• Ethical-hacking
• Introduction
  • Youtubers
  • Where to practice ?
    • Platforms
    • Before Hacking
• Steps of Pen-Testing
• Enumeration
  • NMAP
  • Fuzzing
  • Sub Domains
  • DNS
  • Logs
• Privilege Escalation
  • Tools
• Testing
• Tools and resouces
  • Additional resources
    • Malware Analysis
    • Linux Penetration Testing OS
    • Courses
    • Workshops/Playlists
    • Security Talks and Conferences
    • Forums

Certainly, I can provide a detailed explanation of each step in the ethical hacking process. Please keep in mind that this information is for educational purposes and should only be used in a legal and ethical manner.

1. Planning and Reconnaissance:

• Define the Scope: Clearly define the scope of the engagement. Identify the systems, networks, or applications that you are authorized to test. Make sure you have written permission.

• Gather Information: Use various resources, including WHOIS databases, DNS records, and public information, to gather information about the target's domain, IP ranges, and more.

• Footprinting: This involves collecting data on the target's infrastructure, such as subdomains, IP addresses, network architecture, and technology in use.

2. Scanning:

• Port Scanning: Use tools like Nmap to perform port scanning, identifying open ports and services on the target systems. Understand potential attack vectors.

• Vulnerability Scanning: Utilize tools like Nessus, OpenVAS, or Qualys to scan for known vulnerabilities in the target's systems, applications, and services.

3. Gaining Access:

• Exploitation: Based on the vulnerabilities discovered, use tools like Metasploit to exploit them. Metasploit provides pre-built exploits, payloads, and post-exploitation modules.

• Password Cracking: Attempt to crack passwords using tools like John the Ripper, Hashcat, or Hydra. This can be used to gain unauthorized access.

4. Maintaining Access:

• Backdoors and Trojans: Create persistent access points using backdoors or Trojans. This might involve installing a hidden remote access tool that allows continued control.

5. Analysis:

• Review Results: Analyze the results of your testing, including vulnerabilities identified, their severity, and potential impact on the target systems.

• Risk Assessment: Evaluate the risks associated with the vulnerabilities. Consider the likelihood of exploitation and the potential business impact.

6. Documentation:

• Report Writing: Prepare a comprehensive report detailing your findings, including vulnerabilities, their impact, and recommended remediation steps.

• Evidence Preservation: Document all steps taken during testing, including commands used, tools employed, and screenshots. This documentation can serve as evidence of your ethical hacking activities.

7. Remediation:

• Notify the Client: Communicate your findings and recommendations to the client. Provide clear explanations of the vulnerabilities and their potential impact.

• Patching and Mitigation: Assist the client in addressing vulnerabilities by applying patches, changing configurations, and implementing security measures to mitigate the risks.

8. Validation and Verification:

• Re-Test: After the client has taken action to address the vulnerabilities, perform a re-test to confirm that the issues have been resolved and the systems are more secure.

• Verification: Ensure that the security measures put in place are effective and that the systems are now adequately protected against potential threats.

9. Education and Improvement:

• Training: Provide security training to the client's team to enhance their understanding of security practices, vulnerability management, and incident response.

• Continuous Improvement: Encourage the client to establish an ongoing security monitoring program, regularly update software, and conduct periodic vulnerability assessments to maintain a secure environment.

The goal of this repository is to help out beginners-medium hackers. Practicing is the only way to improve in this domain, and there are plenty of websites where you can learn, and hack at the same time. But before that, let's talk a bit about what you will find in the repository.

To become a great pentester you have to be patient. Learning and practicing are definetly your way into this domain. But it will take some time. Here's a simple list of things you should and shouldn't do in order to imporve :

• You have to master at least one programming language. And if you still haven't learn a single programming language, I would advise you to start with C.
• Don't just use tools without knowing how they work. Here's a list of tools you will need.
• You're not ready for real targets, just focus on practicing and learning and you will get there. Hopefully in a lawful way.
• Learning doesn't only rely on videos on youtube, reading could be a great way as well. From books to manuals and articles.
• Don't be a script kiddie, not having any idea on what you're doing means you're a script kiddie.
• Assembly language is far important than you think, specially if you're into Reverse engineeering or PWN. It would be easier to learn it if you master C language before.
• You have to know how computers and operating system works. Do you know what a kernel is ? If not you should do some googling.
• Twitter, as dumb as this idea looks, but I'd really recommend you to have a twitter account, and follow communities related to cyber security. Staying up to date with the world is not such a bad idea after all.
• Last but not least, don't learn hacking for wrong reasons. Don't waste your time if your goal is to hack your girlfriends Facebook account. Set a goal, no matter how big it looks like, and chase it. Dreams without goals are the ultimate fuel of disappointment.

Here's a list of one the best youtubers I personally follow.

Here you will find multiple resources to learn and practice hacking.

