HACKING

Beginner's Guide to ComputerHacking. Learn to Protect Your

System

IntroductionI want to thank you and congratulate you for reading my book, “HACKING;Beginner's Guide to Computer Hacking. Learn to Protect Your System”.

This book contains proven steps and strategies on protecting your own systemfrom outside attack and to do that, you must learn to think like a hacker.

So many people believe that a hacker must have extraordinary knowledge andskills to be able to do what they do but, in all honesty, all you need to be ableto do is understand the way that a computer system and network works andwhich tools to use to find the weaknesses. I am going to show you the basictechniques and tools that you can use to hack your own system, just to see howsecure it really is. By doing that, you can start working on making it moresecure and defend your own network against attack.Thanks again for reading this book, I hope you enjoy it!

Copyright 2014 by ______________________ - All rights reserved.This document is geared towards providing exact and reliable information inregards to the topic and issue covered. The publication is sold with the ideathat the publisher is not required to render accounting, officially permitted, orotherwise, qualified services. If advice is necessary, legal or professional, apracticed individual in the profession should be ordered.

- From a Declaration of Principles which was accepted and approved equallyby a Committee of the American Bar Association and a Committee ofPublishers and Associations.In no way is it legal to reproduce, duplicate, or transmit any part of thisdocument in either electronic means or in printed format. Recording of thispublication is strictly prohibited and any storage of this document is notallowed unless with written permission from the publisher. All rights reserved.

The information provided herein is stated to be truthful and consistent, in thatany liability, in terms of inattention or otherwise, by any usage or abuse of anypolicies, processes, or directions contained within is the solitary and utterresponsibility of the recipient reader. Under no circumstances will any legalresponsibility or blame be held against the publisher for any reparation,damages, or monetary loss due to the information herein, either directly orindirectly.

Respective authors own all copyrights not held by the publisher.The information herein is offered for informational purposes solely, and isuniversal as so. The presentation of the information is without contract or anytype of guarantee assurance.

The trademarks that are used are without any consent, and the publication ofthe trademark is without permission or backing by the trademark owner. Alltrademarks and brands within this book are for clarifying purposes only andare the owned by the owners themselves, not affiliated with this document.

ContentsHACKER

Beginner's Guide to Computer Hacking. Learn to Protect Your SystemIntroductionChapter 1: The 5 Phases of Ethical HackingChapter 2: Network SecurityChapter 3: Launching a Penetration TestChapter 4: Password CrackingChapter 5: Best Security PracticesChapter 6: Tools Ethical Hackers UseConclusionReferences

Chapter 1: The 5 Phases of Ethical HackingBefore you can even begin to start hacking your own system, you shouldunderstand the 5 phases of ethical hacking. Ethical hackers aren’t so differentfrom malicious hackers in the tools and methods that they use to gain entry intoa network or system. The difference lies in their intentions.

Phase 1: Passive and Active Reconnaissance

Passive reconnaissance is the act of gathering up information without yourtarget knowing what you are doing and most of this is done from your chair infront of your computer. When you look for information, you generally run a search on the internet tostart with and it's surprising just how much information you can gather in thisway. Another means of passive reconnaissance is network sniffing and this cangive you quite a bit of information in terms of naming conventions, IP addressranges, hidden networks, hidden servers and lots of other information aboutwhat is on that network.

Network sniffing is a method by which a hacker watches data flow to see whenspecific transactions happen and where the traffic is heading. This is acommon method used by ethical hackers and the tools are dead easy to use.Later I’ll tell you which tools you can use and provide you with links to getmore information on them. In a nutshell, though, sniffers let you see all datathat is transmitted via a network, and that includes username and passwordcombos and loads of other sensitive data – all stuff you thought was secure onyour system!Active reconnaissance is all about network probing and this lets you see IPaddresses, individual hosts, and network services. There is a higher risk ofdetection with active reconnaissance, more so than with passive methods andthis is occasionally called “rattling the door knobs”. It can give you a roughidea of what security measures are in use but there is a high risk that you willbe caught or that, at the very least, suspicion will be raised Many of the toolsthat are used for active reconnaissance can easily be tracked back to thecomputer they are being run from and this increases the likelihood of detection.

Both active and passive reconnaissance can help you to discover some useful

information and in terms of your own network security, you’ll find out just howweak your security really is. Think of it this way – you can have as many locks,deadbolts, and chains on your front door as you like but all of them are uselessif you leave the window wide open!

