Hacking_ How to Hack - Ultimate Hacking - Harry Jones

(1)

(2)

A Basic Guide of How to do Hacking –

for Beginners

In no way is it legal to reproduce, duplicate, or transmit any part of this document in either electronic means or in printed format. Recording of this publication is strictly prohibited and any storage of this document is not allowed unless with written permission from the publisher. All rights reserved.

The information provided herein is stated to be truthful and consistent, in that any liability, in terms of inattention or otherwise, by any usage or abuse of any policies, processes, or directions contained within is the solitary and utter responsibility of the recipient reader. Under no circumstances will any legal responsibility or blame be held against the publisher for any reparation, damages, or monetary loss due to the information herein, either directly or indirectly.

Respective authors own all copyrights not held by the publisher.

Legal Notice:

This book is copyright protected. This is only for personal use. You cannot amend, distribute, sell, use, quote or paraphrase any part or the content within this book without the consent of the author or copyright owner. Legal action will be pursued if this is breached.

Disclaimer Notice:

Please note the information contained within this document is for educational and entertainment purposes only. Every attempt has been made to provide accurate, up to date and reliable complete information. No warranties of any kind are expressed or implied. Readers acknowledge that the author is not engaging in the rendering of legal, financial, medical or professional advice.

By reading this document, the reader agrees that under no circumstances are we

responsible for any losses, direct or indirect, which are incurred as a result of the use of information contained within this document, including, but not limited to, —errors, omissions, or inaccuracies.

(5)

Introducing Computer Hacking

What is compute r hacking?

In the cyber security era, the professional who is able to find out the weakness in the system and can exploit it to

accomplish his objectives is called as Hacker and this process is called Hacking.

Now a days, people think that hacking is just hijacking any account of exploiting any website, although it is also a

part of hacking but it can’t be considered as main part of hacking.

So now need to think that what exactly hacking is and what should anyone do to become a professional hacker.

Self-interest is the main point to become the hacker and you should always be keen to learn and create something

new.

He re are the diffe re nt kinds of hacke rs in the cybe r se curity world.

Script Kiddie s

Script Kiddies are the persons who use tools , scripts, methods and programs created by real hackers. Now it is

easy to say that the person, who doesn’t know the working of the system can also exploit it with the already

available tools.

White Hat Hacke r

There are some good guys in the hacking world who work for defensing are White Hat Hacker. Their main

purpose of is too find the security flaws and fix them which in turn improve the security of the system. They work

for an organization or individually to make the cyber space more secure.

Black Hat Hacke r

There are some really bad guys too who have malicious intent are called cyber criminals. They are known as

Black Hat Hacker. They have the objective to steal money and infect systems with malware. They use their

hacking skills for illegal purposes.

Gre yHat hacke rs

(6)

are actually don’t have bad intentions but still they like to break into third-party system for fun only or to just show

the existence of vulnerability.

Hacktivists

Few hackers are there who use their hacking skills to protest against injustice. They attack a targeted system or

website to bring the justice. One of the popular hacktivists is Anonymous and RedHack

History of Hacking

In this computer security world, who specially focuses on the security mechanisms of computer and network

system is called hacker. Mass media and popular culture are there who seek access despite these security

measures can be included in the list of hackers who always tries to strengthen such mechanisms. Although media

portrays the ‘hacker’ as a villain, but some of part of the subculture see their objective is to correct security

problems and they take this word in positive sense.

The name White Hat has been given to the ethical computer hackers, who use hacking in a helpful way. For

Information security field white hackers have become mandatory part. They work under the guidelines which

suggest that the breaking into other people’s computer is bad, but it is still an interesting activity to discover and

exploit security mechanisms and break into computers that can be done ethically and legally.

The subculture around such hackers is known as network hacker subculture, or computer underground. This

subculture surrounding was initially developed in context of phreaking during 1960s.

The word “hacker” was first used in the title “The Hacker Papers” in an article in the month of August in 1980 in

Psychology Today (With commentary by Phillip Zimbardo). It was the part of the discussion held by Stanford

Bulletin on the addictive nature of computer use. In the 1982 film Tron, Kevin Flynn clarifies his intentions to break

into ENCOM’s computer system by saying that “I have been doing a little hacking here”. He uses the software

called CLU to do this activity. Although inn 1983, hacking was already been used as computer jargon in the sense

of breaking the computer security but public awareness was not there about such an activity. This matter came

into public awareness at the time of the release of the film WarGames that year, which raised the belief that

(7)

In that year this threat became real when the hackers group known as The 414s (includes teenagers) in Milwaukee

broke the security of computer systems throughout the United States and Canada which included some of the

famous places like Los Alamos National Laboratory and Security Pacific Bank. This case quickly captures the

media’s attention. A teenager Neal Patrick emerged as a spokesman of the gang who covered a story in

Newsweek by the title “Beware: Hackers at play” with Patrick’s photograph on the cover. That Newsweek article

was the first one to use the word hacker by the mainstream media in the detractive sense.

