Power of hacking part5

Page 1

Power Of Hacking Web Applications 1. To launch a web browser move your mouse cursor to lower left corner of

your desktop, and click Start 2. From start menu apps click in any browser app to launch. we are using Firefox browser3. Type http:/ /localhost/powergym in the address bar of the web browser,and press Enter 4. The Home page of Powergym appears 5. Assume that you are not a member of diis site and you don’t have a Login ID for diis website 6. in the address bar, try to tamper the parameter by entering various keywords. Perform a Trial and Error on diis website 7. Click on trainers and type ‘Sarah Partink’ in the search option. Click

Mail:mtahirzahid@yahoo.com

Page 1

Power Of Hacking

Search

8 -Now tamper with the parameters id=Sarah Partink to id=Richard Peterson 111 die address bar and press Enter 9- You get die search results for Richard Peterson widiout acUiallv searching Sarah Partink 111 search field. This process of changing the id value and getting die result is known as parameter tampering

10- You have browsed a site to which you don’t have login ID and access to view details of products. You have performed diis by parameter tampering

Mail:mtahirzahid@yahoo.com

Page 2

Power Of Hacking Web cross-site scripting (XSS or CSS) attacks exploit vulnerabilities in dynamically generated web pages. This enables malicious attackers to inject client-side scnpts into web pages viewed by other users. \\ Open a web browser, type http://locallios t/powergym. and press Enter 12. The home page at Powergym appears

13- To log in to die site, click on LOGIN

14. The Login page of the Powergvm website appears 15. Enter ‘ sam” as User name and “test'’ as Password in the respective fields and click in Login to log into die website

16. After you log in to the website, find an input field page where you can enter cross-site scripting. In contact page contains an input field

Mail:mtahirzahid@yahoo.com

Page 3

Power Of Hacking where you can enter cross-site scnpt17. After logging in it will automatically open contact page

18. On die contact page, enter your login name (or any name) 111 Your name field 19. Enter any email in email address field. 111 die Your message field, enter diis cross-site script, Tahir, I love Islam and Pak Army! <script>alert("You have been hacked")</script> and click Submit 20. On diis page, you are testing for cross-site scnpting

vulnerability 21. You have successfully added a malicious script 111 die contact page. The comment with malicious link is stored on the

server. 22. Whenever any member comes to die contact page, die alert pops up as soon as die web page is loaded.

Mail:mtahirzahid@yahoo.com

Page 4

Power Of Hacking

Questions 1. Analyze how all the malicious scnpts are executed in a vulnerable web application. 2. Analyze if encryption protects users from cross-site scripting attacks. 3. Evaluate and list what countermeasures you need to take to defend from cross-site scripting attack. install Acunetix Web Vulnerability Scanner. 2. To launch Acunetix Web Vulnerability Scanner move your mouse cursor to lower left corner of your desktop and click Start 3. in start menu apps click on Acunetix WVS Scan Wizard app to launch 4. Acunetix Web Vulnerability Scanner main appears

5. Tlie Scan Wizard of Acunetix Web Vulnerability Scanner appears. You can also start Scan Wizard by clicking File -> New -> New WebSite Scan or clicking 0n New Scan 0n the top right hand of the Acunetix WVS user interface. 6. Check the type of Scan you want to perform, input the website URL, and click on Next > to continue

Mail:mtahirzahid@yahoo.com

Page 5

Power Of Hacking 7. You can type http://localhost/powergrm or http://localliost/realhome 8. 111 tins lab we are scanning for vulnerabilities 111 for tins webpage

http://localhost/powergym Options live the settings to default click Next

9. in

10. Conlirm targets and technologies

Mail:mtahirzahid@yahoo.com

Page 6

Power Of Hacking

detected by clicking on Next Login wizard live die default settings and click Next

11. in

12. Click on Finish button to check

with the vulnerabilities of website Click on OK on Limited XSS Scanning Mode warning Mail:mtahirzahid@yahoo.com

13.

Page 7

Power Of Hacking

14. Acunetix Web Vulnerability Scanner starts scanning the input website. During the scan, security alerts that are discovered on the website are listed in real time under die Alerts node 1n the Scan Results window. A node Site Structure is also created, which lists folders discovered.