Phase 2: ScanningScanning is the act of taking the information that you found during yourreconnaissance and using it as a way of examining the network. The tools thatyou can use to scan include:

Port scannersDialersICMP – Internet Control Message Protocol – scannersNetwork mappersPing sweepsSNMP – Simple Network Management Protocol – sweepersVulnerability scanners

The information that you are looking for during the scan is anything that canhelp you to carry out an attack on a specific target, although, for the purposesof this book, you are trying to find the information that another hacker will findto see where the security gaps are:

Operating systemComputer nameSoftware that may be installedUser accountsIP addresses

If, during your hack on your own system, you find any of these, you will knowwhere your weaknesses are.Phase 3: Getting Access

This is where the fun begins, where the proper hacking happens. All thevulnerabilities that you found in the first two phases can now be exploited,giving you access to the system you are targeting. There are several ways toattack:

Wired or wireless LAN – Local Area Network

Local access to the systemInternetOffline

Examples of hacking attacks include Denial of Service, Stack-based bufferoverflows and session hijacking. Getting access is called Owning the Systembecause, once you are in, you have complete control and can do whatever youwish.Phase 4: Maintaining Your Access

Getting in is one thing; staying in is quite another. You want to be able to stayin the system for as long as you possibly can to maximize the potential for moreexploitation. Sometimes, a hacker will harden the system so that other hackersand security staff can’t get in – they do this by putting backdoors in, usingTrojans or rootkits. Once that system is yours you can launch other attacks fromit and, in this case, the system would be termed as a “zombie “system.Phase 5: Covering Your Tracks

The last thing a hacker does is covers their tracks so that they can’t be detectedand can continue using the system. They will also do this to avoid legal actionand to get rid of all traces of hacking. They will remove IDS (IntrusionDetection Systems) and log files to hide their tracks in a bid to stay there for aslong as they can.

Now you have an idea of the process used by a hacker, you can start to look atyour own system and, in the following chapters, we’ll look in depth at how youcan hack and protect your own network and computer.

Chapter 2: Network SecurityThe first place to start is with network security and when you can hack intoyour own system, you can spot vulnerabilities in the Wi-Fi network and workout how to protect your system against them. We’re going to look at some of thefree, and almost free, tools that you can use for a penetration test and this willhelp you to find weak passwords, rogue access points, and their security holes,giving you the chance to patch them up before someone else finds them.

Sniffing and Stumbling

This might sound like someone who is a bit high or a bit drunk but these aretwo common methods for determining access points and everything you need toknow about them. The details you might want to know are the media accesscontrol address, the type of security and the signal. You will likely comeacross access points that have weak WEP (Wired Equivalent Privacy) security,a very easy place for hackers to crack. You may even discover rogue accesspoints that have been set up by others to open your network. Stumblers willeasily find any access points that have been set up with non-broadcast SSIDnames or hidden names.Sniffers will capture raw packets of data sent over your network and these datapackets can be imported into another tool, which you can use to crack theencryption. You can also look for website and email passwords that are sent inplain-text format.

Here are some of the best sniffers and stumblers for you to use:Vistumbler

An open-source application for Windows, this will display the basic detailsabout the access points, including the exact methods used for encryption andauthentications. It can also speak to the RSSI and the SSID. You will get graphsshowing signal levels and, as well as being easy to use, it is flexible inconfiguration and you can customize it. Detect rogue access points and useGPS logging and tracking with Google Earth.

KismetAnother open-source application, Kismet is a packet sniffer, Wi-Fi stumbler,

and an Intrusion Detection System, compatible with Windows, Linux, Mac, andBSD. You will see access point details that include the SSID names of anyhidden networks and you can capture packet data and import them into toolssuch as TCPdump and Wireshark.

Wi-Fi AnalyzerWi-Fi analyzer works on Windows and Android devices, helping you to findaccess points on your desktop or mobile. It gives you basic information aboutthose access points on a 2.4 GHz network and for some supported devices on a5 GHz network. The access point list can be exported and you get graphs thatshow signals by usage rating, history, and channel as well as a signal meter thathelps you to locate access points.

Cracking – WEP Key and WPA/WPA2 PersonalThere are plenty of tools that you can use to crack open Wi-Fi encryption andthey all either look for and use weaknesses in WEP or use brute-forcedictionary attacks on WPA/WPA2 Personal and this is why you should neverset your security levels as WEP.

