Learn to Hack 2017
Discover the basics of hacking to keep your systems safe. Don’t worry, it’s all legit, says Nate “trust me” Drake…
Pop on your white-hat hoody, power up your spare copy of Kali and prepare to discover all the weak points in your network.
From watching TV programmes like Mr.Robot, hacking would seem to be the province of pallid nerds who commit fraud and break into other people’s homes to support themselves, as they perform vigilante acts of digital sabotage.
In reality, hacking in IT circles is generally considered to be a noble profession. Ethical “white hat” hackers are often hired by corporations to break into protected systems and identify any weaknesses. This activity is commonly known as “penetration testing” or “pen testing”.
Your first tool in getting started is to get hold of a penetration distribution of Linux, such as Kali, which you can download from
www.kali.org. Pen testing distros usually can be booted from a CD or a USB stick, and contain a vast array of hacking tools, which you can use on a target network to identify areas of vulnerability.
If you’re new to hacking, you may be shocked to learn that there are versions of Linux devoted to distributing hacking tools. The difference here is that you’ll be using them to defensively and lawfully protect your own systems.
The Metasploitable virtual machine ( http://bit.ly/LXFmetasloit) is designed intentionally with vulnerabilities to help test and improve your hacking skills safely. You can find specific steps to set up version 2 of Metasploitable with Kali in
VirtualBox in the next section. Each hacker has their own favourite tools that they like to use, so you should consider this guide as a broad overview of the most common hacking methods. As you become more comfortable with hacking methods you’ll most likely leave being a “script kiddie” behind and code your own programs. Most of the hacking techniques outlined here are passive in that they won’t affect data on the target system. However, if you choose not to use Metasploitable, I’d recommend running a backup of your data before proceeding.
“Ethical hackers are often hired to break into protected systems and identify any weaknesses.”
Before you get started on your first steps to becoming a hacker, download a copy of the ISO file for Kali Linux from www.kali.org. This will contain the tools you’ll use to master the basics of hacking. Kali is versatile and can boot straight from a DVD or be installed to a hard drive or USB stick. You’ll also need a copy of the Metasploitable2 (v.3 isn’t compatible) virtual machine, which you can download from https://sourceforge.net/projects/metasploitable/files/
Metasploitable2. The Metasploitable2 files are in ZIP format so make sure to extract them before going ahead. In Ubuntu right-click the ZIP file and choose “Extract To…”.
Metasploitable2 is designed to be run as a virtual machine, so it can be run inside a window on your computer. They can also contain an entirely different operating system and files to that on your physical machine.
In this guide we’ll explore how to set up separate virtual machines for both Kali and Metasploitable2, as well as how to connect them safely so you can practise your hacking skills without affecting the rest of your network.
Virtual Machines are managed by specialist applications such as the program Oracle VM VirtualBox. To get started, install VirtualBox using your package’s repositories: sudo apt-get install virtualbox Once installed, you can launch VirtualBox any time from the Terminal with the command virtualbox. Once the VirtualBox opens click the New button at the top left to create a Virtual Machine for Kali. VirtualBox will prompt you to choose a name for the machine. Type Kali Linux and then click Next. VirtualBox will now ask you how much or your computer’s RAM should be assigned to this machine. Choose at least 1,024MB but don’t move the slider beyond the green section. Click Next once again.
The next section is entirely optional. VirtualBox can create VDI (virtual disk image) files that act as a virtual hard drive for the machine. Kali will quite happily boot from the ISO image, but if you want to be able to upgrade and save changes, choose to create a Dynamically Allocated virtual disk image and use the slider to make sure it’s at least 20GB in size. When you’re ready, click Create to set up the Virtual Machine.
Click the New button once again in VirtualBox to create a new virtual machine, this time with the name Metasploitable Linux. Click Next to continue and then again to accept the default amount of RAM assigned. (Metasploitable2 runs in text-only mode, it so doesn’t need many resources.)
In the Hard Disk section, choose Use an Existing Virtual Hard disk file, then click the folder icon to find the MetaSploitable2 disk image ( Metasploitable.vmdk). Click Create to complete the setup procedure.
At this stage you can create a host-only network for your two machines using VirtualBox. This will enable Kali to connect to the Metasploitable2 virtual machine to use your hacking tools, but crucially the machines themselves won’t be able to access the rest of the network or the internet, meaning that no real harm can be done. See the guide for steps on how to do this ( below).
Once the host-only network has been set up, highlight each of the virtual machines and click the Start button to power them on. Log in to Metasploitable2 with the username msfadmin and use the password msfadmin. If you didn’t create a virtual hard disk for Kali, choose Live mode when booting its virtual machine.