Simple Penetration Testing Tutorial for Beginners!
ฝัง
- เผยแพร่เมื่อ 17 มี.ค. 2022
- // Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/course/full-web...
Full Web Ethical Hacking Course: www.udemy.com/course/full-web...
Full Mobile Hacking Course: www.udemy.com/course/full-mob...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangyang.com
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers. - วิทยาศาสตร์และเทคโนโลยี
I bought your cours. Its great !
*e
What is the link
Which website he uploaded the course...
Can i get video after buy this course?
on kali linux on my VM workstation, on any of loi's videos, I cannot execute most of the commands, to get practice in these ethical hacking instructions
Been in a cyber security program for almost 6 months and you basically taught me more than all my instructors combined 🤦🏻♂️
Facts they don’t teach nothing frfr
Then your instructors really suck
Then you don't focus on your lessons
What cyber security course are you on? Most won't cover pentesting in any detail, they will cover it's purpose and objectives with some info on Kali and common areas of attack but nothing more, unless you are on an actual pentesting course.
“For beginners” 💀
You are the treasure for any cybersecurity student, you are absolutely gold.
yeah but he doesn't explain why he chooses the directories he wants to target he just chooses seemingly randomly
the passion for this sector has no limits... massive thanks Mr loi
I am a programmer for a long time and moving to cyber security and it looks challenging. Well done tutorial.
how was your experience so far, is it worth ?
He didnt show anything useful.
this is literally the best video. sums up extremely well what i've been studying for the last few months in 15 minutes... for free!
You're right 😌
thresh is a penetration tester?!
Thresh is a hacker????
@@nhatduy9125 u mean hooker lol
I feel like this just shows what I've been working on in a very quick and summed up way. Of course, if I was watching this before I'd started studying, I wouldn't understand jack shit. I'd be sitting here wondering why he was doing what he was doing and why it was working. Very nice video to show how a very basic pentest might go down
The best short tutorial i’ve ever seen 👍🏻❤️
You're better than some of my cybersec professors.
Wow! I am an ex software engineer, now moving into the realm of hardware engineering, specifically into IoT. This complex subject is explained really well, with lucidity and clarity. Thank you Loi!
You must have a very bad teacher, because he did not show anything. Linux, yeah, but behind a firewall. You need to get access to internal infra, after that the world is yours. Now try to get through DMZ.
I just don't understand how he got through DMZ first, after that, it is fucking cake. We learned that in first quarter.
@@antonpodolsky2273 go play with your dolls fool. Who do you think you are.
Wait you havent tackled this during your studies?!? Your engineering degree is crap then.
Thank You so Much sir Loi Liang Yang you are always doing great tutoriel on security, hacking, penetration testing , vulnerability
Roadmap for learning reverse engineering 🙏🙏❤️
Just JOINED - so excited to start this journey!!!
Thanks for making this, when i got ingame, the menyoo wouldn't load when i pressed F8, but now it works, thanks again!
Wow I would love to learn from you all about hacking..... and your content is amazing it is absolutely fantastic keep it up...and most of all a big HUGE THANK YOU!!!!👌👌👌👌
I barely started getting into penetration testing and this linux video completely fried my brain loll
Loi sir 🙏🙏🙏 ❤️❤️ this is soo much informational video, as I'm stepping into cyber security domain , this really helped me to push my thought process while penetration testing, you are the best teacher and my mentor , please make more such videos we all love to see , how these bugs can lead to a more sophisticate level of exploit and post exploitation , and your valuable steps to be taken care of to protect the system , love from a future cybersecurity engineer ❤️❤️🙏🙏
I am glad you made this video. Very helpful.
Thanks for the lesson. Just brought soft soft
Holy dang, that was wild to watch. You're quick and know your way around these things, that's amazing! (And scary)
As always very interesting video. Thanks!
this is great mentor. I am learning from your videos everyday want to be like u
What you explain about reverse shell make me understand in just a few minute, compare to what the lecturer have been teaching for the past few lessons ......
