ethical hacking - learn easy - learn ethical hacking basic in one month
Post on 07-Jan-2017
121 Views
Preview:
TRANSCRIPT
EthicalHackingForAbsoluteBeginners
LearnEasy
SanjibSinha
Contents
Prologue
Introduction
WhatisEthicalHacking?
HowYouCanUseManyTools?
TheLegalSide
Prerequisites
BasicHackingTerms
BuildYourHackingEnvironment
WhatIsVirtualBox?
InstallKaliLinux&OtherOperatingSystemsinVB
LinuxTerminalsandBasicFunctionalities
ShouldIKnowAnyProgrammingLanguage?
ProtectYourAnonymityonInternet
1)Tor
2)ProxyChains
3)VPN
4)AllAboutMacAddress
#Prologue
Thisbookisintendedforcompleteprogrammingbeginnersorgeneralpeoplewho
knownothingaboutanyprogramminglanguagebutwanttolearnethicalhacking.Ethical
Hacking,bynomeans,isassociatedwithanykindofillegalelectronicactivities.They
alwaysstaywithinlaws.Thisbookisintendedforthosepeople–youngandold–whoare
creativeandcuriousandwhowanttodevelopacreativehobbyortakeupinternetsecurity
professionactingasethicalhacker.
Thisbookisnotintendedforanykindofmalicioususer.Ifyouthinkthatyoucan
usethisbookforanymaliciouspurposethenyouareadvisedtoreadthechapter“Legal
SideofEthicalHacking”.Ihopeyouwon’tliketheideaofendingupinjailbyharming
someothersystems.
Therearemanypeoplewhoalreadyknowmorethanme,orthaneveryone.This
bookisnotforthosewizards.Ifyouarenewtothisbeautifulworldofcomputerorhave
littleknowledgeaboutanyprogramminglanguage,thenthisbookisforyou.
Iwouldliketoendthisprologuewithanimage.Thisimagedepictsmanythings
thatIwilllaterdiscussindetail.Itsays,“Theauthorisusing“Ubuntu”Linuxdistribution
ashisdefaultoperatingsystem.HehasinstalledVirtualBox–akindofvirtualmachine–
thatrunsinWindowsalso.AndinthatVirtualBoxhehasinstalledtwomoreoperating
systems.Oneis“WindowsXP”andtheotheris“KaliLinux””.
Theimagealsosays,andthatisveryimportant,“Presentlyheisvirtuallyrunning
threeOperatingSystemsinhisdesktop”.
Whyitisnecessary,youwilllearninthecomingchapters.Staytuned.
(ThevirtualBoxisrunningtwooperatingsystems.YoucantryanykindofexperimentonthisVirtual
OS.Thatwillnotdamageyourmainsystem.)
#Beginner’sFAQ
Q.ShouldIknowanyprogramminglanguageasofnowtolearnthebasicofethicalhacking?
A.No.Youneednotknowanyprogramminglanguageatpresent.Butifyouare
serioustotakeupEthicalHackingasyourprofessionorasahobbyistyouliketodelve
intothedeep,thenyoumustknowoneprogramminglanguage.Moreyouknowitis
alwaysbetter.
Q.WhichProgrammingLanguageshouldIknowfirst?
A.YoucanstartlearningPython.Thisisnotonlyeasytolearnbutitwillalsohelp
youimmenselyinyourlearningprocessofEthicalHacking.
Q.BesideslearninganyprogramminglanguagewhatshouldIknow?
A.YouneedtohaveknowledgeaboutNetworkingandafewimportantLinux
Commands.Moreyouknowaboutthetotalcomputersystemisbetterandthatwill
enhanceyourhackingskill.
Q.Isthereanyhackingsoftwaretoolthatrequiresnoknowledgeofprogramminglanguage?
A.Yes,therearefewsuchtoolsbutasIhavejustsaidknowledgeabout
programminglanguage,networkingandoperatingsystemsareprerequisitesforbeinga
goodethicalhacker.TolearnEthicalhackingyoucanstartfromzerobutitisagood
practicetolearnothernecessarythingsasyouprogress.
#HackerversusCrackerIngeneralHackerstandsforcreativeandcuriouspeople.Inthatsense,every
scientist,writer,painterishacker.OnthecontraryaCrackerisabadguywhowantsto
stealdatabypenetratingintoacomputersystem.
Ahackerwantstoprotectdata.Acrackerwantstostealdata.Atbestyoucansay
themmalicioushackerwithbadintention.
Theyarenotsame.
Therearealsosomekindsofwrongimagesthatareusuallyportrayedinfilms.In
thosefilmsweseethatamansitsbeforeacomputerandtypesinalighteningspeedand
thecomputerspitsouttonsofsecretdata.
Inreality,arealethicalhackerorasecuritypersonalworkingasanethicalhacker
wantstounderstandhowthecomputersystemworksandtriestofindoutsecurity
vulnerabilitieswiththehelpofhistools.
Inthisbookweshowyoufewsuchtechniquesandtellaboutthetoolsthatare
frequentlyusedtogathervaluabledataandattackcomputersystem.
Howfastyoucantypedoessometimematters.Thespeedofkeyingvariesfrom
persontoperson.Agoodhackerwhousuallyspendsaroundtentosixteenhoursaday
overhislaptopcanachieveaspeedofkeying100to120wordsperminute.Togain
strengthontheirfingertipssometimetheydopush-upsusingtheirfingertips.Theseare
notlegends.Ithappens.
Youneedtowritethenecessarycodesorinstructatooltoperformsomeactionsand
youhavetowriteitfast.
Tosummarizethissectionwecansay,hackersareskillfulandtheyusesome
specializedsoftwaretools.Youwilllearnthoseskillsandknowaboutthosesoftwaretools
sothatyoucannotonlyprotectyourmachinebutasasecuritypersonalactingasan
ethicalhackeryoucanalsoprotectyourclient’smachine.Asyouprogressyouwillcome
acrossmanyterms.Oneofthemispenetrationtestingorinshortpentesting.Manyethical
hackershelpotherpeoplebydetectingsecurityvulnerabilitiesintheirsystemandassure
someprotectionsothatitislesspronetosuchattacks.Theydosoforprofit.Theyare
calledpen-testers.
Stayingwithinthelawisalwaysveryimportant.Youneedtounderstandthestate,
countryorinternationallawbeforeyouventureoutasanethicalhacker.Wewillcoverthis
partinamoredetailsothatyouwillknowwhatyoucandoandwhatyoucan’tdo.
#RoleofEthicalHackersItisamilliondollarquestion.Butbeforethisquestioncomestherearemanyother
questionsthataretobeansweredfirst.
Canyouevenaskyourself,whycountriesspendmillionofdollarsfortheirdefense
budget?Whyaretheresomanyweaponsaroundus?Someofthemarestateoftheartand
builtbyusingmostmoderntechnology.Lotsofmoneyisspentonresearchofsuch
technologythat,attheendoftheday,onlyproducesweapons!
Thereisonlyoneanswer.Everycountryhaslibertytoprotectthem.Theseweapons
aremadefordefense.Theyarenotintendedforattack.
Everycountryarrangesmockfightsinsidetheirterritory–sometimeotherfriendly
countryalsoparticipatesintothat–justbecausetheycantryoutsomeofthestateofthe
artmodernweapon.
EthicalHackersplaythesamerole.Asanethicalhackeryouwilllearnhowto
defendyourself.Todefendyourselfsometimeyouneedtoattackyourenemy.Butitisa
partofyourdefensesystem.Itisapartofyourdefensestrategy.Moreyouknowabout
yourenemy’sstrategy,moreyoucandefendyourself.Youneedtolearnthosetoolsare
frequentlyusedbythemalicioushackersorcrackers.Theyusethesametoolthatyouuse
todefendyourself.
#LegalSide
Astimegoesbyandweprogressouroldworldisalsochangingveryfast.Ithasnot
beenlikebeforewhenwekeeprecordsbyenteringdataintoabigLog-Bookandstack
themonebyonedatewise.Nowwekeepdataincomputer.Wedon’tanymoregoto
marketforbuyinganything.Weorderthemovertheinternetandpaymentismadeby
usingcreditordebitcard.Thenatureofcrimehasalsochangedaccordingly.
Criminalsusedtosnatchyourdataphysicallybefore.Theynowsnatchitoverthe
internetusingcomputers.Nowcomputershavebecomeanewtoolforbusinessaswellas
fortraditionalcrimesalso.Onthebasisofwhichaterm“CYBERLAW”comesintothe
fore.Thefirstandmostbasicthingyoushouldrememberis“don’ttrytopenetrateor
tamperanyothersystemwithouttakingpermission.”YoumayaskhowIwould
experimentmyknowledge.TheanswerisVirtualBox.Inyourvirtualmachineyoumay
installasmanyoperatingsystemsasyouwant.Tryeverythingonthem.Tryinganyvirus
onyourvirtualmachinewillnotaffectyourmainsystem.Atthesametimeyouwillkeep
learningaboutthevirus.
Fewexamplesmaygiveyouanideawhattypeofcomputercrimesarepunishable
inourlegalsystem.
Ifyouuseanysoftwaretooltogeneratecreditcardordebitcardnumberthenitisa
highlypunishableoffense.Itwillinvitefineoffiftythousanddollarandfifteenyearsof
imprisonment.Settingupaboguswebsitetotakecreditcardnumberswithafalse
promiseofsellingnon-existentproductsishighlypunishableoffense.Rigorous
imprisonmentandaheftyfinefollow.Icangiveyouseveralotherexamplesthatmay
invitetroublesforyouifyoudon’tstaywithinlaw.
Rememberyouareanethicalhackerandyouarelearninghackingtoolsfor
protectingyoursystem.Forthesakeofprotectionanddefenseyouneedtoknowthe
attack,exploitorpenetrationmethods.
Tryyoureverysingleexperimentonyourvirtualmachine.
#ColorofHats
Hackerscanbedividedintothreecategories.WhiteHatstandsforgoodguysor
ethicalhackerswhousetheirhackingskillfordefensivepurpose.BlackHatmeansbad
guysormalicioushackersorcrackerswhousetheirknowledgetostealdataattacking
systemformaliciousandillegalpurposes.GrayHatstandsforgoodandbadguysboth.It
dependsonsituation.
##WhiteHat
AWhiteHatisanethicalhackerwhohelpsotherstofindweaknessesintheir
systemandhelpthemtosetupnecessarysafetymethodstoprotectdata.Theyalwaysask
permissionofthedataownerbeforetheypen-testtheirsystems.Itismandatorythatprior
toanykindofsystemcheckupyouneedtoseekpermission.WhiteHatsalwaysstay
withinlawsandneverindulgeinanykindofillegalactivities.Northeyperpetratethem.
##BlackHat
Peopleoftencan’tdifferentiatebetweenhackerandcracker.ABlackHatora
crackerisessentiallyahackerbuthedoeseverythingwithmaliciousintentions.Hesteals
data,breaksintothesystemandblocksthepathoftheremotesystemsothatgeneralusers
aredeniedtheservicesthatareusuallyintendedforthem.Theyusethesamehackingtools
thatarefrequentlyusedbytheethicalhackersandsometimestheycreatetheirown
maliciouscodeswiththehelpofthatsoftwaretools.
##GrayHat
YoucanimagineathindividinglinebetweenWhiteHatandBlackHat.Theyare
GrayHats.Theycanusetheirknowledgefordefensiveoroffensivepurposes.Itdepends
onthesituation.Theterm“Gray”meansmanythings.Youneedtoknowitindetail.
Sometimestheselfproclaimedethicalhackerspenetrateintoasystemandtheydo
thatnotwithbadintentionbutjusttosatisfytheirowncuriosityandwhiledoingsothey
thinkthattheyaredoingafavortotheownerofthedata.Theynormallybreakintothe
systemandletthedataownermakeawareaboutthesecurityholes.
Youmayconsiderarealworldexample.Itissomethinglikebreakingthelocking
systemofthedoorofyourneighborinhisabsenceandtellingherlateraboutthesecurity
vulnerabilitiesofherlockingsystem.Thequestionobviouslyrevolvesaroundthelegality.
