Documentos de Académico
Documentos de Profesional
Documentos de Cultura
for Beginners
Table of Contents
Introducing Computer
Hacking.3
History of
Hacking...4
Security Threats that may affect Your Computer
Systems.5
Understanding basics of tools for ethical hacking and skills required by the
Hacker
6
Social Engineering behind
Hacking.8
Learn measures to crack Password of an
Application9
Understanding Trojans, Viruses and
Worms.11
Simple guide to Networks
Snifffer..13
Learn How to Hack different
Networks.15
DoS
Attacks
15
Wireless
Networks..18
Web
server...22
Website.2
Linux
System
25
Understanding SQL
Injection26
Extract of the
Book.26
In the cyber security era, the professional who is able to find out the weakness in the system and can exploit it to
accomplish his objectives is called as Hacker and this process is called Hacking.
Now a days, people think that hacking is just hijacking any account of exploiting any website, although it is also a
part of hacking but it cant be considered as main part of hacking.
So now need to think that what exactly hacking is and what should anyone do to become a professional hacker.
Self-interest is the main point to become the hacker and you should always be keen to learn and create something
new.
Here are the different kinds of hackers in the cyber security world.
Script Kiddies
Script Kiddies are the persons who use tools , scripts, methods and programs created by real hackers. Now it is
easy to say that the person, who doesnt know the working of the system can also exploit it with the already
available tools.
GreyHat hackers
There are some hackers whose work depends on the situation. They may work offensively or defensively. They
are actually dont have bad intentions but still they like to break into third-party system for fun only or to just show
the existence of vulnerability.
Hacktivists
Few hackers are there who use their hacking skills to protest against injustice. They attack a targeted system or
website to bring the justice. One of the popular hacktivists is Anonymous and RedHack
History of Hacking
In this computer security world, who specially focuses on the security mechanisms of computer and network
system is called hacker. Mass media and popular culture are there who seek access despite these security
measures can be included in the list of hackers who always tries to strengthen such mechanisms. Although media
portrays the hacker as a villain, but some of part of the subculture see their objective is to correct security
problems and they take this word in positive sense.
The name White Hat has been given to the ethical computer hackers, who use hacking in a helpful way. For
Information security field white hackers have become mandatory part. They work under the guidelines which
suggest that the breaking into other peoples computer is bad, but it is still an interesting activity to discover and
exploit security mechanisms and break into computers that can be done ethically and legally.
The subculture around such hackers is known as network hacker subculture, or computer underground. This
subculture surrounding was initially developed in context of phreaking during 1960s.
The word hacker was first used in the title The Hacker Papers in an article in the month of August in 1980 in
Psychology Today (With commentary by Phillip Zimbardo). It was the part of the discussion held by Stanford
Bulletin on the addictive nature of computer use. In the 1982 film Tron, Kevin Flynn clarifies his intentions to break
into ENCOMs computer system by saying that I have been doing a little hacking here. He uses the software
called CLU to do this activity. Although inn 1983, hacking was already been used as computer jargon in the sense
of breaking the computer security but public awareness was not there about such an activity. This matter came
into public awareness at the time of the release of the film WarGames that year, which raised the belief that
computer security hackers could be a threat to national security.
In that year this threat became real when the hackers group known as The 414s (includes teenagers) in Milwaukee
broke the security of computer systems throughout the United States and Canada which included some of the
famous places like Los Alamos National Laboratory and Security Pacific Bank. This case quickly captures the
medias attention. A teenager Neal Patrick emerged as a spokesman of the gang who covered a story in
Newsweek by the title Beware: Hackers at play with Patricks photograph on the cover. That Newsweek article
was the first one to use the word hacker by the mainstream media in the detractive sense.
At that time, Dan Glickman was the first person who was called to investigate and began to work on the new laws
against computer hacking.
In that year six bills concerning computer crime were introduced in the U.S House of Representatives when Neal
Patrick was testified in front of them on September 26, 1983 about the threat of computer hacking. At that time
white hat, grey hat and black hat hackers tried to distinguish themselves from each other depending on the legality
of their activities which was in turn the result of these laws. These conflicts are expressed in The Mentors The
Hacker Manifesto published in 1986 in Phrack.
Phishing
Spyware
Key loggers
Distributed Denial of Service Attacks
Un-authorized access to computer systems resources such as data
Denial of Service Attacks
To get rid of above mentioned threats, a company has to take some security measures.
Some of them are defined below:
To protect against the Virus, Trojans, Worms etc, a company should not only
implement the anti-virus in their computer systems but also should avoid the use of
external storage devices and visiting websites which can download unauthorized
programs.
Authentication methods should be implemented to get rid of unauthorized access of
the computer system.
To protect against the denial of service attacks, the intrusion detection systems can be
implemented.
Understanding basics of tools for ethical hacking and skills required by the
Hacker
To achieve your desired goals within available time and resources you need to have
the skill. You need to grow your skills to get your job done. These skills include
learning how to solve the problem, how to program, keen to learn new things, use the
internet and take the advantage of existing tools
What is programming language:
The computer programs can be developed with the help of programming
language only. The computer programs have the wide range which can work on
the operating systems or can operate on the network.
