Understanding Network Hacks: Attack and Defense with Python
()
About this ebook
Related to Understanding Network Hacks
Related ebooks
The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things Rating: 0 out of 5 stars0 ratingsKali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5How to Hack Like a GOD: Hacking the Planet, #2 Rating: 5 out of 5 stars5/5Online Hacker Survival Guide Rating: 0 out of 5 stars0 ratingsBreaking Computer Network with Internet Rating: 0 out of 5 stars0 ratingsBotnets: The Killer Web Applications Rating: 5 out of 5 stars5/5Hackercool Sept 2016: 0, #0 Rating: 5 out of 5 stars5/5Ultimate Hacking Challenge: Hacking the Planet, #3 Rating: 5 out of 5 stars5/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Beginning Ethical Hacking with Kali Linux: Computational Techniques for Resolving Security Issues Rating: 0 out of 5 stars0 ratingsHacked: The Ultimate Guidence Rating: 5 out of 5 stars5/5Hack Proofing Your Network Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar: Hacking the Planet, #1 Rating: 5 out of 5 stars5/5Compsec: For the Home User Rating: 0 out of 5 stars0 ratingsMobile Offensive Security Pocket Guide: A Quick Reference Guide For Android And iOS Rating: 1 out of 5 stars1/5C++ Networking 101 Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsComputer Hacking: The Crash Course Guide to Learning Computer Hacking Fast & How to Hack for Beginners Rating: 0 out of 5 stars0 ratingsNmap Essentials Rating: 4 out of 5 stars4/5Hacking and Penetration Testing with Low Power Devices Rating: 2 out of 5 stars2/5C++ Networking 101: Unlocking Sockets, Protocols, VPNs, and Asynchronous I/O with 75+ sample programs Rating: 0 out of 5 stars0 ratingsA First Course In Ethical Hacking Rating: 0 out of 5 stars0 ratingsHacking: Computer Hacking for beginners, how to hack, and understanding computer security! Rating: 5 out of 5 stars5/5How to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Penetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsHack into your Friends Computer Rating: 0 out of 5 stars0 ratingsHands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratings
Security For You
How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CISSP Study Guide Rating: 4 out of 5 stars4/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsGame Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratings
Reviews for Understanding Network Hacks
0 ratings0 reviews
Book preview
Understanding Network Hacks - Bastian Ballmann
Bastian Ballmann
Understanding Network HacksAttack and Defense with Python
A273359_1_En_BookFrontmatter_Figa_HTML.pngBastian Ballmann
Uster, Switzerland
ISBN 978-3-662-44436-8e-ISBN 978-3-662-44437-5
DOI 10.1007/978-3-662-44437-5
Springer Heidelberg New York Dordrecht London
Library of Congress Control Number: 2014960247
© Springer-Verlag Berlin Heidelberg 2015
Translation from the German language edition Network Hacks - Intensivkurs
, © Springer-Verlag, 2012
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.
While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.
Printed on acid-free paper
Springer is part of Springer Science+Business Media (www.springer.com)
For data travelers, knowledge hungry, curious, network-loving life-forms who like to explore and get to the bottom of thing.
Preface
Doesn’t this book explain how to break into a computer system? Isn’t that illegal and a bad thing at all?
I would like to answer both questions with no (at least the second one). Knowledge is never illegal nor something bad, but the things you do with it.
You as an admin, programmer, IT manager, or just an interested reader cannot protect yourself if you don’t know the techniques of the attackers. You cannot test the effectiveness of your firewalls and intrusion detection systems or other security, related software if you are not able to see your IT infrastructure through the eyes of an attacker. You cannot weigh up the danger to costs of possible security solutions if you don’t know the risks of a successful attack. Therefore, it is necessary to understand how attacks on computer networks really work.
The book presents a selection of possible attacks with short source code samples to demonstrate how easy and effectively and maybe undetected a network can be infiltrated. This way you can not only learn the real techniques but present them to your manager or employer and help them in the decision if it would make sense to care a little bit more about IT security. At the end of the book, you should be able to not only understand how attacks on computer networks really work but also to modify the examples to your own environment and your own needs.
Sure, the book also tells those bad guys how to crack the net and write their own tools, but IT security is a sword with two sharp blades. Both sides feed themselves off the same pot of knowledge, and it is a continuous battle, which the protecting side can never dream of winning if it censors itself or criminalizes their knowledge!
Bastian Ballmann
Uster, Switzerland
Introduction
Who Should Read This Book?
