Dr. Hidaia Mahmood Alassouli: Hacking of Computer Networks

By

Dr. Hidaia Mahmood Alassouli

Hidaia_alassouli@hotmail.com

While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

HACKING OF COMPUTER NETWORKS

First edition. June 19, 2020.

Copyright © 2020 Dr. Hidaia Mahmood Alassouli.

Written by Dr. Hidaia Mahmood Alassouli.

I am Dr. Hidaia Mahmoud Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from gaza strip.

I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.

I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator.

I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering.

I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.

I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http:// www.anticorruption.000space.com

My personal website: http://www.hidaia-alassouli.000space.com

Email: hidaia_alassouli@hotmail.com

Abstract

The objective of the book is to summarize to the user with main topics in computer networking hacking.

The book consists of the following parts:

Part 1: Lab Setup

Part2: Foot printing and Reconnaissance

Part 3: Scanning Methodology

Part 4: Enumeration

Part 5:System Hacking

Part 6: Trojans and Backdoors and Viruses

Part 7: Sniffer and Phishing Hacking

Part 8: Hacking Web Servers

Part 9:Hacking Windows and Linux Systems

Part 10: Wireless Hacking

Part 11: Hacking Mobile Applications

You can download all hacking tools and materials from the following websites

http://www.haxf4rall.com/2016/02/13/ceh-v9-pdf-certified-ethical-hacker-v9-courseeducatonal-materials-tools/

www.mediafire.com%2Ffolder%2Fad5szsted5end%2FEduors_Professional_Ethical_Hacker&h=gAQGad5Hf

Part 1: Hacking Lab Setup

Part 1 of Certified Ethical Hacker (CEH) Course

By

Dr Hidaia Mahmood Alassouli

Hidaia_alassouli@hotmail.com

1) Setup lab

From the virtualization technology with software VMware or virtual box we can do more than one virtual machines, one linux and other windows 2007 or windows Xp

Download vmware and install it

Create folder edurs-vm in non-windows partition. Create a folder for each operating system

Install any windows operating system.

Download backtrack

To install backtrack on usb, download unebootin. We need also to use the tool to support booting from flash memory in vmware.

Download and install kali linux

Download and install metasploit.

Metasploit is big project that contains a lot of modules or programs. These modules or programs can utilize the holes in windows machines or linux machines operating systems. For any hole that occur in the operating systems, we can develop the program that can utilize this hole. We can work on it through command line or graphical interface. The programs that use graphical interface are armitage and Koblet Strike . In linux we can update the metasploite using command msfupdate.

Part 2 of Certified Ethical Hacker (CEH) Course

By

Dr. Hidaia Mahmood Alassouli

Hidaia_alassouli@hotmail.com

1)Footprinting and Reconnaissance

Use nslookup to get information about server.

see dnsstuf to get information about server domain .

Use www.ip-address.com to get information about server.

Use www.robtex.com to get information about server domain.

Use backtack or any linux machine to know the dns servers of certain domain. For example,

Dig –t NS Wikimedia.org

Use backtack or any linux machine to know the A and MX records of certain domain. For example,

Dig –t A Wikimedia.org

Dig –t MX Wikimedia.org

To see the zone transfer

Dig –t AXFR Wikimedia.org @ ns1.wikimedia.org

We can see all the records in that dns server.

We can use the nslookup command to see the host of certain ip address

Nslookup –type= ptr 31.13.81.17

We can use who.is to know information about server, when created , and when expired and all information about that the dns servers of domain and about the administrator. You can get the same information from backtrack terminal. Write

whois Microsoft.com

We can use tool called smartwhois to get same information.

We can use tool called countrywhois to get information about country of a domain.

We can use tool called lanwhois to get same information from who.is.

There is tool called alchemy eye to make monitoring for certain services in a target server. It can check the status of certain services on a server.

Use robots.txt file to know what is not allowed on the website. Eg www.microsoft.com/robots.txt

To search site in google write eg, site:tedata.com filetype:pdf. You can search the following in google

Intitele: search in the title page

Inurl: search in the url page

Site: search on site

Link: other sites that links to our subject

Inanchor: search on hyperlinks

Filetype: search to see pattern yet

There is google hacking data base. You can find exploits in www.exploit-db.com in ghdb section.

You can use sitedigger to get the dorks of any site.

You can use theHarvester to get the emails of certain domain. From the backtrack write for example,

#./theharvester.py –d Microsoft.com –l 500 –b google

You can search emails using the exploitation tools in back track. Type in the command line msfconsole

# msfconsole.

From the command msf, write

msf> search email

It will bring all modules that have emails. Take one module

Auxiliary /gather/ search_email_collector

Write

Msf> use Auxiliary /gather/ search_email_collector