Tuesday, June 30, 2020

Top 16 Websites to Learn How to Hack Like a Pro 2018

  • Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
  • Hack Forums: Emphasis on white hat, with categories for hacking, coding and computer security.
  • Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
  • Black Hat: The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
  • The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
  • Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
  • Offensive Security Training: Developers of Kali Linux and Exploit DB, and the creators of the Metasploit Unleashed and Penetration Testing with Kali Linux course.
  • Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
  • Phrack Magazine: Digital hacking magazine.
  • KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
  • HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
  • DEFCON: Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as links and other details.
  • SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
  • NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
  • SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
  • Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.

Thursday, June 11, 2020

Fragroute


"fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour." read more...

Website: http://monkey.org/~dugsong/fragroute

Related links


  1. Hacking Jacket
  2. Hacking Tools
  3. Pentest As A Service
  4. Pentest Magazine
  5. Hacking Youtube
  6. Pentest Box
  7. Pentest Practice Sites
  8. Pentest Usb
  9. Hacking Books
  10. Hacking Growth
  11. Pentest Wordpress
  12. Hacking Health
  13. Hacking Growth
  14. Pentest Vpn
  15. Pentest Lab Setup
  16. Hacking Resources
  17. Pentest Wordpress
  18. Hacking To The Gate
  19. Pentest Report Generator

CEH: Gathering Host And Network Information | Scanning

Scanning

It is important that the information-gathering stage be as complete as possible to identify the best location and targets to scan. After the completion of  footprinting and information gathering methodologies, scanning is performed.
During scanning, the hacker has vision to get information about network an hosts which are connected to that network that can help hackers to determine which type of exploit to use in hacking a system precisely. Information such as an IP addresses, operating system, services, and installed applications.

Scanning is the methodology used to detect the system that are alive and respond on the network or not. Ethical hackers use these type of scanning to identify the IP address of target system. Scanning is also used to determine the availability of the system whether it is connected to the network or not.

Types Of Scanning 

Network ScanningIdentifies IP addresses on a given network or subnet
Port ScanningDetermines open, close, filtered and unfiltered ports and services
Vulnerability ScannerDetect the vulnerability on the target system

Port Scanning ​

Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. Each service or application on a machine is associated with a well-known port number. Port Numbers are divided into three ranges:
  • Well-Known Ports: 0-1023
  • Registered Ports: 1024-49151
  • Dynamic Ports: 49152-6553

Network Scanning

Network scanning is performed for the detection of active hosts on a network either you wanna attack them or as a network administrator. Network-scanning tools attempt to identify all the live or responding hosts on the network and their corresponding IP addresses. Hosts are identified by their individual IP addresses.

Vulnerability Scanning

This methodology is used to detect vulnerabilities of computer systems on a network. A vulnerability scanner typically identifies the operating system and version number, including applications that are installed. After that the scanner will try to detect vulnerabilities and weakness in the operating system. During the later attack phase, a hacker can exploit those weaknesses in order to gain access to the system. Moreover, the vulnerability scanner can be detected as well, because the scanner must interact over the network with target machine.

The CEH Scanning Methodology

As a CEH, you should understand the methodology about scanning presented in the figure below. Because this is the actual need of hackers to perform further attacks after the information about network and hosts which are connected to the network. It detects the vulnerabilities in the system bu which hackers can be accessible to that system by exploitation of that vulnerabilities.



Related links

FOOTPRITING AND INFORMATION GATHERING USED IN HACKING

WHAT IS FOOTPRITING AND INFORMATION GATHERING IN HACKING?

Footpriting is the technique used for gathering information about computer systems and the entities they belongs too. 
To get this information, a hacker might use various tools and technologies.

Basically it is the first step where hacker gather as much information as possible to find the way for cracking the whole system or target or atleast decide what types of attacks will be more suitable for the target.

Footpriting can be both passive and active.

Reviewing a company's website is an example of passive footprinting, 
whereas attempting to gain access to sensititve information through social engineering is an example of active information gathering.

During this phase hacking, a hacker can collect the following information>- Domain name
-IP Addresses
-Namespaces
-Employee information 
-Phone numbers
-E-mails 
Job information

Tip-You can use http://www.whois.com/ website to get detailed information about a domain name information including its owner,its registrar, date of registration, expiry, name servers owner's contact information etc.

