HackingTheBeginnersGuidetoMasterTheArt

OfHackingInNoTime

IntroductionI want to thank you and congratulate you for downloading the book, “ The BeginnersGuidetoMasterHackingInNoTime ” .

Thisbookhasactionableinformationthatwillhelpyoutomasterhackinginnotimeevenifyouareacompletebeginner.

Bydefinition,hackingistheprocessofchangingthefeaturesofasystemtoachieveagoaloutsidethatoftheoriginalpurposeofthecreator.Thisessentiallymeansthatahackerisan individual engaged in such activities and has by choice accepted the practice as alifestyleandphilosophy.

Today,computerhackingisthemostpopularmethodofhacking,especiallyinthefieldofcomputer security, even though the practice also exists in other forms such as phonehacking,andbrainhackingbutisnotlimitedtoanyofthese.

Whatweandthemediacommonlyrefertoashackingisactually‘black-hat’hacking,thenegative side of hacking that causes many to mistake the term hacking to meancybercrime and other negatively related issues. This is perhaps becauseHollywood hassomehowdepictedhackersasthecoolnerdsthatillegallygainaccesstoNSA,CIA,FBI,companies’ computer networks and other protected systems. This view of hacking andhackersisusuallydamagingtotheotherhackers,theethicalhackerswhohackinalegalway.

Thisbookwillintroduceyoutotherealphilosophyofhacking,asitoughttobe:ethicalhackingandtheethicsthatgovernit.Ifyouarenewtohacking,thisbookisgoingto,inasystematicandcomprehensivemanner,guideyouthrougheverythingyouneedtobecomea sort-after ethical hacker. Because cybercrime is on the rise, many organizations arehiringITexpertstoidentifysecuritythreatstotheirwebsitesandcyberdata.

Themenandwomenhiredfor this jobareethicalhackers.Their jobis topenetrate intothewebsitesofthesecompaniesinabidtodeterminethesecurityholespresentinthesedatacentersandwebsitesinordertokeeptheblackhackersaway.Thisthereforemeansthe skill of ethical hacking is currently in high demand. This book aims to help youbecomea skilledethicalhackerbyensuringyouknoweverythingaprofessionalethicalhackershouldknow.

Thanksagainfordownloadingthisbook.Ihopeyouenjoyit!

Copyright2016by_________JamesJackson_____________-Allrightsreserved.

Thisdocumentisgearedtowardsprovidingexactandreliableinformationinregardstothetopic and issue covered. The publication is soldwith the idea that the publisher is notrequired to render accounting, officially permitted, or otherwise, qualified services. Ifadviceisnecessary, legalorprofessional,apracticedindividual in theprofessionshouldbeordered.

- From a Declaration of Principles which was accepted and approved equally by aCommittee of the American Bar Association and a Committee of Publishers andAssociations.

Innowayisitlegaltoreproduce,duplicate,ortransmitanypartofthisdocumentineitherelectronicmeansorinprintedformat.Recordingofthispublicationisstrictlyprohibitedandanystorageofthisdocumentisnotallowedunlesswithwrittenpermissionfromthepublisher.Allrightsreserved.

Theinformationprovidedhereinisstatedtobetruthfulandconsistent,inthatanyliability,intermsofinattentionorotherwise,byanyusageorabuseofanypolicies,processes,ordirectionscontainedwithinis thesolitaryandutterresponsibilityof therecipientreader.Under no circumstances will any legal responsibility or blame be held against thepublisher for any reparation, damages, ormonetary loss due to the information herein,eitherdirectlyorindirectly.

Respectiveauthorsownallcopyrightsnotheldbythepublisher.

Theinformationhereinisofferedforinformationalpurposessolely,andisuniversalasso.Thepresentationoftheinformationiswithoutcontractoranytypeofguaranteeassurance.

Thetrademarksthatareusedarewithoutanyconsent,andthepublicationofthetrademarkis without permission or backing by the trademark owner. All trademarks and brandswithin this book are for clarifying purposes only and are the owned by the ownersthemselves,notaffiliatedwiththisdocument.

