Hacking Lab

Instructor:
Assistant Professor, PhD Akzhibek Amirova
[email protected]
Assessment

* Each assignment is a combination of tasks including Labs, practical assessments and other
forms of submission depending on the topic of the week.
 Network Hacking – In this section you will learn how to
test network basics, how they work, and how devices
communicate with each other. Then it will branch into
three sub sections:
• Pre-connection attacks
• Gaining Access
• Post Connection attacks

General objective
This course is highly practical, the students
will start with hacking basics, breakdown
the different penetration testing fields and
install the needed software
Social engineering techniques – In this section you will
learn how to improve cybersecurity awareness level.
Also will create fake site to harvest credentials.
• Maltego to gathering personal data
• BadPDF attack

Website / Web Application Hacking - In this section you will

learn how websites work, how to gather information
about a target website (such as website owner, server
location, used technologies) and how to discover and
exploit the following dangerous vulnerabilities to hack
websites:
• File Upload.
• Code Execution.
• Local File Inclusion.
 Course outline

Introduction to the course and policies.

01 Understanding basic terms of offensive/defensive security

02 Gathering information

03 Network scanning and vulnerability detection

04 Network Hacking. Gaining Access. WPA and WPA2 Cracking

05 Social engineering techniques

06 Web applications security

07 Web application attacks. Automatic tools

08 Website hacking – SQL Injection Vulnerabilities

09 Website hacking – SQL Injection Vulnerabilities

10 Cybersecurity training platforms

 Reading list

Basic Literature:

1. L.S. Aldasheva, A.S. Abdiraman, S.T. Amanzholova, Z.A. Issagalyeva Introduction to Hacking Lab:
Study guide / L.S. Aldasheva, A.S. Abdiraman, S.T. Amanzholova, Z.A. Issagalyeva. – Almaty:
Daryn, 2024. – 200 p.
2. Glen D.Singh.The Ultimate Kali Linux Book / D.S. Glen. - 2 ed. - Burmingham : Packt Publishing Ltd.,
January 2022. - 718 p.

Supplementary Literature:
1. Jeremy Martin.Hacking lab with Kali: Build a portable Cyber Live Fire Range / M. Jeremy. - 1st ed. -
Great Britain : Information Warfare center, 2020. - 60 p.
2. Ric Messier. CEH v12 Certified Ethical Hacker Study Guide [Текст] : Includes interactive online
learning environment and study tools: 750 practice questions, 100 electronic flashcards,
Searchable key term glossary / M. Ric. - 1st ed. - UK : Wiley, 2023. - 724 p"
Lecture 1

Introduction to Hacking Lab

Objectives

Understanding Overview of Investigate Kali Linux

basic terms of Penetration
offensive/defensive Testing Stages
security
 Basic Security Terms

Hacker: A person who explores, analyzes, and manipulates systems

White Hat: Ethical hackers securing systems

Black Hat: Malicious hackers with harmful intent

Gray Hat: Hackers working without permission but not necessarily with bad intent

Vulnerability: Weakness in a system

Exploit: A method to take advantage of a vulnerability

 Offensive Security (Attacking Security)

This is a proactive approach that simulates hacker actions to identify vulnerabilities. It

includes:

Penetration Testing – testing a system for vulnerabilities by attempting to breach it.

Red Teaming – a group of specialists conducting long-term attacks, simulating real-world
threats.
Ethical Hacking – using hacking techniques for security purposes.

Example: A penetration tester tries to hack into a corporate network so the company can fix
vulnerabilities before real hackers exploit them.
 Defensive Security (Protective Security)

This is the practice of protecting systems from attacks and ensuring data security. It includes:

Blue Teaming – infrastructure protection, threat monitoring, and incident investigation.

Incident Response – analyzing and mitigating attack consequences.

Threat Hunting – actively searching for traces of hackers within a network.

Example: An Intrusion Detection System (IDS) detects suspicious activity, and security

specialists respond by blocking the attack.

