CEH: Gathering Host And Network Information | Scanning

Scanning

It is important that the information-gathering stage be as complete as possible to identify the best location and targets to scan. After the completion of  footprinting and information gathering methodologies, scanning is performed.
During scanning, the hacker has vision to get information about network an hosts which are connected to that network that can help hackers to determine which type of exploit to use in hacking a system precisely. Information such as an IP addresses, operating system, services, and installed applications.

Scanning is the methodology used to detect the system that are alive and respond on the network or not. Ethical hackers use these type of scanning to identify the IP address of target system. Scanning is also used to determine the availability of the system whether it is connected to the network or not.

Types Of Scanning 

Network Scanning	Identifies IP addresses on a given network or subnet
Port Scanning	Determines open, close, filtered and unfiltered ports and services
Vulnerability Scanner	Detect the vulnerability on the target system

Port Scanning ​

Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. Each service or application on a machine is associated with a well-known port number. Port Numbers are divided into three ranges:

• Well-Known Ports: 0-1023
• Registered Ports: 1024-49151
• Dynamic Ports: 49152-6553

Network Scanning

Network scanning is performed for the detection of active hosts on a network either you wanna attack them or as a network administrator. Network-scanning tools attempt to identify all the live or responding hosts on the network and their corresponding IP addresses. Hosts are identified by their individual IP addresses.

Vulnerability Scanning

This methodology is used to detect vulnerabilities of computer systems on a network. A vulnerability scanner typically identifies the operating system and version number, including applications that are installed. After that the scanner will try to detect vulnerabilities and weakness in the operating system. During the later attack phase, a hacker can exploit those weaknesses in order to gain access to the system. Moreover, the vulnerability scanner can be detected as well, because the scanner must interact over the network with target machine.

The CEH Scanning Methodology

As a CEH, you should understand the methodology about scanning presented in the figure below. Because this is the actual need of hackers to perform further attacks after the information about network and hosts which are connected to the network. It detects the vulnerabilities in the system bu which hackers can be accessible to that system by exploitation of that vulnerabilities.

Read more

1. Pentestmonkey Cheat Sheet
2. Hacking The Art Of Exploitation
3. Pentest Checklist
4. Hacker Forum
5. Hacking
6. Hacking
7. Hacking Names
8. Hacking With Python
9. Pentestbox
10. Pentest Tools For Windows
11. Pentest Aws
12. Hacking Apps
13. Pentest Android App

DMitry: Deepmagic Information Gathering Tool

"DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more." read more...

Download: http://packetstormsecurity.org/UNIX/misc/DMitry-1.2a.tar.gz

More info

1. Hacking Site
2. Pentest Tools Github
3. Pentest Magazine
4. Hacking Lab
5. Pentest Owasp Top 10
6. Hacking Lab
7. Hacker Forum
8. Hacking With Linux
9. Hackerone
10. Pentest Azure
11. Pentest Xss
12. Hacking Gif
13. Pentest Nmap

Kali Linux VM Installation And Setup

Preface

From time to time I realize that certain tasks that are trivial for me are not necessarily easy for others, especially if they are just getting started with IT security stuff.

As I am going to be a Facilitator at SANS Munich 2015 on SEC 401, plus we have a few people at work who are just dipping their toe into the wonderful world of Kali Linux, it seemed like a good opportunity to make a short getting started / installation guide on the Kali VMWare VMs that you can download and quickly get started.

On top of that, when I check the statistics of the blog, I always see that the most popular posts are the detailed howtos and tutorials and I assume that it is because there is a need for this kind of posts too, so here it goes! :)

Step -1: Check in your BIOS/UEFI if virtualization is enabled

We are going to use virtualization, so it would be nice to enable it, right?

In BIOS/UEFI menus this is somewhere around "Security" and/or "Virtualization" and it is something like "Intel (R) Virtualization Technology" and "Intel (R) VT-d Feature" that needs to be set to "Enabled".

Step 0: Install VMWare Player or VMWare Workstation

The Kali Linux VMs are VMWare-based, so you need to install VMWare Player (free), VMWare Workstation (paid) or VMWare Fusion (paid, for OS-X).

The more desirable choice is to use VMWare Workstation or VMWare Fusion, as they have a Snapshot feature, while with VMWare Player, you are forced to take a full copy in order to have a sort of rollback feature.

