The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including 312-50v11: Certified Ethical Hacker v11 Exam Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.

Network Hacking - Gaining Access – Security

1. Configuring Wireless Settings for Maximum Security

So far, we learned a number of techniques that hackers can use to gain access to networks, even if they use WPA and WPA 2. If this happens and a hacker manages to gain access to your computer, it's game over. They'll be able to run much more powerful attacks to spy on every single connected device and potentially even gain full control over these devices. We will be covering all of that in the next section of this course. But before I get into that section, I want to spend one more lecture showing you how to implement the security settings that I recommended in the previous lecture to stop hackers from gaining access to your network and being able to do all of the attacks that I'm going to show you in the next section. So to implement the changes that we discussed in the previous lecture, we will have to first access the Raptors settings page. And to do that, you're going to first need to go to your terminal, and we're going to run the IP route command. This is a very simple command that will simply show us the default gateways in our current network. So as you can see, the first default gateway is ten 00:21.This is the one for ethical, and the default gateway is basically the router, because as we know, the router is used as the default gateway to the internet. So this is the default gateway for the virtual network that this machine is configured to connect to. And below it, we can see the default gateway for the real WiFi network that Land Zero is connected to. It's saying that the default gateway for land zero is this specific IP address. Now, for you to see this, obviously Lanzer needs to be connected to your wireless network. So if I look here on my networks on the WiFi and select network, you'll see that I'm actually connected to this network, which is my current WiFi network. Now, if you're being deauthenticated and you're not able to connect to your own network using WiFi, then you can connect to your network using an Ethernet cable. That way, the de-authentication attack will not work against you, and you'll still be able to see the default gateway IP in here and use it to access the router settings and modify them to improve your security. Once you see the default gateway, this is the IP of your router, and this is the IP that we're going to use to access the router's settings page to modify its settings. So I'm going to copy this, and I'm going to go to my web browser, and we're simply going to put it in the address bar and navigate to it. It's going to ask you for a username and a password. Now, in many cases, you'll find this written under the router or at the back of the router on a sticker. If you can't find it there, then look in the manual for the default password. A lot of the time, it's admin, or it could be the actual network key, the default network key. So I already have my password copied in my clipboard, and I'm just going to paste it here and log in. And as you can see, we now have access to the router settings page. In this control panel you can modify anysettings that is related to the router. Keep in mind that your control panel might look different. This control panel looks different depending on the router that you have. But the settings that we want to modify are the same. So you're just going to have to look through it—through the different tabs or the different layouts—to find the settings that I'm going to modify. Now, as you know, the main thing that we want to modify is the WiFi—the WiFi settings. So in my case, I have it here under this cog on the right. In your case, it might be in a different tab, in a different window, or in a drop-down menu. You just want to make sure you find the WiFi settings. So I'm just going to click on it in here. So in the basic settings in here, you can see the different bands that the router is running on. That's okay. You can see we have the network name; you can modify it from here. You can see that it is set to visible. So you can unpick this box to make the network invisible, so it doesn't broadcast its name. The main thing that we want to modify here is the security. And you can see in my case that it's already set to WPA-Two personal. So make sure you're using WPA 2 for maximum security. And you want to make sure, as mentioned in the previous lecture, that you use a long password that is made of small and capital letters, special characters, and numbers, and make it at least 14 characters. That way, it's very difficult to crack. Once you're done with your settings, you can click on Apply to apply the settings. But in my case I haven't changed anything, so that's fine. The next thing we want to do, as youremember, we were able to crack networks regardless ofwhat key they used, even if the key wascomplex, if WPS Pin authentication was enabled. So you're going to need to find where your WPS settings are. In my case, it's here under a different tab. We're going to click on it and make sure that it is disabled. So in here, as you can see, WPS is on in my case. So I'm going to click on it, disable it, and then click on "Apply" to apply the changes to some routers. This will disable it for both bands. In my case, I also need to manually go to the settings for the 5 GHz by clicking here and disable it manually. For that, I got disconnected for a bit of time because when you change settings within the router, it will need to restart. So you need to give it some time once you click on, apply, or save for the router to restart with the new settings. We're going to refresh now just to see if we have it back. As you can see, we still don't have it back, so we need to give it a bit of time. OK, so I'm being asked to log in again because the router restarted, and we're going to go back to the WiFi settings, WPS, and as you can see, it's off now. So we also want to go to the 5. We want to make sure it's off as well. You might not have to do this on your router, but in my case, I have to do it manually for the 5. For the two 4 GHz processors, another feature that you might find useful is Mac filtering, also known as Access Control. You might find it under different names. This allows us to define a list of Mac addresses that can connect or should be disconnected from the network. So from here, you can select to create an allow or a deny list. So if we go on the Allow list, we're going to be specifying the Mac addresses that are allowed to connect to the network. All you have to do is simply put the Mac address here, add it, and save it, and then only the specified Mac addresses will be allowed to connect to the network. So that's pretty much it. You just want to make sure that you use InWPA 2, disable WPS, and use a long password made up of small letters, capital letters, numbers, and special characters. You can also use access control, or Macfiltering, to prevent or allow certain Mac addresses. Remember if you were deauthenticated from your own network. So if you're not able to connect to your own network using the WiFi settings in here through WiFi, then you can connect to the Rapid using an Ethernet cable, and that way the deauthentication attack will not work against you. Then you'll be able to come in here and modify the network settings to prevent the attacker from launching attacks against you without being authenticated.