Use of  Footprinting & Information Gathering in People Searching-
Now a days its very easy to find anyone with his/her full name in social media sites like Facebook, Instragram,Twitter,Linkdedin to gather information about date of birth,birthplace, real photos, education detail, hobbies, relationship status etc.

There are several sites like PIPL,PeekYou, Transport Sites such as mptransport,uptransport etc and Job placement Sites such as Shine.com,Naukari.com , Monster.com etc which are very useful for hacker to collect information about anyone.  
Hacker collect the information about you from your Resume which you uploaded on job placement site for seeking a job as well as  hacker collect the information from your vehicle number also from transport sites to know about the owner of vehicle, adderess etc then after they make plan how to attack on victim to earn money after know about him/her from collecting information.




INFORMATION GATHERING-It is the process of collecting the information from different places about any individual company,organization, server, ip address or person.
Most of the hacker spend his time in this process.

Information gathering plays a vital role for both investigating and attacking purposes.This is one of the best way to collect victim data and find the vulnerability and loopholes to get unauthorized modifications,deletion and unauthorized access.



More information


Parrot Security OS 4.7 Released With New Linux Kernel, Menu Structure, Tools Improvements And Many Changes


In Sep 18 2019, Parrot Security OS 4.7 has released, with many new following changes below.

Latest Linux 5.2.x series
   The new ISO files of Parrot 4.7 are being released only now, but we were the first Debian derivative distribution to introduce Linux 5.1 and 5.2 to all our users, and now ParrotSec team is ready to offer it also with our ISO files rebild cycle to support more devices and integrate all the latest linux features from the beginning.

New sandbox behavior (opt-in rather than opt-out)
   Sandboxing is a great thing, and ParrotSec team was in the first line when they introduced our custom Firejail and AppArmor solution for the first time many years ago. We still want to improve such feature and ParrotSec team has a whole team dedicated to improve sandboxing and hardening of the Parrot Security OS system, but ParrotSec team had to face the many users with issues caused by the restrictions of our sandbox.

   In Parrot Security OS 4.7 the sandbox is disabled by default, and users can decide wether to start an application sandboxed or not. You can easily start the sandboxed version of an installed program from the /sandbox/ folder or from a dedicated menu that ParrotSec team plans to improve in the future (meanwhile the search feature of the bottom menu will fit all your needs), or you can re-enable it by default by using the firecfg tool.

New menu structure and tools improvements
   The pentesting menu structure was refactored and re-designed to make tools easier to access in a more logical hierarchical structure. New tools were also added to the project, and ParrotSec team plans to add even more in the future. Not all of them are going to be pre-installed, but a good set of tools in our repository enables pentesters to build up the perfect pentest system for their specific needs, regardless the default package selection picked by ParrotSec team.

Domain changes
   To reflect the neutrality of a distro that started as a pentest-only system and became more general purpose later with Parro Home, the community voted through a democratic process to switch to parrotlinux.org as the new default domain of the project.

   ParrotSec team will still use ParrotSec.org for other things (included the old email addresses), and they introduced other project domains to handle specific parts of the infrastructure.

Repository changes
   ParrotSec team is preparing to integrate a future LTS branch, so they decided to rename the current repository from stable to rolling. Nothing changes for the end user, and the current Parrot Security OS branch will continue to behave the same as before, but now with a different name to better reflect the rolling release nature of the system, waiting for the LTS edition to join the Parrot Security OS family along side the rolling branch in a similar way OpenSUSE does.

New MATE 1.22 release: Parrot Security OS 4.7 ships with the latest MATE 1.22 desktop environment.

Miscellaneous: New Firefox Browser 69, the latest Radare2 and cutter versions and many other important upgrades are all aboard as expected in a properly developed rolling release distro.

How to upgrade to the lastest Parrot Security OS version
   You can update your existing Parrot Security OS system with this command:
sudo parrot-upgrade

   Or use the raw apt command
sudo apt update
sudo apt full-upgrade


   Don't forget to use this command regularly (at least once a week) to receive the latest security updates and bugfixes from the Parrot Security OS repository.

   Or you can download the latest release from official download page.

Read more

Wednesday, June 10, 2020

Practical Bleichenbacher Attacks On IPsec IKE

We found out that reusing a key pair across different versions and modes of IPsec IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers. These vulnerabilities existed in implementations by Cisco, Huawei, and others.

