Hacking

What is Hacking?

Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Example of Hacking: Using password cracking algorithm to gain access to a system.

Who is a Hacker? Types of Hackers

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.

Hackers are classified according to the intent of their actions. The following list classifies hackers according to their intent.

Symbol	Description
	Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetrationTesting and vulnerability assessments.
	Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.
	Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.
	Script kiddies: A non-skilled person who gains access to computer systems using already made tools.
	Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is usually done by hijacking websites and leaving the message on the hijacked website.
	Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

What is Cybercrime?

Cyber crime is the use of computers and networks to perform illegal activities such as spreading computer viruses, online bullying, performing unauthorized electronic fund transfers, etc. Most cybercrimes are committed through the internet. Some cybercrimes can also be carried out using Mobile phones via SMS and online chatting applications.

Type of Cybercrime

• The following list presents the common types of cybercrimes:
• Computer Fraud: Intentional deception for personal gain via the use of computer systems.
• Privacy violation: Exposing personal information such as email addresses, phone number, account details, etc. on social media, websites, etc.
• Identity Theft: Stealing personal information from somebody and impersonating that person.
• Sharing copyrighted files/information: This involves distributing copyright protected files such as eBooks and computer programs etc.
• Electronic funds transfer: This involves gaining an un-authorized access to bank computer networks and making illegal fund transfers.
• Electronic money laundering: This involves the use of the computer to launder money.
• ATM Fraud: This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
• Denial of Service Attacks: This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
• Spam: Sending unauthorized emails. These emails usually contain advertisements.
  
  

What is Ethical Hacking?

Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules.

• Get written permission from the owner of the computer system and/or computer network before hacking.
• Protect the privacy of the organization been hacked.
• Transparently report all the identified weaknesses in the computer system to the organization.
• Inform hardware and software vendors of the identified weaknesses.

Why Ethical Hacking?

• Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
• Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.

Legality of Ethical Hacking

Ethical Hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking. The International Council of E-Commerce Consultants (EC-Council) provides a certification program that tests individual’s skills. Those who pass the examination are awarded with certificates. The certificates are supposed to be renewed after some time.

What is a Security Threat?

Security Threat is defined as a risk that which can potentially harm computer systems and organization. The cause could be physical such as someone stealing a computer that contains vital data. 

Skills Required to Become a Ethical Hacker

Skills allow you to achieve your desired goals within the available time and resources. As a hacker, you will need to develop skills that will help you get the job done.

Programming languages that are useful to hackers

SR NO.	COMPUTER LANGUAGES	DESCRIPTION	PLATFORM	PURPOSE
1	HTML	Language used to write web pages.	*Cross platform	Web hacking Login forms and other data entry methods on the web use HTML forms to get data. Been able to write and interpret HTML, makes it easy for you to identify and exploit weaknesses in the code.
2	JavaScript	Client side scripting language	*Cross platform	Web Hacking JavaScript code is executed on the client browse. You can use it to read saved cookies and perform cross site scripting etc.
3	PHP	Server side scripting language	*Cross platform	Web Hacking PHP is one of the most used web programming languages. It is used to process HTML forms and performs other custom tasks. You could write a custom application in PHP that modifies settings on a web server and makes the server vulnerable to attacks.
4	SQL	Language used to communicate with database	*Cross platform	Web Hacking Using SQL injection, to by-pass web application login algorithms that are weak, delete data from the database, etc.
5	Python Ruby Bash Perl	High level programming languages	*Cross platform	Building tools & scripts They come in handy when you need to develop automation tools and scripts. The knowledge gained can also be used in understand and customization the already available tools.
6	C & C++	High level programming	*Cross platform	Writing exploits, shell codes, etc. They come in handy when you need to write your own shell codes, exploits, root kits or understanding and expanding on existing ones.
7	Java  CSharp Visual Basic VBScript	Other languages	Java & CSharp are *cross platform. Visual Basic is specific to Windows	Other uses The usefulness of these languages depends on your scenario.

* Cross platform means programs developed using the particular language can be deployed on different operating systems such as Windows, Linux based, MAC etc.

