Hacking

EasyHackingforBeginners–HowtoHackComputers,PenetrationTestingandCracking

Security

Copyright2016byAndrewMckinsey-Allrightsreserved.

Thisdocumentisgearedtowardsprovidingexactandreliableinformationinregardstothetopic and issue covered. The publication is soldwith the idea that the publisher is notrequired to render accounting, officially permitted, or otherwise, qualified services. Ifadviceisnecessary, legalorprofessional,apracticedindividual in theprofessionshouldbeordered.

- From a Declaration of Principles which was accepted and approved equally by aCommittee of the American Bar Association and a Committee of Publishers andAssociations.

Innowayisitlegaltoreproduce,duplicate,ortransmitanypartofthisdocumentineitherelectronicmeansorinprintedformat.Recordingofthispublicationisstrictlyprohibitedandanystorageofthisdocumentisnotallowedunlesswithwrittenpermissionfromthepublisher.Allrightsreserved.

Theinformationprovidedhereinisstatedtobetruthfulandconsistent,inthatanyliability,intermsofinattentionorotherwise,byanyusageorabuseofanypolicies,processes,ordirectionscontainedwithinis thesolitaryandutterresponsibilityof therecipientreader.Under no circumstances will any legal responsibility or blame be held against thepublisher for any reparation, damages, ormonetary loss due to the information herein,eitherdirectlyorindirectly.

Respectiveauthorsownallcopyrightsnotheldbythepublisher.

Theinformationhereinisofferedforinformationalpurposessolely,andisuniversalasso.Thepresentationoftheinformationiswithoutcontractoranytypeofguaranteeassurance.

Thetrademarksthatareusedarewithoutanyconsent,andthepublicationofthetrademarkis without permission or backing by the trademark owner. All trademarks and brandswithin this book are for clarifying purposes only and are the owned by the ownersthemselves,notaffiliatedwiththisdocument.

TableofContents

Introduction

Chapter1:Hacking–TheFundamentals

Chapter2:PenetrationTesting–TheBasics

Chapter3:TheExploits

Conclusion

Previewof‘Apps:MakeYourFirstMobileAppToday-AppDesign,AppProgrammingandDevelopmentforBeginners’

Checkoutmyotherbooks

Bonus:SubscribetoTheFree10XYourPotentialToolkit

IntroductionI want to thank you and congratulate you for purchasing this book, “Hacking: EasyHacking forBeginners–How toHackComputers,PenetrationTestingandCrackingSecurity”

Thise-bookwillteachyouthefundamentalsofethicalhacking.Asidefromdiscussingthebasicsofcomputerattacks,thisbookwillalsoprovideyouwiththetoolsandtricksusedby elite hackers. Additionally, it contains detailed instructions, actual codes andscreenshots, thus, you canmaster the topics covered in this book without exerting toomucheffort.

Computer hacking requires advanced networking and programming skills. You won’tbecomeaskilledhackerifyoudon’tevenknowhowtouseJavaorscannetworkports.Tohelpyouhaveagreatstart,thise-bookwillgiveyouacrashcourseinprogramming.Afterreadingthisbook,youcanstartconductingpenetrationtestsandwriteyourownexploits.

Thanksagainforpurchasingthisbook,Ihopeyouenjoyit!

Chapter1:Hacking–TheFundamentals

Ingeneral, the term“hacking” refers to theprocessofaccessingacomputerornetworkwithouttheuser’sapproval.The“hacker”(i.e. thepersonwhoperformstheaction)useshis/herskillsandtoolstobreakthetarget’sdefenses.Accordingtocomputerexperts,themostdangerousaspectofhackingisthatitdoesn’tendoncetheunauthorizedaccesshasbeenestablished.Mosthackersexecuteanattacktostealinformation,destroysystems,orprevent authorized users from logging in. Because of this, hacking is considered as anillegalactivity.Manycountrieshaveexistinglawsthatprohibithacking.

However,itisimportanttopointoutthathackinghaspositiveaspects,too.Forexample,you can hack a computer or network to test its defenses. This process,which is called“penetration testing,” allows businesses and organizations to enhance their defensesagainst thebadguys.Someorganizations are actuallywilling to hire hackers as part oftheirsecurityteam.Withthisapproach,organizationsincreasetheirchancesofdetecting,stoppingandpreventinghackingattacks.

TwoKindsofHackers

Computerexpertsdividehackersintotwokinds–blackhatandwhitehat.Let’sdiscusseachkindofhackerindetail:

BlackHat–Thesepeoplehacksystemswithmalicious intentions.Theyuse theirskills to view/steal confidential information or bring the target network down. Insome cases, black hat hackers install keyloggers and other malware into theirvictim’scomputertocollectsensitiveinformation(e.g.creditcardnumbers,socialsecurity numbers, etc.). If you’ll ask someone to describe a hacker, he/she willlikelydescribeablackhatone.

WhiteHat –Awhite hat hacker uses his skills and tools to help companies andorganizations. He/she performs harmless attacks to test the target’s defenses andfindpotentialweaknesses, thenhe/shewillsubmit the information to thebusinessownerornetworkadministrator.Thisway,theauthorizedpeoplecanimplementthenecessarychangesandstrengthenthenetwork’sdigitalsecurity.

