hack the book mini
DESCRIPTION
This is the first Mini Hack The Book Released in Power Point Format.TRANSCRIPT
IT Community Malaysia (ITCom)
http://www.itcom.activeboard.com/
Hery Intelligent Technology
IT Solution Center
Network Security Penetrating Testing
DEFINITION
In the computer security context, a hacker is someone who seeks and exploits
weaknesses in a computer system or computer network. Hackers may be
motivated by a multitude of reasons, such as profit, protest, or challenge. –
Wikipedia.
In other words, hacker is someone that able to make a hole at a security wall. The
hole is any vulnerable of a host/server/computer. From the hole, hacker could
inject a script to exploit the victim.
OBJECTIVES
The main objectives of this slide is not going to tell you the very basic of hacking. In
this slide I am not talking abut, What is Black Hat, White Hat, Blue Hat, Grey Hat
or white hack of any hat of hacker. This is because, for me, if you know perfectly
about the “hat”, you are still not a hacker.
In a simple word, to be a hacker, you need knowledge about what script do, how the
exploit work, why must use the payloads, what is the best OS to hack and the next
hack of hack.
Actually, this book is not show you “How to be a hacker”, because this slide I made it
is not for the “Very Stupid Newbies” and also not for the “The Best Fuc*king Shit
Master of Hacker”. The aim reader of this slides is for the intermediate, newbies,
researcher, network security,, computer company, network developer, and more.
This is because, this slides will touch a bit about basic hacking to support definition of
hack, this slide will discuss about ideas of hacking and bit about social
engineering.
TOOL’S LIST
When the process of hacking take place, then the thing that very important is OS.
What is OS? OS is Operating System. Example of OS is Windows XP, Vista, 7.
Windows is provided by Microsoft. There is another OS that provided by different
company such as Linux. In Linux, there is OS Ubuntu, Red Hat, Opera and more.
In this case of hacking, we will differentiate Apple OS. Because Apple OS we will
go thru accurately for the next slides. (Also for Android OS/Phone OS).
The most popular OS in hacking world is Backtrack from Linux and Windows XP from
Microsoft. Backtrack OS, there is many version. There is Backtrack 2,3,4,5. The
latest is Backtrack 5 R3. But, nowadays, Backtrack is new OS of hacking in Linux,
because the newest is Kali Linux 1.0.6 like that. The Kali Linux (KL) or Backtrack
(BT) is different with the Windows XP. Windows XP is not built-to-hack like BT and
KL. Hence, the KL and BT is a free OS that everyone can download from their
website, but Windows XP is not a free OS. Windows XP is built-to-use. It is mean,
or the Documentation work, graphic or anything else. It is very flexible to use
compare to BT and KL is not to flexible.
TOOL’S LIST
But, these two OS, there is the most very important thing that they are the same, it is
these two OS is VULNERABLE. In other words, it could be hacked. That’s why
these two OS can be use to hack.
The tools most popular to use is on the list:
Tools Uses OS
Metasploit / armitage (Graphical) General Hacking Tools BT/Win
Havij / SQLMap Website Hacking BT/Win
Aircrack Wifi Hacking BT/Win
Cisco Firewall Firewall PenTest BT
Ettercap / Wireshark / Cain&Abel Sniffing BT/Win
TOOL’S LIST
The list is not complete. But that is the most best tools. Besides that, to support that
tools, there is some tools are need to let the tools above running well.
The tools are:
These tools are free tools and can get from the any hacker’s website.
Tools Uses OS
Zenmap / Netcat Scanner BT/Win
MD5 HASH Decrypter BT/Win/Webs
TOOL’S LIST
This is the flow how’s the tools work up:
Zenmap Metasploit
Firewall Down
Firewall
(Cannot
Defeated)
Aircrack
Ettercap
Password
Receive
Data
Receive Hack
Exploit &
Payload
Remote
Control
Web Browser Havij/
SQLMap Vulnerable Decrypt Hash
Password
Found Logged In
Uploading
Shell
Success
Hacked!
