While this short Guide will not give you a step-by-step, hold-your-hand solution ( such a solution is impossible for reasons you’ll find out in this text. ) This text will give you a serious guideline to developing your own techniques and methodologies for hacking.
Next I must tell you the following: With penalties for hacking going up and up all over the world, in every nation (almost) doing a sloppy hack can get you from 5 years to LIFE IMPRISONMENT. The ball game has changed a lot in the past years. Security is harder and tighter, penalties are going sky high. It’s easier than ever to get caught and you’ll seriously screw up your life if you do get caught.
Tell me — is doing that DDOS or crashing some SOB who ‘wronged’ you or infecting people to be l33t — is that worth the prison time? How much reward or inducement would someone have to give you before you’d agree to rob a bank at gunpoint and risk 20 years to life in jail? Don’t laugh, The penalties for “hacking" are very real.
The only difference is that you stand a better chance of a reduced sentence for robbing a bank. Therefore I do not advocate you doing any exploits until and unless you really know what you are doing and are willing to take total responsibility for your actions. Bottom line — do whatever the hell you want — I’ll not really changing your mind because you won’t/don’t believe me and you ‘know better’ than I. I’ll just leave you with this — I’ve been “hacking" for 3 years as penetration tester - I would never do anything without a reason and proper investigation of the target - it’s suicide.
So now I’ll give you an outline of the do’s and don’t’s as well as a little advice… Doing a real exploit involves much, much more than finding a vulnerable system and running a script to root it. Before you even consider using an exploit you must do the following MINIMUM:
1)Ensure that you are as hidden as possible,
Chain of proxies; hidden cutouts; work thru a shell on a previously rooted machine; spoof the hell out of everything; and last but definitely not least — NEVER EVER UNDER ANY CIRCUMSTANCES RUN AN EXPLOIT FROM YOUR HOME, SCHOOL OR OFFICE WITH YOUR REAL IP. In fact never run one from an internet cafe for obvious reasons. This is because you can and will be traced if your hack is noticed. This is because, no matter what you do, no matter how well you try to hide, in order to enter and snoop around in someone’s PC you *must* establish a connection from you to them. Even if you work through a chain of proxies you can be traced. Those machines have logs, the machines they connect to have logs and so on and so on. which brings us to point 2..
2) Clean up after yourself.
This involves some very delicate surgery on the target. You should try to remove any log entries that pertain to you out of ALL logs. This is almost impossible without root access to the target. So if you got in, but didn’t get root — you could be screwed big time. Don’t just erase the logs, that’s way to crass. Edit the logs to remove your entries. Very time consuming, but very much worth it. Next clean up is your proxies/cut-outs, etc. However, even doing this you’re not totally in the clear as recovery of the HDD may be possible or logs may be kept on external devices/media for that proxy. So even if you do clean it up — you’re still screwed (potentially). Now to the 3rd point, how to find a suitable target…
3) Find a vulnerable system by UNOBTRUSIVE scanning techniques.
Most of the regular scanners use very blatant scanning techniques that would wake the dead. They do this because they’re made for security admins to test their networks, not for hackers to be sneaky. To scan a target use a scanner that allows very fine grain control of the scanning techniques and has several different techniques. Scanners like Xscan, GFI LanGuard and the like are totally unsuited for hacking. Be sure you really know HOW to use the scanner, all it’s options and how it works. Select the most delicate of scans first and go from there after analyzing the results. You may want to do several types of scans. 4th point — Watch your back…
4) Get a GOOD packet sniffer like wireshark etc.
Use it to see if you’re being backtraced. Set it up to watch for incoming packets not only from the target, but from at least his whole class-C subnet. In fact to be really safe, you may want to watch his class-B instead. I set my sniffer to look at ALL incoming packets and filter to a separate point the ones from the target and then all other incoming. I also set it to alert on any ‘suspicious’ packets that are common to a backtrace. In this fashion I can see if a backtrace has hit me from anywhere. If your sniffer doesn’t have all these bells and whistles then get one that does. Now we start to get into the meat of hacking…
5) Education.
You could be considered an idiot if you attempt a live exploit without knowing the following:
✪Networking: how it works; packet layout; OSI model; everything.
✪Programming: You should have a basic understanding of languages and be able to write your own code. I highly recommend using Code Academy
✪Assembly Language: Since most exploits rely on shell code you must know assembly to be able to handle and fix any exploits; Assembly allows you fine-grain control of the target.