The most secure form of Wi-Fi security is WPA2 with AES/CCMPencryptions. If you choose to make use of the Personal or Pre-Shared Keymode (PSK), ensure that your password is at least 13 characters long andcontains a mixture of numbers, lower and uppercase letters and ASCIIcharacters. The following tool will help you to find any encryption weaknesseson your system and to test out your passwords:

Aircrack-ngThis is a suite of open-source tools that are used to perform cracking on WEPand WPA/WPA2-Personal keys. It runs on Windows, Linux, Mac and OpenBSD and can be used as a way of capturing data packets, to inject and toreplay traffic and, once sufficient packets have been obtained, to find andreveal encryption keys.

WPS PIN CrackingIf you use a wireless router rather than or as well as access points, there is onevulnerability that you need to be aware of. It revolves around WPS – Wi-FiProtected Setup – that is found on almost every wireless router and is

generally activated when WPA/WPA2 Personal security is activated.Connection to the router is done via a WPS PIN and this can be crackedincredibly quickly. This is the best tool for you to use to test out your routeragainst this weakness.

ReaverThis is Linux program that will perform a brute-force attack on your wirelessrouter to see if it can reveal the WPS PIN and the WPA/WPA2 PSK. Usually, itwill be successful within 4 to 10 hours and will give you some advice on whatto do

Evil Twin APs and Wi-Fi Honey PotsOne of the techniques used by Wi-Fi hackers to get an unsuspecting target toconnect to them is to set up a fake access point. These are otherwise known asEvil Twins or Wireless Honey Pots. Once a connection is made to the fakepoint, the hacker is then able to capture FTP connections or email, even fileshares. They can also make use of a spoofed DNS or a captive portal todisplay fake websites that mirror genuine login pages and these are used togain the login credentials of the target.

These are some of the best tools to use to locate vulnerable wireless clientsthat may be on your network:

WiFish FinderThis is an open source Linux program that is used to capture traffic on a Wi-Finetwork and also carries out active probing to identify clients that arevulnerable to an attack, such as honey pots, evils twins or MiTM (Man in TheMiddle) attacks. WiFish builds up a network name list; these are the names thatprobe requests are being sent for and it will also determine the type of securityon that network, allowing you to identify for any clients that are probing fornetworks that are not encrypted. Unencrypted networks are prime targets forhoney pots, MiTM or evil twin attacks.

JasagerThis is another firmware based on Linux and it offers a suite of tools that canidentify wireless clients that are vulnerable. However, it can also performhoney pot or evil twin attacks. It runs on Pineapple or FON routers and is able

to create soft access points that are set up with the SSID that wireless adaptorsare searching for. It will run a DNS, DHCP and HTTP server so that it can beconnected to and the HTTP server will the redirect any requests to a website.It is also able to capture and display FTP, clear-text POP or HTTP logins thatare performed by the target.

Wireless Driver VulnerabilitiesThe following is the best tool to use to find vulnerabilities in specific driversfor Wi-Fi routers and wireless adapters, thus alerting you to potential points ofentry:

WiFiDEnumWiFiDEnum is a Wi-Fi Driver Emulator and is a windows program that canhelp to find any Wi-Fi drivers that may be vulnerable to exploit attacks. Itwills can the network, collect details about any adaptor drivers and identifywhere the weaknesses lay.

General Network Attacks

Lastly, we can look at a few tools that you can use to demonstrate attacks thathave long been carried out on wired networks and can also be done on Wi-Finetworks, as well as demonstrating eavesdropping:

NMap

Otherwise known as Network Mapper, it is an open source TCP/IP scannerthat is used to identify clients and hosts that are on the network. It will tell youwhat operating system is being used, what services are on offer or being usedand what sort of firewalls or packet filters are being used, along with muchmore information. You can use this to scan for ports and hosts that are notsecure and vulnerable to hacking.

Cain and Abel

Cain and Abel is one of the most popular password crackers, passwordrecovery and sniffer tools for the Windows operating system. You can use it todetermine any clear text passwords that may be being sent across the network,giving you the opportunity to fix the problem.

FireSheep

This is an add-on for Firefox that will perform something called side jacking,or HTTP session hijacking. It is used to monitor a network for any logins thatcome from users on websites that don’t use full SSL encryption when theyexchange login cookies. As soon as the cookie has been detected, it provides ashortcut to the fully protected website, allowing an attacker access withouthaving to log in.

