HACKING

Beginner's Guide to Computer

Hacking. Learn to Protect Your
System
Introduction
I want to thank you and congratulate you for reading my book, “HACKING;
Beginner's Guide to Computer Hacking. Learn to Protect Your System”.
This book contains proven steps and strategies on protecting your own system
from outside attack and to do that, you must learn to think like a hacker.
So many people believe that a hacker must have extraordinary knowledge and
skills to be able to do what they do but, in all honesty, all you need to be able
to do is understand the way that a computer system and network works and
which tools to use to find the weaknesses. I am going to show you the basic
techniques and tools that you can use to hack your own system, just to see how
secure it really is. By doing that, you can start working on making it more
secure and defend your own network against attack.
Thanks again for reading this book, I hope you enjoy it!
Copyright 2014 by ______________________ - All rights reserved.
This document is geared towards providing exact and reliable information in
regards to the topic and issue covered. The publication is sold with the idea
that the publisher is not required to render accounting, officially permitted, or
otherwise, qualified services. If advice is necessary, legal or professional, a
practiced individual in the profession should be ordered.
- From a Declaration of Principles which was accepted and approved equally
by a Committee of the American Bar Association and a Committee of
Publishers and Associations.
In no way is it legal to reproduce, duplicate, or transmit any part of this
document in either electronic means or in printed format. Recording of this
publication is strictly prohibited and any storage of this document is not
allowed unless with written permission from the publisher. All rights reserved.
The information provided herein is stated to be truthful and consistent, in that
any liability, in terms of inattention or otherwise, by any usage or abuse of any
policies, processes, or directions contained within is the solitary and utter
responsibility of the recipient reader. Under no circumstances will any legal
responsibility or blame be held against the publisher for any reparation,
damages, or monetary loss due to the information herein, either directly or
indirectly.
Respective authors own all copyrights not held by the publisher.
The information herein is offered for informational purposes solely, and is
universal as so. The presentation of the information is without contract or any
type of guarantee assurance.
The trademarks that are used are without any consent, and the publication of
the trademark is without permission or backing by the trademark owner. All
trademarks and brands within this book are for clarifying purposes only and
are the owned by the owners themselves, not affiliated with this document.
Contents
HACKER
Beginner's Guide to Computer Hacking. Learn to Protect Your System
Introduction
Chapter 1: The 5 Phases of Ethical Hacking
Chapter 2: Network Security
Chapter 3: Launching a Penetration Test
Chapter 4: Password Cracking
Chapter 5: Best Security Practices
Chapter 6: Tools Ethical Hackers Use
Conclusion
References
Chapter 1: The 5 Phases of Ethical Hacking
Before you can even begin to start hacking your own system, you should
understand the 5 phases of ethical hacking. Ethical hackers aren’t so different
from malicious hackers in the tools and methods that they use to gain entry into
a network or system. The difference lies in their intentions.
Phase 1: Passive and Active Reconnaissance
Passive reconnaissance is the act of gathering up information without your
target knowing what you are doing and most of this is done from your chair in
front of your computer.
When you look for information, you generally run a search on the internet to
start with and it's surprising just how much information you can gather in this
way. Another means of passive reconnaissance is network sniffing and this can
give you quite a bit of information in terms of naming conventions, IP address
ranges, hidden networks, hidden servers and lots of other information about
what is on that network.
Network sniffing is a method by which a hacker watches data flow to see when
specific transactions happen and where the traffic is heading. This is a
common method used by ethical hackers and the tools are dead easy to use.
Later I’ll tell you which tools you can use and provide you with links to get
more information on them. In a nutshell, though, sniffers let you see all data
that is transmitted via a network, and that includes username and password
combos and loads of other sensitive data – all stuff you thought was secure on
your system!
Active reconnaissance is all about network probing and this lets you see IP
addresses, individual hosts, and network services. There is a higher risk of
detection with active reconnaissance, more so than with passive methods and
this is occasionally called “rattling the door knobs”. It can give you a rough
idea of what security measures are in use but there is a high risk that you will
be caught or that, at the very least, suspicion will be raised Many of the tools
that are used for active reconnaissance can easily be tracked back to the
computer they are being run from and this increases the likelihood of detection.
Both active and passive reconnaissance can help you to discover some useful
information and in terms of your own network security, you’ll find out just how
weak your security really is. Think of it this way – you can have as many locks,
deadbolts, and chains on your front door as you like but all of them are useless
if you leave the window wide open!