Here's where you can learn and practice at the same time.

Go ahead a knock yourself out.

There are certain things you need to learn before even diving into hacking. Here's a list you should definetly check out.

Many might think that programming is not really necessary in hacking, they're not just wrong they're stupid. But you need to know that not all programming languages serve the same purpose. There are different types, you should learn at least one language in each category. Let's go ahead and check them out.

These are the languages that will on a daily basis in your hacking journey.

• C / Assembly : Low level language, for binary exploitation.
• Bash : Linux scripting language.
• Powershell : Windows scripting language.
• Python : Easy to learn language, that can help you automate lot of work you do frequently.
• PHP : You cannot do bug bounty without knowing PHP.
• Javascript : Learning Javascript is as important as learning PHP, specially if you are into Bug Bounty.

• C++
• Ruby
• Lua
• Java
• Perl

In this section, We'll give you a certain steps you should always follow when you're pentesting.

Learn more

Now since we're finished with the introduction, let's go ahead and hack a box for the sake of an example. The Box I chose, is Boot2Root, a project in 42 Cursus.

The first step you should think of, is trying to identify what exactly you're attacking(hopefully in a lawful way). You need to gather maximum of informations from this target. A great way to do so, is to use a tool called NMAP. It's used to to scan ip addresses, it can also be used to identify ip addresses connected to your network. Since we do not know the ip address of our box, we have to scan our network in order to identify its ip address.

Depending on what's your network class, you can use the following command in order to scan a certain subnet.

$> nmap 10.12.100.x/24

You will get an output similar to this :

In order to use the following commands, you have to specify -A tag on your scan. It for aggressive scanning.

$> nmap -A 10.12.11.100

Using nmap, you can detect what Operatin System the target uses. Note that this is not always accurate, and also you will need root privelege. Here's an example :

$> sudo nmap -o 10.12.11.100

You can also detect what services are running on that target, the version of those services as well. Note that -sV is for the version scanning.

$> nmap -sV 10.12.11.100

How about running a scan on all the ports from in a total of 65,535 ports.

$> nmap -p- 10.12.11.100

You want only one port ?

$> nmap -p 80 10.22.11.100

How about multiple ports ?

$> nmap -p 80,443 10.22.11.100

A range of ports ?

$> nmap -p 80-8080 10.22.11.100

There is also timing templates, if you want your scan to take more or less time.

$> nmap -T[ID] 10.22.11.100

Sometimes you will counter targets that blocks your pings. Use the -Pn tag to skip the host discovery. This treats your target as an online target.

$> nmap -Pn 10.22.11.100

If you want to save the results of your scan you can do it like this :

$> nmap 10.22.11.100 -oA output.name

Let's go ahead and gather all the tags, under one powerful command, you have to know that a command like this would take ~20-30 minutes :

$> sudo nmap -A -O -Pn -p- -T4 -sV 10.22.11.100

There are a lot more commands than this, you should visit the nmap man page or their Docs to learn even more about this tool.

There are lot of other tools that you can use in order to dir bust, and each tools gives you different options.

Let's say you scanned a target and you found a web application, this web application can contains a multiple subdomains that you should check.

You might ask what a subdomain is. It's simply a good way to seperate the content of you website. It's piece of additional information added to the beginning of a website’s domain name. It allows websites to separate and organize content for a specific function — such as a blog or an online store — from the rest of your website.

Like sub-directories, you can also search for sub-domains , using a wordlist and a tool. In this case we'll be using as an example gobuster

Using the following command :

$> gobuster dns -d google.com  -w /path/to/wordlist.txt
-d : To specify the domain name
-w : To specify a wordlist

Thus you will get something like this(don't take this example seriously, it's not true... or maybe ?).

www.google.com
blog.google.com
store.google.com
etc...

This can help you find more information about a certain website that you didn't know. Maybe even find login pannels or so.

After generating a list of subdomain and hosts, it's time to check those who work. Doing it manualy will take a long time if a long list was generated, so here's a tools httpx that make that task easy for us. Using the following command :

$> cat hosts.txt | httpx

httpx have more other intersting functionality, check the repo for more info.

You find a web app and its subdomains too, so what can you do with it. For instance you can try and find directories or files. There are lot of tools you can use to do that. But for now let's use dirb.

You'll need wordlist, in order to test on multiple directories or files. Check wordlists for more infos. This is an example on how to use dirb command.

$> dirb http://ip_add/ /path/to/wordlist

A good thing to do is to pay attention to the request you make on a website. Some websites can show you different outputs depending on what domain name you requested. Specially when you're playing challenges on websites like HackTheBox or TryHackMe, always change your host file to whatever you find while scanning or while enumerating in general.

