Author: usafitz

hacker in flight guide
ACTIVEDIRECTORY KALI LINUX TRAINING WINDOWS

Busy Week for Hacking

As the title implies, it’s been quite the week of learning. I was furiously attempting to finish the course I’m taking so that I can move onto another one. The one right now has a little bit of everything when it comes to hacking. The next one will focus directly on privilege escalation for Windows, and I’m looking forward to that!

Most of this week has been dedicated to hacking Windows, and playing around with PowerShell to manipulate a computer. There were also some awesome enumeration tools that I was introduced to. Those included PowerView, Bloodhound, smbenumgpp, and winpeas.

Following the enumeration, I learned about some attacks that were pretty awesome. It was impressive how easy it was to take advantage of the convenience of an Active Directory system. Kerberoasting was fun, and used a ticket granting service to make Windows give you the hash dumps. From there, it was simply a matter of obtaining the passwords with hashcat. Those passwords were then used to gain access to the domain controller. Although all pen testing environments won’t offer the same playground, it was important to understand how the system worked in order to open my eyes up to the challenges of a client’s Windows network. It also showed me just how important it was to make sure that a network and all of its users employs very strong passwords of over 14 characters. In addition, this environment of which I was playing gave domain admin to local user accounts on workstations. That made it rather easy to hack as well.

Continue Reading
hacker in flight guide
EQUIPMENT KALI LINUX WINDOWS

Hashcat on Windows

I think I may have mentioned in another post that my eyes were opened pretty wide when I found out that hashcat could be run on Windows. I took it to a new level this week.

For the past couple years of DEFCON, I’ve been collecting all of the password files that I could find. In all, I have around 12 TB of them in several forms. Some are for GSM, and others are simple text files used by hashcat. My original configuration of my hacking network had a ParotOS computer with the hard drives containing the data in them. I would use this separate computer to play around with hashcat, while using another one on Kali Linux to play with hacking and forensics. I never had a Windows computer until I built the rig that I use today which has several virtual machines running through VMWare Workstation.

Continue Reading
hacker in flight guide
PRIORITIES

Good in the World

I’ve been thinking about some of the contributions that I’ve made to people’s lives, and I wanted to share them here. My hope is that anyone reading this would think about the motives behind why I did these things, and perhaps incorporate the good intentions into their lives.

Last week, I was contacted by text by a cousin. The message was simple: “I don’t know anything about computers, and you do.” He has a 13 year old son who was looking into getting a gaming PC, but the budget was only five hundred dollars. He asked for a twenty minute call with his son to talk about options in the confines of his budget. Needless to say, this was going to be a very difficult task.

Continue Reading
hacker in flight guide
PRIORITIES

Weekly Blog Now

Due to the increased workload of my full time job, and the city opening back up from the covid crisis, I’m going to make a new goal for myself to accomplish ‘at least’ one post per week.

I plan to incorporate all of the hacking and research that I’ve done throughout the week, but it may make for some longer posts.

hacker in flight guide
PRIORITIES TRAINING WINDOWS

Train Your Admins

In my full-time job, this week has been a plethora of lessons learned. The story I tell here applies to anyone that is in charge of networks… or more importantly, your admins on that network.

Earlier this week, I received a disturbing email letting me know that certain services were down on our network. Specifically, some vital web pages used for specific things were not working, and troubleshooting was taking place. The webpages in question were owned by a particular shop of mine that was in the middle of development for a project that was about six months in the works.

Normally, this would not be an issue because I have several network and system admins in charge of troubleshooting situations just like this. The problem was that the development server was configured a bit different than the other normal servers. In this case, both IIS (Windows Web Server) and XAMPP (Linux Web Server) were installed on the same machine to test which platform was the most useful for this developer. The decision was made by that team to go ahead with XAMPP; however, IIS was still installed and on by default.

Continue Reading
hacker in flight guide
WINDOWS

Token Impersonation

Today was all about token impersonation. The concept is pretty easy to understand if you’ve been around the internet long enough. It’s basically a cookie.

A cookie, from a webpage, will grant you continued access to resources through a small file that is placed on your computer temporarily. A token, by contrast, is the same thing, except it allows network access to resources including Remote Desktop, and network drives.

Continue Reading
hacker in flight guide
KALI LINUX METASPLOIT

Services Takeover

Today was a lot of fun. After almost a week of not being able to do much hacking, I was able to get down and dirty with some Windows manipulation. Luckily, today involved both meterpreter, and the old fashioned way of executing a script.

Since I’m still learning the intricate ins and outs of meterpreter, it was good to go through some of the same routines for capturing a Windows machine. The capture today was due to a flaw in an HTTP file server. It was a known flaw that had an assigned exploit database number. This meant that I could simply google the version number of the server, and have the code for the script pop up.

To play around with meterpreter, I decided to download the script and have it ready, but also did a meterpreter search for the particular software. Needless to say, it turned up pretty quickly… but this wasn’t my real goal; I wanted to play around with Power Shell after I pwnd the box, and see if I could get privilege escalation.

