Hack the book Mini
0 likes645 views
This document provides an overview of network security penetration testing. It defines hackers and their motivations, outlines the objectives of penetration testing which is to test vulnerabilities rather than malicious hacking. It then lists some common tools used like Metasploit, Aircrack and their purposes. It provides examples of how these tools could be used together in a flow to hack systems like wireless networks or ATM machines. It encourages learning terminology like exploits and payloads to better understand hacking. Finally, it emphasizes the importance of reading, learning and testing to become a skilled hacker rather than just asking how to hack specific sites or systems.
Hack the book Mini
- 1. Hery Intelligent Technology IT Solution Center Network Security Penetrating Testing IT Community Malaysia (ITCom) http://www.itcom.activeboard.com/
- 2. DEFINITION In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. – Wikipedia. In other words, hacker is someone that able to make a hole at a security wall. The hole is any vulnerable of a host/server/computer. From the hole, hacker could inject a script to exploit the victim.
- 3. OBJECTIVES The main objectives of this slide is not going to tell you the very basic of hacking. In this slide I am not talking abut, What is Black Hat, White Hat, Blue Hat, Grey Hat or white hack of any hat of hacker. This is because, for me, if you know perfectly about the “hat”, you are still not a hacker. In a simple word, to be a hacker, you need knowledge about what script do, how the exploit work, why must use the payloads, what is the best OS to hack and the next hack of hack. Actually, this book is not show you “How to be a hacker”, because this slide I made it is not for the “Very Stupid Newbies” and also not for the “The Best Fuc*king Shit Master of Hacker”. The aim reader of this slides is for the intermediate, newbies, researcher, network security,, computer company, network developer, and more. This is because, this slides will touch a bit about basic hacking to support definition of hack, this slide will discuss about ideas of hacking and bit about social engineering.
- 4. TOOL’S LIST When the process of hacking take place, then the thing that very important is OS. What is OS? OS is Operating System. Example of OS is Windows XP, Vista, 7. Windows is provided by Microsoft. There is another OS that provided by different company such as Linux. In Linux, there is OS Ubuntu, Red Hat, Opera and more. In this case of hacking, we will differentiate Apple OS. Because Apple OS we will go thru accurately for the next slides. (Also for Android OS/Phone OS). The most popular OS in hacking world is Backtrack from Linux and Windows XP from Microsoft. Backtrack OS, there is many version. There is Backtrack 2,3,4,5. The latest is Backtrack 5 R3. But, nowadays, Backtrack is new OS of hacking in Linux, because the newest is Kali Linux 1.0.6 like that. The Kali Linux (KL) or Backtrack (BT) is different with the Windows XP. Windows XP is not built-to-hack like BT and KL. Hence, the KL and BT is a free OS that everyone can download from their website, but Windows XP is not a free OS. Windows XP is built-to-use. It is mean, or the Documentation work, graphic or anything else. It is very flexible to use compare to BT and KL is not to flexible.
- 5. TOOL’S LIST But, these two OS, there is the most very important thing that they are the same, it is these two OS is VULNERABLE. In other words, it could be hacked. That’s why these two OS can be use to hack. The tools most popular to use is on the list: Tools Uses OS Metasploit / armitage (Graphical) General Hacking Tools BT/Win Havij / SQLMap Website Hacking BT/Win Aircrack Wifi Hacking BT/Win Cisco Firewall Firewall PenTest BT Ettercap / Wireshark / Cain&Abel Sniffing BT/Win
- 6. TOOL’S LIST The list is not complete. But that is the most best tools. Besides that, to support that tools, there is some tools are need to let the tools above running well. The tools are: Tools Uses OS Zenmap / Netcat Scanner BT/Win MD5 HASH Decrypter BT/Win/Webs These tools are free tools and can get from the any hacker’s website.
- 7. TOOL’S LIST This is the flow how’s the tools work up: Aircrack The Aircrack will crack Wifi, then Zenmap scan IP, use firewall shutter to penetrate firewall, Metasploit try to penetrate, send exploit to collect data and crash system, use ettercap to collect cookies password. Web Browser Success Hacked! Metasploit Firewall (Cannot Defeated) Exploit & Payload Firewall Down Ettercap Hack Data Receive Password Receive Zenmap Remote Control Havij/ SQLMap Uploading Shell Finding URL, test vulnerability, vulnerable detected, decrypt hash, login to webs, upload a shell and access the data. Vulnerable Decrypt Hash Logged In Password Found
- 8. WHY SHOULD…? We must know about the terminology. It is because, when we know the actual definition of the term in hacking, then we can adapt something to be something uses. The example I will count it after this. The word that are important to know is ”Exploit”. Exploit is a “specialized” small programs that could that advantages and deliver a payload, which will grant attacker the control. Metasploit is a great tool that has a vast number of exploits. Payload is delivered by exploit and is used to control the remote system. Think of it this way. “Exploit is like terrorist that is carrying a bomb in his backpack. He enters the system and leaves his backpack there. Most popular and widely known payload is “meterpreter”, that has a lot of features. With it you can browse remote files, download them, upload your own, capture keystrokes and more. Through meterpreter, you can pivot and attack machines in networks that are not your own”
- 9. SOMETHING TO BE SOMETHING I will give you two options. If you are a newbie, maybe you feel like you want to try. If you are a intermediate hacker, you will see how we can adapt the Thins to be Something more good. #First: Hacking ATM Bank. When you are understand the flow above, then you will how is this work. “At the evening, you and your friends do to McDonald to buy something to eat. Then you bring your laptop. Behind the McD, there is a Bank. When you turn on your laptop, the Bank’s Wifi signal is detected. Then you crack the wifi, try to penetrate the firewall the you re being a remote control of the computer. Then you are using Zenmap to find the IP of the ATM machines, you found it, then you crack the Firewall and you re successfully. Upload the payload and exploit. Now, you are controlling the ATM Machines” – Actually, ATM machine are using Windows 2000 and oldest. This is mean, the OS of the ATM machine is easy to hack.
- 10. SOMETHING TO BE SOMETHING #Second: Hacking as a work. If you re noticed, when you re running BT, the sniffer is not work to the external network. The sniffer just work on your internal network. Social-Engineering-Toolkit (SET) also the same. Do you ever think that XAMPP and WAMP server is not work for external network but just work for internal network? So, how to make XAMPP and WAMP server work for external network (Globally)? The answer is registered your computer as a domain. Then people can connect to you. This is the same way: “You register your network as a Linux domain server, then running BT or KL. Then, your sniffer will work people globally. Then, promote your self to social network as a hired hacker. If someone need to hack, they must pay you. When they paying you, then you have to sniff the victim, get their password and sell it to “Needers”. The same thing for using Msf and SET.
- 11. SOMETHING TO BE SOMETHING The conclusion for this section is, you must be creative. You have to think what you need to do. What you need something to do the do. If you keep trying and trying and trying, you can make the hack with your own way. The computer is following you command, we made it, it is mean we can crack it! This note is note for bad purpose, even it is, but I just make it for researcher network security.
- 12. LAST WORDS These note are very important. I made these slide with to many words because I want to let all people know, to be a hacker is not only asking people with the stupid question ; “How to hack facebook?” , “please tell me how to hack”. This stupid question will not help you. You must READ, LEARN, TEST, BE BRAVE, then you will have it. These note have been created by the Moderator Of Network in IT Community Malaysia. – Http://www.itcom.activeboard.com/ . This website forum is vulnerable, but, please do not hack it. Because there is nothing important to hack. If you need something, just need to register and ask as many question you want. Lastly, I’ve made mistakes. I am a normal human, human will make mistakes. So, if you feel I am wrong, then just ask me, I will change it and discuss about it. I also beg apologize for my bad English Spelling, Grammar, Grandpa, Grander and so what the Hack Grand so on. Thank you, Call Me If You In Trouble, I am Sharper. Hery Intelligent Technology IT Solution Center Network Security Penetrating Testing IT Community Malaysia (ITCom) http://www.itcom.activeboard.com/