NOTE: Go directly to jail. Do not pass GO. Do not collect $200.
Various hacking activities may be punishable by law: Make sure you do not do anything that will land you in jail. Good intentions do not suffice - breaking in, or even probing, may still be a transgression even if it is done just in order to detect weaknesses and tell the system administrator about it.
On march 24, 2016 the US Department of Justice charged seven Iranian individuals who were employed by two Iran-based computer companies, ITSecTeam (ITSEC) and Mersad Company (MERSAD), that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps, on computer hacking charges related to their involvement in an extensive campaign of over 176 days of distributed denial of service (DDoS) attacks:
The Attack Process
- Perform reconnaissance /profiling) on the target /Scan the target organization’s network.
- Research vulnerabilities.
- Perform the attack.
- snoop / decrypt
- break in
- deny service
- Create a backdoor.
- Cover tracks
Tools: There are a number of tools that can be used in the process, including ping, phising simulators, password cracking tools and tools such as NMAP, Wireshark, Metasploit, Nessus, Aircrack, Snort and so on
Scan/Research Vulnerabilities Activity
- Download the NMAP tool from www.nmap.org.
- Install the tool on your computer.
- Start the NMAP tool and select Ping scan.
- Select an IP address for a known system on the network and use NMAP to send pings to the device. Click Scan. NMAP will scan target systems.
- On the NMAP tool, select Regular scan and then click Scan. NMAP will scan commonly used ports and display what open ports were found.
The Attack – Password cracking
Attack - DoSYou can launch a DoD attack using a number of tools, such as ping or Swithcblade
pingsends one or more ICMP ECHO packets to a given host and times how long it takes before the echo arrives. Uses:
- Find out whether the host is reachable (and, in particular, up); if one does something bad to a host, and ping reply stops, then the host may have crashed.
- Study the details
of the reply in order to fingerprint the remote IP stack (e.g. via
ping -c 1 host: send a single packet only). In particular the TTL (time-to-live) field in ping replies is often used to distinguish between systems. (Windows 95 uses TTL=32. Most other Windows systems use 128. Various Unix-like systems use 64 or 255. For each hop the TTL value is decreased by one.)
- Flood ping:
ping -f host: send a hundred packets per second to the remote host, probably to see how it keeps up under load, or to contribute to a DDoS attack.
- Smurf : A stronger version is the smurf attack, where one pings the broadcast address of a large network, giving as spoofed sender address the address of the victim - now a single packet sent will cause several hundred (or thousand) packets to be received by the victim. An effective denial-of-service attack. (Cf. rfc919, rfc2644.)
Attack – Ransomware
For ransomware attack, review the following:
- CryptoLocker ransomware – see how it works, learn about prevention, cleanup and recovery
- IBM: What you need to know about ransomaware: CyptoLocker, CryptoWall
- TOX, ransomware toolkit: http://thehackernews.com/2015/05/ransomware-creator.html
- Using PowerShell To Simulate A Ransomware Attack - http://www.workingsysadmin.com/using-powershell-to-simulate-a-ransomware-attack/