Windows Essentials Before We Start

This chapter summarizes the basic concepts related to the most targeted and widely used Windows operating system. The chapter explains Windows architecture and authentication process along with different Windows operating system tools including Windows management instrumentation command-line (WMIC), recycle bin, msinfo32, netsh (network shell), Windows services console, Windows registry, event viewer, NBTSTAT (NetBIOS over TCP/IP Status), system file checker, group policy editor, Windows firewall, Windows task manager, MSCONFIG utility, netstat (network statistics) utility, Attrib command, diskpart utility, etc. The chapter provides details of Windows powershell, an integrated scripting environment (ISE) for executing the commands at runtime as well as for developing and testing PowerShell scripts along with net commands and netsh commands. These tools are useful for diagnosing and testing the security level or condition of existing Windows installation. The Windows virtual machines created as part of experimental setup discussed as in first chapter of this book can be used to exercise the windows commands and utilities mentioned in this chapter.

Linux Essentials Before We Start

This chapter provides a complete overview of Linux operating system as possessing sound knowledge about Linux operating system is very much essential for learners who aspire to become good ethical hackers. The chapter explores the basic concepts like Linux architecture; Linux commands; file permissions in Linux; Linux configuration settings including user password settings, environment configuration, network settings; Linux processes and services to the advanced topics like shell scripting, configuring IP tables, logging process, configuring putty; Linux-based applications; etc. The chapter also provides examples of python programming in Kali Linux offensive Linux-based operating system. This chapter introduces all basic concepts related to the Linux operating system. To become a good ethical hacker, one should have a good understanding of the Linux operating system.

Web Server Hacking

Organizational web servers reflect the public image of an organization and serve web pages/information to organizational clients via web browsers using HTTP protocol. Some of the web server software may contain web applications that enable users to perform high-level tasks, such as querying a database and delivering the output through the web server to the client browser as an HTML file. Hackers always try to exploit the different vulnerabilities or flaws existing in web servers and web applications, which can pose a big threat for an organization. This chapter provides the importance of protecting web servers and applications along with the different tools used for analyzing the security of web servers and web applications. The chapter also introduces different web attacks that are carried out by an attacker either to gain illegal access to the web server data or reduce the availability of web services. The web server attacks includes denial of service (DOS) attacks, buffer overflow exploits, website defacement with sql injection (SQLi) attacks, cross site scripting (XSS) attacks, remote file inclusion (RFI) attacks, directory traversal attacks, phishing attacks, brute force attacks, source code disclosure attacks, session hijacking, parameter form tampering, man-in-the-middle (MITM) attacks, HTTP response splitting attacks, cross-site request forgery (XSRF), lightweight directory access protocol (LDAP) attacks, and hidden field manipulation attacks. The chapter explains different web server and web application testing tools and vulnerability scanners including Nikto, BurpSuite, Paros, IBM AppScan, Fortify, Accunetix, and ZAP. Finally, the chapter also discusses countermeasures to be implemented while designing any web application for any organization in order to reduce the risk.

Miscellaneous Tools

This chapter discusses different essential ethical hacking tools developed by various researchers in detail. Tools discussed here include Netcat network analysis tool, Macof from Dsniff suit toolset for DOS attack, Yersinia for dhcp starvation attack, Dnsspoof tool for MITM attacks, Ettercap for network-based attacks, Cain and Abel, Sslstrip tool, and SEToolkit. These tools are used for carrying out DOS attack, DHCP starvation attack, DNS spoofing attack, session hijacking attacks, social engineering attacks, and many other network-based attacks. Also, the detailed steps to configure WAMP server as part of ethical hacking lab setup is also discussed in this chapter in order to simulate web application-based attacks. There are large numbers of ethical hacking tools developed by the researchers working in this domain for computer security, network security, and web server security. This chapter discusses some of the essential tools in detail.

Scanning and Enumeration Phase

In ethical hacking, the reconnaissance phase is followed by the scanning and enumeration phase where the information collected from reconnaissance phase is used to examine the target or target network further for getting specific details such as computer names, IP addresses, open ports, user accounts, running services, OS details, system architecture, vulnerabilities, etc. This chapter introduces different scanning and enumeration tools used in the scanning phase of the ethical hacking process in detail. One may use scanning and enumeration tools and techniques involving packet crafting tools, packet analyzers, port scanners, network mappers, sweepers, and vulnerability scanners during this phase. The chapter introduces tools like Hping3, NMAP security scanner, Colasoft packet builder to create custom packets, vulnerability scanners such as Nessus, Netbios enumeration technique, Hyena, remote administration of network devices using advanced IP scanner, global network inventory, network mapping using the dude network monitor, banner grabbing using ID serve, SNMP enumeration technique, creating NetBIOS null session to enumerate, etc. The chapter also provides the details of maintaining privacy and anonymity while carrying out such scanning and enumeration attacks.