Other skills

In addition to programming skills, a good hacker should also have the following skills:

• Know how to use the internet and search engines effectively to gather information.
• Get a Linux-based operating system and the know the basics commands that every Linux user should know.
• Practice makes perfect, a good hacker should be hard working and positively contribute to the hacker community. He/she can contribute by developing open source programs, answering questions in hacking forums, etc.

Top 10 Tools for Ethical hacking 

What are Hacking Tools?

Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks.

1) Netsparker

Netsparker is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution.

Features

• Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology.
• Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages.
• REST API for seamless integration with the SDLC, bug tracking systems etc.
• Fully scalable solution. Scan 1,000 web applications in just 24 hours.

2) Acunetix

Acunetix is a fully automated ethical hacking solution that mimics a hacker to keep one step ahead of malicious intruders. The web application security scanner accurately scans HTML5, JavaScript and Single-page applications. It can audit complex, authenticated webapps and issues compliance and management reports on a wide range of web and network vulnerabilities.

Features:

• Scans for all variants of SQL Injection, XSS, and 4500+ additional vulnerabilities
• Detects over 1200 WordPress core, theme, and plugin vulnerabilities
• Fast & Scalable – crawls hundreds of thousands of pages without interruptions
• Integrates with popular WAFs and Issue Trackers to aid in the SDLC
• Available On Premises and as a Cloud solution.

3) Probe.ly

Probe.ly continuously scans for vulnerabilities in your Web Applications. It allows its customers to manage the life cycle of vulnerabilities and provides them with some guidance on how to fix them. Probe.ly is a security tool built having Developers in mind.

Features:

• Scans for SQL Injections, XSS, OWASP TOP10 and over 5000 vulnerabilities, including 1000 WordPress and Joomla vulnerabilities
• Full API - All features of Probely are also available through an API
• Integration with your CI tools, Slack and Jira
• Unlimited team members
• PDF Reports to showcase your security
• Diverse scanning profiles (ranging from safe to aggressive scans)
• Multiple Environment Targets - Production (non-intrusive scans) and Testing (intrusive and complete scans)

4) Burp Suite:

Burp Suite is a useful platform for performing Security Testing of web applications. Its various tools work seamlessly together to support the entire pen testing process. It spans from initial mapping to analysis of an application's attack surface.

Features:

It can detect over 3000 web application vulnerabilities.

• Scan open-source software and custom-built applications
• An easy to use Login Sequence Recorder allows the automatic scanning
• Review vulnerability data with built-in vulnerability management.
• Easily provide wide variety of technical and compliance reports
• Detects Critical Vulnerabilities with 100% Accuracy
• Automated crawl and scan
• Advanced scanning feature for manual testers
• Cutting-edge scanning logic

Download link: https://portswigger.net/burp/freedownload

5) Ettercap:

Ettercap is an ethical hacking tool. It supports active and passive dissection includes features for network and host analysis.

Features:

• It supports active and passive dissection of many protocols
• Feature of ARP poisoning to sniff on a switched LAN between two hosts
• Characters can be injected into a server or to a client while maintaining a live connection
• Ettercap is capable of sniffing an SSH connection in full duplex
• Allows sniffing of HTTP SSL secured data even when the connection is made using proxy
• Allows creation of custom plugins using Ettercap's API

Download link: https://ettercap.github.io/ettercap/downloads.html

6) Aircrack:

Aircrack is a trustable ethical hacking tool. It cracks vulnerable wireless connections. It is powered by WEP WPA and WPA 2 encryption Keys.

Features:

• More cards/drivers supported
• Support all types of OS and platforms
• New WEP attack: PTW
• Support for WEP dictionary attack
• Support for Fragmentation attack
• Improved tracking speed

Download link: https://www.aircrack-ng.org/downloads.html

7) Angry IP Scanner:

Angry IP Scanner is open-source and cross-platform ethical hacking tool. It scans IP addresses and ports.

