Ethical Hacking - Learn Easy - Learn Ethical Hacking Basic in One Month

EthicalHackingForAbsoluteBeginners

LearnEasy

SanjibSinha

Contents

Prologue

Introduction

WhatisEthicalHacking?

HowYouCanUseManyTools?

TheLegalSide

Prerequisites

BasicHackingTerms

BuildYourHackingEnvironment

WhatIsVirtualBox?

InstallKaliLinux&OtherOperatingSystemsinVB

LinuxTerminalsandBasicFunctionalities

ShouldIKnowAnyProgrammingLanguage?

ProtectYourAnonymityonInternet

1)Tor

2)ProxyChains

3)VPN

4)AllAboutMacAddress

#Prologue

Thisbookisintendedforcompleteprogrammingbeginnersorgeneralpeoplewho

knownothingaboutanyprogramminglanguagebutwanttolearnethicalhacking.Ethical

Hacking,bynomeans,isassociatedwithanykindofillegalelectronicactivities.They

alwaysstaywithinlaws.Thisbookisintendedforthosepeople–youngandold–whoare

creativeandcuriousandwhowanttodevelopacreativehobbyortakeupinternetsecurity

professionactingasethicalhacker.

Thisbookisnotintendedforanykindofmalicioususer.Ifyouthinkthatyoucan

usethisbookforanymaliciouspurposethenyouareadvisedtoreadthechapter“Legal

SideofEthicalHacking”.Ihopeyouwon’tliketheideaofendingupinjailbyharming

someothersystems.

Therearemanypeoplewhoalreadyknowmorethanme,orthaneveryone.This

bookisnotforthosewizards.Ifyouarenewtothisbeautifulworldofcomputerorhave

littleknowledgeaboutanyprogramminglanguage,thenthisbookisforyou.

Iwouldliketoendthisprologuewithanimage.Thisimagedepictsmanythings

thatIwilllaterdiscussindetail.Itsays,“Theauthorisusing“Ubuntu”Linuxdistribution

ashisdefaultoperatingsystem.HehasinstalledVirtualBox–akindofvirtualmachine–

thatrunsinWindowsalso.AndinthatVirtualBoxhehasinstalledtwomoreoperating

systems.Oneis“WindowsXP”andtheotheris“KaliLinux””.

Theimagealsosays,andthatisveryimportant,“Presentlyheisvirtuallyrunning

threeOperatingSystemsinhisdesktop”.

Whyitisnecessary,youwilllearninthecomingchapters.Staytuned.

(ThevirtualBoxisrunningtwooperatingsystems.YoucantryanykindofexperimentonthisVirtual

OS.Thatwillnotdamageyourmainsystem.)

#Beginner’sFAQ

Q.ShouldIknowanyprogramminglanguageasofnowtolearnthebasicofethicalhacking?

A.No.Youneednotknowanyprogramminglanguageatpresent.Butifyouare

serioustotakeupEthicalHackingasyourprofessionorasahobbyistyouliketodelve

intothedeep,thenyoumustknowoneprogramminglanguage.Moreyouknowitis

alwaysbetter.

Q.WhichProgrammingLanguageshouldIknowfirst?

A.YoucanstartlearningPython.Thisisnotonlyeasytolearnbutitwillalsohelp

youimmenselyinyourlearningprocessofEthicalHacking.

Q.BesideslearninganyprogramminglanguagewhatshouldIknow?

A.YouneedtohaveknowledgeaboutNetworkingandafewimportantLinux

Commands.Moreyouknowaboutthetotalcomputersystemisbetterandthatwill

enhanceyourhackingskill.

Q.Isthereanyhackingsoftwaretoolthatrequiresnoknowledgeofprogramminglanguage?

A.Yes,therearefewsuchtoolsbutasIhavejustsaidknowledgeabout

programminglanguage,networkingandoperatingsystemsareprerequisitesforbeinga

goodethicalhacker.TolearnEthicalhackingyoucanstartfromzerobutitisagood

practicetolearnothernecessarythingsasyouprogress.

#HackerversusCrackerIngeneralHackerstandsforcreativeandcuriouspeople.Inthatsense,every

scientist,writer,painterishacker.OnthecontraryaCrackerisabadguywhowantsto

stealdatabypenetratingintoacomputersystem.

Ahackerwantstoprotectdata.Acrackerwantstostealdata.Atbestyoucansay

themmalicioushackerwithbadintention.

Theyarenotsame.

Therearealsosomekindsofwrongimagesthatareusuallyportrayedinfilms.In

thosefilmsweseethatamansitsbeforeacomputerandtypesinalighteningspeedand

thecomputerspitsouttonsofsecretdata.

Inreality,arealethicalhackerorasecuritypersonalworkingasanethicalhacker

wantstounderstandhowthecomputersystemworksandtriestofindoutsecurity

vulnerabilitieswiththehelpofhistools.

Inthisbookweshowyoufewsuchtechniquesandtellaboutthetoolsthatare

frequentlyusedtogathervaluabledataandattackcomputersystem.

Howfastyoucantypedoessometimematters.Thespeedofkeyingvariesfrom

persontoperson.Agoodhackerwhousuallyspendsaroundtentosixteenhoursaday

overhislaptopcanachieveaspeedofkeying100to120wordsperminute.Togain

strengthontheirfingertipssometimetheydopush-upsusingtheirfingertips.Theseare

notlegends.Ithappens.

Youneedtowritethenecessarycodesorinstructatooltoperformsomeactionsand

youhavetowriteitfast.

Tosummarizethissectionwecansay,hackersareskillfulandtheyusesome

specializedsoftwaretools.Youwilllearnthoseskillsandknowaboutthosesoftwaretools

sothatyoucannotonlyprotectyourmachinebutasasecuritypersonalactingasan

ethicalhackeryoucanalsoprotectyourclient’smachine.Asyouprogressyouwillcome

acrossmanyterms.Oneofthemispenetrationtestingorinshortpentesting.Manyethical

hackershelpotherpeoplebydetectingsecurityvulnerabilitiesintheirsystemandassure

someprotectionsothatitislesspronetosuchattacks.Theydosoforprofit.Theyare

calledpen-testers.

Stayingwithinthelawisalwaysveryimportant.Youneedtounderstandthestate,

countryorinternationallawbeforeyouventureoutasanethicalhacker.Wewillcoverthis

partinamoredetailsothatyouwillknowwhatyoucandoandwhatyoucan’tdo.

#RoleofEthicalHackersItisamilliondollarquestion.Butbeforethisquestioncomestherearemanyother

questionsthataretobeansweredfirst.

Canyouevenaskyourself,whycountriesspendmillionofdollarsfortheirdefense

budget?Whyaretheresomanyweaponsaroundus?Someofthemarestateoftheartand

builtbyusingmostmoderntechnology.Lotsofmoneyisspentonresearchofsuch

technologythat,attheendoftheday,onlyproducesweapons!

Thereisonlyoneanswer.Everycountryhaslibertytoprotectthem.Theseweapons

aremadefordefense.Theyarenotintendedforattack.

Everycountryarrangesmockfightsinsidetheirterritory–sometimeotherfriendly

countryalsoparticipatesintothat–justbecausetheycantryoutsomeofthestateofthe

artmodernweapon.

EthicalHackersplaythesamerole.Asanethicalhackeryouwilllearnhowto

defendyourself.Todefendyourselfsometimeyouneedtoattackyourenemy.Butitisa

partofyourdefensesystem.Itisapartofyourdefensestrategy.Moreyouknowabout

yourenemy’sstrategy,moreyoucandefendyourself.Youneedtolearnthosetoolsare

frequentlyusedbythemalicioushackersorcrackers.Theyusethesametoolthatyouuse

todefendyourself.

#LegalSide

Astimegoesbyandweprogressouroldworldisalsochangingveryfast.Ithasnot

beenlikebeforewhenwekeeprecordsbyenteringdataintoabigLog-Bookandstack

themonebyonedatewise.Nowwekeepdataincomputer.Wedon’tanymoregoto

marketforbuyinganything.Weorderthemovertheinternetandpaymentismadeby

usingcreditordebitcard.Thenatureofcrimehasalsochangedaccordingly.

Criminalsusedtosnatchyourdataphysicallybefore.Theynowsnatchitoverthe

internetusingcomputers.Nowcomputershavebecomeanewtoolforbusinessaswellas

fortraditionalcrimesalso.Onthebasisofwhichaterm“CYBERLAW”comesintothe

fore.Thefirstandmostbasicthingyoushouldrememberis“don’ttrytopenetrateor

tamperanyothersystemwithouttakingpermission.”YoumayaskhowIwould

experimentmyknowledge.TheanswerisVirtualBox.Inyourvirtualmachineyoumay

installasmanyoperatingsystemsasyouwant.Tryeverythingonthem.Tryinganyvirus

onyourvirtualmachinewillnotaffectyourmainsystem.Atthesametimeyouwillkeep

learningaboutthevirus.

Fewexamplesmaygiveyouanideawhattypeofcomputercrimesarepunishable

inourlegalsystem.

Ifyouuseanysoftwaretooltogeneratecreditcardordebitcardnumberthenitisa

highlypunishableoffense.Itwillinvitefineoffiftythousanddollarandfifteenyearsof

imprisonment.Settingupaboguswebsitetotakecreditcardnumberswithafalse

promiseofsellingnon-existentproductsishighlypunishableoffense.Rigorous

imprisonmentandaheftyfinefollow.Icangiveyouseveralotherexamplesthatmay

invitetroublesforyouifyoudon’tstaywithinlaw.

Rememberyouareanethicalhackerandyouarelearninghackingtoolsfor

protectingyoursystem.Forthesakeofprotectionanddefenseyouneedtoknowthe

attack,exploitorpenetrationmethods.

Tryyoureverysingleexperimentonyourvirtualmachine.

#ColorofHats

Hackerscanbedividedintothreecategories.WhiteHatstandsforgoodguysor

ethicalhackerswhousetheirhackingskillfordefensivepurpose.BlackHatmeansbad

guysormalicioushackersorcrackerswhousetheirknowledgetostealdataattacking

systemformaliciousandillegalpurposes.GrayHatstandsforgoodandbadguysboth.It

dependsonsituation.

##WhiteHat

AWhiteHatisanethicalhackerwhohelpsotherstofindweaknessesintheir

systemandhelpthemtosetupnecessarysafetymethodstoprotectdata.Theyalwaysask

permissionofthedataownerbeforetheypen-testtheirsystems.Itismandatorythatprior

toanykindofsystemcheckupyouneedtoseekpermission.WhiteHatsalwaysstay

withinlawsandneverindulgeinanykindofillegalactivities.Northeyperpetratethem.

##BlackHat

Peopleoftencan’tdifferentiatebetweenhackerandcracker.ABlackHatora

crackerisessentiallyahackerbuthedoeseverythingwithmaliciousintentions.Hesteals

data,breaksintothesystemandblocksthepathoftheremotesystemsothatgeneralusers

aredeniedtheservicesthatareusuallyintendedforthem.Theyusethesamehackingtools

thatarefrequentlyusedbytheethicalhackersandsometimestheycreatetheirown

maliciouscodeswiththehelpofthatsoftwaretools.

##GrayHat

YoucanimagineathindividinglinebetweenWhiteHatandBlackHat.Theyare

GrayHats.Theycanusetheirknowledgefordefensiveoroffensivepurposes.Itdepends

onthesituation.Theterm“Gray”meansmanythings.Youneedtoknowitindetail.

Sometimestheselfproclaimedethicalhackerspenetrateintoasystemandtheydo

thatnotwithbadintentionbutjusttosatisfytheirowncuriosityandwhiledoingsothey

thinkthattheyaredoingafavortotheownerofthedata.Theynormallybreakintothe

systemandletthedataownermakeawareaboutthesecurityholes.

Youmayconsiderarealworldexample.Itissomethinglikebreakingthelocking

systemofthedoorofyourneighborinhisabsenceandtellingherlateraboutthesecurity

vulnerabilitiesofherlockingsystem.Thequestionobviouslyrevolvesaroundthelegality.

