Erhalten Sie Zugang zu diesem und mehr als 300000 Büchern ab EUR 5,99 monatlich.
The objective of the book is to summarize to the user with main topics in computer networking hacking. The book consists of the following parts: Part 1: Lab Setup Part2: Foot printing and Reconnaissance Part 3: Scanning Methodology Part 4: Enumeration Part 5:System Hacking Part 6: Trojans and Backdoors and Viruses Part 7: Sniffer and Phishing Hacking Part 8: Hacking Web Servers Part 9:Hacking Windows and Linux Systems Part 10: Wireless Hacking Part 11: Hacking Mobile Applications
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 76
Das E-Book (TTS) können Sie hören im Abo „Legimi Premium” in Legimi-Apps auf:
By
Dr. Hidaia Mahmood Alassouli
While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
HACKING OF COMPUTER NETWORKS
First edition. June 19, 2020.
Copyright © 2020 Dr. Hidaia Mahmood Alassouli.
Written by Dr. Hidaia Mahmood Alassouli.
I am Dr. Hidaia Mahmoud Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from gaza strip.
I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.
I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator.
I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering.
I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.
I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http:// www.anticorruption.000space.comMy personal website: http://www.hidaia-alassouli.000space.comEmail: [email protected]
Abstract
The objective of the book is to summarize to the user with main topics incomputer networking hacking.
The book consists of the following parts:
Part 1: Lab Setup
Part2: Foot printing and Reconnaissance
Part 3: Scanning Methodology
Part 4: Enumeration
Part 5:System Hacking
Part 6: Trojans and Backdoors and Viruses
Part 7: Sniffer and Phishing Hacking
Part 8: Hacking Web Servers
Part 9:Hacking Windows and Linux Systems
Part 10: Wireless Hacking
Part 11: Hacking Mobile Applications
You can download all hacking tools and materials from the following websites
http://www.haxf4rall.com/2016/02/13/ceh-v9-pdf-certified-ethical-hacker-v9-courseeducatonal-materials-tools/
www.mediafire.com%2Ffolder%2Fad5szsted5end%2FEduors_Professional_Ethical_Hacker&h=gAQGad5Hf
Part 1: Hacking Lab Setup
Part 1 of Certified Ethical Hacker (CEH) Course
By
Dr Hidaia Mahmood Alassouli
1) Setup lab
From the virtualization technology with software VMware or virtual box we can do more than one virtual machines, one linux and other windows 2007 or windows Xp
Download vmware and install it
Create folder edurs-vm in non-windows partition. Create a folder for each operating system
Install any windows operating system.
Download backtrack
To install backtrack on usb, download unebootin. We need also to use the tool to support booting from flash memory in vmware.
Download and install kali linux
Download and install metasploit.
Metasploit is big project that contains a lot of modules or programs. These modules or programs can utilize the holes in windows machines or linux machines operating systems. For any hole that occur in the operating systems, we candevelop the program that can utilize this hole. We can work on it through command line or graphical interface. The programs that use graphical interface are armitage and Koblet Strike . In linux we can update the metasploite using command msfupdate.
Part 2 of Certified Ethical Hacker (CEH) Course
By
Dr. Hidaia Mahmood Alassouli
1)Footprinting and Reconnaissance
Use nslookup to get information about server.
see dnsstuf to get information about server domain .
Use www.ip-address.com to get information about server.
Use www.robtex.com to get information about server domain.
Use backtack or any linux machine
to know
the dns servers of certain domain. For example,
Dig –t NS Wikimedia.org
Use backtack or any linux machine
to know
the A and MX records of certain domain. For example,
Dig –t A Wikimedia.org
Dig –t MX Wikimedia.org
To see the zone transfer
Dig –t AXFR Wikimedia.org @ ns1.wikimedia.org
We can see all the records in that dns server.
