Hacking Tools Comps Monday, 16 September 2024 https://cs.carleton.edu/faculty/jondich/courses/comps_f24/ + Soon but not today - Final product - Rough schedule - What will class be like day to day? + What is pen-testing? - "penetration testing" - "ethical hacking" + Time - 9 weeks goes by fast - Pen-testing is huge - This is comps: plan to put in plenty of time (6cr should be about 13 hours, but you might want to plan for more if you want to get the most out of it) + Messages from me - Your goal is learning as much as you can - start from where you are - don't worry about what other people already know - This takes time. Put in the time, and you'll learn a ton. - Help each other. Ask for help! + Look at OverTheWire: Bandit - What is it? - How to approach it? - General cultural issues in the hacking world - Let's get started + Count off 1-4 to make groups - Introduce yourselves - Share background. How comfortable with: - Unix command line? - Networking? (e.g., know what TCP ports are?) - Vocab: client, server, TCP port - 1-2 things you're eager to learn - 0-2 things you're worried about + Hacking tools: what sounds interesting? nmap - port scanning sqlmap - looking for SQL injection vulnerabilities in websites hashcat - password cracking john - password cracking hydra - password spraying shasum - cryptographic hash functions burp suite's proxy tool - viewing/modifying web interactions curl - command-line web client gobuster - website brute-forcing feroxbuster - website brute-forcing dirb - website brute-forcing nc - general-purpose TCP client and server tcpdump - packet sniffing openssl hash functions - cryptographic hash functions openssl encryption - symmetric and asymmetric encryption implementations wpscan - vulnerability scanner for wordpress enum4linux - vulnerability scanner for linux linpeas - vulnerability scanner for linux snmpwalk - SNMP scanning tool ...? + Wednesday - bandit discussion - questions about videos - a pen-testing walkthrough