10 open source tools that feel illegal...

There are three types of computer people in this world. Users, programmers, and hackers. The user just wants boring software to make boring spreadsheets to get boring stuff done at work. But in their naivity, users often get penetrated by hackers with high levels of RZ who employ social engineering to steal personal data, intimate photos, and crypto wallets. But then you've got programmers. They're the unsung heroes who make all the software in the world work. But they too get penetrated by

hackers. If a programmer leaves the back door open to their mainframe, it could lead to catastrophic consequences that cost them, their job, and their employer billions of dollars. The lesson to be learned here is that you want to be the one doing the penetrating, not some stranger in a foreign country who doesn't even care about your feelings. In today's video, you'll learn the fundamentals of ethical hacking and penesting by looking at 10 free and open- source tools that you can use

hackers. If a programmer leaves the back door open to their mainframe, it could lead to catastrophic consequences that cost them, their job, and their employer billions of dollars. The lesson to be learned here is that you want to be the one doing the penetrating, not some stranger in a foreign country who doesn't even care about your feelings. In today's video, you'll learn the fundamentals of ethical hacking and penesting by looking at 10 free and open- source tools that you can use

right now. All of which are available by default on Kali Linux, a DRO optimized for ethical hacking. By the end of this video, you'll be a legit wannabe hacker who can take down entire nations. But if you like to do bad things, you need to turn this video off right now. The tools in this video, if used non-consensually, it could break many international laws that land you in prison. So never do penetration testing on a website or network without permission. But now that

right now. All of which are available by default on Kali Linux, a DRO optimized for ethical hacking. By the end of this video, you'll be a legit wannabe hacker who can take down entire nations. But if you like to do bad things, you need to turn this video off right now. The tools in this video, if used non-consensually, it could break many international laws that land you in prison. So never do penetration testing on a website or network without permission. But now that

all the bad guys have clicked off this video, let's learn how to use some of the most powerful and dangerous hacking tools. To follow along, I would highly recommend installing Kali Linux. And the desktop version is awesome. Although Microsofties can install it via WSL or if you don't want to use Cali, you can just install each one of these hacking tools individually. But the best way to get started is to spin up your own virtual private server on Hostinger, the

sponsor of today's video. Their platform gives you the power and flexibility to run anything you want without locking you into a complicated and expensive cloud platform. You can run a basic Linux server like Arch with powerful hardware like NVMe SSD storage and AMD epic chips. You can easily manage containers with a dockervp and their free docker manager or self-host entire backends like superbase with a single click and zero config nightmares. But today I'm using hostinger to run kali

linux. And after launching the VPS with just a few clicks, I can SSH into it with my password. And now our hacking journey begins. The first tool you need to know about is end mapap. It's like the peeping tom in your neighborhood who looks through all the windows in your house without actually breaking in. On a network like the one you're connected to right now to watch this video, there's likely multiple hosts connected to it like your computer, your PlayStation,

linux. And after launching the VPS with just a few clicks, I can SSH into it with my password. And now our hacking journey begins. The first tool you need to know about is end mapap. It's like the peeping tom in your neighborhood who looks through all the windows in your house without actually breaking in. On a network like the one you're connected to right now to watch this video, there's likely multiple hosts connected to it like your computer, your PlayStation,

and your smart lock. And the purpose of NAPAP is to map out a network. It does this by sending packets over an IP range. It then analyzes their responses to figure out which ports are open, which operating systems they use to help you find back doors to exploit. Like if grandpa misconfigured something on his network, you can hack his printer to send him a message. To use it, simply use the end mapap command followed by an IP address you have access to, like your

local network or even a URL that you have permission to penetrate. If we do that on a website, you'll notice we get the IP address back. And it found that ports 80 and 443 were open. That's pretty cool. But we can also do a more aggressive scan with the A option. This will not only scan the network, but also try to detect the operating systems, and we'll use something called tracer route to track the path of the packets across the entire network, which can help

detect misconfigurations that we can exploit. If you're interested in packets though, another tool you'll need to know about is Wireshark. It's like that guy at a party who tries to eavesdrop on every conversation. It allows you to inspect what's happening on the network at a microscopic level. You'll want to use the guey on this one because it collects tons of data from hundreds of different protocols which are all captured in real time and can be analyzed offline. For example, if you

record the traffic on your network right now and notice all this weird traffic going to an IP address in North Korea, you can inspect the actual payload and might find out that they have access to those photos that were intended for only you and your future ex-wife to see. And now you might be radicalized and ready to fight back. Metas-ploit is perhaps the most powerful hacking framework out there. It's like a Swiss Army knife with an AK-47 attached to it that allows even

the most unskilled script kitty to launch an attack. For example, we might be able to gain access to a Windows machine with a reverse shell. Thanks to the Eternal Blue vulnerability, open up the Metas-ploit console and search for Eternal Blue. That should bring up a list of potential Windows targets. We know that Grandpa is still on Windows 7. So, let's go ahead and use that exploit. From there, we can set a payload to use a reverse shell and configure the local

host to our own IP address. And then finally, run the exploit command. Congratulations, you just made a successful penetration. You can now access all the files on this computer, change the desktop background, and install even more malware. But Metas-ploit is almost too powerful, and if you use it, you'll miss out on a lot of cyber security learning opportunities. The next tool you need to know about is Air Crack. Like the name implies, it's for hacking those magical

invisible packets floating around in the air called Wi-Fi. When you're at Starbucks enjoying a soy latte coding a NodeJS app, there could be a guy behind the dumpster using air crack who just ran the Airmon command, but followed by air dump to find your network as the perfect target. He then proceeded to run air crack to crack the Wi-Fi protected access key and can now pull all the packets out of thin air floating on this network. If you're connected to a regular unencrypted HTTP website, your

