Skip to main content

Hacking with Security Tools Part - 2


 Kali Linux and Ethical Hacking

Introduction 

 Welcome to the second module of this workshop. In the previous module we presented how you can setup a virtual environment on which you can practice ethical hacking skills. Now we will move to the steps where we can further put light on the practical stuff. Let’s explore how you can practice ethical hacking with Kali Linux.


Prerequisite 

   It is recommended that you first create a live virtual environment as explained in Module 1 and with a minimum of the following machines running in the virtual ethical hacking lab.

 • Master Box (Kali Linux) 

 • Windows XP 

 • Metasploit 

 • Any other OS as recommended in Module 1 .

Knowledge Base 

  Let’s first talk about a bit on the explanatory bit, which you can memorize before stepping into real hacking. 

 What is Ethical Hacking? 

  You must have heard enough on hacking! But what is ethical hacking? Can hacking be ethical? Well, this is a terminology used by the industry where a security professional or a hacker (white hat) is hired by a company or organization to evaluate the security blueprint of the organization. In simple words, this professional is asked to hack into systems and let the organization know about any security vulnerabilities this organization may have. 

 The simplest way to remember this is “Hacking with permission to benefit the organization as requested”

How to Ethically Hack? 

 Now that you are a bit more familiar with the ethical hacking terminology, how do you ethically hack? Ideally speaking, there is no set mechanism or general guidelines to follow, one by one, and hack into systems! However, the industry has setup some methods and some techniques that you can adopt to perform ethical hacking.

   Shocked? Well, with the passage of time and experience in the field of ethical hacking, you will realize that in the end it is your own developed skills that you utilize in order to hack into any networks, applications or systems. And that changes with every single ethical hacker or security professional and therefore there are different expertise levels of ethical hackers and security professionals. 

  However, the questions we raised above remain unanswered, i.e. how to ethically hack? 

  Let’s present a quick methodology that serves as a de-facto standard in ethical hacking. This way you will have a benchmark on developing your skills aligned with the methodology. 

  The most famous certification in ethical hacking is “Certified Ethical Hacker” (CEH) which is granted by EC Council. CEH books outline the following phases in the ethical hacking methodology in a broader way. 

 “The process of ethical hacking can be broken down into five distinct phases.

An ethical hacker follows processes similar to those of a malicious hacker.

  The steps to gain and maintain entry into a computer system are similar no matter what the hacker’s intentions are” 

Phases of Ethical Hacking

 The five phases of ethical hacking are outlined below; we will present how you can use Kali Linux in order to achieve the goals highlighted in the phases.


Kali Linux provides tools which you can utilize at each phase in order to perform ethical hacking as per the set methodology covering the five phases as outlined here. 

 Now, just to give a comparison here, ethical hacking is also known as penetration testing and is an advanced, offensive form of security testing designed to provide a deep technical analysis of a target environment’s vulnerability to exploitation and attack. 

 Ethical hacking goes beyond basic risk assessment and automated techniques and relies on a skilled security professional.

   An ethical hacking test target might include anything from web or client-server applications to infrastructure components to hosting environments.

Phase 1 – Reconnaissance

  Reconnaissance is of basically two types in general,active and passive. Passive reconnaissance involves gathering information about a potential target without the targeted individual or company’s knowledge or, you can say, without direct interaction with the target. It is like you are watching the organization from outside its physical premises and noting down the office timings and the number of people that enter and exit the building at different time slots. 

 On the other hand, active reconnaissance is the information gathering in which you directly interact with the target. In this method, you basically probe the target to gather as much information as you can about the target. Active reconnaissance is sometimes referred to as scanning. 

 Example 

  By using passive and active reconnaissance, we can get to the collection of useful information. For example, it’s usually easy to find the type of web server and the operating system (OS) version number that a company is using. This information may enable a hacker to find vulnerability in that OS version and exploit the vulnerability to gain more access

  Role of Kali Linux 

  Okay, now let’s talk about how Kali Linux can be helpful in performing reconnaissance. We will now log into our lab and see what we have in Kali Linux to perform steps in order to achieve Phase 1 of ethical hacking, which is basically information gathering in two different ways.

Let’s see if we can gain information as we have mentioned in the above example in reconnaissance. 

Login to Kali Linux and open the tab as shown in below figure    


You can see that Kali Linux provides tools of different types., At this stage in hacking, we need to collect information about operating systems versions and the web application types. 

 You can use the information gathering tools available in Kali Linux to achieve this task. Let’s have a look at tools we have in Kali Linux for said tasks.


Kali Linux provides tools for performing DNA Analysis, SMB Analysis, Service fingerprinting, SNMP Analysis, Network scanners and OS fingerprinting tools. 

 Let’s use a couple of these tools to explore the phase of reconnaissance in our ethical hacking lab. 

Lab Task 1: Perform Information Gathering about the systems running in hacking lab. 

Phase: Reconnaissance 

Tools: netdiscover



Phase 2 – Scanning 

  This phase of scanning, involves taking the information discovered during reconnaissance and using it to examine the network. Tools that a hacker may employ during the scanning phase include port scanners, vulnerability scanners and other tools, as per your requirements. 

