Image by Luke Bott

From Zero To Hero| Part 1: My journey through an ethical hackers course.

As you may have guessed from my username, I am a junior hacker in training and halfway through an ethical hackers course I am taking, it is a summary of the most interesting lessons and disregards the uninteresting things.

I wanted to share my journey here with you, in the hope that you guys out there can learn something from it, also so I can remember what I learned :)

I hope these notes are helpful to any of you who want to become an ethical hacker one day, if you have any questions please just comment!

Table of contents:
1. What is hacking?
2. List of common threats to the system.
3. Skills required to become ethical hacker.
4. Hacking tools.
5. Social engineering.
6. Cryptography.

1. What is hacking?

Hacking is identifying weakness and vulnerabilities of some system and gaining access with it.

Hacker gets unauthorized access while ethical hacker have an official permission (usually in written form, to avoid problems).

There’s some types of hackers, a bit of “terminology”. 
White hat — ethical hacker. 
Black hat — classical hacker or cracker. 
Grey hat — person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — person with no technical skills just used pre-made tools.
Hacktivist — person who hacks for some idea and leaves some messages. For example strike against copyright.

Actually, a goal of ethical hacking is to reveal the system weaknesses and vulnerabilities for company to fix them. Ethical hacker documents everything he did.

2. List of common threats to the system:

- Virus
- Trojans
- Worms
- Spyware
- Key loggers
- Adware
- Denial of Service Attacks
- Distributed Denial of Service Attacks
- Unauthorized access to computer systems resources such as data (cookies, tokens, passwords, session ids, etc)
- Phishing

3. Skills required to become ethical hacker.

For this job, you need specific skill set: programming, understanding how internet works, problem solving and knowing&using existing security tools.

Programming used to automate some things to save a lot of time. Also it used to create security tools you need or modify existing one for your needs.

There’s a lot of languages might be useful. Some of them listed below.
Web hacking: HTML, JavaScript, PHP, SQL
SQL is used to communicate with database so it’s important to know.
Building tools and scripts: Python, Ruby, Bash, Perl.
Writing exploits, shell scripts, etc.: C, C++.

Another useful thing is to get linux and to know the main commands.

4. Hacking tools.

Hacking tools used to find and exploit weaknesses in computer systems, web applications, servers and networks. Some of them are free and open-source, some of them are commercial.
Here the list of example tools. But you have to look for another too (nmap for example).

5. Social engineering.

Social engineering is manipulating people to reveal confidential information, which can be used in further password guessing, for example.

My personal advice — split every task to subtasks. In this case:

Subtasks for social engineering attack. Starts from gathering information.

Common techniques:
- Familiarity exploit. You can contact with the target person(user of the system) under different circumstances: while smoking, eating meals, at social events, etc. You get familiar with him and use it to acquire info. You can ask question which will help you to guess email password or personal info used as answer to security question while recovering the password. If target’s company have a zone, which you can enter only by card or access code, you can follow the target and come in too as you are familiar with him.
- Intimidating circumstances. People tend to avoid people who intimidate others around them. Using this technique, the you may pretend to have a heated argument on the phone or with an accomplice in the scheme. You may then ask target for information which would be used to compromise the security of the target’s system. The targets are most likely give the correct answers just to avoid having a confrontation with you. This technique can also be used to avoid been checked at a security check point.
- Phishing. It’s common and effective technique to obtain private user’s data. The social engineer may try to impersonate a genuine website such as Yahoo and then ask the unsuspecting user to confirm their account name and password. This technique could also be used to get credit card information or any other valuable personal data.
- Tailgating. This technique involves following users behind as they enter restricted areas. As a human courtesy, the user is most likely to let the social engineer inside the restricted area.
- Exploiting human curiosity. Accidentally drop an infected flash disk where the targets can easily pick up it. Most likely, target will plug it in the computer. You can use auto run or seduce the target to open a file with interesting title like Employees Revaluation Report 2017.docx which can be infected.
- Exploiting human greed. You may lure the target with promising money after filling some form and confirm their details using credit card details, etc.

To counter such techniques the employees simply can be trained and have an awareness about social engineering.

6. Cryptography.

Cryptography is used to secure sensitive data. Information leaks can cause a lot of troubles for business.

Example of encryption alrgotithm

The process of reversing encryption called decryption.
The encrypted info is cipher.

Cryptanalysis is the art of trying to decrypt the encrypted messages without the use of the key that was used to encrypt the messages.
The success of cryptanalysis attacks depends on:
- Amount of time available
- Computing power available
- Storage capacity available

Commonly used attacks:
- Brute force attack. This type of attack uses algorithms that try to guess all the possible keys to find the correct decrypted data.
- Dictionary attack. This type of attack uses a wordlist in order to find a match of either the decrypted data or key. It is mostly used when trying to crack encrypted passwords.
- Rainbow table attack. This type of attack compares the cipher text against pre-computed hashes to find matches.

List of modern encryption algorithms:
- MD5. This is the acronym for Message-Digest 5. It is used to create 128-bit hash values. Theoretically, hashes cannot be reversed into the original plain text. MD5 is used to encrypt passwords as well as check data integrity. MD5 is not collision resistant. Collision resistance is the difficulties in finding two values that produce the same hash values.
- SHA. This is the acronym for Secure Hash Algorithm. SHA algorithms are used to generate condensed representations of a message (message digest). It has various versions such as:
 — SHA-0: produces 120-bit hash values. It was withdrawn from use due to significant flaws and replaced by SHA-1.
 — SHA-1: produces 160-bit hash values. It is similar to earlier versions of MD5. It has cryptographic weakness and is not recommended for use since the year 2010.
 — SHA-2: it has two hash functions namely SHA-256 and SHA-512. SHA-256 uses 32-bit words while SHA-512 uses 64-bit words.
 — SHA-3: this algorithm was formally known as Keccak.
- RC4. This algorithm is used to create stream ciphers. It is mostly used in protocols such as Secure Socket Layer (SSL) to encrypt internet communication and Wired Equivalent Privacy (WEP) to secure wireless networks.
- BLOWFISH– this algorithm is used to create keyed, symmetrically blocked ciphers. It can be used to encrypt passwords and other data.

Now practice! Simple brute force using CrypTool. It is free and open-source program. You can download it here for windows only. I used wine to run it with linux.

We will encrypt the message “Never underestimate the determination of a kid who is time-rich and cash-poor” with key 00 00 00 with RC4 algorithm.

Starting encryption
After replacing
And click Encrypt
Result
Start attack
Brute force process
Result

Thus concludes the first part of my notes and this course.

It was hopefully useful to you, if so please check out Part Two here.

Editors Note: Put a WEBGAP between you and the malware with a browser isolation technology or by leveraging a remote browser service.