Claude Code Plugins

Community-maintained marketplace

Feedback

Hacking Fundamentals

@zebbern/SecOps-CLI-Guides
10
0

This skill should be used when the user asks to "understand hacking basics", "learn about hacker types", "understand network protocols", "learn DNS concepts", "understand attack types", or "explore security tool categories". It provides foundational cybersecurity knowledge.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name Hacking Fundamentals
description This skill should be used when the user asks to "understand hacking basics", "learn about hacker types", "understand network protocols", "learn DNS concepts", "understand attack types", or "explore security tool categories". It provides foundational cybersecurity knowledge.
version 1.0.0
tags hacking, fundamentals, networking, DNS, protocols, attacks

Hacking Fundamentals

Purpose

Provide foundational knowledge of hacking concepts, network protocols, attack methodologies, and security tools. This skill covers essential theory for aspiring penetration testers and security professionals including network architecture, DNS operations, attack classifications, and tool categories.

Prerequisites

Required Knowledge

  • Basic computer literacy
  • Understanding of operating systems
  • Familiarity with command-line interfaces

Recommended Background

  • Networking concepts
  • TCP/IP fundamentals
  • Basic security awareness

Outputs and Deliverables

  1. Conceptual Understanding - Hacking terminology and classifications
  2. Network Knowledge - Protocol and architecture comprehension
  3. Attack Recognition - Active and passive attack identification
  4. Tool Familiarity - Security tool categories and applications

Core Workflow

Phase 1: Hacker Classifications

Understanding hacker types and motivations:

White Hat Hackers

  • Ethical hackers and security professionals
  • Perform authorized penetration testing
  • Work to improve organizational security
  • Also called: penetration testers, sneakers, red teams

Black Hat Hackers

  • Malicious actors seeking unauthorized access
  • Breach systems for profit or damage
  • Also known as crackers
  • Target selection: reconnaissance → information gathering → attack

Grey Hat Hackers

  • Operate between ethical and malicious
  • May act illegally with good intentions
  • Often disclose vulnerabilities publicly
  • Not motivated by personal gain

Other Categories

  • Blue Hat: External consultants testing systems pre-launch
  • Elite Hackers: Highly skilled, discover zero-days
  • Script Kiddies: Use pre-made tools without understanding
  • Hacktivists: Politically or socially motivated
  • Nation State: Government-sponsored cyber operatives

Phase 2: Network Fundamentals

Understanding network types and architecture:

Network Types

Type Description
LAN Local Area Network - computers in same building
WAN Wide Area Network - geographically distributed
MAN Metropolitan Area Network - city-wide coverage
VPN Virtual Private Network - encrypted tunnel
Intranet Private internal company network
Extranet Extended intranet for external partners

Network Benefits for Attackers

  • Resource sharing creates attack surfaces
  • File sharing enables data exfiltration
  • Program sharing may expose vulnerabilities
  • Centralized services create single points of failure

Phase 3: Protocol Understanding

Key protocols for security assessment:

IP Addressing

# Private IP ranges (non-routable)
10.0.0.0 - 10.255.255.255        # Class A
172.16.0.0 - 172.31.255.255      # Class B
192.168.0.0 - 192.168.255.255    # Class C

# Find your IP
ipconfig /all                     # Windows
ip addr                           # Linux
curl ifconfig.me                  # Public IP

Common Protocols

Protocol Port Purpose
FTP 20, 21 File transfer
SSH 22 Secure remote access
Telnet 23 Unencrypted remote access
SMTP 25 Email transmission
DNS 53 Name resolution
HTTP 80 Web traffic
POP3 110 Email retrieval
IMAP 143 Email access
HTTPS 443 Encrypted web traffic
RDP 3389 Windows remote desktop

SSH Capabilities

  • Secure encrypted remote login
  • Protection against IP spoofing
  • Port forwarding/tunneling
  • Replacement for rlogin, rsh, rcp
# SSH connection
ssh user@target.com