Youmayhavedoneitwithagoodintentiontohelphervoluntarilysothatshewouldstay
moresecured.Butattheendofthedayitisillegalandshemaynottakeitkindlyandyou
mayendupatjail.
Ithappenswithmanyyoung,immatureethicalhackerswhovoluntarilyfindout
securityholesintothesystemofareputedcompanyandactuallytrytohelpthemwitha
detailreportbutlatertheyareheldguiltyintheeyesoflegalsystem.
##DoestheColorMatter?
Itisalwaysbettertoaskthedataownerbeforeyouwanttoanykindofpenetration
testing.Remember,yourvoluntaryservicesarenotwelcomeandmaylandyouupin
trouble.Ifyouknowthejobyourservicewilldefinitelybesolicited.
Thedocumentationisimportanthere.Thatisexactlywhattheethicalhackersmake
whentheyareaskedtoidentifythesecurityvulnerabilitythatposesthreatstothesystem.
Withscreenshotsandlogfilestheypreparedetaildocumentationofhowthesecurityof
thesystemhasbeenbreached.Dependingonthatreportsecurityprotectionsaretaken
aroundthesensitivedata.
#WhatHackersWanttoDo?
Whetheryouareanethicalhackeroramaliciouscracker,youdothesamething.
Youusetheidenticalsoftwaretoolstoattackthesecuritysystem.Onlyyourpurposeor
intentiondiffers.
Probablyyouknowthatabigcarcompanybeforelaunchinganewmodelofcar
generallyteststhelockingsystem.Theyhavetheirownsecurityengineersandbesides
theycallforthelockingexpertstotestthevulnerability.Theypayagoodamountof
moneyifyoucanbreakthelockingsystemofthecar.Basicallyitisaworkof
“PENTESTING”.ThelockingexpertsPENTESTSthesystemandseeifthereisany
weaknessinthesystem.
Itisgoodexampleofethicalhacking.Thelockingexpertsareinvitedtodothejob
andtheyarepaidwell.Onthecontrarycarthievesdothesamejobwithoutanyinvitation.
Theysimplybreakthelockingsystemofanunattendedcarparkedontheroadsideand
takeitaway.Ihopebynowyouhaveunderstoodthedifferencebetweenethicalhacking
andcracking.
Yourmainintentioncentersonthesecurityofthesystem.Securityconsistsoffour
keycomponents.Asthebookprogressesyouwillincreasinglybefindingwordslike
“PENTESTING”,“EXPLOIT”,“PENETRATION”,“BREAKINTHESYSTEM”,
“COMPROMISETHEROUTER”etcetera.Thefourkeycomponentsmentionedbelow
mainlydealwiththeseterms.Thekeycomponentsare:
1)Availability
2)Integrity
3)Authenticity
4)Confidentiality
Wewillseehowcrackerswanttoattackthesecomponentstogainaccesstothe
system.Sinceahacker’smaingoalistoexploitthevulnerabilitiesofthesystemsohe
wantstoseeifthereisanyweaknessinthesecorecomponents.
Letusassumethehackerwantstoblocktheavailabilityofthedata.Inthatcasehe
willusethe“DenialofAttack”or‘DoS’method.Todothisattackusuallyhackersuse
system’sresourceorbandwidth.ButDoShasmanyotherforms.Whentheresourceor
bandwidthofyoursystemiseatenupcompletely,theserverusuallycrashes.Thefinal
targetisonesystembutthenumberofvictimsisplenty.Itissomethinglikemillionsof
peoplegatherinfrontyourhousemaindoorandjamitwithakindofhumanchainsothat
youandyourfamilymemberscannotenterintoit.
ThesecondkeycomponentIntegrityshouldnotbecompromisedatanycost.What
doesthisterm“integrity”mean?It’sbasicallycenteredonthenatureofdata.Whenthis
natureofdataistamperedwithsomekindof‘BIT-FLIPPING’attacks,theintegrityofthe
systemisalsocompromised.Itcanbedonejustbychangingthemessageitself.Thedata
mayeitherbeinthemoveoratrest,butitcanbechanged.Imaginewhathappenswhena
transactionofmoneyistamperedwiththeadditionoffewmorezeroesattheend!Letus
assumeabankistransferringmoney.Initsinstructionitiswritten:“transfer$10,000”.
Nowtheattackerchangesthecryptictextinsuchamannersothattheamountchangesto
$10,000000.Sotheattackisintendedforthemessageitselforaseriesofmessages.
TheissueofauthenticationisnormallyhandledbytheMediaAccessControl
(MAC)filtering.Ifitisproperlyplacedthenetworkdoesnotallowunauthorizeddevice.
WhathappensifsomeonespoofstheMACAddressofalegitimatenetworkstationand
takesitoff?Hecantakeonthestation’sidentityandcontrolit.Thisiscalled
authenticationattackorMACAddressspoofing.
Finallytheissueofconfidentialityrisesaboveall.Datatravelincleartextacross
thetrustednetwork.Heredatameaninformation.Theinformationtheftlikecracking
someone’spasswordisconfidentialityattack.Thedataorinformationisintendedfor
someonebutinsteadoftherecipientthehackergainstheaccess.Actuallythecracker
stealsitwhenthedataismovingacrossthetrustednetworkascleartext.
#WorkingEnvironment
TheveryfirstthingthatyouneedisaVirtualMachine.AsIsaidbeforeIhave
“UBUNTU”asmydefaultoperatingsystemandinsidevirtualmachineIhaveinstalled
twooperatingsystems–oneisWindowsXPandtheotherisKaliLinux.
TechnicallyfromnowonIwouldmentionWindowsXPandKaliLinuxasmy
virtualmachines.KaliLinuxisaLinuxdistributionthatcomesupwithmanyuseful
hackingtools.SoIstronglysuggestusingitasyourvirtualmachine.Youmayalsoread
thedocumentationpageofkaliLinuxthatwillalsocometoyourimmensehelp.
AtthesametimeI’dnotsuggestusingWindowsofanykindfortheethicalhacking
purpose.SomemayarguethatfewhackingtoolscanbeusedinWindowssowhyyouare
suggestingotherwise?Thepointis:intheethicalhackingworldyouneedtobe
anonymousallthetime.Youwon’twanttokeepyourtrailanywaysothatyoucanbe
tracedback.Remaininganonymousisabigchallenge.InLinuxitisfairlyeasyandyou
canstayanonymousforatimebeing.
KeepingthatinmindIexplainthattechniqueofbeinganonymousinagreatdetail
sothatbeforejumpingupintothebigtaskyoumakeyourdefensemuchstronger.Being
anonymousisthemostprimarythingintheworldofethicalhacking.Keepingyourself
anonymousinWindowsisnotpossible.SoitisbettertoadapttotheLinuxenvironment
veryfirst.Anotherimportantthingismostofthegreathackingtoolsarenotavailablein
theWindowsenvironment.
IfyouhaveneverheardofanyLinuxdistribution,don’tworry.Youcaneither
installuserfriendly“UBUNTU”insideyourWindowssystemoryoucaneasilypartition
yourdiskintotwopartsandinstall“UBUNTU”andWindowsseparatelyasyourtwo
defaultOperatingSystems.Itispreferabledoingthesecondone.Installingand
uninstallingparalleloperatingsystemsalwaysteachyousomethingnew.Ifyouare
habituatedwithWindowsIwon’ttellyoutosimplydumpitforthesakeoflearning
ethicalhacking.Youcankeepitbesideanduseitforyourdailyworks.Thereisno
problemindoingthis.
IntheworldofInternetLinuxismoreused.Soyouneedtolearnalittlebitof
Linuxcommands.SoftwareinstallationinLinuxisslightlydifferentfromWindows
environments.ThereareLinuxdistributionslike“FEDORA”or“DEBIAN”andmany
more.Inamed“UBUNTU”justbecauseitisextremelypopularandWindowsusersfind
themselvescomfortableinsideit.Theoperationsaremoreorlesssameincludingthe
softwareinstallations.Forthebeginnersitisnotdesirabletoinstall“KALILINUX”as
yourdefaultOS.YoumustreadKalidocumentationwhereitisclearlystatedthatKaliis
morefordevelopers.YouaregoingtoinstallitinsideyourVirtualBox.KaliLinuxisa
kindofLinuxdistributionthatcomeswithlotofhackingtools.Youneedtoknowthem
andusetheminthecourseofethicalhacking.
InstallingVirtualMachineisaveryimportantstepasthefirststepofbuildingyour
environment.InthenextchapterIwillshowyouhowyoucandothatfordifferent
OperatingSystems.Anotherimportantthingislearningaprogramminglanguagethatwill
reallyhelpyoulearnEthicalHackingbetter.
TheobviouschoiceisPython.Atthetimeofwritingofthisbook,Python3.xhas
alreadycomeandconsideredasthefutureofthislanguageitisveryfastcatchingupwith
theoldPython2.xversionwhichhasbeenaroundthemarketforawhile.Theofficial
PythondownloadpageprovidestherepositoryofPythoninstallersforWindows,MacOS
XandLinuxoperatingsystems.Ifyoudownloadaninstalleritisofimmensehelpbecause
itcomeswiththePythoninterpreter,standardlibraryandstandardmodules.Thestandard
libraryandbuiltinmodulesarespecificallyveryimportantbecausetheyofferyouseveral
usefulcapabilitiesthatwillhelpyouachieveyourgoalasanEthicalHacker.Amongthe
usefulmodulesyouwillgetcryptographicservices,Internetdatahandling,interaction
withIPProtocols,andinteroperabilitywiththeoperatingsystemandmanymore.Sogo
ahead,pickupanygoodbeginner’sbookonPython,readtheofficialdocumentationand
thinkthatitisapartofyourlearningschedule.Pythonisanextremelyeasylanguageto
learn.
Tocreateanidealethicalhacker’senvironmentfewstepsareextremelyimportant.
Thestepsinclude:installingVirtualMachineorVirtualBox(VB),havingabasic
knowledgeaboutnetworkingandlearningausefulprogramminglanguagelikePython.
Letusfirsthavealookatthebasicnetworkingknowledge.
#EthicalHackingandInternetworking
AbasicknowledgeaboutInternetworkingisextremelyimportantifyouwantto
learnethicalhacking.Asyouprogressandwanttogodeeperitisadvisabletolearnmore
aboutnetworking.Ethicalhackingandinternetworkingisverycloselyassociated.Asyou
progressthroughthisbookyouwillfindwordslike“packet”,“switch”,“router”,
“modem”,“TCP/IP”,“OSI”andmanymore.
Theveryfirstthingyouneedtoknowis:datatravelthroughmanylayers.Ethical
hackerstrytounderstandtheselayers.Oncetheyhaveunderstoodthemovementthey
eitherwanttotrackandblockthedataortheywanttoretrievedata.
Inthischapterwewouldverybrieflyseehowinternetworkingmodelswork.We
willlookintothedifferenttypesofnetworkingmodels.Wewillalsoknowaboutthe
devicesthatcompriseanetwork.
#WhatDoesNetworkMean?
ANetworkisacollectionofdevicesthatareconnectedthroughmedia.Oneofthe
maincharacteristicsofanetworkis:devicescontainservicesandresources.Devices
containPersonalComputers,switches,routersandserversamongothers.Whattheydo
basically?Theysenddataandgetdataeitherbyswitchingorbyrouting.Actuallythey
connectuserssothatusersultimatelygetfulldatainsteadofgettingitbypieces.Sothe
basicservicesthesedevicesprovideincludeswitching,routing,addressinganddata
access.
Wecanconcludethatanetworkprimarilyconnectsuserstoavailtheseservices.
Thatisitsfirstjob.Thesecondjobisalsoveryimportant.Anetworkalwaysmaintainsa
systemsothatthedevicesallowtheuserstosharetheresourcesmoreefficiently.
Nowaproblemarises.Notatrivialproblemisthis.Hardwareandsoftware
manufacturersdon’tknoweachother.Theybelongtodifferentcountriesandsharediverse
cultures.Whentheconceptionofnetworkingfirstcameintotheforeitwasfoundthat
hardwareandsoftwareweren’tmatching.AsIsaidbeforeanetworkisacollectionof
devices.Thesedevicesaremainlybuiltofhardwareandsoftwarethataretalkingin
differentlanguages.
