Abstract
This chapter discusses different essential ethical hacking tools developed by various researchers in detail. Tools discussed here include Netcat network analysis tool, Macof from Dsniff suit toolset for DOS attack, Yersinia for dhcp starvation attack, Dnsspoof tool for MITM attacks, Ettercap for network-based attacks, Cain and Abel, Sslstrip tool, and SEToolkit. These tools are used for carrying out DOS attack, DHCP starvation attack, DNS spoofing attack, session hijacking attacks, social engineering attacks, and many other network-based attacks. Also, the detailed steps to configure WAMP server as part of ethical hacking lab setup is also discussed in this chapter in order to simulate web application-based attacks. There are large numbers of ethical hacking tools developed by the researchers working in this domain for computer security, network security, and web server security. This chapter discusses some of the essential tools in detail.
TopNetcat, the network analysis tool is referred as “Swiss Army Knife of Hacking Tools” in the hacker’s community due to its multiple feature support. It can be used: 1) as a port scanning tool like nmap; 2) for port forwarding; 3) for proxying; 4) as simple web server, and; 5) for leaving an open backdoor for the hacker etc. Type “nc –h” in kali VM as:
root@kali:~# nc –h
options:
- •
c shell commands: As `-e'; use /bin/sh to exec [dangerous!!]
- •
e filename: Program to exec after connect [dangerous!!]
- •
b: Allow broadcasts
- •
g gateway: Source-routing hop point[s], up to 8
- •
G num: Source-routing pointer: 4, 8, 12, ...
- •
h: This cruft
- •
i secs: Delay interval for lines sent, ports scanned
- •
k: Set keepalive option on socket
- •
l: Listen mode, for inbound connects
- •
n: Numeric-only IP addresses, no DNS
- •
o file: Hex dump of traffic
- •
p port: Local port number
- •
r: Randomize local and remote ports
- •
q secs: Quit after EOF on stdin and delay of secs
- •
s addr: Local source address
- •
T tos: Set Type Of Service
- •
t: Answer TELNET negotiation
- •
u: UDP mode
- •
v: Verbose [use twice to be more verbose]
- •
w secs: Timeout for connects and final net reads
- •
C: Send CRLF as line-ending
- •
z: Zero-I/O mode [used for scanning] port numbers can be individual or ranges: lo-hi [inclusive]; hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
To connect to any remote web server system (port 80) to grab the banner using TCP connection, just type “nc targetIPaddress 80” and identify what web serving software the victim is running as:
root@kali:~# nc google.com 80
HEAD / HTTP/1.0
HTTP/1.0 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Location: http://www.google.co.in/?gfe_rd=cr&dcr=0&ei=h_2fWofVCKWcX_-Tt8gK
Content-Length: 269
Date: Wed, 07 Mar 2018 14:56:07 GMT
To listen connections on port (say 9999), type “nc - l -p 7777” as shown in Figure 1. Connecting via any other terminal prompt will send any data typed to netcat listening port as shown in Figure 1. Create two putty instances such that one listens, and other connects to study this functionality.