Art of Hacking
Art of Hacking
Art of Hacking
TESFAYE
All the information provided in this
book is for educational purposes
only.
⦁ 1. “Art of hacking” is just a term that represents the name of the book
and is not a book that provides any illegal information. “art of
hacking” is a book related to Computer Security and not a book that
promotes hacking/cracking/software piracy.
1
risk.
⦁ I want the world full of hacking and all country know about hacking
Preface
2
⦁ This Book is written by keeping one object in mind that a
beginner, who is not much familiar regarding computer
hacking, can easily, attempts these hacks and recognize what
we are trying to demonstrate. Here we have incorporated the
best ethical hacking articles in this volume, covering every
characteristic linked to computer security
Acknowledgements
⦁ Book or volume “Art of hacking” is tremendously complex to
write, particularly without support of the Almighty GOD... I
am more than ever thankful tor the inspiration which I got for
learning hacking and getting such great opportunity to write
the book. I am also thankful to my partner who facilitated me
at various research stages of this book and helped me to
complete this book and mentioned me new suggestion for the
book To finish, I am thankful to you also as you are reading
this book. I am sure this will book make creative and
constructive role to build your life more secure and alert than
ever before Again Nothing but “Hack It and Have It...”
⦁ Fuad tesfaye
⦁ What Is Hacking
⦁ Types Of Hacker
⦁ 2.EMAIL HACKING
………………………………….…....………………………………12
⦁ Email Spoofing
⦁ Phishing
⦁ Email Tracing
4
⦁ Keystroke Loggers
⦁ Security Architecture of
Windows………..……………………………………..
⦁ Make a private
folder…………………………………………………………………..
5
………………………………………………………………….…
⦁ 4. TROJANS IN BRIEF...…..…………….………….……..
…………..………………
⦁ Introduction to Web
Servers..…………………………………………………
6
……………………………
⦁ Web Ripping
……………………………………………………………………………
⦁ Database Servers
………………………………………………………………………
⦁ SQL injection
…………………………………………………………………………………
7
…………………………………………
⦁ 6. WIRELESS
HACKING…………………………………...…………………...………
⦁ Wireless Standards
…….……………………………………………………………
⦁ SMS Forging
………………………………………………………………………………………
⦁ Bluesnarfing …………………………………………………………………………
⦁ 9.
SNIFFERS………………………………………………...……………………………
.……
9
⦁ Defeating Sniffers………………………………………………………
⦁ 10. LINUX
HACKING…………………………………………………………………………
⦁ Why used
Linux? ..............…………………………………………………………………
⦁ 4.Delete an
“undeletable………………………………..….…………………………86
⦁ 5.What is
steganography?..................................................………………87
⦁ 21.Making a computer
virus…………………………………….……………………….124
⦁ 25.Hacking deep
freeze…………………………………….……………………………..136
⦁ Computer Hackers have been around for so many years. Since the
Internet became widely used in the World, We have started to hear
more and more about hacking. Only a few Hackers, such as Kevin
Mitnick, are well known.
14
⦁ Hackers are human like the rest of us and are, therefore, unique
individuals, so an exact profile is hard to outline. The best broad
description of Hackers is that all Hackers aren’t equal. Each Hacker
has Motives, Methods andSkills. But some general characteristics
can help you understand them. Not all Hackers are Antisocial,
Pimple-faced Teenagers. Regardless, Hackers are curious about
Knowing new things, Brave to take steps and they are often very
Sharp Minded.
Hacker
⦁ They do it for Personal gain, Fame, Profit and even Revenge. They
Modify, Delete and Steal critical information, often making other
people's life miserable.
15
agree that there are people out there who use hacking techniques to
break the law, buthacking is not really about that. In fact, hacking is
more about following the law and performing the steps within the
limits.
16
Many malicious Hackers are electronic thieves. Just like anyone can
become a thief, or a robber, anyone can become a Hacker,
regardless of age, gender, or religion. Technical skills of Hackers vary
from one to another. Some Hackers barely know how to surf the
Internet, whereas others write software that other Hackers depend
upon.
Types of Hacker
Coders
⦁ The Real Hackers are the Coders, the ones who revise the methods
and create tools that are available in the market. Coders can find
security holes and weaknesses in software to create their own
exploits. These Hackers can use those exploits to develop fully
patched and secure systems.
