White hat hacking tutorials pdf




















With all the letters and numbers available for use, there are potentially three trillion password combinations, eight characters long. Yet you would be surprised at the number of people who choose weak and silly passwords just to make cramming them easier. So what are some of the user vulnerabilities that a hacker can take advantage of?

Passwords that are never changed. When was the last time you changed your Twitter or email password? Why go through the hassle, right? The same password being used in several different accounts across different networks and systems. Passwords that are too simple and are linked to your name, location, school, job, and so on. Most users just look around the room when asked to create a password. Whatever they see is what they will use. Passwords that are long and complex are usually written on pieces of paper or stored in a file.

As long as the location of the file is unsecured, it can get stolen. Technical vulnerabilities Exploiting user vulnerabilities is usually the first step for a hacker. After that, you try to see whether there are any technical weaknesses you can take advantage of. The most common ones include: Failure to utilize applications that hide the password as it is being typed on the screen. Though most applications immediately hide the characters being typed on the screen, some do not.

Using programs or databases to store all your passwords, but failing to secure the database appropriately.

Some users store all their passwords in one MS Word, Access, or Excel file but fail to secure the document itself. Use of unencrypted databases that can be accessed by large numbers of unauthorized people. This is often the case with organizations. Use of weak encryption techniques by software vendors and developers.

The majority of developers tend to have too much faith in the fact that their source codes are unknown. A hacker who has enough computing power can even use tools that are designed to hack weak encryptions. Understanding Password Encryption A password is said to be encrypted when it is stored in a system using an encryption or one-way hash algorithm. Once the password is hashed, all a user sees is a fixed-length encrypted string. The basic assumption is that once a password has been hashed, then it cannot be cracked.

LINUX even goes further and adds a random value a salt to the hashed password, just to make it more secure. The salt is what makes it possible for two people to use the exact same password yet generate totally different hashing values.

There are a number of tools that can be used by hackers to crack passwords. These tools work by taking several well-known passwords, running them through a hashing algorithm, and then generating encrypted hashes. Once the encrypted hashes have been generated, the tool compares them to the password that needs to be cracked. Of course, this process occurs at a very fast speed, and the password is cracked the moment the original hash and the encrypted hash match. At times a hacker may find a password that is very complex and strong.

Such passwords are quite difficult to crack, but with the right tools, enough time, and adequate patience, all passwords can be hacked. If you want to make sure that your system is safe from malicious hackers, you need to get the same tools that they use, search your system for vulnerabilities, and fix them. Password-Cracking Tools There are a lot of advanced tools in the market right now for cracking passwords. Some are more popular than others due to their effectiveness across diverse systems and operating software.

For example: Ophcrack — This tool is used for cracking passwords in Windows applications. Cain and Abel — This is one of the most effective tools. It can be used for cracking hashes, VNC and Windows passwords, and many other applications. John the Ripper — This is definitely one of the most well-known and loved programs for cracking passwords. It combines a dictionary style of attack before launching a complete brute force attack. Elcomsoft Distributed Password Recovery — This tool works extremely fast by incorporating a GPU video acceleration program and using thousands of networked computers simultaneously.

It is able to crack Windows, Adobe, iTunes, and other applications. There are many other tools that you can use to hack passwords on a variety of applications, systems, and networks.

The most important thing is to understand how encryption works and how these tools can be used to overcome the encryption. Techniques for Cracking Passwords We have all tried at some point to crack a password. It is likely that you used a conventional method rather than an advanced one. The techniques below are a combination of some old-school approaches and some high-tech methods.

Guessing — This is probably one of the most overused techniques. It is also the simplest approach since most users tend to pick passwords that they will remember easily. All you need to do is use logic to guess what may have been used to create their password.

This technique works best when you are familiar with the target or have easy access to their personal data. Shoulder surfing — This is where you hand around a person as they key in their password.

