Book Image

Learn Ethical Hacking from Scratch

By : Zaid Sabih
5 (1)
Book Image

Learn Ethical Hacking from Scratch

5 (1)
By: Zaid Sabih

Overview of this book

This book starts with the basics of ethical hacking, how to practice hacking safely and legally, and how to install and interact with Kali Linux and the Linux terminal. You will explore network hacking, where you will see how to test the security of wired and wireless networks. You’ll also learn how to crack the password for any Wi-Fi network (whether it uses WEP, WPA, or WPA2) and spy on the connected devices. Moving on, you will discover how to gain access to remote computer systems using client-side and server-side attacks. You will also get the hang of post-exploitation techniques, including remotely controlling and interacting with the systems that you compromised. Towards the end of the book, you will be able to pick up web application hacking techniques. You'll see how to discover, exploit, and prevent a number of website vulnerabilities, such as XSS and SQL injections. The attacks covered are practical techniques that work against real systems and are purely for educational purposes. At the end of each section, you will learn how to detect, prevent, and secure systems from these attacks.

Related Content you might be interested in

Current Title:

Small book image
Learn Ethical Hacking from Scratch
Zaid Sabih
Jul, 2018 | 564 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Small book image
Kali Linux Wireless Penetration Testing Beginner???s Guide
Vivek Ramachandran | Cameron Buchanan
Dec, 2017 | 210 pages
Small book image
Applied Network Security
Michael McLafferty | Warun Levesque | Arthur Salmon
Apr, 2017 | 350 pages
Table of Contents (24 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Introduction
Introduction
What's in this book?
What is hacking?
Why should we learn about hacking?
A glimpse of hacking
Summary
2
Setting Up a Lab
Setting Up a Lab
Lab overview
Installing Kali Linux
Installing Metasploitable
Installing Windows
Creating and using snapshots
Summary
3
Linux Basics
Linux Basics
Overview of Kali Linux
Linux commands
Updating resources
Summary
4
Network Penetration Testing
Network Penetration Testing
What is a network?
Network basics
Connecting to a wireless adapter
MAC addresses
Wireless modes – managed and monitor
Enabling monitor mode manually
Enabling monitor mode using airmon-ng
Summary
5
Pre-Connection Attacks
Pre-Connection Attacks
Packet sniffing basics
Targeted packet sniffing
Deauthentication attack
What is a fake access point?
Creating fake access points with the MANA Toolkit
Summary
6
Network Penetration Testing - Gaining Access
Network Penetration Testing - Gaining Access
WEP theory
Basic web cracking
Fake authentication attack
ARP request replay
WPA introduction
WPS cracking
Handshake theory
Capturing the handshake
Creating a wordlist
Wordlist cracking
Securing network from attacks
Summary
7
Post-Connection Attacks
Post-Connection Attacks
Post-connection attacks
Summary
8
Man-in-the-Middle Attacks
Man-in-the-Middle Attacks
Man-in-the–middle attacks
Wireshark
Summary
9
Network Penetration Testing, Detection, and Security
Network Penetration Testing, Detection, and Security
Detecting ARP poisoning
Detecting suspicious behavior
Summary
10
Gaining Access to Computer Devices
Gaining Access to Computer Devices
Introduction to gaining access
Sever-side attacks
Server-side attack basics
Server-side attacks – Metasploit basics
Metasploit remote code execution
Summary
11
Scanning Vulnerabilities Using Tools
Scanning Vulnerabilities Using Tools
Installing MSFC
MSFC scan
MSFC analysis
Installing Nexpose
Running Nexpose
Nexpose analysis
Summary
12
Client-Side Attacks
Client-Side Attacks
Client-side attacks
Installing Veil
Payloads overview
Generating a Veil backdoor
Listening for connections
Testing the backdoor
Fake bdm1 updates
Client-side attacks using the bdm2 BDFProxy
Protection against delivery methods
Summary
13
Client-Side Attacks - Social Engineering
Client-Side Attacks - Social Engineering
Client-side attacks using social engineering
Maltego overview
Social engineering – linking accounts
Social engineering – Twitter
Social engineering – emails
Social engineering – summary
Downloading and executing AutoIt
Changing the icon and compiling the payload
Changing extensions
Client-side attacks – TDM email spoofing
Summary
14
Attack and Detect Trojans with BeEF
Attack and Detect Trojans with BeEF
The BeEF tool
BeEF – hook using a MITMf
BeEF – basic commands
BeEF – Pretty Theft
BeEF – Meterpreter 1
Detecting Trojans manually
Detecting Trojans using a sandbox
Summary
15
Attacks Outside the Local Network
Attacks Outside the Local Network
Port forwarding
External backdoors
IP forwarding
External BeEF
Summary
16
Post Exploitation
Post Exploitation
An introduction to post exploitation
Meterpreter basics
Filesystem commands
Maintaining access by using simple methods
Maintaining access by using advanced methods
Keylogging
An introduction to pivoting
Pivoting autoroutes
Summary
17
Website Penetration Testing
Website Penetration Testing
What is a website?
Attacking a website
Summary
18
Website Pentesting - Information Gathering
Website Pentesting - Information Gathering
Information gathering using tools
Websites on the same server
Information gathering from target websites
Summary
19
File Upload, Code Execution, and File Inclusion Vulnerabilities
File Upload, Code Execution, and File Inclusion Vulnerabilities
File upload vulnerabilities
Code execution vulnerabilities
Local file inclusion vulnerabilities
Remote file inclusion using Metasploitable
Basic mitigation
Summary
20
SQL Injection Vulnerabilities
SQL Injection Vulnerabilities
What is SQL?
The dangers of SQLi
Discovering SQLi
SQLi authorization bypass
Discovering an SQLi using the GET method
Basic SELECT statements
Discovering tables
Reading columns and their data
Reading and writing files on the server
The sqlmap tool
Preventing SQLi
Summary
21
Cross-Site Scripting Vulnerabilities
Cross-Site Scripting Vulnerabilities
Introduction to XSS
Reflected XSS
Stored XSS
XSS BeEF exploitation
XSS protection
Summary
22
Discovering Vulnerabilities Automatically Using OWASP ZAP
Discovering Vulnerabilities Automatically Using OWASP ZAP
OWASP ZAP start
OWASP ZAP results
Summary
23
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