This week at the USENIX Security conference, I will present our research paper on IPsec attacks: The Dangers of Key Reuse: Practical Attacks on IPsec IKE written by Martin Grothe, Jörg Schwenk, and me from Ruhr University Bochum as well as Adam Czubak and Marcin Szymanek from the University of Opole [alternative link to the paper]. This blog post is intended for people who like to get a comprehensive summary of our findings rather than to read a long research paper.

IPsec and Internet Key Exchange (IKE)

IPsec enables cryptographic protection of IP packets. It is commonly used to build VPNs (Virtual Private Networks). For key establishment, the IKE protocol is used. IKE exists in two versions, each with different modes, different phases, several authentication methods, and configuration options. Therefore, IKE is one of the most complex cryptographic protocols in use.

In version 1 of IKE (IKEv1), four authentication methods are available for Phase 1, in which initial authenticated keying material is established: Two public key encryption based methods, one signature based method, and a PSK (Pre-Shared Key) based method.

Attacks on IKE implementations

With our attacks we can impersonate an IKE device: If the attack is successful, we share a set of (falsely) authenticated symmetric keys with the victim device, and can successfully complete the handshake – this holds for both IKEv1 and IKEv2. The attacks are based on Bleichenbacher oracles in the IKEv1 implementations of four large network equipment manufacturers: Cisco, Huawei, Clavister, and ZyXEL. These Bleichenbacher oracles can also be used to forge digital signatures, which breaks the signature based IKEv1 and IKEv2 variants. Those who are unfamiliar with Bleichenbacher attacks may read this post by our colleague Juraj Somorovsky for an explanation.

The affected hardware test devices by Huawei, Cisco, and ZyXEL in our network lab.

We show that the strength of these oracles is sufficient to break all handshake variants in IKEv1 and IKEv2 (except those based on PSKs) when given access to powerful network equipment. We furthermore demonstrate that key reuse across protocols as implemented in certain network equipment carries high security risks.

We additionally show that both PSK based modes can be broken with an offline dictionary attack if the PSK has low entropy. Such an attack was previously only documented for one of those modes (edit: see this comment). We thus show attacks against all authentication modes in both IKEv1 and IKEv2 under reasonable assumptions.

The relationship between IKEv1 Phase 1, Phase 2, and IPsec ESP. Multiple simultaneous Phase 2 connections can be established from a single Phase 1 connection. Grey parts are encrypted, either with IKE derived keys (light grey) or with IPsec keys (dark grey). The numbers at the curly brackets denote the number of messages to be exchanged in the protocol.

Where's the bug?

The public key encryption (PKE) based authentication mode of IKE requires that both parties exchanged their public keys securely beforehand (e. g. with certificates during an earlier handshake with signature based authentication). RFC 2409 advertises this mode of authentication with a plausibly deniable exchange to raise the privacy level. In this mode, messages three and four of the handshake exchange encrypted nonces and identities. They are encrypted using the public key of the respective other party. The encoding format for the ciphertexts is PKCS #1 v1.5.

Bleichenbacher attacks are adaptive chosen ciphertext attacks against RSA-PKCS #1 v1.5. Though the attack has been known for two decades, it is a common pitfall for developers. The mandatory use of PKCS #1 v1.5 in the PKE authentication methods raised suspicion of whether implementations resist Bleichenbacher attacks.

PKE authentication is available and fully functional in Cisco's IOS operating system. In Clavister's cOS and ZyXEL's ZyWALL USG devices, PKE is not officially available. There is no documentation and no configuration option for it and it is therefore not fully functional. Nevertheless, these implementations processed messages using PKE authentication in our tests.

Huawei implements a revised mode of the PKE mode mentioned in the RFC that saves one private key operation per peer (we call it RPKE mode). It is available in certain Huawei devices including the Secospace USG2000 series.

We were able to confirm the existence of Bleichenbacher oracles in all these implementations. Here are the CVE entries and security advisories by the vendors (I will add links once they are available):
On an abstract level, these oracles work as follows: If we replace the ciphertext of the nonce in the third handshake message with a modified RSA ciphertext, the responder will either indicate an error (Cisco, Clavister, and ZyXEL) or silently abort (Huawei) if the ciphertext is not PKCS #1 v1.5 compliant. Otherwise, the responder continues with the fourth message (Cisco and Huawei) or return an error notification with a different message (Clavister and ZyXEL) if the ciphertext is in fact PKCS #1 v1.5 compliant. Each time we learn that the ciphertext was valid, we can advance the Bleichenbacher attack one more step.

