AK-DEVELOPER

A book about hacking would be irresponsibly incomplete without a chapter giving you a fair warning on the consequences of misusing these techniques as well as the ethical considerations of hacking. To begin this discussion, you need to be familiar with two different terminologies that describe different types of hackers: black hat and white hat. I like the imagery these terms bring to mind because they always seem to remind me of Spy vs Spy. Black hat hackers are what most people typically think of when they hear the word “hacker.” A black hat hacker is the type of nefarious Internet user who exploits weaknesses in computing systems for personal gain or in order to disrupt an organization’s information systems to cause them harm. He’s the guy wearing a high-collared shirt, sunglasses, and a fedora behind an array of 20 or so computer monitors or the nerd in the movies who can break into a top-secret system illegally. There really isn’t any good that can come out of adopting a black hat approach to hacking, either. When you hear in the media that a financial institution just lost thousands of usernames and passwords or that a social media database was compromised that causing vast amounts of people to lose sensitive personal information, the attack was carried out by a black hat hacker. Recently, there was even a module of code contained in a WordPress plugin that was susceptible to an XSS vulnerability (a type of security flaw in websites with caching plugins) that was being exploited worldwide by the extremist group ISIS. If you are reading this book because you have dreams of causing mass disruption and chaos, I would highly advise you to reconsider. However, understand that security and penetration tools aren’t inherently good or evil. One could argue that they are much like firearms in the sense that a weapon is an inanimate object, and it is only as good or evil as the person wielding it White hat hackers, on the other hand, are the complete opposite. They’re the good guys who do everything in their power to find potential security flaws and correct the errors so the black hat hackers can’t break a system. As you read this book, you need to consider all of the tools and techniques I show you from the perspective of a white hat hacker and use them responsibly. If you pursue white hat hacking professionally, you can add tremendous value to the organization you work for and make big money doing so. Some white hat hackers that have the CEH (Certified Ethical Hacker) certification make salaries well into the six-figure range. Internet security is only becoming more important with each passing year, and a talented white hat hacker can use penetration testing tools and footprinting methods to identify disastrous security flaws on the organization’s network and information infrastructure and patch them before they become a problem that would cost the organization obscene amounts of money. Furthermore, you need to be aware of the consequences of misusing the knowledge you learn in this book. Though you likely won’t get caught snooping around a network attached to an unsecured SOHO (Small Office/Home Office) wireless network in your neighborhood or at your favorite local coffee shop, you need to respect other people’s rights to privacy. Think about it – how would you feel if you were sitting down for a cup of coffee while reading a book only to find out later that someone had attacked your Kindle over the coffee shop’s network and stolen your data? You would feel enraged, irritated, and violated. So, remember the golden rule as you grow into a white hat hacker. Also, consider that using penetration tools on networks where you don’t have any authority to do so could lead to some extremely negative consequences. Let’s face it, you don’t have the right to steal other people’s personal information –it’s illegal. Not only could you provoke civil lawsuits, but you could even face jail or prison time depending on the nature of your offense. If you choose to do it on your employer’s network and you get caught, the best-case scenario is that you would have some extremely uncomfortable questions to answer, and the Worst-case scenario is that you would become fired. It’s just not worth it, so keep that in mind moving forward. Instead of testing out these techniques on public or corporate networks, my advice would be to try these in your very own home. Even a small home network will provide a digital playground for you to test out your new security skills. All you would need to run through some of these demos would be a personal computer, a wireless router, and preferably a few other devices that you can attach to your network. In the footprinting section, I will show you how to run ping sweeps and other utilities to perform reconnaissance and information-gathering methods, so having several other devices will give you more “toys” to play with on your local area network (LAN). By now I hope you understand that the word “hacker” is rather ambiguous. Years ago, it rightfully meant a black hat hacker. Today, however, it could refer to any number of different types of people who are extremely knowledgeable about technology, and the term “hacker” doesn’t necessarily mean someone who is trying to steal intellectual property or break into a restricted network. Calling someone a hacker is the layman’s approach to describing a digital thief, but security professionals will often draw the line between the white hats and the black hats. With all of the dire warnings out of the way, we can now proceed to the juicer and more pragmatic sections of the book you have all been waiting for and we can begin to learn how you personally can get your feet wet with hacking. To begin, understand that this book is written with the assumption that you have little to no understanding of rudimentary networking and security concepts. Because this book is written for beginners as opposed to seasoned Internet security professionals and expert hackers, you need to first have a basic understanding of network terminology, addressing concepts, and other fundamentals that you will be able to use as a foundation to build your hacking skills upon. So, let’s get started networking fundamentals Worst case scenario is that you would become fired. It’s just not worth it, so keep that in mind moving forward. Instead of testing out these techniques on public or corporate networks, my advice would be to try these in your very own home. Even a small home network will provide a digital playground for you to test out your new security skills. All you would need to run through some of these demos would be a personal computer, a wireless router, and preferably a few other devices that you can attach to your network. In the footprinting section, I will show you how to run ping sweeps and other utilities to perform reconnaissance and information-gathering methods, so having several other devices will give you more “toys” to play with on your local area network (LAN). By now I hope you understand that the word “hacker” is rather ambiguous. Years ago, it rightfully meant a black hat hacker. Today, however, it could refer to any number of different types of people who are extremely knowledgeable about technology, and the term “hacker” doesn’t necessarily mean someone who is trying to steal intellectual property or break into a restricted network. Calling someone a hacker is the layman’s approach to describing a digital thief, but security professionals will often draw the line between the white hats and the black hats. With all of the dire warnings out of the way, we can now proceed to the juicer and more pragmatic sections of the book you have all been waiting for and we can begin to learn how you personally can get your feet wet with hacking. To begin, understand that this book is written with the assumption that you have little to no understanding of rudimentary networking and security concepts. Because this book is written for beginners as opposed to seasoned Internet security professionals and expert hackers, you need to first have a basic understanding of network terminology, addressing concepts, and other fundamentals that you will be able to use as a foundation to build your hacking skills upon. So, let’s get started with networking fundamentals!