Youmayhavedoneitwithagoodintentiontohelphervoluntarilysothatshewouldstay

moresecured.Butattheendofthedayitisillegalandshemaynottakeitkindlyandyou

mayendupatjail.

Ithappenswithmanyyoung,immatureethicalhackerswhovoluntarilyfindout

securityholesintothesystemofareputedcompanyandactuallytrytohelpthemwitha

detailreportbutlatertheyareheldguiltyintheeyesoflegalsystem.

##DoestheColorMatter?

Itisalwaysbettertoaskthedataownerbeforeyouwanttoanykindofpenetration

testing.Remember,yourvoluntaryservicesarenotwelcomeandmaylandyouupin

trouble.Ifyouknowthejobyourservicewilldefinitelybesolicited.

Thedocumentationisimportanthere.Thatisexactlywhattheethicalhackersmake

whentheyareaskedtoidentifythesecurityvulnerabilitythatposesthreatstothesystem.

Withscreenshotsandlogfilestheypreparedetaildocumentationofhowthesecurityof

thesystemhasbeenbreached.Dependingonthatreportsecurityprotectionsaretaken

aroundthesensitivedata.

#WhatHackersWanttoDo?

Whetheryouareanethicalhackeroramaliciouscracker,youdothesamething.

Youusetheidenticalsoftwaretoolstoattackthesecuritysystem.Onlyyourpurposeor

intentiondiffers.

Probablyyouknowthatabigcarcompanybeforelaunchinganewmodelofcar

generallyteststhelockingsystem.Theyhavetheirownsecurityengineersandbesides

theycallforthelockingexpertstotestthevulnerability.Theypayagoodamountof

moneyifyoucanbreakthelockingsystemofthecar.Basicallyitisaworkof

“PENTESTING”.ThelockingexpertsPENTESTSthesystemandseeifthereisany

weaknessinthesystem.

Itisgoodexampleofethicalhacking.Thelockingexpertsareinvitedtodothejob

andtheyarepaidwell.Onthecontrarycarthievesdothesamejobwithoutanyinvitation.

Theysimplybreakthelockingsystemofanunattendedcarparkedontheroadsideand

takeitaway.Ihopebynowyouhaveunderstoodthedifferencebetweenethicalhacking

andcracking.

Yourmainintentioncentersonthesecurityofthesystem.Securityconsistsoffour

keycomponents.Asthebookprogressesyouwillincreasinglybefindingwordslike

“PENTESTING”,“EXPLOIT”,“PENETRATION”,“BREAKINTHESYSTEM”,

“COMPROMISETHEROUTER”etcetera.Thefourkeycomponentsmentionedbelow

mainlydealwiththeseterms.Thekeycomponentsare:

1)Availability

2)Integrity

3)Authenticity

4)Confidentiality

Wewillseehowcrackerswanttoattackthesecomponentstogainaccesstothe

system.Sinceahacker’smaingoalistoexploitthevulnerabilitiesofthesystemsohe

wantstoseeifthereisanyweaknessinthesecorecomponents.

Letusassumethehackerwantstoblocktheavailabilityofthedata.Inthatcasehe

willusethe“DenialofAttack”or‘DoS’method.Todothisattackusuallyhackersuse

system’sresourceorbandwidth.ButDoShasmanyotherforms.Whentheresourceor

bandwidthofyoursystemiseatenupcompletely,theserverusuallycrashes.Thefinal

targetisonesystembutthenumberofvictimsisplenty.Itissomethinglikemillionsof

peoplegatherinfrontyourhousemaindoorandjamitwithakindofhumanchainsothat

youandyourfamilymemberscannotenterintoit.

ThesecondkeycomponentIntegrityshouldnotbecompromisedatanycost.What

doesthisterm“integrity”mean?It’sbasicallycenteredonthenatureofdata.Whenthis

natureofdataistamperedwithsomekindof‘BIT-FLIPPING’attacks,theintegrityofthe

systemisalsocompromised.Itcanbedonejustbychangingthemessageitself.Thedata

mayeitherbeinthemoveoratrest,butitcanbechanged.Imaginewhathappenswhena

transactionofmoneyistamperedwiththeadditionoffewmorezeroesattheend!Letus

assumeabankistransferringmoney.Initsinstructionitiswritten:“transfer$10,000”.

Nowtheattackerchangesthecryptictextinsuchamannersothattheamountchangesto

$10,000000.Sotheattackisintendedforthemessageitselforaseriesofmessages.

TheissueofauthenticationisnormallyhandledbytheMediaAccessControl

(MAC)filtering.Ifitisproperlyplacedthenetworkdoesnotallowunauthorizeddevice.

WhathappensifsomeonespoofstheMACAddressofalegitimatenetworkstationand

takesitoff?Hecantakeonthestation’sidentityandcontrolit.Thisiscalled

authenticationattackorMACAddressspoofing.

Finallytheissueofconfidentialityrisesaboveall.Datatravelincleartextacross

thetrustednetwork.Heredatameaninformation.Theinformationtheftlikecracking

someone’spasswordisconfidentialityattack.Thedataorinformationisintendedfor

someonebutinsteadoftherecipientthehackergainstheaccess.Actuallythecracker

stealsitwhenthedataismovingacrossthetrustednetworkascleartext.

#WorkingEnvironment

TheveryfirstthingthatyouneedisaVirtualMachine.AsIsaidbeforeIhave

“UBUNTU”asmydefaultoperatingsystemandinsidevirtualmachineIhaveinstalled

twooperatingsystems–oneisWindowsXPandtheotherisKaliLinux.

TechnicallyfromnowonIwouldmentionWindowsXPandKaliLinuxasmy

virtualmachines.KaliLinuxisaLinuxdistributionthatcomesupwithmanyuseful

hackingtools.SoIstronglysuggestusingitasyourvirtualmachine.Youmayalsoread

thedocumentationpageofkaliLinuxthatwillalsocometoyourimmensehelp.

AtthesametimeI’dnotsuggestusingWindowsofanykindfortheethicalhacking

purpose.SomemayarguethatfewhackingtoolscanbeusedinWindowssowhyyouare

suggestingotherwise?Thepointis:intheethicalhackingworldyouneedtobe

anonymousallthetime.Youwon’twanttokeepyourtrailanywaysothatyoucanbe

tracedback.Remaininganonymousisabigchallenge.InLinuxitisfairlyeasyandyou

canstayanonymousforatimebeing.

KeepingthatinmindIexplainthattechniqueofbeinganonymousinagreatdetail

sothatbeforejumpingupintothebigtaskyoumakeyourdefensemuchstronger.Being

anonymousisthemostprimarythingintheworldofethicalhacking.Keepingyourself

anonymousinWindowsisnotpossible.SoitisbettertoadapttotheLinuxenvironment

veryfirst.Anotherimportantthingismostofthegreathackingtoolsarenotavailablein

theWindowsenvironment.

IfyouhaveneverheardofanyLinuxdistribution,don’tworry.Youcaneither

installuserfriendly“UBUNTU”insideyourWindowssystemoryoucaneasilypartition

yourdiskintotwopartsandinstall“UBUNTU”andWindowsseparatelyasyourtwo

defaultOperatingSystems.Itispreferabledoingthesecondone.Installingand

uninstallingparalleloperatingsystemsalwaysteachyousomethingnew.Ifyouare

habituatedwithWindowsIwon’ttellyoutosimplydumpitforthesakeoflearning

ethicalhacking.Youcankeepitbesideanduseitforyourdailyworks.Thereisno

problemindoingthis.

IntheworldofInternetLinuxismoreused.Soyouneedtolearnalittlebitof

Linuxcommands.SoftwareinstallationinLinuxisslightlydifferentfromWindows

environments.ThereareLinuxdistributionslike“FEDORA”or“DEBIAN”andmany

more.Inamed“UBUNTU”justbecauseitisextremelypopularandWindowsusersfind

themselvescomfortableinsideit.Theoperationsaremoreorlesssameincludingthe

softwareinstallations.Forthebeginnersitisnotdesirabletoinstall“KALILINUX”as

yourdefaultOS.YoumustreadKalidocumentationwhereitisclearlystatedthatKaliis

morefordevelopers.YouaregoingtoinstallitinsideyourVirtualBox.KaliLinuxisa

kindofLinuxdistributionthatcomeswithlotofhackingtools.Youneedtoknowthem

andusetheminthecourseofethicalhacking.

InstallingVirtualMachineisaveryimportantstepasthefirststepofbuildingyour

environment.InthenextchapterIwillshowyouhowyoucandothatfordifferent

OperatingSystems.Anotherimportantthingislearningaprogramminglanguagethatwill

reallyhelpyoulearnEthicalHackingbetter.

TheobviouschoiceisPython.Atthetimeofwritingofthisbook,Python3.xhas

alreadycomeandconsideredasthefutureofthislanguageitisveryfastcatchingupwith

theoldPython2.xversionwhichhasbeenaroundthemarketforawhile.Theofficial

PythondownloadpageprovidestherepositoryofPythoninstallersforWindows,MacOS

XandLinuxoperatingsystems.Ifyoudownloadaninstalleritisofimmensehelpbecause

itcomeswiththePythoninterpreter,standardlibraryandstandardmodules.Thestandard

libraryandbuiltinmodulesarespecificallyveryimportantbecausetheyofferyouseveral

usefulcapabilitiesthatwillhelpyouachieveyourgoalasanEthicalHacker.Amongthe

usefulmodulesyouwillgetcryptographicservices,Internetdatahandling,interaction

withIPProtocols,andinteroperabilitywiththeoperatingsystemandmanymore.Sogo

ahead,pickupanygoodbeginner’sbookonPython,readtheofficialdocumentationand

thinkthatitisapartofyourlearningschedule.Pythonisanextremelyeasylanguageto

learn.

Tocreateanidealethicalhacker’senvironmentfewstepsareextremelyimportant.

Thestepsinclude:installingVirtualMachineorVirtualBox(VB),havingabasic

knowledgeaboutnetworkingandlearningausefulprogramminglanguagelikePython.

Letusfirsthavealookatthebasicnetworkingknowledge.

#EthicalHackingandInternetworking

AbasicknowledgeaboutInternetworkingisextremelyimportantifyouwantto

learnethicalhacking.Asyouprogressandwanttogodeeperitisadvisabletolearnmore

aboutnetworking.Ethicalhackingandinternetworkingisverycloselyassociated.Asyou

progressthroughthisbookyouwillfindwordslike“packet”,“switch”,“router”,

“modem”,“TCP/IP”,“OSI”andmanymore.

Theveryfirstthingyouneedtoknowis:datatravelthroughmanylayers.Ethical

hackerstrytounderstandtheselayers.Oncetheyhaveunderstoodthemovementthey

eitherwanttotrackandblockthedataortheywanttoretrievedata.

Inthischapterwewouldverybrieflyseehowinternetworkingmodelswork.We

willlookintothedifferenttypesofnetworkingmodels.Wewillalsoknowaboutthe

devicesthatcompriseanetwork.

#WhatDoesNetworkMean?

ANetworkisacollectionofdevicesthatareconnectedthroughmedia.Oneofthe

maincharacteristicsofanetworkis:devicescontainservicesandresources.Devices

containPersonalComputers,switches,routersandserversamongothers.Whattheydo

basically?Theysenddataandgetdataeitherbyswitchingorbyrouting.Actuallythey

connectuserssothatusersultimatelygetfulldatainsteadofgettingitbypieces.Sothe

basicservicesthesedevicesprovideincludeswitching,routing,addressinganddata

access.

Wecanconcludethatanetworkprimarilyconnectsuserstoavailtheseservices.

Thatisitsfirstjob.Thesecondjobisalsoveryimportant.Anetworkalwaysmaintainsa

systemsothatthedevicesallowtheuserstosharetheresourcesmoreefficiently.

Nowaproblemarises.Notatrivialproblemisthis.Hardwareandsoftware

manufacturersdon’tknoweachother.Theybelongtodifferentcountriesandsharediverse

cultures.Whentheconceptionofnetworkingfirstcameintotheforeitwasfoundthat

hardwareandsoftwareweren’tmatching.AsIsaidbeforeanetworkisacollectionof

devices.Thesedevicesaremainlybuiltofhardwareandsoftwarethataretalkingin

differentlanguages.

