So you want to be a hacker? Lets jump in, DJ Substance will get you started, you pick the hat color - I rock a grey visor ;/
I am mirroring my series on learning hacking from medium.com
You can find the most updated in the series on: https://djsubstance.medium.com
Website: https://tranceattic.com / https://9x.nework
IRC: #9x/EFNet
Email: substance@9x.netwrk
Want to learn how ethical hacking/vulnerability testing is done? I am writing from 25 years of experience and the deepest confines of the my soul a work in progress guide on how to get started in this exciting field of information security.
#1 - Secure your own workstation(s) and machines before anything
Prior to getting into all his “ethical hacking” good stuff, its best to make your workstation hardened. Your goal is in a perfect world, you have used macchanger on your wifi and physical nics, you have a software f/w (if your running Windows, the by far best for free which is all encompassing is “Comodo Firewall Free”, disable unneeded services in Linux or Windows.
Hosts file — an easy way to block threats
In windows edit c:\windows\system32\drivers\etc\hosts
In Linux: edit /etc/hosts
Both files are the same format, you will see a few entries for localhost, you can safely edit this file put a line of comments ### then paste the entire contents of these URLs:
#1. Host parasite file
This has a weird name, for a good reason.. Im sure youve notced when you click links now a days (esp off search engines) youll be routed thru up to 5 ad urls *like ad.doubleclick.net* before you end up at your target page. This will block the “parasites” that are known spam/trackers/malicious sites.
- Note you will need to likely put a comment in front of some of them for instance # (comment) out anything with google-analytics.com
Link — https://winhelp2002.mvps.org/hosts.txt
^ You can just visit this link, then CTRL A (highlight all , copy) paste it into your hosts file. also if you are in Windows you need to open CMD or powershell as admin in order for it to take effect. You can verify this is working immediately. Visit hxxps://thepiratebay.org .. If you dont see sleezy ads on the right and left. it worked ; )
Other quality lists, I am hosting at this domain:
https://300baud.network/ip.block.lists/‘What is a server? For a moment lets just break down what it is. We think we know what they are. A server on the Inet must tun the standard TCP/IP (Remember those OSI layers you studied last time?) Layer 3,4.
Client [me] — → http://subz.com — — (same as telnet subz.com 80)
……………………………..[subz.com machine] 65,535 ports TCP/UDP
………………………………[ Do not assume port 80 or 443 means http/https]
…………………………………[ May ping (icmp reply) or may not . ]
Ninja trick: When you know your target, always nslookup <hostname> to get the IP and try both https://<ip> and http://<ip> alot of times they will be misconfigured.
You are going to come in contact with WWW servers constantly while browsing, and whether you want to be a pentester or just a educated user, this is an essential read. The things that you need to know from a high level when you visit a web site or even think about clicking a URL:
— — — — — — — — — — — — — — — — — — — — — — — — — — — — —
** Verify the site is using https:// there should be *very* few sites w/o it
** Verify the certificate is valid, also check the history of the site and its SSL certificates @ https://crt.sh, this site is a :goldmine: and also is an incredible source of getting subdomains enumerated.
Also, there are great sites out there you can use to hit the site for you first, so you can verify its safe and your IP will stay anonymous.
https://www.whatsmyip.org/http-headers/ — This site will let you proxy thru it to check what the remote url is
Lets stop for one second at that last bullet, I mentioned making sure that you see a valid certificate. I know we are all guilty of it, just bypassing the annoying “cert cannot be trusted”, but bypassing this and just accepting what is says could be a very bad idea leading to complete system compromise. We arent getting into it (not in this session) but picture me (bad guy) sitting in my car bumping some trance with my netbook hooked up, kali fired up and 3 high power alfa wifi cards and yagis (directional antennas) pointed at the wireless access points (for Walmart guest for instance). It would probably take about 15m max to have every user on the guest wifi of Walmart (example of course), and obviously the client will try to re authenticate. One tactic SWIM (Someone Who Isnt Me) would use is force the client to connect thru me, and i route back to walmarts wifi and i can see all your session (google: web mitm attack).
For now i want you to go download nmap/zenmap get used to scanning ports, if the host(s) dont ping add -P0 to the nmap command
We will go over both the following and the numbered response codes next time, try to learn them ahead of time
Top HTTP Status Codes
200 OK
404 Not Found
403 Forbidden
503 Service Unavailable
401 Unauthorized
500 Internal Server Error
302 Found
301Moved Permanently
502 Bad Gateway
When I say search engines, and when you think search engines, do *not* get into a frame of mind where “Google” is THE search engine.. It is not, many of them have different info and different ways of digging in and getting more info.
https://google.com — Primary search engine used by USA+CA+MX
https://bing.com (same as yahoo.com) — Not as popular but also has alot of different results and has operators that differ from Google
https://baidu.cn — Most popular Chinese search engine
Here is a more comprehensive list
Search Engine Operators:
Each of the search engines has its own operators but we will stick with google for now, lets say we just want results from China:
site:cn
If you search for the above on Google, you will get 10 results per page, and tons of them. You might get 2billion. You can only actually view 1000.
Hit CTRL L.. append — &num=100&filter=0
That will give you 100 per page. Google : Google operators.
Learn them read them. I will get into it more next time!
Service Subdomain
Azure Access Control Service (retired) *.accesscontrol.windows.net
Azure Active Directory *.graph.windows.net / *.onmicrosoft.com
Azure API Management *.azure-api.net
Azure BizTalk Services (retired) *.biztalk.windows.net
Azure Blob storage *.blob.core.windows.net
Azure Cloud Services and Azure Virtual Machines *.cloudapp.net
Azure Cloud Services *.cloudapp.azure.com
Azure Container Registry *.azurecr.io
Azure Container Service (ACS) (deprecated) *.azurecontainer.io
Azure Content Delivery Network (CDN) *.vo.msecnd.net
Azure Files *.file.core.windows.net
Azure Front Door *.azurefd.net
Azure Management Services *.management.core.windows.net
Azure Media Services *.origin.mediaservices.windows.net
Azure Mobile Apps *.azure-mobile.net
Azure Queue Storage *.queue.core.windows.net
Azure Service Bus *.servicebus.windows.net
Azure SQL Database *.database.windows.net
Azure Stack Edge and Azure IoT Edge *.azureedge.net
Azure Table Storage *.table.core.windows.net
Azure Traffic Manager *.trafficmanager.net
Azure Websites *.azurewebsites.net
Visual Studio Codespaces *.visualstudio.com
Comments
Post a Comment