Very well presented. Thank you
This is an eye-opening video for me, I am glad that I found it, great video.
I am big FAN of yours because I love hacking and coding
Great video, i have one question before even scanning do you assume access to the organization network already to be able to see the scanned devices? I'm stuck and really want to understand this very first step before even scanning the network
3 Videos at once good job
Really simple and easiness.
This was awesome to watch! Subbed!!
Sir you are my mentor!
thansk very much Loi Liang ,i am learn with you
Best video i watched till now in cybersecurity. great work
THE CHANNEL I BEEN LOOKING FOR!!! Always was a PC gamer, now im grown and wanna move into a skill, and nothin seems cooler than bein red team. In the process of learning coding and OS linux with CS50 harvard course. not sure where to go after? maybe a road map for noobs???
thank you sir you save us from our reporting
This man is a legend
New to your channel and love your teaching style and likes to know how one can become your apprentice without any tech learning?
Your video is always best 😱
Wow. Great class
That was great information thank you for the video
Senor Loi, thank you for your awesome videos and educational content that go a long way in helping me pursue my career in ethical hacking. Quick question at time stamp 449 you show an "index of" the Apache website. How did you access it? It appears it is on its own page? You say Kali tool?
Thank you again and keep creating great vids!
Excellent Video Loi Liang Yang.
I'm looking to expand my carrier into cybersecurity and with ethical hacking. However, I'm wondering would anyone be able to scan a network without actually be on that network in the first place. I'm puzzled how would this would work in an organization environment where you have to go pass domain logins before getting on the network. Do we assume that you will be provided the domain name credentials, before doing any ethical hacking stuff?
I'm super new to this and confused, please can anyone help me understand this gap which I'm having
Thanks in advance.
Usually there is a way to somewhat easily penetrate from the outside to get into the internal environment. Spearphising, default credentials or vulnerabilities on a public facing asset, etc. Once in, then credential theft, escalating privileges, etc, let you move laterally throughout the organization to get to sensitive assets and data.
To me this tutorial makes no sense in a real world scenario.
Great job 👍 😎
I wish you would explain deeper for what you need for it like networks and what kind of routers and ect
Wow that was a very valuable information
Thanks for the video, very interesting stuff, You should make another vid to show how to protect yourself from this type of breach
Mr. Loi is the best!!!!!
wtf Loi you're such amazing hacker!!
I run a cyber security club at my University and I wanted to set this up as lab and was wondering if you had a tutorial on how to set it up
I love this tutorial
@Loi Liang Yang how would you protect yourself against such attacks. Would a 2fa device with physical interaction be sufficiant?
Thanks bro.
Very good content! And quite funny, hacker loi!
Really appreciate you ❤
Amazing teacher. How do you remember all those commands?
Thanks for this, my question is : Do you need to be connected to the target network? Or i can do this externally too with an external IP target
Nice approach
Idol I'm always inspired I watched you everyday you very genius I salute you idol that is my ambition tobecome expert with penetration testing idoñ
This scan we can do in our internal network? Or in the internet? In other words, what I'm scanning exactly?
impressive work....
You are lucky my favourite nice tuto is nice tuto
is python effetive for penetration testing as well ? or only kali linux?
Your inteernet is .....💥💥💥💥💥💥💥
Very complex
Big fan, a course would be perfect
Do you want to be promoted to an air conditioner
Thank you
Very interesting!
TY.
you didnt explain about the exploit-db script.why you took that particular script?
Good stuff.
Solid, Sir 💯/💯
What machine from vulnhub do you use?
Hi when using Nmap how long does it usually takes to show results, Does it depends on computer specs or what? Mine really took about 1-2 mins
It depends what you’re scanning and how; nmap is a powerful tool that can do a lot. Scanning a narrow range of ports is fast, as can be a simple scan of all ports. If you do a host range, it takes longer, and so does a detailed scan of a target. Mass scans are easily detected and nmap has options to do it slower to either reduce detection or to just not flood a target and get locked out by an app, firewall, etc. Computer specs don’t really matter as long as you’re not using an antique (take “antique” as you will; we’re talking about computers). Play with it (against yourself).
