right here, new Mac is this one. The previous one was this one. So if we want to show our MAC address again, we can see that it has changed. 

I forgot to specify the interface. We can see that the current MAC address is a different one from the permanent one, and we can see that we successfully changed MAC address.

But let's say, for example, you want to bypass the whitelist of the MAC addresses, you would want to specify a specific MAC address.

So, we can do that with this command, which is basically "— mac" and then specifying a MAC address.

Let's say, for example, we want this MAC address. Let me just open another terminal right here. Let's say we need to have this MAC address right here. We can try to get it with the "-m" command. We just move this right here.

So, if we run once again "macchanger — mac" now we will set here the MAC address. Here we will put equal. I am not sure we need to put equal right here. We will try with that first, and then 22:33:44:55:66:77, and then we will specify our network interface. 

So, if we see right here, it changed our MAC to the specific MAC address that we wanted it to change to. 

Right now, once again, if we type "machanger — show" now it is like this. Yes, I always forget to specify the network interface. We can see that our current MAC address is "22:33:44:55:66:77" and our permanent MAC is our normal MAC address, which doesn't really change. 

Oh yes. If we want to we can reset back to the original permanent hardware MAC with the "-b" command. 

Now, if you are finished with your attack, for example, and you want to change the MAC address to the normal MAC address, which is our permanent MAC address, you can do that with "-p" command. 

So let's try that "macchanger -p" and then our network interface, and we can see that the new MAC is now the same as the permanent one, and now we are back to normal.  

We can just type here "show" again, and we are the same as we started before using this program. 

This is a useful program for you to change the MAC address. You can even put it to change it at the boot up of this machine, so it changes basically every time you restart the machine. It will change your MAC address, which can be used to provide a little bit of anonymity, but I don't really use that. 

You can if you want to and that's about it for this program. It is one of the simple ones, so we covered it first. 

In the next lecture, we will cover Google hacking, which is also pretty simple. 

I will show that in the next lecture.

I hope to see you there and take care.

Footprinting! - Google Hacking

Hello everybody and welcome back.

Right now we are slowly entering our footprinting section, which will be the last part of the beginner section including the scanning section that we will do right after we cover the footprinting.

Before we begin, while our machine is starting up, let us just explain a little bit more what footprinting is.

First of all, there are two types of footprinting: one is active and one is passive.

Now, the active footprinting basically requires some interaction with the target that you are trying to attack while the passive footprinting is basically just gathering all the publicly available information for your target.

So, for example, if your target has a Facebook account, a Twitter, or basically any other account or any other source of information from which you can gather some of the valuable stuff you might need.

Now let’s say, for example, your target is a company and has public information online that this company uses Windows XP on their machines. You can already cut out the Linux exploits and Windows 10 or 7 exploits, and you can basically just focus on writing a Windows XP exploit.

Now, we all know that nobody really uses XP anymore because it is vulnerable and it is basically an open box, but that was just an example. There are lots of public information which you can find.

Let’s go to some of the practical methods with Google hacking. We will cover Google hacking in this tutorial, so let me just login, “test1234.”

As soon as my desktop boots up we will open Firefox and we will run some of the specific commands in the Google search bar in order to find some of the stuff we might need.

Now, this is just one of the tools for footprinting that we will cover in the course. The other ones will be Harvester, Nikto, Shodan and Whois that we will cover in the next lectures, but for now on let’s just open our Firefox.

So just click on your Firefox icon and basically since it will lead you to your Kali Linux website, you want to navigate to Google. So we can add another tab and go on to google.com.

Now, let’s say that you want to find all the websites that have a user input that could possibly be vulnerable to the SQL injection.

On the Google search bar, you just type here: inurl: “index.php?id=”

What this will do is it will find all the websites that end in the index.php?id= and then some number.

Now, what does that mean?

Basically, if we click on any of these links like this one, we can see right here that this website could possibly be vulnerable to the SQL injection.

We can check that easily with the apostrophe and if we try to login, it says, “login failed due to incorrect email address, wrong passphrase.”

So this site isn’t horrible, at least at the first try, but we won’t try it anymore since we shouldn’t really do that.

I just want to show you how to filter out all of the websites that actually have a user input, which could be vulnerable to the SQL injection.

So basically anywhere where you can type something, and then the website page can process it, could be vulnerable to the user input, which could be a piece of code that you would trick the server to run for you.

But more about that in the website hacking section.

Now, that was just one of the commands.

In order to find the commands you might need, there is a Google hacking database, and to find it you just type here in Google, “Google hacking database,” and you click on the first link.

It will lead us to a website with a bunch of the commands that can be used in order to find out things we might need like passwords, PDF files or Excel files, or anything.

As you can see, it says right here it is the “Exploit Database” website, the “Google Hacking Database.”

These are just a bunch of the commands, which you just copy and paste into the Google search bar and it will list you all the files you are searching.

I am not really sure what these commands are, but it says right here if we click on the one, it will lead us to the command, which is this one.

Now I can only guess what this does, but we can read it in the description.

“Dork for finding login portals for well-known company websites hosted on famous hosting providers such as all of these.”

Basically, this command does that. We can try it out if we want to. It’s not really that useful for us, but why not?

You just copy the command and paste it, and we will see how it works.

They are all basically account login as we can see, “account-login, my-account-login, my-account/login.”

So it filtered out all of the websites with a directory which is /my-account-login.

Now, let’s see, for example, another one.

As you can see, these are listed with a date. The first one was yesterday. Let’s go on this one: intitle:“index of /”ssh

Now, you can read right here the data you find: Web servers version, SSH version, SSH keys, SSH logins, and SSH .exe files.

As it says right here:

”I found a lot of servers using SSH 1.4. They are usually five plus years old and full of security holes. A search in exploit database for SSH 1 turns up plus forty thousand exploits. For these, some may work.”

This could be a useful command for us. We can copy it and see what we find with it.

We won’t be attacking any of these since we don’t have permission, but it sure could be useful later on.

As you can see, we will not mess with this right now. What we want to do is only use these commands and we will cover hacking of websites later on, not on these websites, but on the websites that we do own, which we will make in our own virtual environment.

You need to use these commands only.

You can basically, if you want to search things like PDF files, you can type here in the quick search “PDF,” and it will show you the PDF I believe.

Let’s see how to find a PDF file with this command here and if this could be a PDF file that could contain a password.

As you can see right here, all files are PDF files. Let’s see if we open one, it will ask us to save these files. We do not want to save it.

Basically, this is just all of the PDF files available on the Internet. Let us just see the more accurate explanation of this command.

“Passwords and information on targets employees/customers also for spear phishing. Replace PDF extension with any other document extension like doc, docx, txt.”

Okay, that was PDF and you can use any of these commands. If you want to know what it does, you just click on the command.

This one really doesn’t have any explanation.

Let’s just check out another one.

As you can see, this command which is pretty huge, will help you to find out videos published in Google Drives.

There is a bunch of file extensions for videos. I’m not really sure why PDF is there, but there is possibly a reason for that.

So let’s say now that we do not want a PDF file, but we want an Excel file. We just type Excel.

There is no matching records found.

We can set here on 120 commands and there is a .xls file, which is an Excel file and if you click there we can see what else it will find. It’s a mix of login portals and passwords, but this is a huge command. We will not use it right now.

So, that’s all I wanted to show you.

As you can see, they basically explain for every command what it does when you click on it and see the explanation, which is basically just a lot of login portals.

It could be useful if you wanted to find some of the vulnerable sites to the specific attacks like we showed in the first command, or in the first string that we typed into Google, which was that index.php?id= that would lead us to all of the websites with user input that could be possibly vulnerable to SQL injection.

So, that’s about it for the Google hacking.

Now, if you want to, you can scroll down and check out all these other commands. It could be useful for you, but we won’t be doing that since there are lots of them and we will continue footprinting in the next lecture.

I hope I see you there and take care.

Footprinting! - Nikto Basics

Hello everybody and welcome back. 

Now in this lecture, we will cover our second tool for the footprinting, which is called "Nikto." 

Nikto can also be used for the web penetration testing, which basically it scans for the website and it prints out if there is any possible vulnerability on the website or if there is any outdated version. 

For example, the Apache 2 could be outdated and the Nikto will show us that. 

Now, this can be put into the active interaction since we are scanning the website and you should not be doing that on a website you do not own. 

So I will just scan the web server that I put out on my laptop. It is an Apache web server and it doesn't really have anything on it, but it's running currently so we should be able to see the IP address and the version of the Apache, and also maybe some of the errors it could possibly have. 

So, let me just enlarge this a little bit. 

Now, in order to run Nikto, you basically just type here "Nikto."

It will show you the usage of the command. 

Now, these are some of the basic options that you can see right here. If we want to, we could print the extended version. I believe it is "help" as it says right here.

Yeah.

This would be the extended version of the "Nikto help" command and we can see there are a bunch of the options right here for this program. 

Now we won't be covering all of these since that will take a lot of time, but we will cover some. Basically, the most important one would be host.

Here it is: "Target host."

So, in order for you to scan a website, you need to provide a target host. That target host can be either a domain name or basically an IP address. Now in my case, I will use my IP address since my laptop is on my local network, and its IP address is 192.168.1.15.

Now, if you have any available website or any other virtual machine, you can test it on that one, then you can check out if your local website is vulnerable to something or possibly could be vulnerable to something. 

Let me just show you.

Let's type here "Nikto" and basically, we will specify first off "h" for the host, and then 192.168.1.15.

Now, this will print out some of the errors it might find such as here we have "The anti-clickjacking X-Frame-Options header is not present. The XSS protection header is not defined."

This could be a problem. It is opening us to a cross-site scripting attack, but it also could be just a false alarm. Here we can see the allowed HTTP methods on the Apache website, which is GET, HEAD, POST and OPTIONS, and this will take a few seconds to finish. 

Basically, if it takes a lot of time, we will just close it so I can show you some of the other options that Nikto has.

Here we have "login.php: admin login page/section found. Portions of this server’s headers are not in Nikto database or are newer than the known string."

Okay. 

"Would you like to submit this information?"

We do not want to submit any right now. 

Now, you might be asking, what kind of login page am I hosting on my laptop?

Well, basically, I just have a fake Instagram page right there. I just made it. So if we typed my laptop's IP address, it will lead us to a fake Instagram page. As you can see right here, it is not a real Instagram, it is basically just my IP address, which we will use for some of the attacks later on.

But for now on, we will just use the Nikto, in order to scan this page and as we can see, it has finished. It printed out a bunch of the options, which could be useful or not for you depending on the website and depending on the errors.

But let's check out some of the other examples of this command. So let me just type here "H" and we can see the "help" command once again. We can see our options: Config, display, format, hosts, evasion: Encoding Technique.  

For example, you can use the evasion. I believe it is tagged as "a - e" in the command. We can use the "-e" then specify any of these numbers if you want to like fake parameter, directory self-reference or any other. 

