A First Course In Ethical Hacking
()
About this ebook
Related to A First Course In Ethical Hacking
Related ebooks
Computer Hacking: The Crash Course Guide to Learning Computer Hacking Fast & How to Hack for Beginners Rating: 0 out of 5 stars0 ratingsEthical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Ultimate Hacking Challenge: Hacking the Planet, #3 Rating: 5 out of 5 stars5/5How to Hack Like a GOD: Hacking the Planet, #2 Rating: 5 out of 5 stars5/5Compsec: For the Home User Rating: 0 out of 5 stars0 ratingsHow to Investigate Like a Rockstar: Hacking the Planet Rating: 0 out of 5 stars0 ratingsHacking: Computer Hacking for beginners, how to hack, and understanding computer security! Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar: Hacking the Planet, #1 Rating: 5 out of 5 stars5/5Ultimate guide for being anonymous: Avoiding prison time for fun and profit Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5How to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5Hacked: The Ultimate Guidence Rating: 5 out of 5 stars5/5How to Hack Like a Legend: Hacking the Planet, #7 Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK Rating: 5 out of 5 stars5/5Hacking into Hackers’ Head: A step towards creating CyberSecurity awareness Rating: 5 out of 5 stars5/5Hacking: A Comprehensive Guide to Computer Hacking and Cybersecurity Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Hacking Rating: 3 out of 5 stars3/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Hacking: 10 Easy Beginners Tutorials on How to Hack Plus Basic Security Tips Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Darknet Rating: 4 out of 5 stars4/5Tor and the Deep Web Rating: 0 out of 5 stars0 ratingsBeginning Ethical Hacking with Kali Linux: Computational Techniques for Resolving Security Issues Rating: 0 out of 5 stars0 ratingsCyber Security for Beginners: How to Become a Cybersecurity Professional Without a Technical Background (2022 Guide for Newbies) Rating: 0 out of 5 stars0 ratingsCybersecurity Enforcement and Monitoring Solutions: Enhanced Wireless, Mobile and Cloud Security Deployment Rating: 0 out of 5 stars0 ratingsHack Computer System For Noobee Rating: 1 out of 5 stars1/5The Darknet Superpack Rating: 0 out of 5 stars0 ratings
Computers For You
Elon Musk Rating: 4 out of 5 stars4/5Standard Deviations: Flawed Assumptions, Tortured Data, and Other Ways to Lie with Statistics Rating: 4 out of 5 stars4/5The Invisible Rainbow: A History of Electricity and Life Rating: 4 out of 5 stars4/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Rating: 4 out of 5 stars4/5101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5CompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Mastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5Alan Turing: The Enigma: The Book That Inspired the Film The Imitation Game - Updated Edition Rating: 4 out of 5 stars4/5The ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsCompTIA IT Fundamentals (ITF+) Study Guide: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsDeep Search: How to Explore the Internet More Effectively Rating: 5 out of 5 stars5/5Ultimate Guide to Mastering Command Blocks!: Minecraft Keys to Unlocking Secret Commands Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Procreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratingsCreating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Rating: 5 out of 5 stars5/5People Skills for Analytical Thinkers Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5Dawn of the New Everything: Encounters with Reality and Virtual Reality Rating: 4 out of 5 stars4/5
Reviews for A First Course In Ethical Hacking
0 ratings0 reviews
Book preview
A First Course In Ethical Hacking - Herman van Heerden
A first course in ethical hacking
A first course in ethical hacking
By Herman van Heerden
eBook ISBN: 978-1-300-92063-2
Text copyright © 2013 Herman van Heerden
All rights reserved, except where else indicated
Thanks Mia!
Preface
For some time now I have realized that the only relatively quick way to obtain knowledge of hacking, is to bite the bullet and attend a course in IT security. This is not a bad option, but where do you begin? Who will tell you what hacking really is about, without adding an oversized dollop of Hollywood flair to sell the course?
As a youngster, the romance of hacking took hold of my imagination. Computers were always a passion of mine, and the myth (or is it legend?) of two kids who moved a satellite by messing around with computers were well known and many a time the subject of daydreaming. But again - where do you begin? While still working a student job in my first year at university, I got my hands on a text marked the Hackers Handbook
(http://www.textfiles.com/etext/MODERN/hhbk). To put things in perspective, the internet was young, Microsoft did not believe in CD-ROMs and Do you Netscape
was the term used for web browsing. Modems were the way you connected. Well, I printed the entire Hackers Handbook
on a dot matrix printer **** and put it into a file, ready to enrich myself with the knowledge of the hacker. The text was all about how BAUD works, modems and the protocols used by BBSs. I found the reading as exiting as a social studies student who got his hands on a banned copy of The Little Red Book or Animal Farm, but in the long run, the content of the book proved rather less than insightful. Yes, hacking was different when the words were uttered the beauty of the baud
(from the original Hackers Manifesto), but times have changed and changed again in a very short period of time.
As with that original Hackers Handbook
, I believe this book will also be seen as ancient text in a far shorter time that I hope it to be. But for now, this is a great beginning for the inquisitive mind that asks the question how do you hack?
and does not know where to begin.
