eBook - ePub

Learn Ethical Hacking from Scratch

Name: Learn Ethical Hacking from Scratch
Author: Zaid Sabih

Your stepping stone to penetration testing

Zaid Sabih

Share book

564 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Learn Ethical Hacking from Scratch

Your stepping stone to penetration testing

Zaid Sabih

Book details

Book preview

Table of contents

Citations

About This Book

Learn how to hack systems like black hat hackers and secure them like security experts

Key Features

Understand how computer systems work and their vulnerabilities
Exploit weaknesses and hack into machines to test their security
Learn how to secure systems from hackers

Book Description

This book starts with the basics of ethical hacking, how to practice hacking safely and legally, and how to install and interact with Kali Linux and the Linux terminal. You will explore network hacking, where you will see how to test the security of wired and wireless networks. You'll also learn how to crack the password for any Wi-Fi network (whether it uses WEP, WPA, or WPA2) and spy on the connected devices.

Moving on, you will discover how to gain access to remote computer systems using client-side and server-side attacks. You will also get the hang of post-exploitation techniques, including remotely controlling and interacting with the systems that you compromised. Towards the end of the book, you will be able to pick up web application hacking techniques. You'll see how to discover, exploit, and prevent a number of website vulnerabilities, such as XSS and SQL injections.

The attacks covered are practical techniques that work against real systems and are purely for educational purposes. At the end of each section, you will learn how to detect, prevent, and secure systems from these attacks.

What you will learn

Understand ethical hacking and the different fields and types of hackers
Set up a penetration testing lab to practice safe and legal hacking
Explore Linux basics, commands, and how to interact with the terminal
Access password-protected networks and spy on connected clients
Use server and client-side attacks to hack and control remote computers
Control a hacked system remotely and use it to hack other systems
Discover, exploit, and prevent a number of web application vulnerabilities such as XSS and SQL injections

Who this book is for

Learning Ethical Hacking from Scratch is for anyone interested in learning how to hack and test the security of systems like professional hackers and security experts.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Learn Ethical Hacking from Scratch an online PDF/ePUB?

Yes, you can access Learn Ethical Hacking from Scratch by Zaid Sabih in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Packt Publishing

Year

2018

ISBN

9781788624787

Edition

Topic

Computer Science

Subtopic

Computer Networking

Index

Computer Science

Man-in-the-Middle Attacks

In the previous chapter, we covered the ways we can gather information and analyze it with the help of various tools. In this chapter, we will learn about the man-in-the-middle framework (MITMf), which is a toolkit for one of the most powerful attacks. In order to implement MITMf we are going to use ARP spoofing, bypassing HTTPS, and DNS spoofing. We will also use keyloggers, and look at the code injection technique for MITMf implementation.

Towards the end of the chapter, we will learn about a special tool called Wireshark, which is very efficient when it comes to analyzing a network. With it, we can capture packets and learn the information they carry within them. In this section of the chapter, we are going to learn how to operate this tool and also how to use a few filters.

In this chapter, we will cover the following topics:

Man-in-the-middle-attacks
Wireshark

Man-in-the–middle attacks

In the next few sections, we're going to talk about what are known as man-in-the-middle (MITM) attacks. This is one of the most dangerous and effective attacks that we can carry out in a network. We can only do it once we have connected to the network. It can be used to redirect the flow of packets from any client to our device. This means that any packet that is sent to or from the client will have to go through our device, and since we know the password we know the key to the network, so we will be able to read those packets. They won't be encrypted, and we will be able to modify them, drop them, or just read them to see if they contain passwords or important information. This attack is so effective because it's very hard to protect against. We're going to talk about the ways to protect against it, but it's very hard to fully protect against this attack. This is due to the way the ARP protocol works. It was programmed in a way that's very simple and very effective, but it's not secure enough.

ARP has two main security issues. The first one is that each ARP request or response is trusted, so whatever our device says to other devices that are in our network will be trusted. We can just tell any device that's on our network that we are the router and the device will trust us. It will not try to make sure that we are actually the router. It will not run any tests to ensure our identity. If we tell any device that we are the router, the device will believe us. In the same way, if we tell the router that we are someone else on the network, the router will trust us and will start treating us as that device; so, that's the first security issue. The second security issue is that clients can accept responses even if they didn't send a request. So, for example, when a device connects to the network, the first thing it's going to ask is, who is the router? And then the router will send a response saying "I am the router." Now, we can just send a response without the device asking who the router is. We can just tell the device we are the router, and because the devices trust anyone, they will trust us start sending us packets instead of sending the packets to the router.

So, let's have a deeper look at how this MITM attack works. It's going to work using a technique called ARP poisoning, or ARP spoofing. This is done by exploiting the two security issues that we talked about in the previous paragraph. That's a typical Wi-Fi network, and we can see in the following diagram that when the client requests something it will send the request to the Wi-Fi router, and then the router will get the request from the internet and come back with the responses to the Client:

Now, all this is done using packets. So, what we are going to do is we're going to send an ARP response to the Client so that we can send responses without the Client asking them. The Client didn't ask for anything, but we can still send it a response. We're going to say that our IP is the router IP. So, the router, for example, has the IP 192.168.1.1; we're going to tell the Client the device with the IP 192.168.1.1 has our MAC address, so we're going to tell the Client that we are the router, basically.

This will cause the Client to start sending the packets to us instead of sending the packets to the router. The following diagram illustrates this:

After that, we're going to do the opposite to the Wi-Fi router. We're going to tell the router that we are the client. We'll do this by telling the router that our IP is the Client IP, and that Client has our MAC address, so the communication of packets will be done through the MAC address, and the Wi-Fi router will start sending any packet that's meant to go to the Client to us instead. This will redirect the flow of packets through our device, so when the Client wants to send a request it will send the request to us:

So, for example, as seen in the following screenshot, when the Client wants to open Google it will send the request to our device instead of sending it to the Wi-Fi router:

Now, our device will go to the Wi-Fi router, it'll get Google, the Wi-Fi router will send the response to our device instead of the Client, and then we will send the packet back. So, this means that each packet that is sent to the Client or from the Client, will have to go through us. Since it's going through us and we have the key, we can read these packets, we can modify them, or we can just drop them.

So, that's the basic principle of the MITM attack and ARP poisoning. Basically, we're going to tell the Client that we are the Wi-Fi router, and then we're going to tell the router that we are the Client. This will put us in the middle of the packet flow, between the Client and the Wi-Fi router, and all the packets will start flowing through our device. Then we can read the packets, modify them, or drop them.

ARP spoofing using arpspoof

Now, let's see how to run an actual ARP poisoning attack, redirecting the flow of packets and making it flow through our device. We're going to talk about a tool called arpspoof, which is part of a suite called dsniff. dsniff is a suite that contains a number of programs that can be used to launch MITM attacks. We're just going to talk about arpspoof, and we're going to see how to use it to carry out ARP poisoning, which redirects the flow of packets through our device. The arpspoof tool is old, but it still works, and because it's so simple it's been ported to Android, iOS, and other smaller operating systems. There's a lot of people that actually like to use it to do ARP poisoning, which is why we're going to show you how to use this tool. In the next section and all the sections after that, we're going to use a tool called ettercap. We'll see how we use it and how to do ARP poisoning with it, but for this section we just want to show how to use arpspoof because it's going to be used a lot, so we need to know how to use it. It's very simple, anyway.

So, we are connected now to the target network. Let's see how we use the tool. It's going to be arpspoof -i, to choose our internet card (virtual card), so it's eth0. Then we're going to put in the target IP address. So, our target is the Windows device, with...