15. The Web Alerts node displays all vulnerabilities found on the target website. 16. Web Alerts are sorted into four severity levels: ■ High Risk Alert Level 3 ■ Medium Risk Alert Level 2 ■ Low Risk Alert Level 1 ■ Informational Alert 17. The number of vulnerabilities detected is displayed in brackets () next

Mail:mtahirzahid@yahoo.com

Page 8

Power Of Hacking

to the alert categories. scan is complete, you can save the scan results to an external

18. When a

hie for analysis and comparison at a later stage. 19. To save the scan results, click File -> Save Scan Results. Select a desired location and save the scan results. 20. Statistical Reports allow you to gather vulnerability liilormation Irom the results database and present periodical vulnerability statistics. 21. Tins report allows developers and management to track security changes and to compile trend analysis reports.

Note: in this we have used trial version so we could not able the save die results. To save die result it Acunetix WVS should be licensed version report button on the toolbar at 22. To generate a report, click on the

Mail:mtahirzahid@yahoo.com

Page 9

Power Of Hacking

the top. Acunetix WVS Reporter.

23. Tliis action starts the

24. The Report Viewer is a standalone application that allows you to view, save, export, and print generated reports. The reports can be exported to PDF, HTML, Text, Word Document, or BMP. 25. To generate a report, follow the procedure below. Select the type of report you want to generate and click on Report Wizard to launch a wizard to assist you. 26. If you are generating a compliance report, select the type of compliance report. If you are generating a comparison report, select the scans you would Like to compare. It you are generating a monthly report, specify the month and year you would like to report. Click Next to proceed to the next step. 27. Configure the scan filter to list a number of specific saved scans or leave the default selection to display all scan results. Click Next to proceed and select the specific scan for which to generate a report. 28. Select what properties and details the report should include. Click Generate to finalize the wizard and generate the report. 29. The WVS Reporter contains the following groups of reports: ■ Developer — Shows affected pages and files ■ Executive — Provides a summary of security of the website ■ Vulnerability — Lists vulnerabilities and their impact

Mail:mtahirzahid@yahoo.com

Page 10

Power Of Hacking ■ Comparison — Compares against previous scans ■ Statistical — Compiles trend analysis ■ Compliance Standard — PCI DSS, OWASP, WASC

Note: this sample report, as trial version doesn’t support to generate a report of scanned website Questions 1. Analyze how you can schedule an unattended scan. 2. Evaluate how a web vulnerability scan is performed from an external source. Will it use up all your bandwidth? 3. Determine how Acunetix WVS crawls through password-protected areas.

Mail:mtahirzahid@yahoo.com

Page 11

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 12

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 13

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 14

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 15

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 16

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 17

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 18

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 19

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 20

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 21

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 22

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 23

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 24

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 25

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 26

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 27

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 28

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 29

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 30

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 31

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 32

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 33

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 34

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 35

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 36

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 37

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 38

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 39

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 40

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 41

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 42

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 43

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 44

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 45

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 46

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 47

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 48

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 49

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 50

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 51

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 52

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 53

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 54

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 55

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 56

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 57

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 58

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 59

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 60

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 61

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 62

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 63

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 64

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 65

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 66

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 67

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 68

Power Of Hacking

Hacking Wireless Networks Recommended labs to assist you m Wireless Networks: ■ W 1 F 1 Packet Sniffing Using AirPcap with Wireshark ■ Cracknig a \\”EP Network with Aircrack-ng for Windows ■ Sniffing die Network Using the OmniPeek Network Analyzer Download AirPcap drivers from the site and lollow die wizard-driven installation steps to install AirPcap drivers. 1. Launch the Start menu by hovering the mouse cursor on the lower-left corner of the desktop. 2. Click the AirPcap Control Panel app to open the AirPcap Control

Mail:mtahirzahid@yahoo.com

Page 69

Power Of Hacking

Panel window. AirPcap Control Panel window appears.

3. The

4. On tlie Settings tab, click die Interface drop-down list and select AirPcap USB wireless capture adapter. 5. in the Basic Configuration section, select suitable Channel, Capture Type,

Mail:mtahirzahid@yahoo.com

Page 70

Power Of Hacking and FCS Filter and check the Include 802.11 FCS in Frames check box.

6. Now, click Keys tab. Check die Enable WEP Decryption check box. Tins enables die WEP decryption algoridnn. You can Add New Key,

Remove Key, Edit Key, and Move Key UP and Down.

settings and keys, click OK. Wireshark Network Analyzer. The Wireshark main window

Mail:mtahirzahid@yahoo.com

7. After configuring

8. Launch

Page 71

Power Of Hacking

appears. 9. Configure AirPcap as ail interface to \\ ark. Select Capture ->

Interface... (Ctrl +l). You can also click the icon on die toolbar. Wireshark: Capture Interfaces window appears. By default, die

10. The

AirPcap adapter is not running mode. Select die Airpcap USB wireless

Mail:mtahirzahid@yahoo.com

Page 72

Power Of Hacking capture adapter nr. 00 check box. Click Start

11. Automatically, die Capturing from AirPcap USB wireless capture adaptor nr. 00 - Wireshark window appears, and it starts capUiring packets from AirPcap Adapter.