A Bleichenbacher Attack Against PKE

If a Bleichenbacher oracle is discovered in a TLS implementation, then TLS-RSA is broken since one can compute the Premaster Secret and the TLS session keys without any time limit on the usage of the oracle. For IKEv1, the situation is more difficult: Even if there is a strong Bleichenbacher oracle in PKE and RPKE mode, our attack must succeed within the lifetime of the IKEv1 Phase 1 session, since a Diffie-Hellman key exchange during the handshake provides an additional layer of security that is not present in TLS-RSA. For example, for Cisco this time limit is currently fixed to 60 seconds for IKEv1 and 240 seconds for IKEv2.

To phrase it differently: In TLS-RSA, a Bleichenbacher oracle allows to perform an ex post attack to break the confidentiality of the TLS session later on, whereas in IKEv1 a Bleichenbacher oracle only can be used to perform an online attack to impersonate one of the two parties in real time.

Bleichenbacher attack against IKEv1 PKE based authentication.

The figure above depicts a direct attack on IKEv1 PKE:
  1. The attackers initiate an IKEv1 PKE based key exchange with Responder A and adhere to the protocol until receiving the fourth message. They extract the encrypted nonce from this message, and record the other public values of the handshake.
  2. The attackers keep the IKE handshake with Responder A alive as long as the responder allows. For Cisco and ZyXEL we know that handshakes are cancelled after 60 seconds, Clavister and Huawei do so after 30 seconds.
  3. The attackers initiate several parallel PKE based key exchanges to Responder B.
    • In each of these exchanges, they send and receive the first two messages according to the protocol specifications.
    • In the third message, they include a modified version of the encrypted nonce according to the the Bleichenbacher attack methodology.
    • They wait until they receive an answer or they can reliably determine that this message will not be sent (timeout or reception of a repeated second handshake message).
  4. After receiving enough answers from Responder B, the attackers can compute the plaintext of the nonce.
  5. The attackers now have all the information to complete the key derivation and the handshake. They thus can impersonate Responder B to Responder A.

Key Reuse

Maintaining individual keys and key pairs for each protocol version, mode, and authentication method of IKE is difficult to achieve in practice. It is oftentimes simply not supported by implementations. This is the case with the implementations by Clavister and ZyXEL, for example. Thus, it is common practice to have only one RSA key pair for the whole IKE protocol family. The actual security of the protocol family in this case crucially depends on its cross-ciphersuite and cross-version security. In fact, our Huawei test device reuses its RSA key pair even for SSH host identification, which further exposes this key pair.

A Cross-Protocol Version Attack with Digital Signature Based Authentication

Signature Forgery Using Bleichenbacher's Attack

It is well known that in the case of RSA, performing a decryption and creating a signature is mathematically the same operation. Bleichenbacher's original paper already mentioned that the attack could also be used to forge signatures over attacker-chosen data. In two papers that my colleagues at our chair have published, this has been exploited for attacks on XML-based Web Services, TLS 1.3, and Google's QUIC protocol. The ROBOT paper used this attack to forge a signature from Facebook's web servers as proof of exploitability.

IKEv2 With Digital Signatures

Digital signature based authentication is supported by both IKEv1 and IKEv2. We focus here on IKEv2 because on Cisco routers, an IKEv2 handshake may take up to four minutes. This more relaxed timer compared to IKEv1 makes it an interesting attack target.

I promised that this blogpost will only give a comprehensive summary, therefore I am skipping all the details about IKEv2 here. It is enough to know that the structure of IKEv2 is fundamentally different from IKEv1.

If you're familiar with IT-security, then you will believe me that if digital signatures are used for authentication, it is not particularly good if an attacker can get a signature over attacker chosen data. We managed to develop an attack that exploits an IKEv1 Bleichenbacher oracle at some peer A to get a signature that can be used to break the IKEv2 authentication at another peer B. This requires that peer A reuses its key pair for IKEv2 also for IKEv1. For the details, please read our paper [alternative link to the paper].

