How to Hack Computers
A Guide to Hacking Computers for Beginners
Contents
Continuation of ............previous part
Chapter 12 – OpenVAS
1. Installing OpenVAS
2. User and Port Configuration
Chapter 13 – Social Engineering
1. Types of Social Engineering Attacks
2. An Email from a Trusted Party
3. A False Request for Help
4. Baiting Targets
5. How to Protect Yourself from Social Engineering
Chapter 14 – Man-In-The-Middle Attacks
1. How to Perform a Man-In-The-Middle Attack
Chapter 15: Cracking Passwords
1. Password Cracking
2. Password Cracking Utilities
3. John the Ripper
4. Ophcrack
5. L0phtcrack
6. Cain & Abel
In Summary
Chapter 12 – OpenVAS
OpenVAS, or the Open Vulnerability Assessment system is a great tool for both black hat and white hat hackers alike. However, it is more popular in the white hat realm as it was designed for professional penetration testers and it allows them to scan servers or computers, uncover any potential security flaws, and then provide solutions to patch the system. Essentially, it is an auditing tool that can provide a wealth of information about the vulnerabilities found in any given host. OpenVAS is really a collection of programs that work together to facilitate testing procedures that are cataloged in a massive database of listed exploits – much like the Metasploit database. However, this program can be used for good or evil depending on the motivations of its wielder.
1. Installing OpenVAS
You have the option of installing OpenVAS on a server – which is usually what’s done in the corporate world – or you can simply install it in the virtual VMWare environment that you had setup earlier. If you are going to be using this software within Linux, this will be the perfect opportunity to further familiarize yourself with the Linux command prompt. However, know that a virtual appliance exists that you can install as its own independent VMWare machine. In this example, we are going to be installing OpenVAS within Ubuntu Linux since it is a favorite for Linux newbies. There are a couple prerequisites for this software as you likely don’t already have it installed on your system. To begin, you will need to install the pythonsoftware-properties tools. Furthermore, you will want to run an update command to make sure that none of its dependencies are out of date. To begin,
run the following two commands:
-sudo apt-get update
-sudo apt-get install python-software-properties
Now you will want to install the actual OpenVAS software from the Internet by
using the following terminal command:
-sudo add-apt-repository ppa:openvas/openvas6
2. User and Port Configuration
As we near the end of the setup and configuration process, I wanted to show you another example of a port. In the network fundamentals section I had shown you the basic idea of users and ports, and now we have the opportunity to catch another glimpse of that information in action as we configure OpenVAS. To start we will need to configure a user account with the following command:
-sudo openvasad -c add_user -n admin -r Admin
This command will create a user account with full and unrestricted administrator privileges. The username will be ‘admin’ and the password will be of your own choosing. Now we need to configure what host or hosts can access the software. If you are installing OpenVAS in a virtual Linux environment, the default will suffice
because it only allows access from the local machine. However, incorporate environments or home environments where you want to install OpenVAS on a server, you will need to change the default configuration so it will allow access to remote users. If you are using your own virtual Linux environment, you can skip this step.To change this setting, issue the following command to open the
configuration file in a text editor:
-sudo nano etcdefault/greenbone-security-assistant
Chapter 13 – Social Engineering
While you may have erroneously thought that the only way hackers steal passwords is by entering cryptic commands into a text based operating system like you see in the movies, there are some much simpler techniques hackers use regularly to steal people’s information. Social engineering is a technique frequently used by sophisticated hackers to gain access to networks, and you need to have a solid understanding of these techniques to protect yourself from their black hat endeavors.
Let’s start by defining the term social engineering. Basically, it is a way for hackers to manipulate targets into unknowingly forfeiting their information. Most typically this information is account data such as usernames and passwords that a black hat hacker covets to gain access to a computing system or network.
Once they have a point of entry to the network, then they will proceed with reconnaissance techniques and scanning procedures. However, sometimes hackers employe social engineering to acquire banking credentials or local computer credentials in order to install a virus or Trojan. The point is that social engineering is typically one of the first steps an attacker takes to carry out a
grander scheme.