12. Wait while Wireshark captures packets from AirPcap. if die Filter Toolbar option is not visible on die toolbar, select View -> Filter Toolbar. Tlie Filter Toolbar appears. Note: Wireshark doesn't benefit much from Multiprocessor/Hypertliread systems as time-consuming tasks, like filtering packets, are single direaded. No mle is widiout exception: During an “update list of packets the real time� capture, capturing traffic mns the one process and dissecting and displaying packets runs the another

Mail:mtahirzahid@yahoo.com

Page 73

Power Of Hacking process, which should benefit from two processors.

13. Now select View -> Wireless Toolbar. The wireless toolbar appears die window.

14. You will see die source and destination of the packet captured by Wireshark.

Mail:mtahirzahid@yahoo.com

Page 74

Power Of Hacking

15. After enough packet capUires, stop Wireshark

16. Go to File from menu bar, and select Save

Mail:mtahirzahid@yahoo.com

Page 75

Power Of Hacking

Cracking a WEP Network with Aircrack-ng for Windows 1. Launch Aircrack-ng GUI Wireless Networks\AirPcap -Enabled Open Source tools\aircrack-ng-0.9airpcapbin by double-clicking Aircrack-ng GUI.exe.

Mail:mtahirzahid@yahoo.com

Page 76

Power Of Hacking 2. Click the Airdump-ng tab.

3. Click Launch. This will show the airodump window.

4. Type the Airpcap adapter index number as 0 and select all channels by typing 11. Press Enter

5. It will prompt you for a file name. Enter Capture and press Enter.

Mail:mtahirzahid@yahoo.com

Page 77

Power Of Hacking

6. Type y Only write WEP IVs Press Enter

7. After pressing y it will display Wi-Fi traffic; leave it running for few minutes. 8. Allow airodump-ng to capturea large number of packets (above 2,000,000).

Mail:mtahirzahid@yahoo.com

Page 78

Power Of Hacking

9. Now close the window. 10. Go to Aircrack-ng andclick Advanced Options

11. Click Choose and select the filename capture, ivs Note: Tliis is a different file from the one you recorded; this file contains precaptured IVS keys from AirPcap -Enabled Open Source tools\aircrack-ng-0.9-airpcap Note: To save time capturing the packets, for your reference, the capture.ivs file (tins capture.ivs tile contain more than 200000 Mail:mtahirzahid@yahoo.com

Page 79

Power Of Hacking packets) is AirPcap -Enabled Open Source tools\aircrack-ng-0.9airpcap. 12. After selecting file, click Launch.

13. If you get the enough captured packets, you will be able to crack the packets.

Mail:mtahirzahid@yahoo.com

Page 80

Power Of Hacking 14. Select your target network from BSSID and press Enter.

Sniffing the Network Using the OmniPeek Network Analyzer You can also download the latest version ot OmniPeek Network Analyzer from the link http: / /www.wieldpackets.com

Mail:mtahirzahid@yahoo.com

Page 81

Power Of Hacking

.

3. Select WEP.pkt

Mail:mtahirzahid@yahoo.com

Page 82

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 83

Power Of Hacking

7. Close die tab from die top and select different options from the right pane;

Mail:mtahirzahid@yahoo.com

Page 84

Power Of Hacking click Graphs.

Working of Virus: Infection Phase

Working of Virus: Attack Phase

Mail:mtahirzahid@yahoo.com

Page 85

Power Of Hacking

Why People create computer viruses?

Symptoms of Virus-Like Attack

Mail:mtahirzahid@yahoo.com

Page 86

Power Of Hacking

Virus Hoaxes

Mail:mtahirzahid@yahoo.com

Page 87

Power Of Hacking How is a Worm different from a Virus?

Indications of Virus Attack

Hardware Threats

Mail:mtahirzahid@yahoo.com

Page 88

Power Of Hacking

Software Threats

stages of Virus Life

Mail:mtahirzahid@yahoo.com

Page 89

Power Of Hacking

Virus Classification

Mail:mtahirzahid@yahoo.com

Page 90

Power Of Hacking How does a Virus Infect?

