SlideShare a Scribd company logo

Hacker Essentials Toolkit Guide

Download as DOC, PDF
L
Laura Aviles
1 of 12
Running head: Hacker Essentials Hacker Essentials Rasmussen College Laura Aviles
Running head: Hacker Essentials Hacker Toolkit Essentials The beginnings of the internet were created in 1960 when a technician from ARPA named J.C.R. Licklider conceived the need for a global network. Eventually this network became know as ARPANET. ARPANET then became NSFNet when they merged into the Defense Communications Agency, an agency within the Department of Defense. This network became known as an “internet” which is any network that utilizes the protocol TCP/IP. The ARPANET evolved into the “Internet” that we know today. Through the creation of the Internet spawned a whole new group of elite technology minds that began building up and, of course, working at ways to exploit this new network. Hacking was born. People began hacking for many reasons that include: doing it for the thrill, gaining information for money, and even just getting back and people by destroying their system. Hacking today has evolved beyond just a select few of the elite and technological geniuses and is now available for everyone with the large amount of tools that exist. The type of tools that you can use vary greatly in that there tools to analyze networks such as: network scanners that try to go out and find networks, packet sniffers that analyze the contents of packets that carry the bulk of internet traffic, and port scanners that allow you to locate the ports that are open on a selected network. Tools like MAC address spoofers allow you to mask the identity of your computer. There are darker programs like brute forcers, dictionary attackers, and encryption crackers that try to break down the defense systems of a target network. You can even use the search engine, “Google”, to locate information on a specific network that you are targeting. It is evident that are many tools that fall into a hacker toolkit. I will explore the different tools for the operating systems, Windows and Linux, in the following paragraphs.
Running head: Hacker Essentials The first tool that falls into the hacker toolkit is the network scanner. Network scanners are programs that you use to locate networks. The type of scanning I’m going to focus on is scanning that is done over the wireless technologies 802.11a, b, and g. Anyone with a laptop and a wireless card can scan the area for all of the wireless access points that are in the area. Network scanners will collect all of the wireless access points they find and compile them into a list with a whole slew of data on the access point. The scanner will determine the SSID of the access point, whether or not the access point is encrypted, what vendor the access point is, and will tell you how strong your signal to it is. With all that in mind, network scanners are useful for many different things. One of the primary things that network scanners are used for is Wardriving. Wardriving is an activity where people drive around with a laptop that is wireless-capable and scan for networks all over their neighborhood, city, or even state. When they wardrive they collect useful information like unencrypted access points, which ones are running on factory defaults, and the location of where they believe the access point is. Wardriving is useful for both sides of the hacking world as it can raise awareness of how insecure our networks are and also prove to be a tool for hackers to find targets to hit. Network scanners are also useful for finding rogue access points in the workplace. A while ago I heard a story from a top penetration tester, Chris Hurley, where there was a guy in an airport disguising an access point to look like a legitimate one to collect information from people who were signing up to use the internet in the air port. He was able to collect all sorts of information ranging from names to credit card numbers. Using a network scanner Chris Hurley was able to locate the access point and inform the authorities of this activity. Finally, you can also use network scanners to calibrate your access point
Running head: Hacker Essentials antennas to provide better signal coverage to certain areas in the office. Network scanners are extremely important in a hacker toolkit. There are a few network scanners that are more popular than others that I’m going to elaborate on further. The two most common ones are NetStumbler for the Windows operating system and Kismet for the Linux operating system. The first one I’m going to focus on is NetStumbler for Windows. NetStumbler is a great program that provides you with a lot of information about networks. NetStumbler is easy to download and configure. After installing it I just chose the network adapter that I would like to use while scanning and then I let it start. It quickly found many wireless access points in my area. There were many more than I had thought originally existed because the built in Windows scanner only gives you a few. NetStumbler compiled the list and gave me the SSID’s, channel information, and MAC address of all the access points. It told me all of the access points that were encrypted and which encryption they were using, as well as, the vendor of many of the access points. The two most common encryption methods were WEP and WPA. I was then able to sort all the information using a variety of sorting features including vendor type, encryption method, and what channel they were running on. One of the only downfalls of NetStumbler is that it’s very noisy. NetStumbler utilizes “active scanning” which means that it goes out and looks actively for any access points that it can find. Essentially it just sends packets out and sees which ones send information back to it. This makes a user utilizing NetStumbler, to a skilled network administrator, very easy to locate and the traffic itself isn’t hard to find. Despite this shortcoming very few people would have the skills to find NetStumbler traffic. However, it does mean that the very serious hacker will avoid using NetStumbler. All in
