Protecting against delivery methods In this section, we will learn how to protect from delivery methods. We are going to use tools like  XArp , or static ARP table to prevent a  man-in-the-middle  attack, and avoid networks we don't know. Another precaution is to ensure that we are using the  HTTPs  when we download updates. This will reduce the risk of downloading a fake update. We are going to learn another tool that is useful, which is  WinMD5 . This program will alert us when the signature or checksum of the file has been modified in any way, which indicates that the file is not the original file. To check, we are going to download and run  WinMD5 , where we can compare signature and checksum for a file. If the values of signature and checksum are same, the file is safe. We can download WinMD5 using the following link: http://www.winmd5.com/ In the following screenshot, the highlighted part shows the signature of this tool: Now, if we go on...

  Fake bdm1 Update Now, we have an undetectable backdoor, but we still have not found an efficient way to deliver this backdoor to the target computer. In real life, if we ask the target to download and run an executable, it probably would not download and run it, so we are now looking at how to fake an update so that the user will want to download and install the executable on their machine. This scenario will work until we are in the middle of a connection. For example, when redirecting traffic via a mobile phone, when implementing a man-in-the-middle attack, or when using a fake network. In this section, we will look at DNS spoofing with ARP poisoning. This will mean we are in the same network as the target machine. In our example, the network is wired. We are going to use a tool called as Evilgrade to act as a server to produce the fake updates. Using the following link, we can download Evilgrade: https://github.com/PacktPublishing/Fundamentals-of-Ethical-Hacking-from-Scratch O...

  Testing the backdoor Now, we are going to test that our backdoor is working as expected. To do this, we are going to put our backdoor on our web server and download it from the target Windows machine. We are going to use this approach only for testing our backdoor. As we know that the Kali machine can be used as a website, so we are going to put our backdoor online and download it from the target computer. We will keep this download in a folder called evil-files, as shown in the following screenshot: Now, the backdoor which we created using the Veil-Evasion, stored in  var/lib/veil-evasion/output/compiled/ , need to copied and pasted into the  evil-files  directory. And that's it. We can download the file from Kali. To start the website or web server, input the following command in terminal: Here,  service  is the command, and  apach2  is the name of the web server. Now, we are going to hit Enter to execute the above command. Now, we will go to ...

  Listening for connections The backdoor which we created uses a reverse payload. To work the reverse payload, we need to open a port in our Kali machine so that the target machine can connect to it. When we created the backdoor, we set the port to  8080 , so we need to open  8080  port on our Kali machine. In this example, the name of our chosen payload is  meterpreter/rev_https . Now, we will split our screen and listen for incoming connections using the Metasploit framework. We will use the  msfconsole  command to run Metasploit, and it should generate output similar to the following screenshot: To listen for an incoming connection, we need to use a module in Metasploit which is  exploit/multi/handler . Use the following command to launch that module: Once this command launched, navigate to the  exploit/multi/handler  module. The most important thing that we want to specify in this module is the payload, which we do with the  set...

  Generating a Veil backdoor Now, we are going to generate Veil using the backdoor. First, we are going to run the  list  command, then we will type the use  1  command, as we want to use  Evasion . Now press  Enter , as we want to use the  15 th  payload, so we will run the  use 15  command, as follows: Now we are going to change the payload's  IP LHOST  to the IP address of the Kali machine using the following options. We have to run the  ifconfig  command, to get the IP address of Kali machine. Now we are going to split the screen by right-clicking and selecting  Split Horizontally  and then run the command. In the following screenshot, we can see that the IP of Kali machine is  10.0.2.15 , which is where we want the target computer's connection to return to once the backdoor has been executed: To set  LHOST  as  10.0.2.15 , we are going to write the  set  command follow...

  Overview of Payloads Once Veil is installed, we are going to look at its commands. The commands are straightforward as shown in the following screenshot. The  exit  allow us to exit the program,  info  is used to provide us the information about a specific tool,  list  is used to list the available tools,  update  is used to update Veil,  use  is used to enable the use of any tool, as shown in the given screenshot: In the above screenshot, we can see that there are two types of tools that are used in the Veil: Evasion:  This tool is used to generate an undetectable backdoor. Ordnance:  This tool is used to generate the payloads used by Evasion. This is more of a secondary tool. The payload is a part of the code, that does what we want it to. In this case, it gives us a reverse connection, downloads and executes something on a target computer. Now we are using the  use  command to enable the use of any tool. We ...

  Installing Veil In this section, we are going to learn how to generate a backdoor that is not detectable by antivirus. A backdoor is just a file, and when that file is executed on a target computer, it will give us full access to that target machine. There are a number of ways of generating backdoors, but we are interested in generating a backdoor that is not detectable by antivirus programs. This actually is not hard to do, if we use a tool called  Veil-Evasion . We are going to download the latest version of the  Veil , which is  3 , using the following GitHub link: https://github.com/Veil-Framework/Veil GitHub is a version control system that allows the programmers to post, share, and update source code. It is used a lot when downloading programs. Veil's repository can either be downloaded via GitHub's link or by copying it to our terminal. The following screenshot shows the GitHub's link that we have to copy: Now, before we download it, we actually want to stor...

  Client-side attacks In this section, we will learn about the Client-side attacks. It is better to gain access to a target computer using the server-side attacks, like trying to find exploits in the installed applications, or in the operating system. If we are not able to find the exploit, or if our target is hidden behind an IP or using the hidden network, in this case, we will use client-side attacks. Client-side attacks require the user to do something, like download an image, open a link, install an update that will then run the code in their machine. The client-side attacks require user interaction that?s why information gathering is very important. It gathers the information about an individual?s applications and who they are as a person. To do client-side attack successfully, we need to know the friends of that person, what network and website they use, and what website they trust. In client-side attack, when we gather information, our focus is the person, rather than their...