Ethical hacking and computer securities for beginners

A good ethicalhacker will find information, identify weakness and finally perform someattacks on the target machine.. A person performing ethical hacking is known as ethical hacker or co

Foreword

About the Author

Chapter 1 : What is Ethical Hacking?

Chapter 2 : Finding Informations

3.6 What is Wireshark and Ethereal?

Chapter 4 : Performing Attacks

This book is written based on practical usage and research on computersecurity and networks Basically everyone has strong concern about computersecurity networks where by it can sabotage the business and operations Itwill be worse if the entire business operations are running on the website orweb hosting company

This book covers practical approach on software tools for ethical

hacking Some of the software tools covered are SQL Injection, PasswordCracking, port scanning, packet sniffing and etc Performing ethical hackingrequires certain steps and procedures to be followed properly A good ethicalhacker will find information, identify weakness and finally perform someattacks on the target machine Then the most crucial part would be to produce

a good security audit report for the clients to understand their computer

network conditions

This book also explains and demonstrates step by step most of the

software security tools for any beginners in the computer security field Some

of the software tools have been selected and utilized in computer securitytrainings and workshops

About The Author

Mr Elaiya Iswera Lallan has been in the IT Industry for the past 12years He is the Managing Director of Blue Micro Solutions, which is based

in SIRIM Bhd (Governmnet agency)

Mr Lallan has extensive experience in the IT industry He has recieved

an award as a Federal Territory Entrepreneur After obtaining his BachelorDegree in Computers and Electronics Engineering from Kolej Bandar Utama(twinning program with University of Nottingham) in year 2001, he joinedthe company called MIR as a Information Technology Consultant

He was performing computer programming tasks, and then joined as asoftware engineer in a new company called Neural Manufacturing Sdn Bhd

He had his best of experiences here when he was creating software

technologies for the company’s flagship product called e-Jari, which is abiometric security device He created an enterprise time attendance systemfor this device that can be used by other companies ranging from SMEs togovernment offices Some of the companies using this time attendance

system are PejabatTanah & Galian in Kuala Lumpur, Koperasi Malaysia,Bernama and ITIS He also created a Guard Patrol and Intruder DetectionSystem using the e-Jari, and was involved in the ISO9000:2001 certificationfor the company.With his extensive working experience and good track

record of able to handle mega IT projects in government sector, Mr Lallanmanaged to join the incubatorship program under SIRIM Bhd in February

2010 With this Mr Lallan moved Blue Micro Solutions’ operations into theSIRIM building He obtained certification from Ministry of Finance in

Malaysia in the software fields where he can participate in tenders for

government IT projects He also started employing staffs to do IT projectsand ventured into IT trainings in private corporations, government

institutions and polytechnics, such as SKALI Bhd, Kolej Komuniti in Klang,Politeknik Ungku Omar in Ipoh and Politeknik Kuching in Sarawak He hasmade Blue Micro Solutions to be a certified Human Resource DevelopmentFunds (HRDF) training provider to companies in Malaysia With his proventrack record in both the industrial and education worlds in IT, Mr Lallan hasbeen awarded collaboration with Open University Malaysia (OUM) to offeraffordable IT degree program to the public recently Currently Mr Lallan ispursuing MSC status for his company Blue Micro Solutions

With his company Blue Micro Solutions growing in the right directions,

Mr Lallan began to explore his opportunities to grow his business in overseas

as well Venturing into Canada, he successfully opened a branch called BlueMicro Canada Incorporated He also successfully registered the companywith the Canadian government in Toronto, whereby he received invitations toparticipate in the government tenders for IT projects He also saw the

opportunity to conduct IT trainings over the internet through webinars Heobtained license from Adobe USA to use its tool Adobe Connect to conductwebinars in Canada and United States of America

1.0 What is Ethical Hacking?

Ethical Hacking is an act of performing and testing security on IT

infrastructure with proper authorization from a company or organization A

person performing ethical hacking is known as ethical hacker or computer

security expert An ethical hacker will use latest hacking tools and social

engineering techniques to identify vulnerabilities on IT infrastructure

Overall the ethical hacking provides risk assessment about the security of ITinfrastructure for a company or organization information systems These riskassessment information will provide the level of security that can be

1.1 Why IT Security is so Important?

Nowadays all the companies or organizations are using and depending on ITinfrastructure, computer networks and computer systems to operate their corebusinesses Most companies store their client informations in the server indatabase systems A good hacker will easily break into customer database ifweak passwords are utilized on the server

Definitely this will cause heavy financial losses to the company Mostly thesehacked incidents will not be reported in the media in detail because it willspoil the company’s reputation

Moreover shopping and bill payments are performed online these days

Therefore client’s credit card information must be protected at all cost One

of the most famous method to gain client’s credit card information is by

performing spoofing Objective of spoofing is to fool the user into thinkingthat they are connected to the trusted website

Most attacks are implemented utilizing emails these days A good examplewhould be the LoveLetter worm attacks performed during year 2000.