Evaluation and Results

For testing the attack, we used a Cisco ASR 1001-X router running IOS XE in version 03.16.02.S with IOS version 15.5(3)S2. Unfortunately, Cisco's implementation is not optimized for throughput. From our observations we assume that all cryptographic calculations for IKE are done by the device's CPU despite it having a hardware accelerator for cryptography. One can easily overload the device's CPU for several seconds with a standard PC bursting handshake messages, even with the default limit for concurrent handshakes. And even if the CPU load is kept below 100 %, we nevertheless observed packet loss.

For the decryption attack on Cisco's IKEv1 responder, we need to finish the Bleichenbacher attack in 60 seconds. If the public key of our ASR 1001-X router is 1024 bits long, we measured an average of 850 responses to Bleichenbacher requests per second. Therefore, an attack must succeed with at most 51,000 Bleichenbacher requests.

But another limit is the management of Security Associations (SAs). There is a global limit of 900 Phase 1 SAs under negotiation per Cisco device in the default configuration. If this number is exceeded, one is blocked. Thus, one cannot start individual handshakes for each Bleichenbacher request to issue. Instead, SAs have to be reused as long as their error counter allows. Furthermore, establishing SAs with Cisco IOS is really slow. During the attack, the negotiations in the first two messages of IKEv1 require more time than the actual Bleichenbacher attack.

We managed to perform a successful decryption attack against our ASR 1001-X router with approximately 19,000 Bleichenbacher requests. However, due to the necessary SA negotiations, the attack took 13 minutes.

For the statistics and for the attack evaluation of digital signature forgery, we used a simulator with an oracle that behaves exactly as the ones by Cisco, Clavister, and ZyXEL. We found that about 26% of attacks against IKEv1 could be successful based on the cryptographic performance of our Cisco device. For digital signature forgery, about 22% of attacks could be successful under the same assumptions.

Note that (without a patched IOS), only non-cryptographic performance issues prevented a succesful attack on our Cisco device. There might be faster devices that do not suffer from this. Also note that a too slow Bleichenbacher attack does not permanently lock out attackers. If a timeout occurs, they can just start over with a new attack using fresh values hoping to require fewer requests. If the victim has deployed multiple responders sharing one key pair (e. g. for load balancing), this could also be leveraged to speed up an attack.

Responsible Disclosure

We reported our findings to Cisco, Huawei, Clavister, and ZyXEL. Cisco published fixes with IOS XE versions 16.3.6, 16.6.3, and 16.7.1. They further informed us that the PKE mode will be removed with the next major release.

Huawei published firmware version V300R001C10SPH702 for the Secospace USG2000 series that removes the Bleichenbacher oracle and the crash bugs we identified. Customers who use other affected Huawei devices will be contacted directly by their support team as part of a need-to-know strategy.

Clavister removed the vulnerable authentication method with cOS version 12.00.09. ZyXEL responded that our ZyWALL USG 100 test device is from a legacy model series that is end-of-support. Therefore, these devices will not receive a fix. For the successor models, the patched firmware version ZLD 4.32 (Release Notes) is available.

FAQs

  • Why don't you have a cool name for this attack?
    The attack itself already has a name, it's Bleichenbacher's attack. We just show how Bleichenbacher attacks can be applied to IKE and how they can break the protocol's security. So, if you like, call it IPsec-Bleichenbacher or IKE-Bleichenbacher.
  • Do you have a logo for the attack?
    No.
  • My machine was running a vulnerable firmware. Have I been attacked?
    We have no indication that the attack was ever used in the wild. However, if you are still concerned, check your logs. The attack is not silent. If your machine was used for a Bleichenbacher attack, there should be many log entries about decryption errors. If your machine was the one that got tricked (Responder A in our figures), then you could probably find log entries about unfinished handshake attempts.
  • Where can I learn more?
    First of all, you can read the paper [alternative link to the paper]. Second, you can watch the presentation, either live at the conference or later on this page.
  • What else does the paper contain?
    The paper contains a lot more details than this blogpost. It explains all authentication methods including IKEv2 and it gives message flow diagrams of the protocols. There, we describe a variant of the attack that uses the Bleichenbacher oracles to forge signatures to target IKEv2. Furthermore, we describe the quirks of Huawei's implementation including crash bugs that could allow for Denial-of-Service attacks. Last but not least, it describes a dictionary attack against the PSK mode of authentication that is covered in a separate blogpost.

