Legal Disclaimer

More documents

Recommendations

Info

Hacking For Beginners – Manthan Desai 2010 There are two very popular methods for acquiring and distributing Linux: FTP and CD-ROM. Most of the major Linux distributions (Red Hat, Debian, Slackware, Caldera) are available for free download from several popular sites. Though time consuming, it does not cost anything beyond connection charges. Linux is one of the more stable operating systems available today. This is due in large part to the fact that Linux was written by programmers who were writing for other programmers and not for the corporate system. There are currently two mature program packaging standards in the Linux world - SuSE and Mandrake. Debian and Red Hat each have their own packaging systems; both will check dependencies, both can upgrade an entire running system without a reboot. This makes it easy to upgrade parts or all of a system, as well as add new software, or remove unwanted software. Scanning Networks Once the IP address of a target system is known, an attacker can begin the process of port scanning, looking for holes in the system through which the attacker can gain access. A typical system has 2^16 -1 port numbers and one TCP port and one UDP port for each number. Each one of these ports are a potential way into the system. The most popular Scanning tool for Linux is Nmap. Scanning helps one to know what services are running on a machine. This will show the open ports on which services are listening for connections. Once the targets are identified, an intruder is able to scan for listening ports. Port scanning is the process of connecting to TCP and UDP ports on the target system to determine what services are running or in a listening state. Identifying listening ports is essential to determine the type of operating system and application in use on the system. Types of port scanning: 1. TCP connect scan: This type of scan connects to the target port and completes a full three-way handshake (SYN, SYN/ACK and ACK). 2. TCP SYN scan: This is also called half-open scanning because it does not complete the three-way handshake, rather a SYN packet is sent and upon receiving a SYN/ACK packet it is determined that the target machines port is in a listening state and if an RST/ACK packet is received , it indicates that the port is not listening. 3. TCP FIN scan: This technique sends a FIN packet to the target port and based on RFC 793 the target system should send back an RST for all closed ports. 4. TCP Xmas Tree scan: This technique sends a FIN, URG and PUSH packet to the target port and based on RFC 793 the target system should send back an RST for all closed ports. 5. TCP Null scan: This technique turns off all flags and based on RFC 793, the target system should send back an RST for all closed ports. 6. TCP ACK scan: This technique is used to map out firewall rule sets. It can help determine if the firewall is a simple packet filter allowing only established connections or a stateful firewall performing advance packet filtering. 7. TCP Windows scan: This type of scan can detect both filtered and non-filtered ports on some systems due to anomaly in the way TCP windows size is reported. 8. TCP RPC scan: This technique is specific to UNIX systems and is used to detect and identify Remote Procedure Call (RPC) ports and their associated program and version number. 9. UDP scan: This technique sends a UDP packet to the target port. If the target ports responds with an "ICMP port unreachable" message, the port is closed, if not then the port is open. This is a slow process since UDP is a connectionless protocol; the accuracy of this technique is dependent on many factors related to utilization of network and system resources. w w w . h a c k i n g t e c h . c o . t v Page 86
Hacking For Beginners – Manthan Desai 2010 Hacking tool Nmap http://www.insecure.org/nmap Stealth Scan, TCP SYN nmap -v -sS 192.168.0.0/24 UDP Scan nmap -v -sU 192.168.0.0/24 Stealth Scan, No Ping nmap -v -sS -P0 192.168.0.0/24 Fingerprint nmap -v -0 192.168.0.0/24 #TCP Nmap is covered under the GNU General Public License (GPL) and can be downloaded free of charge from http://www.insecure.org/nmap. It comes as tarred source as well as RPM format. The usage syntax of Nmap is fairly simple. Options to nmap on the command-line are different types of scans that are specified with the -s flag. A ping scan, for example, is "-sP". Options are then specified, followed by the hosts or networks to be targeted. Nmap's functionality is greatly increased when run as root. Nmap is flexible in specifying targets. The user can scan one host or scan entire networks by pointing Nmap to the network address with a "/mask" appended to it. Targeting "victim/24" will target the Class C network, whereas "victim/16" will target the Class B. Nmap also allows the user to specify networks with wild cards, as in 192.168.7.*, which is the same as 192.168.7.0/24, or 192.168.7.1,4,5-16 to scan the selected hosts on that subnet. Users are able to sweep entire networks looking for targets with Nmap. This is usually done with a ping scan by using the "-sP" flag. A TCP "ping" will send an ACK to each machine on a target network. Machines that are alive on the network will respond with a TCP RST. To use the TCP "ping" option with a ping scan, the "-PT" flag is included to specific port on the target network. Nmap has been covered in detail in module three and readers are advised to refer to that to learn more about the OS fingerprinting and other scan options. Password cracking in Linux Xcrack (http://packetstorm.linuxsecurity.com/Crackers/) Xcrack doesn't do much with rules. It will find any passwords that match words in the dictionary file the user provides, but it won't apply any combinations or modifications of those words. It is a comparatively fast tool. Xcrack (http://packetstorm.linuxsecurity.com/Crackers/) Xcrack is a simple dictionary based password cracking tool. It will find any passwords that match words in the dictionary file the user provide. It does not generate permutation combination of the words provided in the dictionary to arrive at the right password. For this reason, it is a comparatively faster tool, though efficacy might be less. w w w . h a c k i n g t e c h . c o . t v Page 87
Page 2 and 3:
Hacking For Beginners - Manthan Des
Page 4 and 5:
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37: Hacking For Beginners - Manthan Des
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
show all

Legal Disclaimer

Create successful ePaper yourself

Delete template?

Save as template?