Learn Kali Linux Episode #3: Basic Terminology

Learn Kali Linux Episode #3: Basic Terminology


Hello everybody and welcome to this
tutorial. Today, I will be talking about some of the basic terms which you will
need in order to follow this course through. So, first off, you have three main
categories of people. There are white hat hackers, grey hat hackers, and black hat
hackers. Everything that we will be doing falls into this category here, so white
hats. Those are people whose activities are within the confines of the law. There
are people such as pen testers, ethical hackers, people like you, and me, and so on.
Then you have grey hat hackers whose activities are bordering between legal
and illegal. It’s a bit of a shady area there. In addition to that you have the
most known category which is black hat hackers, and usually, and unfortunately,
every time somebody hears the term hacking it is associated with people
from the black hat world. There are people who conduct all sorts of illegal
activities, or conduct activities without any regard for the law, and, I don’t know,
extract information from certain servers, credentials, your credit card information,
take services down usually to extract some sort of financial gain.
In any case, down below you have footprinting. Now the act of footprinting is basically information gathering. You are you’re conducting some
sort of reconnaissance work, you are figuring out the IP of the server,
figuring out which ports are open, and with that you can conclude which
services are running there, but it doesn’t necessarily need to be confined
to the digital world. The act of foot printing can also be when you go to the
company itself. You just walk in, it doesn’t necessarily need to be a company it can
be pretty much any building with the servers in it, and you have a look around.
You try to gather some information there on site where you go and you dig into
their trash cans. Go behind the building, jump into the
trash containers, and get some information from there. Also, people have
been known to go into parking lots to see who the employees are, who works
there, all sorts of things. So this is just general information gathering in
regards to your chosen target. It doesn’t need to be confined to the digital world.
Anyway, down below you have certain types of attacks. You have DoS and DDoS. Very
simply the same thing implemented in a different way. DoS stands for denial of service. Usually called childish attacks because they
were relatively easy to implement, and they still are provided of course you
have enough machines. But that’s the domain of DDoS. In general, what
happens here is that you perform a certain amount of requests, more requests
in a server can handle, and then the server begins dropping connections. For example, an Apache web server I believe by default it can handle up to 10,000
connections or so. And if you can make more than 10,000 requests, basically
everybody else making any sort of requests will not be able to access the
website because their connections will be dropped. Simply because Apache will say, OK I have too many users, I have more users than I
can handle, all the other connections will be dropped by default. Thereby
making the site inaccessible even though you haven’t really broken any codes. You haven’t really broken through any firewalls,
or stole any passwords, or anything of a kind. But when you’re DoS’ing something
it’s just you, so all the requests, everything is coming just
from your own computer. And that is not always the most efficient of ways. In
fact, it generally can only work if there is a flaw in the way in which requests
are processed. However, that is why you have DDoS attacks.
When you have multiple computers, multiple connections, and they are all
making simultaneous requests to a certain server, and this is really
difficult to fight off, I mean you really need to have a clever configuration of
your firewall, and you need to have quite a good firewall as well. Usually you would need
a physical one to prevent these sort of DDoS attacks, and by physical I mean a
router firewall, or something of a kind. This is quite difficult to, it’s not
difficult to actually do the attack itself as it is difficult to make the
necessary preparations. First of all, you need to go about infecting other devices
which you will use, which you will enslave and use in order to perform this
sort of an attack. This is the hard part. The DDoS part is quite easy compared to
that. For that, in order for you to infect other computers, you need two things. You
need RATs, remote administration tools, and you need to FUD. Fully undetectable, that is what the term
FUD stands for. So it just means that they cannot be detected by anti viruses,
or the more precise term would be that they are not labeled as something
malicious by antivirus programs. And by the way, sometimes, actually most of the
time, most of the time you don’t actually need to make your own
applications fully undetectable. There are plenty of pen testing companies out
there, and not just pen testing companies but other companies as well,
who will pay very good sums of money if you can make their programs fully undetectable by antivirus programs. Down below the RATs, remote administration
tools. Now they themselves are not some sort of hacks, or anything of a kind,
they just basically put them on a USB stick, or something of a
kind, send them in the mail, send them and share them in a zip file, and in such a
way that’s just one of the ways to infect other
computers, other devices, enslave them, convert them into your slaves, into
the slaves to the main server, wherever that might be, wherever you might set it
up, and then you can use all of those computers to conduct all sorts of
activity. This is very good because it anonymizes you to a very
large extent, it is very difficult to track you, it’s very difficult to track
somebody down, whoever is doing this, primarily because the users who are
infected they have no idea that somebody else is controlling their devices,
because nothing is really happening on your desktop. You can’t really see all
the processes running are being run in the background, and your processor is
executing them, the only way to see it would be basically to start up a
task manager, or something of a kind, and then see the running processes and
perhaps you could spot it there, but not even there if somebody has implemented a rootkit. So a rootkit is a tool, basically, which
you install on to an operating system, and it is able to hide running processes
from the system itself. So when you for example start a task manager in Windows,
or something of a kind, the purpose of a rootkit would be to hide the processes
from the task manager. Basically, how it works is that the task manager requests
information from the system, from the kernel, and then the kernel of the system
responds which is the core of the system where all the drivers and the key
functionalities are. The kernel of the system then responds hey, I have this,
this, this, and this process running, here you go, but what a rootkit would do is redirect those requests from the task manager to
itself, and would basically say, I don’t have such processes running. So, very, very dangerous and potent combinations here that we will use later on as we progress
through this tutorial, but for the time being I just wanted to give a bit of an
introduction to it and give you an idea of what we shall be doing through some
of these basic terms and concepts. Next up, we have phishing attacks.
Now phishing attacks are basically when you apply some sort of bait, somebody
bites it, then you pull on it. Simple as that, right, the same way you go
fishing. Well, not quite. Phishing attacks would be when you get an email from someone and there’s a link in
it, you click on it, and it throws you somewhere, I don’t know, onto some website. It perhaps looks like something legit. It perhaps looks like a website that
you are using, or something of a kind, but it is not, and you pass in your
credentials and that can be a problem. But this is generally avoided today. This
is not something that happens in such a way. Rather instead, what happens these
days is that the DNS servers get changed on your routers, and once that happens
all the requests that you make on your web browser would get redirected. So, for
example, if you type in facebook.com you’re gonna get a domain with
facebook.com from some private DNS server, god knows where,
whose MX records are altered, and they have been configured for example to make redirections to interpret, sorry not redirections
but rather instead to interpret facebook.com to a certain IP address
that does not belong to Facebook, or anything like that. So you open up your Facebook, it looks exactly the same, there is no way to tell
because in the upper left corner of the screen you have the domain name
written, it’s www.facebook.com, and basically you provide login credentials.
Once you do that they’re gone, somebody has them. One of the one of the ways to
detect this, even though it’s very, I mean it’s not hard but nobody really pays any
attention to it, in the upper left corner you might check whether the protocol is
HTTPS instead of HTTP. Because usually if these kind of attacks are conducted it’s
not going to be HTTPS as that is alot harder to implement. But if it is HTTPS,
they really wouldn’t be any legit way of figuring it out
other than actually checking the keys, checking their certificates, and nobody
actually does that. I mean well, maybe not nobody, but 99% of users out there are
not gonna bother to go about conducting such checks. Anyway, I know it sounds a
bit complex, but believe me I will explain this in great details, I will
give you several demonstrations, and by the end of this course you will
understand and know how to do this with great ease. It will not present a
significant obstacle in your line of work. Excellent! Now that we have
approximately half of these terms out of our way I will continue to deal with
them in the follow-up tutorial, and I hope to see you all there.