At that time, Dan Glickman was the first person who was called to investigate and began to work on the new laws

against computer hacking.

In that year six bills concerning computer crime were introduced in the U.S House of Representatives when Neal

Patrick was testified in front of them on September 26, 1983 about the threat of computer hacking. At that time

white hat, grey hat and black hat hackers tried to distinguish themselves from each other depending on the legality

of their activities which was in turn the result of these laws. These conflicts are expressed in The Mentor’s “The

Hacker Manifesto” published in 1986 in Phrack.

Security Threats that may affect Your Computer Systems

The threat which leads to loss or corruption of data or physical damage to the hardware and infrastructure is called a computer system threat.

Two kinds of threats are described here.

a.)Physical Threat: This threat leads to the damage or loss of the physical

computer system whether hardware or infrastructure. It has 3 main categories.

1. Internal: This threat includes fire, unstable power supply and humidity in the room of the hardware.

2. External: These threats include earthquake, flood and lightening.

3. Human: Theft, disruption, accidental or intentional human errors comes under this.

b.)Non-physical threat

Non-physical threat is the cause of an incident which may result in: Loss or corruption of computer data

Disrupt business operations. Loss of sensitive information

Logical threat is another name of Non-physical threat.

Virus Trojans Worms

(8)

Phishing Spyware Key loggers

Distributed Denial of Service Attacks

Un-authorized access to computer systems resources such as data Denial of Service Attacks

To get rid of above mentioned threats, a company has to take some security measures. Some of them are defined below:

To protect against the Virus, Trojans, Worms etc, a company should not only

implement the anti-virus in their computer systems but also should avoid the use of external storage devices and visiting websites which can download unauthorized programs.

Authentication methods should be implemented to get rid of unauthorized access of the computer system.

To protect against the denial of service attacks, the intrusion detection systems can be implemented.

Understanding basics of tools for ethical hacking and skills required by the Hacker

To achieve your desired goals within available time and resources you need to have the skill. You need to grow your skills to get your job done. These skills include learning how to solve the problem, how to program, keen to learn new things, use the internet and take the advantage of existing tools

What is programming language:

The computer programs can be developed with the help of programming

language only. The computer programs have the wide range which can work on the operating systems or can operate on the network.

What is the need of learning computer programs:

Hackers are the problem solver and tool builders. So it is very

necessary for a hacker to learn the programming to solve different problems.

To automate several things, a hacker must need a computer

programs. But these programs the job can be done in minutes which usually take lot of time.

Programs can help you identify and exploit programming errors. There are already open source programs available over the

internet, so you don’t have to invent the wheel every time.

(9)

HTML: This language used to write webpages. It is a cross platform

programming language and this can be used for web hacking. Hackers can use this language to write the code which can be used to exploit and

identify weaknesses in the code.

JavaScript: This language is the client side scripting language and it is

also a cross platform programming language. This language can be used to read the saved cookies and perform cross site scripting.

PHP: This language is the server side language. This is also a cross

platform programming language. This is the most commonly used

programming language which can be used to make the changes in the web server settings and make the server vulnerable to the attacks.

SQL: This language is used to communicate with the database. It is also a

cross platform language. This language can be used to bypass web application login algorithms, to delete data from database.

C & C++: These languages come under high level programming

languages. These are also cross platform languages. They are mainly used for writing exploits and shell codes etc.

JAVA, C Sharp, VB: The use of these languages depends on your

scenarios. Although these are also cross platform language except VB(Visual Basic).

Different Hacking Tools:

There are so many hacking tools available in the market. Few of them are given below:

NMAP Project: This tool is used to explore networks and perform

security audits.

John the Ripper: This is a password cracking utility and it works cross

platform.

SqlMap: It automates the process of detecting and exploiting SQL

injection weaknesses. It is an open source and works cross platform.

Nessus: This tool can perform different activities like password

dictionary attacks, Denial of service attacks Etc.

Social Engineering behind Hacking

The human brain is not safe from hacking. Social engineering is the art of tricking users so that they perform certain harmful activities or reveal confidential

information to attackers.

What is Social Engineering?

As previously informed, Social engineering is an art which allows manipulation of computing system users in order to reveal secret data or information in order to gain access to un-authorized computer systems. This may include certain activities like exploitation of human kindness, greediness, and his or her eagerness to get full

(10)

authority to access restricted buildings or installing software’s from backdoor. This science proceeds with following steps:

Gathering Information about the victim: This is the foremost step

taken to get maximum information about the guilty victim. This information can be collected from company’s web sites, publications and many-a-time from the users itself.

Layout design: Hacker makes a plan to execute well-planned attack Get desired Tools: This step includes gathering computer

programs, which will later be used to execute the attack.

