Ethical Hacking

What is Hacking?
 Hacking is the activity of identifying weaknesses in a computer system or
a network to exploit the security to gain access to personal data or
business data.
 An example of computer hacking can be: using a password cracking
algorithm to gain access to a computer system.
 Computers have become mandatory to run a successful businesses. It is
not enough to have isolated computers systems; they need to be
networked to facilitate communication with external businesses. This
exposes them to the outside world and hacking.
 System hacking means using computers to commit fraudulent acts such as
fraud, privacy invasion, stealing corporate/personal data, etc. Cyber
crimes cost many organizations millions of dollars every year. Businesses
need to protect themselves against such attacks.
 Before we learn hacking, let’s look at the introduction of hacking and
some of the most commonly used terminologies in the world of hacking.

Who is a Hacker?
 A Hacker is a person who finds and exploits the weakness in computer
systems and/or networks to gain access.

 Hackers are usually skilled computer programmers with knowledge of

computer security.
 Types of Hackers
 Hackers are classified according to the intent of their actions. The
following list classifies types of hackers according to their intent:

Symbol Description

Ethical Hacker (White hat): A security hacker who ga

access to systems with a view to fix the identified
weaknesses. They may also perform penetration
testing and vulnerability assessments.

Cracker (Black hat): A hacker who gains unauthorize

access to computer systems for personal gain.
The intent is usually to steal corporate data,
violate privacy rights, transfer funds from bank acco
Grey hat: A hacker who is in between ethical and bla
hat hackers. He/she breaks into computer systems
without authority with a view to identify weaknesses
and reveal them to the system owner.

Script kiddies: A non-skilled person who gains acces

to computer systems using already made tools.

Hacktivist: A hacker who use hacking to send social,

religious, and political, etc. messages. This is usually
by hijacking websites and leaving the message
on the hijacked website.

Phreaker: A hacker who identifies and exploits

weaknesses in telephones instead of computers.
Types of Hacking

We can define hacking into different categories, based on what is being hacked.
These are as follows:

1. Network Hacking
2. Website Hacking
3. Computer Hacking
4. Password Hacking
5. Email Hacking

1. Network Hacking: Network hacking means gathering information about a

network with the intent to harm the network system and hamper its
operations using the various tools like Telnet, NS lookup, Ping, Tracert,
etc.
2. Website hacking: Website hacking means taking unauthorized access
over a web server, database and make a change in the information.
3. Computer hacking: Computer hacking means unauthorized access to the
Computer and steals the information from PC like Computer ID and
password by applying hacking methods.
4. Password hacking: Password hacking is the process of recovering secret
passwords from data that has been already stored in the computer system.
5. Email hacking: Email hacking means unauthorized access on an Email
account and using it without the owner's permission.

Advantages of Hacking

There are various advantages of hacking:

1. It is used to recover the lost of information, especially when you lost your
password.
2. It is used to perform penetration testing to increase the security of the
computer and network.
3. It is used to test how good security is on your network.
Disadvantages of Hacking

There are various disadvantages of hacking:

1. It can harm the privacy of someone.

2. Hacking is illegal.
3. Criminal can use hacking to their advantage.
4. Hampering system operations.

Summary

 Hacking is identifying and exploiting weaknesses in computer systems

and/or computer networks.
 Cybercrime is committing a crime with the aid of computers and
information technology infrastructure.
 Ethical Hacking is about improving the security of computer systems
and/or computer networks.
 Ethical Hacking is legal.

Environmental Setup

To perform ethical hacking, we have to download the Kali Linux Operating

System and we can download Kali Linux OS inside the Virtual box. Here are
the basic steps to download the virtual box and Kali Linux.

Step 1: Download Virtual Box

In step1, we download the Virtual box because the virtual box allows us to
create a virtual machine inside our current operating system. After this, we will
download the Kali Linux. A virtual machine is just like a completely separate
working machine. You will lose nothing if you install an operating system
inside the virtual machine. The operating system will perform just like the
install on a separate laptop.
Now using the following link, you can download the virtual box according to
your operating system and install it.

https://www.virtualbox.org/wiki/Downloads

After installation, the virtual box will be shown as follows:

Step 2: Download Kali Linux

Now we will download the Kali Linux. It contained all the programs and
application that we need to use pre-installed and preconfigured that means we
just need to install this operating system and start hacking.

