TOP 14 TOOLS THAT ETHICAL HACKER MUST HAVE !!!

Here is the List of tools that ethical HACKER must have a range of systems. These tools  are basically to reveal information which further results in a specific attacks on a given system. To locate weaknesses or error in a target system to gain as muchas information as possible about that network.

These tools Contains vulnerability scanning,  real exploits, Denial of Service, buffer overflow attacks and a wide range of networking integrated advanced utilities to perform such tests.

 .

.

Tools that ethical HACKER must have :

 .

1 – Nmap:

Nmap is used to scan addresses (IPV6 included), This tool is developed to gather a massive amount of information about the victim. It can scan open ports and much more.

This tool includes various scanning techniques e.g TCP connect(), UDP, TCP SYN (half open), Null scan, ACK sweep, Xmas Tree, FIN,  ICMP (ping sweep), ftp proxy (bounce attack), TCP SYN (half open),  IP Protocol, ICMP (ping sweep) and SYN sweep.

 .

2 – Wireshark:

This is very powerful tool for analysis and network troubleshooting. Wireshark is capable to view data from Live networking. It support media formats and hundreds of protocols. It is also used for development and education. Most Unix vendors and Linux supply their own Wireshark packages.

 .

3 – Cain & Able:

This tool is proven it’s self revolutionary in cyber mafia. It is capable of cracking passwords, several password retrieval jobs, routing/analyzing protocols and sniffing networks. Unlikly most of the tools it is just windows-only and is a twist to forensic tools & modern penetration testing.

 .

.

4 – MetaSploit:

MetaSploit is powerful network analysis and security tool. It is mostly used for penetration attacks because of it’s easily gathering information of victim and clean-interfacing technique.

 .

5 – Ettercap:

It is used for Man in the middle attack (MITM), these attacks are on Local area networks. It sniffs live connections & also got content filtering techniques. It has many features of host analysis and networking while it supports both active and passive dissections of various protocols.

 .

6 – Nessus:

This Tool provides vulnerability analysis of networks, asset profiling, high-speed data discovery and configuration auditing.

 .

7 – Havij:

Havij is most used testing tool for SQL injection and many other injections. It has features of database retrieval,  site’s scanning, password cracking and admin look-up. Basic purpose of it is to find  vulnerable websites and  breeze to hack.

.

8 – Kismet:

Kismet is 802.11 layer2 sniffer, wireless network detector and intrusion detection system. It supports every wireless card and can work with any appropriate hardware  on raw monitoring (rfmon) mode. Kismet supports plugin that can sniff media such as DECT. It can sniff  802.11a, 802.11n,  802.11b, sniff802.11g and traffic.

 .

9 – BackTrack Linux:

Backtrack is most popular and widely used tool bootable on CD of Linux Distro. It has got a large variety of penetration testing tools, VOIP networks, network attacks and many more testing/attacking of websites and systems. This tool is most user friendly because of its helpful and useful layout.

.

 .

10 – W3af:

W3af also known as web-focused Metasploit is an extremely flexible, popular, powerful & framework for finding vulnerabilities in exploiting web application. It’s vast features got dozens of exploitation and web assessment plugins.

 .

11 – Encase:

EnCase is computer forensics software mostly used by law enforcement agencies. Because of it’s vast usage and popularity it is forensics in a  a de-facto standard. This tool is being made to gather data from a computer in a forensically sound manner.

 .

12 – Helix:

Helix is bootable Ubuntu CD which contains multiple tools involving file systems, images, cellphones, computers & tied in to sheer power, it is very user friendly.

 .

13 – Acunetix:

Acunetix is Strong tool in website security purpose. It has variety of features for testing a website for various injections. Acunetix WVS basically checks the vulnerabilities of website, either XSS, SQL or other Injection are possible or not.

 .

14 – Burp Suite:

This tool is designed for performing testing regarding security of web applications. It  is an integrated platform and got various tools working togather to make a complete testing process. This tools is also used for exploiting security vulnerabilities & analysis of application attack surface from initial mapping.

.

.

The Penetration Test Process

• Discovery: The process Penetration tests is a Discovery in variety of techniques e.g  scan utilities, databases, Google data & much more to get as much information about the target as possible. These discoveries are basically to reveal sensitive information which further results in a specific attacks on a given system.

• Enumeration: After discovery of systems and specific networks the next step is to gain as much as information as possible about that network. The diffrence b/w Discovery & Enumeration depends upon state of intrusion. Enumeration task is to get reletive information about username while software and hardware version information are also obtained form it.

• Vulnerability Identification: This is most important step in penetration testing. In vulnerability identification you have to locate the week spot of target system. To locate weaknesses or error in a target system is must needed because after that you will get to know where to launch an attack.

• Exploitation and Launching of Attacks: After vulnerability has been located and you have identified the target’s weekspot now it is possible to launch the exploits. The main purpose of launching exploits is to get full access on victims’s system.

• Denial of Service: This term is known as dDos (Denial of Service). This is used to check the stability of the systems either it is crashed or not. It is good habit to check the strenght or stability of a system, before the real environment attack is being made.

Reporting: This is just for educational purpose. Now after you have completed penetration test it is recomended to get user customized  for technical overview, This includes detailed recommendations, executive summary, identified vulnerabilities & other security ID numbers. These reports may be in various forms i.e pdf, html, xml etc. while every report must be modified by user’s choice.

