A Basic Guide of How to do Hacking

for Beginners

Table of Contents
Introducing Computer
Hacking.3
History of
Hacking...4
Security Threats that may affect Your Computer
Systems.5
Understanding basics of tools for ethical hacking and skills required by the
Hacker
6
Social Engineering behind
Hacking.8
Learn measures to crack Password of an

Application9
Understanding Trojans, Viruses and
Worms.11
Simple guide to Networks
Snifffer..13
Learn How to Hack different
Networks.15
DoS
Attacks
15
Wireless
Networks..18
Web
server...22

Website.2
Linux
System
25
Understanding SQL
Injection26
Extract of the
Book.26

 Copyright 2016 - All rights reserved.

In no way is it legal to reproduce, duplicate, or transmit any part of this document in
either electronic means or in printed format. Recording of this publication is strictly
prohibited and any storage of this document is not allowed unless with written
permission from the publisher. All rights reserved.
The information provided herein is stated to be truthful and consistent, in that any
liability, in terms of inattention or otherwise, by any usage or abuse of any policies,
processes, or directions contained within is the solitary and utter responsibility of the
recipient reader. Under no circumstances will any legal responsibility or blame be
held against the publisher for any reparation, damages, or monetary loss due to the
information herein, either directly or indirectly.
Respective authors own all copyrights not held by the publisher.
Legal Notice:
This book is copyright protected. This is only for personal use. You cannot amend,
distribute, sell, use, quote or paraphrase any part or the content within this book
without the consent of the author or copyright owner. Legal action will be pursued if
this is breached.
Disclaimer Notice:
Please note the information contained within this document is for educational and
entertainment purposes only. Every attempt has been made to provide accurate, up to
date and reliable complete information. No warranties of any kind are expressed or
implied. Readers acknowledge that the author is not engaging in the rendering of
legal, financial, medical or professional advice.
By reading this document, the reader agrees that under no circumstances are we
responsible for any losses, direct or indirect, which are incurred as a result of the use
of information contained within this document, including, but not limited to, errors,
omissions, or inaccuracies.

Introducing Computer Hacking

What is computer hacking?

In the cyber security era, the professional who is able to find out the weakness in the system and can exploit it to
accomplish his objectives is called as Hacker and this process is called Hacking.

Now a days, people think that hacking is just hijacking any account of exploiting any website, although it is also a
part of hacking but it cant be considered as main part of hacking.

So now need to think that what exactly hacking is and what should anyone do to become a professional hacker.
Self-interest is the main point to become the hacker and you should always be keen to learn and create something
new.

Here are the different kinds of hackers in the cyber security world.

Script Kiddies
Script Kiddies are the persons who use tools , scripts, methods and programs created by real hackers. Now it is
easy to say that the person, who doesnt know the working of the system can also exploit it with the already
available tools.

White Hat Hacker

There are some good guys in the hacking world who work for defensing are White Hat Hacker. Their main
purpose of is too find the security flaws and fix them which in turn improve the security of the system. They work
for an organization or individually to make the cyber space more secure.

Black Hat Hacker

There are some really bad guys too who have malicious intent are called cyber criminals. They are known as
Black Hat Hacker. They have the objective to steal money and infect systems with malware. They use their
hacking skills for illegal purposes.

GreyHat hackers
There are some hackers whose work depends on the situation. They may work offensively or defensively. They

are actually dont have bad intentions but still they like to break into third-party system for fun only or to just show
the existence of vulnerability.

Hacktivists
Few hackers are there who use their hacking skills to protest against injustice. They attack a targeted system or
website to bring the justice. One of the popular hacktivists is Anonymous and RedHack

History of Hacking
In this computer security world, who specially focuses on the security mechanisms of computer and network
system is called hacker. Mass media and popular culture are there who seek access despite these security
measures can be included in the list of hackers who always tries to strengthen such mechanisms. Although media
portrays the hacker as a villain, but some of part of the subculture see their objective is to correct security
problems and they take this word in positive sense.

The name White Hat has been given to the ethical computer hackers, who use hacking in a helpful way. For
Information security field white hackers have become mandatory part. They work under the guidelines which
suggest that the breaking into other peoples computer is bad, but it is still an interesting activity to discover and
exploit security mechanisms and break into computers that can be done ethically and legally.

The subculture around such hackers is known as network hacker subculture, or computer underground. This
subculture surrounding was initially developed in context of phreaking during 1960s.

The word hacker was first used in the title The Hacker Papers in an article in the month of August in 1980 in
Psychology Today (With commentary by Phillip Zimbardo). It was the part of the discussion held by Stanford
Bulletin on the addictive nature of computer use. In the 1982 film Tron, Kevin Flynn clarifies his intentions to break
into ENCOMs computer system by saying that I have been doing a little hacking here. He uses the software
called CLU to do this activity. Although inn 1983, hacking was already been used as computer jargon in the sense
of breaking the computer security but public awareness was not there about such an activity. This matter came
into public awareness at the time of the release of the film WarGames that year, which raised the belief that
computer security hackers could be a threat to national security.