Running head: Hacker Essentials all, NetStumbler is still a great tool for users who want to locate networks using the Windows operating system and should be included in any hacker’s toolkit. The other network scanner I’m going to talk about is Kismet for Linux. Kismet is arguably the most popular network scanner that is out there today. I used a Linux boot CD that already had Kismet installed but it’s very easy to get on the internet by going to Kismet’s website. Initial configuration proved to be difficult as I don’t have a lot of Linux experience but I was able to get it running with my network adapter by selecting in the config file. Kismet does a lot of the same things that NetStumbler does, however, it has a few pros and cons. The cons are that since its Linux the GUI wasn’t as friendly as NetStumbler. I had some difficulties in navigating it at first until I learned what I was doing. The pro’s however, definitely out weigh the cons. Kismet, along with doing all of the SSID, encryption, and channel listing, gave me information about which access points were still running their factory defaults. Kismet also gave me the option of finding out which computers were actually connected to the access point instead of just giving me general information about the access point itself. The other advantage that Kismet is that it utilizes “passive scanning,” which is also known as RFMON and promiscuous mode. Kismet will scan for networks but instead of going out and looking for packets it will accept and all packets that it receives and uses that information to compile the database. Because Kismet traffic is very difficult to catch it is the choice of all the serious hackers and war drivers. Kismet is the perfect program for network scanning. Both NetStumbler and Kismet are completely free to the public via download. Using both of these programs I probed my neighborhood and found a plethora of unsecured access points. I was surprised to find the amount of people that actually don’t
Running head: Hacker Essentials know how to secure their networks from outside intrusions. Anyway, one of my neighbors was unsecured so I decided to probe around his network for a bit. I got the MAC and IP address of the computers in their network and then tested to see if the router was set to factory defaults. Both NetStumbler and Kismet told me that the access point was a Linksys router. I was able to gain access to the router using the password “admin” and I got full control of their access point. I didn’t do anything malicious to their network; however, just knowing that I could have is scary. Once you find the networks the next tool that you need in your hacker toolkit are packet sniffers. Packet sniffers are critical as the bulk of internet traffic is sent over packets. Packet sniffers allow you to capture all of the packets that propagate over the network with a mode known as promiscuous mode. Promiscuous mode is essential because if you don’t set this mode then you will only get to see traffic that goes in and out of your computer. Windows doesn’t support promiscuous mode fresh off the install so you have to download a patch called Winpcap which allows you to run in this mode. Packet sniffers will capture and list all of the packets it gathers in their entirety. You get information like source and destination IP address, which IP version it’s running, what type of packet it is, and you can often see the purpose behind the packet as well. They are very useful in that they allow you to detect network intrusion, gain information in order to attack a network, monitor network usage, and spy on people and collect passwords. If I wanted too detect network intrusions I could look for common patterns that signal an attack is occurring. If I see a lot of authorization and deauthorization packets I know that someone is likely trying to crack my WEP by using a replay attack. Packet sniffers are also useful for monitoring network usage. Using packet sniffers I can
Running head: Hacker Essentials see what websites people are going too and what if they are running messenger clients they aren’t suppose to. I can also capture packets that contain passwords in plain text as e-mail logins often are. Packet sniffers are extremely useful and are an integral part of any hacker’s toolkit. The most commonly used packet sniffer is called Ethereal. Ethereal is available for both the Windows and Linux operating systems and is free to download. Ethereal is also compatible with both wired and wireless networks so it’s very flexible. Installing and configuring Ethereal is extremely easy. All you have to do is tell Ethereal which network adapter you want it to use in its scan and set that network adapter in promiscuous mode. Running a scan is easy and it tells you while it’s scanning what types of packets it’s collecting and how many. Typical scans usually include a few ARP and DHCP packets and a ton of TCP and UDP ones as well. After you scan your network it compiles the list and it sorts it by time on its default settings. However, there are a ton of sorting features that allow you to sort based on protocol, IP address, MAC address, and several other things. If there is some specific traffic you are looking for before you scan it’s very easy to setup a filter and have it only list those packets that you want it too. Ethereal’s GUI is also very good in that it color codes all of the packets that it lists to make it easy to find certain traffic after you scan. Ethereal is a great tool that is a staple for any hacker. Using Ethereal in my own experiences has been very rewarding. On my neighbors network that I mentioned earlier I was able to run ethereal at around 7 pm and capture some interesting traffic. I found out that my neighbors use AOL instant messenger and use yahoo mail. I also was able to gather information about all of the
Running head: Hacker Essentials computers on the network and I could have mapped it out on paper. As you can see there are many applications for packet sniffers. The next tool that is essential for any hacker toolkit is a port scanner. Port scanners analyze networks to see which ports are open and determine what services are currently running through those ports. A port scanner would notify you that your port 80 is open and tell you that that port is used for HTTP, or web browser, traffic. They can be useful because they allow you to find open ports that you can use to either close if you are trying secure your network or exploit if you are looking for a target. Most port scanners have other sniffing abilities like finding out which operating system the target computer is using. The most common port scanner is Nmap for both Windows and Linux. Nmap is easy to setup tool that runs through a command prompt. Even though it doesn’t have a helpful GUI it is still very easy to use as it gives you the correct syntax at the beginning of the programs start. Nmap also gives you the basic example scan syntax so that you can begin immediately. Nmap is a tool that is designed for stealth port scanning so it’s a tool that is often used by the top hackers and penetration testers. It offers a lot of functionality in that you can do stealth scans, fingerprint the systems for operating system, give it a wide range of IP addresses to scan, and can also scan for different IP versions. I used Nmap to scan my neighbor’s ports and I found out a lot of information. I ran a test under the following syntax “nmap –v –sS –O 192.168.1.1/24” which will do a verbose (-v) Nmap scan on that network that will be stealthy (-sS) and try to finger print the network for operating systems (-O). What I found out was that they had several ports
