Understading Ethical Hacking

This chapter is dedicated to the topic of ethical hacking, which involves identifying and addressing vulnerabilities in systems and networks through authorized testing methods. The purpose of this book is to provide guidance on how to detect and remediate vulnerabilities before they can be exploited by malicious actors. It is important to note that the term "ethical" is often misused, therefore the definition provided by Merriam Webster is appropriate for the context of this book. Ethical hacking is only permissible when the system owner grants permission for the testing to take place.

Origins of Ethical Hacking:

Understanding Hackers The term "hacker" has a negative connotation for many, as it is often associated with cybercrime and losses suffered by individuals and organizations. In this book, we will delve into the subject of hacking to better understand what it entails and the different types of hackers in the industry. Additionally, we will explore the emergence of ethical hacking and how it has evolved from traditional hacking methods. Understanding the origins and motivations of hackers is crucial in order to effectively combat malicious activities and protect against potential threats.

Who Is a Hacker?

The term "hacker" can have multiple meanings. Historically, a hacker was someone who was fascinated with understanding and improving software and electronic systems, often through exploration and experimentation. However, in recent times, the term has taken on a negative connotation, referring to individuals who engage in unauthorized access to systems or networks for malicious purposes, also known as "crackers" or "criminal hackers".

This book uses the terms "hacker" and "ethical hacker" interchangeably, but it's important to note that they have distinct meanings. Hackers attack systems with the intent to cause harm, while ethical hackers, also known as "white hat hackers", test and fix vulnerabilities with the authorization of the system or network owner.

Ethical hackers may take offense to being referred to as hackers due to the negative connotation associated with the term. It's important to note that crackers, or criminal hackers, often justify their actions by claiming they are helping the system or network owner, but their actions are illegal and harmful.

Hackers will always look for ways to compromise a system, and often enjoy the challenge of penetrating high-profile or well-protected systems. In some cases, a hacker's reputation within the community can be elevated by successfully attacking a prestigious or critical website or database.

What Is Ethical Hacking?

Proper maintenance and updates are crucial in protecting systems and networks from malicious actors. Ethical hackers, also known as penetration testers or white hat hackers, possess the knowledge and skills to safeguard these systems. They use the same tactics and tools as a hacker, but with the legal and authorized permission of the system or network owner.

Ethical hacking is an integral part of risk management, as it allows the system owner to identify vulnerabilities from the perspective of a hacker and make necessary improvements to enhance security. It also helps to validate the legitimacy of products offered by vendors.

It's important to have an understanding of the methods and mindset of malicious hackers in order to effectively defend against them. This is why ethical hacking is an important tool for understanding and protecting against potential security threats.

Why Should You Hack Your System?

It's important to keep in mind that relying on the law of averages for security is not effective. As the number of hackers and their level of expertise continues to grow, it's increasingly likely that any given computer system will eventually be compromised. To protect your system, it's essential to stay aware of known vulnerabilities, but also to be mindful of the ways in which a hacker might exploit it. By understanding how a hacker thinks and operates, you can better assess the true vulnerabilities of your system.

Ethical hacking involves identifying vulnerabilities in a system by simulating an attack, similar to how a malicious hacker would. This helps to reveal any weak security practices and pinpoint areas that need improvement. While encryption, VPNs, and firewalls can provide a sense of security, they only focus on traffic and viruses passing through the firewall. To truly strengthen a system's security, it is essential to test it from the perspective of a potential attacker. If these weaknesses go undetected, it increases the likelihood of the system being compromised.

To effectively protect your system, it is important to adopt a hacker's mindset and expand your knowledge of their techniques. As an ethical hacker, your goal is to understand the methods used by malicious actors and find ways to counteract them. It's important to always be aware of what you are looking for, but it's impossible to protect a system from every potential threat. A more practical approach is to focus on defending against common attacks and known vulnerabilities. While some attacks may be unknown, it's still essential to regularly test and evaluate your system as a whole, using different combinations of methods. This will increase the chances of discovering any vulnerabilities that may exist in the system.

It's important to keep a balance when it comes to ethical hacking. While it's important to test and evaluate your system's security, it's not always necessary to go to great lengths. For example, if you have a small office with no internal web server, the risk of a web attack is relatively low. However, it's important to always be aware of potential threats from malicious insiders, such as employees who may pose a security risk to your company.

All in all, your goals as an ethical hacker should be as follows:

  • Use a nondestructive approach to hack systems.

  • Identify vulnerabilities and use these vulnerabilities to prove that systems need improvements.

  • Apply the results and remove any vulnerabilities to improve security.

Ethical Hacking Commandments

As an ethical hacker, it's important to abide by certain principles to ensure that your actions align with ethical standards. Failure to do so can result in negative consequences. It is important to follow these principles to avoid any unintended negative outcomes.

Working Ethically

"Ethical" in the context of hacking refers to conducting tests and evaluations with integrity and high moral standards. Whether you are performing these tests on your own system or on behalf of another organization, it's essential to ensure that your actions align with the goals of the individual or organization. This means being transparent and not having any hidden motives. Additionally, any information discovered during the testing process should be handled responsibly and not misused, as this is a common tactic employed by malicious hackers.