Tosolvethisproblemacommonnetworkmodelwithcommunicationfunctionsis
neededsothatdissimilardevicescaninteroperate.
Theimportanceofinternetworkingmodelsconsistsoffewmainconcepts.Firstthey
encourageinteroperability.Secondtheyprovideareferencethroughwhichdatawillbe
communicated.Thirdtheyfacilitatemodularengineering.
Therearetwotypesofinternetworkingmodels.
TheyareOpenSystemsInterconnection(OSI)referencemodelandTransmission
ControlProtocol/InternetProtocol(TCP/IP)model.Bothmodelsarewidelyusedtoday.
TheOpenSystemsInterconnection(OSI)referencemodelwasdevelopedbythe
InternetStandardsOrganization(ISO)andithassevenlayersinall.Thelayersareas
follows:application(layer7),presentation(layer6),session(layer5),transport(layer4),
network(layer3),datalink(layer2)andphysical(layer1).
Letusverybrieflytrytounderstandhowthismodelworks.Supposeausertriesto
openawebpage.Theveryfirstthinghedoesissendingarequesttotheserverthatis
locatedseveralthousandmilesaway.Heretheserver’sharddiskorhardwareisthelast
layer(layer1)whichistermedas“physical”.Souser’srequestfirstknocksthe
“application”layer(7)whichisthenearestandthenitproceeds.Everyprocessineach
layerinvolvesacomplicated“bitsandbytes”functioning.AComputeronlyunderstands0
and1.Buttheuserdoesnotlovetoseeavideoin0and1.
Letusbreaktheprocessinmoredetail.
Intheapplicationlayer(7)userinteractswiththedevicethatcouldbeapersonal
computerorsmartphoneoranythingyoumightguess.Sotheapplicationlayerbasically
handlestheuser’sinteraction.Thenameofdatagramis“data”.Theuserrequestsforthe
dataandultimatelyretrievesthedata.Whathappenswhentheusersendsrequestsfrom
thelayer7?Itentersintothenextlayer(6)presentation.Theprocessofencapsulation
starts.Dataisformattedandencrypted.Nextthelayer5orsessionentersintothescene.
Thislayermanagesendtoendcommunication.Supposeyoutypeapasswordandloginto
yoursocialmediaaccount.Thislayermaintainstheendtoend(usertoserver)
communicationsothatyoucanremainloggedintoyourpage.Tillthislayerthenameof
datagramis“data”.
Toassistyoutomaintainyoursessionthenextthreelayersworkveryhard.They
aretransport(layer4),network(layer3),datalink(layer2)respectively.Thenameofthe
datagramoftransportlayeris“segment”.Whythisiscalled“segment”?Itissuchcalled
becauseitbreaksyourrequestintoseveralfractions.Firstitaddssourceanddestination
portnumbers.Nextittriestomakeitreliableaddingsequencenumbers.Soinanutshellit
providesflowcontrol,sequencingandreliability.
Whathappensnext?
Yourrequestentersintothelayer3thatiscallednetwork.Thenameofdatagramis
“packet”.ItaddssourceanddestinationIPaddresses.Italsolooksaftersothatyour
requestfindsthebestpathtoreachthedestination.
Nowyourdatarequestalmostreachesthefinalstage.Itentersintothelayer2that
isdatalink.Itisnearingtheendpointthatisserver’shardware.Sothislayeraddssource
anddestinationMediaAccessControl(MAC)addresses.NextitgoesthroughFrame
CheckSystem(FCS)processes.Itchecksframebyframewhetherthesourcerequests
reachtherightdestination.Thatiswhythedatagramisknownas“frame”.
Nowithasenteredintothefinaldestinationthatislayer1orphysical.Thereare
onlybitsoverthephysicalmedium.Thenameofthedatagramis“bitsandbytes”.
Nowwecanimagineasmallofficewithonerouter,twoswitchesandfewdesktops,
laptops,printersandservers.Therouterisconnectedtotheswitchesandtheswitchesare
connectedtothedeviceslikedesktops,laptops,printersandservers.Heredesktops,
laptops,printersandserversbelongtothelayer1thatisphysical.Theswitchesbelongto
thelayer2thatisdatalinkandtherouterfitsinthelayer3thatisnetwork.
Routersarelayer3devicesandperformfewdefinitetasks.Theyarepacket
switching,packetfiltering,andpathselectingandfinallycommunicating.Thetaskof
packetswitchinginvolvestheprocessofgettingapackettothenextdevice.Herethenext
deviceistheswitches.Packetfilteringsuggestsinitsnamewhatitactuallydoes.Iteither
permitsorblockspacketsdependingoncertaincriteria.Pathselectingisdeterminingthe
bestpaththroughthenetworktothedestination.Communicationisanotherimportantpart
ofthislayer.RouterscommunicatewithothernetworkslikeInternet.
Betweenrouters,layer3devices,andtheendapplicationphysical,layer1devices
thereareswitcheswhicharelayer2devices.Insomecasesswitchesperformthetaskof
layer3devices.Switchesbasicallydealwithframefilteringandforwarding.Italso
maintainstheconnectionbetweenlayer3andlayer1.
##Summary
Letusquicklyrecapwhatwehavejustlearnedabouttherelationsbetweenethical
hackingandinternetworking.
1)Internetworkingmodelsencourageinteroperabilitybetweendifferentdevices
providingareferencetodescribethedatacommunication.Atthesametimeitfacilitates
modularengineering.
2)Therearetwotypesofinternetworkingmodels.TheyareOSIReferenceModel
andTCP/IPModel.
3)TheOSIModelhassevenlayers.Theyare:application(layer7),presentation
(layer6),session(layer5),transport(layer4),network(layer3),datalink(layer2)and
physical(layer1).
4)TheTCP/IPModelhasfourlayers.Theyare:application(layer4),transport
(layer3),network(layer2)andnetwork(layer1).
Anethicalhackertriestounderstandthisprocessofdatacommunicationand
penetratesaccordingtothevulnerability.
#InstallingVirtualBox
Thefirstquestionthatcomestoourmindis:whydoweneedavirtualboxwhenwe
haveadefaultoperatingsysteminplace?Thereareseveralreasons.Themostimportant
reasonis:inavirtualboxwecanplaywithanyoperatingsystemwithoutanyfearof
messingitup,evenbreakingitup.Thereiseverypossibilitythatwhiletestingahacking
toolwecouldbreakasystem.Iencourageyoutodothat.Itisavirtualmachine.So,go
ahead.Testeverythingthatcomestoyourmind.Anothergreatreasonofusingvirtualbox
isthesafety.Whenyouvisitawebsiteyoumightconsiderittobesafebutinrealityit
couldnotbeso.Butnothingmattersinthecaseofvirtualbox.Itisnotyouroriginal
machinewithconfidentialdata.Visitingunsafewebsiteisnotannoyinganymore.
Onlyonethingyouneedtoremember.Staywithinlaw.Whiletestingyourhacking
toolsorrunningcodes,youcannotjeopardizeanyothersystem.
TheOracleVirtualBoxofficialwebsiteoffersplentyofdownloadoptions.Youcan
chooseanyoneofthem.AccordingtoyourOSyougotothe“download”sectionandsee
whatisavailableforyou.Fromthenextimageyouwillhaveanideahowyoucanproceed
further.
(VirtualBoxdownloadsectionforLinuxHosts)
TheselectedlineoftheaboveimageshowsthedefaultoperatingsystemIam
runningcurrently.Thatis“Ubuntu14.04(Trusty)”andthearchitectureis“AMD64”.
VirtualBoxisveryeasytoinstall.WhateveryourOSis–MacOSX,orWindows
orLinux,youcaninstallit.FirstyouneedtoknowaboutyourOperatingSystemitself.It
couldbeeither32bitor64bitarchitecture.InanyLinuxdistributionitisextremelyeasy
tolearn.Justopenuptheterminalandtype:“uname-a”.
Theterminalwillspitoutsomevitalinformationthatincludesalldataregardingmy
currentdefaultsystem.TheLinuxisof3.19.0versionandthesuperuser’snameis
“hagudu”andfinallyitalsoindicateswhattypeofsystemarchitectureisthis.Itlookslike
this:
(Aterminalimagethattellsaboutsystemarchitecture.)
Asinmycaseyouclearlyseethat“x86_64”standsfor64bit.IntheVirtualBox
officialdownloadpageforallLinuxdistributionyoufirstdownloadtherequiredpackages
andtheninstallitaccordingtothenatureofyourOS.ForRedHat,FedoraoranyLinux
distributionbelongingtothatcategoryyouwillnoticethatthelastextensionis“.rpm”.In
thatcaseyoucanmovetotheVirtualBoxfolderandissuecommandslike“rpm-i”or
“yuminstall”incaseyourunRedHatorFedora.
ButtherearemoresimplemethodstoinstallVirtualBox.
Fortheabsolutebeginnersitismuchhelpfultorun“UBUNTU”Linuxdistribution
asyourdefaultOS.YoucaninstallVirtualBoxfromthesoftwarecenterdirectlywithout
openinguptheterminalorissuinganycommand.
“UBUNTU”softwarecenterhasmanycategories.Oneofthemshowsthe
“Installed”software.
(UBUNTUsoftwarecentershowsVirtualBoxrunning.)
Itisnottherebydefault.Inthatcaseitisextremelyeasytoinstall.Youcanjust
type“VirtualBox”onthesearchtextboxanditwillpopup.Moveaheadandpressthe
installationbutton.
OncetheVirtualBoxhasbeeninstalledonyourmachineyouneednotworryabout
installingseveraloperatingsystemsonit.Attheverybeginningweareinterestedabout
installingKaliLinuxonourVirtualBox.GototheofficialKaliLinuxwebsiteand
downloadtheISOimageofthelateststableversion.KaliLinuxismuchbiggerLinux
distributionthanotherLinuxdistributions.Itmustbearound3GB.UBUNTUandothers
arearound1GBoralittlebitmore.
Nowoncetheinstallationprocessisover,youcaneitherstoreitonyourlocalhard
driveorburnitonaDVD.NowopenupyourVirtualBoxandclick“New”.Itwill
automaticallyopenupanewwindowthatwillaskyouwhattypeofoperatingsystemyou
aregoingtoinstall.Thefollowingimageisquiteselfexplanatory.
(HowtoinstallanOperatingSystemonVirtualMachine)
YouseeontheVirtualBoxIhavealreadyinstalledtwooperatingsystems.Oneis
KaliLinuxandtheotherisWindowsXP.Inyourcase,whenyouaregoingtoinstallfresh,
theleftpanelofyourvirtualboxwillbeempty.
Thewholeprocedureisveryexplicitinitself.Itwillguideyoutodowhattodo
next.BasicallyontheInternettherearelotsofillustrativeguidesthatwillhelpyoudothe
samething.Nowitistimetowritedownthenameoftheoperatingsystemyouareabout
toinstall.Nextselectthetype–whetheritisLinuxorWindowsetc–andtheversion.In
thelonglistofversionssectionyouwon’tfindthenameofKali.Butbasicallyitis
“DEBIAN”.Sogoaheadandselectthe32bitor64bitDebianaccordingtoyoursystem
architecture.Clicknextanditwillaskforthememoryusageasitisshowninthenext
image.
(InstallationprocessofKaliLinuxonVirtualBoxasksforMemorySize)
Youcanallocatethememorysizeasperyourmachinecapacity.Minimum1GBis
good.Itisbetterifyoucanallocatemore.Inthenextstepitwillaskforstoragecapacity
andlittleothernitty-gritty.
Icanassureyou,asacompletebeginneryouwon’tfaceanydifficultytoinstallKali
LinuxonyourVirtualBox.Themostimportantpartofthisinstallationprocessisyou
needtokeepyourInternetconnectionrunningonsothatKaliLinuxwilladjustits
prerequisitesaccordinglyonline.
Usuallywhenanoperatingsystemisinstalledonavirtualmachineitcomesupina
smallsizeanditstayslikethat.Thenextimagewillshowyoutheoriginalsize.