In that year this threat became real when the hackers group known as The 414s (includes teenagers) in Milwaukee
broke the security of computer systems throughout the United States and Canada which included some of the
famous places like Los Alamos National Laboratory and Security Pacific Bank. This case quickly captures the
medias attention. A teenager Neal Patrick emerged as a spokesman of the gang who covered a story in
Newsweek by the title Beware: Hackers at play with Patricks photograph on the cover. That Newsweek article
was the first one to use the word hacker by the mainstream media in the detractive sense.
At that time, Dan Glickman was the first person who was called to investigate and began to work on the new laws
against computer hacking.

In that year six bills concerning computer crime were introduced in the U.S House of Representatives when Neal
Patrick was testified in front of them on September 26, 1983 about the threat of computer hacking. At that time
white hat, grey hat and black hat hackers tried to distinguish themselves from each other depending on the legality
of their activities which was in turn the result of these laws. These conflicts are expressed in The Mentors The
Hacker Manifesto published in 1986 in Phrack.

Security Threats that may affect Your Computer Systems

The threat which leads to loss or corruption of data or physical damage to the
hardware and infrastructure is called a computer system threat.
Two kinds of threats are described here.
a.) Physical Threat: This threat leads to the damage or loss of the physical
computer system whether hardware or infrastructure. It has 3 main categories.
1. Internal: This threat includes fire, unstable power supply
and humidity in the room of the hardware.
2. External: These threats include earthquake, flood and
lightening.
3. Human: Theft, disruption, accidental or intentional human
errors comes under this.
b.) Non-physical threat
Non-physical threat is the cause of an incident which may result in:
Loss or corruption of computer data
Disrupt business operations.
Loss of sensitive information
Logical threat is another name of Non-physical threat.
Virus
Trojans
Worms

Phishing
Spyware
Key loggers
Distributed Denial of Service Attacks
Un-authorized access to computer systems resources such as data
Denial of Service Attacks
To get rid of above mentioned threats, a company has to take some security measures.
Some of them are defined below:
To protect against the Virus, Trojans, Worms etc, a company should not only
implement the anti-virus in their computer systems but also should avoid the use of
external storage devices and visiting websites which can download unauthorized
programs.
Authentication methods should be implemented to get rid of unauthorized access of
the computer system.
To protect against the denial of service attacks, the intrusion detection systems can be
implemented.
Understanding basics of tools for ethical hacking and skills required by the
Hacker
To achieve your desired goals within available time and resources you need to have
the skill. You need to grow your skills to get your job done. These skills include
learning how to solve the problem, how to program, keen to learn new things, use the
internet and take the advantage of existing tools
What is programming language:
The computer programs can be developed with the help of programming
language only. The computer programs have the wide range which can work on
the operating systems or can operate on the network.
What is the need of learning computer programs:
Hackers are the problem solver and tool builders. So it is very
necessary for a hacker to learn the programming to solve different
problems.
To automate several things, a hacker must need a computer
programs. But these programs the job can be done in minutes which
usually take lot of time.
Programs can help you identify and exploit programming errors.
There are already open source programs available over the
internet, so you dont have to invent the wheel every time.
There are different programing languages which can be useful for hacking.

HTML: This language used to write webpages. It is a cross platform

programming language and this can be used for web hacking. Hackers can
use this language to write the code which can be used to exploit and
identify weaknesses in the code.
JavaScript: This language is the client side scripting language and it is
also a cross platform programming language. This language can be used to
read the saved cookies and perform cross site scripting.
PHP: This language is the server side language. This is also a cross
platform programming language. This is the most commonly used
programming language which can be used to make the changes in the web
server settings and make the server vulnerable to the attacks.
SQL: This language is used to communicate with the database. It is also a
cross platform language. This language can be used to bypass web
application login algorithms, to delete data from database.
C & C++: These languages come under high level programming
languages. These are also cross platform languages. They are mainly used
for writing exploits and shell codes etc.
JAVA, C Sharp, VB: The use of these languages depends on your
scenarios. Although these are also cross platform language except
VB(Visual Basic).
Different Hacking Tools:
There are so many hacking tools available in the market. Few of them are given
below:
NMAP Project: This tool is used to explore networks and perform
security audits.
John the Ripper: This is a password cracking utility and it works cross
platform.
SqlMap: It automates the process of detecting and exploiting SQL
injection weaknesses. It is an open source and works cross platform.
Nessus: This tool can perform different activities like password
dictionary attacks, Denial of service attacks Etc.
Social Engineering behind Hacking
The human brain is not safe from hacking. Social engineering is the art of tricking
users so that they perform certain harmful activities or reveal confidential
information to attackers.
What is Social Engineering?
As previously informed, Social engineering is an art which allows manipulation of
computing system users in order to reveal secret data or information in order to gain
access to un-authorized computer systems. This may include certain activities like
exploitation of human kindness, greediness, and his or her eagerness to get full

authority to access restricted buildings or installing softwares from backdoor. This

