GAGAN JAIN B SATISH

Hacking Tools

HACKING TOOLS Page 1

GAGAN JAIN B SATISH

Table of Contents:

1.Introductions to Hacking tools ------------------------------------------------------- 1

2.Acunetix ---------------------------------------------------------------------------------- 2- 6

3.SET – Social Engineering ToolKit -------------------------------------------------- 7-10

4.WireShark ----------------------------------------------------------------------------- 11-13

5.Conclusion ----------------------------------------------------------------------------- 14

HACKING TOOLS Page 2

GAGAN JAIN B SATISH

1. Introduction

Hacking tools Aka Pen testing tools are the tools used to exploit a vulnerability in a webserver, software or and WLAN etc. These tools are used in the industry in an ethical way i.e., to perform pen-testing on their own network with a certified pen tester.

HACKING TOOLS Page 3

GAGAN JAIN B SATISH

There are several advantages as well as disadvantages when it comes to the matter of using it inside a company. As there must be a well-designed Security policy to support that. Many CEO’s and CIO’s approve usage of hacking tools and notify the employees about it. The main reason is that if company doesn’t test its network or Data centers strength then an attacker can easily get in. As far as the recent breaches on SONY HACK Bruce Schneier says, "Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company." (Slashdot, Dec 19,2014)

Hacking tools can also be advantageous when it comes to price; some of the hacking tools/ pen testing tools are available. But most of the hacking tools are available for free. These tools are very powerful but buggish. These tools can be used to test our companies network before hackers do.

HACKING TOOLS Page 4

GAGAN JAIN B SATISH

2a. Acunetix

Acunetix it is a Vulnerability scanner. This vulnerability scanner is a powerful tool which scans your network without admin privileges and shows the list of directories and list of files present in your web server.

“Acunetix Web Vulnerability Scanner was selected the winner in the Web Application Security category of the WindowSecurity.com Readers' Choice Awards. Imperva SecureSphere WAF and N-Stalker Web Application SecurityScanner were runner-up and second runner-up respectively.” (WindowsSecurity,Feb 2014)

Features of Acunetix :

“Acunetix – Technology Leader in Web ApplicationSecurityAcunetix has pioneered web application security scanning and hasestablished an engineering lead in website analysis and vulnerabilitydetection with the following innovative features.

Acunetix AcuSensor Technology allows accurate scanning with low false positives, by combining black box scanning techniques with feedback from its sensors placed inside the source code

An automatic JavaScript analyzer for security testing of AJAX and Web 2.0 applications

HACKING TOOLS Page 5

GAGAN JAIN B SATISH

Industry’s most advanced and in-depth SQL injection and Cross-Site Scripting (XSS) testing

Login Sequence Recorder makes testing web forms and password protected areas easy

Multi-threaded and lightning fast scanner able to crawl hundreds of thousands of pages without interruptions

Acunetix DeepScan understands complex web technologies such as REST,SOAP, XML, AJAX and JSON” (Acunetix.com , 2015)

b.WHAT CAN COMPANY GET?

By using acunetix on our system we can see what a hacker can see. So that we can hide the contents that are very confidential and detailing of directories can be changed. For Eg : If a attacker can get into your Linux root account then he can change users password which is stored in etc folder so rename the folder to something else where they cannot guess it’s a etc folder like name it as garbage so that attacker may notthink wasting his time in that folder.

C. Screenshots

1.Acunetix

HACKING TOOLS Page 6

GAGAN JAIN B SATISH

2.Acunetix Scan

3.Result with Directory listing

HACKING TOOLS Page 7

GAGAN JAIN B SATISH

4.Report

SET – Social Engineering ToolKit

HACKING TOOLS Page 8

GAGAN JAIN B SATISH

This is a tool found in BACTRACK linux OS as well as KALI LINUX. This tools is built-in feature of these Operating Systems. The SET is a toolkit which consist of 100’s of exploit to hack into a computer. Some of its prominent components are :

“root@bt:/pentest/exploits/set# ./set

                  _______________________________

                 /   _____/\_   _____/\__    ___/

                \_____  \  |    __)_   |    |

                /        \ |        \  |    |

                /_______  //_______  /  |____|

                        \/         \/

  [—]        The Social-Engineer Toolkit (SET)         [—]       

  [—]        Created by: David Kennedy (ReL1K)         [—]

  [—]        Development Team: JR DePre (pr1me)        [—]

  [—]        Development Team: Joey Furr (j0fer)       [—]

  [—]        Development Team: Thomas Werth            [—]

  [—]        Development Team: Garland                 [—]

[—]        Report bugs: davek@trustedsec.com         [—]

  [—]         Follow me on Twitter: dave_rel1k         [—]

  [—]       Homepage: https://www.trustedsec.com       [—]

   Welcome to the Social-Engineer Toolkit (SET). Your one

    stop shop for all of your social-engineering needs..