✪Be an EXPERT on the target’s OS: How can you be expected to do all the things needed to perform a successful exploit if you can’t do simple OS functions once you get in?
✪Be an EXPERT with all the tools you use. Know them inside out, understand how they work and what they do. Next item….
6) UNOBTRUSIVELY sniff AROUND the target.
Look at machines potentially on the same sub-net that may be monitoring the target externally. Also examine for any firewall, routers or other network infrastructure that could potentially aid or hinder your exploit. Sniff the target for signs of an IDS (intrusion detection system). Insure the potential target is not a honeypot. Failure to examine the machines/network AROUND the target is a deadly sin. More n00bs get caught by honeypots and IDS’s because they fail to take the time to properly investigate their target. investigation must not be limited to the target and its immediate surroundings either..
7) Examine who-is and other relevant records to determine the owners of the target.
You might undercover a very well placed law-enforcement honeypot this way. LE *sometimes* doesn’t set up their domains and such well ahead of time and so you might uncover a trail to point to the *real* owner or a lack of trail indicating you should be cautious. Additionally examining the whole ‘paper trail’ may lead you to other networks the target is affiliated with. Some of those may have an easier way in and a route to a backdoor on your original target. Many admins feel a false sense of security behind their own firewalls and leave open access between various sub-nets inside. This is a weapon to exploit whenever possible. However without proper safety procedures you can be nailed very easily as you may be logged from many different directions behind the firewall.
8)Hardware…What do you need?
With all the good computers out there it is really up to you. I have a laptop and a raspberry pi that I can plug into clients network that automatically makes a secure ssh tunnel for me. You may also need external wifi antennas, as well as usb sticks.
9) Software …What do you need?My recommendation is a Linux sytem with a hand-picked assortment of tools: scanners, sniffers, assembler, compilers and reference data on liveboot usb. I personally use Backtrack found Here. You can use Universal USB Installer to try different OS’s and make a super easy bootable usb. A very nice set of tools can be found Here. I won’t go into much detail as the choice of tools is a very personal thing. Over the last 3 years or so I’ve been unhappy with the readily available tools and have used the available source of several to create my own versions. As you progress and are more concerned with doing an ‘invisible’ hack and not being noticed, you’ll undoubtedly do the same. I also hesitate to use tools found online. While some are quite good, many do not lend themselves to stealth techniques and may have their own backdoors. Always download/compile from source when possible And last….
10) DAMN! White hat, Grey hat, or Black hat I will leave the choice up to you.
✪Don’t do the crime if you can’t do the time.
By this I mean for you to understand that if you attempt an exploit against a machine that you do not have rights to — you are breaking the law. Be a man (or woman) and be prepared to accept your punishment. Nobody told you to go out and hack, in fact I tell you not to do it. Most of you are just not capable of the attention to detail, nor do most of you possess the requisite knowledge at this time. Yes, there are exceptions to what I’m saying, however I’m writing this for n00bs, not the experienced/educated.
✪The benefit of your actions must outweigh the risk. —
By this I mean to take a good, hard look at REALITY. What is the punishment if you get caught? Is it worth getting caught and suffering the punishment for what I get out of doing the deed? If you’re stealing millions of dollars online — well 20 to life is about the standard risk for grand theft. But if you’re just screwing with your buddy…is that worth getting caught and convicted of a felony? Remember if you are a convicted felon - no guns - no voting - no internet.
✪Knowledge is Power and Information is Wealth.
If I have to explain this one - you’re pretty dense.
✪ TANSTAAFL —
This is an anagram — There Ain’t No Such Thing As A Free Lunch. This basically means that you don’t get something for nothing. The hacker’s version of Newton’s law of conservation of energy. If that target seems too good to be true - it’s probably a trap. Watch you back, examine everyone’s motives. You’re wandering into the hacker community, keep your wits about you, not everyone nor everything is what it seems. After you’ve done all this then it MIGHT be safe to run that exploit. But it might not — there are other checks that I go through, but I’m sure you get the idea. If all this seems like too much trouble and there must be an easier way — you’re right. Just log on from home, crank up NMAP and find a vulnerable PC and perform that exploit. But have some snacks and drinks ready, sooner or later you’ll get some visitors.
password hacking trick
ReplyDelete