Hacking Tools (with demos) that you need to learn in 2025

Hacking Tools (with demos) that you need to learn in 2025

Show Video

Everyone it's David Bombal back with the amazing  OTW, OTW great to have you back on the show. Hey   David it's always great to be back on the best IT  and cyber security Channel on YouTube. Appreciate   you saying that as always and really grateful  that you come on the channel so often to share   your you know knowledge and experience with all  of us for those of you who don't know OTW he's   the author of this book really popular book on  Amazon Linux Basics for Hackers, also this book   Getting Started Becoming a Master Hacker and  Network Basics for Hackers and OTW it's 2025   now I'm hoping that this year we'll get a Python  for hackers right well that's the plan yes we we   have in the works a brand new book called Python  Basics for Hackers we are expecting it to be out   September of 2025 I'm writing it right now and we  hope to do for Python what we did for Linux and   that is that we want to take a really important  subject in cyber security and make it simple and   understandable for the beginner and I think we did  that successfully with Linux Basics and we want to   do the same thing for Python because Python is  one of those tools that you really should master   or at least have a fundamental understanding to be  effective in cyber security. Really excited about   this video we did one about a year ago where we  looked at some of the top tools that hackers use   and I'm hoping you can give us an updated version  of that and also show us some cool and interesting   stuff we haven't seen before. Yes so we're going  to look at everything from the most simple to  

the more advanced tools I got a list here that  goes from the very beginner to the more advanced   hacker and so why don't we get started. yeah I'm  looking forward to this so I'll keep quiet you   takes away I love the demos that you do so looking  forward to this. Okay great well let's start with   the most fundamental of all things that we need  all tools that we need as a hacker and that is   Linux yeah you know we we've got to know Linux if  you're going to enter into this field as you can   see on my screen here I've got Kali Linux but it  it's not limited to Kali Linux it can be Parrot   you know it could be Arch Linux it could it could  even be Ubuntu but you need to know the basics of   Linux you need to know the basics of Linux because  almost all of your tools are designed for Linux   almost all of your tools are designed for Linux  no matter if that you're using Kali Ubuntu what   have you and most of the tools that you're going  to download off GitHub even the tools that are not   built into Kali and Parrot are all designed for  Linux so you need to understand how to manage in   this environment there's another reason though  too to know Linux and a couple of them probably   less important is that sometimes the machine that  you're attacking is going to be Linux and you need   to know how to get around if you're inside of  a Linux machine and you don't know how to get   around you're not going to be very effective right  and then probably I think more important at this   point in time is we see the growth of the Internet  of Things right so we see all of these devices   and there's devices going into every home and  every business and these Internet of Things are   almost always using Linux they're almost always I  probably could almost get away with saying always   but you never want to say always because there's  always there's always an exception to always right   y but I it's pretty close to 100% are using Linux  so if you're going to attack these systems the IoT   and I I think this is really an underappreciated  field IoT hacking we just finished a course on IoT  hacking at Hackers Arise we have some more coming  up in 2025 so almost all of the cameras use Linux   yeah almost all the the uh Bluetooth and Zigbee  connected devices Zigbee is a home automation   oftentimes using home automation devices are all  using Linux so you've got to know it not only from   what you're running on your own system but you  need to know it from the target system the target   systems often are going to be Linux most of the  web servers in the world are running Linux most   of the IoT devices are running Linux now you know  your neighbor your friend your roommate they may   not be running Linux they might be running  a Mac OS they might be running Windows but   they're not well maybe they are your target  I don't know maybe maybe maybe your roommate   is your target um but in a professional  environment right when you're trying to   uh pentest hack um another system then you  need to understand the inner workings of   Linux and that's why I wrote Linux basics for ha  so number one learn Linux all right also we have   a new version of Linux Basics for Hackers coming  out in May from no starch press and so though the   one that I is out there right now it's a it's  a great book I can say with all humility it's a   great book it's still it's still the number  one selling operating system book on Amazon and   it's you know it's now like seven years old but  we'll coming out with a brand new version it'll   come out in May so look for that it'll uh bring  everything up to date and it's going to have a   chapter on using AI in cyber security as well  so we're we're updating it with a new chapter   there okay so Linux is number one on my list you  you know everything else doesn't really matter   everything else comes secondary to Linux right.  Just for everyone who's watching Occupy The Web   and I have done a bunch of videos about that book  so have a look below I've linked it below if you   want to you know see Occupy The Web go through the  chapters in his book uh we haven't completed all   of them but we've done quite a few to get you  started so have a look at those sorry go OTW.   So Linux is number one all right that's where  you start from the next tool that I think is   really important is Python now you don't need  to master Python at the beginning but you need   to learn the basics of Python you the basics of  python it should be one of your goals as a cyber   security pro if you're a networking Pro if you're  a system admin you should know Python Python is   the language of cyber security almost everything  is written in Python not everything but nearly   it's pretty be like 80 to 90% is written in Python  and so this is you know your tools are written   in Python so if you want to expand beyond the  script kitty and using everybody else's tools you   want to be able to write your own tools and you  might want to just automate things you know you just want to like a even something as simple as  doing automated scans you want to go ahead and be   able to use Python for that to be able to automate  your tasks I think uh there's number of good books   out there on Python a couple of them from no two  or three from no starch yeah I'm hoping that our   book The Python basics for hackers is going  to help the beginner to master the concepts   first of all we're going to deal with programming  concepts when that because a lot of books already   assume that you understand programming so we're  not going to assume that we're going to try to   give you basic programming concepts and then apply  those concepts to Python and then apply Python to   hacking in cyber security. Nice. So that's number  two number three on my list and this list is more  