science proceeds with following steps:
Gathering Information about the victim: This is the foremost step
taken to get maximum information about the guilty victim. This information
can be collected from companys web sites, publications and many-a-time
from the users itself.
Layout design: Hacker makes a plan to execute well-planned attack
Get desired Tools: This step includes gathering computer
programs, which will later be used to execute the attack.
Final Attack: After step 1-3, hacker attacks the desired system.
Gather required information: Data or secret information is
captured detailing about the company owners pet names, date of birth,
foundation day etc. in order to guess the password.
Social engineering uses below mentioned techniques, to hack the required data
or information.
Exploiting Informally : It has been found that people are less suspicious of their
fellow mates while looking for hackers .Hacker or an attacker can introduce himself
or herself before applying social engineering on attack. Attacker is one amongst the
group of friends you are surrounded with while taking meal, or may be your smoking
companion or may be chit chat friend .This allows attacker to get information from
you.
Attacker tries to get your personal information by asking questions like where your
first date was or when it was. How many kids you have and what are the names etc
like tricks are used to grab your identity and later on your password hints. Computer
User easily answers these basics questions as a friend .Hacker after getting
successful answers to these questions tries hands on your Gmail accounts, or any
other confidential account.
Asking Details in forcibly circumstances: Most of the People fear from heated
arguments that sometimes occur with the unknown people working around them.
Attacker or Hacker creates circumstances where ,an unpleasant communication is
created between the user and attacker and user ,then is forced to forge his details in
order to avoid any legal actions .This technique mostly used to refrain from security
check points.
Phishing: well-known and most common technique used by attacker to get
information secretly from the user. This method is tricky and is bets for getting data
from the users computer system. Attacker indulges in social engineering will
impersonate authentic website and then ask user to confirm his or her confidential

details like account number, credit card number etc. like things. Hacker mostly uses
Phishing to get credit card
Tailgating: This technique involves chasing user when he or she enters the password
restricted zone.
Making human more curious about things around him: This technique excites user
for clicking some site or ads which inject virus through flash drive .This is a kind of
bate system where attacker throws a chocolate and user picks it up. This Flask Drive
is mostly plugged in by the user or sometimes injected with a auto run option which
asks users to open a file like Employees Revaluation Report 2014.docx, a fake name
to infected file.
Exploiting human by money: This technique lures user with fake promises of giving
money by filling online form asking details of credit card, debit card like confidential
figures

Learn measures to crack Password of an Application

We are all aware of the fact that data or Information is one of the most valuable
resource for creating either data base or any secret file of an operation. This
confidential data is kept secret and can be accessed only by the legitimate people.
Authentication systems mainly provide security to this data.
Password cracking is the process of getting access to un-authorized data using
common passwords or techniques that can be easily guessed by the attacker.
We are listing below some of the techniques that can help hacker in cracking
password:
Password Cracking
Password cracking is a process or we say an art of getting access to un-authorized
systems by means of cracking password using authentication method. Number of
techniques is used to get this thing possible. Password cracking process mainly
works on principle of comparing password from the stored list of words or this
technique uses algorithms which create passwords matching data entered by the
hacker.
Password strength
This is a general term, which most of the people are familiar with. Password strength
is the method of obtaining efficiency of password in order to limit or resist the
attacker from hacking your details. Computer system analyzes password strength by

Length: this implies the number of characters, user have kept for
password .
Complexity: Generally using combination of numbers, letters, and
symbol make password complex and hence increases its strength.
Unpredictability: Whether the password can be easily guessed by
the hacker or not?

Techniques to crack Password

Although, Hackers use number of techniques in order to crack passwords, we are listing down some of the most
commonly used techniques:
Dictionary attack This technique compares users passwords the word list stored in Dictionary.

Brute force attack This technique is almost similar to the first one but differs from
the fact that Brute force attacks uses algorithms which compounds alpha-numeric
characters with symbols in order to get passwords for attacking user computer
.Taking an example password of some ABC user is of the value Yogesh which can
also be tried as y0ge$H using this technique.
Rainbow table attackMethod uses hashes which have been pre-computed in the
system.Taking an example of password of value Yogesh hashes. This method will
create another data file containing Yogesh hashes passwords commonly used by the
users. This hash can later be compared with the data base stored in the system in
order to get the password.
Guess This method is basic and does not contain any science behind it. Commonly
used Passwords like 1234, qwerty, password, admin etc. are set as default .Many
people keep them as same carelessly and give hacker an open chance to get
information.
Spidering It has been seen that many organizations keep passwords related to their
companyinformation, which is readily available on either their websites or on social
networking sites like facebook, twitter etc. Spidering captures information through
these sources to get word lists, which is then used to create password using first two
methods.
Tools used to crack Password
Many software developers have designed software programs to crack password from
the users computer system. Many sites are available like www.md5this.com using
different techniques to crack passwords. Especially this site, using rainbow
technique. Many Tools are available in the online market. Listed down few of them
which are commonly used by the Hacker:
John the Ripper Software Tool
This tools uses command prompt in order to get passwords. Mostly suited to professional who are fluent enough
working with commands. A well-defined wordlist is used to crack passwords. Hacker can easily get this program
for free but only purchase that needs to be made is for the word list .Alternatively this software offers a free
wordlist that can also be used.
Cain & Abel Software Tool
This tool runs only on windows platform in order to crack passwords for user personal accounts, Microsoft Access

passwords; networking sniffing etc.like secret accounts. This tool is based on Graphical user Interface and is so
user-friendly ad easy to use. This Tool being simple and easy to use, commonly used by newbies and script kiddies.
Ophcrack Software Tool
This tool works on Windows cross platform in order to crack password .Methodology used by the tool is rainbow
tables .Compatible with windows, Linux and Mac Operating Systems. Many features integrated in these amazing
tools makes it a all-time favorite of millions of hackers.