Phase 2: Scanning
Scanning is the act of taking the information that you found during your
reconnaissance and using it as a way of examining the network. The tools that
you can use to scan include:
Port scanners
Dialers
ICMP – Internet Control Message Protocol – scanners
Network mappers
Ping sweeps
SNMP – Simple Network Management Protocol – sweepers
Vulnerability scanners
The information that you are looking for during the scan is anything that can
help you to carry out an attack on a specific target, although, for the purposes
of this book, you are trying to find the information that another hacker will find
to see where the security gaps are:
Operating system
Computer name
Software that may be installed
User accounts
IP addresses
If, during your hack on your own system, you find any of these, you will know
where your weaknesses are.
Phase 3: Getting Access
This is where the fun begins, where the proper hacking happens. All the
vulnerabilities that you found in the first two phases can now be exploited,
giving you access to the system you are targeting. There are several ways to
attack:
Wired or wireless LAN – Local Area Network
 Local access to the system
Internet
Offline
Examples of hacking attacks include Denial of Service, Stack-based buffer
overflows and session hijacking. Getting access is called Owning the System
because, once you are in, you have complete control and can do whatever you
wish.
Phase 4: Maintaining Your Access
Getting in is one thing; staying in is quite another. You want to be able to stay
in the system for as long as you possibly can to maximize the potential for more
exploitation. Sometimes, a hacker will harden the system so that other hackers
and security staff can’t get in – they do this by putting backdoors in, using
Trojans or rootkits. Once that system is yours you can launch other attacks from
it and, in this case, the system would be termed as a “zombie “system.
Phase 5: Covering Your Tracks
The last thing a hacker does is covers their tracks so that they can’t be detected
and can continue using the system. They will also do this to avoid legal action
and to get rid of all traces of hacking. They will remove IDS (Intrusion
Detection Systems) and log files to hide their tracks in a bid to stay there for as
long as they can.
Now you have an idea of the process used by a hacker, you can start to look at
your own system and, in the following chapters, we’ll look in depth at how you
can hack and protect your own network and computer.
Chapter 2: Network Security
The first place to start is with network security and when you can hack into
your own system, you can spot vulnerabilities in the Wi-Fi network and work
out how to protect your system against them. We’re going to look at some of the
free, and almost free, tools that you can use for a penetration test and this will
help you to find weak passwords, rogue access points, and their security holes,
giving you the chance to patch them up before someone else finds them.
Sniffing and Stumbling
This might sound like someone who is a bit high or a bit drunk but these are
two common methods for determining access points and everything you need to
know about them. The details you might want to know are the media access
control address, the type of security and the signal. You will likely come
across access points that have weak WEP (Wired Equivalent Privacy) security,
a very easy place for hackers to crack. You may even discover rogue access
points that have been set up by others to open your network. Stumblers will
easily find any access points that have been set up with non-broadcast SSID
names or hidden names.
Sniffers will capture raw packets of data sent over your network and these data
packets can be imported into another tool, which you can use to crack the
encryption. You can also look for website and email passwords that are sent in
plain-text format.
Here are some of the best sniffers and stumblers for you to use:
Vistumbler
An open-source application for Windows, this will display the basic details
about the access points, including the exact methods used for encryption and
authentications. It can also speak to the RSSI and the SSID. You will get graphs
showing signal levels and, as well as being easy to use, it is flexible in
configuration and you can customize it. Detect rogue access points and use
GPS logging and tracking with Google Earth.
Kismet
Another open-source application, Kismet is a packet sniffer, Wi-Fi stumbler,
and an Intrusion Detection System, compatible with Windows, Linux, Mac, and
BSD. You will see access point details that include the SSID names of any
hidden networks and you can capture packet data and import them into tools
such as TCPdump and Wireshark.
Wi-Fi Analyzer
Wi-Fi analyzer works on Windows and Android devices, helping you to find
access points on your desktop or mobile. It gives you basic information about
those access points on a 2.4 GHz network and for some supported devices on a
5 GHz network. The access point list can be exported and you get graphs that
show signals by usage rating, history, and channel as well as a signal meter that
helps you to locate access points.
Cracking – WEP Key and WPA/WPA2 Personal
There are plenty of tools that you can use to crack open Wi-Fi encryption and
they all either look for and use weaknesses in WEP or use brute-force
dictionary attacks on WPA/WPA2 Personal and this is why you should never
set your security levels as WEP.