Respecting Privacy

As an ethical hacker, it's important to handle all information gathered during testing with care and respect. This includes keeping all data accessed during the process, such as clear-text passwords and log files, confidential. The information should never be used to invade people's privacy or access confidential information. If any issues are detected, it is important to share them with the appropriate parties. Additionally, involving other stakeholders in the process can help to build trust with the system owner.

Not Crashing Systems

Many people inadvertently cause damage to their systems by not having a clear plan in place before beginning testing. This is often due to a lack of understanding of the documentation or not reading it at all. This lack of knowledge can lead to misuse of tools and cause a Denial of Service (DoS) condition resulting in a system lockup. It's important to approach testing with caution and not rush into it, as well as being mindful of the capacity of the host or network to handle the tools used for vulnerability assessment and network scanning.

Additionally, some security assessment tools have built-in controls to manage how tests are performed on systems simultaneously. These tools can be useful when testing systems during business hours, but it's important to be aware that they can also accidentally cause system lockouts or force users to change their passwords. This can cause confusion and frustration for the user.

Advantages of Hacking

The benefits of ethical hacking include:

  • Identifying vulnerabilities in network and computer security through penetration testing.

  • Recovering lost information, particularly in the case of forgotten passwords.

  • Identifying and implementing protective measures to prevent security breaches.

  • Preventing unauthorized access from malicious hackers.

Hacking is a useful process when you:

  • Perform a penetration test to identify any vulnerabilities in the network and computer security

  • Recover any lost information, mainly in the case of a lost password

  • Identify protection or preventive measures that can be implemented to prevent any breaches in security

  • Prevent any unauthorized access from malicious hackers

Disadvantages of Hacking

If hacking is done with negative intention, it can lead to the following issues:

  • Privacy violations

  • Unauthorized access to private information on a system

  • Denial-of-service attacks

  • Massive security breaches

  • Malicious attacks on the system, leading to loss of important information

  • Hampering the operations of the system

Types of Hackers

There are several different types of hackers, each with their own distinct motivations and methods. Some common types include:

White Hat Hackers

Also known as ethical hackers, these individuals use their hacking skills for defensive purposes, such as identifying and addressing vulnerabilities in a system or network.

Black Hat Hackers

These are the individuals often associated with the term "hacker," as they engage in illegal and malicious activities, such as stealing sensitive information or disrupting systems.

Gray Hat Hackers

These hackers fall in between white hat and black hat, often identifying vulnerabilities in systems and networks but not always seeking permission before attempting to exploit them.

Miscellaneous Hackers:

Apart from the list of hackers detailed above, there are a few other categories of hackers that should be mentioned. These include script kiddies, intermediate hackers, elite hackers, hacktivists, cyberterrorists, and hackers involved in organized crime.

Script Kiddies

These are individuals who use pre-existing tools and scripts to engage in hacking activities, often with little understanding of the underlying technology.

Intermediate Hackers

Intermediate hackers possess a level of knowledge that allows them to cause significant damage to systems and networks. They have a basic understanding of computer systems and networks, and use this knowledge to execute common exploits. These hackers are not necessarily malicious in their intentions but can cause serious problems, They may have the desire to improve their skills and become advanced or elite hackers with the right effort and dedication.

Elite Hackers

Elite hackers are experts in the field, who have a deep understanding of computer systems and networks. They are often the creators of various hacking tools and scripts, which are then used by less skilled hackers, known as script kiddies. Elite hackers have the ability to develop malware such as worms and viruses, and they know how to infiltrate a system while covering their tracks and making it appear as if someone else is responsible for the attack. They are secretive and only share information with those they deem worthy. To be considered worthy by an elite hacker, an individual must possess specific information or skills that can be used to target high-profile systems. Although elite hackers are considered the most dangerous type of hacker, they are relatively few in number compared to script kiddies.

Hacktivists

Hacktivists are a type of hacker who use their skills to spread social or political messages through their attacks. They aim to raise awareness about specific issues, using hacking as a means to amplify their message. Examples of hacktivism include campaigns to secure the release of individuals like hacker Kevin Mitnick, protests against government actions or policies, and support for social or political causes. Hacktivist campaigns have taken many forms, from defacing websites to launching Distributed Denial of Service (DDoS) attacks. These types of hackers are known to use hacking as a tool for activism and to deliver their message to the public. Hacktivism has been a contentious topic, as it raises questions about the morality of hacking for a political cause.

Cyberterrorists

Cyberterrorists are hackers who target government computers and other critical infrastructure systems such as power grids, air traffic control towers, and transportation systems with the intent to steal classified information or disrupt the functioning of these systems. The goal of cyberterrorists is to cause fear and chaos among the public, and their actions can have severe consequences.

Governments and critical infrastructure operators have begun to take cyberterrorist threats seriously by implementing security controls to protect against these types of attacks. These controls include measures such as regular security assessments, penetration testing, incident response planning and employee awareness training. These security measures are designed to detect, prevent and respond to cyber attacks and protect the systems from being compromised, to avoid severe damage and loss of lives.