Running head: Hacker Essentials open: HTTP port 80, netbios-ssn port 139, Microsoft-ds port 445, IIS port 1025, uPnP port 5000, and gnutella port 6346. I also found out that the systems in their network were running Microsoft XP home edition. Based on the port scan I know that they use peer to peer file sharing as a gnutella port was open and I could potentially use that port as a basis for an attack. As you can see there are many different applications and uses for a port scanner so it should be another staple in a hacker’s toolkit. Next, I’m going to go over MAC spoofers. MAC spoofers are programs that allow you to mask the identity of your “burned-in” MAC address on your network adapter. This is extremely useful in that you can hide your computer for a bit longer and bypass MAC filtering on routers. I’ve heard stories of people scanning for MAC addresses that were commonly used on networks and then they spoofed themselves as that MAC address once it was available to try and pass as an authenticated user. I’m going to look at a two popular Windows MAC spoofers first. The first one is SMAC. SMAC is a great program that is easy to install and run. After you get it setup it’s a very simple GUI to work with. There are only a few prompts in which you can change your MAC address which takes effect on restart. It’s then easy to see that your MAC address has been spoofed and you can quickly change it back to the way it was using the same program. SMAC is a very simple tool but it does have one downside. SMAC is a program that requires a payment so you have to either download and use a trial version for a few days or buy a license. Either way it’s a good program that is easy to use. The other windows program that I’m going to focus on is Etherchange. Etherchange does the same stuff that SMAC does but it’s not GUI based. You run it through a command prompt which makes it a little more difficult to use but it’s still pretty
Running head: Hacker Essentials straight forward. The pro’s to using this program over SMAC is that it is free of charge so it will probably be the program of choice for most people who hack. There are also a few spoofers for Linux as well. The program, SMAC, is also available for Linux; but you can use command line as well. The commands “/etc/init.d/networking stop, ifconfig eth0 hw ether 00:01:02:03:04:08, and /etc/init.d/networking start” can be entered into the root level prompt in Linux to change your MAC address without downloading a program. As you can see it’s very easy to do MAC spoofing with the right tools and it’s always an important for any hacker’s repertoire. I have used both SMAC and Etherchange before and I will tell you personally that they are great programs. Both are very easy to use and install and there wasn’t any problems getting them to run. On my own network at home I put a MAC filter on the router for my laptops MAC address. I was able to use both programs to defeat the filtering. Both are very solid programs. In addition to the tools I’ve mentioned, hackers should also have brute forcers and dictionary attackers in their toolkits. Brute forcers are password crackers that try every combination up to a certain character length and try them. It will try every single password that it can generate and try and force it on the insert password prompt. While this may seem like it takes a long time a computer can do thousands of combinations a second and many programs will also check the hash output of the failed attempts in effort to shorten the time it takes to crack them. Dictionary attackers are very similar in that they are used to crack passwords; however, their approach is much different. A dictionary attacker will have a database of passwords known as their “dictionary” where
Running head: Hacker Essentials it will try every entry in that dictionary to see if it will break the password. There are several different types of existing dictionaries that range from common words, names, different languages, and much more. Both of these programs have their applications so it’s hard to say which one is more important than the other. There are many different types of dictionary and brute force attackers out there. After searching for a bit I found ones named: John the Ripper, LC5 (L0phtCrack), Brutus, Cain, and RainbowCrack. The program I decided to download was RainbowCrack. RainbowCrack has a very nice tutorial for getting it setup and running on their website. In order to setup a Rainbow table that is going to be used in the cracking process you have to run rtgen.exe in the command prompt. You can sort that table by using rtsort.exe as well. RainbowCrack uses a command prompt interface to run but gives you all the syntax you will need. After you have a table ready the other items you need are going to be a hash you’ve taken or a password dump text file so that it can crack it. I took a sample hash file from the RainbowCrack website and applied RainbowCrack too it and the program was able to crack it in about 10 minutes or so. There are many different kinds of programs that can be used in this process. Using these programs was probably the most difficult part of this assignment so it will take a while to master this for most people. The last tool I’m going to talk about in a hacker’s toolkit is one that isn’t a program but a search engine: Google. Google is now becoming an important tool that a lot of hackers are using. Google is getting a lot of flak from online companies and websites because their search engine is now turning up things that shouldn’t be readily available to the public. Hackers now have the ability to use Google to search for
Running head: Hacker Essentials information on any person that might have any content available online whether that resource would normally take a password or not. The scare thing is that right now if it exists on the Internet, Google has a good chance of finding it. It will be interesting to see how this pans out in the near future and whether or not it evolves or Google has a tap put on its resources. To end, these are only a few of the programs that you can use in a hacker’s toolkit. The spectrum of things goes far beyond what I have mentioned and I’ve only really touched the surface of what is possible. These are the tools, however, that you will need in the beginnings of a toolkit. With all that aside, this was a very enjoyable project and I learned a lot about the basics of network security and hacking. Hopefully this is just a stepping stone to becoming even more skilled and network security, hacking, and administration.

