11.6K

The realm of ethical hacking is an exciting one, enabling security professionals to safeguard systems by thinking like a malicious hacker. This ethical hacking cheatsheet serves as your beginner’s guide to the intriguing world of penetration testing.

1. Reconnaissance

Before any actual hacking, ethical hackers commence with reconnaissance – gathering information about the target system. This could include understanding the target’s IP addresses, domain details, and even employee information. A tool commonly used for this is Nmap. It’s a versatile tool that helps identify systems, services, and their configurations.

2. Scanning

Post-reconnaissance, the next stage is scanning. Here, we probe the target system for vulnerabilities that can be exploited. OpenVAS is a highly capable tool for this purpose. It can detect vulnerabilities in a system, track them, and aid in the mitigation process.

3. Gaining Access

Once potential vulnerabilities are identified, the next step is to exploit them and gain access to the system. Metasploit is an effective tool at this stage. It comes equipped with pre-defined exploit code for known vulnerabilities, making the access phase easier for the ethical hacker.

4. Maintaining Access

After gaining access, the objective is to maintain it for as long as necessary to gather valuable data. The Mimikatz tool is quite useful here. It can extract credentials like passwords, hash keys, and Kerberos tickets, aiding in maintaining access.

5. Covering Tracks

The final stage involves covering tracks to ensure the testing activities remain undetected. Tools like Logstash can modify, remove, or create log entries, making the actions of the ethical hacker difficult to trace.

6. Reporting

Lastly, the ethical hacker must compile their findings into a comprehensive report. The report should be understandable to non-technical readers and provide actionable solutions. Tools like Dradis help streamline this process, offering a unified platform for information management and report generation.

Diving Deeper into Ethical Hacking Tools

Now that you’ve grasped the stages of penetration testing, let’s delve a bit deeper into the ethical hacking cheatsheet, expanding on the tools and tactics used at each stage.

Reconnaissance with Nmap

As mentioned earlier, Nmap is a potent reconnaissance tool, designed to scan large networks and single hosts. By identifying active hosts, open ports, and services running, Nmap allows you to build a map of the target network – a crucial first step in any penetration test.

Scanning with OpenVAS

In the scanning phase, OpenVAS comes to the fore. It’s a comprehensive vulnerability scanner, equipped to identify potential weak spots in the target system’s security. OpenVAS’s continuously updated feed of Network Vulnerability Tests (NVTs) ensures you’re always up to date with the latest vulnerabilities to scan for.

Gaining Access with Metasploit

Metasploit is, arguably, the most used exploitation tool in the ethical hacking world. It provides a collection of exploit tools and libraries, aiding hackers in creating, testing, and using exploit code. Not only does it assist in exploiting known vulnerabilities, but it also helps in the development of new ones where necessary.

Maintaining Access with Mimikatz

Once you’ve successfully infiltrated a system, maintaining access is vital. Mimikatz is an open-source tool that allows for the extraction of security credentials from Windows systems, such as plain-text passwords, hash, PIN codes, and Kerberos tickets. These credentials can help maintain prolonged access to the system.

Covering Tracks with Logstash

An ethical hacker must know how to cover their tracks when on a red team engagement, making their tests indistinguishable from regular network activity. Logstash is a server-side data processing tool that lets you manipulate and transform logs, a great way to hide the signs of your penetration testing activities.

Reporting with Dradis

Lastly, Dradis is an excellent tool for managing and compiling your findings into a coherent, actionable report. Dradis is especially useful when working as a team, allowing for the centralised exchange of information between team members. It supports the import and export of data from many popular scanners and tools, easing the reporting process.

Each of these tools is a piece of the ethical hacking puzzle. Mastering them, along with the underlying principles of cybersecurity, will ensure you are well-equipped to protect systems from malicious threats. Remember, as you progress along this path, always keep the ethical aspect in mind. This knowledge is power, and it’s vital to use it responsibly.

With our ethical hacking cheatsheet at your side, the path to becoming a cybersecurity pro is clear. Take the plunge, learn the tools, and become a force for good in the world of cybersecurity!

Setting Up Kali Linux in a Virtual Machine

Installing Kali Linux in a virtual machine (VM) is a safe and flexible option, especially for beginners. Here’s a simple cheatsheet on how to set up Kali Linux on VirtualBox, a popular VM manager.

1. Download Kali Linux ISO

First, download the Kali Linux ISO file from the official Kali website.

2. Download and Install VirtualBox

Download VirtualBox from the official website and install it. The installation process is straightforward – simply follow the on-screen instructions.

