If you are here to Learn Kali Linux or you want to learn ethical hacking, you are absolutely in the right place for beginners. In the upcoming lines, we would be discussing Linux hacking for beginners in this definitive guide.
Go to Places Computer VAR WWW and move every one of the records from www folder to html folder. Using tinyurl.com make your ip address shorter and post it to victim. When he logs in through your link you will get credentials of him in a record which is situated at Places Computer VAR WWW. How to download and install kali linux 2017.1 in V. How to install VMWare Tools in Kali Linux 2017.1 p. How to hack (sniff) Instagram pictures using SSLst. How to hack wifi router password (step by step) How to Spoof using Ettercap- DNS spoof in Kali Lin. Sniffing Credentials using Wireshark in Kali Linux.
If you installed the Kali Linux already, probably you are here for one of the below reasons:
- where to begin with, or where to learn from.
- How to start using this complicated OS.
- How to hack using Kali Linux.
- Learn penetration testing with Kali.
The first thing you need to do is to change your mindset. Everyone gets confused by the information available over the internet. When you start learning you don’t know where to begin with. Even I struggle sometimes understanding things when it comes to Kali Linux. Just be focused and keep reading our amazing articles and you will be fine. Below are the two most important things which you need in order to learn this penetration testing distro. I would recommend you to first Download Kali Linux 2019.1a.
Requirements for this guide:
- You need a stable internet connection
- Most importantly you need passion, desire to learn
Here are some important terms which you need to know before you jump deep into Kali Linux.
Recommended guide before reading this one: 8 Best Kali Linux Terminal Commands for Hacking (2019 Edition).
Contents
Kali Linux Hacking Tutorials: Learn to Hack with Kali Linux (2019)
Phishing:
Phishing means fake websites or pages which are an exact look-alike of some other website. Usually, such pages are lookalikes of login page of the underlying website. When someone opens such page, it looks exactly like the original page, so the user enters his credentials and those credentials are sent to the hacker.
The difference between an original web page and the fake one is its URL. Just for instance take the example of gmail.com. If the URL is exactly same as gmail.com then its original otherwise fake.
More advanced types of phishing attacks:
The more advanced types of phishing are given below. These types are not common and only advanced users know about these.
- Desktop phishing
- Tabnapping
Desktop Phishing:
This is an advanced type of phishing, it is similar to the normal phishing but with little advancement. In this technique the web page which is loaded in the browser is fake, but the URL which appears in the address bar remains original.
For example gmail.com, the loaded webpage would be fake. But in the address bar, you will see the original address i.e. gmail.com. All most all of the browsers which we use today, such as explorer, chrome, and Mozilla have a built-in feature to detect desktop phishing. But the important point to note is that you need physical access to the system in order to create such a page.
Read:Top 8 Best Linux Distros for Ethical Hacking and Penetration Testing (2019 Edition).
Tabnapping:
If you are someone who opens a lot of tabs in your browser, your user account for any website can easily be hacked. In this type of hacking attack, the victim or the target opens a link sent by the attacker. Just assume, I and you are friends on facebook and I inbox you a web link via messenger and you open that link.
As assumed earlier you have already opened few other tabs. As soon as you will click that link, your Facebook tab’s URL would be replaced by another URL or page. Now you would think probably you are logged out and put your credentials in the look-alike page of facebook. You would be redirected to the facebook homepage and I will get your credentials.
Keylogger
This is one of the basic tools used by the hackers, though it can easily be detected by even a basic antivirus. But still, it is one of the useful tools for a hacker. It is a small piece of software which keep log/record of every key pressed on the target computer. Though it records everything which a user types, like a chatting conversation, emails, or any other keys pressed, the main purpose of keyloggers is to record passwords typed by the user. Keyloggers can be divided into these categories.
- Software keylogger: These are software-based keyloggers, which you can download from internet easily and install on any target pc. This software can record all keystrokes and can even be configured to send that data to a remote admin. Sometimes hackers code custom keylogger software for a given situation.
- Hardware Keylogger: this type of keyloggers are based on hardware, which is connected to the target pc and hence it records keystrokes. These days such hardware keyloggers are designed for keyboards, hence they are connected with keyboard and record all keyboard strokes for the hacker. These type of keyloggers are usually used for credit card hacking.
Brute force attack
This one is another commonly used method to crack passwords. In this type of attack, hackers guess the length and characters of the password. Once they have guessed the possible length of the password, they using brute force tools or software to crack passwords.
That software tries all possible combinations of passwords. This is a popular method, but there are two disadvantages of this type of attack, firstly it is time-consuming and secondly, it is inefficient. You never know whether at the end you will get the password or not.
Also read:8 Best Ways to Secure Your Linux Server: The Definitive Guide to Linux Server Hardening.
Wordlist attack
It is very much similar to a brute force attack. The difference is that in brute force the software uses all possible words combinations as password and in this type of attack hackers provide a list of words to the software. Then software tries each and every word as a password in the given list.
Usually, such lists are big size files. This type of attack is effective for cracking wifi passwords. It is not applicable when you are trying to attack the server directly. In other words, it is suitable to crack something on local pc not on the remote server, as the server will block you after few attempts.
