Thursday, July 21, 2011

EVERY THING U NEED TO START UP ON HACKING!!! Must read

Hey Guys Smile, This Tutorial is made by me and it’s for every beginner here , this will help them to start hacking. the best operating system used for hacking is Linux , you can download a very useful linux distribution from here http://www.backtrack-linux.org/ it contains everything a hacker needs.


Here’s what you should do :
1-read lots of tutorials (especially on hackforums)
2-practice the tutorials you learned
3-learn HTML (it helps a hacker a lot) http://www.w3schools.com/
4-learn a programming language (start with python or visual basic)
Check this thread by big noob :
http://www.hackforums.net/showthread.php?tid=207223
Later learn more advanced programming languages like C++

In this Guide :
1-Types of Hackers
2-Netbios Hacking
3-Definition of some terms
4-Basic Command Prompt (cmd) commands
5-Tools that you should have
6-Useful threads

---------------------------------------------------------------------------------------------------------------------------------

Types Of Hackers :
1-The Black Hat (also known as crackers) they attack computer systems for profit or fun or for other causes , they distribute viruses worms…

2-The White Hat (Ethical Hacker) they are computer security experts specialized in penetration testing , usually they are hired by companies to protect their systems.

3-The Gray Hat (combination between the black and the white hat , you can’t know on what side they are)

---------------------------------------------------------------------------------------------------------------------------------

NetBios Hacking (Network Basic Input/Output System) it’s the most simple and easy way for hacking remote computers, it can be used for reading or writing to a remote computer or can be used for denial of service attack. First you need a port scanner like angryip http://www.angryip.org/ scan a range of IPs (netbios session runs on port 139) lets assume that you found an IP 192.168.0.140 first you need to get some information (go to Run and type cmd) now in the command prompt type nbtstat –a (IP) in this case nbtstat –a 192.168.0.140 you’ll get something like this
[Image: netbios.jpg]
If we find the hex code <20> that means file sharing is enabled. Next type in the cmd net view \\192.168.0.140 You’ll get a list of shared resources or an error (access is denied) If you get a list of the shared drives or folders (assuming that you have found the C: drive is shared) Type in the cmd net use K: \\192.168.0.140\C:
K: represents the drive that will be created on your computer , that when you access it you can view the C: drive of the victim Now let’s go back , if you get access is denied (we have to be logged in) , on windows 95/98 and Windows ME we can crack the password using PQWAK (of course this is old , but some people still use these versions on Windows)

download PQWAK2 Here :
http://www.mediafire.com/file/w0tqgzcdtdo/pqwak2.zip

after cracking the password you can login and continue : net use K: \\(IP)\(Share name) password:***** \user:*****
in other cases when you can’t use PQWAK , we can just use a null session access to gather information about a machine. Using : net use \\(IP)\ipc$ “” /user:””

Here’s a Tutorial by h4ckingURLife :
http://www.hackforums.net/showthread.php?tid=173385
---------------------------------------------------------------------------------------------------------------------------------

Definition of some terms : (some definitions are taken from wikipedia.org and whatis.com)

DNS : (Domain Name System) a database system that translates domain names to ip addresses , so instead of typing the ip address of hackforums in our browser we type http://www.hackforums.net and the DNS redirects us to the ip of the server. Hackers can spoof the DNS a common software used is Cain & Abel, for example when a user types http://www.google.com he gets the page http://www.yahoo.com , and also it can be used for phishing.

Trojan Horse : a Trojan is designed to allow a remote access by a hacker to a target computer (it’s composed from two parts the server and the client) the server is installed on the victims machine , and the client is used by the hacker to connect to the server.
Things that can be performed by a hacker on a target computer :
1-data theft
2-installation of a software
3-downloading or uploading files
4-keylogging
5-viewing screenshots And more

Keylogger : (keystroke logging) a keylogger is a software used for logging keystrokes and saving them to a text file or sending them to an email address , it runs in the background in a stealth manner so the victim won’t notice what’s happening.

You can use a great keylogger found here on HF which is Albertino Keylogger.
http://www.hackforums.net/showthread.php?tid=219628

Keylogging Tutorial:
http://www.hackforums.net/showthread.php?tid=29821

Bruteforce attack : is a method used to crack encrypted data such as passwords by trying all possible combinations of characters , bruteforcing takes a long time and sometimes can’t crack the password.