Right here we will use number one, random encoding non-UTF8. 

Okay.

So you will basically run the same command, but let's add before that. 

Now, I believe that this will print out the same output, so we are not really interested right now in waiting for this to finish. One more thing I want to show you is that you can specify a port on which you want to scan. 

Now, most likely that port will always be port 80 so it is not really needed, but in case you want to, for example, scan port 443 which is the HTTPS usual port, you can change that with the "-P" option.

As we can see, default is 80. 

So you would just type here "Nikto" and then the host, which in my case is  192.168.1.15, and then you specify a port and type here 80 or 443. 

For any other port, you want. But most likely, it will be one of those two. 

Now, let's say, for example, we want to scan port 80 since my Apache web server is running on port 80 on my laptop, and we want to save that into a file. 

Now, how do we do that? 

With the "-o" command. 

Let me just check here if it really is "-o."

I'm not seeing it right here. I believe it is. Yes, it is. 

Output. So just type here "-o" and we will name our file, basically, we can name it anything you want. We will name it right here "Result." 

Then, you also need to specify the file type, which I believe is F which is format. 

Save file. Format. Okay. 

So format. 

We will just type "txt." 

We want to save it into a txt file.

We can run the same command once again, and basically right here once it finishes we will have a file with all this stuff written to it, so you don't have to write it manually. 

The output option can be used if you need to provide to someone the scan results. So you can just put that into any file type. I just decided it to be txt for this example and you can just send the file to someone. 

Now, let us just wait for this to finish, so we can check out our file. Here it asks us again if we want to report something to the website, I believe. 

Let me just read once again. Not in Nikto database. 

Would you like to submit this information? 

No. We do not want to. 

So now if we type "ls" I should have a "Result" file as we can see right here. 

Now, if we nano the "Result" file or let us just "cat" it, we should see all of our output right there. As we can see, target host name, target port is right here and some of the other info. Not really sure why it didn't put all of them in here or maybe it did, I just can’t see them. But that's the example of writing a Nikto output into a file.

Let us just delete this file for now. 

If you want to run Nikto, you can see that there is an option to run it over a proxy. As you can see, "use proxy."

You can use the proxy defined in the "nikto.conf" file.

Now, in order for you to do this, you need to link in that file any proxy you want basically. If you have one, I will show you how to put it there. I don't really have one at the moment. We will cover proxy and VPN later on, but for now on let me just locate the "nikto.conf" file.

We covered this command. 

So, you just type here "locate" and then the name of the file, and it will show us all the files that are named like this, and where they are stored.

Now, we are interested in the first one, which is in etc and if we nano to the "nikto.conf" file, we can see a bunch of options right here. 

Let us navigate and find the proxy option. Let me just check where it is. Here we go. 

"Proxy settings still must be enabled by -useproxy."

So basically, if you wanted to use proxy in the Nikto program, you would specify useproxy in the command, and here you would specify the proxy host and the proxy port.

So, if you had a proxy you would specify the proxy IP address right here, which for me is just "localhost" at the moment, and here you would specify the port. Also, one more thing you will need to do is remove the # in order for this to be configured.

After that, you would just type CTRL + O, save, enter CTRL + X to exit, and then you could use your proxy nano Nikto.

But since I don't really need it at the moment, I will just put the # back so we don't use it. I will say once again, just remember that the file is located in the etc. You can also find it with the "locate" command.

So, that will be about it for the Nikto program. If you want to, you can check out the other options as well. 

I don't find them useful at the moment, but if you want you could check out all the other options. We will continue in the next lecture with the "Whois" program.

I hope to see you there and take care. 

Footprinting! - Whois

Hello everybody and welcome back. In this lecture, we will cover one more footprinting tool, which is basically called "Whois." 

Now the "Whois" is an important footprinting tool because it basically gives us a bunch of information about a website that we scanned. 

Now, the information can be used for multiple further attacks, since the information that we get from the website from the "Whois" command or program is basically, who registered the website, where is it registered, which date does the registration expire?

We get a bunch of addresses, telephone numbers, email addresses and a bunch of the other options.

So, let us just type here, the Whois is preinstalled in Kali Linux, so you don't need to install it. You will have it already there. As we can see what the usage is, Whois, then the option, then the object. 

This is a bunch of the options that you have. We will not cover them. We will just basically scan the site with the host option.

Let's scan a big site for example, so that we can get a bunch of the information, like cnn.com. If you type here "Whois cnn.com," it should print out a bunch of the publicly available information about that website. 

Let us just wait for this to finish. It shouldn't take too long. Here we go. 

Now, the first thing we see right here is that notice, which says, “You're not authorized to access or query our WHOIS database through the use of high-volume, automated, electronic processes or for the purpose or purposes of using data in any manner that violates these terms of use.”

So, basically this is not illegal. 

You can see right here, “By submitting a Whois query you agree to abide by the following terms of use. You agree that you may use this data only for lawful purposes.”

Basically, you shouldn't be using any of this data for any of the attacks that we will cover if you do not have permission to do so. We will just check out the data. We will not use it for any further attacks. 

So, let us just see what we got from this command. 

As you can see, the first thing we have here is the domain name that we typed, cnn.com, the registry domain ID, we can see that the registry Whois server is this one.  

Now, most of these commands do not really interest us. We can see this could be possibly interesting for us, which is the name server. It could be useful for some of the DNS attacks. But until then, we will just check out all these options. 

Let me just see if there is anything interesting right here. 

Registrar abuse contact email. We can see an email right here. Contact phone. Registry expiry date. 

We can see when it expires, its creation date, updated date.

Let us go a little bit down here. 

Terms of use. 

Okay. 

Registry domain ID. 

This is basically all that we have seen already. 

Here are some of the publicly available information. As you can see, the registrant email "tmgroup AT turner.com."

So for example, if you were an attacker and you were hired to test the company and you test their website like this, when you get a bunch of these emails, you can use them for some of the further attacks such as malware sending. 

You can send a malware for example from this email and this is just a hypothetical example. It can be used for some of the further attacks, such as sending malware to this email, and then hopefully waiting for someone to open it. 

Then, you will have a back door installed on the inside of the company. 

Here we can see more of the publicly available options, such as the registered city, state, postal code, country, a bunch of the other mobile phones, emails as we said.

Down here, let me just see, another email right here and the name server. As we can see, this can be useful. Let me just check if that is that. 

So basically, you use this command in order to gather more information about the company.

It surely can provide some of the information you might need, in order to for example save this to a file as we did in the previous command, in the previous lecture with Nikto.

Let me just see if it has an option to save to a file. I'm not sure if it does, but if it doesn't, you can do that with simply typing here the same command, and you can type the arrow into "result.txt."

Now, it won't print out anything here I believe, and it will print all of the output into the "result.txt" file. 

So, when this finishes, we should have a file with all of these things written to it. As you can see we didn't get any output, but if we type here "ls," we can see the result.txt.

Let's "cat" that file and we should have all of our information available in that file now so you can send it to someone if you want to, or you can just have it so you don't have to type the command every time in order to check something out. 

Now, since I don't need that file, I will just delete it and that's basically it for this program. You will find it useful sometimes, and sometimes not. But in the next lecture, we will cover the email harvesting, which we will use a program called "Harvester."

I’m not really sure if it's installed. 

Yeah, it is installed in the Kali Linux, so we will cover it in the next lecture, and until then, you can practice these two programs that we covered for now on, including the Google hacking and Nikto.

You can also practice with the Whois program to find as much information as you can. 

Now, this is it for this lecture and I hope I see you in the next tutorial.

Bye.

Footprinting! - Email Harvesting

Hello everybody and welcome back. In this tutorial, we will cover the email harvesting tool, which is called basically "The Harvester."

So, in the last tutorial, I checked out if we have it installed already and we do. I will just locate it and we will run it because I already tried to run it from here. 

Harvester, it just doesn't work. So, let’s just locate it first and we can see that it is stored in this directory usr/share/golismero/tools.

So, we will just go to that directory and we can see here a few programs, and we will change our directory to "The Harvester."

If we type here "cd theHarvester" we can see that right here we have an executable Python file, which we will run in order to run this program. 

Let me just enlarge this program and I just want to tell you that this program basically doesn't work from time to time. So for example, once I run it, it might print us the emails and it might not because I run this a bunch of times on the same website and it sometimes just finds a lot of things and sometimes it just doesn't find anything. 

So, if we just run this program, it will show us an error and it will say, “The domain search is mandatory.” 

We basically need to specify our domain website. 

So, let me just type here the help option, which is "theHarvester -help" and it will show us our available options. Here we can see that the "-d" is basically specifying the domain or company name to search for. The "-b" is engine, so the search engine will by default be Google as it says right here.  

We want to leave it on that since I believe Google is the best. Here we can have the "-l" which is also an important option, which stands for limit. It will limit the number of results to work with. 

So basically, if you just type here "d200" it will search for the first 200 results and it will show us the emails and hosts from those 200. 

Now, we can try these examples right here, so we will just copy the first one. Let's just use "-d microsoft.com -l" for the results number which we will set to 500 and "-b" in order for it to be googled.

So, let's just try this. It will take a few seconds. It might find something and it might not. Basically, if it doesn't find anything, you can try it using the same command later on and it will probably work. 

It just decides from time to time when it will find them and it will not. So, if it doesn't work, we won't really care much about it. We will just continue on with the tutorials and you can try it later out with the same command. 

Here we go, it is soon going to finish it, but in this case, we just weren't able to find anything. 

So, let me just try here another website or basically we just type Microsoft without .com. Maybe it will search it as a company name and it might find some of the results.

We will give it one more try after it if it doesn't find anything here, and we will finish the tutorial there since there is no point. As I said, sometimes this tool finds something and sometimes it just doesn't want to find anything.

We will wait for this to finish. The first 200 results are already over. This one didn't work as well. So, let me just try out one website that worked 20 minutes ago when I tried it. This is a website from my country, some university websites. It doesn't even matter, you can try this on any website you want. 

Maybe if we use the other website it will print us something. If it doesn't we will just proceed to the next tutorial, which will be "Shodan."

It is basically a search engine, a website that we use to search for vulnerable devices. 

Now, you will be surprised how many vulnerable devices are there out on the Internet. The most common vulnerable devices are basically the routers with the default username and passwords.

If you were to go on to the login page of that IP address, you will be able to enter their router and change all their settings. But more about that in the next tutorial as we can see this one didn't work either.

We tried three times and it didn't work any of those three. 

So, basically later on or tomorrow, whenever you want, you can just try the command out once again and it will probably work. It just doesn't want to work right now. 

Once again, it is located in this directory. You won't be able to run it from the terminal or from any directory. If you want to, I will show you in the next tutorials how to move a file and be able to run it from any directory with just its name. 