Step 1: Download Kali VM

We need to download the Kali VMs from the "Custom Kali Images" download site, where you can find a 64 bit (amd64) and a 32 bit PAE (i686) too.

There are also Torrent files for the images and based on experience, using Torrent is much more faster and reliable than the HTTP download, so if you can, use that!

Once you have downloaded the VMs, do not forget to check their SHA1 hash!!! On Linux, you can simply use the sha1sum command at a terminal. For Windows, you can use something like the MD5 & SHA Checksum Utility.

Step 2: Change Kali VM default root password

The Kali VM comes with a preset root password, which is "toor" (without the quotes), therefore, it has to be changed.

Here is how you do it:

root@kali:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Step 3: Change Kali VM default SSH keys

The Kali VM also comes with SSH preinstalled, so we need to change the SSH keys to avoid SSH MiTM attacks.

Here is how you do it:

root@kali:~# cd /etc/ssh/
root@kali:/etc/ssh# mkdir default_kali_keys
root@kali:/etc/ssh# mv ssh_host_* default_kali_keys/
root@kali:/etc/ssh# dpkg-reconfigure openssh-server
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
insserv: warning: current start runlevel(s) (empty) of script `ssh' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (2 3 4 5) of script `ssh' overrides LSB defaults (empty).

Now we can check if the keys are really changed:

root@kali:/etc/ssh# md5sum /etc/ssh/*key*
md5sum: /etc/ssh/default_kali_keys: Is a directory
6abe210732068fa7ca95854c3078dba5  /etc/ssh/ssh_host_dsa_key
1b5f3c1a1b5c48cc3cce31b116e8b6f8  /etc/ssh/ssh_host_dsa_key.pub
8f0f60855e5ab8cac8103d64faab090f  /etc/ssh/ssh_host_ecdsa_key
aace49ae9236815c9a1672f8ecb2b1e2  /etc/ssh/ssh_host_ecdsa_key.pub
cf861a9f743fb4584ab246024465ddf1  /etc/ssh/ssh_host_rsa_key
d5d65d8ad023a6cb1418ae05007bc6d3  /etc/ssh/ssh_host_rsa_key.pub
root@kali:/etc/ssh# md5sum /etc/ssh/default_kali_keys/*key*
c8d5b82320a4ddde59d0e2b6d9aad42a  /etc/ssh/default_kali_keys/ssh_host_dsa_key
6b12ddecd463677cde8097e23d0f219a  /etc/ssh/default_kali_keys/ssh_host_dsa_key.pub
fecf056571a3dfbf3635fc2c50bf23c5  /etc/ssh/default_kali_keys/ssh_host_ecdsa_key
e44b7c50635de42e89b3297414f5047d  /etc/ssh/default_kali_keys/ssh_host_ecdsa_key.pub
e9e0267484e020878e00a9360b77d845  /etc/ssh/default_kali_keys/ssh_host_rsa_key
ceee93d7bbc9f9b9706e18f23d4e81f1  /etc/ssh/default_kali_keys/ssh_host_rsa_key.pub

See http://www.blackmoreops.com/2014/06/19/kali-linux-remote-ssh/ for more info on this.

Step 4: Update Kali VM

Next you need to update your Kali VM so that everything is patched.

Here is how you do it:

root@kali:~# apt-get update
Get 1 http://http.kali.org kali Release.gpg [836 B]               
Get:2 http://security.kali.org kali/updates Release.gpg [836 B]
********************************* SNIP *********************************
Fetched 16.7 MB in 14s (1,190 kB/s)                                                                                                                                                    
Reading package lists... Done
root@kali:~# apt-get upgrade
eading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages have been kept back:
********************************* SNIP *********************************
The following packages will be upgraded:
********************************* SNIP *********************************
241 upgraded, 0 newly installed, 0 to remove and 16 not upgraded.
Need to get 740 MB of archives.
After this operation, 130 MB disk space will be freed.
Do you want to continue [Y/n]? Y
Get:1 http://security.kali.org/kali-security/ kali/updates/main libc6-i386 amd64 2.13-38+deb7u7 [4,044 kB]
Get:2 http://http.kali.org/kali/ kali/main base-files amd64 1:1.1.0 [77.5 kB]       
********************************* SNIP *********************************
root@kali:~#

Step 5: Create a Snapshot/Copy the VM

Once you are done with all the above, you can make a Snapshot in case of VMWare Workstation or copy the files of the VM in case of VMWare Player, so that you can roll back to this clean stat in case you misconfigure something.

