Friday, 8 January 2016

Hacking Tools Categories.

These include various OS like -
  1. Kali Linux or Backtrack 5
  2. BackBox
  3. DEFT
  4. Pentoo
  5. NodeZero
  6. Anonymous OS 

In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
The purpose of password cracking might be to help a user recover a forgotten password (installing an entirely new password is less of a security risk, but it involves System Administration privileges), to gain unauthorized access to a system, or as a preventive measure by System Administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.

Cracking of wireless networks is the defeating of security devices in Wireless local-area networks. Wireless local-area networks(WLANs) – also called Wi-Fi networks are inherently vulnerable to security lapses that wired networks are exempt from.
Cracking is a kind of information network attack that is akin to a direct intrusion. There are two basic types of vulnerabilities associated with WLANs: those caused by poor configuration and those caused by weak encryption.

Packet crafting is a technique that allows network administrators to probe firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behavior, instead of using existing network traffic.

Network traffic monitoring is the process of reviewing, analyzing and managing network traffic for any abnormality or process that can affect network performance, availability and/or security.
It is a network management process that uses various tools and techniques to study computer network-based communication/data/packet traffic.

packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer—or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.

Rootkit is an application, that hides its presence or presence of another application on the computer, using some of the lower layers of the operating system, which makes them almost undetectable by common anti-malware software. So a Rootkit Detector is used.

A Security fuzzer is a tool used by security professionals (and professional hackers :) to test a parameter of an application. Typical fuzzers test an application for buffer overflows, format string vulnerabilities, and error handling. More advanced fuzzers incorporate functionality to test for directory traversal attacks, command execution vulnerabilities, SQL Injectionand Cross Site Scripting vulnerabilities. Web Vulnerability scanners typically perform all of this functionality, and can be considered an advanced fuzzer.

A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). The code to be examined might alternatively be running on an instruction set simulator (ISS), a technique that allows great power in its ability to halt when specific conditions are encountered.

Encryption software is software that can encrypt and decrypt data, often in the form of files on a hard drive or packets sent over a network.

An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of "flavors" and approach the goal of detecting suspicious traffic in different ways.

 A software vulnerability is a security flaw, glitch, or weakness found in software or in an operating system (OS) that can lead to security concerns. So we can exploit this vulnerability using several tools like metasploit, sqlmap, etc.

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. Forensic tools help in collecting such data.

These include tools like Netcat, Vmware, Socat, cURL, etc.

Please Share :)

Thursday, 7 January 2016

Becoming a Great Hacker (All you need to know)

So How To Became A Great hacker ? Well, read this and more important is to implement these steps and then you might be a Renowned Hacker of the upcoming era :D who knows?

1. Learn TCP/IP, Basic Information gathering, Proxies, Socks, SSL, VPN, VPS, RDP, FTP, POP3, SMTP, Telnet, SSH.

2. Learn Linux, Unix, Windows - You can do this using vmware or any virtual desktop utility.

3. Learn a programming language that's compatible with all OS - Perl, Python, C, ASM

4. Learn HTML, PHP, Javascript, ASP, XML, SQL, XSS, SQLI, RFI, LFI

5. Learn Reverse engineering and crack some programs for serials easy ones like mirc, winzip, winrar or old games.

6. Code a fuzzer for common protocols - ftp, pop3, 80, 8080 - Pick some free software like ftp server, mail server, apache or iis webserver or a webserver all-in-one pack, or teamspeak, ventrilo, mumble.

7. Code a tool that uses grep to sort out unique code in source codes.

8. Make a custom IPtable, IPsec firewall that blocks all incoming traffic and out going traffic and add filters to accept certain ports that your software or scripts use.

9. Pick a kernel in linux or unix, also pick a Microsoft OS version lets say Winxp pro sp2 put them on the virtual desktops (vmware) and find and code a new local exploit in those versions, then install a Apache webserver on the Linux/Unix and a IIS webserver on the winxp pro and attempt to find and code a new local reverse_tcp_shell exploit.

10. Learn Cisco Router and Switch configuration and setup.

11. Learn Checkpoint Setup and Config

12. Learn WiFi scanning, cracking, sniffing.

13. Pick a person in you phone book for the area code you live in or city then ring the person on a anonymous line like Skype or a payphone or a carded sim and attempt to social engineer the person for his name, address, data of birth, city born, country born, ISP connected with, Phone company connected with, What bank he/she uses and anything else you can get. Then Attempt to ring using a spoof caller ID software with the person's phone number - call the ISP and try reset the password to his/her internet connection/web-mail, get access to bank account or ask them to send out a new *** to a new address (drop) with a new pin, reset of phone company passwords.

14. Use your information gathering skills to get all the information off a website like a shop then use the spoof caller-id software or hack your phone to show a new number of the Web server's Tech Support number then ring the shop owner and try get the shop site password.

15. Do the same thing but attempt to use a web attack against a site or shop to gain admin access.
16. Once got access upload a shell and attempt to exploit the server to gain root using a exploit you coded not someone else s exploit.

17. Make your own Linux Distro

18. Use your own Linux Distro or use a vanilla Linux gnome (not KDE) keep it with not much graphics so you can learn how to depend on the terminal and start from scratch install applications that you will only need for a blackbox (Security test box), make folders for fuzzers, exploits, scanners..etc Then load them up with your own scripts and other tools ( By this stage you shouldn't need to depend on other peoples scripts).

19. Learn macosx and attempt to gain access to a Macosx box whether it be your own or someone's else.

20. Create a secure home network and secure your own systems with your own Security policies and firewall settings.

All this isn't a over night learning it will take a nice 3 - 4 years to learn a bit of this 5+ years to learn most of it and even then you may need time to keep learn as IT keeps changing ever day.

As long as your dedicated to learning you won't have any problems and if you learn all that you should easy get a job in any company if you show proof that you can do these things (print out scripts that you made or put on disc) to show the companies.


Like and Share :)
© Programmed Hackers ;)