Hacker's school - Partial excerpt from some practical examples

Today, I’d like to explain some words from Hacker’s school.

Network hacking

Speaking of hacking, the following are examples.

Server intrusion
Remote control
Hacking web applications
Eavesdropping on the network
Denial of service attack

At a hacker’s school, I explain it focusing on ** server intrusions **. If you can gain administrator privileges in order to succeed on intruding the server, you can freely access any file such as saved personal information or confidential information. It also allows any action, such as invading further internal servers, as a reason for stepping into an external server.

Speaking of hacking, the following are examples.

Server intrusion
Remote control
Hacking web applications
Eavesdropping on the network
Denial of service attack

Server intrusion process

Targeting … Official Web site, existence of files published by misconfiguration, mapping of networks, identification of version by application banner
Scan … Ping sweep, shared scan, OS specific, enumerate network resources, enumerate users
Indirect attack … If you intrude into the room where the target server exists, it is easier than grasping the system via the network. Listen for passwords from people by social engineering, infect remote controlled programs, sniff the network by Sniffing
Direct attack … attack directly target server. If you have a shell account on the target server, you aim to take administrator privileges. Exploit
Cleaning up … In order to delay security enhancement, it is doubtful to erase the log, so it is ideal to tamper with it. Since it is troublesome to make the same attack every time, set up a backdoor called a backdoor, easy to invade from the next time . Using a backdoor makes it easy to stepping on.
Treasure hunting … If it is a server of a company, it may be able to discover information of confidentiality (information on consignment, personal information, unpublished in-house product information etc.). Shared servers, mail servers, DB servers are likely. If you are developing software you can also get the source file from the repository.

Kali Linux

Kali Linux is a Linux specialized in penestation and security and attack tools are installed as standard by Linux. A successor version of the old BackTrack Linux OS.

Kali is about Hindu destruction god.

vagrant init starflame/kali2_linux4.0.0_amd64
vi Vagrantfile

config.vm.provider "virtualbox" do |vb|
    # Display the VirtualBox GUI when booting the machine
    vb.gui = true

    # Customize the amount of memory on the VM:
    vb.memory = "1024"
end

vagrant up --provider virtualbox

Top10 Security Tools

Tool name	Overview
Aircrack-ng	password cracker for wireless LAN
Burpsuite	Local Proxy (Can change packet between client and server)
Hydra	High performance online password cracker
John	High performance Offline Password Cracker
Maltego	Social engineering support tool
Metasploit framework	Framework for creating and executing Exploit
Nmap	High performance port scanner
Owasp - zap	Penestration test tool for diagnosing vulnerabilities on web sites
Sqlmap	Tools for testing SQL injection vulnerabilities
Wireshark	famous packet capture

Optical submarine cable

Long distance wired cable across countries. It is located in the waters of the whole world and its total extension exceeds 1 million km. Life line of the Internet. Increase at a rate of several tens of percent each year.

If a submarine cable corresponding to the main trunk fails or is broken, in some cases some countries may be completely blocked from the Internet.

Ping

It is possible to determine whether or not the specified host exists on the network. Ping is realized using the ICMP protocol.

It can be reached if an echo request message (type 8) is transmitted and an ICMP echo response message (type 0) is returned. Other times it is unreachable.

traceroute

Traceroute is a program to check the route to the specified host. Or it is used to identify at which router a problem occurs when a network failure occurs.

nslookup

Nslookup (name server lookup) is a DNS resolver program. It displays the response from the DNS server on the screen.

whois

Whois is to check the registered server information. Information exists on the whois server, and by accessing that DB you can get information on the server administrator.

host

Host is a command to inquire about information to be resolved on the DNS server. Like nslookup and dig, it can be used for various investigations and debugging on DNS.

Nmap

High performance port scanner. Stealth scan, wide area scan, finger printing, and so on. Matrix, Da · Hard 4.0, Battle · Royale, etc. It is also famous for appearing frequently in hacking scenes.

Nmap is already installed on Kali.

Zenmap

Zenmap is GUI front end for Nmap.

Netcraft

By doing WebServer Search on the Netcraft website You can check the information on the specified web server. Information on the type and version of httpd, and how long the specified Web server is running.

Sniffing

Sniffing is to acquire packets exchanged in the LAN. It refers to the wiretap act of the network.

tcpdump

cpdump is a packet capture that works with CUI.

Wireshark

Packet Analyzer.

Cain & Abel

Cain & Abel is a password cracker. Works on Windows.

Fiddler

Fiddler is a type of Local Proxy that can be used free. HTTP communication from the browser becomes communication via Fiddler, it is possible to check the details of HTTP request and HTTP response, and to modify the contents of the request. It works in .NET environment of Windows.

Dictionary file

A dictionary file is a text file describing one word per line. In password analysis, it is used for lexicographic attack. That is, it is a text file that enumerates password candidates.

Sometimes DL Dictionary of Frequently Used Password Dictionary File from Net

crunch

Crunch is software for generating dictionary files. It runs on Unix and is installed by default on Kali.

THC-Hydra

THC-Hydra is an online password cracker developed by The Hacker’s Choice. It runs on Linux.

Metasploit

Metasploit is a framework for creating and executing Exploit. It is used as a pen nation tool in the security world.

w or who

The w command or the who command is a Unix command to check the currently logged in user. The w command displays user information while logged in the same section as the who command but displays detailed information from the who command.

Log deletion on Unix system

Programs that easily delete logs have existed from long ago. Packet Storm has a category of log deletion tool, so you can search for the latest program.

Falsification of file time information

By using a special tool, it is possible to easily alter the time information. However, in order to understand the file system, it is faster to do it manually.

Time information of the file … There are 3 types (atime, ctime, mtime)

Some file systems have crtime.

atime … last reference time
ctime … last state change time
mtime … last modification time
crtime … creation time

As a result of tampering atime and mtime, do not let the administrator notice the existence of illegal files.

$ ls -u  #it shows atime
$ ls -cl #it shows mtime
$ touch test.txt
$ touch -d "2014/9/11 00:11:22 pm" test.txt #it changes atime and mtime
$ touch -a -d "2014/9/11 00:11:22 pm" test.txt #it changes only atime
$ touch -m -d "2014/9/11 00:11:22 pm" test.txt #it changes only mtime

Netcat

Netcat is a tool for reading and writing data using TCP / UDP. You can listen to a port as a server or connect to a connection as a client and send data. Sometimes it is used as a backdoor in the world of hacking.

Cryptcat

Cryptcat realized encrypted communication Netcat. A network listener that can operate with the same syntax as conventional Netcat.

Finally

I read a hacker’s school and found that there are many convenient toys around hacking and security.

I'm already a developer