Continue Reading
PRIORITIES

Priorities

After last week, I thought this might be a good time to mention what my priorities are throughout this journey.  As is with everything, priorities can change… but i think they’ll hold though for quite a while.

  1. Family
  2. Work (full-time)
  3. Courses
  4. Blogging
  5. YouTube / Twitch

Last week, starting on Tuesday, the week turned into a whirlwind.  I wasn’t able to space out my time enough to get to blogging, so I purposefully let it drop off of my crosscheck for the entire week.  

It actually feels good sometimes when you can completely take something off your plate, simply because you’ve already prioritized. I have done this plenty in my life and career, and it will hold true now.  

If you are going through a similar journey as I am, I encourage you to use this same technique.  You don’t have to define every priority in your life, only the ones that pertain to what you are trying to accomplish.  As an example, I have a fish tank… I love it, but it has nothing to do with learning to be a professional hacker; therefore, it doesn’t make the list!

Having your priorities lined out will help you enjoy the journey so much more… when you get some spare time, you can go back and take care of those things that had to drop off.

I just though this would be relevant right about now.

hacker in flight guide
METASPLOIT

Metasploit

I was first introduced to Metasploit at NOLACON around 2013 or so.  I knew about it, but only because I had been watching Hak5 since they were filming out of a garage.  I was extremely interested in all the hacking stuff, but never went into the exploitation side of things.  I took a class by Georgia Weidman that was based on her book, Penetration Testing, a Hands-on Introduction to Hacking.  I read this book, but never did the series of exercises, but definitely had the smell of blood on my palette for exploits.  
Today, I took the next step of applying everything that I had learned.  I did all of the basic steps for setting up metasploit, updating the database, connecting to a machine for an exploit, taking over the machine, elevating privileges, and recording the results.  As I do this, I am constantly adding to the quick reference tools that I have listed within the menus on this site.  Just look for metasploit, and each of the useful commands to help you remember what works well.
Continue Reading
hacker in flight guide
INTRODUCTION KALI LINUX WINDOWS

My Routine

Right now, it is 1-hour away from the first manned Space-X launch.  As I sit here watching the live feeds, I figured it would be a good time to get the keyboard in front of me and talk about what my routine has been during this journey.

It’s been about two months so far since I decided to go full-up on this journey to be a professional hacker.  In that time, I’ve ordered three online courses, signed up for two hacking sites (HTB and THM), and subscribed to countless YouTube, Twitch, and Facebook channels.  

Interestingly enough, Twitch has turned out to be my favorite.  I have never been a gamer, and therefore made the assumption that Twitch was a streaming platform for only game players.  This is definitely not the case.  As an example, one of my subscriptions is ‘The Cyber Mentor‘ who live streams each day to answer questions and show live hacks.  The nice thing about Twitch is that it will send a notification when one of your followed channels is about to live stream.  Via YouTube, I have been watching recordings of many of these streams, but never had the experience of interacting while the live stream happened.  Twitch has completely opened my eyes into the way social media works now, and I’m a fan.

So needless to say, social media will remain a part of my strategy on this journey.  It not only gives insights into how others think, it also allows a conduit for the most important part of being part of a community… networking!!

So now that you’re aware of my new social media habits, let’s talk about the courses that I intend to enjoy.  The first is a course that I picked up in January.  I was getting the idea that I wanted to take this journey, but hadn’t made all of the decisions to go full-in.  The course was a Udemy course taught by The Cyber Mentor (same as the social media) and was on sale for $20!  As most of these courses offer themselves for a couple hundred, I figured it would be worth picking it up, even if I didn’t start it for a while.  The course was about 24 hours worth of material, and at the moment of this writing, I am about 2/3 the way through. 

The next course that I intend to take is one that showed up for free during the time of this pandemic.  It is from the International Cybersecurity Institute.  Using the code “#StaySafeHome” i was able to sign up for the Certified Network Security Specialist and bypass the seven hundred euro price tag.  Even if I simply skim what they have to offer, it’s learning and definitely worth the price!

The third course that I intend to take is a new one that The Cyber Mentor just released which is on Windows privilege escalation.  Since I was already a student on his first course, i received an invitation to get his next one for $20 as well.  With his first course being so wonderful, I definitely look forward to taking his second… and more if he offers them.

With all of that, and many books in the mix, I intend to sign up for the OSCP course.  I haven’t figured out if the exam can be taken without the course… if that’s the case, I may go straight to the exam.  If it’s not the case, I have no problem with learning more.  The course is about $1k, and includes the exam.  It’s actually called ‘PWK’ which is Penetration Testing With Kali Linux.  There are four other courses offered by the company Offensive Security, but i’ll have to decide later if I want to complete those, or move onto a different company with separate views on teaching hacking.

So for now, that’s my path forward.  I have a full-time job on the side, so it will definitely take priority over this journey… but I am extremely persistent and will prioritize my time and learning accordingly.

Scroll to top