VPN deals Advertisement

Ethical Hacking: Tips, Tricks and Tools

Ethical Hacking Guide

Telecommunications and computing technology is getting increasingly complicated and ethical hacking tools are an important part of making technology more accessible. They mean that you don't have to be a technical expert or a criminal to indulge in some hacking.

Back in the 1980s, Hollywood started to churn out movies based around a tech theme: hackers break into a bank's computer and steal a small percentage of every transaction to become millionaires within minutes, or create a national security threat by taking control of the US nuclear weapons arsenal.

Usually, such films featured big cabinets of whirring spools of tape, plenty of beeping and banks of consoles with flashing lights. Another constant feature is that the hacker team turns out to be a gang of overachieving teenagers. Today, hacking has become child's play. You could even do it on your iPhone (though make sure you use a specialist iPhone VPN to protect yourself!)

What Is Ethical Hacking?

Ethical Hacking"Ethical hacking" is the practice of testing software or systems to try to expose security flaws.

Software development companies have employed hackers for decades to ensure that nobody can breach their products. Network and software security is a moving target. As soon as a software house closes down one loophole, smart ethical hackers discover another.

This guide is not aimed at those who want to break into the Pentagon or take control of a Russian satellite. In this ethical hacking guide, you'll learn about accessible hacking methods that are available to anyone. On the whole, ethical hacking is a very lucrative career path. Right now, there's a boom in demand for people with these skills. Learning about ethical hacking can open doors to high-paying jobs in the infosec industry and make this far more than just a hobby. Furthermore, by learning ethical hacking, you can learn how to protect your computer and systems.

Hacktivism

Hacktivism is a very loose term. Just as one man's freedom fighter is another man's terrorist, a hacktivist may portray himself as a heroic cyberwarrior, while actually having less noble motives. Hacktivism is generally a pursuit of the young. It tends to center on punishing corporations or political parties. However, the efforts of these groups can sometimes seem childish.Hacktivism

Hacktivism can be as simple as organizing a group to rig the results of an online poll. One example was flooding the vote to name the British Antarctic Survey's research vessel "Boaty McBoatface." Another was scuppering Mountain Dew's "Dub the Dew" campaign so that its new flavor should be named "Hitler Did Nothing Wrong." The hacktivist group Anonymous has attracted many admirers. However, some of its actions, such as the blocking of Israeli-related sites on Holocaust Remembrance Day in 2010, can only be viewed as anti-Semitic.

As a general rule, if hacktivism attracts you, it's better to work alone. Although the aims of a particular group may interest you, you can't be sure that the group won't manipulate your efforts to serve some hidden agenda with which you wouldn't want to be associated. Remember, too, that hacking can get you arrested. Make sure you're working for a cause that you believe in before you risk your freedom!

Penetration Testing

Penetration TestingPenetration testing is the use of hacking techniques to explore new software before it is released. A software development team isn't the best group to test the programs it creates. This is because there may be a fundamental design error in the software that the original creators overlooked. If they missed that problem in the design phase, they're unlike to expose it during testing and make themselves look foolish.

Penetration testing used to be called "destruction testing." It's akin to giving an unbreakable tablet to a two-year-old. This is the software equivalent of putting a computer in a washing machine or dropping it off the roof. The penetration tester will use hacking methods, guile, brute force, and more to try and create havoc, break-in, or steal information that the software should protect. These hackers don't send ransom demands for their work - they get fat paychecks from the companies that they try to ruin.

Types of Hackers

Freedom Warriors

Freedom Warriors

Anonymous is probably the best-known group in this category.

A big problem with unorganized anonymous hacktivist groups, however, is that they have no central command structure and no identifiable call sign. Thus anyone can launch a campaign and claim that Anonymous carried it out.

Disruptive Amateurs

Disruptive AmateursThese hackers break into corporate or government computers and release data, including login credentials, without any clear financial motive. They do it simply for the "lulz" (this is a webchat term that means having a laugh at the misfortune of others). The most famous group in this category is LulzSec. LulzSec broke into the Sony Pictures server in 2011 and leaked all of its users' personal information. This group also managed to take the CIA computer offline. It also broke into the server of HBGary, a cybersecurity business.

