Ports and Protocols
These should be memorized, even be ready to convert them to hex system} representation just in case they have to be known in a very packet dump, long file, IDS rule, or somebody capture/display filter.
Protocols
1 ICMP
6 TCP
17 UDP
47 GRE
50 AH
51 ESP
Ports
20-21 FTP
22 SSH
23 Telnet
25 SMTP
42 WINS
53 DNS
80-81-8080 HTTP
88 Kerberos
110 POP3
111 Portmapper (Linux)
119 NNTP
135 RPC-DCOM
137-138-139 SMB
143 IMAP
161-162 SNMP
389 LDAP
445 CIFS
1080 SOCKS5
3389 RDP
6667 IRC
14237 Palm Pilot Remote adjust
Trojan Horses
7777 Tini
12345 NetBus
27374 Back opening
31337 Sub7
Enumeration
Enumeration is the act of constructing a listing of policies, user accounts, shares, and different resources. This step happens simply before vulnerability assessment and helps the attack place along the most effective strategy for gaining access.
Establishing a Null Session
net use //[target ip]/IPC$ ""/user:""
Protecting info Disclosure
HKEY_LOCAL_MACHINE/SYSTEM/CURRENT management SET/CONTROL/LSA/Restrict Anonymous
"0" is the default for Windows 2000 and offers up everything
"1" is the default for Windows 2003 and offers up less
"2" is the most secure setting, however, makes a machine not terribly cooperative with others
Microsoft sudden infant death syndrome
S-1-5-21-< >-500 in-built native administrator
S-1-5-21-< >-501 in-built native guest
S-1-5-21-< >-512 in-built Domain administrator
S-1-5-21-< >-1000 something on top of a thousand area unit users that are created
Ports attached enumerations attacks
111 UNIX operating system Portmapper Service
41 WINS
88 Kerberos
135 Windows RPC-DCOM
137 NetBIOS Name Service
138 NetBIOS Datagram Service
139 NetBIOS Sessions
161 SNMP Agent
162 SNMP Traps
389 LDAP
445 CIFS (Common net File System)
Misc.
"public" and"private" : default community SNMP strings
1.1.1.2.1.0.0.1.3.4.1.4: is Associate in Nursing SNMP OID
ou=sales,cn=example...: is Associate in Nursing LDAP (LDIF) name string
fingered: the finger daemon was employed in the older operating systems so as operating system systems
Password Cracking
This takes a look at the eventualities that need you to demonstrate an Associate in the Nursing understanding of TCP behavior. make certain to grasp every one of those mixtures well.
Types of positive identification cracking techniques
Guessing: Is the foremost economical, assumptive operation beforehand
Dictionary: Based on a preset list of words
Brute Force: making an attempt each attainable mixture of characters
Hybrid: A combination of all different attacks
LM Hashes
Every positive identification is ultimately fourteen characters long, split into 2 seven characters halved passwords that area unit but seven-character area unit simply known within the guided missile file(hash ends in 404EE).
Rainbow Tables
"Time/Memory Tradeoff": Less memory than an operation, less computing than a brute force.
Salting: the hash could be thanks to combat rainbow tables.
Cracking Effort
Weak Passwords: is cracked in seconds
Strong passwords: would possibly take the life of many universes to crack
Rainbow Tables: solve the "Time/Memory Trade-Off"
DNA: Distributed spec
Popular Cracking Tools
John the Ripper: command tool that runs underneath each Windows and UNIX operating system
LOphtcrack: Business Tool
Ophtcrack: Open supply tool that supports rainbow tables.
Cain and Abel: Powerful useful tool that sniffs and cracks passwords of many sorts.
Trojans and Malware
The official definition is A legitimate application that has been changed with malicious code. A computer virus could be a social engineering technique. It masquerades as a legitimate transfer Associate in nursing and injects the victim's host with an access purpose or a consumer which will connect outward to a server waiting remotely. they do not essentially exploit connections to them that include: File browsers, keyloggers, net cam viewers, and lots of different tools.
Terms
Wrapper or Binder: The application wont to mix a malicious binary and a legitimate program
Rootkit: is put in via trojan, wont to hide processes that make backdoor access
HTTP Trojans: Reverses an affiliation outward through Associate in Nursing communications protocol or S HTTP tunnel
Netcat: Not very a Trojan, however typically employed in Trojan code to set up the listing socket
Hoax: several legit tools area units were reported to be trojans however may not be
Keylogger: records the keystrokes on the install host and saves them in a very log
Famous Trojans
Tini: tiny 3Kb file, uses port 7777
Loki: Used ICMP as a tunneling protocol
Netbus: one in all the primary RATs (Remote Authentication Trojan)
Sub7: Written in the metropolis, dilated on what Netbus had incontestible
Back Orifice: 1st module malware, had the capabilities to be dilated on by outside authors
Beast: tired one client/server binary
MoSucker: Clent could choose the infection methodology for every binary
Nuclear RAT: Reverse connecting Trojan
Monkey Shell Commands: Provides a powerful shell surrounding which will reverse connections and inscribe
Detecting Trojans
netstat/fport: command tools for viewing open ports and connections
tcpview: user interface tool for viewing open ports and connections
Process viewer: user interface tool for showing open processes as well as kid processes
Autoruns: List all programs that may run on start and wherever they're referred to from
Hijack This: Displays a listing of unusual written account entries and files on the drive
Spybot S&D: Originally volunteer supported scanning and detection tool.
Hopefully, this blog is helpful for you and you can understand ethical hacking's Ports and Protocol, Enumeration, Password Cracking, Trojans, and Malware.
For more such blogs visit our website and if you want to become an ethical hacker and make your career in hacking then join scode network institute now.
Comments