tech tutorials

C# Preprocessor directives

In this tutorial, we’ll learn about Preprocessor Directives, available directives in C#, and when, why and how why they are used.

As the name justifies, preprocessor directives are a block of statements that gets processed before the actual compilation starts. C# preprocessor directives are the commands for the compiler that affects the compilation process.

These commands specifies which sections of the code to compile or how to handle specific errors and warnings.

C# preprocessor directive begins with a # (hash) symbol and all preprocessor directives last for one line. Preprocessor directives are terminated by new line rather than semicolon.

The preprocessor directives available in C# are:

Preprocessor Directive	Description	Syntax
`#if`	Checks if a preprocessor expression is true or not	#if preprocessor-expression code to compile #endif
`#elif`	Used along with `#if` to check multiple preprocessor expressions	#if preprocessor-expression-1 code to compile #elif preprocessor-expression-2 code to compile #endif
`#else`	Used along with `#if` to create compound conditional directive.	#if preprocessor-expression code to compile #elif code to compile #endif
`#endif`	Used along with `#if` to indicate the end of a conditional directive	#if preprocessor-expression code to compile #endif
`#define`	Used to define a symbol	#define SYMBOL
`#undef`	Used to undefine a symbol	#undef SYMBOL
`#warning`	Allows us to generate level 1 warning from our code	#warning warning-message
`#error`	Allows us to generate error from our code	#error error-message
`#line`	Allows us to modify the compiler’s line number and filename to display errors and warnings	#line line-number file-name
`#region`	Allows us to create a region that can be expanded or collapsed when using a Visual Studio Code Editor	#region region-description codes #endregion
`#endregion`	Indicates the end of a region	#region region-description codes #endregion
`#pragma`	Gives the compiler special instructions for the compilation of the file in which it appears.	#pragma pragma-name pragma-arguments

#define directive

The #define directive allows us to define a symbol.
Symbols that are defined when used along with #if directive will evaluate to true.
These symbols can be used to specify conditions for compilation.
Syntax:#define SYMBOL
For example:#define TESTINGHere, TESTING is a symbol.

#undef directive

The #undef directive allows us to undefine a symbol.
Undefined symbols when used along with #if directive will evaluate to false.
Syntax:#undef SYMBOL
For example:#undef TESTINGHere, TESTING is a symbol.

#if directive

The #if directive are used to test the preprocessor expression.
A preprocessor expression may consists of a symbol only or combination of symbols along with operators like && (AND), || (OR), ! (NOT).
#if directive is followed by an #endif directive.
The codes inside the #if directive is compiled only if the expression tested with #if evaluates to true.
Syntax:#if preprocessor-expression code to compile< #endif
For example:#if TESTING Console.WriteLine(“Currently Testing”); #endif

Example 1: How to use #if directive?

#define CSHARP

using System;
 
namespace Directive
{
	class ConditionalDirective
	{
		public static void Main(string[] args)
		{
			#if (CSHARP)
				Console.WriteLine("CSHARP is defined");
			#endif
		}
	}
}

When we run the program, the output will be:

CSHARP is defined

In the above program, CSHARP symbol is defined using the #define directive at the beginning of program. Inside the Main() method, #if directive is used to test whether CSHARP is true or not. The block of code inside #if directive is compiled only if CSHARP is defined.

#elif directive

The #elif directive is used along with #if directive that lets us create a compound conditional directive.
It is used when testing multiple preprocessor expression.
The codes inside the #elif directive is compiled only if the expression tested with that #elif evaluates to true.
Syntax:#if preprocessor-expression-1 code to compile #elif preprocessor-expression-2 code-to-compile #endif
For example:#if TESTING Console.WriteLine(“Currently Testing”); #elif TRAINING Console.WriteLine(“Currently Training”); #endif

#else directive

The #else directive is used along with #if directive.
If none of the expression in the preceding #if and #elif (if present) directives are true, the codes inside the #else directive will be compiled.
Syntax:#if preprocessor-expression-1 code to compile #elif preprocessor-expression-2 code-to-compile #else code-to-compile #endif
For example:#if TESTING Console.WriteLine(“Currently Testing”); #elif TRAINING Console.WriteLine(“Currently Training”); #else Console.WriteLine(“Neither Testing nor Training”); #endif

#endif directive

The #endif directive is used along with #if directive to indicate the end of #if directive.
Syntax:#if preprocessor-expression-1 code to compile #endif
For example:#if TESTING Console.WriteLine(“Currently Testing”); #endif

Example 2: How to use conditional directive (if, elif, else, endif) ?

#define CSHARP
#undef PYTHON
 
using System;
 
namespace Directive
{
	class ConditionalDirective
	{
		static void Main(string[] args)
		{
			#if (CSHARP && PYTHON)
				Console.WriteLine("CSHARP and PYTHON are defined");
			#elif (CSHARP && !PYTHON)
				Console.WriteLine("CSHARP is defined, PYTHON is undefined");
			#elif (!CSHARP && PYTHON)
				Console.WriteLine("PYTHON is defined, CSHARP is undefined");
			#else
				Console.WriteLine("CSHARP and PYTHON are undefined");
			#endif
		}
	}
}

When we run the program, the output will be:

CSHARP is defined, PYTHON is undefined

In this example, we can see the use of #elif and #else directive. These directive are used when there are multiple conditions to be tested. Also, symbols can be combined using logical operators to form a preprocessor expression.

#warning directive

The #warning directive allows us to generate a user-defined level one warning from our code.
Syntax:#warning warning-message
For example:#warning This is a warning message

Example 3: How to use #warning directive?

using System;
 
namespace Directives
{
	class WarningDirective
	{
		public static void Main(string[] args)
		{
			#if (!CSHARP)
				#warning CSHARP is undefined
			#endif
			Console.WriteLine("#warning directive example");
		}
	}
}

When we run the program, the output will be:

Program.cs(10,26): warning CS1030: #warning: 'CSHARP is undefined' [/home/myuser/csharp/directives-project/directives-project.csproj]
#warning directive example

After running the above program, we will see the output as above. The text represents a warning message. Here, we are generating a user-defined warning message using the #warning directive.

Note that the statements after the #warning directive are also executed. It means that the #warning directive does not terminate the program but just throws a warning.

#error directive

The #error directive allows us to generate a user-defined error from our code.
Syntax:#error error-message
For example:#error This is an error message

Example 4: How to use #error directive?

using System;
 
namespace Directive
{
	class Error
	{
		public static void Main(string[] args)
		{
			#if (!CSHARP)
				#error CSHARP is undefined
			#endif
			Console.WriteLine("#error directive example");
		}
	}
}

When we run the program, the output will be:

Program.cs(10,24): error CS1029: #error: 'CSHARP is undefined' [/home/myuser/csharp/directives-project/directives-project.csproj]
The build failed. Please fix the build errors and run again.

We will see some errors, probably like above. Here we are generating a user-defined error.

Another thing to note here is the program will be terminated and the line #error directive example won’t be printed as it was in the #warning directive.

#line directive

The #line directive allows us to modify the line number and the filename for errors and warnings.
Syntax:#line line-number file-name
For example:#line 50 “fakeprogram.cs”

Example 5: How to use #line directive?

using System;
 
namespace Directive
{
	class Error
	{
		public static void Main(string[] args)
		{
			#line 200 "AnotherProgram.cs"
			#warning Actual Warning generated by Program.cs on line 10
		}
	}
}

When we run the program, the output will be:

AnotherProgram.cs(200,22): warning CS1030: #warning: 'Actual Warning generated by Program.cs on line 10' [/home/myuser/csh
arp/directive-project/directive-project.csproj]

We have saved the above example as Program.cs. The warning was actually generated at line 10 by Program.cs. Using the #line directive, we have changed the line number to 200 and the filename to AnotherProgram.cs that generated the error.