(KaliLinuxrunningonOracleVMVirtualBox)
Butworkingonthissizeisreallycumbersome.Tosolvethisproblemnormally
VirtualBoxGuestAdditionisbeingused.Butbeforethatyoumaywanttoupdateand
upgradeyournewlyinstalledKaliLinux.Thatisagoodpracticethathelpsyoutobe
updatedallthetime.Afteryouhaveloggedintypingusernameandpassword,youwill
findtheterminalontheleftpanel.Openitandtype:
apt-getupdate
Youmustbeonlinesothatitwillbeupdatedonyourown.Itmighttakesometime.
Afteritfinishesoffyouissuethesecondcommand:
apt-getupgrade
Normallytheup-gradationtakesmoretimethanupdating.Ifyouarearootuser
thenthereshouldnotbeanyproblem.Butifyouhavecreatedanotheruserandlogsinas
thatuserthenyoumusttype“su”commandbefore.“SU”standsforsuperuserorroot
userwhoistheadministration.Itwillaskforyoursuperuserpasswordinstantly.Yougive
anditwillworkfine.
Letuscomebacktotheoldproblem.ThenewlyinstalledKaliLinuxislooking
smallinsizeandyouareobviouslyatalossandyoudon’tknowwhattodo.Howyouwill
getthefullscreenview?
Hereisacommandthatwillrescueyoufromthisproblemandsolveit.Youneedto
installonemorepackageandupgradeyourvirtualmachineagainsothatitgetsthefull
screenview.
(KaliLinuxrunning–OracleVMVirtualBoxwithpasswordattackstool)
Openuptheterminalandtype:
apt-getupdate&&apt-getinstall-ydkmslinux-headers-$(uname-r)
ThiswillinstallthenecessarypackagethatwillruntheVirtualBoxGuestAddition.
ItissomethingthatyoucanimagineasatoolthatcontrolsthescreensizeofyourHost
OS.
Howyouwillyourunitoncethepackageisinstalled?Thenextimagewillguide
youtofindtheplacewhereyouwillgetit.
(GettingthefullscreensizeofKaliLinuxonVirtualBox)
Takeyourmousepointertotheuppermiddlepartwhereyouwillgetthe“Devices”
menu.Thelastonereadslikethis:insertguesteditionCDimage.Clickitanditwill
automaticallytakecareofeverything.
Normallyitshouldworkfine.Ifnot,takeitasachallenge.SearchovertheInternet.
Therearelotsofhelpinghandswaitingforyoutoassistwhatyouwanttoget.
NowwearegoingtoinstallWindows7Ultimate.Thestartingprocessissame.You
openthevirtualbox.Goto‘new’andclick.Itwillopenupawindowthatwillaskyouto
typethenameoftheoperatingsystemyouaregoingtoinstall.Nextitwillaskforthe
memorysize.ForWindows7Ultimateyouneedtoallocateatleast2GB.Biggerisbetter.
Fortheharddiskstoragecapacity50GBisenough.
NowyouarereadytoconnecttotheISOimageoftheOS.
Thispartislittletrickybutanyonlineguidewillshowyouhowyoucanconnect
them.
Whenyouclickthe‘storage’sectionofyourVirtualBoxitwillpopopenawindow
thattellsyoutoconnectwiththeISOimage.Itisnotatalldifficult.Theadvantageof
VirtualBoxisifyoufailtodosomejobitwon’taffectyouroriginalmachine.
(InstallationofWindows7Ultimatetakesplace.)
(Windows7Ultimateisgettinginstalled.)
WhenanynewOSisinstalledonyourvirtualmachine,itisusuallysmallinsize.
Butthereistechniquethatwillhelpyougettheoriginalfullscreeneffect.
ForWindows7UltimatethereisaVirtualBoxGuestAdditionfolderavailablein
thestoragesection.Inthenextimageitshowsup.Thebluecoloredboxcomeswitha
label.ItreadsVirtualBoxGuestAdditions.Justclickonit.Itwillopenup.Itwillcontain
severalfiles.Youwillnoticetwo‘.exe’files.Oneisforthe32bitandtheotherisfor64
bitsystemarchitecture.Mymachineis64bitsoIclickandrunit.Thestepsarevery
simple.Itwillaskfortobeinstalled.ClickOKandproceed.ItwillmakeyourWindows7
Ultimatevirtualmachinestatefullscreen.
WehavesuccessfullyinstalledVirtualBoxandonourvirtualmachineandwehave
installedKaliLinuxandWindows7Ultimateonit.Nowit’stimetomoveon.
#LinuxTerminal,BasicCommands
ItisextremelyimportanttoknowabouttheLinuxterminalandcommands.Notina
greatdetail,butthisprimaryknowledgewillhelpyouimmenselyinthefuture.Themore
youdelvedeepintotheworldofethicalhackingyouwillstartfeelingthatyouneedto
knowmoreabouttheLinuxsystem.Thisbookwillnottakeyouthatfar.Butaverybasic
knowledgeisnecessarysothatyoucanunderstandwhatisgoingonaroundyouinthis
bookalone.
ItmightseemrepetitivebutIwouldlikeittobecementedonyourmindthat
withoutknowingLinuxproperlyyoucan’tgodeepintothemysteriousworldofethical
hacking.Soyoumustknowbasiccommandsfirst.Thesecommandswilltellyouabout
thecomputeritself.Itwilltellyouthelocationoffilesystem–whereyouareonyour
computer.Bythesecommandsyoucanchangethepermissionofafilesystem,copyor
permanentlyremoveafile.Youcanaddanewusertoyoursystem.Youcanhavealisting
offilesthatarecurrentlyinthedirectorywhereyouare.Thislistingincludesthehidden
files.Inanutshellyoucanatleastdothebasicoperationsthroughyourkeyboardwithout
usingyourmousepointer.Thatisgreatfromtheperspectiveofabeginner,Ipresume.
TobeginwithletusfirststartKaliLinux.Inthefollowingimageyouwillseeafull
screenrepresentationofKali.Iamgoingtoexplainfewthingsfirstsothatasabeginner
youwilllearnwhatyouneedtoknowfirstaboutKali.
(KaliLinuxfullscreenviewwithitsleftpanel)
TheimageaboveisshowingthefullscreenviewofKaliLinux.Ontheleftpanel
theonthetop,thereisthebrowser“ICEWEASEL”.Nextfollowsthecommandlinetool.
Weneedthattoolprettyofteninthecominglessons.Thecommandlinetoolorterminal
basicallydealswithalltypeofkeyboardinputs.Thegoodprogrammershardlyusemouse
pointer.Theyaremorecomfortablewiththisterminalandkeying.Thefile-systemfollows
it.Ifyouclickonit,itwillopenupawindowjustlikeanyWindowsNTversion.Youwill
seevariousdirectoriesandfolderslike‘Home’,‘Downloads’,‘Pictures’etcetera.
Letusstartwiththecommandtoolbyopeningit.Youcanmakeitlookbigger.Just
useyour‘control’and‘shift’keyswiththe‘+’sign.
Inthefollowingimageyouwillseefewstartingcommandsthatweusuallytypeto
knowwhatkindoffileswehaveinsomedirectoriesorfolders.
(KaliLinuxwiththecommandlinetool)
Whatdoestheimageshow?
ItshowsthatIhavetyped‘ls’first.Whatdoesthat‘ls’commandmean?Itstandsfor
listing.ItellKalitoshowthelistingoffilesandfoldersthatyouhaveandinafractionof
seconditshowsmeallithas.
NextIhaveused‘cd’command.Whatdoesthatmean?
This‘cd’commandstandsfor‘changedirectory’.YouseeintheimagethatIhave
changedthedirectoryto‘home’andissue‘ls’commandagaintoseewhatithas.Ithasone
foldercalled‘sanjib’andafile.Thefolder‘sanjib’meansthe‘root’orsystemitselfhasa
usercalled‘sanjib’.NowasarootoradministratorIhavecreatedthatusersothatatthe
beginningIcanloginas‘sanjib’.YoucancreateseveralusersinaLinuxsystemsothat
fromvariousmachinestheycanlogintotheirfilesandfolders.Buttheuserswillnever
havetherootprivilege.Theycan’tpenetrateintotheadministrator’sspacebuttherootor
administratorcanalwaysseewhattheusersdoing.Asarootanadministratorcancreate,
deleteanyuser.
Formthisplaceyouguesswhatishappening.Wechangedirectoryandlookwhat
‘sanjib’hasinhisdirectory‘Downloads’.
Nextwelearnaboutthe‘pwd’command.Ifstatesyourposition.Asarootifyouare
at‘Home’directoryandissue‘pwd’commandithasoutputlikethis:
root@kali:/home#pwd
/home
root@kali:/home#
Itsaysyouareat‘/home’directory.This‘pwd’commandisimportantwhenyou
havetocontrolalargecomplicatedsystem.Oftenyoumightforgetwhereyouare
working.Usuallyifyouwanttogobacktothepreviousdirectoryyouneedtotypethis.
root@kali:/#cd/home/sanjib/
root@kali:/home/sanjib#cd..
root@kali:/home#
Itmeansyoufirstgoto‘sanjib’directoryandthencomebackwith‘cd’command
havingtwodots.
Nextwelearnabout‘cp’command.Thiscommandstandsforcopy.Youcancopya
filefromonedestinationtotheother.Wehaveseenthatinour‘home’directorywehavea
file‘VBoxLinuxAdditions.run’.Letuscopythisfiletothe‘Documents’directoryofuser
‘sanjib’.
root@kali:/home#cp-vVBoxLinuxAdditions.run/home/sanjib/Documents/
‘VBoxLinuxAdditions.run’->
‘/home/sanjib/Documents/VBoxLinuxAdditions.run’
root@kali:/home#
Nowwewouldliketogo‘sanjib’documentsfolderandseewhetherthefilehas
beenproperlycopiedornot.
root@kali:/home#cdsanjib/Documents/
root@kali:/home/sanjib/Documents#ls
VBoxLinuxAdditions.run
root@kali:/home/sanjib/Documents#
Ihavechangeddirectoryto‘sanjib/Documents’andissue‘ls’commandtoseethe
listing.Itshowsthefile.Soitisworkingproperly.
Youcanlearnaboutanycommandveryeasily.Youjustneedtoadd‘—help’
commandlikethis:‘cp—help’.Itspitsouteverythingaboutthatcommandanditisvery
verbose.Ittellsyouaboutanycommandinfulldetail.
Anotherveryimportantcommandis‘mv’.Withthiscommandyoucanmoveany
filefromonefoldertoanotherfolder.Thiscommandismoreorlesslike‘cp’command.
Butthereisamajordifference.Thiscommandcompletelymovesthefilefromoneplace
totheother.Anotherimportantcommandis‘cat’.Youcanreadanytextfilewiththehelp
ofthiscommand.
Ihaveafoldercalled‘Writing’andhavesomedocumentsoverthere.Nowwiththe
helpofthiscommandwecanreadanytextfile.Rememberitistrueonlyforatextfile.
Foranexperiment,Iwantedtoreadafilewithextension‘.odt’andthenextimageshows
youhowitlookedlikeontheterminal.
(Tryingtoreadanon-textfilewith‘cat’command.)
InthispartIwanttoshowanothertrickthatisoftenbeingusedinLinux.Suppose
youwanttowriteatextfileveryquickly.Youcanuse‘nano’.ItcomeswitheveryLinux
distribution.Justtype‘nano’onyourterminalanditwillopenupatexteditoronthe
terminalitself.Nextimageshowsyouhowithappens.
(Nanotexteditor.Howtosaveafileandexittheeditoriswritteninit.)
Nowyoucansafelyreadthisnewfile‘novel.txt’withyour‘cat’command.Allyou
needtodoisissueacommandonyourterminallikethis:
catnovel.txt
Itwillreadyourfileontheterminalitself.
Nowitcouldbeagoodideatoeditthisfile.Youcanedititonterminalusing
‘nano’.Inthatcase,youneedtowriteonyourterminalthiscommand:
nanonovel.txt
Thiswilltell‘nano’toopenthefile.Therestissame.Youcaneditanyportionand
withthe‘control’and‘o’keyyoucansaveitagain.Thenyoucanexitthefilewith
‘control’and‘x’.
Inthenextimagewewillseehowitlookslikewhenwetrytoreadafilebyusing
‘cat’command.