State Sponsored HackersState-sponsored Hackers

Russia, North Korea, and China are at the top of the list of states accused of employing hacking to undermine nations they wish to destroy. It's becoming a tradition among election losers to blame Russian hackers for their defeat. However, the US, UK, France, and Germany are also unlikely to be blameless in this activity.

The accusations are not completely unfounded. Both Russia and China are known to encourage freelancing hacker groups with immunity from prosecution, in exchange for services rendered in the state's interests. As with any deal with the devil, this strategy sometimes generates blowback. When not unleashing ransomware at Western capitalism or taking out the Ukrainian electricity network, state-approved hackers have been known to take down Russian banks to stave off boredom. Russia has developed a method called "hybrid warfare." This uses cyberattacks to demoralize and disarm enemies as a prelude to and during invasions. It used these methods with great success in Georgia and the Ukraine.

Hostage Takers 

Hostage TakersIt's very difficult to make money out of hacking. A global attack needs a digital method of collecting payment, and payments can be traced. Thanks to cryptocurrencies, this category of attack is on the rise. Hackers don't need to destroy a computer or steal information, they just need to render information unreadable through encryption. This category of hacking includes ransomware attacks. Threats and extortion of this nature are effectively a protection racket.

Personal Hackers

Personal hacking takes place for a wide range of reasons, from missed promotions to romantic jealousy. There are plenty of tools available that can really screw up the life of an enemy without the originator of the attack being identified.

Personal HackersHackers have developed teams of infected computers, called botnets. These can be commanded (for a fee) to contact your enemy's computer en masse and block off his/her internet access. This is called a Distributed Denial of Service (DDoS) attack. It is the most prevalent form of hacking in force today. DDoS-for-hire attacks can cost as little as $5.

Online poker is one area that attracts DDoS attacks. They might only need to last for five minutes in order to block an opponent out of a game and ensure your victory. There are high stakes available in online gaming. A five-minute lockout of a star player could be just enough to win you the pot. According to cybersecurity operators Akamai, in Q2 2017, 82% of all DDoS attacks occurred within the online gaming sector.

Becoming a Certified Ethical Hacker

Certified Ethical HackerRussia uses hacking to disable the infrastructure of the countries it is about to invade. In addition, it has bumped up against NATO on its Western border. As such, ethical hacking now has a patriotic dimension, and there are lots of vacancies for clever tykes who want to put their hacking skills in the service of their country.

When hacking damaged the private sector, governments were annoyed. However, now that it has military uses and can influence elections and referendums, the ethical hacking profession has become a priority. You can't create a profession without setting up professional institutions and qualifications. As such, rather than just being a "white hat hacker" you can now be a "Certified Ethical Hacker." Some forms of hacking have become legal, "ethical" and respectable professions.

The EC Council set up the definition of Certified Ethical Hacker in 2016. The body operates in 145 countries and represents 200,000 certified professionals. Big businesses, governments, charities, and nations are woefully underprepared for cyberattacks. Ethical hackers have never been more needed. If you want to join their number, you have to get qualified.

To become a Certified Ethical Hacker, you need to sit a four-hour exam at an EC Council-approved testing center. You need two years' work experience in the information security sector before sitting the exam. You'll also need to take a course to make sure you know the answers in the exam. Fortunately, you can take the course online; it costs $850.

The Tools You Need

You probably have a Windows laptop or Mac and a mobile device, such as a tablet or smartphone. These gadgets are OK, but for industrial-strength hacking, you'll need a Linux machine. Fortunately, the equipment you need costs little to nothing. And you will also need to protect your identity.

Free Virtual Private Network (VPN)

Free VPNDon't let any of the services that you engage know who you really are. You can take out a free VPN for the setup phase of your hacking campaign. This VPN will be no good for your ongoing career because free VPNs usually have monthly data throughput limits, which would hobble you. However, they're good enough to get you on the runway.

Webmail

There are very many free webmail systems out there. This means you can set up several accounts with different companies. Turn on your free VPN before accessing these services. Some free webmail systems expect you to give another email address for confirmation before they activate your account. Look for one that doesn't have that requirement. Use this as your first email account, which you can give as a reference to all the others.

