How To Become A Hacker: A Million Dollar Question

Every day we(me Abir and Sandeep) at Indian School Of Ethical Hacking(www.isoeh.com) gets bored to answer one common question over mails/phones/smses that comes not only from India but from other countries too:

How to become a good hacker or what qualification I need to become hacker? From corporate network engineers/developers/System Analyst/Testers/students(both engineering and general streams) everybody have this common question. So i thought to write this article for everybody wannable hacker.
Firstly Who is a hacker?
A hacker is a person who enjoys exploring the details of programmable systems and how to stretch their capabilities” and one who is capable of creatively overcoming or circumventing limitations.
They are the highly skilled professionals who come up with innovative methods to protect computer systems and corporate networks and websites.
Here we are talking about good guys only(called White Hat Ethical hackers). But Bad guys(also called crackers or Black hat) use capabilities for harmful purposes. I am not considering them. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers. To be a hacker you need following qualities:-
Attitude:– Hackers solve problems, build things in innovative ways that no one earlier have thoughts. Being a hacker is lots of fun, but it’s a kind of fun that takes lots of effort,dedication,sacrifice, Patience, persistence, and immense perseverance. An attitude of thinking out of box is very much required. Hackers see what everybody has seen, but a hacker thinks what everybody has not thought. That’s the sprit to be a hacker.
Learn how to program: –  now only attitude will not work. You need to learn some programming. This is the fundamental hacking skill. I recommend start with C or Python, then move to Database(Oracle or My Sql), then learn one Server side language(PHP or JSP or ASP.net).
I think everybody whether you wants to be a hacker or not should learn at least one programming language in your life. It helps you to think things logically, which helps someway in your other field of study.
At ISOEH we are teaching all these in our Industry Ready course. Visit: http://www.isoeh.com/industry-ready.html
Grab some networking concepts knowledge of networking, routers,Servers, networking Protocols, etc.
Learn hackers’ favourite OS Linux Any Linux will work Redhat, Fedora etc. Learn shell coding.
But be aware that you won’t reach the skill level of a hacker if you only learn some rotten syntax of a language. You need to learn how to think about programming problems in a general way and how to implement it in real life, independent of any one language which I believe very few does.
Peter Norvig, who is one of Google’s top hackers and the co-author of the most widely used textbook on Artificial Intelligence , has written in his blog (http://norvig.com/21-days.html ) “One of the best programmers I ever hired had only a High School degree; he’s produced a lot of great software, has his own news group, and made enough in stock options to buy his own nightclub.”

Let me tell you one more type of self claimed hackers called script kiddie , generally an  individual without programming  and database skills who uses attack software that is freely available on the Internet and from other sources and tries to hack others. But sadly they are the guys who gets caught by police and agencies. They are not hackers.

When do you have to start? Is it too late for me to learn? You can start at any age at which you are motivated to . Most people seem to get interested between ages 17 and 25, but I know of exceptions in both directions.
How long will it take me to learn to hack? It depends on how talented you are and how fast you pick the concepts. To acquire the basic skill set it takes around one year. Thing doesn’t end over here. You have to keep on teaching yourself on recent changes on technology. It takes about five or more years to achieve mastery. And if you are a real hacker, you will spend the rest of your life learning and perfecting your craft. It’s a continuous learning process and never ends.
I am not from science background, can I be a hacker? Yes you can if you have the above qualities only. Your subject background doesn’t matter, neither it matters whether you are a school student or college student. Most of the world renowned hackers basically started from junior school and many of them are not from science background.
Remember to be a hacker you need lots and lots of creative thinking, innovation, analytical bent of mind and intelligence. If you lack the intelligence, there is little hope for you as a hacker. Pls. do share this article with all of your friends and I would love to hear your comments and thoughts on it.

jSQL Injection – Hack The Remote Database

SQL injection is a dangerous vulnerability that still exists in most of the web applications. If also want to exploit the SQL injection vulnerability in a website, there are so many nice tools available. jSQL Injection is a nice SQL injection exploitation tool.

jSQL Injection is a lightweight application used to find database information from a distant server.
jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

Version 0.3 features:

• GET, POST, header, cookie methods
• Normal, error based, blind, time based algorithms
• Automatic best algorithm selection
• Multi thread control (start/pause/resume/stop)
• Progression bars
• Shows URL calls
• Simple evasion
• Proxy setting
• Distant file reading
• Webshell deposit
• Terminal for webshell commands
• Configuration backup
• Update checker
• Supports MySQL

Download : https://code.google.com/p/jsql-injection/downloads/list

 

Web Application Exploiter (WAppEx)

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.