You can either watch the characters on the screen or memorize their keystrokes. It is important that you blend in to avoid detection, and be discreet about your moves. Social engineering — What if you could get a password by simply requesting for it? The vast majority of people tend to believe what they are told especially if it is in an official setting. You can literally get access to employee records from anywhere these days, thanks to social media and company websites.

A hacker can impersonate a staff member from the IT department of a company, call a user, and inform them of some technical hitches within the email system. The hacker then requests that the user gives them their password so as to sort out the glitch. Dictionary attacks — This is where a program is used to create a list of plain-text dictionary words that can be compared to the actual password. Brute force attacks — This should never be your first choice when it comes to cracking a password.

It is an inefficient and extremely time- consuming technique. It is considered a fall-back option that is used when all other methods have failed. It is primarily used to crack passwords that are 6 characters or less, which is why you are always advised to make your passwords 8 characters or more. The more characters a user puts into their password, the harder it is to crack using a brute-force attack. However, a brute force attack is very exhaustive, which means that sooner or later the password will be cracked.

Unfortunately, nobody can predict when this will happen. Programs that use this technique include John the Ripper, Rarcrack, and Oracle. The above methods are the simplest and most commonly used ways to crack passwords. There are other approaches that are available, for example, password probability matrix and rainbow tables.

However, for a beginner, these would be simply too complex to cover here. Using John the Ripper and pwddump3 to crack a password The pwdump3 tool is an effective way to extract hashed passwords from a Security Accounts Manager database. This procedure requires that you have administrative access. If you are trying to crack a Windows system, follow this procedure: 1. On the computer, go to drive C. Make sure that you have a decompression tool such as WinZip installed on the computer.

Download pwdump3 and John the Ripper and install them immediately. Extract them into the directory you created above. Type the command c: passwordsjohn craked. However, this process may take a very long time, depending on how complex the passwords are and the number of users in the system.

Type the command [root local host yourcurrentfilename ] tar — zxf john — 1. Type the command:. The output should be the same as that for the Windows procedure. Creating Secure Passwords When it comes to strengthening the security of data within an organization, it becomes necessary to hire a White Hat to help design better password policies.

The aim is to teach the system users how to create more secure passwords as well as the effects of poor password security. For individuals who want to secure their personal information, the same techniques can also apply in most cases.

The criteria to be followed include: Forming passwords that combine upper and lowercase letters, numbers, symbols, and special characters. Adding punctuation marks in-between separate words Deliberately misspelling words Changing words every six to 12 months. In the event of a security breach, all passwords are to be changed.

Ensuring that passwords are of different lengths to make cracking more difficult. Storing all passwords in a password manager program rather than an unsecured MS Excel, Access, or Word file.

Avoiding the tendency to recycle old passwords. Ensuring that passwords are not shared at all, not even with friends or work colleagues. Locking the system BIOS using a password Establishing more advanced authentication methods, for example, digital certificates or smart cards.

In order to hack a password, you have to understand what a strong or weak password looks like. Having the right knowledge of how to create a strong password will help you become a more effective hacker. Chapter 7: Wireless Network Attacks Wireless networks have become so commonplace these days, but unfortunately, they are also very vulnerable to hacking threats. This is due to the fact that they involve the transmission of data through radio frequencies, thus making information vulnerable to interception.

In cases where the encryption algorithm is weak or transmitted data is unencrypted, the situation becomes much worse. Unintentional association There are instances where one wireless network overlaps with another, allowing a user to unintentionally jump from one into the other.

If a malicious hacker takes advantage of this, they could acquire information contained in a network that they never intended to be on in the first place. Non-conventional networks These are networks that do not have the proper security that is usually reserved for laptops and access points. They tend to be soft targets for hackers.

They include wireless printers, barcode readers, Bluetooth devices, and handheld PDAs. Denial of Service attacks This type of attack involves sending hundreds or thousands of messages, commands, or requests to one access point.

