Month: March 2018

To get started on ethical hacking, we must first get our computer environment ready. We’ll be needing Kali Linux for the rest of the class. So what we need to do is download a Virtual Machine. On my case, I use Oracle VM VirtualBox.

1. Go to https://www.virtualbox.org/wiki/Downloads and click on the link that corresponds to your current operating system. Download it and install.

2. Once the installation is done, we’ll have to Kali Linux file. Get the file from www.kali.org/downloads/ and find Kali Linux 64 bit Vbox.

We’ll then be redirected to https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/. Click on Kali Linux Virtual Box Images and click on Kali Linux Vbox 64 Bit [OVA]. The download takes awhile as it’s a very big file.

3. After the download has finished, open the virtual box that we installed previously.

Click on File and then Import Appliance.

Browse for the Kali Linux OVA file and then click next.

4. After finishing all the steps, we can finally use Kali Linux. Click on Kali Linux and then click start or just double click it.

If you ever get an error like below, then you must install the extention pack also available on https://www.virtualbox.org/wiki/Downloads.

Double click on the file that’s already finished downloading. This will show.

Click install and finish any requirements, and we’re all set.

The default name for it is root and the password is toor.

In our current time, it is inevitable that technology-based activities are rising. Almost everything we do now is technology-based from communicating, commuting, transactions, etc. Of course from these actions, we may have given our private data knowing and unknowingly. Not only us, big corporations must have an internal data. But that rises a question. Is it safe?

A lot of us think that our data is safe and sound, stored somewhere that even we don’t know. The truth is, a lot of it still isn’t. We still hear cases where companies or people get their data leaked. Most people say that they got ‘hacked’. Let us get this straight first. Hackers are ethical professionals who gets into our security system to later upgrade the security itself while crackers get into our system and get data for their own benefits, which is illegal and unethical to do.(Sethna, 2016). So to put it in simple words, hackers are the good guys and crackers are not. There are also other terms for hackers, Black Hat and White Hat hackers. A Black Hat is similar to Crackers and a White Hat to an Ethical Hacker.

So now that we solved the first question, another pops up. What can we do to keep our data safe? We could increase our security by hiring a hacker or even hacking ourselves. If we ever want to do it by ourselves or help others, we could do it by learning how to do it.

Ethical Hackers try to enter the system by penetration testing (pen test). What is pen test? It is a legal activity that is done by an ethical hacker without violating the rules. Usually, an ethical hacker does this with an agreement that has been made by a company or the other party to get in their system.

An even deeper dive in pen test is security test. Security tests are done in order to strengthen the system’s security. Giving solutions to the company of what can be done to resolve security problems.

Aside from the agreements that can be made with a company, there are also a set of laws. It is different in every country. In Indonesia for instance, they use UU ITE No. 11 2008 and UU ITE No. 16 2016. It is crucial for each and every ethical hackers to read the laws for the current country they live in to make sure they don’t violate anything.

Another thing I would like to brush up on is about 10 steps in Ethical Hacking Cycle. In a short review, the Ethical Hacking Cycle are steps that Ethical Hackers might need to follow in order to increase the chance of success. Here are the 10 steps:

1. Target Scoping: Defining the objectives, requirements, limits and plans of the test.
2. Information Gathering: Gather information about the target using public resources.
3. Target Discovery: Gathering information about the target’s system architecture.
4. Enumerating Target: Search for openings on the system.
5. Vulnerability Mapping: Identify and analyze any vulnerabilities found.
6. Social Engineering ( Optional ): Tricking the target’s employee, or just the target, so that he/she makes the openings for us. This step focuses on the ‘people’ layer of the target.
7. Target Exploitation: Getting into the system.
8. Privilege Escalation: Gaining higher access of the system. Usually, Ethical Hackers try to get the root access.
9. Maintaining Access: Making sure that we still have access. Usually by not doing something suspicious or strengthen the defense against other hackers.
10. Documentation and Reporting: Making a report based on our findings with documentation and also giving the solution on how to prevent future attacks.

But the most important thing to do before performing any hacking, we have to get the owner’s or company’s written consent/agreement to hack in their system.

References

Sethna, J.(2016, July 16). Hackers vs Crackers: Easy to Understand Exclusive Difference. Retrieved from: https://www.educba.com/hackers-vs-crackers/