Understanding Trojans, Viruses and Worms

Hacker is not beginners and is mostly skilled with complete knowledge of
programming and computer networking. These skills are often used to get access to
user computer systems. The main objective of stealing is to get sensitive information
of the company and cause harm to their computer controlled data. This objective can
be achieved by Trojans, viruses and worms like threats detailed below in the
book.This paragraph will detail you on some of techniques that Hacker can use to
gain access to users system.

Understanding Trojan horse?

Trojan horse program attacks users computer system from a remote location.
This program impersonates to be useful to the user. Once user is convinced and
installs this fake program, hacker from remote location can easily install harmful
payloads, and get an entry through backdoors, in order to install other extra and even
unwanted applications that will harm users company and etc
Trojan horse threat gives attacker permission to do certain things like :
This allows attacker to use users system as Botnet where he or she
can perform attacks related to distributed denial of services.
This threat can damage users system by complete crash, blue screen
etc like unpredictable things.
Trojan horse allows hacker to steal sensitive data related to
passwords, details of credit card etc.
May Modify stored files of users computer
May cause accidental theft of Electronic money by allowing unauthorized access to money transactions
This threat may Log keys which user presses and sends the details to
attacker sitting at remote location. This method can be used to get user ids,
user name, passwords and other sensitive information.
Users computer screen shot can be viewed by the hacker.
Browsing history can be downloaded

Understanding worm?
Worm is a malware program that runs on users computer system and repeat
itself frequently over the computer networking system. Worm threat can be used
by the hacker in order to accomplish below mentioned tasks;
This threat may Install backdoors on users or victims computer.
This backdoor, then creates zombie computers which sends spam mails or
perform unwanted actions like distributed denial of service etc. However,
this backdoors can be prevented from spreading using other malware
programs.
Worms consumes a considerable amount of bandwidth while
replicating itself and so slows down the networking system.
This worm can carry pre-installed harmful payload codes.

Understanding virus?
Virus is again a dreadful program which runs on computer and attaches itself
like a suicide bomber in order to spoil programs and files without asking for
users consent. Viruses like worm consume a lot of space, increases CPU
Processing time and hence delays the processing tasks. Program affected by virus is
called infected one.Hacker use Virus to execute certain operations:
In order to get personal data like user id and passwords
Annoying messages pop up to disturb user
May corrupt stored data of your computer
May log al keys pressed by the user in order to fetch password related
details.
All these threats Trojan Horse, Worm and Virus involves social engineering
techniques which deceives users to disclose harmful files which otherwise ,look
alike normal ones. Once user open this files, execution of virus code takes place
resulting in harmful consequences set by the hacker.

Network Sniffer Guide

The main communication channel of the computer system is the network, from where
it sends the data over the network to internal or external world. The networks can be
local area network (LAN) or Wide Area Network (WAN). Now the programs called
Network Sniffer are to capture low level package data that is been transmitted over
the network. Hacker can analyze this data to get the useful information such as ID,
Account number, password.
Here are some common network sniffing techniques and tools which we are
describing for you:
Introduction of IP and MAC address:
The Acronym of IP is Internet Protocol Address. All the hardware which are used to
communicate through network such as computer, printer etc. are being uniquely
identified by IP address. There are two versions of IP addresses have been
introduced
IPv4 Address: This version uses 32 bit numbers. This address has been formatted in
to four groups of numbers separated by dot. It contains minimum value as 0 and
maximum value as 255.
For Example: 234.214.9.10
IPv6 Address: This uses 128 bit number. IPv6 has been developed because of the

heavy growth of the internet. IPv6 addresses are formatted in the groups of six
numbers separated by colon. The numbers in the groups are written as hexadecimal
digits.
For Example: 2002:0db6:85a3:0000:0020:8a2e:0310:7334
MAC (Media access control) addresses are basically used to uniquely identify
network interfaces at the physical layer of the network. It usually embedded into
network card. MAC address can also termed as Physical address.
The command to get all these addresses on the window Operating system is
Ipconfig /all

What is Network Sniffing?