In the end, the network is forced to crash, or users are prevented from accessing the network. Man-in-the-middle attacks This attack involves a hacker using their laptop to act as a soft access point and then luring users to it.

The hacker connects their soft access point to the real access point through a different wireless card. Users who attempt to reach the genuine access point are thus forced to go through the soft access point. Man-in-the-middle attacks are usually performed in public areas that have wireless hotspots.

MAC spoofing This can best be described as theft of the identity of a computer that has network privileges. Once the hacker finds these administrative computers and their IDs, they use other software that enables them to use these MAC addresses. Verification of Wireless Networks The majority of wireless networks are secured by passwords in order to control how users access and use the network.

However, due to its numerous vulnerabilities, it has largely been replaced by WPA. Cracking a WEP network can be done either actively or passively. Active cracking is more effective, causes an overload of the network, and is thus easier to detect. Passive cracking, on the other hand, does not affect traffic load until after the network has been cracked.

Aircrack — This tool enables you to sniff a network, and can be downloaded from aircrack-ng. It can be downloaded from wepdecrypt. It depends on passphrases and encryption of packets using temporal keys. One weakness of WAP is that it is vulnerable to dictionary attacks if weak passphrases are used. A MAC filter is used to block unauthorized MAC addresses from joining a wireless network, even if the user has the password.

However, it is not an effective way to lock out a determined hacker. In the example below, you will learn how to spoof the MAC address of a user who has the authorization to connect to a network. Make sure that your Wi-Fi adapter is in monitoring mode. The tools that will be used are Airodump-ng and Macchanger. With your adapter in monitoring mode, type the command Airodump-ng—c [channel]-bssid [target router MAC Addres]-I wlan0mon This will enable you to detect the target wireless network.

All users who are using the network will be displayed in a popup window, including their authorized MAC addresses. Choose one of these MAC addresses to use as your own address.

However, you must first switch off your monitoring interface. Type the command Airmon-ng stop walnomon 3. You then have to switch off the wireless interface of the MAC address you have chosen. Type the command Ifconfig wlano down 4.

Now it is time to run the Mcchanger software. Switch on the wireless interface of the MAC address you had chosen. Type the command Ifconfig wlano up You have now successfully changed your MAC address to that of an authorized user. Log in to the wireless network and see if you are able to connect to it.

How to Secure a Wireless Network There are a number of approaches that you can use to secure a wireless network. Every ethical hacker should know these tips so that they can prevent malicious hackers from exploiting system vulnerabilities. These include: Install firewalls, anti-virus, and anti-spyware.

Make sure that all your security software is updated and the firewall is turned on. Encrypt your base stations, routers, and access points by scrambling your network communications.

These devices are manufactured with encryption switches, though they are but are usually switched off. Ensure that you switch on the encryption feature. Change the default password of the wireless router.

Ensure that they are long and complex. Switch off the network whenever it is not being used. This is unnecessary since genuine users already know that it exists. Chapter 8: Hacking a Smartphone This chapter will cover the procedure that you can follow to hack an Android Smartphone.

You will have to download some specialized software from legitimate third parties in order to make the process easier and faster. It is a remote exploit that is performed over a secure internet connection. Steps to Follow: 1. Go to the MasterLocate website MasterLocate. You do not have to download the software onto your computer or phone to use it. The tool will enable you to track the real-time GPS location of the target, monitor their SMS and WhatsApp messages, listen to their calls, and keep track of their Facebook account.

Run the MasterLocate app on your phone or computer. Enter the number of the target here. When you click on it, the program will attempt to establish a connection.

Once the connection is established and verified, go to the right side of the dialog box. If you wish to download anything onto your device, just click on Export Method. This will present you with options for download formats, such as. This method of hacking Smartphones is simple and straightforward. Any interruption to the internet connection will stop the process. Smartphone Hacking Countermeasures As long as a phone is connected to unsecured Wi-Fi or contains compromised malware, it is vulnerable to exploitation by hackers.