#region and #endregion directive

The #region directive allows us to create a region that can be expanded or collapsed when using a Visual Studio Code Editor.
This directive is simply used to organize the code.
The #region block can not overlap with a #if block. However, a #region block can be included within a #if block and a #if block can overlap with a #region block.
#endregion directive indicates the end of a #region block.
Syntax:#region region-description codes #endregion

Example 6: How to use #region directive?

using System;
 
namespace Directive
{
	class Region
	{
		public static void Main(string[] args)
		{
			#region Hello
			Console.WriteLine("Hello");
			Console.WriteLine("Hello");
			Console.WriteLine("Hello");
			Console.WriteLine("Hello");
			Console.WriteLine("Hello");
			#endregion
		}
	}
}

When we run the program, the output will be:

Hello
Hello
Hello
Hello
Hello

#pragma directive

The #pragma directive is used to give the compiler some special instructions for the compilation of the file in which it appears.
The instruction may include disabling or enabling some warnings.
C# supports two #pragma instructions:
- #pragma warning: Used for disabling or enabling warnings
- #pragma checksum: It generates checksums for source files which will be used for debugging.
Syntax:#pragma pragma-name pragma-arguments
For example:#pragma warning disable

Example 7: How to use #pragma directive?

using System;
 
namespace Directive
{
	class Error
	{
		public static void Main(string[] args)
		{
			#pragma warning disable
			#warning This is a warning 1
			#pragma warning restore
			#warning This is a warning 2
		}
	}
}

When we run the program, the output will be:

Program.cs(12,22): warning CS1030: #warning: 'This is a warning 2' [/home/myuser/csharp/directive-project/directive-project.csproj]

We can see that only the second warning is displayed on the output screen.

This is because, we initially disabled all warnings before the first warning and restored them only before the second warning. This is the reason why the first warning was hidden.

We can also disable specific warning instead of all warning.

To learn more about #pragma, visit #pragma (C# reference).

< prev

tech tutorials

What is Social Engineering?

topics of the tutorials

What is hacking?

Potential Security Threats

Skills for Ethical Hacker

Cryptography

What is Social Engineering?

How to Crack a Password

Worm, Virus & Trojan Horse

ARP Poisoning

Wireshark Tutorial

How to Hack WiFi

DoS (Denial of Service) Attack

BEST DDoS Attack Tools

How to Hack a Web Server

SQL Injection Tutorial

How to Hack a Website

Hacking Linux OS

CISSP Certification Guide

What is Digital Forensics?

What is Cybercrime?

Web Security Vulnerabilities

30 Bug Bounty Programs

Best Penetration Testing (Pen Testing) Tools

Kali Linux Tutorial

13 BEST Operating System for Hacking

11 Best Wireshark Alternatives

13 BEST Vulnerability for Websites, Network

Best 16 No-Log VPN

17 Best IP & Network Scanning Tools

11 Best FREE Firewall Software

16 BEST Ethical Hacking Books

What is Social Engineering?

Social engineering is the art of manipulating users of a computing system into revealing confidential information that can be used to gain unauthorized access to a computer system. The term can also include activities such as exploiting human kindness, greed, and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software.

Knowing the tricks used by hackers to trick users into releasing vital login information among others is fundamental in protecting computer systems

In this tutorial, we will introduce you to the common social engineering techniques and how you can come up with security measures to counter them.

How social engineering Works?

HERE,

Gather Information: This is the first stage, the learns as much as he can about the intended victim. The information is gathered from company websites, other publications and sometimes by talking to the users of the target system.
Plan Attack: The attackers outline how he/she intends to execute the attack
Acquire Tools: These include computer programs that an attacker will use when launching the attack.
Attack: Exploit the weaknesses in the target system.
Use acquired knowledge: Information gathered during the social engineering tactics such as pet names, birthdates of the organization founders, etc. is used in attacks such as password guessing.

Common Social Engineering Techniques:

Social engineering techniques can take many forms. The following is the list of the commonly used techniques.

Familiarity Exploit: Users are less suspicious of people they are familiar with. An attacker can familiarize him/herself with the users of the target system prior to the social engineering attack. The attacker may interact with users during meals, when users are smoking he may join, on social events, etc. This makes the attacker familiar to the users. Let’s suppose that the user works in a building that requires an access code or card to gain access; the attacker may follow the users as they enter such places. The users are most like to hold the door open for the attacker to go in as they are familiar with them. The attacker can also ask for answers to questions such as where you met your spouse, the name of your high school math teacher, etc. The users are most likely to reveal answers as they trust the familiar face. This information could be used to hack email accounts and other accounts that ask similar questions if one forgets their password.
Intimidating Circumstances: People tend to avoid people who intimidate others around them. Using this technique, the attacker may pretend to have a heated argument on the phone or with an accomplice in the scheme. The attacker may then ask users for information which would be used to compromise the security of the users’ system. The users are most likely give the correct answers just to avoid having a confrontation with the attacker. This technique can also be used to avoid been checked at a security check point.
Phishing: This technique uses trickery and deceit to obtain private data from users. The social engineer may try to impersonate a genuine website such as Yahoo and then ask the unsuspecting user to confirm their account name and password. This technique could also be used to get credit card information or any other valuable personal data.
Tailgating: This technique involves following users behind as they enter restricted areas. As a human courtesy, the user is most likely to let the social engineer inside the restricted area.
Exploiting human curiosity: Using this technique, the social engineer may deliberately drop a virus infected flash disk in an area where the users can easily pick it up. The user will most likely plug the flash disk into the computer. The flash disk may auto run the virus, or the user may be tempted to open a file with a name such as Employees Revaluation Report 2013.docx which may actually be an infected file.
Exploiting human greed: Using this technique, the social engineer may lure the user with promises of making a lot of money online by filling in a form and confirm their details using credit card details, etc.

Social Engineering Counter Measures

Most techniques employed by social engineers involve manipulating human biases. To counter such techniques, an organization can;

To counter the familiarity exploit, the users must be trained to not substitute familiarity with security measures. Even the people that they are familiar with must prove that they have the authorization to access certain areas and information.
To counter intimidating circumstances attacks, users must be trained to identify social engineering techniques that fish for sensitive information and politely say no.
To counter phishing techniques, most sites such as Yahoo use secure connections to encrypt data and prove that they are who they claim to be. Checking the URL may help you spot fake sites. Avoid responding to emails that request you to provide personal information.
To counter tailgating attacks, users must be trained not to let others use their security clearance to gain access to restricted areas. Each user must use their own access clearance.
To counter human curiosity, it’s better to submit picked up flash disks to system administrators who should scan them for viruses or other infection preferably on an isolated machine.
To counter techniques that exploit human greed, employees must be trained on the dangers of falling for such scams.

< prev

next >

tech tutorials

How to Crack a Password?

topics of the tutorials

What is hacking?

Potential Security Threats

Skills for Ethical Hacker

Cryptography

What is Social Engineering?

How to Crack a Password

Worm, Virus & Trojan Horse

ARP Poisoning

Wireshark Tutorial

How to Hack WiFi

DoS (Denial of Service) Attack

BEST DDoS Attack Tools

How to Hack a Web Server

SQL Injection Tutorial

How to Hack a Website

Hacking Linux OS

CISSP Certification Guide

What is Digital Forensics?

What is Cybercrime?

Web Security Vulnerabilities

30 Bug Bounty Programs

Best Penetration Testing (Pen Testing) Tools

Kali Linux Tutorial

13 BEST Operating System for Hacking

11 Best Wireshark Alternatives

13 BEST Vulnerability for Websites, Network

Best 16 No-Log VPN

17 Best IP & Network Scanning Tools

11 Best FREE Firewall Software

16 BEST Ethical Hacking Books

What is Password Cracking?

Password cracking is the process of attempting to gain Unauthorized access to restricted systems using common passwords or algorithms that guess passwords. In other words, it’s an art of obtaining the correct password that gives access to a system protected by an authentication method.

Password cracking employs a number of techniques to achieve its goals. The cracking process can involve either comparing stored passwords against word list or use algorithms to generate passwords that match

In this Tutorial, we will introduce you to the common password cracking techniques and the countermeasures you can implement to protect systems against such attacks.

What is password strength?

Password strength is the measure of a password’s efficiency to resist password cracking attacks. The strength of a password is determined by;

Length: the number of characters the password contains.
Complexity: does it use a combination of letters, numbers, and symbol?
Unpredictability: is it something that can be guessed easily by an attacker?

Let’s now look at a practical example. We will use three passwords namely

1. password

2. password1

3. #password1$

For this example, we will use the password strength indicator of Cpanel when creating passwords. The images below show the password strengths of each of the above-listed passwords.

Note: the password used is password the strength is 1, and it’s very weak.

Note: the password used is password1 the strength is 28, and it’s still weak.

Note: The password used is #password1$ the strength is 60 and it’s strong.

The higher the strength number, better the password.

Let’s suppose that we have to store our above passwords using md5 encryption. We will use an online md5 hash generator to convert our passwords into md5 hashes.