TableofContents

Introduction

TheHackingLingo:HackingTermsandDefinitions

EthicalHacking101

TheEthicsofEthicalHacking

EthicalHacking:ABeginner’sLesson

TheToolsoftheTrade

WhettingYourHackingAppetite:CommonHackingAttacks

AutomatingAttacks

HowtoDefendAgainstBruteForceAttacks

TakingChargeOfAnEntireNetworkAsAHacker

CompromisingaClient

TheBestandLatestTopFiveHackingTools

Conclusion

Becausethisfieldisatechnicalone,letusstartbydefiningandunderstandingkeyterms.

TheHackingLingo:HackingTermsandDefinitionsAsstatedintheintroductorypartofthisbeginner’shackingguide,hackingisatechnicalfield. To fit into this field, you have to master the lingo and understand importantterminologies.Belowaretheimportantones:

Bruteforce:Brute force refers to themethodusedbyapplicationprograms tocrackordecode encrypted data such as DES (Data Encryption Standard) keys, or passwordsthroughextensiveeffortasopposedtousingintellectualstrategies.

Code: Code is the text readable by a computer and based on instructions regulating adeviceorprogram.Whenyouchangethecodeofaparticulardeviceorprogram,youwillchangeitsbehavior.

DenialofServiceAttack(Dos):DOSisaninterruptionusedagainstacomputernetworkor website to terminate its responsiveness albeit temporarily. It involves sending verymany content requests to the site to overload the server. The content requests are theinstructionssentforexample,fromaparticularbrowsertosomewebsitethatenablesthefollow-upofthewebsiteinquestion.Suchattacksaresaidtobethesameastheinternetparallelsofstreetprotestsandareevenusedbysomegroupsasaprotesttool.

Server: A server is a program that regulates the access to the network service or acentralizedresourcecenter.

Configuration:Configurationreferstothetechnicalcomputerspecificationsthatincludebutnot limitedtotheprocessorspeed, theRAM,andtheamountofharddrivespace.Itrefers to the specifichardware and softwaredetailswith respect to thedevices attachedandthestrengthorcompositionofthesystem.

KeystrokeLogging: It is the tracking of the keys pressed on a computer besides thetouchscreenpoints.Inotherwords,itreferstothecomputermaporthehumaninterface.GreyandblackhathackersutilizethistorecordloginID’sandpasskeys.KeyloggersareconcealedontosomedeviceusingTrojanconveyedusingaphishingemail.

TransmissionControlProtocol/InternetProtocol(TCP/IP):TCP/IPreferstothesetofnetworking procedures or protocols that allow communication between two or morecomputers

Protocol:Protocolsarethesetofrulesunderwhichacomputeroperatestocontrolhowadocumentontheinternetgetstransmissiontoyourscreen.

Protocol Implementation: Protocol implementation is the process of negotiating sometransactionthroughaspecificconnection.Thisnegotiatingisintheformofrequestingandhandlingthedirectorylistings,sendingfilesandreceivingfilestoaserver.

NetworkBasic Input/Output System (NetBIOS):NetBIOS is a program that allowssoftware applications contained in various computers within the same network tocommunicate.

IP Address: In computer networking, IP address refers to the numbers separated byperiods whose role is to recognize every computer by use of the internet protocol tocommunicateoveranetwork.

Rootkits: Rootkits are some of the software tools that help ethical hackers gainunapprovedcontrolofacomputersystemwithoutnotice.

Piggyback: A piggyback is the use of an established session by another user to gainaccesstoablockedorrestrictedcommunicationchannel.

Falsepositive:Afalsepositiverefers to therejectionofanullhypothesis; forexample,whenthecomputer identifies legitimatemessagesas illegitimateandeitherdeletes themormovesthemtoaspecialfolder.

Withthatunderstandingofsomeofthetermsusedinhacking(ethicalhacking),let’snowmoveon to discussing some important basics about hackingbeforewe canmoveon todiscussinghowtobeahacker.

EthicalHacking101Aspointedoutabove,theaimofthekindofhackingperformedbyanethicalhackeristohelp a company or an individual identify potential threats on a computer network andtherefore,identifyanysystemvulnerabilitiesthatamalicioushackercanexploit.

Thecompanythenusestheinformationgatheredtoimprovethesecurityofthesystemandminimizeoreliminatethepossibilityofpotentialattacks.

