Basic of Network

A network is a group of two or more devices that are connected to each other to share data or share resources. A network contains several different computer systems that are connected by a physical or wireless connection like a server or router. This router has direct access to the internet. The device can only connect to the internet through the router or access point.

For example: Suppose the client or device is connected to the network through Wi-Fi or Ethernet. If the client opens the browser and types google.com, then your computer will send a request to the router for asking google.com. The router will go to the internet and request google.com. The router will receive google.com and forward that response to the computer. Now the client can see google.com on the browser as a result.

In networking, devices on the same network communicate with each other using packets. If you send a video, log in to a website, send chat messages, sending an email, all the data is sent as packets. In networking, devices ensure that these packets go in the right direction using the Mac address. Each packet has the source mac and destination mac, and it flows from the source mac to the destination mac.

 

Network Penetration Testing

Network penetration testing is the first penetration testing that we are going to cover in this section. Most of the systems and computers are connected to a network. If a device is connected to the internet, that means the device is connected to the network because the internet is a really big network. Therefore, we need to know that how devices interact with each other in a network, as well as how networks works.

Network penetration testing is divided into 3 subsections:

1. Pre-connection attacks: In this section, we will learn about all the attacks that we can do before connecting to a network.
2. Gaining attacks: In this section, we will learn that how to crack Wi-Fi keys and gain access to Wi-Fi network whether they use WEP/WPA/WPA2 network.
3. Post-connection attacks: These attacks apply whenever you are able to connect to the network. In this section, you will learn the number of powerful attacks that will allow you to intercept the connections and capture everything like the user-name, password, URL, chat messages. You can also modify the data as it has been sent in the air. These attacks can apply on both Wi-Fi or wired networks.

Hacking Environmental setup

 

Environmental Setup

To perform ethical hacking, we have to download the Kali Linux Operating System and we can download Kali Linux OS inside the Virtual box. Here are the basic steps to download the virtual box and Kali Linux.

Step 1: Download Virtual Box 

(THERE ARE OTHER METHODS TO GET PR  PROPER KALI, JUST COMMENT ME IF U NEED THAT)

In step 1, we download the Virtual box because virtual box allows us to create a virtual machine inside our current operating system. After this, we will download the Kali Linux. A virtual machine is just like a completely separate working machine. You will lose nothing if you install an operating system inside the virtual machine. The operating system will perform just like the installation on a separate laptop.

Now using the following link, you can download the virtual box according to your operating system and install it.

https://www.virtualbox.org/wiki/Downloads

After installation, the virtual box will be shown as follows:

Step 2: Download Kali Linux

Now we will download the Kali Linux. It contained all the programs and applications that we need to use pre-installed and preconfigured which means we just need to install this operating system and start hacking.

There are two ways to install Kali. You can install it as a virtual machine inside your current operating system, or you can download it as a main operating system. In this tutorial, I am going to use a virtual machine.

Use the following link to download the Kali Linux operating system.

https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/

Now click on Kali Linux VirtualBox Images and download the Kali Linux according to the compatibility of your operating system.

1. Download the 64-bit version if your computer is 64 bits otherwise, download the 32-bit version.
2. The downloaded file has a .ova extension. If the file doesn't have a .ova extension that means you downloaded the wrong file.

After downloading, you will get a file with the .ova extension. Now, to install the Kali Linux, you need to just double-click on the file and click on the import button.

After installation, the Kali Linux is ready to use and will look like as follows:

Step 3: Modify some settings of Kali Linux

Before starting, we will modify some Settings. So just click on Kali Linux on the left side and then click on Settings.

Now click on System and modify the amount of RAM depending on the amount of RAM on your computer. You can give it as 2GB if you want, but 1GB is enough for Kali.

If you click on the Processor, then you can modify the amount of Processor as 2 CPU, but 1 CPU is enough for Kali.

Now click on Network Settings and set "Attached to" as "NAT Network" but sometimes the network is automatically created by the virtual box, and sometimes the virtual box doesn't create this network automatically. If it is automatically created then click OK. If it is not created then the following screen will be shown:

If the virtual box is not automatically created for the network, then just go to the VirtualBox → Preferences → Network → + sign. Now you can see that it creates another network.

