CREATE YOUR HACKING LABORATORY:
To learn cybersecurity and practice hacking, you will still need to use the tools without breaking the law or attacking prohibited targets.
For web operation:
You will have to train on platforms like Pentesterlab or websites dedicated to exercises like Google Gruyère, they are free or paid and specially designed so that you can totally let go and train without risk. You can even hijack systems by creating your own malicious scripts, the possibilities are endless, you will see.
You will only need an internet connection and a browser whatever your operating system (see chapter web exploitation), even if you only have a smartphone you can already work. For example, it is possible to read the source code of a web page and find the flaws on hacking platforms like Root-me (video below):
For the Pentest from the active information collection, you have three possibilities:
- You train alone, for that you have at least 2 machines, that of the attacker and that of the victim, you can even deploy several victims. In this case you will need to familiarize yourself with Linux.
- You go on free platforms like Root-me but you must have your own linux system specialized in hackinf like Kali and Parrot.
- You go to dedicated pentesting platforms like Hackthebox, Pentesteracademy, etc ... In this case any operating system will do because they are now provided with "pwnbox" which are Kali Linux operating systems (in Hackthebox) or Parrot OS (in Pentesteracademy) to which you have direct access on the site.
In the last two cases you will have to master Linux a little more, but a good foundation is sufficient for beginners exercises.
The famous STÖK known to be a BugBounty professional explains how the pwnbox works
To work alone:
The only crucial point is the isolation of the network. Nothing could be simpler, disconnect your computer from the internet, deactivate wifi or simply unplug your network cable. You should not take any risk to scan an ip address outside your network because it is prohibited.
A penetration test is a destructive process, a large number of tools used can cause attacked systems to malfunction. This is why we are going to use virtual machines thanks to Virtual Box and VMWare and for the Windows users the Windows Subsystem for Linux (WSL), for the more learned, the best solution is to use Proxmox and virtualize any system with multiple vulnerabilities but this solution requires a very good computer skill. there are many tutorials on the question, you will see depending on the use of a PC or a Mac that some virtual systems work more or less well especially with problems of hardware recognition such as the keyboard or the 'screen on some pc.
To train yourself, it is essential to know how to deploy at least 3 machines:
- Kali Linux or Parrot OS: which will serve as the attack machine.
- Metasploit: Linux machine intentionally not secured as target.
- Windows: as the target machine but it will have to be configured to make it permeable.
Start on a good basis:
Whether on Windows, Mac OS or Linux, you should know a few "tips" before starting, we recommend Hackthebox Academy with the first section "Linux Fundamentals", Linux fundamentals:
You will learn :
- The Linux structure
- Using a Shell
- Walk around the system
- Linux administration
- Managing permissions
Hackthebox works by reward, you earn boxes for each correct answer which allow you to unlock more difficult levels, the learning is very gradual.
Se Familiariser avec le Terminal
Whether it is Windows, Mac OS, Android, IOS or Linux, the first thing to do is to familiarize yourself with the command line interface.
a man-machine interface in which communication between the user and the computer takes place in text mode :
- the user types a command line, that is, text on the keyboard to ask the computer to perform an operation.
- the computer displays text corresponding to the result of the execution of typed commands or to questions that software asks the user.
A command line interface can be used both for launching the execution of various software by means of a command interpreter, and for dialogues with the user of these software. It is the fundamental interaction between a man and a computer (or any other computer equipment).
Basically, we remove the graphical interface, the wallpaper, the icons, the taskbar, etc ... and we have more than a black screen.
Some will say to themselves: he is not good, why would I bother with a black screen typing words that I barely understand when I manage my graphical interface well?
Familiarizing yourself with the terminal means:
- Understand the inner workings of my computer
- To be much faster in my actions
- Computer coding
- Understanding hacking
- To be classy... ; )
You can even use the terminal from your smartphone, see this video on the Padawan Hacker YouTube channel :
Here the application used is a-Shell available free for IOS which was created by a Frenchman Nicolas Holzschuch from Grenoble
In Windows you have the command prompt or CMD, formerly this corresponds to the old MS DOS that the oldest of us have known.
Watch Camille's video which explains the basics
Knowing the Windows cmd makes it much more interesting, you can converse with your machine directly without a graphical interface. You need to know how to navigate the Windows file system to exploit targets.
If you do small scripts in python you can use your Windows system as well as with Kali or Parrot, port scanning can be done with Zenmap on Windows, all the recognition part can be done under windows (see chapter on dark python) even active so don't rush into Linux systems if you haven't mastered them yet.
Configure your hacking lab on Windows 10
This guide gets you started installing and configuring the languages and tools you need to develop with Windows or the Windows Subsystem for Linux.
It is located in Microsoft Docs.
I must confess that what Windows is doing has reconciled me with this operating system. With good use of the cmd and the WSL (Windows Subsystem for Linux), you have an ideal hacking lab. You can even use Kali and run it in seconds without slowing down your pc. It is much more difficult to get a stable executable with Virtualbox or VMware. My son has been using kali on Windows for several months on his laptop and it never crashes.
So if you're on Win10, a word of advice, just keep Microsoft office if you're used to it and do everything else on WSL, there's even Ubuntu (my favorite) on it. You can do everything else on open source software.
The documentation on the site is very well done so do not hesitate to get started
Here is how the development environment part looks:
Installing Kali Linux on Windows 10 is child's play!
First go to https://docs.microsoft.com/fr-fr/windows/wsl/install-win10 in step 1: activate the Windows subsystem for Linux.
To open the Windows PowerShell as an administrator, the easiest way is to type in the windows powershell search bar and choose the option "as administrator, be careful windows will ask you for confirmation and for good reason here you are walking on eggshells do not type anything that is equivalent to root mode in Linux.
In summary, PowerShell can be used the same way as Command Prompt, with sufficient knowledge of standard commands. However, it also provides access to more in-depth internal Windows functions, such as the registry and Windows Management Instrumentation (WMI)
Then copy the command to the microsoft documentation and paste it into the PowerShell
Wait for the operation to complete
Then restart your computer and go directly to step 6: install your Linux distribution of choice
The first time you launch a newly installed Linux distribution, a console window opens and you are asked to wait a minute or two for the files to be unzipped and stored on your PC. All subsequent launches should take less than a second.
You then need to create a user account and password for your new Linux distribution.
Last step you have to install the windows terminal, yes you read that correctly, windows now has a terminal that allows you to activate several tabs (quick switch from one Linux command line to another, Windows command prompt, PowerShell, Azure CLI, etc.), create custom key combinations (shortcut keys to open or close tabs, Copy + Paste, etc.), use the search functionality and configure custom themes (color schemes, font styles and sizes, background image / blur / transparency)
You can install it from Microsoft Store it starts with PowerShell as the default profile in the Open tab or with the keyboard shortcut Ctrl + Shift + t
Windows which turns into a hacking laboratory ... this seems like a dream.