The communication of the computers can be done by broadcasting the message by one
computer over the network and the other computer with same range of IP address
receives that message over the internet.
Now network sniffers intercept these data packages and fetch the useful information
from it. Specialized software programs or hardware are being used to do this
activity.
So the main purpose of Sniffing is:
To capture sensitive data such as account information
To capture files being transmitted over the internet.
Monitor and temper chat messages.
Protocols that are defenseless against sniffing are listed below:
NNTP
Telnet
FTP
HTTP
SMTP
Rlogin
POP
IMAP
In case user sends logging in details in text format, then chances of causing threat
increases.
Network sniffing is of two types: Passive and Active Sniffing. Lets understand these
two by the means of hubs and switches.
A hub transmits data sent by one port to all other connected ports except the one who has sent the

packet. The recipient port whose IP address matches with the sender, responds actively to the request raised by
the sender port. This process is simple but all ports which are connected in between gets the message details. Hub
works at physical layer of OSI Model.

A switch on the other hand works on a different principle. It tracks IP/MAC

addresses and takes data to the physical ports. Broadcasting message is first sent
to the physical port where IP/MAC address configurations are matched in order to
locate the exact recipient computer. This means packet or message is received only at
the dedicated terminal. Switch operates at Layer no 2 and 3 of OSI Model.
Passive sniffing basically involves intercepting packages sent over a hub where
Active sniffing does the same but on switch.

Learn How to Hack different Networks-DoS Attacks, Wireless Networks, Web

server, Website and Linux System Hacking techniques ------will go step by step and
see How to hack these networks.

Dos Attacks
Any business can be expanded and promoted by means of internet. Cutting off Internet
is a kind of big loss to the company because Internet and Computer networks play a
crucial role in promoting any business category. Especially online shopping business
cannot think of surviving for a second without proper internet connection. But there is
one flaw behind these online shopping sites, users need to fill their credentials in
order to make successful payment. This gives attacker a opportunity to hack the
details plus the company secret information .DoS is an acronym for Denial of Service
attack which denies legitimate users to access any private resource like accessing
website of the company.

What is DoS Attack?

DoS or Denial of Service does not allow any stranger to access web site/app/service
etc or like confidential details. Thisattack sends multiple requests to server at the
same time and then attack the target web server or any other resource, which makes
server weak enough to handle all requests in one go. This may decrease the
processing speed of server or sometimes may lead to severe crash.

Dos Attacks are available in various types

Mainly 2 types of Dos attacks have been observed so far.

DoSThis attack is intended for single host

Distributed DoS this attack targets same victim and mostly, attack
is done by considerable number of compromised machines in order to create
a flood of data packets in the network.
See How DoS Attack-There are 5 common types that can be used to attack DoS
Ping of Death
Command basically sued to check availability of the resources for the network is called ping command .This tool
first sends small data packets to the network resources. Packet length is usually above the maximum length set by
TCP/IP protocols ,which is then fragmented by TCP/IP into small packets .So, it is clear that this tool sends data of
larger length so, system may crash,boot,rebooat or freeze in the middle
Smurf
This attacking tool uses large-sized Internet Control Message Protocol (ICMP) which can ping traffic of target
system at Internet Broadcast Address. Target or intended victim gets the spoofed IP address. All mails or replies
sent by the target system are sent to the Hacker. It has been aid that a single Internet Broadcast Address can
handle maximum of 255 hosts at the same time, and smurf attack amplifies this single host to almost 255 times.
This slows down the processor and takes network to a stage when it stops working.
Buffer overflow
Buffer is awell-known term used for temporary data storage and is mostly located inside RAMwhich holds data
firmly so that CPU can edit or modify it before copying it back to the disc. Although Buffers are limited in size.
This attack overloads buffer more than its actual capacity. This results in overflow and so buffer is forced to
corrupt the data, it is holding previously .Sensing emails with more than 256 character size is a perfect example of
buffer overflow attack.
Teardrop
This is another attack which uses large sized data packets. TCP/IP fragments these packets by breaking them into
smaller pieces which are later assembled again at receiver host. The Hacker mostly edits and manipulates the
transmitting packets in order to overlap one over the other .When target system tries to reassemble the packets,
system may crash resulting in potential DoS attack.
SYN attack
SYN is an acronym for Synchronize attack which uses a unique three-way handshake technology in order to
establish strong communication by the help of TCP protocol. SYN attack floods the victims system with
incomplete messages which force target to use new memory resources which he or she has never used, ultimately
leading to DoS attack.

Attacking tools
Some of the Tools that attacker can use in order to perform DoS attacks.

Nemesy this tool generates multiple packets randomly and is

compatible with Windows based operating system. This tool detects even
anti-virus as a virus because of fits nature and properties.
Land and LaTierra this tool is for IP spoofing and opening
connection based on TCP protocol
Blast this tool is one of the basic tools amongst DoS List.
Panther- this tool floods target computer or network with UDP
packets.
Botnets this tool comprises of compromised computers supporting
internet in order to perform Distributed DoS attack.

Wireless Network
Wireless networks, as we are all aware of ,are the networks that sues radio waves in
order to link one or more devices ,that can be accessed in the radius of routers
transmission zone, which makes them more prone to the attacks. Implementation is
mostly done in the first layer that is physical layer of OSI Model. You might have
seen Hotspots in public places like hospitals, airports, restaurants, parks etc.