Recommended

Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsBiagio Botticelli
 
Sniffer[1]
Sniffer[1]Sniffer[1]
Sniffer[1]عمر اسماعيل
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers Ravi Teja Reddy
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)Wail Hassan
 

Recommended

Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsBiagio Botticelli
 
Sniffer[1]
Sniffer[1]Sniffer[1]
Sniffer[1]عمر اسماعيل
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers Ravi Teja Reddy
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)Wail Hassan
 
Password sniffing
Password sniffingPassword sniffing
Password sniffingSRIMCA
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsFarjad Noor
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to SnortHossein Yavari
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repotKunal Thakur
 
packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244Tom King
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot frameworkUltraUploader
 
International Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics EngineeringInternational Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics Engineeringanchalsinghdm
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LANArpit Suthar
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 
Banner grabbing
Banner grabbingBanner grabbing
Banner grabbingarizonainfotech
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSystem ID Warehouse
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacksprimeteacher32
 
make component in proteus
make component in proteusmake component in proteus
make component in proteusmohsen_seif
 
Water Pollution
Water PollutionWater Pollution
Water Pollutionecopollution9
 
Sermon 1 john 3 -4-10 livin' like devil - omaha
Sermon 1 john 3 -4-10 livin' like devil - omahaSermon 1 john 3 -4-10 livin' like devil - omaha
Sermon 1 john 3 -4-10 livin' like devil - omahaCrossPointBible
 
ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...
ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...
ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...ElenaKurilenko
 
resume
resumeresume
resumePreksha Deshpande
 

More Related Content

What's hot

Password sniffing
Password sniffingPassword sniffing
Password sniffingSRIMCA
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsFarjad Noor
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repotKunal Thakur
 
packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244Tom King
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot frameworkUltraUploader
 
International Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics EngineeringInternational Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics Engineeringanchalsinghdm
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LANArpit Suthar
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSystem ID Warehouse
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 

What's hot (17)

Password sniffing
Password sniffingPassword sniffing
Password sniffing
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT Botnets
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to Snort
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repot
 
packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot framework
 
International Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics EngineeringInternational Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics Engineering
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LAN
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systems
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATION
 
Banner grabbing
Banner grabbingBanner grabbing
Banner grabbing
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration Networks
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - III
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
 

Viewers also liked

make component in proteus
make component in proteusmake component in proteus
make component in proteusmohsen_seif
 