Encryption
Encryption is used to store passwords other information on the databases in a form inch which no one can see the original info. For example, if your password is abcd3434 it would be stored as something like #@#!fdf3d9988dfdf, now looking at this line now can guess the original password or info.
Encryption is also used to transmit data from one node or peer to the other. There are many types of encryption, which can’t be explained here as that is a very long topic. However, to give you a quick heads up there is AES, RSA, Two fish, and 3DES.
Read:How to Hack WiFi Passwords in 2019.
Ransomware
This is actually a type of virus or program which encrypts your data and you can’t use that data. Or you can’t open it. Then the hacker demands money to decrypt that data. Always stay safe from ransomware attacks and never pay the ransom.
IP address
This is the unique address for your computer or device. The IP is actually the address of the device over the internet. Google for more detailed knowledge of IP addresses.
VPN
Vpn is actually a virtual private network, it creates a virtual tunnel between you and the server or resource you are accessing. So no one knows what you are accessing. Until your VPN provider decides to screw you. Here is a list of best VPN providers for torrenting and P2P safely.
Web Server
A web server is a computer which hosts all files for a given website. It can also host the database of a website with all the needed data. This can be using any technology I.e. MySQL or SQL.
DOS Attack
A denial of service is the attack in which a website is brought down by hackers, by sending an excessive amount of traffic which server can’t handle. The only difference between DDOS and Dos is that in DDOS the hackers use multiple devices to attack the website.
SQL injection
in this type of attack, hackers inject SQL queries in order to get access to certain data from the server. They will keep trying different variations until they get access to the admin panel of a website.
Read:Top 10 Best Android Hacking Apps – For Rooted and Non-Rooted Phones (2019).
Social engineering
This one is not the actual type of hacking, it involves psychological techniques and a lot guesswork to get the desired information. The art to social engineering is to trick the human to give his/her details.
Recommended programming languages for Ethical Hacking
Though you need plenty to learn in order to become a good hacker but to start with you can learn Python, HTML, CSS, javascript, SQL, PHP for web site hacking. In order to hack networks, you will need to learn other technologies and how networks work. So you will need a different type of skill set depending on the situation.
This was your basic intro, in the next articles we will get into some other topics which will be related to hackers especially using Kali Linux. But first, you need to have a good grip on the topics and terms mentioned above.
Disclaimer: This is just for educational purposes, please only use knowledge learned from our site on systems you have permission to do the following. You can watch more tutorials on their official site.
Conclusion – What to learn next?
Once you have a basic knowledge of the topics shared above with you, start with the command line. There are thousands of terminal commands that fall into penetration testing category. However, you only need to get an understanding of what command will give you what result. After, you can have a look at Wireshark for network spoofing attacks. This will lead you much further down in the ethical hacking field. I hope this Kali Linux Hacking Tutorial guide for absolute beginners has helped you.
Stay tuned for more Kali Linux tutorials, hacking commands and much more that we will be releasing in a training series for our visitors.
Trying to test the security of your Instagram account ? A dictionary attack is one of the easiest way to do it. Instainsane is a Shell Script that performs a multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number of passwords with a rate of about 1000 passwords/min with 100 attemps at once. This script features:
- Multi-thread (100 attempts at once)
- Hability to Save/Resume sessions
- Anonymous attack through TOR
- Check valid usernames
- Default password list (best +39k 8 letters)
- Check and Install all dependencies
For more information about this tool, please visit the official repository at Github here.
1. Download Instainsane
As first step, you need to download the Instainsane repository in some directory of your Kali Linux system. Proceed to clone the repository with the following command:
Then, switch to its directory and provide execution permissions to the Instainsane and Install scripts:
Now you can run the scripts in order to perform the attack on the next steps.
2. Install dependencies
The Instainsane script requires basically Tor as a dependency, so you will need to have Tor installed on your system. Tor is short for The Onion Router (thus the logo) and was initially a worldwide network of servers developed with the U.S. Navy that enabled people to browse the internet anonymously. Now, it's a non-profit organization whose main purpose is the research and development of online privacy tools. The Tor network disguises your identity by moving your traffic across different Tor servers, and encrypting that traffic so it isn't traced back to you. Anyone who tries would see traffic coming from random nodes on the Tor network, rather than your computer.
Besides, you will need
openssl
and cURL
, however they're included on Kali Linux by default. Proceed to run the install script with the following command:
This will install Tor and the other dependencies if they aren't installed.
3. Run Instainsane
Finally, after installing the dependencies, just run instainsane with the command line executing the following command:
This will start instainsane and it will prompt for the username of the instagram account that you want to attack. After providing it, it will start multiple instances of Tor in the background and will start the attack using the
passwords.lst
list file provided in the default repository of the project (if you want to use another list, the script will prompt its path at the beginning). Then, as mentioned the attack will start and won't stop until the list of passwords ends or you stop it. You can pause it as well and store the session, so the next time you start it, it will start in the same place where you left it before.
The script uses an Android ApkSignature to perform authentication in addition using TOR instances to avoid blocking. The script uses Instagram-py algorithm (Python), see the project at: https://github.com/antony-jr/instagram-py.
Happy coding !