My first book on Ethical Hacking is now available in Lanpub and Amazon.
here are the Contents:
What is Ethical Hacking?
How You Can Use Many Tools?
The Legal Side
Basic Hacking Terms
Build Your Hacking Environment
What Is VirtualBox?
Install Kali Linux & Other Operating Systems in VB
Linux Terminals and Basic Functionalities
Should I Know Any Programming Language?
Protect Your Anonymity on Internet
2) Proxy Chains
4) All About Mac Address
This book is intended for complete programming beginners or general people who know nothing about any programming language but want to learn ethical hacking. Ethical Hacking, by no means, is associated with any kind of illegal electronic activities. They always stay within laws. This book is intended for those people – young and old – who are creative and curious and who want to develop a creative hobby or take up internet security profession acting as ethical hacker.
This book is not intended for any kind of malicious user. If you think that you can use this book for any malicious purpose then you are advised to read the chapter “Legal Side of Ethical Hacking”. I hope you won’t like the idea of ending up in jail by harming some other systems.
There are many people who already know more than me, or than everyone. This book is not for those wizards. If you are new to this beautiful world of computer or have little knowledge about any programming language, then this book is for you.
I would like to end this prologue with an image. This image depicts many things that I will later discuss in detail. It says, “The author is using “Ubuntu” Linux distribution as his default operating system. He has installed Virtual Box – a kind of virtual machine – that runs in Windows also. And in that Virtual Box he has installed two more operating systems. One is “Windows XP” and the other is “Kali Linux””.
The image also says, and that is very important, “Presently he is virtually running three Operating Systems in his desktop”.
Why it is necessary, you will learn in the coming chapters. Stay tuned.
(The virtual Box is running two operating systems. You can try any kind of experiment on this Virtual OS. That will not damage your main system.)
# Beginner’s FAQ
Q. Should I know any programming language as of now to learn the basic of ethical hacking?
A. No. You need not know any programming language at present. But if you are serious to take up Ethical Hacking as your profession or as a hobbyist you like to delve into the deep, then you must know one programming language. More you know it is always better.
Q. Which Programming Language should I know first?
A. You can start learning Python. This is not only easy to learn but it will also help you immensely in your learning process of Ethical Hacking.
Q. Besides learning any programming language what should I know?
A. You need to have knowledge about Networking and a few important Linux Commands. More you know about the total computer system is better and that will enhance your hacking skill.
Q. Is there any hacking software tool that requires no knowledge of programming language?
A. Yes, there are few such tools but as I have just said knowledge about programming language, networking and operating systems are prerequisites for being a good ethical hacker. To learn Ethical hacking you can start from zero but it is a good practice to learn other necessary things as you progress.
# Hacker versus Cracker
In general Hacker stands for creative and curious people. In that sense, every scientist, writer, painter is hacker. On the contrary a Cracker is a bad guy who wants to steal data by penetrating into a computer system.
A hacker wants to protect data. A cracker wants to steal data. At best you can say them malicious hacker with bad intention.
They are not same.
There are also some kinds of wrong images that are usually portrayed in films. In those films we see that a man sits before a computer and types in a lightening speed and the computer spits out tons of secret data.
In reality, a real ethical hacker or a security personal working as an ethical hacker wants to understand how the computer system works and tries to find out security vulnerabilities with the help of his tools.
In this book we show you few such techniques and tell about the tools that are frequently used to gather valuable data and attack computer system.
How fast you can type does sometime matters. The speed of keying varies from person to person. A good hacker who usually spends around ten to sixteen hours a day over his laptop can achieve a speed of keying 100 to 120 words per minute. To gain strength on their fingertips sometime they do push-ups using their finger tips. These are not legends. It happens.
You need to write the necessary codes or instruct a tool to perform some actions and you have to write it fast.
To summarize this section we can say, hackers are skillful and they use some specialized software tools. You will learn those skills and know about those software tools so that you can not only protect your machine but as a security personal acting as an ethical hacker you can also protect your client’s machine. As you progress you will come across many terms. One of them is penetration testing or in short pen testing. Many ethical hackers help other people by detecting security vulnerabilities in their system and assure some protection so that it is less prone to such attacks. They do so for profit. They are called pen-testers.