Ports, which are also sometimes called sockets, were one of the hardest Fundamental concepts for me to wrap my head around when I first started Learning networking engineering and computer hacking years ago. Basically, they are numeric values that are part of the TCP/IP protocol suite that is used to Tag different types of traffic. By tagging the traffic, devices like firewalls can take Different actions when different data streams flow through a network. There are literally thousands of different ports that are each used for different types of traffic and applications, but only a few of these are well-known Protocols. Some software developers reserve certain ports for their custom Application traffic, but you only need to be concerned with the well-known ports to get your feet wet with hacking. You must have a basic understanding of ports because later we will go through the process of port Scanning on your local network to ascertain which of these ports are open and Which are closed.

The following are some of the most common ports and their respective protocols

And traffic types:

-Port 80: HTTP (Hyper Text Transfer Protocol – used for web browsing and web

Pages)

-Port 20/21: FTP (File Transfer Protocol – used to download files remotely)

-Port 443: HTTPS (Hyper Text Transfer Protocol Secure – encrypted HTTP)

-Port 22: SSH (Secure Shell – used to remotely run command line procedures)

-Port 53: DNS (Domain Name System – used to bind IP addresses to URLs)

-Port 547: DHCP Server (Dynamic Host Configuration Protocol – automatic IP

Address assignment)

As you can see, each network protocol is assigned its own unique port number. These ports provide a way to handle various types of traffic differently. For Example, if I didn’t want anyone to download files from a personal file server I was hosting on my network, I would block connection attempts on ports 20 and 21 (FTP). This is an extremely basic example but understand that if you see a Host with an open port, that host will accept connections using that specific type Of traffic. As another example, consider a web server that hosts a website. It will Have either port 80 (HTTP) or port 443 (HTTPS) open, and clients can make a Connection on those ports with the server to download the webpages to their Browser. These ideas bring us to the next important concept: firewalls. The term ‘firewall’ is thrown around in the movies a lot, but most people don’t understand what they do. Though they have many advanced features, one of a Firewall’s most basic functions is to permit or deny traffic to a network. Firewalls in home environments act as a single point of failure – meaning that all Of the data in transit to/from the local network needs to first pass through the Firewall. Because it acts as the only way into a network, the firewall can prevent Hackers from making connections on specified ports to protect the local network. This concept refers to a hardware firewall, but there are software firewalls Aswell. For example, just consider the program adequately named Windows Firewall. It is a piece of software that will prevent the networking card in your computer from making connections on any of the ports you choose to block. We Will see how to scan a target system later with a port scanner to see which ports Are open and potentially exploitable. You should also know how to run a ping as well as view your IP address, subnet Mask, and MAC address. These are extremely simple commands, and they are used frequently by networking security professionals. They are all run from the Command prompt, so in Windows open up the command prompt by searching for it or hitting your Windows key and typing ‘cmd.’ the application’s icon is a Black box, and once you run this program you see a prompt with a blinking Underscore. To view your IP address, subnet mask, and default gateway, just type ipconfig into the command prompt. On the other hand, if you want to see your Maladdress', just type ipconfig /all into the command prompt. If you are using a Maco Linux computer, the command is only slightly different. On these systems the Command is ipconfig.