AD

Step 4: Starting Kali Linux

Now we are starting the Kali Linux by clicking the start button. After clicking two cases will arise:

• Sometimes it will run successfully.
• Sometimes you will get an error like this:

To fix this error, you have to download the Oracle VM VirtualBox Extension Pack of the same version of VirtualBox. To find the version of Virtual Box just click on Help then click on About VirtualBox.

Now download the VirtualBox Extension of the 5.2.20 version. Use the following link to download it:

https://download.virtualbox.org/virtualbox/5.0.20/

Now click on Oracle_VM_VirtualBox_Extension_Pack-5.0.20.vbox-extract and download it.

Install the VirtualBox extension pack. After installing, to check it click on File → Preferences → Extensions. Here you can see the Oracle VM VirtualBox Extension Pack. Click OK.

Now the problem is fixed, and we can start the virtual machine by clicking the start button.

After starting, it will ask us for the Username, and the default Username is root then it will ask us for the password and the default password is the reverse of the root which is toor. Now you will get a screen like this:

 

Famous Hackers

In this section, we will see some of the famous hackers and how they become famous.

Jonathan James 

Jonathan James was an American hacker. He is the first Juvenile send to prison for cybercrime in the United States. He committed suicide on 18 May 2008, of a self-inflicted gunshot wound.

In 1999, at the age of 16, he gained access to several computers by breaking the password of a NASA server and stealing the source code of the International Space Station, including control of the temperature and humidity within the living space.

Kevin Mitnick 

He is a computer security consultant, author, and hacker. He infiltrates his client's companies to expose their security strengths, weaknesses, and potential loopholes. In the history of the United state, he was formerly the most wanted computer criminal.

From the 1970s up until his last arrest in 1995, he skillfully bypassed corporate security safeguards and found his way into some of the most well-guarded systems like Sun Microsystems, Nokia, Motorola, Netcom, and Digital Equipment Corporation.

Mark Abene 

Mark Abene is an American Infosec expert and Entrepreneur. He is known around the world by his pseudonym Phiber Optik. Once, he was a member of the hacker groups Legion of Doom and Master of Deception. He was a high-profile hacker in the 1980s and early 1990s.

He openly debated and defended the positive merits of ethical hacking as a beneficial tool for the industry. He is also an expert in penetration studies, security policy review and generation, on-site security assessments, systems administration, and network management, among many others.

Robert Morris 

Robert Morris was the creator of the Morris Worm. He was the first computer worm to be unleashed on the Internet. The Morris Worm could slow down computers and make them no longer usable. Due to this, he was sentenced to three years probation, 400 hours of community service, and also had to pay a penalty amount of $10,500.

Gary McKinnon 

Gary McKinnon is a Scottish systems administrator and Hacker. In 2002, he was accused of the "biggest military computer hack of all time". He has successfully hacked the network of the Navy, Army, Air Force, and NASA systems of the United States Government.

In his statement to the media, he has often mentioned that his motivation was only to find evidence of UFOs and the suppression of "free energy" that could potentially be useful to the public.

Linus Torvalds 

Linus Torvalds is a Finnish-American software engineer and one of the best hackers of all time. He is the developer of the very popular Unix-based operating system called Linux. Linux operating system is open source, and thousands of developers have contributed to its kernel. However, he remains the ultimate authority on what new code is incorporated into the standard Linux kernel.

Torvalds just aspires to be simple and have fun by making the world's best operating system. Linus Torvalds has received honorary doctorates from the University of Helsinki and Stockholm University.

Kevin Poulsen 

Kevin Poulsen is an American former Black-hat hacker. He is also known as Dark Dante. He took over all the telephone lines of radio station KIIS-FM of Los Angeles, guaranteeing that he would be the 102nd caller and win the prize of a Porsche 944 S2.

Poulsen also drew the ire of the FBI, when he hacked into federal computers for wiretap information. As a result of this, he was sentenced to five years. He has reinvented himself as a journalist.