The Exploit Database contains the all the logic associated with trivial fingerprinting, exploitation techniques, and payloads that address a wide range of web application vulnerabilities with the emphasis being on high-risk and zero-day vulnerabilities.

Some of the vulnerabilities already bundled within the Exploit Database include Local File Disclosure (LFD), Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL Injection (SQLI), Remote OS Command Execution (RCE), and Server-side Code Injection (SCI). WAppEx can detect these vulnerabilities in a target, take full advantage of it, and through neatly designed payload codes get as much access to the exploited target as possible in as short a time as possible. Some of the payloads included within the database are various reverse shells, arbitrary code execution, command execution, arbitrary file upload…

WAppEx is also equipped with a penetration testing toolbox that makes an effective synergy with the Exploit Database and a crafty security expert. The provided tools include Manual Request, Exploit Editor, Dork Finder, Hidden File Checker… More tools, such as a crawler, a multi-purpose fuzzer… are to be added to the arsenal in the future releases of WAppEx.

Still, keep your eyes peeled as this is just the beginning of a new, powerful war machine in the pentest battleground.

The full list features is as below:

• An exploit database covering a wide range of vulnerabilities.
• A set of tools useful for penetration testing:
  • Manual Request
  • Dork Finder
  • Exploit Editor
  • Hidden File Checker
  • Neighbor Site Finder
  • Find Login Page
  • Online Hash Cracker
  • Encoder/Decoder
• Execute multiple instances of one or more exploits simultaneously.
• Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
• Test a list of target URL’s against a number of selected exploits.
• Allows you to create your own exploits and payloads and share them online.
• A number of featured exploits (6) and payloads (39) bundled within the software exploit database:
  • Testing and exploiting of Local File Inclusion vulnerabilities
  • Testing and exploiting of Local File Disclosure vulnerabilities
  • Testing and exploiting of Remote File Inclusion vulnerabilities
  • Testing and exploiting of SQL Injection vulnerabilities
  • Testing and exploiting of Remote Command Execution Inclusion vulnerabilities
  • Testing and exploiting of Server-side Code Injection vulnerabilities

Download here:  http://itsecteam.com/products/web-application-exploiter-wappex/

 

Top OSINT tools

Open source intelligence (OSINT) refers to intelligence that has been derived from publicly available sources. Basically, OSINT tools are used in the reconnaissance phase to gather as much information about the target as possible. These tools are mainly used fir target Discovery.
Here are the some good OSINT:-
1. Maltego :- It’is an very powerful OSINT tool, covering personal reconnaissance.
• Maltego is a program that can be used to determine the relationships and real world links between:
o People
o Groups of people (social networks)
o Companies
o Organizations
o Web sites
o Internet infrastructure such as:

1.  Domains
2.  DNS names
3.  Netblocks
4.  IP addresses

o Phrases
o Affiliations
o Documents and files
• These entities are linked using open source intelligence.
• Maltego is easy and quick to install – it uses Java, so it runs on Windows, Mac and Linux.
• Maltego provides you with a graphical interface that makes seeing these relationships instant and accurate – making it possible to see hidden connections.

2.Shodan
Shodan is an acronym for Sentient Hyper Optimized Data Access Network. Unlike traditional search engines that crawl the website to display results, Shodan attempts to grab data from the ports. The free version provides 50 results. If you know how to use it creatively then you can find vulnerabilities of a webserver.

3. Metagoofil:-
Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.

Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.

4. Social Engineer Toolkit :-
Social Engineer Toolkit(SET) is an open source tool to perform online social engineering attacks. The tool can be used for various attack scenarios including spear phishing and website attack vectors.
SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Social-Engineering toolkit available on backtrack like on backtrack 5, backbox, blackbuntu, Gnacktrack and other Linux distribution that are used for penetration testing.
Download : https://www.trustedsec.com/downloads/social-engineer-toolkit/

Biggest Password Cracking Wordlist Released!

