Simple Penetration Testing Tutorial for Beginners!
Vložit
- čas přidán 17. 03. 2022
- // Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/course/full-web...
Full Web Ethical Hacking Course: www.udemy.com/course/full-web...
Full Mobile Hacking Course: www.udemy.com/course/full-mob...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangyang.com
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers. - Věda a technologie
I bought your cours. Its great !
*e
What is the link
Which website he uploaded the course...
Can i get video after buy this course?
on kali linux on my VM workstation, on any of loi's videos, I cannot execute most of the commands, to get practice in these ethical hacking instructions
Been in a cyber security program for almost 6 months and you basically taught me more than all my instructors combined 🤦🏻♂️
Facts they don’t teach nothing frfr
Then your instructors really suck
Then you don't focus on your lessons
What cyber security course are you on? Most won't cover pentesting in any detail, they will cover it's purpose and objectives with some info on Kali and common areas of attack but nothing more, unless you are on an actual pentesting course.
You are the treasure for any cybersecurity student, you are absolutely gold.
yeah but he doesn't explain why he chooses the directories he wants to target he just chooses seemingly randomly
the passion for this sector has no limits... massive thanks Mr loi
I am a programmer for a long time and moving to cyber security and it looks challenging. Well done tutorial.
how was your experience so far, is it worth ?
He didnt show anything useful.
this is literally the best video. sums up extremely well what i've been studying for the last few months in 15 minutes... for free!
You're right 😌
thresh is a penetration tester?!
Thresh is a hacker????
@@nhatduy9125 u mean hooker lol
I feel like this just shows what I've been working on in a very quick and summed up way. Of course, if I was watching this before I'd started studying, I wouldn't understand jack shit. I'd be sitting here wondering why he was doing what he was doing and why it was working. Very nice video to show how a very basic pentest might go down
Thanks for making this, when i got ingame, the menyoo wouldn't load when i pressed F8, but now it works, thanks again!
“For beginners” 💀
Ngl if this is complex you should probably learn foundations first. How to use Linux, what Cybersecurity is, etc.
Loi sir 🙏🙏🙏 ❤️❤️ this is soo much informational video, as I'm stepping into cyber security domain , this really helped me to push my thought process while penetration testing, you are the best teacher and my mentor , please make more such videos we all love to see , how these bugs can lead to a more sophisticate level of exploit and post exploitation , and your valuable steps to be taken care of to protect the system , love from a future cybersecurity engineer ❤️❤️🙏🙏
Thank You so Much sir Loi Liang Yang you are always doing great tutoriel on security, hacking, penetration testing , vulnerability
The best short tutorial i’ve ever seen 👍🏻❤️
What you explain about reverse shell make me understand in just a few minute, compare to what the lecturer have been teaching for the past few lessons ......
Wow I would love to learn from you all about hacking..... and your content is amazing it is absolutely fantastic keep it up...and most of all a big HUGE THANK YOU!!!!👌👌👌👌
Just JOINED - so excited to start this journey!!!
You're better than some of my cybersec professors.
Great video, i have one question before even scanning do you assume access to the organization network already to be able to see the scanned devices? I'm stuck and really want to understand this very first step before even scanning the network
Wow! I am an ex software engineer, now moving into the realm of hardware engineering, specifically into IoT. This complex subject is explained really well, with lucidity and clarity. Thank you Loi!
You must have a very bad teacher, because he did not show anything. Linux, yeah, but behind a firewall. You need to get access to internal infra, after that the world is yours. Now try to get through DMZ.
I just don't understand how he got through DMZ first, after that, it is fucking cake. We learned that in first quarter.
@@antonpodolsky2273 go play with your dolls fool. Who do you think you are.
Wait you havent tackled this during your studies?!? Your engineering degree is crap then.
I barely started getting into penetration testing and this linux video completely fried my brain loll
Holy dang, that was wild to watch. You're quick and know your way around these things, that's amazing! (And scary)
THE CHANNEL I BEEN LOOKING FOR!!! Always was a PC gamer, now im grown and wanna move into a skill, and nothin seems cooler than bein red team. In the process of learning coding and OS linux with CS50 harvard course. not sure where to go after? maybe a road map for noobs???
New to your channel and love your teaching style and likes to know how one can become your apprentice without any tech learning?
this is great mentor. I am learning from your videos everyday want to be like u
@Loi Liang Yang how would you protect yourself against such attacks. Would a 2fa device with physical interaction be sufficiant?