There are two ways to install Kali. You can install it as a virtual machine inside
your current operating system, or you can download it as a main operating
system. In this tutorial, I am going to use a virtual machine.

Use the following link to download the Kali Linux operating system.

https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-
download/
After downloading, you will get a file with .ova extension. Now, to install the
Kali Linux, you need to just double click on the file and click on the import
button.
Step 3: Modify some settings of Kali Linux

Before starting, we will modify some Settings. So just click on Kali Linux on
the left side and then click on the Settings.

Now click on System and modify the amount of RAM depending on the amount
of RAM on your computer. You can give it as 2GB if you want, but 1GB is
enough for Kali.
If you click on the Processor, then you can modify the amount of Processor as
2CPU, but 1 CPU is enough for Kali.
Now click on Network Settings and set "Attached to" as "NAT Network" but
sometimes the network is automatically created by the virtual box, and
sometimes the virtual box doesn't create this network automatically. If it is
automatically created then click OK. If it is not created then the following
screen will be shown:

If the virtual box is not automatically created the network, then just go to the
VirtualBox → Preferences → Network → + sign. Now you can see that it
creates another network.
Step 4: Starting of Kali Linux

Now we are starting the Kali Linux by clicking the start button. After clicking
two cases will arise:

o Sometimes it will run successfully.

o Sometimes you will get an error like this:

To fix this error, you have to download the Oracle VM VirtualBox Extension
Pack of the same version of VirtualBox. To find the version of Virtual Box just
click on Help then click on About VirtualBox.
 Now download the VirtualBox Extension of 5.2.20 version. Use the
following link to download it:
 https://download.virtualbox.org/virtualbox/5.0.20/

 Now click on Oracle_VM_VirtualBox_Extension_Pack-5.0.20.vbox-

extpack
 Install the VirtualBox extension pack. After installing, to check it clicks
on File → Preferences → Extensions. Here you can see the Oracle VM
VirtualBox Extension Pack. Click OK.

 Now the problem is fixed, and we can start the virtual machine by
clicking the start button.
 After starting, it will ask us for the Username, and the default Username
is root then it will ask us for the password and the default password is the
reverse of root which is toor. Now you will get a screen like this:
 Install the VirtualBox extension pack. After installing, to check it clicks
on File → Preferences → Extensions. Here you can see the Oracle VM
VirtualBox Extension Pack. Click OK.
 Now the problem is fixed, and we can start the virtual machine by
clicking the start button.

 After starting, it will ask us for the Username, and the default Username
is root then it will ask us for the password and the default password is the
reverse of root which is toor. Now you will get a screen like this:
 Network Penetration
Network Penetration Testing

 Network penetration testing is the first penetration testing that we are

going to cover in this section.
 Most of the systems and computers are connected to a network.
 If a device is connected to the internet, that means the device is connected
to the network because the internet is a really big network. T
 herefore, we need to know that how devices interact with each other in a
network, as well as how networks works.

Network penetration testing is divided into 3 subsections:

1. Pre-connection attacks: In this section, we will learn about all the

attacks that we can do before connecting to a network.
 2. Gaining attacks: In this section, we will learn that how to crack Wi-Fi
keys and gain access to Wi-Fi network whether they use
WEP/WPA/WPA2 network.
3. Post-connection attacks: These attacks apply whenever you are able to
connect to the network. In this section, you will learn the number of
powerful attacks that will allow you to intercept the connections and
capture everything like the user-name, password, URL, chat messages.
You can also modify the data as it has been sent in the air. These attacks
can apply on both Wi-Fi or wired networks.