$> nano /etc/hosts
10.1.1.1	1337.htb #example

Logs are really important when it comes to tracing one's moves. You can even find credentials on them. We will talk more about it in the Privilege Escalation part

Using HackTricks, we can use multiple commands to monitor a system and thus finding an exploit we can use to privesc the system.

uname -a
cat /etc/os-release
cat /proc/version

uname -r

sudo -v (might not work sometimes if you don't have the password of the user)

ps aux
ps -ef
top -n 1

crontab -l
ls -al /etc/cron* /etc/at*
cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/root 2>/dev/null | grep -v "^#"

Since we were inspired by this readme to do one where we can always contribute to it, and it won't be just the usual stuff you read online. Here you will find a list of tools by category. You can also visit the official website of Kali Linux for more information.

Information Gathering tools allows you to collect host metadata about services and users. Check informations about a domain, IP address, phone number or an email address.

Crack passwords and create wordlists.

Used for intrusion detection and wifi attacks.

Acesss systems and data with service-oriented exploits.

Listen to network traffic or fake a network entity.

Exploit popular CMSs that are hosted online.

Exploits for after you have already gained access.

Frameworks are packs of pen testing tools with custom shell navigation and documentation.

Ensure you have permission before conducting any testing!

1. Reconnaissance

   a. Passive

   • Google Dorking: site:example.com, inurl, intext, etc.

   • WHOIS Lookup: whois example.com

   • DNS Recon: dnsrecon -d example.com

   b. Active

   • Nmap: nmap -sn <IP_range> (ping sweep)

   • Nmap: nmap -p- <target_IP> (port scanning)

2. Enumeration

   a. DNS Enumeration

   • Dig: dig @<DNS_server> example.com AXFR
   • Nmap: nmap --script dns-brute <target_IP>

   b. SMB Enumeration

   • Nmap: nmap --script smb-enum-shares <target_IP>
   • Smbclient: smbclient \\\\<target_IP>\\<share_name> -U <username>

   c. SNMP Enumeration

   • Snmpwalk: snmpwalk -c public -v1 <target_IP>
   • Onesixtyone: onesixtyone <target_IP>

   d. Web Application Enumeration

   • Nikto: nikto -h <target_URL>
   • Dirb: dirb <target_URL>

3. Vulnerability Assessment

   a. Nmap NSE Scripts

   • Nmap: nmap --script vuln <target_IP>

   b. OpenVAS

   • Setup and run OpenVAS on target systems

   c. Metasploit Framework

   • Search for modules: search <vulnerability>

   • Use a module: use <module_name>

4. Exploitation

   a. Metasploit Framework

   • Set options: set <option> <value>
   • Run exploit: exploit or run

   b. Manual Exploitation

   • Research and use known exploits for identified vulnerabilities

   c. Web Application Exploitation

   • SQL Injection: sqlmap -u <target_URL>

   • XSS: Test payloads, use automated tools like XSStrike

5. Post-Exploitation

   a. Privilege Escalation

   • Linux: linPEAS, LinEnum
   • Windows: winPEAS, PowerUp, Sherlock

   b. Lateral Movement

   • PsExec: psexec.py <username>:<password>@<target_IP>
   • Mimikatz: sekurlsa::logonpasswords

   c. Data Exfiltration

   • Identify and collect sensitive information

6. Clean Up

   Remove artifacts, backdoors, and logs

7. Reporting

   Document findings, recommendations, and mitigations

Tools and Resources:

Certainly, here's a more detailed list

1. WHOIS Lookup: Obtain domain registration information and contact details.
2. Shodan: Search engine for internet-connected devices and services.
3. theHarvester: Gather email addresses, subdomains, and information from public sources.
4. Recon-ng: A reconnaissance framework that collects data from various sources.
5. Maltego: Visualize relationships between gathered information using graphs.
6. SpiderFoot: OSINT automation tool to collect data from different sources.
7. FOCA: Extract metadata and information from documents for analysis.
8. Sublist3r: Subdomain enumeration tool using various search engines.
9. Censys: Discover hosts and networks on the internet and gather information.
10. Amass: In-depth subdomain enumeration and information gathering.

1. Nmap: Versatile network discovery and port scanning tool.
2. Masscan: High-speed port scanner designed for large-scale scans.
3. Zmap: Fast network scanner for exploring the entire IPv4 address space.
4. Unicornscan: Lightweight network scanner with asynchronous scanning capabilities.
5. RustScan: Fast and efficient port scanner written in Rust.
6. Nessus: Commercial vulnerability scanner that includes port scanning capabilities.
7. Angry IP Scanner: Cross-platform IP address and port scanner.
8. Amap: Application layer scanner for identifying open ports and services.
9. Hping3: Network tool for crafting packets and sending them over the network.
10. SuperScan: Windows-based port scanner with additional features.

