Hacking - Come hackerare da ZERO una macchina

Introduction

This tutorial guides you through the fundamental steps of ethical hacking, specifically focusing on how to hack a machine from scratch using the Brooklyn Nine-Nine machine on TryHackMe. We'll cover essential techniques such as reconnaissance, service enumeration, password exploitation, and privilege escalation. This tutorial is ideal for beginners looking to understand the process in a structured and professional manner.

Step 1: Conduct Reconnaissance with Nmap

Reconnaissance is the initial phase where you gather information about the target machine.

• Open your terminal.

• Run the following command to scan the target machine:

  nmap -sS -sV -A [target_ip]
  

  • -sS: Performs a stealth SYN scan.
  • -sV: Attempts to determine the version of the services running.
  • -A: Enables OS detection and version detection.

• Analyze the output for open ports and services running on the target.

Step 2: Enumerate Ports and Services

Once you have the initial scan results, it's crucial to enumerate further details about the services running on the open ports.

• Use Nmap with the following command to gather more in-depth information:

  nmap -p [open_ports] -sV -sC [target_ip]
  

  • Replace [open_ports] with the actual port numbers found in the previous step.

• Look for potential vulnerabilities in the services that can be exploited.

Step 3: Exploit Passwords with Hydra

If you identify a service that requires authentication, you can use brute-force techniques to crack the passwords.

• Install Hydra (if not already installed):

  sudo apt-get install hydra
  

• Use Hydra to perform a brute-force attack:

  hydra -l [username] -P [path_to_password_list] [target_ip] [service]
  

  • Replace [username] with the target username.
  • Replace [path_to_password_list] with the path to your wordlist (common lists include rockyou.txt).
  • Replace [service] with the targeted service, such as ssh or http.

• Review the output for successful login attempts.

Step 4: Privilege Escalation Using Sudoers

After obtaining access to the machine, the next step is to elevate your privileges to gain full control.

• Check the current user:

  whoami
  

• Review the sudoers file to identify any misconfigurations:

  sudo -l
  

• If you find a command that allows you to run as another user (especially root), you can exploit it. For example, if you can run a shell:

  sudo [command]
  

  • Replace [command] with the command you wish to run with elevated privileges.

Conclusion

In this tutorial, you've learned the basic steps to hack a machine ethically, covering reconnaissance, service enumeration, password exploitation, and privilege escalation. Each step is crucial for understanding the methodology behind penetration testing. To further enhance your skills, consider exploring additional resources and practicing on various platforms like TryHackMe or HackTheBox.