Media Coverage, Blogs, and more

English

German

More information
  1. Pentest Blog
  2. Pentest Companies
  3. Pentest Linux
  4. Pentest Services
  5. Hacking Typer
  6. Pentesting
  7. Pentest Dns
  8. Pentest Security
  9. Hacking Lab
  10. Pentest Framework
  11. Pentest Training

CEH: Gathering Host And Network Information | Scanning

Scanning

It is important that the information-gathering stage be as complete as possible to identify the best location and targets to scan. After the completion of  footprinting and information gathering methodologies, scanning is performed.
During scanning, the hacker has vision to get information about network an hosts which are connected to that network that can help hackers to determine which type of exploit to use in hacking a system precisely. Information such as an IP addresses, operating system, services, and installed applications.

Scanning is the methodology used to detect the system that are alive and respond on the network or not. Ethical hackers use these type of scanning to identify the IP address of target system. Scanning is also used to determine the availability of the system whether it is connected to the network or not.

Types Of Scanning 

Network ScanningIdentifies IP addresses on a given network or subnet
Port ScanningDetermines open, close, filtered and unfiltered ports and services
Vulnerability ScannerDetect the vulnerability on the target system

Port Scanning ​

Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. Each service or application on a machine is associated with a well-known port number. Port Numbers are divided into three ranges:
  • Well-Known Ports: 0-1023
  • Registered Ports: 1024-49151
  • Dynamic Ports: 49152-6553

Network Scanning

Network scanning is performed for the detection of active hosts on a network either you wanna attack them or as a network administrator. Network-scanning tools attempt to identify all the live or responding hosts on the network and their corresponding IP addresses. Hosts are identified by their individual IP addresses.

Vulnerability Scanning

This methodology is used to detect vulnerabilities of computer systems on a network. A vulnerability scanner typically identifies the operating system and version number, including applications that are installed. After that the scanner will try to detect vulnerabilities and weakness in the operating system. During the later attack phase, a hacker can exploit those weaknesses in order to gain access to the system. Moreover, the vulnerability scanner can be detected as well, because the scanner must interact over the network with target machine.

The CEH Scanning Methodology

As a CEH, you should understand the methodology about scanning presented in the figure below. Because this is the actual need of hackers to perform further attacks after the information about network and hosts which are connected to the network. It detects the vulnerabilities in the system bu which hackers can be accessible to that system by exploitation of that vulnerabilities.



Related news
  1. Hacking Hardware
  2. Hacking Software
  3. Pentest Vpn
  4. Hacker
  5. Pentest Nmap
  6. Pentest Wordpress
  7. Pentest Firewall
  8. Pentest Report
  9. Pentest Os
  10. Pentest Security
  11. Is Hacking Illegal
  12. Hacking Site
  13. Hacking Tutorials
  14. Hacking With Linux
  15. Pentest Windows 7
  16. Pentest Partners
  17. Pentest Android App

TERMINOLOGIES OF ETHICAL HACKING

What is the terminologies in ethical hacking?

Here are a few key terms that you will hear in discussion about hackers and what they do:


1-Backdoor-A secret pathway a hacker uses to gain entry to a computer system.


2-Adware-It is the softw-are designed to force pre-chosen ads to display on your system.


3-Attack-That action performs by a attacker on a system to gain unauthorized access.


4-Buffer Overflow-It is the process of attack where the hacker delivers malicious commands to a system by overrunning an application buffer.


5-Denial-of-Service attack (DOS)-A attack designed to cripple the victim's system by preventing it from handling its normal traffic,usally by flooding it with false traffic.


6-Email Warm-A virus-laden script or mini-program sent to an unsuspecting victim through a normal-looking email message.


7-Bruteforce Attack-It is an automated and simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords,again & again until it gets in from bruteforce dictionary.


8-Root Access-The highest level of access to a computer system,which can give them complete control over the system.


9-Root Kit-A set of tools used by an intruder to expand and disguise his control of the system.It is the stealthy type of software used for gain access to a computer system.


10-Session Hijacking- When a hacker is able to insert malicious data packets right into an actual data transmission over the internet connection.


11-Phreaker-Phreakers are considered the original computer hackers who break into the telephone network illegally, typically to make free longdistance phone calls or to tap lines.


12-Trojan Horse-It is a malicious program that tricks the computer user into opening it.There designed with an intention to destroy files,alter information,steal password or other information.