# SSH tunneling (port forwarding)
ssh -L 8080:localhost:80 user@target.com

# Dynamic port forwarding (SOCKS proxy)
ssh -D 9050 user@target.com

Phase 4: DNS Architecture

Understand Domain Name System operations:

DNS Hierarchy

Root (.)
├── .com (gTLD)
│   └── example.com
│       └── www.example.com
├── .org (gTLD)
├── .net (gTLD)
└── .uk (ccTLD - Country Code)

DNS Record Types

Record Purpose
A Maps hostname to IPv4 address
AAAA Maps hostname to IPv6 address
PTR Reverse lookup (IP to hostname)
NS Authoritative name servers
MX Mail exchange servers
CNAME Canonical name (alias)
TXT Text records (SPF, DKIM)
SOA Start of authority

DNS Query Process

  1. Client queries local DNS resolver
  2. Resolver checks cache
  3. If not cached, query root servers
  4. Root refers to TLD servers (.com)
  5. TLD refers to authoritative nameserver
  6. Authoritative returns IP address
  7. Resolver caches and returns to client

DNS Enumeration Commands

# Basic DNS lookup
nslookup target.com
dig target.com

# Specific record types
dig target.com MX         # Mail servers
dig target.com NS         # Name servers
dig target.com TXT        # Text records
dig target.com AXFR       # Zone transfer attempt

# Reverse lookup
dig -x 192.168.1.1

# Use specific DNS server
dig @8.8.8.8 target.com

Phase 5: Proxy Servers

Understanding proxy types and uses:

Proxy Types

Type Description
Anonymous Hides client IP from server
High Anonymity Doesn't identify as proxy
Transparent Forwards requests without hiding identity
Reverse Protects backend servers

Proxy for Security Testing

# Configure proxy in terminal
export http_proxy=http://proxy:port
export https_proxy=http://proxy:port

# Burp Suite default proxy
http://127.0.0.1:8080

# Tor SOCKS proxy
socks5://127.0.0.1:9050

Privacy Benefits

  • Mask source IP address
  • Bypass geographic restrictions
  • Encrypted tunnels for sensitive traffic
  • Chain proxies for enhanced anonymity

Phase 6: Active Attack Types

Attacks requiring direct interaction:

Masquerade Attack

  • Attacker impersonates legitimate user
  • Uses stolen credentials or session tokens
  • Exploits authentication weaknesses
  • Gains unauthorized privileges

Session Replay Attack

  • Captures valid session tokens
  • Replays authentication to gain access
  • Requires interception of session data
  • Mitigated by session timeouts and tokens

Message Modification Attack

  • Intercepts data in transit
  • Modifies packet headers or content
  • Redirects traffic to malicious destinations
  • Man-in-the-middle variations

Denial of Service (DoS)

  • Overwhelms target with traffic
  • Depletes system resources
  • Prevents legitimate access
  • Variations: SYN flood, UDP flood, HTTP flood

Distributed DoS (DDoS)

  • Multiple sources attack single target
  • Uses botnet/zombie networks
  • Harder to mitigate than single-source
  • Amplification attacks multiply traffic

Phase 7: Passive Attack Types

Attacks gathering information without detection:

Passive Reconnaissance

  • Monitors without interaction
  • Session capture and analysis
  • Network traffic sniffing
  • No direct engagement with target

Active Reconnaissance

  • Engages with target system
  • Port scanning
  • Service enumeration
  • Banner grabbing

Specific Techniques

  • War Driving: Detecting vulnerable WiFi networks
  • Dumpster Diving: Searching discarded materials
  • Shoulder Surfing: Observing user activity
  • Promiscuous Mode: Capturing all network traffic

Phase 8: Password Cracking Tools

Tools for password recovery and testing:

Online Attack Tools

# Hydra - network password cracker
hydra -l admin -P wordlist.txt ssh://target.com
hydra -L users.txt -P passwords.txt ftp://target.com

