Once a hacker runs this script against a vulnerable machine and the script works, he will have root access to the target computer. Many exploits are created and tested in specific environments and the expected outcome only happens when the exploit is run in the exact same environment.
That is another reason why programming knowledge is needed, so you could edit the exploit script to work for you. Once a skilled hacker gains root to a server he has the ability to do a lot of damage.
Countermeasures There are a few things you can do to stay secure from network hacking attempts. Keep all your software up to date. There will always be new vulnerabilities coming out, and your responsibility is to patch them immediately after a patch comes out. Implement a firewall. This will keep most of the bad data out and good data in. Install anti-virus software. Scan your system with a vulnerability scanner.
This may reveal possible vulnerabilities in your system. You can get internet access with a wireless enabled laptop almost everywhere you go. In this chapter I will discuss ways a hacker goes about getting into secure wireless networks and things he can do once he is inside.
The hacker starts by scanning for wireless networks near him. The Windows tool we will use in this section is called NetStumbler. Also by the time you receive this eBook MacStumbler may already be released for those of you using a Mac. Download and install NetStumbler. Run it. It automatically starts to scan for wireless access points.
Once it is completed, you should see a list of all the wireless access points around you. The more green and the less spaces, the better the signal. It provides the MAC address, Channel number, encryption type, and a bunch more. All of these come in use when a hacker decides he wants to get in the secured network by cracking the encryption. Backtrack comes with a huge list of preloaded software for this very purpose. Before we begin, there are a couple requirements: 1.
You need a computer with a compatible wireless adapter. Download Backtrack and create a Live CD. First we will find a wireless access point along with its bssid, essid and channel number. To do this we will run kismet by opening up the terminal and typing in kismet.
It may ask you for the appropriate adapter which in my case is ath0. To be able to do some of the later things, your wireless adapter must be put into monitor mode. Kismet automatically does this and as long as you keep it open, your wireless adapter will stay in monitor mode.
Each one stands for a different type of encryption. In our case we will be looking for access points with the WEP encryption. Once you find an access point, open a text document and paste in the networks broadcast name essid , its mac address bssid and its channel number. The next step is to start collecting data from the access point with airodump.
Open up a new terminal and start airodump by typing in the command: airodump-ng -c [channel ] -w [filename] --bssid [bssid] [device] In the above command airodump-ng starts the program, the channel of your access point goes after -c , the file you wish to output the data goes after -w , and the MAC address of the access point goes after --bssid. The command ends with the device name.
Make sure to leave out the brackets. Leave the above running and open another terminal. Next we will generate some fake packets to the target access point so that the speed of the data output will increase. Put in the following command: aireplay-ng -1 0 -a [bssid] -h -e [essid] [device] In the above command we are using the airplay-ng program.
The -1 tells the program the specific attack we wish to use which in this case is fake authentication with the access point. The 0 cites the delay between attacks, -a is the MAC address of the target access point, -h is your wireless adapters MAC address, -e is the name essid of the target access point, and the command ends with the your wireless adapters device name. Now, we will force the target access point to send out a huge amount of packets that we will be able to take advantage of by using them to attempt to crack the WEP key.
Once the following command is executed, check your airodump-ng terminal and you should see the ARP packet count to start to increase. Once you have collected around 50kk packets, you may begin the attempt to break the WEP key.
The command to begin the cracking process is: aircrack-ng -a 1 -b [bssid] -n [filename]. This should crack the WEP key within seconds. The more packets you capture, the bigger chance you have of cracking the WEP key. With all the different computers and network adapters out there, you may come across a error occasionally. If you get stuck, remember, Google is your friend! Packet sniffing is the act of capturing packets going through a network.
With a packet sniffer, once a hacker gains access to wireless network he could intercept private information going through a network such as: usernames, passwords, IM conversations, and e-mails.
Download and install Wireshark. Launch it and click on the option to list the available capture interfaces as shown below. Next choose the target to begin to capture their packets and click on start. Many captured packets shows that the user is currently active. Now to show you an example of how Wireshark can be used I will start up Windows Live and send a message. As you will see in the image below, my whole conversation will be captured. As you can see, my message is displayed at the bottom.
If I continue down the list I can see the whole conversation. Change your routers default password and make sure you have WAP encryption enabled. It is better than nothing. Use a long secure password for your router. Include numbers, lowercase letters, uppercase letters and other symbols. The more obscure the better. Make sure your router has the option to not broadcast your SSID enabled. This will prevent some programs like Net Stumbler from locating your wireless network.