So what are some of the measures that can be taken to secure a Smartphone from malicious hackers? Ensure that your phone is running a reliable, trusted, and updated antivirus. Only connect to secure Wi-Fi when browsing the internet, especially in public places. Public Wi-Fi should not be used for activities that require entering your bank account details, for example, shopping or banking.

Avoid the tendency to download apps that ask for access to your personal information. Make sure that all firmware is constantly updated, either automatically or manually. If you have any doubts about the source of a piece of software, leave it alone.

Only buy or download from verified app stores. Check out what the reviews are saying to better understand what others who have used it are saying. Lock your phone every time that it is not in use. Ensure that your password is strong and change it regularly. It is best to delete such spam messages as soon as they come into your phone. Hackers tend to send out texts to thousands of phone users claiming to be from legitimate companies or websites. When the link is clicked, malware is installed onto the phone, thus allowing data to be accessed.

There are billions of mobile phones all over the world, and this is one area of hacking that provides the fastest and easiest way to attack a target.

Most people tend to be wary when they are on their computers but somehow drop their guard when browsing on their phones. It is very important that you make sure that you take extreme care when starting out. Yes, it is a lot of fun when you first start to see the results of your work, but you need to understand how to maneuver and remain undetected. Here are five key tips that every beginner should follow: 1.

Avoid the trap of buying hacking software from random websites. You will lose your money in exchange for useless software. You may even have your own personal data stolen as well. Make sure that you only deal with legitimate or verified websites. Do your research well and find out what other hackers are using and where they are getting them from.

Avoid the temptation to download freeware of the internet. These mostly include keyloggers and Trojan horses. If you are serious about hacking then you need to be prepared to spend some cash to get stuff that works. The best and most effective software is not free.

When buying hacking tools, try to use bitcoins. If you use your personal credit card, you may expose yourself in more ways than one, and a quick check of your account will reveal your hacking activities. Learn to develop your skills. If you are skilled in web development alone, then you will have to learn some programming.

If you are a programmer, then learn script writing. The goal is to know something about everything rather than getting comfortable being in a box. However, every hacker worth his salt sooner or later learns how to write his own codes, programs, and scripts. GameStop PS5 in-store restock. Baby Shark reaches 10 billion YouTube views. Microsoft is done with Xbox One. Windows Windows. Most Popular. New Releases.

Desktop Enhancements. Networking Software. Trending from CNET. Do you want to learn ethical hacking. An ethical hacker is the ultimate security professional. Want to become an ethical hacker to make your career in hacking. Learn cybersecurity and hacking basics and advanced skills using this amazing Ethical Hacking Tutorials for Windows 10 Free. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission.

If you are detected, then system admin can take severe action against you and trail your subsequent activities. Passive Reconnaissance In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.

Footprinting could be both passive and active. Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target. This command is available on Windows as well as on Linux OS.

Following is the example to find out the IP address of tutorialspoint. Following is the example to find out the details of an IP address: Here the ISP row gives you the detail about the hosting company because IP addresses are usually provided by hosting companies only. If you have a server containing very sensitive data, then it is recommended to keep it behind a secure proxy so that hackers cannot get the exact details of your actual server.

This way, it will be difficult for any potential hacker to reach your server directly. IP Address Ranges Small sites may have a single IP address associated with them, but larger websites usually have multiple IP addresses serving different domains and sub-domains. You can enter company name in the highlighted search box to find out a list of all the assigned IP addresses to that company.

History of the Website It is very easy to get a complete history of any website using www. You can enter a domain name in the search box to find out how the website was looking at a given point of time and what were the pages available on the website on different dates. In the following section, we have given an example to explain how you can use NMAP tool to detect the OS of a target domain.

Based on the sniffer traces such as Wireshark of the packets, you can determine the operating system of the remote host. By analyzing these factors of a packet, you may be able to determine the remote operating system. Basic Steps Before attacking a system, it is required that you know what operating system is hosting a website. Once a target OS is known, then it becomes easy to determine which vulnerabilities might be present to exploit the target system.

