Table of Contents
0. OutlineThe world of a true hacker is a very complex but at the same time very exciting. The materials on hacking is very big, to us first hand knowledge of networking and programming is quite necessary. It's an unheard that you have to know about the system if you want hack successfully. Unfortunately we will not go that far as the topic of this section mentioned we only let you have a taste of being a hacker. It's not expected you will be a hacker after you finish this topic, but we will like to give you the sensation of a hacker. It'll be a nice starting point if you want to be a hacker. There are more steps than just hijacking a system, the learning objective is to know what that other steps are. We will learn a few tools used in hacking, and finally let you have a taste of exploitation and creating a malware. Basically we will:
There are some demonstration in this course, and for this be very careful since hacking or penetration testing without permission is against the law, even port scanning is considered a violation (be careful of other information gathering as well). Along the way is explained how you may conduct your experiment. Here we use an OS specifically for penetration testing for example Backtrack, Kali Linux, ArchAssault, and BackBox (it's up to you of what to use, you just need the right tool). We conduct testing on our owned PCs or virtual machines. We recommended for you learn a bit about computer network, learning programming also helps. 1. Are you a hacker, pentester, or either?1.1 White, Grey, Black Hat, Which One Are You?If you do a penetration testing then you're a white hat, but if you do a hacking then you're a black hat, and if you are not either, like one of the authors who is only curious. That author only wants to see whether he can break into the system, and after succeeding just leave it as it is. You only do it for fun can be categorized as gray hat. If you go further like with the purpose of destroying the system, stealing information, and other evil schemes you are categorized as black hat. The white hats on the other hand fights the black hats, they conduct penetration testing (hack) in order to find security issues on the system and fix them up. They are the good guys who had permission to test the security of a system. If you are very new to this we suggest you give a try using Linux or similar system a bit and get used to some command lines. Hacking games like Hacker Evolution is a really nice start with not only getting used to Unix command line but gives you many pictures of being a hacker. Learning a bit about computer programming and network quite helps. You may take on this course's computer programming and networking topic first hand. 1.2 Things a Pentester Might MissOn this course we avoid being a hacker and move to penetration testing instead. For educational purpose we want to make this as legal as possible. Both as a hacker or a pentester there are steps that needs to be consider other than exploitation. If you watch lots of action movies the exploitation process is the coolest part and applies to reality as well, but missed in showing variables that affects the probability of a successful exploitation. Without considering them it's the same thing blindly charging into the front door. Here we discussed the 4 phases in order as below and on Figure 1.1.
There is a 5th phase which is covering your tracks, leaving no trace, or destroy the evidence, but it's consider a highly advance topic. Information gathering is like knowing where is the target, how many domains or locations does it have. Scanning sees what system the target uses, what doors are open, and how the entrances are guarded. Exploitation is without doubt the breaking process, while maintaining access is a tunnel we make to re-enter an exploited target without repeating the overall process. There is a 5th phase which is covering your tracks, leaving no trace, or destroy the evidence, but it's consider a highly advance topic. Information gathering is like knowing where is the target, how many domains or locations does it have. Scanning sees what system the target uses, what doors are open, and how the entrances are guarded. Exploitation is without doubt the breaking process, while maintaining access is a tunnel we make to re-enter an exploited target without repeating the overall process. 1.3 Some Tools You Might Have HeardWe prefer to use Operating Systems that is already equipped with the tools we need like Kali Linux, Parrot OS, Backtrack, ArchAssault, Anonymous-OS, BackBox, Node Zero. It's up to you but you should at least find the tools or equivalent. We will be using:
1.4 Before ProceedingSimply conducting penetration testing without permission maybe regarded as hacking, and hacking is regarded as a crime. We won't stop you, but do at your own risk. Instead we recommend the followings if you want to practice:
2. Information Gathering2.1 PreparationSince there are lots of factors to take into account like the operating system we could use, tools, targets, practice targets on VM, anonymity, etc, This page will be updated later. 2.2 Conventional WayThe information you need might be what kind of company, corporation, institution, or organization your target is, or just a group, maybe just personal. Anyway you maybe needing information like their contact info, organization structure, or just their products. This kind of information can be retrieved the conventional way:
2.3 Using ToolsIf you need their sites, domains, IP address, email address, are better using tools. First off we need to find their website, surf The Internet using a web browser and use search engines such as Google, Yahoo, MSN. 2.3.1 What Most Don't Know in Using GoogleTurn on your computer >>> connect to The Internet >>> fire up your web browser >>> type www.google.com, that's how everyone uses it, but did you know that there are more than just that? See Figure 2.1.
2.3.2 PingFrom here on as possible we tried to use torsocks on each commands so that it will go to the tor network and render us more anonymous. Normally just do the commands without the torsocks command if you don't need to be anonymous.. Ping is a program in command line to check host alive, latency (time for a packet to reach and return), TTL, and other parameters depending the version of the program and the OS used. Figure 2.2 is an example of ping command. 2.3.3 Who is, Dig, Host, NslookupDig, Host and nslookup can be used to retrieve an IP address of a website, some version is able to do viceversa. Figure 2.3 is the output of dig, host, and nslookup on metasploit.com, below that is the output of whois with much information.
2.3.4 The HarvesterUsing this tool we can find other hosts of the domains and email addresses, here we limit to 50 search and choose to connect to bing search engine, change bing to all for maximum perfomance, and see Figure 2.4. 3. Scanning3.1 Port ScanningAs the section describes port scanning it is to see what services runs on the host. A famous tool for this is NMAP https://nmap.org. On this experiment we would like to use Windows XP as our target, the older the OS the more the vulnerability, easier to penetrate, and better practice for beginners. If you need a subject for practicing try searching a prepared vulnerable OS on The Internet [at your own risk, if you read the section of using Google for information gathering you should be aware that you can write allintitle: index of xp to search for a Windows XP image, we recommend practicing with TinyXP because it's more safer]. Anyway back to the topic we install Windows XP on Virtual Box, connected using host only adapter (you may set this adapter at file > preference), and we turn of the firewall because our version is already patched. We then use NMAP to scan the Windows XP on IP address 192.168.56.101.
3.2 Vulnerability ScanningToday there tools that would do vulnerability scanning for us when usually we manually find the vulnerability. Tools that we know are Nessus and Openvas, on our OS Openvas is installed as default.
4. Exploitation and Maintaining Access4.1 ExploitationMore materials are coming soon, but for now we would like to do exploitation that is one of the most simple but very exciting for beginners. It's not originally simple but metasploit provided the tools for us that we just need to use. After we conduct scanning on the Windows XP on section 3, we now move to exploit Port 445 which they called netapii, SMB vulnerability.
4.2 Maintaining AccessThis is possible because I turned the firewall off, what happens if we suddenly turn it on or the target patches the vulnerability (Even the latest revision of TinyXP with firewall of is not possible to exploit)? So we must insert a backdoor, trojan, virus, etc. The video will show everything from scanning to this process.
0 Comments
Leave a Reply. |
Archives
August 2022
Categories
All
source code
old source code Get any amount of 0FP0EXP tokens to stop automatic JavaScript Mining or get 10 0FP0EXP tokens to remove this completely. get 30 0FP0EXP Token to remove this paypal donation. Get 40 0FP0EXP Token to remove this donation notification! get 20 0FP0EXP Token to remove my personal ADS. Get 50 0FP0EXP Token to remove my NFTS advertisements! |