Attack Basics

2.0 Tool Kit
2.1 I have a client who would like me to perform a computer security audit.
What should the agreement say?
2.2 What are the Five Steps of Hacking?
2.3 Can I take legal action against port scanning?
2.4 What are the different types of Port Scanning?
2.5 What is Thwarting Promiscuous Sniffing
2.6 How can a IT manager Detect Promiscuous Sniffing?
2.7 What are some good Network Monitoring and Packet Sniffing Tools
besides the ones listed above?
2.8 Wireless LAN/WAN Monitoring and Attacks on WEP and WPA
2.9 Are there any Free wireless sniffers tools?

2.0 Tool Kit
First before you start any hack, security audit or any other computer security testing you must
have all the write tools in place. It is great to use tools with operating systems you are familiar
with, but that sometimes is easier said than done. Some tools were made for Linux and some
with Windows. A good hacker may have one computer running sometype of VM Ware, running
Windows XP, Windows 7 and Linux. In the lessons you will be completing in this book we will
refer to you running several different operating systems on one computer to use some of the tools
below.
The following programs and services will allow you to hack almost any network and crack a
wireless network using free software you can download off the web. We will make it easy for
you and allow you to download all the tools we talk about in this book for free at www.ligattsecurity.
com/downloads
Metasploit
The Metasploit Project is an open-source computer security project which provides information
about security vulnerabilities and aids in penetration testing and IDS signature development. Its
most well-known sub-project is the Metasploit Framework, a tool for developing and executing
exploit code against a remote target machine. Other important sub-projects include the Opcode
Database, shellcode archive, and security research. The Metasploit Project is also well known for
anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis,
software and communications protocol development, and education. Originally named
Wireshark, in May 2006 the project was renamed Wireshark due to trademark issues.
Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and
using pcap to capture packets; it runs on various Unix-like operating systems including Linux, Mac
OS X, BSD, and Solaris, and on Microsoft Windows. Released under the terms of the GNU General
Public License, Wireshark is free software.
Snort
Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion
detection system (NIDS) capable of performing packet logging and real-time traffic analysis on IP
networks. Snort was written by Martin Roesch and is now developed by Sourcefire, of which Roesch
is the founder and CTO. Integrated enterprise versions with purpose built hardware and commercial
support services are sold by Sourcefire.
Combining the benefits of signature, protocol and anomaly based inspection Snort is the most
widely deployed IDS/IPS technology worldwide. With millions of downloads and over 225,000 registered


users Snort has become the de facto standard for IPS.
Snort performs protocol analysis, content searching/matching, and is commonly used to actively
block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans,
web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. The
software is mostly used for intrusion prevention purposes, by dropping attacks as they are taking
place. Snort can be combined with other free software such as sguil, OSSIM, and the Basic Analysis
and Security Engine (BASE) to provide a visual representation of intrusion data.
Cain & Able
Cain & Abel is a password recovery application for Microsoft Operating Systems. It allows easy
recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using
Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled
passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
It covers some security aspects/weakness present in protocol’s standards, authentication methods and
caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various
sources, however it also ships some “non standard” utilities for Microsoft Windows users.

BackTrack
BackTrack is the world’s leading penetration testing and information security auditing distribution.
With hundreds of tools preinstalled and configured to run out of the box, BackTrack 4 provides
a solid Penetration testing platform from Web application Hacking to RFID auditing – its
all working in once place.
VistaStumbler
VistaStumbler is a wireless network discovery tool that will scan the environment for AP’s
(Access points) you can connect with. VistaStumbler is designed to work with all wireless cards
suported by Windows. The application is optimized for Windows Vista but also runs on other
Windows versions.
Kismet
Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless
LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can
sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD,
NetBSD, OpenBSD, and Mac OS X. The client can also run on Microsoft Windows, although,
aside from external drones, there’s only one supported wireless hardware available as packet
source.
Aircrack-ng
Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and
WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless
card whose driver supports raw monitoring mode (for a list, visit the website of the project or
and can sniff 802.11a, 802.11b and 802.11g traffic. The program runs under Linux and
Windows; the Linux version has been ported to the Zaurus and Maemo platforms, and a proofof-
concept port has been made to the iPhone.
Airodump
Airodump is an 802.11 packet capture program that is designed to “capture as much encrypted
traffic as possible...each WEP data packet has an associated 3-byte Initialization Vector (IV): after
a sufficient number of data packets have been collected, run aircrack on the resulting capture file.
aircrack will then perform a set of statistical attacks developed by a talented hacker named
KoreK.”
As described above Airdump is primarily used to produce the capture files that then feed into
aircrack for WEP cracking.
2.0 ATTACK BASICS
NetStumbler
NetStumbler (also known as Network Stumbler) is a tool for Windows that facilitates detection of
Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It runs on Microsoft
Windows operating systems from Windows 2000 to Windows XP. A trimmed-down version called
MiniStumbler is available for the handheld Windows CE operating system.
NMAP
Nmap is a “Network Mapper”, used to discover computers and services on a computer network,
thus creating a “map” of the network. Just like many simple port scanners, Nmap is capable of discovering
passive services on a network despite the fact that such services aren’t advertising themselves
with a service discovery protocol. In addition Nmap may be able to determine various details about
the remote computers. These include operating system, device type, uptime, software product used to
run a service, exact version number of that product, presence of some firewall techniques and, on a
local area network, even vendor of the remote network card.
Nmap runs on Linux, Microsoft Windows, Solaris, and BSD (including Mac OS X), and also on
AmigaOS. Linux is the most popular nmap platform and Windows the second most popular.
2.1 I have a client who would like me to perform a computer security audit. What should the agreement
say?
Before you begin any ethical hacking, you absolutely, positively need everything in writing and
signed off on. Document everything, and involve management in this process. Your best ally in your
ethical hacking efforts is a manger who supports what you’re doing.
The following questions can start the ball rolling when you define the goals for your ethical hacking
plan:
Does ethical hacking support the mission of the business and its IT and security departments?
What business goals are met by performing ethical hacking? These goals may include the following:
Prepping for the internationally accepted security standard of ISO/IEC 27002:2005
Meeting federal regulations such as HIPAA, GLBA, or PCI DSS
Meeting contractual requirements of clients or business partners. Improving the company’s image