Basic of Network

 A network is a group of two or more devices that are connected to each

other to share the data or share the resource.
 A network contains a number of different computer system that is
connected by a physical or wireless connection like server or router.
 This router has direct access to the internet. The device can only connect
to the internet through the router or access point.
 For example: Suppose the client or device connected to the network
through Wi-Fi or Ethernet.
 If the client opens the browser and types google.com, then your computer
will send a request to the router for asking google.com.
 The router will go to the internet and request google.com. The router will
receive google.com and forward that response to the computer. Now the
client can see google.com on the browser as a result.
  In networking, devices on the same network communicate with each
other using packets.
 If you send a video, login a website, sending chat messages, sending
email, all the data is send as packets.
 In networking, devices ensure that these packets go in the right direction
using the mac address. Each packet has the source mac and destination
mac, and it flows from the source mac to destination mac.

Pre-connection Attack

 Pre-connection attack is the first part of the network penetration testing.

 To perform this attack, we will look at the fundamentals like how to show
all the networks around us, how to find the details of all the connected
devices to a particular network.
 Once we know about the network and connected devices to it, we can
disconnect any device without knowing the password of that device.
Following are the basic steps we will be going through to perform Pre-
connection attack:

1. Wireless Interface in Monitor mode: In this step, we will change the

mode of wireless device as Monitor mode.
2. About airodump-ng: In this step, we will use airodump-ng to list all the
network around us and display useful information about them.
3. Run airodump-ng: In this step, we will see all the devices that are
connected to a particular network and collect more information about it.
4. Deauthenticate the Wireless client: In this step, we can disconnect any
device which is shown in the previous step using the aireplay-ng.

Wireless interface in Monitor Mode

 This step is used to put your wireless card into Monitor mode. In Monitor
mode, your card can listen to every packets that's around us.
 By default, the mode of wireless devices is set to "Managed" that means
our wireless device will only capture packets that have our device's MAC
address as the destination MAC. It will only capture packets that are
actually directly to my Kali machine.
 But we want to capture all the packets that are within our range even if
the destination MAC is not our MAC or even without knowing the
password of the target device. To do this, we need to set the mode
as Monitor mode.
 We can use iwconfig to see the wireless interfaces.
  In the above image, you can see that the wireless interface wlan0 is in
Managed mode. Use the following command to set it in Monitor mode.

Where

o ifconfig wlan0 down command is used for disabling the Managed mode
o airmon-ng check kill command is used to kill any process that could
interfere with using my interface in monitor mode. After this command,
your internet connection will be lost.
 o iwconfig wlan0 mode monitor command is used to enable monitor mode
o ifconfig wlan0 up command is used to enable the interface
o iwconfig command shows that the mode is set to Monitor
o In the above figure, you can see that the mode is changed as Monitor mode.
Now we are able to capture all the Wi-Fi packets that are within our range
even if the packets are not directed to our computer or even without
knowing the password of the target network.
o To do this, we need a program that can capture the packets for us. The
program we are going to use is airodump-ng.

About airodump-ng

o airdump-ng is used to list all the network around us and display useful
information about them. It is a packet sniffer, so it is basically designed to
capture all the packets around us while we are in Monitor mode. We can
run it against all of the networks around us and collect useful information
like the mac address, channel name, encryption type, number of clients
connected to the network and then start targeting to the target network. We
can also run it against certain AP(access point) so that we only capture
packets from a certain Wi-Fi network.

Syntax
1. airodump-ng [MonitorModeInterface]

First, let's look at how to run the program. In this case, we need our Wi-Fi card
in Monitor mode. The name of the our Wi-Fi card is wlan0.
Note: We can press Ctrl + C to stop the following execution.

Where

o BSSID shows the MAC address of the target network

o PWR shows the signal strength of the network. Higher the number has
better signal
o Beacons are the frames send by the network in order to broadcast its
existence
o #Data, shows the number of data packets or the number of data frames
o #/s shows the number of data packets that we collect in the past 10
seconds
o CH shows the channel on which the network works on
o ENC shows the encryption used by the network. It can be WEP, OPN,
WPA, WPA2
o CIPHER shows the cipher used in the network
o AUTH shows the authentication used on the network
o ESSID shows the name of the network
 o In the above image, you can show all the wireless networks like Oppo,
perfe, Fligh, Ashu, LIFCA, Xiaom, BS1A-YW5 etc and the detailed
information about all the network.