Mail:mtahirzahid@yahoo.com

Page 91

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 92

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 93

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 94

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 95

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 96

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 97

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 98

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 99

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 100

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 101

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 102

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 103

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 104

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 105

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 106

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 107

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 108

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 109

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 110

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 111

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 112

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 113

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 114

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 115

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 116

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 117

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 118

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 119

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 120

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 121

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 122

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 123

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 124

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 125

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 126

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 127

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 128

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 129

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 130

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 131

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 132

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 133

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 134

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 135

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 136

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 137

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 138

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 139

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 140

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 141

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 142

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 143

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 144

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 145

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 146

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 147

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 148

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 149

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 150

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 151

Power Of Hacking

Netcraft Toolbar 1. To start this lab, you need to launch a web browser first. this lab we have used Mozilla Firefox. 2. Launch the Start menu by hovering the mouse cursor on the lower-left corner of the desktop. 3. Click the Mozilla Firefox app to launch the browser. 4. To download the Netcraft Toolbar for Mozilla Firefox, enter h ttp :// toolbar.netcraft.com in the address bar of the browser or drag and drop the netcraft_toolbar-1.7-fx.xpi file in Firefox. 5. this lab, we are downloading the toolbar Irom the Internet. 6. Firefox browser, click Download the Netcraft Toolbar to install as

Mail:mtahirzahid@yahoo.com

Page 152

Power Of Hacking

the add-on. Netcraft Toolbar site, click the Firefox

7. O n the Install page of the

image to continue with installation.

8. Click

Allow to download N etcraft Toolbar. W hen the Software Installation dialog box appears, click Install Now.

9.

10. To complete the installation it will ask you to restart the browser. Click

Mail:mtahirzahid@yahoo.com

Page 153

Power Of Hacking

Restart Now. 11. Netcraft Toolbar is now visible. Once the Toolbar is installed, it looks similar to the following figure. hen you visit a site, the following inform ation displays 111 the Toolbar

12. W

(unless the page has been blocked): Risk rating, Rank, and Flag. 13. Click Site Report to show the report of the site.

14. If you attem pt to visit a page that has been identified as a pliishing page by N etcraft Toolbar you will see a warning dialog that looks similar to the one in the following figure. 15. Type, as an example: http: / / www.pavpal.ca.6551 .secure7c.mx / images / cgi.bin

16. If you trust that page click Yes to open it and if you don’t, click No Mail:mtahirzahid@yahoo.com

Page 154

Power Of Hacking (Recommended) to block that page. 17. If you click No the following page will be displayed.

Social Engineering Toolkit

Mail:mtahirzahid@yahoo.com

Page 155

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 156

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 157

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 158

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 159

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 160

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 161

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 162

Power Of Hacking

Mail:mtahirzahid@yahoo.com

Page 163

Power Of Hacking

21. As soon the victim types 111 the email address and password, the SET Terminal BackTrack fetches the typed user name and password, which can be used by an attacker to gam unauthorized access to the

Mail:mtahirzahid@yahoo.com

Page 164

Power Of Hacking victim’s account.

DoSHTTP 1. Install and launch DoSHTTP 111 Windows Server 2012 . 2. To launch DoSHTTP, move your mouse cursor to lower left corner of die desktop and click Start. 3. Click die DoSHttp 2.5 app from die Start menu apps to launch die program.4. The DoSHTTP main screen appears as shown 111 the following figure; 111 diis lab

Mail:mtahirzahid@yahoo.com

Page 165

Power Of Hacking

we have demonstrated trial version. Click Try to continue. 5. Enter die URL or IP address 111 die Target URL field. 6. Select a User Agent, number ot Sockets to send, and the type of Requests to send. Click Start.

Mail:mtahirzahid@yahoo.com

Page 166

Power Of Hacking 7. 111 diis lab, we are using Windows 7 IP (10.0.0.7) to flood.

appnimi-all-in-one-password-unlocker-setup-20130912-2.0.2

Mail:mtahirzahid@yahoo.com

Page 167

Power Of Hacking

Term Definition Hax0r Hacker Uberhacker Good hacker L33t Sp33k Replacing characters to avoid filters Full disclosure Revealing vulnerabilities Hacktivism Hacking for a cause Suicide Hacker Hopes to be caught Ethical Hacker Hacks for defensive purposes Penetration Test Determine true security risks Vulnerability Assessment Basic idea of security levels Vulnerabilty Researcher Tracks down vulnerabilities White hat Hacks with permission Grey hat Believes in full disclosure Black hat Hacks without permission White Box A test everyone knows about Grey Box A test with a very specific goal but unspecific means Black Box A test no one knows is happening Threat Potential event Vulnerability Weakness Exposure Accessibility Exploit Act of attacking Mail:mtahirzahid@yahoo.com