13-Virus-It is piece of code or malicious program which is capable of copying itself has a detrimental effect such as corrupting the system od destroying data. Antivirus is used to protect the system from viruses.


14-Worms-It is a self reflicating virus that does not alter  files but resides in the active memory and duplicate itself.


15-Vulnerability-It is a weakness which allows a hacker to compromise the security of a computer or network system to gain unauthorized access.


16-Threat-A threat is a possible danger that can exploit an existing bug or vulnerability to comprise the security of a computer or network system. Threat is of two types-physical & non physical.


17-Cross-site Scripting-(XSS) It is a type of computer security vulnerability found in web application.It enables attacker to inject client side script into web pages viwed by other users.


18-Botnet-It is also known as Zombie Army is a group of computers controlled without their owner's knowledge.It is used to send spam or make denial of service attacks.


19-Bot- A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a period than a human operator could do it.Example-Sending HTTP, FTP oe Telnet at a higer rate or calling script to creat objects at a higher rate.


20-Firewall-It is a designed to keep unwanted intruder outside a computer system or network for safe communication b/w system and users on the inside of the firewall.


21-Spam-A spam is unsolicited email or junk email sent to a large numbers of receipients without their consent.


22-Zombie Drone-It is defined as a hi-jacked computer that is being used anonymously as a soldier or drone for malicious activity.ExDistributing Unwanted Spam Emails.


23-Logic Bomb-It is a type of virus upload in to a system that triggers a malicious action when certain conditions are met.The most common version is Time Bomb.


24-Shrink Wrap code-The process of attack for exploiting the holes in unpatched or poorly configured software.


25-Malware-It is an umbrella term used to refer a variety of intrusive software, including computer viruses,worms,Trojan Horses,Ransomeware,spyware,adware, scareware and other malicious program.


Follow me on instagram-anoymous_adi

Related posts
  1. Hacking Games
  2. Hacker Box
  3. Pentest With Metasploit
  4. Hacking Games
  5. Hacking Software
  6. Pentest+ Vs Oscp
  7. Pentest Example Report
  8. Pentest Checklist
  9. Pentest Box
  10. Hacker Anonymous
  11. What Hacking Is
  12. Hacking Images
  13. Pentest Kit
  14. Pentest Ubuntu
  15. Pentest Uk
  16. Hacking Browser
  17. Hacking Growth

Tuesday, June 9, 2020

Remot3d - An Easy Way To Exploiting

Related articles

  1. Hacking The System
  2. Hacking Typer
  3. Pentest Android App
  4. Hacking Games Online
  5. Pentest Vs Ethical Hacking
  6. Pentest Report

Top 10 Great Gifts For The Hacker In Your Life

Give gifts this holiday season that inspires your favorite hackers to make something great. Our ten top picks for gifts to make 'em smile are perfect for hackers of all styles, ages, and interests.
Holiday gift guides always struggle when faced with nailing down a list for hackers — that's because hackers are as diverse in their interests and fascinations as they are diverse in gender, color, size and everything else. Someone with a multi-focused set of curiosity and unique gifts for finding out what makes the crackable crack may seem like a daunting individual to stuff a stocking for … but don't fret. With a keen eye on the latest interests in hacker culture, we've got a gift guide that can make the hacker in your life smile as they enjoy using your gift to hack and explore throughout the coming year.
The Onion Pi-Iemhacker
Anonymity online: The Onion Pi
One of the most popular "snake oil" (fake) privacy gadgets is the so-called "Tor in a box" — a plug-and-play gadget that promises to make you anonymous online. Nearly all of these are made by clueless charlatans whose products put you at risk for privacy and security breaches. But your favorite hacker can just make or build an "Onion Pi" for $69.95, and with this free tutorial.