The Aircrack will crack Wifi,
then Zenmap scan IP,
use firewall shutter to
penetrate firewall,
Metasploit try to
penetrate, send exploit
to collect data and
crash system, use
ettercap to collect
cookies password.
Finding URL, test vulnerability, vulnerable
detected, decrypt hash, login to webs,
upload a shell and access the data.
WHY SHOULD…?
We must know about the terminology. It is because, when we know the actual
definition of the term in hacking, then we can adapt something to be something
uses. The example I will count it after this.
The word that are important to know is ”Exploit”. Exploit is a “specialized” small
programs that could that advantages and deliver a payload, which will grant
attacker the control. Metasploit is a great tool that has a vast number of exploits.
Payload is delivered by exploit and is used to control the remote system. Think of it
this way.
“Exploit is like terrorist that is carrying a bomb in his backpack. He enters the
system and leaves his backpack there. Most popular and widely known payload is
“meterpreter”, that has a lot of features. With it you can browse remote files,
download them, upload your own, capture keystrokes and more. Through
meterpreter, you can pivot and attack machines in networks that are not your
own”
SOMETHING TO BE SOMETHING
I will give you two options. If you are a newbie, maybe you feel like you want to try. If
you are a intermediate hacker, you will see how we can adapt the Thins to be
Something more good.
#First: Hacking ATM Bank.
When you are understand the flow above, then you will how is this work.
“At the evening, you and your friends do to McDonald to buy something to eat.
Then you bring your laptop. Behind the McD, there is a Bank. When you turn on
your laptop, the Bank’s Wifi signal is detected. Then you crack the wifi, try to
penetrate the firewall the you re being a remote control of the computer. Then you
are using Zenmap to find the IP of the ATM machines, you found it, then you crack
the Firewall and you re successfully. Upload the payload and exploit. Now, you are
controlling the ATM Machines” – Actually, ATM machine are using Windows 2000
and oldest. This is mean, the OS of the ATM machine is easy to hack.
SOMETHING TO BE SOMETHING
#Second: Hacking as a work.
If you re noticed, when you re running BT, the sniffer is not work to the external
network. The sniffer just work on your internal network. Social-Engineering-Toolkit
(SET) also the same. Do you ever think that XAMPP and WAMP server is not work
for external network but just work for internal network? So, how to make XAMPP
and WAMP server work for external network (Globally)? The answer is registered
your computer as a domain. Then people can connect to you.
This is the same way:
“You register your network as a Linux domain server, then running BT or KL. Then,
your sniffer will work people globally. Then, promote your self to social network as
a hired hacker. If someone need to hack, they must pay you. When they paying
you, then you have to sniff the victim, get their password and sell it to “Needers”. -
The same thing for using Msf and SET.
SOMETHING TO BE SOMETHING
The conclusion for this section is, you must be creative. You have to think what you
need to do. What you need something to do the do. If you keep trying and trying
and trying, you can make the hack with your own way.
The computer is following you command, we made it, it is mean we can crack it! This
note is note for bad purpose, even it is, but I just make it for researcher network
security.
LAST WORDS
These note are very important. I made these slide with to many words because I want
to let all people know, to be a hacker is not only asking people with the stupid
question ; “How to hack facebook?” , “please tell me how to hack”. This stupid
question will not help you. You must READ, LEARN, TEST, BE BRAVE, then you will
have it.
These note have been created by the Moderator Of Network in IT Community
Malaysia. – Http://www.itcom.activeboard.com/ . This website forum is
vulnerable, but, please do not hack it. Because there is nothing important to
hack. If you need something, just need to register and ask as many question you
want.
Lastly, I’ve made mistakes. I am a normal human, human will make mistakes. So, if
you feel I am wrong, then just ask me, I will change it and discuss about it. I also
beg apologize for my bad English Spelling, Grammar, Grandpa, Grander and so
what the Hack Grand so on.
Thank you,
Call Me If You In Trouble,
I am Sharper.
IT Community Malaysia (ITCom)
http://www.itcom.activeboard.com/
Hery Intelligent Technology
IT Solution Center
Network Security Penetrating Testing