Chapter 3: Launching a Penetration TestPenetration testing is not just for the big businesses; you can easily do it onyour own home computer to determine if there are any vulnerabilities that canbe exploited. The way to do this is to put yourself in the shoes of a hacker,imagine that you are trying to hack into a system and use the same tools thatmalicious hackers use but for ethical purposes.How to Get Started with Penetration Testing

How you get started is going to depend on just how technical you intend ongetting. If you are not particularly technically minded, there are ways you thatyou can carry out a homemade penetration test on your home system.First, if you have a friend that is technically minded, get them to help you. Ifyou don’t know anyone, just grab your nearest, most-trusted mate, someonewith no technical knowledge, and ask them to run some tests on your system.

The first test is to try and access your system by guessing what you have usedas a password. If you already told them what your password is, you’ll need tochange it for the purposes of this test. Because your friend knows you, they arelikely to start trying words that would be associated with you or some of themore common passwords.

It isn’t going to work because you know how to create a really strongpassword, don’t you? If they do manage to crack it, you are going to need tochange it straight away – clearly, it is far too easy to guess.Next, ask them to log in to your Wi-Fi network. Again, this should have apassword to protect it and it should be a strong one; no matter how well theyknow you, they should not be able to get past your password.

Remember, your friend should not be a security professional and they shouldnot be a hacker – if they can access your system then anyone can get in.The next step is to check out the passwords you use on every site you access.Are you using the same password for several sites? If you do, you are going tohave to change them, no matter how strong your password is. If a hacker canget your password from one site, then it’s only a short hop to accessing every

site you use.

Lastly, check out your anti-virus software. Make sure they are up to date, alongwith your firewall and security patches. Making sure everything is up to date,along with using common sense, you should be able to protect yourself fromthe vast majority of attacks that you may come across.If you are more of a technical user and can handle technical situations, thereare quite a few tools that you can use to carry out a fuller penetration test onyour system. Even better, many of the professional penetration testing tools areopen source and that means free to use.

Head over to sectools.org where you will find a whole host of tools that, usedproperly, can help you to carry out a penetration test on your system to ensurethat it is secure from external attacks.

Chapter 4: Password CrackingIs your password truly secure? You may think it is and we’ve all heard theadvice about what you shouldn’t use as a password. There are loads of toolsthat say they can assess just how secure your password is but these are rarely,if ever, that accurate. There is only one way to truly test the strength of yourpassword and that is to attempt to break them.In this chapter, we are going to look at a popular tool that is used by genuinehackers to crack passwords and I’m going to show you how to use it on yourpasswords. If your passwords fail, we’ll look at how to pick stronger ones.

Setting Hashcat UpHashcat is the name of the tool we are going to look at. Officially, it is meantfor the recovery of passwords but it is, more often than not, used as a way ofcracking passwords that have been stolen from servers that aren’t perhaps themost secure. This makes it a great tool for testing out your own passwordsecurity.

1. First, download Hashcat – you can get it from hashcat.net2. Now extract the files and save them in your downloads folder

The next step is to get some more data for the tool. We need a word list, a largedatabase that contains passwords and this is what Hashcat will use as itsstarting point.

3. Download rockyou.txt and save it to the Hashcat folder – do make sureit retains the name “rockyou.txt”

Next, we have to generate some hashes and to do that we need to use WinMD.This is freeware tool that uses little in the way of resources and it will hashcertain files.

4. Download WinMD55. Unzip the file and save it to the Hashcat directory6. Create two new files – password.txt and hashes.txt and save both to the

Hashcat directory

That completes the setup of Hashcat.

A Little History Lesson

Before you actually go ahead and use Hashcat, let’s look a little into howpasswords get broken and how we arrived at this point. Way back in time, longago in the history of computer science, passwords used to be stored by awebsite in plain text. That kind of makes sense – that website has to verify thatthe right password has been used. The most obvious way of doing that is tomaintain copies of all the passwords, perhaps in a file, and then check inputsagainst what you have stored. That sounds easy, right?Sadly, it was the biggest disaster in computer history. Hackers could usedevious methods of getting access to the server and would then make off withthe list of passwords. They could then log in to each account and do significantamounts of damage, especially if the website were a financial one, like onlinebanking. As the security researchers recovered from what was clearly amassive disaster, they decided that things needed to be done in a different wayand that is where hashing came in.