Sermon 1 john 3 -4-10 livin' like devil - omaha
Sermon 1 john 3 -4-10 livin' like devil - omahaSermon 1 john 3 -4-10 livin' like devil - omaha
Sermon 1 john 3 -4-10 livin' like devil - omahaCrossPointBible
 
ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...
ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...
ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...ElenaKurilenko
 
Marie O'Riordan & Dr. Naoisé O'Reilly Client Success Highlights at The Foreve...
Marie O'Riordan & Dr. Naoisé O'Reilly Client Success Highlights at The Foreve...Marie O'Riordan & Dr. Naoisé O'Reilly Client Success Highlights at The Foreve...
Marie O'Riordan & Dr. Naoisé O'Reilly Client Success Highlights at The Foreve...Marie O'Riordan
 

Viewers also liked (6)

make component in proteus
make component in proteusmake component in proteus
make component in proteus
 
Water Pollution
Water PollutionWater Pollution
Water Pollution
 
Sermon 1 john 3 -4-10 livin' like devil - omaha
Sermon 1 john 3 -4-10 livin' like devil - omahaSermon 1 john 3 -4-10 livin' like devil - omaha
Sermon 1 john 3 -4-10 livin' like devil - omaha
 
ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...
ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...
ИНФОРМАЦИОННАЯ ПОДДЕРЖКА КАК ЧАСТЬ ПОВЫШЕНИЯ КУЛЬТУРЫ ПРИМЕНЕНИЯ ДСИЗ И СИ...
 
resume
resumeresume
resume
 
Marie O'Riordan & Dr. Naoisé O'Reilly Client Success Highlights at The Foreve...
Marie O'Riordan & Dr. Naoisé O'Reilly Client Success Highlights at The Foreve...Marie O'Riordan & Dr. Naoisé O'Reilly Client Success Highlights at The Foreve...
Marie O'Riordan & Dr. Naoisé O'Reilly Client Success Highlights at The Foreve...
 

Similar to Hacker Essentials Toolkit Guide

Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsVenkata Sreeram
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
powe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingpowe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingdhruvpawar010
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contestnkrafacyberclub
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffingMukul Sahu
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSamip Shah
 

Similar to Hacker Essentials Toolkit Guide (20)

Hacking
Hacking Hacking
Hacking
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools i
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation tools
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
powe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingpowe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hacking
 
Hacking for Dummies 2
Hacking for Dummies 2Hacking for Dummies 2
Hacking for Dummies 2
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
OS Fingerprinting
OS FingerprintingOS Fingerprinting
OS Fingerprinting
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffing
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Hacker Essentials Toolkit Guide

