What is hacking

Black hat – malicious attacks on a system to gain financial benefit

Grey hat – bug bounty

White hat hacker – Look for vulnerabilities and then right a report to help it not being exploited

The hackers real secret | notes & Google

To right reports use OneNote

Google Dork

Inurl:

Filetype:

Intext:

Phases of an Ethical Hack

 Planning and Recon

 Scanning & Enumeration

 Exploitation | Gaining Access

 Privilege Escalation

 Persistence | Maintaining access

 Cover tracks | Clean up

Maintaining access is a very important phase of penetration testing, unfortunately, it is one that is
often overlooked. Most penetration testers get carried away whenever administrative access is
obtained, so if the system is later patched, then they no longer have access to it.

#whois

#fierce -dns zonetransfer.me

Frameworks

OWASP

PTES

OSSTMM

NIST
1f1f480c10305c8bb72516fa7060303311e18a29009a576897
CVSS | GHDB | Searchsploit

https://www.cvedetails.com/

GHDB online exploit play park / candy shop

A offline carbon copy of GHDB

The common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing
the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to
Vulnerabilities, allowing responders to prioritise responses and resources according to threat.

Downloading an attack platform

4143128bd9cb1fb736b0171adc503aa026ed92ad3a0a9bc6dea8f559a83c36b1
Lesson 2 | The Black Box | Intro to Kali 
Content:
File System / Basic commands (ls pwd)/ Starting services / redirection & piping / BASH
Scripting & advanced cmd line / cloning and using pre-made scripts / Cyber-project = find
yourself a port knocker script in both bash and Python and see if you can get it working 
File system:
/bin - basic programs (Is, cd, cat, etc.)
/sbin- system programs (fdisk, mkfs, sysctl, etc)
/etc - configuration flies
/tmp- temporary files (typically deleted on boot)
/usr/bin - applications (apt, neat, nmap, etc.)
/usr/share- application support and data files
Basic Commands:
Man ls / ls -al / cd / mkdir / nano / rm -rf [name of directory] / pwd / echo $PATH 
Path notes -> Environment Variables
When opening a terminal window, a new Bash process, which has its own environment
variables, is initialized. These variables are a form of global storage for various settings
inherited by any
applications that are run during that terminal session. One of the most commonly
referenced environment variables is PATH.

Starting Services: 
Systemctl start apache2/shh | systemctl stop XYZ 
If you want that system to run upon booting the machine up use:
Systemctl enable [service/ssh/apache2] 
Netstat | antp      
Redirection and Piping 
Echo “some text” > textfile.txt
Arp-scan (a tool to find what hosts exist on the network) 
Arp-scan $ipaddress | grep X.X.X | cut -f1 >hosts.txt
BASH Scripting:
A Bash script is a plain-text file that contains a series of commands that are executed as if they
had been typed at a terminal prompt. Generally speaking, Bash scripts have an optional
extension of .sh (for ease of identification), begin with #!/bin/bash and must have executable
permissions set before they can be executed. Let's begin with a simple "Hello World" Bash script:

Advanced scripting: 

#!/bin/bash
for ip in $(seq 1 254); do
  ping -c 1 192.168.83.$ip | grep "bytes from" | cut -d " " -f 4 | cut -d ":" -f1 &
done

Remember to make your scritps executable 

[Chmod +x nameofscript.sh]
To run your script type :      ./nameofscript.sh

Cloning Pre-made Scripts:

  Git-clone [url to script]
Chmod +x nameofscript
./nameofscript 
 

Virtual Machines to attack: 🡪

https://sourceforge.net/projects/owaspbwa/
https://sourceforge.net/projects/metasploitable/
Thank you !