(Readingatextfileusing‘cat’command)
Usuallyseasonedprogrammersusetoworkontheterminalandthetexteditorlike
‘VI’,‘VIM’or‘NANO’isextremelypopular.
NowwearegoingtolearnaveryimportantLinuxcommandcalled‘grep’.This
commanddoessomesortofsearchinginsideafileanditdoesitinaveryinteresting
manner.Letusfirstseewhatwehaveinourrootdirectory.
Weissueacommandlikethisonourterminalandseetheoutput.
hagudu@hagudu-H81M-S1:~$cd/etc/apt
hagudu@hagudu-H81M-S1:/etc/apt$ls
apt.conf.dsources.listsources.list.savetrusted.gpgtrusted.gpg.d
preferences.dsources.list.dtrustdb.gpgtrusted.gpg~
hagudu@hagudu-H81M-S1:/etc/apt$
Asyoucanseewehavechangedthedirectoryto‘/etc/apt’andseethelisting.We
findmanyfilesthereandpresentlyweareinterestedaboutthe‘sources.list’file.Wecan
use‘cat’commandtoreadthefilebutwehavesomethingdifferentinourmind.
Wewouldliketosearchsomeparticularwordandwanttoseparatethemandseein
segregation.Thecommand‘grep’alongwithanothercommand‘|’(pipe)willhelpusin
doingso.
Weactuallytelltheterminaltodisplaythecontentof‘sources.list’firstandthen
pipethattermtooursearchingprocess.Letusseehowitworks.
Ifwesimplywriteacommandlike‘catsources.list’,itwilldisplayalonglistingof
thesourcesofthisLinuxsystem.Youcanwriteandseethem.Butweareinterestedabout
searchingtheword‘src’andwanttoseehowmanytimethatwordhasbeenusedinthe
‘sources.list’.
Sothefinalcommandandtheoutputarelikethis:
hagudu@hagudu-H81M-S1:/etc/apt$catsources.list|grepsrc
deb-srchttp://in.archive.ubuntu.com/ubuntu/trustymainrestricted
deb-srchttp://in.archive.ubuntu.com/ubuntu/trusty-updatesmainrestricted
deb-srchttp://in.archive.ubuntu.com/ubuntu/trustyuniverse
deb-srchttp://in.archive.ubuntu.com/ubuntu/trusty-updatesuniverse
deb-srchttp://in.archive.ubuntu.com/ubuntu/trustymultiverse
deb-srchttp://in.archive.ubuntu.com/ubuntu/trusty-updatesmultiverse
deb-srchttp://in.archive.ubuntu.com/ubuntu/trusty-backportsmainrestricted
universemultiverse
deb-srchttp://security.ubuntu.com/ubuntutrusty-securitymainrestricted
deb-srchttp://security.ubuntu.com/ubuntutrusty-securityuniverse
deb-srchttp://security.ubuntu.com/ubuntutrusty-securitymultiverse
#deb-srchttp://archive.canonical.com/ubuntutrustypartner
deb-srchttp://extras.ubuntu.com/ubuntutrustymain
#deb-srchttp://archive.ubuntu.com/ubuntutrustyuniverse
hagudu@hagudu-H81M-S1:/etc/apt$
Thisisinterestingtonotedownthatwehavefirstissuedacommandlikethis:cat
sources.list|grepsrc
Andthelongoutputthatfollowsthatcommandhasallthestatementsthathave‘src’
init.
Wecanevenfilterthesourcefilemoredistinctly.Wecannarrowdownoursearches
moreandtellterminaltofindouttheword‘src’onlywithsmallletterbywritingdown
thiscommand:
catsources.list|grep–isrc
Inthefuturewewillusethis‘grep’commandextensivelytoscananetworkwitha
particularword.
Anotherimportantcommandis‘echo’.Thiscommandliterallyechoeseverything
youwriteonyourterminal.Youcanalsodosomethingmorewiththiscommand.Youcan
evenchangeatextfilewiththiscommand.
Previouslywehavewrittenatextfile‘novel.txt’andsaveditonourhomedirectory.
Nowwearegoingtooverwritethatfilewiththis‘echo’command.
hagudu@hagudu-H81M-S1:~$echo“IDON’TLIKETHISNOVELANYMORE
SOICHANGEIT”>novel.txt
hagudu@hagudu-H81M-S1:~$catnovel.txt
IDON’TLIKETHISNOVELANYMORESOICHANGEIT
hagudu@hagudu-H81M-S1:~$
Wehavefirstechoedsometextonourterminalthenweused‘>’(greaterthansign)
toputthattextintothefile‘novel.txt’.Inthenextcommand,wehaveagainused‘cat’
commandtoreadthefile‘novel.txt’andfoundthatthefilehasbeenchanged.
NowwewilllearnhowtomakedirectoriesinLinux.Thereisaveryuseful
command:‘mkdir’.Itplainlymeans‘makedirectory’.Letusmakeadirectorynamed
afterthisproject:‘EthicalHacking’.Youmayguessthatthecommandisextremely
simple:mkdirEthicalHacking
No,itisnot.Inthiscase,ifyouwritethatway,Linuxterminalunderstands
somethingelse.Itcomprehendsthatyouwanttocreatetwoseparatedirectories.Oneis
‘Ethical’andtheotheris‘Hacking’.Ithasalreadycreatedtwodirectoriesinthatway.So
letusremovethemfirstandnextwewillcreateadirectorywithmoremeaningful
meaning.
Toremoveadirectoryyoumusthave‘root’privilege.Itmeansyouare
administratororsuperuserofthesystem.In‘UBUNTU’ifwewanttobea‘root’or‘super
user’,weissueacommand‘sudo’first.InKaliLinuxitisdifferent:‘su’.Butinbothcases
onceyouwritethatcommandthesystemwillaskforthepasswordthoroughtheterminal.
Letusseehowitworks.
Wefirstissuethecommandandinthenextstepwecheckwith‘ls’commandtosee
whetherthosedirectoriesexistanymore.
hagudu@hagudu-H81M-S1:~$sudorm-rfEthical/Hacking/
[sudo]passwordforhagudu:
hagudu@hagudu-H81M-S1:~$ls
Itworked–twodirectorieshavebeenremovedsuccessfully.Letustryto
understanditmore.Wealreadyknowthatthe‘rm’commandstandsfortheword
‘remove’.Butwhataboutthe‘-rf’commandthatfollowsit?Thecommand‘-rf’means
‘doitrecursivelywithforce’.Generallythis‘-rf’commandisusedtoremovedirectories.
Youhavetobeverycarefulaboutusingthiscommand.Because,inLinuxonceyouhave
usedthiscommandthefileordirectoryisdeletedpermanently.Itisnexttoimpossibleto
retrievethem.Itiswisetobeverycarefulaboutusingit.
Hopefullyyouhavealsonoticedthatwehavestartedourcommandlinewith
‘sudo’.Andoncewritten‘sudo’,itasksforthepassword.Inthiscaseyoualwaysgivethe
passwordthatyouusuallytypedowntologintothesystem.
Letusagainmakethedirectoryproperlyandthistimewenameit‘Ethical-
Hacking’,sothatthesystemwillnolongerinterpretitastwoseparatedirectories.
hagudu@hagudu-H81M-S1:~$mkdirEthical-Hacking
hagudu@hagudu-H81M-S1:~$cdEthical-Hacking/
hagudu@hagudu-H81M-S1:~/Ethical-Hacking$ls
hagudu@hagudu-H81M-S1:~/Ethical-Hacking$touchfile1file2
hagudu@hagudu-H81M-S1:~/Ethical-Hacking$ls
file1file2
hagudu@hagudu-H81M-S1:~/Ethical-Hacking$
Firstwehavemadedirectory‘Ethical-Hacking’.Thenweuse‘cd’togoinsideit
andwiththehelpof‘ls’wecheckedthatthedirectoryisempty.Afterwardsweissue
‘touch’commandtocreatetwofiles:‘file1’and‘file2’.Againweissue‘ls’commandto
checkthattwofileshavebeencreatedsuccessfully.
InEthicalHackinganonymityisaverybigdeal.Inthenextchapterwelearnitin
greatdetail.Beforethatyouneedtounderstandthatintheprocessofbeinganonymousit
isgoodtobeanyuserratherthantherootuser.Astherootorsuperuseryoufirstadda
userfirstinyourvirtualKaliLinux.Setapassword.ShutdownKali.Rebootandloginas
thenewuser.Itisagoodpractice.
Nowhowyoucouldaddauser?LetusopenourvirtualKaliandastherootuser
we’duse‘adduser’commandontheterminal.Supposeournewuserwillhaveanamelike
‘xman’.Inthatcasethecommandwillbeverysimple:adduserxman.
OnceyouhaveissuedthiscommandKaliasksforthepasswordandotherdetail.
Giveastrongpasswordofatleasteightcharacterswithalphanumericcharacters.Now
shutdownyourmachineandloginas‘xman’.Forotherdetailsitisnotmandatorythat
youneedtogiveyourrealidentity.Youcanfillthemwithanydata.
Astherootorsuperuseryoucanaddasmanyusersasyouwish.Youcandelete
themanytime.Youcanrestricttheiractivitiesfromanyangle.Asanadministratoryou
canaddauserwhowillnotbeabletologinaftersixmonths.Youcancreategroupsand
setarulesothatentryisrestricted.Someuserscanenterintothatgroup.Somecan’t.
Primarilyyouneedtoaddoneuser‘xman’andloginthesystemasthenewone.A
userisnotpermittedtoaccessortamperanyfileoftherootorsuperuser.Butassuper
useryoucanalwayschangethefilepermission.Itisaveryimportantconceptfromevery
angle.InInternettheconceptoffilepermissionisextremelyimportant.
Anyfilehasthreetypesofpermissionsrelatedwithit.Itcanbeonly‘readonly’.
Themeaningisclear.Youcan’twriteonitorexecuteit.Itcanbe‘writeonly’.Another
stateoffileis‘executablemode’.Ifitisexecutable,youcanperformanyactionby
runningit.Youcanwriteasimpleapythonprogram.Thisprogramwilltakeinputsfrom
usersandgiveoutputs.Afterwritingapythonfileyoucanmakeitexecutable.
Letusseehowithappens.LetusopenourKaliLinuxterminalandwiththehelpof
‘ls’commandweseewhatwehavepresentlythere.
sanjib@kali:~$cdDocuments/
sanjib@kali:~/Documents$ls
VBoxLinuxAdditions.run
sanjib@kali:~/Documents$ls-la
total7048
drwxr-xr-x2sanjibsanjib4096May2910:30.
drwxr-xr-x18sanjibsanjib4096Jun309:59..
-r-xr-xr-x1rootroot7208397May2910:30VBoxLinuxAdditions.run
sanjib@kali:~/Documents$
Firstwegoto‘Documents’folderandissue‘ls’command.Thatshowsonlyonefile
–‘VBoxLinuxAdditions.run’.Ournextcommandis‘ls-la’.Itmeans:wewantalistingof
allfileswithalldetails.Youcanseethedifferenceabove.Theoutputisinred.Itshows
twohiddenfileswiththepreviouslyseenfile.Anditalsoshowstheownersoffilesandit
alsoshowsthepermissions.Letusconsiderthislineminutely.
-r-xr-xr-x1rootroot7208397May2910:30VBoxLinuxAdditions.run
Ittellsusthattheownerofthisfileis‘root’.Andthestartinglineisalsovery
important.Ithandlesfilepermissions.
r-xr-xr-x
Whatdoesthismean?Ithasthreedistinctparts.Thefirstpartis‘r-x’.Thesecond
andthirdpartsarealsosame–‘r-x’.Thefirstpartisfortheownerofthefileorcurrent
user.Thesecondpartisfor‘group’.Andthefinalorthirdpartisforthesuperuserwhois
viewingthisfile.Ihavealreadycreatedanotheruser‘sanjib’andhaveloggedinas
‘sanjib’.Thatiswhyyouseethiskindofoutput:sanjib@kali:~/Documents$ls-la
Nowtomakethisconceptmoreclearwewillcreateausernamed‘xman’.Andwe
willloginas‘xman’andseewhatwehaveinourDocumentsfolder.