Cryptocurrency

CryptocurrencySet up a Bitcoin wallet, or look into Ethereum. Write out a budget for your ethical hacking plan and research all of the services that you need to buy. You can do some things in plain sight. For example, if you want to become a Certified Ethical Hacker, you need to get that certificate in your name. Divide your budget into open costs and dark costs. Put enough money into your cryptocurrency account to cover the dark costs. Make sure that the services you buy accept your cryptocurrency of choice.

Get the Right VPN

Hola! is a free VPN that might appeal to you. However, Hola! doesn't actually encrypt your connections, so won't protect your identity. It's a honeypot. Hola! is a front for a bandwidth-selling enterprise called Luminati.Get the Right VPN

Have you heard about the Tor network? This is a volunteer-operated privacy network that the US navy invented. The US, Canada, UK, Australia, and New Zealand secret services now use it. Unfortunately, the free version that the Five Eyes secret services released to the world has a backdoor in it. All the law enforcement agencies in the free world know about this. So don't use Tor.

To get a good VPN with unlimited data throughput, you'll need to pay for the service. BestVPN.com has a good list of the best VPNs that will protect your identity.

Kali Linux

There are lots of different types of Linux. You need Kali Linux.

Kali LinuxFirstly, check out your computer to make sure it's good enough, because you will probably not need a new one. You can easily partition your existing computer to run both Windows and Linux. The Kali installation process needs 20 GB of free space, and much of it will be freed up once the installation has finished. You'll also need a writable DVD drive or a USB memory stick, and a USB port. Your computer should also have at least 512MB of RAM.

Make sure you have lots of time to spare because this operating system is rich in ethical hacking tools. You won't be able to tear yourself away from your computer once you've got this system working!

Wireless AdapterWireless Adapters

WiFi is fun for all the family. It's particularly enjoyable for hackers, so make sure you have a good wireless adapter in your kit. When you open the list of available networks on your computer, you probably see a whole lot of options, but only one is yours. Your neighbor's WiFi could make a good test bed. So could any of those smartphones that tick in and out of your range all day. Creating an open WiFi hotspot is your best opportunity to sneak software onto other people's mobile devices.

There are lots of options out there. Fortunately, Wonder How To has done a comparison test on the best WiFi adapters for Kali.

Cloud Services

Cloud ServicesThere are some good deals on cloud storage and virtual servers. This industry is putting botnets out of business. You don't need to infect hundreds of thousands of computers to create your zombie computer army because you can get cloud storage for pennies these days. Take out multiple accounts or find systems that allow you to partition your storage allowance to have lots of sub-accounts. You only need one meg per account because you will only upload one or two programs to each. These programs will send out connection requests to your target over and over again. Most commercial websites only need fifty extra page requests per seconds to get shut down. Thus the enormous volume of most botnets represents serious overkill.

Free WebsitesFree Websites

Look for free website hosting. You don't need to micromanage cyberattacks these days. You can command your attacks through parked websites. Those programs that you're going to upload to your cloud storage are daemons. They will check over and over again for the existence of your websites. If you want to launch an attack, you just put up a page with the IP address of the target on one of your sites. When it's done, put a page on another site that just has the word "stop" in its address.

Hacking Methods

Hacking MethodsThe type of penetration testing that you intend to carry out dictates the types of tool that you'll need. Many of the tools you can use are available for free. Furthermore, some of the sites that you visit regularly will help you to build up intelligence on targets and discover their weaknesses.

Real World Information Intelligence Techniques

Pre-release software testing scenarios leave little scope for data analysis and network traffic tracking because systems that haven't yet been released are stored on pristine, isolated systems with test data that's probably only tailored to success conditions, and not to model real-world situations.

Real World Information Intelligence TechniquesDevelopment companies can create a more realistic environment by loading up their sandbox system with real world data. However, the selection of the real world data, when left to the software designers and developers, can again be skewed towards predicted performance. This creates a "near-world" test bed. You can only perform true threat assessment once a system is released and interacting with the real world.

A major system vulnerability lies in the human component. No matter how thorough a company's security procedures are, there's usually a person who has access to system administration functions. These can get a hacker into every device and file on a private network.

Corporate Mapping

Corporate MappingAlthough hacking is primarily a technological pursuit, social skills and intuition are also great hacker tools. Any salesman or con artist knows that you have to research your target, align yourself with their aims, and think like they think.