Features:

• Scans local networks as well as the Internet
• Free and open-source tool
• Random or file in any format
• Exports results into many formats
• Extensible with many data fetchers
• Provides command-line interface
• Works on Windows, Mac, and Linux
• No need for Installation

Download link: http://angryip.org/download/#windows

8) GFI LanGuard:

GFI LanGuard is an ethical tool that scan networks for vulnerabilities. It can acts as your 'virtual security consultant' on demand. It allows creating an asset inventory of every device.

Features:

• It helps to maintain a secure network over time is to know which changes are affecting your network and
• Patch management: Fix vulnerabilities before an attack
• Analyze network centrally
• Discover security threats early
• Reduce cost of ownership by centralizing vulnerability scanning
• Help to maintain a secure and compliant network

Download link: https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-languard/download

9) Savvius:

It is an ethical hacking tool. It performance issues and reduces security risk with the deep visibility provided by Omnipeek. It can diagnose network issues faster and better with Savvius packet intelligence.

Features:

• Powerful, easy-to-use network forensics software
• Savvius automates the capture of the network data required to quickly investigate security alerts
• Software and integrated appliance solutions
• Packet intelligence combines deep analysis
• Rapid resolution of network and security issues
• Easy to use Intuitive workflow
• Expert and responsive technical support
• Onsite deployment for appliances
• Commitment to our customers and our products

Download link: https://www.savvius.com/distributed_network_analysis_suite_trial

10) QualysGuard:

Qualys guard helps businesses streamline their security and compliance solutions. It also builds security into their digital transformation initiatives. This tool can also check the performance vulnerability of the online cloud systems.

Features:

• It is trusted globally
• No hardware to buy or manage
• It is a scalable, end-to-end solution for all aspects of IT security
• Vulnerability data securely stored and processed on an n-tiered architecture of load-balanced servers
• It sensor provides continuous visibility
• Data analyzed in real time
• It can respond to threats in a real-time

Download link: https://www.qualys.com/forms/freescan/

How to Crack a Password

What is Password Cracking?

Password cracking is the process of attempting to gain Unauthorized access to restricted systems using common passwords or algorithms that guess passwords.

The cracking process can involve either comparing stored passwords against word list or use algorithms to generate passwords that match

In this Tutorial, we will introduce you to the common password cracking techniques and the countermeasures you can implement to protect systems against such attacks.

Topics covered in this tutorial

• What is password strength?
• Password cracking techniques
• Password Cracking Tools
• Password Cracking Counter Measures
• Hacking Assignment: Hack Now!

What is password strength?

Password strength is the measure of a password’s efficiency to resist password cracking attacks. The strength of a password is determined by;

• Length: the number of characters the password contains.
• Complexity: does it use a combination of letters, numbers, and symbol?
• Unpredictability: is it something that can be guessed easily by an attacker?

Let’s now look at a practical example. We will use three passwords namely

1.  password

2.  password1

3.  #password1$

 For this example, we will use the password strength indicator of Cpanel when creating passwords. The images below show the password strengths of each of the above-listed passwords.

Note: the password used is password the strength is 1, and it’s very weak.

Note: the password used is password1 the strength is 28, and it’s still weak.

Note: The password used is #password1$ the strength is 60 and it’s strong.

The higher the strength number, better the password.

Let’s suppose that we have to store our above passwords using md5 encryption. We will use an online md5convertor to convert our passwords into md5 hashes.

 The table below shows the password hashes

Password	MD5 Hash	Cpanel Strength Indicator
password	5f4dcc3b5aa765d61d8327deb882cf99	1
password1	7c6a180b36896a0a8c02787eeafb0e4c	28
#password1$	29e08fb7103c327d68327f23d8d9256c	60

We will now use http://www.md5this.com/ to crack the above hashes. The images below show the password cracking results for the above passwords.

As you can see from the above results, we managed to crack the first and second passwords that had lower strength numbers. We didn’t manage to crack the third password which was longer, complex and unpredictable. It had a higher strength number.