  • 1. Running head: Hacker Essentials Hacker Essentials Rasmussen College Laura Aviles
  • 2. Running head: Hacker Essentials Hacker Toolkit Essentials The beginnings of the internet were created in 1960 when a technician from ARPA named J.C.R. Licklider conceived the need for a global network. Eventually this network became know as ARPANET. ARPANET then became NSFNet when they merged into the Defense Communications Agency, an agency within the Department of Defense. This network became known as an “internet” which is any network that utilizes the protocol TCP/IP. The ARPANET evolved into the “Internet” that we know today. Through the creation of the Internet spawned a whole new group of elite technology minds that began building up and, of course, working at ways to exploit this new network. Hacking was born. People began hacking for many reasons that include: doing it for the thrill, gaining information for money, and even just getting back and people by destroying their system. Hacking today has evolved beyond just a select few of the elite and technological geniuses and is now available for everyone with the large amount of tools that exist. The type of tools that you can use vary greatly in that there tools to analyze networks such as: network scanners that try to go out and find networks, packet sniffers that analyze the contents of packets that carry the bulk of internet traffic, and port scanners that allow you to locate the ports that are open on a selected network. Tools like MAC address spoofers allow you to mask the identity of your computer. There are darker programs like brute forcers, dictionary attackers, and encryption crackers that try to break down the defense systems of a target network. You can even use the search engine, “Google”, to locate information on a specific network that you are targeting. It is evident that are many tools that fall into a hacker toolkit. I will explore the different tools for the operating systems, Windows and Linux, in the following paragraphs.
  • 3. Running head: Hacker Essentials The first tool that falls into the hacker toolkit is the network scanner. Network scanners are programs that you use to locate networks. The type of scanning I’m going to focus on is scanning that is done over the wireless technologies 802.11a, b, and g. Anyone with a laptop and a wireless card can scan the area for all of the wireless access points that are in the area. Network scanners will collect all of the wireless access points they find and compile them into a list with a whole slew of data on the access point. The scanner will determine the SSID of the access point, whether or not the access point is encrypted, what vendor the access point is, and will tell you how strong your signal to it is. With all that in mind, network scanners are useful for many different things. One of the primary things that network scanners are used for is Wardriving. Wardriving is an activity where people drive around with a laptop that is wireless-capable and scan for networks all over their neighborhood, city, or even state. When they wardrive they collect useful information like unencrypted access points, which ones are running on factory defaults, and the location of where they believe the access point is. Wardriving is useful for both sides of the hacking world as it can raise awareness of how insecure our networks are and also prove to be a tool for hackers to find targets to hit. Network scanners are also useful for finding rogue access points in the workplace. A while ago I heard a story from a top penetration tester, Chris Hurley, where there was a guy in an airport disguising an access point to look like a legitimate one to collect information from people who were signing up to use the internet in the air port. He was able to collect all sorts of information ranging from names to credit card numbers. Using a network scanner Chris Hurley was able to locate the access point and inform the authorities of this activity. Finally, you can also use network scanners to calibrate your access point
  • 4. Running head: Hacker Essentials antennas to provide better signal coverage to certain areas in the office. Network scanners are extremely important in a hacker toolkit. There are a few network scanners that are more popular than others that I’m going to elaborate on further. The two most common ones are NetStumbler for the Windows operating system and Kismet for the Linux operating system. The first one I’m going to focus on is NetStumbler for Windows. NetStumbler is a great program that provides you with a lot of information about networks. NetStumbler is easy to download and configure. After installing it I just chose the network adapter that I would like to use while scanning and then I let it start. It quickly found many wireless access points in my area. There were many more than I had thought originally existed because the built in Windows scanner only gives you a few. NetStumbler compiled the list and gave me the SSID’s, channel information, and MAC address of all the access points. It told me all of the access points that were encrypted and which encryption they were using, as well as, the vendor of many of the access points. The two most common encryption methods were WEP and WPA. I was then able to sort all the information using a variety of sorting features including vendor type, encryption method, and what channel they were running on. One of the only downfalls of NetStumbler is that it’s very noisy. NetStumbler utilizes “active scanning” which means that it goes out and looks actively for any access points that it can find. Essentially it just sends packets out and sees which ones send information back to it. This makes a user utilizing NetStumbler, to a skilled network administrator, very easy to locate and the traffic itself isn’t hard to find. Despite this shortcoming very few people would have the skills to find NetStumbler traffic. However, it does mean that the very serious hacker will avoid using NetStumbler. All in