 Offensive vs Defensive Security

Offensive Security:

Ethical hacking and penetration testing

Finding and exploiting vulnerabilities

Attack simulations

Defensive Security:

Protecting and monitoring systems

Firewalls, IDS/IPS, and security policies

Incident response and recovery

 Penetration Testing Overview

• Goal: Assess and improve security by simulating attacks

• Ethical hacking follows a structured approach

• Legal and authorized testing is crucial

 Penetration Testing Stages:

• Reconnaissance: Gathering information about the target

• Scanning: Identifying vulnerabilities and network mapping
• Gaining Access: Exploiting vulnerabilities to enter a system
• Maintaining Access: Establishing persistence to continue control
• Covering Tracks: Hiding activities to avoid detection
• Reporting: Documenting findings and suggesting solutions
 Reconnaissance (Stage 1)
Goal: Collect as much information as possible

Techniques:
 Open-source intelligence (OSINT)
 Social engineering
 WHOIS lookups, DNS queries
 Google dorking

For example, let’s say we are testing a bank’s website. By checking LinkedIn
job postings, we might discover that the bank uses Apache servers and
AWS cloud services. Using WHOIS, we can find domain registration details,
and with Google dorking, we might locate exposed files or sensitive
information. This kind of information is valuable when planning an attack
 Scanning (Stage 2)
Goal: Identify live hosts, open ports, and services

Techniques:
 Network scanning (e.g., Nmap, Netdiscover)
 Vulnerability scanning (e.g., Nessus, OpenVAS)
 Banner grabbing

For example, if we use Nmap on our target bank’s server, we might find
that port 22 (SSH) is open, meaning the server allows remote
connections. If we also find an outdated version of Apache, a
vulnerability scanner like Nessus may confirm that it has known
security flaws. This information will help us in the next phase, gaining
access."
 Gaining Access (Stage 3)

Goal: Exploit vulnerabilities to gain system control

Techniques:
Exploiting known vulnerabilities (Metasploit, manual exploitation)
Password cracking (John the Ripper, Hydra)
Phishing attacks
 Maintaining Access (Stage 4)

Goal: Ensure continued control over the system

Techniques:
 Creating backdoors
 Privilege escalation
 Hiding activities
 Covering Tracks (Stage 5)

Goal: Avoid detection and forensic analysis

Techniques:
 Clearing logs
 Disabling monitoring tools
 Hiding files and processes

For instance, if we gain access to a system, we might delete authentication logs (rm -
rf /var/log/auth.log) to erase any sign of our login. We could also disable security
monitoring tools to prevent alerts from being triggered
 Reporting (Stage 6)

Goal: Document findings and suggest security improvements

Includes:
 Executive summary
 Detailed vulnerabilities & exploits used
 Risk assessment & mitigation suggestions
 Investigate Kali Linux

What is Kali Linux?

A Debian-based Linux distribution designed for security auditing and penetration testing.
Maintained by Offensive Security.
Pre-installed with 600+ security tools.
Used by ethical hackers, security researchers, and penetration testers.
 Investigate Kali Linux

Why Use Kali Linux?

Open-source and highly customizable.

Powerful penetration testing and security auditing tools.

Lightweight and efficient for security tasks.

Community-driven support and continuous updates.

Investigate Kali Linux

Installing Kali Linux on VirtualBox

Step 1: Download Kali Linux ISO from the official website.
Step 2: Create a virtual machine in VirtualBox.
Step 3: Allocate memory (recommended: 4GB RAM).
Step 4: Set up a virtual hard disk (20GB recommended).
Step 5: Enable PAE/NX and multiple processors for better performance.
Step 6: Boot from the Kali ISO and install using the graphical installer.
Investigate Kali Linux
Kali Linux comes with over 600 pre-installed applications for penetration testing. Each
program has its unique flexibility and use case. Kali Linux excels in categorizing these useful
utilities into the following categories:
1. Information Gathering
2. Vulnerability Analysis
3. Wireless Attacks
4. Web Applications
5. Exploitation Tools
6. Stress Testing
7. Forensics Tools
8. Sniffing & Spoofing
9. Password Attacks
10. Maintaining Access
11. Reverse Engineering
12. Reporting Tools
13. Hardware Hacking
 Basic Navigation in Kali Linux
Accessing the Terminal:
Use shortcut Ctrl + Alt + T to open the terminal.