TheEthicsofEthicalHackingForhacking tobe termedethical, thehackermustadhere to some rules that include thefollowing:

1.Expresspermission(oftenthroughwriting)toprobethesystemnetworktoidentifyanypotentialsecuritythreats

2.Torespecttheprivacyoftheindividualorcompany

3.Tocoverallyourwork,avoidsyphoninganyinformationordatagiventoyouforlaterpersonalormalicioususe.

4. To allow the hardwaremanufacturer or software developers identify anyweaknessesyoudetect in their products, software,orhardware, if theorganizationdoesnot alreadyknowaboutthem.

The term ‘ethical hacker’ is foray for criticism from peoplewho state there is no suchthingasethicalhacking.Thoseopposingthefieldofethicalhackingassertthathackingishacking regardless of how you view it. Those against ethical hacking (or any form ofhackingforthatmatter)refertothosewhoperformthepracticeascomputercriminalsorcybercriminals.Letmeexplainwhyethicalhackingissomethingrealandimportant.Youcanthinkofethicalhackersasintelligencespecialistswhocollectdataforpotentialthreatsthentakemeasurestomakesurethatthethreatisneutralizedordeterred.Youreallydon’tthink of FBI and CIA as a group of criminals, do you?Well, this explains the role ofethicalhackers.Thebadguyswon’tcarelesswhetherwhattheyaredoingiscriminalornot. If you don’t take measures to prevent any likelihood of unauthorized access toconfidential data, you are essentially exposing yourself to the possibility of hackersexploitinganyexistingloopholestotheiradvantage.Sowhatdoyoudo?Well,tokeepoffhackers, you need to hire the finest hackers who then have to work within certainguidelines (ethics)otherwiseyouwill justbewaiting for theunknown tohappen; that’swhyyouhirehackerstocatchandkeepoffhackers.

Sincewehavenotedthattheworkofethicalhackersinacompanyistoofferassistancetoimprove thesecurityof thesystem,Icanassert that theworkof thesehackershasbeenvery successful.Anyone interested in ethical hacking can get certification to become aCEH (CertifiedEthicalHacker).TheEC-Council (international council ofE-CommerceConsultants)deliversthisinternationallyrecognizedcertification.Theirsisa125multiplechoicequestionsexam,whichisaversioneight,unliketheversionsevenwhichhas150questionscostsabout$500.

With that basic understandingof hacking as a term, let’smoveon to discussing ethicalhackingasanareaofspecialization.

EthicalHacking:ABeginner’sLessonInasmuchasethicalhackingisanexcitingfield,itrequiresasmuchpreparationasotherundertaking.Tobegintheprocessofhacking,youneedto:

1.Understandthevarioustoolsofthetrade

2.Understandthemostcommonattacksaswellasdefenses

3.Practice

Let’sdiscussthisindetail:

TheToolsoftheTradeWhenseekingtogetinvolvedinwebapplicationsecurity,youneedtoknowhowyoucanusethemostpopularwebsitehackingtool:theproxy.Sowhataretheseandwhatdotheydo? Proxies will enable you intercept the HTTPS requests, understand how a websiteworks,andatthesametime,revealcriticalsecurityissues.

Here,wewillwalkyouthroughinstallingandusingBurp,themostcommonproxyusedbyethicalhackers.ItisarevelationtoseehowsomeofyourfavoritewebsiteswithinthecoversatthelayerofHTTPworkafteryoutakesometimewithawebproxy.Duringthedevelopmental,debugand troubleshootingphasesofwebapplications, this issomethingthat’sveryuseful.

HowtoSetUpBurpProxy

Begin by downloading and installing the app. Since it is a java app, youmay need toinstall java JRE. To ensure that your browser uses Burp, you have to configure a fewsettings.TherecommendationistouseFirefoxwithBurpbecausebydoingso,youwillbeabletosetitupwithouthavingtomakeanychangestothesystemwidesettingswhichwouldaffectacoupleofprograms.

Once you have downloaded, installed, and started Burp, click ‘proxy tab’ and then‘options.’Ensurethe‘proxylisteners’isrunningandnotetheinterface,whichbydefault,is127.0.0.1:8080.

After that, move down to the sections of and and ensure that the top level

andhavebeenchecked.Inaddition,checkthethird

checkbox under that says ‘or request was intercepted.’ Thesettingsshouldbesimilartotheonesbelow.