Millions of computers have been attacked and made changes to the users’system itself The LoveLetter worms are received using email attachments

IT security is crucial to the organization and individual computer users

Individual computer users must make sure they have installed the latest

antivirus and antispyware in their computers Whereas companies must

ensure they have engaged a computer security expert or consultant to lookinto their computer network security issues

1.2 Ethical Hacking Procedures and Strategies

The first step in performing ethical hacking is to understand a hacker’s

process There are basically 5 main steps and processes of hacking:

Step 1 : Gaining targeted information

Step 2 : Probing vulnerabilities for exploitation

Step 3 : Gaining access to the targeted system

Step 4 : Maintaining access on targeted system

Step 5 : Covering the tracks on targeted system

The targeted system is mostly referring to the machine to be hacked It canrepresent a server or computer or any electronic devices The hacker willperform the 5 steps mentioned above to gain control or steal information orstop the machine services Each steps above may take a few months to

acheive the desired goal

An ethical hacker will perform the same steps above to further understand theweaknesses of the targeted system Once the weaknesses are identified, theethical hacker will take steps for countermeasure to avoid further exploitation

on the targeted system

1 Passive Methods of gaining information on the targeted system

2 Active Methods of gaining information on the targeted system

Passive methods involve acquiring information without direct interaction

with the targeted system One of the few ways of passive methods are

acquiring publicly available information, social engineering and dumpsterdiving

Dumpster diving is a process of looking for information in an organization’s

trash for discarded information Social engineering is a another process by

making friends or smooth talk with staffs in the organization to reveal serverpasswords, security codes and etc

Whereas active methods are utilizing tools to detect open ports, types of

operating systems installed on target system and purpose of applications andservices available on the targeted system

Social engineering is the most deadly and effective way of gaining

information on targeted system Most previous employees that dislike thecompany management are potential threat for social engineering

2.1 Software Tools for Gaining Targeted Information

As mentioned previously, using software tools to gain targeted information iscategorized as Active Method The most common and popular tools used forgaining targeted informations are as below:

2.2 WHOIS

WHOIS is a query and response protocol for querying databases that store theregistered users or assignees of an Internet resource Information that can beacquired are domain name, IP address block, autonomous system, and etc.The WHOIS protocol stores and provides database content in a human

Access information at www.internic.net/whois.html

Just type www.internic.net/whois.html at your internet browser.

Type the desired domain name and type whether it is com, edu, biz, organd etc

Then click the button ‘Submit’ and finally the information about the domainname will be displayed as below

Access information at www.whois.net

Just type www.whois.net at your internet browser

Type the desired domain name and choose whether it is com, edu, biz, organd etc

Then click the button ‘go’ and finally the information about the domain name

will displayed as below.

Installing and Accessing Information from SAM SPADE 1.14

Double click on the file name spade114 to install the software

Just click ‘Next’ until the installation is completed

Double click on the desktop icon Sam Spade 1.14 and a screen will appear asshown below

Type the desire domain name as highlighted below.

Click on the pink arrow button to produce the results

Overall the WHOIS tools will display the hosting company that has

registered the domain name It will also display the creation date and

expiration date and will update the name server of the domain name Theseare the key information provided by WHOIS tool :

1 Hosting Company that registered the domain

2 Creation date of domain

3 Expiration date of domain

6 Administrative contact details

7 Technical contact details

8 Registrant Details

2.3 Nslookup

Nslookup is a network command-line tool for many computer operatingsystems for querying the Domain Name System (DNS) to get informationabout domain name and IP address mapping for a particular specific DNSrecord The nslookup command is available in LINUX operating system byshell command and windows operating system by command prompt Beloware the options associated with nslookup command:

Just type nslookup –d www.bluemicrosolutions.com or any desired domainname at windows operating system command prompt The option –d willdisplay all the records of the domain name It will provide the sample resultsshown below:

2.4 ARIN

ARIN (American Registry for Internet Numbers) founded in the year 1997 It

is a non-profit organization that registers and administers IP numbers forNorth America, some regions of the Caribbean and sub-Saharan Africa

ARIN is one of four regional Internet registries ARIN also provides services

to the technical coordination and management of Internet numbers

Just type http://whois.arin.net on the internet browser

Enter the desired domain name highlighted below Only choose domain

names from North America, some regions of the Caribbean and sub-SaharanAfrica

Click on the arrow button next to the search box highlighted above andresults will be shown as below Select any of the 2 list highlighted below.

