NetBIOS

NetBIOS (Network Basic Input/Output System) is a programming interface that allows applications on different computers to communicate within a local area network (LAN). It was created by IBM for its early PC Network, was adopted by Microsoft, and has since become a de facto industry standard. In short, NetBIOS provides communication services on local networks.

NetBIOS provides two communication modes: session or datagram. Session mode lets two computers establish a connection for a “conversation,” allows larger messages to be handled, and provides error detection and recovery. Datagram mode is “connectionless” (each message is sent independently), messages must be smaller, and the application is responsible for error detection and recovery. Datagram mode also supports the broadcast of a message to every computer on the LAN.

Cyber Attacks

Malware

Malicious software or malware is a program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of different functions such as stealing, encrypting or deleting sensitive data and monitoring user’s computer activity without their permission.

Attackers will use a variety of methods to get malware into your computer, but at some stage, it often requires the user to take an action to install the malware. This can include clicking a link to download a file, or opening an attachment that may look harmless (like a Word document or PDF attachment), but actually has a malware installer hidden within.

Phishing

An attacker may send an email that appears to be from someone you trust, and the email will seem legitimate, and it will have some urgency to it. In the email, there will be an attachment to open or a link to click. Upon opening the malicious attachment, you’ll thereby install malware in your computer. If you click the link, it may send you to a legitimate-looking website that asks for you to log in to access an important file, but the truth is the website is actually a trap used to capture your credentials when you try to log in.

Denial-of-Service (DoS)

A denial-of-service attack is a security event that occurs when an attacker prevents legitimate users from accessing specific computer systems, devices, services or other IT resources. DoS attacks typically flood servers, systems or networks with traffic in order to overwhelm the victim’s resources and make it difficult or impossible for legitimate users to access them.

SQL Injection Attack

Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets this kind of server, using malicious code to get the server to divulge information it normally wouldn’t. This is especially problematic if the server stores private customer information from the website. An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code.

 

Cross-Site Scripting (XSS)

This attack involves injecting malicious code into a website, but in this case, the website itself is not being attacked. Instead, the malicious code the attacker has injected only runs in the user’s browser when they visit the attacked website, and it goes after the visitor directly, not the website.

SET (Social Engineering Kit)

According to Kali Tools, Social Engineering Kit or SET is an open-source penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of the time.

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element and has quickly became a standard tool in a penetration testers arsenal. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.

Below are the steps to create a fake website using SET

Type the command setoolkit

 

 

Type for social engineering attacks

Type  for website attack vectors

 

Type for credential harvester attack method

Type for site cloner

Set the IP for the fake website. Input your own Kali IP.

Input the website URL that you want to clone.

Your fake website is ready to use.

The result of the fake website.

Ethical Hacking and Penetration Testing

The 2018 Global Security Report from Trustwave found that all web applications are vulnerable to attack. All applications had at least one vulnerability, and the average number of vulnerabilities found per application was eleven.

Why do we need penetration testing? The purpose of a pen test is to identify vulnerabilities in your application exploitable from an outside attacker.

Some terms that you need to know

  1. Ethical Hacker: Someone who is employed by companies to do penetration tests.
  2. Penetration Test: A legal attempt to break into a company’s network to find vulnerabilities
  3. Security Test: More than only breaking into the system; also includes analyzing the company’s security and procedures. Tester also offers solutions to protect or secure the network
  4. Hackers: Someone that access a computer system or network without authorization/permission
  5. Crackers: Someone that breaks into a system to steal or destroy data
  6. Script kiddies or packet monkeys: Someone that only copy and run codes and techniques from knowledgeable hackers
  7. Tiger box: A collection of operating systems or hacking tools to help penetration tester and security tester to conduct vulnerabilities assessments and attacks.
  8. Red Team:  ‘The Attacker’ team. The team that performs pen-test without the knowledge and consent of IT-staff of the organization. 
  9. Blue Team: ‘The Defender’ team. The internal team that defends the system, they commonly have knowledge of the internal system. 

Password Attack

Password cracking refers to various measures used to discover computer passwords. This is usually accomplished by recovering passwords from data stored in, or transported from, a computer system. Password cracking is done by either repeatedly guessing the password, usually through a computer algorithm in which the computer tries numerous combinations until the password is successfully discovered.

Authentication can be based on the following factor:
• Something you know
• Something you have
• Who you are

Types of password attacks:

  1. Offline Attack: Means the file or system is available locally for an attack. It might have been downloaded from the Internet, but the attack itself is happening offline.
  2. Online Attack: Means a hacker must attack your password through some kind of Internet-based authentication system, like a Web login form.
  3. Dictionary Attacks: In essence these are word-based brute force attacks, with the hacker testing possibilities from a likely set of words to start, then progressing systematically through the dictionary if necessary. The initial “dictionary” may be compiled from a knowledge of the most common passwords
  4. Key Logger Attacks: Key Logger Attacks use the technique of malware whereby the hacker sneaks malicious code onto a user’s machine through various methods – infected email attachments, “drive-by downloads” from spoofed websites, etc.

Tools for cracking password

I. Offline:

  • Rainbowcrack
  • John the Ripper
  • Wyd
  • Crunch

II. Online:

  • Hydra
  • Wireshark
  • TCPdump
  • BruteSSH

How to avoid password attack?

  • Long and complex password
  • Enable account lockouts
  • Change password regularly
  • Give additional protection to highly privileged accounts.
  • Rename highly privileged accounts.

Exploits

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack.

How do exploits occur?