ThiswillenableBurptocaptureboththebrowserrequestsandtheresponsesoftheserver.Next,wehavetosetupFirefoxsothatitcanuseBurpasaproxy.Justclickon‘Firefox’and after that ‘preferences.’ Click the advanced icon and then the network button. As

shownbelow:

The last step will be to change network settings. How do you do that? Well, underConnection,proceedtoconfigurehowMozillaFirefoxwillbeconnectingtotheinternetbyfirstclickingonthesettingsbutton.Adjustthesettingstomatchthepicturebelow.

GotothemanualproxyconfigurationandhavetheIPaddressandtheportmatchingtheBurp’ssettingsthatbydefaultshouldbe127.0.0.1port8080.Checktheboxto‘usethisproxyserverforallprotocols.’Finally,doawaywiththesettingsintheboxthatstates‘noproxyfor’sothatyoucancapturethelocaltraffic.Clickokandyouaresettobegin.

Atthispoint,youhavetotestyoursetuptomakesureitworks.GobacktoFirefoxandkey in google.com and then click enter. If everything is set up correctly, your browsershould hang there waiting for the website. After this, when Burp has captured yourrequest, return toBurpexpecting to see theHTTP request in theproxy toGoogle, theninterceptthetab.EnsureyouarelookingattherightscreenonBurp.

Thereareverymanyoptionsbutitshouldgenerallylooklikethis:

Send the request to the server by clicking the forward button. You should receive theserverresponsealmostimmediately.Clicktheforwardbuttononcemoreandsendtothebrowser the server response.The server response to our original request toGoogle is aredirection of 301, which will inform your browser the location header to go towww.google.com.

Thebrowsermakesthisautomaticrequestforyousoyoucansafelyforwardtherequestand the response.Googlewill once again redirect to theSSLversionofGoogle,whichwilldefinitelypresentanotherissue.

ForBurptoconnect to theSSLsites, itwillmakeaninterceptionto theconnectionandgives its own SSL certificate to the browser. This enables Burp to decrypt the HTTPrequestandresponseevenifSSLisinuse.Thebrowserishoweversmartenoughtotellwhether the SSL certificate is okay or not to provide awarning to the user if the SSLcertificate isvalidandwillgiveawarningto theuserabout thecertificatebeinginvalidforthissite.

NowthatweknowBurpisinterceptingtherequest,youcanclickonthe“Iunderstandtherisks’ and the ‘add exception’ to add the Burps SSL certificate. You can then click‘confirm security exception’ so that the browser will let you use Burp for this SSLconnection.Whenacceptingthis,takecareandensureyouareusingBurp,otherwise,youdonotaddtheexception.

The browser now makes the SSL request, and Burp captures it once again. Just keepforwardingtheresponsesandrequestsuntilyouseetheGooglehomepageonthebrowser.

If you’ve done everythingwe’ve learnt so far, your appetite formoving a little furthershouldbeatitshighest.Let’smoveontothenextchaptertotakethisalittlefurther.

Whetting Your Hacking Appetite: Common HackingAttacksWhich common attacks do hackers use to hack into a system?You need to understandtheseattackssoyoucantestyoursitesandthencodefortheseweaknesses.Manyhackersdirectabruteforceattacksonwebsiteloginpagewheretheytrythousandsofpasswordsandusernamesuntiltheykeyinacorrectcombination.

Bruteforceattackscompromisetheveryconceptappliedtoresettingpasswords,thesecretquestions,promotionalanddiscountcodes,andotherinformationthatissecretandusedtorevealtheidentityoftheuser.Toperformbruteattacks,youwillneedthefollowing:

1.Confirmtheaccountlockout–therequestthrottlingisdisabledorsimpletobypass.

2.Decidetheusername’sformat

3.Makealistofthepotentialusernames

4.Confirmthevalidusernames

5.Runtestsonthepasswordsforeveryvalidusername

Beginbydecidingwhetheranaccountlockoutexists.Youcandothisbyfailingtheloginfor a user.Next, determine the format of the username. These can be from one site oranother; nevertheless, the current trend is to use an email address, which is easier torememberand it cancome inhandywhenconductingpassword resets.Assume the siteyouaretargetinghassuchaloginpageastheonebelow.