So, for example, I will show you how to run this file with just its name and not go into this directory all the time when we want to use it. But we will teach that in some of the other tutorials. 

For now on, I will cut the tutorial short here and I hope I see you in the next one.

Footprinting! - Shodan

Hello everybody. 

Welcome back and in this tutorial we will cover the "Shodan," but before we go on to the "Shodan" I just want to show you "The Harvester" from the previous lecture, which we couldn't get to work. 

Maybe if we try it right now it will. Let me just locate it once again. 

So we will go to "usr/share/golismero/tools/theHarvester." 

Now, I won't cover right now how to use Harvester since we did that in the previous tutorial, but I will just try to run it once again so we can see if it will work today. Now, let me just type here "the Harvester" and as the domain, we will use the same website we tried on in the previous video, which is this one. 

For the "-l" command we will list 500 results and for the "-b" command we want to search over the Google engine. So, if we just enter right here, we will just wait a few seconds until it searches Google.

We will see if right now we get some of the results that we couldn't get in the previous video. As we can see, it will finish soon. It processed 400 results and here we go. As you can see, the same website that in the previous lecture didn't work, right now gave us some of the information. 

For example, we found a bunch of email addresses that belong to that domain as you can see right here. We also found some of the hosts with their IP addresses that also belong to that domain you can see "portal allinclusive."

We found some of the email addresses that if this was a company that we were testing, we could use in order to process with our attacks.  

For example, we could send malware to all of these email addresses and hope that some of them will open it. But I just wanted to show you that it works sometimes, so let's just proceed on to the "Shodan," which is a website.

So, just open up your Firefox and a new tab, then type here "Shodan."

We will click on the first link and it will lead us to the website where we can discover some of the vulnerable devices on the Internet.

As we can see, this website right here "explore the internet of things, monitor network security" and a bunch of other things. 

So we are on this website right now and basically let us just search for some of the vulnerable devices.

In the search bar, I will just type here "password."

As you can see, we got two million results right here. We got some of the IP addresses. Let me just type here "default password," so maybe it will show us the results of the IP addresses that have the routers configured with the default password.

This one right here default name "admin," password "1234," but it is unauthorized. So let us just go down here. This IP address right here, important banner message, username is "admin" and password is "password."

So, if we click on this IP address, it will open some of its information. Let us just copy the IP address. We will copy right here and paste it in Google. 

Now, there is a good chance that this won’t work, before I type here the username and password, let me just check here, what was it?

I believe "admin" and "password."  

Yeah, let's try this. Let me just refresh this and type here "admin" and as a password, "password."

Now well, let me type it once again. Yeah, sometimes it just won't work since these could be updated and they are not really vulnerable anymore. Someone could have changed the username and password, and right now we can't log in anymore to it.

So, let me just find another one. As we can see, this one user named "cisco" with the password "Cisco." Let us just click on this one for now. 

“The default username and password have a privilege level of 15. Please change these publicly known initial credential using the Cisco IOS command.” 

So basically, if this one didn't change, we should be able to log in with the default username and password. Let me just paste it right here and we are unable to connect right here. 

Well, it doesn't really matter. Even if you could possibly connect to someone and they didn't update it, and they still have the default username and password, you shouldn't really do anything with it since it is illegal to change other people's settings on their router.

That's why people get notified here about their vulnerabilities. Let me just show you how you can check yourself out.

Just type here, “What is my IP address” basically just copy your public IP address right here as it says, “Your public IP address” and paste it in the search bar, and if it finds something, it means that your device or your router is vulnerable to something. 

In my case, it didn't find anything since it is not really vulnerable, but in your case, it might find something. Before we finish this tutorial, I just want to show you for example if you found out that your own IP address is stored on Shadon, that means that it has some kind of a vulnerability. 

So, in order for you to change that, for example if it has a default password and username vulnerability, you will need to update your username and password in the router.

In order to find out what your router IP address is, you can just type here "netstat - nr" and the IP address that is located below the gateway is the router’s IP address.

So, you can just copy it, go onto the Firefox. Let's open a new tab and right here you paste the IP address and it will ask you for your username and password. 

So, you just type here your username and password whatever it is. If you do not know, just search the name of your router on the Internet and it will show you the default username and password that you get in the configuration of the router. 

So, if you didn't change it, the username and password will be the same. You can find the default username and password for any router on the Internet. We do not want to save the username and password, so now we wait for it to log in. 

Let me just show you, for example, you can just type here on Google “default router passwords.”

You can just go to any website basically and just search the model of your router and find out what their default IP address is, and also what their default password is.  

Now, most likely, it would be something like "admin, admin" or "admin, password," but it could also be something else. 

Now, this is the site I didn't visit before, so let me just check out if there is anything available here. Here you can basically just paste the name of your router and it will give you the information.

Let me just try with this one. Let's say this was your router and you find out what the name of your router is, you just paste it right here and it will find the router you were searching for. 

It will also give you its IP address by default and your default username and password for that router. 

So, once you find that out, you can just paste the IP address right here and it will log in. 

Now for me, it is for some reason loading for too long. Let me just type here once again and here we are. We are logged in. 

Now it didn't ask me for a username and password because it asked it two minutes ago. 

So now we are in my router. Here you can have a bunch of the information. 

Now, depending on your router, different settings will be on different places. It won't be the same as my router. 

My router is an old one, so it will probably not look even nearly the same as mine does. You just want to play with the settings a little bit and click on a bunch of things until we find the username and password changing section where basically you can change your default password into any password you want. 

Once you do that, nobody will be able to login into your router anymore with the default username and password. It is really important for you to do that because if someone logs in, they can change any of the settings for the router. They can change for example port forwarding, they can change your wireless password and everything else.  

So, it is a pretty vulnerable device and you want to change that. 

Now, that would be about it for this "Shadon" website and with that, we finish the most part of the footprinting. 

We just leave the two tools for the next lecture, which will be the dig and the DNSENUM tools, which I will cover briefly, and after that, we can continue on to the scanning session. 

So I hope to see you in the next lecture, and take care.

Footprinting! - Zone Transfer With Dig

Hello everybody and welcome back. This is the last part of the footprinting section where we will cover two tools, which are basically almost the same, but there are slight differences between them. 

The first one is called "Dig," so if you just type here on your keyboard "dig," you will notice that nothing will happen since we didn't specify any website. But for more information we will just type here "dig —help" to provide us with the simple usage of this command.

Now you can use any website for this. It is basically not illegal. This is just a tool in order to scan the DNS. Dig basically stands for Domain Internet Groper, and with it, you can basically try one of the attacks, which is called the zone transfer.

Now zone transfer, it uses the replication for primary and secondary DNS servers in order to be synchronized. Well, basically the secondary server, for example, asks for data for zone from primary server. The primary server answers with a copy of database, which has IP addresses and name of hosts.

Now, the configuration of the DNS can potentially allow anyone to request a zone transfer. So, with this tool, we will try out the zone transfer on some of the bigger websites, which of course won't work, but on the smaller ones it could possibly be a misconfiguration in the DNS, so that the zone transfer is enabled.

Now zone transfer is happening over TCP on port 53 and not over UDP at the regular port 53 for the DNS. 

So, if you just type here "dig google.com" you will notice that it would give us a bunch of the information about google.com. 

So for example, as we can see, this is the DNS query right here. The NS right here stands for Name Server and we can see that there are four of them. The A basically represents the IP address, the one A stands for the ipv4 IP address and AAAA stands for the ipv6 IP address. 

We can see also some of the other options, which is the server that it used to query, which is our own router on port 53. As you can see, the usual DNS port will be port 53 over UDP and my router IP address is 192.168.1.1. 

We can see that the one query, we got one answer authority four, which is these four servers right here, and additional line I believe it is referring to this one right here, even though there is eight ones. 

But these are basically the same servers just with the different format of IP address. This one is as it says ipv4 and this one right here is ipv6 IP address. 

So that’s the basic use of the "dig" command. You can use it to find out some of the information about the domain, but if you wanted to try out the zone transfer, you can do it like this. So, just type here "dig" and then you type here "axfr" which stands for the zone transfer.

Now, we can use for example "facebook.com" and we can use the other server for example A.NS.FACEBOOK.COM. 

If we type this right here, you will notice that after a few seconds it will basically prompt us with “The zone transfer failed,” since Facebook didn't misconfigure their DNS, so the zone transfer attack cannot be done on Facebook.

Now there are maybe other smaller sites that could be possibly vulnerable to some transfer attack, but we won't be trying to find them at the moment. This is just one of the tools that you can use in order to find out if it is vulnerable. 

But let me just show you another tool right here, which is called "DNSENUM" and also preinstalled in Kali Linux. So basically, it is the same as the dig tool. If we type right here "DNSENUM google.com" it will provide us with similar information.

As we can see, host address google.com, which is A, stands for the ipv4, and then it will print us the IP address, the ipv4 address of google.com.

Right here, it is trying to find out some of the name servers of Google. As we saw before, there should be four of them. 

Now, this might take a few seconds and sometimes it actually just times out. It might time out right now, but we will see in a few seconds, I will come back when these finishes. 

As we can see, it finished right here and it says that the google.com NS record query failed. It timed out.

So we won't be trying that anymore. I just wanted to show you that you can use that tool as well if you want to. But that would be it for the footprinting section.

So let us just recap what we covered.  

We covered some of the tools that we use to gather as much information as we can about our targets. 

So, for example, these two we covered in order to gather some of the information from their server for their DNS. 

We also tried one of the attacks, which is the zone transfer and of course it didn't work on Facebook.  But as I said, it might work on some of the other websites. 

We also covered the Whois, we also covered the Shadon website, we covered The Harvester in the previous lecture where I showed you that it sometimes can actually work.

We also covered the Nikto, which is a big command tool. You should search more about it if you want to. It might be useful later on. 

So that would be about it for the footprinting section, and with this section, we basically finish the beginner section and we enter the intermediate section where we will start off with creating our vulnerable virtual machine, which we will use in order to run our scans and attacks.

Since it is not legal for us to attack a machine that we do not own, we will create a virtual machine which we can attack. 

Now you might have heard of that virtual machine. It is called Metasploitable and I will show you in the next tutorial how to install it.

We will start covering one of the bigger tools in Kali Linux and one of the tools that you will use a lot, which is called the Nmap.

But more about that in the scanning section, and I hope to see you there. 

Take care.

Scanning! - Installing Metasploitable

Hello everybody and welcome back. We have officially started our intermediate section and we are starting it off with the download of the virtual machine called "Metasploitable."

Now as you can see, I am downloading it right now from the Rapid7 website. If you go and type here in your Google search bar "Metasploitable" and click on the first link, it will ask you to make an account before the download. 

So basically, you need to submit some of this information in order to download the "Metasploitable" from the Rapid7 website. 