Organized Crime

Some groups of hackers can be hired by criminal organizations to carry out illegal activities. These organized hacking groups can be quite large, with many members, and can be involved in various types of cybercrime such as identity theft, credit card fraud, and money laundering. In 2003, for example, the Korean police broke up one of the largest hacking rings on the internet, which had close to 4,400 members.

Similarly, the Philippine police also dismantled a multimillion-dollar hacking ring that sold cheap phone calls made through the lines they had hacked into. These types of hackers are often motivated by financial gain and are willing to engage in illegal activities for a large sum of money. These type of hackers are more dangerous since they are well-organized and have the resources to carry out sophisticated cyber-attacks.

Hacking Terminologies

This chapter briefly details some of the common and important terms that are used in the field of hacking.

Adware

Hackers use this software to display advertisements on a system by force.

Attack

Hackers perform this action to access a system and extract some sensitive data from that system.

Back Door

A back door, which is also referred to as a trap door, is an entry port into software or a computer. This port does not require any login information or a password, and as a result, it can bypass all security measures.

Bot

A bot is a type of program that is used to automate any action, thereby increasing the number of times it can be performed. This means that the bot will perform the function for a longer time when compared to a human operator. For instance, hackers use bots to call a script that can be used to create an object or send an FTP< Telnet or HTTP file at a higher rate.

Botnet

Botnets, which are also called zombie armies, are a group of computers that can be controlled without the knowledge of the owner. These are used to perform denial-of-service attacks or send spam.

Brute Force Attack

A brute force attack is possibly the simplest attack that a hacker can perform to gain access to a system or application. This attack is an automated attack, and this means that it will try different usernames and passwords repeatedly until it can access the system or application.

Buffer Overflow

The buffer overflow is a flaw that can be observed when a lot of data is written onto a single block of memory. This means that the memory can no longer hold onto that data.

Clone Phishing

Clone phishing is a type of legitimate and existing email that has a false link. This link will trick a recipient into providing some personal information that the hacker can use to disarm the system or network.

Cracker

A cracker is a type of hacker that modifies any software to access some features of a system, such as copy protection features.

DoS or Denial-of-Service Attack

A denial-of-service, or DoS, attack is used by a hacker to ensure that a network resource or server is not available to the user. This is done by suspending the services of that server or resource.

DDoS

DDos stands for distributed denial-of-service attack.

Exploit Kit

An exploit kit is a tool that hackers use to exploit vulnerabilities in client machines that are communicating with a web server. The kit is designed to run on a web server and is used to identify vulnerabilities in the client machine. Once vulnerabilities are identified, the exploit kit can exploit them and execute malicious code on the system. These kits are often sold or leased on underground marketplaces and can be used to deliver malware, steal personal information, or take control of the infected machine.

Exploit

An exploit is a part of code or a chunk of data or software that will take advantage of a vulnerability or a bug in the system and network which, in turn, compromises the security of that system or network.

Firewall

A firewall is a type of filter that is placed on a network. This filter helps to keep unwanted intruders away from the system or network. In addition, it will ensure that the communication between the users and systems inside the firewall are safe.

Keystroke Logging

Keystroke logging, also known as keylogging or keyboard capturing, is a method of tracking and recording the keys that are pressed on a keyboard. Keyloggers can be hardware or software-based and are often used by cybercriminals to steal personal information such as passwords, credit card numbers, and other sensitive data. Keyloggers can be installed on a computer through malware or by physically connecting a hardware keylogger to a computer.

Logic Bomb

A logic bomb, also known as a time bomb, is a type of malware that is designed to trigger a harmful action when specific conditions are met. A time bomb is an example of a logic bomb, which is activated at a specific date and time. Once the conditions are met, the logic bomb will execute the attack, it can be a deletion of data, corrupting a software, or activating a ransomware.

Malware

Malware is a term that describes a variety of intrusive and hostile software, including Trojan horses, spyware, scareware, adware, virus, ransomware, worms and any other malicious programs. Malware is often spread through email attachments, infected software downloads, and other means, it can also be spread through exploit kits and other malicious websites that can exploit vulnerabilities in a computer or mobile device

Master Program

Master programs are those programs that black hat hackers use to transmit commands into zombie drones (explained later in the chapter). These drones carry spam attacks or denial-of-service attacks.

Phishing

Phishing is a tactic utilized by hackers in which they send a fraudulent email to a target in order to obtain personal or financial information from the user.

Phreaker

A phreaker is a type of hacker who specializes in breaking into telephone networks, either by tapping phone lines or making unauthorized long-distance calls..

Rootkit

A rootkit is a type of malicious software that is designed to hide processes or programs from detection methods. This allows the hacker to gain privileged access to a system and maintain it undetected.

Shrink Wrap Code

A shrink wrap code attack is a way to exploit the holes in a poorly configured or unpatched software.

Social Engineering

Social engineering is a tactic used by hackers to deceive individuals in order to obtain personal information such as credit card details or passwords.

Spam

Spam is an unsolicited email. This is also called junk email and is often sent to a large group of people without their consent.