Noticethattheusernameisanemailaddress,otherwise,iftheloginscreendidnottellusthat, you would have to determine that by registering or signing up for an account.Obviously,fromthesignuppage,youcantellthattheusernameisanemailaddress.

Ifyouaredealingwithalargepublicsite,peopleusuallysignupwithyahoo,G-mail,andother popular email domains. It is rather unfortunate that because internet hacking ispopular, presently, it is easy to get long lists of email addresses from compromiseddatabases.

Take this example; if you want to target Franco James, you will first key injamesfranco@gmail.com(orhisemailaccount)followedbyapasswordbeforeyouclicklogin. You will probably get an error message stating that the email(jamesfranco@gmail.com)doesnotexist.

LetUsDetermineUsernames

With the first clue, youwill have to create a list of usernames. If thiswas a companywebsite, theprocessof determining the format of the email and then comingupwith acustom list isquite simple.Normally, corporateemail addressesusually takeanyof thefollowingformats:

firstname.lastname@company.com(james.franco@company.com)

firstinitiallastname@company.com(jfranco@company.com)

lastnamefirstinitial@company.com(francoj@company.com)

UsetheresourcesonthisWordstreamlinktogetoneemailaddressthatyouwillusetogettheformatformintheemaildomain.Takethisexample:fromtheexampleapplicationI’musing,weknowthatthedomainisonemonthsimple.comthatislocatedinthedomainandfooter.Thiswillkickusoff.

LetUsGuessAccounts

Tofindavalidusername,itmightbenecessarytoguessafewaccounts.Begindoingsoby manually testing some of the common usernames ensuring to have@onemonthsimple.com domain. You can use any name such as Jacobs, Mary, Dave,Jonah,Jon,Calvin,Emily.Tryeachoneofthemout.

Youwill find that at least one of themwillwork.When youmake a correct usernameguess,youwillgetanerrormessageaboutthepasswordbeingincorrect.However,having

avalidemailaddressisagoodsteptobreakingin.

Ergo

Usernames are email addresses and the applicationwill inform youwhether or not theaddressisvalid.Youmayfindavalidemailaddressbutthatcontainsawrongpassword,andtherefore,an‘incorrectpassword’messagewillappear.

SincetheapplicationisacorporateHR,youwillberighttoguessthatmostusershavethe@onemonthsimple.comastheemail.Youwillusethistocreateyourownlistofcommonnamestofindnewusers.Itmaytakeawhiletoguesstheusernames;therefore,anattackerwouldmake the process automatic, which is, trying usernames andmatching the errormessageswiththevalidones.

AutomatingAttacksTo begin, you will definitely require a bigger list of names/dictionaries/wordlists (inhackerterms).Youwillneedawordlistoffirstnamesbasedonwhatyouknowabouttheapplication.You can do this by, for instance, getting the first ten thousand baby namesfromthecensusintheUS.

Afterthat,youneedtofindawaytoautomatethesigninginprocess.Todothis,youcancreateasmallcustomprogrambydoingthefollowing:

1.First,readafilecontainingusernamesensuringtoreadeachlinebyline

2.Thenproceedtosendtheusernametothewebsiteloginpage

3.Rechecktheerrormessagetocheckwhethertheparticularusernameisvalidornot

TheCodeIsAsFollows:

Runcomesafterthistool,youwillhavealistofusersforthesite.Afterthis,re-runthescriptbutalittlemodified.Foreveryvaliduser,trythousandsofdifferentpasswordsuntilthe‘incorrectpassword’messagedisappears.Thismeansthatyouhavetherightusernameandpassword.Itendsthere.

Nowyouknowabitabouthowblackhathackersdotheirthingwithbruteforceattacks.Inthenextbitofthisbook,wewilllearnhowtokeeptheseoffasanethicalhacker.

HowtoDefendAgainstBruteForceAttacksThe brute force attacks usually succeed because of the mistakes developers make bytipping their hand to the attackers and therefore revealing important information in theerrormessages.Furthermore,theyfailtoenforcetheaccountlockoutandthecomplexityofthepassword,andfailtoimplementrequestthrottlingofanykind.

Lookatthefollowingareastoknowhowyoucanprotectyoursitebetter.

