Professional Documents
Culture Documents
The Most In-Depth Hacker's Guide (Preview)
The Most In-Depth Hacker's Guide (Preview)
The Most In-Depth Hacker's Guide (Preview)
Hacker
s
Guide
By:
DawoodKhana.k.a,
Aleri0nV0RT3X
(Volume:1)
Book or
V
olume "The Most InDepth Hackers Guide: Volume: 1 is tremendously complex to write,
particularly withoutsupport of theAlmightyGOD Allah. I expressheartfeltcreditto
My Parents without
themI have noexistence.Iammorethan ever thankfultomyteacher
Sir.KhairUllahfortheinspiration
whichIgot to write thebook.I amalsothankfultomyfriendsandpartnerwhofacilitatedme.Tofinish,I
am thankful to you also as you are reading this book. I am sure this will book make creative and
constructiveroletobuildyourlifemoresecureandalertthaneverbefore.
Who am I?
You might have come across the term ethical hacker? The good guy? Yes, thats
what exactly I like to call myself. For hacking you need to have a basic knowledge of
programming.
S
omeoneaskedme,"Howdidyoutakeinterestinprogrammingandhacking?"
It
was more like an inspiration that I got from my brother.
My first ever attempt at programming
was making a simple page in HTML with a big"Helloworld"init.Towhichofcoursemyfather
smiled and said, "well done.". Then came hacking. My hacking career started back in 2009. 7
yearspassedand thereis stillsomuchtolearn.Mysoulpurposeof thisbookisnottosellitbut
to raise awareness of the danger we face today, and yes, to help teach people about the
hackerstradition.:)
Copyright
Notice
This report may not be copied or reproduced unless specific permissions have been
personally given to you by the author Dawood Khan. Any
unauthorized use,
distributing,reproducingisstrictlyprohibited.
LiabilityDisclaimer
The
information provided in this eBook is to be used for educational purposes only.
TheeBook creatoris innowayresponsibleforanymisuseofthe
informationprovided.
All of the
information in this eBook is meant to help the reader develop a
hacker
defense attitude in order to prevent the attacks discussed. Innoway should you use
the
information tocause any kindofdamagedirectly orindirectly. Theword
Hack
or
Hacking
in this eBook should be regarded as
Ethical
Hack
/
Ethical
hacking
respectively.Youimplementthe
information
givenatyourownrisk.
Some of the tricks provided by us may no longer work dueto fixturein the bugs that
enabled the exploits. The author is not responsible for any direct or indirect damage
causedduetotheusageofthehacksprovidedinthebook.
TheMostIndepthHackersGuideby
DawoodKhan
2
Tableof
Contents
A. Introduction
......
3
1.Whatisa
Hacker
?
2.Typesof
Hackers
.
3.Whatdoesittaketobecomea
hacker
?
B. Website
Hacking
..............................................
6
(StructuredQueryLanguage
Injection
)
1.Understanding
SQL
Injection
.
2.HowtoUse/
Create
Dorks
.
3.Finding
Columns
&the
Vulnerable
Columns
.
4.Obtainingthe
SQL
Version
.
5.Obtaining
Tables
&
Columns
(Remote
File
Inclusion
)
6.UnderstandingRFI
7.UsingRFITo
Exploit
Website
8.
Advanced
RFIusing
PHP
streams
(Local
File
Inclusion
)
9.UnderstandingLFI
10.ExploitingLFI
Vulnerabilities
(
CrossSite
Scripting
)
11.UnderstandingXSS
12.XSSAttack
(Broken
Authentication
and
Session
Management
)
13.UnderstandingBrokenAuthenticationandSessionManagement
14.
Brute
Force
Attack
15.
Session
Hijacking
(DNS
Cache
Poisoning
)
16.UnderstandingDNS
Cache
Poisoning
17.DNS
Background
18.
Cache
poisoning
withoutresponseforgery
19.Blindresponseforgeryusingbirthday
attack
(Heartbleed)
20.UnderstandingHeartbleed
21.Heartbleed
Vulnerability
22.The
Impact
OfHeartbleed
23.Scanning
Methodology
24.