Tocreateanewuseryouneedtologinasrootorsuperuser.Letusassumewehave
loggedinas‘root’.Thecommandsandtheoutputaregivenbelow.
root@kali:~#adduserxman
Addinguser`xman’…
Addingnewgroup`xman’(1002)…
Addingnewuser`xman’(1001)withgroup`xman’…
Creatinghomedirectory`/home/xman’…
Copyingfilesfrom`/etc/skel’…
EnternewUNIXpassword:
RetypenewUNIXpassword:
passwd:passwordupdatedsuccessfully
Changingtheuserinformationforxman
Enterthenewvalue,orpressENTERforthedefault
FullName[]:xmananonymous
RoomNumber[]:123
WorkPhone[]:321
HomePhone[]:213
Other[]:anon
Istheinformationcorrect?[Y/n]y
root@kali:~#
Congratulation!Youhavejustsuccessfullycreatedanewusercalled‘xman’.You
noticethatithadaskedforthepasswordandtoldyoutoretypetheUNIXpasswordagain.
Letuslogoutas‘root’andloginas‘xman’.Letusalsogotothe‘Documents’
folderof‘xman’andseewhatwehave.
xman@kali:~$cdDocuments/
xman@kali:~/Documents$ls
xman@kali:~/Documents$ls-la
total8
drwxr-xr-x2xmanxman4096Jun310:33.
drwxr-xr-x14xmanxman4096Jun310:33..
xman@kali:~/Documents$
Everythinggoesasexpected.Onlyonethingismissing.Thisnewuserdoesnot
havethisline:-r-xr-xr-x1rootroot7208397May2910:30VBoxLinuxAdditions.run.
Maybewehadmovedthatexecutablefilefromanyrootfoldertothe‘Documents’
folderofuser‘sanjib’before.
Nowwehavealreadyknownhowtocreateafileusing‘nano’texteditor.Sowecan
moveonandhaveaverysmallpythonfile.Presumablyyoudon’tknowpython,soIkeep
itverysimplejusttoshowhowwecanchangefilepermissions.
#!/usr/bin/python3
print(“TYpeyourname.”)
inputs=input(“>>>>>>”)
outputs=inputs
defmain():
print(outputs)
if__name__==‘__main__’:
main()
Inside‘nano’editorwewriteasimpleprogramthatwilltakeinputandgiveoutput.
Savethefileas‘pyfile.py’andexit‘nano’,andletusissue‘ls-la’toseewhatitshows.
xman@kali:~/Documents$ls-la
total12
drwxr-xr-x2xmanxman4096Jun310:50.
drwxr-xr-x15xmanxman4096Jun310:42..
-rw-r—r—1xmanxman86Jun310:44pyfile.py
xman@kali:~/Documents$
Asyouseethefilesayseverything.Itsaysthatnow‘Documents’folderhasone
newfile‘pyfile.py’andithasbeencreatedat10:44.Theowneris‘xman’andithasfile
permissionslikethis:rw-r—r—
Nowyouknowwhatdoesthismean.Itmeans:theuser‘xman’canreadandwrite
thisfilebuthecan’t‘execute’thisfile.
xman@kali:~/Documents$chmod+xpyfile.py
xman@kali:~/Documents$ls-la
total12
drwxr-xr-x2xmanxman4096Jun310:50.
drwxr-xr-x15xmanxman4096Jun310:42..
-rwxr-xr-x1xmanxman86Jun310:44pyfile.py
xman@kali:~/Documents$
Lookhowwehaveused‘chmod’commandtochangethefilepermissionto
executable.Onceyouhavechangedthefilepermissiontoexecutableitchangesthecolor
togreen.Andalsolookatthefilepermission:rwxr-xr-x
ThefirstpartImarkasredsothatyoucanunderstandthedifferencebetweenthem.
Thefirstpartofthepermissionsays‘x’hasbeenaddedsinceweused
‘xman@kali:~/Documents$chmod+xpyfile.py’command.
Letusexecutethefileandseehowittakestheinputandgivetheoutput.
xman@kali:~/Documents$./pyfile.py
TYpeyourname.
>>>>>>xman
xman
Whenyourunthefileitaskstotypeyournameandgentlyspitsbacktheoutput.
##Summary
YouhavelearnedafewbasicLinuxcommandsinthischapter.Nowatleastyou
haveanideahowaLinuxsystemisworkingandhowyoucanuseyourterminalor
commandlinetooperateyoursystem.
Inthelearningprocessofethicalhacking,youfinditextremelyuseful.Infuture
youneedtolearnfewmoreLinuxcommands.YourknowledgeofLinuxoranyother
operatingsystemmustbecommendable.Asyouprogress,Ihope,your‘appetitecomes
witheating’.
Wehavediscussedenoughrudiments.Nowitistimetomovefurther.Weareready
totakethefirstimportantstepintotheworldofethicalhacking.
#HowtoStayAnonymous
Thatisveryimportant.YouneedtostayanonymousandhideyourIPaddresswhile
youareintotheworldofethicalhacking.Thereareseveralwaystodothat.Wewill
discussinthischapterhowwecandothat.
Thereareproxies.Itmeansyouareroutingthroughdifferentroutersbutitcouldbe
veryslowandnotatyourhand.Anotherdownsideofusingproxiesisyoudon’tknow
nothingabouttheotherside.Youareatdarkabouttheserversthroughwhichyourpackets
aremoving.Sothatcouldveryrisky.Youmayaskthatwhyitisdangerous?Iwoulddo
somekindof‘nmappingthenetwork’sortofjobs.Itisharmless.Maybeso.Butitisnot
restrictedtothatpartonly.Usingproxy,youmaywanttologintosomeserver.Onceyou
havetypedinyourpassword,itcouldbehijacked.
Howcanyousolvethisproblem?
Thereisaterm‘VPN’.Youprobablyheardofvirtualprivatenetwork.Whatisthat?
Itisbasicallyakindofservicethatyouareusingforencryptingyourtraffic.Anditisvery
fast.Infuturewhenyouworkasaprofessional,youhavetohireaVPNservice.Itisnot
verycostly.Forthetimebeingwecoulddoitforfreejustforlearning.
ButonceyouencryptyourtrafficthroughVPN,itisrecognizable.Whathappensif
anagencyaskstheserviceprovidersforyourdata?Normallytoavoidthatyouneedtobe
choosy.Youneedtohireaservicefromacertainpointoftheworldwhereprivacyis
strictlymaintained.
ButaftersayingthatandhopingforthebestI’ddefinitelynotrecommendyoutodo
yourwhitehatethicalhackingusingproxiesorVPNs.Basicallyyoumaywanttodothat
forbypassingthefirewallsettingorthatsort.Besides,someVPNservicesdon’tallowIP
addressestousetheirservicesbeyondarange.SupposeyourIPaddressbelongtooutside
ofthatrange.ButpeopleoftenuseproxiesorVPNsnotalwaysfordoingsomething
maliciousliketakingdownaserverorstalingdata.Peoplemightwanttohidetheir
locationjustwhentheyaretravellingorthatkindofjob.Apparentlythistypeofactivity
stayswithinthelaw.
Thereisanotherproblemthatmightcropupwhileyouaccessacertaintypeof
serverthatusuallyallowsIPaddressesfromacertainregion.InthatcaseifyouuseanIP
addressfromChinaorRussiathenetworkadministratorwouldcertainlygoafteryou.Soit
isaconsistentproblemthatkeepcomingandtormentingyoufromtimetotimeandinthe
comingchapterswewouldlikeaddressthoseproblems.
##DarkWebandTOR
Inthemeantimewewillhaveaveryquicklookaboutdarkweborhiddenweb.I
don’tknowwhetheryouhaveheardaboutitbefore.
Rumoris:‘DarkWeb’or‘DeepWeb’consistsofmajorportionofInternet.Itis
somethinglike‘darkmatter’thatconsistsof97or98percentofmassoftheuniverse.Itis
stillunknownwhatitisactually,exceptafewthings.
Peoplesaydarkwebisfullofinformationthatweusuallydon’tgetnormally.And
youcan’taccessdarkwebthroughyournormalbrowser.Youneedaspecialkindof
browsertoenterintothatmazeofmysteries.
IshouldwarnyoubeforeyoutryTORandenterthedarkweb.Therearelotsof
illegalactivities,generallygoonoutsideournormalperception.Itcouldbelikehuman
trafficking.Itcouldbelikeillegalarmsdealing.Itcouldbelikehiringkillersandwhat
not.Butinthisbookwearenotinterestedaboutthem.Ourmainconcernisknowledge.
WereachtheresothatwecanhaveanideawhatisgoingactuallygoingonintheDark
Web.
Asanethicalhackeryouneedtoknoweverythingforoneandonlyonepurpose.
Youneedtofightagainstamaliciousattack.Youarelearningtodefendyourselfnot
attackingsomebody.Buttodefendyourselfyouneedtoknowallthetacticsthatyour
enemyoftenuses.Maybepolicewillseekyourhelptotrackdownachildabuser.Without
knowingthepropercharacterofdarkwebyoucan’tdothat.Ifyoudon’tknowhowto
hideyourIPaddresshowcouldyoulocateacriminalwhoishidinghisproperlocation?
Besides,youneedtoknowanothermajorthing.Darkwebisnotalwaysbadinthat
sense.Youmayfindmanyreputedwhitehatorgrayhathackersincertainforumsthatare
keptcompletelyhiddenfromthewatchfuleyesofgovernmentagencies.Youmayfindreal
helpfulpeopleovertherewhomayhelpyousolveyourprobleminstantly.LikeWikipedia
therearehiddenwikithatwearegoingtoseeinaninstantwhereyoucanfindlotof
interestingthingtolearn.
##HiddenWikipedia
ToreadthehiddenwikiweneedtoinstalltheTORbrowser.KaliLinuxdoesnot
comewithitbydefaultsoyouneedtoinstallit.
(Downloadsectionoftorproject.orgwebsite.)
Todothatfirstyouneedtologinasthenewuser:xman.Thenopenupthenormal
browserandsearchforTORbrowser.Justgotheofficialsiteanddownloadthelatest
versionforKaliLinux.Becarefulaboutcheckingthatitishttps://torproject.orgnot
anythingelse.Itmaycomewith‘http://’without‘s’.Avoidthatsimply.
Therearetwoversions:oneis32bitandanotheris64bit.Accordingtoyour
systemarchitectureyouneedtodownloadtheexactversion.Beforedownloadingitis
goodpracticetolearnaboutTORfromtheirdocumentations.Therearetermsand
conditionsthatyoumustfulfill.Andthemaintermisyoumuststaywithinlaw.Youcan’t
useTORforanyillegalprocess.ToralsohidesyourIPaddress.Butthatisadifferent
issue.
Oncedownloadiscompleteyoucanaccessthenecessaryfileinyour‘Download’
folder.Justrunit.
(TorBrowserisconnecting.)
Onceitisconnecteditwillopenupitsdefaultfirstpagewhichyouwouldfindquite
differentfromthenormalbrowser.Firstofallyoucantype‘whatismyIP’andcheck
whatthatshows.
Itwilldefinitelybeotherthantheregionwhereyouarepresentlybelongingto.But
weneedoriginalhiddenwikiwebpagethatwilltakeustothedarkweb.
Rememberthereareseveralwebsitesthatwouldclaimtobeoriginalhiddenwiki.
Soyouneedtojudiciousaboutchoosing.Usuallytheycomewith‘.onion’domainsand
theURLiscontinuallychanging.Soyoucantypeinsomethinglike‘hiddenwikiurl’and
seewhatyouget.
(TheoriginalHiddenWikipage)
Themainproblemis:youcan’tdifferentiatetheoriginalhiddenwikifromtheother
fakeversions.Theaboveimageshowshowitmaylooklike.Theextensionisalways
‘.onion’.
Thehiddenwikimainlyconsistsoflargeamountofvariouslinks.Manyofthemare
simplyillegalandcheap.Itseemstoyoulikeabigmarketwherelotsofsmuggledgoods
aresold.Nevertrytobuyanythingfromhere.Becausethoughitistemptingtobuy
somethingverycostlyatonethirdofitsoriginalpriceitisnotcertainthatitwillreach
you.Moreoverthereiseverypossibilitythatyourdebitorcreditnumberiscracked.