Page 168

Power Of Hacking TOE Target of Evaluation Rootkit Hides processes that create backdoors Botnet Robot network that can be commanded remotely Buffer Overflow Hijack the execution steps of a program Shrinkwrap Code Reused code with vulnerabilities Google Hacking An attacker will use Google to enumerate a target without ever touching it. The advanced search syntax is easy to use but can be quirky at times. It takes practice and experimentation. Using Advanced Search operator:keyword additional search terms Advanced Operators site Confines keywords to search only within a domain ext File extension loc Maps location intitle Keywords in the title tag of the page allintitle Any of the keywords can be in the title inurl Keywords anywhere in the URL allinurl Any of the keywords can be in the URL incache Search Google cache only Keyword combinations passsword | passlist | username | user login | logon Administrator | Admin | Root Prototype | Proto | Test | Example Examples site:intenseschool.com (ceh ecsa lpt) intitle:index.of Mail:mtahirzahid@yahoo.com

Page 169

Power Of Hacking allinurl:login logon -ext:html -ext:htm -ext:asp -ext:aspx -ext:php Ports and Protocols These must be memorized! Also be prepared to convert them to hexadecimal representation in case they must be identified in a packet dump, log file, IDS rule, or a sniffer capture/display filter. Protocols 1 ICMP 6 TCP 17 UDP 47 GRE 50 AH 51 ESP Ports 20 - 21 FTP 22 SSH 23 Telnet 25 SMTP 42 WINS 53 DNS 80 - 81 -8080 HTTP 88 Kerberos 110 POP3 111 Portmapper (Linux) 119 NNTP 135 RPC-DCOM 137 - 138 - 139 SMB 143 IMAP Mail:mtahirzahid@yahoo.com

Page 170

Power Of Hacking 161 - 162 SNMP 389 LDAP 445 CIFS 1080 SOCKS5 3389 RDP 6667 IRC 14237 Palm Pilot Remote Sync Trojan Horses 7777 Tini 12345 NetBus 27374 Back Orifice 31337 Sub7 Password Cracking This test will have scenarios that require you demonstrate an understanding of TCP behavior. Be sure to know each of these combinations well. Types of password cracking techniques Guessing Is the most efficient, assuming information gathering before hand Dictionary Based on a predetermined list of words Brute Force Trying every possible combination of characters Hybrid A combination of all other attacks LM Hashes Every password is ultimately 14 characters long, split into two 7 character halved Passwords that are less than 7 character are easily identified in the SAM file (hash ends in 404EE) Rainbow Tables "Time / Memory Trade off"" Less memory than a lookup, less computing than a brute force. Salting the hash is a way to combat rainbow tables. Cracking Effort Mail:mtahirzahid@yahoo.com

Page 171

Power Of Hacking Weak passwords can be cracked in seconds Strong passwords might take the lifetime of several universes to crack Rainbow Tables Solve the "Time / Memory Trade Off" DNA Distributed Network Architecture Popular Cracking Tools John the Ripper Command line tool that runs under both Windows and Linux L0phtcrack Commercial tool 0phtcrack Open source tool that supports rainbow tables Cain and Abel Powerful multipurpose tool that than sniff and crack passwords af many types Sniffing Social Engineering is the most powerful attack tool. It requires no equipment or technology, and often minimal expense. Only proper user education and awareness can prevent it and even then, errors in judgment can still be exploited. Methods for defeating a switch Admin the switch If the password for the switch can be guessed, a port can be placed into monitor mode MAC Spoofing Set the MAC address of a NIC to the same value as another MAC Flooding Overwhelm the CAM table of the switch so it coverts to hub mode ARP Poisoning Inject incorrect information into the ARP caches of two or more endpoints. Wireshark command line tools tshark Command line version of Wireshark dumpcap Captures traffic capinfos Reads a saved capture file and returns statistics about it editcap Edit and/or translate the format of capture files mergecap Merges multiple capture files into one text2pcap Generates a capture file from an ASCII hexdump of packets

