hacking-101

Intermediate Intruder

cyberpunk

Welcome to Level 3: Intermediate Intruder
In this phase, we move from passive recon into active probing, vulnerability identification, and even basic exploitation. You now know what your target looks like — it’s time to see how it holds up.

🧪 1. Active Scanning Techniques

Nmap Advanced Scanning

Aggressive scan mode (-A)
NSE (Nmap Scripting Engine) scripts for:
- Vuln detection
- Default creds
- CVE discovery
Output parsing (XML/grepable formats)
Timing and evasion techniques (-T, --data-length, --source-port)

Other Tools:

RustScan – fast port scanner
Masscan – Internet-wide scanning

🧱 2. Service Enumeration

Common Services

SMB: enum4linux, smbclient, smbmap
FTP: Anonymous login, ftp, nmap scripts
SSH: Version fingerprinting, brute force warnings
Web: HTTP headers, robots.txt, whatweb, nikto

Web Tech Fingerprinting

whatweb, wappalyzer, builtwith, nmap -sV

🔍 3. Vulnerability Scanning

Tools to Introduce

CVE Hunting

Understanding CVSS scores
CVE search tools: searchsploit, cve.sh, Google-fu

🧨 4. Basic Exploitation

Metasploit Framework (MSF)

Setting up msfconsole
Using search, info, use, set, exploit
Example: Exploiting vulnerable FTP server

Manual Exploitation Intro

Reverse shell basics
Exploiting web vulnerabilities:
- SQLi basics (sqlmap)
- Command injection
- File inclusion (LFI/RFI)
- XSS intro (for payload discovery, not just alert boxes)

📡 5. Brute Forcing & Credential Attacks

Tools

hydra
medusa
john / hashcat (intro only)
Wordlists: rockyou.txt, SecLists

Targets

SSH
FTP
Web login forms (using Burp Suite or Hydra with POST)

⚠️ Ethical Reminder: Only perform brute forcing on authorized systems with explicit permission!

🕸️ 6. Web App Security – Basics

Introduce OWASP Top 10

A01: Broken Access Control
A03: Injection (SQLi, XSS)
A05: Security Misconfiguration
A07: Identification & Authentication Failures

Tools to Practice:

Burp Suite (Community Edition)
OWASP ZAP
sqlmap