What kind of attacks viable here

[ferf]

Please use the following template:

Problem: So I'm new or relatively new to the hacking scene.... and I was wondering what type of attacks are used for when you have access to a user/computer on a network, what kind of attacks you can do to gain access to other computers on the network

Background: I know this is very skiddish but I think most hackers started at the script kiddie level,haha, I am trying to learn java atm, but that's seperate from hacking and wouldn't help much i don't think

Things I've tried: Ummm nothing yet, Just looking for ideas to try... Netbios attack? Idk... Just looking for suggestions and from there i'll test/research



Sorry for this type of question, but u gotta start somewhere, and like i said, I'm sure a lot of great hackers started as script kiddies

[evolut1o]

If you already have access to the network, metasploit it is. If you don't, first break it. Theres hundreds of ways that you can gain access to a computer, you just have to find the present and most viable flaw on the machine. Anyway, my guess only..

Heres a good free metasploit tutorial -> https://www.offensive-security.com/metasploit-unleashed/
One of the best free pentesting/IT Learning courses out there -> https://www.cybrary.it/

And of course, in the forum you will find a large amount of knowledge, tutorials and tips about everything you need to know about cybersecurity.

Cheers

[ferf]

If you already have access to the network, metasploit it is. If you don't, first break it. Theres hundreds of ways that you can gain access to a computer, you just have to find the present and most viable flaw on the machine. Anyway, my guess only..

Heres a good free metasploit tutorial -> https://www.offensive-security.com/metasploit-unleashed/
One of the best free pentesting/IT Learning courses out there -> https://www.cybrary.it/

And of course, in the forum you will find a large amount of knowledge, tutorials and tips about everything you need to know about cybersecurity.

Cheers

Thanks so much!

[ferf]

I'm guessing using a packet sniffer might be a good idea?

[evolut1o]

Getting into the Network, and then work from there is the most common way. Heres a good tutorial about Wi-Fi hacking from one of the forum administrators: https://evilzone.org/high-quality-tutorials/wireless-auditing-with-kali-linux-aircrack-ng-reaver-and-pixiewps/

But i recommend that you study after you start to try to gain access to a computer, especially if you don't own him, since you are a beginner and shit. Entering into a machine leave trails, like log files, something that forenses can analyze and get you, being another subject that to be a hacker you MUST know.  I strongly recommend that you go to Cybrary and do all the courses and classes before even thinking about hacking. It is free and quite complete, you won't need help after that.

[Twerpzilla]

If you haven't already, build your own toolbox os or get a premade one ( E.G. Kali, comes shipped with a multitude of tools ) and look into Assembly, PowerShell, Python, C++ and the like. ( Even if its just a skim through, just so you will be able to understand alot of things better at work, sure tools are great but its always better to know what is actually happening )

Keep in mind, that usually when you're attacking a network from inside the network, you won't have to worry as much about Intrusion Detection Systems and Firewalls, it mostly comes down to access controls and your main objective will be to "Escalate" your privileges, until you obtain root ( Or Equivalent ).

Run Nmap on the network, eg. nmap [ Options] 192.168.1.1/24 ( CIDR Notation ), grab banners, locate unsecured services ( Like default installs of SSH or FTP ).

When others are on the same network, sniff packets, if you can strip SSL and try capture creds or other sensitive information.

If the company or user has bad security habits, you could grab the hash, and run it through other workspaces ( PTH ) the user might use to see if you can get yourself in.

Printers are usually low hanging fruit, doesnt hurt to try and comprimise them.

If you're in the area you could try some fancy airobase stuff and setup a clone of the network, ( If for some strange reason they dont use ethernet for their workspaces ), redirect traffic to your "fake" network ( E.G. Deauthorize the Original Network with Reaver ) and monitor incoming traffic, and/or redirect to other sites. ( E.G. Phishing Sites )

If you're in the system, you could probably throw a few metasploit payloads for priv escalation, especially if its an old machine, or unpatched ( E.G. Load Priv in Metasploit, Get System. )

Plethora of ways to compromise from inside a network, get googling.

[deltonos]

If you are new, first in your TODO list: network recognoisance.

Start learning tools for network& devices recognition: nmap & wireshark . I also recomend to you about using tcpdump (no graphical, command line and vintage&useful tool).
Please, dont try to use Cain&Abel before to learn how to use the above mentioned tools. The truth is Kali got all tools needed for a first look insde a network.

Good luck!

[_Enigma]

I'm not sure of your current knowledge but If you want to avoid looking like a skid I would get a firm understanding of the fundamentals of things like networking (OSI stack, common protocols like FTP/SSH/HTTP), programming (Get comfy with one language), run a Operating Systems( try running linux as your main distro for a while and youll get comfy with the command line), etc. In my experience when I tried to rush into doing more "hacking" focused stuff I was moreso memorizing a process of running nmap and opening up metasploit against vulnerable VM's and thought that I was learning; but I was missing out.

I think this research with help when you try out attacks like shellshock, heartbleed, etc. you have the prior knowledge to actually investigate, dissect and understand the attack instead of just memorizing how to do it. Go ahead and get your feet wet with whatever tools or attack vectors tickle your fancy but unless you take the time to do your homework about how and why something works youll be missing out on the most enjoyable part of hacking.

[Sheogorath]

Too be honest I'd start learning more about how the machine itself works. A good book to read would be Hacking The Art of Exploitation.

Learning assembly would definitely be a good idea. If you're looking into hacking the front end of websites then look into learning PHP and MySQLi and how databases work and such. Then look into certain types of vulnerabilities like SQLi and XSS.

Cheers and Merry Christmas

[neom]

Please use the following template:

Problem: So I'm new or relatively new to the hacking scene.... and I was wondering what type of attacks are used for when you have access to a user/computer on a network, what kind of attacks you can do to gain access to other computers on the network

If you do have physical access to a machine, there is a known (and i think still unpatched) vulnerability with some versions of Windows. If it is a Windows 7, 8 machine it is really simple, you just need to have a windows disk, boot it up and use command prompt to make a few changes.

Take a look at this for more detailed info:

http://www.howtogeek.com/96630/how-to-reset-your-forgotten-windows-password-the-easy-way/

If you just have have access to the network, I would recommend the same as already stated above, first thing I would do is to run Nmap on the network.

Nmap should give you some IP addresses with juicy info about them, like current OS, possible vulnebs, open ports etc. With that in hand you can start searching more information about what you have found.