LeakingData

Intheexampleabove,thesigninpageexposedwhethertheusernamewasvalidorinvalid.That way, you could know valid usernames. The same thing would apply with thepassword. This problem exists all over the internet. Themost effectiveway to preventthese kinds of attacks is to return a constant error message for any unsuccessful loginattempt.Youshouldnotgivehackerssuggestionswithwordyerrormessages.

AccountLockout

Havingfixedtheerrormessage,youshouldnowtrytostrengthenthelogintoavoidanybrute forcepasswordguessingattacks.Toachieve this,youwillhave toaddanaccountlockouttousersthemomenttheyfailtologinaparticularnumberoftimes.Thiswillbeahindrancetoourscriptagainsttestingmillionsofpasswordsforeveryaccount.Toaddtheaccount lockout in rails as you use devise, refer to this resource: Ensure the deviceinitializerissetupwellfortheaccountlockout.

Runaquicktesttoensuretheaccountsarelockingoutandareresettable.Ifyouaddthistosomesitethatisexistent,youmayhavetorunamigrationtoaddthenecessarydevicedatabase fields required. If you aren’t using devise, then you have the alternative ofmanually adding a counterwithin the usermodel and then increment it for each of theunsuccessfulloginsduringtheprocessofauthentication.

TheComplexityofthePassword

Now,you shouldknowhow tomakeyourpassword complex.Complexpasswordswillpreventaninstanceoftheuserenteringaweakpassword.Thereareanumberofwaystodo this. However, the most preferred method is to use the DSE (Devise SecurityExtension) that offers the capacity to configure a couple of security controls around

passwords,which includes complexity.Without devise, there is another good option ofcreating a regular expression and ensuring that all the new passwords meet therequirements.Generally,itisbesttorequireatleastonenumberandonespecialcharacterandapasswordnotlessthantencharacters.Passphrasesorpasswordsthatarebeyondonewordarejustwhatyouneed.

Nowthatyouknowhowtokeepoffbruteforceattacks,wewilltakethisalittlefurtherinthenextchapterbydiscussinghowtotakefullchargeofyournetwork.

TakingChargeOfAnEntireNetworkAsAHackerOwninganetworkandretrievingthekeydatarequiresfindingaweaklinkinthenetwork.Someclerksomewhereonthenetworkwithlittleworktodoandlotsoftimetoplayontheinternetcanbetemptedtovisityourmaliciouswebsite,aworddocument,orevenaPDF.Whenyoucompromisethisonetarget,youcanturnfromowningthatonesystemtoowning the network and finally grabbing the good stuff on the server or the databaseserver.

The following steps show how you can pivot from one compromised system on thenetworktocompromisingandowningthemostheavilyprotectednetworkservers.

CompromisingaClientTo begin, you have to compromise one machine on the network. Take the followingexample:yousendaclientsomemaliciouslinkoraworddocument.Youcanalsogoafteranunpatchedoperatingsystem.Inthiscase,sendthemaliciouslinkthroughtheemailtooneof thepeople inyour target-engineeringdepartmentattachedwithanote thatstates,‘funnyvideoyouneedtosee.’Thisishowyoucreatethelink:

Openbacktracksoftware;ifyoudonothaveone,youcandownloadversionfive,thethirdreleasealsocalledBT5r3.Ithasnumeroushackingtoolssuchastheonerightbelow.Afteropeningbacktrack,openthemetasploitconsole.

Select anexploit. In this example,wewillbeusing the ieunsafe scriptingexploit.Youwillonlyneedoneweaksystemonthenetworksoyouownthewholenetwork.

GettheRightExploit

LetusassumeyouwanttouseAdobereader.Youcanfindtherightexploitbysearchingmetasploitforonethatwillaccommodatetheadobereader’sversion.

Ifyoulookattheimageabove,youcantellthatmetasploitincludedalltheexploitsthatmetthecriteria.Checktheinformationthatisavailableaboutthisparticularexploit.

In the description, Metasploit shows that it embeds a payload of metasploit into theexistingPDF file.Youcanuse the resultingPDFaspartof a social engineeringattack.Besidesthat,youcanalsouseittoinvitethevictimtodownloaditwhenyouembeditintoawebsite.