Final Attack: After step 1-3, hacker attacks the desired system. Gather required information: Data or secret information is

captured detailing about the company owner’s pet names, date of birth, foundation day etc. in order to guess the password.

Social engineering uses below mentioned techniques, to hack the required data or information.

Exploiting Informally : It has been found that people are less suspicious of their

fellow mates while looking for hacker’s .Hacker or an attacker can introduce himself or herself before applying social engineering on attack. Attacker is one amongst the group of friends you are surrounded with while taking meal, or may be your smoking companion or may be chit chat friend .This allows attacker to get information from you.

Attacker tries to get your personal information by asking questions like where your first date was or when it was. How many kids you have and what are the names etc like tricks are used to grab your identity and later on your password hints. Computer User easily answers these basics questions as a friend .Hacker after getting

successful answers to these questions tries hands on your Gmail accounts, or any other confidential account.

Asking Details in forcibly circumstances: Most of the People fear from heated

arguments that sometimes occur with the unknown people working around them. Attacker or Hacker creates circumstances where ,an unpleasant communication is created between the user and attacker and user ,then is forced to forge his details in order to avoid any legal actions .This technique mostly used to refrain from security check points.

Phishing: well-known and most common technique used by attacker to get

information secretly from the user. This method is tricky and is bets for getting data from the users computer system. Attacker indulges in social engineering will

(11)

details like account number, credit card number etc. like things. Hacker mostly uses Phishing to get credit card

Tailgating: This technique involves chasing user when he or she enters the password

restricted zone.

Making human more curious about things around him: This technique excites user

for clicking some site or ads which inject virus through flash drive .This is a kind of bate system where attacker throws a chocolate and user picks it up. This Flask Drive is mostly plugged in by the user or sometimes injected with a auto run option which asks users to open a file like Employees Revaluation Report 2014.docx, a fake name to infected file.

Exploiting human by money: This technique lures user with fake promises of giving

money by filling online form asking details of credit card, debit card like confidential figures

Learn measures to crack Password of an Application

We are all aware of the fact that data or Information is one of the most valuable resource for creating either data base or any secret file of an operation. This confidential data is kept secret and can be accessed only by the legitimate people. Authentication systems mainly provide security to this data.

Password cracking is the process of getting access to un-authorized data using common passwords or techniques that can be easily guessed by the attacker.

We are listing below some of the techniques that can help hacker in cracking password:

Password Cracking

Password cracking is a process or we say an art of getting access to un-authorized systems by means of cracking password using authentication method. Number of techniques is used to get this thing possible. Password cracking process mainly works on principle of comparing password from the stored list of words or this technique uses algorithms which create passwords matching data entered by the hacker.

Password strength

This is a general term, which most of the people are familiar with. Password strength is the method of obtaining efficiency of password in order to limit or resist the

(12)

Length: this implies the number of characters, user have kept for

password .

Complexity: Generally using combination of numbers, letters, and

symbol make password complex and hence increases its strength.

Unpredictability: Whether the password can be easily guessed by

(13)

Techniques to crack Password

Although, Hackers use number of techniques in order to crack passwords, we are listing down some of the most commonly used techniques:

Dictionary attack– This technique compares user’s passwords the word list stored in Dictionary.

Brute force attack– This technique is almost similar to the first one but differs from

the fact that Brute force attacks uses algorithms which compounds alpha-numeric characters with symbols in order to get passwords for attacking user computer

.Taking an example password of some ABC user is of the value “Yogesh” which can also be tried as y0ge$H using this technique.

Rainbow table attack–Method uses hashes which have been pre-computed in the

system.Taking an example of password of value ”Yogesh hashes.” This method will create another data file containing Yogesh hashes passwords commonly used by the users. This hash can later be compared with the data base stored in the system in order to get the password.

Guess– This method is basic and does not contain any science behind it. Commonly

used Passwords like 1234, qwerty, password, admin etc. are set as default .Many people keep them as same carelessly and give hacker an open chance to get

information.

Spidering– It has been seen that many organizations keep passwords related to their

companyinformation, which is readily available on either their websites or on social networking sites like facebook, twitter etc. Spidering captures information through these sources to get word lists, which is then used to create password using first two methods.

Tools used to crack Password

Many software developers have designed software programs to crack password from the users computer system. Many sites are available like www.md5this.com using different techniques to crack passwords. Especially this site, using rainbow

technique. Many Tools are available in the online market. Listed down few of them which are commonly used by the Hacker:

John the Rippe r Software Tool

This tools uses command prompt in order to get passwords. Mostly suited to professional who are fluent enough working with commands. A well-defined wordlist is used to crack passwords. Hacker can easily get this program for free but only purchase that needs to be made is for the word list .Alternatively this software offers a free wordlist that can also be used.

Cain & Abe l Software Tool

(14)

passwords; networking sniffing etc.like secret accounts. This tool is based on Graphical user Interface and is so user-friendly ad easy to use. This Tool being simple and easy to use, commonly used by newbies and script kiddies.