The table below shows the password hashes

Password	MD5 Hash	Cpanel Strength Indicator
password	5f4dcc3b5aa765d61d8327deb882cf99	1
password1	7c6a180b36896a0a8c02787eeafb0e4c	28
#password1$	29e08fb7103c327d68327f23d8d9256c	60

We will now use http://www.md5this.com/ to crack the above hashes. The images below show the password cracking results for the above passwords.

As you can see from the above results, we managed to crack the first and second passwords that had lower strength numbers. We didn’t manage to crack the third password which was longer, complex and unpredictable. It had a higher strength number.

Password cracking techniques

There are a number of techniques that can be used to crack passwords. We will describe the most commonly used ones below;

Dictionary attack– This method involves the use of a wordlist to compare against user passwords.
Brute force attack– This method is similar to the dictionary attack. Brute force attacks use algorithms that combine alpha-numeric characters and symbols to come up with passwords for the attack. For example, a password of the value “password” can also be tried as p@$$word using the brute force attack.
Rainbow table attack– This method uses pre-computed hashes. Let’s assume that we have a database which stores passwords as md5 hashes. We can create another database that has md5 hashes of commonly used passwords. We can then compare the password hash we have against the stored hashes in the database. If a match is found, then we have the password.
Guess– As the name suggests, this method involves guessing. Passwords such as qwerty, password, admin, etc. are commonly used or set as default passwords. If they have not been changed or if the user is careless when selecting passwords, then they can be easily compromised.
Spidering– Most organizations use passwords that contain company information. This information can be found on company websites, social media such as facebook, twitter, etc. Spidering gathers information from these sources to come up with word lists. The word list is then used to perform dictionary and brute force attacks.

Spidering sample dictionary attack wordlist

1976 <founder birth year>

smith jones <founder name>

acme <company name/initials>

built|to|last <words in company vision/mission>

golfing|chess|soccer <founders hobbies

Password cracking tool

These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths. The website www.md5this.com uses a rainbow table to crack passwords. We will now look at some of the commonly used tools

John the Ripper

John the Ripper uses the command prompt to crack passwords. This makes it suitable for advanced users who are comfortable working with commands. It uses to wordlist to crack passwords. The program is free, but the word list has to be bought. It has free alternative word lists that you can use. Visit the product website https://www.openwall.com/john/ for more information and how to use it.

Cain & Abel

Cain & Abel runs on windows. It is used to recover passwords for user accounts, recovery of Microsoft Access passwords; networking sniffing, etc. Unlike John the Ripper, Cain & Abel uses a graphic user interface. It is very common among newbies and script kiddies because of its simplicity of use. Visit the product website http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml for more information and how to use it.

Ophcrack

Ophcrack is a cross-platform Windows password cracker that uses rainbow tables to crack passwords. It runs on Windows, Linux and Mac OS. It also has a module for brute force attacks among other features. Visit the product website http://ophcrack.sourceforge.net/ for more information and how to use it.

Password Cracking Counter Measures

An organization can use the following methods to reduce the chances of the passwords been cracked
Avoid short and easily predicable passwords
Avoid using passwords with predictable patterns such as 11552266.
Passwords stored in the database must always be encrypted. For md5 encryptions, its better to salt the password hashes before storing them. Salting involves adding some word to the provided password before creating the hash.
Most registration systems have password strength indicators, organizations must adopt policies that favor high password strength numbers.

Hacking Activity: Hack Now!

In this practical scenario, we are going to crack Windows account with a simple password. Windows uses NTLM hashes to encrypt passwords. We will use the NTLM cracker tool in Cain and Abel to do that.

Cain and Abel cracker can be used to crack passwords using;

Dictionary attack
Brute force
Cryptanalysis

We will use the dictionary attack in this example. You will need to download the dictionary attack wordlist here 10k-Most-Common.zip

For this demonstration, we have created an account called Accounts with the password qwerty on Windows 7.

Password cracking steps

Open Cain and Abel, you will get the following main screen

Make sure the cracker tab is selected as shown above
Click on the Add button on the toolbar.

The following dialog window will appear

The local user accounts will be displayed as follows. Note the results shown will be of the user accounts on your local machine.

Right click on the account you want to crack. For this tutorial, we will use Accounts as the user account.

The following screen will appear

Right click on the dictionary section and select Add to list menu as shown above
Browse to the 10k most common.txt file that you just downloaded

Click on start button
If the user used a simple password like qwerty, then you should be able to get the following results.

Note: the time taken to crack the password depends on the password strength, complexity and processing power of your machine.
If the password is not cracked using a dictionary attack, you can try brute force or cryptanalysis attacks.

< prev

next >

tech tutorials

Worm, Virus & Trojan Horse

topics of the tutorials

What is hacking?

Potential Security Threats

Skills for Ethical Hacker

Cryptography

What is Social Engineering?

How to Crack a Password

Worm, Virus & Trojan Horse

ARP Poisoning

Wireshark Tutorial

How to Hack WiFi

DoS (Denial of Service) Attack

BEST DDoS Attack Tools

How to Hack a Web Server

SQL Injection Tutorial

How to Hack a Website

Hacking Linux OS

CISSP Certification Guide

What is Digital Forensics?

What is Cybercrime?

Web Security Vulnerabilities

30 Bug Bounty Programs

Best Penetration Testing (Pen Testing) Tools

Kali Linux Tutorial

13 BEST Operating System for Hacking

11 Best Wireshark Alternatives

13 BEST Vulnerability for Websites, Network

Best 16 No-Log VPN

17 Best IP & Network Scanning Tools

11 Best FREE Firewall Software

16 BEST Ethical Hacking Books

Some of the skills that hackers have are programming and computer networking skills. They often use these skills to gain access to systems. The objective of targeting an organization would be to steal sensitive data, disrupt business operations or physically damage computer controlled equipment. Trojans, viruses, and worms can be used to achieve the above-stated objectives.

In this article, we will introduce you to some of the ways that hackers can use Trojans, viruses, and worms to compromise a computer system. We will also look at the countermeasures that can be used to protect against such activities.

What is a Trojan horse?

A Trojan horse is a program that allows the attack to control the user’s computer from a remote location. The program is usually disguised as something that is useful to the user. Once the user has installed the program, it has the ability to install malicious payloads, create backdoors, install other unwanted applications that can be used to compromise the user’s computer, etc.

The list below shows some of the activities that the attacker can perform using a Trojan horse.

Use the user’s computer as part of the Botnet when performing distributed denial of service attacks.
Damage the user’s computer (crashing, blue screen of death, etc.)
Stealing sensitive data such as stored passwords, credit card information, etc.
Modifying files on the user’s computer
Electronic money theft by performing unauthorized money transfer transactions
Log all the keys that a user presses on the keyboard and sending the data to the attacker. This method is used to harvest user ids, passwords, and other sensitive data.
Viewing the users’ screenshot
Downloading browsing history data

What is a worm?

Learn everything about Trojans, Viruses and Worms

A worm is a malicious computer program that replicates itself usually over a computer network. An attacker may use a worm to accomplish the following tasks;

Humiliated Indian Casino CEO Fired After This Huge Mistake

If you live in India and want to earn some extra money easily, then this may be the most exciting article you’ll ever read.See More

Install backdoors on the victim’s computers. The created backdoor may be used to create zombie computers that are used to send spam emails, perform distributed denial of service attacks, etc. the backdoors can also be exploited by other malware.
Worms may also slowdown the network by consuming the bandwidth as they replicate.
Install harmful payload code carried within the worm.

What is a Virus?

A virus is a computer program that attaches itself to legitimate programs and files without the user’s consent. Viruses can consume computer resources such as memory and CPU time. The attacked programs and files are said to be “infected”. A computer virus may be used to;
Access private data such as user id and passwords
Display annoying messages to the user
Corrupt data in your computer
Log the user’s keystrokes

Computer viruses have been known to employ social engineering techniques. These techniques involve deceiving the users to open the files which appear to be normal files such as Word or Excel documents. Once the file is opened, the virus code is executed and does what it’s intended to do.