Gather all available information about the company that owns the website or network that you want to hack. Your main tools here are:

  • Search engines
  • Media mentions
  • Industry reports and analysis
  • Company registration authorities
  • Annual reports
  • "About Us" pages
  • Professional network sites
  • Maltego

Employee TrackingEmployee Tracking

Your main way into a company is through its employees. If you can actually become an employee, half of your work is done. Failing that, you can try to befriend an employee. If you don't have time for that, work out how to mimic a specific person over the phone, or how to trick someone into handing over login credentials through phishing emails.

Trawling social media sites can be time consuming. Fortunately, online tools such as Pipl and Zoom Info will do the legwork for you. Zaba Search looks through public records, so you may be able to engage an employee by calling about a current planning application, or a recent local government fine. Your main tools here are:

Support Providers

Support ProvidersOutsourcing offers a great way to profile a company tangentially. Research the cloud storage systems, the web and software development houses, the accountancy firms and off-the-shelf software services that a company uses. Trace employees of these companies who interact regularly with the target company. Use their identities to contact the key employees that you've identified to get them to either reveal login information, or respond to email instructions that will capture network credentials.

Do a search of your target company's name on Google and see which other companies mention it. Service providers like to boast about their current customer list, so this can be an easy source of information. Maltego can help you seek out the links between companies. Mergent has a Horizon tab in its company search results that lists businesses that have commercial links with the target. Also, speculative emails and calls to the employees in the target company can reveal the names of suppliers.

Advanced Persistent Threats

If you can get into a corporate network with administrator privileges, you can access that company's resources over a long period. A hack doesn't need to be a quick raid. Getting regular access gives you the option of monitoring corporate activity, reading data, setting up fake user accounts, and even using that company's internet success as a front for you own activities.

Once you're on a corporate network, you can access its internet gateway. Thus any exploration of ways into other networks will trace back to your first target instead of back to you. In order to implement this type of resource, you need to get Network Manager privileges so that you can alter network activity logs.

Useful tools for advanced persistent threats are:

Attacking Wifi NetworksAttacking WiFi Networks

WiFi networks are a Godsend for hackers. There are many tools to monitor WiFi networks and crack passwords, but why bother? If you want to get into a neighbor's WiFi router, just ask him for the password when you're around his house.

WiFi hotspots are a much richer hacking seam. Take your laptop to any bar, restaurant, hotel, or transport hub and set up an "evil twin." Wherever you are, there'll be a public WiFi hotspot within range. All you have to do is create another hotspot with an identical or similar name.

Simply change the SSID of your computer or mobile device to look like a meaningful name. The SSID is the name that comes up in other people's list of available WiFi networks. Aircrack-NG has a module called airbase-ng that can do this for you.

You can log into an available free WiFi hotspot and just pass traffic through. For example, London's Gatwick Airport has a free system called "Gatwick FREE WiFi." Create your SSID as "FREE Gatwick WiFi" and pass through all traffic onto the official hotspot. The real network requires users to go to a website and create an account. You don't have to make your users do that. Use Ettercap to create a pass through and intercept any traffic that involves a login.

This hack requires a lot of planning. You need to set up copies of frequently used login screens in order to capture credentials. If you don't have the time to emulate every email system and online bank, just pick a few and pass all of the other traffic through unmolested. Use the Social Engineer Toolkit or HTTrack to do this.

The tools you need to be a WiFi hacker are:

  • Aircrack-NG
  • Social Engineer Toolkit
  • HTTrack

Attacking Websites and Individuals

Attacking Websites and IndividualsOne of the key attacks available to hackers today is the denial of service attack. This involves sending so many simultaneous connection requests to a server or web host that genuine access to that resource gets crowded out. If a host's queue is full of bogus requests, page requests coming from members of the public time out before the host can serve them. This effectively takes a website offline. The interactive nature of online games and gambling means that blocking the network card of an individual can take that person out of the game.

Denial of service expanded into "distributed denial of service" (DDoS) to evade detection. Hackers infect millions of computers all over the world with Trojans. These programs sit and wait for a command to send repeated requests to a target address. The owners of the computers that send these requests are innocent victims. Thus there's no point in trying to track them down and prosecute them for the attacks. The real attacker hides behind VPNs and routes instructions through captive networks.