HACKING TOOLS Page 9

GAGAN JAIN B SATISH

    Join us on irc.freenode.net in channel #setoolkit

  The Social-Engineer Toolkit is a product of TrustedSec.

  Visit: https://www.trustedsec.com

 Select from the menu:

   1) Spear-Phishing Attack Vectors

   2) Website Attack Vectors

   3) Infectious Media Generator

   4) Create a Payload and Listener

   5) Mass Mailer Attack

   6) Arduino-Based Attack Vector

   7) SMS Spoofing Attack Vector

   8) Wireless Access Point Attack Vector

   9) QRCode Generator Attack Vector

  10) Powershell Attack Vectors

  11) Third Party Modules

  99) Return back to the main menu.” (social-engineering.com,April 2014)

WHATS THE USE FOR THIS IN THE COMPANY?

This is a pretty powerful toolkit where in it has many options to exploit a user. So a pen tester can clone the login page of the company and deliver it using localhost to the employee. The employees can be careful

HACKING TOOLS Page 10

GAGAN JAIN B SATISH

while using the company portal as well. Employees can be trained to such attacks so that a tiny mistakes alsobe rectified to keep companies integrity.

Screenshots : 1.SET

2.SET Index menu

HACKING TOOLS Page 11

GAGAN JAIN B SATISH

3.SET exploitation

4.ResultHACKING TOOLS Page 12

GAGAN JAIN B SATISH

3.Wireshark

Wireshark has a rich feature set which includes the following:

Deep inspection of hundreds of protocols, with more being added all the time

Live capture and offline analysis Standard three-pane packet browser Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD,

NetBSD, and many others Captured network data can be browsed via a GUI, or via the TTY-

mode TShark utility The most powerful display filters in the industry Rich VoIP analysis Read/write many different capture file formats: tcpdump

(libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx,

HACKING TOOLS Page 13

GAGAN JAIN B SATISH

Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others

Capture files compressed with gzip can be decompressed on the fly Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM,

Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)

Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2

Coloring rules can be applied to the packet list for quick, intuitive analysis

Output can be exported to XML, PostScript®, CSV, or plain tex

WHY SHOULD A COMPANY USE WIRESHARK?

“WireShark: A Protocol Analyzer

What is a protocol analyzer? It is basically a tool forseeing the bits and bytes flowing through a network in human readable form. Without it, understanding a network communication exchange would be practically impossible.

Solve Network Problems

When "black box" approach to network troubleshooting doesn't cut it, it is time to use WireShark. At work, we had an issue where a computer was unable to connect to a particular address on the Internet. We checked everything! The Internet site was OK because people canget to it from outside our network, but from within outnetwork, they could not reach this particular site. Normal troubleshooting approach didn't cut it. We had to use WireShark to capture the network traffic being exchanged by our computer and the network. The capture

HACKING TOOLS Page 14

GAGAN JAIN B SATISH

revealed that our computer was getting a TCP RESET--thus the connection would not go through. As it turns out, out company web filter was sending a TCP RESET to block us from reaching that particular site! Without WireShark, there was no way we could have figured this out. Solving network issues is probably the best use ofWireShark.”(J Forolanda, March 2010)

Can be Used to check end to end encryption

This tool can be used to sniff passwords, usernames andother packets that are being sent in the network. So ifsniffed the attacker may use the password so to check if the encryption is strong enough this tool can be used.

Screenshots :

HACKING TOOLS Page 15

GAGAN JAIN B SATISH

1.Wireshark

2.Wireshark scan

HACKING TOOLS Page 16

GAGAN JAIN B SATISH

3.Wireshark HTTP results

Conclusion

Hacking tools can be a very powerful tool to exploit aswell as to protect. If used in a unethical manner it can be dangerous. The company should adopt the use of such tools to protect better its network and keep the customers and employees data secure.

HACKING TOOLS Page 17

GAGAN JAIN B SATISH

Reference:

1.Web Application Security with Acunetix Web Vulnerability Scanner.(n.d.). Retrieved February 8, 2015, from http://www.acunetix.com/vulnerability-scanner/

2.Schneier Explains How To Protect Yourself From Sony-Style Attacks(You Can't) - Slashdot. (2014, December 19). Retrieved February 8, 2015, from http://it.slashdot.org/story/14/12/19/1856234/schneier-explains-how-to-protect-yourself-from-sony-style-attacks-you-cant

3.Forlanda, J. (2010, March 22). What is WireShark Used For? Retrieved February 8, 2015, from http://www.brighthub.com/computing/smb-security/articles/66858.aspx

4. Social Engineer Toolkit (SET) - Security Through Education. (2014, April 1). Retrieved February 8, 2015, from http://www.social-engineer.org/framework/se-tools/computer-based/social-engineer-toolkit-set/

HACKING TOOLS Page 18