3. Create a New Virtual Machine

Open VirtualBox, click “New” to create a new VM. Here are the steps:

1. Name your VM (e.g., Kali Linux), and choose ‘Linux’ as the type and ‘Debian (64-bit)’ as the version.
2. Assign RAM to the VM. If your system has 8GB of RAM, assigning 2GB (2048 MB) should be more than sufficient.
3. Choose ‘Create a virtual hard disk now’ and click ‘Create’.
4. Select ‘VDI (VirtualBox Disk Image)’ as the hard disk file type.
5. Choose either ‘Dynamically allocated’ or ‘Fixed size’ for storage on the physical hard disk. The former option is usually better as it only uses space on your hard drive as it fills up (up to a maximum fixed size), rather than reserving all the space upfront.
6. Define the size of the new hard disk (20GB is a good starting point).

4. Configure VM Settings

Once the VM is created, select it, click “Settings”, and configure the following:

1. System -> Processor -> Increase the processor to at least 2 CPUs.
2. Display -> Screen -> Increase Video Memory to at least 64MB.
3. Storage -> Controller: IDE -> Click on ‘Empty’ -> On the right side of the window, click on the CD icon -> Choose Virtual Optical Disk File -> Select the Kali Linux ISO file you downloaded.

5. Install Kali Linux

Start the VM, and the Kali Linux installer should boot up. Follow the on-screen instructions to install Kali Linux.

6. Update Kali Linux

Once installed, open the terminal and run the following commands to ensure your system is up-to-date:

sudo apt update        # Fetches the list of available updates
sudo apt upgrade -y    # Strictly upgrades the current packages
sudo apt dist-upgrade  # Installs updates (new ones)

7. Install Guest Additions

Installing VirtualBox Guest Additions can improve the performance of your VM and enhance its functionality.

First, in your VM window, navigate to ‘Devices’ in the menu and then click on ‘Insert Guest Additions CD Image…’

Next, open the terminal in your VM and run the following commands:

cd /media/cdrom
sudo sh VBoxLinuxAdditions.run

8. Install Essential Software

Kali Linux comes pre-packaged with lots of tools. However, you might want to install additional software:

sudo apt install git python3 python3-pip -y

Getting Started with Nmap

Nmap is an open-source network scanner designed to discover hosts, services, and ports in a network. Here is a simple cheatsheet for getting started with Nmap:

1. Installing Nmap

On Linux:

sudo apt-get install nmap

On macOS (using Homebrew):

brew install nmap

2. Basic Nmap Commands

Scan a single IP:

nmap 192.168.1.1

Scan a host:

nmap www.example.com

Scan multiple IPs:

nmap 192.168.1.1 192.168.1.2

Scan a range of IPs:

nmap 192.168.1.1-20

Scan a subnet:

nmap 192.168.1.0/24

Perform a fast scan:

nmap -F 192.168.1.1

3. Port Scanning Options

Scan for a specific port:

nmap -p 22 192.168.1.1

Scan for multiple ports:

nmap -p 80,443 192.168.1.1

Scan for a range of ports:

nmap -p 1-100 192.168.1.1

Scan all 65535 ports:

nmap -p- 192.168.1.1

4. Detecting OS and Services

Detect OS and Services:

nmap -A 192.168.1.1

5. Aggressive Scan

An aggressive scan combines several advanced and verbose scanning features.

nmap -T4 -A -v 192.168.1.1

6. Save scan results

You can save the scan results in a file for later analysis:

nmap -oN outputfile.txt 192.168.1.1

Getting Started with Metasploit

Metasploit is a powerful penetration testing framework that simplifies the complex task of exploiting systems. Here’s a simple cheatsheet for getting started with Metasploit:

1. Installing Metasploit

On Kali Linux, Metasploit comes pre-installed. You can update it with the following command:

sudo msfupdate

2. Starting Metasploit

You can start the Metasploit framework using the command:

msfconsole

3. Basic Metasploit Commands

Help Command

To get a list of basic commands and how to use them, use:

help

Search Module

To search for an exploit or auxiliary module, use:

search [module_name]

Use Module

To select a module to use, type:

use [module_path]

Show Options

To show the options that need to be configured for a module, use:

show options

Set Options

To set a value for an option, use:

set [option] [value]

Exploit

Once you’ve set all necessary options, you can execute the exploit with:

exploit

4. Example Usage

Here’s an example of using an exploit module for an unauthenticated RCE in VSFTPD v2.3.4:

msfconsole
search vsftpd_234
use exploit/unix/ftp/vsftpd_234_backdoor
show options
set RHOSTS [target_IP]
exploit

5. Meterpreter Basics

Meterpreter is a powerful Metasploit payload that provides an interactive shell from which you can navigate the target system.

Get System Info

sysinfo

List Directories

ls

Change Directories

cd [directory_name]

Download/Upload Files

download [file_path]
upload [file_path]

Execute Shell Commands

shell