Now, if you do not want to specify any information, you can just go on to some other website. I just clicked on this one and you can download it from here. 

You just click here on "Download" and in a few seconds, your download will start. The "Metasploitable" zip file is around 800 megabytes large.

Let me just close this one since I don't need to download it two times. As you can see, I am here already downloading it, so we will wait until that finishes, and then we will build the virtual machine into our VirtualBox. 

Now, if you are asking what is "Metasploitable," it basically is an intentionally vulnerable virtual machine, which we will use in order to test our further attacks and scans. 

Now we use this machine because scanning any website you do not have permission to scan can be illegal and you shouldn't be doing it. 

So, this is also a dangerous machine, so you shouldn't expose it to any network you do not trust. For example, you should only keep it over net or host, don't connect it to a bridge adapter, don’t connect it to a local network since it is purposely made vulnerable and there is a bunch of holes in this machine. 

Now, we will not be explaining all the vulnerabilities that this machine has, but we will cover some of them.

Basically, I will just wait for this to finish and once it finishes I will show you how to install the virtual machine. My download has just finished, so what you want to do right now is basically to copy and paste this zip file onto your desktop. 

So once you got it on your desktop, which is right here, what you want to do is basically extract this file since it is a zip file. We want to extract it. I will use WinRAR to do that, so this will take a few seconds, and after it is finished we can proceed with the making of our Metasploitable. 

You will notice once it is done that we will get five files I believe in this folder, and we are only interested in one, which is basically the .vmdk file that we will use as a hard disk for this virtual machine. 

Now this is finished and you can see right here if we open it there are five files and we will use this one. I will show you right here how to put it into a virtual machine.

So basically, just for the sake of the making, just click on the new virtual machine and you can type here any name you want, so I will just call it "vulnerable." Here you want to pick as a type of operating system, you want to choose Linux. In the version type, you want to go scroll down and pick "Other Linux."  

Once you have these options picked, you just click on the next option. Here we have the memory size. Now the memory size for the Metasploitable should be at least 512 megabytes, and it will work fine on the 512. 

I would advise you, if you have some spare RAM memory, you can just put here 1 gigabyte and it will work better. But if you do not have, you just leave it on 512 and it will also work fine. 

Now, keep in mind that you will be running two virtual machines. One is Kali Linux and one is Metasploitable once we run our test. So be aware that you will need also RAM memory in order to run your main machine. 

If you do not have enough memory, just leave here 512. Now, once you have picked your memory size, just click here on "Next" and under this option, you want to go to the "Use an existing virtual hard disk."

Here you just want to go on the "Choose a virtual hard disk file" and you basically just want to find the Metasploitable, which in my case is right here. 

Let me just see why it won't work. 

“Does not match the value in the media registry.” 

What do you mean, it does not match the value? 

Well, it doesn't even matter, there is some error for me. It doesn't really matter. I believe that is because I already have Metasploitable installed. 

For you, you just find your Metasploitable VMDK file, which for me is right here, and you just click on that one, you choose it and you shouldn't have this inaccessible. It is only for me. 

Once you do that, you just click here on "Create" and you have your virtual machine made. Now, once you have this, you just basically click on here "Start."

Now for me, it will pop up an error, but for you, it will just start the process of installing the virtual machine and I don't think it will ask you any questions. Only at the end, it will ask you for the username and password, which I've written it right here.

The user name is "msfadmin" and the password is also "msfadmin." 

So once it asks you for the username and password, just type here "msfadmin" and you should be logged into the virtual machine into your Metasploitable.  

Now keep in mind, it won't have a desktop like windows or our Kali Linux, it will just be a command-line since it is not a GUI made virtual machine. You will be able to execute any commands that you execute in the Kali Linux terminal and it is basically all the things you will be able to do. 

Now, we will continue with the scanning in the next lecture where we will be using one of the most known tools in Kali Linux, which is called "Nmap."

I will show you a bunch of different scans you can do with it, but until then, I hope you are having a great day and I will see you later.

Scanning! - Nmap Part 1

Hello everybody and welcome back. 

In this tutorial, we will finally start covering some of the basics of the Nmap program. 

Now, as I said before, the Nmap is a really important tool that you will use all the time. So, it is essential for you to at least learn some of the basics of that program.

Before we begin, I want to say that Nmap is a network mapper, it is basically a free and open source tool mostly used for vulnerability scanning and network discovery. 

You can also use the Nmap to identify some of the devices or all of the devices that are running on your local network, also at discovering hosts that are on or offline at the moment, and discovering services they offer on some of the ports that they have open.

You can go as far as discovering what version of software they are running on their open ports. Now, Nmap can be used to scan multiple hosts, it doesn't have to be only one host that you scan. It is basically working by just sending the raw packets to the system ports.  

Now, as it does that, it basically listens to responses and determines whether the ports are closed or open or filtered in some way, for example with a firewall. 

You can use different types of protocols in Nmap. You can use TCP, UDP, ICMP, and SCTP. 

Now as I said before, Nmap is a network mapper. It can also be used to detect the operating system that is running on the machine that you are scanning and also discover the vulnerabilities if there are for that particular version of the software they are running on an open port. 

Now, a system and my PC can have 65,535 TCP and UDP ports, but Nmap will by default only scan the most commonly used 1,000 ports. 

You can change that as well, so you can scan all the 65,000 ports, but it will probably take a lot longer than the regular 1,000 ports. 

Now, before we begin using Nmap, I just want to show you first of all how you can run it, which is basically just to open your terminal in Kali Linux. It is already preinstalled in it and you can just type here "nmap."

You will see that it will print out a bunch of the options that we will cover. But before we do that, I just want to give you a more detailed explanation on the IP addresses because you will be using them extensively in here. 

Now, with an IP address, if you know someone's IP address, you can basically do a lot with it. For example, let's open up our Firefox and let us type right here the major IP.  

We will click on the first website that this one opens and we basically just copy any IP address that we find, and we will try to find out the most information we can about that IP. 

So, let me just load up the website. Here we go. 

Now click on the first one, which is major IP addresses blocks by country - Nirsoft. 

So, it is on the Nirsoft website. Here you can basically click any country you want. Let's go with the Australia. Not really a smart choice since it is the most faraway country from me. Here just pick any IP address you want. 

Let's say I pick this one, which is 14.192.160.0. If I copy this IP address and I go to my terminal – Let me just clear the screen right here and I use a tool called "nslookup." As you can see with this tool I will need to specify the IP address that I just copied, which is this one, and it should return the name of that web server in return. 

So if I type right here it will say, “Server can’t find.”

Okay, so it cannot find that one. Not a big deal. Let us just copy the other one and check if that one works instead. 

So we just paste the other IP address and it won't work. 

Now, let me just show you on the IP address that will work for sure. So, if you type here "nslookup google.com," it will return the Google's IP address with this command. 

As you can see right here, the address of Google will be 172.217.19.110.  

Now, you can do the same in reverse, so if you type here "nslookup" and instead of typing "google.com" you type here the IP address of google.com. You will see in return what is the name of that IP address. 

Now, this is taking some time. Let us just wait a little bit before we close it. It says, “Time out,” so let me try it once again. So "nslookup" and then I paste here the IP address of Google. 

Yeah, it will probably timeout once again, so let me just type here "nslookup" and let's try facebook.com. Here we can see that Facebook's IP address is 31.13.84.36. 

So let's try in reverse. Let me just type here "nslookup" and then the Facebook's IP address. Hopefully, it will return facebook.com in the output. 

No. Weird, because it says, “No servers could be reached.” 

Let me just try to ping it. But we are on the Internet, so it should work. Not really sure why it doesn't work at the moment, but it doesn't really matter. Instead, we can try another command, which can be also used to get some of the information from an IP address.

Now, that tool that we will use is called "curl." 

Now, for example, let me show you if you type here "curl IP info.io" and "/" and then you paste the Facebook's IP address right here and you click on it, you press enter and basically it will say that the IP that we typed here, the hostname is facebook.com, city not specified, region not specified, country is specified and location is also given in coordinates.

Organization, as it says right here, is Facebook. So since "nslookup" didn't work, we will use "curl." 

Let me just look up the Google's IP address once again, so we can see the curl command with the Google's IP address. 

So, let me just type here "curl ipinfo.io" and "/" and then you type here the Google's IP address. As you can see, we also get the hostname, we also get the organization Google, location is also given in the coordinates and the country is US.

So let us just now choose any of these IP addresses right here, but let's not go with Australia, let's go with Belgium. Here we just copy any IP address. Let's copy this one. Let me try the "nslookup." 

Maybe it will work right now. Probably not, but let's give it one more try. 

“Server can’t find.” 

Okay. Doesn’t matter. We will go on with the curl. So, we copy the random IP address that we do not know anything about and we just type here "ipnfo.io/" and then we paste the IP address that we copied, which should belong to Belgium. 

So, as we see right here, we are given the IP, the city, the region, the country, location, also given in the coordinates, postal code, organization, which we can confirm since it says for this IP address right here that the MAC Telecom and we get the same result right here. 

Now you can see that you can find a lot of stuff with simply just looking up the IP address.

There is also one more thing you can do in the search engine. You can just type here "IP locator." We can use the same IP address that we copied from here, which is this one 80.91.144.0 and we will just pick the first site, which will hopefully locate our IP address.

If we type here, paste, and we go on the IP lookup, we can see right here that we get the location of the IP, which is Belgium and it is correct. We also get the latitude and longitude, which we can check if it matches this one. 

Let us just go down here. It is the same. Basically, it is the same in every decimal. So this program is working. So let me just see if we can check out on a map where it is located, but we can just simply go on any Google map and just type here this coordinates and we will find out where this IP address is physically located. 

Now, that we saw what we can do with the IP addresses, we can open up our "Nmap" for now on. So, if you just type here "nmap" you will see again a bunch of those options, but we will start off with these examples right here. 

So as you can see right here, they put an example "nmap - v -A scanme.nmap.org."

Now, it is important to mention that nmap scanning on the device you do not own or do not have permission to scan is illegal in most of the countries, I believe. So you should not be scanning any website or any device that you do not have permission to scan and it can also be very noisy. 

You can be caught by firewall and you are not anonymous with this, especially not with the basic commands.

Now, later on, we can cover how to be more quiet while using nmap and scanning, but you should only be doing it if you have permission to scan too. 

If you go on to this website, you will notice that if we copy it and we will paste that website, you will see that they gave us the permission to use that website in order to practice with nmap.

So, let us just wait for this to load up and it should be prompting us with a message that will basically say, “Go ahead and ScanMe,” as you can see right here. 

Here it says, “Hello and welcome to scanme.nmap.org. We set up this machine to help folks learn about nmap and also to test and make sure that nmap installation is working properly. You are authorized to scan this machine with nmap or other port scanners. Try not to hammer on the servers too hard. Few scans in a day is fine, but don't scan 100 times a day or use this site to test your ssh brute-force password cracking tool.”

