Learn Ethical Hacking From Scratch

Learn Ethical Hacking From Scratch

by Zaid Sabih
Released April 2018
Publisher(s): Packt Publishing
ISBN: 9781789340297

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

Welcome to this comprehensive course on ethical hacking! This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing on your own machine. All the attacks explained in this course are launched against real devices in Zaid's lab. The course is structured in a way that will take you through the basics of Linux, computer systems, networks, and how devices communicate with each other. We will start by talking about how we can exploit these systems to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level and by the time you finish, you will have knowledge about most penetration testing fields. You will also learn how to discover and exploit a number of dangerous vulnerabilities such as SQL injections, XSS vulnerabilities, and so on. At the end of each section you will learn how to detect, prevent and secure your system and yourself from these attacks. All the attacks in this course are practical attacks that work against any computer device, so it does not matter if the device is a phone, tablet, laptop, or whatever. Each attack is explained in a simple way: first you will learn the theory behind each attack and then you will learn how to carry out the attack using Kali Linux.

What You Will Learn

  • In this course, you have access to 120 detailed videos about ethical hacking and computer security
  • Learn about hacking, ethical hacking, and different types of hackers
  • Learn about the different fields of ethical hacking
  • Set up a lab environment to practice hacking
  • Install Kali Linux - a penetration testing operating system
  • Install Windows and vulnerable operating systems as virtual machines for testing
  • Learn Linux basics and commands and how to interact with the terminal
  • Learn network penetration testing, network basics, how devices interact inside a network, and a number of practical attacks that can be used without knowing the key to the target network
  • Control the connections of clients around you without knowing the password
  • Create a fake Wi-Fi network with internet connection and spy on clients and much more

Audience

Anybody who is interested in learning ethical hacking or penetration testing; anybody who wants to learn how hackers would attack their computer systems; anybody who wants to learn how to secure their systems from a hacker.

About The Author

Zaid Sabih: Zaid Sabih is an ethical hacker, a computer scientist, and the founder and CTO of zSecurity. He has valuable experience in ethical hacking—he started working as a pentester with iSecurity. In 2013, he started teaching his first network hacking course—which received amazing feedback—leading him to publish a number of online ethical hacking courses, each focusing on a specific topic, all of which are dominating ethical hacking. Now, Zaid has more than 300,000 students worldwide.