Thanks for the lesson. Just brought soft soft
I run a cyber security club at my University and I wanted to set this up as lab and was wondering if you had a tutorial on how to set it up
I wish you would explain deeper for what you need for it like networks and what kind of routers and ect
is python effetive for penetration testing as well ? or only kali linux?
This is an eye-opening video for me, I am glad that I found it, great video.
I am glad you made this video. Very helpful.
Im confused. If you are on windows then you need to install nmap first. How would that help you if the program is not already installed on the device?
Best video i watched till now in cybersecurity. great work
Thanks for this, my question is : Do you need to be connected to the target network? Or i can do this externally too with an external IP target
Thankyou for help.Gonna try pen testing for a liveing. 🙏
This scan we can do in our internal network? Or in the internet? In other words, what I'm scanning exactly?
you didnt explain about the exploit-db script.why you took that particular script?
Senor Loi, thank you for your awesome videos and educational content that go a long way in helping me pursue my career in ethical hacking. Quick question at time stamp 449 you show an "index of" the Apache website. How did you access it? It appears it is on its own page? You say Kali tool?
Thank you again and keep creating great vids!
Do you have a video on how, you get organized, notes, prioritize, etc in a Pen test with multiple hosts? i.e. how do you get organized with what could seem like info overload? - Thanks, great video!
As always very interesting video. Thanks!
Isn’t a way to scan all ports -p- too for Nmap?
Hello so I’m following exactly your steps but at 7:36 and 7:37 when you high light HEADRE User-Agent what do you do after? Because I don’t have the there lines you show right after this! The error i get is: failed to validate: RHOSTS
Bro can you help me.
On Metasploit, meterpreter & AndroRAT when i generate Apk file. & then run in android so, then nothing working....
Can you help me please. What i do???
hi do i need to be part of predator network before i scan
Thanks for the video, very interesting stuff, You should make another vid to show how to protect yourself from this type of breach
What machine from vulnhub do you use?
I am big FAN of yours because I love hacking and coding
Do we have to use VPN before performing penetration test on Kali Linux?
Idol I'm always inspired I watched you everyday you very genius I salute you idol that is my ambition tobecome expert with penetration testing idoñ
which terminal are you using?
Very well presented. Thank you
Hello Loi, you lost me at 7:40
How did you set the targets ?
Did you type out THE FOLOWING COMMANDS > set RHOSTS
> set RPATH
Amazing teacher. How do you remember all those commands?
Excellent Video Loi Liang Yang.
I'm looking to expand my carrier into cybersecurity and with ethical hacking. However, I'm wondering would anyone be able to scan a network without actually be on that network in the first place. I'm puzzled how would this would work in an organization environment where you have to go pass domain logins before getting on the network. Do we assume that you will be provided the domain name credentials, before doing any ethical hacking stuff?
I'm super new to this and confused, please can anyone help me understand this gap which I'm having
Thanks in advance.
Usually there is a way to somewhat easily penetrate from the outside to get into the internal environment. Spearphising, default credentials or vulnerabilities on a public facing asset, etc. Once in, then credential theft, escalating privileges, etc, let you move laterally throughout the organization to get to sensitive assets and data.
To me this tutorial makes no sense in a real world scenario.
Pls I need a solution to mine..under the nmap section, it keeps telling me "p = null" , please what can I do
hello i am struggling with pen testing own devices how should i go about it
3 Videos at once good job
thansk very much Loi Liang ,i am learn with you
Thanks Mr. LOI for your efforts, but I have a question: you were root when you escalated privileges in the Linux server, why do you need to reconnect using SSH to another account? ??
i found the cgi-bin on the target's url , but i did not find any file extension with .sh
Good afternoon sir (According to Indian standard time)How do you fix trouble shooting in your Kali machine
Hi from Germany also if i understud this right tha is already hacking the Security Pen Testing? My System my Port and Tools i am running?
I am a brand new student. I have not launched anything yet. Got it all downloaded and ready to go. I want to know what should I do? I’m going to listen and binge watch all of your videos
Really simple and easiness.
You can also recover email add?
Hello Sir.. I tried to use sudo nmap then target IP.. but it is just starting Nmap, nothing happen after huhu
I’ve been practicing nmap scanning a window 7 vm w/ a Kali vm .. I keep getting “ports are filtered” .. can someone help .. thanks
thank you sir you save us from our reporting
How do you do the mysql one?
Sir you are my mentor!
How u enter in client or some random user network ?