We basically have permission to scan this. Now don't overscan it as it says right here. 

“Don't scan it over 100 times a day.” 

Basically, you can scan it a few times a day. So we will just type here "nmap -v -A scanme.nmap.org."

But before we run this command, I just want to check out or to show you what does -v and -A do. 

Now -A as we can see right here enable OS detection, version detection, script scanning and traceroute, while -v increases verbosity level.  

It basically means to print out what it is doing in the process of scanning. So if you type here "- vv" it will print out even more information in the process of scanning.

Now, we won't be using any of these options at the moment. We will just type here "nmap scanme.nmap.org."

This can take time and it can take time from few seconds to multiple hours depending on multiple things, such as the speed of your connection and also the location of the target that you are scanning, and also the number of targets that you're scanning. 

As we said before, you can scan multiple targets with nmap and that will take longer than scanning just one target. If you just press the arrow upwards right here, we can see what percentage of scan is finished. 

We can see that 7.4 % is done and here it will give us information about other hosts. So for example, if you were to scan 100 hosts and here it says, "22 hosts up" it means that the Nmap retrieved 22 hosts to be online or up and working. 

Now as you can see, the Nmap scan result has finished and here we see a bunch of ports. Some of them are filtered and some of them are open. As we said, the filtered ones could be protected in some of the ways such as with a firewall, while the open ones are basically just open such as HTTP as we saw basically when we visited this website.

We basically used the HTTP port, which is open, so we were able to connect to this website. There are other ports that are also open such as SSH port which is the 22 always TCP port. You can see some of the hard ports open such as 9929 and 31337, which is for Elite and "nping- echo" and other ports are just filtered. 

So this is just a basic scan with Nmap, we will continue with some of the more advanced scans in the next lecture and I hope I see you there. 

Bye.  

Scanning! - Nmap Part 2

Hello everybody and welcome back now, this is the part two tutorial of the Nmap program.

In the previous tutorial I basically just show you what you can do with an IP address and what information you can gather only by knowing someone's IP address. We also ran a simple scan on the "nmap scanme.org" website, which basically allows us to do the scan there. 

You should only be scanning either that site or any machine you do own since nmap scans could be illegal in your country. Also, before we begin, let me just type here once again "nmap" to show all the available options. 

Let me perform the same scan we did before, which is just "nmap scanme.nmap.org" and basically, if you wanted to for example write this to a file, you just specify two arrows right here, and then we call the file "results.txt" for example. 

Now, this will take as previous time a few seconds and it won't give us the output right here. It will basically save all of the output into our "result.txt" file. 

So, it is useful if you for example run the scan for multiple hours and you don't need to keep the terminal open in order to see the scan. You can just basically save it into a file and you can access it anytime and anywhere. 

So you don't run a scan on multiple hosts and run it for five hours, and then you accidentally close the terminal, and basically, the entire scan is lost and you need to redo it once again.

As you can see right here, the scan has finished and it hasn't given us any output, so I can just clear the screen and type here "ls." 

As you can see right here we have the "results.txt" file. If we get that result.txt file, we will get the same output that we got in the previous video with our results printed out into this file. 

Since we know that we can delete this file right now, we can type here "nmap" once again.

Now I won't be scanning the "scanme.nmap.org" anymore, I will be scanning basically my Windows machine right now. You can continue scanning this site. You can also scan the Metasploitable that we installed in the previous lectures and you can also scan your host machine. 

Let me just show you. You can also scan yourself if we just check our IP address right here 192.168.1.6 and you type here "192.168.1.6."

I don't believe any port are open.

Yeah. All 1,000 scan ports are closed. 

So, on this Kali Linux virtual machine, I am not having any port open and that should be on yours as well for now on at least. As I said in the previous video, the Nmap only scans the top 1,000 used ports. 

So if you want to, for example, specify the number of ports you want to scan or you want to scan all 65,000 ports, we can do that with "-p." So how we do that, well basically we just type here "nmap -p" and then we type here "1-65,000."  

We can just do 65,000 or we can do all 65,535, I believe that's how many there are. Then, we specify again our own IP address and this will take longer to finish. Instead of scanning only 1,000 ports it will scan all 65,535 ports. It will finish relatively fast since we are scanning ourselves and it only finished in 1.5 seconds.

So now, we won't be scanning ourselves anymore since there is no point. Let me just find out what the IP address of my Windows machine is. I will type here in my command prompt "ipconfig" and the IP address of my host machine is 192.168.1.4.

I will just type here "nmap 192.168.1.4" and let's see how fast this will finish. It shouldn't take too much of our time. Let me just check here. Alright, it will finish and we can see there a few ports open right here. 

The netbios-ssn, Microsoft-ds, and nsrpc, which are these three ports. They are all three open. As you can see, they are all over TCP. 

Now, for example, let's scan again my host machine, but right now let us scan all 65,535, I believe that's the maximum number of ports. We type here the IP address of our Windows machine. 

Oh, yes. I only specified that this should scan this port. I should specify a range of ports, so 1-65,535 and we press here enter. This will take a little bit longer than the 1,000 ports scan, so let us see where it is right now. 

Yeah, it is only on 4%. You can check out the process with the upper arrow.

If you didn't specify right here, the "- v," which stands for the verbose that will basically just print you this right here as it goes with the scan. I didn't specify it, so it doesn't print anything before the "-."

Let me just show you. We will finish this, so we don't wait until it's over. Let's just type "nmap" once again. We can see right here that the "-v" command stands for increased verbosity level. 

Use "vv" which is basically "-vv" in order to see more details. So let's run the same command, but with 1,000 ports. So let me just type here "nmap 192.168.1.4" and basically just "-vv."

Here you can see that as it goes with the scan, it prints out the information and at the end, it prints out the same thing that it printed out before. We can see as it went it concluded that there is one host that is up and as it discovered the open ports it printed out for us. 

Now, this can be useful if you want to find out open ports on a host that will take an hour to scan or for a range of hosts. So let me just show you how you can scan a range of hosts. 

For example, let’s scan your entire local network. You can see right here that the second command in the examples shows us how to specify the range of hosts.

So, as you can see right here 192.168.0.0/16 this will basically scan the first 16 hosts in the local network.  

Now, we know in my local network, since my subnet mask is 255.255.255.0 there are only 255 hosts available. So we will specify all of them. Let me just type here "nmap" and then we will type here 192.168.1.1/255. 

Let us just put here the capital F which stands for basically doing this scan faster so we do not waste a lot of time. Let me just press enter right here.

Now, let me just check once again since this didn't work. Maybe I specified wrong. Well, basically it gave me some error. Let me just redo this command. But not like this. Let me just type here instead of "/" I use "-."

So right now, it should work. But let's also add the option verbosity so it prints us everything as it goes. It actually finished relatively fast. That is probably because we specified right here the "-F" option, which basically makes its scan finish faster. 

We can see that all of these hosts are down. We can see that between these two there was one that is up which is .15. That is my laptop that is currently running. So as we go down here we found our router. Here it is. 

So 192.168.1.1. It also found our Windows host machine, which is my current Windows 10 machine as my host operating system.  

As you can remember, here are the three open ports on my host machine. It found my laptop, which only has the Apache II running on the HTTP port over TCP and it also found our virtual machine, which is 192.168.1.6 and has none of the ports open.

So the Nmap result finished with 255 IP addresses scanned and four hosts were up scanned in 6.06 seconds.

Now, let's also, for example, if you want to write that into a file, you can do that with the double arrow command and also into the results.txt.

As we saw in the previous video, it won't give you any output, but it will write your scan into the result.txt file, so you don't have to redo this scan once again later if you close the terminal. 

So, it should finish in a few seconds I believe and we will have a file with all 255 machines scanned. As you can see, it has finished and if we "cat" the results.txt, we will get the same output as in the previous scan. 

Now, this is about it for this lecture. We will continue with some of the more aggressive scans and more specified and detailed scans in the next lecture, which will also be Nmap. 

We will cover how to get the version of a software running on a specific port. For example, we will find out how to get the version of my Apache II on my laptop, which is running over HTTP. 

As you can see right here, we don't get the version specified, but it is an important option because it allows us to find out the version of a software which can be used in order for us to find out any vulnerabilities for that particular software. 

I hope to see you in the next lecture and take care.

Scanning! - Nmap Part 3

Hello everybody and welcome back to the part three tutorial of "Nmap."

Now, we will cover some of the more advanced scans that we will use in order to figure out, for example, the version of process running on a particular open port. 

So let's just type here once again "nmap" in order to see our available options. And let's, for example, try to detect the operating system running on my Windows machine. 

Now, as in the previous video, the IP address of my Windows machine is 192.168.1.4. So we will find here the option for the operating system, which is I believe "–o."

Here we go. It says “Enable OS detection.” 

Now, you can add some of the specific options as it says right here, “osscan - limit: Limit OS detection to promising targets,” or “Guess OS more aggressively.” 

So we will just type here the basic command, which is just "-o."

We just type here "nmap -o" and the "192.168.4" which is my Windows 10 machine.

Now, we can press the upper arrow in order to see how long it will take and it should finish any second right now. We can see right here these are the open ports, the MAC address right here.

“Warning: OS results may be unreliable because we could not find at least 1 open and 1 closed port. Device type:  general purpose.”

It is just saying right here, “Running (JUST GUESSING): Microsoft Windows XP.”

Now, as you can see, this is wrong right here. I am not running the XP, I am running Windows 10.

So this scan can be wrong sometimes. It doesn't guess 100% every time you scan it. Now, it does guess most of the times, but as we can see right here, it didn't guess right now.

We can see that it gives us some of the other options as well such as "aggressive OS guesses" which is Microsoft Windows XP SP2, Microsoft Windows Server or Microsoft Windows Server 2008.

We can see that none of these is true, so this scan didn't work for us. 

Let me just clear right here, but let us just try to scan the operating system of my Linux machine, which is on my laptop. The IP address of my laptop is 192.168.1.15 and let's just paste that right here. 

Yes, we forgot to specify the "-o" which stands for the operating system scan. So let us just see right here and as we can see, it says it is running Linux, which is correct. So basically, it will just print you the open ports, the MAC address, and the guess of the operating system that the target is running. 

Now, you can also do as we can see right here, we can try to scan the "scanme.nmap.org" or you can also try to scan the Metasploitable. 

So basically, once you open the Metasploitable, since you don't have it open right now, just type here in the command line, once you logged in with the username and password msf admin and msf admin, just type the ifconfig and basically find out what the IP address is on the Metasploitable, and just use it from your Kali Linux machine in a Nmap scan.

So right here, let me just check out the site name once again since I will scan this one. Let me just copy it. We will type here "nmap -o" and then we paste the site name. Let's find out what operating system is running on that website. Now, since this is not in my local network this will take longer to finish as you notice right here.