Below is a simple nmap command which can be used to identify the operating system serving a website and all the opened ports associated with the domain name, i. Quick Fix You can hide your main system behind a secure proxy server or a VPN so that your complete identity is safe and ultimately your main system remains safe. Port Scanning We have just seen information given by nmap command.

This command lists down all the open ports on a given server. Quick Fix It is always recommended to check and close all the unwanted ports to safeguard the system from malicious attacks. You can use fping command for ping sweep. This can be done using the following command which will create a firewall rule in iptable. In fact, it is like a distributed database which is used to translate an IP address DNS enumeration is the process of locating all the DNS servers and their corresponding records for an organization.

The idea is to gather as much interesting details as possible about your target before initiating an attack. You can use nslookup command available on Linux to get DNS and host-related information. Preventing DNS Enumeration is a big challenge. If your DNS is not configured in a secure way, it is possible that lots of sensitive information about the network and organization can go outside and an untrusted Internet user can perform a DNS zone transfer.

It is also called wiretapping applied to the computer networks. There is so much possibility that if a set of enterprise switch ports is open, then one of their employees can sniff the whole traffic of the network. Anyone in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic.

In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the right conditions and with the right protocols in place, an attacking party may be able to gather information that can be used for further attacks or to cause other issues for the network or system owner. What can be sniffed? Promiscuous mode refers to the unique way of Ethernet hardware, in particular, network interface cards NICs , that allows an NIC to receive all traffic on the network, even if it is not addressed to this NIC.

By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address a.

MAC of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting. Switch Internet Sniffing the networks A sniffer can continuously monitor all the traffic to a computer through the NIC by decoding the information encapsulated in the data packets.

Types of Sniffing Sniffing can be either Active or Passive in nature. Passive Sniffing In passive sniffing, the traffic is locked but it is not altered in any way. Passive sniffing allows listening only. It works with Hub devices. On a hub device, the traffic is sent to all the ports.

In a network that uses hubs to connect systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic going through. The good news is that hubs are almost obsolete nowadays. Most modern networks use switches. Hence, passive sniffing is no more effective. Active Sniffing In active sniffing, the traffic is not only locked and monitored, but it may also be altered in some way as determined by the attack.

Active sniffing is used to sniff a switch-based network. It involves injecting address resolution packets ARP into a target network to flood on the switch content addressable memory CAM table. CAM keeps track of which host is connected to which port. This protocol is efficient, but it does not include any protection against sniffing. This protocol does not include protection against sniffing because it can be trapped.

All the data is sent as clear text that can be easily sniffed. Sniffers are not the dumb utilities that allow you to view only live traffic. If you really want to analyze each packet, save the capture and review it whenever time allows. Hardware Protocol Analyzers Before we go into further details of sniffers, it is important that we discuss about hardware protocol analyzers.

These devices plug into the network at the hardware level and can monitor traffic without manipulating it. These hardware devices are not readily available to most ethical hackers due to their enormous cost in many cases.

LI must always be in pursuance of a lawful authority for the purpose of analysis or evidence. Therefore, LI is a security process in which a network operator or service provider gives law enforcement officials permission to access private communications of individuals or organizations. Almost all countries have drafted and enacted legislation to regulate lawful interception procedures; standardization groups are creating LI technology specifications.

Usually, LI activities are taken for the purpose of infrastructure protection and cyber security. However, operators of private network infrastructures can maintain LI capabilities within their own networks as an inherent right, unless otherwise prohibited.

LI was formerly known as wiretapping and has existed since the inception of electronic communications. Sniffing tools are extremely common applications. It supports active and passive dissection of many protocols and includes many features for network and host analysis. It offers a tremendous number of features designed to assist in the dissection and analysis of traffic. Available at www. Dsniff is designed for Unix and Linux platforms and does not have a full equivalent on the Windows platform.

