- Hacking Methodology
- Labs and Hand on
- DVWA install
- ZDResearch Lab Install
- Google Hacking
- Password Cracking
- Some Basic Attack
https://github.com/pathakabhi24/Learn-Hacking-365-Days-
-
Labs Websites
-
Tryhackme (https://tryhackme.com/)
-
Hackthebox Academy (https://academy.hackthebox.com/)
-
-
Virutal Mechine
-
Metasploitable
-
VulnHub (https://www.vulnhub.com/)
-
-
Docker Labs
-
ZDResearch
-
DVWA (docker run --rm -it -p 80:80 vulnerables/web-dvwa)
-
sudo apt install docker.io
sudo systemctl start docker
sudo docker run --rm -it -p 80:80 vulnerables/web-dvwa
sudo docker run -p 8080:80 -it zdresearch/advanced-web-hacking http://localhost:8080
sudo docker run -p 8080:80 -td zdresearch/advanced-web-hacking http://localhost:8080
A brute force attack involves ‘guessing’ username and passwords to gain unauthorized access to a system
- Simple brute force attack
- uses a systematic approach to ‘guess’ that doesn’t rely on outside logic.
- Dictionary attack
- guesses usernames or passwords using a dictionary of possible strings or phrases (use wordlist)
-
snap install john-the-ripper -
git clone https://github.com/openwall/john.git
zip2john test.zip > zip.hashes
or
john-the-ripper.zip2john test.zip > zip.hashes
john zip.hashes
john --wordlist=wordlist.txt zip.hashes
- Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application
-
Vulnerable upload functions allow attackers to bypass input controls, upload payloads and potentially perform command execution
-
upload shell