Home Original page

GitHub - immature-coder/Hacking-Labs

Ethical Hacking

This is a collection of practical labs.

Index and their Objectives

  1. Footprinting and Reconnaissance 👾
    • Extract Organization Information
    • Extract Network Information
    • Extract System Information
  2. Scanning Networks 👾
    • Check Live Systems and Open Ports
    • Identify Services Running in Live Systems
    • Perform Banner Grabbing / OS Fingerprinting
    • Identify Network Vulnerabilities
    • Draw Network Diagrams of Vulnerable Hosts
  3. Enumeration 👾
    • Extract Machine Names, their OSs, Services and Ports
    • Extract Network Resources
    • Extract Usernames and User Groups
    • Extract Lists of Shares on Individual Hosts on the Network
    • Extract Policies and Passwords
    • Extract Routing Tables
    • Extract Audit and Service Settings
    • Extract SNMP and FQDN Details
  4. Vulnerability Analysis 👾
    • Identify Network Vulnerabilities
    • Identify IP and TCP/UDP Ports and Services that are Listening
    • Identify Application and Services Configuration Errors/Vulnerabilities
    • Identify the OS Version Running on Computers or Devices
    • Identify Applications Installed on Computers
    • Identify Accounts with Weak Passwords
  5. System Hacking 👾
    • Bypassing Access Controls to Gain Access to the System (Password Cracking, Vulnerability Exploitation...)
    • Acquiring the Rights of Another User or an Admin (Privilege Escalation)
    • Creating and Maintaining Remote Access to the System (Trojans, Spyware, Backdoors, Keyloggers...)
    • Hiding Malicious Activities and Data Theft (Rootkits, Steganography...)
    • Hiding the Evidence of Compromise (Clearing Logs)
  6. Malware Threats 👾
    • Create a Trojan and Exploit a Target Machine
    • Create a Virus to Infect the Target Machine
    • Perform Malware Analysis to Determine the Origin, Functionality and Potential Impact of a Given Type of Malware
    • Detect Malware
  7. Sniffing 👾
    • Sniff the Network
    • Analyze Incoming and Outgoing Packets for any Attacks
    • Troubleshoot the Network for Performance
    • Secure the Network from Attacks
  8. Social Engineering 👾
    • Sniff User/Employee Credentials
    • Obtain Employees' Basic Personal Details
    • Obtain Usernames and Passwords
    • Perform Phishing
    • Detect Phishing
  9. Denial-of-Service 👾
    • Performing SYN Flooding, Ping of Death and UDP Application Layer Flooding Attacks on a Target Host
    • Performing a DDoS Attack
    • Detect and Analyze DoS Attack Traffic
    • Detect and Protect Against a DDoS Attack
  10. Session Hijacking 👾
    • Hijack a Session by Intercepting Traffic between Server and Client
    • Steal a User Session ID by Intercepting Traffic
    • Detect Session Hijacking Attacks
  11. Evading IDS, Firewalls and Honeypots 👾
    • Detect Intrusion Attempts
    • Detect Malicious Network Traffic
    • Detect Intruders and their Attack Weapon
    • Evade Firewalls
  12. Hacking Web Servers 👾
    • Footprinting a Web Server
    • Enumerate Web Server Information
    • Crack Remote Passwords
  13. Hacking Web Applications 👾
    • Footprinting a Web Application
    • Performing Web Spidering, Detect Load Balancers and Identify Web Server Directories
    • Performing Web Application Vulnerability Scanning
    • Performing Brute-Force and CSRF Attacks
    • Exploiting Parameter Tampering and XSS Vulnerabilities
    • Exploiting WordPress Plugin Vulnerabilities
    • Exploiting Remote Command Execution Vulnerabilities
    • Exploiting File Upload Vulnerabilities
    • Gaining Backdoor Access via a Web Shell
    • Detecting Web Application Vulnerabilities
  14. SQL Injection 👾
    • Performing a SQL Injection on an MSSQL Database
    • Extracting basic SQL Injection Flaws and Vulnerabilities
    • Detecting SQL Injection Vulnerabilities
  15. Hacking Wireless Networks 👾
    • Discover Wi-Fi Networks
    • Capture and Analyze Wireless Traffic
    • Crack WEP, WPA and WPA2 Wi-Fi Networks
  16. Hacking Mobile Platforms 👾
    • Exploit the Vulnerabilities in an Android Device
    • Obtain Users' Credentials
    • Hack Android Devices with a Malicious Application
    • Use an Android Device to Launch a DoS Attack on a Target
    • Exploit an Android Device through ADB
    • Perform a Security Assessment on an Android Device
  17. IoT and OT Hacking 👾
    • Performing IoT and OT Device Footprinting
    • Capturing and Analyzing Traffic between IoT Devices
  18. Cloud Computing 👾
    • Performing S3 Bucket Enumeration
    • Exploiting Misconfigured S3 Buckets
    • Escalating Privileges of a Target IAM User Account by Exploiting Misconfigurations in a User Policy
  19. Cryptography 👾
    • Generate Hashes and Checksum Files
    • Calculate the Encrypted Value of the Selected File
    • Use Encrypting/Decrypting Techniques
    • Perform File and Data Encryption
    • Create Self-Signed Certificates
    • Perform Email Encryption
    • Perform Disk Encryption
    • Perform Cryptanalysis