Most of you have probably heard of viruses, worms, malware, key loggers, Rootkits, and Trojans before, but what the heck are these things, and how do Hackers utilize them to steal people’s data and disrupt their computer systems? Each of these tools is a little bit different from the other, but they all have one similar goal: to enter a target’s system to provide the attacker with the information he or she doesn’t already have access to. No, I’m not going to show you how to Craft nefarious computer software, but you should have a well-rounded understanding of these topics if you have any hope of calling yourself a hacker. First and foremost, you need to understand the concept of computer viruses Because they are one of the most popular terms thrown around in discussions About cyber security and hacking. A computer virus is a piece of malicious coder software program that can infect a target system and then make copies of itself on other local computers. They are aptly named because they reproduce Much like a virus in real life, and they facilitate their operations by attaching Themselves to computer programs. Typically, they either render a computing System completely useless or seek to destroy data. Again, you’ll hear about Computer viruses in the movies a lot, so we’ll take a look at some of the most famous computer viruses of all time after defining the other terminology. A worm is very similar to a virus, and the line between a virus and a Worm indeed gets muddied and blurred. The largest difference is that worms are not Attached to a computer program. They exist independently on the host system, and they often take advantage of network resources to spread to other hosts on the network they have compromised. Sometimes worms are also classified as Malware because there are only minute differences in the terminology. Colloquially, these terms are interchangeable, but their meanings vary slightly in Academic settings. Perhaps you have already experienced the negative consequences of malware. One of the most popular ways that malware is distributed is through the medium of online downloads, whereby a downloadable file has been corrupted with Malware that the user then downloads and installs. You’ll see this frequently with most files hosted with P2P (Peer-to-Peer) file-sharing programs such as BitTorrent. Malware gets its name by combing two other terms: Malicious Software. It can also be used as an umbrella term used to describe many Different types of attacks, and it could mean any software that is used by an Attacker to create access to a target’s data, block them from their data, or change Information on their computer. Furthermore, a key logger is yet another type of malicious program, and as you Might have guessed its sole purpose is to log the keystrokes of the user who has been infected. This is absolutely disastrous for the target user because an Attacker will be able to record and view every single key that the target types on Their host system. This includes usernames and passwords, Google searches, Private instant messaging conversations, and even payment card data. If an Attacker has successfully installed a key logger; the target is at the mercy of the Attacker. There’s no telling what the attacker could do next – they could hack into the target system by using the information they gathered such as usernames and passwords, steal money using their payment card data, or use their host System to carry out attacks on other hosts on the same network. Next, you should also be familiar with the idea of a rootkit. Rootkits are Extremely dangerous because they serve to edit background processes to hide the malicious activities of an attacker. This will help viruses, key Loggers, and other malicious codes exist for extended periods without Detection on the target system. They can even serve to hide software that would Have been otherwise detected and quarantined by security software. Last but not least is the infamous Trojan horse, sometimes called a Trojan virus or a backdoor virus. They are extremely problematic because they can be slipped into innocent-looking applications, and they are very hard to detect without the Right security software. There could even be a Trojan horse lurking in the depths of your personal computer right now, and they are frequently used to gain Complete control of a target system. Now that you have a basic understanding of the different types of malicious code Hackers employ to do their bidding; you should know about some of the largest and most famous computer viruses of all time. Some of them are actually other types of malicious code such as Trojan horses, but people still refer to them as Viruses. Any expert hacker will have heard of these famous attacks before, so You should know them as well. Also, if you get the inkling to try your hand at using one of these methods on Your own by hunting around on the Internet for freely distributable code that will allow you to attack a target system, just know that you’re setting yourself up for disaster. Humorously enough, some hacking newbies try to find rootkits and Key loggers to attack hosts. But here’s the catch – some hackers actually Facilitate their attack by taking advantage of people who want access to these types of programs. And the end result isn’t pretty. In the end, the newbie hacker might actually Install an expert hacker’s virus and unknowingly infect their own operating System! And don’t forget that there are ethical and legal implications as well. Many, if not all, of the people responsible for these famous attacks, were severely Punished. So don’t try to research and implement these types of viruses at home!