For those who need a refresher or who don’t know what they are, hashfunctions are codes that take a small bit of information and mix it all up in amathematical way, so that it is nothing more than fixed length gibberish. Wecall this hashing data and what is really cool about is that these hashes can onlygo in one direction. While it may be easy to take some information and workout what its unique hash is, it isn’t very easy to take the hash and work outwhere it was generated. In fact, if you were using random passwords, youwould need to try every combination you could think of, and a few morebesides, and that is pretty much impossible.So, you may have figured out that hashes have got some useful properties whenit comes to password applications. Instead of just storing a password, you willstore the hash of that password instead and, when you need to verify apassword, you would hash it, then delete the original and check it against allthe hashes on your list. Hash functions will all provide the same result so youcan verify that the correct password has been submitted. Crucially, the plaintext passwords will never be stored on a server and that means they can neverbe stolen by hackers – all they will get is hashes, which are useless to them. Inresponse, hackers have spent a lot of time and effort trying to find ways toreverse hashes.

How Hashcat Works

There are several things that the hackers came up with and one of them is theway that Hashcat works. This is the most robust method because it notices thatusers tend to be very unimaginative and use the same kinds of passwords.For example, many passwords are made up of a couple of English words,maybe a number or two and a few random capitalizations thrown in for goodmeasure. Some are more popular than others, such as “password” yourusername, “Hello”, etc. In the same vein, many people use the names of theirpets, the year, and so on. When you know this information about someone youcan easily start to come up with some very likely guesses about what thepasswords might be and, while this might sound hopeless, don’t forget that acomputer can search through millions of passwords in just seconds.

So, what we are going to do now is imagine that all your passwords have beenhashed and a malicious hacker has stolen the list of hashes. You are thatmalicious hacker and you are going to use Hashcat to try and crack thepasswords. This is a great way to test out your home security and see wherethe weaknesses are in your passwords.How to Use Hashcat

First, you must generate those hashes.

1. Open WinMD52. Open the password.txt file you created – this must be in Notepad3. Input one of your passwords and save the file4. Now open it with WinMD55. You will see a small box which has the hash of the password in it Copy

that hash into the hashes.txt file6. Save it7. Now repeat this with all your passwords, making sure to put each hash

onto a new line in the hashes file8. Lastly, save a password called Password and put that hash as the last

line in the hashes fileI will just point out here that MD5 isn’t really the best format for hash storage– it is fast to compute and that makes brute force attacks much more likely tosucceed. But, for you, for the purposes of this exercise, this is a good thing

because you are going to be carrying out destructive testing. In a real scenarioof a password leak, passwords would be hashed using Scrypt or anothersecure hash function and these are slower to test out. With MD5, we aresimulating the use of a great deal more processing power and a lot more timethan we would normally have available.

Let’s continue.9. Ensure that your hashes.txt file has been properly saved and open

Windows PowerShell (just type PowerShell in the command bar)10. Go to the Hashcat folder (use cd. to go up a level, ls to list the files and

cd (name of file) to get into a file in the directory11. Type in ./hashcat-cli32.exe -hash-type=0 -attack-mode=8 hashes.txt

rockyou.txt

What you have done here is said that you want the Hashcat application to run,to put it to work on the MD5 hashes, use a mode of attack called “Prince” (anumber of strategies that will come up with variations on the words in the list)and then to try to break the entries in hashes.txt while using rockyou.txt as thedictionary. And breathe!

12. Press Enter and, when the EULA comes up, accept it and then let theprogram run.

Almost straightaway, you should see the hash for Password appear and thenyou just have to wait. If you have a fast computer, weak passwords will showup within a minute or so while mediocre to normal passwords will takeanything from a couple of hours to a couple of days. Strong passwords can takeforever.

Leave this to run as long as you want, at the very least leave it overnight orwhen you go out for the day. If you get to 24 hours and your password hasn’tshown up, it's most likely strong enough for most things BUT this is notguaranteed. Some hackers will have separate computers running this programfor days and weeks on end or they may be using a much more comprehensiveword list so, if you have even the slightest doubt about your password, changeit to a stronger one.Your Password Broke

Most likely, at least one of your passwords broke so how do you go aboutmaking a stronger one? One of the best and most popular of all the techniquesis pass-phrases. Open a book, any book, and then open it to a random page.Take the first adverb, noun, adjective or verb that you see and memories it.Now find another three or four. Put all four or five words together – no spaces,no numbers, no capital letters and no special characters. I will tell you whatnot to use – “correcthorsebatterystaple” has suddenly become a very popularpassword and is now included on most wordlists!