The most secure form of Wi-Fi security is WPA2 with AES/CCMP
encryptions. If you choose to make use of the Personal or Pre-Shared Key
mode (PSK), ensure that your password is at least 13 characters long and
contains a mixture of numbers, lower and uppercase letters and ASCII
characters. The following tool will help you to find any encryption weaknesses
on your system and to test out your passwords:
Aircrack-ng
This is a suite of open-source tools that are used to perform cracking on WEP
and WPA/WPA2-Personal keys. It runs on Windows, Linux, Mac and Open
BSD and can be used as a way of capturing data packets, to inject and to
replay traffic and, once sufficient packets have been obtained, to find and
reveal encryption keys.
WPS PIN Cracking
If you use a wireless router rather than or as well as access points, there is one
vulnerability that you need to be aware of. It revolves around WPS – Wi-Fi
Protected Setup – that is found on almost every wireless router and is
generally activated when WPA/WPA2 Personal security is activated.
Connection to the router is done via a WPS PIN and this can be cracked
incredibly quickly. This is the best tool for you to use to test out your router
against this weakness.
Reaver
This is Linux program that will perform a brute-force attack on your wireless
router to see if it can reveal the WPS PIN and the WPA/WPA2 PSK. Usually, it
will be successful within 4 to 10 hours and will give you some advice on what
to do
Evil Twin APs and Wi-Fi Honey Pots
One of the techniques used by Wi-Fi hackers to get an unsuspecting target to
connect to them is to set up a fake access point. These are otherwise known as
Evil Twins or Wireless Honey Pots. Once a connection is made to the fake
point, the hacker is then able to capture FTP connections or email, even file
shares. They can also make use of a spoofed DNS or a captive portal to
display fake websites that mirror genuine login pages and these are used to
gain the login credentials of the target.
These are some of the best tools to use to locate vulnerable wireless clients
that may be on your network:
WiFish Finder
This is an open source Linux program that is used to capture traffic on a Wi-Fi
network and also carries out active probing to identify clients that are
vulnerable to an attack, such as honey pots, evils twins or MiTM (Man in The
Middle) attacks. WiFish builds up a network name list; these are the names that
probe requests are being sent for and it will also determine the type of security
on that network, allowing you to identify for any clients that are probing for
networks that are not encrypted. Unencrypted networks are prime targets for
honey pots, MiTM or evil twin attacks.
Jasager
This is another firmware based on Linux and it offers a suite of tools that can
identify wireless clients that are vulnerable. However, it can also perform
honey pot or evil twin attacks. It runs on Pineapple or FON routers and is able
to create soft access points that are set up with the SSID that wireless adaptors
are searching for. It will run a DNS, DHCP and HTTP server so that it can be
connected to and the HTTP server will the redirect any requests to a website.
It is also able to capture and display FTP, clear-text POP or HTTP logins that
are performed by the target.
Wireless Driver Vulnerabilities
The following is the best tool to use to find vulnerabilities in specific drivers
for Wi-Fi routers and wireless adapters, thus alerting you to potential points of
entry:
WiFiDEnum
WiFiDEnum is a Wi-Fi Driver Emulator and is a windows program that can
help to find any Wi-Fi drivers that may be vulnerable to exploit attacks. It
wills can the network, collect details about any adaptor drivers and identify
where the weaknesses lay.
General Network Attacks
Lastly, we can look at a few tools that you can use to demonstrate attacks that
have long been carried out on wired networks and can also be done on Wi-Fi
networks, as well as demonstrating eavesdropping:
NMap
Otherwise known as Network Mapper, it is an open source TCP/IP scanner
that is used to identify clients and hosts that are on the network. It will tell you
what operating system is being used, what services are on offer or being used
and what sort of firewalls or packet filters are being used, along with much
more information. You can use this to scan for ports and hosts that are not
secure and vulnerable to hacking.
Cain and Abel
Cain and Abel is one of the most popular password crackers, password
recovery and sniffer tools for the Windows operating system. You can use it to
determine any clear text passwords that may be being sent across the network,
giving you the opportunity to fix the problem.
FireSheep
This is an add-on for Firefox that will perform something called side jacking,
or HTTP session hijacking. It is used to monitor a network for any logins that
come from users on websites that don’t use full SSL encryption when they
exchange login cookies. As soon as the cookie has been detected, it provides a
shortcut to the fully protected website, allowing an attacker access without
having to log in.
