Backtrack 5

Image

“The quieter you are, the more you are able to listen…”. The motto of backtrack meaning that listening requires you to be silent, you can listen while you’re talking but it is not as effective while you are in silent mode. At first using backtrack is a lot of hassle for me. Lack of user interface really annoys me, but overtime me slowly beginning to able to use command as well as UI. Moreover, after practicing using command line I began to understand what’s going on inside of my OS instead just letting it do its work.

 

Backtrack has taught me lots of things from how to find others IP to eventually get inside of their system. Of course, it was not an easy job to do that, it requires patience and focus to do it or it will become a failure and all of your effort will be in vain. Finding a person private data also become really easy with the tools available inside of backtrack, but running those tools isn’t the only thing that you need to run it. You must also understand what are you looking for and your target as well in order to get the correct output from those tools.

 

Understanding Keyloggers

Image

Not every keylogger is a virus. There are some company which make keyloggers to monitor their employee behavior while operating their system. Also, it also has been used to study human-computer relationship in some organization.

Image

My personal experience in using keyloggers is when I try to find out my siblings ID and password. First I installed a keylogger in her laptop and wait a couple days to find out the password. Although it mostly contains a lot of junk, after a thourough searching I finally found the session which she is logging to an account and try to log in as her. Funnily the software I used only works in internet explorer in the Mozilla firefox the key got scrambled and created an unreadable keystroke.

Little but powerful… Packets!

 Image

A packet is a formatted unit of data transmitted throughout the computer network. A packets has two things which is control information and payloads. By examining this packets we will be able to determine what is going on in our network. Hacking attempts or scanning can be recorded if we are able to successfully decipher those packets.

 

Wireshark:

Image

Wireshark is a software which analyze a networks packets and capture it in the most detailed picture available. This software is free and open source so it’s really easy to access it and used it. Also, basically it has the same functionality as TCPdump so if you aren’t able to use it you can use TCPdump instead because at the core they are one and the same.

 Image

 

 

source: https://en.wikipedia.org/wiki/Network_packethttp://en.wikipedia.org/wiki/Wireshark

Aim for the right spot

Image

We can’t just launch our attacks randomly on the target ports, we must carefully search which port can or cannot be attacked. Even tough as system has many ports it doesn’t mean that all is opened, some is closed due to security issues or some of them is not needed. As an ethical hackers it is our job to search which port is alive so we can properly execute our attacks. There is also several tools in backtrack that can help us do that.

 

Superscan:

Image

Zenmap:

 Image

Know your enemy!

keep-calm-and-know-your-enemy-1

In order to attack someone, we must know all their weaknesses and strength in order to win. The principal is the same when we are going to attack a system, we must know which part is unguarded and we must avoid detection at all cost. There are several tools that can help us do that.

Fping:

Image

Hping:

Image

Rping:

Image

Protect yourselves!

Image

As an ethical hackers, there are laws we must obey in order to do our job safely. Contracts and Statement-of-work will be needed to clear ourselves from charge if something happens to our clients. This Contracts also forbid us to publicize their system weaknesses and private data to keep their company safe and secure. Also, these contract allows us to become a recommended penetration tester in our certificate.

 

It’s not all about computers

Hacking is not a one way street attack to the target system. There are many other ways to gain access to the system even without looking at the system at all. Remember, hacker we must use the easiest and most efficient method to gather data. Therefore, since human is the weakest link in the chain, we must use them as resource use as an information gathering method.

Piggybanking:

Image

Piggybanking is an act in which an unauthorized person who follows someone to a restricted area without the consent of the authorized person. In this secured area, this person can obtain sensitive data easily because they have access to the data.

Methods:

mantrap_handtruck600x441

  • Surreptitiously following an individual authorized to enter a location, giving the appearance of being legitimately escorted
  • Joining a large crowd authorized to enter, and pretending to be a member of the crowd that is largely unchecked
  • Finding an authorized person who either carelessly disregards the law or the rules of the facility, or is tricked into believing the piggybacker is authorized, and agreeably allows the piggybacker to tag along

Source : http://en.wikipedia.org/wiki/Piggybacking_(security),