Spoofing

Spoofing refers to the act of tricking a person or system into believing that a communication or message is coming from a legitimate source, when in fact it is not. Spoofing can take many forms, such as email spoofing, where an attacker sends an email from a fake address that appears to be from a legitimate sender, or caller ID spoofing, where a caller alters their caller ID to make it appear as though they are calling from a different phone number. Spoofing can be used for a variety of malicious purposes, such as phishing scams, identity theft, and spreading malware.

Spyware

Spyware is a type of software that is used to secretly collect information about an individual or organization without their knowledge or consent. This information can include sensitive data such as login credentials, personal information, and browsing history. Once obtained, this data can be sent to a third party, and the spyware can also be used to gain control over the target's device or network.

SQL Injection

SQL injection is a method of attacking a data-driven application by injecting malicious SQL code into an input field. This technique is used to exploit vulnerabilities in the application's database and gain unauthorized access to sensitive information. An example of an SQL injection attack would be the insertion of malicious SQL statements into a login form, allowing an attacker to dump all the data from the database into their own folders.

Threat

Threat: A potential danger or risk to a system or network that can be exploited by attackers to compromise its security. Trojan: A type of malware that disguises itself as a legitimate program, but once executed can perform malicious actions such as stealing sensitive information or altering files.

Trojan

A type of malware that disguises itself as a legitimate program, but once executed can perform malicious actions such as stealing sensitive information or altering files.

Virus

A piece of malicious code or program that is designed to replicate itself and cause harm to a computer system, such as by destroying data or corrupting the system.

Vulnerability

A weakness or flaw in a system or network that can be exploited by an attacker to gain unauthorized access or cause damage.

Worms

A type of malware that replicates itself in a computer system and can spread to other systems on a network, but typically does not make changes to files.

Cross-Site Scripting

A security vulnerability in web applications that allows attackers to inject malicious scripts into a website, which can be executed by unsuspecting users

Zombie Drone

A hijacked computer that is controlled remotely by a hacker to perform malicious activities such as sending spam emails or participating in Distributed Denial of Service (DDoS) attacks.

Tools

Now that you know what ethical hacking is, let’s look at some of the different tools that are available for you to use to prevent any unauthorized access to a network system or computer.

Nmap

Nmap, short for Network Mapper, is an open-source tool that is used for security auditing and discovering the hosts and services on a computer network. It can scan large networks as well as individual hosts. Network administrators use Nmap for various tasks, such as managing service upgrade schedules, maintaining network inventory, and monitoring the uptime of hosts and services.

Nmap can determine the following using raw IP packets:

  • The different hosts available on the network

  • The operating systems that the hosts run on

  • The different services offered by those hosts

  • The different firewalls that the hosts use and any other characteristics

This tool can run on most operating systems, including Linux, Windows and Mac OS X.

Metasploit

Metasploit is a powerful exploitation tool created by Rapid7. It is widely used by security professionals and can be found on the official website: www.metasploit.com. The tool comes in both a commercial and a free version and can be operated via a web interface or through the command prompt.

You can perform the following operations using Metasploit:

  • Penetration tests on small networks

  • Check the vulnerability in some systems

  • Discover any import or network scan data

  • Run individual tests on a host or look at the different modules that one can exploit

Burp Suite

Burp Suite is a software toolkit used by both malicious and ethical hackers to perform security testing on web applications. The suite includes various tools that work together to support the process of testing, from mapping the application to analyzing its surface. It is commonly used to identify and exploit vulnerabilities in web applications. The suite is user-friendly and offers administrators the ability to combine different techniques for improved testing. It can be easily configured and has various features to assist experienced testers in their work.

Angry IP Scanner

Angry IP Scanner is a lightweight and cross-platform tool that scans IP addresses and ports. It can scan a range of IP addresses and can be used or copied on any device. The tool employs a multithreading approach to increase the speed of scanning by using a separate thread for each IP address. It verifies the active status of an IP address by pinging it, and then it retrieves the MAC address, scans ports and resolves the hostname. The collected data can be saved in various file formats such as XML, TXT, IP-Port List or CSV. This tool can be used to gather information about any IP address.

Cain and Abel

Cain and Abel is a tool used in Microsoft Operating Systems for password recovery. This tool helps to retrieve passwords using one of the following methods:

  • Recording a VoIP conversation

  • Sniffing the network

  • Decoding a scrambled password

  • Cracking an encrypted password using Brute-Force, Cryptanalysis and Dictionary

  • Revealing a password box

  • Recovering wireless network keys

  • Uncovering a cached password

  • Analyzing routing protocols

This is a tool that most professional penetration testers and security consultants use for ethical hacking.

Ettercap

Ettercap, short for Ethernet Capture, is a network security tool used for man-in-the-middle attacks. It can intercept and sniff live network connections, filter content on the fly, and perform other actions. The tool has a variety of features for host and network analysis and supports the dissection of both active and passive protocols. It is compatible with a range of operating systems such as Mac OS X, Linux, and Windows.

EtherPeek

EtherPeek is a tool that simplifies the analysis of networks in a heterogeneous environment. It is small in size and can be installed on any system quickly. The tool can be used to capture and analyze network traffic packets on any network and supports various protocols including IP, AppleTalk, UDP, NBT packets, IP Address Resolution Protocol (ARP), NetBEUI, TCP, and NetWare.

