Metasploit!

Metasploit is a tool that helps the attacker to execute the exploit code against the remote target machine.
It was founded by H.D Moore.

Here are some links to visit: Official Site,Wikipedia.

To know the terminology that we will be using later on (Exploit, Payload, Shellcode,Module,Listener), please google them.

So without any delay, let’s start metasploit! Continue reading

Nmap

Nmap is a popular port scanning tool.It can also be used discover hosts, identify the Operating System,  Services running on the ports and lots of other thing.

A simple scan is as follows:

nmap (target address)

This will show us the Ports, their state (open/closed) and the Services running.

  • Open Ports: It means that an application on the target host is accepting TCP connection.
  • Closed Ports: It means that an application on the target host isn’t listening.
  • Filtered Ports: It means that nmap cannot determine whether the the port is open or closed.This may be because of a firewall rule in the target host to block any request packets.

This slideshow requires JavaScript.

Continue reading

Information Gathering

Information Gathering is one of the initial and important steps of Penetration testing.We collect information of the host which we are going to test for vulnerabilities that can later be exploited.

The two basic methods of Information Gathering are:

  • Active: In this method, we induce network traffic to the target and collect information.
  • Passive: In this method, we use a third party to induce network traffic to the target and collect information.We can use information that is publicly available also.In this way, we won’t leave our fingerprints on the target.

Continue reading

Setting Up the Lab Environment

Setting up a lab is important.This is where you try all your hacks and practice.

Download and install VMware virtualization software.

The attacker (base) operating system will be Kali Linux.

There are many victim operating systems.Some of them are:

Setting up the Attacker machine:

Here’s a good video by Root Project on YouTube.

We will set up the Victim machines when we perform hacks on them in detail.