Monday, March 28, 2011

#4 - Other Essential Peripherals

We've discussed our laptop and how to install BackTrack, a Linux-based operating system that's geared towards Penetration Testing. Also this past week, we've discussed which wireless card best presents us with an easy, plug-and-play experience when it comes to working with BackTrack and the aircrack-ng suite.


Now, we're going to take a look at the other components of our Essential Toolkit. We're going to need the following extra tools:
  • A Network Hub (for sniffing wired networks with Wireshark)
  • A USB Bluetooth Adapter
  • Two or Three USB flash drives
  • Two or Three Ethernet cables
So, Bertha is all dressed up for a night on the town with a nice, sleek, black number called BackTrack. Now it's time to accesorize her with a few nice baubles.

THE NETWORK HUB
There are plenty of devices out there that say they're a network hub. However, if you look carefully at how they actually work, the devices are not network hubs. They act like network switches. 
What's the difference you ask?
I'm glad you asked. Every good hacker should know the difference between switches and hubs.
HUBS vs SWITCHES
Hubs are dumb network devices. Hubs take data in and send it back out to every single port on the device. They do not sort the data coming in or going out in any way. Switches do. Switches remember which MAC addresses are connected to which port and ONLY SEND THE DATA MEANT FOR THAT MAC ADDRESS TO THAT PORT. This ensures a much more efficient network environment.
But what we want for network traffic sniffing is not what a switch offers us. A switched environment defeats us, the hacker, from network traffic sniffing.
Think about it for a moment. If we're sniffing network traffic, we want ALL the traffic, not just the traffic meant for us. A switch will only send us the data we are MEANT to have. So what do we do? We hook a network hub up at a central location, and we plug our laptop (remember Bertha?) up to the hub.
So, in order to do this, we must equip our Toolkit with a network hub. But we've got to be careful when making our decision. A lot of network devices out there claim to be hubs, but are, in fact, switches.
There's a reference sheet located on Wireshark's web site that lists out suggested hubs for you. Personally, my Toolkit already contains a hub. But if I were in the market today to get a hub, I'd first peruse the HubReference at Wireshark's web site (that you can find here: http://wiki.wireshark.org/HubReference ) and I would probably compare prices before buying.
For my money, the Linksys EFAH05W 5-Port 10/100 Workgroup Hub looks to be best, coming in around $40-$45 and can still be found new. While the Netgear DS104 is a good, solid, reliable network hub that can be found used for about $100. Depending on your circumstances and what you can find on the 'net, you should be fine with either hub.

Linksys EFAH05WNetgear DS104
A USB BLUETOOTH ADAPTER
One of the more interesting tasks that a Penetration Tester will have before them is to perform either Bluetooth “eavesdropping” or “remote administration” of a Bluetooth device.
In order for us to perform these tasks, we need some software tools and a Bluetooth adapter to run that software through.
Now, you could just do a search through Amazon.com and pick yourself up any USB Bluetooth adapter and you'd be able to perform any of the lessons we are going to run through for Bluetooth.
However, if you were to do that, you'd miss out on one of the more fundamental lessons of hacking: the actual tearing apart and putting back together better than the original configuration.
When I was looking for a USB Bluetooth adapter, I ended up finding a handful of them available for about $2.99 and I picked up 3 for the exact purpose of tearing the plastic dongle apart. Bluetooth, after all, is a radio technology and what's the ability to eavesdrop on a Bluetooth conversation without giving yourself the ability to do so from some decent yardage? So, I'm planning on showing how to take a USB Bluetooth adapter apart and solder on an antenna to allow for better distance.
So, definitely go for something that looks like this:


Rather than this:



THE REST
Grab yourself a couple of Ethernet cables (you'll need three for proper sniffing) and grab yourself a couple of USB flash drives, you may need them for files you find while snooping around networks.
That's about it, folks. Our Essential Hacker's Toolkit is just about complete. There may be other components we'll add in here and there but for the most part, our kit is ready and now it's time to start hacking!
First, we're going to take a look at the overall methodology of running a Penetration Test and then we'll start to get into the nuts and bolts.