Ophcrack Software Tool

This tool works on Windows cross platform in order to crack password .Methodology used by the tool is rainbow tables .Compatible with windows, Linux and Mac Operating Systems. Many features integrated in these amazing tools makes it a all-time favorite of millions of hackers.

Understanding Trojans, Viruses and Worms

Hacker is not beginners and is mostly skilled with complete knowledge of

programming and computer networking. These skills are often used to get access to user computer systems. The main objective of stealing is to get sensitive information of the company and cause harm to their computer controlled data. This objective can be achieved by Trojans, viruses and worms like threats detailed below in the

book.This paragraph will detail you on some of techniques that Hacker can use to gain access to users system.

(15)

Understanding Trojan horse?

Trojan horse program attacks users computer system from a remote location.

This program impersonates to be useful to the user. Once user is convinced and installs this fake program, hacker from remote location can easily install harmful payloads, and get an entry through backdoors, in order to install other extra and even unwanted applications that will harm user’s company and etc

Trojan horse threat gives attacker permission to do certain things like :

This allows attacker to use user’s system as Botnet where he or she

can perform attacks related to distributed denial of services.

This threat can damage user’s system by complete crash, blue screen

etc like unpredictable things.

Trojan horse allows hacker to steal sensitive data related to

passwords, details of credit card etc.

May Modify stored files of user’s computer

May cause accidental theft of Electronic money by allowing

un-authorized access to money transactions

This threat may Log keys which user presses and sends the details to

attacker sitting at remote location. This method can be used to get user ids, user name, passwords and other sensitive information.

Users computer screen shot can be viewed by the hacker. Browsing history can be downloaded

(16)

Understanding worm?

Worm is a malware program that runs on users computer system and repeat itself frequently over the computer networking system. Worm threat can be used

by the hacker in order to accomplish below mentioned tasks;

This threat may Install backdoors on users or victim’s computer.

This backdoor, then creates zombie computers which sends spam mails or perform unwanted actions like distributed denial of service etc. However, this backdoors can be prevented from spreading using other malware programs.

Worms consumes a considerable amount of bandwidth while

replicating itself and so slows down the networking system.

(17)

Understanding virus?

Virus is again a dreadful program which runs on computer and attaches itself like a suicide bomber in order to spoil programs and files without asking for user’s consent. Viruses like worm consume a lot of space, increases CPU

Processing time and hence delays the processing tasks. Program affected by virus is called infected one.Hacker use Virus to execute certain operations:

In order to get personal data like user id and passwords Annoying messages pop up to disturb user

May corrupt stored data of your computer

May log al keys pressed by the user in order to fetch password related details.

All these threats Trojan Horse, Worm and Virus involves social engineering

techniques which deceives users to disclose harmful files which otherwise ,look

alike normal ones. Once user open this files, execution of virus code takes place resulting in harmful consequences set by the hacker.

Network Sniffer Guide

The main communication channel of the computer system is the network, from where it sends the data over the network to internal or external world. The networks can be local area network (LAN) or Wide Area Network (WAN). Now the programs called Network Sniffer are to capture low level package data that is been transmitted over the network. Hacker can analyze this data to get the useful information such as ID, Account number, password.

Here are some common network sniffing techniques and tools which we are describing for you:

Introduction of IP and MAC address:

The Acronym of IP is Internet Protocol Address. All the hardware which are used to communicate through network such as computer, printer etc. are being uniquely identified by IP address. There are two versions of IP addresses have been introduced

IPv4 Address: This version uses 32 bit numbers. This address has been formatted in

to four groups of numbers separated by dot. It contains minimum value as 0 and maximum value as 255.

For Example: 234.214.9.10

(18)

heavy growth of the internet. IPv6 addresses are formatted in the groups of six numbers separated by colon. The numbers in the groups are written as hexadecimal digits.

For Example: 2002:0db6:85a3:0000:0020:8a2e:0310:7334

MAC (Media access control) addresses are basically used to uniquely identify

network interfaces at the physical layer of the network. It usually embedded into network card. MAC address can also termed as Physical address.

The command to get all these addresses on the window Operating system is

Ipconfig /all

What is Network Sniffing?

The communication of the computers can be done by broadcasting the message by one computer over the network and the other computer with same range of IP address receives that message over the internet.

Now network sniffers intercept these data packages and fetch the useful information from it. Specialized software programs or hardware are being used to do this

activity.

So the main purpose of Sniffing is:

To capture sensitive data such as account information To capture files being transmitted over the internet. Monitor and temper chat messages.

Protocols that are defenseless against sniffing are listed below:

NNTP Telnet FTP HTTP SMTP Rlogin POP IMAP

In case user sends logging in details in text format, then chances of causing threat increases.

Network sniffing is of two types: Passive and Active Sniffing. Lets understand these two by the means of hubs and switches.