Upon clicking on the selected list shown from the previous page, theinformation about the domain will be display as shown below

2.5 Neo Trace

NeoTrace is an investigative tool which traces the network path across theInternet from the host system to a target system from the Internet Thesoftware provides good information about registration details for the owner

of each computer and the network of each node IP that is registered Itprovides a world map displaying the locations of nodes of the route

Double click on the file name NeoTraceProTrial325 to perform the

installation

Click ‘Next’ button until installation is completed successfully

Once the installation is completed, Neo Trace screen will pop-up as shownbelow.

Just type the desired domain name on the highlighted area below In thesesituation, www.google.com is type at the type box highlighted

Click the ‘go’ button to produce the results as shown below These results are

in ‘Map View’ format where by it shows the geographical locations of thenetwork node

Select the ‘Node View’ option in the highlighted area.

These results shows all the servers and routers responded to communicatewith google.com

2.6 VisualRoute

VisualRoute is a tool that integrates Traceroute, Ping, and Whois into aninterface that investigates Internet connections to identify whether there isslowdown in the network

Moreover, VisualRoute can display the geographical location of IP addressesand on a global map VisualRoute provides key information to help identifyInternet abusers and network intruders

Just click on file name vrc to perform visualroute software installation

It is required to install java runtime first before installing visualroute

software Just proceed with the java runtime installation until it is completed

Click ‘Install’ button to continue java runtime installation until successful

Click ‘Install Now’ button to continue VisualRoute software until successful.

Once installation is completed, a visualroute screen will appear as below.Enter the desired domain name as highlighted below and click the greenarrow button located the same row

The results shows all the network nodes and targeted information It alsodisplay the geographical location of the servers.

3.0 Identifying Weakness

During the probing process, the network scanners, sniffers and port scannersare actively used to identify vulnerabilities on the targeted system Theseprovides time and advantage for the hacker to find a important and strongmeans of penetrating the target system

For example, a hacker can identify that a server has installed a particulardatabase application that stores customer’s passwords, by using port scanners

to listen to the port When the port scanners have revealed the vulnerability ofdatabase then the hacker has high potential to use sql injections on the

databases applications

Sql injection is unverified user input which has convinced the application intorunning the sql statement When these type of sql statements are executed,the hacker has high chances of gaining customer’s passwords in the databaseapplication

In the scenario above :

Probed information : the type of database installed

Vulnerability : sql injection

Exploitation : high chances of gaining customer’s passwords

The diagram for scenario above is illustrated in the following page

Simple Diagram on probing activities on targeted system

Therefore once the hacker has probed the vulnerabilities of the targetedsystem, they have high chances to exploit the system The types of

exploitation will be explained in the following chapter Exploitations areperformed by performing attacks on the computer systems

3.1 Software Tools to Probe Networks

If you ever think that any existing network is fully proctected from anyattacks, it is best to humble yourself and test run the proposed tools below toaudit any computer networks These tools may even provided suggestions tofix the network security issues

3.2 NMAP

NMAP is a network that is able to detect operating systems, host discovery,host services detection and etc Typically the NMAP runs on DOS mode andthe end user needs to execute the nmap commands to probe networks

The website to download and install NMAP is http://nmap.org A NMAPsimple command is demonstrated below:

Above results shows that NMAP has detected all the services available fromthe host name scanme.nmap.org which are smtp, domain, gopher, http,

auth,ajp13 and elite It has identified the host using Linux 2.6 version

Important NMAP commands

The NMAP commands below are provided based on various network

situation to be probed Basically the end user needs to have some basic

knowledge on computer networks before using the NMAP commands

1: Scan a single host or an IP address (IPv4)

### Scan a single ip address ###

2: Scan multiple IP address or subnet (IPv4)

3: Read list of hosts/networks from a file (IPv4)

The -iL option allows you to read the list of target systems using a text file.This is useful to scan a large number of hosts/networks Create a text file asfollows:

cat > /tmp/test.txt

The syntax is:

nmap -iL /tmp/test.txt

4: Excluding hosts/networks (IPv4)

When scanning a large number of hosts/networks you can exclude hosts from

a scan:

nmap 192.168.1.0/24 exclude 192.168.1.5

nmap 192.168.1.0/24 exclude 192.168.1.5,192.168.1.254

OR exclude list from a file called /tmp/exclude.txt

nmap -iL /tmp/scanlist.txt excludefile /tmp/exclude.txt

5: Turn on OS and version detection scanning script (IPv4)

nmap -A 192.168.1.254

nmap -v -A 192.168.1.1

nmap -A -iL /tmp/scanlist.txt