ฝึกพูดภาษาอังกฤษด้วยเทคนิค Shadowing จากวิดีโอ: 10 open source tools that feel illegal...

There are three types of computer people in this world.

⏸ หยุดชั่วคราว

ความเร็ว:

209 ประโยค

หากประโยคสั้นหรือยาวเกินไป กดที่ Edit เพื่อปรับแก้

There are three types of computer people in this world.

Users, programmers, and hackers.

The user just wants boring software to make boring spreadsheets to get boring stuff done at work.

But in their naivety, users often get penetrated by hackers with high levels of riz,

who employ social engineering to steal personal data,

intimate photos, and crypto wallets.

But then you've got programmers.

They're the unsung heroes who make all the software in the world work,

but they too get penetrated by hackers.

If a programmer leaves the back door open to their mainframe,

it could lead to catastrophic consequences that cost them their job and their employer billions of dollars.

The lesson to be learned here is that you want to be the one doing the penetrating,

not some stranger in a foreign country who doesn't even care about your feelings.

In today's video, you'll learn the fundamentals of ethical hacking

and pen testing by looking at 10 free and open source tools that you can use right now,

all of which are available by default on Kali Linux,

a distro optimized for ethical hacking.

By the end of this video,

you'll be a legit wannabe hacker who can take down entire nations,

but if you like to do bad things,

you need to turn this video off right now.

The tools in this video,

if used non-consensually, it could break many international laws that land you in prison.

So never do penetration testing on a website or network without permission.

But now that all the bad guys have clicked off this video,

let's learn how to use some of the most powerful and dangerous hacking tools.

To follow along, I would highly recommend installing Kali Linux,

and the desktop version is awesome.

Although Microsofties can install it via WSL,

or if you don't want to use Kali,

you can just install each one of these hacking tools individually.

But the best way to get started is to spin up your own virtual private server on Hostinger,

the sponsor of today's video.

Their platform gives you the power

and flexibility to run anything you want without locking you into a complicated and expensive cloud platform.

You can run a basic Linux server like Arch with powerful hardware like NVMe SSD storage and AMD Epic chips.

You can easily manage containers with a Docker VPS and their free Docker manager,

or self-host entire back-ends like Supabase with a single click and zero config nightmares.

But today, I'm using Hostinger to run Kali Linux,

and after launching the VPS with just a few clicks,

I can SSH into it with my password,

and now our hacking journey begins.

The first tool you need to know about is Nmap.

It's like the peeping Tom in your neighborhood who looks through all the windows in your house without actually breaking in.

On a network, like the one you're connected to right now to watch this video,

there's likely multiple hosts connected to it,

like your computer, your PlayStation, and your smart lock.

And the purpose of Nmap is to map out a network.

It does this by sending packets over an IP range,

then analyzes their responses to figure out which ports are open,

which operating systems they use,

to help you find backdoors to exploit.

Like if grandpa misconfigured something on his network,

you can hack his printer to send him a message.

To use it, simply use the nmap command,

followed by an IP address you have access to,

like your local network, or even a URL that you have permission to penetrate.

If we do that on a website,

you'll notice we get the IP address back,

and it found that ports 80 and 443 were open.

That's pretty cool, but we can also do a more aggressive scan,

with the A option.

This will not only scan the network,

but also try to detect the operating systems,

and will use something called tracer route to track the path of the packets across the entire network,

which can help detect misconfigurations that we can exploit.

If you're interested in packets though,

another tool you'll need to know about is Wireshark.

It's like that guy at a party who tries to eavesdrop on every conversation.

It allows you to inspect what's happening on the network at a microscopic level.

You'll want to use the GUI on this one because it collects tons of data from hundreds of different protocols,

which are all captured in real time and can be analyzed offline.

For example, if you record the traffic on your network right now

and notice all this weird traffic going to an IP address in North Korea,

you can inspect the actual payload and might find out

that they have access to those photos that were intended for only you and your future ex-wife to see.

And now you might be radicalized and ready to fight back.

Metasploit is perhaps the most powerful hacking framework out there.

It's like a Swiss army knife with an AK-47 attached to it

that allows even the most unskilled script kitty to launch an attack.

For example, we might be able to gain access to a Windows machine with a reverse shell,

thanks to the EternalBlue vulnerability.

Open up the Metasploit console and search for EternalBlue.

That should bring up a list of potential Windows targets.

We know that Grandpa is still on Windows 7,

so let's go ahead and use that exploit.