But not too long. It should finish any second right now. Let us just wait for this to finish so we can see our output. The scan has finished for the "scanme.nmap.org."

We also got all these ports open, which we also saw in the previous videos and we got the operating system and it says, “(JUST GUESSING): Linux.” 

Now, it is probably running Linux, but we cannot guess with a 100% since I don't own that machine and I don't know what type of Linux does it have as it says right here, “Aggressive OS guesses: Linux 4.4 (89%).” 

Now, let's see some of the other options we can also use instead of the operating system. 

We can cover the "– sV."

As we can see, it is the service and version detection.

“sV: probe open ports to determine service version info.” 

There are also some of the other options right here for the sV option, but we will for now on just use the -sV. 

Let me scan once again my Windows 10 machine. 

So -sV. We will also type here the "-v" for the verbosity and we will type here 192.168.1.4 which is the IP address of my Windows 10 machine. 

Now, as I said before, you can either scan their website "scanme.nmap.org," your host machine or your Metasploitable in order to check out the output of this scan. 

So let us just see right here, it prints us the open ports. As we remember those are these three and hopefully it will print out the version of these services running there.

As we can see, it does and right here we have on the open port Microsoft -ds which is the service, the version is Microsoft Windows 7 - 10 Microsoft - ds (workgroup WORKGROUP).  

The version for the netbios - ssn is Microsoft Windows netbios - ssn. 

As we previously saw, we can even get some of the information from the version scan. As we saw in the previous scan, the operating system scan it said for my Windows 10 machine that it was XP, and right here when we scanned the version we can see Microsoft Windows 7 - 10 Microsoft.

So basically, we can notice from that, that some of the operating system scans are not really correct. You can use the common sense which says that most of the people today don't even use Windows XP since it is basically an open machine. 

Now that we checked out the version of services running on my Windows host, let's check out the servers and versions running on the "scanme.nmap.org." 

We will type once again "- sV" for scanning the versions, and then the name of the website. As you may have noticed, the Nmap can take the website name and the IP address as well. It doesn't just have to be the IP address, we can also type here the domain name as you can see and it will work properly. 

So let's just see at what percentage this currently is. 

Now, it doesn't want to show us, but it should be over soon. The scan has finished for the scanme.nmap.org and we can see that only the open ports got the version, which is normal since in the filter ports they have probably a firewall that is blocking our packets in order to find out what version they are running.

We can see on the open ports, which is 22 and 80, which is for the SSH, we can see that the version they are running is "Open SSH 6.6.1 Ubuntu" and on the 80/tcp open port, we can see the "Apache 2.4.7" on the Ubuntu. 

So as we did in the previous video, if you want to write that into a file, just type here ">>" and then "results.txt."

Now, we won't be doing that since I already showed you how to do that. We can cover one more option in this tutorial, which will be the "-A" option.

As we can see, it basically does multiple things such as enable OS detection, version detection, script scanning and traceroute.

So this will enable the OS detection to also print out the version of the services and it will also scan for some of the scripts. We can see right here if we type here "nmap -v -A" and then "scanme.nmap.org" we can see if the result from this scan will differ from the result of the previous scan. 

Now, this scan can take a little bit longer since it is scanning for multiple stuff instead of just single stuff such as for example the operating system scan. This is scanning operating system and version, script and traceroute.

So it will take a little bit longer. 

As we can see, it is discovering ports at the moment and now it is scanning services basically determining what version they are running. 

Now it is initiating OS detection as we can see right here, “try #1, try #2.”

Okay, it should be finishing soon enough.  

It says that only 37% has finished. 

Okay, it should finish right here. Yeah, it finished. 

So you can see that this print printed out a bunch of the options. 

For example, here under the TCP SSH port, we see the ssh- host key, which is right here. I don't think that in the previous scan we even saw the 25/tcp port. Let me just check out. It doesn't even matter. I can't remember it. It was probably there. 

And under the open HTTP Apache port, we can also see the version and also here under the port 80, which is the Apache HTTP 2.4.7 Ubuntu, we can see the supported methods on the website, which are “OPTIONS GET HEAD POST.” 

Now, this is the information that we didn't really see in any of the previous scans. So let me just check out what else we have here. So here we have the standard OS detection, which is Linux 4.4 on the 89% and here we have the traceroute.

Now, traceroute is basically the path that my virtual machine took in order to connect to the nmap. We are familiar with the first IP address that it took, which is my router. So basically, it is normal to have your router as a first starting point in the traceroute, and then it proceeded to other DNS servers in order to find out the IP address of the Nmap.

So traceroute can be useful sometimes mostly in troubleshooting, but it can be used for other things as well. We can see that the Nmap finished one IP address in 74 seconds which is pretty good.

Most of the Nmap scans can take a lot longer, even a few hours. So for now on, we will just finish the tutorial right here and I will see you in the Nmap part 4 tutorial in the next lecture.

Now, I hope you are having a great day and take care.

Scanning! - Zenmap

Hello everybody and welcome back to another Nmap tutorial. But before we continue with the command line Nmap, I want to show you for those who are interested in how to use Nmap as a GUI interface.

Now, we will use a program for that, which is called "Zenmap," which is basically the same thing as Nmap just it has a graphical user interface. It comes pre-installed in Kali Linux, so we won't have to install it. 

And for those of you who don't want to use a graphical user interface and prefer to stay with the command-line interface, you can just skip to the next video. 

But for those of you who prefer the graphical interface more, I will show you how to open it and use it from there. 

First of all, open up your Kali Linux machine, and then in the upper left corner you will see the arrow next to the applications. 

So just point to that arrow and you will see a bunch of things right here. We want to go to the information gathering. Yeah, it is right here and scroll all the way down and you will see something called "Zenmap."

Now, the icon as you can see is some kind of an eye, so just click on the Zenmap. It might ask you first time for the root password. I'm not really sure, but if it asks, just type it here and you will be prompted with this screen, which is basically the graphical user interface for the Nmap.  

Now, how do we use this? 

Well, let me just make this not too large. This is quite good. Here where it says “Target” you basically input the IP address. 

So let's say for example that we want to scan my laptop, I will just type here 192.168.1.15. As you can see, while I'm typing right here on the target it is adding the same IP address into the command. You can see right here that we already have a command specified. 

Now, you can change the output of the command with the profile. As you can see right here, it is as intense scan. If we go on to here and type here "ping scan," it will change the command for us.

Now you can see that we have the "-sN" option. If we change it once again to the quick scan it will have the "-F" option. 

On the left side, as you can see right here, this is hosts in case we want to scan a range of hosts. I believe they will be right here, and the OS is the operating system running on those hosts. 

The Nmap output will be the same as in the command line output. Here we will have the ports, protocol, state, services, and version. 

So, if you want to, you can do some of these options, but let me do some of my options. We will use "-F" in order to scan it faster. Basically, this -F scans top 100 ports instead of top 1,000 ports, that's why it finishes faster. 

It's not really faster, it just scans less ports than the normal scan. But here on the -T4, we will type here "sV" so it can scan the version.  

Once you have specified your command, whether it is this one or whether it is any other of these already given options, you just click here on the scan and it should start scanning right here. 

As you can see, “Nmap 1 IP address (0 hosts up).”

It still didn't detect that my laptop is up. It probably will. Let me just try here. 

Well, the upper arrow doesn't work right here. So in order to see the results while you scan, just type here "-" and then "vv" or one v depending on how much information you want to see during the scan.

So we will wait for this to finish or let us just start here once again with the "-v."

We can see right here that it basically already gave us more data, more information than the last scan. Let me just see right here, “Raw packets. Nmap done: 1 IP address (0 hosts up) scanned.”

Now, let me just see right here if my laptop is up. It possibly isn't that IP address. I don't know why I thought it was that one. Yeah, it's not .1.15 it's .1.8.

Let us redo the scan right here and let us add the "-v" as we can see right here. So the "-sV" for the version "-v" for the information showing right here, and "-F" for finishing the scan faster.

So let us just click here "Scan" once again and right now it should find my machine. As we can see, it discovered open port 5357 tcp on my laptop machine and that is basically it. 

Now, currently on my laptop, I'm running Windows. 

As you can see right here, "OS Windows."  

It doesn't specify which Windows, but it doesn't really matter. We didn't even add the "-o" option for the operating system. It shows the MAC address of my network interface on my laptop, and it shows the open ports right here.

It also says right here: “Read data files from this path.""

So as you can see, once we scan this, we can see the host right here and the operating system which is under the ? right here. We can perform the same scan and add the "-o" option for the operating system.

Now, if you are having struggles to remember all the commands you can just open up your terminal on one side and Zenmap on the other one and type here "nmap" and basically find the option you want.

So "-o" for us is the operating system. Let me just find it right here. It says right here, “Enable OS detection.” 

Then, as you can see right here, the icon has changed, but let me just check this out. 

Yes, now "Aggressive OS guesses" is Microsoft Windows 10, which is correct. On my laptop, I'm currently running Windows 10.

So it gives you a bunch of other operating systems, but there are less probability than Windows 10.

Basically, that is about it for this Zenmap. 

If you want you can perform your scans over here if you prefer this interface instead of this one. But we will continue in the next tutorials to use the command line interface and we will cover some of the options that allow us to bypass the detection with Nmap.

Also, we will learn where to get the scripts and how to use them.  We will also download some of our own scripts.

So that's about it for the Zenmap and as I said before you can use this one instead of this one, they are basically both the same.

I will see you in the next tutorial where we will cover some of the other options that Nmap gives us. 

I hope to see you there and take care.  

Scanning! - TCP scans

Hello everybody and welcome back. 

In this tutorial, we will continue with some of the other options that Nmap allows us. 

Now, you might be asking, why are we covering all of these options for Nmap?

Well, basically it is a really important tool and knowing all of these options will make you at least 50% better in penetration testing since scanning is a really important part of performing a penetration test. 

So let us right here just open up our terminal. Let me make it this big and in the other terminal right here, I will open up the commands, "nano commands.txt" where I will write all of the Nmap commands that we cover in this particular tutorial.

So let's just type here once again "nmap" and the first thing we want to check out is the "-Pn" command. 

Now, we can find it right here or for example, let's say you can’t find a specific command in these bunch of the commands, you can just type here "nmap" and then "grep -Pn."

It should be "- P" and then n. 

Here it is: “Treat all hosts as online — skip host discovery.”

Now, this is an important command. You might be asking, why? 

Well, some of the hosts that you scan on the network can appear to be offline. So for example, if you know a specific host must be running and is online, but let's say you scan it right here and it says that it is offline 

Now this is my laptop, so it will say that it is online at the moment. But I've had some scans that basically said that my machine that I was scanning, which was right next to me and which was connected to the network and running basically, said that the host was down and every time I specified the "-Pn" option, it basically skips the host discovery and as it says, “Treats all hosts on the network as if they were online.” 