1. Nessus: Widely used vulnerability scanner for identifying known vulnerabilities.
2. OpenVAS: Open-source vulnerability scanner and manager.
3. Qualys: Cloud-based security platform offering vulnerability management.
4. Nexpose: Vulnerability management tool by Rapid7, now part of InsightVM.
5. Retina: Network vulnerability assessment tool by BeyondTrust.

1. Metasploit Framework: Popular exploitation framework for penetration testers.
2. Canvas: Commercial exploitation framework for advanced security professionals.
3. Core Impact: Commercial penetration testing framework with exploitation capabilities.
4. BeEF: Browser exploitation framework for targeting web browsers.
5. SET (Social-Engineer Toolkit): Toolkit for social engineering attacks and exploitation.
6. Armitage: Metasploit GUI that simplifies exploitation and post-exploitation.
7. Empire: Post-exploitation framework with agent-based control.
8. RouterSploit: Framework for exploiting embedded devices.
9. CrackMapExec: Post-exploitation tool for network pivoting and lateral movement.
10. RouterSploit: Framework for exploiting embedded devices.

1. John the Ripper: Password cracking tool for various encryption algorithms.
2. Hashcat: Powerful password cracking tool with GPU acceleration.
3. Hydra: Fast and flexible online password cracking tool.
4. Medusa: Speedy parallelized network login brute-forcer.
5. Cain and Abel: Windows-based password recovery tool.
6. RainbowCrack: Crack password hashes using precomputed tables.
7. Patator: Multi-purpose brute-forcing tool.
8. Hashcat: Powerful password cracking tool with GPU acceleration.
9. Hydra: Fast and flexible online password cracking tool.
10. Medusa: Speedy parallelized network login brute-forcer.

1. Netcat (nc): Networking utility for creating reverse shells and backdoors.
2. Meterpreter: Part of the Metasploit Framework, provides advanced post-exploitation capabilities.
3. Empire: Powerful post-exploitation framework for Windows environments.
4. Cobalt Strike: Adversary simulation and red teaming platform.
5. Veil: Framework for generating undetectable payloads and backdoors.
6. Pupy: Cross-platform remote administration and post-exploitation tool.
7. RATs: Remote Administration Tools like DarkComet, NanoCore, and others.
8. Beacon: Part of Cobalt Strike, offers advanced post-exploitation functionality.
9. Empire: Powerful post-exploitation framework for Windows environments.
10. Cobalt Strike: Adversary simulation and red teaming platform.

1. LaTeX: Document preparation system for high-quality documents.
2. Microsoft Word: Standard word processor for creating comprehensive reports.
3. Markdown: Lightweight markup language for creating formatted text.
4. JIRA: Project management and collaboration tool for documenting tasks and progress.
5. Confluence: Collaboration tool for creating, sharing, and collaborating on documentation.
6. MISP: Threat intelligence platform for documenting and sharing threat data.
7. Dradis: Reporting and collaboration platform that integrates with other security tools.
8. Evernote: Note-taking and organization tool for documentation.
9. Git/GitHub: Version control system and platform for collaborating on documentation.
10. Wireshark: Network protocol analyzer that helps with documentation and analysis.

Certainly, here's the provided content formatted as requested:

• Devbreak on Twitter
• The Life of a Security Researcher
• Find an awesome hacking spots in your country
• Awesome-Hacking Lists
• Crack Station
• Exploit Database
• Hackavision
• Hackmethod
• Packet Storm Security
• SecLists
• SecTools
• Smash the Stack
• Don't use VPN services
• How to Avoid Becoming a Script Kiddie
• 2017 Top 10 Application Security Risks
• Starting in cybersecurity ?

I would highly advise you guys to go and checkout sundowndev

1. Computer Systems Security, MIT
2. Cisco's courses
3. Cybrary
4. Hackers Academy

For those who want to do CEH, the following links are for you. 2. CBT Nuggets CEH Training 3. CEH Books 4. Guide to Binary Exploitation

1. Web Hacking
2. Ethical Hacking, A Comprehensive Playlist covering almost everything

1. InfoCon - Hacking Conference Archive
2. Curated list of Security Talks and Videos
3. Blackhat
4. Defcon
5. Security Tube
6. Kevin Mitnick: Live Hack at CeBIT
7. Ghost in the Cloud, Kevin Mitnick
8. Kevin Mitnick | Talks at Google
9. Complete Free Hacking Course: Go from Beginner to Expert Hacker Today

Here's the provided content formatted as requested:

These tools cover various aspects of ethical hacking and penetration testing, but remember that ethical hacking requires responsible and legal use. Always ensure you have proper authorization before using any tools on a target environment.

Remember that each step requires careful consideration of legal and ethical boundaries, and proper authorization is essential before proceeding. The detailed process outlined here is a guideline and can be adapted based on the specific engagement's requirements and the tools available. Always prioritize responsible and ethical behavior when conducting any form of ethical hacking.