@@travisjg80 I see thank you for answering, I got good laptop so I dont thinks thats the issue.
@@travisjg80 Nice
Sir can you please do advanced network penetration course, please a humble request for a subscriber
Hi from Germany also if i understud this right tha is already hacking the Security Pen Testing? My System my Port and Tools i am running?
You can also recover email add?
I’ve travelled pretty extensively and I’ve heard quite a few accents over the decades but I’ve never heard quite an accent like yours. Subscribing.
Im confused. If you are on windows then you need to install nmap first. How would that help you if the program is not already installed on the device?
which terminal are you using?
What are the devices you recommend for a test like this?
Nmap, metasploit, wireshark, burpsuit & Nessus
Hello Loi, you lost me at 7:40
How did you set the targets ?
Did you type out THE FOLOWING COMMANDS > set RHOSTS
> set RPATH
Thanks Mr. LOI for your efforts, but I have a question: you were root when you escalated privileges in the Linux server, why do you need to reconnect using SSH to another account? ??
Your are awesome!
Hii sir i am big fan
Love you bro 🔥❤️
OMG what a tutorial
another level
Thanks bro Loi
Fabulous vid
I am a brand new student. I have not launched anything yet. Got it all downloaded and ready to go. I want to know what should I do? I’m going to listen and binge watch all of your videos
Do we have to use VPN before performing penetration test on Kali Linux?
Good job Hacker Loi, thanks , i learned alot from your tutorials.
Can you please show tutorial on Gophish too?
Isn’t a way to scan all ports -p- too for Nmap?
Hello Loi and thank you for the content, I want to penetrate my own wifi to test things out but I don't understand where do you find the ip of the "target" machine as you mention at 3:12.
Sorry if this question is extremely stupid, I am a newbie at this and I want to understand where this address comes from, aka what's the first step required to find this address of my "target".
the ip of your target as you say router would be your router getway ip
Have been given the nod to do a vulnerability scan/assessment for 4 small offices, no budget for commercial software, what would you suggest for scanning and also reporting tools? nMap reporting is a little um..... not attractive? LOL. I can probably manually assemble something of a report that's a little nicer but just was curious if you had some suggestions for just getting started to offer these services.
Vulnerability assessment is different from pentesting. For discovering vulnerabilities to report and use for mitigation and followup reporting, OpenVAS (Greenbone) is going to be your only choice. When I worked at an MSP, discovered the least expensive commercial solution is Nessus Professional which can be installed to a VM that you can transport and target IPs and subnets. Least expensive at $1,500/yr that is. Demoed a solution by Qualys that was $32k/yr.
@@Wahinies I fully understand the differences between pen testing and vulnerability scanning, but many tools are used by both services since pen testers do use scanners once they are inside the network. My goal for this small company is to grow it until they offer both services, but in the beginning there's no budget for the big guys and currently we're just starting with the vulnerability assessment/scans, not venturing into pen testing until the future. I did demo OpenVAS Greenbone but was not really thrilled with the results and getting it set up in a VM had a few challenges (although once it was up it ran fine). Its setting for the projected validity (false positives sensitivity) didn't impress me really, I ran the same scans at differing levels and it found far less than Nessus Pro demo that I used against the same targets. Fully agree on Qualys though, I use it during my day job and it's a 6 figure price tag for a medium size credit union.
Tanks U
Hello so I’m following exactly your steps but at 7:36 and 7:37 when you high light HEADRE User-Agent what do you do after? Because I don’t have the there lines you show right after this! The error i get is: failed to validate: RHOSTS
Good afternoon sir (According to Indian standard time)How do you fix trouble shooting in your Kali machine
hi do i need to be part of predator network before i scan