  • 5. Running head: Hacker Essentials all, NetStumbler is still a great tool for users who want to locate networks using the Windows operating system and should be included in any hacker’s toolkit. The other network scanner I’m going to talk about is Kismet for Linux. Kismet is arguably the most popular network scanner that is out there today. I used a Linux boot CD that already had Kismet installed but it’s very easy to get on the internet by going to Kismet’s website. Initial configuration proved to be difficult as I don’t have a lot of Linux experience but I was able to get it running with my network adapter by selecting in the config file. Kismet does a lot of the same things that NetStumbler does, however, it has a few pros and cons. The cons are that since its Linux the GUI wasn’t as friendly as NetStumbler. I had some difficulties in navigating it at first until I learned what I was doing. The pro’s however, definitely out weigh the cons. Kismet, along with doing all of the SSID, encryption, and channel listing, gave me information about which access points were still running their factory defaults. Kismet also gave me the option of finding out which computers were actually connected to the access point instead of just giving me general information about the access point itself. The other advantage that Kismet is that it utilizes “passive scanning,” which is also known as RFMON and promiscuous mode. Kismet will scan for networks but instead of going out and looking for packets it will accept and all packets that it receives and uses that information to compile the database. Because Kismet traffic is very difficult to catch it is the choice of all the serious hackers and war drivers. Kismet is the perfect program for network scanning. Both NetStumbler and Kismet are completely free to the public via download. Using both of these programs I probed my neighborhood and found a plethora of unsecured access points. I was surprised to find the amount of people that actually don’t
  • 6. Running head: Hacker Essentials know how to secure their networks from outside intrusions. Anyway, one of my neighbors was unsecured so I decided to probe around his network for a bit. I got the MAC and IP address of the computers in their network and then tested to see if the router was set to factory defaults. Both NetStumbler and Kismet told me that the access point was a Linksys router. I was able to gain access to the router using the password “admin” and I got full control of their access point. I didn’t do anything malicious to their network; however, just knowing that I could have is scary. Once you find the networks the next tool that you need in your hacker toolkit are packet sniffers. Packet sniffers are critical as the bulk of internet traffic is sent over packets. Packet sniffers allow you to capture all of the packets that propagate over the network with a mode known as promiscuous mode. Promiscuous mode is essential because if you don’t set this mode then you will only get to see traffic that goes in and out of your computer. Windows doesn’t support promiscuous mode fresh off the install so you have to download a patch called Winpcap which allows you to run in this mode. Packet sniffers will capture and list all of the packets it gathers in their entirety. You get information like source and destination IP address, which IP version it’s running, what type of packet it is, and you can often see the purpose behind the packet as well. They are very useful in that they allow you to detect network intrusion, gain information in order to attack a network, monitor network usage, and spy on people and collect passwords. If I wanted too detect network intrusions I could look for common patterns that signal an attack is occurring. If I see a lot of authorization and deauthorization packets I know that someone is likely trying to crack my WEP by using a replay attack. Packet sniffers are also useful for monitoring network usage. Using packet sniffers I can
  • 7. Running head: Hacker Essentials see what websites people are going too and what if they are running messenger clients they aren’t suppose to. I can also capture packets that contain passwords in plain text as e-mail logins often are. Packet sniffers are extremely useful and are an integral part of any hacker’s toolkit. The most commonly used packet sniffer is called Ethereal. Ethereal is available for both the Windows and Linux operating systems and is free to download. Ethereal is also compatible with both wired and wireless networks so it’s very flexible. Installing and configuring Ethereal is extremely easy. All you have to do is tell Ethereal which network adapter you want it to use in its scan and set that network adapter in promiscuous mode. Running a scan is easy and it tells you while it’s scanning what types of packets it’s collecting and how many. Typical scans usually include a few ARP and DHCP packets and a ton of TCP and UDP ones as well. After you scan your network it compiles the list and it sorts it by time on its default settings. However, there are a ton of sorting features that allow you to sort based on protocol, IP address, MAC address, and several other things. If there is some specific traffic you are looking for before you scan it’s very easy to setup a filter and have it only list those packets that you want it too. Ethereal’s GUI is also very good in that it color codes all of the packets that it lists to make it easy to find certain traffic after you scan. Ethereal is a great tool that is a staple for any hacker. Using Ethereal in my own experiences has been very rewarding. On my neighbors network that I mentioned earlier I was able to run ethereal at around 7 pm and capture some interesting traffic. I found out that my neighbors use AOL instant messenger and use yahoo mail. I also was able to gather information about all of the
  • 8. Running head: Hacker Essentials computers on the network and I could have mapped it out on paper. As you can see there are many applications for packet sniffers. The next tool that is essential for any hacker toolkit is a port scanner. Port scanners analyze networks to see which ports are open and determine what services are currently running through those ports. A port scanner would notify you that your port 80 is open and tell you that that port is used for HTTP, or web browser, traffic. They can be useful because they allow you to find open ports that you can use to either close if you are trying secure your network or exploit if you are looking for a target. Most port scanners have other sniffing abilities like finding out which operating system the target computer is using. The most common port scanner is Nmap for both Windows and Linux. Nmap is easy to setup tool that runs through a command prompt. Even though it doesn’t have a helpful GUI it is still very easy to use as it gives you the correct syntax at the beginning of the programs start. Nmap also gives you the basic example scan syntax so that you can begin immediately. Nmap is a tool that is designed for stealth port scanning so it’s a tool that is often used by the top hackers and penetration testers. It offers a lot of functionality in that you can do stealth scans, fingerprint the systems for operating system, give it a wide range of IP addresses to scan, and can also scan for different IP versions. I used Nmap to scan my neighbor’s ports and I found out a lot of information. I ran a test under the following syntax “nmap –v –sS –O 192.168.1.1/24” which will do a verbose (-v) Nmap scan on that network that will be stealthy (-sS) and try to finger print the network for operating systems (-O). What I found out was that they had several ports
