Total Newbs Seeking Help Cometh Ye Here

[jackjump]

Hello there fellow hackers/netizens

I have installed Kali Linux on Virtual Box on Windows and it's running fine. I'd like to learn more about hacking and how I can protect myself from such attacks. So to start with, I've loaded a pdf with a meterpreter reverse tcp payload on metasploit and the target has downloaded it and opened the file. How do I know if meterpreter is running in the target computer ? Is there anything I have to do on my end to start the installation ? And I can't seem to get the meterpreter> prompt no matter what I do on the terminal. Need beginner's level help if any of you have to know-how and are willing to guide me.

Many Thanks in advance

[newbi3]

Metasploit is cool and all and you can use it as much as you want to but at the end of the day you don't learn anything if you're goal is to learn then put down the metasploit and the kali (keep the linux just a more day-to-day distro) and pick up programming and reading about how stuff works. Learn the hardware in computers, learn how the software works, learn the protocols that computers use to talk to each other. Learn everything you can about everything. But to answer your question if meterpreter ran then you would have seen a session open in metasploit unless you didn't have it properly configured and did port forward (assuming it was over the internet)

[jackjump]

I wanted to start with the "fun" stuff like kali and metasploit and ipchains and all that but thanks for the advice. I don't really know where to start, though. Do I start learning C language first ?
How do I check my sessions in metasploit ? cuz the "msf> sessions" command shows no active sessions and some other sites say I have to install something called samba first ? I take it the no active sessions thing is a sign I didn't set up the payload correctly ?

[Mr-Protocol]

I would say get the basics down. Maybe make sure you know your A+, N+, etc. Then move on to linux and pen testing.

Metasploit References: http://www.offensive-security.com/metasploit-unleashed/Main_Page

[3mrgnc3]

Another excellent resource is Vivek Ramachandra's securitytube.net site.

The megaprimers section is particularly good.

http://www.securitytube.net/groups?operation=view&groupId=10

But, as has been said. Grab something like linux mint, Debian 7, or one of the myriad other *nix distributions out there. And use it day to day. Play with bash to run stuff you normally use a gui for. Tinker and play and jump in the forums.

And do it because you love it.

Peace.

Edited October 4, 2014 by 3mrgnc3

[jackjump]

Will try mastering some languages first but how will that help me with metasploit ? Doesn't it run its own string of commands ? Or will that allow me to know the basics of terminal control which is universal (I presume) for these things ? And Metasploit Unleashed is cool but is there any site that gives step by step pics/instructions ? I've tried WonderHowTo.com : How To Hack Like A Pro but sometimes there seem to be missing steps.

The securitytube looks very informative, thanks.

[cooper]

The problem people are pointing out is that from the looks of things, you've been merrily using Windows like any other member of the public, decided you wanted to hack, did a tiny bit of research, found that Metasploit was mentioned quite often and figured that's what you needed to learn. As you may or may not know, it doesn't really work like that... It can, but then you'd be a script kiddie and we're trying our damndest to make sure people either become hackers, or just stay part of the unwashed masses.

The general concensus here is that you should first come to grips with Linux itself, then figure out what makes certain programs exploitable and only then figure out how to point Metasploit at it.

The comparison that works well for me is a personal anecdote. I once worked at a bank that had just been taken over. All IT jobs were being shipped to India and a large contingent of Indians came to the bank for knowledge transfer. The guy responsible for keeping the bank's very, very large Oracle cluster going got into a meeting with his Indian replacement and discovered that the guy's total database knowledge comprised of once having fiddled a bit with MS Access. He walked out of the meeting and said he wasn't going to talk to anybody from the other side who didn't have appropriate certifications.

At this point, to most people here, YOU are like that indian fellow.

One thing you could try to make people understand you're NOT like that indian fellow is to say "I want to do X. I tried doing this by performing steps A, B and C, but I get an error and I don't understand why. Thoughts?"

[jackjump]

Well, if I came off as a presumptuous person/that indian fellow that was not my intention, I assure you. At no point did I even remotely begin to assert that I was anywhere near the level of knowledge of the users around here. I signed up on a few hacker forums online and this one seemed legit so I thought I would seek help here, as well. I didn't know that I was so out of my depth that asking a few questions (albeit they might seem like utterly stupid questions to you) could generate such contempt/annoyance/whatever that was. If I asked a question here, it would be because I had nobody to ask, could not find a clear answer online (where I looked, anyway) and had no easily accessible learning resource to refer to.