Tosolvethisproblemacommonnetworkmodelwithcommunicationfunctionsis

neededsothatdissimilardevicescaninteroperate.

Theimportanceofinternetworkingmodelsconsistsoffewmainconcepts.Firstthey

encourageinteroperability.Secondtheyprovideareferencethroughwhichdatawillbe

communicated.Thirdtheyfacilitatemodularengineering.

Therearetwotypesofinternetworkingmodels.

TheyareOpenSystemsInterconnection(OSI)referencemodelandTransmission

ControlProtocol/InternetProtocol(TCP/IP)model.Bothmodelsarewidelyusedtoday.

TheOpenSystemsInterconnection(OSI)referencemodelwasdevelopedbythe

InternetStandardsOrganization(ISO)andithassevenlayersinall.Thelayersareas

follows:application(layer7),presentation(layer6),session(layer5),transport(layer4),

network(layer3),datalink(layer2)andphysical(layer1).

Letusverybrieflytrytounderstandhowthismodelworks.Supposeausertriesto

openawebpage.Theveryfirstthinghedoesissendingarequesttotheserverthatis

locatedseveralthousandmilesaway.Heretheserver’sharddiskorhardwareisthelast

layer(layer1)whichistermedas“physical”.Souser’srequestfirstknocksthe

“application”layer(7)whichisthenearestandthenitproceeds.Everyprocessineach

layerinvolvesacomplicated“bitsandbytes”functioning.AComputeronlyunderstands0

and1.Buttheuserdoesnotlovetoseeavideoin0and1.

Letusbreaktheprocessinmoredetail.

Intheapplicationlayer(7)userinteractswiththedevicethatcouldbeapersonal

computerorsmartphoneoranythingyoumightguess.Sotheapplicationlayerbasically

handlestheuser’sinteraction.Thenameofdatagramis“data”.Theuserrequestsforthe

dataandultimatelyretrievesthedata.Whathappenswhentheusersendsrequestsfrom

thelayer7?Itentersintothenextlayer(6)presentation.Theprocessofencapsulation

starts.Dataisformattedandencrypted.Nextthelayer5orsessionentersintothescene.

Thislayermanagesendtoendcommunication.Supposeyoutypeapasswordandloginto

yoursocialmediaaccount.Thislayermaintainstheendtoend(usertoserver)

communicationsothatyoucanremainloggedintoyourpage.Tillthislayerthenameof

datagramis“data”.

Toassistyoutomaintainyoursessionthenextthreelayersworkveryhard.They

aretransport(layer4),network(layer3),datalink(layer2)respectively.Thenameofthe

datagramoftransportlayeris“segment”.Whythisiscalled“segment”?Itissuchcalled

becauseitbreaksyourrequestintoseveralfractions.Firstitaddssourceanddestination

portnumbers.Nextittriestomakeitreliableaddingsequencenumbers.Soinanutshellit

providesflowcontrol,sequencingandreliability.

Whathappensnext?

Yourrequestentersintothelayer3thatiscallednetwork.Thenameofdatagramis

“packet”.ItaddssourceanddestinationIPaddresses.Italsolooksaftersothatyour

requestfindsthebestpathtoreachthedestination.

Nowyourdatarequestalmostreachesthefinalstage.Itentersintothelayer2that

isdatalink.Itisnearingtheendpointthatisserver’shardware.Sothislayeraddssource

anddestinationMediaAccessControl(MAC)addresses.NextitgoesthroughFrame

CheckSystem(FCS)processes.Itchecksframebyframewhetherthesourcerequests

reachtherightdestination.Thatiswhythedatagramisknownas“frame”.

Nowithasenteredintothefinaldestinationthatislayer1orphysical.Thereare

onlybitsoverthephysicalmedium.Thenameofthedatagramis“bitsandbytes”.

Nowwecanimagineasmallofficewithonerouter,twoswitchesandfewdesktops,

laptops,printersandservers.Therouterisconnectedtotheswitchesandtheswitchesare

connectedtothedeviceslikedesktops,laptops,printersandservers.Heredesktops,

laptops,printersandserversbelongtothelayer1thatisphysical.Theswitchesbelongto

thelayer2thatisdatalinkandtherouterfitsinthelayer3thatisnetwork.

Routersarelayer3devicesandperformfewdefinitetasks.Theyarepacket

switching,packetfiltering,andpathselectingandfinallycommunicating.Thetaskof

packetswitchinginvolvestheprocessofgettingapackettothenextdevice.Herethenext

deviceistheswitches.Packetfilteringsuggestsinitsnamewhatitactuallydoes.Iteither

permitsorblockspacketsdependingoncertaincriteria.Pathselectingisdeterminingthe

bestpaththroughthenetworktothedestination.Communicationisanotherimportantpart

ofthislayer.RouterscommunicatewithothernetworkslikeInternet.

Betweenrouters,layer3devices,andtheendapplicationphysical,layer1devices

thereareswitcheswhicharelayer2devices.Insomecasesswitchesperformthetaskof

layer3devices.Switchesbasicallydealwithframefilteringandforwarding.Italso

maintainstheconnectionbetweenlayer3andlayer1.

##Summary

Letusquicklyrecapwhatwehavejustlearnedabouttherelationsbetweenethical

hackingandinternetworking.

1)Internetworkingmodelsencourageinteroperabilitybetweendifferentdevices

providingareferencetodescribethedatacommunication.Atthesametimeitfacilitates

modularengineering.

2)Therearetwotypesofinternetworkingmodels.TheyareOSIReferenceModel

andTCP/IPModel.

3)TheOSIModelhassevenlayers.Theyare:application(layer7),presentation

(layer6),session(layer5),transport(layer4),network(layer3),datalink(layer2)and

physical(layer1).

4)TheTCP/IPModelhasfourlayers.Theyare:application(layer4),transport

(layer3),network(layer2)andnetwork(layer1).

Anethicalhackertriestounderstandthisprocessofdatacommunicationand

penetratesaccordingtothevulnerability.

#InstallingVirtualBox

Thefirstquestionthatcomestoourmindis:whydoweneedavirtualboxwhenwe

haveadefaultoperatingsysteminplace?Thereareseveralreasons.Themostimportant

reasonis:inavirtualboxwecanplaywithanyoperatingsystemwithoutanyfearof

messingitup,evenbreakingitup.Thereiseverypossibilitythatwhiletestingahacking

toolwecouldbreakasystem.Iencourageyoutodothat.Itisavirtualmachine.So,go

ahead.Testeverythingthatcomestoyourmind.Anothergreatreasonofusingvirtualbox

isthesafety.Whenyouvisitawebsiteyoumightconsiderittobesafebutinrealityit

couldnotbeso.Butnothingmattersinthecaseofvirtualbox.Itisnotyouroriginal

machinewithconfidentialdata.Visitingunsafewebsiteisnotannoyinganymore.

Onlyonethingyouneedtoremember.Staywithinlaw.Whiletestingyourhacking

toolsorrunningcodes,youcannotjeopardizeanyothersystem.

TheOracleVirtualBoxofficialwebsiteoffersplentyofdownloadoptions.Youcan

chooseanyoneofthem.AccordingtoyourOSyougotothe“download”sectionandsee

whatisavailableforyou.Fromthenextimageyouwillhaveanideahowyoucanproceed

further.

(VirtualBoxdownloadsectionforLinuxHosts)

TheselectedlineoftheaboveimageshowsthedefaultoperatingsystemIam

runningcurrently.Thatis“Ubuntu14.04(Trusty)”andthearchitectureis“AMD64”.

VirtualBoxisveryeasytoinstall.WhateveryourOSis–MacOSX,orWindows

orLinux,youcaninstallit.FirstyouneedtoknowaboutyourOperatingSystemitself.It

couldbeeither32bitor64bitarchitecture.InanyLinuxdistributionitisextremelyeasy

tolearn.Justopenuptheterminalandtype:“uname-a”.

Theterminalwillspitoutsomevitalinformationthatincludesalldataregardingmy

currentdefaultsystem.TheLinuxisof3.19.0versionandthesuperuser’snameis

“hagudu”andfinallyitalsoindicateswhattypeofsystemarchitectureisthis.Itlookslike

this:

(Aterminalimagethattellsaboutsystemarchitecture.)

Asinmycaseyouclearlyseethat“x86_64”standsfor64bit.IntheVirtualBox

officialdownloadpageforallLinuxdistributionyoufirstdownloadtherequiredpackages

andtheninstallitaccordingtothenatureofyourOS.ForRedHat,FedoraoranyLinux

distributionbelongingtothatcategoryyouwillnoticethatthelastextensionis“.rpm”.In

thatcaseyoucanmovetotheVirtualBoxfolderandissuecommandslike“rpm-i”or

“yuminstall”incaseyourunRedHatorFedora.

ButtherearemoresimplemethodstoinstallVirtualBox.

Fortheabsolutebeginnersitismuchhelpfultorun“UBUNTU”Linuxdistribution

asyourdefaultOS.YoucaninstallVirtualBoxfromthesoftwarecenterdirectlywithout

openinguptheterminalorissuinganycommand.

“UBUNTU”softwarecenterhasmanycategories.Oneofthemshowsthe

“Installed”software.

(UBUNTUsoftwarecentershowsVirtualBoxrunning.)

Itisnottherebydefault.Inthatcaseitisextremelyeasytoinstall.Youcanjust

type“VirtualBox”onthesearchtextboxanditwillpopup.Moveaheadandpressthe

installationbutton.

OncetheVirtualBoxhasbeeninstalledonyourmachineyouneednotworryabout

installingseveraloperatingsystemsonit.Attheverybeginningweareinterestedabout

installingKaliLinuxonourVirtualBox.GototheofficialKaliLinuxwebsiteand

downloadtheISOimageofthelateststableversion.KaliLinuxismuchbiggerLinux

distributionthanotherLinuxdistributions.Itmustbearound3GB.UBUNTUandothers

arearound1GBoralittlebitmore.

Nowoncetheinstallationprocessisover,youcaneitherstoreitonyourlocalhard

driveorburnitonaDVD.NowopenupyourVirtualBoxandclick“New”.Itwill

automaticallyopenupanewwindowthatwillaskyouwhattypeofoperatingsystemyou

aregoingtoinstall.Thefollowingimageisquiteselfexplanatory.

(HowtoinstallanOperatingSystemonVirtualMachine)

YouseeontheVirtualBoxIhavealreadyinstalledtwooperatingsystems.Oneis

KaliLinuxandtheotherisWindowsXP.Inyourcase,whenyouaregoingtoinstallfresh,

theleftpanelofyourvirtualboxwillbeempty.

Thewholeprocedureisveryexplicitinitself.Itwillguideyoutodowhattodo

next.BasicallyontheInternettherearelotsofillustrativeguidesthatwillhelpyoudothe

samething.Nowitistimetowritedownthenameoftheoperatingsystemyouareabout

toinstall.Nextselectthetype–whetheritisLinuxorWindowsetc–andtheversion.In

thelonglistofversionssectionyouwon’tfindthenameofKali.Butbasicallyitis

“DEBIAN”.Sogoaheadandselectthe32bitor64bitDebianaccordingtoyoursystem

architecture.Clicknextanditwillaskforthememoryusageasitisshowninthenext

image.

(InstallationprocessofKaliLinuxonVirtualBoxasksforMemorySize)

Youcanallocatethememorysizeasperyourmachinecapacity.Minimum1GBis

good.Itisbetterifyoucanallocatemore.Inthenextstepitwillaskforstoragecapacity

andlittleothernitty-gritty.

Icanassureyou,asacompletebeginneryouwon’tfaceanydifficultytoinstallKali

LinuxonyourVirtualBox.Themostimportantpartofthisinstallationprocessisyou

needtokeepyourInternetconnectionrunningonsothatKaliLinuxwilladjustits

prerequisitesaccordinglyonline.

Usuallywhenanoperatingsystemisinstalledonavirtualmachineitcomesupina

smallsizeanditstayslikethat.Thenextimagewillshowyoutheoriginalsize.