What is the need of learning computer programs:
Hackers are the problem solver and tool builders. So it is very
necessary for a hacker to learn the programming to solve different
problems.
To automate several things, a hacker must need a computer
programs. But these programs the job can be done in minutes which
usually take lot of time.
Programs can help you identify and exploit programming errors.
There are already open source programs available over the
internet, so you dont have to invent the wheel every time.
There are different programing languages which can be useful for hacking.
details like account number, credit card number etc. like things. Hacker mostly uses
Phishing to get credit card
Tailgating: This technique involves chasing user when he or she enters the password
restricted zone.
Making human more curious about things around him: This technique excites user
for clicking some site or ads which inject virus through flash drive .This is a kind of
bate system where attacker throws a chocolate and user picks it up. This Flask Drive
is mostly plugged in by the user or sometimes injected with a auto run option which
asks users to open a file like Employees Revaluation Report 2014.docx, a fake name
to infected file.
Exploiting human by money: This technique lures user with fake promises of giving
money by filling online form asking details of credit card, debit card like confidential
figures
Length: this implies the number of characters, user have kept for
password .
Complexity: Generally using combination of numbers, letters, and
symbol make password complex and hence increases its strength.
Unpredictability: Whether the password can be easily guessed by
the hacker or not?
Brute force attack This technique is almost similar to the first one but differs from
the fact that Brute force attacks uses algorithms which compounds alpha-numeric
characters with symbols in order to get passwords for attacking user computer
.Taking an example password of some ABC user is of the value Yogesh which can
also be tried as y0ge$H using this technique.
Rainbow table attackMethod uses hashes which have been pre-computed in the
system.Taking an example of password of value Yogesh hashes. This method will
create another data file containing Yogesh hashes passwords commonly used by the
users. This hash can later be compared with the data base stored in the system in
order to get the password.
Guess This method is basic and does not contain any science behind it. Commonly
used Passwords like 1234, qwerty, password, admin etc. are set as default .Many
people keep them as same carelessly and give hacker an open chance to get
information.
Spidering It has been seen that many organizations keep passwords related to their
companyinformation, which is readily available on either their websites or on social
networking sites like facebook, twitter etc. Spidering captures information through
these sources to get word lists, which is then used to create password using first two
methods.
Tools used to crack Password
Many software developers have designed software programs to crack password from
the users computer system. Many sites are available like www.md5this.com using
different techniques to crack passwords. Especially this site, using rainbow
technique. Many Tools are available in the online market. Listed down few of them
which are commonly used by the Hacker:
John the Ripper Software Tool
This tools uses command prompt in order to get passwords. Mostly suited to professional who are fluent enough
working with commands. A well-defined wordlist is used to crack passwords. Hacker can easily get this program
for free but only purchase that needs to be made is for the word list .Alternatively this software offers a free
wordlist that can also be used.
Cain & Abel Software Tool
This tool runs only on windows platform in order to crack passwords for user personal accounts, Microsoft Access
passwords; networking sniffing etc.like secret accounts. This tool is based on Graphical user Interface and is so
user-friendly ad easy to use. This Tool being simple and easy to use, commonly used by newbies and script kiddies.
Ophcrack Software Tool
This tool works on Windows cross platform in order to crack password .Methodology used by the tool is rainbow
tables .Compatible with windows, Linux and Mac Operating Systems. Many features integrated in these amazing
tools makes it a all-time favorite of millions of hackers.
Understanding worm?
Worm is a malware program that runs on users computer system and repeat
itself frequently over the computer networking system. Worm threat can be used
by the hacker in order to accomplish below mentioned tasks;
This threat may Install backdoors on users or victims computer.
This backdoor, then creates zombie computers which sends spam mails or
perform unwanted actions like distributed denial of service etc. However,
this backdoors can be prevented from spreading using other malware
programs.
Worms consumes a considerable amount of bandwidth while
replicating itself and so slows down the networking system.
This worm can carry pre-installed harmful payload codes.
Understanding virus?
Virus is again a dreadful program which runs on computer and attaches itself
like a suicide bomber in order to spoil programs and files without asking for
users consent. Viruses like worm consume a lot of space, increases CPU
Processing time and hence delays the processing tasks. Program affected by virus is
called infected one.Hacker use Virus to execute certain operations:
In order to get personal data like user id and passwords
Annoying messages pop up to disturb user
May corrupt stored data of your computer
May log al keys pressed by the user in order to fetch password related
details.
All these threats Trojan Horse, Worm and Virus involves social engineering
techniques which deceives users to disclose harmful files which otherwise ,look
alike normal ones. Once user open this files, execution of virus code takes place
resulting in harmful consequences set by the hacker.
heavy growth of the internet. IPv6 addresses are formatted in the groups of six
numbers separated by colon. The numbers in the groups are written as hexadecimal
digits.