From there, we can set a payload to use a reverse shell,

and configure the local host to our own IP address.

And then finally, run the exploit command.

Congratulations, you just made a successful penetration.

You can now access all the files on this computer,

change the desktop background, and install even more malware.

But Metasploit is almost too powerful,

and if you use it,

you'll miss out on a lot of cybersecurity learning opportunities.

The next tool you need to know about is Aircrack.

Like the name implies, it's for hacking those magical invisible packets floating around in the air called Wi-Fi.

When you're at Starbucks enjoying a soy latte coding a Node.js app,

there could be a guy behind the dumpster using Aircrack who just ran the AirMon command,

100

followed by AirDump, to find your network as the perfect target.

101

He then proceeded to run AirCrack to crack the Wi-Fi protected access key

102

and can now pull all the packets out of thin air floating on this network.

103

If you're connected to a regular unencrypted HTTP website,

104

your sensitive data could be intercepted.

105

That's why you always want to make sure to use HTTPS when submitting forms with personal data,

106

because even if a hacker intercepts those packets, they'll be encrypted.

107

Luckily, though, the cops just arrested this guy,

108

because using aircrack on a network without permission is highly illegal.

109

But now, it's time to talk about passwords.

110

Normies who watch Hollywood movies think that hackers get access to the mainframe by running some program that cracks their password.

111

I could launch a cyber nuke,

112

but it'll completely fry his system.

113

And believe it or not,

114

Hollywood movies about hacking are 100% accurate.

115

Kali Linux has multiple password cracking tools,

116

like John the Ripper and Hydra,

117

but the easiest tool to learn in my opinion is Hashcat.

118

First though, it's crucial to understand that nobody in their right mind stores a plain text password in a database.

119

Instead, passwords get hashed with a one-way algorithm,

120

like SHA or bcrypt, then salt them with another random string to make them even more difficult to crack.

121

Now, even if somebody steals the database,

122

it's still almost impossible to reverse engineer the hash back to the original password.

123

The key word here, though, is almost.

124

Let's imagine I found this hash for the president's login credentials to access the Nuclear Armageddon launch button website.

125

Hashcat allows us to run a variety of different strategies to figure out the original text value of this hash.

126

Like, we could try to brute force every possible string combination,

127

but a more common technique is to use a file like rocku.txt,

128

which contains over 14 million common passwords.

129

Once we have that, we can then use Hashcat and specify a hashing algorithm,

130

which in this example is MD5 because it can be cracked in just a few seconds,

131

but in real life with a hashing algorithm like bcrypt,

132

it might take multiple days to go through the rocky file.

133

In any case, it looks like President Camacho used a weak password and forgot to enable 2FA,

134

which means it's finally time to kick off Armageddon.

135

But you might be wondering how I even found this top secret website.

136

Skipfish is a tool for finding vulnerabilities on websites.

137

It will recursively crawl an entire website,

138

and in the process, scan for vulnerabilities like cross-site scripting,

139

SQL injection, and other web application screw-ups.

140

It provides this nice HTML report,

141

and what's awesome about it is that if you've already hacked a username and password,

142

you can provide those credentials to also crawl the deep web beyond what's available to the public.

143

Then when you find vulnerabilities,

144

you can use tools like cross-site scriptor to install worms,

145

just like my hero Sammy did to MySpace back in 2005.

146

Now, in order to be a successful cyber criminal,

147

you need to think like law enforcement,

148

and use their tools like Foremost,

149

a forensic data recovery tool built on a process called file carving.

150

Imagine you got access to a hard drive in Area 51 somehow,

151

but all the data is gone.

152

Well, if they did a quick format and didn't overwrite the data,

153

it can likely be recovered with Foremost.

154

It doesn't even need a file system,

155

and will scan the entire disk image byte by byte,

156

looking for unique patterns like the bytes at the beginning of a header to identify a JPEG.

157

When it finds the corresponding footer,

158

it can then reconstruct an image that you were never supposed to see.

159

And that's why when you end up with two shots to the back of the head,

160

it'll be ruled a suicide.

161

At this point, we know how to map networks,

162

websites, and hard drives, but the golden goose for any hacker is a database,

163

which can be sold form an arrow on the dark web.

164

A SQL map allows you to scan a website

165

or server to find all the databases and map out their schemas with all the tables and columns.

166

Once you have that information,

167

you can start launching SQL injection attacks,

168

where you submit forms with raw SQL statements in them to try to trick their server into running that code.