  • 9. Running head: Hacker Essentials open: HTTP port 80, netbios-ssn port 139, Microsoft-ds port 445, IIS port 1025, uPnP port 5000, and gnutella port 6346. I also found out that the systems in their network were running Microsoft XP home edition. Based on the port scan I know that they use peer to peer file sharing as a gnutella port was open and I could potentially use that port as a basis for an attack. As you can see there are many different applications and uses for a port scanner so it should be another staple in a hacker’s toolkit. Next, I’m going to go over MAC spoofers. MAC spoofers are programs that allow you to mask the identity of your “burned-in” MAC address on your network adapter. This is extremely useful in that you can hide your computer for a bit longer and bypass MAC filtering on routers. I’ve heard stories of people scanning for MAC addresses that were commonly used on networks and then they spoofed themselves as that MAC address once it was available to try and pass as an authenticated user. I’m going to look at a two popular Windows MAC spoofers first. The first one is SMAC. SMAC is a great program that is easy to install and run. After you get it setup it’s a very simple GUI to work with. There are only a few prompts in which you can change your MAC address which takes effect on restart. It’s then easy to see that your MAC address has been spoofed and you can quickly change it back to the way it was using the same program. SMAC is a very simple tool but it does have one downside. SMAC is a program that requires a payment so you have to either download and use a trial version for a few days or buy a license. Either way it’s a good program that is easy to use. The other windows program that I’m going to focus on is Etherchange. Etherchange does the same stuff that SMAC does but it’s not GUI based. You run it through a command prompt which makes it a little more difficult to use but it’s still pretty
  • 10. Running head: Hacker Essentials straight forward. The pro’s to using this program over SMAC is that it is free of charge so it will probably be the program of choice for most people who hack. There are also a few spoofers for Linux as well. The program, SMAC, is also available for Linux; but you can use command line as well. The commands “/etc/init.d/networking stop, ifconfig eth0 hw ether 00:01:02:03:04:08, and /etc/init.d/networking start” can be entered into the root level prompt in Linux to change your MAC address without downloading a program. As you can see it’s very easy to do MAC spoofing with the right tools and it’s always an important for any hacker’s repertoire. I have used both SMAC and Etherchange before and I will tell you personally that they are great programs. Both are very easy to use and install and there wasn’t any problems getting them to run. On my own network at home I put a MAC filter on the router for my laptops MAC address. I was able to use both programs to defeat the filtering. Both are very solid programs. In addition to the tools I’ve mentioned, hackers should also have brute forcers and dictionary attackers in their toolkits. Brute forcers are password crackers that try every combination up to a certain character length and try them. It will try every single password that it can generate and try and force it on the insert password prompt. While this may seem like it takes a long time a computer can do thousands of combinations a second and many programs will also check the hash output of the failed attempts in effort to shorten the time it takes to crack them. Dictionary attackers are very similar in that they are used to crack passwords; however, their approach is much different. A dictionary attacker will have a database of passwords known as their “dictionary” where
  • 11. Running head: Hacker Essentials it will try every entry in that dictionary to see if it will break the password. There are several different types of existing dictionaries that range from common words, names, different languages, and much more. Both of these programs have their applications so it’s hard to say which one is more important than the other. There are many different types of dictionary and brute force attackers out there. After searching for a bit I found ones named: John the Ripper, LC5 (L0phtCrack), Brutus, Cain, and RainbowCrack. The program I decided to download was RainbowCrack. RainbowCrack has a very nice tutorial for getting it setup and running on their website. In order to setup a Rainbow table that is going to be used in the cracking process you have to run rtgen.exe in the command prompt. You can sort that table by using rtsort.exe as well. RainbowCrack uses a command prompt interface to run but gives you all the syntax you will need. After you have a table ready the other items you need are going to be a hash you’ve taken or a password dump text file so that it can crack it. I took a sample hash file from the RainbowCrack website and applied RainbowCrack too it and the program was able to crack it in about 10 minutes or so. There are many different kinds of programs that can be used in this process. Using these programs was probably the most difficult part of this assignment so it will take a while to master this for most people. The last tool I’m going to talk about in a hacker’s toolkit is one that isn’t a program but a search engine: Google. Google is now becoming an important tool that a lot of hackers are using. Google is getting a lot of flak from online companies and websites because their search engine is now turning up things that shouldn’t be readily available to the public. Hackers now have the ability to use Google to search for
  • 12. Running head: Hacker Essentials information on any person that might have any content available online whether that resource would normally take a password or not. The scare thing is that right now if it exists on the Internet, Google has a good chance of finding it. It will be interesting to see how this pans out in the near future and whether or not it evolves or Google has a tap put on its resources. To end, these are only a few of the programs that you can use in a hacker’s toolkit. The spectrum of things goes far beyond what I have mentioned and I’ve only really touched the surface of what is possible. These are the tools, however, that you will need in the beginnings of a toolkit. With all that aside, this was a very enjoyable project and I learned a lot about the basics of network security and hacking. Hopefully this is just a stepping stone to becoming even more skilled and network security, hacking, and administration.