Atthispoint,youshouldknowthatthereareonlytwomaindifferencesbetweenablackhat hacker and awhite hat hacker. These differences lie on the person’s intentions andwhether he/she has the user’s permission. White hat hackers hack systems to help in

boosting the targets’ defenses, thus, they need to get the permission from the networkowneroradministratorbeforedoinganyaction.Blackhatbackers,ontheotherhand,dotheirmagic“intheshadows.”Theyhacksystemsformaliciousreasons.

ImportantNote:Hackingcangetyouincarcerated.Becauseof that, thisbookwill focusonwhitehat (alsoknownas“ethical”)hacking.Thisway,youcanuseyourknowledgeandskillswithoutbreakingthelaw.

Chapter2:PenetrationTesting–TheBasics

Apenetrationtestisaprocesswhereahackerattemptstogaugethesecurityofanetwork.He does this by gathering information about the target and launching hacking attacks.Obviously, thehackerneeds to followcertainproceduresandusecomputerprograms tocarryoutthetest.Abstractknowledgeisn’tenoughtobreakanetwork’sdefenses.

Tohelpyoubecomeaskilledethicalhacker,thischapterwilldiscusstheexactstepsthatyouneedtotakewhenconductingapenetrationtest.Itwillprovidedetailedinstructions,explanationsandexamplestohelpyoumasterthetopic.Additionally,itwilltellyouthebest hackings tools for each procedure. Study this material carefully if you want tobecomeasuccessfulhacker.

Thischapterconsistsof threeparts: (1) reconnaissance, (2) toolsand(3)conducting thepenetrationtest.

Reconnaissance

Thisisthefirstpartofthehackingprocess.Here,youwillgatherinformationaboutyourtarget using different tools and techniques. Elite hackers consider this as the mostimportant aspect of any penetration test – the information gathered here helps inidentifyingthebestpointsofattackandthetoolsthatmustbeusedfortheprocess.Youcan significantly increase your chances of success by spending enough time in thereconnaissancephase.Herearethreetechniquesthatyoucanuse:

SocialEngineering

Basically, the term “social engineering” refers to the process of establishing a falserelationshipwithavictimtoforcehimtodothingsthathewouldn’tdoforstrangers.Forexample,youcanuseasocialengineeringattacktogetthephonenumberorcreditcardinformation of your targets. In this part of the book, you will learn about the socialengineeringtricksthatyoucanusewhilehackingnetworks.

TheMissingDrive–Thistrickissimpleandeffective.Whenusingthistrick,youjusthavetopretendthatyouhavefoundaUSBdriveinthetarget’sbuilding.You’lljustwalkuptothefrontdeskandinformthepeoplethereaboutthe“missingUSBdrive”thatyouhavefound.TheUSBdriveinvolvedheremaycontainamalicious

program (e.g. a keylogger or a remote console application). To enhance theeffectivenessofthistrick,youmayplacethetarget’slogoontheUSBdriveorwritesomeinterestingnoteonit(e.g.EmployeeBonus2016).

Yourmaingoal is toencouragethefrontdeskofficers toplugtheUSBdriveintoone of their computers.Once this is done, the program inside the drivewill runautomatically and install its contents onto the client. The delivery aspect of thistrickisclearandsimple.ThemostdifficultpartliesinpreparingtheUSBdrive.

TheMeeting–ThisattackaimstoinstallanunauthorizedWAP(i.e.wirelessaccesspoint) onto the target’s network. When conducting this attack, you need tocommunicatewithyourtargetpersonally.Here,youneedtosetameetingwithyourtarget (i.e.preferablyamanager)with thepretext thatyouareconsideringahugebusinesstransactionwiththecompany.Makesuretosetthemeetingafewminutesafterlunchandarriveabout45minutesbeforetheschedule.

Talktothereceptionistaboutyourmeetingandclaimthatyoucameearlybecauseyou did something in a place nearby. Then, have an accomplice call you on thephone.Once the call comes in, ask the receptionist about a placewhere you cantakethecallprivately.There’sagreatchancethatshewillofferyouaconferenceroom.GetinsidetheroomandinstallyourWAPontoawall jack.MakesurethattheWAPishidden.Lastly,connecttheaccesspointtothenetworkusingacable.

PhysicalPenetration

Accordingtoexperthackers,thebestwaytocollectinformationduringapenetrationtestisbyaccessingthetargetphysically.Thisapproachallowsyoutogathertonsofdataandconnectthesetothetarget’sdigitalinfrastructurewithoutworryingaboutbordersecurity.Obviously,attackingatargetbecomeseasyandsimpleifyoucangetinsideit.EventhegreatcityofTroyfellwhenawoodenhorsegotinsideitsterritory.

Inthispartofthebook,you’lllearnaboutseveraltechniquesthatyoucanusetogetinsideyour target. Keep in mind that these techniques help you in accessing the target, notattackingit.You’lldiscovertheactualattacksinthenextsection.

TheSmoker’sEntrance–Employeesareusuallynotpermittedtosmokeinsidethecompany’sbuilding.Becauseofthis,mostcompaniesplacetheirsmokeareascloseto a secondary entrance. Often, this kind of door doesn’t have any securitymechanism.

Hackersgetinsidethetargetbuildingusingthreethings-alighter,acigarettepackandahomemadeIDbadge.Itwouldbebestifyou’llspendsometimemonitoringandwatchingtheemployeesastheyenterandexitthebuilding.Thisapproachhelpsyouinmimickingthebehaviorsofthecompany’semployees.Makesurethatyourappearancesuggeststhatyouhavespentseveralhoursdoingyourtasksandexitedthebuildingjustafewminutesago.Neverdothistrickifyoulooklikeyoujustgotoutofthebathroom.

Checkpoints–Somecompanieshavecheckpointsthataremannedbyanemployee(e.g. reception area, guard desk, etc.). Often, visitors should get an appropriatebadge before entering the building. When it comes to high-rise or multi-floorbuildings,thedeskisoftenlocatedbetweentheentranceandtheelevators.Inhighsecuritybuildings,however,employeesandvisitorsneedtopassthroughamantrapor a turnstile. These setups sound intimidating. However, you can get past thesedefensivestructureseasilyifyouwilluselogicandcreativity.

◦Multi-tenantBuildings–Thestrategythatyouwilluseinthiskindofsetupisstraightforward.You’lljustgototheguard’sdeskorreceptionist,presentanID and state the reason for your visit. The person in charge will talk to theperson or company youwish to visit, confirm your appointment and tell youwheretogo.Usually,youwillreceiveavisitorbadgewithyournameandphotoinit.

The badge that you receivedwill allow you to get inside the building. If theplaceyouareattemptingtobreakindoesnothaveanIDsystemoranyturnstile,youcangetinsidetheelevatorseasily.Youcanmaximizethebenefitsofferedbyavisitorbadgebygoingstraighttothebagchecker/s.Thesepeoplewillseeyourbadge and think that you’ve been checked by the guard at the building’sentrance.Theguardat theentrance,on theotherhand,will likelyassume thathiscolleaguesintheupperfloorswillfacilitatethebagcheck.

◦Single-TenantStructures–Ifacompanyownsthebuildingitisin,itusuallyimplements itsownsecurityprocedures.Thatmeans thestrategy thatyouwilluseisdifferentfromtheoneoutlinedabove.Althoughyoucancheckthetypeofbadgesystemused,youonlyhaveonechancetogetintothebuilding.Youmayget past the target’s defenses by setting up an appointment. However, thesecuritypersonnelwill likelywalkyou to thecheckpointor lobbyandget thevisitorbadgeassoonasthemeetingisdone.

Accordingtoelitehackers,thebestwaytogetinsidethebuildingistoworkasa

group. This approach allows you to get past the checkpoint while youraccomplicesdistracttheguards.

InsiderAttacks

Thetechniquesdiscussedabovecanhelpyouingatheringinformationaboutyour targetandgettingaccesstoit.Inthispartofthebook,you’lllearnabouttheattacksthatyoucanusetoexploityourtarget.

ThePreparations–Theattacks thatyouwill executedependon the targetyou’retrying tohack. Ingeneral, you shouldworkusing the computers providedby thetargetandstartwithlittleinformationaboutthesecuritymechanismsimplementedinit.Assumethatyoucannotdownloadanythingfromtheinternet,thus,youshouldbring all of your toolswith you even before entering the target’s premises. StoreyourtoolsinaCDorthumbdrivesoyoucanhideandcarrythemeasily.

Becausethebuilt-inequipmentofyourtargetmaybecentrallycontrolled,partiallylockedorcompletelyhardened,youneedtobringbootablemediathatcanprovidehigh-levelaccesstothenetworkandlocalcomputer.Also,youshouldhaveaharddiskwithapre-installedOS (i.e.operating system).This toolbecomesextremelyuseful when you are working on a computer with full drive encryption andinaccessibleCMOS.

The Initial Phase – While doing a penetration test, you will surely encounter aWindowsmachine:alaptoporpersonalcomputerthatrunsonaWindowsoperatingsystem. This kind of machine is usually connected to a LAN (i.e. local areanetwork)andusesthedomainloginofMicrosoftWindows.Logintothecomputerandcheckthesystem.Usethe“fileexplorer”featureofthemachinetonavigatethenetwork.Youmayfindsomedrivesanddomainsyoualreadyhaveaccessto.

Themainobjectiveof an insider attack is to collect informationabout the target,thus, you have to search for files and servers with interesting names (e.g. HR,Payroll, Engineering, etc.). After discovering the limits of your access and theimportantpartsofthenetwork,youcanelevateyouruserprivileges.

GettingAdminPrivileges–Eachcomputerhasseveralpre-installedaccounts,someof which have high-level privileges. Often, the account with the highest accessprivileges is called “Administrator.” However, most network admins rename theaccounttoprotectitfromhackers.Ifyouencounterthiskindofdefensivestrategy,lookfortheusergroupcalled“Administrators.”Thisgrouphousesalmostallofthe

admin accounts in a computer, regardless of their name. You can check themembers of this group by accessing your command prompt and running thefollowingcommand:netlocalgroupAdministrators

The simplest way to access the admin account is to give it a new password.Resettingthepasswordwhilethesystemisrunningrequiresyoutoenterthecurrentpassword of the account. AllWindowsmachines protect user passwords so thatnoneof theuserscanviewitwhile theOSisactive.Thereareprogramsthatcanhelpyouinaccessingthepasswordfile,buttheymaytriggeranalertifyourtargethasanetwork-wideantivirussystem.

Toresettheadminaccount’spassword,bringaremovablestoragethatcontainsanOS.Plugtheremovabledriveintothecomputerandrebootit.Thistime,makesurethatthecomputerrunstheOSinsidethenewdrive.Sinceyouarenolongerusingthe computer’s OS, you can access the password file (also known as “SAM”).Usually, you’ll find the computer’s SAM file in this directory:Windows/system32/config.

Tools

This part of the book will focus on the tools that you can use when performing apenetration test. Here, you will learn about two powerful tools used even by the besthackers. These tools are called BackTrack and Metasploit. Let’s discuss each tool indetail:

BackTrack

Basically,BackTrackisaLinuxplatformdesignedforpenetrationtesting.Itiscompletelyfreeandcontainsthelatesthackingtools.Allofthepre-installedprogramshavethebestsettingsandtherequiredlibraries.Additionally,theseprogramsaregroupedaccordingtotheirfunctions.ThisisthereasonwhyelitehackersconsiderBackTrackLinuxasanall-in-onehackingtool.

ThisoperatingsystemisavailableasanISOfile.Onceyouhavethisfile,youcanburnLinuxintoadisc,writeitontoathumbdrive,bootitstraightfromavirtualmachine,orinstallitintotheharddiskofamachine.AlthoughthecontentsofBackTrackamountto5GBintotal,youcanuseitasanISOfile,which“weighs”1.5GB.BackTrackLinuxisacomprehensivehackingtoolthatcanrunonawiderangeofhardware,thus,youcanuseitonyourcomputerswithoutchanginganysetting.

HowtoInstallBackTracktoaDVDoraThumbDrive

ThedevelopersofBackTrackLinuxhadstoppedworkingonthisproject.Thus,theywon’tcreateimprovedversionsorfixtheexistingbugs.However,youcanstillgetthissoftwareforfree.Youjusthavetovisitwww.backtrack-linux.org/downloads/.Inthischapter,you’lllearnhowto“burn”BackTrackontoaremovablestorage.Yourcomputerneeds tohaveDVD-burningcapabilitiesbeforeyoucandotheinstructionsgivenbelow.

If you are using a Windows 7 (or later) computer, you won’t have to download anyprogram.YourOShasabuilt-inDVD-burningfunctionality.IfyouareusingaWindowsXP computer, however, you need to download a program that can burn data onto aremovablestorage.Thesedays,oneof thebest freeprograms is ISORecorder.Youcan

getthissoftwarefromhttp://isorecorder.alexfeinman.com/isorecorder.htm.OnceyouhavedownloadedISORecorder,right-clickontheISOfileofBackTrackandchoosetheoptionthat says “Copy Image toDisk”.The screenwill showadialogbox– just clickon thebuttonthatsays“Next”andyou’regoodtogo.

YoucanalsostoreBackTrackontoathumbdrive.Asyouprobablyknow,thumbdrivesare better thanDVDswhen it comes to speed and quietness. The bestway to create aBackTrack flash drive is to download and launch a tool called “UNetbootin.” Thisprogram allows you to create a bootable drive by extracting the contents ofBackTrackontoyourremovablestorage.

Metasploit

Metasploit is a framework that allowsyou to download, create and run exploits for theknownweaknessesofcomputersoftware.YoucangettheMetasploitframeworkforfree.This framework comes with built-in topnotch exploits for numerous computervulnerabilities.

HowtoGetMetasploit

TheMetasploit framework runs on BSD,Windows (through Cygwin), Linux andMaccomputers.Toget this framework, justvisitwww.metasploit.com/framework/download/.Thedownloadprocessmaytakesometime,dependingontheOSyouareusing.

HowtoUseMetasploit

TohelpyouunderstandhowMetasploitworks,let’sdiscussaweaknessofWindowsXPthat resulted to the super worm called Conficker. This vulnerability, calledMS08-067,allows you to install a command prompt onto the target computer, generate an adminaccount,andtriggeraremotecomputersession.

BeginnersshouldfocusonthefollowingMetasploitcommands:

use<name_of_exploit>show<payloads|exploits>info<payload|exploit>name_of_exploit

ImportantNote:YoucangetmoreMetasploitcommandsbyentering“?”or“help”.

ThefirstthingyouneedtodoisrunaMetasploitsearchforthetargetvulnerability.TheMetasploit command called “search” can help you with this task. Just type “search”followed by the vulnerability. For this example, you need to type “searchMS08-067”.Your screen will

showyouthis:

ThenameofthisexploitintheMetasploitframeworkiswindows/smb/ms08_067_netapi.Youshouldusethisexploitandsearchfortheoptionsthatcanmakeitwork:

Asyoucansee,thecommandpromptbecomes“exploitmode”assoonasyouchooseanexploit.Thesystemwillrememberallofthevariablesandoptionsthatyouwillsetfortheexploit,whichmeansyouwon’thave to repeat thingseach timeyouuse thatexploit. Ifyou want to go back to the original screen, just type “back” into the terminal. Here’sscreenshot:

Theoptionsavailabletoyoudifferbasedontheexploityouareusing.Herearetheoptionsthatyoushouldsettolaunchthecurrentexploit:

This exploit needs three things - the address of your target, the port usedbySMB (i.e.servermessageblock),andthepipethatexposesthefunctionality.Thecommandthatyoushouldenteris:

Basedonthecommandgivenabove,thesyntaxforsettingoptionsis:

set<name_of_option><the_option>

Aftersettingtheexploit,preparethepayload.Basically, theterm“payload”referstotheactivitythatwilloccuroncetheweaknesshasbeenexploited.Bysettingthepayload,youarespecifyingtheinteractionthatyouwanttohappenoncetheweaknessissuccessfullytriggered.

In thisexample,youshouldchooseapayload that launchesaWindowscommandshell.Yourscreenwilllooklikethis:

Asyourscreenshows,Metasploithasmultiplepayloadsthatcanlaunchacommandshell.Eachofthesepayloadshasdifferentfunctionalities.Becausethecomputeryou’reworkingondoesn’thaveanactive firewall, you shoulduseabasicbind_tcpexploit.Here is thecommand:

ImportantNote:Ifyourtargethasafirewall,youshouldlookforpayloadsthatcanforcethetargetcomputertolinkbacktoyourmachine.Issuethefollowingcode:

Iflaunchedusingitsdefaultsettings,theexploitwillcreateaportlistenerontheport444ofTCP.ThisallowsyoutoruntheWindowscommandshell.Yourscreenwill looklikethis:

Theprocessworkedperfectly.YoucanverifytheresultusingaWindowscommandcalled“netstat”.Accessthecommandpromptofyourtargetandissuethecommand.Thescreenwillshowyouthis:

ConductingthePenetrationTest

Inthispartofthebook,you’lllearnhowtoplan,structureandexecuteapenetrationtest.Additionally,you’llknowhowtosubmittheresultsthatyouwillget.

Let’sdividepenetrationtestsintotheirdistinctphases:

The Planning Phase– During this phase, you should consider the scope, type,locationandmethodologythatyouwilluseforthepenetrationtest.

◦ Scope–Thisisthemostcriticalpartoftheplanningstage.Beforehacking

yourtarget,determinewhetheryoushouldtesttheentirenetworkorjustasmallpart of it. You can’t create an effective plan if you don’t even know yourlimitations.

◦Type–Therearetwomajortypesofpenetrationtests:White-BoxandBlack-Box.Let’sdiscusseachtypeindetail:

▪ White-Box– In this kindof test, the hacker/s can access informationabout the target freely. For instance, the network owner may provide thehackerwith asset records andnetworkdiagrams. Inmost cases, companiesandorganizationschoosethistypewhenthetimeandbudgetallocatedforthepenetrationtestaretight.

▪ Black-Box–Here, thehackerdoesn’tknowanythingabouthis target.Often,hewillneedtobeginthepenetrationtestjustbyusingthenameofthecompanyororganization.This typeofpenetration test is themosteffectiveand realistic. Obviously, malicious hackers who want to access a networkwillstartwithnothing.

◦ Location–Thisaspecthelpsyoudeterminetheamountoftimeandeffortthatyouneedtospendforthepenetrationtest.

◦Methodologies–Implementatestingmethodologyifyouwanttomaximizethe results thatyouwillget fromyourefforts.Currently, thereare threemajorhackingmethodologiesthatyoucanchoosefrom.Thesemethodologiesare:

▪ISSAF–Thisisoneofthelatesthackingmethodologiesavailabletoday.Basically, ISSAF consists of several domains. It provides ethical hackerswithtestingandassessmentcriteriaforeverydomainitcontains.

▪ OWASP–Thismethodologyhasproducedpopularresources,standardsand trainingmaterials. It can alsoprovideyouwith thebest vulnerabilitiesandexploitsthatyoushoulduse.

▪ OSSTMM – White hat hackers consider this as the most popularmethodologytoday.Itcoversalloftheaspectsofapenetrationtest.Themainobjective of this methodology is to create a method that, if used, willguaranteeaqualitypenetrationtestregardlessofthetesterorthetarget.

The Structuring Phase - In this phase, you should identify the schedule anddescriptionofthehackingtechniquesthatyouwilluse.Youalsoneedtofinalizethepaymenttermsaswellastheoverallbudgetforthepenetrationtest.

The Execution Phase – Now that you have a detailed plan and structure, you’reready to test the target’s electronic defenses. Here are the main aspects of theexecutionstage:

◦GettingtheAccess–Youshouldhaveadetailedlistofalltheresourcesthatyouneedfromthecompanyororganization.Forinstance,youmayneedaroominsidethebuildingsothatyouandyourteammates(ifany)canexecutethetestwithout any disturbance. Youmay also request for an access to the network,internetconnection,severalcablesandsomecomputers.

◦ Setting Expectations – You and your client will experience differentemotionsduringapenetrationtest.Asahacker,youshouldcommunicatewiththePOC(i.e.pointofcontact)onaregularbasis.Limittheinformationthatyouwill share with your client. It would be best to complete the test beforedisclosinganythingtothenetworkowneroradministrator.Elitehackersfollowthissimplerule:“promiselessandachievemore”.

◦HandlingProblems–Differentissuesmaycropupduringapenetrationtest.For instance, you may accidentally bring down the network. In this kind ofsituation,youshouldcommunicatewiththePOCandsolvetheissueassoonaspossible. You also need to disclose any problem as soon as possible. Here’sanother principle that elite hackers follow: “bad things don’t improve withtime”.

TheReportingPhase–Aftercompletingthetest,youshouldsharetheinformationwithyourclient.Here’stheoutlinethatyouneedtousewhenpreparingthereport:

◦TableofContents

◦Summary

◦Themethodologyyouused

◦Findingsandtheirimpacts

◦Recommendations

◦Appendix(e.g.screenshotsanddetailedrecords)

Chapter3:TheExploits

An “exploit” is a program, which allows you to take advantage of a computervulnerability.You’ve learned about a powerful exploit framework calledMetasploit. Inthis chapter, you’ll learn about the basic exploitation concepts for Linux andWindowsmachines.ThisinformationwillhelpyoutotestthedefensesofcomputersthatrunonaLinuxorWindowsOS.

ForLinuxComputers

ThispartofthebookwillfocusontwoconceptsforLinuxsystems.Theseconceptsare:

LocalBufferOverflow

In this kind of exploit, you will trigger a buffer overflow in the targeted system andchangeitseip(i.e.extendedinstructionpointer).Keepinmindthatasystemeiplinkstothenextbatchof instructions thatyouwill run.Byaltering theeip’svalue,youwillbeable to run your instructions to your target computers.Here are the things you need totriggerabufferoverflow:

Shellcode – The term “shellcode” refers to a code that performs the hacker’scommands.Before,hackersusedshellcodesjusttosendbasicshellstotheinfectedcomputer.Thesedays,however,thistermcoverseverythingthatahackerwantstodoonhis/hertarget.

NOPSled–Inprogramming,“NOP”forcesthemachinetostandbyandproceedtothesucceedingcommands.Programmersusethisdeviceforpaddingpurposes.Forhackers,on theotherhand,NOPcanhelp in introducinganexploit’sbuffer.Thisstrategy, known as “NOP Sled”, forces the computer to work on the next codecomponents.

ReturnAddress–Hackersconsiderthisasthemostcrucialpartofabufferoverflowexploit.Thereturnaddressshouldbeperfectlyalignedandrepeatcontinuouslyuntiltheeipvalueisoverflowed.

FormatStringExploit

Hackers discovered this exploit back in 2000. In general, string errors are better thanbuffer overflows in terms of discoverability. You can spot string errors easily in yourbinary and source code analysis. These days, automated processes can detect andeliminate string errors.Hackers are now looking for better alternatives.However, sincethisexploit issimpleandbasic,youshouldunderstandthiscompletelybeforeanalyzingcomplexones.

Youwillfindformatstringsinformattingfunctions.Simplyput, theformattingfunctionmaybehavedifferentlybasedonthestringbeingprocessed.Herearesomeoftheformatfunctionsthatyou’llencounterduringapenetrationtest:

printf()–ThisfunctionprintstheoutputtoastandardI/O(i.e.Input/Output)device.fprintf()–Withthisfunction,youcanprintoutputstoyourpreferredfilestream.snprintf()–Thisfunctionallowsyoutosendyouroutputtoanexistingstring.Thisstringhasabuilt-inlength-checkfunctionality.sprint()–Usethisfunctiontosendyouroutputtoanexistingstring.

ForWindowsComputers

Inmost cases, you’ll behacking a computer that runson aWindowsoperating system.Yousurelyknow thatmajorityof thecomputers in thewholeworldareusingWindows(e.g.XP,Vista,7,etc.),thus,ifyouwanttobeasuccessfulhacker,youshouldknowhowtowriteyourownWindowsexploits.

WritingaWindowsExploit

In thispartof thebook,you’llwriteyourownprogram.Don’tworry ifyouhaveneverprogrammedanythingbefore.Thissectioncontainscodesanddetailedinstructions–youwon’texperienceanyproblemsincompletingthisexercise.

ImportantNote:YourcomputershouldhavethecommandshellofRuby.Ifyouareusinga Windows computer, you should visit http://rubyinstaller.org and download the latestversionofthesoftware.

Herearethestepsthatyouneedtotakewhenwritinganexploit:

Controllingtheeip–Inthisphase,testthevulnerabilityofyournetwork.Youcan

completethistaskbylaunchingaRubycommandshellandtyping“prosshd1.rb”.

ImportantNote:The“prosshd1.rb”scriptwillonlyworkifyourcomputerhasnet-scpandnet-ssh.Ifyourmachinedoesn’thavethese“rubygems”,youshouldopenaterminalandtype:geminstallnet-scp.Then,followitupwith“geminstallnet-ssh”.

Determiningtheoffset/s–Threethingsshouldhappenduringthisphase:

Yourdebuggerwillcatchanexception

Theeip’svaluewillholdaportionofthepreviousinstruction.