Chapter 3: Launching a Penetration Test
Penetration testing is not just for the big businesses; you can easily do it on
your own home computer to determine if there are any vulnerabilities that can
be exploited. The way to do this is to put yourself in the shoes of a hacker,
imagine that you are trying to hack into a system and use the same tools that
malicious hackers use but for ethical purposes.
How to Get Started with Penetration Testing
How you get started is going to depend on just how technical you intend on
getting. If you are not particularly technically minded, there are ways you that
you can carry out a homemade penetration test on your home system.
First, if you have a friend that is technically minded, get them to help you. If
you don’t know anyone, just grab your nearest, most-trusted mate, someone
with no technical knowledge, and ask them to run some tests on your system.
The first test is to try and access your system by guessing what you have used
as a password. If you already told them what your password is, you’ll need to
change it for the purposes of this test. Because your friend knows you, they are
likely to start trying words that would be associated with you or some of the
more common passwords.
It isn’t going to work because you know how to create a really strong
password, don’t you? If they do manage to crack it, you are going to need to
change it straight away – clearly, it is far too easy to guess.
Next, ask them to log in to your Wi-Fi network. Again, this should have a
password to protect it and it should be a strong one; no matter how well they
know you, they should not be able to get past your password.
Remember, your friend should not be a security professional and they should
not be a hacker – if they can access your system then anyone can get in.
The next step is to check out the passwords you use on every site you access.
Are you using the same password for several sites? If you do, you are going to
have to change them, no matter how strong your password is. If a hacker can
get your password from one site, then it’s only a short hop to accessing every
site you use.
Lastly, check out your anti-virus software. Make sure they are up to date, along
with your firewall and security patches. Making sure everything is up to date,
along with using common sense, you should be able to protect yourself from
the vast majority of attacks that you may come across.
If you are more of a technical user and can handle technical situations, there
are quite a few tools that you can use to carry out a fuller penetration test on
your system. Even better, many of the professional penetration testing tools are
open source and that means free to use.
Head over to sectools.org where you will find a whole host of tools that, used
properly, can help you to carry out a penetration test on your system to ensure
that it is secure from external attacks.
Chapter 4: Password Cracking
Is your password truly secure? You may think it is and we’ve all heard the
advice about what you shouldn’t use as a password. There are loads of tools
that say they can assess just how secure your password is but these are rarely,
if ever, that accurate. There is only one way to truly test the strength of your
password and that is to attempt to break them.
In this chapter, we are going to look at a popular tool that is used by genuine
hackers to crack passwords and I’m going to show you how to use it on your
passwords. If your passwords fail, we’ll look at how to pick stronger ones.
Setting Hashcat Up
Hashcat is the name of the tool we are going to look at. Officially, it is meant
for the recovery of passwords but it is, more often than not, used as a way of
cracking passwords that have been stolen from servers that aren’t perhaps the
most secure. This makes it a great tool for testing out your own password
security.
1. First, download Hashcat – you can get it from hashcat.net
2. Now extract the files and save them in your downloads folder
The next step is to get some more data for the tool. We need a word list, a large
database that contains passwords and this is what Hashcat will use as its
starting point.
3. Download rockyou.txt and save it to the Hashcat folder – do make sure
it retains the name “rockyou.txt”
Next, we have to generate some hashes and to do that we need to use WinMD.
This is freeware tool that uses little in the way of resources and it will hash
certain files.
4. Download WinMD5
5. Unzip the file and save it to the Hashcat directory
6. Create two new files – password.txt and hashes.txt and save both to the
Hashcat directory
That completes the setup of Hashcat.
A Little History Lesson
Before you actually go ahead and use Hashcat, let’s look a little into how
passwords get broken and how we arrived at this point. Way back in time, long
ago in the history of computer science, passwords used to be stored by a
website in plain text. That kind of makes sense – that website has to verify that
the right password has been used. The most obvious way of doing that is to
maintain copies of all the passwords, perhaps in a file, and then check inputs
against what you have stored. That sounds easy, right?
Sadly, it was the biggest disaster in computer history. Hackers could use
devious methods of getting access to the server and would then make off with
the list of passwords. They could then log in to each account and do significant
amounts of damage, especially if the website were a financial one, like online
banking. As the security researchers recovered from what was clearly a
massive disaster, they decided that things needed to be done in a different way
and that is where hashing came in.