11 comments:

  1. Great info, but with one caveat: the image you have posted for the Linksys hub is not the correct version. The blue/dark grey is too new and operates like a switch. The one you want is light grey with orange text, blocky and very old. Source: the EFAH05W V3.0 at my desk, currently not functioning as a hub.

    ReplyDelete
    Replies
    1. ◾ "PROTOCOL SHIELDERS" ◾
      Hello,

      I am COREY RODRIGUEZ by name, THE CEO of protocol & cyber-sheild hackers.
      In this message, we will explain how you can almost avoid SCAMMERS and stay safe, plus how our organisation works.

      Read it carefully!!
      Its reading will not take more than 10mins.

      We kindly URGE you to not respond without have read the entire text. Those who mail without have read everything, ask questions that are answered here!!

      WARNING:
      MOST HACKERS YOU SEE HERE ARE FAKES
      AND INCONGUROUS!!.
      It tears me up when we receive bitter emails for Jobs with complains from most clients with hacking issues about past SCAMs by uncertified fake hackers like most you see here, which is disappointingly inadequate, leaving their mess for us to deal with eventually (WE DON'T MEAN TO BRAG ABOUT THAT).

      HOW WOULD YOU KNOW??

      You won't know until you fall a Victim but can be attentive to potential danger, error or harm if you take note of these:

      1, you see uncertified email accounts carrying numberings like
      "iamhacklord1232@(gmail,yahoo or hotmail.com"
      pls flee from them, BIG SCAMMERS.
      They take your money and never do your job!!

      2, you see posts like "do you need to spy on spouse?"
      All fake! , just a way to lure you toward getting ripped OFF!.

      3, posting fake testimonies and comments to trick you into feeling save and secured.
      Pls endeavour to ignore!!

      4,beware as we urge you not to make respond to any "IVAN HONG" (impersonating with our post pretending to work for us) with this exact post.

      ◾VERY IMPORTANT ◾

      For years now, We've helped organisations secure data base, so many sites has been hacked for different reasons of Job kinds.
      "CLEAR CRIMINAL RECORDS" & "iPhone HACK" of
      and in short timing hacked petty cyber sites accounts like Skype, Fb, WhatsApp,Tinder,Twitter!!, FLIPPED MONEY, LOAD CCs and vice versa but these are significant experiences a good and effectively recognized organisation
      must firmly ascertain.

      ◾OUR "AIMS" HERE ◾
      Are:
      1◾to assign a qualified agent of specific rank to particularly any sort of cyber issues you intend dealing with in short and accurate timing.

      2◾ to screen in real hackers (gurus only) in need of job with or without a degree, to speed up the availability of time given to for Job contracts.!!

      Thus an online binary decoding exam will be set for those who seeks employment under the teams Establishment.

      write us on:
      ◾Protocolhacks@gmail.com or
      ◾Cybershieldnotch@gmail.com
      ◾Cybershieldnotch@protonmail.com,

      COREY ROD,
      SIGNED...!
      Thank you!!!

      Delete
  2. "Cybershieldnotch" a large orgnisation of solution technologists..!! We Render help to strictly talented computer gurus that finds it hard to make good living with obviously what they good at "HACKING"..we have worked and still in conjunction with DARK WEBBERS,AGENT GURUS, CHECKHATTERS,SONY PLAYSTATION,GMASS COPERATIONS,CYBER WORLD and TECH CRAFTS Etc..for years now, We've helped keeping situations in check with these organisations listed above and so many sites, Bank Accounts, school upgrades also clear criminal records of all sort and in short timing hacked petty cyber sites accounts like Skpe, Fb, Whatsapp, Tinder, Twitter but these are significant experience a good and effectively recognized organisation must firmly ascertain and minorly our "AIM" here.
    1: The aim is to render proficient solution to those having cyber issues and technically needs a hacker to get their job done effectively fast...!!
    2: to recruit real hackers (gurus only) in need of job with or without a degree..!!
    So if you ever need a job done or interested in joining the organization (an online binanry exam will be set for those in need of these job) you can write us on
    Cybershieldnotch@protonmail.com
    Thank you!!!

