cybersecurity
Nmap
Kali Linux
ethical-hacking
brute-force
protocols
tools
Kali Linux is not just an operating system. Kali is a gateway. A gateway to a world where knowledge and curiosity come together to challenge boundaries. When you power it on, you're not just facing a simple computer; you're facing a tool forged to unveil the shadows that others prefer to ignore.
This system is not for those who fear making mistakes, nor for those looking for shortcuts. Kali invites you to face the unknown, to explore every corner with patience and respect. Here you'll find an arsenal, yes, but more than weapons, Kali offers you power: the power to discover, to understand, to protect, and also to question.
Within Kali reside thousands of tools, each with its purpose and ready to be awakened by those with the will to learn and the courage to persist. From silent network scanning to deep system intrusion, Kali is your companion, your ally on this journey.
But beware: Kali is not magic nor a guarantee of success. It is only the reflection of your commitment, your effort, your desire to grow. Every command you write, every line you execute, is another step in your transformation. Kali is the mirror where you'll see your best version reflected, the one that decides never to give up.
Today, when you sit in front of Kali, remember that you are facing much more than an operating system. You are facing a challenge. And only those who accept that challenge can discover the strength within themselves.
Imagine for a moment that the digital world is a gigantic city, alive, in constant motion. Every device—a computer, a server, your phone, even your router—is like a house, a building, a station. All are connected by invisible streets where information circulates, like letters, packages, whispers, or shouts.
But for that information to reach its destination correctly, it must follow certain rules. You can't send a message in a language the other side doesn't understand. You can't speak without first agreeing on how and when to respond. In this world, as in ours, there are rules that enable communication.
We call these rules network protocols.
A protocol is simply an agreement. A set of rules that defines how two systems communicate with each other. How a server is greeted. How it responds. How information is organized. How it ensures that what is sent arrives complete and without errors.
Each protocol has its purpose. Some are used to browse websites (like HTTP), others to send emails (SMTP), others to share files (like FTP), and others for remote connections (like SSH). When you open a page, watch a video, or log in... in the background, multiple protocols are negotiating, talking, making sure everything works.
As a hacker, your task is to read those conversations, understand their structures, detect their weak points. And above all, recognize when someone has forgotten to follow the rules or has trusted too much that no one was listening.
Mastering protocols is not just about technique. It's about learning to listen in a world where almost everyone shouts, but very few understand.
When you face a machine, the first thing you need to know is what is exposed. Which ports are open, what services run on them, what versions they use, and if any of those pieces have a known vulnerability. That's what Nmap is for.
Nmap (Network Mapper) is a network scanning tool used to discover active hosts, open ports, services, versions, and possible vulnerabilities. It is essential in any security audit or network analysis, and is one of the first steps in assessing a remote machine.
When you run a scan with Nmap, you send specific packets to an IP address (or range of IPs) and analyze the responses. Depending on the type of scan, you can discover which ports are open, what services occupy them, and if there is any additional information to help you move forward.
Here are the most useful and commonly used Nmap commands:
1nmap <IP>
Basic scan. Detects which common ports are open.
1nmap -sS <IP>
SYN scan ("stealth scan"). Sends SYN packets without completing the TCP connection. Fast and discreet.
1nmap -sV <IP>
Attempts to identify the service and version behind each open port.
1nmap -sC <IP>
Runs Nmap's default scripts (NSE – Nmap Scripting Engine). Very useful for initial analysis.
1nmap -sCV <IP>
Combines the previous two: detects versions + runs basic scripts. Widely used in pentesting.
1nmap -p 80,443,22 <IP>
Scans only the specified ports. Saves time if you already know where to look.
1nmap -p- <IP>
Scans all ports (1 to 65535). Ideal when you suspect something is outside the common range.
1nmap --open <IP>
Shows only open ports. Hides closed or filtered ones.
1nmap -T5 <IP>
Aggressive scan (maximum speed). Useful in controlled environments, but can be easily detected.
1nmap --min-rate 1000 <IP>
Forces a minimum packet rate per second. Speeds up the scan if your connection allows it.
1nmap --script vuln <IP>
Runs scripts that detect known vulnerabilities in the found services.
1nmap -v / -vv / -vvv <IP>
Enables different verbosity levels. The higher, the more details you'll see in real time.
1nmap -oN scan.txt <IP>
Saves the scan result to a text file. Ideal for documentation.
Because in cybersecurity, seeing what others don't is the first step.
And Nmap lets you see clearly: not just what's there, but how it's configured, what can fail, and what path you can take.
Once you master Nmap, you stop knocking on doors blindly. You start reading the architecture of systems like reading a map: understanding that every open port is a possibility. Or a warning.
And this is where your analytical ability matters more than any tool.