This book is not intended to train you as a prospective member of Anonymous, but it is to satisfy the curiosity of the methods used by the elite. I don’t want to you become a criminal, and the knowledge I would like to impart is for you to find your intellectual home amongst the security specialists so highly valued by the IT industry. It is not a crime to talk about bombs, or to even investigate the science behind explosives; thus, this book should not be seen as a guide to become a criminal. It is in any case just a nudge in the right direction to understand.
Some people have the ability to just know
, but I am not one of those. I need a nudge in the right direction. And my sincerest hope is that this book will help you find the edge of that rope that is knowledge. Just don’t hang yourself with it!
Herman van Heerden
B.Sc. Hons (Cum Laude) in Computer Science
Certified Information Security Expert
Table of content
Introduction
For the beginner: Network basics
1st Stage: Information gathering
Case study – Kevin Mitnick
Social engineering
Dumpster diving
Physical visit
Personal details of the target
SPAM and email spoofing
Browser vulnerabilities
Users and user rights
2nd Stage: Scanning
Port scanning – nmap
Network scanning – autoscan
Intrusion detection and prevention systems (IDS/IPS)
Firewalls and honeypots
Proxies and tunneling
Web FUZZING
3rd Stage: Gaining Access
Case study – WikiLeaks
Ethical parameters and the moral gray area
The Word Wide Web
Client side versus server side scripts
Finding information on the website you visit
SQL injections
Cross site scripting (XSS)
Session hijacking
System/OS access
4th Stage: Maintaining Access
Case study – Sony BMG
Ethics – Contract period and backdoor disclosure
OS level access
Viruses, Works and Trojans
Steganography
5th Stage: Covering your tracks
MS Windows™
LINUX
MacOSX
TOR
A final word
Introduction
This book is an introduction to ethical hacking. Let’s explore this, shall we?
Introduction:
Please, do not expect this book to take you by the hand and show you how to hack your friend’s Facebook
account. We investigate the science behind hacking. Application of the knowledge is up to you.
2. Ethical:
How can hacking be ethical? A rose by any other name… We see the implementation of what we do and want to allow you to do as the basics of the IT security trade. The word hacker
has been used and misused so many times. So rather than stressing the semantics, we believe you should know the tricks of the trade. The way you use it is yet again up to you. We believe you will choose the ethical path, and not use your knowledge for evil. With great power…
3. Hacking:
Hacking, in the mind of the public, is the guy (or girl) with the skill to access computer systems where access seems closed to others. Knowingly or unknowingly, these people have processes they follow. We have spelled out these processes, allowing the magic to seem quantifiable.
As inspiration, we have followed the most popular courses in hacking’s example, and defined 5 stages of a hack. These are:
Information gathering
System scanning
Gaining access
Maintaining access
Covering your tracks
Using these headings, we will look at case studies and examples of each. This will clarify the stage better than any definition will ever do. All these cases are true and can be research in more detail online. We will use the Wikipedia entries as base, giving you the right end of yarn.
In addition to just examples, we will go into more practical stuff as well. We advise you to get yourself BackTrack5 and write it to DVD or USB stick. It is the key item in the arsenal of a hacker; everything is configured and ready to use.
Remember, it is against the law in most countries to run scans against other people’s systems. So, without authorization, you are on your own. For this book, and for scans, we will recommend you download and run a broken LINUX distribution called Metasploitable (http://www.offensive-security.com/metasploit-unleashed/Metasploitable). It was built to test the features of the Metasploit toolset. We will explore this application as well, but our focus is to understand the mechanics behind it. So, test the suggested and demonstrated tools first. As a self-study exercise you can replicate your results on the Metasploitable distro with the Metasploit tool itself. Remember, sometimes one tool alone will not give you the hidden answer. So understand the methods, and the tool becomes just that: a tool, not the be-all and end-all of security testing.
For the beginner: Network basics
Introduction
If you are reading this book, you most probably know all about the content of this chapter. But as a warm-up exercise, and to get everyone on the same page, we will run through the basics of networking. No system stands alone these days, and it is essential to know the medium you use to access machines. We will not go into the low level bits and bytes, but keep it to the essentials. So, even if you know this stuff, please read through it if only to refresh your memory.
Infrastructure architecture - LAN/WAN/WLAN
Computers are used to generate data. From its inception, the output of computers were the reason for using one. And with the generation of information, storing and sharing become key. Thus the birth of networking.
ARPANET
[1]ARPANET was the world's first packet switching network and the core network of a set that came to compose the global Internet. The network was funded by the Defense Advanced Research Projects Agency of the US DOD for use by its projects at universities and research laboratories. The packet switching of the ARPANET was based on designs by Lawrence Roberts of the Lincoln Laboratory.
Packet switching was a new concept at that time. Prior to the advent of packet switching, both voice and data communications had been based on the idea of circuit switching, as in the traditional telephone circuit, wherein each telephone call is allocated a dedicated, end-to-end, electronic connection between the two communicating stations. Such stations might be telephones or computers. The dedicated line is typically composed of many intermediary lines which are assembled into a chain that stretches all the way from the originating station to the destination station.
With packet switching, a data system could use a single communications link to communicate with more than one machine by collecting data into data-grams and transmitting these as packets onto the attached network link. Thus, not only can the link be shared, much as a single post box can be used to post letters to different destinations, but each packet can be routed independently of other packets.
The Internet