⦁ Coders are the programmers who have the ability to find the unique
vulnerability in existing software and to create working exploit
codes. These are the individuals with a deep understanding of the
OSI Layer Model and TCP/IP Stacks.
Admins
⦁ Admins are the computer guys who use the tools and exploits
prepared by the coders. They do not develop their own techniques,
however they uses the tricks which are already prepared by the
coders. They are generally System Administration, or Computer
Network Controller. Most of the Hackers and security person in this
digitalworld come under this category.
17
Consultants fall in this group and work as a part of Security Team.
Script Kiddies
⦁ Next and the most dangerous class of Hackers is Script kiddies, They
are the new generation of users of computer who take advantage of
the Hacker tools and documentation available for free on the
Internet but don’t have anyknowledge of what’s going on behind
the scenes. They know just enough to cause you headaches but
typically are very sloppy in their actions, leaving all sorts of digital
fingerprints behind. Even though these guys are the teenageHackers
that you hear about in the news media, they need minimum skills to
carry out their attacks.
⦁ Script Kiddies are the bunnies who use script and programs
developed by others to attack computer systems and Networks.
They get the least respect but are most annoying and dangerous
and can cause big problems withoutactually knowing what they are
doing.
18
⦁ A Black Hat Hacker is computer guy who performs Unethical
Hacking. These are the Criminal Hackers or Crackers who use their
skills and knowledge for illegal or malicious purposes. They break
into or otherwise violate the system integrity of remote machines,
with malicious intent.
⦁ They are hybrid between White Hat and Black Hat Hackers.
Ethical Hacking
⦁ Ethical Hacking is testing the resources for a good cause and for the
betterment of technology. Technically Ethical Hacking means
penetration testing which is focused on Securing and Protecting IT
Systems.
Hacktivism
19
to raise public awareness of an issue. Examples of hacktivism are
the Web sites that were defaced with the Jihad messages in the
name of Terrorism.
Cyber Terrorist
⦁ There are Hackers who are called Cyber Terrorists, who attack
government computers or public utility infrastructures, such as
power stations and air-traffic-control towers. They crash critical
systems or steal classified government information. While in a
conflict with enemy countries some government start Cyber war via
Internet.
20
⦁ Many Hackers say they do not hack to harm or profit
through their bad activities, which helps them justify their
work. They often do not look for money full of pocket. Just
proving a point is often a good enough reward for them.
21
also trustworthy. Ethical Hackers perform the hacks as
security tests computer systems.
22
protect your systems from known Vulnerabilities and
common Hacker attacks.
1) Reconnaissance
2) Scanning
3) Gaining Access
4) Maintaining Access
5) Clearing Tracks
• Performing Reconnaissance
• Gaining access
23
• Covering tracks or Clearing Logs
Phase I: Reconnaissance
24
techniques to cause irreparable damage to the target
system.
25
these principles get ignored or forgotten when planning or
executing ethical hacking tests. The results are even very
dangerous.
Working ethically:
Respecting privacy:
26
the usage and power of the security tools and techniques.
27
⦁ Don’t take ethical hacking too far, though. It makes little
sense to harden your systems from unlikely attacks. For
instance, if you don’t have an internal Web server running,
you may not have to worry too much about. However,
don’t forget about insider threats from malicious
employees or your friends or colleagues!
2. Email hacking
⦁ Once the servers are ready to go, users from across the
world register in to these Email servers and setup an Email
account. When they have a fully working Email account,
they sign into their accounts and start connecting to other
28
users using the Email services. Email Travelling Path
⦁ But what happens behind the curtains, the Email from the
computer of abc@server1.com is forwarded to the Email
server of Server1.com. Server1 then looks for server2.in on
the internet and forwards the Email of the server2.in for
the account of XYZ. Server2.in receives the Email from
server1.com and puts it in the account of XYZ.
29
Email Service Protocols
SMTP
POP3
IMAP
31
over spam protection.
Email Security
⦁ You have to make sure that you are not an easy target for
those people. You have to secure your Email identity and
profile, make yourself a tough target.
⦁ If you have an Email I’d Do not feel that it does not matters
if hacked because there is no important information in that
Email account, because you do not know if someone gets
your Email id password and uses your Email to send a
threatening Email to the Ministry or to the News Channels.
32
Email Spoofing
⦁ Web Scripts
33
Email.