Password cracking techniques

There are a number of techniques that can be used to crack passwords. We will describe the most commonly used ones below;

• Dictionary attack– This method involves the use of a wordlist to compare against user passwords.
• Brute force attack– This method is similar to the dictionary attack. Brute force attacks use algorithms that combine alpha-numeric characters and symbols to come up with passwords for the attack. For example, a password of the value “password” can also be tried as p@$$word using the brute force attack.
• Rainbow table attack– This method uses pre-computed hashes. Let’s assume that we have a database which stores passwords as md5 hashes. We can create another database that has md5 hashes of commonly used passwords. We can then compare the password hash we have against the stored hashes in the database. If a match is found, then we have the password.
• Guess– As the name suggests, this method involves guessing. Passwords such as qwerty, password, admin, etc. are commonly used or set as default passwords. If they have not been changed or if the user is careless when selecting passwords, then they can be easily compromised.
• Spidering– Most organizations use passwords that contain company information. This information can be found on company websites, social media such as facebook, twitter, etc. Spidering gathers information from these sources to come up with word lists. The word list is then used to perform dictionary and brute force attacks.

Spidering sample dictionary attack wordlist

1976 <founder birth year>

smith jones <founder name>

acme <company name/initials>

built|to|last <words in company vision/mission>

golfing|chess|soccer <founders hobbies

Password cracking tool

These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths. The website www.md5this.com uses a rainbow table to crack passwords. We will now look at some of the commonly used tools

John the Ripper

John the Ripper uses the command prompt to crack passwords. This makes it suitable for advanced users who are comfortable working with commands. It uses to wordlist to crack passwords. The program is free, but the word list has to be bought. It has free alternative word lists that you can use. Visit the product website http://www.openwall.com/john/ for more information and how to use it.

Cain & Abel

Cain & Abel runs on windows. It is used to recover passwords for user accounts, recovery of Microsoft Access passwords; networking sniffing, etc. Unlike John the Ripper, Cain & Abel uses a graphic user interface. It is very common among newbies and script kiddies because of its simplicity of use. Visit the product website http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml for more information and how to use it.

Ophcrack

Ophcrack is a cross-platform Windows password cracker that uses rainbow tables to crack passwords. It runs on Windows, Linux and Mac OS. It also has a module for brute force attacks among other features. Visit the product website http://ophcrack.sourceforge.net/  for more information and how to use it.

Password Cracking Counter Measures

• An organization can use the following methods to reduce the chances of the passwords been cracked
• Avoid short and easily predicable passwords
• Avoid using passwords with predictable patterns such as 11552266.
• Passwords stored in the database must always be encrypted. For md5 encryptions, its better to salt the password hashes before storing them. Salting involves adding some word to the provided password before creating the hash.
• Most registration systems have password strength indicators, organizations must adopt policies that favor high password strength numbers.

Hacking Activity: Hack Now!

In this practical scenario, we are going to crack Windows account with a simple password. Windows uses NTLM hashes to encrypt passwords. We will use the NTLM cracker tool in Cain and Abel to do that.

Cain and Abel cracker can be used to crack passwords using;

• Dictionary attack
• Brute force
• Cryptanalysis

We will use the dictionary attack in this example. You will need to download the dictionary attack wordlist here 10k-Most-Common.zip

For this demonstration, we have created an account called Accounts with the password qwerty on Windows 7.

Password cracking steps

• Open Cain and Abel, you will get the following main screen

• Make sure the cracker tab is selected as shown above
• Click on the Add button on the toolbar.

• The following dialog window will appear

• The local user accounts will be displayed as follows. Note the results shown will be of the user accounts on your local machine.

• Right click on the account you want to crack. For this tutorial, we will use Accounts as the user account.

• The following screen will appear

• Right click on the dictionary section and select Add to list menu as shown above
• Browse to the 10k most common.txt file that you just downloaded

• Click on start button
• If the user used a simple password like qwerty, then you should be able to get the following results.

• Note: the time taken to crack the password depends on the password strength, complexity and processing power of your machine.
• If the password is not cracked using a dictionary attack, you can try brute force or cryptanalysis attacks.