(19)

packe t. The recipient port whose IP address matches with the sender, responds actively to the request raised by the sender port. This process is simple but all ports which are connected in between gets the message details. Hub works at physical layer of OSI Model.

A switch on the other hand works on a different principle. It tracks IP/MAC addresses and takes data to the physical ports. Broadcasting message is first sent

to the physical port where IP/MAC address configurations are matched in order to locate the exact recipient computer. This means packet or message is received only at the dedicated terminal. Switch operates at Layer no 2 and 3 of OSI Model.

Passive sniffing basically involves intercepting packages sent over a hub where

Active sniffing does the same but on switch.

Learn How to Hack different Networks-DoS Attacks, Wireless Networks, Web

server, Website and Linux System Hacking techniques ---will go step by step and see How to hack these networks.

Dos Attacks

Any business can be expanded and promoted by means of internet. Cutting off Internet is a kind of big loss to the company because Internet and Computer networks play a crucial role in promoting any business category. Especially online shopping business cannot think of surviving for a second without proper internet connection. But there is one flaw behind these online shopping sites, users need to fill their credentials in order to make successful payment. This gives attacker a opportunity to hack the

details plus the company secret information .DoS is an acronym for Denial of Service attack which denies legitimate users to access any private resource like accessing website of the company.

What is DoS Attack?

DoS or Denial of Service does not allow any stranger to access web site/app/service etc or like confidential details. Thisattack sends multiple requests to server at the same time and then attack the target web server or any other resource, which makes server weak enough to handle all requests in one go. This may decrease the

(20)

Dos Attacks are available in various types

Mainly 2 types of Dos attacks have been observed so far.

DoS–This attack is intended for single host

Distributed DoS– this attack targets same victim and mostly, attack

is done by considerable number of compromised machines in order to create a flood of data packets in the network.

See How DoS Attack-There are 5 common types that can be used to attack DoS

Ping of De ath

Command basically sued to check availability of the resources for the network is called ping command .This tool first sends small data packets to the network resources. Packet length is usually above the maximum length set by TCP/IP protocols ,which is then fragmented by TCP/IP into small packets .So, it is clear that this tool sends data of larger length so, system may crash,boot,rebooat or freeze in the middle

Smurf

This attacking tool uses large-sized Internet Control Message Protocol (ICMP) which can ping traffic of target system at Internet Broadcast Address. Target or intended victim gets the spoofed IP address. All mails or replies sent by the target system are sent to the Hacker. It has been aid that a single Internet Broadcast Address can handle maximum of 255 hosts at the same time, and smurf attack amplifies this single host to almost 255 times. This slows down the processor and takes network to a stage when it stops working.

Buffe r ove rflow

Buffer is awell-known term used for temporary data storage and is mostly located inside RAMwhich holds data firmly so that CPU can edit or modify it before copying it back to the disc. Although Buffers are limited in size. This attack overloads buffer more than its actual capacity. This results in overflow and so buffer is forced to corrupt the data, it is holding previously .Sensing emails with more than 256 character size is a perfect example of buffer overflow attack.

Te ardrop

This is another attack which uses large sized data packets. TCP/IP fragments these packets by breaking them into smaller pieces which are later assembled again at receiver host. The Hacker mostly edits and manipulates the transmitting packets in order to overlap one over the other .When target system tries to reassemble the packets, system may crash resulting in potential DoS attack.

SYN attack

SYN is an acronym for Synchronize attack which uses a unique three-way handshake technology in order to establish strong communication by the help of TCP protocol. SYN attack floods the victim’s system with

incomplete messages which force target to use new memory resources which he or she has never used, ultimately leading to DoS attack.

(21)

Attacking tools

Some of the Tools that attacker can use in order to perform DoS attacks.

Nemesy– this tool generates multiple packets randomly and is

compatible with Windows based operating system. This tool detects even anti-virus as a virus because of fits nature and properties.

Land and LaTierra– this tool is for IP spoofing and opening

connection based on TCP protocol

Blast– this tool is one of the basic tools amongst DoS List. Panther- this tool floods target computer or network with UDP

packets.

Botnets– this tool comprises of compromised computers supporting

internet in order to perform Distributed DoS attack.

Wireless Network

Wireless networks, as we are all aware of ,are the networks that sues radio waves in order to link one or more devices ,that can be accessed in the radius of router’s

transmission zone, which makes them more prone to the attacks. Implementation is mostly done in the first layer that is physical layer of OSI Model. You might have seen Hotspots in public places like hospitals, airports, restaurants, parks etc.

How user access this Wireless Networks

Initially user need to have a wireless network enabled device which can be anything like your Laptop, tablet, smart phones etc.in the transmission radius of Wi-Fi access point. Many a times, when you switch on your Wi-Fi

network, you can see the list of networks that are available to the current network. These networks are mostly password protected and in case, you have not set any password, then any one, who comes under Wi-Fi transmission circle can access Internet without any hassle of entering password. However, in case network is password protected, no one can use Internet without filling in the password details.