    ReplyDelete
  3. INSTEAD OF GETTING A LOAN, CHECK OUT THE BLANK ATM CARD IN LESS THAN 24hours {blankatmhaker@gmail.com}

    Am Mark Oscar,I want to testify about Jack Robert blank ATM cards which can withdraw money from any ATM machines around the world. I was very poor before and have no hope then I saw so many testimony about how Jack Robert send them the ATM blank card and use it to collect money in any ATM machine and become rich. I also email him and he sent me the blank card. I have use it to get 70,000 dollars. withdraw the maximum of $5,000 daily. Jack Robert is giving out the card just to help the poor. Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email Him on how to get it now via: blankatmhaker@gmail.com or call/Text on +1(406) 350-4986

    ReplyDelete
  4. ◾BROADCAST!!! BROADCAST!!!◾
    3 Ways to know fake hackers on blogsites:
    1◾ uncertified email accounts (protocolhacks0034@gmail.com) pls do not mistakingly email them!!
    2 ◾instist on a particular mode of payment!!
    3◾to have you pay fast without second thoughts of the price, they charge at extremely low rate "ATTRACTION CODE".
    To get your job done and legit without "REGRET" contact
    ◾ Protocolhacks@gmail!! For all kind of cyber help!!
    Thank you..!
    #Team protocol!!#

    ReplyDelete
  5. Do you need hackers for hire? Do you need to keep an eye on your spouse by gaining access to their emails? As a parent do you want to know what your kids do on a daily basis on social networks ( This includes facebook, twitter , instagram, whatsapp, WeChat and others to make sure they’re not getting into trouble? Whatever it is, Ranging from Bank Jobs, Flipping cash, Criminal records, DMV, Taxes, Name it,i can get the job done. accesshacking a professional hacker with 10 Years+ experience.Contact Accesshacking@gmail.com

    ReplyDelete
  6. Contact Email:
    cyberphoneways@gmail.com.
    When people say hackers are not reliable or they are not real I laugh at them aloud. I was introduce to competent hacker. When I had marital issues with my husband, he help me hacked into his Facebook account. I couldn't believe it when he did it in 5-6 hours. He is very good, professional, certified and trustworthy. He offer other hacking services Facebook, Paypal money adder software, Criminal record clearing, Western Union and MoneyGram hacks, Bank transfer, Online game hacks, Database hacks, Credit card top up, WhatsApp, Instagram and change of Grades, Mobile phone spying. I want to fully recommend.

    ReplyDelete
  7. Help me thank HACKINTECHNOLGY after being scammed of $1500 he helped me find my cheating husband he
    helped hack his whatsapp gmail and kik and i got to know that he was cheating on me , in less than 24 hours
    he helped me out with everything HACKINTECHNOLOGY
    is trust worthy and affordable contact HACKINTECHNOLOGY@GMAIL.COM

    ReplyDelete
  8. Hello everyone, this message is only for people that live in united state if you are interested in credit card top up email us via: jameshacker157@gmail.com we only need people that are very faithful and you will also gain from this alot.

    ReplyDelete
  9. Do you need hackers for hire? Do you need to keep an eye on your spouse by gaining access to their emails? As a parent do you want to know what your kids do on a daily basis on social networks ( This includes facebook, twitter , instagram, whatsapp, WeChat and others to make sure they're not getting into trouble? Whatever it is, Ranging from Bank Jobs, Flipping cash, Criminal records, DMV, Taxes, Name it,he will get the job done.He's a professional hacker with 20 Years+ experience. Contact him at cyberspylove@gmail.com ... Send an email and Its done. Its that easy, Alex referred you

    ReplyDelete