than just 10 I think we got about 17 or 18 on this  list is VMware VMware Workstation for a long time   I have been using VMware Workstation but also been  using virtual box and I primarily use Virtual box   because it's been free and wanted to use the  same uh virtualization system as my students   because a lot of students don't have the money to  be able to buy BMR workstation but now as of this   year VMware Workstation is free all right so  for personal use it's free and it's superior   to Virtual box it's superior to all of the other  virtualization systems so I want to put that on   the list this year because of it the because  of the company now making it free and because   it works so much better than the others and  that's what I'm running here I'm running a   VMware workstation the big difference I see with  VMware workstation is that it connects to the   outside world better than virtual box virtual  box often has problems with USB external USB   devices and networking and so um I like VMware  better so I want to put that on your list it's   great for the hacker to be able to create your own  virtualized environments in other words you want   to be able to test the things that you're learning  on real world systems but you don't want to get   you don't want to break the law right yeah and so  you can create you know download say Windows 10 or   Windows 11 or Ubuntu and create a virtual machine  put whatever applications you want into it and   then test trying to hack those and this is a a a  good way to be able to hone your skills without   having to actually even connect to the internet  because it's all in your own localized Network   and environment there's no issues with being able  to you know sending out packets over the Internet   that might appear to be malicious um so that's  why it's it's a it's a great learning environment   training environment it's also a really good  environment for doing malware analysis we'll   get into this little later here but there's a  lot of malware that's already out there right   and well I'll show you some of the places where  you can pick it up and download it but if you do   that if you download malware you want to put it  into a safe environment you don't want to put it   on on your on your laptop right exactly you might  end up encrypting all of your data and having to   pay a ransom to get it back right but if you have  a virtual machine you can download it put it on   that virtual machine and then you can sandbox me  meaning you cut that machine off from the rest of   the world it has no connection so anything that  happens on that virtualized operating system is   contained that's called sandboxing in malware  analysis or reverse engineering malware which   we just finished teaching a class on that so  it's perfect for that environment one of the   things that and and the malware developers know  that right and so one of the things that you'll   see in some really sophisticated malware is it  won't let you download it to a virtual machine   so but it's still an excellent place to be able to  do safe and secure analysis the malware developers   know this too and there's easy ways for them  to put in to block it from being used in a   virtual machine we recently were attacked by  some Russian hackers and that's exactly what   they did their malware when we tried to analyze it  it wouldn't let us put it into a virtual machine   because it's not that difficult to do but it's  still important for the beginner to know how to   use these tools to be able to analyze malware  maybe you're not going to start with the most   sophisticated malware but if you want to develop  exploits now Weare exploits you need to understand   what's already been done you know there's no  reason to reinvent the wheel right so take a   look at what's already been done you can do that  safely in a virtualized environment. What I also   like about VMware VMware Fusion works really well  on a Mac so if someone's got a Mac VMware Fusion   works well and like you said VMware Workstation  Pro is free now so it's fantastic. Next tool and   this is a really basic and fundamental tool  that every cyber security and for that matter   um Network administrators should know and  that's NMAP right everybody should know NMAP   so it's built into not only to Kali but most Linux  distributions this is NMAP all right and just nmap -h   and you can see you know it's a significant  help screen and it has a significant main page as   well but really NMAP is pretty simple because  you can boil it down to basically nmap okay   and then -s for scan right and then T or  a TCP connection just different types of scans   but the most basic one is a Tscan which does a  three-way handshake to the website right and then   the IP address that's all there is right that's  all you need to know that's the most simple and   what this will do is it'll give you the open ports  on that system it's important to note that NMAP by   default without without um telling what ports to  scan for only scan for about a thousand ports   and those are the thousand most common ports so we  know that there's 65,536 ports right yeah and so   if you're looking for a port that is not on that  thousand list you're going to have to be specific   right so let's take a look at I've got another  system running over here I've DragonOS which   is on my list as well is important tools to know  right DragonOS is mostly for um radio frequency   hacking I I'm not sure I need a better term for it  because when you use the word radio people think   of you know that thing that's in their car they  listen to music but really radio includes all the   electromagnetic spectrum that includes cell phones  and Bluetooth and WiFi and satellite and all these   things are radio signals and so it's one of those  areas that I think is really important. We'll have   to show we'll have to show the famous device right?  Right we'll we'll look at that in just a moment.  