# Medusa - parallel password cracker
medusa -h target.com -u admin -P wordlist.txt -M ssh

# Ncrack - network authentication cracker
ncrack -p 22 --user admin -P wordlist.txt target.com

Offline Attack Tools

# John the Ripper
john --wordlist=rockyou.txt hashes.txt
john --show hashes.txt

# Hashcat - GPU-accelerated
hashcat -m 0 hashes.txt rockyou.txt      # MD5
hashcat -m 1000 hashes.txt rockyou.txt   # NTLM

# Ophcrack - Windows password cracker
ophcrack -g -d tables -t tables -f hash.txt

WiFi Password Tools

# Aircrack-ng suite
airmon-ng start wlan0
airodump-ng wlan0mon
airodump-ng -c [channel] --bssid [BSSID] -w capture wlan0mon
aireplay-ng -0 10 -a [BSSID] wlan0mon
aircrack-ng -w wordlist.txt capture.cap

Phase 9: Network Scanning Tools

Tools for discovery and enumeration:

Nmap - Network Mapper

# Host discovery
nmap -sn 192.168.1.0/24

# Port scanning
nmap -sS target.com              # SYN scan
nmap -sV target.com              # Version detection
nmap -O target.com               # OS detection
nmap -A target.com               # Aggressive scan
nmap -p- target.com              # All ports

# Script scanning
nmap --script=vuln target.com
nmap --script=http-enum target.com

Traffic Analysis Tools

# Wireshark - GUI packet analyzer
wireshark

# tcpdump - CLI packet capture
tcpdump -i eth0 -w capture.pcap
tcpdump -r capture.pcap

# Ettercap - MITM tool
ettercap -T -M arp:remote /target1// /target2//

Web Scanning

# Nikto - web vulnerability scanner
nikto -h http://target.com

# Skipfish - web application scanner
skipfish -o output http://target.com

# W3af - web attack framework
w3af_console

Phase 10: Forensics and Debugging Tools

Tools for investigation and analysis:

Digital Forensics

Tool Purpose
Sleuth Kit Disk image analysis
Autopsy GUI for Sleuth Kit
Volatility Memory forensics
FTK Imager Disk imaging
Encase Enterprise forensics

File System Analysis

# Sleuth Kit commands
fls -r image.dd               # List files recursively
icat image.dd [inode]         # Extract file by inode
mmls image.dd                 # Partition layout

# Volatility memory analysis
volatility -f memory.dmp imageinfo
volatility -f memory.dmp --profile=Win7SP1x64 pslist
volatility -f memory.dmp --profile=Win7SP1x64 netscan

Packet Crafting

# Scapy - Python packet manipulation
from scapy.all import *
packet = IP(dst="target.com")/TCP(dport=80)
send(packet)

# Hping3 - packet crafting
hping3 -S target.com -p 80     # SYN packet
hping3 --flood target.com       # Flood mode

Quick Reference

Essential Ports

Port Service Notes
21 FTP File transfer
22 SSH Secure shell
23 Telnet Unencrypted
25 SMTP Email
53 DNS Name resolution
80 HTTP Web
443 HTTPS Secure web
445 SMB Windows shares
3389 RDP Remote desktop

Attack Type Summary

Attack Type Goal
DoS/DDoS Active Deny availability
Masquerade Active Impersonate user
Session Replay Active Steal access
War Driving Passive Find WiFi
Sniffing Passive Capture traffic

Tool Categories

Category Examples
Password Hydra, John, Hashcat
Scanning Nmap, Nessus, Nikto
Traffic Wireshark, tcpdump
Forensics Sleuth Kit, Volatility
Exploitation Metasploit, Burp Suite

Constraints and Limitations

Legal Considerations

  • Only test systems with authorization
  • Document all testing activities
  • Understand local cybercrime laws
  • Obtain written permission before testing

Ethical Guidelines

  • White hat mindset required
  • Report vulnerabilities responsibly
  • Protect discovered data
  • Never cause unnecessary harm

Troubleshooting

Network Issues

Cannot reach target:

  1. Verify network connectivity
  2. Check firewall rules
  3. Confirm target is online
  4. Try different ports/protocols

Tool Failures

Scans returning no results:

  1. Verify target address
  2. Check for IDS/IPS blocking
  3. Try slower scan rates
  4. Use different techniques