Posted on

Learn Ethical Hacking Episode #4: Basic Terminology (Continued)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. I’m going to continue from where I left off in the previous video. If you have not seen the previous tutorial, I strongly urge you to do so, as the two are closely interrelated. Anyway, previously, we’ve discussed some of these concepts such as DoS, RATS, Phishing, and so on. In this video we are going to cover SQL injections, VPNs, Proxies, TOR, VPS, and keyloggers. Each topic will receive it’s own video in the course where we will go into much greater depth discussing the concept.

For the time being, we have SQL injections, which are simply passing SQL queries to HTTP requests. If they are not properly formatted within the PHP code on the server side, this can present a serious problem. This is always one of the primary considerations for all professional web developers. Later on in the course, I will demonstrate how you can use SQL injections and formulate them. There continue to be a large (mostly unmanaged) number of websites that are vulnerable to SQL injections, because the frameworks on which they are based are vulnerable as well.

Next up, we have virtual private networks, or VPNs. These are services that enable you to anonymize your activity online. Basically, you have a VPN provider somewhere, and if you want to anonymize yourself, you will route all of your traffic through this VPN provider. All of this traffic between you and the VPN provider will be heavily encrypted. So, any other server that is receiving requests from you, it is actually receiving them from the VPN provider. There is no real way of detecting you or finding your physical location unless the VPN provider actually gives it up, which doesn’t tend to happen if you pick the right one.

Down below we have proxies. Now, proxies are a less reliable way of staying anonymous, but you should always make it your common practice to use socks5 proxies. I will explain what these are, I will introduce them to you when we do proxy chains, and then I will explain to you how you can actually stay anonymous while conducting these sorts of activities. You can route your connection through several proxies, but you will soon come to realize that it doesn’t always work. In movies you will see people going through 10, 20 different proxies, but in reality that would be very difficult to implement. The average internet speed, and available bandwidth, simply would now allow it. Most of the free proxies available on the net are not very fast, and routing your connection through several of them will make it very difficult for you to do anything in a reasonable amount of time. There are of course paid proxies, but when you pay for a proxy you leave a digital footprint somewhere, so you can be traced.

Moving along we have TOR. TOR is absolutely free, open source, and it is much faster than using proxies. It’s not faster than VPNs, but it is faster than proxies. The TOR network gives you the ability to “torify” your applications, which in essence means simply routing traffic through certain routes, and using certain devices on the internet for your packets, for your connection to go through. It can be slow from time to time, it is not a 100% reliable, but you will be anonymous to a very large extent if you are using TOR. There are ways of detecting you, but they are highly unlikely to happen. 99.99% of the time you will be almost 100% anonymous. Also, you have the TOR browser which enables you to access the dark web, or the hidden web, whatever you wish to call it. Basically, these websites consist of .onion domains, and they are not indexed by any search engines, and they cannot be accessed by normal internet route, from the typical internet browsing perspective. If you do not have your internet connection configured in a proper way to connect to the TOR network, you will not be able to access any of the hidden web, or the dark net’s websites. I will show you how to access dark web and how to use it, as it has a vast amount of resources that are at your disposal.

Down below you have VPS, or virtual private servers. They can be viewed as an additional security layer. For example, if you have an Apache server running on your physical machine, you can have a virtual machine within that physical machine which will serve as a SQL server for that Apache server. This is done so that the SQL server cannot be accessed from the outside, and so you don’t have a SQL port open on your physical machine. So, only programs and users from that particular machine will be able to access the virtual machine where the SQL Server is. When I show the examples, when we get into it, you will understand it. Here I am just introducing you to the terminology and giving you an idea of what is to come.

We also have keyloggers, which are tools that are used to steal credentials. Not only credentials, but also used to extract information. If you manage to deploy a keylogger on a machine, you can configure it to record all keystrokes, and then to send them to a mail address, to an FTP server. Today, keyloggers are advanced to the extent that they have over hundred options or so, configurable to the fullest of extents, and you can do pretty much whatever you want with them. I mean, they have their basic functionalities still, the basic functionality is still there, to record the keystrokes. But, not only do they record keystrokes, for example, they can extract existing information as well. You can configure their behavior, the stealth level of the keylogger, how it will conceal itself, where it will go, where it will be installed, what sort of information you want to extract. Whether you want to monitor particular folders for activity and do you want to record it. Whether you want to configure them to take screenshots. You can configure them to use the camera on the device from which you have deployed a keylogger to take a picture every five minutes, or something like that. That wouldn’t be the brightest of ideas because obviously somebody would see that you are taking a picture, but those are just examples of what you can do with them. Later on we will actually download a genuine keylogger, install it, deploy it through the methods of deployment, and discuss how you can configure it as well. Although, you should be very careful from where you download your tools, such as keyloggers, remote administration tools, root kits, etc. You never want to download a un-compiled binary file that is not open source, because you have no way of knowing what’s in it, and you absolutely never want to run it on your computer. You might get what you want, the keylogger in this specific example, but your computer might get infected with exactly the same keylogger that you plan to deploy somewhere, or with exactly the same rat that you intend to deploy somewhere. So, that’s not a very bright idea. You should use verified sources for such tools. I will show a few of them later on as I browse the internet and download them, but I’m just making it very clear here that you should be very careful with these things. One of the foolproof methods of doing this is actually configuring a virtual machine, and conducting this sort of activity on that virtual machine. So, even if you get infected, or something like that, it doesn’t matter. It’s a virtual machine. You can reinstall it anytime you would like, very fast, pretty much no information will be lost. More importantly, the primary file system on your main, physical machine will not be accessible from the virtual machine.