Dictionary attack : is a method used to crack a password or a key that tries all the words in a dictionary , the difference between a dictionary attack and a bruteforce attack is that it uses a predefined list of words.

RAT : (Remote Administration Tool, Remote Access Trojan) a RAT is a malware that includes a Backdoor for administrative control over the target computer, gives the attacker almost full control over the infected computer, infected computers are called zombies.

Botnet : (Robot Network, Zombie Army) botnets are networks of infected computers controlled by the attacker used send spam and viruses.

Crypter : A Crypter is a programs that makes other programs UD or FUD by encrypting them.(UD means undetectable by antivirus programs, and FUD means fully undetectable)

Binder :A Binder is a program that makes other programs UD or FUD by binding them with another file.

Backdoor : is a means of access to a computer that bypasses security mechanism, I other words a backdoor is a method of bypassing normal authentication or securing remote access, a backdoor can be a form of an installed program or a modification to an existing program.

Worm : a worm is a self-replicating virus that does not alter files, but resides in active memory and duplicate itself, sometimes a worm’s job is to take advantage of a backdoor created by an earlier attack.

Vulnerability : (security Hole) a vulnerability is a weakness in the system, it’s also classified as a security risk.

Exploit : an exploit is an attack on a computer system that takes advantage of a vulnerability, the term exploit refers to the act of successfully making an attack.
A great tool used for exploiting vulnerabilities is metasploit http://www.metasploit.com/

Proxy : a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other server, here the client’s IP is not shown, instead the IP address of the proxy server is shown, hackers use proxies to protect themselves and hide their IP address.
Find your IP and Trace other IPs Here: http://www.ip-adress.com/

DoS Attack : ( Denial Of Service Attack) a DoS attack is an attempt to make a computer resource unavailable to its intented users, one common method of attack involves saturating the target machine with external communication requests.
Find the difference between Dos and DDos Here:
http://www.hackforums.net/showthread.php?tid=64591

Phishing : phishing is a fraud process of attempting to acquire sensitive information like user names and passwords or credit card details, it consists of making a website that looks like the real website that victims use, and sending fake emails to them to trick them, so they enter their sensitive information on your fake website which are logged in a log file on the server.

SQL injection : is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.
SQL injection tutorials :
http://www.hackforums.net/showthread.php?tid=50356
http://www.hackforums.net/showthread.php?tid=45621

Social engineering : is the act of manipulating people into revealing information or tricking the victim to performing actions that are beneficial to the user.
A great guide by Solid:
http://www.hackforums.net/showthread.php?tid=67193

---------------------------------------------------------------------------------------------------------------------------------

Some Command prompt commands that you should know :

cd : change the directory Later you’ll download tools that doesn’t have a graphical use interface GUI, and when you click on them the cmd opens and then closes,for example hydra. Example to go and run hydra bruteforcer which is on the desktop in the folder hydra: Cd desktop\hydra Hydra.exe

ping (IP/Host) : checks to see if a host is alive
Example : Ping 192.168.0.1
Or
Ping http://www.google.com

Tracert (host) : traces a host and finds the IP of the host
Example : Tracert http://www.google.com

ipconfig : displays the current ip address of your computer and the DNS server

Attrib : hides files type attrib/? for help Example ( hide a folder ABC in the drive C: )
Attrib +s +h C:\ABC
To show it again Attrb –s –h C:\ABC

Shutdown –s : shuts down your pc

Shutdown –r : restarts your pc

Shutdown –l : log off

Shutdown –a : abort shutdown , sometimes an error happens and you get a windows telling you that your pc will shutdown or restart in few seconds , you can type this to abort the shutdown,youcan type it in Run.

Netstat : you can see your connections to remote computers, type netstat –n to view the ips instead of hosts.

You can find all command by typing help in the cmd. And to get help for a each command type ater it /? Example attrib/?

2 comments:

  1. Best content & valuable as well. Thanks for sharing this content.
    Approved Auditor in DAFZA
    Approved Auditor in RAKEZ
    Approved Auditor in JAFZA
    i heard about this blog & get actually whatever i was finding. Nice post love to read this blog
    Approved Auditor in DMCC

    ReplyDelete

Custom Search
Powered By Blogger