 This phase covers the following activities, which are actually performed by tools automatically. 

• Port Detection 

• Service Detection 

• Operating System Information 

  Hackers basically seek information that can help them execute an attack on a target, such as the following:

 • Computer names 

• Operating system (OS) 

• Installed software

 • IP addresses

 • User accounts 

Lab Task 2: Scan the network range and detect services, operating system names and any other useful information. 

 Phase: Scanning. 

    Tools: NMAP. 

Now we have following information available from reconnaissance phase includes IP addresses of the systems running in the available network.

A total of seven machines are live and we have IP addresses, as well. Now we will run a couple NMAP scans to find out what is actually running on these addresses. We have saved the IP addresses in a list so that we don’t waste our time in running scans on addresses that are not live. 
  
 The command to run scan with nmap to detect open ports for the addresses available in the list is as follows.





That’s the way you can detect more information with different tools in place to gather information.

  Now, what is more important to know and find out is vulnerabilities information. So far, we have been detecting information, which is useful, but you cannot exploit enough with this information. Kali Linux has different tools to perform a vulnerability assessment on a target network. Let’s explore and see what we have with Kali to achieve the task of vulnerability assessment. 

 Lab Task 2: Running a Vulnerability Scan 

 Phase: Vulnerability Scanning / Scanning 
 
Tools: Nessus 

To perform this lab, you need to first install Nessus in Kali Linux. To achieve this download and install Nessus as explained below. 

Download and Install Nessus (Home Feed) 

 Download the latest Nessus Debian package from Tenable website. As shown in the below figure, install it through command line.


If everything goes well, you should see the next screen to create your Nessus Login Screen.

  Once done with Nessus, ensure that all your Virtual Machines are up and running. In our virtual lab environment, we have five (5) machines running, including Linux, BSD and Windows Operating Systems. 

Login to Nessus with the credentials you created during installation.


Select options as shown in the above figure. Also you can check the DNS option.










Aha! It’s an admin login portal, but we don’t have any credentials to access this. We tried a couple of SQL injections but failed to get access to the web portal. Let’s try some dictionary attacks and see if something comes up. We will use hydra for this purpose and, fortunately, Kali Linux comes preinstalled with Hydra so you don’t have to go install it. 

Use Hydra with the following commands, however, you need to have user and password lists handy







    This is the power of Kali Linux, providing you support for performing ethical hacking and covering the complete methodology as explained in the beginning of this module.


Popular posts from this blog

Bypassing Web Application Firewall Part - 2

WAF Bypassing with SQL Injection HTTP Parameter Pollution & Encoding Techniques HTTP Parameter Pollution is an attack where we have the ability to override or add HTTP GET/POST parameters by injecting string delimiters. HPP can be distinguished in two categories, client-side and server-side, and the exploitation of HPP can result in the following outcomes:  •Override existing hardcoded HTTP parameters  •Modify the application behaviors   •Access and potentially exploit uncontrollable variables  • Bypass input validation checkpoints and WAF rules HTTP Parameter Pollution – HPP   WAFs, which is the topic of interest, many times perform query string parsing before applying the filters to this string. This may result in the execution of a payload that an HTTP request can carry. Some WAFs analyze only one parameter from the string of the request, most of the times the first or the last, which may result in a bypass of the WAF filters, and execution of the payload in the server.  Let’s e

Haking On Demand_WireShark - Part 5

Detect/Analyze Scanning Traffic Using Wireshark “Wireshark”, the world’s most popular Network Protocol Analyzer is a multipurpose tool. It can be used as a Packet Sniffer, Network Analyser, Protocol Analyser & Forensic tool. Through this article my focus is on how to use Wireshark to detect/analyze any scanning & suspect traffic. Let’s start with Scanning first. As a thief studies surroundings before stealing something from a target, similarly attackers or hackers also perform foot printing and scanning before the actual attack. In this phase, they want to collect all possible information about the target so that they can plan their attack accordingly. If we talk about scanning here they want to collect details like: • Which IP addresses are in use? • Which port/services are active on those IPs? • Which platform (Operating System) is in use? • What are the vulnerabilities & other similar kinds of information. • Now moving to some popular scan methods and ho

Bypassing Web Application Firewall Part - 4

Securing WAF and Conclusion DOM Based XSS DOM based XSS is another type of XSS that is also used widely, and we didn’t discuss it in module 3. The DOM, or Document Object Model, is the structural format used to represent documents in a browser. The DOM enables dynamic scripts such as JavaScript to reference components of the document such as a form field or a session cookie, and it is also a security feature that limits scripts on different domains from obtaining cookies for other domains. Now, the XSS attacks based on this is when the payload that we inject is executed as a result of modifying the DOM environment in the victim’s browser, so that the code runs in an unexpected way. By this we mean that in contrast with the other two attacks, here the page that the victim sees does not change, but the injected code is executed differently because of the modifications that have been done in the DOM environment, that we said earlier. In the other XSS attacks, we saw the injected code was