That brings us to one of the most fundamental aspects of security. You simply need to know who to trust and what online resources to trust. There’s an old adage that will ensure that you never misplace your trust again: trust, but verify! You have no idea whether or not that person on the phone is legitimate. The biggest challenge large organizations face with social engineering is the trust factor, because their entire network could be compromised by one individual who just takes everything at face value.
Take physical security and defense as an analogy. It doesn’t matter how high your castle walls are, how many troops you have deployed, how large your spear infantry is, or how strong your mounted cavalry units are; it only takes one idiot to see a wooden horse as a wooden horse and the next thing you know your empire has crumbled. On a side note, I would probably say that the modern equivalent example of a Trojan horse is a burglar who pretends to be a pizza man, but I think you see the point. Once a hacker gathers critical information with social engineering, an entire business network could easily be in jeopardy
1. Types of Social Engineering Attacks
There are several common attack methods that criminals and hackers love to use for social engineering purposes because they have a high success rate. You’d think the general public would have learned their lessons by now, but the ugly truth is that some people still fall victim to these types of attacks because they are naïve, gullible, or over trustworthy. The following are some of the most
popular social engineering methods hackers love to use.
2. An Email from a Trusted Party
Don’t offer up your credentials to anyone, and I mean anyone, including your close friends. Unfortunately, hackers have been able to expand their access to a network after successfully hacking a computer by duping users on the attacked PC’s email list into forfeiting more information. By using an email account from the computer they hacked, the hacker is able to take advantage of the trust
relationship between the person they are emailing and the person they have hacked.
But watch out! Attacker’s attempts to gather information are usually a lot more sophisticated than an email saying something to the effect of, “Hey Steve, can you give your username and password for www.example.com? I forgot my password.” Sometimes they will include a link to another site in an effort to employ a phishing attack. Other times they may send a toxic link to a resource they control that looks genuine, but they include a vague message such as, “Hey John, you gotta check this thing out!” Once you click on the bad link, a virus or some sort of malware could easily be downloaded to your computer.
Even more worrisome is an email that contains a link to a download. It could look like a content download such as music, video content, or pictures, but the download link will actually point to a malicious code download. After a successful attack, the hacker will be able to access your computer, email program, and other sensitive information. And now the attacker has a whole new email address book to use to facilitate further attacks, and the vicious cycle repeats itself.
Be warned. Hackers love to manipulate and take advantage of the emotions of human beings by urgently asking for help that is needed immediately. Sometimes they will appeal to your good nature and ask you to make a charitable contribution to someone in need. Though it is heartbreaking to try to separate the wheat from the chaff and know if you are truly helping someone out, you need to protect yourself and not donate any money if you can’t verify the company and link as a reputable organization.
3. A False Request for Help
Sometimes hackers will send messages that appear to be from a legitimate company that claim they are responding to a request that you never made. Often they will imitate a large and reputable corporation with thousands upon thousands of users to increase their chance of success. If you never requested aid from them, you need to avoid that email like the plague. The real problem here is the scenario where you do use a product or service from the company they are imitating, though.
Even though you didn’t originally ask for their help, you may still be enticed into wanting what they offer. For example, let’s say that the hacker is impersonating a representative of a large bank and that there was a reporting error that caused the bank to make an error that needs to be verified. Because
you want to make sure that your money is safe, you decide to trust this false representative. But here comes the catch. The hacker is going to claim that they need to first “authenticate your information” to see if your account was affected by the “error.” You give them your credentials, and the next thing you know you have been robbed blind.
4. Baiting Targets
Any baiting scheme is going to revolve around the appearance that the attacker is offering something of value. Many times you will see these types of social engineering attacks in pop-up ads or on torrent websites. The bait is frequently a free book, movie, or game that the target thinks is legitimate when in reality, it is a link to malicious code. Unfortunately, some of these offers look very real – they can take the form of a hot deal in a classified ad or a deal found in an Internet marketplace or false e commerce site. These are hard to spot as scams because the attacker has found ways to manipulate the system to give themselves a favorable and trustworthy rating. Once you have been duped into following the link or download, the attacker has successfully injected a malicious program, virus, or malware onto your computer and has a foothold to carry out further attacks.