SuperScan

SuperScan is a powerful tool that can be used to resolve hostnames and scan any TCP ports. It has a user-friendly interface that can be used to perform the following functions:

  • Port or ping scan using a different IP range

  • Scan different ports in the network using a built-in or random range

  • Decipher the responses from different hosts connected to the network

  • Modify the port description and list using a built-in editor

  • Merge different lists to build a new one

  • Connect different open ports

  • Assign a helper application to a port

QualysGuard

QualysGuard is a collection of tools designed to reduce the cost of compliance and simplify security operations. It automates the process of compliance, auditing, and protection for web applications and IT systems. QualysGuard provides essential security intelligence and includes a range of tools to detect, monitor, and protect networks.

WebInspect

WebInspect is a tool used to evaluate the security of web applications. It helps to identify both known and unknown vulnerabilities in the application layer. It can also be used to verify that a server is configured correctly and to test the system's vulnerability to attacks such as cross-site scripting, parameter injection, and directory traversal, among others.

LC4

LC4 (formerly known as L0phtCrack) is a password recovery and auditing tool. It is used to evaluate the strength of passwords and to potentially recover lost or forgotten passwords on Microsoft Windows by using a combination of hybrid, brute-force, and dictionary attacks. LC4 can be used to retrieve lost Windows passwords, which can simplify the process of migration and assist in recovering lost passwords for an account.

LANguard Network Security Scanner

LANguard Network Security Scanner is a tool that scans a network to identify the devices connected to it and provide information about each node on the network. It can gather information about the operating system used by each system connected to the network. The scanner can also detect any registry issues and generate a report in HTML format. It can provide information such as the NetBIOS name table, MAC address, and the user logged into the network.

Network Stumbler

Network Stumbler is a WiFi monitoring and scanning tool that is used on the Windows operating system. This tool allows network professionals to detect wireless networks in a wide area. Hackers often use this tool to find wireless networks that are not broadcasting. Network Stumbler can help verify if a network is properly configured, detect interference between wireless networks, test signal coverage and strength, and detect any unauthorized connections.

ToneLOC

ToneLOC, or Tone Locator, is a program written in the early 90s for MS-DOS. It was originally used in war dialing computer programs which scan phone numbers using a modem and dials every number that has the same area code. Malicious hackers use this tool to breach security by identifying modems that can be used to gain unauthorized access to a network or computer system or guessing a user's account. Ethical hackers can also use it to detect any unauthorized device on a computer network.

Skills Required

This chapter covers the ten most important skills every hacker needs to possess and consistently improve on to become a professional in the field.

Basic Computer Skills

Having a strong understanding of basic computer functions is crucial for a hacker. This includes knowledge of command lines in windows, editing the registry, and setting networking parameters. These may seem like basic skills, but they are actually quite difficult to master.

A mistake in the command line can disrupt the entire hacking process and make the system even more vulnerable. Professional hackers continuously strive to improve their skills, while amateurs may believe they have learned everything there is to know about computers and fail to build on their knowledge.

Networking Skills

Once you have a solid understanding of basic computer skills, it's important to improve your knowledge of networking. It's essential to know how networks function and how to optimize them. Skills such as DNS, NAT, subnetting, DHCP, IPv4, IPv6, and routers and switches are all important to know. Many of these skills can be learned online.

As mentioned earlier, amateurs may lack knowledge of the various networking skills that they need to develop, and may struggle when facing different networks. Therefore, any hacker who wishes to improve their abilities should be aware of the different networking skills they need to possess.

Linux Skills

Many hackers prefer to use Linux as their operating system because most hacking tools are developed specifically for Linux. The flexibility of Linux allows hackers to more easily achieve their goals, compared to using Windows. Therefore, it is highly recommended for any professional hacker to have proficiency in using Linux to hack into systems and identify vulnerabilities.

Wireshark

Wireshark is an open-source packet analyzer tool. It is used by hackers to troubleshoot network issues, analyze software and communication protocols, and develop new protocols for a system. Skilled hackers are proficient in using this analyzer to easily create new protocols for the system they are attempting to hack.

Virtualization

Virtualization is the process of creating a virtual version of a server, storage device, operating system, or networking resource. It allows hackers to test an attack before implementing it in real life. This also allows them to identify and fix any errors in their attack plan. Professional hackers use this technique to maximize the impact of their hack while protecting themselves.

However, amateur hackers often lack this skill and may leave traces of their actions, making themselves vulnerable to being caught. This is why it is essential for hackers to learn about virtualization and how to cover their tracks. A real-world example of this is the case of the hacker from Mumbai who leaked an episode of Game of Thrones from season 7. If he had covered his tracks better, he could have protected himself from being caught.

Security Concepts

It's essential for a hacker to have a thorough understanding of various security concepts and keep up with the latest advancements in technology. A hacker who has a strong understanding of security will be able to bypass security measures set by system administrators. To achieve this, learning skills such as Secure Sockets Layer (SSL), Public Key Infrastructure (PKI), firewalls, Intrusion Detection System (IDS), and other related skills is crucial. For amateur hackers, it's recommended to take courses such as Security+.