Believe it or not, even though these are just random words, they are far easierto remember as a password than a whole bunch of letters and numbers and waymore secure. Native English speakers can choose from a vocabulary of about20,000 words and that means four or five randomly chosen words from thoseresults in billions of combinations, well beyond the reach of any of the bruteforce attacks in use today.Of course, you always have the option of a password manager. These cangenerate passwords that are secure and whenever you need one and all youneed is one master password to unlock them. You do need a strong masterpassword and god help you if you forget it! This does give you another layer ofsecurity, though, should your hashes ever be leaked.

Chapter 5: Best Security PracticesNo antivirus program is perfect, not even the most expensive ones so if you arerelying on your software alone to protect you, you are putting yourself severelyat risk. There are common sense practices that everyone should follow to keeptheir data and their system safe from attack. There are way too many to listthem all but these are the most important ones for you to follow:

1. Use an Antivirus

You need one of these whether you like it or not. It doesn’t matter how carefulyou think you are, attacks come from all sorts of places. You might get infectedthrough the Adobe flash plugin, or through the web browser itself and, even ifyou keep the browser updated, there could be a brand-new vulnerability on aweb page, one that hasn’t yet been patched. While this isn’t likely to happenevery day, it will happen at some point and an antivirus program, always keptup to date, is an important protection barrier.

2. Use Malwarebytes

As well as your antivirus program, you should have Malwarebytes running aswell. That’s because the worst and most active threats come fromransomware, adware, spyware and all sorts of other wares. This is whereMalwarebytes gets to work. Not only does it provide protection to yourcomputer from this malware and it also cleans your computer up from anyinfections much better than any software you could buy. Malwarebytes workson both Windows and Mac and also includes Anti-Ransomware and Anti-Exploit features to keep your browser safe from a zero-day vulnerability. Thiscan stop “drive-by” attacks in their tracks. Best of all, it will run with yourantivirus, providing full protection

3. Don’t Disable UAC

When it was first introduced by Microsoft with Windows Vista, User AccountControl was considered to be a nuisance. However, now it is not so intrusiveand it is incredibly helpful in stopping malware from making changes to yoursystem without your permission. Like the antivirus software, it is a veryimportant protection layer.

4. Don’t Disable Your Firewall

Windows has its own built-in firewall so there is no need to get a third-partyone installed. What you do need to do is make sure the built-in firewall isenabled and is configured correctly. It is used to stop unsolicited connectionsfrom coming into your network. It also protects Windows and all the otherapplications and software you use from malware that is configured to exploitsystem services vulnerabilities that have not yet been patched.

In terms of configuration, when you are asked what type of network you areusing – Home, Work or Public – make sure you choose the right answer. Anexample – if you pick Home network and then use your tablet or laptop on theWi-Fi in your local café, any shared files you may have could be shared on thesame network, making them available to everyone on the café Wi-Fi. In thissituation, choose Public as this prevents anyone else from gaining access toresources that are shared.

5. Uninstall Java

It is fair to say that most people will be running a version of Java that is out ofdate and not secure. As such, just visiting a single web page could put you atrisk of infection. It is also fair to say that Java is not very secure, having beenfaced with risk after risk. The thing is, Java applets are so few and far betweenthese days you don’t even really need it on your computer!If you do have Java, head over to your control panel and uninstall it. If youneed it for something you will be prompted to reinstall it but, should you dothis, you must disable the Java plugin to protect yourself.

6. Update Your Software

Pretty much every piece of software in everyday use is full of security holesand these are always being found and patched by the software companies.Sadly, it is the release notes for these patches that give hackers and attackersthe information they need to come up with attacks on machines that haven’tbeen patched and, as such, you should install every security update as soon asit becomes available.The easiest way to do this is to have Windows set on Automatic Updates or, atthe very least, to alert you when there is a new update – then you should installit immediately. Browsers like Chrome, Edge, Explorer, and Firefox will allupdate automatically, as will Adobe Reader and Adobe Flash so these will

always be up to the minute.

7. Be Careful About What You Download and RunThis might seem like a bit of an obvious one but a good deal of the malware onWindows comes from the download and running of bad software, be it byaccident or design. You should only download and run programs fromtrustworthy sources – if necessary, go to the official website to get it. Don’tclick on banners on third-party sites because these, more often than not, containmalware and adware.