(KaliLinuxrunningonOracleVMVirtualBox)

Butworkingonthissizeisreallycumbersome.Tosolvethisproblemnormally

VirtualBoxGuestAdditionisbeingused.Butbeforethatyoumaywanttoupdateand

upgradeyournewlyinstalledKaliLinux.Thatisagoodpracticethathelpsyoutobe

updatedallthetime.Afteryouhaveloggedintypingusernameandpassword,youwill

findtheterminalontheleftpanel.Openitandtype:

apt-getupdate

Youmustbeonlinesothatitwillbeupdatedonyourown.Itmighttakesometime.

Afteritfinishesoffyouissuethesecondcommand:

apt-getupgrade

Normallytheup-gradationtakesmoretimethanupdating.Ifyouarearootuser

thenthereshouldnotbeanyproblem.Butifyouhavecreatedanotheruserandlogsinas

thatuserthenyoumusttype“su”commandbefore.“SU”standsforsuperuserorroot

userwhoistheadministration.Itwillaskforyoursuperuserpasswordinstantly.Yougive

anditwillworkfine.

Letuscomebacktotheoldproblem.ThenewlyinstalledKaliLinuxislooking

smallinsizeandyouareobviouslyatalossandyoudon’tknowwhattodo.Howyouwill

getthefullscreenview?

Hereisacommandthatwillrescueyoufromthisproblemandsolveit.Youneedto

installonemorepackageandupgradeyourvirtualmachineagainsothatitgetsthefull

screenview.

(KaliLinuxrunning–OracleVMVirtualBoxwithpasswordattackstool)

Openuptheterminalandtype:

apt-getupdate&&apt-getinstall-ydkmslinux-headers-$(uname-r)

ThiswillinstallthenecessarypackagethatwillruntheVirtualBoxGuestAddition.

ItissomethingthatyoucanimagineasatoolthatcontrolsthescreensizeofyourHost

OS.

Howyouwillyourunitoncethepackageisinstalled?Thenextimagewillguide

youtofindtheplacewhereyouwillgetit.

(GettingthefullscreensizeofKaliLinuxonVirtualBox)

Takeyourmousepointertotheuppermiddlepartwhereyouwillgetthe“Devices”

menu.Thelastonereadslikethis:insertguesteditionCDimage.Clickitanditwill

automaticallytakecareofeverything.

Normallyitshouldworkfine.Ifnot,takeitasachallenge.SearchovertheInternet.

Therearelotsofhelpinghandswaitingforyoutoassistwhatyouwanttoget.

NowwearegoingtoinstallWindows7Ultimate.Thestartingprocessissame.You

openthevirtualbox.Goto‘new’andclick.Itwillopenupawindowthatwillaskyouto

typethenameoftheoperatingsystemyouaregoingtoinstall.Nextitwillaskforthe

memorysize.ForWindows7Ultimateyouneedtoallocateatleast2GB.Biggerisbetter.

Fortheharddiskstoragecapacity50GBisenough.

NowyouarereadytoconnecttotheISOimageoftheOS.

Thispartislittletrickybutanyonlineguidewillshowyouhowyoucanconnect

them.

Whenyouclickthe‘storage’sectionofyourVirtualBoxitwillpopopenawindow

thattellsyoutoconnectwiththeISOimage.Itisnotatalldifficult.Theadvantageof

VirtualBoxisifyoufailtodosomejobitwon’taffectyouroriginalmachine.

(InstallationofWindows7Ultimatetakesplace.)

(Windows7Ultimateisgettinginstalled.)

WhenanynewOSisinstalledonyourvirtualmachine,itisusuallysmallinsize.

Butthereistechniquethatwillhelpyougettheoriginalfullscreeneffect.

ForWindows7UltimatethereisaVirtualBoxGuestAdditionfolderavailablein

thestoragesection.Inthenextimageitshowsup.Thebluecoloredboxcomeswitha

label.ItreadsVirtualBoxGuestAdditions.Justclickonit.Itwillopenup.Itwillcontain

severalfiles.Youwillnoticetwo‘.exe’files.Oneisforthe32bitandtheotherisfor64

bitsystemarchitecture.Mymachineis64bitsoIclickandrunit.Thestepsarevery

simple.Itwillaskfortobeinstalled.ClickOKandproceed.ItwillmakeyourWindows7

Ultimatevirtualmachinestatefullscreen.

WehavesuccessfullyinstalledVirtualBoxandonourvirtualmachineandwehave

installedKaliLinuxandWindows7Ultimateonit.Nowit’stimetomoveon.

#LinuxTerminal,BasicCommands

ItisextremelyimportanttoknowabouttheLinuxterminalandcommands.Notina

greatdetail,butthisprimaryknowledgewillhelpyouimmenselyinthefuture.Themore

youdelvedeepintotheworldofethicalhackingyouwillstartfeelingthatyouneedto

knowmoreabouttheLinuxsystem.Thisbookwillnottakeyouthatfar.Butaverybasic

knowledgeisnecessarysothatyoucanunderstandwhatisgoingonaroundyouinthis

bookalone.

ItmightseemrepetitivebutIwouldlikeittobecementedonyourmindthat

withoutknowingLinuxproperlyyoucan’tgodeepintothemysteriousworldofethical

hacking.Soyoumustknowbasiccommandsfirst.Thesecommandswilltellyouabout

thecomputeritself.Itwilltellyouthelocationoffilesystem–whereyouareonyour

computer.Bythesecommandsyoucanchangethepermissionofafilesystem,copyor

permanentlyremoveafile.Youcanaddanewusertoyoursystem.Youcanhavealisting

offilesthatarecurrentlyinthedirectorywhereyouare.Thislistingincludesthehidden

files.Inanutshellyoucanatleastdothebasicoperationsthroughyourkeyboardwithout

usingyourmousepointer.Thatisgreatfromtheperspectiveofabeginner,Ipresume.

TobeginwithletusfirststartKaliLinux.Inthefollowingimageyouwillseeafull

screenrepresentationofKali.Iamgoingtoexplainfewthingsfirstsothatasabeginner

youwilllearnwhatyouneedtoknowfirstaboutKali.

(KaliLinuxfullscreenviewwithitsleftpanel)

TheimageaboveisshowingthefullscreenviewofKaliLinux.Ontheleftpanel

theonthetop,thereisthebrowser“ICEWEASEL”.Nextfollowsthecommandlinetool.

Weneedthattoolprettyofteninthecominglessons.Thecommandlinetoolorterminal

basicallydealswithalltypeofkeyboardinputs.Thegoodprogrammershardlyusemouse

pointer.Theyaremorecomfortablewiththisterminalandkeying.Thefile-systemfollows

it.Ifyouclickonit,itwillopenupawindowjustlikeanyWindowsNTversion.Youwill

seevariousdirectoriesandfolderslike‘Home’,‘Downloads’,‘Pictures’etcetera.

Letusstartwiththecommandtoolbyopeningit.Youcanmakeitlookbigger.Just

useyour‘control’and‘shift’keyswiththe‘+’sign.

Inthefollowingimageyouwillseefewstartingcommandsthatweusuallytypeto

knowwhatkindoffileswehaveinsomedirectoriesorfolders.

(KaliLinuxwiththecommandlinetool)

Whatdoestheimageshow?

ItshowsthatIhavetyped‘ls’first.Whatdoesthat‘ls’commandmean?Itstandsfor

listing.ItellKalitoshowthelistingoffilesandfoldersthatyouhaveandinafractionof

seconditshowsmeallithas.

NextIhaveused‘cd’command.Whatdoesthatmean?

This‘cd’commandstandsfor‘changedirectory’.YouseeintheimagethatIhave

changedthedirectoryto‘home’andissue‘ls’commandagaintoseewhatithas.Ithasone

foldercalled‘sanjib’andafile.Thefolder‘sanjib’meansthe‘root’orsystemitselfhasa

usercalled‘sanjib’.NowasarootoradministratorIhavecreatedthatusersothatatthe

beginningIcanloginas‘sanjib’.YoucancreateseveralusersinaLinuxsystemsothat

fromvariousmachinestheycanlogintotheirfilesandfolders.Buttheuserswillnever

havetherootprivilege.Theycan’tpenetrateintotheadministrator’sspacebuttherootor

administratorcanalwaysseewhattheusersdoing.Asarootanadministratorcancreate,

deleteanyuser.

Formthisplaceyouguesswhatishappening.Wechangedirectoryandlookwhat

‘sanjib’hasinhisdirectory‘Downloads’.

Nextwelearnaboutthe‘pwd’command.Ifstatesyourposition.Asarootifyouare

at‘Home’directoryandissue‘pwd’commandithasoutputlikethis:

root@kali:/home#pwd

/home

root@kali:/home#

Itsaysyouareat‘/home’directory.This‘pwd’commandisimportantwhenyou

havetocontrolalargecomplicatedsystem.Oftenyoumightforgetwhereyouare

working.Usuallyifyouwanttogobacktothepreviousdirectoryyouneedtotypethis.

root@kali:/#cd/home/sanjib/

root@kali:/home/sanjib#cd..

root@kali:/home#

Itmeansyoufirstgoto‘sanjib’directoryandthencomebackwith‘cd’command

havingtwodots.

Nextwelearnabout‘cp’command.Thiscommandstandsforcopy.Youcancopya

filefromonedestinationtotheother.Wehaveseenthatinour‘home’directorywehavea

file‘VBoxLinuxAdditions.run’.Letuscopythisfiletothe‘Documents’directoryofuser

‘sanjib’.

root@kali:/home#cp-vVBoxLinuxAdditions.run/home/sanjib/Documents/

‘VBoxLinuxAdditions.run’->

‘/home/sanjib/Documents/VBoxLinuxAdditions.run’

root@kali:/home#

Nowwewouldliketogo‘sanjib’documentsfolderandseewhetherthefilehas

beenproperlycopiedornot.

root@kali:/home#cdsanjib/Documents/

root@kali:/home/sanjib/Documents#ls

VBoxLinuxAdditions.run

root@kali:/home/sanjib/Documents#

Ihavechangeddirectoryto‘sanjib/Documents’andissue‘ls’commandtoseethe

listing.Itshowsthefile.Soitisworkingproperly.

Youcanlearnaboutanycommandveryeasily.Youjustneedtoadd‘—help’

commandlikethis:‘cp—help’.Itspitsouteverythingaboutthatcommandanditisvery

verbose.Ittellsyouaboutanycommandinfulldetail.

Anotherveryimportantcommandis‘mv’.Withthiscommandyoucanmoveany

filefromonefoldertoanotherfolder.Thiscommandismoreorlesslike‘cp’command.

Butthereisamajordifference.Thiscommandcompletelymovesthefilefromoneplace

totheother.Anotherimportantcommandis‘cat’.Youcanreadanytextfilewiththehelp

ofthiscommand.

Ihaveafoldercalled‘Writing’andhavesomedocumentsoverthere.Nowwiththe

helpofthiscommandwecanreadanytextfile.Rememberitistrueonlyforatextfile.

Foranexperiment,Iwantedtoreadafilewithextension‘.odt’andthenextimageshows

youhowitlookedlikeontheterminal.

(Tryingtoreadanon-textfilewith‘cat’command.)

InthispartIwanttoshowanothertrickthatisoftenbeingusedinLinux.Suppose

youwanttowriteatextfileveryquickly.Youcanuse‘nano’.ItcomeswitheveryLinux

distribution.Justtype‘nano’onyourterminalanditwillopenupatexteditoronthe

terminalitself.Nextimageshowsyouhowithappens.

(Nanotexteditor.Howtosaveafileandexittheeditoriswritteninit.)

Nowyoucansafelyreadthisnewfile‘novel.txt’withyour‘cat’command.Allyou

needtodoisissueacommandonyourterminallikethis:

catnovel.txt

Itwillreadyourfileontheterminalitself.

Nowitcouldbeagoodideatoeditthisfile.Youcanedititonterminalusing

‘nano’.Inthatcase,youneedtowriteonyourterminalthiscommand:

nanonovel.txt

Thiswilltell‘nano’toopenthefile.Therestissame.Youcaneditanyportionand

withthe‘control’and‘o’keyyoucansaveitagain.Thenyoucanexitthefilewith

‘control’and‘x’.

