Ethical Hacking Starter Kit

DEAR READERS,

Starting a career as an ethical hacker can be a daunting task. The number of resources available on the internet is endless and it can be hard to find the best tutorial. To make things easier for you we prepared a special ethical hacking starter kit that contains ten tutorials about various parts of offensive security. Let’s see what’s inside!

We start with Cross-Site Scripting (XSS) flaws and focus on Blind XSS, where you will see how one of the most popular web app attacks works. What’s more, the authors created their own safe vulnerable application environment to show progress.

Moving next, we have Raspberry-Arduino Bluetooth communication and Bluetooth Attacks, the authors focused on the offensive side showing how attacks such as Man-in-the-Middle, sniffing, and replay can affect BLE. After learning about vulnerabilities in the second part of the article, you will learn how to secure those devices.

Securing A Smart Home will show you how to hack wi-fi to breach security in your home. You will first study the risks of having a smart house but also its advantages, then you will see how to avoid being attacked. Finally, you will read about potential prevention methods.

The article about the Evil Twin Attack is a must-read. You will learn how to trick users into connecting to a fake Wi-Fi access point that mimics a legitimate network. Once a user is connected to an “evil twin” network, you as a hacker can access everything, from their network traffic to private login credentials.

Our journey into building undetectable Python ransomware is a special article where you will see what kind of methods can be used to create this dangerous type of malware. Of course, everything is done in a safe environment, and for educational purposes only.

There’s plenty more in this edition! You will learn what AhMyth (Android Remote Administration Tool) is and how to use it. For OSINT fans we have an amazing Introduction to SpiderFoot. If you are interested in password cracking we highly recommend How To Install, Configure, And Use Hashcat In An Azure VM Step-By-Step. You will have a chance to learn more about CeWL, a  tool that takes the input of a URL and, via automated methods, recursively parses and collects specific parts of web pages that it finds. And finally, we have an amazing write-up about a CTF Wargame - Mr-Robot.

As you can see, this month’s issue is packed with guides and tools that may come in handy! We hope you’ll find something that suits your needs best! We would also like to send gratitude to our contributors, reviewers, and proofreaders, who helped us create this issue!

Stay safe and enjoy!

Hakin9 Editorial Team

Table of Contents

Cross-Site Scripting (XSS) Flaws and Focus On Blind XSS

by Roberto CHEMAMA,  Antoine PLANQUE 

Indeed, the OWASP, an association that works on web application security, has published a list of ten major vulnerabilities that can be found in this environment. In 2021, this list was updated for the third time to reveal a categorization of these flaws. The one we are interested in in this article is the XSS flaw that goes from the A07:2017-Cross-Site Scripting (XSS) nomenclature to A03:2021-Injection.

---

Raspberry-Arduino Bluetooth Communication and Bluetooth Attacks

by Olivier Pauchont, Robin Hosking

Bluetooth Low Energy (BLE), also called Smart Bluetooth, is a well-established technology in the wireless devices market, used by many products and very convenient for users. However, by its nature and its many uses, it may be vulnerable to attacks such as Man in the Middle, sniffing, and replay. Our goal in this article is to study the BLE, reproduce some of these attacks to illustrate the limits of BLE and try to get some interesting reflection about its use and the possible improvements in its security. We will use two different tools: the open source BtleJuice framework developed by Digital Security and a Bluetooth sniffer. The first part of the article is dedicated to the establishment of Bluetooth Low Energy communication, and in the second part we will discuss possible attacks.

---

Securing a Smart Home

by MOHAMMADY Arvin,  OGANEZOV Alexandre 

To begin with, smart houses are part of the home automation field. These are homes where the equipment is automated. It means that all actions can be programmed remotely thanks to your smartphone or tablet. For example, imagine that you come back home, tired after a long day of work and then when you arrive, the lights are already turned on, as well as the coffee machine and everything you needed. This is a considerable savings of time and energy for the owner. However, the automation of a multitude of devices in a house inevitably involves risks, and that is precisely what this article is about. We will first study the risks that a smart house can set forth but also its advantages, then we will see how to avoid being attacked and finally, we will propose a solution to secure a smart house based on the study of human behaviour.

