- Installing Social Engineering Toolkit (Page 12)
- Saving Custom Password Lists (Page 10)
- Start Metasploit (Page 7)
- Changes with PeepingTom
- Huge list of optional tools
- bypassuac update
- Nishang has moved (page 16)
- SMBExec Update (Page 8)
- PowerShell Invoke-Shellcode (Meterpreter)
- Obscure System's post-exploitation (Page 121)
- Index for The Hacker Playbook
- Free Radius update (Page 205)
- Mimikatz Binary Update
- Get in touch
- Document info
It looks like there was a change to SET on page 12. Here is the updated GIT Command:
git clone https://github.com/trustedsec/social-engineer-toolkit.git set/
It looks like the old link is now dead
https://mega.co.nz/#!3VZiEJ4L!TitrTiiwygI2I_7V2bRWBH6rOqlcJ14tSjss2qR5dqo
Try these other links:
- https://mega.co.nz/#!VIwSmYhL!Q_u0io3nSxIeVnquONJcfb7D7aO0_fpi9SxSchR1mTM
- http://www.filedropper.com/crackstation-human-onlytxt
- https://www.dropbox.com/s/ucreldsa3qt1rms/crackstation-human-only.txt.gz?dl=0
Thanks Andreas!
Editors note: I recommend using 10 million passwords instead of trying to find a link through Mega. I assume the content within is probalby similar to the original mega file.
cd ~/Desktop/password_list
wget https://github.com/danielmiessler/SecLists/raw/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt
If you have the space, you can choose to download and unzip the aboslutely MASSIVE RockYou2021.
To give you an idea of just how massive this list is, I tried to expand my VM instance by an additional 70GB in addition to the free space I already had, and I still ran out of space to unzip the first of TWO files. This package is a combination of several other projects and previous works.
Download the torrent: https://anonfiles.com/daLbwb0eu5/rockyou2021TXT_Wordlist_torrent
cd ~/Downloads/directory/path/here
7z e RockYou2021.txt.7z.001
7z e RockYou2021.txt.7z.002
service Metasploit start
Should be replaced with
service metasploit start
Thanks John!
I have included the old version here: On your Kali Linux Box, run the following commands from a terminal:
cd /opt/
wget http://thehackerplaybook.com/Download/peepingtom.zip
unzip peepingtom.zip
cd peepingtom
chmod +x *
On your Kali Linux Box, run the following commands from a terminal
mkdir /opt/gitlist/
cd /opt/gitlist
git clone https://github.com/macubergeek/gitlist.git
cd gitlist
chmod +x gitlist.sh
./gitlist.sh
The book points to:
wget http://www.secmaniac.com/files/bypassuac.zip
to download the bypassuac files, but the updated link should be:
http://thehackerplaybook.com/Download/bypassuac.zip
Thanks Patrick!
Nishang has moved over to github. Instead of:
https://code.google.com/p/nishang/downloads/list
Try:
https://github.com/samratashok/nishang
Thanks Don!
SMBExec updated and has a new Git Repo. So instead of:
git clone https://github.com/brav0hax/smbexec.git
Try:
git clone https://github.com/pentestgeek/smbexec.git
If you've been hard coding your Invoke-Shellcode.ps1 files to download and execute from github (Originally found here: https://raw.githubusercontent.com/mattifestation/PowerSploit/master/CodeExecution/Invoke-Shellcode.ps1), make sure you grab the newest one, as the original is not working (on purpose). As stated by mattifestation, you should NOT blindly run a remote powershell script from github. If you need to, fork it!
Link fix
Thanks Joe!
Thanks to Joe, he put together an index for The Hacker Playbook!!!
http://www.cise.ufl.edu/~jnw/thehackerplaybookindex
It looks like Free Radius changed their website.
Change:
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12. tar.bz2
To:
wget ftp://ftp.freeradius.org/pub/freeradius/old/freeradius-server-2.1.12.tar.bz2
Thanks Jason!
https://github.com/gentilkiwi/mimikatz/releases/latest
If you would like to get in touch with the author or have general inquiries about the book
Note: This document was forked and transcribed on 30 JUN 2022. The orginial information was written on/around 2 MAY 2018.
Metasploit is not implemented as a service any longer.
If you have already run service postgresql start, then all you need to do is run msfconsole. You can also search through the taskbar for metasploit framework.