Hope this was helpful. Happy hacking!

Related news

1. Hacker Website
2. Hacker Forum
3. Hacker Kevin Mitnick
4. Hacking
5. Pentest Dns
6. Hacker Tools
7. Hacking Vpn
8. Pentest App
9. Hacking With Python
10. Pentest Ubuntu
11. Pentestmonkey

How To Install And Config Modlishka Tool - Most Advance Reverse Proxy Phishing

More information

1. Pentestmonkey Sql Injection
2. Hacking Simulator
3. Hackerx
4. Hacker Code
5. Pentest Smtp
6. Pentest Practice
7. Hacking Resources
8. Pentest Stages
9. Pentest Meaning
10. Pentestmonkey
11. Pentest Android App
12. Hacking For Dummies
13. Pentest Report
14. Basic Pentest 1 Walkthrough
15. Pentest Services
16. Pentest Box
17. Pentest Documentation
18. Pentest Online Course
19. Hacker Google

How To Crack A Password

What is Password Cracking?

Password cracking is the process of attempting to gain Unauthorized access to restricted systems using common passwords or algorithms that guess passwords. In other words, it's an art of obtaining the correct password that gives access to a system protected by an authentication method.

Password cracking employs a number of techniques to achieve its goals. The cracking process can involve either comparing stored passwords against word list or use algorithms to generate passwords that match

In this Tutorial, we will introduce you to the common password cracking techniques and the countermeasures you can implement to protect systems against such attacks.

Topics covered in this tutorial

• What is password strength?
• Password cracking techniques
• Password Cracking Tools
• Password Cracking Counter Measures
• Hacking Assignment: Hack Now!

What is password strength?

Password strength is the measure of a password's efficiency to resist password cracking attacks. The strength of a password is determined by;

• Length: the number of characters the password contains.
• Complexity: does it use a combination of letters, numbers, and symbol?
• Unpredictability: is it something that can be guessed easily by an attacker?

Let's now look at a practical example. We will use three passwords namely

1.  password

2.  password1

3.  #password1$

 For this example, we will use the password strength indicator of Cpanel when creating passwords. The images below show the password strengths of each of the above-listed passwords.

Note: the password used is password the strength is 1, and it's very weak.

Note: the password used is password1 the strength is 28, and it's still weak.

Note: The password used is #password1$ the strength is 60 and it's strong.

The higher the strength number, better the password.

Let's suppose that we have to store our above passwords using md5 encryption. We will use an online md5 hash generator to convert our passwords into md5 hashes.

 The table below shows the password hashes

Password	MD5 Hash	Cpanel Strength Indicator
password	5f4dcc3b5aa765d61d8327deb882cf99	1
password1	7c6a180b36896a0a8c02787eeafb0e4c	28
#password1$	29e08fb7103c327d68327f23d8d9256c	60

 We will now use http://www.md5this.com/ to crack the above hashes. The images below show the password cracking results for the above passwords.

As you can see from the above results, we managed to crack the first and second passwords that had lower strength numbers. We didn't manage to crack the third password which was longer, complex and unpredictable. It had a higher strength number.

Password cracking techniques

There are a number of techniques that can be used to crack passwords. We will describe the most commonly used ones below;

• Dictionary attack– This method involves the use of a wordlist to compare against user passwords.
• Brute force attack– This method is similar to the dictionary attack. Brute force attacks use algorithms that combine alpha-numeric characters and symbols to come up with passwords for the attack. For example, a password of the value "password" can also be tried as p@$$word using the brute force attack.
• Rainbow table attack– This method uses pre-computed hashes. Let's assume that we have a database which stores passwords as md5 hashes. We can create another database that has md5 hashes of commonly used passwords. We can then compare the password hash we have against the stored hashes in the database. If a match is found, then we have the password.
• Guess– As the name suggests, this method involves guessing. Passwords such as qwerty, password, admin, etc. are commonly used or set as default passwords. If they have not been changed or if the user is careless when selecting passwords, then they can be easily compromised.
• Spidering– Most organizations use passwords that contain company information. This information can be found on company websites, social media such as facebook, twitter, etc. Spidering gathers information from these sources to come up with word lists. The word list is then used to perform dictionary and brute force attacks.