Attribution Dice
With Attribution Dice ($20), anyone can be a high-priced security consultant, and predict breach headlines before PR firms have a chance to feed them to reporters! With every security breach, hackers roll their eyes when headlines and PR firms roll out the same old, same old terms, methods and culprits. Instead of rolling eyes, your hacker can roll the dice, and wow friends, family, and neighbors with their hacker cyber-powers.
21 Bitcoin Computer
Money is always a welcome gift. Give the gift of going hands-on with Bitcoin with the 21 Bitcoin Computer. "The 21 Bitcoin Computer is ideal for buying and selling digital goods and services. You can use it to create bitcoin-payable APIs, set up your own personal digital goods store, pay people to share your content online, or host online games of skill." It's not cheap ($395) and comes with controversy, but it's a cool toy with a lot of potential, and 21 Inc. is going to be releasing an open source package for the device soon.
Gentleman's Bogota Lockpicks and Clear Practice Lock
Iemhacker-hacking-tutorial
Conventional wisdom suggests that all hackers know how to pick locks, but can they do it in style? A perfect stocking stuffer for slick hackers of all genders is the Gentleman's Bogota lockpick set ($34.95). These featherweights pin discreetly to a collar, hat, sleeve, vest, hemline, or wherever they choose. If the hacker you're shopping for wants to learn to lockpick, or just brush up on technique, throw in the clever Clear Practice Lock ($34.95).
Inverse Path USB Armory
Iemhacker-hacking-news-tutorial-hackernews
In this reviewer's opinion, every hacker should have a USB Armory in their stocking this year. The Inverse Path USB Armory ($130) is a little USB stick with an entire computer onboard (800MHz ARM processor, 512MB RAM), designed to be a portable platform for personal security applications — and lives up to its reputation as "the Swiss Army Knife of security devices."
Hack-A-Day Gift Card
The cornerstone of hacker culture Hack-A-Day has a store offering gift cards and merchandise a-plenty. In it, you'll find a Bukito portable 3D printer ($899.97), ever-popular Facedancer21 and Gootfet42, a low energy Bluetooth Arduino microcontroller called the Lightblue Bean, and the pocket-sized open source robot arm, Mearm.
Hackers 20th Anniversary Blu-Ray Edition
Hack the planet! The 20th anniversary of influential 1995 cyberpunk film "Hackers" was this year, and this cult classic got a special edition Blu-ray release, making it the must-have for the hackers in your life. The 20th anniversary "Hackers" Blu-ray features an hour-long "making of" documentary, rich video and audio transfer for the film itself, and interviews with: Cast members Matthew Lillard, Fisher Stevens, and Penn Jillette; hacking consultants Nicholas Jarecki and Emmanuel Goldstein; Director Iain Softley, and many more involved with the film's production and style.
A Hacker's hope for better sleep: The Re-Timer
Iemhacker-Top-10-Great-gifts-For-hackers
Hackers are increasingly hacking themselves to make their own systems run better, and one thing hackers struggle with is their sleep cycles and feeling rested. Something that can help out is the Re-Timer ($299), a retro-future looking set of glasses and kit that adjusts the circadian rhythm and suppresses the body's production of melatonin (the sleepy hormone our bodies produce which makes us feel tired). Based on 25 years of research and on the market worldwide for three years, the Re-Timer has its own jet lag calculator app, as well as its Sleep App for Fitbit that makes a customized schedule based on actual sleep tracked.
USB Rubber Ducky Deluxe and LAN Turtle
Iemhacker-USB-Rubber-ducky-delux-LAN-turtle
A longtime favorite with hackers, penetration testers and IT professionals, the USB Rubber Ducky Deluxe ($42.99)is a cross-platform (Windows, Mac, Linux, Android) testing and experimentation device that is detected as a keyboard — imagine the possibilities. This stocking stuffer pairs well with its animal friend LAN Turtle ($50), a covert sysadmin and pentest tool for remote access, network intel gathering, and man-in-the-middle monitoring through a simple graphic shell (all in a generic USB ethernet adapter case).
TechShop Gift Certificate
Iemhacker-Top-10-gifts-for-the-hacker
Give the gift of hacking and making: A gift certificate to a TechShop. "Part fabrication and prototyping studio, part hackerspace, and part learning center, TechShop provides access to over $1 million worth of professional equipment and software. We offer comprehensive instruction and expert staff to ensure you have a safe, meaningful and rewarding experience." There are TechShops in Arizona, California, Michigan, Missouri, Pennsylvania, Texas, and Virginia/Washington, D.C. (some states have multiple locations). Future locations include St. Louis, MO and Paris, France.
Products to avoid
If you see these products, run! You're better off with a lump of coal. Don't waste precious holiday money on "snake oil" privacy and security products like these:
  • Anonabox
  • Wemagin
  • Webcloak
  • iGuardian (now SHIELD)
  • LogMeOnce
  • Sever: The Anti-Villain Box
Related articles