You don't have to create your own Trojan or infect an army of computers in order to launch DDoS attacks. Hackers have created their own attack networks, which are called "botnets." They rent these out to paying customers. To gain a veneer of respectability, these DDoS-for-hire services market themselves as stress testing services.

If you don't want to pay out every time you want to test a website for DDoS resilience, you can use virtual servers in the cloud to create your own botnet. You just need to load up a couple of programs to each account and set them running. Each will send out thousands of connection requests per hour. Renting these servers costs as little as 0.58 cents per hour, so you can rent 100 for $0.58 per hour or 1,000 for $5.80.

You can also launch a botnet attack from a web host. You can set up numerous free web hosting accounts, then construct and upload a botnet program with a tool such as HULK.

Another way to create a DDoS attack without controlling a botnet is to run your attack through a DNS server. You can set up your own DNS server with a service called NoIP.com. In this scenario, you'll need a program called Metus Delphi to direct the attack.

Tools for DDoS attacks include:

There are hundreds of different ethical hacking tools. Take a look at this overview of the best tools available to narrow down your search.

1.      Kali Utilities

Kali Linux comes bundled with some of the best ethical hacking tools on the market - and all for free. There are more than 600 hacking tools included and the best of them are:

Aircrack-NGAircrack-NG

This is a network usage monitor for WiFi routers. Aircrack is particularly aimed at the task of cracking WEP and WPA encryption passwords.

Burp Suite

This utility is a platform for testing security weaknesses in web applications. The console gives access to a range of tools that cover every step of an attack, from network analysis through to exploit implementation.

Cisco Global ExploiterCisco Global Exploiter

This ethical hacking tool isn't produced by Cisco Systems - it specializes in hacking Cisco networks.

EttercapEttercap

This network monitoring program can log traffic and discern communications protocols. This is a great aid for performing man-in-the-middle attacks.

John the RipperJohn the Ripper

John the Ripper is one of the best password crackers around. This tool is actually a suite of utilities that includes a hash type detector. It can be set to work off a dictionary, or implement brute force password cracking.

KismetKismet Wireless

This WiFi sniffer identifies all WiFi routers within range. It enables traffic monitoring and logging for each.


Maltego

Maltego

Maltego is a great hacker tool. It analyzes a network and chains out over the internet to identify linked sites, related businesses, the people who access the system, and the computers, operating systems, networking protocols and utilities used on a network and its neighbors. This analysis produces a complicated map that you can explore for security weaknesses.

MetasploitMetasploit

This is an information source that provides tips and techniques for ethical hackers. The console of this utility enables you to simulate an attack and explore a system for weaknesses. Once you've identified those faults, you can string together your own mitigation procedures to counter possible future attacks.

nmap

Nmap

This tool is also known as Network Mapper. It is a port discovery tool that searches for hosts on a network and creates a network map.

owaspOWASP ZAP

This is a web vulnerability scanner, similar to Burp Suite. OWASP stands for the Open Web Application Security Project. ZAP means Zed Attack Project. This utility is run through a GUI interface and includes a proxy server creator, web crawlers, scanners, and URL fuzzers.

Social Engineer Toolkit

This allows you to monitor a target's activity to list his most visited websites. You can create copies of websites and generate phishing emails with login links to capture credentials.

Wireshark

This network analysis tool is an essential element in any ethical hacker's toolbox. It highlights network and firewall security weaknesses.

2.      Dsniff

dsniff

Dsniff is a collection of tools for network auditing and penetration testing. The command library's utilities passively monitor a network for interesting data. These include:

Dsniff, Filesnarf, Mailsnarf, Msgsnarf, Urlsnarf, and Webspy

These utilities monitor activity on a network and log key data, such as passwords, email addresses, and IP addresses.

Arpspoof, Dnsspoof, and Macof

These programs log network traffic attributes.

Sshmitm and Webmitm

These facilities enable you to divert or block traffic, mimic servers, and create a man-in-the-middle attack.

3.      Netsparker

netsparkerThis is a web application analysis tool that launches through a graphical user interface. All you need to do is enter a URL to run a scan. The scanner checks for more than 200 known vulnerabilities to see whether the target site or application faces these problems.

A tester in the facility will check each of the discovered vulnerabilities to see whether it can exploit them. That means that you don't have to plan your own intrusion strategies to see whether the site under examination can be compromised.

Netsparker can be downloaded onto Windows. However, if you use a different operating system, or don't want to clog up your hard drive with lots of applications, you can use the facility online instead.

4.      W3af

W3af stands for Web Application Attack and Audit Framework. You can extend this suite of programs with plug-ins. The framework includes facilities to capture web traffic, identifying all of the URLS that a specified site uses. Analyzing functions then analyze the files that those URLs point to in order to search for vulnerabilities. The exploit sector of the w3af suite helps you build attacks to demonstrate how security weaknesses compromise a site.

5.      Pentest Tools

Pentest ToolsUnlike the other ethical hacking tools in this list, you don't have to download the Pentest Tools onto your computer. These utilities are accessible over the web. This has its advantages. You can mimic attacks from other computers. This rules out complicating factors on your own system that may skew real results. This suite of programs includes access to more than 20 tools. It also has a limited free availability - you get credits for free access that renew every 24 hours. You can also buy credits if your access requirements exceed the daily free allowance. Tools include:

Information Gathering Tools

This category includes a Google hacking facility, a metadata extractor, a subdomain mapper, and a website recon utility.

Web Application Testers

These tools can analyze WordPress, Drupal, Joomla, and Sharepoint pages. There is also a web server scanner and a URL analysis tool.

Infrastructure Testers

Look for information on ping, TCP and UDP ports on a server and scan a site for vulnerabilities to common exploits including POODLE, Heartbleed, and DROWN.

Common Types of Attacks

Cracking Passwords

The easiest way to get into a password-protected account is to get the owner of those credentials to give them to you. Common methods to get a password out of someone include sending an email with a link or a button in it. You direct the user to press the button and log in. Rather than visiting their usual login screen, they arrive at a copy page that you created. Other "phishing" techniques include calling and pretending to be the IT help desk, then asking for their password. If the target won't tell you her password, ask her to reset it. Give her a new password to enter or send a link to a password reset page that you control.

Other options include social profiling - trying variations of the name of the target's dog/child/partner, the street she was born on, her school, university, etc. These are all password candidates.

Automated crackers fall into three categories:

Brute force password crackers tick through every permutation of numbers and letters up to the maximum allowed length. This can take a very long time, so is no good if you're in a hurry.

Dictionary-based password crackers run through a file that contains meaningful words in the password owner's language.

Rainbow table password crackers rely on being able to get access to the system administration files on a network. Most authentication systems don't store passwords in plain text, but encrypt them with a hashing function. This type of cracker runs through all known hashing algorithms, trying combinations until a meaningful word is revealed, which gives away the system's passwords.

Facebook HackingSidejacking

You may have heard of a tool called Firesheep. This enables you to take over accounts by hijacking unencrypted cookies sent by the website. This used to be a danger when using unprotected WiFi networks, and a lot of Facebook accounts got compromised. However, don't spend too much time looking for this utility. HTTPS blocks its functions nowadays and Facebook uses this secure web transfer method. Thus Firesheep no longer works for Facebook and most serious websites.

Instead of trying to use hacking tools to get into someone else's Facebook account, use Facebook's password recovery methods to change their password and capture the account.

You need to know the email address that the victim uses to log into his Facebook account. Then:

  1. Create a new email account with a burner webmail service. Make the name neutral, or give it the name of the person whose Facebook account you want to grab.
  2. Go to the Facebook login page and click on "Forgotten your password?"
  3. Type in the target's email address. Click "This is my account." Select "No longer have access to these" when asked whether you want the password reset instructions to be sent to the email addresses on file for the account.
  4. Enter your new email address in response to the question "How can we reach you?"
  5. Read the victim's profile to learn about his life, relationships, pets and where he grew up, because next you'll next have to answer a reset question that the victim set up.
  6. If you pass this question, Facebook will send a password reset email to your new email account.

Hacking Facebook accounts is just one example of how profiling with social media information can get you enough details about a person to enable you to guess his password, or at least bluff through a password reset question.

Spoofing Attacks

Spoofing AttackHackers often use spoofing techniques. If you engage in phishing in order to get someone's password, you'll need to use spoofing in order to make the phishing email credible.