Spidering sample dictionary attack wordlist

1976 <founder birth year>

smith jones <founder name>

acme <company name/initials>

built|to|last <words in company vision/mission>

golfing|chess|soccer <founders hobbies

Password cracking tool

These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths. The website www.md5this.com uses a rainbow table to crack passwords. We will now look at some of the commonly used tools

John the Ripper

John the Ripper uses the command prompt to crack passwords. This makes it suitable for advanced users who are comfortable working with commands. It uses to wordlist to crack passwords. The program is free, but the word list has to be bought. It has free alternative word lists that you can use. Visit the product website http://www.openwall.com/john/ for more information and how to use it.

Cain & Abel

Cain & Abel runs on windows. It is used to recover passwords for user accounts, recovery of Microsoft Access passwords; networking sniffing, etc. Unlike John the Ripper, Cain & Abel uses a graphic user interface. It is very common among newbies and script kiddies because of its simplicity of use. Visit the product website http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml for more information and how to use it.

Ophcrack

Ophcrack is a cross-platform Windows password cracker that uses rainbow tables to crack passwords. It runs on Windows, Linux and Mac OS. It also has a module for brute force attacks among other features. Visit the product website http://ophcrack.sourceforge.net/  for more information and how to use it.

Password Cracking Counter Measures

• An organization can use the following methods to reduce the chances of the passwords been cracked
• Avoid short and easily predicable passwords
• Avoid using passwords with predictable patterns such as 11552266.
• Passwords stored in the database must always be encrypted. For md5 encryptions, its better to salt the password hashes before storing them. Salting involves adding some word to the provided password before creating the hash.
• Most registration systems have password strength indicators, organizations must adopt policies that favor high password strength numbers.

Hacking Activity: Hack Now!

In this practical scenario, we are going to crack Windows account with a simple password. Windows uses NTLM hashes to encrypt passwords. We will use the NTLM cracker tool in Cain and Abel to do that.

Cain and Abel cracker can be used to crack passwords using;

• Dictionary attack
• Brute force
• Cryptanalysis

We will use the dictionary attack in this example. You will need to download the dictionary attack wordlist here 10k-Most-Common.zip

For this demonstration, we have created an account called Accounts with the password qwerty on Windows 7.

Password cracking steps

• Open Cain and Abel, you will get the following main screen

• Make sure the cracker tab is selected as shown above
• Click on the Add button on the toolbar.

• The following dialog window will appear

• The local user accounts will be displayed as follows. Note the results shown will be of the user accounts on your local machine.

• Right click on the account you want to crack. For this tutorial, we will use Accounts as the user account.

• The following screen will appear

• Right click on the dictionary section and select Add to list menu as shown above
• Browse to the 10k most common.txt file that you just downloaded

• Click on start button
• If the user used a simple password like qwerty, then you should be able to get the following results.

• Note: the time taken to crack the password depends on the password strength, complexity and processing power of your machine.
• If the password is not cracked using a dictionary attack, you can try brute force or cryptanalysis attacks.

Summary

• Password cracking is the art of recovering stored or transmitted passwords.
• Password strength is determined by the length, complexity, and unpredictability of a password value.
• Common password techniques include dictionary attacks, brute force, rainbow tables, spidering and cracking.
• Password cracking tools simplify the process of cracking passwords.

@EVERYTHING NT

More articles

• Hacker Prank
• Pentest Dns Server
• Hacking 3Ds
• Pentest As A Service
• Pentest Linux
• Pentest Online Course
• Pentest Linux
• Hacking Device
• Pentest Practice
• Pentestlab
• Hacking Games Online
• Pentest Environment
• Pentest Reporting Tool
• Pentest Network
• Pentest Partners
• Pentest Android App
• Hacking Box

Spykey - FUD Win32 Keylogger And Reverse Shell

Related posts

1. Hacking Device
2. Hacking Quotes
3. Hacking Vpn
4. Is Hacking Illegal
5. Pentest Lab Setup
6. Pentest With Kali Linux
7. Pentest Ubuntu
8. Pentest Checklist
9. Pentest Windows
10. Pentest Tools For Windows
11. Hacking Apps
12. Hacking Health
13. Hacker Tools
14. Hacking Websites
15. Hacking Language
16. Pentest Usb
17. Hacking Hardware
18. Pentest Training
19. Pentest Blog
20. Pentest Environment

Linux Command Line Hackery Series - Part 6

Welcome back to Linux Command Line Hackery series, I hope you've enjoyed this series so far and would have learned something (at least a bit). Today we're going to get into user management, that is we are going to learn commands that will help us add and remove users and groups. So bring it on...