5. How to Protect Yourself from Social Engineering
Social engineering is a huge problem because it evolves with technology, and you can’t always know whether or not someone is legitimate. Fortunately, there are a lot of things you can do to reduce the chance that you are victimized by an attacker using these techniques.
First of all, be sure to take your time and think about the consequences of your actions beforehand. Attacker would love it if you just reacted to a situation without thinking about what you are doing, but take a moment to think ahead – even if the message claims an urgent scenario.
Also make sure that you take time to verify and validate any information that looks odd or suspicious. Go through their claims with a fine tooth comb and remember to remain skeptical. Even if you get a message from a company you do business with, make sure the URL link matches the company’s website verbatim. If they provide their phone number, you can do a reverse phone lookup on the Internet to cross-check their validity. Make sure that you never respond to an email that requests information such as your username or password. Reputable companies would never ask for your personal information in an email.
In addition, make certain that you never respond to false messages claiming to be a response for the help you never requested. Delete these before ever opening them because they could contain links to malware that would destroy your computer. The best way to combat bad links is to use legitimate means to find them. For example, don’t follow the link in an email if you want to verify it. Instead, use a Google search because it extremely unlikely that an attacker with a face website has beaten legitimate websites in SEO endeavors to rise to the top of the search rankings.
Chapter 14 – Man-In-The-Middle Attacks
Man-in-the-middle attacks are extremely dangerous for end users because a successful attack will allow a hacker to view all of the data that a user is sending over the network. If the user is setting up a connection to a VPN server, the hacker will be able to capture their key to decipher their encrypted messages. In addition, the hacker will be able to see all of the websites the user visits as well as steal information such as usernames, passwords, and even payment card data.
An attacker performs this exploit by tricking the target’s computer into thinking that the attacker’s computer is the default gateway or intended destination for data transmissions. For example, let’s say that you wanted to do a Google search. Normally, your data would be sent to your default gateway (e.g. your wireless router), routed through the public Internet, and then reach one of Google’s servers. However, with a man-in-the-middle attack, your data would first be sent to a hacker somewhere in the middle of the process before reaching Google’s servers.
1. How to Perform a Man-In-The-Middle Attack
To start the attack, we first need to successfully spoof an ARP binding. To do so, we are going to use a tool on Kali Linux called ‘arpspoof.’ The syntax for this command is as follows:
-sudo arpspoof –i eth0 –t [TARGET ADDRESS] [DEFAULT GATEWAY
ADDRESS]
So, if you wanted to trick a host on your local network with the address of192.168.1.10 into thinking you were the default gateway, the command would look like this:
-sudo arpspoof –i eth0 –t 192.168.1.10 192.168.1.1
Chapter 15: Cracking Passwords
Though you might not think so at first, your email is actually one of the most dangerous accounts to lose to a hacker. The reason being that there is so much personal information stored in your inbox. Once an attacker has access to your email account, you’re in for a world of hurt because they will be able to see and intercept all of the messages that reach your inbox. Worse yet is the idea that they now have a way to impersonate you. If they wanted to, an attacker could trick other people in your address book into forfeiting additional information by using your identity to request that information.
Furthermore, there is going to be a ton of sensitive data linked with your email account. Websites today are getting pretty complex, and there are a lot of ways to link a user’s login credentials and web activity with their email address. For example, there will likely be emails and promotions from sites that you have already done business with sitting in your inbox or spam folder. This gives an attacker clues as to where he or she can look to uncover additional information. They may also be able to see what purchases you have made with online sites such as Amazon.
1.Password Cracking
While all of these scenarios are terrible, by far the worst advantage an attacker gains is the ability to further hack your passwords. There are several techniques an attacker can employ, but they all exist to steal your credentials to escalate their privileges. For example, who knows what an attacker might purchase if he or she had access to your Amazon account and payment card data?
Now that you have a basic understanding of how critical secure passwords are and the consequences of what an attacker can do once they get your password, let’s look at the basics. I sure that cracking passwords sounds cool and really complicated, but some of the methods used are unbelievably simple and even a little anticlimactic.