One of the biggest and very comprehensive collection of 1,493,677,782 word for Password cracking list released for download.
The list contains every wordlist, dictionary, and password database leak that any one could find on the internet .
It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago.

The size of the wordlist is  4.2 GiB (compressed) or 15 GiB (uncompressed)

The format of the list is a standard text file sorted in non-case-sensitive alphabetical order. Lines are separated with a newline “n” character.
The wordlists are intended primarily for use with password crackers such as hashcat, John the Ripper and with password recovery utilities.
Download it from: http://1337x.org/torrent/493880/A-BIG-password-cracking-wordlist/

Xenotix XSS Exploit Framework

Xenotix XSS Exploit Framework
is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications.This tool can inject codes into a webpage which are vulnerable to XSS.
The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader, a XSS Reverse Shell and a XSS DDoSer. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

Xenotix XSS Exploit Framework has two modules:

SCANNER MODULE

• Manual XSS Scanner
• Automode XSS Scanner
• Mutli Parameter XSS Scanner
• XSS Fuzzer
• Built in XSS Payloads with HTML5 Compactability
• XSS Filter Bypassing
• XSS Payload Encoder
• 540 XSS Payload

EXPLOITATION MODULE

• XSS Keylogger
• XSS Executable Drive-by Download
• XSS Reverse Shell
• XSS HTML5 DDoSer (CORS + WebSocket)
• XSS Cookie Thief

 

NetSleuth : Network Forensic Tool

NetSleuth is a free network forensics and pcap file analyser. It provides offline analysis for incident response, and live “silent portscanning” functionality..

It also includes a live mode, silently identifying hosts and devices without needing to send any packets or put the network adapters into promiscuous mode (“silent portscanning”).

NetSleuth is a free network monitoring, cyber security and network forensics analysis (NFAT) tool that provides the following features:

• A realtime overview of devices connected to a network.
• No requirement for hardware or reconfiguration of networks.
• “Silent portscanning” and undetectable network monitoring.
• Offline analysis of pcap files to aid in intrusion response and network forensics.
• Automatic identification of a vast array of device types, including smartphones, tablets, gaming consoles, printers, routers, desktops and more

I liked the offline feature most:

A network capture from any network with consumer devices will contain a huge amount of rich broadcast traffic for analysis. NetSleuth can analyse and extract this data from .pcap files from Snort, Wireshark or other tools. It can also analyse data intercepted by Kismet (the .pcapdump) files.

download from : http://netgrab.co.uk/netsleuth/

First time in India : Network Penetration Course

Advanced course for Network Gurus – Starts 24th March 2013, ONE batch every month. http://www.isoeh.com/network-penetration.html – Enroll NOW !!

Corporate networks around the world are systematically being victimized by rampant hacking.It is being executed so flawlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within few minutes.

Keeping the above thing in mind Indian School of Ethical Hacking has launched a course on  Network Penetration  which is first of its kind in India.

The course is based on Backtrack and Metasploit.

Penetration Testing is the Simulation of a real world hacking by a hacker who has no knowledge (E.g. Operating System running, application running, device type andnetwork topology etc.) of the remote network environment.

The job of penetration tester is not limited to finding vulnerabilities only, but to exploit them to gain access to remote server.

 

 

find processes hidden by rootkits

Unhide

Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits / LKMs or by another hiding technique.

To detect hidden process it implements six main techniques :

• Compare /proc vs /bin/ps output
• Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
•  Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
• Full PIDs space ocupation (PIDs bruteforcing). ONLY for Linux 2.6 version
•  Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for Linux 2.6 version
• Reverse search, verify that all thread seen by ps are also seen in the kernel.
• 6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for Linux 2.6 version

 

Unhide-TCP
It can identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.

Both are available for Windows and Linux versions.

Download latest Version :

Windows : WinUnhide.zip (38.5 kB) 

Linux : unhide_20120222_beta.tgz

 

Backtrack Reborn : Kali Linux

Great news for hackers and Penetration Testers.

The most awaited penetration testing  Linux distro “Kali Linux”  had been released by the creators of backtrack.

Kali Linux is based upon Debian Linux, instead of Ubuntu.

With more than 300 penetration testing tools, completely free, Open source, Vast wireless device support, GPG signed packages and repos, Multi-language, Completely customizable make this distribution one of the best available masterpiece of  hacking community.

you can download Kali Linux here.