Staying within the law is always very important. You need to understand the state, country or international law before you venture out as an ethical hacker. We will cover this part in a more detail so that you will know what you can do and what you can’t do.
# Role of Ethical Hackers
It is a million dollar question. But before this question comes there are many other questions that are to be answered first.
Can you even ask yourself, why countries spend million of dollars for their defense budget? Why are there so many weapons around us? Some of them are state of the art and built by using most modern technology. Lots of money is spent on research of such technology that, at the end of the day, only produces weapons!
There is only one answer. Every country has liberty to protect them. These weapons are made for defense. They are not intended for attack.
Every country arranges mock fights inside their territory – sometime other friendly country also participates into that – just because they can try out some of the state of the art modern weapon.
Ethical Hackers play the same role. As an ethical hacker you will learn how to defend yourself. To defend yourself sometime you need to attack your enemy. But it is a part of your defense system. It is a part of your defense strategy. More you know about your enemy’s strategy, more you can defend yourself. You need to learn those tools are frequently used by the malicious hackers or crackers. They use the same tool that you use to defend yourself.
# Legal Side
As time goes by and we progress our old world is also changing very fast. It has not been like before when we keep records by entering data into a big Log-Book and stack them one by one date wise. Now we keep data in computer. We don’t anymore go to market for buying anything. We order them over the internet and payment is made by using credit or debit card. The nature of crime has also changed accordingly.
Criminals used to snatch your data physically before. They now snatch it over the internet using computers. Now computers have become a new tool for business as well as for traditional crimes also. On the basis of which a term “CYBERLAW” comes into the fore. The first and most basic thing you should remember is “don’t try to penetrate or tamper any other system without taking permission.” You may ask how I would experiment my knowledge. The answer is Virtual Box. In your virtual machine you may install as many operating systems as you want. Try everything on them. Trying any virus on your virtual machine will not affect your main system. At the same time you will keep learning about the virus.
Few examples may give you an idea what type of computer crimes are punishable in our legal system.
If you use any software tool to generate credit card or debit card number then it is a highly punishable offense. It will invite fine of fifty thousand dollar and fifteen years of imprisonment. Setting up a bogus web site to take credit card numbers with a false promise of selling non-existent products is highly punishable offense. Rigorous imprisonment and a hefty fine follow. I can give you several other examples that may invite troubles for you if you don’t stay within law.
Remember you are an ethical hacker and you are learning hacking tools for protecting your system. For the sake of protection and defense you need to know the attack, exploit or penetration methods.
Try your every single experiment on your virtual machine.
# Color of Hats
Hackers can be divided into three categories. White Hat stands for good guys or ethical hackers who use their hacking skill for defensive purpose. Black Hat means bad guys or malicious hackers or crackers who use their knowledge to steal data attacking system for malicious and illegal purposes. Gray Hat stands for good and bad guys both. It depends on situation.
## White Hat
A White Hat is an ethical hacker who helps others to find weaknesses in their system and help them to set up necessary safety methods to protect data. They always ask permission of the data owner before they pen-test their systems. It is mandatory that prior to any kind of system check up you need to seek permission. White Hats always stay within laws and never indulge in any kind of illegal activities. Nor they perpetrate them.
## Black Hat
People often can’t differentiate between hacker and cracker. A Black Hat or a cracker is essentially a hacker but he does everything with malicious intentions. He steals data, breaks into the system and blocks the path of the remote system so that general users are denied the services that are usually intended for them. They use the same hacking tools that are frequently used by the ethical hackers and sometimes they create their own malicious codes with the help of that software tools.
## Gray Hat
You can imagine a thin dividing line between White Hat and Black Hat. They are Gray Hats. They can use their knowledge for defensive or offensive purposes. It depends on the situation. The term “Gray” means many things. You need to know it in detail.
