A First Course In Ethical Hacking
()
About this ebook
Related to A First Course In Ethical Hacking
Related ebooks
Computer Hacking: The Crash Course Guide to Learning Computer Hacking Fast & How to Hack for Beginners Rating: 0 out of 5 stars0 ratingsEthical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Hacking: Computer Hacking for beginners, how to hack, and understanding computer security! Rating: 5 out of 5 stars5/5Compsec: For the Home User Rating: 0 out of 5 stars0 ratingsUltimate Hacking Challenge: Hacking the Planet, #3 Rating: 5 out of 5 stars5/5Hacking Rating: 3 out of 5 stars3/5How to Hack Like a Pornstar: Hacking the Planet, #1 Rating: 5 out of 5 stars5/5How to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5Hacking: A Comprehensive Guide to Computer Hacking and Cybersecurity Rating: 0 out of 5 stars0 ratingsHow to Hack Like a GOD: Hacking the Planet, #2 Rating: 5 out of 5 stars5/5Beginning Ethical Hacking with Kali Linux: Computational Techniques for Resolving Security Issues Rating: 0 out of 5 stars0 ratingsUltimate guide for being anonymous: Avoiding prison time for fun and profit Rating: 4 out of 5 stars4/5Breaking Computer Network with Internet Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5How to Investigate Like a Rockstar: Hacking the Planet Rating: 0 out of 5 stars0 ratingsUltimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Cyber Security for Beginners: How to Become a Cybersecurity Professional Without a Technical Background (2022 Guide for Newbies) Rating: 0 out of 5 stars0 ratingsDarknet Rating: 4 out of 5 stars4/5How to Hack Like a Legend: Hacking the Planet, #7 Rating: 5 out of 5 stars5/5Pentesting 101: Cracking Gadgets And Hacking Software Rating: 0 out of 5 stars0 ratingsHacked: The Ultimate Guidence Rating: 5 out of 5 stars5/5Hack Computer System For Noobee Rating: 1 out of 5 stars1/5Hacking: 10 Easy Beginners Tutorials on How to Hack Plus Basic Security Tips Rating: 0 out of 5 stars0 ratingsHacking into Hackers’ Head: A step towards creating CyberSecurity awareness Rating: 5 out of 5 stars5/5The Darknet Superpack Rating: 0 out of 5 stars0 ratingsHacking for Beginners: Your Guide for Learning the Basics - Hacking and Kali Linux: Security and Hacking, #1 Rating: 5 out of 5 stars5/5Hacking the Hacker: Learn From the Experts Who Take Down Hackers Rating: 3 out of 5 stars3/5
Computers For You
Procreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratingsThe ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsHow to Create Cpn Numbers the Right way: A Step by Step Guide to Creating cpn Numbers Legally Rating: 4 out of 5 stars4/5People Skills for Analytical Thinkers Rating: 5 out of 5 stars5/5Elon Musk Rating: 4 out of 5 stars4/5Mastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5The Best Hacking Tricks for Beginners Rating: 4 out of 5 stars4/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5Learning the Chess Openings Rating: 5 out of 5 stars5/5ChatGPT Ultimate User Guide - How to Make Money Online Faster and More Precise Using AI Technology Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Deep Search: How to Explore the Internet More Effectively Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5The Mega Box: The Ultimate Guide to the Best Free Resources on the Internet Rating: 4 out of 5 stars4/5CompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Master Builder Roblox: The Essential Guide Rating: 4 out of 5 stars4/5The Designer's Web Handbook: What You Need to Know to Create for the Web Rating: 0 out of 5 stars0 ratings101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5The Professional Voiceover Handbook: Voiceover training, #1 Rating: 5 out of 5 stars5/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5Ultimate Guide to Mastering Command Blocks!: Minecraft Keys to Unlocking Secret Commands Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Web Designer's Idea Book, Volume 4: Inspiration from the Best Web Design Trends, Themes and Styles Rating: 4 out of 5 stars4/5
Reviews for A First Course In Ethical Hacking
0 ratings0 reviews
Book preview
A First Course In Ethical Hacking - Herman van Heerden
A first course in ethical hacking
A first course in ethical hacking
By Herman van Heerden
eBook ISBN: 978-1-300-92063-2
Text copyright © 2013 Herman van Heerden
All rights reserved, except where else indicated
Thanks Mia!
Preface
For some time now I have realized that the only relatively quick way to obtain knowledge of hacking, is to bite the bullet and attend a course in IT security. This is not a bad option, but where do you begin? Who will tell you what hacking really is about, without adding an oversized dollop of Hollywood flair to sell the course?
As a youngster, the romance of hacking took hold of my imagination. Computers were always a passion of mine, and the myth (or is it legend?) of two kids who moved a satellite by messing around with computers were well known and many a time the subject of daydreaming. But again - where do you begin? While still working a student job in my first year at university, I got my hands on a text marked the Hackers Handbook
(http://www.textfiles.com/etext/MODERN/hhbk). To put things in perspective, the internet was young, Microsoft did not believe in CD-ROMs and Do you Netscape
was the term used for web browsing. Modems were the way you connected. Well, I printed the entire Hackers Handbook
on a dot matrix printer **** and put it into a file, ready to enrich myself with the knowledge of the hacker. The text was all about how BAUD works, modems and the protocols used by BBSs. I found the reading as exiting as a social studies student who got his hands on a banned copy of The Little Red Book or Animal Farm, but in the long run, the content of the book proved rather less than insightful. Yes, hacking was different when the words were uttered the beauty of the baud
(from the original Hackers Manifesto), but times have changed and changed again in a very short period of time.