This will perform the scan and it will give you the results without host discovery. So let's say for example I scan this IP address, which I don't have anything running on it, so it will say that the host is down. As you can see right here, “0 hosts up.” 

This will be the same output for the machine that is running, but it is blocking the ping requests or it is showing other machines that it is offline.  

So in that case, you should specify the "-Pn" option, and then you specify the IP address and it will show as if it is online.

Now, in my case, it won't show since I don't have anything there. So let me just scan my laptop once again. I just typed here "nmap -Pn" and then 192.168.1.8 and it will skip the host discovery and it will basically automatically say that my host is up and running. It will scan for its open ports. 

Now, let me just see, it has finished around 22%. You might notice that the scan is going a little bit slower, so we won't be waiting for that to finish, there is no point. Or we can just leave it right here, perhaps it finishes while I type it right here. 

So "-Pn" and then the IP address, basically the IP address of any machine that you are scanning or any website that you are scanning. Of course, try not to scan the websites that you do not have permission on. You can always use the "scanme.nmap.org" which we have permission to scan by Nmap.

Or you can basically just use the "Metasploitable" virtual machine that we installed. You can also install basically any other virtual machine that you will use in order to scan and attack. 

Now, since I can't really run the Metasploitable, it gives me some error, I downloaded another virtual machine that I'll show you how to install and I will show you why we will use it. 

Basically, we will use it extensively in the website penetration testing part. I'm not really sure if Metasploitable has OS in it pre-installed. I doubt, so you can check out if it has that, and then you don't need to install this virtual machine as well. 

But if it doesn't, you should install this virtual machine as it is vulnerable and it is used for web penetration testing. 

So we will cover some of the attacks on the web sites using this machine.

But let us see right here, as you can see the scan has finished and it treated our host as if it was up, and it discovered an open port. It also gave us back the MAC address.

So, it is a useful command if you know that the host is running and it is showing that it is offline. You just type here ''-Pn" and you will have your host scanned. 

Now, the next option I want to show you, which I didn't show you before if we type here "nmap" would be the "-sT" command. If we go up here and find the "–sT," you can see that it is basically a full TCP scan. 

Let me just find it right here, we have the sU, sN, sS. Here it is. We can see a bunch of these options. We will only cover first these three basically. But for now on, let's just cover the sT, which if you look right here, it is basically a connection. 

Now, by connection, it means that it performs the full three-way handshake in order to scan the target. As we talked before, the TCP connection requires three-way handshake, so let me just open up Paint, so I can show you better. 

For example, let's say you have a PC right here and you have another PC right here, so basically, just laptops since I'm not really sure how to draw PCs. 

This is PC A and this is PC B.

Let's say the PC B is your target and you scan from the computer A. When you use the -sT option, so -sT option, it basically performs a three-way handshake scan with the TCP, which is basically us sending a bit set called syn, then the other machine is sending us the bit set called "syn-ack," which is basically same as syn. 

But in order for you to learn more about this and to know what I'm talking about right here, you should read more about the TCP and UDP scans, and TCP and UDP connections. 

I talked briefly about it in the previous tutorials, but you might need to know a little bit more in order to understand how these scans work. But it is not that complicated, and then the scan finishes with only "ack." 

I don't have where to write it, but that is basically the three-way handshake. So it is syn, syn-ack and then once again ack.

Why is it called three-way handshake? 

Because it is consisted of three parts as you can see right here syn, syn-ack then once again just ack. 

So the -sT option in Nmap performs all of these three and therefore it can be detected on the target machine as you perform the full connection on the system. But it is also a more accurate option for scanning. 

Since if you were to complete only the syn it won't be able to gather as much information and as accurate information as you will be able to gather with the full TCP three-way handshake.  

So, if you want your target to not be able to detect you, you shouldn't be using the -sT since it is very detectable as I said, since you use the full TCP handshake. 

Let me just type here "nmap -sT" and then we can just type here the 192.168.1.8. It will basically give us the same output as this option right here. But here you specified it to use the full three-way handshake. This is the option that will give you the most accurate and precise results. 

Let me just see. Here it is. It finished with the same result as the previous scan so we have one TCP open port. Let me just write it right here, "nmap -sT 192.168.1.8."

So we covered the full TCP connection scan. 

Now, the next thing you want to basically cover is the -sS scan.  So let me just open up here, -sS is only the first part of the -sT.

Let me just explain it a little bit better. As you can see the -sT is a full connect and the -sS is the TCP only syn bit set.  So basically, in order for us to scan, we will only be sending this first part of the three-way handshake.

That's why it is specified as -sS.

The capital S stands for syn right here.

The thing about syn scanning is, it isn't detectable on the target host. You can use that option in order to prevent the target from detecting your scan because it won't really complete the handshake, but it is less accurate and it can also be detected by your IPS.

Now, we will talk in the next tutorial how to avoid the IPS detection and how to avoid some of the defenses that could be implemented into a router, for example, in order to block or send false information on to your Nmap scan. 

So let us perform the sS scan. We will basically type here "nmap –sS" and then the IP address of our laptop or basically any machine or website that you are scanning. This is taking a little longer than the -sT scan probably because it takes a lot longer time in order for it to gather the same information that it gathers while using the full TCP handshake scan.

We will wait for this to finish in order to see what the results are and if they are the same as the -sT option. So while this is running, I will just type here "-sS 192.168.1.8."

Now, while this is 45% okay, while this is doing, let us recap. The "-Pn" option as we said is used when the hosts appear down and "-sT" option is a three-way handshake TCP connection to the host and it is detectable and more accurate. 

The "-sS" scan performs the only first part of the three-way handshake, which is the syn part. It is not detectable on the host, it is less accurate, and it can be detected by your IPS.

So, as we can see, the scan has finished and it gave us the same output as the -sT scan, which is good. We have one open port and we have this service running on it. 

Let us just type here once again "nmap."

There is one more option I want to show you before we finish this tutorial, which is the "-sU" option.  

If we go right here, you can see the -sU option is basically only UDP scan. All of these three options, well basically all of these five right here perform the TCP scan or basically a part of TCP scan as well, as some of these right here. But if you specify the -sU option, it will only perform UDP scan. 

Now, as we talked before, UDP is connectionless and we won't have any confirmation that the packets arrived at our target. It is not consisted of a three-way handshake or basically, it is not consisted of any handshake. 

We simply with UDP just send packets to the other host and hope that they get there intact and whole. So let us just use the UDP scan. We specify the -sU option, U stands for UDP, and we type here our IP address. Let us see how long this will take. As we can see, it won't finish that fast. This is also a slower scan. 

So while that is doing that, let me just write it right here so we can see which ones we covered. My advice would be to use -sT when it doesn't really matter if hosts detect you, and if you are performing a penetration test for example where the target shouldn't be able to detect you, you can use the –sS scan. 

Or you can use some of the options for scans that I will show you in the next tutorial in order to make your scan even less detectable. 

Let me just see where this is at. It is at 62%.

So I will cut the tutorial right here, and I will show you the output of this command in the next one as well as some of the other options that we will cover. 

I hope you enjoyed this lecture and I hope to see you in the next one.

Bye.  

Scanning! - Nmap Bypassing Defences

Hello everybody and welcome back. 

Before we begin with the options for this part of the tutorial, I just want to show you the output of the previous scan that we did. 

As we can see, it discovered a port that is different from the port that these three previous scans got us, which was the port I believe 5357 or something like that, which was a TCP port. Instead of that, we got a UDP open port netbios - ns which runs on 137 on our laptop machine. 

So, you might notice that the UDP scan basically just gives you the output for UDP ports, which makes sense. It will basically give you any UDP port which is open. 

For example, it could be this netbios, it could be your DNS or anything that is running over UDP. This option right here will give you open UDP ports. 

Now that we covered that, we covered basically the full three-way TCP handshake. We covered the syn, only the first part of the three-way TCP handshake and we covered the UDP scan. 

So now that we covered all of those options, I want to show you how you can avoid some of the defenses that your target might have and how you can avoid your IPS. 

The first thing you might want to do, if your target is blocking your Nmap or you can’t get any output, for example, you can try the "-sA" option. 

Now, as I said in the previous video -sA is listed where TCP scans are since the A stands for ACK, which is the last part of the three-way TCP handshake. As you can see right here, it is the third option and it stands for ACK.  

I deleted this drawing that I did before, since it was really bad. Let me just draw it once again. It doesn't even matter. This is the PC A, this is the PC B, and from A we want to scan B. 

But let's say you try to perform a three-way TCP handshake. So it goes like this, then this machine sends syn-ack and once again you send ack right here. This one last is only the ack.

I really do encourage you to read more about TCP handshakes since this can be a little bit confusing if you don't know what I am talking about. But basically, the method behind this is the -sA which is only the last part of the TCP handshake can be used to bypass some of the rules of your router.

For example, if there is a rule that allows syn packets only from the internetwork. What I just said is basically let's say this is some website that will only allow the full three-way TCP handshakes or syn packets, which is the first part of the TCP handshake only from the internetwork. So basically only from the machines that are on its local network. 

You, as someone coming from the Internet trying to send a syn packet to the machine being outside of your local network, you will get blocked. If that rule really exists on the target machine, you can trick it by sending only the ack which is the last part of three-way TCP handshake, which will trick the router or the website to think that it is an answer to a previous syn bit set.

Let's say this router is connected to some of the other devices on its local network. Now, pardon me for my really bad drawing right here, but basically, this circle right here is representing the internal network of this machine and it will only accept the three-way handshake or syn packets syn bit sets from the machines that are on its local network. 

You, as someone coming from the outside and trying to send the syn packet, will get blocked. So if you only send the ack packet without sending the previous syn packet or bit set, it is not a packet, it is basically a bit set from the TCP packet, it might trick your router to think that this ack is an answer to a previous syn bit set that some of the local machines sent.

So, in order to do that, you just type here "nmap -sA" and then the IP address of your router. Let me just type here also. So basically, you use this option if there is the blockage of syn bit set on the target machine. 

This is not that common to see, so you won't be needing it that much, but it can happen. 

Now, the next thing you might want to specify is the source port that your packets are going in from. 

By default, the Nmap sets the port, which is your port from which you send the packets to the machine. It can be any port. I believe the Nmap specifies it randomly at the beginning of the scan.

It can be a problem in case where the target only allows the packets from the specific ports. 

Now, what I mean is, let's say, for example, you run an Nmap scan from this machine and it basically uses the port 333 for the outgoing scan, which is a randomly assigned port for your machine. 

But once it gets to the target machine, there is a rule on the target machine that this port will only accept packages from the ports, for example 80.

So, your packages no matter which type of option you specify whether it is the UDP scan, the ack scan, the syn scan or the full TCP scan, it will get blocked since your packets are not coming from the outgoing port which is port 80.