Inthenextimagewewillseehowitlookslikewhenwetrytoreadafilebyusing

‘cat’command.

(Readingatextfileusing‘cat’command)

Usuallyseasonedprogrammersusetoworkontheterminalandthetexteditorlike

‘VI’,‘VIM’or‘NANO’isextremelypopular.

NowwearegoingtolearnaveryimportantLinuxcommandcalled‘grep’.This

commanddoessomesortofsearchinginsideafileanditdoesitinaveryinteresting

manner.Letusfirstseewhatwehaveinourrootdirectory.

Weissueacommandlikethisonourterminalandseetheoutput.

hagudu@hagudu-H81M-S1:~$cd/etc/apt

hagudu@hagudu-H81M-S1:/etc/apt$ls

apt.conf.dsources.listsources.list.savetrusted.gpgtrusted.gpg.d

preferences.dsources.list.dtrustdb.gpgtrusted.gpg~

hagudu@hagudu-H81M-S1:/etc/apt$

Asyoucanseewehavechangedthedirectoryto‘/etc/apt’andseethelisting.We

findmanyfilesthereandpresentlyweareinterestedaboutthe‘sources.list’file.Wecan

use‘cat’commandtoreadthefilebutwehavesomethingdifferentinourmind.

Wewouldliketosearchsomeparticularwordandwanttoseparatethemandseein

segregation.Thecommand‘grep’alongwithanothercommand‘|’(pipe)willhelpusin

doingso.

Weactuallytelltheterminaltodisplaythecontentof‘sources.list’firstandthen

pipethattermtooursearchingprocess.Letusseehowitworks.

Ifwesimplywriteacommandlike‘catsources.list’,itwilldisplayalonglistingof

thesourcesofthisLinuxsystem.Youcanwriteandseethem.Butweareinterestedabout

searchingtheword‘src’andwanttoseehowmanytimethatwordhasbeenusedinthe

‘sources.list’.

Sothefinalcommandandtheoutputarelikethis:

hagudu@hagudu-H81M-S1:/etc/apt$catsources.list|grepsrc

deb-srchttp://in.archive.ubuntu.com/ubuntu/trustymainrestricted

deb-srchttp://in.archive.ubuntu.com/ubuntu/trusty-updatesmainrestricted

deb-srchttp://in.archive.ubuntu.com/ubuntu/trustyuniverse

deb-srchttp://in.archive.ubuntu.com/ubuntu/trusty-updatesuniverse

deb-srchttp://in.archive.ubuntu.com/ubuntu/trustymultiverse

deb-srchttp://in.archive.ubuntu.com/ubuntu/trusty-updatesmultiverse

deb-srchttp://in.archive.ubuntu.com/ubuntu/trusty-backportsmainrestricted

universemultiverse

deb-srchttp://security.ubuntu.com/ubuntutrusty-securitymainrestricted

deb-srchttp://security.ubuntu.com/ubuntutrusty-securityuniverse

deb-srchttp://security.ubuntu.com/ubuntutrusty-securitymultiverse

#deb-srchttp://archive.canonical.com/ubuntutrustypartner

deb-srchttp://extras.ubuntu.com/ubuntutrustymain

#deb-srchttp://archive.ubuntu.com/ubuntutrustyuniverse

hagudu@hagudu-H81M-S1:/etc/apt$

Thisisinterestingtonotedownthatwehavefirstissuedacommandlikethis:cat

sources.list|grepsrc

Andthelongoutputthatfollowsthatcommandhasallthestatementsthathave‘src’

init.

Wecanevenfilterthesourcefilemoredistinctly.Wecannarrowdownoursearches

moreandtellterminaltofindouttheword‘src’onlywithsmallletterbywritingdown

thiscommand:

catsources.list|grep–isrc

Inthefuturewewillusethis‘grep’commandextensivelytoscananetworkwitha

particularword.

Anotherimportantcommandis‘echo’.Thiscommandliterallyechoeseverything

youwriteonyourterminal.Youcanalsodosomethingmorewiththiscommand.Youcan

evenchangeatextfilewiththiscommand.

Previouslywehavewrittenatextfile‘novel.txt’andsaveditonourhomedirectory.

Nowwearegoingtooverwritethatfilewiththis‘echo’command.

hagudu@hagudu-H81M-S1:~$echo“IDON’TLIKETHISNOVELANYMORE

SOICHANGEIT”>novel.txt

hagudu@hagudu-H81M-S1:~$catnovel.txt

IDON’TLIKETHISNOVELANYMORESOICHANGEIT

hagudu@hagudu-H81M-S1:~$

Wehavefirstechoedsometextonourterminalthenweused‘>’(greaterthansign)

toputthattextintothefile‘novel.txt’.Inthenextcommand,wehaveagainused‘cat’

commandtoreadthefile‘novel.txt’andfoundthatthefilehasbeenchanged.

NowwewilllearnhowtomakedirectoriesinLinux.Thereisaveryuseful

command:‘mkdir’.Itplainlymeans‘makedirectory’.Letusmakeadirectorynamed

afterthisproject:‘EthicalHacking’.Youmayguessthatthecommandisextremely

simple:mkdirEthicalHacking

No,itisnot.Inthiscase,ifyouwritethatway,Linuxterminalunderstands

somethingelse.Itcomprehendsthatyouwanttocreatetwoseparatedirectories.Oneis

‘Ethical’andtheotheris‘Hacking’.Ithasalreadycreatedtwodirectoriesinthatway.So

letusremovethemfirstandnextwewillcreateadirectorywithmoremeaningful

meaning.

Toremoveadirectoryyoumusthave‘root’privilege.Itmeansyouare

administratororsuperuserofthesystem.In‘UBUNTU’ifwewanttobea‘root’or‘super

user’,weissueacommand‘sudo’first.InKaliLinuxitisdifferent:‘su’.Butinbothcases

onceyouwritethatcommandthesystemwillaskforthepasswordthoroughtheterminal.

Letusseehowitworks.

Wefirstissuethecommandandinthenextstepwecheckwith‘ls’commandtosee

whetherthosedirectoriesexistanymore.

hagudu@hagudu-H81M-S1:~$sudorm-rfEthical/Hacking/

[sudo]passwordforhagudu:

hagudu@hagudu-H81M-S1:~$ls

Itworked–twodirectorieshavebeenremovedsuccessfully.Letustryto

understanditmore.Wealreadyknowthatthe‘rm’commandstandsfortheword

‘remove’.Butwhataboutthe‘-rf’commandthatfollowsit?Thecommand‘-rf’means

‘doitrecursivelywithforce’.Generallythis‘-rf’commandisusedtoremovedirectories.

Youhavetobeverycarefulaboutusingthiscommand.Because,inLinuxonceyouhave

usedthiscommandthefileordirectoryisdeletedpermanently.Itisnexttoimpossibleto

retrievethem.Itiswisetobeverycarefulaboutusingit.

Hopefullyyouhavealsonoticedthatwehavestartedourcommandlinewith

‘sudo’.Andoncewritten‘sudo’,itasksforthepassword.Inthiscaseyoualwaysgivethe

passwordthatyouusuallytypedowntologintothesystem.

Letusagainmakethedirectoryproperlyandthistimewenameit‘Ethical-

Hacking’,sothatthesystemwillnolongerinterpretitastwoseparatedirectories.

hagudu@hagudu-H81M-S1:~$mkdirEthical-Hacking

hagudu@hagudu-H81M-S1:~$cdEthical-Hacking/

hagudu@hagudu-H81M-S1:~/Ethical-Hacking$ls

hagudu@hagudu-H81M-S1:~/Ethical-Hacking$touchfile1file2

hagudu@hagudu-H81M-S1:~/Ethical-Hacking$ls

file1file2

hagudu@hagudu-H81M-S1:~/Ethical-Hacking$

Firstwehavemadedirectory‘Ethical-Hacking’.Thenweuse‘cd’togoinsideit

andwiththehelpof‘ls’wecheckedthatthedirectoryisempty.Afterwardsweissue

‘touch’commandtocreatetwofiles:‘file1’and‘file2’.Againweissue‘ls’commandto

checkthattwofileshavebeencreatedsuccessfully.

InEthicalHackinganonymityisaverybigdeal.Inthenextchapterwelearnitin

greatdetail.Beforethatyouneedtounderstandthatintheprocessofbeinganonymousit

isgoodtobeanyuserratherthantherootuser.Astherootorsuperuseryoufirstadda

userfirstinyourvirtualKaliLinux.Setapassword.ShutdownKali.Rebootandloginas

thenewuser.Itisagoodpractice.

Nowhowyoucouldaddauser?LetusopenourvirtualKaliandastherootuser

we’duse‘adduser’commandontheterminal.Supposeournewuserwillhaveanamelike

‘xman’.Inthatcasethecommandwillbeverysimple:adduserxman.

OnceyouhaveissuedthiscommandKaliasksforthepasswordandotherdetail.

Giveastrongpasswordofatleasteightcharacterswithalphanumericcharacters.Now

shutdownyourmachineandloginas‘xman’.Forotherdetailsitisnotmandatorythat

youneedtogiveyourrealidentity.Youcanfillthemwithanydata.

Astherootorsuperuseryoucanaddasmanyusersasyouwish.Youcandelete

themanytime.Youcanrestricttheiractivitiesfromanyangle.Asanadministratoryou

canaddauserwhowillnotbeabletologinaftersixmonths.Youcancreategroupsand

setarulesothatentryisrestricted.Someuserscanenterintothatgroup.Somecan’t.

Primarilyyouneedtoaddoneuser‘xman’andloginthesystemasthenewone.A

userisnotpermittedtoaccessortamperanyfileoftherootorsuperuser.Butassuper

useryoucanalwayschangethefilepermission.Itisaveryimportantconceptfromevery

angle.InInternettheconceptoffilepermissionisextremelyimportant.

Anyfilehasthreetypesofpermissionsrelatedwithit.Itcanbeonly‘readonly’.

Themeaningisclear.Youcan’twriteonitorexecuteit.Itcanbe‘writeonly’.Another

stateoffileis‘executablemode’.Ifitisexecutable,youcanperformanyactionby

runningit.Youcanwriteasimpleapythonprogram.Thisprogramwilltakeinputsfrom

usersandgiveoutputs.Afterwritingapythonfileyoucanmakeitexecutable.

Letusseehowithappens.LetusopenourKaliLinuxterminalandwiththehelpof

‘ls’commandweseewhatwehavepresentlythere.

sanjib@kali:~$cdDocuments/

sanjib@kali:~/Documents$ls

VBoxLinuxAdditions.run

sanjib@kali:~/Documents$ls-la

total7048

drwxr-xr-x2sanjibsanjib4096May2910:30.

drwxr-xr-x18sanjibsanjib4096Jun309:59..

-r-xr-xr-x1rootroot7208397May2910:30VBoxLinuxAdditions.run

sanjib@kali:~/Documents$

Firstwegoto‘Documents’folderandissue‘ls’command.Thatshowsonlyonefile

–‘VBoxLinuxAdditions.run’.Ournextcommandis‘ls-la’.Itmeans:wewantalistingof

allfileswithalldetails.Youcanseethedifferenceabove.Theoutputisinred.Itshows

twohiddenfileswiththepreviouslyseenfile.Anditalsoshowstheownersoffilesandit

alsoshowsthepermissions.Letusconsiderthislineminutely.

-r-xr-xr-x1rootroot7208397May2910:30VBoxLinuxAdditions.run

Ittellsusthattheownerofthisfileis‘root’.Andthestartinglineisalsovery

important.Ithandlesfilepermissions.

r-xr-xr-x

Whatdoesthismean?Ithasthreedistinctparts.Thefirstpartis‘r-x’.Thesecond

andthirdpartsarealsosame–‘r-x’.Thefirstpartisfortheownerofthefileorcurrent

user.Thesecondpartisfor‘group’.Andthefinalorthirdpartisforthesuperuserwhois

viewingthisfile.Ihavealreadycreatedanotheruser‘sanjib’andhaveloggedinas

‘sanjib’.Thatiswhyyouseethiskindofoutput:sanjib@kali:~/Documents$ls-la

Nowtomakethisconceptmoreclearwewillcreateausernamed‘xman’.Andwe

willloginas‘xman’andseewhatwehaveinourDocumentsfolder.