"Spoofing" means "using a fake address," or at least, an address that isn't yours. Thus another way to get someone's Facebook password is to send him an email that looks like it came from Facebook asking him to log into his account. Having the sender address as accounts@facebook.com will make this email look official. You can create spoofed emails with tools such as the Social Engineer Toolkit.

A big downside of spoofing email addresses is that you have to structure your con so that the recipient doesn't need to reply to the email in order to give you the information that you want. In phishing emails, the most common method for getting login information is to include a button in the email that leads to a cloned login page.

Setting up this hack requires programming skills. Remember, you should already have set up a series of free web hosting accounts. You can use one of those to host your fake login page. Fortunately, the Social Engineer Toolkit can help you clone a login page, as can HTTrack.

Reflector AttackReflector Attacks

The disadvantage that you don't get replies back if you spoof an address turns into an advantage in other forms of hacks. Spoofing makes one of the DDoS examples in the "Attacking Websites or Individuals" section above possible. This is a reflector attack. Rather than channeling your attack through a botnet or virtual server, you can bounce attacks through standard internet services.

A DNS server returns an IP address for a given domain. If you spoof the address that goes out as the source for the DNS request, the reply won't come back to you. It will go to the owner of the computer at the spoofed IP address. You might think that in order to run this type of attack, you would need to tie up your own internet connection just as badly as the victim's. However, the best reflector attacks return far greater amounts of data than the initial request that provokes those replies.

The Network Time Protocol (NTP) is particularly useful for this. NTP servers not only reflect attacks, they amplify them. An NTP response can be 200 times the volume of the request. As such, if you upload a DDoS attacking program onto your 1,000 virtual servers, sending spoofed requests to NTP servers repeatedly, your victim will receive an overwhelming volume of data, gobbling up his bandwidth and choking his internet connection.
Ready to Become an Ethical Hacker?

Ethical HackerIf you really want to test your website or system for security weakness, don't perform the tests yourself. "Ethical hacking" sounds nice, but it shouldn't be dainty. Hackers are prepared to go to lengths that the owner wouldn't dare in order to break into a system. Imagine you wanted to test your home security. You probably wouldn't be prepared to smash a window to give the system a proper test. This analogy shows that it is better to get someone else to test your system for you.

However, be prepared for what you're taking on. An ethical hacker worth her salt won't limit her research to your computer in order to get the information she needs. Good hackers need to be stalkers. The best don't limit their tracking to the virtual world. If you're still interested, use the following resource to learn ethical hacking online.

Ethical Hacking - Conclusion

This article is not meant as an education for hackers. This is a guide on ethical hacking tools that can help you protect your own business or home computing resources. Protect yourself from security breaches by being careful with the information you post on social media, implement internet safety procedures, and keep informed on the latest hacking fads.

2 Comments

  1. jake
    on January 17, 2018
    Reply

    Would love to see the opposite of this - system security. Since most of the tools here are linux-based, how about an Article on Linux Mint/Cinnamon (since this is what I use, ha!) detailing useful hardening tips:-) For example: we take the latest version of Mint, examine the default setup and find ways of strengthening it for the common *Desktop* user. Firewalls (perhaps an alternative to the basic one that's off by default... sigh), unnecessary deamons that start up just because..., intrusion detection programs that are actually useful, scripts to determine if any user (other the the default users on the system) are logged in or have ever logged in, directories/files that get written to by the system as a matter of simply turning on the computer (logs, temp files, etc), places were history is kept (I noticed the other day that every image I ever viewed (even browser images) was thumbnailed somewhere), etc... When I was on Windows, I had a lot of the privacy/security covered. I knew the system inside/out. When Microsoft went full spyware, I could no longer manage a secure system. Linux, for this newbie, seems pretty sloppy for a desktop user. I'm sure all the stuff that litters the system, the running deamons, etc - are useful on servers, etc.. Anyway, incredible article you put together. It's going to take me a long time to digest all of it. It lets me know what's out there and the methods used. This is a good start to helping me secure my system further.

    1. Douglas Crawford replied to jake
      on January 17, 2018
      Reply

      Hi Jake, An article on how to harden Mint (or Ubuntu) is a great idea, and is something we may consider doing.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.