book

Ethical Hacking

by Daniel G. Graham

September 2021

Intermediate to advanced

376 pages

9h 25m

English

No Starch Press

Read now

Unlock full access

Why Read This Book?Installing PythonWhat Is in the Book?Reaching Out
Virtual LabSetting Up VirtualBoxSetting Up pfSenseSetting Up MetasploitableSetting Up Kali LinuxSetting Up the Ubuntu Linux DesktopYour First Hack: Exploiting a Backdoor in Metasploitable
How the Internet Transmits DataARP Spoofing AttacksPerforming an ARP Spoofing AttackDetecting an ARP Spoofing AttackExercises
Packets and the Internet Protocol StackViewing Packets in WiresharkAnalyzing Packets Collected by Your FirewallExercises
Sockets and Process CommunicationAccessing the Victim MachineWriting a Reverse Shell ClientWriting a TCP Server That Listens for Client ConnectionsLoading the Reverse Shell onto the Metasploitable ServerBotnetsExercises
EncryptionEncrypting and Decrypting a FileEmail EncryptionEncrypting a File with RSAWriting RansomwareExercises
Transport Layer SecurityUsing Diffie-Hellman to Compute a Shared KeyElliptic-Curve Diffie-HellmanWriting TLS SocketsSSL Stripping and HSTS BypassExercise: Add Encryption to your Ransomware Server
A Sophisticated and Sneaky Social Engineering AttackFaking EmailsFaking WebsitesCreating Deepfake VideosExercises
Link AnalysisGoogle DorkingScanning the Entire InternetIPv6 and NAT LimitationsVulnerability DatabasesVulnerability ScannersExercises
Case Study: Exploiting the Heartbleed OpenSSL VulnerabilityFuzzingSymbolic ExecutionDynamic Symbolic ExecutionUsing DSE to Crack a PasscodeExercises
Case Study: Re-Creating Drovorub by Using MetasploitHiding an Implant in a Legitimate FileEvading Antivirus by Using EncodersCreating a Windows TrojanCreating an Android TrojanExercises
Writing a Linux Kernel ModuleModifying System CallsHooking the Shutdown SyscallHiding FilesUsing Armitage to Exploit a Host and Install a RootkitExercises
SQL InjectionStealing Passwords from a Website’s DatabaseWriting Your Own SQL Injection ToolUsing SQLMapHashing PasswordsBuilding a Salted Hash CrackerPopular Hash Cracking and Brute-Forcing ToolsExercises
Cross-Site ScriptingFinding Vulnerabilities with OWASP Zed Attack ProxyUsing Browser Exploitation Framework PayloadsMoving from Browser to MachineExercise: Hunting for Bugs in a Bug Bounty Program
Pivoting from a Dual-Homed DeviceExtracting Password Hashes on LinuxExercises
Creating a Windows Virtual LabExtracting Password Hashes with MimikatzPassing the Hash with NT LAN ManagerExploring the Corporate Windows NetworkAttacking the DNS ServiceAttacking Active Directory and LDAP ServicesAttacking KerberosExercise: Kerberoasting
Setting Up a Hardened Hacking EnvironmentOther TopicsConnect with Others

Content preview from Ethical Hacking

5CRYPTOGRAPHY AND RANSOMWARE

Unless you know the code, it has no meaning.

–John Connolly, The Book of Lost Things

Ransomware is malicious code that holds a machine hostage by encrypting its files. After encrypting the files, ransomware usually displays a window demanding money in exchange for the decrypted files. This chapter will show you how hackers write encryption ransomware to extort money from a company. However, before we do that, you must understand encryption algorithms and secure communications more generally. After reading this chapter, you should be able to encrypt a file with a block cipher, send an encrypted email using public-key ...