Ethical Consideration and Warnings, Network Fundamentals

                                                        How to Hack Computers

                                 A Guide to Hacking Computers for Beginners


Contents

Continue......previous note

Chapter 4 – Ethical Considerations and Warnings
Chapter 5 – Networking Fundamentals
        1. Understanding the OSI Model and Networking Terminology
        2. IP Addressing Essentials
        3. Subnet Masks
        4. Two Special Network Addresses
        5. MAC Addresses
        6. ARP (Address Resolution Protocol)
        7. Ports and Firewalls
In Summary


Chapter 4 – Ethical Considerations and Warnings

A book about hacking would be irresponsibly incomplete without a chapter giving you a fair warning on the consequences of misusing these techniques as well as the ethical considerations of hacking. To begin this discussion, you need to be familiar with two different terminologies that describe different types of hackers: black hat and white hat. I like the imagery these terms bring to mind because they always seem to remind me of Spy vs Spy.


Black hat hackers are what most people typically think of when they hear theword “hacker.” A black hat hacker is the type of nefarious Internet user who exploits weaknesses in computing systems for personal gain or in order to disrupt an organization’s information systems to cause them harm. He’s the guy wearing a high collared shirt, sunglasses, and a fedora behind an array of 20 or so computer monitors or the nerd in the movies who can break into a top secret system illegally.


There really isn’t any good that can come out of adopting a black hat approach to hacking, either. When you hear in the media that a financial institution just lost thousands of usernames and passwords or that a social media database was compromised that caused vast amounts of people to lose sensitive personal information, the attack was carried out by a black hat hacker. Recently, there was even a module of code contained in a WordPress plugin that was susceptible to an XSS vulnerability (a type of security flaw in websites with caching plugins) that was being exploited worldwide by the extremist group ISIS. If you are reading this book because you have dreams of causing mass disruption and chaos, I would highly advise you to reconsider. However, understand that security and penetration tools aren’t inherently good or evil. One could argue that they are much like firearms in the sense that the weapon is an inanimate object and it is only as good or evil as the person wielding it.

White hat hackers, on the other hand, are the complete opposite. They’re the good guys who do everything in their power to find potential security flaws and correct the errors so the black hat hackers can’t break a system. As you read this book, you need to consider all of the tools and techniques I show you from the perspective of a white hat hacker and use them responsibly. If you pursue white hat hacking professionally, you can add tremendous value to the organization you work for and make big money doing so. Some white hat hackers that have the CEH (Certified Ethical Hacker) certification make salaries well into the six figure range. Internet security is only becoming more important with each passing year, and a talented white hat hacker can use penetration testing tools and footprinting methods to identify disastrous security flaws on the organization’s network and information infrastructure and patch them before they become a problem that would cost the organization obscene amounts of money.


Furthermore, you need to be aware of the consequences of misusing the knowledge you learn in this book. Though you likely won’t get caught snooping around a network attached to an unsecured SOHO (Small Office/Home Office) wireless network in your neighborhood or at your favorite local coffee shop, you need to respect other people’s rights to privacy. Think about it – how would you feel if you were sitting down for a cup of coffee while reading a book only to find out later that someone had attacked your Kindle over the coffee shop’s network and stole your data? You would feel enraged, irritated, and violated. So remember the golden rule as you grow into a white hat hacker.


Also consider that using penetration tools on networks where you don’t have any authority to do so could lead to some extremely negative consequences. Let’s face it, you don’t have the right to steal other people’s personal information – it’s illegal. Not only could you provoke civil lawsuits, but you could even face jail or prison time depending on the nature of your offense. If you choose to do it on your employer’s network and you get caught, the best case scenario is that you would have some extremely uncomfortable questions to answer and the worst case scenario is that you would become fired. It’s just not worth it, so keep that in mind moving forward.


Instead of testing out these techniques on public or corporate networks, my advice would be to try these in your very own home. Even a small home network will provide a digital playground for you to test out your new security skills. All you would need to run through some of these demos would be a personal computer, a wireless router, and preferably a few other devices that you can attach to your network. In the footprinting section I will show you how to run ping sweeps and other utilities to perform reconnaissance and information
gathering methods, so having several other devices will give you more “toys” to play with on your local area network (LAN).


By now I hope you understand that the word “hacker” is rather ambiguous. Years ago, it rightfully meant a black hat hacker. Today however, it could refer to any number of different types of people who are extremely knowledgeable about technology, and the term “hacker” doesn’t necessarily mean someone who is trying to steal intellectual property or break into a restricted network. Calling someone a hacker is the layman’s approach to describing a digital thief, but security professionals will often draw the line between the white hats and the black hats.


With all of the dire warnings out of the way, we can now proceed to the juicer and more pragmatic sections of the book you have all been waiting for and we can begin to learn how you personally can get your feet wet with hacking. To begin, understand that this book is written with the assumption that you have little to no understanding of rudimentary networking and security concepts. Because this book is written for beginners as opposed to seasoned Internet security professionals and expert hackers, you need to first have a basic understanding of network terminology, addressing concepts, and other fundamentals that you will be able to use as a foundation to build your hacking skills upon. So, let’s get started networking fundamentals!



Chapter 5 – Networking Fundamentals

1. Understanding the OSI Model and Networking Terminology

OSI Model (Open Systems Interconnection) is one of the best places to begin if you are lacking a working knowledge of networking concepts. Just about every one of the demos we will run through together is heavily based on the OSI model and network security professionals often throw aroundterminology and jargon related to different components of this model. Also, it will benefit you personally if you understand what level of the OSI model various attacks target and this knowledge is fundamental to understanding IP addresses and ports, which we will cover later in this chapter.