Trojans, Viruses, and Worms counter measures

To protect against such attacks, an organization can use the following methods.
A policy that prohibits users from downloading unnecessary files from the Internet such as spam email attachments, games, programs that claim to speed up downloads, etc.
Anti-virus software must be installed on all user computers. The anti-virus software should be updated frequently, and scans must be performed at specified time intervals.
Scan external storage devices on an isolated machine especially those that originate from outside the organization.
Regular backups of critical data must be made and stored on preferably read-only media such as CDs and DVDs.
Worms exploit vulnerabilities in the operating systems. Downloading operating system updates can help reduce the infection and replication of worms.
Worms can also be avoided by scanning, all email attachments before downloading them.

Trojan, Virus, and Worm Differential Table

	Trojan	Virus	Worm
Definition	Malicious program used to control a victim’s computer from a remote location.	Self replicating program that attaches itself to other programs and files	Illegitimate programs that replicate themselves usually over the network
Purpose	Steal sensitive data, spy on the victim’s computer, etc.	Disrupt normal computer usage, corrupt user data, etc.	Install backdoors on victim’s computer, slow down the user’s network, etc.
Counter Measures	Use of anti-virus software, update patches for operating systems, security policy on usage of the internet and external storage media, etc.

< prev

next >

tech tutorials

Learn ARP Poisoning with Examples

topics of the tutorials

What is hacking?

Potential Security Threats

Skills for Ethical Hacker

Cryptography

What is Social Engineering?

How to Crack a Password

Worm, Virus & Trojan Horse

ARP Poisoning

Wireshark Tutorial

How to Hack WiFi

DoS (Denial of Service) Attack

BEST DDoS Attack Tools

How to Hack a Web Server

SQL Injection Tutorial

How to Hack a Website

Hacking Linux OS

CISSP Certification Guide

What is Digital Forensics?

What is Cybercrime?

Web Security Vulnerabilities

30 Bug Bounty Programs

Best Penetration Testing (Pen Testing) Tools

Kali Linux Tutorial

13 BEST Operating System for Hacking

11 Best Wireshark Alternatives

13 BEST Vulnerability for Websites, Network

Best 16 No-Log VPN

17 Best IP & Network Scanning Tools

11 Best FREE Firewall Software

16 BEST Ethical Hacking Books

What is IP and MAC Addresses

IP Address is the acronym for Internet Protocol address. An internet protocol address is used to uniquely identify a computer or device such as printers, storage disks on a computer network. There are currently two versions of IP addresses. IPv4 uses 32-bit numbers. Due to the massive growth of the internet, IPv6 has been developed, and it uses 128-bit numbers.

IPv4 addresses are formatted in four groups of numbers separated by dots. The minimum number is 0, and the maximum number is 255. An example of an IPv4 address looks like this;

127.0.0.1

IPv6 addresses are formatted in groups of six numbers separated by full colons. The group numbers are written as 4 hexadecimal digits. An example of an IPv6 address looks like this;

2001:0db8:85a3:0000:0000:8a2e:0370:7334

In order to simplify the representation of the IP addresses in text format, leading zeros are omitted, and the group of zeros is completed omitted. The above address in a simplified format is displayed as;

2001:db8:85a3:::8a2e:370:7334

MAC Address is the acronym for media access control address. MAC addresses are used to uniquely identify network interfaces for communication at the physical layer of the network. MAC addresses are usually embedded into the network card.

A MAC address is like a serial number of a phone while the IP address is like the phone number.

Exercise

We will assume you are using windows for this exercise. Open the command prompt.

Enter the command

ipconfig /all

You will get detailed information about all the network connections available on your computer. The results shown below are for a broadband modem to show the MAC address and IPv4 format and wireless network to show IPv6 format.

What is ARP Poisoning?

ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC address is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch so that it can associate the fake MAC addresses with the IP address of a genuine computer on a network and hijack the traffic.

ARP Poisoning Countermeasures

Static ARP entries: these can be defined in the local ARP cache and the switch configured to ignore all auto ARP reply packets. The disadvantage of this method is, it’s difficult to maintain on large networks. IP/MAC address mapping has to be distributed to all the computers on the network.

ARP poisoning detection software: these systems can be used to cross check the IP/MAC address resolution and certify them if they are authenticated. Uncertified IP/MAC address resolutions can then be blocked.

Operating System Security: this measure is dependent on the operating system been used. The following are the basic techniques used by various operating systems.

Linux based: these work by ignoring unsolicited ARP reply packets.
Microsoft Windows: the ARP cache behavior can be configured via the registry. The following list includes some of the software that can be used to protect networks against sniffing;

AntiARP– provides protection against both passive and active sniffing
Agnitum Outpost Firewall–provides protection against passive sniffing
XArp– provides protection against both passive and active sniffing
Mac OS: ArpGuard can be used to provide protection. It protects against both active and passive sniffing.

Hacking Activity: Configure ARP entries in Windows

We are using Windows 7 for this exercise, but the commands should be able to work on other versions of windows as well.

Open the command prompt and enter the following command

arp –a

HERE,

aprcalls the ARP configure program located in Windows/System32 directory
-a is the parameter to display to contents of the ARP cache

You will get results similar to the following

Note: dynamic entries are added and deleted automatically when using TCP/IP sessions with remote computers.

Static entries are added manually and are deleted when the computer is restarted, and the network interface card restarted or other activities that affect it.

Adding static entries

Open the command prompt then use the ipconfig /all command to get the IP and MAC address

The MAC address is represented using the Physical Address and the IP address is IPv4Address

Enter the following command

arp –s  192.168.1.38 60-36-DD-A6-C5-43

Note: The IP and MAC address will be different from the ones used here. This is because they are unique.

Use the following command to view the ARP cache

arp –a

You will get the following results

Note the IP address has been resolved to the MAC address we provided and it is of a static type.

Deleting an ARP cache entry

Use the following command to remove an entry

arp –d 192.168.1.38

P.S. ARP poisoning works by sending fake MAC addresses to the switch

< prev

next >

tech tutorials

Wireshark Tutorial: Network & Passwords Sniffer

topics of the tutorials

What is hacking?

Potential Security Threats

Skills for Ethical Hacker

Cryptography

What is Social Engineering?

How to Crack a Password

Worm, Virus & Trojan Horse

ARP Poisoning

Wireshark Tutorial

How to Hack WiFi

DoS (Denial of Service) Attack

BEST DDoS Attack Tools

How to Hack a Web Server

SQL Injection Tutorial

How to Hack a Website

Hacking Linux OS

CISSP Certification Guide

What is Digital Forensics?

What is Cybercrime?

Web Security Vulnerabilities

30 Bug Bounty Programs

Best Penetration Testing (Pen Testing) Tools

Kali Linux Tutorial

13 BEST Operating System for Hacking

11 Best Wireshark Alternatives

13 BEST Vulnerability for Websites, Network

Best 16 No-Log VPN

17 Best IP & Network Scanning Tools

11 Best FREE Firewall Software

16 BEST Ethical Hacking Books

Computers communicate using networks. These networks could be on a local area network LAN or exposed to the internet. Network Sniffers are programs that capture low-level package data that is transmitted over a network. An attacker can analyze this information to discover valuable information such as user ids and passwords.

In this article, we will introduce you to common network sniffing techniques and tools used to sniff networks. We will also look at countermeasures that you can put in place to protect sensitive information been transmitted over a network.

What is network sniffing?

Computers communicate by broadcasting messages on a network using IP addresses. Once a message has been sent on a network, the recipient computer with the matching IP address responds with its MAC address.

Network sniffing is the process of intercepting data packets sent over a network.This can be done by the specialized software program or hardware equipment. Sniffing can be used to;

Capture sensitive data such as login credentials
Eavesdrop on chat messages
Capture files have been transmitted over a network

The following are protocols that are vulnerable to sniffing

Telnet
Rlogin
HTTP
SMTP
NNTP
POP
FTP
IMAP

The above protocols are vulnerable if login details are sent in plain text

Passive and Active Sniffing

Before we look at passive and active sniffing, let’s look at two major devices used to network computers; hubs and switches.

A hub works by sending broadcast messages to all output ports on it except the one that has sent the broadcast. The recipient computer responds to the broadcast message if the IP address matches. This means when using a hub, all the computers on a network can see the broadcast message. It operates at the physical layer (layer 1) of the OSI Model.

The diagram below illustrates how the hub works.

A switch works differently; it maps IP/MAC addresses to physical ports on it. Broadcast messages are sent to the physical ports that match the IP/MAC address configurations for the recipient computer. This means broadcast messages are only seen by the recipient computer. Switches operate at the data link layer (layer 2) and network layer (layer 3).

The diagram below illustrates how the switch works.