The “esp” (i.e. extended stack pointer) will hold some portions of thepreviousinstruction.

Determiningthevector–Yourattackwillonlyworkifyouhaveanattackvector.When an application crashes, you will usually find the buffer of one of thecomputer’sregisters.It’simportanttopointoutthatyoucancontrolthepartofthestackwheretheapplicationhascrashed.

Creating the “sandwich” – Here, you will combine the codes you’ve written tocreatean“exploitsandwich.”

Important Note: It would be best to write the shellcode after your NOP Sled.Metasploit shellcodes need some vacant space in the stack to complete theirdecodingprocess.

Debuggingtheexploit(i.e.ifnecessary)–Ifyourexploitcrashes,it’spossiblethatyour shellcodecontainsan invalidcharacter.This situationoccurseverynowandthenbecausethetargetedprogrammayreacttosomeofthecharactersyouusedinthecode.Thesereactionsmayalterorcancelyourexploit.

Youcanfixthisproblemeasily.Everythingwillworkoutasplannedassoonasyoulocateandreplacetheinvalidcharacter/s.Theeasiestapproachthatyoucanuseisreadingyourdebugger’smemorydumpandcomparingitwiththecodeyouwrote.Alterthescript,launchtheexploitandrerunthedebuggingprocedure.Repeatthisprocessuntiltheprogramworksperfectly.

Conclusion

Thankyouforreadingthisbook.

Ihopethisbookwasabletoteachyouthebasicsofcomputerhacking.

Now, you should practice your hacking skills by setting up virtual machines in yourcomputer.Thiskindof“hackinglab”willletyouimproveyourskillswithoutdestroyingyourmachines.

Finally,ifyouenjoyedthisbook,thenI’dliketoaskyouforafavor,wouldyoubekindenoughtoleaveareviewforthisbookonAmazon?It’dbegreatlyappreciated!

ClickheretoleaveareviewforthisbookonAmazon!

Thankyouandgoodluck!

Previewof‘Apps-MakeYourFirstAppToday-AppDesign,AppProgrammingandDevelopmentforBeginners’

Chapter 1 - App Development: The Things You ShouldKnow

Developinganappisacomplextask.Itinvolvesvariousfeatures,languages,dimensionsandplatforms.Thise-bookwillteachyoutheprinciplesandtechniquesthatyoucanusetocreate robustapplications.Specifically,youwill learnhowtocreatemobileapps thatcanconnecttoremoteservicesandrungadget-specificfeatures.Byreadingthismaterial,you’lldiscoverthe“what,”“why,”“when,”and“how”ofdevelopingmobileapplications.

Inthischapter,youwilllearnaboutthebasicsofappdevelopment.Itwillarmyouwiththefundamentalfactsandideasrelatedtothecreationofapps.

TheCosts

Developinganappinvolvesdifferent typesofcosts.Youneedsoftwareandhardwaretostart developing an application. You also need machines to test your software.Additionally,ifyou’replanningtoreleaseyourappstothemarket,youneedtoestablisha“marketaccount.”

Let’sdiscussthecoststhatyou’llencounterwhiledevelopinganapplication:

Hardware

Tocreateexcellentapps,youneedtogetanIntel-basedMacintoshcomputer.ThiskindofmachineallowsyoutobuildiOSversionsofyourappsquicklyandeasily.Inaddition,youcaninstallaWindowsoperatingsystemonyourIntel-BasedMacusinga“virtualizationsystem”(e.g.VMWareFusion).

Aside from the computer, you also need to get several monitors.While debugging anapplication, you need to analyze your source code and interactwith the program.Mostdevelopersusethreemonitors:theyrunasimulator/emulatoronthefirstone,anIDEon

thesecondandinstructions/documentationsonthethird.

You should know that simulators and emulators are excellent tools.However, they alsohavedistinctweaknesses.Ifyoureallywanttobeasuccessfulappdeveloper,youneedtogetanemulatorandasimulatorforeachdeviceyou’redevelopingfor.

Software

While developing an application, you’ll experience some overlaps regarding software.You should get a Mac computer to build iOS apps, a Windows computer to buildBlackberryapps, andEclipse tobuild Java-basedprograms.Youcanuseyourpreferredtexteditor(e.g.Notepad)forbuildingHTMLcontentforPhoneGap.

Thelistgivenbelowwillshowyouthemostpopularmobileplatformsandthesoftwaretheyrequire:

iOS–xCode4(orhigher)andiOSSDK

Android–EclipseandAndroidSDK

Windows–ExpressionBlend,VisualStudio,andWindowsPhoneSDK

Titanium–Androidsoftware,TitaniumStudio,iOSsoftware,andTitaniumMobileSDK

PhoneGap – iOS software, Android software, PhoneGap plugin, and WindowsPhonesoftware

FrameworkTextEditor–Notepad++(forWindows)andTextmate(forMac)

DeveloperAccountsandMarketLicenses

The list given below shows information about the accounts required in developing amobileplatform.Currently,appdeveloperspayabout$100/platformperyear.