FTP (File Transfer Protocol) is a protocol that allows file transfers between two systems over a network. It was created in the 1970s, and although it has been replaced in many environments by more secure alternatives (like SFTP), it is still in use. Its big problem is that it does not encrypt information: everything, including credentials, travels in plain text.
Many FTP servers are misconfigured. The most common mistake is allowing anonymous access, which means anyone can enter by typing “anonymous” as the username, with no password required.
From your Kali machine, you can try connecting to an FTP server using:
1ftp <server_IP>
When it asks for the username, type:
1Name: anonymous 2Password: (press Enter)
If the server is vulnerable, you'll get in. But that doesn't mean there aren't other users with more privileges and information than anonymous, so check carefully.
When a system allows authentication with username and password but doesn't enforce effective limits or defenses, it opens the door to a very common attack: brute force. This type of attack consists of trying thousands or millions of combinations until the correct one is found. And although it sounds slow or rudimentary, it still works in many poorly configured environments.
This is where Hydra comes in, a tool specifically created to perform brute force attacks against network services like FTP, SSH, HTTP, SMB, and many others. Hydra automates the process: it takes a list of users, a list of passwords, and tries each combination one by one against the target. When it finds one that works, it tells you immediately.
For Hydra to work, it needs what's known as a password dictionary. A dictionary is simply a text file with thousands (or millions) of possible passwords, one per line. They're not random guesses: many come from real leaks in hacked databases.
The most well-known dictionary in the pentesting world is rockyou.txt.
In 2009, the company RockYou, which offered widgets and games for social networks like MySpace and Facebook, suffered a major data breach. Someone exploited a vulnerability on their site and managed to extract a complete database with over 32 million accounts.
The most shocking part was that the passwords were stored in plain text, unencrypted, which turned that leak into a gold mine for analyzing real passwords.
Soon after, the security community extracted the passwords from the database and compiled them into a single file: rockyou.txt. Since then, this dictionary has become a standard resource for security auditors, researchers, and pentesters.
What makes rockyou.txt so effective is that it contains real passwords that real people used. Many are simple, common, or predictable: “123456”, “qwerty”, “iloveyou”, “dragon”, “pokemon”... and surprisingly, many of them still work on current systems.
rockyou.txt and How Do You Use It?If you're using Kali Linux, you already have the file installed (though it may be compressed as .gz). You can decompress it like this:
1gunzip /usr/share/wordlists/rockyou.txt.gz
Once decompressed, it's ready to use with tools like Hydra. If you have a username, you can launch a brute force attack with this command:
1hydra -L user -P /usr/share/wordlists/rockyou.txt ftp://<target_IP>
Learning to use Hydra and understanding the value of a dictionary like rockyou.txt is not just about exploiting systems. It's about knowing the most common human errors. Because in the end, the most vulnerable passwords aren't the ones you break by force... they're the ones someone never thought needed protecting.
Now it's your turn to put it into practice. This knowledge is not just technical: it's a living warning of what happens when we underestimate security.
There are things that are only said in a low voice, through secure channels. SSH is one of those channels. It doesn't shout, it doesn't boast. It simply encrypts, protects, and connects.
SSH (Secure Shell) is a network protocol that allows you to remotely connect to another machine, almost as if you were sitting in front of it. But unlike other forms of access, SSH does it securely: everything you send and receive is encrypted.
When you use SSH, you open a tunnel between your terminal and the soul of another machine. A direct line to the heart of the system. From there you can list files, browse directories, run commands, create, delete, move. And if you have the right permissions, you can transform everything.
To connect, you need three things: the IP address or domain of the machine, a valid username on that system, and its password or a private key. And the command is simple but powerful:
1ssh user@IP
For example:
1ssh mike@192.168.56.110
If everything is correct, it will ask for the password. Once inside, your terminal is no longer yours: it's the remote system's. You're speaking from within. And that carries weight, a responsibility.
SSH is one of the most used tools by administrators, developers, pentesters, and attackers. Because it's direct, fast, and extremely useful.
And now it's in your hands too. But remember: being inside isn't everything. What matters is what you do once you get there.
FTP and SSH are two ways to talk to a remote machine... but they don't speak the same language or with the same intention.
FTP is old. It was born in an era where trust was the norm, not the exception. It allows you to transfer files between your computer and another system, but it does so without protection: data travels in plain text, visible, vulnerable, like letters without an envelope. Any curious eye between the source and destination can read what you send, including passwords.
SSH, on the other hand, was born from the open wound of insecure protocols. It encrypts every word, every letter, every movement. It not only allows you to send files (via scp or sftp), but also to control the machine from the terminal. It's a silent guardian that protects the conversation between you and the remote system.
The difference is not just technical. It's ethical. FTP trusts without asking. SSH protects even when no one is watching.
And you, now that you know both paths, will know when to use them... and why.