What's in this book?

In this book, you will learn how to become an ethical hacker from scratch. We'll assume that you have no experience in ethical hacking, and, by the end of the book, you will be at an intermediate (to high) level.

Here is a quick overview of what will be covered in this book:

  • Preparation
  • Penetration testing
  • Protecting your own system

Preparation

In the first part of this book, you will learn how to create your own lab, so that you can practice ethical hacking on your own computer. You will also learn the installation of Linux systems and how to interact with them, as well as how to set up other systems to try to hack into them.

Penetration testing

In this part of the book, we will cover the most important penetration testing fields. In each of these sections, we will first illustrate how a particular system works, and will then test the security of that system. In the following sections, we will introduce the types of penetration testing that will be seen in this book.

Network penetration testing

In network penetration testing, the first things that we will learn are how networks work and how devices interact with each other.

First, we will learn more about the networks around us; we will gradually proceed by setting up a fake access point and luring people into connecting to networks so that we can capture data that is sent or received through them. We will then learn how to get the password for any Wi-Fi network, whether it uses WEP, WPA, or WPA2 encryption.

We will also go over a large number of powerful attacks that will allow us to gain access to any account that is accessed from any computer in a network. We will be able to capture usernames, passwords, images, and pictures that computers on a network send or receive.

Gaining access

In this part of the chapter, we will learn how to gain access to computer systems. There are two methods to hack a computer:

  • Server-side attacks
  • Client-side attacks

When learning about server-side attacks, you will see how to discover weaknesses in the programs installed on the target computer, and how to use those weaknesses to gain full access to the computer.

In the client-side attacks, you're going to learn how to use social engineering to hack into the target, you'll learn how to create undetectable backdoors, backdoors that look like images and pictures, and so on. We will also learn how to gain access to any computer if that computer exists in our network by using fake updates or by using fake downloads.

Post exploitation

In this section, we look at post exploitation, learning how to control the devices that we hacked. So, we're going to see how to open a system's webcam, manage its filesystems, and download or upload files to it. We will also learn how to capture all of the key strikes that the person enters on their keyboard, or even use that computer as a pivot to hack into other computers.

Website penetration testing

In the final sections, which will be about website penetration testing, we will learn how to gather very comprehensive information about websites, including how to discover, exploit, and mitigate a large number of serious vulnerabilities.

Protecting your system

Finally, we will learn how to protect ourselves (and our systems) from the attacks discussed in the preceding sections.

Previous Section
End of Section 2
Next Section