Overview of Hacking

To your average computer user who doesn’t understand much about the Internet and Network security, hackers are shrouded in a cloud of mystery. Most people don’t understand what they do or how they do it. And the movies don’t help to Demystify them, either. Countless action movies portray a character that takes the role of a hacker that can break into top-secret computer systems to save the World. When the camera pans over their computer screens, you see them typing strange letters and numbers into a command prompt that, for all you know, is a foreign language. Humorously enough, the hackers in the movies frequently use a tool called NMAP, which I will show you how to use later in this book. If You’ve seen The Matrix Reloaded, Dredd, Fantastic Four, Bourne Ultimatum, Die Hard 4, or The Girl with the Dragon Tattoo (among countless others), you Have already seen actors using NMAP to facilitate their hacking endeavors in the Movies. But what exactly is hacking? Hacking means a lot of different things to a lot of different people. It is an umbrella term used to describe hundreds, if not thousands, of various techniques that can be utilized to use computers and Information systems in unintended ways. At its core, hacking means using a computer to gain unauthorized access to another computer system or data that is Protected or restricted. This is the most conventional meaning of the word Hacking. Once a hacker has gained access to an unauthorized system, he or her Then can steal information, change configurations, alter Information, delete information, and install further malicious code to capture Even greater control over the target system. The list goes on and the sky is the Limit regarding what an experienced hacker can do once they find a way into a computer system. However, there is a lot more to hacking than clicking a button to attack a computer. You will need to use tools and scanners to map the local network Topology and use reconnaissance techniques to gather information and look for Vulnerabilities. The good news for newbies is that these tools are highly Automated today. In the past, hacking software hadn’t been created that Aggregated vast amounts of code and tools into simple and easy-to-use Commands. As such, hackers in the past needed highly intimate understandings of the technologies they were trying to break, and it was difficult to do so. Having an extremely deep understanding of technology today will certainly help You become a better hacker, but my point is that these tools are becoming increasingly easy to use. In fact, some young kids and teenagers are too Curious for their own good and take advantage of highly sophisticated tools to Break into systems they have no business accessing. Understand that these tools Simplify the hacking process considerably. If a teenager can hack into a system Using simple tools, guess what? You can too! But what does it take to excel as a hacker? Well, most hackers have several things in common. First of all, they have experienced software developers and can Craft malicious programs and viruses that further their cause. Furthermore, most Hackers are competent Linux users. Linux operating systems are extremely Secure and provide virtually limitless access to the latest penetration and security Tools – for free! In addition, some Linux operating systems such as Kali Linux Were designed for the sole purpose of hacking and network penetration. Linux Can be scary for newbies, but I will show you how to run Linux and use SeaSpecialties later in this book in a simplified and easy-to-understand manner. Lastly, hackers almost always have a working knowledge of networking topics Such as IP addresses, ports, and the dirty details of how different networking Protocols operate. Some tools even exploit vulnerabilities in these network Protocols, and the knowledge of these exploits combined with the ability to craft Computer programs is what makes some hackers truly formidable. Some of these techniques are outside the scope of this book since this guide was Created for beginners, but if you really want to excel as a hacker, you would Dowell to study and practice these concepts. Though we won’t touch on Software Development in this guide, I will certainly show you step-by-step how to install and use some various hacking tools that the pros take advantage of and teach you the basics of networking addresses and protocols