Network Hacking - Post Connection Attacks

1. Introduction to Post-Connection Attacks

In this section, we're going to talk about postconnection attacks. So there are attacks that you can do after connecting to your target network. Now, it doesn't matter whether the target network is a WiFi network or a wired or Ethernet network. It really doesn't matter. As long as you do gain access to this network and are able to connect to it, you'll be able to do all of the attacks that I'm going to show you in this section. Now, you'll notice that once connected, you can do so many cool things. So you'll be able to gather detailed information about all of the clients connected to the same network. You'll also be able to intercept data and see any usernames, passwords, or other information they use on the Internet. You'll be able to change data as it travels through the air. So you'll be able to inject evil code and do so many cool things on the network. Now, to do all of the attacks that I'm going to show you in here, you have two options. The first option is to run the attacks on the Windows machine against the virtual Nat network. You just need to make sure that the virtual Windows machine is connected to the same NAT network as the Kali machine, or you can run the attacks against real computers connected to your real WiFi network. And you need to make sure that you have a wireless interface connected to the Kali machine, and the Kali machine needs to be connected to your target WiFi network. Now, throughout this section, I'm actually going to be using both options. So I'm going to be running some attacks against the WiFi network, and I'll be running some against my virtual network just to make sure that you're comfortable with running all of these attacks in different environments and on different networks. Because, like I said, it doesn't really matter how you gain access to the network. The network type doesn't really matter either, as long as you are able to connect to the target network.