This is the device that's really made radios like  hacking quite famous I think. yeah and before we   have to hack and and you know we're seeing we're  seeing new devices coming out almost daily um in   the SDR field so I tend to call it uh radio SDR  uh hacking so let's just go ahead and scan that   it's another system just Dragon OS on my VM of  it and you see it comes back very quickly because   there's there's no distance between them there's  only one hop between them uh and you see it shows   that Port 80 is open right so yeah if I'm an  attacker this is the way that I go ahead and   determine which ports are open now I I often times  hear beginners talk about hacking ports you're not   hacking a port a port is just a door into the  system what you're hacking is what's behind the   door and what's behind the door is HTTP in this  case right it might be SMB it might be modbus it   might be DNS but you're not hacking a port so  it's maybe a a trivial point but I think it's   important because sometimes if you go on Shodan for instance you'll look and you'll see that some   companies maybe the more sophisticated companies  put their services say HTTP and not the default   Port right okay yeah so this is the default port  for HTTP but I don't have to put it there I can   often times you'll see companies put it on 8080  881 882 you can put any service on any port and   the reason I bring this up is that there was  a somebody one of the comments in one of our   previous videos was why do we need to do a scan  when we know that HTTP is on Port 80 and HTTPS is   on Port 443 no you don't know that that is simply  the default Port okay but that's not necessarily   the smart people and I'm assuming everybody  who's in listening to this video is one of those   smart people will put your services on non-default  ports it makes it harder for the attacker to   attack you right because you know they all know  for instance that SQL Server Microsoft's database   server is on Port 1433 everybody knows that right  so if I scan your system and I see Port 440 1433   open I know you've got a SQL server on that system  and that means I'm going to try to attack that   database but if I put it on a different port then  the attacker goes I don't know what that is right   and so this is one of the things that you that  it's important to note is that any service can go   on any port so you're not attacking a port you're  attacking a service behind the port now one of   the things that to get more information you might  want to do with NMAP is to use the the -a what   -a does okay if we go all the way up into the help  screen you can see the -a you can see there's   different types of scan techniques we're using  just sT here which is for most people's purposes   it works great it's it's not stealthy right but  in all honesty you know a lot of people a lot of   books and a lot of people advocate the use of sS  it's often referred to as a SYN scan or stealthy   scan but in all reality it's not hiding anything  from anybody so don't be fooled by that all right   so that's why I just use that I just use the sT  scan now here it is an a enable OS detection okay   version detection in traceroute and so let's go  ahead and just use the -a and takes a little   longer because it has to work harder it has more  work to do here and you see what it comes back   and and tells me more information and this is  where this is this is an important type of scan   because remember when we said that any service  can be behind any port this now goes inside and   says oh yeah this is Apache 2.4.52 on the Ubuntu  right and it tells us more more information about   it tells us the OS it tells us the title it just  the it works that's the default page for Ubuntu and   one other variation on this is simply the -p  in this case Port 80 right and this this tells in   that only look on Port 80 now this goes to some  of those uh unique ports um like 554 which is   RTSP which is the IP camera Port most IP cameras  on Port 554 sometimes on 5554 sometimes they're   8554 we can talk about this you and I are going  to do an IP camera uh video coming up in the real   near future so look for that one and we're going  to do some demonstrations there how to find them   and how to hack them so look for that video coming  up in the near future so if I were looking for say   Port 554 for an IP camera right I would do it  like that now this is not 554 is not on nmap's   default 1000 port list so I would need to specify  it to find it and if I go ahead and it comes back   and says yeah it's closed notice this says rtsp  is the default Port that's protocol that's used   for cameras rtsp and if I wanted to say look for  scada systems I you know the scada systems have you   know like Port 502 this modbus so I can do that  once again this is not on the default list okay   so let's end that you know it's one of those  tools that everybody needs to know every even   if you're not into hacking if you're a network  administrator and you have you know a thousand   machines on your network that you need to manage  this is a tool that's going to allow you to scan   the entire network all right so I can go scan  my entire network and see what's open I could   use some CIDR notation like this right and  it'll scan this case it'll scan 255 machines   um and see which ones have Port 80 open on it  or whatever the port that we're looking for then   just one more thing was NMAP that's NMAP Basics  right that's really important NMAP also has some   capabilities a few people recognize and realize  and that is what's called the nmap scripting   engine all right so we can just do a locate  command and then go uh nse they all end in nse so   we can just do and you can see that NMAP has all  these scripts that give it additional capabilities   some sometimes it gives us capabilities that are  similar to a vulnerability scanner sometimes like   um like here stuck net detect right and you  can have a number of other uh here's V SMTP   vulnerabilities these are relatively old and  some snnb Brute Force this one right here is   um Eternal blue that uh exploit that was developed  by NSA that was used by a number of criminal gangs   is used in Peta not Peta W to cry what have you  any case there's all these scripts here that you   know you eventually you need to learn how to use  and we have um a class on NMAP and we do a lot of   these so that's uh that's NMAP that's one of those  key tools the next tool that's an essential tool   right is Burp Suite right Burp Suite Burp Suite is  basically a proxy that allows you to be able to do   web app hacking right it allows you to do a lot of  things right and web app hackings is it's it's an   essential tool there you really can't live without  it well that's not true you really there are other   tools that do similar things but you need this  capability no matter what that's what you need   you need the capability and it's a it's a really  important tool it's a Java based tool so um it   takes a little while to open up and here's our  Burp Suite right and we're using the Community   Edition because it's free I think Burp uh Pro  Edition is now I $495 a year I think they raised   the price of $495 One Ports Portswigger is the  company who makes it they do a good job let's give   them a little credit here but they uh they've put  out a good