« Previous 1 2 3 Next »
BackTrack Linux: The Ultimate Hacker's Arsenal
Flying Under the Radar
Your main goal in any penetration testing episode is to tread lightly so that you don't set off any intrusion detection alerts or cause a noticeable amount of activity on the systems and network in which you're working. Your activity must not look unusual to network engineers or other system administrators. Why? Because you're often working in stealth mode when checking system security. If you're an external consultant who's hired to check and report on security, you want to work as silently as any hacker would who wants into that network. Few, if any, ever come in with guns a-blazing.
One easy way to gather a lot of information on your target network quickly is to perform a SYN scan with Nmap. Nmap may well be the hacker's most powerful piece of software. (An example of Nmap is included in the Examples
section at the end of this article.) A SYN scan doesn't make complete connections to a system's services.
A SYN scan never completes the TCP handshake process and therefore the target host never logs the attempt, so no alarms are triggered. (This technique works because TCP/IP is a "polite" protocol. It doesn't speak until spoken to.)
The port scanner sends out a SYN request on a particular port number (22). The target responds with an ACK. The scanner notes the ACK and sends a RST to disconnect from the target. No TCP connection ever takes place. The port scanner sends a SYN request to the next likely open port number, and so on.
A non-computer example might help explain this concept better. You walk up to a house on your street and ring the doorbell (your SYN request), the homeowner walks to the door to offer a greeting (The ACK "Acknowledgement") but you've run away before the homeowner could open the door, still watching close by to see that the door opened and making sure someone is indeed home. The homeowner closes the door and goes back inside the house and waits for the next doorbell ring (The RST "Reset"). The homeowner doesn't call the police because there's no damage nor any intruder to be found (No system logs or alerts).
The SYN scan is very clean (leaves no trace) because no harm is done to the target. This type of scan works on all operating systems.
It's important to remain as quiet as possible during your reconnaissance phase so you can gather as much information as possible about systems and their potential vulnerabilities without detection. Remember too, that it's not always necessary to use another method to collect operating system type. You can identify some operating systems by the identification of their open ports.
Hacking Your Neighbor's WiFi Connection
With great power comes great responsibility. BackTrack Linux is a tool. It has no conscience nor does it have any evil purpose. Its developers provide it to you at no cost for the purpose of legitimate penetration testing. You could use BackTrack to illegally hack into lots of things: websites, systems, and even your neighbor's WiFi connection. You could also spend some years in jail for doing those things. BackTrack Linux is for penetration testing on systems that you have responsibility for or on systems for which you've been hired to test. It is not for illegal hacking or system compromise.
Companies, including the one you work for, your ISP, and your neighborhood coffee shop, have different levels of tolerance for port scanning, attempted cracks, and unauthorized system security checking. If you do not have permission to perform penetration testing against systems, sites, and network components, don't do it.
Always ask for permission before performing any of these tests on systems you don't own. And, make sure you obtain that permission from someone who has the authority to give it.
« Previous 1 2 3 Next »