2. Password Cracking Utilities
There are many different password cracking utilities to take advantage of, but we are going to take a brief look at the most popular pieces of software. Hackers will employ several of these tools in conjunction with one another to facilitate their attacks. They simply don’t start with a brute force attack because passwords can often be found using quicker methods. With that said, a brute force attack is usually the last resort when other methods have already failed.
3. John the Ripper
John the Ripper is probably one of the most famous and revered password cracking utilities in hacker communities. It is highly efficient and effective, but it does suffer from one fatal flaw that often keeps it out of the hands and minds of newbies: it was developed for Linux. Though it does have ported versions, keep in mind that it is natively a Linux application.
Because some of these tools are exclusively built with Linux in mind, you will surely need to get your feet wet with the Linux operating system to become a competent hacker. By now you should have already setup a Linux environment to run through some of the demonstrations in this book using VMWare. If you haven’t already, it is high time to build your first Linux environment.
4. Ophcrack
Ophcrack is the first of the password cracking tools we will discuss, and like many of these tool, it is free to download and use. It can be used to crack passwords on a variety of operating systems, but this tool has gained most favor from hackers that are attempting to crack Windows passwords. However, it can still be used to facilitate attacks on Linux and Mac passwords. Though it does have simpler and more effective algorithms, this piece of software will allow a user to perform a brute force attack. Lastly, it even has a feature that will allow you to create a live boot image.
5. L0phtcrack
L0phtcrack is really a suite of software that allows you to perform many different password functions. For example, it can be used to audit password strength and complexity to bolster your security efforts. Given the range of functions this software provides, it is frequently used with computer security firms as well as governmental organizations such as military applications. Not only can it run on versions of Windows that are higher than Windows XP, it can also run on some Linux and BSD distributions. Like other password cracking utilities, it will allow an attacker or security expert to run both dictionary based attacks and brute force attacks.
6. Cain & Abel
Cain & Abel is another popular password cracking utility. Its features exceed only the ability to crack basic passwords or operating system passwords, and it even has some features that aid in the process of wireless security-key cracking. However, it can only be used exclusively in a Windows environment and it allows users to crack passwords that have been encrypted and encoded in various formats and protocols such as MySQL, Oracle, MD5, SHA1, SHA2, and various wireless encryption algorithms.
As with the other utilities, this software will perform a variety of different password cracking methods such as dictionary attacks, rainbow attacks, and brute force attacks. One extremely useful feature of this software is that you can set parameters to fine-tune the brute force attack such as the length of the password you are trying to crack. This has the ability to eliminate millions of potential password combinations that would otherwise drastically multiply the length of time needed to carry out the attack.
In Summary
These tools aren’t incredibly difficult to use, but most users don’t have any clue that they exist. Really, all of the hard work has been done already by the expert programmers who created this software. All that’s left to do is for it to be used by an experienced hacker. Tools like these are so easy to use that teenagers with little experience in the real world can find ways to use them to hack into other people’s computers. Though I wouldn’t recommend using these tools for evil, they are certainly fun to use in a home environment.
6. Cain & Abel
Cain & Abel is another popular password cracking utility. Its features exceed only the ability to crack basic passwords or operating system passwords, and it even has some features that aid in the process of wireless security-key cracking. However, it can only be used exclusively in a Windows environment and it allows users to crack passwords that have been encrypted and encoded in various formats and protocols such as MySQL, Oracle, MD5, SHA1, SHA2, and various wireless encryption algorithms.
As with the other utilities, this software will perform a variety of different password cracking methods such as dictionary attacks, rainbow attacks, and brute force attacks. One extremely useful feature of this software is that you can set parameters to fine-tune the brute force attack such as the length of the password you are trying to crack. This has the ability to eliminate millions of potential password combinations that would otherwise drastically multiply the length of time needed to carry out the attack.
In Summary
These tools aren’t incredibly difficult to use, but most users don’t have any clue that they exist. Really, all of the hard work has been done already by the expert programmers who created this software. All that’s left to do is for it to be used by an experienced hacker. Tools like these are so easy to use that teenagers with little experience in the real world can find ways to use them to hack into other people’s computers. Though I wouldn’t recommend using these tools for evil, they are certainly fun to use in a home environment.
0 Comments