Tocreateanewuseryouneedtologinasrootorsuperuser.Letusassumewehave

loggedinas‘root’.Thecommandsandtheoutputaregivenbelow.

root@kali:~#adduserxman

Addinguser`xman’…

Addingnewgroup`xman’(1002)…

Addingnewuser`xman’(1001)withgroup`xman’…

Creatinghomedirectory`/home/xman’…

Copyingfilesfrom`/etc/skel’…

EnternewUNIXpassword:

RetypenewUNIXpassword:

passwd:passwordupdatedsuccessfully

Changingtheuserinformationforxman

Enterthenewvalue,orpressENTERforthedefault

FullName[]:xmananonymous

RoomNumber[]:123

WorkPhone[]:321

HomePhone[]:213

Other[]:anon

Istheinformationcorrect?[Y/n]y

root@kali:~#

Congratulation!Youhavejustsuccessfullycreatedanewusercalled‘xman’.You

noticethatithadaskedforthepasswordandtoldyoutoretypetheUNIXpasswordagain.

Letuslogoutas‘root’andloginas‘xman’.Letusalsogotothe‘Documents’

folderof‘xman’andseewhatwehave.

xman@kali:~$cdDocuments/

xman@kali:~/Documents$ls

xman@kali:~/Documents$ls-la

total8

drwxr-xr-x2xmanxman4096Jun310:33.

drwxr-xr-x14xmanxman4096Jun310:33..

xman@kali:~/Documents$

Everythinggoesasexpected.Onlyonethingismissing.Thisnewuserdoesnot

havethisline:-r-xr-xr-x1rootroot7208397May2910:30VBoxLinuxAdditions.run.

Maybewehadmovedthatexecutablefilefromanyrootfoldertothe‘Documents’

folderofuser‘sanjib’before.

Nowwehavealreadyknownhowtocreateafileusing‘nano’texteditor.Sowecan

moveonandhaveaverysmallpythonfile.Presumablyyoudon’tknowpython,soIkeep

itverysimplejusttoshowhowwecanchangefilepermissions.

#!/usr/bin/python3

print(“TYpeyourname.”)

inputs=input(“>>>>>>”)

outputs=inputs

defmain():

print(outputs)

if__name__==‘__main__’:

main()

Inside‘nano’editorwewriteasimpleprogramthatwilltakeinputandgiveoutput.

Savethefileas‘pyfile.py’andexit‘nano’,andletusissue‘ls-la’toseewhatitshows.


total12



-rw-r—r—1xmanxman86Jun310:44pyfile.py


Asyouseethefilesayseverything.Itsaysthatnow‘Documents’folderhasone

newfile‘pyfile.py’andithasbeencreatedat10:44.Theowneris‘xman’andithasfile

permissionslikethis:rw-r—r—

Nowyouknowwhatdoesthismean.Itmeans:theuser‘xman’canreadandwrite

thisfilebuthecan’t‘execute’thisfile.

xman@kali:~/Documents$chmod+xpyfile.py


total12



-rwxr-xr-x1xmanxman86Jun310:44pyfile.py


Lookhowwehaveused‘chmod’commandtochangethefilepermissionto

executable.Onceyouhavechangedthefilepermissiontoexecutableitchangesthecolor

togreen.Andalsolookatthefilepermission:rwxr-xr-x

ThefirstpartImarkasredsothatyoucanunderstandthedifferencebetweenthem.

Thefirstpartofthepermissionsays‘x’hasbeenaddedsinceweused

‘xman@kali:~/Documents$chmod+xpyfile.py’command.

Letusexecutethefileandseehowittakestheinputandgivetheoutput.

xman@kali:~/Documents$./pyfile.py

TYpeyourname.

>>>>>>xman

xman

Whenyourunthefileitaskstotypeyournameandgentlyspitsbacktheoutput.

##Summary

YouhavelearnedafewbasicLinuxcommandsinthischapter.Nowatleastyou

haveanideahowaLinuxsystemisworkingandhowyoucanuseyourterminalor

commandlinetooperateyoursystem.

Inthelearningprocessofethicalhacking,youfinditextremelyuseful.Infuture

youneedtolearnfewmoreLinuxcommands.YourknowledgeofLinuxoranyother

operatingsystemmustbecommendable.Asyouprogress,Ihope,your‘appetitecomes

witheating’.

Wehavediscussedenoughrudiments.Nowitistimetomovefurther.Weareready

totakethefirstimportantstepintotheworldofethicalhacking.

#HowtoStayAnonymous

Thatisveryimportant.YouneedtostayanonymousandhideyourIPaddresswhile

youareintotheworldofethicalhacking.Thereareseveralwaystodothat.Wewill

discussinthischapterhowwecandothat.

Thereareproxies.Itmeansyouareroutingthroughdifferentroutersbutitcouldbe

veryslowandnotatyourhand.Anotherdownsideofusingproxiesisyoudon’tknow

nothingabouttheotherside.Youareatdarkabouttheserversthroughwhichyourpackets

aremoving.Sothatcouldveryrisky.Youmayaskthatwhyitisdangerous?Iwoulddo

somekindof‘nmappingthenetwork’sortofjobs.Itisharmless.Maybeso.Butitisnot

restrictedtothatpartonly.Usingproxy,youmaywanttologintosomeserver.Onceyou

havetypedinyourpassword,itcouldbehijacked.

Howcanyousolvethisproblem?

Thereisaterm‘VPN’.Youprobablyheardofvirtualprivatenetwork.Whatisthat?

Itisbasicallyakindofservicethatyouareusingforencryptingyourtraffic.Anditisvery

fast.Infuturewhenyouworkasaprofessional,youhavetohireaVPNservice.Itisnot

verycostly.Forthetimebeingwecoulddoitforfreejustforlearning.

ButonceyouencryptyourtrafficthroughVPN,itisrecognizable.Whathappensif

anagencyaskstheserviceprovidersforyourdata?Normallytoavoidthatyouneedtobe

choosy.Youneedtohireaservicefromacertainpointoftheworldwhereprivacyis

strictlymaintained.

ButaftersayingthatandhopingforthebestI’ddefinitelynotrecommendyoutodo

yourwhitehatethicalhackingusingproxiesorVPNs.Basicallyyoumaywanttodothat

forbypassingthefirewallsettingorthatsort.Besides,someVPNservicesdon’tallowIP

addressestousetheirservicesbeyondarange.SupposeyourIPaddressbelongtooutside

ofthatrange.ButpeopleoftenuseproxiesorVPNsnotalwaysfordoingsomething

maliciousliketakingdownaserverorstalingdata.Peoplemightwanttohidetheir

locationjustwhentheyaretravellingorthatkindofjob.Apparentlythistypeofactivity

stayswithinthelaw.

Thereisanotherproblemthatmightcropupwhileyouaccessacertaintypeof

serverthatusuallyallowsIPaddressesfromacertainregion.InthatcaseifyouuseanIP

addressfromChinaorRussiathenetworkadministratorwouldcertainlygoafteryou.Soit

isaconsistentproblemthatkeepcomingandtormentingyoufromtimetotimeandinthe

comingchapterswewouldlikeaddressthoseproblems.

##DarkWebandTOR

Inthemeantimewewillhaveaveryquicklookaboutdarkweborhiddenweb.I

don’tknowwhetheryouhaveheardaboutitbefore.

Rumoris:‘DarkWeb’or‘DeepWeb’consistsofmajorportionofInternet.Itis

somethinglike‘darkmatter’thatconsistsof97or98percentofmassoftheuniverse.Itis

stillunknownwhatitisactually,exceptafewthings.

Peoplesaydarkwebisfullofinformationthatweusuallydon’tgetnormally.And

youcan’taccessdarkwebthroughyournormalbrowser.Youneedaspecialkindof

browsertoenterintothatmazeofmysteries.

IshouldwarnyoubeforeyoutryTORandenterthedarkweb.Therearelotsof

illegalactivities,generallygoonoutsideournormalperception.Itcouldbelikehuman

trafficking.Itcouldbelikeillegalarmsdealing.Itcouldbelikehiringkillersandwhat

not.Butinthisbookwearenotinterestedaboutthem.Ourmainconcernisknowledge.

WereachtheresothatwecanhaveanideawhatisgoingactuallygoingonintheDark

Web.

Asanethicalhackeryouneedtoknoweverythingforoneandonlyonepurpose.

Youneedtofightagainstamaliciousattack.Youarelearningtodefendyourselfnot

attackingsomebody.Buttodefendyourselfyouneedtoknowallthetacticsthatyour

enemyoftenuses.Maybepolicewillseekyourhelptotrackdownachildabuser.Without

knowingthepropercharacterofdarkwebyoucan’tdothat.Ifyoudon’tknowhowto

hideyourIPaddresshowcouldyoulocateacriminalwhoishidinghisproperlocation?

Besides,youneedtoknowanothermajorthing.Darkwebisnotalwaysbadinthat

sense.Youmayfindmanyreputedwhitehatorgrayhathackersincertainforumsthatare

keptcompletelyhiddenfromthewatchfuleyesofgovernmentagencies.Youmayfindreal

helpfulpeopleovertherewhomayhelpyousolveyourprobleminstantly.LikeWikipedia

therearehiddenwikithatwearegoingtoseeinaninstantwhereyoucanfindlotof

interestingthingtolearn.

##HiddenWikipedia

ToreadthehiddenwikiweneedtoinstalltheTORbrowser.KaliLinuxdoesnot

comewithitbydefaultsoyouneedtoinstallit.

(Downloadsectionoftorproject.orgwebsite.)

Todothatfirstyouneedtologinasthenewuser:xman.Thenopenupthenormal

browserandsearchforTORbrowser.Justgotheofficialsiteanddownloadthelatest

versionforKaliLinux.Becarefulaboutcheckingthatitishttps://torproject.orgnot

anythingelse.Itmaycomewith‘http://’without‘s’.Avoidthatsimply.

Therearetwoversions:oneis32bitandanotheris64bit.Accordingtoyour

systemarchitectureyouneedtodownloadtheexactversion.Beforedownloadingitis

goodpracticetolearnaboutTORfromtheirdocumentations.Therearetermsand

conditionsthatyoumustfulfill.Andthemaintermisyoumuststaywithinlaw.Youcan’t

useTORforanyillegalprocess.ToralsohidesyourIPaddress.Butthatisadifferent

issue.

Oncedownloadiscompleteyoucanaccessthenecessaryfileinyour‘Download’

folder.Justrunit.

https://torproject.org

(TorBrowserisconnecting.)

Onceitisconnecteditwillopenupitsdefaultfirstpagewhichyouwouldfindquite

differentfromthenormalbrowser.Firstofallyoucantype‘whatismyIP’andcheck

whatthatshows.

Itwilldefinitelybeotherthantheregionwhereyouarepresentlybelongingto.But

weneedoriginalhiddenwikiwebpagethatwilltakeustothedarkweb.

Rememberthereareseveralwebsitesthatwouldclaimtobeoriginalhiddenwiki.

Soyouneedtojudiciousaboutchoosing.Usuallytheycomewith‘.onion’domainsand

theURLiscontinuallychanging.Soyoucantypeinsomethinglike‘hiddenwikiurl’and

seewhatyouget.

(TheoriginalHiddenWikipage)

Themainproblemis:youcan’tdifferentiatetheoriginalhiddenwikifromtheother

fakeversions.Theaboveimageshowshowitmaylooklike.Theextensionisalways

‘.onion’.

Thehiddenwikimainlyconsistsoflargeamountofvariouslinks.Manyofthemare

simplyillegalandcheap.Itseemstoyoulikeabigmarketwherelotsofsmuggledgoods

aresold.Nevertrytobuyanythingfromhere.Becausethoughitistemptingtobuy

somethingverycostlyatonethirdofitsoriginalpriceitisnotcertainthatitwillreach

you.Moreoverthereiseverypossibilitythatyourdebitorcreditnumberiscracked.

