Ethical Hacking – Part 1

Before going into details of how to ethical hacking we should be clear of what it is.

What is ethical hacking?

An ethical hacking is an attempt to penetrate networks and or computer systems, using the same method as a hacker would use for the purpose of finding and fixing computer security vulnerabilities.

Here are list of the hacking tools that are commonly required for hacking. This will be required for doing any type of ethical hacking.

Reconnaissance (and DNS)
  1. Dig – DNS lookup utility
  2. DNSMap – DNS mapping is a mechanism which allows hosts on a private LAN to use DNS Services even if the address of an actual DNS Server is unknown.
  3. DNSTracer – Trace DNS queries to the source
  4. DNSWalk – Checks DNS zone information using nameserver lookups
  5. Netmask – Helps determine network masks
  6. Relay Scanner – This program is used to test SMTP servers for Relaying problems
  7. TCPTraceroute – Traceroute implementation using TCP packets
  8. Firewalk – Firewalk is a network auditing tool that attempts to determine what transport protocols a given gateway will pass.
Foot-printing
  1. Amap – Performs fast and reliable application protocol detection, independent of the TCP/UDP port they are being bound to.
  2. Curl – Get a file from an HTTP, HTTPS or FTP server
  3. Fping – Sends ICMP ECHO_REQUEST packets to network hosts
  4. Hping3 – Active Network Smashing Tool
  5. HTTprint – A web server fingerprinting tool
  6. Ike-Scan – IPsec VPN scanning, fingerprinting and testing tool
  7. MetoScan – HTTP method scanner
  8. Nmap – The Network Mapper
  9. Netcat – TCP/IP swiss army knife
  10. P0f – Passive OS fingerprinting and masquerade detection utility
  11. Zenmap – The Network Mapper Front End
Password Cracking
  1. Chntpw – NT SAM password recovery utility
  2. Rainbowcrack – Crack LM, MD5 and SHA1 hashes
  3. THC PPTP Bruter – A brute forcing program against PPTP VPN endpoints (TCP port 1723)
  4. VNCrack – Crack VNC passwords
  5. John the ripper – A fast password cracker
Network Sniffing
  1. DHCP Dump – DHCP packet dumper
  2. Dsniff – Password sniffer
  3. SSLDump – Dump SSL traffic on a network
  4. Ntop – Displays top network users
  5. Wireshark – Interactively dump and analyze network traffic
Spoofing (or Masquerading)
  1. File2cable – Sends a file as a raw ethernet frame
  2. Netsed – Network packet streaming editor
  3. Sing – Send ICMP Nasty Garbage packets to network hosts
  4. TCPreplay – Replay network traffic stored in pcap files
Wireless Networking Utilities
  1. Aircrack-ng – Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
  2. Kismet – Wireless sniffing and monitoring
  3. THC Leap Cracker – The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP Authentication.
  4. WEPCrack – WEPCrack is an open source tool for breaking 802.11 WEP secret keys.
  5. WIDZ – Wireless Intrusion Detection System
  6. Cowpatty – Brute-force dictionary attack against WPA-PSK
Miscellaneous
  1. GDB – The GNU Debugger.
  2. Hexdump – ASCII, decimal, hexadecimal and octal dump tool.
  3. Hexedit – View and edit file in hexadecimal or in ASCII
  4. Wipe – Securely erase files
  5. Madedit -Text/Hex Editor

Next part will have how to use these tools to exploit vulnerabilities.

 

MAC Address Spoofing

To change MAC-Address for a Network card in Windows Registry:

  1. Click Start – Run, type “regedit”
  2. Navigate to

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318]

HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Control
\Class

\{4D36E972-E325-11CE-BFC1-08002BE10318}

3. Under this key, you shoud see numbers in sequence as “0000″, “0001″ and so on. Click on one at a time to check the description of the device to match it with that of your Network Card. In my case (0001)

figure1

4. Once found, in the right-pane, look for “NetworkAddress” key value. If you find it, right-click and select modify. Enter the desired MAC-Address as a 12 digit number (all in one, no “space” “.” or “-”)

5. If you don’t find the key, right-click in the rightpane, select “New” – “String Value”. Enter the name as “NetworkAddress”. Now modify and set the desired value.

6. Now, disable and enable the Network card from the ControlPanel – Network Connections.

This should reflect the new MAC-Address on your NIC. Should you choose to go back to the original manufacturer set MAC-Address simply delete the key you just created/modified in the Windows Registry.

figure21

You can also use a tool like Technitium MAC Address Changer to change the MAC-Address of your NIC