This tool is used by the FBI and other law enforcement agencies. A potential hacker can use any of these sniffing tools to analyze traffic on a network and dissect information. What is ARP Spoofing? Attackers flood a target computer ARP cache with forged entries, which is also known as poisoning.

ARP poisoning uses Man-in-the-Middle access to poison the network. What is MITM? In this case, the victims think that they are communicating with each other, but in reality, the malicious actor controls the communication. Some protocols such as SSL serve to prevent this type of attack.

You can perform this attack in local LAN. Step 3: Make sure you are connected to local LAN and check the IP address by typing the command ifconfig in the terminal. It will start scanning the whole network for the alive hosts. This list also includes the default gateway address.

We have to be careful when we select the targets. Step 8: Now we have to choose the targets. In MITM, our target is the host machine, and the route will be the router address to forward the traffic. In an MITM attack, the attacker intercepts the network and sniffs the packets. So we will add target 1 as victim IP and target 2 as router IP. You can see the results in the toolbar of Ettercap. This is how sniffing works. ARP Poisoning has the potential to cause huge losses in company environments.

This is the place where ethical hackers are appointed to secure the networks. In the next chapter, we will discuss another type of attack known as DNS poisoning. An attacker can create fake DNS entries for the server which may contain malicious content with the same name. For instance, a user types www. As we understand, DNS poisoning is used to redirect the users to fake pages which are managed by the attackers.

To initiate DNS poisoning, you have to start with ARP poisoning, which we have already discussed in the previous chapter. We will use DNS spoof plugin which is already there in Ettercap. This file contains all entries for DNS addresses which is used by Ettercap to resolve the domain name addresses.

If someone wants to open Facebook, he will be redirected to another website. See the following example: Step 3: Now save this file and exit by saving the file. Step 4: After this, the whole process is same to start ARP poisoning. It means the user gets the Google page instead of facebook.

In this exercise, we saw how network traffic can be sniffed through different tools and methods. Here a company needs an ethical hacker to provide network security to stop all these attacks. Defenses against DNS Poisoning As an ethical hacker, your work could very likely put you in a position of prevention rather than pen testing.

What you know as an attacker can help you prevent the very techniques you employ from the outside. Summary In this chapter, we discussed how attackers can capture and analyze all the traffic by placing a packet sniffer in a network. With a real-time example, we saw how easy it is to get the credentials of a victim from a given network. Metasploit is a powerful tool to locate vulnerabilities in a system.

Based on the vulnerabilities, we find exploits. Here, we will discuss some of the best vulnerability search engines that you can use. Exploit Database www.

CVE is a dictionary of publicly known information security vulnerabilities and exposures. This data enables automation of vulnerability management, security measurement, and compliance. Hackers use remote exploits to gain access to systems that are located at remote places. Quick Fix Vulnerabilities generally arise due to missing updates, so it is recommended that you update your system on a regular basis, for example, once a week. In Linux Centos, you can use the following command to install automatic update package.

This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further. This is important because in a network environment, you can find other primary servers that help the hosts to update their times and you can do it without authenticating the system.

Take a look at the following example. Take a look at the following screenshot and observe how we have found the usernames present in a target host. Take a look at the following screenshot to understand how it does so. It reduces the possibilities of OS enumeration of the services that your systems are running. It comes in two versions: commercial and free edition. There are no major differences in the two versions, so in this tutorial, we will be mostly using the Community version free of Metasploit.

Highlighted in red underline is the version of Metasploit. Now, we will use the exploit that can work for us. If the exploit is successful, then it will open one session that you can interact with, as shown in the following screenshot. Metasploit Payloads Payload, in simple terms, are simple scripts that the hackers utilize to interact with a hacked system.

Using payloads, they can transfer data to a victim system. For example, just creating a user. The various payload stages provide advanced features with no size limits such as Meterpreter and VNC Injection.



0コメント

  • 1000 / 1000