In order for you to be able to scan this target, you need to specify the port which it allows the packets to come from. It will usually be some of the known ports which is, for example, port 53 for the DNS, port 25, port 80, port 8080.

It can be any of those widely known ports. But it can also be any other random port, so you will need to find it out by yourself. Once you do find out that by yourself, you can just type here the source port and then the number of the source port.

For example, let's say the source port is 80, and then we type here the IP address of our target machine. As we can see right here, “IP address [0 hosts up]”.

Not really sure why that happens as we can see right here, “Host seems down. If it is really up, but blocking our ping probes, try -Pn”

So, let us just try "-Pn" which we covered in the previous tutorial, but for some reason, it doesn't want to show us that the host is up. Let me just see right here if I correctly specified this option, source port. I believe it is, but let us check once again. 

Where could it be? 

“Timing.OS detection. Script scan. Service Port. Exclude ports. Port ratio, fast scan ports don't randomize.” 

Now, maybe they changed this option. I thought it was "source – port" and it didn't give us any error, so I believe it still is, but for some reason, our host is appearing to be down. We won’t be really wasting our time on that. 

So basically, let us recap. You use the "source - port" option when your target is only allowing packets to come from certain ports, for example, as we saw 80. Let me just write right here "source - port 192.168.1.8" and let us continue to the next step in order to bypass some of the detection problems which could be the data length. 

Now, the Nmap by default sends packets of specific size. I'm not really sure what the size is, but I believe it sends the same sized packets every time. So some of the defenses today have rules to deny packets that are of standard Nmap size.

Basically what that means is that Nmap every time when it sends packets it sends them with the same size and if someone has a rule specified or knows that Nmap exists, it can make a rule that says basically block any packet that is the size of the standard Nmap packet. 

Now, to bypass this detection system, you can configure different packet sizes with the option "data - length."

Let me just type here normally. Let us try that one out. If we type here "nmap" and then "data - length" and we specify for example 50, and we type here the IP address, it didn't give us any error so it means that the syntax of the command is correct. 

This is taking a little bit of time. It should give us the correct output once it finishes, so let me just type here the data length 193.168.1.8. 

Now, of course, you don't have to specify only this option once you scan. You can specify a bunch of options including this one. You can basically use all of these three, for example, to combine into a scan which will bypass all of these three detection problems, which the first one is the blockage of syn bit sets, the second one is blockage of specific ports, and the third one is the blockage of the Nmap standard packet size.

So we will cover one more in order to bypass the detection and defense. Right here we have the output of the scan. As we can see, it performed correctly and we have one open port which is TCP and the servers running is WSDAP.

Let us continue on to the next one, which would be the spoofing of your MAC address. 

Now, long ago, in one of the first tutorials we covered how to change our MAC address. You can use that as well, but the Nmap gives us its own option to spoof our MAC address. As we can see, if we type here "nmap," I believe it will show us the option right here. Not really sure if it is listed. Yes, it is. It is right here.

We can also see the data length command and the source port. As we can see, I forgot where this option was. Let me just try here with "-g" as it says that it is same as source port. It didn't work for us, so let me just type here "nmap -g" and then port 80, then 192.168.1.8.

Let us see if the host is up right now, and it is up. So basically instead of this option "source port" you can use "-g" and specify the port of course. So that's good. I didn't know that existed, but let us not care about that at the moment. 

At the moment, we want to spoof our MAC address with this command. As we can see the syntax is "spoof - mac" and then we add the MAC address right here. You can add other options as well as prefix, vendor name, but we will just type here the MAC address. We can see that the description for this option is, “Spoof your MAC address,” so let us do that.

The source port scan finished, so let us just clear the screen and type here "namp — spoof - mac."

I believe that was the option and you type your MAC address that you want to fake. Let me just save this and to show you. Let us use the Mac changer. We covered it before. You type here "show" and then the network interface in order to see your current MAC address.

So this is the format of the MAC address. You can see it is divided by two dots and it is consisted of 6 parts that are basically divided by these two dots. So you can just type here "22:33:44:55:66:77."

We right here type the IP address of our host of our target. As you can see right here, it says, “Spoofing MAC address 22:33:44:55:66:77(No registered vendor)” and, “Host seems down. If it's really up, but blocking our ping probes try -Pn.” 

Now, for some reason, it seems that the host is down with that option. It could be because we didn't really specify these two options, but I doubt really. We won't really bother with that right now. I just want you to know about that option. 

For example, it is used if this machine right here allows the packets to come only from certain MAC addresses. It can be used as a blacklist or as a white list. This machine can have a blacklist where it blocks some of the MAC addresses and some of those could be yours as well. Or it would have white list where it only allows certain MAC addresses.

Now, most likely it will have a white list where it will allow only trusted devices with their MAC addresses.

In order for you to be able to send packets to this machine, you need to spoof the MAC address of a trusted device from this that this target machine has specified in its white list. Once you do that with the "spoof - mac" option, you will be able to send packets and receive packets from the target machine. 

Let us type right here "Spoof - mac." Then, you basically just type here "33:44:55:66:77."

It doesn't have to be this MAC address. You can basically specify an address you want. Right here you type the IP address of your target or the hostname. It doesn't really matter. So that would be about it for avoiding defense and IPS. 

These four things can be useful if your target specified some of the rules in order to block your scans. But you will find out that rarely targets use any of these rules to prevent you from scanning them. But if it happens, you can use these options that we covered in this video. 

Now, in the next video, I will show you what Nmap scripts are, how to get to them and how to use them. 

So I hope you are enjoying this tutorial and I hope to see you in the next one. 

Bye.  

Scanning! - Nmap Scripts 1

Hello everybody and welcome back. 

In this tutorial, I will show you some of the advanced use of the Nmap, which is basically using the scripts that are already pre-installed in Kali Linux. 

Now, scripts can be used for anything like to discover SSH host key, to discover some of the vulnerabilities, to SSH brute force, to basically do a bunch of things. As we will see right here, there are a bunch of scripts that are already in our Kali Linux machine.

First of all, in order to get to them, you just want to change your directory into the usr/share/nmap. If you go into that directory and type here "ls" you will see a subdirectory called "scripts." 

Now, let me enlarge this right here. 

So, if you change your directory to scripts and type here "ls," you will see that it will print out a bunch of these .nse files which are basically the already preinstalled Nmap scripts that you can use for basically any type of scan you want. 

Let me just show you first of all how to use them. So if you type here "nmap" you will see the "script" option, which is right here. Basically, you type here "=" and then the name of the script. It is as simple as that.

So in order for you to use the script, you just specify this option, then =, and then you specify the name of any of these files right here, which are basically scripts, and you run them on your target IP. 

Now, we will try out one of the scripts for now on, which will be the SSH brute force, which will be also one of the first active attacks on the target. It will basically brute force. It will try out a bunch of passwords for the SSH on our target. 

Now, for that target, you can use any of the virtual machines you want. You cannot use the "scan.nmap.org" website as it says, "Do not try the website to brute force SSH on the Nmap website."

So, you want to either run your Metasploitable, which I showed how to install in the previous videos or you can basically run any other machine that has the port 22 open. 

Now, in my case, I will run OWASP, which I will show you how to install in some of the next tutorials. For now on, just use your Metasploitable since it also has the SSH port open. So let me just wait while this opens right here. 

It doesn't take long. It will basically prompt me with username and password soon. It's pretty similar to the Metasploitable. This is just a virtual machine that runs a bunch of the vulnerable programs on it. 

As you can see, “Starting AppArmor profile, starting PostgresSQL database,” and a bunch of this other stuff. This is the machine that we will use in the next section, which would be "web pen testing." 

Let me just log in right here. We don't need this anymore. We just need to find out what the IP address of this machine is, which is 192.168.1.7. 

So, if we only scan the codes for now on with the Nmap, we do a basic scan, you can see that it finishes relatively fast and it gives us a bunch of these ports open. Only TCP ports. As you can see, we have the 22 TCP SSH ports open. 

Now, while scanning Metasploitable, you should also have this port open. As long as this port is open on the target machine, you can run the scan.

So the script that we are looking for, we want to find the SSH script so in order to narrow our options let us just type here "ls" and then we pipe that into grep SSH. 

It will only show us the scripts that have SSH in their name. Now, we can use any of these, but for now on I will just use the "ssh-brute.nse."

We copy the name of the script and in order for you to run the script you type here "nmap - - script =" and then you paste here the name of the script. You can just copy paste it from here, and then the only thing you need is the IP address, which is 192.168.1.7 and just press here "Enter."

As you can see, it started brute-forcing our target. If it finds the username and password, you will be able to SSH into that machine and basically do anything to it. This is a very serious attack and it can get you into trouble, especially if you find out the password and actually login into that machine and start changing stuff.

So, only use this on the machines that you do own. 

Now, for this specific machine, I don't think it will find the password, but we will just leave it running just in case. I don't think that the password and username is stored in this list that it is using in order to brute force the SSH target. So this can take some time. It depends on the list that you use. 

So let me just close this right here since I thought it would finish a little bit faster. It doesn't matter. I will just type here "CTRL + C" in order to close and we start the brute force. 

Now, let's say once again we want to find that and you want to change the password list. As you can see, it has the specific password list that it uses in order to brute-force the target.  

So what you want to do is to nano the script that you are using, which in my case is SSH brute and what you want to change right here is the option where it gives us the password list.

Now, I'm not really sure where that is. I believe it is right here usage. It's right here. So pass.list. I believe you change that and it will change the password list that you are using. 

You can also change the port, which is 22. Basically, SSH will most likely always run on the port 22. But there are cases where people run stuff on the other ports just to prevent the attacks. You might be needing to change that as well.

Here you can see that the port rule is 22 and SSH, you basically just change the 22 into any port number you want that runs SSH on it, and you will be good to go.

So, if there are any other options that you want to change right here, you can change it in the file itself. If it requires that the port and the password list, and once you do that you just type here "CTRL + O" to save and enter, to save under that name, and "CTRL + X" to exit, and you will be good to go. 

You can run the script again and it should change your password list and port number. Let's say for example you want to find out the SSH host key for that particular machine. We just copy, which isn't really useful, but let's just try it. Why not?

 So "nmap - - script = ssh - host key" and then the IP address of our target machine.

As we can see, it gave us the SSH host key, which is basically just this DSA and RSA. It really isn't that useful, but sometimes it possibly could be. You can experiment with all of these scripts right here.

In the next tutorial, I will show you how to download some of the scripts online from the GitHub repository that we will use in order to scan for specific vulnerabilities. 

Let us just recap.

In order to get to the scripts folder, you just go to the user share nmap scripts directory and the syntax is basically "nmap - - script =" then the name of the script itself, and you just specify the IP address.

That's about it for this tutorial. It was rather short. In the next one, we will download some of our own scripts. 

So I hope to see you there and take care.