Understanding the methods for hacking Network Nodes
Introduction
In this module, we will cover the overall hacking methodology in order to attack network nodes. We spoke about the 90/10 principle in our previous module; in this module we will elaborate in granular detail to explain the concept of this principle.
Prerequisites
To get the most out of this workshop, it is recommended that you should first complete the previous module before making an effort to go through this module. You must have the understanding of the terminologies explained in the previous module and have the virtual hacking lab up and running. Therefore, it is strongly recommended that you complete the previous module.
90/10 Principle
In general, this principle doesn’t reinvent the wheel, however, it highlights the core requirements of all types of ethical hacking and penetration testing. All types of ethical hacking / penetration testing basically have two main phases in overall project completion of such types, but the successful project execution, or we can say that successful hacking, only happens when you put more time and effort in phase one rather than phase two, because phase two is totally dependent on its predecessor.
Phases of Ethical Hacking
• Information Gathering
• Execution
All the activities in penetration testing or ethical hacking happen in these two phases only. Information Gathering and Execution phases have different activities which we will cover shortly in this module.
The main theme of this principle is to spend 90% of your project time in Phase-I, which is Information Gathering, and only 10% of your time in Phase-II, which is execution. You will understand this and realize that most of the activities performed in overall ethical hacking occur in the Information
Gathering phase.
Gathering phase.
Activities of Information Gathering Phase
In the information gathering phase, you collect as much as information about the target network as you can. The information gathering phase is comprised of four (4) activities listed below.
• Identify live hosts
• Discovering operating systems
• Discovering open ports & services
• Discovering vulnerabilities
Identifying live hosts The information gathering phase starts by identifying the live hosts in the targeted network. This step has its own importance as the information gathering phase is started by identifying the live hosts in the targeted network, and if you left any node un-detected, imagine the loss you will phase in results.
Discovering operating systems The second step is identifying the operating system of the hosts you have just detected in the previous step. This activity opens up the door for the next activity, in which you will be focusing to find different ports in the operating system.
Discovering ports and services Once you have the operating system type discovered, the next step is to find the open ports and the services hosted by these host’s operating systems.
Discovering vulnerabilities is the actually time when you discover potential vulnerabilities in the hosts running different operating systems with different services.
Activities of Execution Phase
In the execution phase, you only have two selected activities to perform and this is the time where you either get the successful hacking attempts or fail in compromising the target. If your execution phase fails, then it’s mainly because you haven’t prepared well yourself in the information gathering phase. Activities of the execution phase are listed below.
• Exploitation
• Post Exploitation
Exploitation is the time where the fun begins and you actually start hacking into systems. If you have followed the 90/10 principle, then only the success rate for exploitation would be higher, otherwise, just running the exploits is the job of script kiddies.
What is required in this phase is a thorough study of the vulnerabilities discovered and the impact of the vulnerabilities. You should have enough skills to understand what the script or the exploit cause, what will be the outcome of exploiting this vulnerability and, more importantly, what is the risk this vulnerability exposes if successfully exploited.
Post Exploitation is the last step and the main purpose of this activity is to collect the necessary evidences in order to demonstrate the successful hacking attempts and use them in your report.
In this workshop, we have our focus in blueprinting the target so we will not be exploiting anything here (this is extensively covered in other workshops), however, we will be focused on the 90% of the ethical hacking, meaning that we will thoroughly gather the information and do some vulnerability assessment and management. To achieve this goal, we need to go back to our lab and complete the remaining installations of the required tools to perform information gathering and then do some vulnerability assessment & management.
Installing Hacking Tools in Virtual Lab Environment
What we need to cover here is the installation of the following remaining tools.
• Nessus Home Feed
• Nmap
• NeXpose
• Metasploit Framework
• Vulnerable Operating System (Metasploitable)
Nessus Home Feed To install Nessus, you need to have the latest binary of the tool. Follow the below provided link to download Nessus home feed.