Passive sniffing is intercepting packages transmitted over a network that uses a hub. It is called passive sniffing because it is difficult to detect. It is also easy to perform as the hub sends broadcast messages to all the computers on the network.

Active sniffing is intercepting packages transmitted over a network that uses a switch. There are two main methods used to sniff switch linked networks, ARP Poisoning, and MAC flooding.

Hacking Activity: Sniff network traffic

In this practical scenario, we are going to use Wireshark to sniff data packets as they are transmitted over HTTP protocol. For this example, we will sniff the network using Wireshark, then login to a web application that does not use secure communication. We will login to a web application on http://www.techpanda.org/

The login address is admin@google.com , and the password is Password2010.

Note: we will login to the web app for demonstration purposes only. The technique can also sniff data packets from other computers that are on the same network as the one that you are using to sniff. The sniffing is not only limited to techpanda.org, but also sniffs all HTTP and other protocols data packets.

Sniffing the network using Wireshark

The illustration below shows you the steps that you will carry out to complete this exercise without confusion

Download Wireshark from this link http://www.wireshark.org/download.html

Open Wireshark
You will get the following screen

Select the network interface you want to sniff. Note for this demonstration, we are using a wireless network connection. If you are on a local area network, then you should select the local area network interface.
Click on start button as shown above

Open your web browser and type in http://www.techpanda.org/

The login email is admin@google.com and the password is Password2010
Click on submit button
A successful logon should give you the following dashboard

Go back to Wireshark and stop the live capture

Filter for HTTP protocol results only using the filter textbox

Locate the Info column and look for entries with the HTTP verb POST and click on it

Just below the log entries, there is a panel with a summary of captured data. Look for the summary that says Line-based text data: application/x-www-form-urlencoded

You should be able to view the plaintext values of all the POST variables submitted to the server via HTTP protocol.

What is a MAC Flooding?

MAC flooding is a network sniffing technique that floods the switch MAC table with fake MAC addresses. This leads to overloading the switch memory and makes it act as a hub. Once the switch has been compromised, it sends the broadcast messages to all computers on a network. This makes it possible to sniff data packets as they sent on the network.

Counter Measures against MAC flooding

Some switches have the port security feature. This feature can be used to limit the number of MAC addresses on the ports. It can also be used to maintain a secure MAC address table in addition to the one provided by the switch.
Authentication, Authorization and Accounting servers can be used to filter discovered MAC addresses.

Sniffing Counter Measures

Restriction to network physical media highly reduces the chances of a network sniffer been installed
Encrypting messages as they are transmitted over the network greatly reduces their value as they are difficult to decrypt.
Changing the network to a Secure Shell (SSH)network also reduces the chances of the network been sniffed.

Summary

Network sniffing is intercepting packages as they are transmitted over the network
Passive sniffing is done on a network that uses a hub. It is difficult to detect.
Active sniffing is done on a network that uses a switch. It is easy to detect.
MAC flooding works by flooding the MAC table address list with fake MAC addresses. This makes the switch to operate like a HUB
Security measures as outlined above can help protect the network against sniffing.

< prev

next >

tech tutorials

How to Hack WiFi (Wireless) Network

topics of the tutorials

What is hacking?

Potential Security Threats

Skills for Ethical Hacker

Cryptography

What is Social Engineering?

How to Crack a Password

Worm, Virus & Trojan Horse

ARP Poisoning

Wireshark Tutorial

How to Hack WiFi

DoS (Denial of Service) Attack

BEST DDoS Attack Tools

How to Hack a Web Server

SQL Injection Tutorial

How to Hack a Website

Hacking Linux OS

CISSP Certification Guide

What is Digital Forensics?

What is Cybercrime?

Web Security Vulnerabilities

30 Bug Bounty Programs

Best Penetration Testing (Pen Testing) Tools

Kali Linux Tutorial

13 BEST Operating System for Hacking

11 Best Wireshark Alternatives

13 BEST Vulnerability for Websites, Network

Best 16 No-Log VPN

17 Best IP & Network Scanning Tools

11 Best FREE Firewall Software

16 BEST Ethical Hacking Books

Wireless networks are accessible to anyone within the router’s transmission radius. This makes them vulnerable to attacks. Hotspots are available in public places such as airports, restaurants, parks, etc.

In this tutorial, we will introduce you to common techniques used to exploit weaknesses in wireless network security implementations. We will also look at some of the countermeasures you can put in place to protect against such attacks.

What is a wireless network?

A wireless network is a network that uses radio waves to link computers and other devices together. The implementation is done at the Layer 1 (physical layer) of the OSI model.

How to access a wireless network?

You will need a wireless network enabled device such as a laptop, tablet, smartphones, etc. You will also need to be within the transmission radius of a wireless network access point. Most devices (if the wireless network option is turned on) will provide you with a list of available networks. If the network is not password protected, then you just have to click on connect. If it is password protected, then you will need the password to gain access.

Wireless Network Authentication

Since the network is easily accessible to everyone with a wireless network enabled device, most networks are password protected. Let’s look at some of the most commonly used authentication techniques.

WEP

WEP is the acronym for Wired Equivalent Privacy. It was developed for IEEE 802.11 WLAN standards. Its goal was to provide the privacy equivalent to that provided by wired networks. WEP works by encrypting the data been transmitted over the network to keep it safe from eavesdropping.

WEP Authentication

Open System Authentication (OSA) – this methods grants access to station authentication requested based on the configured access policy.

Shared Key Authentication (SKA) – This method sends to an encrypted challenge to the station requesting access. The station encrypts the challenge with its key then responds. If the encrypted challenge matches the AP value, then access is granted.

WEP Weakness

WEP has significant design flaws and vulnerabilities.

The integrity of the packets is checked using Cyclic Redundancy Check (CRC32). CRC32 integrity check can be compromised by capturing at least two packets. The bits in the encrypted stream and the checksum can be modified by the attacker so that the packet is accepted by the authentication system. This leads to unauthorized access to the network.
WEP uses the RC4 encryption algorithm to create stream ciphers. The stream cipher input is made up of an initial value (IV) and a secret key. The length of the initial value (IV) is 24 bits long while the secret key can either be 40 bits or 104 bits long. The total length of both the initial value and secret can either be 64 bits or 128 bits long.The lower possible value of the secret key makes it easy to crack it.
Weak Initial values combinations do not encrypt sufficiently. This makes them vulnerable to attacks.
WEP is based on passwords; this makes it vulnerable to dictionary attacks.
Keys management is poorly implemented. Changing keys especially on large networks is challenging. WEP does not provide a centralized key management system.
The Initial values can be reused

Because of these security flaws, WEP has been deprecated in favor of WPA

WPA

WPA is the acronym for Wi-Fi Protected Access. It is a security protocol developed by the Wi-Fi Alliance in response to the weaknesses found in WEP. It is used to encrypt data on 802.11 WLANs. It uses higher Initial Values 48 bits instead of the 24 bits that WEP uses. It uses temporal keys to encrypt packets.

WPA Weaknesses

The collision avoidance implementation can be broken
It is vulnerable to denial of service attacks
Pre-shares keys use passphrases. Weak passphrases are vulnerable to dictionary attacks.

How to Crack Wireless Networks

WEP cracking

Cracking is the process of exploiting security weaknesses in wireless networks and gaining unauthorized access. WEP cracking refers to exploits on networks that use WEP to implement security controls. There are basically two types of cracks namely;

Passive cracking– this type of cracking has no effect on the network traffic until the WEP security has been cracked. It is difficult to detect.
Active cracking– this type of attack has an increased load effect on the network traffic. It is easy to detect compared to passive cracking. It is more effective compared to passive cracking.

WEP Cracking Tools

Aircrack– network sniffer and WEP cracker. Can be downloaded from http://www.aircrack-ng.org/
WEPCrack– this is an open source program for breaking 802.11 WEP secret keys. It is an implementation of the FMS attack. http://wepcrack.sourceforge.net/
Kismet– this can include detector wireless networks both visible and hidden, sniffer packets and detect intrusions. https://www.kismetwireless.net/
WebDecrypt– this tool uses active dictionary attacks to crack the WEP keys. It has its own key generator and implements packet filters. http://wepdecrypt.sourceforge.net/

WPA Cracking

WPA uses a 256 pre-shared key or passphrase for authentications. Short passphrases are vulnerable to dictionary attacks and other attacks that can be used to crack passwords. The following tools can be used to crack WPA keys.