How user access this Wireless Networks

Initially user need to have a wireless network enabled device which can be anything like your Laptop, tablet, smart
phones etc.in the transmission radius of Wi-Fi access point. Many a times, when you switch on your Wi-Fi
network, you can see the list of networks that are available to the current network. These networks are mostly
password protected and in case, you have not set any password, then any one, who comes under Wi-Fi
transmission circle can access Internet without any hassle of entering password. However, in case network is
password protected, no one can use Internet without filling in the password details.

Authentication of this Wi-Fi Network

Wi-Fi network can be accessed by anyone coming under its radius, but if your network is protected, then users are
restricted to access without asking password from you or hacking it using unfair means. Various authentication
techniques are employed to make this network safe..

WEP
WEP or Wired Equivalent Privacy, compatible with IEEE 802.11 WLAN standards. Main goal of setting this
authentication is to give security similar to that of wired networks. WEP use encryption and decryption to code and
decode your information while sending from one end and receiving at other.
Authentication techniques
Open System Authentication or we call itOSA this methods permits station based on access policy
configured previously.
Shared Key Authentication or SKA This method first sends a challenge to the requesting station and the
challenge is an encrypted one. Station then encrypts the challenge using key and then respond to it .Access is
granted only when the encrypted challenge is matching with the AP value, else stands null and void.

This paragraph will guide attacker to find the weakest area of wireless network
security system in order to hack the data or information shared or connected to the
wireless terminology.

Weakness of WEP
WEP no doubt, is a strong piece of network but has some flaws and threats.
Packet Integrity check using CRC32 ,Cyclic Redundancy Check
:Attacker can easily crack this code using at least two packets. Encrypted
stream bit and checksum can be modified by the hacker easily and so,
authentication system accepts packets from him or her without any hassle
.This creates a feasibility of entering into users network. Hacker can take
benefit of this system.
Stream ciphers are created using RC4 encryption algorithm:
Stream cipher is an input value made from initial value (IV) and a
confidential or secret key. It has been assumed that the expected length of the
IVis24 bits and that of a secret key may be 40 or 104 bits long.Making a total
length of almost 64 bits in case secret key is 40 bit or 128 bits long when
secret key is 104 bits .The lower the value of secret key is ,more are the
chances of its cracking..
In case Initial value is weak and cannot be encryptedsufficiently,
chances of attack by the hacker increase.
Since WEP is passwords based; making it more prone or vulnerable
to dictionary attacks.
Key management system not implemented properly: In case key is of
long length, then its management becomes a tough task. WEP should
incorporate a central key management system in order to make it stronger and
more secure.
Possibility of using Initial values again and again makes this system

more vulnerable to attacks.

These weaknesses forced user to switch to WPA authentication system.

WPA
WPA or we call it Wi-Fi Protected Access, security protocol designed by Wi-Fi Alliance in order to remove
weaknesses observed by the users in WEP. This System supports 802.11 WLANs standards, and uses longer
Initial values of almost 48 bits in place of 24 bits used in WEP uses. Temporary encryption packets increase
security system.
This WPA Protocol was developed to eliminate weaknesses of WEP ,but still has some limitations

Attacker can easily broke collision avoidance implementation

system of WPA
Most susceptible to denial of service attacks
This protocol uses Pre-shares keys which in term use passphrases
and if user selects any Weak passphrases then, chances of dictionary attacks
increases.

Cracking Wireless Networks

Cracking WEP
Cracking is again a form of attacking or hacking which is done to get access to unauthorized information .WEP
cracking in context to WEP means exploiting networks that use WEP systems in order to levy control systems for
security reasons. Two different cracking types are defined under WEP
Passive cracking This cracking is difficult to detect and has no effect until or unless it affects or cracks WEP
security details.

Active crackingThis cracking severely affects network traffic load. Can be

detected easily and is found to be more effective than Passive cracking.

Tools that ease WEP Cracking

Aircrack used as a powerful cracking tool for network sniffer and
WEP .
WEPCrack Open source program developed for cracking 802.11
WEP standard or secret keys, implements FMS attack.
Kismet- this tool can detect visible and hidden wireless networks,
sniffer packets and even intrusions.
WebDecrypt This cracking tool uses active dictionary attacks in
order to crack WEP keys, creates its in-house key generator, implementing
packet filters.

Cracking WPA
WPA as already informed used pre-shared keys almost 256 in numbers, or may use passphrase in order to provide
authentication. Weak or Short length passphrases are more susceptible to dictionary and other attacks which can
later be used to hack passwords.
Tools used for Cracking WPA.

CowPatty this cracking tool cracks pre-shared keys (PSK)

employing brute force attack.
Cain & Abel this cracking tool decodes captured files from
sniffing programs like wireshark. Captured files may be WEP or WPA-PSK
encoded .

