Ethical Hacking – Part 2

In this part we will go a step further in to ethical hacking and discuss how to do Penetration testing.

Warning: Proceed only after permission from network owner else it will be treated as hacking. You can try it on your personal systems. 

Step 1: Port Scanning

Penetration testing starts with port scanning which allows tester to probe and attempt to discover open ports, services running and OS versions. To do this you can use nmap tools.

Using nmap you can scan both TCP and UDP ports.

Step2:  Attack to webserver like apache server.

You can launch some actual attack using Metasploit. Example Apache Range DoS attack which is known as Apache Killer.

Step3: Protocol anomaly

Play with SSH to establish SSH connections to unconventional ports. Security tools should be able to detect SSH protocol anomalies.

So far we have covered 2 tools nmap and Metasploit.

 

What is nmap?

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Sometime it is also used for network inventory, managing service upgrade schedules and managing host or service uptime.

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It is designed to rapidly scan large networks, but works fine against single hosts.

Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

For more details you can visit http://nmap.org

 

What is Metasploit?

This tool helps test your network to uncover exploitable security gaps and help validate vulnerabilities. It allows you to simulate phishing attacks.

Next we will cover how to use nmap.

Ethical Hacking – Part 1

Before going into details of how to ethical hacking we should be clear of what it is.

What is ethical hacking?

An ethical hacking is an attempt to penetrate networks and or computer systems, using the same method as a hacker would use for the purpose of finding and fixing computer security vulnerabilities.

Here are list of the hacking tools that are commonly required for hacking. This will be required for doing any type of ethical hacking.

Reconnaissance (and DNS)
  1. Dig – DNS lookup utility
  2. DNSMap – DNS mapping is a mechanism which allows hosts on a private LAN to use DNS Services even if the address of an actual DNS Server is unknown.
  3. DNSTracer – Trace DNS queries to the source
  4. DNSWalk – Checks DNS zone information using nameserver lookups
  5. Netmask – Helps determine network masks
  6. Relay Scanner – This program is used to test SMTP servers for Relaying problems
  7. TCPTraceroute – Traceroute implementation using TCP packets
  8. Firewalk – Firewalk is a network auditing tool that attempts to determine what transport protocols a given gateway will pass.
Foot-printing
  1. Amap – Performs fast and reliable application protocol detection, independent of the TCP/UDP port they are being bound to.
  2. Curl – Get a file from an HTTP, HTTPS or FTP server
  3. Fping – Sends ICMP ECHO_REQUEST packets to network hosts
  4. Hping3 – Active Network Smashing Tool
  5. HTTprint – A web server fingerprinting tool
  6. Ike-Scan – IPsec VPN scanning, fingerprinting and testing tool
  7. MetoScan – HTTP method scanner
  8. Nmap – The Network Mapper
  9. Netcat – TCP/IP swiss army knife
  10. P0f – Passive OS fingerprinting and masquerade detection utility
  11. Zenmap – The Network Mapper Front End
Password Cracking
  1. Chntpw – NT SAM password recovery utility
  2. Rainbowcrack – Crack LM, MD5 and SHA1 hashes
  3. THC PPTP Bruter – A brute forcing program against PPTP VPN endpoints (TCP port 1723)
  4. VNCrack – Crack VNC passwords
  5. John the ripper – A fast password cracker
Network Sniffing
  1. DHCP Dump – DHCP packet dumper
  2. Dsniff – Password sniffer
  3. SSLDump – Dump SSL traffic on a network
  4. Ntop – Displays top network users
  5. Wireshark – Interactively dump and analyze network traffic
Spoofing (or Masquerading)
  1. File2cable – Sends a file as a raw ethernet frame
  2. Netsed – Network packet streaming editor
  3. Sing – Send ICMP Nasty Garbage packets to network hosts
  4. TCPreplay – Replay network traffic stored in pcap files
Wireless Networking Utilities
  1. Aircrack-ng – Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
  2. Kismet – Wireless sniffing and monitoring
  3. THC Leap Cracker – The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP Authentication.
  4. WEPCrack – WEPCrack is an open source tool for breaking 802.11 WEP secret keys.
  5. WIDZ – Wireless Intrusion Detection System
  6. Cowpatty – Brute-force dictionary attack against WPA-PSK
Miscellaneous
  1. GDB – The GNU Debugger.
  2. Hexdump – ASCII, decimal, hexadecimal and octal dump tool.
  3. Hexedit – View and edit file in hexadecimal or in ASCII
  4. Wipe – Securely erase files
  5. Madedit -Text/Hex Editor

Next part will have how to use these tools to exploit vulnerabilities.