For those who need a refresher or who don’t know what they are, hash
functions are codes that take a small bit of information and mix it all up in a
mathematical way, so that it is nothing more than fixed length gibberish. We
call this hashing data and what is really cool about is that these hashes can only
go in one direction. While it may be easy to take some information and work
out what its unique hash is, it isn’t very easy to take the hash and work out
where it was generated. In fact, if you were using random passwords, you
would need to try every combination you could think of, and a few more
besides, and that is pretty much impossible.
So, you may have figured out that hashes have got some useful properties when
it comes to password applications. Instead of just storing a password, you will
store the hash of that password instead and, when you need to verify a
password, you would hash it, then delete the original and check it against all
the hashes on your list. Hash functions will all provide the same result so you
can verify that the correct password has been submitted. Crucially, the plain
text passwords will never be stored on a server and that means they can never
be stolen by hackers – all they will get is hashes, which are useless to them. In
response, hackers have spent a lot of time and effort trying to find ways to
reverse hashes.
How Hashcat Works
There are several things that the hackers came up with and one of them is the
way that Hashcat works. This is the most robust method because it notices that
users tend to be very unimaginative and use the same kinds of passwords.
For example, many passwords are made up of a couple of English words,
maybe a number or two and a few random capitalizations thrown in for good
measure. Some are more popular than others, such as “password” your
username, “Hello”, etc. In the same vein, many people use the names of their
pets, the year, and so on. When you know this information about someone you
can easily start to come up with some very likely guesses about what the
passwords might be and, while this might sound hopeless, don’t forget that a
computer can search through millions of passwords in just seconds.
So, what we are going to do now is imagine that all your passwords have been
hashed and a malicious hacker has stolen the list of hashes. You are that
malicious hacker and you are going to use Hashcat to try and crack the
passwords. This is a great way to test out your home security and see where
the weaknesses are in your passwords.
How to Use Hashcat
First, you must generate those hashes.
1. Open WinMD5
2. Open the password.txt file you created – this must be in Notepad
3. Input one of your passwords and save the file
4. Now open it with WinMD5
5. You will see a small box which has the hash of the password in it Copy
that hash into the hashes.txt file
6. Save it
7. Now repeat this with all your passwords, making sure to put each hash
onto a new line in the hashes file
8. Lastly, save a password called Password and put that hash as the last
line in the hashes file
I will just point out here that MD5 isn’t really the best format for hash storage
– it is fast to compute and that makes brute force attacks much more likely to
succeed. But, for you, for the purposes of this exercise, this is a good thing
because you are going to be carrying out destructive testing. In a real scenario
of a password leak, passwords would be hashed using Scrypt or another
secure hash function and these are slower to test out. With MD5, we are
simulating the use of a great deal more processing power and a lot more time
than we would normally have available.
Let’s continue.
9. Ensure that your hashes.txt file has been properly saved and open
Windows PowerShell (just type PowerShell in the command bar)
10. Go to the Hashcat folder (use cd. to go up a level, ls to list the files and
cd (name of file) to get into a file in the directory
11. Type in ./hashcat-cli32.exe -hash-type=0 -attack-mode=8 hashes.txt
rockyou.txt
What you have done here is said that you want the Hashcat application to run,
to put it to work on the MD5 hashes, use a mode of attack called “Prince” (a
number of strategies that will come up with variations on the words in the list)
and then to try to break the entries in hashes.txt while using rockyou.txt as the
dictionary. And breathe!
12. Press Enter and, when the EULA comes up, accept it and then let the
program run.
Almost straightaway, you should see the hash for Password appear and then
you just have to wait. If you have a fast computer, weak passwords will show
up within a minute or so while mediocre to normal passwords will take
anything from a couple of hours to a couple of days. Strong passwords can take
forever.
Leave this to run as long as you want, at the very least leave it overnight or
when you go out for the day. If you get to 24 hours and your password hasn’t
shown up, it's most likely strong enough for most things BUT this is not
guaranteed. Some hackers will have separate computers running this program
for days and weeks on end or they may be using a much more comprehensive
word list so, if you have even the slightest doubt about your password, change
it to a stronger one.
Your Password Broke
Most likely, at least one of your passwords broke so how do you go about
making a stronger one? One of the best and most popular of all the techniques
is pass-phrases. Open a book, any book, and then open it to a random page.