CowPatty– this tool is used to crack pre-shared keys (PSK) using brute force attack. http://wirelessdefence.org/Contents/coWPAttyMain.htm
Cain & Abel– this tool can be used to decode capture files from other sniffing programs such as Wireshark. The capture files may contain WEP or WPA-PSK encoded frames. http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml

General Attack types

Sniffing– this involves intercepting packets as they are transmitted over a network. The captured data can then be decoded using tools such as Cain & Abel.
Man in the Middle (MITM) Attack– this involves eavesdropping on a network and capturing sensitive information.
Denial of Service Attack– the main intent of this attack is to deny legitimate users network resources. FataJack can be used to perform this type of attack. More on this in article

Cracking Wireless network WEP/WPA keys

It is possible to crack the WEP/WPA keys used to gain access to a wireless network. Doing so requires software and hardware resources, and patience. The success of such attacks can also depend on how active and inactive the users of the target network are.

We will provide you with basic information that can help you get started. Backtrack is a Linux-based security operating system. It is developed on top of Ubuntu. Backtrack comes with a number of security tools. Backtrack can be used to gather information, assess vulnerabilities and perform exploits among other things.

Some of the popular tools that backtrack has includes;

Metasploit
Wireshark
Aircrack-ng
NMap
Ophcrack

Cracking wireless network keys requires patience and resources mentioned above. At a minimum, you will need the following tools

A wireless network adapter with the capability to inject packets (Hardware)

Kali Operating System. You can download it from here https://www.kali.org/downloads/
Be within the target network’s radius. If the users of the target network are actively using and connecting to it, then your chances of cracking it will be significantly improved.
Sufficient knowledge of Linux based operating systems and working knowledge of Aircrack and its various scripts.
Patience, cracking the keys may take a bit of sometime depending on a number of factors some of which may be beyond your control. Factors beyond your control include users of the target network using it actively as you sniff data packets.

How to Secure wireless networks

In minimizing wireless network attacks; an organization can adopt the following policies

Changing default passwords that come with the hardware
Enabling the authentication mechanism
Access to the network can be restricted by allowing only registered MAC addresses.
Use of strong WEP and WPA-PSK keys, a combination of symbols, number and characters reduce the chance of the keys been cracking using dictionary and brute force attacks.
Firewall Software can also help reduce unauthorized access.

Hacking Activity: Crack Wireless Password

In this practical scenario, we are going touse Cain and Abel to decode the stored wireless network passwords in Windows. We will also provide useful information that can be used to crack the WEP and WPA keys of wireless networks.

Decoding Wireless network passwords stored in Windows

Download Cain & Abel from the link provided above.
Open Cain and Abel

Ensure that the Decoders tab is selected then click on Wireless Passwords from the navigation menu on the left-hand side
Click on the button with a plus sign

Assuming you have connected to a secured wireless network before, you will get results similar to the ones shown below

The decoder will show you the encryption type, SSID and the password that was used.

Summary

Wireless network transmission waves can be seen by outsiders, this possesses many security risks.
WEP is the acronym for Wired Equivalent Privacy. It has security flaws which make it easier to break compared to other security implementations.
WPA is the acronym for Wi-Fi Protected Access. It has security compared to WEP
Intrusion Detection Systems can help detect unauthorized access
A good security policy can help protect a network.

< prev

next >

tech tutorials

DoS (Denial of Service) Attack Tutorial: Ping of Death, DDOS

topics of the tutorials

What is hacking?

Potential Security Threats

Skills for Ethical Hacker

Cryptography

What is Social Engineering?

How to Crack a Password

Worm, Virus & Trojan Horse

ARP Poisoning

Wireshark Tutorial

How to Hack WiFi

DoS (Denial of Service) Attack

BEST DDoS Attack Tools

How to Hack a Web Server

SQL Injection Tutorial

How to Hack a Website

Hacking Linux OS

CISSP Certification Guide

What is Digital Forensics?

What is Cybercrime?

Web Security Vulnerabilities

30 Bug Bounty Programs

Best Penetration Testing (Pen Testing) Tools

Kali Linux Tutorial

13 BEST Operating System for Hacking

11 Best Wireshark Alternatives

13 BEST Vulnerability for Websites, Network

Best 16 No-Log VPN

17 Best IP & Network Scanning Tools

11 Best FREE Firewall Software

16 BEST Ethical Hacking Books

What is DoS Attack?

DOS is an attack used to deny legitimate users access to a resource such as accessing a website, network, emails, etc. or making it extremely slow. DoS is the acronym for Denial of Service. This type of attack is usually implemented by hitting the target resource such as a web server with too many requests at the same time. This results in the server failing to respond to all the requests. The effect of this can either be crashing the servers or slowing them down.

Cutting off some business from the internet can lead to significant loss of business or money. The internet and computer networks power a lot of businesses. Some organizations such as payment gateways, e-commerce sites entirely depend on the internet to do business.

In this tutorial, we will introduce you to what denial of service attack is, how it is performed and how you can protect against such attacks.

Types of Dos Attacks

There are two types of Dos attacks namely;

DoS– this type of attack is performed by a single host
Distributed DoS– this type of attack is performed by a number of compromised machines that all target the same victim. It floods the network with data packets.

Ultimate guide to DoS(Denial of Service) Attacks

How DoS attacks work

Let’s look at how DoS attacks are performed and the techniques used. We will look at five common types of attacks.

Ping of Death

The ping command is usually used to test the availability of a network resource. It works by sending small data packets to the network resource. The ping of death takes advantage of this and sends data packets above the maximum limit (65,536 bytes) that TCP/IP allows. TCP/IP fragmentation breaks the packets into small chunks that are sent to the server. Since the sent data packages are larger than what the server can handle, the server can freeze, reboot, or crash.

Smurf

This type of attack uses large amounts of Internet Control Message Protocol (ICMP) ping traffic target at an Internet Broadcast Address. The reply IP address is spoofed to that of the intended victim. All the replies are sent to the victim instead of the IP used for the pings. Since a single Internet Broadcast Address can support a maximum of 255 hosts, a smurf attack amplifies a single ping 255 times. The effect of this is slowing down the network to a point where it is impossible to use it.

Buffer overflow

A buffer is a temporal storage location in RAM that is used to hold data so that the CPU can manipulate it before writing it back to the disc. Buffers have a size limit. This type of attack loads the buffer with more data that it can hold. This causes the buffer to overflow and corrupt the data it holds. An example of a buffer overflow is sending emails with file names that have 256 characters.

Teardrop

This type of attack uses larger data packets. TCP/IP breaks them into fragments that are assembled on the receiving host. The attacker manipulates the packets as they are sent so that they overlap each other. This can cause the intended victim to crash as it tries to re-assemble the packets.

SYN attack

SYN is a short form for Synchronize. This type of attack takes advantage of the three-way handshake to establish communication using TCP. SYN attack works by flooding the victim with incomplete SYN messages. This causes the victim machine to allocate memory resources that are never used and deny access to legitimate users.

DoS attack tools

The following are some of the tools that can be used to perform DoS attacks.

Nemesy– this tool can be used to generate random packets. It works on windows. This tool can be downloaded from http://packetstormsecurity.com/files/25599/nemesy13.zip.html . Due to the nature of the program, if you have an antivirus, it will most likely be detected as a virus.
Land and LaTierra– this tool can be used for IP spoofing and opening TCP connections
Blast– this tool can be downloaded from http://www.opencomm.co.uk/products/blast/features.php
Panther– this tool can be used to flood a victim’s network with UDP packets.
Botnets– these are multitudes of compromised computers on the Internet that can be used to perform a distributed denial of service attack.

DoS Protection: Prevent an attack

An organization can adopt the following policy to protect itself against Denial of Service attacks.

Attacks such as SYN flooding take advantage of bugs in the operating system. Installing security patches can help reduce the chances of such attacks.
Intrusion detection systems can also be used to identify and even stop illegal activities
Firewalls can be used to stop simple DoS attacks by blocking all traffic coming from an attacker by identifying his IP.
Routers can be configured via the Access Control List to limit access to the network and drop suspected illegal traffic.

Hacking Activity: Ping of Death

We will assume you are using Windows for this exercise. We will also assume that you have at least two computers that are on the same network. DOS attacks are illegal on networks that you are not authorized to do so. This is why you will need to setup your own network for this exercise.