Sometimes the self proclaimed ethical hackers penetrate into a system and they do that not with bad intention but just to satisfy their own curiosity and while doing so they think that they are doing a favor to the owner of the data. They normally break into the system and let the data owner make aware about the security holes.
You may consider a real world example. It is something like breaking the locking system of the door of your neighbor in his absence and telling her later about the security vulnerabilities of her locking system. The question obviously revolves around the legality. You may have done it with a good intention to help her voluntarily so that she would stay more secured. But at the end of the day it is illegal and she may not take it kindly and you may end up at jail.
It happens with many young, immature ethical hackers who voluntarily find out security holes into the system of a reputed company and actually try to help them with a detail report but later they are held guilty in the eyes of legal system.
## Does the Colour Matter?
It is always better to ask the data owner before you want to any kind of penetration testing. Remember, your voluntary services are not welcome and may land you up in trouble. If you know the job your service will definitely be solicited.
The documentation is important here. That is exactly what the ethical hackers make when they are asked to identify the security vulnerability that poses threats to the system. With screen shots and log files they prepare detail documentation of how the security of the system has been breached. Depending on that report security protections are taken around the sensitive data.
# What Hackers Want to Do?
Whether you are an ethical hacker or a malicious cracker, you do the same thing. You use the identical software tools to attack the security system. Only your purpose or intention differs.
Probably you know that a big car company before launching a new model of car generally tests the locking system. They have their own security engineers and besides they call for the locking experts to test the vulnerability. They pay a good amount of money if you can break the locking system of the car. Basically it is a work of “PENTESTING”. The locking experts PENTESTS the system and see if there is any weakness in the system.
It is good example of ethical hacking. The locking experts are invited to do the job and they are paid well. On the contrary car thieves do the same job without any invitation. They simply break the locking system of an unattended car parked on the road side and take it away. I hope by now you have understood the difference between ethical hacking and cracking.
Your main intention centers on the security of the system. Security consists of four key components. As the book progresses you will increasingly be finding words like “PENTESTING”, “EXPLOIT”, “PENETRATION”, “BREAK IN THE SYSTEM”, “COMPROMISE THE ROUTER” etcetera. The four key components mentioned below mainly deal with these terms. The key components are:
We will see how crackers want to attack these components to gain access to the system. Since a hacker’s main goal is to exploit the vulnerabilities of the system so he wants to see if there is any weakness in these core components.
Let us assume the hacker wants to block the availability of the data. In that case he will use the “Denial of Attack” or ‘DoS’ method. To do this attack usually hackers use system’s resource or bandwidth. But DoS has many other forms. When the resource or bandwidth of your system is eaten up completely, the server usually crashes. The final target is one system but the number of victims is plenty. It is something like millions of people gather in front your house main door and jam it with a kind of human chain so that you and your family members can not enter into it.
The second key component Integrity should not be compromised at any cost. What does this term “integrity” mean? It’s basically centered on the nature of data. When this nature of data is tampered with some kind of ‘BIT-FLIPPING’ attacks, the integrity of the system is also compromised. It can be done just by changing the message itself. The data may either be in the move or at rest, but it can be changed. Imagine what happens when a transaction of money is tampered with the addition of few more zeroes at the end! Let us assume a bank is transferring money. In its instruction it is written: “transfer $10, 000”. Now the attacker changes the cryptic text in such a manner so that the amount changes to $10, 000000. So the attack is intended for the message itself or a series of messages.
The issue of authentication is normally handled by the Media Access Control (MAC) filtering. If it is properly placed the network does not allow unauthorized device. What happens if someone spoofs the MAC Address of a legitimate network station and takes it off? He can take on the station’s identity and control it. This is called authentication attack or MAC Address spoofing.
Finally the issue of confidentiality rises above all. Data travel in clear text across the trusted network. Here data mean information. The information theft like cracking someone’s password is confidentiality attack. The data or information is intended for someone but instead of the recipient the hacker gains the access. Actually the cracker steals it when the data is moving across the trusted network as clear text.