Wireless Technology

Wireless technology is a widely recognized method of transmitting information through invisible waves. If a hacker wants to gain access to a wireless device, they must have a thorough understanding of how the device functions. This includes learning various encryption algorithms such as WPA2, WPA, WEP, WPS, and the four-way handshake. Understanding protocol connections, authentication, and restrictions surrounding wireless technology is also crucial.

Scripting

Scripting is a necessary skill for all hackers, particularly professionals. Using scripts written by other hackers can lead to discreditation and lack of credibility. Security administrators are always on the lookout for new tools and techniques used in hacking attempts.

Therefore, professional hackers should develop their scripting skills and ensure they are proficient in writing their own scripts. Amateurs often rely on scripts created by other hackers, which can lead to problems if they do not fully understand the script.

Database

A database is a way to store data in a structured manner on a computer that can be accessed in various ways. If a hacker wants to hack into a system's database, they must have a strong understanding of different databases and their functions. Most databases use SQL to retrieve information when needed. Therefore, it's important for a hacker to learn these skills before attempting to hack into a database. Professional hackers must have a good grasp of databases to ensure they make no errors and avoid detection.

Web Applications

Web applications are software that allows users to access the internet through their web browser. These have become a popular target for hackers over the years. It is essential for hackers to spend time understanding the functions of web applications, as well as the databases that support them. This knowledge will help them create their own websites for phishing or other purposes.

The skills mentioned in this section are essential for hackers to develop. Professional hackers continuously work to improve these skills, making it easier for them to hack into any system. It is important for amateur hackers to also develop these skills.

Hacking Process & Metrologies

As with any IT project, ethical hacking should always be well-planned. It's important to identify both the strategic and tactical aspects of the process. Whether the test is a simple password-cracking test or a penetration test on an internet-based application, it is crucial to plan the process thoroughly.

Formulating the Plan

It is crucial to obtain approval before starting the ethical hacking process. It's important to make sure that the system owners are aware and approve of the testing that will be conducted. Obtaining sponsorship is the first step in working on the project. This can be obtained from an executive, manager, customer, or even from oneself if you are your own boss. It is important to have someone who can support and approve your plan, as without it, the testing process may be called off, and you could be held responsible for unauthorized testing. When testing systems in an office environment, it is necessary to have a memo from your boss giving permission to perform the tests.

For testing for a customer, it is important to have a signed contract that shows the customer's approval. Obtaining written approval will ensure that your efforts and time are not wasted, and it will also help you understand what you need to do to avoid any legal issues. It's essential to have a detailed plan as one mistake can cause the systems to crash.

However, this doesn’t mean that you need to include the different testing procedures you intend on using. A well-defined plan or scope should include the following information:

  • Which systems need to be tested

  • The risks involved

  • When the tests will be performed and how long they will run for

  • How the tests will be performed

  • How much knowledge you have about the systems

  • What you’ll do if you come across a major vulnerability

  • The deliverables, like security-assessment reports, high-level reporting of general vulnerabilities that the company should address and countermeasures that the organization should implement

It is important to prioritize testing on the most vulnerable and critical systems first. This can include starting with social engineering attacks or testing computer passwords before moving on to more complex issues. Having a contingency plan in place is crucial in case something goes wrong during the testing process. This can help minimize the potential impact on employee productivity and system performance if a system becomes unavailable due to testing. It also helps to prevent bad publicity, data loss, and loss of data integrity.

When it comes to testing for DoS and social engineering attacks, it's important to consider the potential impact on the system and organization. This includes evaluating when the tests should be conducted. For example, would it be more appropriate to perform the tests during non-business hours to minimize disruption to employees and operations?

Additionally, it may be beneficial to involve key stakeholders within the organization to ensure that the timing of the tests aligns with their approval and expectations. Careful planning and consideration can help ensure that the testing process is as effective and efficient as possible, while minimizing negative impact on the organization.

It's important to remember that real-world attacks on systems can occur at any time, and not just during a limited period. For this reason, it's essential to take an unlimited attack approach to testing. This approach allows you to test for a wide range of vulnerabilities, beyond just social engineering, physical, and DoS attacks. It's also important to recognize that discovering one security hole does not mean that the system is completely secure. Instead, you should continue testing to identify any other potential vulnerabilities. However, it's important to be mindful of not causing any damage or disrupting operations while testing. It's best to stop the testing once you can no longer hack the system, and report and fix the vulnerabilities that were discovered.

When conducting security testing, one of the key goals is to ensure that the attack goes unnoticed. This can be accomplished by performing tests on remote systems or from remote locations, to avoid alerting system users to your actions. It's important to keep in mind that if users are aware of the testing, it can skew the results as they may be on their best behavior.

In order to effectively test a system, it's important to have a good understanding of how it functions. This is especially important when testing a customer's system, as it may take some time to familiarize yourself with it. It's important to keep in mind that customers may not always want a blind assessment and it's important to base tests on their specific needs and requirements. Additionally, it is important to ensure that the system is protected while performing the testing.

Selecting Tools

As with any project, selecting the right tools is crucial to its success. However, it's important to keep in mind that simply using the right tools does not guarantee that all vulnerabilities in a system will be identified. It's also important to understand the technical and personal limitations of your customer.