Type of Attacks that user systems are more vulnerable to :

Sniffing this technique intercepts in between packets which are
transmitted by the sender from one end , in order to retrieve data using
tools like Cain & Abel.
MITM or Man in the Middle Attack this attaching technique involves
special tactics to capture systems sensitive information.
Denial of Service Attack the Attacking technique denies access to
legitimate users for using network resources.FataJack tool is mostly used
in this type of attack.
How to crack keys of Wireless network WEP/WPA
Hacker can easily crack WEP/WPA keys in order to gain permission to access wireless networks. This act
requires hardware and software resources, not only this patience are a must thing. This attack will be successful or
not, mainly depends on the fact hoe active the user is when attacker is planning to target him or her.
Basic Information is given below to start with cracking.
Backtrack
Security operating system running on Linux platform, developed on the top of Ubuntu. This OS includes multiple
security tools in order to gather information, know vulnerabilities and plan exploiting other things.
List of backtrack tools includes;

Aircrack-ng
Metasploit
Ophcrack
Wireshark
NMap
Cracking is a slow yet smart process and requires lot of patience while using above listed tools. One more tool, that
is definitely the perfect tool to backtrack data is a hardware one called wireless network adapter ,which has
enough capability of injecting packets .

Basic Information about Hackers still to access Backtrack.

Backtrack OS:Hacker should be aware of this operating system.

Try to limit your range to the radius of Wi-Fi transmission. In
case user or target computer comes under the Wi-Fi zone, hacker can easily
crack it.
Hacker should be fluent enough with working on Linux based
operating systems and Aircrack and many other scripts.
Patience is the foremost thing, cracker should work with:

Cracking keys may sometimes be easy or sometimes take a bit of time in

order to implement number of factors on cracking. This may be a time
consuming task and should e handled with patience by the hacker.
Hacking web Server
More Customers are now switching to online services or shopping like activities
.This force them to enter their credit card ,email address and other details into the
website f the company. This makes their personal data more vulnerable and
susceptible to attacks. Many Defaced websites are available on the Internet which
fools people in the name of religion or political ideologies etc.

Vulnerabilities to Web Server Programs

Web server is and internet program that mainly stores data files as web pages and make them available
through any network or internet. This program needs both hardware and software tools.Hacker usually
targetssoftware programs to hit or get unauthorized access to the server. Attackers can take advantage of some of
the most vulnerable threats highlighted below.

Default settings Default user id and passwords are easy to guess

and can be cracked bythe attackers. Default settings sometimes ask attacker
performing actions like running commands which are easy to exploit.
Misconfiguration: Web server programs may be misconfigured in
terms of configuringoperating systems and other networks .Many other
configuration which allow user to process commands that can be dangerous
in case user have not set a strong password.
Web programs are vulnerable to operating system and web
server bugs :In case these bugs are detected by the hacker, then it really
becomes easy for him or her to access the unauthorized systems.
Not only the above mentioned threats, but Lack of security policy and procedures can affect hacker gaining
unauthorized access: Practices such as updating software for antivirus, web server and patch up with operating
system may lead attacker to gain access.

Web Servers can be of different types

Apachemost common web servers type being used on the internet.
This type is compatible with cross platform but installed on Linux OS. PHP
websites are mostly hosted on these servers.
IIS or Internet Information Services ,developed by Microsoft and
runs smoothly on windows OS .This type is the second web server type
mostly used after Apache on the internet. Sites hosted under this type are
mostly asp and aspx.
Apache Tomcat Sites hosted on this type are mostly Java (jsp)
websites.
Other web servers Many other web servers are available
including Novell's Web Server, Lotus Domino of IBM etc.

Attacks that can affect Web Servers

Directory traversal attacks This most prominent attackmainly exploits the bugs present in web
server in order to gain access to unauthorizedfiles and documents, not available in public domain. In
case any hacker is able to get access to the unauthorized area, he or she can hack all sensitive
information like downloading sensitive information from the target system, executing server
commands or installing malware software.

Denial of Service Attacks This attack leads of crash of web server

program and may disable system to legitimate users.
Hijacking Domain Name System This technique involves changing
DNS settings and making data or files available to the attackers web
server. Traffic which was basically directed to your system will be routed
to another or some wrong web server.
Sniffing Data which has not been coded or left Unencrypted and sent
over the transmission network may be interrupted to get access to web
server by unfair means.
PhishingThis attach enables hacker to pretend same or impersonate other
website and hack details from the target system by asking personal details.
Users unaware of this attack may get trapped and login details related to
his or her id, passwords, credit card etc.
Pharming This attack shortens DNS server in order to change the route
of malicious site.
Defacement As the name suggest, in this type attacker modifies the
company websites by adding his or her details, images, in order to forge
target system.
What will happen in case, attacker gets successful
Company or organizations reputation is at risk :In case hacker
edits the companys details and try to include malware information, then
other people apart from the target customer will see those details and can be
misguided.
Malicious software may force virus, Trojan or botnet software etc.
to enter into user computer system.
Hacker act may force user to Compromise data resulting in
fraudulent activities: This act can push a great loss to the user plus to the
company for whom he or she is working.
Tools that attacker can use to hack Web server