Authe ntication of this Wi-Fi Ne twork

Wi-Fi network can be accessed by anyone coming under its radius, but if your network is protected, then users are restricted to access without asking password from you or hacking it using unfair means. Various authentication techniques are employed to make this network safe..

(22)

WEP

WEP or Wired Equivalent Privacy, compatible with IEEE 802.11 WLAN standards. Main goal of setting this authentication is to give security similar to that of wired networks. WEP use encryption and decryption to code and decode your information while sending from one end and receiving at other.

Authe ntication te chnique s

Ope n Syste m Authe ntication or we call itOSA – this methods permits station based on access policy configured previously.

Share d Ke y Authe ntication or SKA– This method first sends a challenge to the requesting station and the challenge is an encrypted one. Station then encrypts the challenge using key and then respond to it .Access is granted only when the encrypted challenge is matching with the AP value, else stands null and void.

This paragraph will guide attacker to find the weakest area of wireless network security system in order to hack the data or information shared or connected to the wireless terminology.

Weakness of WEP

WEP no doubt, is a strong piece of network but has some flaws and threats.

Packet Integrity check using CRC32 ,Cyclic Redundancy Check

:Attacker can easily crack this code using at least two packets. Encrypted

stream bit and checksum can be modified by the hacker easily and so, authentication system accepts packets from him or her without any hassle .This creates a feasibility of entering into users network. Hacker can take benefit of this system.

Stream ciphers are created using RC4 encryption algorithm:

Stream cipher is an input value made from initial value (IV) and a

confidential or secret key. It has been assumed that the expected length of the IVis24 bits and that of a secret key may be 40 or 104 bits long.Making a total length of almost 64 bits in case secret key is 40 bit or 128 bits long when secret key is 104 bits .The lower the value of secret key is ,more are the chances of its cracking..

In case Initial value is weak and cannot be encryptedsufficiently,

chances of attack by the hacker increase.

Since WEP is passwords based; making it more prone or vulnerable

to dictionary attacks.

Key management system not implemented properly: In case key is of

long length, then its management becomes a tough task. WEP should

incorporate a central key management system in order to make it stronger and more secure.

(23)

more vulnerable to attacks.

(24)

WPA

WPA or we call it Wi-Fi Prote cte d Acce ss, se curity protocol designed by Wi-Fi Alliance in order to remove weaknesses observed by the users in WEP. This System supports 802.11 WLANs standards, and uses longer Initial values of almost 48 bits in place of 24 bits used in WEP uses. Temporary encryption packets increase security system.

This WPA Protocol was de ve lope d to e liminate we akne sse s of WEP ,but still has some limitations

Attacker can easily broke collision avoidance implementation

system of WPA

Most susceptible to denial of service attacks

This protocol uses Pre-shares keys which in term use passphrases

and if user selects any Weak passphrases then, chances of dictionary attacks increases.

(25)

Cracking Wireless Networks

Cracking WEP

Cracking is again a form of attacking or hacking which is done to get access to unauthorized information .WEP cracking in context to WEP means exploiting networks that use WEP systems in order to levy control systems for security reasons. Two different cracking types are defined under WEP

Passive cracking– This cracking is difficult to detect and has no effect until or unless it affects or cracks WEP security details.

Active cracking–This cracking severely affects network traffic load. Can be

(26)

Tools that ease WEP Cracking

Aircrack– used as a powerful cracking tool for network sniffer and

WEP .

WEPCrack– Open source program developed for cracking 802.11

WEP standard or secret keys, implements FMS attack.

Kismet- this tool can detect visible and hidden wireless networks,

sniffer packets and even intrusions.

WebDecrypt– This cracking tool uses active dictionary attacks in

order to crack WEP keys, creates its in-house key generator, implementing packet filters.

(27)

Cracking WPA

WPA as already informed used pre-shared keys almost 256 in numbers, or may use passphrase in order to provide authentication. Weak or Short length passphrases are more susceptible to dictionary and other attacks which can later be used to hack passwords.

Tools use d for Cracking WPA.

CowPatty– this cracking tool cracks pre-shared keys (PSK)

employing brute force attack.

Cain & Abel– this cracking tool decodes captured files from

sniffing programs like wireshark. Captured files may be WEP or WPA-PSK encoded .

(28)

Type of Attacks that user systems are more vulnerable to :

Sniffing– this technique intercepts in between packets which are

transmitted by the sender from one end , in order to retrieve data using tools like Cain & Abel.

MITM or Man in the Middle Attack– this attaching technique involves

special tactics to capture system’s sensitive information.

Denial of Service Attack– the Attacking technique denies access to

legitimate users for using network resources.FataJack tool is mostly used in this type of attack.

How to crack keys of Wireless network WEP/WPA

Hacker can easily crack WEP/WPA keys in order to gain permission to access wireless networks. This act requires hardware and software resources, not only this patience are a must thing. This attack will be successful or not, mainly depends on the fact hoe active the user is when attacker is planning to target him or her.