We can use the nslookup command to see the host of certain ip address
Nslookup –type= ptr 31.13.81.17
We can use who.is to know information about server
, when
created , and when expired and all information about that the dns servers of domain and about the administrator. You can
get the
same information from backtrack terminal. Write
whois Microsoft.com
We can use tool called
smartwhois to
get same information.
We can use tool called
countrywhois to
get information about country of a domain.
We can use tool called lanwhois to get same information from who.is.
There is tool called alchemy eye to make
monitoring for
certain services in a target server. It can check the status of certain services on a server.
Use robots.txt file to know what is not allowed on the website. Eg
www.microsoft.com/robots.txt
To search site in google write eg, site:tedata.com filetype:pdf. You can search the following in google
Intitele: search in the title page
Inurl: search in the url page
Site: search on site
Link: other sites that links to our subject
Inanchor: search on hyperlinks
Filetype: search to see pattern yet
There is google hacking data base. You can find exploits in www.exploit-db.com
in ghdb section.
You can use sitedigger to get the dorks
of any
site.
You can use theHarvester to get the emails of certain domain. From the backtrack write for example,
#./theharvester.py –d Microsoft.com –l 500 –b google
You can search emails using the exploitation tools in back track. Type in the command line msfconsole
# msfconsole.
From the command msf, write
msf> search email
It will bring all modules that have emails. Take one module
Auxiliary /gather/ search_email_collector
Write
Msf> use Auxiliary /gather/ search_email_collector
Then write " info "
Msf> info
Then write " set DOMAIN Microsoft.com"
Msf> set DOMAIN Microsoft.com
Then write "run"
Msf> run
You can use Maltego tool. When you run the program, choose company stalker, write the name of the company ie Microsoft.com. It will brings the email of the domain. Take the domain Microsoft.com, then click run transform.
You can use piple search or facebook.
You can use the website truecaller website to find the person of certain phone number .
You can use metadata collector tools. Two tools used, metagofil, FOCA
Metagofil tool
is in backtrack. For example write
#/pentest/enumeration/google/metagoofilo
#./metagoofil.py –d Microsoft.com -t doc,pdf -l 200 –n 50 –o microsoftfiles –f results.com
It will bring many emails and other information.
You need to change downloader.py to be
Use foca to download files from certain servers.
Use traceroute, tracert to traceout the connections in certain server.
There is tool called tcptraceroute can bypass firewalls.
You can use geospider as tracert tool.
You can use trout tool.
You can use visual ip trace.
You can use
www.bing.com
to see all the web sites on the web server. Write the Ip and you will get all websites in the same server.
To know the type of web server, we use whatweb tool in linux.
#./whatweb www.microsoft.com
We can use httprecon tool for same purpose to know the type of web server.
We can use the site news.netcraft.com to get all information about web server.
We can use the telnet command to know the type of web server
# telnet 192.168.1.1 80
# GET / HTTP / 1.0
We can use netcat in linux to know the type of web server.
# nc –n 192.168.28.139 80
# GET / HTTP / 1.0
We can use the tool httrack and wget for mirroring websites. You can use them to download and save websites.
We can use in backtack THCSSLCheck tool
# wine THCSSLCheckwww.yahoo.com 443
Or use the tool sslscan
#sslscan www.cnn.com
To detect the load balancing, we use the tool lbd (load balance dector)
# ./lbd.sh www.yahoo.com
It will try to find whether it is load balancing server. It will find the type of server, whether dns or http. It will check the dns load balancing and the http load balancing. Then it will tell whether load balancing made by http or dns
You can detect the web application firewall. There is tool called wafw00f. The tool can detect some firewalls. Go to
waffit in
backtrack.
#./wafw00f.py www.contra.gr
Some websites can offer help in least time.Centralops.net can make service scan and network
whois and
domain whois and traceroute and find dns records. Other website
can do the same purpose: network-
tools.com and
serversniff.net and mrdns.com.
On firefox, add passiverecon addon and you can get from it all information about the web site you are browsing.