Types of Hackers

 Hackers can be classified into three different categories:

1. Black Hat Hacker
2. White Hat Hacker
3. Grey Hat Hacker

Black Hat Hacker

Black-hat Hackers are also known as Unethical Hackers or Security crackers. These people hack the system illegally to steal money or to achieve their own illegal goals. They find banks or other companies with weak security and steal money or credit card information. They can also modify or destroy the data as well. Black hat hacking is illegal.

---

White Hat Hacker

White hat Hackers are also known as Ethical Hackers or Penetration testers. White hat hackers are the good guys of the hacker world.

These people use the same technique used by the black hat hackers. They also hack the system, but they can only hack the system that they have permission to hack to test the security of the system. They focus on security and protecting IT systems. White hat hacking is legal.

---

Gray Hat Hacker

Gray hat Hackers are a Hybrid between Black hat Hackers and White hat hackers. They can hack any system even if they don't have permission to test the security of the system but they will never steal money or damage the system.

In most cases, they tell the administrator of that system. But they are also illegal because they test the security of the system that they do not have permission to test. Grey hat hacking is sometimes acted legally and sometimes not.

What is Ethical Hacking

 

Ethical Hacking Tutorial

The ethical Hacking tutorial provides basic and advanced concepts of Ethical Hacking. Our Ethical Hacking tutorial is developed for beginners and professionals.

The ethical hacking tutorial covers all the aspects associated with hacking. Firstly, we will learn how to install the needed software. After this, we will learn the 4 types of penetration testing section which are network hacking, gaining access, post-exploitation, and website hacking.

In the network hacking section, we will learn how networks work, and how to crack Wi-Fi keys and gain access to the Wi-Fi networks. In the Gaining access section, we will learn how to gain access to the servers and personal computers. In the post-exploitation section, we will learn what can we do with the access that we gained in the previous section. So we learn how to interact with the file system, how to execute a system command, and how to open the webcam. In the website hacking section, we will learn how the website works, and how to gather comprehensive website information. In the end, we will learn how to secure our system from the discussed attacks.

What is Hacking?

Gaining access to a system that you are not supposed to have access to is considered hacking. For example, login into an email account to that is not supposed to have access to, gaining access to a remote computer that you are not supposed to have access to, and reading information that you are not supposed to be able to read is considered hacking. There are a large number of ways to hack a system.

In 1960, the first known event of hacking had taken place at MIT, and at the same time, the term Hacker was organized.

What is Ethical hacking?

Ethical hacking is also known as White hat Hacking or Penetration Testing. Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system or data. Ethical hacking is used to improve the security of the systems and networks by fixing the vulnerability found while testing.

Ethical hackers improve the security posture of an organization. Ethical hackers use the same tools, tricks, and techniques that malicious hackers used, but with the permission of the authorized person. The purpose of ethical hacking is to improve security and to defend the systems from attacks by malicious users.

Types of Hacking

We can define hacking into different categories, based on what is being hacked. These are as follows:

1. Network Hacking
2. Website Hacking
3. Computer Hacking
4. Password Hacking
5. Email Hacking

1. Network Hacking: Network hacking means gathering information about a network with the intent to harm the network system and hamper its operations using various tools like Telnet, NS lookup, Ping, Tracert, etc.
2. Website hacking: Website hacking means taking unauthorized access over a web server, or database and making a change in the information.
3. Computer hacking: Computer hacking means unauthorized access to the Computer and stealing the information from PC like Computer ID and password by applying hacking methods.
4. Password hacking: Password hacking is the process of recovering secret passwords from data that has been already stored in the computer system.
5. Email hacking: Email hacking means unauthorized access to an Email account and using it without the owner's permission.

Advantages of Hacking

There are various advantages of hacking:

1. It is used to recover the loss of information, especially when you lost your password.
2. It is used to perform penetration testing to increase the security of the computer and network.
3. It is used to test how good security is on your network.

Disadvantages of Hacking

There are various disadvantages of hacking:

1. It can harm the privacy of someone.
2. Hacking is illegal.
3. Criminals can use hacking to their advantage.
4. Hampering system operations.