Impact
on
Popular
Websites
TheMostIndepthHackersGuideby
DawoodKhan
3
C. Remote
Administration
Tool
...
41
1.WhatisaRAT?
2.HowtosetupRAT.
3.Howisitbeingdistributed?
D. Keylogger
.......
46
1.Whatisa
Keylogger
?
2.
Keylogger
Applications
3.Howtosetup
Keylogger
4.Remotelyinstalling
Keylogger
using
Meterpreter
E. BotnetsandIRC
Bots
..
54
1.Understanding
Botnets
andIRC
Bots
2.Typesof
Botnets
3.Formationof
Botnet
/IRC
Bots
4.Typesofattacks
5.Howtosetup
Botnet
6.HowtosetupIRC
Botnet
F. Cryptography,
Encryption
,and
Decryption
64
1.Understanding
Cryptography
2.Historical
Background
(
Cryptography
)
3.
Data
Encryption
and
Decryption
4.
Symmetric
and
Asymmetric
Encryption
5.Secure
Communications
EqualsBetter
Privacy
6.Cryptographic
Hash
Function
7.Files
Encryption
and
Decryption
8.Term
Crypters
(
Encryption
softwares)
G. Introductionto
Penetration
Testing
..
81
1.Whatis
Penetration
test?
2.History
(
Penetration
testing
)
3.Multiple
Penetration
Testing
Tools
4.HowToConduct
Penetration
Testing
H. DecompilingandReverseEngineering
87
1.WhatisReverseEngineering?
2.ReasonsforReverseEngineering.
3.TypesofReverseEngineering.
4.SoftwareObfuscation
5.Whatare.NETDecompilers?
6.SometoolsforReverseEngineering
TheMostIndepthHackersGuideby
DawoodKhan
4
Chapter1:Introduction
Whatisa
Hacker
?
In the
computer
security context, a
hacker is someone who likes to tinker with electronics or
computer systems. Hackers like to explore and learn how
computer systems work, finding
ways to make them do what they do better, or do things they werent intended todo.Hackers
may be motivated byamultitudeofreasons,suchas profit,protest,challenge,enjoyment, orto
evaluatethoseweaknessestoassistinremovingthem.
Typesof
Hackers
White
Hat
:
These are considered the good guys. White
hat
hackers dont use their skills for
illegal purposes.They
usuallybecome
Computer
Securityexperts andhelp
protect people from
the
Black
Hats
.
The term "
white
hat
" in
Internet slang refers to an
ethical
hacker
. This
classification also includes individuals who perform
penetration tests and
vulnerability
assessmentswithinacontractualagreement.
A
white
hat
hacker is a
computer
security specialist who breaks into protected systems and
networks to test and to access their
security
. White
hat
hackers use their skills to improve
security by exposing
vulnerabilities beforemalicious
hackers(knownas
black
hat
hackers
)can
detectand
exploit
them.
DefinitionfromTechopedia
Black
Hat
:
These are considered the bad guys. Black
hat
hackers
usually use their skills
maliciously for personal gain. They are the people that
hack banks, steal credit cards, and
deface
websites
. Black
hat
hackers break into secure networks to destroy, modify, or steal
data
or to make the network unusable for those who are
authorizedtousethenetwork.Black
hat
hackers are also referred to as the "crackers" within the
security
industry and by modern
TheMostIndepthHackersGuideby
DawoodKhan
5
hats
andthebadguyswore
black
hats
.
A
black
hat
hacker is an individual with extensive
computer
knowledge whose purpose is to
breach or bypass
internet
security
. Black
hat
hackers are also known ascrackersordarkside
hackers
.Thegeneralviewisthat,while
hackers
build
things,crackersbreakthings.
PC
Tools
Grey
Hat
:
The term "
grey
hat
" or "
gray
hat
" in
Internet slang refers to a
computer
hacker or
computer
security expert whose
ethicalstandardsfallsomewherebetweenpurelyaltruisticand
purely malicious. The term began to be used in the late 1990s, derived from the concepts of
"
white
hat
" and "
black
hat
"
hackers
. A
grey
hat
hacker may surf the
Internet and
hack into a
computer
system for the sole purpose of notifying the administrator that their
system has a
security defect, for example. They may then offer to correct the defect for a fee. Even though
grey
hat
hackers may not necessarily perform
hacking for their personal gain,
unauthorized
accesstoa
system
canbeconsideredillegaland
unethical
.
Neophyte:
A neophyte ("newbie", or "noob") is someone who is new to
hacking or phreaking
and has almost no
knowledge or experience of the workings of technology and
hacking
. The
wordneophytemeans,apersonwhoisnewtoasubjectoractivity..
Script Kiddie:
These are the wannabe
hackers
. They are looked down upon in the
hacker
community because they are the people that make
hackers look bad. Script kiddies
usually
have no
hacking skills and use the
toolsdevelopedbyother
hackerswithoutany
knowledgeof
whatshappeningbehindthescenes.
Intermediate
Hackers
:
These people
usually know about
computers
, networks, and have
enough
programming
knowledge to understand relatively what a
script might do, but like the
script kiddies they use predeveloped wellknown exploits( a piece of
code that takes
advantage of a bug or
vulnerability in a piece of software that allows you to take
control of a
computer
system
)tocarryoutattacks.
Elite
Hacker
:
These are the skilled
hackers
. They are the ones that write the many
hacker
tools and exploits out there. They can break into systems and
hide theirtracksormakeitlook
like someone else did it. You should strive to eventually reach this level. Elite
groups such as
MastersofDeceptionconferredakindofcredibilityontheirmembers.
Hacktivist:
Ahacktivistisa
hacker
who
utilizes
technologyto
publicize
asocial,ideological,
religiousorpolitical
message
.Hacktivismcanbedividedintotwomain
groups
:
Nation
State
:
Intelligence
agenciesandcyberwarfareoperativesofnation
states
.
Organized
Criminal
Gangs:
Groups
of
hackers
thatcarryout
organized
criminal
activitiesfor
profit.
TheMostIndepthHackersGuideby
DawoodKhan
6
Whatdoesittaketobecomea
Hacker
?
Becoming a great
hacker isnt easy and it doesnt happen quickly. Being creative helps a lot.
There is more than one way a problem can be solved, and as a
hacker you encounter many
problems. The more creative you are the bigger chance you haveof
hackinga
systemwithout
being
detected
. Another huge quality you must have is the willtolearnbecausewithoutit,you
will get nowhere. Remember,
Knowledge is power. Patience is also a must because many
topicscanbedifficulttograspandonlyovertimewillyoumasterthem.
Thinkcreatively.
Hackers are like artists, philosophers, and engineersallrolled upintoone.
They believe in freedom and
mutual responsibility. The world is full of fascinating problems
waiting to be solved.Hackerstakeaspecialdelightinsolvingproblems,sharpeningtheirskills,
andexercisingtheir
intelligence
.
Learntolovesolvingproblems.
Noproblemshouldever haveto besolvedtwice.Think of
it as a communityinwhichthetimeof
hackersisprecious.Hackersbelieve sharing
information
is a moral responsibility. When you solve problems, make the
information
public to help
everyonesolvethesameissue.
Be competent.
Anyone who spends time on Redditcanwriteuparidiculouscyberpunk
user
name and pose as a
hacker
.Butthe
Internetisagreat
equalizer
,andvaluescompetenceover
ego and posture. Spend time working on your craftandnotyourimageandyou'llmorequickly
gain respect than
modeling yourself on the superficial things we think of "
hacking
" in
popular
culture.
TheMostIndepthHackersGuideby
DawoodKhan
7
Toreadmoreusethelinksbelow
BookVersion:
http://www.lulu.com/shop/dawoodkhan/themostindepthhackersguide/paperback/product22
468179.html
EbookVersion:
http://www.lulu.com/shop/dawoodkhan/themostindepthhackersguide/ebook/product224680
05.html
TheMostIndepthHackersGuideby
DawoodKhan
8