Network Hacking - Post-Connection Attacks - Information Gathering

1. Installing Windows As a Virtual Machine

Now to practise some of the attacks that we're going to learn in the future lectures. You need to have a target machine or a victim machine. So this is a computer that you're going to target and try to hack and test the attacks that we're going to learn against. So you can do this against any machine machine.But I highly recommend installing targeted machines as virtual machines. This is great because it won't break a real computer for you if you actually break something. It's also very easy to fix. Even if you have a computer that you don't care about, it's very easy to fix virtual machines. You can just remove it and reinstall it or store a snapshot and go back to it. Now, as we all know, Windows is a very common operating system. It's used by a lot of people. So in this lecture, I'm going to show you how to install Windows 10 as a virtual machine so that we can test some of the attacks that we're going to learn in the future against it. So we'll target this machine when we want to test attacks against Windows or a target user that uses Windows. Now, Microsoft has released ready-made virtual images for people to test Windows. So we can actually download a virtual image of Windows for free from Microsoft. I'm going to include the download links and the resources for this lecture, but I have the page opened here. So the first thing you want to do is select the type of virtual machine that you want to download. As I said, we want to download Windows Ten, so we're selecting MSH on Windows Ten. Next we need to choose the virtualization platform, and you know we're using VMware. That's why we're selecting VMware. But you have other options if you're using other virtualization software. Once you select VMware, you're going to see a download button in here; clicking that will download a zip archive that contains the virtual image for Windows Ten. Now, I've already done that, and I already have it in here in my downloads. As you can see, we have it here: Microsoft Windows 10 and VMware. And as you can see from the icon, this is a zip archive. Therefore, in order to use the contents inside it, we have to uncompress this file. So to do that on Windows, we're going to have to double-click it, copy the content, go back one directory, and paste it here. We're going to give it sometime to uncompress the content. On Mac, you can do the same. Simply double-clicking it will uncompress the content, and on Linux, you'll have to right-click and click on Extract here. Now, I'm doing these steps from a Windows host computer, but you should be able to follow the same steps on an Apple, Mac OS, or Linux machine because we are essentially using the same virtualization software, which is VMware. Once this is done, we're going to have another directory in here with the contents of the virtual Windows image. To import this into VMware, we're going to run VMware first of all run VMware.We're going to click on "Open Virtual Machine" or go to the player file. Open. We're going to navigate to the location where we have this file here. So it's going to be in my downloads in MS, Windows 10, and VMware. And we're going to select the only file that we can actually select from the list. We're going to click on "Open," and we can set the name of the machine in here. So, for example, I can set it to Windows Ten. You can change the path where it's going to be stored, but we're going to keep that the same. and we're going to click on Import. To import it, you're going to have to give it a bit of time to import this machine into VMware. And perfect. As you can see now, it's imported here, and as usual, we can simply start it by clicking on the green Play button. But before doing that, I actually want to modify the amount of memory it has. So we're going to right-click and go to Settings. And as you can see, by default it's set to have 4GB of memory. I think that's a little bit too much. It doesn't need that much. So we're going to set that to two. By dragging the slider down to two, we're going to click on OK and start it by clicking on the green Play button. And perfect. As you can see, the machine has started. We're going to click inside and click again to log in. The default password in here is capital PASW zero, or the Escalation Mark. I'm going to hit Enter. And here we go. We have a fully working virtual Windows Ten computer installed inside our main machine. and we did that so we can test attacks against this virtual machine without affecting our host computer. Now we can go to full screen by clicking here and going to full screen. The screen should automatically resize. If it doesn't, right-click display settings, and you can set it to the right resolution for your screen. I'm going to set it to 3840 by 2160 because I have a 4K screen. You can see that the icons are actually really small because I have such a high-resolution screen. In your case, you'll only face this issue if you have a 4K screen. So you'll also probably need to set the scaling in this area to 200. And as you can see now, the icon size has changed to the normal size. Now, if you face any other issues, check out the featured questions, and if you don't find an answer, feel free to ask us and we will respond to you within a maximum of 15 hours.