169

Or better yet, print that code out

170

and paste it on the front of your car and blow through a bunch of speed cameras.

171

But a more common attack nowadays is denial of service.

172

You probably know how to ping a website in Linux,

173

but in Kali Linux, you can use HPing3,

174

along with the flood option,

175

to send packets as fast as possible to an IP address,

176

without waiting for replies.

177

This can flood a server with traffic and grind it to a halt,

178

or cost the developer millions of dollars if they host on a serverless platform.

179

When used on one machine,

180

it's just a basic DOS attack,

181

but if you distribute it across a botnet of all the machines that you've hacked already,

182

it then becomes a DDoS attack,

183

yet another great way to embark on a magical journey to prison.

184

But the sad reality of hacking is that most people are victimized by those they trust.

185

Like, I trusted Prince Hyman Cholo to transfer my inheritance after I gave him my checking account password,

186

but he took all my money and went to a phish concert.

187

The social engineering toolkit in Kali Linux allows you to create

188

your own sophisticated phishing attacks using a variety of attack vectors like email,

189

QR codes, SMS text messages,

190

Arduino IoT devices, and of course websites.

191

In fact, the tool can even clone a website,

192

which you can then host on your server,

193

and when someone finds it and enters their email and password,

194

it goes directly to you instead of PayPal.

195

But that entire attack was accomplished without writing any JavaScript code.

196

And with that, we've looked at 10 dangerously powerful tools for hackers in Kali Linux.

197

But we've barely scratched the surface,

198

and you'll also want to learn about John the Ripper,

199

Nikto, Burp Suite, just to name a few.

200

Actually, you know what?

201

Forget I ever said anything.

202

Nobody should know about any of these tools,

203

so go ahead and look into this device real quick.

204

I am just a figment of your imagination.

205

All right, guys, you just watched a tutorial about Enterprise Oracle Forms with Microsoft Silverlight.

206

Make sure to smash that like button and subscribe for more benign and totally not illegal programming content.

207

Huge thanks to Hostinger for sponsoring,

208

and make sure to check out their platform to get the best deal on your own virtual private server in the industry.

209

Thanks for watching, and I will see you in the next one.

TRENDING

ยอดนิยม

เทคนิค Shadowing คืออะไร?

Shadowing เป็นเทคนิคการเรียนรู้ภาษาที่ได้รับการรับรองทางวิทยาศาสตร์ พัฒนาขึ้นสำหรับการฝึกนักแปลมืออาชีพ วิธีการนี้เรียบง่ายแต่ทรงพลัง: คุณฟังเสียงภาษาอังกฤษจากเจ้าของภาษาและพูดตามทันที — เหมือนเงาที่ตามผู้พูดด้วยช่วงเวลาห่าง 1-2 วินาที การวิจัยแสดงว่าเทคนิคนี้ปรับปรุงความแม่นยำในการออกเสียง ทำนองเสียง จังหวะ การเชื่อมเสียง การฟังเข้าใจ และความคล่องแคล่วในการพูดได้อย่างมีนัยสำคัญ

☕ เลี้ยงกาแฟเราสักแก้ว

ShadowingEnglish ยังคงเปิดให้ใช้งาน ฟรี 100% ได้ด้วยการสนับสนุนจากคุณ ค่าใช้จ่ายสำหรับเซิร์ฟเวอร์และ AI นั้นสูงมาก — กาแฟของคุณช่วยให้เราเดินหน้าต่อไปได้! 🙏

บริจาคผ่าน PayPal

ShadowingEnglish.com – ฝึกพูดภาษาอังกฤษแบบ Shadowing

ฝึกพูดภาษาอังกฤษด้วยเทคนิค Shadowing จากวิดีโอ: 10 open source tools that feel illegal...

ยอดนิยม

ทำไมถึงควรฝึกพูดกับวิดีโอนี้?

ไวยากรณ์ & สำนวนในบริบท

กับดักในการออกเสียงที่พบบ่อย

เทคนิค Shadowing คืออะไร?

ฝึกพูดภาษาอังกฤษด้วยเทคนิค Shadowing จากวิดีโอ: 10 open source tools that feel illegal...

ดาวน์โหลดแอป

ทำไมถึงควรฝึกพูดกับวิดีโอนี้?

ไวยากรณ์ & สำนวนในบริบท

กับดักในการออกเสียงที่พบบ่อย

เทคนิค Shadowing คืออะไร?