Although exploits can occur in a variety of ways, one common method is for exploits to be launched from malicious websites. The victim might visit such a site by accident, or they might be tricked into clicking on a link to the malicious site within a phishing email or malicious advertisements.

List of exploit database:

SecuriTeam – http://www.securiteam.com
Government Security Org – http://www.governmentsecurity.org
Secunia Advisories – http://secunia.com/advisories/ historic/
Security Reason – http://securityreason.com
XSSed XSS-Vulnerabilities – http://www.xssed.com
Security Vulnerabilities Database – http://securityvulns.com
Offensive Security Exploits Database – http://www.exploit-db.com
Indonesia Security Exploits Database – http://www.exploit-id.com
SEBUG – http://www.sebug.net
OSVDB Vulnerabilities – http://osvdb.org
National Vulnerability Database – http://nvd.nist.gov
US-CERT Vulnerability Notes – http://www.kb.cert.org/vuls
US-CERT Alerts – http://www.us-cert.gov/cas/ techalerts/

Information Gathering

Information gathering is to collect as much information about our target, such as Domain Name Server (DNS) hostnames, IP address, and etc.

1. whois –> To gather information about the domain and the registrant. 

The command is very simple –> whois *website*

 

2. theHarvester –> To gather email account, username, and hostname.
If we want gather information using theHarvester, with maximum 100 results and using google the command is theharvester -d domain.com -l 100 -b google

3. dig -> Dig (Domain Information Groper) is a network administration command-line tool for querying DNS name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups and displays the answers that are returned from the name server that was queried. The command is dig *website*

 

 

 

Kali Linux Penetration Testing Cycle

1 Target scoping

In this step, we observe the network condition and determine what to do. What objectives we need to achieve, how long does the test going to take, etc.

2 Information Gathering

Gather and learn about the target from public sources, such as Google, Yahoo!, and many more. Information gathering can also be done with footprinting tools.

3 Target discovery

in this step, we mostly deal with identifying the target’s network status, OS, and network architecture.

4 Enumerating target

Find open ports of the target. Once the open ports have been identified, they can be enumerated
for the running services.

5 Vulnerability mapping

Identify the weakness of the target based on the disclosed ports and services.

6 Social Engineering

Manipulate target into executing malicious code that gives access to the auditor. This step is optional.

7 Target exploitation

In this step, we really penetrate into the system. This step focused on the target acquisition process that has three core area, includes pre-exploitation, exploitation, and post-exploitation activities.

8 Privilege Escalation

The goal of this step is gaining the highest level access of the target.

9 Maintaining Access

Keeping control of the target for a specified amount of time. Provides a  clear view of how an attacker maintains access without noisy behavior.

10 Documentation and Reporting

Documenting, reporting, and presenting the vulnerabilities found.

 

Google Dorks

A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. In other words, we can use Google Dorks to find vulnerabilities, hidden information and access pages on certain websites.

Google Dorks can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data).

 

Some of the popular operators used for Google Hacking:

  • inurl: ” ” Used to find a specified term in the url.
    • Example: Using inurl: “google dorks”, Google will only show the term “google dorks” on their results page.

  • allinurl: ” ”  –> Similar to inurl, but show the results for the URL that meet all the keyword.
  • intitle: ” ”  –>Using this operator, Google will only show the results that have the specified term in their website title.
    • Example: When using intitle: “login page”, Google will only show the sites that have the word “login page” in the website’s title text.
  • allintitle: ” ”  –> Similar to intitle, but using this operator, Google will show all the specified keywords in the title.
  • site: www.web.com –>To limit the result to only a specific site only
  • Related: www.web.com –> To find similar sites to the term of the domain
  • filetype: –> To find a specific file type (Ex: .pdf, .mp4, .php)
  • ext: –> Similar to filetype, but only shows the results that is based on the searched file extension.

 

Google Dorks Formula

The basic formula of using Google Dorks:

“inurl:.”domain”/”dorks” “

  • “inurl”: The input URL to find a specified term
  • “.domain” : The domain you want to find. Example: .org ; .co.id
  • “dorks” : Your choice dork

Other than “inurl”, you can use other terms that don’t require you to only find URL, such as:

  • “intitle”
  • “intext”
  • “define”
  • “site”
  • “info”
  • “link”
  • “book”

 

 

 

Kali Linux Installation

Kali Linux Installation Using Oracle Virtual Box Tutorial

Creating the VM

Open the Oracle Virtual Box and click the start button

 

Name the virtual machine and give path for the files. Pick Linux as the type and Debian(32-bit) or Debian(64-bit) as the version.

 

Select the file location and size. Change the size to 20.00 GB. 

 

After that, the VM is made.

 

The next step is to choose a disk for the VM. Go to the storage tab

Click the CD-shaped button to add a disk.

Select the Kali Linux iso file that has been downloaded,

 

Go to the network tab and choose Bridged Adaptor in the Attached to option

Kali Linux Installation

 

Select the preferred language

 

Select location

 

Configure locales

 

Configure keyboard

 

Enter hostname

 

Enter domain name (optional)

 

Select clock

 

Select partitioning method

 

Select disk to partition

 

Select partitioning scheme

 

Finish partitioning or undo changes to partitions

 

Write the changes to disk

 

If using a network mirror, whenever there is a new software update, it will tell the user.

 

Enter HTTP proxy (optional)

 

Insatall GRUB

 

Kali Linux installation is finished and the VM is ready to be used.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Graphical install: To make the display easier to manage (not command line)

 

 

 

 

 

 

 

 

 

 

 

 

Choosing language

 

 

 

 

 

 

 

 

 

 

 

 

Choose the country