Take the first adverb, noun, adjective or verb that you see and memories it.
Now find another three or four. Put all four or five words together – no spaces,
no numbers, no capital letters and no special characters. I will tell you what
not to use – “correcthorsebatterystaple” has suddenly become a very popular
password and is now included on most wordlists!
Believe it or not, even though these are just random words, they are far easier
to remember as a password than a whole bunch of letters and numbers and way
more secure. Native English speakers can choose from a vocabulary of about
20,000 words and that means four or five randomly chosen words from those
results in billions of combinations, well beyond the reach of any of the brute
force attacks in use today.
Of course, you always have the option of a password manager. These can
generate passwords that are secure and whenever you need one and all you
need is one master password to unlock them. You do need a strong master
password and god help you if you forget it! This does give you another layer of
security, though, should your hashes ever be leaked.
Chapter 5: Best Security Practices
No antivirus program is perfect, not even the most expensive ones so if you are
relying on your software alone to protect you, you are putting yourself severely
at risk. There are common sense practices that everyone should follow to keep
their data and their system safe from attack. There are way too many to list
them all but these are the most important ones for you to follow:
1. Use an Antivirus
You need one of these whether you like it or not. It doesn’t matter how careful
you think you are, attacks come from all sorts of places. You might get infected
through the Adobe flash plugin, or through the web browser itself and, even if
you keep the browser updated, there could be a brand-new vulnerability on a
web page, one that hasn’t yet been patched. While this isn’t likely to happen
every day, it will happen at some point and an antivirus program, always kept
up to date, is an important protection barrier.
2. Use Malwarebytes
As well as your antivirus program, you should have Malwarebytes running as
well. That’s because the worst and most active threats come from
ransomware, adware, spyware and all sorts of other wares. This is where
Malwarebytes gets to work. Not only does it provide protection to your
computer from this malware and it also cleans your computer up from any
infections much better than any software you could buy. Malwarebytes works
on both Windows and Mac and also includes Anti-Ransomware and Anti-
Exploit features to keep your browser safe from a zero-day vulnerability. This
can stop “drive-by” attacks in their tracks. Best of all, it will run with your
antivirus, providing full protection
3. Don’t Disable UAC
When it was first introduced by Microsoft with Windows Vista, User Account
Control was considered to be a nuisance. However, now it is not so intrusive
and it is incredibly helpful in stopping malware from making changes to your
system without your permission. Like the antivirus software, it is a very
important protection layer.
4. Don’t Disable Your Firewall
Windows has its own built-in firewall so there is no need to get a third-party
one installed. What you do need to do is make sure the built-in firewall is
enabled and is configured correctly. It is used to stop unsolicited connections
from coming into your network. It also protects Windows and all the other
applications and software you use from malware that is configured to exploit
system services vulnerabilities that have not yet been patched.
In terms of configuration, when you are asked what type of network you are
using – Home, Work or Public – make sure you choose the right answer. An
example – if you pick Home network and then use your tablet or laptop on the
Wi-Fi in your local café, any shared files you may have could be shared on the
same network, making them available to everyone on the café Wi-Fi. In this
situation, choose Public as this prevents anyone else from gaining access to
resources that are shared.
5. Uninstall Java
It is fair to say that most people will be running a version of Java that is out of
date and not secure. As such, just visiting a single web page could put you at
risk of infection. It is also fair to say that Java is not very secure, having been
faced with risk after risk. The thing is, Java applets are so few and far between
these days you don’t even really need it on your computer!
If you do have Java, head over to your control panel and uninstall it. If you
need it for something you will be prompted to reinstall it but, should you do
this, you must disable the Java plugin to protect yourself.
6. Update Your Software
Pretty much every piece of software in everyday use is full of security holes
and these are always being found and patched by the software companies.
Sadly, it is the release notes for these patches that give hackers and attackers
the information they need to come up with attacks on machines that haven’t
been patched and, as such, you should install every security update as soon as
it becomes available.
The easiest way to do this is to have Windows set on Automatic Updates or, at
the very least, to alert you when there is a new update – then you should install
it immediately. Browsers like Chrome, Edge, Explorer, and Firefox will all
update automatically, as will Adobe Reader and Adobe Flash so these will
always be up to the minute.