---

Ethical Hacking Tutorial Index

---

• Ethical Hacking Tutorial
• Types of Hackers
• Famous Hackers
• Environmental setup

Network Penetration

• Network Penetration Testing
• Basic of Network

Pre-connection Attacks

• Pre-connection Attacks
• Wireless Interface in Monitor Mode
• About airodump-ng
• Run airodump-ng
• Deauthenticate

Gaining Access

• Introduction
• Gaining Access
• WEP Introduction
• WEP Cracking
• Fake Authentication Attack
• ARP Request Replay Attack
• WPA Theory
• Handshake Theory
• Capturing Handshakes
• Creating Wordlist
• Cracking Wordlist
• Securing Network from Attacks

Post Attacks

• Post-Connection Attacks
• Netdiscover
• Zenmap

MITM Attacks

• MITM Attacks
• ARP spoofing using arpspoof
• ARP spoofing using MITMf
• Bypassing HTTPS
• DNS Spoofing

Server Attacks

• Server-side Attacks
• Server-side Attack Basics
• Attacks - Metasploit basics
• Exploiting a Code Execution Vulnerability
• Installing MSFC
• MSFC Scan
• MSFC Analysis
• Installing Nexpose
• Nexpose Scanning

---

Prerequisite

There is nothing specific prerequisite for learning computer networks.

Audience

Our Ethical Hacking Tutorial is designed to help beginners and professionals.

Problems

We assure you that you will not find any problems in this Ethical Hacking Tutorial. But if there is any mistake, please post the problem in the contact form.

Prevention of MITM attack

 

Prevention of Man in the Middle Attack (MITM)

Several practical steps are required to block MITM attacks on the user's part. It also required a combination of verification methods and encryption for applications. The various preventions of MITM are as follows:

WEP/WAP Encryption

If our wireless access point has a strong encryption mechanism, it will prevent our network from joining unwanted users who are nearby our network. The attackers will brute force into a network if we have weak encryption mechanisms, and then it will begin MITM attacking. The safe network is provided by strong encryption implementation.

Router login credentials

If we are applying a router, we have to make sure to change the default router login. Including the Wi-Fi password, we have to also change the router login credentials. The attacker can change their malicious server to our DNS server if they find our router login credentials. They can also do even worse. They can change our router with malicious software.

VPN (Virtual Private Network)

In a local area network, a secure environment for sensitive data is provided by a virtual private network. Using key-based encryption, they can provide secure communication. Due to this way, an attacker cannot decipher the traffic in a virtual private network even if an attacker happens to get a shared network.

Force HTTPS

Using the public-private key exchange, HTTPS can securely transfer data or communicate over HTTP. Due to this, the data that the attacker wants to sniff can be prevented. Websites should not provide HTTP as an alternative. They should only use HTTPS. By installing browser plugins, users can enforce always use of HTTPS on requests.

Encrypted Data

Using the robustly encrypted and transmitted data with authentication, secure communication protocols like HTTPS (Hypertext transfer protocol secure) and TLS (Transport layer security) help mitigate spoofing for website operators. Using this, the interception of site traffic can be prevented, and the decryption of sensitive information like authentication tokens can be blocked.

Use SSL/TLS

If we want to secure every page of the website and not only the login page required by the user, the applications can use SSL/TLS. This reduces the chances of stealing session cookies by the attacker. This will protect the user's browsing data, which is entered while login into an unsecured section of the website.

Public key pair-based authentication

Spoofing of something is typically involved in man-in-the-middle attacks. Various layers of stacks can use public key pair authentication as RSA to ensure whether the things we want to communicate with are actually the things we are communicating.

Using Imperva to protect against MITM

Because of the suboptimal implementation of SSL/TLS like the ones that support the outdated use or enabled the exploit and under-secured ciphers, MITM attacks often occur. To control these, Imperva provides end-to-end encryption of SSL/TLS in an optimized way for their customers, as part of its suite of security services. Imperva offers managing services. Professional security maintained the configuration of SSL/TLS and kept it up to date to counter q1emerging threats and to keep up with compliance demands.