You can additionally open a terminal window from the current session using the key
combination CTRL+SHIFT+T.
To close the terminal window, use the combination CTRL + D or the exit command
 Investigate Kali Linux

To view the history of command execution, use the history command, and to reuse a
previously executed command, the key combination CRTL + R
 Investigate Kali Linux

To save the list of files in the ls directory to a txt text file, you need to run the command: ls > ls-list.txt

The command used above, using the > symbol, will save the list of files into a text file named ls-list.txt.
 Investigate Kali Linux

Using the cat command and the < symbol, you can do the opposite < display the contents of the file in a terminal
window:
cat < ls-list.txt
 Investigate Kali Linux

The | parameter is responsible for combining the output of each command and use it in the next command
 Basic Kali Linux Commands

Using the cat command and the < symbol, you can do the opposite < display the contents of the file in a terminal
window:
cat < ls-list.txt
 Basic Kali Linux Commands

man ls
This will display the ls command user manual
Basic Kali Linux Commands

man passwd
The above command will show information about the passwd command
 Changing directory in Kali Linux terminal

To change to a different directory, use the cd command followed by the path to the desired directory. The pwd
command will display the current directory, and the cd command will return to the home directory:
/home/username
Creating a directory in the Kali Linux terminal
To create a directory, use the mkdir command followed by the name of the new directory.
To create a new file, use the touch command, followed by the name of the new file. An example of using the mkdir and
touch commands is shown in the following screenshot
Creating a directory in the Kali Linux terminal
To create multiple directories at once, use the -p argument. This argument can create directories within the parent
directory. Let's say we need to add two directories to our newly created baby-new-folder directory:
You can do this using the -p argument:
mkdir -p /home/kali/new_folder/baby-new-folder/{testing,info,exploit}
Searching for files in the Kali Linux terminal
The which command searches the directories specified in the $PATH environment variable. This variable contains a
list of all directories that Kali Linux searches when the command is applied without a path. If a match is found, the full
path to the file is returned, as shown below:
Searching for files in the Kali Linux terminal
Locate
The locate command is the fastest way to find files and directories in Kali Linux. Unlike other commands, instead of
searching for data on the hard drive, it searches its locate.db database.
This database is regularly updated automatically by the cron scheduler. To manually update the locate.db database,
use the command
Searching for files in the Kali Linux terminal
Find
The find command is the most complex, but at the same time flexible search tool. Its syntax is quite difficult to
understand, but the results are much better. In the following screenshot, we have performed a very basic search using
the find command, where we search from the root directory / and look for files starting with the word sbd.
Introduction to
Hacking Lab
 Kali Linux Terminal Tasks
Task 1: Create a New File

•Open the terminal in Kali Linux.

•Create a new file named myfile.txt.
•Command: touch myfile.txt
•Question: What happens when you list the files in the directory using ls?
 Kali Linux Terminal Tasks
Task 1: Create a New File

•Open the terminal in Kali Linux.

•Create a new file named myfile.txt.
•Command: touch myfile.txt
•Question: What happens when you list the files in the directory using ls?

Answer: The file myfile.txt appears in the directory listing.

Kali Linux Terminal Tasks

Task 2: Add Content to the File

•Use the echo command to add the following lines to myfile.txt:
•"apple"
•"banana"
•"testfile"
•"grape"
•"test123"
Kali Linux Terminal Tasks

Task 2: Add Content to the File

•Use the echo command to add the following lines to myfile.txt:
•"apple"
•"banana"
•"testfile"
•"grape"
•"test123"
Kali Linux Terminal Tasks

Task 2: Add Content to the File

•Use the echo command to add the following lines to myfile.txt:
•"apple"
•"banana"
•"testfile"
•"grape"
•"test123"

Command: echo -e "apple\nbanana\ntestfile\ngrape\ntest123" > myfile.txt

Kali Linux Terminal Tasks

Task 2: Add Content to the File

•Use the echo command to add the following lines to myfile.txt:
•"apple"
•"banana"
•"testfile"
•"grape"
•"test123"

Command: echo -e "apple\nbanana\ntestfile\ngrape\ntest123" > myfile.txt

Question: How can we verify the contents?

Kali Linux Terminal Tasks

Task 2: Add Content to the File

•Use the echo command to add the following lines to myfile.txt:
•"apple"
•"banana"
•"testfile"
•"grape"
•"test123"

Command: echo -e "apple\nbanana\ntestfile\ngrape\ntest123" > myfile.txt

Question: How can we verify the contents?

cat myfile.txt
Kali Linux Terminal Tasks

Task 3: Sort File Contents

Use the sort command to display the sorted contents of myfile.txt

Question: What is the new order of lines?

Kali Linux Terminal Tasks

Task 3: Sort File Contents

Use the sort command to display the sorted contents of myfile.txt

Question: What is the new order of lines?

THANK YOU!