This book addresses interested Python programmers who want to learn about network coding and administrators who want to actively check the security of their systems and networks. The content should also be useful for white, gray, and black hat hackers, who prefer Python for coding, as well as for curious computer users, who want to get their hands on practical IT security and are interested in learning to see their network through the eyes of an attacker.
You neither need deep knowledge on how computer networks are built up nor in programming. You will get through all the knowledge you need to understand the source codes of the book in Chaps. 2 and 3 Readers, who know how to program in Python and dream in OSI layers or packet headers, can right away jump to Chap. 5 and start having fun at their device.
Of course a book like this needs a disclaimer, and the author would be happy if all readers only play on systems they are allowed to do so and use the information of this book only for good and ethical actions, otherwise, you may be breaking a law depending on the country your device is connected in.
The length of the book doesn’t allow for in-depth discussion of all topics. You will only get somewhat more than the basics. If you want to dig deeper, you should afterward get some special lecture in your special field of interest.
The Structure of the Book
The different hacks are grouped by network protocols, and every chapter content is ordered by difficulty. You can read the book in the order you like except both the introduction chapters about networks (Chap. 2 ) and Python (Chap. 3 ).
The code samples are printed unshortened; therefore, you can just copy and use them without worrying about incremental changes or add-ons. If you are too lazy or busy to type, you should consider downloading all sources by pointing for browsing software at http://www.codekid.net/pythonnetwork-hacks/all.zip .
At the end of each chapter, you will find a selection of tools also written in Python that attack the described protocol in a more detailed way.
Thanks to the basic knowledge learned in the chapter, it shouldn’t be too hard to read and understand the source code of the tools.
The Most Important Security Principles
The most important principles in building a secure network of the author’s point of view are:
1.
Security solutions should be simple. A firewall rule set that no one understands is a guarantee for security holes. Software that’s complex has more bugs than simple code.
2.
Less is more. More code, more systems, more services provide more possibilities of attack.
3.
Security solutions should be open source. You can search easier for security problems if you have access to the source code. If the vendor disagrees to close an important security hole, you or someone else can fix it and you don’t have to wait for six or more months till the next patch day. Proprietary software can have built-in backdoors sometimes called Law Interception Interface. Companies like Cisco (see RFC 3924), Skype (US-Patent-No 20110153809), and Microsoft (e.g., _NSAKEY http://en.wikipedia.org/wiki/NSAKEY ) are only popular examples.
4.
A firewall is a concept, not a box that you plug in and you are safe.
5.
Keep all your systems up to date! A system that’s considered secure today can be unprotected a few hours later. Update all systems, also smartphones, printer, and switches!
6.
The weakest device defines the security of the complete system, and that doesn’t necessarily have to be a computer; it can also be a human (read about social engineering).
7.
There is no such thing as 100 % secure. Even a computer that is switched off can be infiltrated by a good social engineer. The aim should be to build that much layers that the attacker falls over one tripwire and leaves traces and that the value he or she can gain from a successful infiltration is much lower than the work or it kills his owner’s skills.
Contents
1 Installation 1
1.1 The Right Operating System 1
1.2 The Right Python Version 1
1.3 Development Environment 2
1.4 Python Modules 3
2 Network 4 Newbies 5
2.1 Components 5
2.2 Topologies 5
2.3 ISO/OSI Layer Model 7
2.4 Ethernet 8
2.5 VLAN 9
2.6 ARP 10
2.7 IP 10
2.8 ICMP 12
2.9 TCP 12
2.10 UDP 16
2.11 An Example Network 16
2.12 Architecture 17
2.13 Gateway 18
2.14 Router 18
2.15 Bridge 19
2.16 Proxies 19
2.17 Virtual Private Networks 19