Table of contents

  1. Chapter 1 : Introduction
    1. Course Introduction Overview
    2. Teaser - Hacking a Windows 10 Computer Accessing Their Webcam
    3. What Is Hacking Why Learn It?
  2. Chapter 2 : Setting up The Lab
    1. Lab Overview Needed Software
    2. Installing Kali 2018 as a Virtual Machine
    3. Installing Metasploitable as a Virtual Machine
    4. Installing Windows as a Virtual Machine
    5. Creating Using Snapshots
  3. Chapter 3 : Linux Basics
    1. Basic Overview of Kali Linux
    2. The Terminal Linux Commands
    3. Updating Sources Installing Programs
  4. Chapter 4 : Network Penetration Testing
    1. Network Penetration Testing Introduction
    2. Networks Basics
    3. Connecting a Wireless Adapter to Kali
    4. What is MAC Address How to Change It?
    5. Wireless Modes (Managed Monitor)
    6. Enabling Monitor Mode Manually (2nd method)
    7. Enabling Monitor Mode Using airmon-ng (3rd method)
  5. Chapter 5 : Network Penetration Testing - Pre Connection Attacks
    1. Packet Sniffing Basics Using Airodump-ng
    2. Targeted Packet Sniffing Using Airodump-ng
    3. Deauthentication Attack (Disconnecting Any Device from the Network)
    4. Creating a Fake Access Point (Honeypot) – Theory
    5. Creating a Fake Access Point (Honeypot) – Practical
  6. Chapter 6 : Network Penetration Testing - Gaining Access (WEP/WPA/WPA2 Cracking)
    1. Gaining Access Introduction
    2. WEP Cracking - Theory behind Cracking WEP Encryption
    3. WEP Cracking - Basic Case
    4. WEP Cracking - Fake Authentication
    5. WEP Cracking - ARP Request Replay Attack
    6. WPA Cracking – Introduction
    7. WPA Cracking - Exploiting WPS Feature
    8. WPA Cracking - Theory behind WPA/WPA2 Cracking
    9. WPA Cracking - How to Capture the Handshake
    10. WPA Cracking - Creating a Wordlist
    11. WPA Cracking - Using a Wordlist Attack
    12. How to Configure Wireless Security Settings to Secure Your Network
  7. Chapter 7 : Network Penetration Testing - Post Connection Attacks
    1. Introduction
    2. Information Gathering - Discovering Connected Clients using netdiscover
    3. Gathering More Information Using Autoscan
    4. 7_4_T
    5. MITM - ARP Poisoning Theory
    6. MITM - ARP Spoofing using arpspoof
    7. MITM - ARP Spoofing Using MITMf
    8. MITM - Bypassing HTTPS
    9. MITM - Session Hijacking
    10. MITM - DNS Spoofing
    11. MITM - Capturing Screen of Target Injecting a Keylogger
    12. MITM - Injecting JavaScript/HTML Code
    13. MITM - Using MITMf against Real Networks
    14. Wireshark - Basic Overview How to Use It with MITM Attacks
    15. Wireshark - Sniffing Data Analysing HTTP Traffic
    16. Wireshark - Capturing Passwords Cookies Entered By Any Device in the Network
  8. Chapter 8 : Network Penetration Testing - Detection Security
    1. Detecting ARP Poisoning Attacks
    2. Detecting suspicious Activities Using Wireshark
  9. Chapter 9 : Gaining Access to Computer Devices
    1. Gaining Access Introduction
  10. Chapter 10 : Gaining Access - Server Side Attacks
    1. Introduction
    2. Basic Information Gathering Exploitation
    3. Using a Basic Metasploit Exploit
    4. Exploiting a Code Execution Vulnerability
    5. MSFC - Installing MSFC (Metasploit Community)
    6. MSFC - Scanning Target(s) For Vulnerabilities
    7. MSFC - Analysing Scan results Exploiting Target System
    8. Nexpose - Installing Nexpose
    9. Nexpose - How to Configure Launch a Scan
    10. Nexpose - Analysing Scan Results Generating Reports
  11. Chapter 11 : Gaining Access - Client Side Attacks
    1. Introduction
    2. Installing Veil 3
    3. Veil Overview Payloads Basics
    4. Generating an Undetectable Backdoor Using Veil 3
    5. Listening For Incoming Connections
    6. Using a Basic Delivery Method to Test the Backdoor Hack Windows 10
    7. Backdoor Delivery Method 1 - Using a Fake Update
    8. Backdoor Delivery Method 2 - Backdooring Downloads on the Fly
    9. How to Protect Yourself from the Discussed Delivery Methods
  12. Chapter 12 : Gaining Access - Client Side Attacks - Social Engineering
    1. Introduction
    2. Maltego Basics
    3. Discovering Websites, Links Social Networking Accounts Associated With Target
    4. Discovering Twitter Friends Associated Accounts
    5. Discovering Emails of the Target's Friends
    6. Analysing the Gathered Info Building an Attack Strategy
    7. Backdooring Any File Type (images, pdf's ...etc)
    8. Compiling Changing Trojan's Icon
    9. Spoofing .exe Extension to Any Extension (jpg, pdf ...etc)
    10. Spoofing Emails - Send Emails as Any Email Account You Want
    11. BeEF Overview Basic Hook Method
    12. BeEF - hooking targets using MITMf
    13. BeEF - Running Basic Commands On Target
    14. BeEF - Stealing Credentials/Passwords Using a Fake Login Prompt
    15. BeEF - Gaining Full Control over Windows Target
    16. Detecting Trojans Manually
    17. Detecting Trojans Using a Sandbox
  13. Chapter 13 : Gaining Access - Using the Above Attacks outside the Local Network
    1. Overview of the Setup
    2. Ex1 - Generating a Backdoor That Works Outside the Network
    3. Configuring the Router to Forward Connections to Kali
    4. Ex2 - Using BeEF outside the Network
  14. Chapter 14 : Post Exploitation
    1. Introduction
    2. Meterpreter Basics
    3. File System Commands
    4. Maintaining Access - Basic Methods
    5. Maintaining Access - Using a Reliable Undetectable Method
    6. Spying - Capturing Key Strikes Taking Screen Shots
    7. Pivoting - Theory (What is Pivoting?)
    8. Pivoting - Exploiting Devices on the Same Network as the Target Computer
  15. Chapter 15 : Website Penetration Testing
    1. Introduction - What Is A Website?
    2. How to Hack a Website?
  16. Chapter 16 : Website Pentesting - Information Gathering
    1. Gathering Basic Information Using Who is Lookup
    2. Discovering Technologies Used On the Website
    3. Gathering Comprehensive DNS Information
    4. Discovering Websites on the Same Server
    5. Discovering Subdomains
    6. Discovering Sensitive Files
    7. Analysing Discovered Files
  17. Chapter 17 : Website Pentesting - File Upload, Code Execution File Inclusion Vulnerabilities
    1. Discovering Exploiting File Upload Vulnerabilities
    2. Discovering Exploiting Code Execution Vulnerabilities
    3. Discovering Exploiting Local File Inclusion Vulnerabilities
    4. Remote File Inclusion Vulnerabilities - Configuring PHP Settings
    5. Remote File Inclusion Vulnerabilities - Discovery Exploitation
    6. Preventing the Above Vulnerabilities
  18. Chapter 18 : Website Pentesting - SQL Injection Vulnerabilities
    1. What is SQL?
    2. Dangers of SQL Injection Vulnerabilities
    3. Discovering SQL injections In POST
    4. Bypassing Logins Using SQL injection Vulnerability
    5. Discovering SQL injections in GET
    6. Reading Database Information
    7. Finding Database Tables
    8. Extracting Sensitive Data Such As Passwords
    9. Reading Writing Files on the Server Using SQL Injection Vulnerability
    10. Discovering SQL Injections Extracting Data Using SQLmap
    11. The Right Way to Prevent SQL Injection
  19. Chapter 19 : Website Pentesting - Cross Site Scripting Vulnerabilities
    1. Introduction - What is XSS or Cross Site Scripting?
    2. Discovering Reflected XSS
    3. Discovering Stored XSS
    4. Exploiting XSS - Hooking Vulnerable Page Visitors to BeEF
    5. Preventing XSS Vulnerabilities
  20. Chapter 20 : Website Pentesting - Discovering Vulnerabilities Automatically Using OWASP ZAP
    1. Scanning Target Website for Vulnerabilities
    2. Analysing Scan Results

Product information

  • Title: Learn Ethical Hacking From Scratch
  • Author(s): Zaid Sabih
  • Release date: April 2018
  • Publisher(s): Packt Publishing
  • ISBN: 9781789340297