8. Avoid Pirated and Cracked SoftwareThis is a follow-on from the last point. When you use torrent sites, peer-to-peer networks and other shady places to download cracked or piratedsoftware, you are taking a huge risk. When you execute the .exe file from theseplaces, you are trusting that the distributor is not going to do anything harmful.Even worse, the cracks that are needed to make a piece of software workproperly are made by groups that specialize in software cracking and you haveno way of knowing whether there is anything malicious in there or not.

The download of unauthorized software carries a lot more risk than piratedsoftware or videos. Software is basically machine code that can be changedwhile videos are media files that either play or they won’t. Some unscrupulousindividuals will try disguising malware as a video to encourage those withlittle experience to run them, thus infecting their systems.

9. Beware of Phishing and Social EngineeringWe’ve all heard of phishing and most email providers and browsers will doall they can to protect you from it. However, sometimes things slip through thenet. Phishing is the internet equivalent of a person who calls you and claimsthey are from your bank, just needing to clarify your credit card details. Banksnever phone for this information and they will never email you to ask for theinformation either.

Be very careful when you disclose any personal information on the internet.Make sure you only do it through trustworthy sites – if you need to get to yourbank, go to their official website, not a link in an email – you don’t knowwhere that link is sending you

10. Don’t Reuse Passwords

This is a massive problem. The amount of people that use the same passwordfor everything are at risk – if just one website suffered a password leak, thehackers can get into everything that you do, gain access to all your accountsand all your personal information. Especially never use the same password foryour email, that one should always be different.Password leaks are happening more and more these days so, using a uniquepassword on every site you access cuts your risk to the minimum. You can usea password manager to help you here.

11. Use Secure PasswordsPassword managers can also help you with secure passwords, long ones thatcontain combinations of numbers, symbols, and letters. Password leaks showthat many people use simple passwords, like “12345” or “letmein”, even“password” to get into their sites. These are the most insecure passwords ever!

Chapter 6: Tools Ethical Hackers UseThere are loads of ethical hacking tools to choose from and these are some ofthe very best and are completely free:

1. Metasploit

Works on all the major platforms and is a suite of tools that you can customize.It is the most popular tool for locating vulnerabilities on different platformsand is backed up by more than 200,000 contributors and users. You cansimulate a real-world attack and find all the weakness in your system.

2. Acunetix WVS

Available for Windows XP and above, Acunetix is a Web VulnerabilityScanner that can find potentially fatal flaws in websites. It is a multi-threadedtool that can crawl a site and locate vulnerabilities such as SQL injection andCross-Site Scripting. It is easy to use, fast and works perfectly on WordPresssites. Acunetix has a built-in Login Sequence Recorder that lets you get intopassword protected parts of a website and, with AcuSensor technology, youcan cut the false positive rate significantly.

3. Wireshark

Wireshark used to be known as Ethereal and is also available as TShark, acommand-line version. It is a network protocol analyzer that runs easily on allmajor platforms, allowing you to capture and browse interactively withnetwork frame content. The idea behind the open-source project is to providefeatures that can’t be found in many closed-source sniffers and analyzers.

4. Nessus Vulnerability ScannerNessus works on all the major platforms and works by using a client-serverframework. It is, without a doubt one of the most popular of all thevulnerability scanners and has several different purposes – Home,Professional, Manager, and Cloud. With Nessus, you can scan loads ofdifferent vulnerabilities, including remote access flaw detections, Denial ofService against TCP/IP stack, misconfiguration alerts, malware detections,preparing PCI DSS audits, searching sensitive databases, and so on. And, ifyou want to launch a dictionary attack using Nessus, it will use an external and

very popular tool called Hydra. Nessus an also be used to scan hybridnetworks and multiple IPv4 and IPv6 networks. Scans can be scheduled at atime that suits you.

5. MaltegoMaltego works on Linus, Mac, and Windows and is open source. It is aforensics platform that allows for deep mining and gathering information,providing you with a complete picture of all the cyber threats that are aroundyou. It is one of the very best tools that shows off the severity and thecomplexity of weak points in your system and in the environment, thatsurrounds it. It is one of the best hacker tools that will provide an analysis ofreal-world links between companies, people, DNS names, domains, websites,documents, IP addresses and so on.