Anyway, down below you have the terminal. The terminal is basically an interface, for you, that allows you to control your operating system. Now, the Linux terminal is very powerful, and we will be using it extensively throughout this course. I will familiarize you with it, I will teach you how to use it. To some people it might seem a bit difficult, or a bit tricky at first. There are a lot of commands to type in, it takes some time to memorize them all. You need to learn what to use where. But, believe me, there is a certain logic to it, and once you figure it out you unlock the full potential of the operating system. I have memorized roughly 30% of the available Unix commands, and the rest I simply figure out with -age, or –help. The system pretty much tells you everything you need to know, it helps you out to a great extent, and you are able to figure out a lot of things from just understanding the basic logic of how it works. Now there is some, there will always of course be debate regarding why you would use terminals. Why wouldn’t you just use GUI tools, or something like that? The simple answer is because they are not nearly as powerful as the terminal tools are. Plus, terminal tools have far less dependencies, and most of the hacking tools are basically designed for the terminals. They don’t have GUIs. Many of them do have them these days, but I might not cover over them because the GUI interfaces are not that relevant. When you figure out how to do it in the terminal, you will automatically, by default, know how to do it with the graphical user interface, for that particular program.

Continuing along, we have firewalls. Now the firewall in Linux is configured to the IP table commands. You keep on passing arguments and configuring these firewalls, and this is one of the main reasons why you should not be using any distribution of Windows for this particular tutorial. The Linux firewall is open source, and it has a ridiculous amount of options, a ridiculous amount. I’m not kidding, you can do pretty much whatever you want with it. You can close open ports, forward connections via ports or by IP addresses, forbid certain protocols on certain ports, forbid certain protocols for certain IP addresses, do all manner of forwarding and redirection, etc. This is all available for free with a Linux firewall, whilst in Windows you will have a much more limited scope of options regarding configuration. We want to keep it budget-friendly, and we want to have a powerful firewall. Now, there will be two ways of configuring this firewall, and if you are afraid of messing it up don’t worry about it, because most of the configurations will be short-lived configurations, so to say. All of the configurations made to the firewall from the iptables command, unless specified otherwise, will be temporary, and they will hold until the next system reset. There is a way to circumvent this of course and to configure the firewall rules in the configuration file directly, and thereby making the changes permanent, which is also one of the ways of doing it, but I don’t generally prefer it. I prefer to have a script somewhere which you can run at any time, and it will configure your firewall by default. This is primarily because you can put your tool set on a USB stick, or somewhere online, and you have these quick scripts which you generate, and then they perform these tasks for you in an automated fashion. It’s really simple. I will show you how to make these scripts. You do not necessarily need advanced programming knowledge. Basically, these scripts consist of lists of Linux terminal commands, which we will do anyway. So, basically, the script would consist of a list of those commands, and then you just change the mod of the of the script to be an executable file, run it, and all those commands are passed to the system.

The final thing that I wish to address here is reverse shells. So, there are hundreds, if not thousands, of reverse shells out there that you can use. I will pick a few that we will use depending on the framework, depending on the environment of course, that we want to infect. But, in essence, what reverse shells are, as the name itself says, you have a program with which you infect another device, and then that program opens up a reverse connection from that device back to you. So you can keep on passing commands, you can keep on controlling the system, even though you are nowhere near it. There are different types, of course. Today, with routers and firewalls you do need to do a lot of extra configuration, and there are problems that need to be solved and addressed. You will see how when you are trying to break into a single computer, sometimes you need to break into the router first. Usually, you need to break into the router first. Unless, you’re performing these phishing sort of attacks, or there’s a web server, running in the background. But, attacking a private device, a private computer, which is usually what people do, preludes to bigger hacks, because they want to extract some sort of information from, let’s say, a company’s employee that’s a network administrator, or somebody like that. One of the basic vectors would be to attack a home router, change the DNS settings there, and try to steal the credentials in such a way, or put the computer in the DMZ of the router, Demilitarized Zone, so that the router is no longer effective for that device. It would just forward all traffic to that device, regardless. So, those are just some of the types of attacks that you can do, but reverse shells will depend on the environment that you are trying to infect, and it will depend on the choice of your attack route as well.

In any case, I hope you got some basic introduction to these terms. Again, if you didn’t figure it out all immediately, don’t worry about it. We will cover of this in great detail, with a lot of examples, and you will understand it. It’s not complicated, do not allow fear to dissuade or stop you, just keep on going in spite of it. If you can just stick in until the end of this course, I guarantee you will understand it. With just a bit of focus, and a bit of curiosity, you will be able to obtain the necessary skills needed in order to become a pen-tester, or an ethical hacker. I bid you all farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato