Hacking For Dummies Cheat Sheet

Not all hacking is bad. The security testing covered in this book reveals security weaknesses in your overall network environment. This Cheat Sheet provides you with quick references to tools, offers tips, and alerts you to commonly exploited targets — information you need to make your security testing easier.

Security testing tools you can’t live without

As an IT or information security professional, your toolkit is the most critical item you can possess against hacking — other than hands-on experience and common sense. Your hacking tools should consist of the following (and make sure you’re never on the job without them):

• Deep/dark web monitoring software/services, including Kaduu and myNetWatchman AD Credential Audit  

• Password cracking software, such as ophcrack and Proactive Password Auditor

• Network scanning software, such as Nmap and NetScanTools Pro

• Network vulnerability scanning software, such as Nessus and Nexpose

• Network analyzer software, such as Cain & Abel and CommView

• Wireless network analyzer software, such as Aircrack-ng and CommView for WiFi

• File and PII search software, such as FileLocator Pro and PII Tools

• Web application vulnerability scanning software, such as Burp Suite Professional

• Exploit software, such as Metasploit

Common security weaknesses that criminal hackers target

IT and security professionals should know the common flaws that criminal hackers and malicious users often check first when hacking into computer systems. Weaknesses, such as the following, should be on your shortlist when you perform your security tests:

• Unsecured building and computer room entrances, often with unprotected Ethernet connections into the corporate network

• Discarded documents that have not been shredded, computers with drives that have not been wiped, and storage devices that have not been destroyed

• Network perimeters with improper firewall protection

• Poor, inappropriate, or missing network share and file access controls and permissions

• Unpatched systems that can be exploited by malware or tools such as Metasploit

• Web applications with weak authentication mechanisms and input validation challenges

• Guest wireless networks that allow the public to connect into the production network environment

• Laptop computers with no full disk encryption

• Mobile devices with easy to crack PINs/passwords or none at all

• Weak or no application, database, and operating system passwords

• Active Directory credentials that have been compromised and posted to the deep or dark webs

• Firewalls, routers, and switches with default or easily guessed passwords

• Internet of Things (IoT) devices with exploitable weaknesses connected to the network unbeknownst to IT and security staff  

• No multifactor authentication (MFA) to helps facilitate password cracking

• Gullible and overly trusting users eager to click any link, open any attachment, or believe anything that a stranger instructs them to do

Commonly exploited ports

Common ports, such as TCP port 22 (SSH) and TCP port 443 (HTTPS), may be locked down or protected by a firewall or other means, but other ports may get overlooked and be vulnerable to criminals looking to get into your network. In your security tests, be sure to check these commonly exploited TCP and UDP ports:

• TCP port 21 — FTP (File Transfer Protocol)

• TCP port 23 — Telnet

• TCP port 25 — SMTP (Simple Mail Transfer Protocol)

• TCP and UDP port 53 — DNS (Domain Name System)

• TCP port 80 — HTTP (Hypertext Transport Protocol)

• TCP port 110 — POP3 (Post Office Protocol version 3)

• TCP port 1433 and UDP port 1434 — Microsoft SQL Server

• TCP port 3389 — Microsoft RDP (Remote Desktop Protocol)

• TCP port 8080 — commonly used for HTTP proxies

Tips for successful IT security assessments

You need successful vulnerability and penetration testing to protect your systems from exploitation. Whether you’re performing security tests against your own systems or for those of a third party, you must be prudent and pragmatic to succeed. These tips for security assessments will help you succeed in your role as an IT or information security professional:

• Set goals and develop a plan before you get started.

• Ensure all the right systems are in scope for testing.

• Look at your systems from all angles both with and without user authentication as well as with and without security controls in place.

• Get permission to perform your tests.

• Have access to the right tools for the tasks at hand. You can use free tools, and many of them are great. However, you often get what you pay for!

• Test at a time that’s best for the business.

• Keep the key players in the loop during your testing.

• Understand that it’s not possible to find every security vulnerability on every system.  

• Study criminal behaviors and tactics. The more you know about how the bad guys work, the better you’ll be at testing your systems for security vulnerabilities.

• Don’t overlook nontechnical security issues; they’re often exploited first.

• Make sure that all your testing is aboveboard and approved before getting started.

• Treat other people’s confidential information at least as well as you would treat your own.

• Bring critical vulnerabilities you find to the attention of management and other necessary parties and implement the appropriate countermeasures as soon as possible.

• Don’t treat every vulnerability discovered in the same manner. Not all weaknesses are critical. It’s not possible, or practical, to address all vulnerabilities. Evaluate the context of the issues found before you declare the sky is falling. It’s almost always a handful of vulnerabilities that creates the majority of risks.  

• Rather than merely accepting the risks, determining which compensating controls will work in your environment is the best approach.

• Show management and customers that security testing is good business and you’re the right professional for the job. Vulnerability and penetration testing is an investment to meet business goals; it helps find what really matters, address customer and business partner expectations, and comply with the various laws and regulations that truly help the organization over the long term.

‍