To begin, understand that the OSI model consists of seven different layers asfollows:

#. Application – A computer application that creates data such as an email or
instant messaging program
#. Presentation – The method of encoding data, such as ASCII text
#. Session – TCP ports (FTP, POP, HTTP, HTTPS, etc.)
#.Transport – TCP or UDP connections (among others)
#. Network – IP addresses and packets
#. Data-Link – MAC addresses and frames
#. Physical – ones and zeros (bits) transmitted across a cable

(*Note: If you don’t understand some of the terminology described above, take adeep breath and relax. We’ll get to that later.*)


2. IP Addressing Essentials

what is an IP address? Well, and IP address is a number that serves as a unique identifier that helps computers differentiate between hosts connected to their network. The most common analogy to describe this concept is that of the post system. If you wanted to mail a letter to someone (send them data), you would first need to know their home’s address
(IP address) before your message could be delivered.


Whether you know it or not, you have undoubtedly seen IP addresses already. They consist of four numbers ranging from 0-255 that are separated by periods as in the following example: - 192.168.1.1


Also understand that an IP address is 32 bits long. We won’t dig into binary math because it won’t do much for our network penetration examples later in this book, but know that each number separated by a period in the address is called an octet. It is called this because each of the four numbers are 8 bits (1 byte) in length. However, this IP address lacks something called a subnet mask, so we don’t know what network it belongs to.


3. Subnet Masks

Each IP address is composed of two portions: the network portion of the address and the host portion. A subnet mask determines how much of the IP address defines a network and how much of the address identifies a host on that network subnet. For the remainder of this book, just note I will use the terms LAN (Local Area Network) and subnet interchangeably. Consider the following four
examples of subnet masks:
1. 255.0.0.0 (/8) – 8 bits (the first octet) define the network portion of the
address.
2. 255. 255.0.0 (/16) – 16 bits (the first two octets) define the network portion of
the address.
3. 255. 255. 255.0 (/24) – 24 bits (the first three octets) define the network
portion of the address.
4. 255. 255. 255. 255 (/32) – This subnet mask indicates a host address. It does
not indicate a network subnet.


4. Two Special Network Addresses

So why don’t we use the 0 or the 255 th addresses on a subnet as host addresses?
Because these two addresses are special. The first one is called the network address. This address can’t be assigned to a host because it defines an entire network. In our example above, this address was 192.168.1.0. Also, note that the last address on a network subnet is the broadcast address. This address is used to send information to every host residing on that network at the same time, so this address can’t be used for a single host address either. In our previous example, the broadcast address is 192.168.1.255.


5. MAC Addresses

MAC (Media Access Control) addresses are layer 2 addresses, and they are globally unique. Each MAC address is contained on the network card of your computer, and it is composed of twelve hexadecimal digits (0-9, A, B, C, D, E, F) which total 48 bits in length. The following is an example of a MAC address:-  B8EE:6525:7EA6

The first half of the address – the first 6 digits – indicate the OUI (Organizationally Unique Identifier). This is just a fancy way of saying that it marks who manufactured the network card hardware in your computer. The last 6 digits are a unique identifier for that manufacturer’s network cards.

Because MAC addresses are layer 2 addresses, they cannot be routed on the Internet. They belong in the data-link layer of the OSI model, and they can only help devices speak to one another on the same LAN via a layer 2 network switch. In order for layer 2 addresses and layer 3 addresses to operate together, we need a mechanism that binds them together.


6. ARP (Address Resolution Protocol)

ARP is a network protocol that binds layer 2 addresses to layer 3 addresses. Both networking devices and computers alike keep tables that record ARPinformation on the LAN so they can keep track of which MAC addresses are paired with which IP addresses. This information is constantly changing every time you take your laptop or mobile device to a new wireless network, and this information is critical to facilitating types of attacks such as a man in the middle attack.


7. Ports and Firewalls

Ports, which are also sometimes called sockets, were one of the hardest fundamental concepts for me to wrap my head around when I first started learning networking engineering and computer hacking years ago. Basically, they are numeric values that are part of the TCP/IP protocol suite that are used to tag different types of traffic. By tagging traffic, devices like firewalls can take different actions when different data streams flow through a network.

The following are some of the most common ports and their respective protocols
and traffic types:

          -Port 80: HTTP (Hyper Text Transfer Protocol – used for web browsing and web
           pages)
          -Port 20/21: FTP (File Transfer Protocol – used to download files remotely)
          -Port 443: HTTPS (Hyper Text Transfer Protocol Secure – encrypted HTTP)
          -Port 22: SSH (Secure SHell – used to remotely run command line procedures)
          -Port 53: DNS (Domain Name System – used to bind IP addresses to URLs)
          -Port 547: DHCP Server (Dynamic Host Configuration Protocol – automatic IP
           address assignment)

The term ‘firewall’ is thrown around in the movies a lot, but most people don’t understand what they do. Though they have many advanced features, one of a firewall’s most basic functions is to permit or deny traffic to a network. Firewalls in home environments act as a single point of failure – meaning that all of the data in transit to/from the local network needs to first pass through the firewall. Because it acts as the only way into a network, the firewall can prevent hackers from making connections on specified ports to protect the local network.


In Summary

Please understand that we could go much deeper into these topics. In fact, there have been entire books written about some of these subjects, but they are too advanced for a beginner and lie outside the scope of this book. The idea is to give you a working knowledge of these ideas to facilitate your hacking and penetration testing endeavors. However, if you want to further your knowledge on these concepts, it will only help you become a better hacker. Now that you know what IP addresses, MAC addresses, ports, and firewalls are, we can move on to more advanced topics.