Open the command prompt on the target computer

Enter the command ipconfig. You will get results similar to the ones shown below

For this example, we are using Mobile Broadband connection details. Take note of the IP address. Note: for this example to be more effective, and you must use a LAN network.

Switch to the computer that you want to use for the attack and open the command prompt

We will ping our victim computer with infinite data packets of 65500

Enter the following command

ping 10.128.131.108 –t |65500

HERE,

“ping” sends the data packets to the victim
“10.128.131.108” is the IP address of the victim
“-t” means the data packets should be sent until the program is stopped
“-l” specifies the data load to be sent to the victim

You will get results similar to the ones shown below

Flooding the target computer with data packets doesn’t have much effect on the victim. In order for the attack to be more effective, you should attack the target computer with pings from more than one computer.

The above attack can be used to attacker routers, web servers etc.

If you want to see the effects of the attack on the target computer, you can open the task manager and view the network activities.

Right click on the taskbar
Select start task manager
Click on the network tab
You will get results similar to the following

If the attack is successful, you should be able to see increased network activities.

Hacking Activity: Launch a DOS attack

In this practical scenario, we are going to use Nemesy to generate data packets and flood the target computer, router or server.

As stated above, Nemesy will be detected as an illegal program by your anti-virus. You will have to disable the anti-virus for this exercise.

Download Nemesy from http://packetstormsecurity.com/files/25599/nemesy13.zip.html
Unzip it and run the program Nemesy.exe
You will get the following interface

Enter the target IP address, in this example; we have used the target IP we used in the above example.

HERE,

0 as the number of packets means infinity. You can set it to the desired number if you do not want to send, infinity data packets
The size field specifies the data bytes to be sent and the delay specifies the time interval in milliseconds.

Click on send button

You should be able to see the following results

The title bar will show you the number of packets senthttps://e75ee4b2d8d143d34991c63c16560012.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Click on halt button to stop the program from sending data packets.

You can monitor the task manager of the target computer to see the network activities.

Summary

A denial of service attack’s intent is to deny legitimate users access to a resource such as a network, server etc.
There are two types of attacks, denial of service and distributed denial of service.
A denial of service attack can be carried out using SYN Flooding, Ping of Death, Teardrop, Smurf or buffer overflow
Security patches for operating systems, router configuration, firewalls and intrusion detection systems can be used to protect against denial of service attacks.

< prev

next >

tech tutorials

10 BEST DDoS Attack Tools in 2020 [Free/Paid]

topics of the tutorials

What is hacking?

Potential Security Threats

Skills for Ethical Hacker

Cryptography

What is Social Engineering?

How to Crack a Password

Worm, Virus & Trojan Horse

ARP Poisoning

Wireshark Tutorial

How to Hack WiFi

DoS (Denial of Service) Attack

BEST DDoS Attack Tools

How to Hack a Web Server

SQL Injection Tutorial

How to Hack a Website

Hacking Linux OS

CISSP Certification Guide

What is Digital Forensics?

What is Cybercrime?

Web Security Vulnerabilities

30 Bug Bounty Programs

Best Penetration Testing (Pen Testing) Tools

Kali Linux Tutorial

13 BEST Operating System for Hacking

11 Best Wireshark Alternatives

13 BEST Vulnerability for Websites, Network

Best 16 No-Log VPN

17 Best IP & Network Scanning Tools

11 Best FREE Firewall Software

16 BEST Ethical Hacking Books

DoS (Denial of Service) is an attack used to deny legitimate user’s access to a resource such as accessing a website, network, emails, etc. Distributed Denial of Service (DDoS) is a type of DoS attack that is performed by a number of compromised machines that all target the same victim. It floods the computer network with data packets.

There are numerous DDoS attack tools that can create a distributed denial-of-service attack against a target server. Following is a handpicked list of DDoS Attack Tools, with their popular features and website links. The list contains both open source(free) and commercial(paid) software.

1) LOIC (Low Orbit ION cannon)

LOIC (Low Orbit ION cannon) is open-source software use for DDoS attack. This tool is written in C#. This tool sends HTTP, TCP, and UDP requests to the server.

Features:

LOIC helps you to test the performance of the network.
It enables you to create a DDoS attack against any site that they control.
Loic does not hide an IP address even if the proxy server is not working.
It helps you to perform stress testing to verify the stability of the system.
This software can be used to identify programs that may be used by hackers to attack a computer network.

Link: https://sourceforge.net/projects/loic/

2) HOIC (High Orbit ION cannon)

High Orbit Ion Cannon is a free denial-of-service attack tool. It is designed to attack more than one URLs at the same time. This tool helps you to launch DDoS attacks using HTTP (Hypertext Transfer Protocol).

Features:

You can attack up to 256 websites at once.
It has a counter that helps you to measure the output.
It can be ported over to Linux or Mac OS.
You can choose the number of threads in the current attack.
HOIC enables you to control attacks with low, medium, and high settings.

Link: https://sourceforge.net/projects/highorbitioncannon/

3) HTTP Unbearable Load King (HULK)

HTTP Unbearable Load King (HULK) is a web server DDoS tool. It is specifically used to generate volumes of traffic at a webserver.

Features:

It can bypass the cache server.
This tool helps you to generate unique network traffic.
HTTP Unbearable Load King (HULK) can be easily used for research purposes.

Link: https://packetstormsecurity.com/files/112856/HULK-Http-Unbearable-Load-King.html

4) DDoSIM (DDoS Simulator)

DDoSIM (DDoS Simulator) is a tool that is used to create a distributed denial-of-service attack against a target server. It is written in C++ and can be used on the Linux operating system.

Features:

This tool indicates the capacity of the server to handle application-specific DDOS attacks.
It enables you to create full TCP connections to the target server.
DDoSIM provides numerous options to perform a network attack.
TCP connections can be flooded on a random network port.

Link: https://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/

5) PyLoris

PyLoris is a software product for testing network vulnerability by performing Distributed Denial of Service (DDoS) attack online. It helps you to control poorly manage concurrent connections.

Features:

It provides easy to use GUI (Graphic User Interface).
This tool enables you to attack using HTTP request headers.
It has the latest codebase (collection of source code used to build a particular software system).
You can run PyLoris using Python script.
This tool supports Windows, Mac OS, and Linux.
It provides an advanced option having a limitation of 50 threads, each with a total of 10 connections.

Link: https://motoma.io/pyloris/

6) OWASP HTTP POST

The OWASP (Open Web Application Security Project) HTTP Post software enables you to test your web applications for network performance. It helps you to conduct denial of service from a single machine.

Features:

It allows you to distribute and transmit the tool with others.
You can freely use this tool for commercial purposes.
OWASP HTTP POST helps you to share the result under the license it provides.
This tool enables you to test against the application layer attacks.
It helps you to decide the server capacity.

Link: https://owasp.org/projects/

7) RUDY

RUDY is a short form of R-U-Dead-Yet. It helps you to perform the DDoS attack with ease. It targets cloud applications by starvation of sessions available on the web server.

Features:

This is a simple and easy tool.
It automatically browses the target website and detects embedded web forms.
R-U-Dead-Yet enables you to conduct HTTP DDoS attack using long-form field submission.
This tool provides an interactive console menu.
It automatically identifies form fields for data submission.

Link: https://sourceforge.net/projects/r-u-dead-yet/

8) Tor’s Hammer

Tor’shammer is an application-layer DDoS program. You can use this tool to target web applications and a web server. It performs browser-based internet request that is used to load web pages.

Features:

It allows you to create rich text markup using Markdown (a plain text formatting syntax tool).
Tor’s Hammer automatically converts the URL into links.
This app uses web server resources by creating a vast number of network connections.
You can quickly link other artifacts in your project.
It holds HTTP POST requests and connections for 1000 to 30000 seconds.

Link: https://sourceforge.net/projects/torshammer/

9) DAVOSET

DAVOSET is software for committing DDOS attacks via abuse of any website functionality. This command line tool helps you to commit distributed denial of service attacks without any hassle.

Features:

It provides support for cookies.
This tool provides a command-line interface to perform an attack.
DAVOSET can also help you to hit attack using XML external entities (attack against an app that parses XML input).

Link: https://packetstormsecurity.com/files/123084/DAVOSET-1.1.3.html

10) GoldenEye

GoldenEye tool conducts a DDoS attack by sending an HTTP request to the server. It utilizes a KeepAlive message paired with cache-control options to persist socket connection busting.