7. Be Careful About What You Download and Run
This might seem like a bit of an obvious one but a good deal of the malware on
Windows comes from the download and running of bad software, be it by
accident or design. You should only download and run programs from
trustworthy sources – if necessary, go to the official website to get it. Don’t
click on banners on third-party sites because these, more often than not, contain
malware and adware.
8. Avoid Pirated and Cracked Software
This is a follow-on from the last point. When you use torrent sites, peer-to-
peer networks and other shady places to download cracked or pirated
software, you are taking a huge risk. When you execute the .exe file from these
places, you are trusting that the distributor is not going to do anything harmful.
Even worse, the cracks that are needed to make a piece of software work
properly are made by groups that specialize in software cracking and you have
no way of knowing whether there is anything malicious in there or not.
The download of unauthorized software carries a lot more risk than pirated
software or videos. Software is basically machine code that can be changed
while videos are media files that either play or they won’t. Some unscrupulous
individuals will try disguising malware as a video to encourage those with
little experience to run them, thus infecting their systems.
9. Beware of Phishing and Social Engineering
We’ve all heard of phishing and most email providers and browsers will do
all they can to protect you from it. However, sometimes things slip through the
net. Phishing is the internet equivalent of a person who calls you and claims
they are from your bank, just needing to clarify your credit card details. Banks
never phone for this information and they will never email you to ask for the
information either.
Be very careful when you disclose any personal information on the internet.
Make sure you only do it through trustworthy sites – if you need to get to your
bank, go to their official website, not a link in an email – you don’t know
where that link is sending you
 10. Don’t Reuse Passwords
This is a massive problem. The amount of people that use the same password
for everything are at risk – if just one website suffered a password leak, the
hackers can get into everything that you do, gain access to all your accounts
and all your personal information. Especially never use the same password for
your email, that one should always be different.
Password leaks are happening more and more these days so, using a unique
password on every site you access cuts your risk to the minimum. You can use
a password manager to help you here.
11. Use Secure Passwords
Password managers can also help you with secure passwords, long ones that
contain combinations of numbers, symbols, and letters. Password leaks show
that many people use simple passwords, like “12345” or “letmein”, even
“password” to get into their sites. These are the most insecure passwords ever!
Chapter 6: Tools Ethical Hackers Use
There are loads of ethical hacking tools to choose from and these are some of
the very best and are completely free:
1. Metasploit
Works on all the major platforms and is a suite of tools that you can customize.
It is the most popular tool for locating vulnerabilities on different platforms
and is backed up by more than 200,000 contributors and users. You can
simulate a real-world attack and find all the weakness in your system.
2. Acunetix WVS
Available for Windows XP and above, Acunetix is a Web Vulnerability
Scanner that can find potentially fatal flaws in websites. It is a multi-threaded
tool that can crawl a site and locate vulnerabilities such as SQL injection and
Cross-Site Scripting. It is easy to use, fast and works perfectly on WordPress
sites. Acunetix has a built-in Login Sequence Recorder that lets you get into
password protected parts of a website and, with AcuSensor technology, you
can cut the false positive rate significantly.
3. Wireshark
Wireshark used to be known as Ethereal and is also available as TShark, a
command-line version. It is a network protocol analyzer that runs easily on all
major platforms, allowing you to capture and browse interactively with
network frame content. The idea behind the open-source project is to provide
features that can’t be found in many closed-source sniffers and analyzers.
4. Nessus Vulnerability Scanner
Nessus works on all the major platforms and works by using a client-server
framework. It is, without a doubt one of the most popular of all the
vulnerability scanners and has several different purposes – Home,
Professional, Manager, and Cloud. With Nessus, you can scan loads of
different vulnerabilities, including remote access flaw detections, Denial of
Service against TCP/IP stack, misconfiguration alerts, malware detections,
preparing PCI DSS audits, searching sensitive databases, and so on. And, if
you want to launch a dictionary attack using Nessus, it will use an external and
very popular tool called Hydra. Nessus an also be used to scan hybrid
networks and multiple IPv4 and IPv6 networks. Scans can be scheduled at a
time that suits you.
5. Maltego
Maltego works on Linus, Mac, and Windows and is open source. It is a
forensics platform that allows for deep mining and gathering information,
providing you with a complete picture of all the cyber threats that are around
you. It is one of the very best tools that shows off the severity and the
complexity of weak points in your system and in the environment, that
surrounds it. It is one of the best hacker tools that will provide an analysis of
real-world links between companies, people, DNS names, domains, websites,
documents, IP addresses and so on.