Note: airodump-ng is also used to identify all of the devices connected to the
networks around us.
Run airodump-ng

In this step, we will run airodump-ng to see all the devices that are connected to
a particular network and collect more information about it. Once we have a
network to the target, it's useful to run airodump-ng on that network only,
instead of running it on all the networks around us.

Currently, we are running airodump-ng on all the networks around us. Now we
are going to target the network BS1A-YW5 whose BSSID
is 50:C8:E5:AF:F6:33. We are going to sniff on that network only.

To do this, we will be use the same program. The command will be as follows:

Where

o --bssid 50:C8:E5:AF:F6:33 is the access point MAC address. It is used to

eliminate extraneous traffic.
o --channel 11 is the channel for airodump-ng to snif on.
o --write test is used to store all the data in a file named as test. It is not
mandatory; you can skip this part.
o wlan0 is the interface name in Monitor mode.
After execution of this command, the following devices will be shown:

Where

o BSSID of all the devices is same because devices are connected to the
same network
o STATION shows the number of devices that are connected to this
network
o PWR shows the power strength of each of the devices
o Rate shows the speed
o Lost shows the amount of data loss
o Frames show the number of frames that we have captured
o After executing this command, we have 3 devices that are connected to
the network BS1A-YW5 and all the devices have the same BSSID as
50:C8:E5:AF:F6:33.

Deauthenticate the wireless client

o It is also known as deauthentication attacks. These attacks are very

useful. These attacks allow us to disconnect any device from any network
that is within our range even if the network has encryption or uses a key.
o In deauthentication attack, we are going to pretend to be client and send a
deauthentication packet to the router by changing our MAC address to the
MAC address of the client and tell the router that we want to disconnect
from you.
o At the same time, we are going to pretend to be router by changing our
MAC address to the router's MAC address until the client that we are
requesting to be disconnected. After this, the connection will be lost.
o Through this process, we can disconnect or deauthenticate any client
from any network. To do this, we will use a tool called aireplay-ng.

o First of all, we will run airodump-ng on the target network, because we

want to see which clients or devices are connected to it. This time, we
will not need the --write option, so we are just going to remove it. After
completion the run process of airodump-ng, we are going to disconnect
the device with STATION A8:7D:12:30:E9:A4 using the airoplay-ng.
Syntax

1. aireplay-ng --deauth [#DeauthPackets] -a [NetworkMac] -

c [TargetMac] [Interface]

o After executing this command, the device whose STATION is

A8:7D:12:30, lost the internet connection. We can only connect to the
network again when we quit this executing command by pressing Ctrl +
C.

27.8M

538

History of Java

Where

o -deauth is used to tell airplay-ng that we want to run a deauthentication

attack and assign 100000 which is the number of packets so that it keeps
 sending a deauthentication packets to both the router and client and keep
the client disconnected.
o -a is used to specify the MAC address of the router. 50:C8:E5:AF:F6:33
is the target access point.
o -c specifies the MAC address of the client. A8:7D:12:30:E9:A4 is client's
MAC address.
o wlan0 is the wireless adaptor in Monitor mode.
 o First of all, we will run airodump-ng on the target network, because we
want to see which clients or devices are connected to it. This time, we
will not need the --write option, so we are just going to remove it. After
completion the run process of airodump-ng, we are going to disconnect
the device with STATION A8:7D:12:30:E9:A4 using the airoplay-ng.

Syntax
1. aireplay-ng --deauth [#DeauthPackets] -a [NetworkMac] -
c [TargetMac] [Interface]

o After executing this command, the device whose STATION is

A8:7D:12:30, lost the internet connection. We can only connect to the
network again when we quit this executing command by pressing Ctrl +
C.

Where

o -deauth is used to tell airplay-ng that we want to run a deauthentication

attack and assign 100000 which is the number of packets so that it keeps
 sending a deauthentication packets to both the router and client and keep
the client disconnected.
o -a is used to specify the MAC address of the router. 50:C8:E5:AF:F6:33
is the target access point.
o -c specifies the MAC address of the client. A8:7D:12:30:E9:A4 is client's
MAC address.
o wlan0 is the wireless adaptor in Monitor mode.