2.18 Firewalls 20
2.19 Man-in-the-Middle-Attacks 21
3 Python Basics 23
3.1 Every Start Is Simple 23
3.2 The Python Philosophy 24
3.3 Data Types 25
3.4 Data Structures 26
3.5 Functions 27
3.6 Control Structures 28
3.7 Modules 30
3.8 Exceptions 31
3.9 Regular Expressions 31
3.10 Sockets 33
4 Layer 2 Attacks 35
4.1 Required Modules 35
4.2 ARP-Cache-Poisoning 35
4.3 ARP-Watcher 39
4.4 MAC-Flooder 41
4.5 VLAN Hopping 42
4.6 Let’s Play Switch 42
4.7 ARP Spoofing Over VLAN Hopping 43
4.8 DTP Abusing 44
4.9 Tools 45
4.9.1 NetCommander 45
4.9.2 Hacker’s Hideaway ARP Attack Tool 45
4.9.3 Loki 45
5 TCP/IP Tricks 47
5.1 Required Modules 47
5.2 A Simple Sniffer 47
5.3 Reading and Writing PCAP Dump Files 49
5.4 Password Sniffer 51
5.5 Sniffer Detection 53
5.6 IP-Spoofing 54
5.7 SYN-Flooder 55
5.8 Port-Scanning 56
5.9 Port-Scan Detection 59
5.10 ICMP-Redirection 61
5.11 RST Daemon 63
5.12 Automatic Hijack Daemon 65
5.13 Tools 68
5.13.1 Scapy 68
6 WHOIS DNS? 73
6.1 Protocol Overview 73
6.2 Required Modules 74
6.3 Questions About Questions 74
6.4 WHOIS 75
6.5 DNS Dictionary Mapper 76
6.6 Reverse DNS Scanner 77
6.7 DNS-Spoofing 80
6.8 Tools 83
6.8.1 Chaosmap 83
7 HTTP Hacks 85
7.1 Protocol Overview 85
7.2 Web Services 88
7.3 Required Modules 88
7.4 HTTP Header Dumper 89
7.5 Referer Spoofing 89
7.6 The Manipulation of Cookies 90
7.7 HTTP-Auth Sniffing 91
7.8 Webserver Scanning 92
7.9 SQL Injection 95
7.10 Command Injection 101
7.11 Cross-Site-Scripting 102
7.12 SSL Sniffing 103
7.13 Proxy Scanner 107
7.14 Proxy Port Scanner 109
7.15 Tools 111
7.15.1 SSL Strip 111
7.15.2 Cookie Monster 111
7.15.3 Sqlmap 112
7.15.4 W3AF 112
8 Wifi Fun 113
8.1 Protocol Overview 113
8.2 Required Modules 115
8.3 Wifi Scanner 116
8.4 Wifi Sniffer 117
8.5 Probe-Request Sniffer 118
8.6 Hidden SSID 119
8.7 MAC-Address-Filter 120
8.8 WEP 120
8.9 WPA 122
8.10 WPA2 124
8.11 Wifi-Packet-Injection 124
8.12 Playing Wifi Client 125
8.13 Deauth 127
8.14 Wifi Man-in-the-Middle 128
8.15 Wireless Intrusion Detection 133
8.16 Tools 134
8.16.1 WiFuzz 134
8.16.2 Pyrit 135
8.16.3 AirXploit 135
9 Feeling Bluetooth on the Tooth 137
9.1 Protocol Overview 137
9.2 Required Modules 138
9.3 Bluetooth-Scanner 139
9.4 SDP-Browser 140
9.5 RFCOMM-Channel-Scanner 140
9.6 OBEX 142
9.7 Blue Snarf Exploit 143
9.8 Blue Bug Exploit 144
9.9 Bluetooth-Spoofing 145
9.10 Sniffing 146
9.11 Tools 148
9.11.1 BlueMaho 148
10 Bargain Box Kung Fu 149
10.1 Required Modules 149
10.2 Spoofing E-mail Sender 149
10.3 DHCP Hijack 150
10.4 IP Brute Forcer 154
10.5 Google-Hacks-Scanner 155
10.6 SMB-Share-Scanner 156
10.7 Login Watcher 157
A Scapy Reference161
A.1 Protocols161
A.2 Functions162
B Secondary Links173
Index175
© Springer-Verlag Berlin Heidelberg 2015
Bastian BallmannUnderstanding Network Hacks10.1007/978-3-662-44437-5_1
1. Installation
Bastian Ballmann¹
(1)
Uster, Switzerland
Abstract
This chapter explains on which operating system the sources can be executed, which Python version you will need and how to install additional Python modules. Last but not least, we will discuss some possible solutions for setting up a complete development environment. If you are already familiar with the Python programming language you can skip this introductory chapter without missing anything.
1.1 The Right Operating System
Yes, I know the title of this section can lead to flame wars. It should just illustrate on which operating systems the source codes of this book are run. The author is using a GNU/Linux systems with kernel version 2.6.x and 3.x for development, but most of the sources, except the chapter about Bluetooth, should also runable on BSD or Mac OS X systems. If you succeed in running the source code on other systems the author would be happy if you could drop him a tiny email. Of course all other comments or criticisms are also welcome.
1.2 The Right Python Version
Python 3 has been released for quite a number of years now. However, we will nevertheless use Python 2.7, because nearly all modules we use are only available for this version of Python. Version 2.5 and 2.6 should also work but the author did not test it.
To check which version of Python is installed on your system, execute the following command
python --version
Python 2.7.2
If the output is less than 2.5 you should consider upgrading Python. If your version is 3.x think about installing Python 2.7 in parallel, but