Before we get into adding new users to our system lets first talk about a command that will be useful if you are a non-root user.

Command: sudo
Syntax: sudo [options] command
Description: sudo allows a permitted user to execute a command as a superuser or another user.

Since the commands to follow need root privileges, if you are not root then don't forget to prefix these commands with sudo command. And yes you'll need to enter the root password in order to execute any command with sudo as root.

Command: useradd
Syntax: useradd [options] username
Description: this command is used for creating new user but is kinda old school.
Lets try to add a new user to our box.
[Note: I'm performing these commands as root user, you'll need root privileges to add a new user to your box. If you aren't root then you can try these commands by prefixing the sudo command at the very beginning of these command like this sudo useradd joe. You'll be prompted for your root password, enter it and you're good to go]

useradd joe

To verify that this command has really added a user to our box we can look at three files that store a users data on a Linux box, which are:

/etc/passwd -> this file stores information about a user separated by colons in this manner, first is login name, then in past there used to be an encrypted password hash at the second place however since the password hashes were moved to shadow file now it has a cross (x) there, then there is user id, after it is the user's group id, following it is a comment field, then the next field contains users home directory, and at last is the login shell of the user.

/etc/group  -> this file stores information about groups, that is id of the group and to which group an user belongs.

/etc/shadow -> this file stores the encrypted password of users.

Using our command line techniques we learned so far lets check out these files and verify if our user has been created:

cat /etc/passwd /etc/group /etc/shadow | grep joe



In the above screenshot you can notice an ! in the /etc/shadow, this means the password of this user has not been set yet. That means we have to set the password of user joe manually, lets do just that.

Command: passwd
Syntax: passwd [options] [username]
Description: this command is used to change the password of user accounts.
Note that this command needs root privileges. So if you are not root then prefix this command with sudo.

passwd joe



After typing this command, you'll be prompted password and then for verifying your password. The password won't show up on the terminal.
Now joe's account is up and running with a password.

The useradd command is a old school command, lets create a new user with a different command which is kinda interactive.

Command: adduser
Syntax: adduser [options] user
Description: adduser command adds a user to the system. It is more friendly front-end to the useradd command.

So lets create a new user with adduser.

adduser jane



as seen in the image it prompts for password, full name and many other things and thus is easy to use.

OK now we know how to create a user its time to create a group which is very easy.

Command: addgroup
Syntax: addgroup [options] groupname
Description: This command is used to create a new group or add an existing user to an existing group.

We create a new group like this

addgroup grownups



So now we have a group called grownups, you can verify it by looking at /etc/group file.
Since joe is not a grownup user yet but jane is we'll add jane to grownups group like this:

addgroup jane grownups



Now jane is the member of grownups.

Its time to learn how to remove a user from our system and how to remove a group from the system, lets get straight to that.

Command: deluser
Syntax: deluser [options] username
Description: remove a user from system.

Lets remove joe from our system

deluser joe

Yes its as easy as that. But remember by default deluser will remove the user without removing the home directory or any other files owned by the user. Removing the home directory can be achieved by using the --remove-home option.

deluser jane --remove-home

Also the --remove-all-files option removes all the files from the system owned by the user (better watch-out). And to create a backup of all the files before deleting use the --backup option.

We don't need grownups group so lets remove it.

Command: delgroup
Syntax: delgroup [options] groupname
Description: remove a group from the system.

To remove grownups group just type:

delgroup grownups



That's it for today hope you got something in your head.

More articles

• Hacking Resources
• Pentest Hardware
• Hacking With Python
• Pentest Environment
• Hacker Tools
• Hacking Wifi
• Hacking Hardware
• Hacking Simulator
• Pentest Ftp