Why One Should Learn Ethical Hacking

This chapter sets the stage for the rest of the book by presenting the importance of learning hacking techniques by each and every person dealing with cyber operations. The chapter explains various basic terminologies used in the ethical hacking domain and also provides step-by-step instructions for setting up an ethical hacking lab in order to carry out the attacks mentioned in further chapters of this book. The chapter also reveals the legal issues with the ethical hacking domain by providing details of existing cyber laws, acts, and regulations framed by various countries in order to deal with the harmful hacking activities and cybercrimes.

Wireless Hacking

Wired networks add to cost and space required to setup while wireless networks are easy to expand without adding complexity of cables. Most organizations implement wireless networks as an extension to an existing wired connection by installing multiple access points at various locations to cover larger area. The wi-fi network users can be assigned limited and restricted access to the actual wired network and organizational resources. Although less reliable, wireless networks offer mobility, flexibility, ease of deployment, scalability with reduced cost of implementation. However, besides these many advantages, wireless network expands the security threat level by offering ease of intercepting network traffic to the hackers via open networks. Hence, there is a need to determine the potential wi-fi security threats, attacks, attacking tools, and possible countermeasures to be used to secure organizational wireless networks. This chapter focuses on different IEEE 802.11 wireless standards, authentication and association processes in 802.11, and WLAN frame structure. This chapter explains different wireless attacks like war-driving, war-chalking, wi-fi signal jamming, denial of service (DOS) attack, rogue access point attack, wireless traffic analysis, MAC spoofing, de-authentication attack, man-in-the-middle attack, evil twin attack, cracking wi-fi encryptions, spectrum analysis, bluetooth devices attacks, etc. The chapter also discusses different tools used for carrying out wireless attacks or auditing wireless security like NetStumbler, Kismet, Aircrack, insider, KisMAC, WEPWedgie, WIDZ, and Snort-wireless. The chapter also discusses countermeasures against these attacks.

Gain and Maintain Access

The gaining access phase in the ethical hacking process focuses on getting access to the individual host on a network based on the information collected during previous phases. Actual attacking starts in this phase, where an attacker will carry out password cracking/password sniffing attacks along with privilege escalation attacks to gain administrative privileges on the target host bypassing computer security. Once access is gained, maintaining that access on compromised hosts becomes important for an attacker in order to carry out future attacks. This chapter includes a study of tools and techniques like password cracking or social engineering attacks in order to gain the access on target machines based on the information collected during the previous phases. The chapter also introduces the tools and techniques used for escalating privileges by exploiting vulnerabilities, executing spyware/backdoor/key loggers/rootkits/trozans applications, etc. The chapter also explains the techniques used to maintain access in compromised hosts, to cover tracks/evidence, and methods to avoid detection. An attacker may use rootkits during this phase to hide his presence and maintain access to the compromised hosts. An attacker may hide files using rootkits/steganographic techniques, hide directories, hide attributes, use alternate data streams (ADS), place backdoors, and cover tracks by modifying/deleting log files. All these techniques are explained in this chapter.

Reconnaissance Phase

In warfare, “reconnaissance” is the process of collecting information about enemy forces using different detection methods. In ethical hacking, reconnaissance is the first phase targeted to gather and learn as much as information available about the target using tools like internet sources, social engineering techniques, dumpster diving, email harvesting, Whois database, etc. This chapter introduces different tools and techniques used during the active and passive reconnaissance phases in detail. Reconnaissance consists of footprinting, scanning, and enumeration techniques used to covertly discover and collect information about a target system. During reconnaissance, an ethical hacker attempts to gather as much information about a target system as possible. It can use active (by directly interacting with the target which have risk of getting caught like social engineering methods) or passive (like visiting target website) information-gathering methods in order to identify the target and discover its IP address range, network, domain name, mail server, DNS records, employee names, organization charts, and company details. The chapter also provides the details of possible countermeasures to be implemented on website to avoid revealing more information to the attackers.

Networking Fundamentals

This chapter introduces to basics of computer networking and associated widely used essential networking communication protocols. The chapter provides the comparison of OSI and TCP model along with details of internet layer protocols including internet protocol (IP), IP addressing schemes, internet control messaging protocol (ICMP), etc. Next, the chapter discusses transport layer protocols transmission control protocol (TCP) and user datagram protocol (UDP) in detail. Application layer protocols including dynamic host control protocol (DHCP), secure shell (SSH), file transfer protocol (FTP), trivial FTP (TFTP), simple network management protocol (SNMP), hyper text transfer protocol secure (HTTPS), network time protocol (NTP), domain name system (DNS), and simple mail transfer protocol (SMTP) are also explained in this chapter. One just cannot attack a networking protocol without knowing how it works. Having a solid introduction about computer networking and network protocols is fundamental in the ethical hacking world. This chapter quickly revisits all essential concepts related to computer networking.