▪︎ Types of Hacking
•Web Hacking
Web Shell Attack, SQL Injection, File Uploading/Downloading Bypass, XSS
Command Injection, Web Proxy Abuse, Session Hijacking, Phishing, Pharming
•System Hacking
Password Cracking, Backdoor, NETBIOS Attack, Keylogger Attack
Buffer Overflow Attack, Race Condition Attack, Privilege Escalation Attack ( SetUID )
+ App/Software Hacking (Message Hooking, DDL Injection, Code Injection, API Hooking)
+ Hardware Hacking
•Network Hacking
ARP cache poisoning, DNS cache poisoning ( IP / ARP / DNS Spoofing )
FTP / Telnet / HTTP / POP3 / IMAP / Other Users ID & Sniffing / ICMP redirect, SSL MITM
LAND, SYN Flooding, UDP Flooding, Teardrop, Trinoo, TFN ( DOS / DDOS Attack )
▪︎ Process of Hacking
1. Reconnaissance/Foot Printing (정보 수집)
2. Scanning (취약점 분석)
3. Gaining Access (해킹)
4. Maintaining Access (해킹 환경 유지)
5. Covering Tracks (흔적 지우기)
▪︎ Types of Hacking Tools
◻︎ Network Scanning
Nmap (TCP, UDP, SYN) / Angry IP Scanner (host information) / Zenmap (interpret results of Nmap) / Advanced IP Scanner (remote shutdown & wake-on-LAN) / Fping (network diagnosis-ICMP pings) / SuperScan (host discovery/trace routing) / Unicornscan (TCP & UDP port scanner - support async) / Netcat (port scanning, file transfer, remote cmd-exe) / NetScanTools (network diagnosis-traceroutes, DNS lookups) / Nessus (comprehensive network analysis with detailed reports)
◻︎ Vulnerability Scanning
OpenVAS (comprehensive security assessments & performance tuning) / Acunetix (scan & report vulnerabilities in web app)
Qualys Cloud Platform (monitoring & visibility - network, web app, endpoints of IT ecosystem) / Nexpose (scan & identify vulnerabilities in network assets, databases, web app, virtualization, cloud infrastructure) / SAINT Security Suite (vulnerability management, configuration assessment, penetration testing, incident response, reporting) / Nikto (web server scanner & tester) / GFI LanGuard (endpoint protection and patch management with a demo)
◻︎ Password Cracking
John the Ripper (supports hash & cipher types-Unix, Windows, macOS, WordPress, database servers, filesystem, archives) / Hashcat (distributed cracking networks) / Cain and Abel (pwd recovery tool for Windows - brute force, dictionary, cryptanalysis) / RainbowCrack (hash cracker for Windows & Linux / GPU acceleration) / Aircrack-ng (Wi-Fi network security - monitoring, packet capture, attacking, testing, cracking Wi-Fi passwords) / Hydra (login cracker - protocols: Cisco, HTTP(S), ICQ, IMAP, MySQL, Oracle, SMTP) / THC Hydra (support protocols such as FTP, SMTP, HTTP-GET) / L0phtCrack (pwd auidting & recovery) / Medusa (brute-force password testing against multiple hosts or users simultaneously)
◻︎ Exploitation
Metasploit (penetration testing framework) / Burp Suite (web app security testing tool) / Canvas (support 800+ exploits)
Core Impact (automated penetration tests & provide a library for exploitation) / Social-Engineer Toolkit (attacks via Java applets, credential harvesting, SMS spoofing) / BeEF (use attack vectors to target different web & contexts) / PowerSploit (test framework<ex, PowerShell scripts & modules> code execution, script modification, data exfiltration) / SQLMap (fetch data from a SQL database, access the underlying file system, and run operating system commands) / Armitage (visualize targets & provide recommendations for exploits & attacks) / Zed Attack Proxy (web app security scan & test)
◻︎ Packet Sniffing & Spoofing