Basic Information is give n be low to start with cracking. Backtrack

Security operating system running on Linux platform, developed on the top of Ubuntu. This OS includes multiple security tools in order to gather information, know vulnerabilities and plan exploiting other things.

List of backtrack tools include s;

Aircrack-ng Metasploit Ophcrack Wireshark NMap

Cracking is a slow yet smart process and requires lot of patience while using above listed tools. One more tool, that is definitely the perfect tool to backtrack data is a hardware one called wireless network adapter ,which has enough capability of injecting packets .

Basic Information about Hacke rs still to acce ss Backtrack.

Backtrack OS:Hacker should be aware of this operating system. Try to limit your range to the radius of Wi-Fi transmission. In

case user or target computer comes under the Wi-Fi zone, hacker can easily crack it.

Hacker should be fluent enough with working on Linux based

operating systems and Aircrack and many other scripts.

(29)

Cracking keys may sometimes be easy or sometimes take a bit of time in

order to implement number of factors on cracking. This may be a time consuming task and should e handled with patience by the hacker.

Hacking web Server

More Customers are now switching to online services or shopping like activities .This force them to enter their credit card ,email address and other details into the website f the company. This makes their personal data more vulnerable and

susceptible to attacks. Many Defaced websites are available on the Internet which fools people in the name of religion or political ideologies etc.

(30)

Vulnerabilities to Web Server Programs

We b se rve r is and inte rne t program that mainly store s data file s as we b page s and make the m available through any ne twork or inte rne t. This program needs both hardware and software tools.Hacker usually

targetssoftware programs to hit or get unauthorized access to the server. Attackers can take advantage of some of the most vulnerable threats highlighted below.

Default settings– Default user id and passwords are easy to guess

and can be cracked bythe attackers. Default settings sometimes ask attacker performing actions like running commands which are easy to exploit.

Misconfiguration: Web server programs may be misconfigured in

terms of configuringoperating systems and other networks .Many other configuration which allow user to process commands that can be dangerous in case user have not set a strong password.

Web programs are vulnerable to operating system and web

server bugs :In case these bugs are detected by the hacker, then it really

becomes easy for him or her to access the unauthorized systems.

Not only the above mentioned threats, but Lack of security policy and procedures can affect hacker gaining unauthorized access: Practices such as updating software for antivirus, web server and patch up with operating system may lead attacker to gain access.

(31)

Web Servers can be of different types

Apache–most common web servers type being used on the internet.

This type is compatible with cross platform but installed on Linux OS. PHP websites are mostly hosted on these servers.

IIS or Internet Information Services ,developed by Microsoft and

runs smoothly on windows OS .This type is the second web server type mostly used after Apache on the internet. Sites hosted under this type are mostly asp and aspx.

Apache Tomcat – Sites hosted on this type are mostly Java (jsp)

websites.

Other web servers –Many other web servers are available

(32)

Attacks that can affect Web Servers

Dire ctory trave rsal attacks– This most prominent attackmainly exploits the bugs present in web server in order to gain access to unauthorizedfiles and documents, not available in public domain. In case any hacker is able to get access to the unauthorized area, he or she can hack all sensitive information like downloading sensitive information from the target system, executing server commands or installing malware software.

Denial of Service Attacks– This attack leads of crash of web server

program and may disable system to legitimate users.

Hijacking Domain Name System – This technique involves changing

DNS settings and making data or files available to the attacker’s web server. Traffic which was basically directed to your system will be routed to another or some wrong web server.

Sniffing– Data which has not been coded or left Unencrypted and sent

over the transmission network may be interrupted to get access to web server by unfair means.

Phishing–This attach enables hacker to pretend same or impersonate other

website and hack details from the target system by asking personal details. Users unaware of this attack may get trapped and login details related to his or her id, passwords, credit card etc.

Pharming– This attack shortens DNS server in order to change the route

of malicious site.

Defacement– As the name suggest, in this type attacker modifies the

company websites by adding his or her details, images, in order to forge target system.

What will happen in case, attacker gets successful

Company or organization’s reputation is at risk :In case hacker

edits the company’s details and try to include malware information, then other people apart from the target customer will see those details and can be misguided.

Malicious software may force virus, Trojan or botnet software etc.

to enter into user computer system.

Hacker act may force user to Compromise data resulting in

fraudulent activities: This act can push a great loss to the user plus to the

company for whom he or she is working.

(33)

Metasploit– this open source tool is used for developing, testing

and many-a-times exploiting code. Web servers vulnerabilities can also be discovered using this tool and even exploiting things in order to compromise the server.

MPack– This PHP written, web exploitation tool, is backed by

database engine called MySQL. In case attacker is able to compromise web server with the help of MPack, network traffic will be transferred to fake or malicious websites.