To ensure compliance with the latest demands of PCI DSS and to prevent compromising attacks of SSL/TLS, the certificates are optimally implemented if we are hosted on Imperva. If we want to enforce the security of SSL/TLS across multiple subdomains, we can configure HSTS (HTTP Strict Transport Security) under the Imperva cloud dashboard. This can also secure the web application and website from cookie hijacking attempts and protocol downgrade attacks.

MITM Attack Progression

In two distinct phases, MITM execution will be successful, which are decryption and interception. In interception, the attacker stays in between the data stream, ready to capture the data, collect the received data, and sell or reuse the data. In decryption, data is sent by an attacker, analyzes the used encryption techniques like HTTPS, etc. tries to decrypt the data and reuse it.

Interception

In the first step, we use the attacker's network and intercept user traffic before reaching its desired location. For doing this, the passive attack is the simplest and most common. In this attack, attackers create malicious Wi-Fi hotspots that are freely available to the public, which means they are not password protected. The name of this type of Wi-Fi generally corresponds to their location. When such hotspots are connected by any user or victim, the attackers gain full access to online data exchange. A more active approach is taken by attackers to interception may launch any of the following attacks:

IP spoofing

An IP address is contained by all the system which is connected to the network. An IP address is also provided by many corporate internal networks to the system. In IP spoofing, attackers alter the header of a package in an IP address and disguise themselves as an application. As a result, the URL connected to the application tries to access by the users and send to the attacker's website. In this case, DOS may be used by an attacker to perform MITM attacks, where the attacker acts between two systems as middleware.

ARP spoofing

ARP means Address Resolution Protocol. It is used in a local area network to resolve the IP address to corresponding MAC addresses. To locate the device in a network and to identify the device's MAC address, an IP address is used. In an ARP poisoning attack, attackers link their MAC address to the legitimate user's IP. Then to establish a connection to the attacker system, it sends a constant series of ARP messages. As a result, data is transmitted to the attacker, which the user sends to the host IP address.

DNS Spoofing

DNS means Domain name system. DNS is used to resolve the IP address to its domain names like "javatpoint.com" and vice versa. In this attack, the DNS cache of the target device is corrupted by the attacker and rewriting it. The attacker alters the DNS recodes and redirects to the vulnerability server. As a result, an altered DNS record is sent to the attacker's site, and the users try to access this site. Where the 32.21.12.23 port number resolves the www.stupidonlinebank.com. The DNS cache is poisoned by the attacker, and it redirects the user to "19.168.0.10'. In this port, a fake phishing site is deployed by an attacker, and that site is ready to collect the entered details.

Decryption

Now without alerting the application or user, decryption is needed on two-way SSL traffic. To achieve this, various methods are as follows:

HTTPS Spoofing

When the initial connection is made to a protected site, the victim's browser receives a fake certificate from the attacker. The certificate holds the thumbprint, and a compromised application is associated with it. The thumbprint is verified by the browser based on an existing list of trusted sites leaving the attacker to access any data which is entered by the user before it is passed to the application.

SSL Beast

It is used in SSL to target a TSL version 1.0. Here, malicious JavaScript is injected into the victim's computer that is used to intercept the encrypted cookies, which are sent by the web application. Now to authenticate tokens and decrypt the cookies, the cipher block chaining of the app is compromised.

SSL Hijacking

SSL hijacking occurs during the TCP (transmission control protocol) handshakes when an attacker passes forged authentication keys to both the application and the user. It is used to compromise social media accounts. Most websites of social media store session browser cookies on the user's system. When the browser hijacks and malware is injected into the user's machine, this type of attack mainly occurs. It will also occur when session cookies are stolen by the attacker. When the entire session is controlled by a man in the middle, this sets up what appears to be a secure connection.

SSL Stripping

In 100% of websites, around 70% of websites are still working on insecure and generic HTTP ports. This provides the backward capability and extensive availability of the application to the users. Using this, the secure HTTPS connection can be downgraded to a basic HTTP connection. An attacker can use the HTTP connection to sniff the packets and read them. Now the users are browsing an unencrypted website, so the attacker can also alter the packet on the spot.