My thought process was that people on the forums would be kind enough to point me in the right direction or even answer some of my questions (which some users very kindly did). But to you, sir, I must seem like a runaway fake-hacker throwing questions around trying to look smart and ignoring advice (or something of that sort) when I'm actually very grateful for anything you guys give me. I'm sorry for not having the adequate certifications, then. I apologise for my lack of hacking knowledge being such a nuisance to you and seeming like a little kid wannabe hacker. I'm sorry for treating you as a resource when I should be aware of the fact that this is an elite group of elite users such as yourself, sir, not aimed at catering to the babyish teaching needs of a fresh greenhorn. I'm sorry if my questions weren't phrased in the correct format to make people understand that my question was indeed an honest question and not a insufficiently eloquent foolish muttering of one of the unwashed masses.

[cooper]

So you're a decent english speaker. Good for you.

QFE

[..]you could try [...] to say "I want to do X. I tried doing this by performing steps A, B and C, but I get an error and I don't understand why. Thoughts?"

People here are *EAGER* to help. You just have to do 2 things:

1. At a certain step of the process to accomplish something you hit a brick wall and want to understand what's up. Describe that exact situation in as much detail as possible.

2. Show that you tried to find the answer yourself first, and did your bit in (re)searching the parts you were missing.

Before you do, make sure you've read this. It was the 3rd result when I googled for "Metasploit connect to remote meterpreter".

[jackjump]

So you do want to help. Good for me.
Because it certainly didn't seem that way to me when you first posted a reply to this post. Least of all, it sure didn't come off as eager.

Look, I don't expect everything to be handed to me roasted, sauced and peeled on a silver platter but I didn't even know to google "metasploit connect to remote meterpreter". I was googling things like "how to set up meterpreter", "how to use meterpreter on kali linux", "how do I know my payload was delivered metasploit" and the results I would get were something like these

http://www.hacking-tutorial.com/hacking-tutorial/5-steps-to-set-up-backdoor-after-successfully-compromising-target-using-backtrack-5/#sthash.4z3W2Sk6.dpbs
http://www.youtube.com/watch?v=oVuQUnXXeqI
http://null-byte.wonderhowto.com/how-to/hack-like-pro-metasploit-for-aspiring-hacker-part-1-primer-overview-0155986/
http://en.wikibooks.org/wiki/Metasploit/Tips_and_Tricks
http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Basics
http://convertaholics.com/playvideos1.php?queryType=show_video&videoId=gqaPSJ1V9Jg&sk=&page_no=1

While I have looked on metasploit unleashed (although I have not read everything on there) this is my first time even seeing the phrase "Metsvc". And since I now know that metasploit runs Ruby, will learning C, C++, Java help with learning Ruby or should I just learn Ruby first ?

[3mrgnc3]

Don't mind Cooper. He always has to give a contrary response in a thread. It's just how he wards of the script kiddie wannabes. He's doing the forum a service really.

Look, try not to take it personally, we have tried to give you the advice we think will best help you.

To be honest, if you aren't yet comfortable with Linux as your day to day pc I seriously recommend you make the switch to something like linux mint. Just by doing that and using it regularly you will become proficient in the basics as you encounter all of the small day to day intricacies of using a nix box.

It is entirely your choice friend, but I would make sure to do this before jumping into "Firing explots at boxes" and writing Ruby.

All the best.

[jackjump]

Oh, I won't take it personally and I'm all for contrarian viewpoints. Cooper's obviously someone who knows this stuff better than me. He just came off as a bit unnecessarily rude seeing as this topic is meant for newbs and that got me wondering whether the hacker forums really weren't meant for beginners or rudimentary questions.

Anyway, daily usage of Linux mint and programming basics first. Okay.
Thanks

Edited October 5, 2014 by jackjump

[3mrgnc3]

Oh, I won't take it personally and I'm all for contrarian viewpoints. Cooper's obviously someone who knows this stuff better than me. He just came off as a bit unnecessarily rude seeing as this topic is meant for newbs and that got me wondering whether the hacker forums really weren't meant for beginners or rudimentary questions.

Anyway, daily usage of Linux mint and programming basics first. Okay.

Thanks

You're welcome.

And good luck mate

?