Use MAC filtering on your router. Every wireless card and wireless adapter has a MAC address. By choosing to allow only your MAC addresses onto the network, you can keep a lot of attackers out. To prevent packet sniffing attacks from affecting you, make sure the important sites you use, like banks, use SSL Secure Socket Layer encryption. The only thing required is for the target machine to have file and printer sharing enabled and to have port open. First the hacker would search for a target.
A common tool used by hackers is Angry IP Scanner. Download and install it. Next the hacker would insert the IP range he would like to scan. Click the downward arrow on the right and check the Scan ports box. A popup will come up asking you if you would like to select a new port. Click YES. Type in the port number into the first box and click OK.
Click start. As you can see Ips were scanned. Out of those only one was alive and luckily it has port open. Without it, this attack is not possible. This means that file and printer sharing is enabled. This command will display any shared drives, folders, files or printers. In my case, I got the following: In my example, I have two printers shared and one disk named SharedDocs. The hacker would be able to take control of my printers and view everything in my SharedDocs disk. To gain access to my SharedDocs disk, the hacker would have to map out the drive onto his computer.
If successful, the hacker will have all the contents of my drive on his computer. This just tells the computer what to name the drive on your computer. Looks like I already have a drive G. To avoid this problem, go to My Computer where it will show all of your current Drives.
To fix this simply change the letter G to a nonexistent drive letter. Once the command is completed successfully, go to My Computer and you should see a new drive under Network Drives. Double clicking it brings up all of the targets documents. Ophcrack is a Windows only password cracker, and it uses rainbow tables to get the job done quickly.
Windows uses a couple a couple types of hashes. One of them is the LM Lan Manager hash. If a password is longer than seven characters, then it is split into seven character chunks, made into all uppercase, and then hashed with the DES encryption. Because it is split into parts and made all uppercase, the total number of different password combinations goes down significantly, and makes it easier for hackers to crack the password.
So you might be wondering, how can I get a copy of those hashes? There are a couple ways. First download and install ophcrack. As you can see there are two versions. In this example we will be using the program itself in windows, so download the first option. Once you have it downloaded, install it.
When the option comes up to download rainbow tables, unclick them all and just install the program. It is better to download the rainbow tables separately. Once it is installed, go to the ophcrack website and click on Tables in the navigation. This will display all the tables you can download. As you can see, the more characters covered, the bigger the table gets. Choose the correct table for your operating system. In the example, I chose the largest possible free table.
Next run ophcrack and click on tables. Select the table you downloaded and click Install to locate the file on your computer. Hit OK to continue. Make sure all of your anti-virus and anti-spyware programs are disabled because most anti-virus programs mistake PWDUMP for a malicious program since it accesses the system files. This will load all the password hashes for all the users on your computer and display them.
Next click Crack and the program will begin to crack the password hashes. Go to the ophcrack website and choose the correct operating system LiveCD to download. With the downloaded. If this also fails, go into Ophcrack Text mode.
Once it ophcrack loads completely, it will automatically get your Windows password hashes and begin the cracking process. Network Connection 2. Everyday thousands of innocent people are getting infected by different types of malware. The most common types of malware today are viruses, worms and Trojans. In this chapter we will discuss all the types of malware, and give you an example of a windows trojan in use.
The reason we will use Windows is because malware is very rare in Linux and Mac computers. Definitions 1. Viruses — Viruses cannot spread without the help of us humans. They are like parasites because they need a host to attach themselves to. The host is usually a legitimate looking program or file. Once this program is launched, the virus is executed and infects other files on your computer.
Viruses can be very destructive. They can do damage to your computer hardware, software and files. Viruses are spread through the sharing of files and are many times sent within emails via attachments. Worms — A worm is a malicious program that can replicate itself onto other computers on a network.
Once it infects a system, it uses that system to send out other copies of itself to other random systems attempting to infect them. Trojan Horse — A trojan horse is a malicious program that can be used to do silly things to a system like changing its desktop, mess with the user interface, and take control of your mouse.
It can also be used for some serious things like accessing your data, erasing your files, stealing your passwords, and capturing your keystrokes. Logic Bombs — Logic bombs are usually pieces of code that are programmed into a program that lie dormant until a certain time or until a user does a certain action which causes it to be executed. Bacteria — Bacteria make many copies of themselves and eventually end up taking up all of the computers recourses such as all of its processor power, memory and disk space.
This results in the legitimate user losing access to those resources. Blended Threats — Blended threats combine all of the characteristics of the above and use them along with system vulnerabilities to spread and infect machines.
Download ProRat. Once it is downloaded right click on the folder and choose to extract it. A password prompt will come up. Open up the program. Next we will create the actual Trojan file.