tool for a long time and they deserve   credit let's see what they charge for it but you  don't need it as a starter you don't need um buy   the professional they have an Enterprise Edition a  professional Edition a Community Edition and let's   see the Pro Edition costs so it's $449 for the  Pro Edition you can do most things with the uh   Community Edition that's built into Kali and some  of the other attack frameworks and just go hit   hit next notice that temporary project in memory  you can't save the project okay so that's one of   the things that you don't get with the Community  Edition then we can go ahead and start it all   right here's our burp and one of the things that  burp primarily it's a proxy between your browser   and the server so you can intercept all right the  the requests okay between your system all right   and the server and then you can analyze them  and you can um alter them edit them to be able   to attack the system looking for vulnerabilities  you can see here that you know I have an intercept   what this is is that allows me to intercept the  requests to the server so let's open a browser   I believe that burp by default uses Chrome right  so you can use any browser you want right but the   one that they've built into it is Chrome you can  go ahead and use Mozilla or um Edge and simply   turn on the proxy settings all right let's go  to let's see where should we where should we   go to what do you think David any ideas? Hackers Arise. Oh yes of course who would have thought

that we have both hackers rise.com hackers  rise.net um they're two different sites they   a little bit different we use two sites for  resilience we've been attacked so many times   that uh we decided to keep two sites to be able to  one gets attacked the other one's still running so   our students never get left in the cold all right  so let's go over here we can see our all of our   traffic and of course if we go ahead and turn  on the intercept all right the intercepts off   turn the intercept on let's see what happens then  okay so what happens when you turn the intercept   on it'll grab right here we go it grabs the get  request right and you can see you for instance   here is the user agent one of the things that  is underappreciated is how important this user   agent is this user agent is being used by hackers  and defenders and intelligence agencies to be able   to identify you it's part of what's called the  the browser fingerprint so one of the things we've   learned is that we can be able to fingerprint not  only the browser but the operating system and the   user through Telltale Fingerprints of when you  come to a website when you come to a website you   leave behind a trail right this kind of goes  to what we were talking about earlier about   being anonymous or for that matter any of the  traffic that you put over the Internet is going   you're leaving a trail of who you are so one  of the things that we've been emphasizing at   Hackers Arise is that VPNs don't keep you safe  right not only are you know almost every day in   the last month or so or two we've been seeing new  vulnerabilities to the VPN new vulnerabilities new   and and some of the vulnerabilities are so simple  okay in all honesty Fortinet has been terrible   so if you got a Fortinet VPN look out okay um  they've been terrible and so this is part of your   fingerprint but there's a number of other okay  there's a number of other bits of information that   the attacker or the intelligence agency or anybody  who sees your traffic that you leave a fingerprint   so when you go to Amazon right to go shopping  Amazon can read this fingerprint and have a good   idea of course Amazon uses cookies as well to be  able to identify you but whatever the site you're   at they can de anonymize you by these fingerprints  okay so that's kind of a separate issue but we   have here this is the Intruder and the repeater  right and what we can do with these is that we can   go ahead and try to say break the authentication  one of the things we can use this is to go ahead   and try a login and then try a password list  against a login we can test our own website for   vulnerabilities like SQL ejection uh cross-site  scripting and of course we can also use it to test   the the target system for those types of attacks  so yeah this is a really really important tool   and I think you've had a number of people on your  show who've done excellent demonstrations of burp   so I will refer anybody who wants more information  about Burp Suite to go to those videos but this   is on my list of essential tools right so that's  let's close this down next what we want to do is   we want to look at most of your viewers okay are  familiar with Shodan right so Shodan's a great tool   for being able to find the systems of particular  type of characteristics vulnerabilities you Shodan's   great for the that all right here's Shodan  explore you know one of my favorite subject areas   is industrial Control Systems this is one of the  things that we specialize in at the hackers arise   and you can see one of the things about that  mix industrial Control Systems unique is that   they use different protocols than other systems  so you know they use things like modbus Siemens   DNP3 right ether Ethernet IP Backnet Tridium and  there's about 200 different protocols this one   here is the most commonly used and this uses Port  502 um and so when you want you're looking for Modbus   systems and uh it says please log in to use  all right we're working with Shodan Shodan is a   great tool for being able to find what you're  looking for if you're looking for a particular   vulnerability particular port that's open looking  for the service behind it so we're talking about   industrial control system systems right and so  here's some of the more popular industrial Control   Systems here's Modbus this is going to show us  all of the mod bus or Port 502 not necessarily   Modbus but Port 502 systems in the world you can  see there's 3 quarters of a million of these systems so   most of these are running modbus but not all of  them are and this kind of goes to what we were   talking about earlier is that modbus runs on Port  502 by default but it could be running on another   Port as well and people might put other services  on Port 502 and so let's go like for instance   this is a Google in Mountain States and you see  there's a lot of things running on this particular   system and probably none of them are modbuz but  they've got all of these ports open so this is an   excellent tool this is the browser application  if we want to to look for a particular country   all right so we're looking for say Russia Port 52  we could do that and just define our terms here you   see Port 502 in Russia and you can see these are  all of the modbus Space Systems in Russia so most   of your viewers are familiar with Shodan but maybe  they aren't that familiar with another Shodan   based tool which is a command line tool which as  an attacker hacker sometimes can become much more   useful because what you can do with it is that you  can go ahead and use the commandline tool and look   specifically for sites and then put them into  a file that you can use later so let's go ahead   and just do uh let's I've installed it by the way  it's at um sudo apt okay search for shodan and you'll