GetthePayloadSet

ThenextstepwillbetosetthepayloadthatisgoingtoembedintoyourPDFfile.Todothat,youwilltypethefollowing:

SettheOptions

Havingchosenyourexploitandsetyourpayload,youcanproceed tocheck theoptions

forthisexploitandthepayloadbykeyinginthefollowing:

As is describedabove,metasploit needsyou tohave an existingPDF file to embed theMeterpreter.Setafilenamewiththenamechapterone.pdf,probablyclassnotes,toyourinfilenameoption.

Altertheoutput’sfilename(thatisdefault)andusetheembeddedMeterpretertothesameharmlesssoundingchapterone.pdf.

Now,setyoursystemtoyourIPaddressor192.168.100.1

ConfirmYourSettings

Checkyouroptionsagaintoseewhetheralliswellfortakeoff.

Begin!

Fromtheimageabove,youcanseethatallyouroptionsaresetandallyourequireistobegintheexploit.

MetasploithascreatedaPDFfilewiththenamechapter1.pdf,whichhasthemeterpreterlistener.Ithasplaceditat .Youonlyhavetocopythefiletoyourwebsiteandstartinvitingyourvisitorstodownloadit.Anyonewhodownloadsitandopens it fromyourwebsitewillhaveaconnectionopened inyoursystem,aconnectionyoucanusetotakechargeofhis/hercomputersystem.

Whenyourvictimhasopenedthemaliciouslink,youwillreceivethemeterpreterpromptsuchastheonebelow.Youcantypethefollowinginthemeterpreterprompt:

Thiswill reveal the target system’s interfaces aswell as theMACand the IPaddresseswhichlinkedwith them;Interface1 is the loopbackinterface,andinterface2 linkswiththe IP192.168.1.101.Dependingon theconfigurationof thecompromisedmachine, the

resultsmaybedifferent.

ScantheNetwork

Youarenowinsidethenetwork.Youcannowuseanauxiliarymodulecalledarpscannercontained in metasploit that makes it possible to use the ARP protocol to find otherinternalsystemsonthenetwork.Justtypethefollowing:

Runthearpscannerbytypingthefollowing:

Inwhich‘run’isthecommandthateffectsinternalmeterpreterscripts,the‘–r’goesbeforethe range of the address in target or CIDR notation network and the ‘192.168.1.0/24’which is theCIDRnotation to include in thiswhole classC network containing a netmask of 255.255.255.0. When you run the arp scanner, you will be revealing all thesystemsontheinternalnetwork,inthiscase,whatwouldbemostimportantisthedefaultgatewayat192.168.1.1

TheFinalStep:AddARoute

Youhavetobackgroundyourmeterpretersession,whichwillputyourmeterpretersessionintothebackgroundmeaningitisstillrunning.Youcanhoweverreturntothemetasploitconsole and implement the other commands. After that, you will add a route to thecompromisedsystemfrom thedefaultgatewayso thatyougetaccess toall thesystemsandsubnets thathaveaccess to thedefaultgateway-agoodopportunity tocompromisethem.

Havingsuccessfullymadearoutebetweenthevictim’scomputerandthedefaultgateway,thenetworkwillthereforebeforallpurposes,yours.Youcannowgoaheadandusethesinglecompromisedmachinetolaunchattacksonanysystemonthenetworkwithinthesubnetoftheengineeringorallthesubnetsthatusethedefaultgateway.

Toownmachines,youwillhavetotakethelaststepofexploitingeachoneofthem.Sinceyouwill nowbe attacking from inside the network, youwill not have to be concernedaboutanyfirewallsorintrusionpreventionsystems.

Thenextchapterwillhighlightsomeofthebesthackingtoolsyouwillneedforhacking.

TheBestandLatestTopFiveHackingToolsAtnumberoneisMetasploit,thehacktoolwehaveexplainedintheprevioussectionofthisbook.TheothertoolsthatcomeafterMetasploitincludethefollowing:

2:NMap(NetworkMapper)

NMapisatoolavailableforWindows,OSX,andLinuxplatforms.NMapisautilityforsecurity auditing as well as network exploration. The program rapidly performs heavyscansonlargenetworks,andisequallyeffectiveagainstsinglehosts.

Manyhackerswhouseit, includingnetworkadministrators,valueitsusefulnessintaskssuch as managing service upgrade schedules, network inventory and host, or serviceuptimemonitoring.