⦁ www.FakEmailer.net
⦁ www.FakEmailer.info
⦁ www.Deadfake.com
⦁ www.hackingtech.co.tv/index/0-93
34
Consequences of fake emails
⦁ Check the Header and Get the location from the Email was
35
Sent
⦁ Check if the Email was sent from any other Email Server or
Website
Email Bombing
Email Spamming
36
⦁ There is no specified attack available just to hack the
password of Email accounts. Also, it is not so easy to
compromise the Email server like Yahoo, Gmail, etc.
Phishing
⦁ The Email directs the user to visit a Web site where they
are asked to update personal information, such as
passwords and credit card, social security, and bank
account numbers, that the legitimate organization already
has. The Web site, however, is Bogus and set up only to
steal the User’s information.
37
Phishing scams could be
38
Prevention against Phishing
Email Tracing
40
⦁ For Gmail-
⦁ Now see from bottom to top and the first IP address you
find is the IP address of the sender. Once you have the IP
Address of the sender, go to the URL www.ip2location.com
and Find the location of the IP Address
41
And from where he had sent the email. Keystroke loggers
⦁ Types of keyloggers
⦁ Hardware keylogger
⦁ Software keylogger
⦁ Actual Spy
⦁ Perfect Keylogger
⦁ Family Keylogger
⦁ Home Keylogger
⦁ Adramax Keylogger
42
Securing your Email account
43
⦁ LSA is the Central Part of NT Security. It is also known as
Security Subsystem. The Local Security Authority or LSA is a
key component of the logon process in both Windows NT
and Windows 2000. In Windows 2000, the LSA is
responsible for validating users for both local and remote
logons. The LSA also maintains the local security policy.
45
⦁ Windows Security Files are located at “C:\Windows
\System32\Config\SAM”
46
⦁ Once the Passwords converted in Hashes, you cannot
convert back to the Clear Text.
48
⦁ In this if we put the password and windows vey the
password we entered on teen with the file in which the
49
password is stored of ours.
50
⦁ We Need a Bootable CD named Hiren boot and Can Crack
the Password. But Another Attack – Go to C:\Windows
\System32\
51
[Net local group users hacker /delete]
⦁ And give the hidden user name in the user name field and
password respectively.
3) Put the physical Lock behind the cabinet of PC. (Put Lock).
To hide a file behind a image file which means that if any one
opens that image he will see the image only but if you open in a
special way then you can open the hidden file behind the image.
So to hide the file behind a image open CMD.exe
52
1) Select an image to be used for hiding file behind the image.
2) Now select a file to hide behind the image and make it in .RAR
format. With the help of the WinRAR.
3) And most important is that paste both the files on desktop and
run the following command on the command prompt.
53
And then hit enter the file will be created with the file final file
name of the image.
54
To make Private folder which nobody can open, delete, see
properties, rename. To make such a folder you need to make a
folder with any name. For example- manthan on desktop. And
then open command prompt and then type the following
command on the screen.
Then type
And hit enter the folder is locked To open the folder just: replace
with: f
55
To run net user in Vista and Windows 7
56
Brute force password guessing is just what it sounds like: trying a
random approach by attempting different passwords and hoping
that one works. Some logic can be applied by trying passwords
related to the person’s name, job title, hobbies, or other similar
items.
57
⦁ Brute force randomly generates passwords and their
associated hashes.
Oph Crack
59
Creating Backdoors for windows
⦁ And then use the Command Net Local group Users Hidden
user /delete
⦁ Type the Username as Hidden user and Hit Enter, you will
get Logged In Sticky Keys Backdoor.
60
⦁ Command Prompt file ‘CMD.EXE’ can be renamed to
‘SETHC.EXE’ in C:\Windows\System32 Folder.
“This trick will not work in Windows Vista and Windows 7”.
⦁ After this one can hit the Shift Key 5 times on the User Login
Screen and will get the Command Prompt right there. Net
User command can be used to modify User Accounts
thereafter.
⦁ This will protect your computer from the attacking Live CDs.
61
⦁ You may press Del or F2 Key at the System Boot to go to the
BIOS Setup.
4. Trojans in Brief
62
This tutorial will include the understanding concept of Trojan,
Dangers created by Trojans, how they can come to your
computer, how do they destroy you and your data. How many
types of Trojans are there, how Trojans are attached behind other
applications and finally the most important, Detection of Trojan
on your computer and their prevention to safeguard your system
and your data.
64