see that um ah there it is  right there okay it's python3 pyshodan   all right that's the tool we're looking for  and so we can do sudo apt install and then   let's do a copy and paste you can see it's  a script for interacting with Shodan API there it is okay so now we've got it installed  and we can go Shodan -h and there's the the   commands right and what you're going to use  very often okay is doing a search okay search   the showan database okay or you can scan  an IP net block using Shodan all right so   uh first of all you have to initialize the  Shodan command line but we also have to go   ahead and put our API key in I think it's a nit  is what it is so let's go Shodan init the API key all right successfully initialized go shodan  in and then go search and then go Port 502 and   you can see okay that's going ahead and pulling  up okay all of the IP addresses in the world that   use port 502 and so one of the beauties of this  tool is to be able to go ahead and put I'm just   going ahead and hitting enter okay I can put this  all into a file right and let's go ahead and do a   q to exit and I could do then go oh modbus call  modbus systems.txt that and it'll go ahead and   put it all into a file for me and then of course  I can just go more and go modbus systems.txt and   there it is all right so it's all into a file  that I can then use and then I can use that file   to into other tools right so many of your tools  most of your tools will allow you to use a text   file as an input so in this case you can go ahead  and use this text file as an input in scanning   attacking what have you so let's go ahead and hit  q and exit out of there so that's Shodan from a   command line I think it's much more useful uh as  an attacker to be able to use the Shodan command   line and they'd be able to put the results in into  a file. Makes sense. yeah yeah so that's those are  

two really really good tools for being able to do  scanning there's another tool that I want to show   you that is excellent for scanning and it's called  Nuclei and it's one that is I think is one of the   better tools that are out there uh right now for  being able to do particularly web app scanning   vulnerability scanning so let's go ahead and we  can can I could go let's show you how to install   it it's kind of it's a little more work to install  than say some of the others so this tool right   this is a good example of we seeing more and more  tools being developed in the Go language and this   is one of them right so to install this we need  to go sudo apt right and then do an update right   I'm not going to go through the update because it  takes a while and then we want to go ahead install   the Go language all right it's like this here but  we're seeing you know Python is the programming   scripting language of choice for most of what's  going on in cyber security but we are seeing   more and more tools going to the Go language we're  going to have a class on the Go language uh coming   up soon and I'm I'm probably gonna do a book on  the Go language as well in the near future maybe   2026 Python book out first right so we go ahead  and put the Go language in I've already got   installed and then uh we're going to go ahead and  do this is the command to be able to install it   like that right there hopefully you can see that  and then hit enter right now I I like this tool   better for web app vulnerability scanning let's  give a shout out to nessus and you've got an   excellent uh video on installing and using Nexus  on your channel nessus has been around for a long   long time and nessus is an excellent tool for  doing vulnerability scanning it can it's great   in a pent test vulnerability assessment maybe not  the best tool for uh assessment of vulnerabilities   of websites in an attacker type of environment  because it's really really noisy and it only if   you do the free version it allows you to do 16  IP addresses so in a large installation or if   you're trying and go out and like test a lot of  websites to see what vulnerabilities they have   it may not be the best choice but this one okay  is free and it does a really good job and it's a   lot less noisy than Nessus but I I love Nessus  that's not I don't want to knock it in any way   shape or form let's go ahead and just change the  the path and then we want to go source y got   it already in there and I'm getting some a parse  air near the app go and close that open up another   terminal and expand it and we're getting ready  to use nuclei yeah this is an excellent tool so   it's it's called Nuclei we should have it all  installed now this is right now my my favorite   tool for doing a website vulnerability scanning  and we first of all we want to go and take a look   and see what version make sure it's all installed  properly looks like it's all installed properly   and then all it takes is you can just go ahead  and point it at a website and it'll come back   with a list of the vulnerabilities let's see who  can we point it at um let's point it at um here's   a a site right here that put a past in it's a it's  again a and let's go ahead and just head it run it   and it'll go ahead and look for any potential  vulnerabilities of course all vulnerability   scanners are susceptible to false positives  just like you know nuclei is but it tends to   be uh a little quieter than some of the other  tools and you could be really specific it has   templates so you can see nuclei templates so you  can create you can create and use templates that   are specific to a particular type of vulnerability  all right that's Nuclei. So for those of you who   are using other tools uh I think it's time  to move up to Nuclei then let's go ahead in   of course we have to include metas right oh yeah  and if if you're using if you're using Kali you   can go into uh exploitation tools and you'll see  that framework this tool's been around for   quite a while now probably 20 years coming on  now you can click there or you can just go in   can msf console you can see I haven't used  it on this system here this is my new system it's   going ahead and creating the database many people  don't know but I do have a book on Metasploit   Metasploit basics for hackers it's only available on  Hackers Arise so if you want to become better at   Metasploit that's a book for you um the original  book on Metasploit was written by Dave Kennedy some of   you know him he's kind of a famous bomber in  a hacker who now has his own company in the   Cleveland Ohio area and so he's got a new version  of his book coming out so I haven't seen it yet   I think it's coming out in the next it might be  out by the time this video is out the beauty of   Metasploit is that you have these exploits all  right that I've already built into Metasploit and you can use them pretty simply and point  them at a particular IP address a particular   domain and take control if they're vulnerable so  let's let's talk about that I sometimes people who   are new to hacking don't understand that exploits  are very specific to a particular OS a particular   application a particular service and it has to be  a known exploit a known vulnerability and a known   exploit that hasn't been patched because if it's  been patched doesn't matter how good the exploit   is right it won't work right so let's goad ahead  and let's do