Wireshark (network protocol analyzer and packet capture tool, that inspects protocols & file formats) / tcpdump (command-line network packet analyzer, specify filter (with description) to search for packets / Ettercap (live packet sniffing and content filtering + command-line and GUI interface) / Bettercap (Wi-Fi networks, Bluetooth connections, and 2.4GHz wireless devices) / Snort (Intrusion detection and prevention system, indicate malicious network activity & search for packets) / Ngrep (network forensic analysis tool, that extracts files, images, emails, passwords + network traffic in PCAP files) / Hping3 (command-line packet crafting and analysis tool, can send custom ICMP/UDP/TCP packets - firewalls) / Nemesis (packet crafting & injection tool, especially for Layer 2 injection)
◻︎ Wireless Hacking
Wifite (encrypted wireless network auditing tool) / Kismet (wireless network detector, sniffer, and IDS & test connections such as Wi-Fi, Bluetooth, Zigbee, and RF) / Reaver (brute-force attack tool for WPS - recover plaintext from WPA/WPA2 passphrase) / Fern Wi-Fi Cracker (crack & recover WEP/WPA/WPS keys) / Bully (WPS brute-force attack tool, improved memory & CPU performance) / CoWPAtty (brute-force WPA2-PSK password cracking tool, help users identify weak passphrases-pairwise masker key) / InSSIDer (Wi-Fi network scanning and troubleshooting tool - wifi configuration & nearby network)
◻︎ Web Application Hacking
Skipfish (security reconnaissance tool for Kali Linux, generates an interactive sitemap for security checks) / Grandel-Scan (automatic/manual web application scanning tool) / Vega (web vulnerability scanner and testing platform) / WebScarab / IronWASP
◻︎ Forensic
EnCase (digital forensics and incident response software, support computers and mobile devices) / Autopsy / SIFT (toolkit for forensic analysis) / FTK (allows users to create full-disk forensic images and handles various data types) / X-Ways Forensics (advanced file carving & portable on a USB drive) / Helix3 Pro (make forensic images of all internal devices and physical memory across Windows, macOS, and Linux) / Foremost (especially for law enforcement purposes) / Scalpel / The Sleuth Kit (open-source library of digital investigation, investigate disk images and analyze volume and system data) / CAINE (a user-friendly graphical interface that provides tools and integrations with other software)
◻︎ Social Engineering
King Phisher (simulating toolkit) / Maltego (OSINT and link analysis tool with data sources, including Mandiant, Censys, PolySwarm, Splunk) / Wifiphisher (rogue access point framework for Wi-Fi security testing, web phishing attacks to capture user credentials and spread malware) / ReelPhish (automated tool for two-factor authentication phishing & supports multi-page authentication techniques) / Evilglinx (man-in-the-middle attack framework, that steals users’ login credentials and session cookies, allowing the tool to bypass two-factor authentication) / Ghost Phisher (wireless and ethernet phishing tool that supports webpage hosting, credential logging, Wi-Fi access point emulation, session hijacking) / GoPhish (phishing toolkit for organizations) / Credential Harvester Attack (Social-Engineer Toolkit (SET) for credential theft, clones a legitimate website and steals users’ login information and passwords)
+ Miscellaneous Tools
OpenSSL (source security toolkit for SSL and TLS cryptography) / Pcredz (tool for extracting different credential types from packet capture files, and support protocols, and logs all credentials to a single file for easy access) / Mimikatz (tool for extracting passwords and other credentials from Windows memory & perform credential theft attacks such as pass-the-hash and pass-the-ticket) / Sysinternals Suite (A free collection of Windows system utilities from Microsoft for debugging and security analysis)
[Reference]
https://m.cafe.daum.net/ittlfan/Di6k/1
https://www.hahwul.com/2016/04/14/hacking-phase-of-ethical-hackingpentest/
https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/best-ethical-hacking-tools/