NMapusesrawIPpacketsinnewwaystoknowtheavailablehostsonthenetwork,theservices, which includes the version and name of the application offered by the hosts.Moreover, itdetermineswhichoperatingsystems thehost is running, the typeofpacketfiltersorfirewallsinuse,andmanyothercharacteristics.Youmayalsouseittoknowthecomputersandservicespresentonacomputernetwork,which leads to thecreationofa‘MAP’ofthenetwork.Thistoolisimplementableonmostkindsofcomputersandboththegraphicalandconsoleversionsareobtainable.

3:Acunetix

InthethirdplaceisAxunetix,whichisavailableforwindowsXPandhigherversionsofwindows.This tool checks forvulnerabilities in theweb. It looks for critical flaws in awebsitebycrawlingintoawebsitetofindoutvulnerabilitiessuchasmaliciouscross-sitescripting, among other weaknesses. It is a quick and simple tool to use onWordPresswebsites.

The toolcomeswitha loginsequencerecorderwhosepurpose is toallowone toaccesspassword protected areas of websites. The technology used in this tool allows you todecreasethefalsepositiverate;thesefeatureshavemadethetoolapreferredhackingtoolin2016.

4:Wireshark

Originally,calledEthereal,WiresharkisatoolthatcomeswithT-shark,acommandlineversion. This network protocol can run on Windows, Linux, and OS X. It essentiallyenablesyoutocaptureandbrowseinteractively,thecompositionofnetworkframes.

Thepurposeof themanufacturerwas tocreateacommercial-qualityanalyzer forUNIXand give Wireshark the missing features that are missing from the sniffers that aregenerallyclosed-source.ThetooliseasytouseandhastheabilitytoreconstructTCP/IP

streams.

5:OCLHashcat

Just likeWireshark, this tool is available forWindows, OS X, and Linux. If you lovecrackingpasswords,youwillfallinlovewithHashcat.HashcatisaCPUbasedtoolthatcrackspasswords;itsadvancedversionisoclHashcat,andisverypopularasthequickestpasswordcrackingtool.

Thetoolemployscrackingattackmodessuchas:

1.Straight

2.Hybriddictionaryplusmask

3.Hybridmaskplusdictionary

4.Bruteforce

5. Combination licensed byMIT, it also allows simple integration or packaging of theusualLinuxdistros.

ConclusionIhopethebookhastaughtyousomethingabouthacking.Learninghowtohackisahandyskillwhether you are a security professional or not because it helps you implement thetoughestsecuritypracticespossible.

Learninghowtohackisasmuchaboutfindingsecurityweaknessesandfixingthemasitisaboutanticipatingthem.Toresolvehackingissuespreemptively,itisimportanttolearnthe hacking methods black hat hackers use to penetrate systems. If you lack suchknowledge,youwilldefinitelyhaveahardtimesecuringcomputersystems.

Thinkofthecomputernetworkasayardthathasafencearoundittopreventpeoplefromgetting in. You have something valuable in the yard that someone may want to steal.Ethicalhackingcomesinasameasuretocheckforweaknessesinsidetheyardandaroundthefencesoyoucanreinforcetheweakareasbeforeanyoneattemptstogainaccess.

Today, verymany business operations depend on the understanding of software-relatedrisksmadevulnerabletohacking.Evenbeyondbusiness,theaveragepersonshouldhaveaclearunderstandingoftheroleofahacker.

Cloudcomputing,mobiletechnology,andtheinternethavechangedourdailyreality.Asindividuals,youarepartofabiggerglobalonlinenetwork;thisexposesyoutocybercrimeand threats. In the face of cyber-attacks, there is great need to have more resilientcomputersystems.Itis,therefore,prudenttogainadeepknowledgeofthehacker’stacticsandmethods-asaprecondition.

Thankyouagainfordownloadingthisbook!

I hope this bookwas able to help you to understandhow to be a hacker (especially anethicalhacker).

Thenextstepistoimplementwhatyouhavelearnt.

Finally, if you enjoyed this book,wouldyoubekind enough to leave a review for thisbookonAmazon?

ClickheretoleaveareviewforthisbookonAmazon!

Thankyouandgoodluck!