Metasploit this open source tool is used for developing, testing

and many-a-times exploiting code. Web servers vulnerabilities can also be
discovered using this tool and even exploiting things in order to compromise
the server.
MPack This PHP written, web exploitation tool, is backed by
database engine called MySQL. In case attacker is able to compromise web
server with the help of MPack, network traffic will be transferred to fake or
malicious websites.
Zeus This powerful tool gives you boot or zombie by converting
your compromised computer.Bot is basically a compromised computer
designed to perform attacks based on internet whereas botnet is a collective
term for compromised computers. Attacker may use Botnet in denial of
service attack or for sending spam E-mails.
Neosplit this tool performs simple operations like installing
programs, deleting programs, replicating etc.
Hacking website
More and more people are now becoming use to Internet .Manufacturers,
businessman, shareholders, etc like high grade officials are creating their websites in
order to spread awareness about the company and their offering. This has forced
them to seek web developers in order to make user-friendly applications that allow
user and the company to interact and solve most of the queries online only. Hackers
mainly attack these sources to get information about the active users of a company.
Taking an example of shopping site, where you select the list of items you want to
buy and then company website asks you to enter your basic details like name, user
name, Id, password and then while payment, they ask you for credit card details .In
case web developer has used poorly written or weak codes for running this
application, then hacker may attach and get the desired information about you from
the companys website.

Web Applications and threats associated with it.

Website or any web application works on the very famous model of client-server,
wherein server contains complete details of database access along with the logic
with which the company is running. This server mostly runs on a web server. Coming
on client side, client application on the other hand runs on web server of client itself .
Web applications are mostly written in Java, C# and VB.Net, PHP, ColdFusion
Markup Language etc. like languages and MySQL, MS SQL Server, PostgreSQL,
SQLite etc. database engine
It has been found that most of web applications are accessible to the public via internet because they are hosted on
public servers. This increases their vulnerability to attacks because of wider spectrum.

Hacking Linux System

Linux is the operating system which is mainly used for web servers. This operating
system is the only one which is open source means it provide the code to the users.
So as compare to other operating system Linux is less secure operating system
because the attackers can read its code and can find out the weaknesses in the code,
so by exploiting the code un-authorized access can be gained by the attackers.
There are many distributions of Linux based operating system such as Redhat, Fedora
and Ubuntu etc. but among them Linux is less secured operating system because the
vulnerabilities can be found from it by reading the code of this operating system
which can motivate the attackers to gain un-authorized access of the code. This
operating system can run on servers, desktop, tablets etc.
Linux Hacking Tools :
There are so many Linux Hacking tools available over the internet. Some of them are
described here:
Nessus: To scan the configuration settings, patches, network related
information this tool can be downloaded from the internet.
NMap: To monitor the number of users and processes running on the
server, this tool can be utilized. This tool can also monitor the ports of the
servers.
SARA (Security Auditors Research Assistance): The audit the network
against threats such as SQL Injection, XSS etc, and this tool can be
utilized.

Understanding SQL Injection

This threat mainly bypasses logging in algorithms, sabotage data etc.

Denial of Service Attacks This attack has been discussed

multiple times in our book and the goal of this threat could be to deny
legitimate users access to the resource.
Cross Site Scripting XSS The objective of this threat is to execute
the code on the client side browser.
Cookie/Session Poisoning The attackers want to get unauthorized
access and they perform this activity by modifying the cookie/session data.
Form tempering The objective of this threat is to temper the
prices of the product on e-commerce website so that cheap price products
can be ordered by attackers.
Code Injection Injecting the programming code like PHP is the
main motive of this threat so that this code can run on the server side so that
sensitive personal data can be revealed.
Defacement This threats objective is to repoint all the pages of a
particular website on the single site which contains attackers message.

Extract of the Book

One of the criminal defense attorneys of California defines Hacker as A particular
person who delights in having an intimate knowledge of the internal workings of a
system, computers and computer networks in particular This definition describes
hacker with two different perspectives. One calling hacking as an illogical act of
entering other computer system while the other one calls it an extra-ordinary talent of
a person who can think different and out of the box.
Our ebook describes certain methods to hack DoS, Wireless systems, Websites, Web
Pages, Linux OS etc, and it is advised to use them for betterment.
Hacking is good practice, if done in right direction. Professional hackers are needed
in almost every field like military to track useful details of the enemy heading
towards the war with country. Many Government officials find this, a blessing but
can really be harmful, if used against the country. For running any business, if hacker
finds that his system is being hacked, then he or she can fix the issue in the middle
itself and protect business image from ruining in public.

Personal Thank You from Me!

Hello, my name is Brian founder of SS publishing, and I personally want to thank you
for reading my book. It really means a lot!
We are a small and locally owned business. Our goal is for you to be completely
satisfied with your purchase and your reading experience, if for any reason this is not
the case we would appreciate it if you would give us a chance to address your
concerns BEFORE leaving feedback. Simply log in to our Facebook group, and
address your concerns and we will do our best to address your issue.
https://www.facebook.com/sspublish/
***Also, within the Facebook group you will find many weekly free book deals as
well as new release events, so make sure you press LIKE in our page.

*If youve had a pleasant reading experience (*and we think this is likely the case*),
we would be grateful if you would leave us feedback on amazon.

Thanks again and I look forward to doing business with you again soon
Brian S.