Hacking tutorial

Types of Hacking

1. Local Hacking
Local hacking is done from local area where we have physical access, like through printer
etc. We do this type of hacking through Trojans and viruses with the help of hard disk and pen
drive.

2. Remote Hacking
Remote hacking is done remotely by taking advantage of the vulnerability of the target system.
We need to follow steps for remote hacking to enter on target system.

3. Social Engineering
Social engineering is the act of manipulating people into performing actions or divulging
confidential information. While similar to a confidence trick or simple fraud, the term typically
applies to trickery or deception for the purpose of information gathering, fraud, or computer
system access; in most cases the attacker never comes face-to-face.

Real Hacking Steps (Remote Hacking)

_ 1. Information Gathering / Foot printing
_ 2. Port Scanning
_ 3. OS Fingerprinting
_ 4. Banner Grabbing
_ 5. Vulnerability Assessment
_ 6. Search & Build Exploit
_ 7. Attack
_ 8. Maintain Access with help of Root kits and Trojans.
_ 9. Covering Tracks

1. Information Gathering / Foot printing

Information gathering is the process to get maximum details of target host. It is a very important
part of remote hacking because the more information about target system we have, more the number of
attacks we can launch.

Information gathering is done with these steps:
1. Find our company URL / IP address
2. Google for more information from different websites
3. Foot printing Through Job Sites
4. Find out who is record of target domain name (open http://www.who.is )
5. Find out physical location of victim (open http://www.whatismyipaddress.com)

Case-Study: 1.1
You are working in your company as a hacker, and your company wants physical address , ip
address, employee record and domain details. Your company gives u domain name:
http://www.kulhari.net

Ans)
1. open Dos prompt and type ping kulhari.net [Enter] after that you will get ip address of the victim.

2. open google.com and search kulhari.net (and browse website for all informations like contact
number, employee records and their services)

3. for domain owner email address and hosting company details , open: http://www.who.is
And type http://www.kulhari.net (any target site).

4. for physical location of server, open http://www.whatismyipaddress.com and type ip address that you
get in step 1. and trace it after that.

Video available at: http://www.thesecretofhacking.com/vd/ch1/cs11

2. Port Scanning

What is port?
Port is medium for communication between 2 computers. Every service on a host is identified by
a unique 16-bit number called a port.

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are two of the
protocols that make up the TCP/IP protocol suite which is used universally to communicate on
the Internet. Each of these has ports 0 through 65535 available ,so essentially there are more than
65,000 doors to lock.

The first 1024 TCP ports are called the Well-Known Ports and are associated with standard
services such as FTP, HTTP, SMTP or DNS.

What is port scanning?
It is similar to a thief going through your neighborhood and checking every door and window on
each house to see which ones are open and which ones are locked.

What is port scanner?
A port scanner is a piece of software designed to search a network host for open ports. This is often used
by administrators to check the security of their networks and by hackers to identify running services on a
host with the view to compromising it. To portscan a host is to scan for listening ports on a single target
host. To portsweep is to scan multiple hosts for a specific listening port.

Best port scanners: nmap, Hping2, Superscan.
Download link: http://sectools.org/

Why we perform port scanning?

We perform port scanning for finding our open services, so after we can search exploits related to that
service and application.

Demo video: http://www.thesecretofhacking.com/vd/ch1/cs12

NMAP (Port Scanner): A Hacker’s Best Friend

Nmap is a tool that has the ability to detect hosts, scanning ports and Oss. Nmap is used in matrix, sword
and many hacking movies.

Nmap Modes of operation:

TCP PING: -PT: This method of pinging sends a TCP packet to the host with an ACK flag. If the host
replies with an RST, then the host is UP (running).

ICMP Ping: -PI: This is standard ping used by UNIX / Linux boxes.

Connect():-ST: All Linux/Unix systems provide a system call to connect to a machine on a specified
port, with a given protocol.

SYN Stealth: -sS: This is stealth scan in that it does not get logged.
How to Find Out Own computer Ports:

Open Dos prompt and type following command.

C:\> netstat –no

After Show active connections:

Active Connections

Proto Local Address Foreign Address State PID
TCP 117.196.225.191:3604 69.93.227.45:80 ESTABLISHED 2148
TCP 117.196.227.116:1067 80.190.154.74:80 CLOSE_WAIT 3064
TCP 127.0.0.1:1990 127.0.0.1:1991 ESTABLISHED 2020
TCP 127.0.0.1:1991 127.0.0.1:1990 ESTABLISHED 2020
TCP 127.0.0.1:1992 127.0.0.1:1993 ESTABLISHED 2020
TCP 127.0.0.1:1993 127.0.0.1:1992 ESTABLISHED 2020

PID is Process ID ,
We can find out their associate application with help of following command:

C:\> tasklist
To terminate 2020 PID or another process
C:\> taskkill /PID 2020

After All connections will be close on our system.

NOTE: We can know that our system is infected or not with help of former commands, described.

3. OS Fingerprinting

OS (Operating System) Fingerprinting is a process to find out victim’s Operating
System(Windows, Linux, UNIX)

Introduction:
When exploring a network for security auditing or inventory/administration, you usually want to
know more than the bare IP addresses of identified machines. Your reaction to discovering a
printer may be very different than to finding a router, wireless access point, telephone PBX,
game console, Windows desktop, or Unix server. Finer grained detection (such as distinguishing
Mac OS X 10.4 from 10.3) is useful for determining vulnerability to specific flaws and for
tailoring effective exploits for those vulnerabilities.

Tools: nmap, NetScanTools Pro, P0f.

4. Banner Grabbing

Banner grabbing is an attack designed to deduce the brand and/or version of an operating system
or application. Mean after port scanning we found open port 80 (apache) and target os is Linux,
but we don’t know what is version of apache for remote hacking. Like apache 2.0, 2.2, or 2.6 .

Example: c:\> telnet 69.93.227.34 80 [Enter]
Change Target Port 80 to another.

5. Vulnerability Assessment

What is Vulnerability Assessment?
the word “vulnerability” describes a problem (such as a programming bug or common
misconfiguration) that allows a system to be attacked or broken into.

A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or
ranking) the vulnerabilities in a system.

Vulnerability assessments can be conducted for small businesses to large regional infrastructures.
Vulnerability from the perspective of Disaster Management means assessing the threats from
potential hazards to the population and to the infrastructure developed in that particular region. It can be
done in political, social, economic and in environmental fields.

Assessments are typically performed according to the following steps:
1. Cataloging assets and capabilities (resources) in a system.
2. Assigning quantifiable value (or at least rank order) and importance to those resources
3. Identifying the vulnerabilities or potential threats to each resource
4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
Automated Tools: Nessus, Nikto, Core impact, Retina, etc

6. Search & Build Exploit

Manual Method: We can find vulnerability manually with help of vulnerability archive sites like
http://www.milw0rm.com and http://www.packetstormsecurity.org/

For exploit and final attack, open the websites say Microsoft, adobe or mozilla which provides
you the source code format. You need to download the code and compile them for preparing
exploit for final attack.

7. Attack

Launch attack on remote system and get reverse shell.

8. Maintain Access
After getting remote access we place a root kit or Trojan virus for future remote access, without
any password.

[Read next chapter for more information]

9. Covering Tracks

Covering Tracks is a process to delete all logs on the remote system. If target system is linux or
UNIX, delete all entries of /var folder and if it is windows os delete all events and logs.

How to Find Latest Exploits?

What is exploit?
An exploit is an attack on a computer system, especially one that takes advantage of a particular
vulnerability that the system offers to intruders.

Why we are Searching Latest Exploits?
Because exploit is a code to enter on remote system or crash the system remotely.

How do these weaknesses occur?
• Many systems are shipped with: known and unknown security holes and bugs, and
insecure default settings (passwords, etc.)
• Many vulnerabilities occur as a result of misconfigurations by system administrators.

Hacking History?

From phone phreaks to Web attacks, hacking has been a part of computing for 40 years.

1960 s
The Dawn of Hacking
The first computer hackers emerged at MIT. They borrow their name from a term to describe
members of a model train group at the school who “hack” the electric trains, tracks, and switches
to make them perform faster and differently. A few of the members transfer their curiosity and
rigging skills to the new mainframe computing systems being studied and developed on campus.

1980 s
Hacker Message Boards and Groups
Phone phreaks begin to move into the realm of computer hacking, and the first electronic bulletin
board systems (BBSs) spring up.
The precursor to Usenet newsgroups and e-mail, the boards–with names such as Sherwood
Forest and Catch-22–become the venue of choice for phreaks and hackers to gossip, trade tips,
and share stolen computer passwords and credit card numbers.

1988
The Morris Worm

Robert T. Morris, Jr., a graduate student at Cornell University and son of a chief scientist at a
division of the National Security Agency, launches a self-replicating worm on the government’s
ARPAnet (precursor to the Internet) to test its effect on UNIX systems.
The worm gets out of hand and spreads to some 6000 networked computers, clogging
government and university systems. Morris is dismissed from Cornell, sentenced to three years’
probation, and fined $10,000.