a search and what we can do is you   can you see here there's almost 2500 exploits some  of these are old some of them are new these are   the exploits these right here are payloads these  are what you put on the system once you take you   exploit it exploiting is the same as what people  often refer to as hacking right so you act into it   and then you leave behind a payload that allows  you to control the system these here auxiliary   modules what these are are everything that doesn't  fit into the other categories it's the it's The   Dumping Ground for everything that doesn't fit  into these other categories here these are post   exploitation these are modules that are after you  exploit it like if you want to turn on the camera   you want to put a key logger on these would be  post exploitation modules these are encoders that   will change the encoding of a payload these are  nops these are no operations often used in doing   a buffer overflow or creating your own exploit  and they now have nine evasion modules right   to help you evade antivirus so we just search  and we can search by the platform all right so   platform and go Windows like that so platform is  kind of a synonym for operating system and then   we might uh want to go ask it for type and that  would be an exploit those are the hacks right   and what it'll do now is it'll show us all of the  exploits for Windows and there's quite a bit we   thought lots and lots okay that'll work against  okay a Windows system now you and I did a video   recently about the Eternal blue that it was the  exploit that was uh lost by the was used by NSA   and was stolen from them and so we want to look  specifically for that we can find it okay and you   can see we have lots of references to it all right  so for instance Eternal blue all right so somebody   recently asked me it's like why would you use the  Eternal blue against a Windows 7 system because   nobody's running Windows 7 system well that's  not true there are people using the Windows 7   system you go on Shodan and search you'll find  them all right but this exploit has been updated   you see all the way up to Windows 10 now there's  no windows 11 version so those of you who want   to use it you know it's they've got versions of  it now okay for all the modern operating systems   up to Windows 10 Enterprise right but it does  require that the system be vulnerable right so   yeah it needs to be an unpatched system so this  is Metasploit I recommend people learn it don't   become dependent upon it so if you really want to  advance your career you want to be able to develop   your own exploits but when you're starting out  this is a good place to understand exploitation   and and met exploit makes it relatively simple all  right so let's uh close that down and let's go on   to the next one right my favorite password hacking  tool is hashcat right. It's really good. yeah let's   go hashcat -h this is hashcat hashcat is fast and  it's powerful but it also requires some knowledge   of password hashing so oftentimes what we have  what we capture we if we exploit a system we   get a hush we don't get the power password because  very few operating systems and applications store   passwords and plain text that's normal language  right they store them as hashers except if you're Fortinet Fortinet Fortinet VPNs were storing  their passwords in plain text believe it or not   crazy and so that's how they were being exploited  they they stored they stored both username and   password and lain textt on the device itself  so that the attacker all they had to do was   go through all of the directories and look  for the passwords and eventually so it was   basically a directory traversal attack  against that device and then to make it   worse the passwords were in plain text that's  pretty for a firewall yeah for a firewall VPS   right and so that's pretty lazy that's negligence  that's that's cyber security negligence and   people should be held accountable for that so  hopefully they're not one of your sponsors but   in any case know you can see that they have  different hash cracking okay they they they   use different hash algorithms to be able to crack  the passwords right so one of the things that you   would need to know to use this tool effectively  is what hash algorithm was used right and they've   got just about everything here right and there's a  number you know there's a number of tools in Kali   that can do uh a uh a hash identification so if  you have a hash there's a tool called hash ID yeah   it is Hash ID I just didn't put a hash in go hash  id let me just put a dash and see if we can get a   help screen there we go so what it'll do is that  it'll go ahead and identify different types of   hashes used to encrypt the data so if you've been able  to capture say for instance in a a WiFi attack you   know a WiFi attack against WPA2 the hash is passed  between the client and the AP and you can capture   it using a tool like air crack right and then you  take that and you put it into hash ID to identify   the type of hash and then you can then use hashcat  to crack it now you know one of the things that   you need to understand with a tool like hashcat  is it can be very time consuming because it's   going to go through a list and hash each of that  list and see if there's a match right so it's not   it's not like a a tool that you  just go click and it you know un it Wi-Fi we got a lot of things to cover here who we  talking. I just wanted to ask you about John the  

Ripper is that another one but you prefer hashcat  right I prefer hashcat hashcat is faster one of   the John the Ripper is a really good tool and one  of the beauties of John the Ripper is it does a it   automatically detects the hash but it's not always  correct right so it uses the characteristics that   it sees in the hash to identify the hash and so  sometimes for a beginner John the Ripper can be   it's just called John okay in the here's John bu  John H this is John the Ripper and I use John the   Ripper in uh my book getting started to become a  master hacker it's an excellent tool it's not as   fast as hashcat the other thing that hashcat is  capable of doing is using a GPU um and so that's   one of the things that I like about it you can run  a GPU is much faster generating hashes the CPU is   right and that's one of the reasons like one of  the things that we now know is that almost all the   AI systems are being developed by using Nvidia  GPUs why GPUs because the GPU is designed to   do calculations very very very fast a CPU that's  that's a secondary test for CPU CPU's primary task   is to run your computer you know it has to do a  lot lot of things to be able to run your computer   where GPU is very simple it just does calculations  and those calculations were originally designed   for being able to generate images graphics it's  a graphics processor so graphics are simply a set   of polygons that's all they are there are millions  of polygons and the GPU manipulates generates and   manipulates those polygons which are just're  basically mathematical calculations the same   as creating an a hash is a hash is just a matter  of running an algorithm mathematical algorithm so   they're really good for both of those applications  as well as we now know AI that's why Nvidia right   now is the most valuable company