Butinthissocalledinterestingmarkettherearelotsofreallyusefulthingsthatmay
cometoyourhelp.Oneofthemistheforumorchatsectionwherereputedhackersoften
discussaboutmanyinterestingthingsthatyoudon’tknowusuallyinanyopenforum.
Atthesametimeyouneedtobecarefulaboutusinganycodecomingfromthese
forumsorchatsjustbecauseoftheanonymity!Itisnotadvisabletousethatcodeinyour
originalmachine.
Thatcouldbedangerous!
Letusopenupaforumsiteandseehowitjustlookslike.Theyusuallycomeup
withablackbackgroundasiftheyrepresentthedarkwebproperly.
(OneoftheHiddenWikipage–thatcouldbevague.)
Onethingyouwouldbetterkeepinyourmind.TORbrowserisfineaslongasyou
wanttolearnsomethingnew.Itisnotmeantfordoingsomedubiousthings.Therearelots
ofcheapattractionsthatwoulddefinitelytrytograbyourattentionorevenforceyouto
attracttowardsthem.Becarefulaboutchoosingthesitesyouarevisiting.Aslongasitisa
hacker’sforumitisperfectlyokay.Butonceyougobeyondthelimitwithoutstaying
withinlawitcouldbedangerous.
Fromnowonwemovetowardsthingsthataremoredirectlyconnectedtoreal
worldethicalhacking.ButbeforethatweneedtoseehowproxychainsandVPNswork.
YourlittleknowledgeofLinuxcommandswillcomehandy.Fromnowon
everythingwedoontheKaliLinuxterminal.SobootupyourKalivirtualmachineand
openupyourterminal.FirstwewilllearnaboutProxyChainsandwiththehelpofthis
toolhowwecanhideourIPaddressandgainaccesstoaremoteserver.
#ProxyChains
Thenamesuggestsitstruemeaning.Tokeepanonymityweneedseveralproxies.
Behindtheseproxieswecanhideourtrueidentity.Itisnotsuccessfulallthetime.But
KaliLinuxgivesyouaspecialopportunitytochangetheconfigurationattherootsothat
youcanhideyourtrueidentitywhilebrowsingwebusingTOR.Actuallyinthiscaseyou
needtoconfigureyour‘prxychain.conf’file.YouhavealreadyinstalledTOR.
Weneedtoopenuptheconfigurationfileusing‘nano’texteditor.
OpenupyourKaliLinuxterminalasarootuserandwritedownthiscommand.
root@kali:~#nano/etc/proxychains.conf
Itwillopenupthe‘proxychains.conf’file.Therearethreetypesofproxiesthatyou
canuse.Butyoucan’tusealltheproxiesatatime.Letusfirstseehowthisfilelookslike.
Itis68lineslong.Butitisnotverycomplicatedifyouunderstandthelines.The
documentationsareclearandtothepoint.Heregothefirstfewimportantlines.
#TheoptionbelowidentifieshowtheProxyLististreated.
#onlyoneoptionshouldbeuncommentedattime,
#otherwisethelastappearingoptionwillbeaccepted
#
dynamic_chain
#
#Dynamic-Eachconnectionwillbedoneviachainedproxies
#allproxieschainedintheorderastheyappearinthelist
#atleastoneproxymustbeonlinetoplayinchain
#(deadproxiesareskipped)
#otherwiseEINTRisreturnedtotheapp
Whatdoesthismean?Itsaysproxylisthasseveraloptions.Youmusthowyou
shouldtreattheseoptions.Ifyoureadeverylineyou’dgetanideahowitworks.Thereare
threetypesofproxies.Youneedtouncommentanyoneofthem.
Thefirstproxyis‘dynamic-chain’.Youseetheabovelineandtheredcolorshows
thatIhaveuncommentedit.Therearetwomoreproxies:‘strict_chain’and
‘random_chain’.Theyarecommentedout.Theyhavetheirowndescriptions.Letusread
themboth.
#strict_chain
#
#Strict-Eachconnectionwillbedoneviachainedproxies
#allproxieschainedintheorderastheyappearinthelist
#allproxiesmustbeonlinetoplayinchain
#otherwiseEINTRisreturnedtotheapp
#
#random_chain
#
#Random-Eachconnectionwillbedoneviarandomproxy
#(orproxychain,seechain_len)fromthelist.
#thisoptionisgoodtotestyourIDS:)
Itissaidclearlyinthedocumentationthatcomesupalongwithit.SoIdon’t
elaborateitagain.Theadvantageofchoosing‘dynamic_chain’overothersisclearly
stated.Ifyourconnectiondoesnotgetone‘workingproxy’thenitautomaticallyjumpsto
theother.Theothertwodon’tgiveyouthatopportunitytorouteyourtraffic.
Letmeexplainitmore.Supposeyouhavetwoproxiesinplace–AandB.What
happensincaseof‘strict_chain’isthatwhenyoubrowsewebpagesyourconnectionis
routedthroughAandBstrictly.ItmeansAandBshouldbeinorderandlive.Otherwise
yourconnectionsimplyfails.Incaseof‘dynamic_chain’thisdoesnothappen.IfAis
downthenitjumpstotakeB.Itworksthatway.
Ihopethefirststepisclear.Letusconsiderfewotherimportantsteps.
Inbetweenyougetalinelikethis:
#ProxyDNSrequests-noleakforDNSdata
proxy_dns
Itisaveryimportantlinetobeconsideredseriously.YouseeIhaveuncommented
the‘proxy_dns’.Youcan’tallowDNSdatatobeleaked.Inotherwords,yourrealIP
addressshouldnotbeleakedbyanychance.ThatiswhyIhaveuncommentedthislineso
thatyourproxiesareinproperplaceworkingwithoutanyhitch.
Attheendofthelistyou’dfindthisline:
[ProxyList]
#addproxyhere…
#meanwile
#defaultssetto“tor”
socks4127.0.0.19050
socks5127.0.0.19050
socks5185.43.7.1461080
socks575.98.148.18345021
Pleaseinspectthelasttwolinesinred.Ihaveaddedthem.LetmeexplainwhyI
addedthem.ButbeforedoingthatI’dliketoexplaintheexamplelinesjustgivenbefore.
Itreadslikethis:
#ProxyListformat
#typehostport[userpass]
#(valuesseparatedby‘tab’or‘blank’)
#
#
#Examples:
#
#socks5192.168.67.781080lamersecret
#http192.168.89.38080justuhidden
#socks4192.168.1.491080
#http192.168.39.938080
Itclearlystateshowyourproxylistshouldbeformatted.Considerthefirstline:
#socks5192.168.67.781080lamersecret
Itmeans:thefirstoneisthe‘type’oftheproxy.Itshouldbe‘socks5’.Thesecond
oneis:‘host’.Thethirdoneis‘port’andthelasttwowordsstandfor‘username’and
‘password’incaseyoupayforit.Anotherimportantthingis:youmustseparatethewords
eitherusingby‘tab’orpress‘blank’.
Thereareseveralfreeproxiesyou’dfindsodon’tbotheraboutthelasttwo
presently.Nowwecanagaingobacktothelastlinesthatwehavebeendiscussing.Inthe
lastlinesithasbeenmentionedthat‘defaultssettotor’.
Beforeaddingthelasttwolinesyouneedtoaddthisline:
socks5127.0.0.19050
Weshoulddothatbecauseusuallyyour‘proxychains.conf’filecomesupwithonly
‘socks4’,soyouneedtoadd‘socks5’thatsupportspresentmoderntechnology.Nowyou
cantestyour‘TOR’status.
Openupyourterminalandtype:servicetorstatus
Itwillfailifyoudon’tstartit.Sotype:servicetorstart
Itwillstarttheservice.
(TORisrunningthroughtheterminal.)
Andyoucanopenupyourbrowserthroughtheterminal.Justtype:proxychainsfirefox
www.duckduckgo.com
ThissearchenginedoesnotusuallytrackIPaddresses.Yourbrowserwillopenup
andyoucancheckyourIPaddress.WewouldalsoliketoseetheDNSleaktestresult.Let
usdothatbytyping‘dnsleaktest’onthesearchengine.Thereareseveralservicesyou
canclickanyoneofthemtoseewhatitsays.
(DNSleaktest.)
Ifoundthe‘www.dnsleaktest.com’isworkingtofindoutmyoriginalIPaddress
andfailstofindout.ItshowsanIPlike‘8.0.116.0’anditisfromGermany.Thisiswrong
asIamwritingthisnearCalcutta.
Youcansimultaneouslytestthesameinyournormalbrowserandyou’llfindyour
actualIPaddress.
#VirtualPrivateNetworkorVPN
FromtheverybeginningItrytoemphasizeonething.EthicalHackingstartswith
onesingleconception:Anonymity.
Youfirstandmustensurethatyou’reanonymous.Youhaveleftnotracebehind
yourback.Yourwholejourneyishiddenandnoonecantraceyourroutelater.
Wehavediscussedabout‘TOR’browserand‘ProxyChains’.Wehaveseenhowwe
canusethem.AnotherveryimportantconceptinthisregardisVirtualPrivateNetworkor
VPN,inshort.
ItbasicallydealswiththeDNSserversettings.ADNSservernormallychecksthe
trafficfiltering.SoifyoucanchangeyourDNSserversettinginyourrootyoucan
misguidethatreading.
Howwecandothat?
OpenyourKaliLinuxterminalandtype:
cat/etc/resolv.conf
Itwillshowsomethinglikethis:
#GeneratedbyNetworkManager
nameserver192.168.1.1
Inyourterminalthereiseverypossibilitythatit’dshowsomethingelse.Thisis
yourhomegateway.Whatkindofrouteryou’reusing;itisjustshowingthatinformation.
Basicallywe’regoingtochangethissothatwhenweagaintestourIPaddresstheDNS
servercan’tfilterthetrafficproperly.
InmyterminalwhenItypethesamecommand,itreadslikethis:
nameserver208.67.222.222
nameserver208.67.220.220
IfyouguessedthatIhadactuallychangedthis;youareright.Ihavechangedit.
WhyIhavechangedthis?Letmeexplain.
Youneedtounderstandtheconceptof‘nameserver’first.Whatitdoes?TheLAN
IPaddressactuallyforwardsthetraffictoDNSserverswhichinturnresolvethequeries
andsendthetrafficbackaccordingly.
Indoingthisitalsorecordstheamountoftrafficyouarehavingthroughyourhome
gateway.Wedon’tneedthat.Whywedon’tneedthat?Weneedtobeanonymous.Sothat
isthemainreasonbehindchangingthisnameserver.
WecandothatthroughvirtualprivatenetworkorVPN.
Letusopentheterminalagainandtypeinthiscommand:
nano/etc/dhcp/dhclient.conf
Itwillopentheconfigurationfilewherewewillchangethenameserveraddress.
Letusseehowitlookslike.
(dhclient.conffileinnanotexteditor)
I’veopeneditonmyUBUNTUterminal.ButyouneedtochangeitonyourKali
Linuxvirtualmachine.Younoticethattherearelotsofthingswrittenoverthere.But
we’reinterestedaboutthislineinbetween:
prependdomain-name-servers127.0.0.1;
We’lluncommentthislinefirstandthenchangeit.Therearelotsof‘OPENDNSIP
ADDRESSES’availableontheweb.Searchwiththeterm‘opendns’anditwillopenup
lotofoptionsfromwhereyoucancopythe‘openDNSaddresses’;oneofthemis
“opendns.com”.Letuscopytwoaddressesfromthemandjustpasteitinplaceof
127.0.0.1likethis:
prependdomain-name-servers208.67.222.222208.67.220.220;
Nowallyouneedtodoonething.You’vetorestartthenetworkmanager.Typethis
commandonyourKaliLinuxterminal:
servicenetwork-managerrestart
Nowyoucancheckyournameserveragain.It’llshowtwonewaddresses.
Anotherthingisimportanthere.Youneedtocheckwhetherthemediaconnectionis
enabledornot.OpenyourMozillabrowser–inKaliLinuxitis‘Iceweasel’anyway.You
finditontopleftpanel.