Read More

How to hack Wifi | WPA Wifi Password Hacking In BackTrack

Hacking WPA Wifi Password In BackTrack

Hellow guys today i will show you a quick 

tuto on how to hack Wpa password using backtrack so things we need are

Requirement:

1) A PC installed with Linux Backtrack 5
   Working Wireless LAN Card Installed 

                   (Very Important Part)

You must have Huge Updated Dictionary File with password (Google It)
Goto any wifi hotspot, and crack it..;)

 Let's start

Step 1:
Type this command  to check available Wlan adapters.

Code:

airmon-ng

The output should be like below



Now there is  only one wireless interface wlan0

Step 2:

Now lets try to start the airmon service on the interface that we have just found in Step 1. Run the give command

Code:

airmon-ng start wlan0

Ignore the errors mentioned above in my case it did not create any trouble for me but you might want to kill the conflicting services if results are different then mine. By second step we have started the service/monitor on WLAN0 now we should have additional monitoring interface on the system. You can check if a new interface mon0 is added on your system or not by using command ifconfig else try the step 3

Step 3:

You will see another interface mon0 on your system by using command ifconfig or you can the same command we did on Step 1



OVer here we can  see the new monitoring interface mon0

Step 4:

A good hacker is always suppose to leave no trace back of his break-in.If you run the command ifconfig and notice you will find that the monitoring interface mon0 and Wireless interface Wlan0 are sharing the same MAC address. In actual mon0 is sharing the same mac address as Wlan0.



Now we have to put a fake mac address on the monitoring interface to leave no trace.Lets make the mon0 interface down by running the command

Code:

ifconfig mon0 down

Now  lets change the MAC address of mon0 interface by running the below command

Code:

macchanger –m 00:11:22:33:44:55 mon0

The output actually shows the old and new Fake mac address.Now since we have changed the MAC address on MON0 lets bring the interface back up again using the below command

Code:

ifconfig mon0 up

Now just to be sure lets run the same command ‘ifconfig’ that we have already used earlier above in Step 4

Code:

ifconfig

Here we can see we have sucessfully changed the MAC address for our monitoring interface mon0

Step 5:

Lets start dumping the available wireless information. run the below command

Code:

airodump-ng mon0

Here my Victim router ESSID is AndroidHotSpot. The information that I need from here is
BSSID MAC details: D0:C1: B1:5B:AC:33
CHANNEL: 6

Step 6:

By now we have identified our victim its time to further narrow down this network. We need to know how many workstation/terminal connected to this wireless. Run this command with your network information that you obtained in Step 5:

Code:

airodump-ng –c 6 –w crackwpa –bssid 02:1A:11:FE:A4:CE

Here I can see that one client having mac address highlighed in green is connected to this hotspot. To find the password either you need to be patient to wait another client connect to this hotspot but time is money lets force this client to reconnect and make the handshake auth with the server so that we can take the packets

NOte

             Keep this ssh session close and open another terminal for Step 7. Do not close the existing session
Step 7:

Lets force the already connected session to make a auth handshake again
Run the given below command in the new terminal session

Code:

aireplay-ng –0 –4 –a  MAC-ADDR-OF-ROUTER –c MAC-ADDR-OF-CLIENT mon0

Final Step:
Now finally we have all the dump saved in the working directory we just need to crack the packet capture using dictionary file. Run the below command

Code:

aircrack-ng crackwpa-01.cap –w list

** crackwpa-01.cap is the filename of the capture packet

** list if the my dictionary file name

I hope that u guys have enjoyed the tutorial and let me know if it works for you 

Read More

Fern wifi Cracker- A Wireless Penetration Testing Tool

Fern wifi Cracker- A Wireless Penetration Testing Tool 

 WiFi is now become the way for short distance Internet, for long distance we have WiMAX standard but WiFi is very important because you can find WiFi hot-spot everywhere like at the airport, coffee shop and at the educational places. There are so many people out there who are using WiFi at there home and at offices. Cracking a WiFi connection is a essential part of wardriving but for penetration tester and a ethical hacker WiFi or wireless network security is an important part. 

If you are doing a job as a IT security engineer and your task is to do a pen test on the wifi network. What tools are you going to use?

Operating system for this case is usually Linux or specially Ubuntu or backtrack, backtrack 5 contain different tools for WiFi cracking like aircrack-ng but in this article I will discuss something about Fern WiFi Cracker.

What Is Fern WiFi Cracker ?

Fern wifi cracker is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools. It can be run on any linux distribution like Fern wifi cracker is use in ubuntu or even you can use fern wifi cracker in windows but you must have some dependencies to run fern wifi cracker on windows.

Requirements of Fern wifi Cracker:

• python
• python-qt4
• macchanger
• aircrack-ng
• xterm
• subversion

Download Fern Wifi Cracker

 Fern wifi cracker can easily be install on ubuntu and backtrack, backbox,gnackbox and other distribution.

Fern wifi Cracker Tutorial

After downloading the file locate the directory and type. 

root@host:~# dpkg -i Fern-Wifi-Cracker_1.2_all.deb

Click the refresh button to display monitor interfaces:

Please Note, the scan button is a dual button, meaning, by clicking it the first time it scans for networks,then by clicking the button again, it stops any scan that was initialized (vise versa).

Fern wifi is a GUI and it can crack WEP and WPA as well.

please leave comments and like my facebook page if u like this tutorial it took lots of time to write this article

Read More