in the world  right because they're basically running all of   the AI engines okay moving on so that's John this  also a tool for that I think is the best and it's   the original okay Wi-Fi cracking it's aircrack  there's now a lot of tools that are out there oh I   meant -h okay there's a lot of tools out there  now and it's actually a help this is aircrack   this is the original Wi-Fi cracking tool there's  lots of other tools out there so we can go out and   go over here and uh look at the wireless attacks  right so Wi-Fi it's a good one Reaver works well   with WPS pixie WPS the same WPS is that that that  uh number that you put in to make it easier to   set up your Wi-Fi AP Fern here's aircrack here  and of course then we have some Bluetooth tools   as well aircrack is the grand daddy of Wi-Fi  cracking it's been around for at least 20 years   it says 2006 okay so 18 does a really good job  it does take a little more of a takes more of a   a little bit of learning there we've got several  good tutorials on Hackers Arise that you can   learn how to use aircrack and we also have some  tutorials on using things like uh Wifite and   others Wifite a lot simpler to use let go to  Wi fight here so if you're a beginner you might   want to try using Wifite but Wifite underneath  is using aircrack right and so aircrack takes a   little more work one of the things that beginners  often have difficulty with is finding the right   exploit right so let's uh there's a tool that's  built into Kali and it's called searchsploit   and what searchsploit   does is it goes ahead  and looks into Exploit-DB I'll go to Exploit-DB   to show those people who haven't seen it before  Exploit-DB is by offensive security they're the   same people who uh make Kali and they have several  certifications and trainings okay so this is their   website um I should say that we are building  our own Exploit-DB at Hackers Arise or and it's on our   website we're putting um new exploits into there  all the time so look for that so this is their   Exploit-DB and you can search you know by you  know the author or the platform okay the type   and so we can go oh let's go PHP since that's the  first one that comes up on the screen and go PHP   and it brings me up all of the PHP based exploits  all right but search exploit does something very   similar right we can go PHP here and it shows  me all of the exploits okay that use PHP it's   basically using the same database and you know  there's a lot of PHP so these are two places   that you can find exploits and if you want to  find the right exploit from the job right this   is one of the places both Exploit-DB and search  exploit basically they're using the same content   right then talking about exploits let's go  to this is an excellent place to be able to   find malware this is the MalwareBazaar right this  is the database right of all of the malware that's   being found or at least the ones that are being  reported to this particular site right MalwareBazaar and there's a lot of malware that's out  there and you can see here the one you and I were   just talking about the REMCOS Rat right that's  the most recent one let's see if we can just do   an update out and see just refresh and yep there  it is there's REMCOS Rat so this malware was   developed and sold as legitimate legal software  for ex not exploitation but for tech support help   desk type of support so you would use this to it  was sold to be able to use to help your users so   you can take over your system and show them how to  use it it's now being used as a exploit okay you   can see how many of them are out there and so this  is this is one of the most widely used exploits   out there right now you see REMCOS Rat we just  analyzed this in our recent uh reverse engineering   class and it's a pretty sophisticated it's really  a sophisticated a piece of malware um if if I were   if I were had malicious intent I might go ahead  and download this and you see here it is through   the database entries and use it right and the  truth of the matter is that is what's happening   okay is you can go ahead and it's it's ait's  all over the place people are using it all over   the world for attacks right so REMCOS Rat here it is if you just want to find malware if   you're for instance if you're job is cyber threat  intelligence right this is a place to go and look   right here's the malware that's out there this  is my favorite site for doing this if you're an   attacker you know here's some of the options that  you have you don't have to necessarily write your   own malware hey there's there somebody already  wrote the malware and sometimes all you have to   do is make small modifications of it to be able  to get past AV and uh endpoint detection system   so okay moving on we got a few more things we want  to talk about so there's another tool that's built   in the Kali called SQL map SQL map is the tool  of choice for doing SQL injection right um you   know SQL injections been around for a long time  most websites are not going to be vulnerable to   standard simple SQL injection attacks you and  I did a video on the Move It attack and the   move the move it attack was a sophisticated SQL  injection attack so SQL injection still works but   you just got to be a little more sophisticated  about it right if you are a pentester you want   to probably use this tool against your login  screens uh any form that you have to make sure   that it's not going to be susceptible to a simple  SQL injection attack right so I like this tool a   lot um and it's one that the the uh pentester  hacker should be familiar with all right then   let's get into some little bit more sophisticated  stuff all right one of the things that most of   your viewers know and all of the people who are  members or even just visit the the Hackers Arise   site know that I am a big advocate for radio  frequency or SDR or hacking this is my favorite   operating system for doing that let's go ahead and  zoom in and we use this in uh a lot of our why our   radio frequency classes such as satellite hacking  we use it there we use it for wi-fi hacking for   IoT hacking for uh Bluetooth hacking and it has  a it has a lot of really interesting tools in it   and we should probably include the idea that  you you probably would want to if you really   want to get onto the leading edge of hacking  which I think radio frequency or SDR hacking   is you're probably going to want to have a piece  of hardware now I want to back up just a second   and say that I get a lot of people who will write  me and say feel want to become a hacker pentester   but I can't afford to buy a Wi-Fi pineapple  a flipper zero a hack RF what have you no you   don't need those things right to get started and  you probably want to maybe only select one of them   right so don't don't go ahead and and be uh styed  in pursuing this career because you can't afford   all those devices right yes nice to have them it  sometimes makes things easier but get started get   yourself even an old laptop you know doesn't have  to be the latest and greatest and you and I have   done some videos on the best laptop and we'll do  another one in the near future but what I want to   encourage people to do is get that laptop even if  it's an old laptop right and it's probably going   to be superior to trying to hack from