Butinthissocalledinterestingmarkettherearelotsofreallyusefulthingsthatmay

cometoyourhelp.Oneofthemistheforumorchatsectionwherereputedhackersoften

discussaboutmanyinterestingthingsthatyoudon’tknowusuallyinanyopenforum.

Atthesametimeyouneedtobecarefulaboutusinganycodecomingfromthese

forumsorchatsjustbecauseoftheanonymity!Itisnotadvisabletousethatcodeinyour

originalmachine.

Thatcouldbedangerous!

Letusopenupaforumsiteandseehowitjustlookslike.Theyusuallycomeup

withablackbackgroundasiftheyrepresentthedarkwebproperly.

(OneoftheHiddenWikipage–thatcouldbevague.)

Onethingyouwouldbetterkeepinyourmind.TORbrowserisfineaslongasyou

wanttolearnsomethingnew.Itisnotmeantfordoingsomedubiousthings.Therearelots

ofcheapattractionsthatwoulddefinitelytrytograbyourattentionorevenforceyouto

attracttowardsthem.Becarefulaboutchoosingthesitesyouarevisiting.Aslongasitisa

hacker’sforumitisperfectlyokay.Butonceyougobeyondthelimitwithoutstaying

withinlawitcouldbedangerous.

Fromnowonwemovetowardsthingsthataremoredirectlyconnectedtoreal

worldethicalhacking.ButbeforethatweneedtoseehowproxychainsandVPNswork.

YourlittleknowledgeofLinuxcommandswillcomehandy.Fromnowon

everythingwedoontheKaliLinuxterminal.SobootupyourKalivirtualmachineand

openupyourterminal.FirstwewilllearnaboutProxyChainsandwiththehelpofthis

toolhowwecanhideourIPaddressandgainaccesstoaremoteserver.

#ProxyChains

Thenamesuggestsitstruemeaning.Tokeepanonymityweneedseveralproxies.

Behindtheseproxieswecanhideourtrueidentity.Itisnotsuccessfulallthetime.But

KaliLinuxgivesyouaspecialopportunitytochangetheconfigurationattherootsothat

youcanhideyourtrueidentitywhilebrowsingwebusingTOR.Actuallyinthiscaseyou

needtoconfigureyour‘prxychain.conf’file.YouhavealreadyinstalledTOR.

Weneedtoopenuptheconfigurationfileusing‘nano’texteditor.

OpenupyourKaliLinuxterminalasarootuserandwritedownthiscommand.

root@kali:~#nano/etc/proxychains.conf

Itwillopenupthe‘proxychains.conf’file.Therearethreetypesofproxiesthatyou

canuse.Butyoucan’tusealltheproxiesatatime.Letusfirstseehowthisfilelookslike.

Itis68lineslong.Butitisnotverycomplicatedifyouunderstandthelines.The

documentationsareclearandtothepoint.Heregothefirstfewimportantlines.

#TheoptionbelowidentifieshowtheProxyLististreated.

#onlyoneoptionshouldbeuncommentedattime,

#otherwisethelastappearingoptionwillbeaccepted

#

dynamic_chain

#

#Dynamic-Eachconnectionwillbedoneviachainedproxies

#allproxieschainedintheorderastheyappearinthelist

#atleastoneproxymustbeonlinetoplayinchain

#(deadproxiesareskipped)

#otherwiseEINTRisreturnedtotheapp

Whatdoesthismean?Itsaysproxylisthasseveraloptions.Youmusthowyou

shouldtreattheseoptions.Ifyoureadeverylineyou’dgetanideahowitworks.Thereare

threetypesofproxies.Youneedtouncommentanyoneofthem.

Thefirstproxyis‘dynamic-chain’.Youseetheabovelineandtheredcolorshows

thatIhaveuncommentedit.Therearetwomoreproxies:‘strict_chain’and

‘random_chain’.Theyarecommentedout.Theyhavetheirowndescriptions.Letusread

themboth.

#strict_chain

#

#Strict-Eachconnectionwillbedoneviachainedproxies

#allproxieschainedintheorderastheyappearinthelist

#allproxiesmustbeonlinetoplayinchain

#otherwiseEINTRisreturnedtotheapp

#

#random_chain

#

#Random-Eachconnectionwillbedoneviarandomproxy

#(orproxychain,seechain_len)fromthelist.

#thisoptionisgoodtotestyourIDS:)

Itissaidclearlyinthedocumentationthatcomesupalongwithit.SoIdon’t

elaborateitagain.Theadvantageofchoosing‘dynamic_chain’overothersisclearly

stated.Ifyourconnectiondoesnotgetone‘workingproxy’thenitautomaticallyjumpsto

theother.Theothertwodon’tgiveyouthatopportunitytorouteyourtraffic.

Letmeexplainitmore.Supposeyouhavetwoproxiesinplace–AandB.What

happensincaseof‘strict_chain’isthatwhenyoubrowsewebpagesyourconnectionis

routedthroughAandBstrictly.ItmeansAandBshouldbeinorderandlive.Otherwise

yourconnectionsimplyfails.Incaseof‘dynamic_chain’thisdoesnothappen.IfAis

downthenitjumpstotakeB.Itworksthatway.

Ihopethefirststepisclear.Letusconsiderfewotherimportantsteps.

Inbetweenyougetalinelikethis:

#ProxyDNSrequests-noleakforDNSdata

proxy_dns

Itisaveryimportantlinetobeconsideredseriously.YouseeIhaveuncommented

the‘proxy_dns’.Youcan’tallowDNSdatatobeleaked.Inotherwords,yourrealIP

addressshouldnotbeleakedbyanychance.ThatiswhyIhaveuncommentedthislineso

thatyourproxiesareinproperplaceworkingwithoutanyhitch.

Attheendofthelistyou’dfindthisline:

[ProxyList]

#addproxyhere…

#meanwile

#defaultssetto“tor”

socks4127.0.0.19050

socks5127.0.0.19050

socks5185.43.7.1461080

socks575.98.148.18345021

Pleaseinspectthelasttwolinesinred.Ihaveaddedthem.LetmeexplainwhyI

addedthem.ButbeforedoingthatI’dliketoexplaintheexamplelinesjustgivenbefore.

Itreadslikethis:

#ProxyListformat

#typehostport[userpass]

#(valuesseparatedby‘tab’or‘blank’)

#

#

#Examples:

#

#socks5192.168.67.781080lamersecret

#http192.168.89.38080justuhidden

#socks4192.168.1.491080

#http192.168.39.938080

Itclearlystateshowyourproxylistshouldbeformatted.Considerthefirstline:

#socks5192.168.67.781080lamersecret

Itmeans:thefirstoneisthe‘type’oftheproxy.Itshouldbe‘socks5’.Thesecond

oneis:‘host’.Thethirdoneis‘port’andthelasttwowordsstandfor‘username’and

‘password’incaseyoupayforit.Anotherimportantthingis:youmustseparatethewords

eitherusingby‘tab’orpress‘blank’.

Thereareseveralfreeproxiesyou’dfindsodon’tbotheraboutthelasttwo

presently.Nowwecanagaingobacktothelastlinesthatwehavebeendiscussing.Inthe

lastlinesithasbeenmentionedthat‘defaultssettotor’.

Beforeaddingthelasttwolinesyouneedtoaddthisline:

socks5127.0.0.19050

Weshoulddothatbecauseusuallyyour‘proxychains.conf’filecomesupwithonly

‘socks4’,soyouneedtoadd‘socks5’thatsupportspresentmoderntechnology.Nowyou

cantestyour‘TOR’status.

Openupyourterminalandtype:servicetorstatus

Itwillfailifyoudon’tstartit.Sotype:servicetorstart

Itwillstarttheservice.

(TORisrunningthroughtheterminal.)

Andyoucanopenupyourbrowserthroughtheterminal.Justtype:proxychainsfirefox

www.duckduckgo.com

ThissearchenginedoesnotusuallytrackIPaddresses.Yourbrowserwillopenup

andyoucancheckyourIPaddress.WewouldalsoliketoseetheDNSleaktestresult.Let

usdothatbytyping‘dnsleaktest’onthesearchengine.Thereareseveralservicesyou

canclickanyoneofthemtoseewhatitsays.

http://www.duckduckgo.com

(DNSleaktest.)

Ifoundthe‘www.dnsleaktest.com’isworkingtofindoutmyoriginalIPaddress

andfailstofindout.ItshowsanIPlike‘8.0.116.0’anditisfromGermany.Thisiswrong

asIamwritingthisnearCalcutta.

Youcansimultaneouslytestthesameinyournormalbrowserandyou’llfindyour

actualIPaddress.

#VirtualPrivateNetworkorVPN

FromtheverybeginningItrytoemphasizeonething.EthicalHackingstartswith

onesingleconception:Anonymity.

Youfirstandmustensurethatyou’reanonymous.Youhaveleftnotracebehind

yourback.Yourwholejourneyishiddenandnoonecantraceyourroutelater.

Wehavediscussedabout‘TOR’browserand‘ProxyChains’.Wehaveseenhowwe

canusethem.AnotherveryimportantconceptinthisregardisVirtualPrivateNetworkor

VPN,inshort.

ItbasicallydealswiththeDNSserversettings.ADNSservernormallychecksthe

trafficfiltering.SoifyoucanchangeyourDNSserversettinginyourrootyoucan

misguidethatreading.

Howwecandothat?

OpenyourKaliLinuxterminalandtype:

cat/etc/resolv.conf

Itwillshowsomethinglikethis:

#GeneratedbyNetworkManager

nameserver192.168.1.1

Inyourterminalthereiseverypossibilitythatit’dshowsomethingelse.Thisis

yourhomegateway.Whatkindofrouteryou’reusing;itisjustshowingthatinformation.

Basicallywe’regoingtochangethissothatwhenweagaintestourIPaddresstheDNS

servercan’tfilterthetrafficproperly.

InmyterminalwhenItypethesamecommand,itreadslikethis:



IfyouguessedthatIhadactuallychangedthis;youareright.Ihavechangedit.

WhyIhavechangedthis?Letmeexplain.

Youneedtounderstandtheconceptof‘nameserver’first.Whatitdoes?TheLAN

IPaddressactuallyforwardsthetraffictoDNSserverswhichinturnresolvethequeries

andsendthetrafficbackaccordingly.

Indoingthisitalsorecordstheamountoftrafficyouarehavingthroughyourhome

gateway.Wedon’tneedthat.Whywedon’tneedthat?Weneedtobeanonymous.Sothat

isthemainreasonbehindchangingthisnameserver.

WecandothatthroughvirtualprivatenetworkorVPN.

Letusopentheterminalagainandtypeinthiscommand:

nano/etc/dhcp/dhclient.conf

Itwillopentheconfigurationfilewherewewillchangethenameserveraddress.

Letusseehowitlookslike.

(dhclient.conffileinnanotexteditor)

I’veopeneditonmyUBUNTUterminal.ButyouneedtochangeitonyourKali

Linuxvirtualmachine.Younoticethattherearelotsofthingswrittenoverthere.But

we’reinterestedaboutthislineinbetween:

prependdomain-name-servers127.0.0.1;

We’lluncommentthislinefirstandthenchangeit.Therearelotsof‘OPENDNSIP

ADDRESSES’availableontheweb.Searchwiththeterm‘opendns’anditwillopenup

lotofoptionsfromwhereyoucancopythe‘openDNSaddresses’;oneofthemis

“opendns.com”.Letuscopytwoaddressesfromthemandjustpasteitinplaceof

127.0.0.1likethis:

prependdomain-name-servers208.67.222.222208.67.220.220;

Nowallyouneedtodoonething.You’vetorestartthenetworkmanager.Typethis

commandonyourKaliLinuxterminal:

servicenetwork-managerrestart

Nowyoucancheckyournameserveragain.It’llshowtwonewaddresses.

Anotherthingisimportanthere.Youneedtocheckwhetherthemediaconnectionis

enabledornot.OpenyourMozillabrowser–inKaliLinuxitis‘Iceweasel’anyway.You

finditontopleftpanel.