Openthebrowserandtypein‘about:config’.Itlookslikethis:
(about:configimageonyourMozillabrwoser)
IfyouuseChromeorOpera,thiswillshowsomethingelse.Youneedtoclickand
enterintoit.Enteringintoitwillassureyouasearchpanelonthetopwhereyouwillenter
thesearchterm:‘media.peerconnection.enabled’.
Letusseehowitlookslike.
(check‘media.peerconnection.enabled’trueorfalse)
Intheaboveimage,itisshown‘true’.Youneedtodoubleclickitandmakethe
Booleanvalue‘false’.
Nowyoucansearchforthefreeopenvirtualprivatenetwork.Remember,people
oftenhirethesamethingandpayaheftypriceforthat.Buttheyarenotsecureallthe
time.Whytheyarenotsecure?Itisbecause,sometime,whenacountry’snationalsecurity
isunderattackandtheywanttheinformationservercompanieshavetogivethemunder
pressure.SoallalongIhavetriedtoemphasizeonething:nevertrytogoabovethelaw.
EthicalHackingisallaboutsomethingthatstrictlymaintainsoneandonlyprinciple:
stayingwithinlaw.
Youlearneverythingforyourselfdefensenotforanykindofattackinadvance.
Anyway,inthischapterourmaintargetis:howwecanhideDNSserverfromourISP
provider.
WehavesearchedaboutopenVPNandfound‘www.vpnbook.com’.Wearegoing
todownloadfromthissite.Ontherighthandpanelyou’llfindthenameoftheproviders.
Itvariesfromtimetotime.Fromwhichcountryyou’lldownload,reallydoesn’tmatteras
longasitworks.
Whiledownloadingyou’llnoticethatacombinationofusernameandpasswordis
givenalongwith.Copythemandsavesomewhereasyou’llneeditwhenyourunvirtual
privatenetworkinyourmachine.
InthedownloadsectionofyourKaliLinuxyouhaveazippedversionofVPN.
Unzipitfirstandthenrunit.Howyoucandothat?LetmeopenmyKaliLinux
‘Download’sectionandseewhatIsee.
sanjib@kali:~$cdDownloads/
sanjib@kali:~/Downloads$ls
vpnbook-euro1-tcp443.ovpn
vpnbook-euro1-tcp80.ovpn
vpnbook-euro1-udp25000.ovpn
vpnbook-euro1-udp53.ovpn
TogetthesameoutputyouhavetounzipyourVPNzippedversion.Nowissuethis
command:
openvpnvpnbook-euro1-tcp443.ovpn
Ifthemachinesaid,‘openvpncommandnotfound’,youwouldhavetoinstallit.
InstallinganythingthroughtheterminalisquiteeasyinLinux.Searchovertheweb,there
aretonsoftutorialsthatwillguideyouaboutthat.Usuallyitisdoneby‘apt-get’
command.
Whenyoutrytorun‘openvpn’itwillaskfortheusernamefirst.Thenit’llaskfor
thepassword.Oncethisprocessiscomplete,it’lltrytobuildtheconnection.Youneedto
waitforsometime.Unlessyougetamessage:‘initializationcomplete’,youcan’topen
yourbrowser.Itmaytakeseveralminutes.Usuallyittakestwominutesminimum.
Ifyou’renotlucky,maybesometime,notalwaysofcourse;thismessagewon’t
cropup.Inthatcaseitsays:‘connectionfailed’.
Onceyougetthemessage‘initializationcomplete’,youcanopenthebrowserand
searchthrough‘www.duckduckgo.com’.Thissearchengineusuallydoesn’ttrackthe
user’srecord.
YourfirstjobwillbecheckingtheDNSleak.Goforitandyou’lldefinitelyfinda
changedIPaddress.
Itmeansyouhavesuccessfullyconnectedthroughthevirtualprivatenetworkand
youroriginalISPDNSserveriscompletelyhidden.
#AllAbouttheMACAddress
Wehavelearnedmanytrickssofar–allaboutanonymity.Butwe’llalwaystryto
gotothehigherlevel.ChangingtheMACAddressfallsintothatcategory.
Inasimpleway,itisyourhardwareaddress.Basicallyit’snotthehardwareaddress
ofyourmachinebutit’sthehardwareaddressofyournetworkcardthroughwhichyou’re
connectedtotheouterworld.
LetusstartourKaliLinuxvirtualmachineandopenuptheterminal.Issuethe
command:ipconfig.
It’llproducesomethinglikethis:
root@kali:~#ifconfig
eth0:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500
inet10.0.2.15netmask255.255.255.0broadcast10.0.2.255inet6
e80::a00:27ff:fef4:16ecprefixlen64scopeid0x20<link>
ether08:00:27:f4:16:ectxqueuelen1000(Ethernet)RXpackets19bytes
1820(1.7KiB)RXerrors0dropped0overruns0frame0TXpackets31bytes
2427(2.3KiB)TXerrors0dropped0overruns0carrier0collisions0
lo:
flags=73<UP,LOOPBACK,RUNNING>mtu65536inet127.0.0.1netmask
255.0.0.0inet6::1prefixlen128scopeid0x10<host>looptxqueuelen0(Local
Loopback)RXpackets36bytes2160(2.1KiB)RXerrors0dropped0overruns0
frame0TXpackets36bytes2160(2.1KiB)TXerrors0dropped0overruns0
carrier0collisions0
Inyourcase,theoutputcouldbedifferent.We’reconcernedaboutthehardware
addressofournetworkandwewanttochangeit.
Inbetweenyou’veseentheredcoloredlinethatreads:ether08:00:27:f4:16:ec
ThisisKaliLinuxvirtualmachine’sMACAddressorlocalnetworkcardaddress.
Nowinsomecasesitmightbelikethis:HWaddr08:00:27:f4:16:ec
Insomecasesitisdifferent.Theyarenetworkcards–theycouldEthernetcards,
wirelesscards,wirelessadaptersetcetera.
Butthisaddressisextremelyimportantasitisusedtoidentifyyouinthevastweb
world.Thefirstthreedigitsarethesymbolsthatrepresentthemanufacturer.
Wecancheckitoutherealsobyissuingthiscommand:
root@kali:~#macchanger-seth0
CurrentMAC:08:00:27:f4:16:ec(CADMUSCOMPUTERSYSTEMS)
PermanentMAC:08:00:27:f4:16:ec(CADMUSCOMPUTERSYSTEMS)
Asyousee,itshowstwoMACaddress–oneiscurrentandtheotherispermanent.
YoumayaskwhyI’mcheckingthishere.Ihavecheckeditoncebyissuingcommand
‘ifconfig’–isn’tit?
It’sbecause:thecommand‘ifconfig’willonlyshowthecurrentMACaddress.It
won’tshowthepermanentMACaddress.Itmeans,whenyouhavechangedtheMAC
addressandissuedthe‘ifconfig’command,it’donlyshowthechangedone–notthe
permanentone.
Nowwe’dliketochangeourMACaddress.Letusissuethiscommand:
root@kali:~#macchanger–h
Anditwillproduceanoutputlikethis:
GNUMACChanger
Usage:macchanger[options]device
-h,—helpPrintthishelp
-V,—versionPrintversionandexit
-s,—showPrinttheMACaddressandexit
-e,—endingDon’tchangethevendorbytes
-a,—anotherSetrandomvendorMACofthesamekind
-ASetrandomvendorMACofanykind
-p,—permanentResettooriginal,permanenthardwareMAC
-r,—randomSetfullyrandomMAC
-l,—list[=keyword]Printknownvendors
-b,—biaPretendtobeaburned-in-address
-m,—mac=XX:XX:XX:XX:XX:XX
—macXX:XX:XX:XX:XX:XXSettheMACXX:XX:XX:XX:XX:XX
Reportbugstohttps://github.com/alobbs/macchanger/issues
Theredcoloredthreelinesareimportant.Itisexplicitlydefinedwhatitmeans.The
greencoloredlineisalsoimportant.
Thefirsttwolinesmean–-a,—anotherSetrandomvendorMACofthesame
kind
-ASetrandomvendorMACofanykind
–YoucanchangetheMACaddressbutyoucan’tchangethevendor.Inthiscase
thereiseverypossibilityoflosingyouranonymity.Asthefirstthreesetsbelongtothenet
cardmanufacturerandsincethathasnotbeenchanged;youcanbeidentified.
Thethirdredcoloredlineisquiteobviousandselfexplanatoryinitsmeaning.It
says;youcanchangebacktotheoriginalMACaddress.
Sofar,thebestoptionavailableforusisthegreencoloredline–-r,—
randomSetfullyrandomMAC–whereitisclearlysaidthatyoucansetfully
randomMAC.Thatis:thesixsetsarecompletelyrandomwhichweprefer.
Themostimportantofthemisthelastbluecoloredline.Whyitisimportant?Itis
because,youcanchangetheMACaddresscompletely.
Wecanhavealistofallvendorswithasimplecommand–l.Ifyouissuethat
commanditwillgiveaverylonglist.Letuspickupfewofthem.
root@kali:~#macchanger-l
MiscMACs:
NumMACVendor
––––
0000-00:00:00-XEROXCORPORATION
0001-00:00:01-XEROXCORPORATION
0002-00:00:02-XEROXCORPORATION
0003-00:00:03-XEROXCORPORATION
0004-00:00:04-XEROXCORPORATION
0005-00:00:05-XEROXCORPORATION
0006-00:00:06-XEROXCORPORATION
0007-00:00:07-XEROXCORPORATION
0008-00:00:08-XEROXCORPORATION
0009-00:00:09-XEROXCORPORATION
0010-00:00:0a-OMRONTATEISIELECTRONICSCO.
0011-00:00:0b-MATRIXCORPORATION
0012-00:00:0c-CISCOSYSTEMS,INC.
0013-00:00:0d-FIBRONICSLTD.
0014-00:00:0e-FUJITSULIMITED
0015-00:00:0f-NEXT,INC.
0016-00:00:10-SYTEKINC.
0017-00:00:11-NORMERELSYSTEMES
0018-00:00:12-INFORMATIONTECHNOLOGYLIMITED
0019-00:00:13–CAMEX
Wehavetakenfirstfewlines–nineteenatpresent.Butthelastoneis–19010-
fc:fe:77-HitachiReftechno,Inc.Theredcolorednumbershowshowmanytheyareall
together.Thelistisnotcomplete.AfterthattherearewirelessMACaddresses.Theyare
alltogetheraroundthirtynineinnumbers.
Youmayaskwhattheyareactually.Theyarenothingbutthebitsofthecompany
MACaddress.Letusconsiderthelastexample:0019-00:00:13–CAMEX.
Thefirstoneistheserialnumber.ThesecondoneistheMACaddress.Youcan
changeyourvendoraddressandusethisoneandpretendtobeusingthiscompany.Ethical
Hackerssometimeusethattrick.
Keepingeverythinginmind,I’dliketosaythatthelastoption–thebluecolored
one–isthemostimportant.
Incollegesstudentssometimeusethattricktofooltheprofessoralongwiththe
wholeclass.Someonetakestheprofessor’sMACaddressandpretendingtobethe
professor’sPChejamsthenetwork.Oncethenetworkhasbeenjammedtheteachercan’t
taketheclassanymore.
UsuallythereisnetworkfilteringsystemthatfindsouttherogueMACaddressand
blocksthataddress.Butthatisalsofun.Whenthenetworkfilteringsystemhasblocked
theMACaddressitcomesoutthattheprofessor’sPChasbeenblockedinadvertently.
AsanEthicalHackeryouneedtostudythispartparticularlyasthemalicious
crackersoftenuseanothermachine’sMACaddressandpretendingtobesomeonetheydo
thewrongthings.
#Conclusion
Thanksforreadingthefirstvolumeof‘EthicalHacking–LearnEasy(FirstPart)’.I
hopeasabeginneryouhavelearnedthebasicofEthicalHacking–thatincludesthe
terms,legalside,purpose,networkingandtheenvironmentwithadetailintroductionon
‘anonymity’.
Thenextvolumewilldealwithmoreadvancedconceptslike‘Nmap’,‘SQL
Injection’,‘DenialOfServiceorDOS’,‘BruteForceMethod’,‘SignalJamming’,
‘PasswordCracking’etcetera.
Hopetomeetyouinthenextbook.Tillthenbestofluck.
top related