Penetration Testing

How to use different tools for testing

Prepare Installation Media

Distros

These distros come with the necessary tools to get started and are easy to keep up to date. They are also quite popular, with Black Arch being an exception. ParrotOS is particularly notable as it is the distro used on Hack The Box.

Kali Linux

Kali Linux is a popular Linux distribution designed for penetration testing and security research. Built on Debian, it comes with a wide range of pre-installed tools for tasks like ethical hacking, vulnerability assessment, and digital forensics. Known for its robust toolset and user-friendly interface, Kali Linux is a go-to choice for cybersecurity professionals and enthusiasts.

Tools: 600+

https://www.kali.org/
ParrotOS

ParrotOS is a powerful Linux distro designed for security and privacy. It’s built on Debian and comes packed with tools for hacking, forensic analysis, and secure browsing. It’s user-friendly and great for anyone needing a reliable platform for security testing and privacy protection.

Tools: 600+

https://parrotsec.org/
Black Arch Linux

Black Arch, based on Arch Linux, can be installed on top of a vanilla Arch system, offering flexibility for existing Arch users. Black Arch offers a vast collection of tools for penetration testing, vulnerability assessment, and exploitation. Its rolling release model ensures you always have access to the latest tools and updates.

Tools: 2900+

https://blackarch.org/
Prepare Installation Media

John

John is a brute force tool used to crack user passwords by attempting various combinations until it succeeds. It comes with a built-in default wordlist, but you can also use custom wordlists, as demonstrated below. The standard wordlist for penetration testing distros, such as Kali Linux, is the rockyou.txt wordlist, which is included by default.

  1. Create a example.txt file using: touch example.txt.
  2. Encrypt the file with a password: zip -P 1234 encrypted_example.zip example.txt.
  3. Use John to get the hashes: zip2john /path/to/your.zip > hash.txt.
  4. Execute a brute force attack: John hash.txt.
  5. Use a custom wordlist: john hash.txt --wordlist=/path/to/your/wordlist.txt.

Keep in mind that the location of rockyou.txt is in /usr on Kali, making this a sudo command.

Prepare Installation Media

Nmap

Nmap is a network scanning tool used to identify open ports on a network. By detecting these ports, Nmap helps in assessing the security of systems and understanding the services running on them.

  1. To scan a network: nmap 192.168.1.1
  2. Detect services running on open ports: nmap -sV 192.168.1.1
  3. Gather OS version info: nmap -O 192.168.1.1
  4. Perform an aggressive scan: nmap -A 192.168.1.1
  5. Specify ports to scan: nmap -p 22,80,443 192.168.1.1