---

Introduction to SpiderFoot

by Jeff Minataka

In this article, we will be taking a look at the tool SpiderFoot. This comes in two versions, an open-source edition on Github and also an online version. For this article, we will be using the online (Cloud) version as it contains more features and also simplifies getting started across whatever operating system that you may be using. As long as you have an internet connection and a browser, you should be able to use this tool.

---

Evil Twin Attack

by Maya Sandra AIT YAHIA, Elisa CAZERES 

Many people use free Wi-Fi in order to connect to social networks, for example, or to an online bank. However, they aren’t all aware of the risk of danger to which they are exposed. This may seem trivial but public networks are sources of vulnerabilities. In situations where a malicious person wants to steal data, connecting to these networks increases the likelihood of being the victim. Unfortunately, you also have to be careful with private networks and be aware of some unusual signals. In this article, we will describe an attack that can be performed using vulnerabilities and the non-vigilance of users.

---

Our Journey Into Building an Undetectable Python Ransomware

by Barrault Victor, Ornella Fabi

This article focuses on the technical and theoretical side of building ransomware in Python. We do not recommend building such a program as we wrote this article in order to better understand the train of thought of a malicious person. To reproduce the tools we built, you will need a virtual machine, or your own computer if you like taking risks. You will also need Python, gcc and clang installed, as well as at least pyinstaller.

---

There’s a Ghost in My Machine - The AhMyth Ghost

by Byron Gorman

We can hack into any Android across the internet if we have the ability to build a simple APK. The most important thing is to have the ability to monitor and control a device without the subject knowing. This can be helpful in several circumstances and can help people who wish to monitor their devices that have been distributed to employees and other people or to monitor someone for investigation purposes. No matter what the reason is, we will learn how to achieve this deployment. Cyber Ghosting means deploying and controlling a system without the end-user being aware that they have been compromised. So we are going to dig up our first ghost and find it a home to haunt.

---

How To Install, Configure, And Use Hashcat In An Azure VM Step-By-Step

by José Pablo

There are many tools that allow us to crack hashes, such as John the Ripper, etc. But when the going gets tough, it's time to break out the big guns and, in this case, the almost unanimous winner is Hashcat, a free and open source tool that at the time of writing is running version 6.2.5 with a lot of good features. On the other hand, the real potential of Hashcat comes out when using machines with really high performance. We are talking about machines equipped with GPUs such as the nVidia Tesla V100, a graphics card that in its 32GB version is advertised on Amazon.com for over $12,000.00. It is not something that most of us can afford, so another way to enjoy all that power without hurting our pocket is by renting a cloud service that has this type of device. Again, we will have a range of cloud services that rent virtual machines with this equipment: Google Cloud Services, Amazon Web Services or Microsoft Azure. The latter is the service we will use on this occasion.

---

The CeWL Way To Scrape Webpages

by Gregory Haapaoja

As a beginner to the “hacking” industry, there are many tools you encounter where you have to determine this: how effective can this tool be against my target? If CeWL has come onto your radar, you have likely been researching ways to scrape information off of a website, maybe for open-source intelligence reasons, maybe you want to build a wordlist of common words the target uses, or maybe you just enjoy analyzing information (if you like hacking, I am sure you like this at minimum). This tool can be used for a multitude of reasons, and below we will dig into the most common use case, as well as additional functionality of the tool.

---

CTF Wargame - Mr-Robot

by Gabriel Lazo Canazas

In this article, we are solving one fun as hell wargame that has been created as a CTF type of challenge. The rules are simple:  BOOT2ROOT: This means the ultimate goal of this wargame is to gain root privileges. Get the Keys: There are three keys hidden inside the OS that are used to show progress and also to let you know you are on track. Not a rule but in order to have a fully functional attack - victim lab, both virtual machines should be configured as BRIDGED. There are different ways to get the same outcomes, so keep an open mind and enjoy the ride. Both machines need to be on a bridged environment