Openthebrowserandtypein‘about:config’.Itlookslikethis:

(about:configimageonyourMozillabrwoser)

IfyouuseChromeorOpera,thiswillshowsomethingelse.Youneedtoclickand

enterintoit.Enteringintoitwillassureyouasearchpanelonthetopwhereyouwillenter

thesearchterm:‘media.peerconnection.enabled’.

Letusseehowitlookslike.

(check‘media.peerconnection.enabled’trueorfalse)

Intheaboveimage,itisshown‘true’.Youneedtodoubleclickitandmakethe

Booleanvalue‘false’.

Nowyoucansearchforthefreeopenvirtualprivatenetwork.Remember,people

oftenhirethesamethingandpayaheftypriceforthat.Buttheyarenotsecureallthe

time.Whytheyarenotsecure?Itisbecause,sometime,whenacountry’snationalsecurity

isunderattackandtheywanttheinformationservercompanieshavetogivethemunder

pressure.SoallalongIhavetriedtoemphasizeonething:nevertrytogoabovethelaw.

EthicalHackingisallaboutsomethingthatstrictlymaintainsoneandonlyprinciple:

stayingwithinlaw.

Youlearneverythingforyourselfdefensenotforanykindofattackinadvance.

Anyway,inthischapterourmaintargetis:howwecanhideDNSserverfromourISP

provider.

WehavesearchedaboutopenVPNandfound‘www.vpnbook.com’.Wearegoing

todownloadfromthissite.Ontherighthandpanelyou’llfindthenameoftheproviders.

Itvariesfromtimetotime.Fromwhichcountryyou’lldownload,reallydoesn’tmatteras

longasitworks.

Whiledownloadingyou’llnoticethatacombinationofusernameandpasswordis

givenalongwith.Copythemandsavesomewhereasyou’llneeditwhenyourunvirtual

privatenetworkinyourmachine.

InthedownloadsectionofyourKaliLinuxyouhaveazippedversionofVPN.

Unzipitfirstandthenrunit.Howyoucandothat?LetmeopenmyKaliLinux

‘Download’sectionandseewhatIsee.

sanjib@kali:~$cdDownloads/

sanjib@kali:~/Downloads$ls

vpnbook-euro1-tcp443.ovpn

vpnbook-euro1-tcp80.ovpn

vpnbook-euro1-udp25000.ovpn

vpnbook-euro1-udp53.ovpn

TogetthesameoutputyouhavetounzipyourVPNzippedversion.Nowissuethis

command:

openvpnvpnbook-euro1-tcp443.ovpn

Ifthemachinesaid,‘openvpncommandnotfound’,youwouldhavetoinstallit.

InstallinganythingthroughtheterminalisquiteeasyinLinux.Searchovertheweb,there

aretonsoftutorialsthatwillguideyouaboutthat.Usuallyitisdoneby‘apt-get’

command.

Whenyoutrytorun‘openvpn’itwillaskfortheusernamefirst.Thenit’llaskfor

thepassword.Oncethisprocessiscomplete,it’lltrytobuildtheconnection.Youneedto

waitforsometime.Unlessyougetamessage:‘initializationcomplete’,youcan’topen

yourbrowser.Itmaytakeseveralminutes.Usuallyittakestwominutesminimum.

Ifyou’renotlucky,maybesometime,notalwaysofcourse;thismessagewon’t

cropup.Inthatcaseitsays:‘connectionfailed’.

Onceyougetthemessage‘initializationcomplete’,youcanopenthebrowserand

searchthrough‘www.duckduckgo.com’.Thissearchengineusuallydoesn’ttrackthe

user’srecord.

YourfirstjobwillbecheckingtheDNSleak.Goforitandyou’lldefinitelyfinda

changedIPaddress.

Itmeansyouhavesuccessfullyconnectedthroughthevirtualprivatenetworkand

youroriginalISPDNSserveriscompletelyhidden.

#AllAbouttheMACAddress

Wehavelearnedmanytrickssofar–allaboutanonymity.Butwe’llalwaystryto

gotothehigherlevel.ChangingtheMACAddressfallsintothatcategory.

Inasimpleway,itisyourhardwareaddress.Basicallyit’snotthehardwareaddress

ofyourmachinebutit’sthehardwareaddressofyournetworkcardthroughwhichyou’re

connectedtotheouterworld.

LetusstartourKaliLinuxvirtualmachineandopenuptheterminal.Issuethe

command:ipconfig.

It’llproducesomethinglikethis:

root@kali:~#ifconfig

eth0:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500

inet10.0.2.15netmask255.255.255.0broadcast10.0.2.255inet6

e80::a00:27ff:fef4:16ecprefixlen64scopeid0x20<link>

ether08:00:27:f4:16:ectxqueuelen1000(Ethernet)RXpackets19bytes

1820(1.7KiB)RXerrors0dropped0overruns0frame0TXpackets31bytes

2427(2.3KiB)TXerrors0dropped0overruns0carrier0collisions0

lo:

flags=73<UP,LOOPBACK,RUNNING>mtu65536inet127.0.0.1netmask

255.0.0.0inet6::1prefixlen128scopeid0x10<host>looptxqueuelen0(Local

Loopback)RXpackets36bytes2160(2.1KiB)RXerrors0dropped0overruns0

frame0TXpackets36bytes2160(2.1KiB)TXerrors0dropped0overruns0

carrier0collisions0

Inyourcase,theoutputcouldbedifferent.We’reconcernedaboutthehardware

addressofournetworkandwewanttochangeit.

Inbetweenyou’veseentheredcoloredlinethatreads:ether08:00:27:f4:16:ec

ThisisKaliLinuxvirtualmachine’sMACAddressorlocalnetworkcardaddress.

Nowinsomecasesitmightbelikethis:HWaddr08:00:27:f4:16:ec

Insomecasesitisdifferent.Theyarenetworkcards–theycouldEthernetcards,

wirelesscards,wirelessadaptersetcetera.

Butthisaddressisextremelyimportantasitisusedtoidentifyyouinthevastweb

world.Thefirstthreedigitsarethesymbolsthatrepresentthemanufacturer.

Wecancheckitoutherealsobyissuingthiscommand:

root@kali:~#macchanger-seth0

CurrentMAC:08:00:27:f4:16:ec(CADMUSCOMPUTERSYSTEMS)

PermanentMAC:08:00:27:f4:16:ec(CADMUSCOMPUTERSYSTEMS)

Asyousee,itshowstwoMACaddress–oneiscurrentandtheotherispermanent.

YoumayaskwhyI’mcheckingthishere.Ihavecheckeditoncebyissuingcommand

‘ifconfig’–isn’tit?

It’sbecause:thecommand‘ifconfig’willonlyshowthecurrentMACaddress.It

won’tshowthepermanentMACaddress.Itmeans,whenyouhavechangedtheMAC

addressandissuedthe‘ifconfig’command,it’donlyshowthechangedone–notthe

permanentone.

Nowwe’dliketochangeourMACaddress.Letusissuethiscommand:

root@kali:~#macchanger–h

Anditwillproduceanoutputlikethis:

GNUMACChanger

Usage:macchanger[options]device

-h,—helpPrintthishelp

-V,—versionPrintversionandexit

-s,—showPrinttheMACaddressandexit

-e,—endingDon’tchangethevendorbytes

-a,—anotherSetrandomvendorMACofthesamekind

-ASetrandomvendorMACofanykind

-p,—permanentResettooriginal,permanenthardwareMAC

-r,—randomSetfullyrandomMAC

-l,—list[=keyword]Printknownvendors

-b,—biaPretendtobeaburned-in-address

-m,—mac=XX:XX:XX:XX:XX:XX

—macXX:XX:XX:XX:XX:XXSettheMACXX:XX:XX:XX:XX:XX

Reportbugstohttps://github.com/alobbs/macchanger/issues

Theredcoloredthreelinesareimportant.Itisexplicitlydefinedwhatitmeans.The

greencoloredlineisalsoimportant.

Thefirsttwolinesmean–-a,—anotherSetrandomvendorMACofthesame

kind

-ASetrandomvendorMACofanykind

–YoucanchangetheMACaddressbutyoucan’tchangethevendor.Inthiscase

thereiseverypossibilityoflosingyouranonymity.Asthefirstthreesetsbelongtothenet

cardmanufacturerandsincethathasnotbeenchanged;youcanbeidentified.

Thethirdredcoloredlineisquiteobviousandselfexplanatoryinitsmeaning.It

says;youcanchangebacktotheoriginalMACaddress.

Sofar,thebestoptionavailableforusisthegreencoloredline–-r,—

randomSetfullyrandomMAC–whereitisclearlysaidthatyoucansetfully

randomMAC.Thatis:thesixsetsarecompletelyrandomwhichweprefer.

Themostimportantofthemisthelastbluecoloredline.Whyitisimportant?Itis

because,youcanchangetheMACaddresscompletely.

Wecanhavealistofallvendorswithasimplecommand–l.Ifyouissuethat

https://github.com/alobbs/macchanger/issues

commanditwillgiveaverylonglist.Letuspickupfewofthem.

root@kali:~#macchanger-l

MiscMACs:

NumMACVendor

––––

0000-00:00:00-XEROXCORPORATION










0010-00:00:0a-OMRONTATEISIELECTRONICSCO.

0011-00:00:0b-MATRIXCORPORATION

0012-00:00:0c-CISCOSYSTEMS,INC.

0013-00:00:0d-FIBRONICSLTD.

0014-00:00:0e-FUJITSULIMITED

0015-00:00:0f-NEXT,INC.

0016-00:00:10-SYTEKINC.

0017-00:00:11-NORMERELSYSTEMES

0018-00:00:12-INFORMATIONTECHNOLOGYLIMITED

0019-00:00:13–CAMEX

Wehavetakenfirstfewlines–nineteenatpresent.Butthelastoneis–19010-

fc:fe:77-HitachiReftechno,Inc.Theredcolorednumbershowshowmanytheyareall

together.Thelistisnotcomplete.AfterthattherearewirelessMACaddresses.Theyare

alltogetheraroundthirtynineinnumbers.

Youmayaskwhattheyareactually.Theyarenothingbutthebitsofthecompany

MACaddress.Letusconsiderthelastexample:0019-00:00:13–CAMEX.

Thefirstoneistheserialnumber.ThesecondoneistheMACaddress.Youcan

changeyourvendoraddressandusethisoneandpretendtobeusingthiscompany.Ethical

Hackerssometimeusethattrick.

Keepingeverythinginmind,I’dliketosaythatthelastoption–thebluecolored

one–isthemostimportant.

Incollegesstudentssometimeusethattricktofooltheprofessoralongwiththe

wholeclass.Someonetakestheprofessor’sMACaddressandpretendingtobethe

professor’sPChejamsthenetwork.Oncethenetworkhasbeenjammedtheteachercan’t

taketheclassanymore.

UsuallythereisnetworkfilteringsystemthatfindsouttherogueMACaddressand

blocksthataddress.Butthatisalsofun.Whenthenetworkfilteringsystemhasblocked

theMACaddressitcomesoutthattheprofessor’sPChasbeenblockedinadvertently.

AsanEthicalHackeryouneedtostudythispartparticularlyasthemalicious

crackersoftenuseanothermachine’sMACaddressandpretendingtobesomeonetheydo

thewrongthings.

#Conclusion

Thanksforreadingthefirstvolumeof‘EthicalHacking–LearnEasy(FirstPart)’.I

hopeasabeginneryouhavelearnedthebasicofEthicalHacking–thatincludesthe

terms,legalside,purpose,networkingandtheenvironmentwithadetailintroductionon

‘anonymity’.

Thenextvolumewilldealwithmoreadvancedconceptslike‘Nmap’,‘SQL

Injection’,‘DenialOfServiceorDOS’,‘BruteForceMethod’,‘SignalJamming’,

‘PasswordCracking’etcetera.

Hopetomeetyouinthenextbook.Tillthenbestofluck.

Technology

Ethical Hacking - Learn Easy - Learn Ethical Hacking Basic in One Month