For Example: 2002:0db6:85a3:0000:0020:8a2e:0310:7334
MAC (Media access control) addresses are basically used to uniquely identify
network interfaces at the physical layer of the network. It usually embedded into
network card. MAC address can also termed as Physical address.
The command to get all these addresses on the window Operating system is
Ipconfig /all
packet. The recipient port whose IP address matches with the sender, responds actively to the request raised by
the sender port. This process is simple but all ports which are connected in between gets the message details. Hub
works at physical layer of OSI Model.
Dos Attacks
Any business can be expanded and promoted by means of internet. Cutting off Internet
is a kind of big loss to the company because Internet and Computer networks play a
crucial role in promoting any business category. Especially online shopping business
cannot think of surviving for a second without proper internet connection. But there is
one flaw behind these online shopping sites, users need to fill their credentials in
order to make successful payment. This gives attacker a opportunity to hack the
details plus the company secret information .DoS is an acronym for Denial of Service
attack which denies legitimate users to access any private resource like accessing
website of the company.
Attacking tools
Some of the Tools that attacker can use in order to perform DoS attacks.
Wireless Network
Wireless networks, as we are all aware of ,are the networks that sues radio waves in
order to link one or more devices ,that can be accessed in the radius of routers
transmission zone, which makes them more prone to the attacks. Implementation is
mostly done in the first layer that is physical layer of OSI Model. You might have
seen Hotspots in public places like hospitals, airports, restaurants, parks etc.
WEP
WEP or Wired Equivalent Privacy, compatible with IEEE 802.11 WLAN standards. Main goal of setting this
authentication is to give security similar to that of wired networks. WEP use encryption and decryption to code and
decode your information while sending from one end and receiving at other.
Authentication techniques
Open System Authentication or we call itOSA this methods permits station based on access policy
configured previously.
Shared Key Authentication or SKA This method first sends a challenge to the requesting station and the
challenge is an encrypted one. Station then encrypts the challenge using key and then respond to it .Access is
granted only when the encrypted challenge is matching with the AP value, else stands null and void.
This paragraph will guide attacker to find the weakest area of wireless network
security system in order to hack the data or information shared or connected to the
wireless terminology.
Weakness of WEP
WEP no doubt, is a strong piece of network but has some flaws and threats.
Packet Integrity check using CRC32 ,Cyclic Redundancy Check
:Attacker can easily crack this code using at least two packets. Encrypted
stream bit and checksum can be modified by the hacker easily and so,
authentication system accepts packets from him or her without any hassle
.This creates a feasibility of entering into users network. Hacker can take
benefit of this system.
Stream ciphers are created using RC4 encryption algorithm:
Stream cipher is an input value made from initial value (IV) and a
confidential or secret key. It has been assumed that the expected length of the
IVis24 bits and that of a secret key may be 40 or 104 bits long.Making a total
length of almost 64 bits in case secret key is 40 bit or 128 bits long when
secret key is 104 bits .The lower the value of secret key is ,more are the
chances of its cracking..
In case Initial value is weak and cannot be encryptedsufficiently,
chances of attack by the hacker increase.
Since WEP is passwords based; making it more prone or vulnerable
to dictionary attacks.
Key management system not implemented properly: In case key is of
long length, then its management becomes a tough task. WEP should
incorporate a central key management system in order to make it stronger and
more secure.
Possibility of using Initial values again and again makes this system
WPA
WPA or we call it Wi-Fi Protected Access, security protocol designed by Wi-Fi Alliance in order to remove
weaknesses observed by the users in WEP. This System supports 802.11 WLANs standards, and uses longer
Initial values of almost 48 bits in place of 24 bits used in WEP uses. Temporary encryption packets increase
security system.
This WPA Protocol was developed to eliminate weaknesses of WEP ,but still has some limitations
Cracking WPA
WPA as already informed used pre-shared keys almost 256 in numbers, or may use passphrase in order to provide
authentication. Weak or Short length passphrases are more susceptible to dictionary and other attacks which can
later be used to hack passwords.
Tools used for Cracking WPA.
Aircrack-ng
Metasploit
Ophcrack
Wireshark
NMap
Cracking is a slow yet smart process and requires lot of patience while using above listed tools. One more tool, that
is definitely the perfect tool to backtrack data is a hardware one called wireless network adapter ,which has
enough capability of injecting packets .
Hello, my name is Brian founder of SS publishing, and I personally want to thank you
for reading my book. It really means a lot!
We are a small and locally owned business. Our goal is for you to be completely
satisfied with your purchase and your reading experience, if for any reason this is not
the case we would appreciate it if you would give us a chance to address your
concerns BEFORE leaving feedback. Simply log in to our Facebook group, and
address your concerns and we will do our best to address your issue.
https://www.facebook.com/sspublish/
***Also, within the Facebook group you will find many weekly free book deals as
well as new release events, so make sure you press LIKE in our page.
*If youve had a pleasant reading experience (*and we think this is likely the case*),
we would be grateful if you would leave us feedback on amazon.
Thanks again and I look forward to doing business with you again soon
Brian S.