Cybersecurity and Penetration Testing Applications

I recently did a presentation for a high school computer science class. One topic we touched on was cyber security, penetration testing, and the fundamentals of hacking. I promised to put up a list of software used for hacking/penetration testing so here is a list of software that can be used to learn about hacking and hopefully gain an understanding of how you can secure your systems against hackers. The following software is for educational purposes only, please don’t attempt to hack systems you aren’t authorized to test.

 

Backtrack Linux

http://www.backtrack-linux.org/

You should definitely start here, Backtrack comes installed with most of the tools you need to hack/penetration test systems. You can run it live, install it, or run it in a virtualized session. They also have helpful how-to sections on their website.

 

Cain & Abel

http://www.oxid.it/cain.html

Useful for sniffing, ARP redirection, and password cracking through dictionary, brute force, and analysis. Does wireless cracking with certain network cards.

 

WireShark or Ettercap

http://www.wireshark.org/

http://ettercap.github.io/ettercap/

Wireshark is also a sniffer and can be used in hacks or to hunt attempted hacks. Ettercap is meant for man in the middle attacks (via ARP poisoning). IronGeek has a short guide on how to ARP poison available here.

 

Metasploit

http://www.metasploit.com/

Metasploit is used to open backdoors into computers, it has a lot of great tools for spoofing websites and initiating phishing attacks. There is a getting started guide here. When people don’t update their systems they are vulnerable to direct exploits like this one. The basics are to develop a payload and then find a way to get that payload onto the target system, this can be either through exploits like that explained in the link, or it can be done via social engineering. This is the type of exploit that allows hackers to view the camera on laptops or log keystrokes to pull down passwords. If you find the command line daunting, ARMITAGE is a gui available for it (http://www.fastandeasyhacking.com/).

 

Social Engineering Toolkit

https://github.com/trustedsec/social-engineer-toolkit/

SET allows testing of social engineered attack vectors. Check out a video by the creator: http://www.securitytube.net/video/1093. SET uses Metasploit so you’ll want to install them both. Coolest thing to do: clone a website, poison a DNS, and slip payloads to people who go to your link.

 

Nmap

http://nmap.org/

Nmap is used to scan for vulnerabilities, I recommend using the GUI which is available from the http://nmap.org/zenmap/ directory, it makes firing off the right commands a little less burdensome.

 

Hashcat

http://hashcat.net/hashcat/

A relatively fast password cracker.

 

Ophcrack

http://ophcrack.sourceforge.net/

Great cracker for Windows passwords, also comes in a LiveCD format.

 

John The Ripper

http://www.openwall.com/john/

A popular password cracker, can also be used to create permutations on word lists.

 

Wifite

https://code.google.com/p/wifite/

Wifi cracker, set up a WEP router and watch how fast and easy it is to blow past the encryption. This is why you should always use WPA2 for router security.

 

SCUBA

http://www.imperva.com/products/dsc_scuba-database-vulnerability-scanner.html

Scan databases for vulnerabilities.

 

Word Lists

These can be used with various password crackers to gain access. If you see your own password shown or if it is able to figure yours out, you need to change it! You can also use various methods to build your own lists including parsing the target’s website, twitter account, or even pdf and word files.

http://wiki.skullsecurity.org/Passwords

https://github.com/danielmiessler/SecLists/

http://blog.g0tmi1k.com/2010/02/site-news-isos-and-dictionaries.html

http://pastebin.com/Bw7AYJAz

http://torrentz.eu/178f55c67ca0f522831dbc67042a34983e6652f5

http://thepiratebay.sx/torrent/3833663/The_Argon_list_ver.2_Password_dictionary_2.3gig_Jo-Psyko_

 

There are many other tools and word lists available, have fun learning about information security but above all be legal and be ethical!

isaac

Other articles you might like…