But If we have a Trend running on linux, It could be easy anyway?
This was awesome to watch! Subbed!!
Roadmap for learning reverse engineering 🙏🙏❤️
That was great information thank you for the video
When scanning how do u know something is a vulnerability
What does it mean when it says that the host seems down
How long did it take for nmap scan ? anyone
what we do if we gett 301 redirect?
Wow. Great class
Your video is always best 😱
Great job 👍 😎
What if No Ports are open , or what if I am not able to see the open ports because of firewall ?
This man is a legend
I tried to run nmap -sV -p 80 on my terminal but it shows error says the term 'nmap' is not recognised as the name of cmdlet, .... someone tell me why?
Sir can you please do advanced network penetration course, please a humble request for a subscriber
Can you please show tutorial on Gophish too?
Cool diction! Is this voice is really your? I will using your videos for improve my english in addition to theirs direct purpose.
Thanks bro.
Sir do you have a link where I can get John rockyou.txt file for John the ripper
هل يمكن أن تقوم بعمليه صنع فيروس الفديه
I love this tutorial
Wow that was a very valuable information
I have a question is it possible to hack the hacker I mean I have friend throwing a fit just in case what is the best possible way to stop him if he gains complete access. I am guessing he might try using software key loggers or something in any case I will not under estimate just seeking advise
Hello Loi and thank you for the content, I want to penetrate my own wifi to test things out but I don't understand where do you find the ip of the "target" machine as you mention at 3:12.
Sorry if this question is extremely stupid, I am a newbie at this and I want to understand where this address comes from, aka what's the first step required to find this address of my "target".
the ip of your target as you say router would be your router getway ip
Do you have to learn to code to be good at this ?
Wait. How could you get the victim computer to run the exploit and connect to your reverse TCP. Or is it CGI that doesn’t need the victim to execute anything to connect to the reverse connection ?
yeahh thats what im thinking about!!! i mean why would anyone from victim side upload that script file .For hacker to get access!! And if you dont have an acess how could you get the victim"s computer to upload that file for root previlege.
IF YOUR PEN TESTING FOR COMPANY THEN THIS CAN BE HELPFULL THO!
Hi when using Nmap how long does it usually takes to show results, Does it depends on computer specs or what? Mine really took about 1-2 mins
It depends what you’re scanning and how; nmap is a powerful tool that can do a lot. Scanning a narrow range of ports is fast, as can be a simple scan of all ports. If you do a host range, it takes longer, and so does a detailed scan of a target. Mass scans are easily detected and nmap has options to do it slower to either reduce detection or to just not flood a target and get locked out by an app, firewall, etc. Computer specs don’t really matter as long as you’re not using an antique (take “antique” as you will; we’re talking about computers). Play with it (against yourself).
@@travisjg80 I see thank you for answering, I got good laptop so I dont thinks thats the issue.
@@travisjg80 Nice
i want to exploit for nignx server what all the steps i need to perform
Very good content! And quite funny, hacker loi!
Have been given the nod to do a vulnerability scan/assessment for 4 small offices, no budget for commercial software, what would you suggest for scanning and also reporting tools? nMap reporting is a little um..... not attractive? LOL. I can probably manually assemble something of a report that's a little nicer but just was curious if you had some suggestions for just getting started to offer these services.
Vulnerability assessment is different from pentesting. For discovering vulnerabilities to report and use for mitigation and followup reporting, OpenVAS (Greenbone) is going to be your only choice. When I worked at an MSP, discovered the least expensive commercial solution is Nessus Professional which can be installed to a VM that you can transport and target IPs and subnets. Least expensive at $1,500/yr that is. Demoed a solution by Qualys that was $32k/yr.
@@Wahinies I fully understand the differences between pen testing and vulnerability scanning, but many tools are used by both services since pen testers do use scanners once they are inside the network. My goal for this small company is to grow it until they offer both services, but in the beginning there's no budget for the big guys and currently we're just starting with the vulnerability assessment/scans, not venturing into pen testing until the future. I did demo OpenVAS Greenbone but was not really thrilled with the results and getting it set up in a VM had a few challenges (although once it was up it ran fine). Its setting for the projected validity (false positives sensitivity) didn't impress me really, I ran the same scans at differing levels and it found far less than Nessus Pro demo that I used against the same targets. Fully agree on Qualys though, I use it during my day job and it's a 6 figure price tag for a medium size credit union.
I'm getting this message "Exploit complete, but no session was created" can someone help with this? Thanks