Android–Youneedtovisitthissite:https://market.android.com/publish/signup.Inthisplatform,you’llgetseventypercentoftheapp’sprice.Theremainingamountwillgotothecarrier/sandcredit/debitcardprocessors.iOS–Visitthissite:http://developer.apple.com/programs/start/standard/create.php.Thisplatformallowsyoutodevelopappsforuptoonehundredgadgets.Youwillgetseventypercentofthetotalsales.Youwon’thavetopayforanycostregardingappdistribution.

Windows Phone – Check this website: http://create.msdn.com/en-US/home/membership. You can submit any number of paid applications to thisplatform.However,thefreeappsyoucansubmitarelimitedto100.Thirtypercentofthetotalsaleswillgotothedistributor.Theremainingamountwillbecreditedtoyouraccount.Titanium – Here is the site that you need to visit:https://myappceleratorcom/auth/signup/offer/community. This platform doesn’trequireanyfee.

Clickheretocheckouttherestof‘Apps-MakeYourFirstAppToday-AppDesign,AppProgrammingandDevelopmentforBeginners’onAmazon.

Orgoto:http://amzn.to/1Mnw8cx

CheckOutMyOtherBooks

Below you’ll find some of my other popular books that are popular on Amazon andKindleaswell.Simplyclickonthelinksbelowtocheckthemout.Alternatively,youcanvisitmyauthorpageonAmazontoseeotherworkdonebyme.

Style: The Lady’s Guide to French Style, Fashion and Beauty- Get Dressed to LookCharmandElegant

Survival-TheAdvancedSurvivalGuidetoSurviveAnywhereintheWorld

Interview: Get Your Desired Dream Job- Learn How to Prepare Job Interview,MasterInterviewSkillsandAnswerAllInterviewQuestions

Apps: Make Your First Mobile App Today- App Design, App Programming andDevelopmentforBeginners

Marriage: Save your Marriage Today- Rebuild Connection, Intimacy, Trust, Love andCommunication

Body Language: Master The Art of Reading People’s Mind through NonverbalCommunicationandBodyCues

Hacking:EasyHackingforBeginners-HowtoHackComputers,PenetrationTestingandCrackingSecurity

Photography A Complete Beginner’s Guide on Taking Amazing and StunningPhotographs– Gaining Creative Control, Mastering Aperture, Shutter Speed, ISO andExposure

PaleoDiet:20Best,DeliciousandEasyPaleoRecipesandPaleoDiet forBeginners toLoseWeightEffectively

HowtoLearnSocialDynamicsandThe8QualitiesthatNaturallyAttractWoman

GettheGirltoChaseYouandBuildEmotionalConnectionwithHer

Getting Beautiful Woman into Bed & Keeping a Relationship with Her, CalibrationTechniquesandBuildinganAttractSocialLifestyle

How toApproachWomen,StartaConversationandbe theMost InterestingGuy in theRoom

TheProductivityKit:The4SimpleStepstoMaximizeProductivity,StopProcrastination,EliminateDistractionsandWorkintheStateofFlow

Ifthelinksdonotwork,forwhateverreason,youcansimplysearchforthesetitlesontheAmazonwebsitetofindthem.

Bonus:SubscribetoTheFree10XYourPotentialToolkit

WhenyousubscribetoBeyondMediocrityviaemail,youwillgetfreeaccesstoatoolboxofexclusivesubscriber-onlyresources.Allyouhavetodoisenteryouremailaddresstotherighttogetinstantaccess.

Thistoolboxofresourceswillhelpyougetmoreoutofyourlife–tobeabletoreachyourgoals,havemoremotivation,beatyourbest,andlivethelifeyou’vealwaysdreamedof.I’malwaysaddingnewresourcestothetoolboxaswell,whichyouwillbenotifiedofasasubscriber.Thesewillhelpyoulivelifetothefullest!

Herearethedetailsofwhatyou’llget:My12-StepMorningRitualProcessToBeingUnstoppableEveryday(Video&Article). In this35minutevideo, Iwillwalkyou throughstep-by-stepmyentiremorning ritualprocess,andhelpyoubeabletocreateyourowntostartyourdaybeingmotivated,happy,andproductive.

My 7-Step Proven Method to Creating the Life of Your Dreams (Video, Article &Spreadsheet). Follow these 7 proven steps to create an ultimate vision, purpose, andactionplanforeachareaofyourlife.Thisplanningprocesswillgiveyouanincrediblesenseofclarityforwhatyoureallywantforyourlifeandwillhelpyoumakeitareality.

How toChangeAnyNegativeBehaviourorEmotion Instantly (Video&Article). Thissimple exercisewill giveyou the ability to change anynegativebehaviour, emotion, orpatternthatiscurrentlyholdingyoubackinyourlife(suchas,procrastination,depression,sleepingin,etc…)andbeabletoreplaceitwithanempoweringalternative.

The6StepstoEmotionalMastery(Article).Thequalityofyourlifeisthequalityoftheemotionalstatesyoulive inconsistently. Thisarticlewillhelpyoutobeable tomasteryouremotions,whichwillgiveyoumorefreedomandfulfillment.

Togetinstantaccesstotheseincredibletoolsandresources,clickthelinkbelow:

Clickhereforthe10XYourPotentialToolkit.

Oryoucanaccessithere:http://bit.ly/1TXNsGS