Features:

This tool consumes all the HTTP/S sockets on the application server for the DDoS attack.
It is easy to use app written in Python.
Arbitrary creation of user agents is possible.
It randomizes GET, POST to get the mixed traffic.

< prev

next >

tech tutorials

How to Hack a Web Server

topics of the tutorials

What is hacking?

Potential Security Threats

Skills for Ethical Hacker

Cryptography

What is Social Engineering?

How to Crack a Password

Worm, Virus & Trojan Horse

ARP Poisoning

Wireshark Tutorial

How to Hack WiFi

DoS (Denial of Service) Attack

BEST DDoS Attack Tools

How to Hack a Web Server

SQL Injection Tutorial

How to Hack a Website

Hacking Linux OS

CISSP Certification Guide

What is Digital Forensics?

What is Cybercrime?

Web Security Vulnerabilities

30 Bug Bounty Programs

Best Penetration Testing (Pen Testing) Tools

Kali Linux Tutorial

13 BEST Operating System for Hacking

11 Best Wireshark Alternatives

13 BEST Vulnerability for Websites, Network

Best 16 No-Log VPN

17 Best IP & Network Scanning Tools

11 Best FREE Firewall Software

16 BEST Ethical Hacking Books

Customers usually turn to the internet to get information and buy products and services. Towards that end, most organizations have websites.Most websites store valuable information such as credit card numbers, email address and passwords, etc. This has made them targets to attackers. Defaced websites can also be used to communicate religious or political ideologies etc.

In this tutorial, we will introduce you toweb servers hacking techniques and how you can protect servers from such attacks.

Web server vulnerabilities

A web server is a program that stores files (usually web pages) and makes them accessible via the network or the internet. A web server requires both hardware and software. Attackers usually target the exploits in the software to gain authorized entry to the server. Let’s look at some of the common vulnerabilities that attackers take advantage of.

Default settings– These settings such as default user id and passwords can be easily guessed by the attackers. Default settings might also allow performing certain tasks such as running commands on the server which can be exploited.
Misconfigurationof operating systems and networks – certain configuration such as allowing users to execute commands on the server can be dangerous if the user does not have a good password.
Bugs in the operating system and web servers– discovered bugs in the operating system or web server software can also be exploited to gain unauthorized access to the system.

In additional to the above-mentioned web server vulnerabilities, the following can also led to unauthorized access

Lack of security policy and procedures– lack of a security policy and procedures such as updating antivirus software, patching the operating system and web server software can create security loop holes for attackers.

Types of Web Servers

The following is a list of the common web servers

Apache– This is the commonly used web server on the internet. It is cross platform but is it’s usually installed on Linux. Most PHP websites are hosted on Apache servers.
Internet Information Services (IIS)– It is developed by Microsoft. It runs on Windows and is the second most used web server on the internet. Most asp and aspx websites are hosted on IIS servers.
Apache Tomcat – Most Java server pages (JSP) websites are hosted on this type of web server.
Other web servers – These include Novell’s Web Server and IBM’s Lotus Domino servers.

Types of Attacks against Web Servers

Directory traversal attacks– This type of attacks exploits bugs in the web server to gain unauthorized access to files and folders that are not in the public domain. Once the attacker has gained access, they can download sensitive information, execute commands on the server or install malicious software.

Denial of Service Attacks– With this type of attack, the web server may crash or become unavailable to the legitimate users.
Domain Name System Hijacking – With this type of attacker, the DNS setting are changed to point to the attacker’s web server. All traffic that was supposed to be sent to the web server is redirected to the wrong one.
Sniffing– Unencrypted data sent over the network may be intercepted and used to gain unauthorized access to the web server.
Phishing– With this type of attack, the attack impersonates the websites and directs traffic to the fake website. Unsuspecting users may be tricked into submitting sensitive data such as login details, credit card numbers, etc.
Pharming– With this type of attack, the attacker compromises the Domain Name System (DNS) servers or on the user computer so that traffic is directed to a malicious site.
Defacement– With this type of attack, the attacker replaces the organization’s website with a different page that contains the hacker’s name, images and may include background music and messages.

Effects of successful attacks

An organization’s reputation can be ruined if the attacker edits the website content and includes malicious information or links to a porn website
The web server can be used to install malicious software on users who visit the compromised website. The malicious software downloaded onto the visitor’s computer can be a virus, Trojan or Botnet Software, etc.
Compromised user data may be used for fraudulent activities which may lead to business loss or lawsuits from the users who entrusted their details with the organization

Web server attack tools

Some of the common web server attack tools include;

Metasploit– this is an open source tool for developing, testing and using exploit code. It can be used to discover vulnerabilities in web servers and write exploits that can be used to compromise the server.
MPack– this is a web exploitation tool. It was written in PHP and is backed by MySQL as the database engine. Once a web server has been compromised using MPack, all traffic to it is redirected to malicious download websites.
Zeus– this tool can be used to turn a compromised computer into a bot or zombie. A bot is a compromised computer which is used to perform internet-based attacks. A botnet is a collection of compromised computers. The botnet can then be used in a denial of service attack or sending spam mails.
Neosplit – this tool can be used to install programs, delete programs, replicating it, etc.

How to avoid attacks on Web server

An organization can adopt the following policy to protect itself against web server attacks.

Patch management– this involves installing patches to help secure the server. A patch is an update that fixes a bug in the software. The patches can be applied to the operating system and the web server system.
Secure installation and configuration of the operating system
Secure installation and configuration of the web server software
Vulnerability scanning system– these include tools such as Snort, NMap, Scanner Access Now Easy (SANE)
Firewalls can be used to stop simple DoS attacks by blocking all traffic coming the identify source IP addresses of the attacker.
Antivirus software can be used to remove malicious software on the server
Disabling Remote Administration
Default accounts and unused accounts must be removed from the system
Default ports & settings (like FTP at port 21) should be changed to custom port & settings (FTP port at 5069)

Hacking Activity: Hack a WebServer

In this practical scenario, we are going to look at the anatomy of a web server attack. We will assume we are targeting www.techpanda.org. We are not actually going to hack into it as this is illegal. We will only use the domain for educational purposes.

What we will need

A target www.techpanda.org
Bing search engine
SQL Injection Tools
PHP Shell, we will use dk shell http://sourceforge.net/projects/icfdkshell/

Information gathering

We will need to get the IP address of our target and find other websites that share the same IP address.

We will use an online tool to find the target’s IP address and other websites sharing the IP address

Enter the URL https://www.yougetsignal.com/tools/web-sites-on-web-server/ in your web browser
Enter www.techpanda.org as the target

Click on Check button
You will get the following results

Based on the above results, the IP address of the target is 69.195.124.112

We also found out that there are 403 domains on the same web server.

Our next step is to scan the other websites for SQL injection vulnerabilities. Note: if we can find a SQL vulnerable on the target, then we would directly exploit it without considering other websites.

Enter the URL www.bing.com into your web browser. This will only work with Bing so don’t use other search engines such as google or yahoo
Enter the following search query

ip:69.195.124.112 .php?id=

HERE,

“ip:69.195.124.112” limits the search to all the websites hosted on the web server with IP address 69.195.124.112
“.php?id=” search for URL GET variables used a parameters for SQL statements.

You will get the following resultshttps://4370f86ccef9e08261cfbe0c05338d44.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

As you can see from the above results, all the websites using GET variables as parameters for SQL injection have been listed.

The next logic step would be to scan the listed websites for SQL Injection vulnerabilities. You can do this using manual SQL injection or use tools listed in this article on SQL Injection.

Uploading the PHP Shell

We will not scan any of the websites listed as this is illegal. Let’s assume that we have managed to login into one of them. You will have to upload the PHP shell that you downloaded from http://sourceforge.net/projects/icfdkshell/

Open the URL where you uploaded the dk.php file.
You will get the following window

Clicking the Symlink URL will give you access to the files in the target domain.

Once you have access to the files, you can get login credentials to the database and do whatever you want such as defacement, downloading data such as emails, etc.

Summary

Web server stored valuable information and are accessible to the public domain. This makes them targets for attackers.
The commonly used web servers include Apache and Internet Information Service IIS
Attacks against web servers take advantage of the bugs and Misconfiguration in the operating system, web servers, and networks
Popular web server hacking tools include Neosploit, MPack, and ZeuS.
A good security policy can reduce the chances of been attacked

< prev

next >