1995
The Mitnick Takedown
Serial cybertrespasser Kevin Mitnick is captured by federal agents and charged with stealing
20,000 credit card numbers. He’s kept in prison for four years without a trial and becomes a
cause célèbre in the hacking underground.
After pleading guilty to seven charges at his trial in March 1999, he’s eventually sentenced to
little more than the time he had already served while he awaited a trial.
Russian crackers siphon $10 million from Citibank and transfer the money to bank accounts
around the world. Vladimir Levin, the 30-year-old ringleader, uses his work laptop after hours to
transfer the funds to accounts in Finland and Israel.Levin stands trial in the United States and is
sentenced to three years in prison. Authorities recover all but $400,000 of the stolen money.

1998
The Cult of Hacking and the Israeli Connection
The hacking group Cult of the Dead Cow releases its Trojan horse program, Back Orifice–a
powerful hacking tool–at Def Con. Once a hacker installs the Trojan horse on a machine running
Windows 95 or Windows 98, the program allows unauthorized remote access of the machine.

2000

Service Denied
In one of the biggest denial-of-service attacks to date, hackers launch attacks against eBay,
Yahoo, Amazon, and others.
Activists in Pakistan and the Middle East deface Web sites belonging to the Indian and Israeli
governments to protest oppression in Kashmir and Palestine.

2001
DNS Attack
Microsoft becomes the prominent victim of a new type of hack that attacks the domain name
server. In these denial-of-service attacks, the DNS paths that take users to Microsoft’s Web sites
are corrupted. The hack is detected within a few hours, but prevents millions of users from
reaching Microsoft Web pages for two days.

Top 5 Most Famous Hackers of All Time

1. Jonathan James: James gained notoriety when he became the first juvenile to be sent to
prison for hacking. He was sentenced at the age of 16 . In an anonymous PBS interview, he
professes, “I was just looking around, playing around. What was fun for me was a
challenge to see what I could pull off.” James also cracked into NASA computers,
stealing software worth approximately $1.7 million.

2. Adrian Lamo: Lamo’s claim to fame is his break-ins at major organizations like The New
York Times and Microsoft. Dubbed the “homeless hacker,” he used Internet connections
at Kinko’s, coffee shops and libraries to make his intrusions. In a profile article, “He Hacks
by Day, Squats by Night,” Lamo reflects, “I have a laptop in Pittsburgh, a change of
clothes in D.C. It kind of redefines the term multi-jurisdictional.”

3. Kevin Mitnick: A self-proclaimed “hacker poster boy,” Mitnick went through a highly
publicized pursuit by authorities. His mischief was hyped by the media but his actual
offenses may be less notable than his notoriety suggests. The Department of Justice
describes him as “the most wanted computer criminal in United States history.” His
exploits were detailed in two movies: Freedom Downtime and Takedown.

4. Kevin Poulsen: Also known as Dark Dante, he gained recognition for his hack of LA
radio’s KIIS-FM phone lines, which earned him a brand new Porsche, among other items.
His hacking specialty, however, revolved around telephones.

5. Robert Tappan Morris: Morris, son of former National Security Agency scientist Robert
Morris, is known as the creator of the Morris Worm, the first computer worm to be
unleashed on the Internet. As a result of this crime, he was the first person prosecuted
under the 1986 Computer Fraud and Abuse Act.

FACEBOOK in danger!

Anonymous a group of hacktivist is again in the news.They have threatened to destroy facebook on 5th November.This date 5 november is celebrated in remembrance of
Guy Fawkes who in 1605 attempted the failed Gunpowder Plot — an attempt to blow up England’s House of Lords and kill King James I.

They have named it as Operation Facebook.They have decided to take down facebook due to Privacy policies.In a press release they stated

Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world. Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria.

Everything you do on Facebook stays on Facebook regardless of your “privacy” settings, and deleting your account is impossible, even if you “delete” your account, all your personal info stays on Facebook and can be recovered at any time. Changing the privacy settings to make your Facebook account more “private” is also a delusion.Facebook knows more about you than your family.

Should You be Worried?

According to Anonymous Facebook Operation is not supported by all of its members.So,this attack is planned by few members of the group.Moreover they have given more then enough time to Facebook to fill up any loopholes in their security (if any).Earlier they started their own social network website called AnonPlus which got hacked by another group of hackers (lol).This clearly indicates that there’s nothing much to worry.