Mail:mtahirzahid@yahoo.com

Page 172

Power Of Hacking tcpflow Extracts data streams from dump files tcptrace Analyzes TCP conversations tcpreplay Can resend capture packets TCPDump capture filters Capture filters will be kept simple on the test. They look basically like English phrases. Analyze the examples below to get an idea. host www.example.com and not (port 80 or port 25) port not 53 and not arp ip proto 1 (tcp[2:2] > 1500 and tcp[2:2] < 1550 Wireshark display filters Display filters work basically like: proto.field operator value Analyse the following examples: tcp.flags == 0x29 ip.addr != 192.168.1.1 tcp.port eq 25 or icmp ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16 http.request.uri matches "login.html" Social Engineering Social Engineering is the most powerful attack tool. It requires no equipment or technology, and often minimal expense. Only proper user education and awareness can prevent it and even then, errors in judgment can still be exploited. The principles of Social Engineering Authority An intimidating presence Scarcity Create the perception of loss or lack of access to a resource

Mail:mtahirzahid@yahoo.com

Page 173

Power Of Hacking Liking Charm and charisma Reciprocation The victim believes they owe the attacker a favor Consistency Appealing the a victims true feelings and opinions Social Validation Compliments and praise Types of Social Engineers Insider Associates Have limited authorized access, and escalate privileges from there. Insider Affiliates Are insiders by virtue of an affiliation, they spoof the identity of the insider. Outsider Affiliates Are non�trusted outsiders that use an access point that was left open. Methodologies This class tells a story, and understanding that story is far more important than memoriing these lists. Think about what actions are taken during each phase, and notice how they logically progress. The phases of an attack 1. Reconnaissance Information gathering, physical and social engineering, locate network range 2. Scanning - Enumerating Live hosts, access points, accounts and policies, vulnerability assessment 3. Gaining Access Breech systems, plant malicious code, backdoors 4. Maintaining Access Rootkits, unpatched systems 5. Clearing Tracks IDS evasion, log manipulation, decoy traffic Information Gathering 1. Unearth initial information What/ Who is the target? 2. Locate the network range What is the attack surface? 3. Ascertain active machines What hosts are alive? 4. Open ports / access points How can they be accessed? 5. Detect operating systems What platform are they? 6. Uncover services on ports What software can be attacked? 7. Map the network Tie it all together, document, and form a strategy.

Hacking WIFI in Windows with Commview and Aircrack – ng Mail:mtahirzahid@yahoo.com

Page 174

Power Of Hacking FIRSTLY WE KNOW ABOUT HOW TO HACK WIFI PASSWORD AND WHAT TOOL ARE REQUIRED TO HACK WIFI PASSWORD TOOL REQUIRED FOR WIFI HACKING:

1. Commview for WIFI: This tool is used for capturing the packet of wifi which we have to crack.this is also used for convert the file which is required for crack ( in this crack we convert .ncf file to .cap file) To download this software 2. Aircrack -ng: This tool is used for retrieve password from captured file from commview for wifi software to download software

Steps to Hack WIFI in Windows:

1. install commview 2. after installation a popup window is open in commview software for driver installation .( if pop window not open then goto > help > driver installation guide then do this) 3. install commview driver for your wifi network( without installation of driver you cannot capture data of desired wifi network) 4. after installation of driver click on capture button on left corner of software. 5. a pop up window is open and show wifi network near you. 6. select wifi network which you want to hack and click on capture. you must need to see your connection is wep or not.(this trick only work with wep) 7. after that you can see the commview capture wifi data. 8. now goto to logging panel in commview and tick on auto saving and put maximum directory size, mb – 2000 average log file size- 20 Mail:mtahirzahid@yahoo.com

Page 175

Power Of Hacking 9. now capture packets for 2-3 hour.( about 1 lakh packet)

Steps to Convert CAPTURED FILE: open commview and follow step 1. goto file>log viewer 2. after open log viewer 3.goto file> load commview log> select all capture file > then open 4. after opening goto>export logs > select wireshark tcpdump format 5. save file with desired location (this file is used for cracking password).

Crack Password using Aircrack -ng: 1. open download package. 2. goto bin and open aircrack-ng GUI.exe 3. open converted file 4. select key size – 64 5. click on launch 6. index no. of target file is– 1 7 wait for cracking password 8. if wifi password is cracked then it write password 100% decrypted 94:15:74:54:42 in this password is 9415745442 for wifi

If cracking fails in the first attempt: If password is not cracked then it say FAILED NEXT TRY WITH 5000 IVS ,so we have to again capture packets and repeat above process again till password is crack NOTE:- when we again capture packet and convert it into cap then we have to select all previous captured packet also to convert

Mail:mtahirzahid@yahoo.com

Page 176

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.