2. Discovering Devices Connected to the Same Network

Information gathering is one of the most important steps when it comes to hacking or penetration testing. If you think of it, you can't really gain access to a system if you don't have enough information about it. So for example, let's say you're connected to a network, and one of the devices connected to this network is your target. Now, for you to hack into that target, first you need to discover all of the connected clients to this network, get their Mac address and their IP address, and then from there try to maybe gather more information or run some attacks in order to gain access to your target. Now, there are a number of programmes that will do this for you. Examples are Net Discover and Nmap, which do this job really, really well. So in this lecture, we'll start with the simpler one, which is Net Discover, and see how to use it to quickly map the network we're connected to. And in the next lecture, I'm going to show you how to use Nmap to gather detailed information about all of the clients connected to the same network. So I have my Kali terminal in here, and if I do if config," you'll see I have ETH 0. It has an IP address. And like I said, this is the virtual interface created by VirtualBox when we set the Kelly machine to use a NAT network. Now I also said that this NAT network behaves exactly like an Ethernet network. And as far as the Kelly machine is concerned, it thinks that it is connected to a real wired network. And as you can see in here,it's telling me that wired connected. Now, I have my virtual Windows machine right here. It is configured to use the same network as the Caddie Machine. Remember, we're still in the network hacking section. So both you and the target machine need to be connected to the same network. So as far as these two computers are concerned, they think that they are connected to the same network. So what I want to do right now is use Net Discover and see how we can use it to discover all devices connected to the same network. Now, the method that I'm going to show you will work exactly the same whether you're using it against a virtual network like I'm doing right now or against a real network. And even if your target is a WiFi or wireless network So all you have to do is type the name of the program, which is Net Discover, and then type R to specify an IP range to search for. This needs to be arranged so it can be accessed by you. As you can see, my IP address is 100.0.16, and I can only access IPS on the same subnet. So IPS on the same subnet start at 100, and they would end at 10 02254 because two, five, and four are the last IPs that a client can have. So my range will be 100, 213 and I want to look for clients with IPs ranging from 100, 21100, 22100, two, three, all the way up to 10, 02254. So instead of manually typing all of these IPS, I can just type over 24 and Net Discover will automatically know that I'm trying to search for all of the IPS that start at 100 two one and end at ten 02254. So this is a way of specifying an IP range for the whole subnet. So if I hit Enter now, you'll see that NetDiscover will show me all the IPS of the devices connected to the same network, and note that the first three parts of the IPS are always the same because they are on the same subnet, and I also have the Mac addresses of these clients, and NetDiscover is also attempting to guess the device vendor. Now, if I press Q, this will quit the program, and right now we have a list of all the connected clients to the same network. Now, like I said, you can also use this method to discover clients connected to the same WiFi network. The only thing is, right now, if you run ifconfig, you can see that my Kali machine does not have a wireless adapter. It's not connected to a WiFi network, and like I said before, you cannot access the built-in wireless card from a virtual machine. Therefore, if you want to do this or run any of the wireless attacks that we're going to see in the future against a real computer and a real wireless network, you're going to need to use a wireless adapter. Now, I'm going to include links in the description that will help you pick a good adapter that works with Kali Linux. But I have one right now, and I'm just going to connect it and use it to show you that if things work on the virtual machines connected to the virtual network, they will work exactly the same on a real network with real machines. So I'm going to connect my adapter now and ifI do if config, it's still not showing up. Let's see if it shows up now. Perfect. As you can see, I have an adapter now called LandZero, and what I'm going to do is connect this adapter to a WiFi network first before I can discover all the connected clients to this network. So I'm going to go to my network manager. I'm going to click in here, and you want to click Select Network," and as you can see automatically now, it actually connected to a network, but in your case, you'd want to select a network and click on "Connect," and then it will ask you for the password. So now I'm actually connected, and you'll see if I do any configuration again. Right now, Land Zero has an IP address. So this means that it is connected to a network, and this means that we can use it now with Net Discover. So again, I'm going to use the exact same command that I used before, just to show you and prove to you that if this works against virtual machines, it will work against real machines. and the only difference is going to be the IP. So I'm going to remove this IP, and as you can see right now, my IP is 192-1681 eight.So therefore, the range that I'm going to look for is going to start at 192-1681 one.And I'm going to leave the over 24 here because this will tell Net Discover that I want to start at 192-1681 and finish at 192-16-8254. So if I hit Enter now, as you can see, it's discovering all the connected clients, all their IP addresses, all their Mac addresses, and it's guessing the manufacturer. And you can see it's alsodiscovering some Apple devices here. So as you can see, it's working perfectly using the exact same command. Now, I only did this to show you that if things work against virtual machines and against virtual networks, then they will work against real machines, because these virtual machines and virtual networks are modelled over real machines. And as far as the machines are concerned, they actually think they are real computers and real machines.