As with that original Hackers Handbook
, I believe this book will also be seen as ancient text in a far shorter time that I hope it to be. But for now, this is a great beginning for the inquisitive mind that asks the question how do you hack?
and does not know where to begin.
This book is not intended to train you as a prospective member of Anonymous, but it is to satisfy the curiosity of the methods used by the elite. I don’t want to you become a criminal, and the knowledge I would like to impart is for you to find your intellectual home amongst the security specialists so highly valued by the IT industry. It is not a crime to talk about bombs, or to even investigate the science behind explosives; thus, this book should not be seen as a guide to become a criminal. It is in any case just a nudge in the right direction to understand.
Some people have the ability to just know
, but I am not one of those. I need a nudge in the right direction. And my sincerest hope is that this book will help you find the edge of that rope that is knowledge. Just don’t hang yourself with it!
Herman van Heerden
B.Sc. Hons (Cum Laude) in Computer Science
Certified Information Security Expert
Table of content
Introduction
For the beginner: Network basics
1st Stage: Information gathering
Case study – Kevin Mitnick
Social engineering
Dumpster diving
Physical visit
Personal details of the target
SPAM and email spoofing
Browser vulnerabilities
Users and user rights
2nd Stage: Scanning
Port scanning – nmap
Network scanning – autoscan
Intrusion detection and prevention systems (IDS/IPS)
Firewalls and honeypots
Proxies and tunneling
Web FUZZING
3rd Stage: Gaining Access
Case study – WikiLeaks
Ethical parameters and the moral gray area
The Word Wide Web
Client side versus server side scripts
Finding information on the website you visit
SQL injections
Cross site scripting (XSS)
Session hijacking
System/OS access
4th Stage: Maintaining Access
Case study – Sony BMG
Ethics – Contract period and backdoor disclosure
OS level access
Viruses, Works and Trojans
Steganography
5th Stage: Covering your tracks
MS Windows™
LINUX
MacOSX
TOR
A final word
Introduction
This book is an introduction to ethical hacking. Let’s explore this, shall we?
Introduction:
Please, do not expect this book to take you by the hand and show you how to hack your friend’s Facebook
account. We investigate the science behind hacking. Application of the knowledge is up to you.
2. Ethical:
How can hacking be ethical? A rose by any other name… We see the implementation of what we do and want to allow you to do as the basics of the IT security trade. The word hacker
has been used and misused so many times. So rather than stressing the semantics, we believe you should know the tricks of the trade. The way you use it is yet again up to you. We believe you will choose the ethical path, and not use your knowledge for evil. With great power…
3. Hacking:
Hacking, in the mind of the public, is the guy (or girl) with the skill to access computer systems where access seems closed to others. Knowingly or unknowingly, these people have processes they follow. We have spelled out these processes, allowing the magic to seem quantifiable.
As inspiration, we have followed the most popular courses in hacking’s example, and defined 5 stages of a hack. These are:
Information gathering
System scanning
Gaining access
Maintaining access
Covering your tracks
Using these headings, we will look at case studies and examples of each. This will clarify the stage better than any definition will ever do. All these cases are true and can be research in more detail online. We will use the Wikipedia entries as base, giving you the right end of yarn.
In addition to just examples, we will go into more practical stuff as well. We advise you to get yourself BackTrack5 and write it to DVD or USB stick. It is the key item in the arsenal of a hacker; everything is configured and ready to use.
Remember, it is against the law in most countries to run scans against other people’s systems. So, without authorization, you are on your own. For this book, and for scans, we will recommend you download and run a broken LINUX distribution called Metasploitable (http://www.offensive-security.com/metasploit-unleashed/Metasploitable). It was built to test the features of the Metasploit toolset. We will explore this application as well, but our focus is to understand the mechanics behind it. So, test the suggested and demonstrated tools first. As a self-study exercise you can replicate your results on the Metasploitable distro with the Metasploit tool itself. Remember, sometimes one tool alone will not give you the hidden answer. So understand the methods, and the tool becomes just that: a tool, not the be-all and end-all of security testing.
For the beginner: Network basics
Introduction
If you are reading this book, you most probably know all about the content of this chapter. But as a warm-up exercise, and to get everyone on the same page, we will run through the basics of networking. No system stands alone these days, and it is essential to know the medium you use to access machines. We will not go into the low level bits and bytes, but keep it to the essentials. So, even if you know this stuff, please read through it if only to refresh your memory.
Infrastructure architecture - LAN/WAN/WLAN
Computers are used to generate data. From its inception, the output of computers were the reason for using one. And with the generation of information, storing and sharing become key. Thus the birth of networking.
ARPANET
[1]ARPANET was the world's first packet switching network and the core network of a set that came to compose the global Internet. The network was funded by the Defense Advanced Research Projects Agency of the US DOD for use by its projects at universities and research laboratories. The packet switching of the ARPANET was based on designs by Lawrence Roberts of the Lincoln Laboratory.
Packet switching was a new concept at that time. Prior to the advent of packet switching, both voice and data communications had been based on the idea of circuit switching, as in the traditional telephone circuit, wherein each telephone call is allocated a dedicated, end-to-end, electronic connection between the two communicating stations. Such stations might be telephones or computers. The dedicated line is typically composed of many intermediary lines which are assembled into a chain that stretches all the way from the originating station to the destination station.
With packet switching, a data system could use a single communications link to communicate with more than one machine by collecting data into data-grams and transmitting these as packets onto the attached network link. Thus, not only can the link be shared, much as a single post box can be used to post letters to different destinations, but each packet can be routed independently of other packets.
The Internet