a phone  I know that I know a lot of people try hacking   from phones right because they can't afford the  laptop but hacking from a phone is pretty hard to   do right it just doesn't have enough horsepower  even if you're using an old laptop it's superior   to hacking with a phone so whatever that's worth  okay so this tool has a lot of this operating   system has a lot of really cool tools in it so  what we have here is here we have lots and lots   of tools that can be used for well for instance  this one right here open BTS is for making your   own self system right so you can make your own  cell system now this particular tool is only good   for um 2G and 3G but we now have new tools that  are out that can actually make a 4G 5G cell system   right so that's a possibility right you have tools  for analyzing WiFi you have some Bluetooth right   here this is a Bluetooth sniffer tool um it also  has an interesting tool here called Mirage okay   let's just open up Mirage and what Mirage is is  is kind of like a Metasploit for IoT okay so here's   LSL in the Mirage directory notice that all the  tools and this are user Source Mirage right so   it's a run Mirage it's uh just going to be like  this the Mirage launcher and this tool kind of   like Metasploit it doesn't actually develop any  exploits what it has done their goal is to put   all the IoT exploits into a single system and we  just do lists you can see that it has Zigbee so it's   all based on iot all right based upon WiFi Zigbee  mosart um let me see if I can scroll up a little   bit show you um IR infrared then we have uh ESB  Enhanced Shock Burst we have Bluetooth and we have   a lot of Bluetooth modules of BLE the Bluetooth  Low Energy right and so this is this is maybe the   best tool for being able to do IoT hacking right  now the best single it's more of a a framework   than a tool so it has a lot of tools built into  it all right so that one I wanted to show you but   there's many many many tools in here right and uh  some of them are not listed there's an LTE sniffer   right and there's there's an IMSI-catcher IMSI  is that identifying number for a cell phone that   you can go ahead and identify and there's here's  a good Jammer this is probably the best radio   frequency Jammer out there that note that jamming  is illegal so just keep that in mind and um and   so and also if anybody wants to do any kind of  Bluetooth hacking you know there's some real   good modules in here for doing Bluetooth hacking  all right so next tool on my list all right is   Ghidra Ghidra was developed by the NSA  and it's open source and it's free and it's a   really good disassembler of code right and so if  you wanted to go ahead and understand how malware   works or for that matter any piece of software  works all right this is a really good tool now   there are long been other tools out there like Ida Pro okay that does this as well and maybe does it   a little bit better but it's more expensive we do  have some free versions now I like this tool a lot   right and so here's a here's that piece of malware  that we just saw in the MalwareBazaar remember we   looked at the MalwareBazaar I'll go back there and  show you so here we at his REMCOS Rat right and so   you can go ahead and just in this case I put it  in there and we've been working with this a lot   in analyzing it and it's a pretty sophisticated  piece of software all right so Remco cxe has not   been analyzed well it has but we didn't save it  and let's go ahead and run it and what it'll this   allows us to do is to take that piece of malware  and decompile disassemble and decompile it and better   understand what it's doing so it's still working  right and you can see that this is what's going   on over here it's giving us this particular  function and giving us the assembler and over   here we now have the decompiled uh entry into  the particular piece of software that's where the   the ghidra basically executes from that's its entry  point and we can see all of the code we can click   on any one of the functions right and over here  it comes over and shows us okay I see it right   there I clicked on it and it shows us what's  happening this is C right this is assembler so   what it does is it breaks down the code puts  it into assembler and then rebuilds it okay   into C to make it a little easier to understand so  let's go to another tool that one that one takes   a little more sophistication but the the value  of it is that you can take any piece of software   right and disassemble it and better understand  what it's doing and you know if you really get   a little more sophistic you can make changes to  it and those changes can help to get past the uh   antivirus the endpoint detection systems but the  probably the most important part is the better   understand how these particular software  or malware Works in that case Remos is sold   as software not malware but it's being used as  malware all right then of course we have to go to   our AI. Everything's AI. This is this is the era of  AI right and I think that every cyber security pro   Network Pro you know even the you know the  database administer everybody in our industry   needs to embrace AI Don't Fear the AI you know  embrace it right because it's not going to it's   not going to replace you if you use it it will  replace you if you don't use it right those   people who fight AI are the people who will get  replaced you it's it it has a lot of features and   capabilities that make you up you make you better  at what you do right and so of course you want to   be better at what you do that's the how you get  promoted that's how you get you increases in pay   that's where you're you're more efficient so your  boss recognizes hey that that guy he gets things   done really really fast you know I need to you  know I need to promote that guy versus the guy   who's writing the code from scratch and takes  you know two weeks to write it and you go to   Claude and you get it done in two minutes so  in this case here I wrote to I I have I have   a Claude account there's lots of accounts out there  for writing code right now writing Python code   I think Claude is best right so what I did is I  asked Claude to write me an AES encryption script   right in Python and Claude did it for me right  I haven't run it to test it but that's what I   would need to do next is to go ahead and say Hey  you know um try running it because AI often times   will make mistakes but it probably is going to  make fewer mistakes than you do on your first   run through right and saves you a lot of time and  so your job is to debug it so you can't simply not   understand python you need to understand python  because you're going to need debugging skills but   it's going to save you a lot of time it's faster  to debug this script than it is for you to write   it from the originals so this is Claude I think  everybody no matter what industry you're in really   no matter whatever industry you're in you need to  embrace AI for writing code I think Claude right   now which is fr

2025-01-09 20:07

Show Video

Other news

The Future of Video Games: 10 Shocking Predictions 2025-01-19 19:28
Learn intune from Microsoft entra | Intune With Defender | Intune Job Oriented Course | Zero to Hero 2025-01-18 23:11
NVIDIA CEO Jensen Huang Keynote at CES 2025 2025-01-14 13:32