6. Social-Engineer Toolkit
Social-Engineer Toolkit works mainly on Linux but does have partial support
on Windows and Mac. This is one of the more advanced frameworks for the
simulation of a large number of social engineering attacks, such as phishing,
harvesting of credentials, and so much more. Driven by Python, this is the
industry standard for carrying out social engineering penetration tests and will
automate attack, generating malicious websites, disguising emails and so on
To download it on Linux, you will need to go to the command line and type in
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
7. Nessus Remote Security Scanner
Although this is still a free tool, it has now gone from open to closed source. It
works with the use of a client-server network and is a remote security scanner,
used by more than 70,000 organizations across the world. It has proven cost-
savings in the audit of applications and devices that are critical to business,
over and above any other vulnerability scanner available.
8. Kismet
This is an Intrusion Detection System, a sniffer, and an 802.11 layers wireless
network detector, all rolled into one. It will work with any of the kismet
wireless cards that have support for rfmon – raw monitoring – and it can sniff
traffic across 8.2.11g, 8.2.11b and 8.2.11a. Provided your wireless card has
support for rfmon, this will work well
9. John The Ripper
Another open source and free software tool, John the Ripper is primarily
distributed in the form of source code. It is a very popular tool for password
cracking because it is a combination of several different crackers in one place.
It can also detect the type of password hash automatically and has a built-in
customizable password cracker.
10. Unicornscan
This is a popular tool for information gathering and correlation as it is a User-
Land Distributed TCP/IP stack. It provides you with a top-notch interface for
the stimulation of a device that is TCP/IP enabled and for measuring the
response. This also works on TCP/IP networks. Features of Unicornscan
include asynchronous stateless TCP banner grabbing, asynchronous TCP
scanning, including all TPC flag variations and the identification of
applications, components, and active or passive remote operating systems.
11. Netsparker
One of the easiest security scanners to use, Netsparker used the more advanced
technology of Proof-Based vulnerability scanning on websites and includes
penetration testing and a series of reporting tools built-in. It will automatically
exploit any vulnerabilities that it finds in a safe, read-only environment and
will always give you proof of the exploitation
12. Burp Suite
Burp Suite is used for carrying out security testing on web applications and is
an integrated platform. It contains a number of tools that all work together to
provide support for the testing process, starting with the mapping and analysis
of the attack surface of a specific application, and ending with the discovery
and exploit of security vulneraries
These tools are available for you to use right now so go ahead and try them out
on your own system. I have provided a list of all the tools you need at the end
of the book
Conclusion
Thank you again for downloading this book!
I hope this book was able to help you to understand better how to keep your
system secure by carrying out ethical hacking to see where the weaknesses lie.
The next step is to test out some of the other tools I have mentions, go a little
deeper and then make sure that you strengthen up any weakness or gaps that are
found. Not doing so can result in serious malware attacks and can shut your
system down completely, resulting in the loss of all your data.
Finally, if you enjoyed this book, then I’d like to ask you for a favor, would you
be kind enough to leave a review for this book on Amazon? It’d be greatly
appreciated!
Click here to leave a review for this book on Amazon!
Thank you and good luck!
References:
https://www.vistumbler.net/
https://www.kismetwireless.net/
https://www.microsoft.com/en-gb/store/p/wifi-analyzer/9nblggh33n0n
https://www.aircrack-ng.org/
http://tools.kali.org/wireless-attacks/reaver
https://sourceforge.net/projects/wifishfinder/
https://digi.ninja/jasager/
http://www.dragoslungu.com/2007/07/01/new-windows-wifi-driver-
enumerator-wifidenum/
https://nmap.org/
http://www.oxid.it/cain.html
http://codebutler.com/firesheep
http://sectools.org/
https://hashcat.net/hashcat/
http://scrapmaker.com/view/dictionaries/rockyou.txt
http://www.winmd5.com/
https://www.metasploit.com/
http://www.acunetix.com/vulnerability-scanner/
https://www.wireshark.org/
http://www.tenable.com/
https://www.paterva.com/web7/
http://www.social-engineer.org/framework/se-tools/computer-based/social-
engineer-toolkit-set/
http://www.kismetwireless.net/download.shtml
http://www.openwall.com/john/
http://sectools.org/tool/unicornscan/
https://www.netsparker.com/web-vulnerability-scanner/
https://portswigger.net/burp/