Download Link: http://www.tenable.com/products/nessus/select-your-operating- system.
Once you have download the Nessus home feed scanner, register to get the license key. Follow the link below to get your key.
Registration for Nessus Home Feed Key http://www.tenable.com/products/nessus-home Once you have the registration key with you, it’s time to install the copy of your Nessus scanner. Simply double click the Nessus package you have just downloaded and do the installation.
Next, after successful installation of Nessus, register your copy by following the steps shown in the below snapshot.
Nessus Web Console Access: https://127.0.0.1:8843.
Next, install nmap on Ubuntu, as it doesn’t come preinstalled with Ubuntu Linux. To install nmap, it’s a very easy process. Simply type the following command via terminal and installation will start on its own. We have also shown the installation via command line in below snapshot.
Command “sudo apt-get install nmap”.
Next, download and Install NeXpose Vulnerability scanner. Browse the download link provided below and select the community edition.
Download Link http://www.rapid7.com/products/nexpose/compare downloads.jsp.
Complete the registration process and get your free copy. It is recommended that you download the VMware virtual appliance version of the NeXpose community edition, as it comes with preinstalled version on VMware and with Linux operating system. However, its installation is as simple as we have completed for the Nessus installation. To save time, we will not go to a step-by-step installation of the NeXpose.
Next, download and install Metasploit pro version. It’s free with full features, however, only for 14 days.
Download link: http://www.rapid7.com/products/metasploit/download.jsp.
Next, continue the installation of Metasploit installation on Ubuntu Linux as shown below.
Next, click forward and continue.
Next, accept the agreement and click forward to continue.
Click forward and continue installation, it is recommended to leave the folder as by default.
Next, set yes to run Metasploit as a service, click forward to continue installation.
Next, click forward to continue and make sure that firewall and antivirus software are disabled.
Next, leave the port as set by default and click forward to continue the installation.
Next, configure the server name and validity of date for the SSL certificate & click forward to continue.
Next, you are all set to install the Metasploit pro copy. Click forward and install.
Next, sit back and relax until the installation is complete. By this time, you should have the registration key with you so that you can register the copy of your installation.
Next, download and install the vulnerable operating system. Follow the link below to download the pre-built vulnerable operating system by rapid7 team called Metasploitable.
Download Link: https://information.rapid7.com/metasploitable-download.html.
Next, once you have completed the download of the OS, follow the below instructions to complete the virtual machine setup and plug this machine into your Virtual hacking lab.
Next, open Virtual Box and click on ‘New Virtual machine wizard’. Type the name of your choice. I am using ‘Metasploitable-2’. Choose ‘Type’ as Linux and ‘version’ as Ubuntu. Click on Next.
Next, choose the memory size appropriate to the availability of RAM on your host machine although 1512MB is more than enough. Click on Next.
In the hard drive creation window, select option “Use an existing virtual hard drive”, browse to the folder where we have extracted our zip files and select the ‘vmdk’ file available. Click on Create.
Or you can simply continue with the “Create a virtual hard drive now” option and later change it to the Metasploitable Hard drive.
Next, select the disk type as Virtual Machine Disk and continue setting up this virtual machine.
Next, use the dynamic allocation of hard drive space as we did previously for the Kali Linux and click continue to keep you moving to the next step of virtual machine creation.
Name the hard drive a convenient name so that you can remember it. This is a useful feature, as the hard drive will be saved a file and the naming convention will make it easier for you to move your file, if required.
Now select the Metasploitable disk image we have from the Metasploitable image just downloaded. Set this as the hard drive and you are all set to boot this Virtual Machine set as Vulnerable Operating System into your Virtual Lab Environment.
Now the Vulnerable Operating System is ready to be exploited for your Virtual Lab Environment.
Default Login was provided earlier in this module and don’t forget to change the password. We are now all set to start some actual workout in out virtual hacking lab. We will cover this in our upcoming module.