Introduction
During this tutorial I will be introducing you to the hacker methodology. This tutorial is going to be fairly short and sweet but should provide you with a basic methodology you can use when performing a hack or penetration test. I hope that by the end of this tutorial you will understand the steps required for you to perform a successful hacking attack. This is based off of other hacking methodologies I have seen before.  I will be posting detailed tutorials on Information gathering – Post Exploitation sometime soon, the goal of this tutorial is just to give you an overview of the various steps in the Hacker Methodology.


Planning
The planning stage is where the attacker defines what objectives they would like to accomplish during their attack. This may include things like intellectual property theft, stealing credit card numbers, website defacement, getting root access (for the fun of getting root access :/) or something else. Who knows maybe the hacker just wants to have a look around the system.


Information Gathering
Information Gathering is the process of gathering information on the target organization. There are two types of information gathering active and passive.

Passive Information Gathering
Passive information gathering is using search engines like Google and Shodan along with databases like the Edgar database and looking at other publicly available records like whois domain name lookups. It also involves things like searching the company website for details about employees. Many company websites are very verbose about the various details of their websites; also remember interns usually know little to anything about security and usually use weak passwords.

Active Information Gathering
Active information gathering is actively probing the network, this includes things like port scanning, banner grabbing and running vulnerability scanners (noisy as hell don’t recommend for highly secured environments).


Exploitation
Exploitation is where you actually exploit the target. This can involve things like Web Application attacks like XSRF, XSS and SQL Injection, exploiting software vulnerabilities like Stack Based Overflows, Heap Based Overflows, Off By One vulnerabilities and format string exploits. It also may involve doing things like performing a DDOS attack, or performing a social engineering attack. Note that you rarely ever use just one exploit you almost always use multiple exploits to get to where you would like to be.

Post Exploitation
Post exploitation where you accomplish the goal you have originally set out to do this may include things like defacing the website, stealing intellectual property etc.



Comments
Let me know what you think! I try to make my tutorials as clear and concise as possible!

My Policy
I am not responsible for anything you do with this tutorial.

Dedication
This tutorial is dedicated to anyone and everyone who understands that hacking and learning is a way to live your life, not just a day job or list of instructions.

Introduction:

Today I am going to be showing you how to perform a Brute Force attack against an SSH Server. Even though the attack is being performed against an SSH server performing a brute force attack against other services (e.g. VNC) is the same basic concept. In this tutorial I will be using Hydra GTK on Kali Linux. To launch Hydra GTK in Kali you can launch it from the graphical interface in Kali or you can launch it from the command line using the xhydra command. By the end of this tutorial you should have an understanding of how to perform a brute force attack against an SSH Server.

Performing the Attack:

• Change Protocol from afp to ssh
• Change port to 22 (or whatever port  SSH is running on by default it is 22)
• Under single target put the IP address of the target you are attacking (or you could use a list of ip addresses)
• Now click on the Passwords tab and under username put root (or you could use a list of usernames)
• In this attack we are going to be using the rockyou.txt wordlist which in Kali is located in /usr/share/wordlists/rockyou.txt.gz (make sure you extract the wordlist before using it)
• Under the passwords tab tick Try login as password
• Under the passwords tab tick Try empty password
• Now go ahead and click the Start button which is in the Start tab
• Hydra will keep attempting to login to the SSH server until the password for root it found or until it has reached the end of the wordlist.

Success!

In this case we were able to find the root password which was cheese. This is what the output of xHydra looks like.


[22][ssh] host: 192.168.131.157 login:root password:chesse
Covering Your Tracks

Now that we have root access to our box, we need to cover our tracks. If you look at the file /var/logl/auth.log there are a number of failed login attempts we need to delete the evidence so remove the file with the following command.

# rm /var/log/auth.log

Or you could open the file in an editor and remove the failed login entries

Comments

Let me know what you think (like it or hate it)! I try to make my tutorials as clear and concise as possible! Even if its just simply how the tutorials are formatted, I would love some feed back.
My Policy

I am not responsible for anything you do with this tutorial.
Dedication

This tutorial is dedicated to anyone and everyone who understands that hacking and learning is a way to live your life, not just a day job or list of instructions