It's worth noting that many security assessment tools can produce negative results and false positives, and some tests may not uncover all vulnerabilities. For example, social engineering and physical security tests can sometimes miss weaknesses. It is important to have a well-rounded approach when testing for vulnerabilities, using a combination of different tools and techniques to ensure that all potential vulnerabilities are identified. Additionally, it's important to keep in mind that security assessment is not a one-time task, it must be an ongoing process.

It's important to remember that different tools are designed for specific tasks and no one tool can be used for everything. For example, a word processor would not be useful for scanning a network for open ports. Therefore, it's important to have a variety of tools at your disposal to make ethical hacking efforts more efficient.

When selecting tools for a specific task, it's important to choose the right one for the job. For example, tools such as pwdump, LC4, and John the Ripper are specifically designed for cracking passwords, while a general port scanner like SuperScan may not be as effective. Similarly, for in-depth analysis of web applications, tools like WebInspect or Whisker would be more appropriate than network analyzers like Ethereal. The key is to have knowledge of different tools and its capabilities so that they can be used to their full potential.

When selecting the right tools for a specific task, it can be helpful to seek advice from other ethical hackers or to post your questions on online forums to get feedback and suggestions. There are also many security portals, such as SearchSecurity.com, SecurityFocus.com and ITSecurity.com, that provide information and reviews on different tools that can be used for testing. Additionally, a simple Google search can also reveal a plethora of information on the different types of tools available and the type of tests that can be performed. Consulting experts and researching the different options can help you make an informed decision on which tools are best suited for your specific needs.

Let’s look at a list of some freeware, open-source and commercial security tools:

  • Nmap

  • EtherPeek

  • SuperScan

  • QualysGuard

  • WebInspect

  • LC4 (formerly called L0phtcrack)

  • LANguard Network Security Scanner

  • Network Stumbler

  • ToneLoc

As we delve deeper into the different types of hack attacks throughout the book, we will learn more about the specific tools that can be used to perform them. It's important to note that many people misunderstand the capabilities of these hacking and security tools, often due to misconceptions or bad publicity.

Some of these tools can be complex and it's essential to familiarize yourself with each one before using them. Here are a few ways to do that:

  • Read the online help files or the readme files for the tools.

  • Go through the user guide for any commercial tool.

  • Join an online or formal class to learn more about the tool.

Executing the Plan

It is essential to approach ethical hacking with caution and patience. It is important to ensure that you have adequate time to perform the hack and that you are aware of potential risks, such as the presence of other employees or hackers in the network. To maintain the confidentiality of your actions, it is crucial to keep all information private and secure.

This includes encrypting files and emails using tools like Pretty Good Privacy (PGP) and protecting them with a password. Additionally, it's important to keep in mind that performing a hack in an ethical way, means you should be well aware of the company's policies and regulations, and should be authorized to perform the hack.

As an ethical hacker, the first step is to gather as much information as possible about the target system. This process should start with a broad perspective, collecting general information such as the organization's name, the computer and network system, and the IP address. This information can be gathered through various sources such as the company's website, public records, and even a simple Google search.

Once a general understanding of the system has been established, it's important to narrow the scope and focus on specific areas for testing. This may include a casual assessment of the system, a detailed scan of the system, and potentially even a controlled attack to identify vulnerabilities.

Throughout the process, it's crucial to maintain the integrity of the system and the company's information security policies and regulations.

Evaluating the Results

After conducting an ethical hack, it's important to evaluate the results to identify any vulnerabilities that have been discovered. It's beneficial to approach the evaluation process with the assumption that these vulnerabilities have not been previously identified. This will allow for a thorough and comprehensive evaluation. With experience, you will be better equipped to identify the correlation between vulnerabilities and understand the system better. Once the evaluation process is complete, it's important to submit a formal report to the customer or upper management. This report should outline the results of the hack and any vulnerabilities that were identified. It's crucial to keep both parties informed and transparent throughout the process to demonstrate that their investment in the ethical hack was worthwhile.

Moving On

After completing an ethical hack, it's important to implement the findings and provide recommendations to the customer to help improve the security of their systems. It's important to keep in mind that new security vulnerabilities may emerge over time as the system and technology evolves.

Therefore, it's important to have a plan in place to regularly conduct security assessments to ensure the continued protection of the system. These assessments can reveal new hacker exploits and vulnerabilities, and should be run whenever new systems are added, patches are applied, or software is upgraded. It's important to remember that a security assessment is only a snapshot of the system's security and regular testing is necessary to ensure the continued protection of the system.

Distributed Denial-of-Service Attacks.

Good Read: 3 in 1- A Comprehensive Beginner's Guide + Complete Tips And Tricks To Ethical Hacking + Learn Penetration Testing, Cybersecurity with Advanced Ethical Hacking Techniques and Methods Kindle Edition

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a network or server by overwhelming it with a large volume of traffic from multiple sources. Unlike a Denial of Service (DoS) attack, which uses a single internet connection and computer to overload a network or server, a DDoS attack uses multiple internet connections and computers to flood the target with traffic. This makes DDoS attacks more difficult to detect and mitigate because the traffic appears to come from multiple, legitimate sources. The goal of a DDoS attack is to make the targeted website or service unavailable to its intended users by overwhelming its server and network resources.