6. Social-Engineer ToolkitSocial-Engineer Toolkit works mainly on Linux but does have partial supporton Windows and Mac. This is one of the more advanced frameworks for thesimulation of a large number of social engineering attacks, such as phishing,harvesting of credentials, and so much more. Driven by Python, this is theindustry standard for carrying out social engineering penetration tests and willautomate attack, generating malicious websites, disguising emails and so on

To download it on Linux, you will need to go to the command line and type in

git clone https://github.com/trustedsec/social-engineer-toolkit/ set/7. Nessus Remote Security Scanner

Although this is still a free tool, it has now gone from open to closed source. Itworks with the use of a client-server network and is a remote security scanner,used by more than 70,000 organizations across the world. It has proven cost-savings in the audit of applications and devices that are critical to business,over and above any other vulnerability scanner available.

8. Kismet

This is an Intrusion Detection System, a sniffer, and an 802.11 layers wirelessnetwork detector, all rolled into one. It will work with any of the kismetwireless cards that have support for rfmon – raw monitoring – and it can sniff

traffic across 8.2.11g, 8.2.11b and 8.2.11a. Provided your wireless card hassupport for rfmon, this will work well

9. John The RipperAnother open source and free software tool, John the Ripper is primarilydistributed in the form of source code. It is a very popular tool for passwordcracking because it is a combination of several different crackers in one place.It can also detect the type of password hash automatically and has a built-incustomizable password cracker.

10. UnicornscanThis is a popular tool for information gathering and correlation as it is a User-Land Distributed TCP/IP stack. It provides you with a top-notch interface forthe stimulation of a device that is TCP/IP enabled and for measuring theresponse. This also works on TCP/IP networks. Features of Unicornscaninclude asynchronous stateless TCP banner grabbing, asynchronous TCPscanning, including all TPC flag variations and the identification ofapplications, components, and active or passive remote operating systems.

11. Netsparker

One of the easiest security scanners to use, Netsparker used the more advancedtechnology of Proof-Based vulnerability scanning on websites and includespenetration testing and a series of reporting tools built-in. It will automaticallyexploit any vulnerabilities that it finds in a safe, read-only environment andwill always give you proof of the exploitation

12. Burp Suite

Burp Suite is used for carrying out security testing on web applications and isan integrated platform. It contains a number of tools that all work together toprovide support for the testing process, starting with the mapping and analysisof the attack surface of a specific application, and ending with the discoveryand exploit of security vulnerariesThese tools are available for you to use right now so go ahead and try them outon your own system. I have provided a list of all the tools you need at the endof the book

ConclusionThank you again for downloading this book!

I hope this book was able to help you to understand better how to keep yoursystem secure by carrying out ethical hacking to see where the weaknesses lie.

The next step is to test out some of the other tools I have mentions, go a littledeeper and then make sure that you strengthen up any weakness or gaps that arefound. Not doing so can result in serious malware attacks and can shut yoursystem down completely, resulting in the loss of all your data.Finally, if you enjoyed this book, then I’d like to ask you for a favor, would yoube kind enough to leave a review for this book on Amazon? It’d be greatlyappreciated!

Click here to leave a review for this book on Amazon!Thank you and good luck!

References:

https://www.vistumbler.net/https://www.kismetwireless.net/

https://www.microsoft.com/en-gb/store/p/wifi-analyzer/9nblggh33n0nhttps://www.aircrack-ng.org/

http://tools.kali.org/wireless-attacks/reaver

https://sourceforge.net/projects/wifishfinder/https://digi.ninja/jasager/

http://www.dragoslungu.com/2007/07/01/new-windows-wifi-driver-enumerator-wifidenum/https://nmap.org/

http://www.oxid.it/cain.html

http://codebutler.com/firesheephttp://sectools.org/

https://hashcat.net/hashcat/

http://scrapmaker.com/view/dictionaries/rockyou.txthttp://www.winmd5.com/

https://www.metasploit.com/http://www.acunetix.com/vulnerability-scanner/

https://www.wireshark.org/

http://www.tenable.com/https://www.paterva.com/web7/

http://www.social-engineer.org/framework/se-tools/computer-based/social-engineer-toolkit-set/http://www.kismetwireless.net/download.shtml

http://www.openwall.com/john/

http://sectools.org/tool/unicornscan/https://www.netsparker.com/web-vulnerability-scanner/

https://portswigger.net/burp/