sensitive data could be intercepted. That's why you always want to make sure to use HTTPS when submitting forms with personal data because even if a hacker intercepts those packets, they'll be encrypted. Luckily though, the cops just arrested this guy because using air crack on a network without permission is highly illegal. But now it's time to talk about passwords. normies who watch Hollywood movies think that hackers get access to the mainframe by running some

program that cracks their password. >> I could launch a cyber nuke, but it'll completely fry your system. >> And believe it or not, Hollywood movies about hacking are 100% accurate. Kali Linux has multiple password cracking tools like John the Ripper and Hydra. But the easiest tool to learn in my opinion is Hashcat. First though, it's crucial to understand that nobody in their right mind stores a plain text password in a database. Instead, passwords get hashed with a one-way

algorithm like Shaw or BCrypt to then salt them with another random string to make them even more difficult to crack. Now, even if somebody steals the database, it's still almost impossible to reverse engineer the hash back to the original password. The key word here, though, is almost. Let's imagine I found this hash for the president's login credentials to access the nuclear Armageddon launch button website. Hashcat allows us to run a variety of different strategies to figure out the

original text value of this hash. like we could try to brute force every possible string combination. But a more common technique is to use a file like rocku.txt which contains over 14 million common passwords. Once we have that, we can then use hashcat and specify a hashing algorithm which in this example is MD5 because it can be cracked in just a few seconds. But in real life with a hashing algorithm like brypt, it might take multiple days to go through the rocky

file. In any case, it looks like President Kamacho used a weak password and forgot to enable 2FA, which means it's finally time to kick off Armageddon. But you might be wondering how I even found this top secret website. The skipfish is a tool for finding vulnerabilities on websites. It will recursively crawl an entire website and in the process scan for vulnerabilities like cross-sight scripting, SQL injection, and other web application screw-ups. It provides this

file. In any case, it looks like President Kamacho used a weak password and forgot to enable 2FA, which means it's finally time to kick off Armageddon. But you might be wondering how I even found this top secret website. The skipfish is a tool for finding vulnerabilities on websites. It will recursively crawl an entire website and in the process scan for vulnerabilities like cross-sight scripting, SQL injection, and other web application screw-ups. It provides this

nice HTML report. And what's awesome about it is that if you've already hacked a username and password, you can provide those credentials to also crawl the deep web beyond what's available to the public. Then when you find vulnerabilities, you can use tools like Cross-Side Scriptor to install Worms, just like my hero Sammy did to MySpace back in 2005. Now, in order to be a successful cyber criminal, you need to think like law enforcement and use their tools like Foremost, a forensic data

recovery tool built on a process called file carving. Imagine you got access to a hard drive in Area 51 somehow, but all the data is gone. Well, if they did a quick format and didn't overwrite the data, it can likely be recovered with foremost. It doesn't even need a file system and will scan the entire disc image bite by bite looking for unique patterns like the bites at the beginning of a header to identify a JPEG. When it finds the corresponding footer, it can

then reconstruct an image that you were never supposed to see. And that's why when you end up with two shots to the back of the head, it'll be ruled a suicide. At this point, we know how to map networks, websites, and hard drives. But the golden goose for any hacker is a database which can be sold for Monero on the dark web. The SQL map allows you to scan a website or server to find all the databases and map out their schemas with all the tables and columns. Once you

have that information, you can start launching SQL injection attacks where you submit forms with raw SQL statements in them to try to trick their server into running that code. Or better yet, print that code out and paste it on the front of your car and blow through a bunch of speed cameras. But a more common attack nowadays is denial of service. You probably know how to ping a website in Linux, but in Kali Linux, you can use hping 3 along with the flood option to send packets as fast as

possible to an IP address without waiting for replies. This can flood a server with traffic and grind it to a halt or cost the developer millions of dollars if they host on a serverless platform. When used on one machine, it's just a basic DOSs attack, but if you distribute it across a botnet of all the machines that you've hacked already, it then becomes a DDoS attack. Yet another great way to embark on a magical journey to prison. But the sad reality of hacking is that most people are

victimized by those they trust. Like I trusted Prince Hyman Cholo to transfer my inheritance after I gave him my checking account password, but he took all my money and went to a fish concert. The social engineering toolkit in Kali Linux allows you to create your own sophisticated fishing attacks using a variety of attack vectors like email, QR codes, SMS text messages, Arduino IoT devices, and of course websites. In fact, the tool can even clone a website,

which you can then host on your server, and when someone finds it and enters their email and password, it goes directly to you instead of PayPal. But that entire attack was accomplished without writing any JavaScript code. And with that, we've looked at 10 dangerously powerful tools for hackers in Kali Linux. But we've barely scratched the surface. And you'll also want to learn about John the Ripper, Nikto, Burpuite, just to name a few. Actually, you know what? Forget I ever

said anything. Nobody should know about any of these tools. So, go ahead and look into this device real quick. I am just a figment of your imagination.

said anything. Nobody should know about any of these tools. So, go ahead and look into this device real quick. I am just a figment of your imagination.

>> All right, guys. You just watched a tutorial about Enterprise Oracle forms with Microsoft Silver Light, but make sure to smash that like button and subscribe for more benign and totally not illegal programming content. Huge thanks to Hostinger for sponsoring and make sure to check out their platform to get the best deal on your own virtual private server in the industry. Thanks for watching and I will see you in the next