Types of Attacks

A DDoS attack can be placed in one of two categories:

  • Volume-based attacks

  • Application layer attacks

Volume-Based Attacks

A volume-based DDoS attack is a type of DDoS attack that aims to overwhelm a network or server by flooding it with a large volume of traffic. This type of attack includes several specific methods such as:

ICMP floods: This attack floods a network with ICMP echo request (ping) packets, overwhelming the target with a large number of requests.

UDP floods:

This attack floods a network with UDP packets to consume available bandwidth and exhaust the target's resources.

Spoofed packet floods:

This attack floods a network with spoofed packets, making it difficult to trace the source of the attack.

TCP floods:

This attack floods a network with a high number of TCP connection requests, overwhelming the target's resources and causing a denial of service.

These attacks are commonly known as Layer 3 and 4 attacks because they target the network and transport layers of the OSI Model. The magnitude of an attack is measured in bits per second (bps) and are typically used to saturate the bandwidth of the targeted server or network. It is important to note that DDoS mitigation methods and technologies have evolved over the years, so these types of attacks can be mitigated by using a combination of on-premise and cloud-based solutions.

An amplification attack :

An amplification attack is a type of DDoS attack that amplifies the traffic directed towards a targeted server, website, or network. This is achieved by using a technique called reflector amplification, where a hacker sends a small request to a server or network with a spoofed source IP address that is set to the target's IP address. The server or network then sends a large response to the target, amplifying the attack traffic.

Application Layer Attacks

Application layer attacks are a type of DDoS attack that targets the application layer of the OSI Model. These attacks are designed to crash a web server by overwhelming it with a large number of requests. Some common types of application layer attacks include:

DDoS attacks targeting Apache or Windows servers:

These attacks exploit vulnerabilities in specific web server software to crash the server.

Zero-day DDoS attacks:

These attacks exploit unknown vulnerabilities in a web server to crash it.

Application Attack

An application attack (also known as a Layer 7 attack) is where the hacker will overload any application through search requests, excessively logging in or a large amount of database lookups. It’s hard to identify this attack since it resembles legitimate traffic.

NTP Amplification

In this type of attack, the hacker will exploit the NTP as it’s accessible to the public. The hacker will perform actions that aim to overwhelm the target server.

Slowloris:

This type of attack opens a large number of connections to a web server and then sends requests very slowly, overwhelming the server with a large number of open connections.

The goal of application layer attacks is to crash the targeted web server by overwhelming it with a large number of requests. The magnitude of the attack is measured in requests per second (RPS).

Application layer attacks can be mitigated by implementing rate limiting on the targeted server or network, filtering incoming traffic based on source IP address, and by deploying DDoS protection solutions that can detect and block incoming traffic.

It's also important to keep the web server software and application up to date, as well as to properly configure the web server to prevent known vulnerabilities from being exploited.

It is important to note that Application layer attacks are more sophisticated than other types of DDoS attacks, as they are designed to exploit vulnerabilities in web servers and applications, making them more difficult to detect and mitigate.

How to Overcome a DDoS Attack

There are various DDoS protection tools and techniques that can be used to prevent or mitigate DDoS attacks, depending on the type and magnitude of the attack. Some common methods include:

Identifying and closing vulnerabilities in the operating system: This can prevent an attacker from exploiting known vulnerabilities to launch a DDoS attack.

Closing unnecessary ports: This can prevent unwanted access to the system and reduce the attack surface.

Using a VPN or proxy server: This can hide the system's IP address and make it more difficult for an attacker to target the system.

Firewall: Low-magnitude DDoS attacks can be filtered out by using a firewall to block traffic that is intended for DDoS.

DDoS protection service provider: For high-magnitude DDoS attacks, a DDoS protection service provider can offer a proactive, genuine and holistic approach. This service provider can monitor and analyze the DDoS traffic and will protect your system from an attack.

CDN provider: CDN providers can also monitor and analyze DDoS traffic and protect your website from an attack.

It's important to be careful when selecting a DDoS protection service provider, as some providers may take advantage of your situation and charge high costs for their services. To select the best provider it's important to look for a DDoS protection service provider that can be used to configure the CNAME and A records for the website, that can monitor and analyze DDoS traffic, and that will protect your system from an attack.

Let’s assume that the IP address you’re using is AAA.BBB.CCC.DDD. You should configure the address in the following way:

  • Create an “A Record” using a DNS identifier, and ensure that you keep it secret.

  • Next, use the CDN provider to assign a URL to the DNS identifier.

  • Lastly, use the CDN URL to create a CNAME record.

You can ask your system administrator to help you with this task and verify that you’re configuring the CDN and DNS correctly. You will now have a DNS with the following configuration:

At this time, it’s advised that you let the CDN provider handle the attack on your system. The only condition is that you do not disclose your system’s A identifier or IP address.

Quick Fix

DDoS attacks are common and target vulnerable networks and systems. There is no quick solution to this issue. If your system is under attack, it is important to stay calm and methodically address the problem.

Last updated