Next put in your IP address so the server could connect to you. Next put in your e-mail so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options. Click on the General Settings button to continue. Here we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name.
As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up.
Check the bind option and select a file to bind it to. In the example I will use an ordinary text document. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. Click on Server Icon to continue. Here you will choose an icon for your server file to have.
The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document. Finally click on Create Server to, you guessed it, create the server file. Below is what my server file looks like.
A hacker could also put it up as a torrent pretending it is something else, like the latest game that just came out so he could get people to download it. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next. Once I run it the trojan will be installed onto my computer in the background. The hacker would then get a message telling him that I was infected.
He would then connect to my computer by typing in my IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to my computer and have full control over it.
Now the hacker has a lot of options to choose from as you can see on the right. He has access to all my computer files, he can shut down my pc, get all the saved passwords off my computer, send a message to my computer, format my whole hard drive, take a screen shot of my computer, and so much more.
The image below shows the message I would get on my screen if the hacker chose to message me. Below is an image of my task bar after the hacker clicks on Hide Start Button. Below is an image of what the hacker would see if he chose to take a screen shot of the victims screen. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti- virus programs.
Countermeasures There are a couple things you can do to prevent yourself from being infected by the malware discussed in this chapter. Make sure you have good and up-to-date anti-virus software installed on your computer. Also if there is an automatic update option on your anti- virus software, make sure it is enabled. Make sure you have a firewall installed on your computer and make sure that it is actually enabled.
Firewalls protect against unauthorized inbound and outbound connections. Many of the web applications that run these dynamic websites have security flaws. In this chapter, we will discuss some of the most popular forms of attacks against web applications. Local — Local XSS attacks are by far the rarest and the hardest to pull off. This attack requires an exploit for a browser vulnerability. With this type of attack, the hacker can install worms, spambots, and backdoors onto your computer.
Non-persistent attacks occur when - a scripting language that is used for client-side web development. Non-persistent attacks are only activated when the user visits the URL crafted by the attacker.
Persistent — Persistent attacks are usually used against web applications like guest books, forums, and shout boxes. Now we will insert some HTML. Now we will insert JavaScript. As you can see, these examples are non-persistent. Now if a hacker found a guestbook or something else like it that was vulnerable, he would be able to make it persistent and everyone that visits the page would get the above alert if that was part of his comment.
Hackers knowledgeable in JavaScript and PHP will be able to craft advanced XSS attacks to steal your cookies and spread XSS worms, but to show you a simple example of something more realistic then the above examples, I will show you how a hacker could use XSS to help with phishing.
If he was able to find an XSS vulnerability anywhere on the website, he would be able to craft a link pointing to the legit website that redirects to his phishing website. In the URL the hacker would then replace everything in between? Now when you go to the finished link, the legitimate site will redirect to the phishing website. Next what the hacker would do is encode the URL to make it look more legit and less suspicious. Once the victim sees that the link points to the legitimate website, he will be more likely to fall for the phishing attack.
Remote File Inclusion Remote File Inclusion RFI occurs when a remote file, usually a shell a graphical interface for browsing remote files and running your own code on a server , is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server.
With this power the hacker can continue on to use local exploits to escalate his privileges and take over the whole system. Although as of PHP 6. Many hackers use Google dorks to locate servers vulnerable to RFI. If the Google homepage shows up on the website, then the hacker knows the website is vulnerable and would continue to include a shell. A couple of the most popular shells are c99 and r A hacker would either upload them to a remote server or just use a Google dork to locate them already online and insert them.
To find the a shell the hacker would search Google for: inurl:c Hacking Website Database and owning systems. Network Hacking and Shadows Hacking Attacks. Penentration Testing With Backtrack 5. Reverse Engineering for Beginners. Reverse Enginnering The Real Hacking. Reverse Enginnering Hacking and Cracking. Secrets of Super and Professional Hackers. Security Crypting Networks and Hacking. The Hackers Underground Handbook hack the system.
Ultimate Guide to Social Enginnering attacks. Web App Hacking Hackers Handbook. Ask a Question. Your question can't be empty! Your question has been posted! As a beginner, can I start ethical hacking on an android phone??
Be the first one to answer. Answer the Question. Close Submit Answer. If you like my post then subscribe below for such more great ebooks and tutorials Also like my Facebook Page.
The content of book is listed below. By: David Melnichuk. Linux is a free, open-source, UNIX-like operating system. As you continue to learn how to hack, you will realize how important it is to learn how to use the. Most of the people today want to learn hacking and everyone want to learn ethical hacking which people think is legal.
0コメント