Zeus– This powerful tool gives you boot or zombie by converting

your compromised computer.Bot is basically a compromised computer designed to perform attacks based on internet whereas botnet is a collective term for compromised computers. Attacker may use Botnet in denial of service attack or for sending spam E-mails.

Neosplit – this tool performs simple operations like installing

programs, deleting programs, replicating etc.

Hacking website

More and more people are now becoming use to Internet .Manufacturers,

businessman, shareholders, etc like high grade officials are creating their websites in order to spread awareness about the company and their offering. This has forced them to seek web developers in order to make user-friendly applications that allow user and the company to interact and solve most of the queries online only. Hackers mainly attack these sources to get information about the active users of a company. Taking an example of shopping site, where you select the list of items you want to buy and then company website asks you to enter your basic details like name, user name, Id, password and then while payment, they ask you for credit card details .In case web developer has used poorly written or weak codes for running this

application, then hacker may attach and get the desired information about you from the company’s website.

Web Applications and threats associated with it.

Website or any web application works on the very famous model of client-server, wherein server contains complete details of database access along with the logic with which the company is running. This server mostly runs on a web server. Coming on client side, client application on the other hand runs on web server of client itself . Web applications are mostly written in Java, C# and VB.Net, PHP, ColdFusion

Markup Language etc. like languages and MySQL, MS SQL Server, PostgreSQL, SQLite etc. database engine

It has been found that most of web applications are accessible to the public via internet because they are hosted on public servers. This increases their vulnerability to attacks because of wider spectrum.

(34)

Hacking Linux System

Linux is the operating system which is mainly used for web servers. This operating system is the only one which is open source means it provide the code to the users. So as compare to other operating system Linux is less secure operating system because the attackers can read its code and can find out the weaknesses in the code, so by exploiting the code un-authorized access can be gained by the attackers.

There are many distributions of Linux based operating system such as Redhat, Fedora and Ubuntu etc. but among them Linux is less secured operating system because the vulnerabilities can be found from it by reading the code of this operating system which can motivate the attackers to gain un-authorized access of the code. This operating system can run on servers, desktop, tablets etc.

Linux Hacking Tools :

There are so many Linux Hacking tools available over the internet. Some of them are described here:

Nessus: To scan the configuration settings, patches, network related

information this tool can be downloaded from the internet.

NMap: To monitor the number of users and processes running on the

server, this tool can be utilized. This tool can also monitor the ports of the servers.

SARA (Security Auditor’s Research Assistance): The audit the network

against threats such as SQL Injection, XSS etc, and this tool can be utilized.

(35)

Understanding SQL Injection

This threat mainly bypasses logging in algorithms, sabotage data etc.

Denial of Service Attacks– This attack has been discussed

multiple times in our book and the goal of this threat could be to deny legitimate users access to the resource.

Cross Site Scripting XSS– The objective of this threat is to execute

the code on the client side browser.

Cookie/Session Poisoning– The attackers want to get unauthorized

access and they perform this activity by modifying the cookie/session data.

Form tempering– The objective of this threat is to temper the

prices of the product on e-commerce website so that cheap price products can be ordered by attackers.

Code Injection –Injecting the programming code like PHP is the

main motive of this threat so that this code can run on the server side so that sensitive personal data can be revealed.

Defacement– This threat’s objective is to repoint all the pages of a

(36)

Extract of the Book

One of the criminal defense attorneys of California defines Hacker as “A particular person who delights in having an intimate knowledge of the internal workings of a system, computers and computer networks in particular” This definition describes hacker with two different perspectives. One calling hacking as an illogical act of entering other computer system while the other one calls it an extra-ordinary talent of a person who can think different and out of the box.

Our ebook describes certain methods to hack DoS, Wireless systems, Websites, Web Pages, Linux OS etc, and it is advised to use them for betterment.

Hacking is good practice, if done in right direction. Professional hackers are needed in almost every field like military to track useful details of the enemy heading

towards the war with country. Many Government officials find this, a blessing but can really be harmful, if used against the country. For running any business, if hacker finds that his system is being hacked, then he or she can fix the issue in the middle itself and protect business image from ruining in public.

(37)

Personal Thank You from Me!

Hello, my name is Brian founder of SS publishing, and I personally want to thank you for reading my book. It really means a lot!

We are a small and locally owned business. Our goal is for you to be completely satisfied with your purchase and your reading experience, if for any reason this is not the case we would appreciate it if you would give us a chance to address your

concerns BEFORE leaving feedback. Simply log in to our Facebook group, and address your concerns and we will do our best to address your issue.

https://www.facebook.com/sspublish/

***Also, within the Facebook group you will find many weekly free book deals as well as new release events, so make sure you press LIKE in our page.

*If you’ve had a pleasant reading experience (*and we think this is likely the case*), we would be grateful if you would leave us feedback on amazon.

(38)

Thanks again and I look forward to doing business with you again soon… Brian S.