# Working Environment
The very first thing that you need is a Virtual Machine. As I said before I have “UBUNTU” as my default operating system and inside virtual machine I have installed two operating systems – one is Windows XP and the other is Kali Linux.
Technically from now on I would mention Windows XP and Kali Linux as my virtual machines. Kali Linux is a Linux distribution that comes up with many useful hacking tools. So I strongly suggest using it as your virtual machine. You may also read the documentation page of kali Linux that will also come to your immense help.
At the same time I’d not suggest using Windows of any kind for the ethical hacking purpose. Some may argue that few hacking tools can be used in Windows so why you are suggesting otherwise? The point is: in the ethical hacking world you need to be anonymous all the time. You won’t want to keep your trail anyway so that you can be traced back. Remaining anonymous is a big challenge. In Linux it is fairly easy and you can stay anonymous for a time being.
Keeping that in mind I explain that technique of being anonymous in a great detail so that before jumping up into the big task you make your defense much stronger. Being anonymous is the most primary thing in the world of ethical hacking. Keeping yourself anonymous in Windows is not possible. So it is better to adapt to the Linux environment very first. Another important thing is most of the great hacking tools are not available in the Windows environment.
If you have never heard of any Linux distribution, don’t worry. You can either install user friendly “UBUNTU” inside your Windows system or you can easily partition your disk into two parts and install “UBUNTU” and Windows separately as your two default Operating Systems. It is preferable doing the second one. Installing and uninstalling parallel operating systems always teach you something new. If you are habituated with Windows I won’t tell you to simply dump it for the sake of learning ethical hacking. You can keep it beside and use it for your daily works. There is no problem in doing this.
In the world of Internet Linux is more used. So you need to learn a little bit of Linux commands. Software installation in Linux is slightly different from Windows environments. There are Linux distributions like “FEDORA” or “DEBIAN” and many more. I named “UBUNTU” just because it is extremely popular and Windows users find themselves comfortable inside it. The operations are more or less same including the software installations. For the beginners it is not desirable to install “KALI LINUX” as your default OS. You must read Kali documentation where it is clearly stated that Kali is more for developers. You are going to install it inside your Virtual Box. Kali Linux is a kind of Linux distribution that comes with lot of hacking tools. You need to know them and use them in the course of ethical hacking.
Installing Virtual Machine is a very important step as the first step of building your environment. In the next chapter I will show you how you can do that for different Operating Systems. Another important thing is learning a programming language that will really help you learn Ethical Hacking better.
The obvious choice is Python. At the time of writing of this book, Python 3.x has already come and considered as the future of this language it is very fast catching up with the old Python 2.x version which has been around the market for a while. The official Python download page provides the repository of Python installers for Windows, Mac OS X and Linux operating systems. If you download an installer it is of immense help because it comes with the Python interpreter, standard library and standard modules. The standard library and built in modules are specifically very important because they offer you several useful capabilities that will help you achieve your goal as an Ethical Hacker. Among the useful modules you will get cryptographic services, Internet data handling, interaction with IP Protocols, and interoperability with the operating system and many more. So go ahead, pick up any good beginner’s book on Python, read the official documentation and think that it is a part of your learning schedule. Python is an extremely easy language to learn.
To create an ideal ethical hacker’s environment few steps are extremely important. The steps include: installing Virtual Machine or Virtual Box (VB), having a basic knowledge about networking and learning a useful programming language like Python. Let us first have a look at the basic networking knowledge.
# Ethical Hacking and Internetworking
A basic knowledge about Internetworking is extremely important if you want to learn ethical hacking. As you progress and want to go deeper it is advisable to learn more about networking. Ethical hacking and internetworking is very closely associated. As you progress through this book you will find words like “packet”, “switch”, “router”, “modem”, “TCP/IP”, “OSI” and many more.
The very first thing you need to know is: data travel through many layers. Ethical hackers try to understand these layers. Once they have understood the movement they either want to track and block the data or they want to retrieve data.
In this chapter we would very briefly see how internetworking models work. We will look into the different types of networking models. We will also know about the devices that comprise a network.