Introduction

About Practical Hacking

Practical Hacking is a four part guide to learning how to hack computers, where each part has a specific subject. The details are outlined at the bottom of this article. If something in the guide is unclear notify us so we can improve it. We are not afraid of criticism, nor comments!

Who are we?

Two humble pentesters from Norway. We like to talk and write a lot about security and hacking. And we both love to share our knowledge!

chryzsh
Infernux

Hacking vs Penetration testing

This guide is purposefully devoid of the words "penetration testing" and we only refer to what we teach as "hacking". Although the guide it covers both a general approach, techniques and numerous tools used in penetration testing, we are hesitant to call it that simply because penetration testing covers a much wider area that includes scoping, reporting and threat modeling. This guide is merely a basic practical introduction to some of the aspects involved in penetration testing.

The Penetration Testing Execution Standard (PTES) PTES defines penetration testing as 7 phases.

  • Pre-engagement Interactions

  • Intelligence Gathering

  • Threat Modeling

  • Vulnerability Analysis

  • Exploitation

  • Post Exploitation

  • Reporting

Safe to say, this guide only involves the activities marked in bold text, as we won't teach anybody how to write a report. The basics of hacking however, shall be taught thoroughly.

The guide is based on using a well renowned platform called Hack The Box (HTB) to practice the acquired skills. HTB has gained vast popularity in the hacker community and has now more than 70 different machines. If machines in the course are for some reason unavailable or retired, there are usually alternatives in the active machines category of HTB that covers the same subjects.

There are two categories of machines at the moment, Active and Retired. The former is machines that are available with Free subscription. The latter is available for VIP subscriptions. Most of the machines mentioned in this guide are available either through free or VIP labs.

HTB is an excellent platform for such training and in the courses held we have provided assistance in hacking boxes and ocasionally done some walkthroughs when everybody has done a box. However, because this is an Internet accessible article series we can't provide any written solutions to boxes. We do however try to provide you with all the information and tools required to figure out how to hack these boxes on your own. If you require further assistance check out the social channel listed in the Preparation part of this guide.

Hacking in four parts

To get you started we have broken this guide into four major parts and some preparation stages.

Preparation

Gets you set up with a Kali Linux virtual machine for hacking and registered on Hackthebox, the platform we will use to practice our hacking skills.

Before you start

Some words of caution and tips on hacking as efficiently as possible.

Part 1 - How to hack

A methodical approach to hacking invidiual boxes, mostly by using automatic tools.

Part 2 - Hacking manually

Taking the step beyond automatic tools to get an understanding of what hacking really is.

Part 3 - Web hacking

Introduction to the vast world of of web hacking.

Part 4 - Privilege escalation

Goes deeper into the subject of escalating privileges.

This is not 'Nam, this is hacking. There are rules.

Don't be a dumbass!

Don't try to hack your employer, newspaper, school or anyone else. Don't launch any random tools you find on the internet. Don't execute commands if you don't know what it does.

Do however, practice the things you learn in this course in a fantastic lab environment such as Hackthebox.