Professional Documents
Culture Documents
The Free Guide To Corporate Hacking
The Free Guide To Corporate Hacking
Makhter
HACKERS UNITED 1337 Hackers St. Los Angeles, California 90210
HACKERS UNITED The Free Guide to Corporate Hacking / Espionage
1. The more people you add to your scheme, the more likely you may get caught.
2. Deal with those you trust, and you cannot trust people who are anonymous no matter how long you’ve known them.
3. Understand that everyone is vested in their own interest and may throw you under the bus if compromised, there is no honor amongst thieves.
4. Evaluate all risk factors if Failure / Successful– Loss of jobs? Salaries? Confidential Data?
This guide is fully aware that not all the readers are interested in corporate espionage, in fact, some may have jobs to detect and thwart it. This guide is
not a comprehensive guide to hacking, nor is it there to teach you the ABCs of hacking. This assumes you have a basic knowledge of technology - you can
use a computer – and are motivated enough to find other answers.
The creator of this book is really helpful if there is any questions, comments, and concerns – email them to makhter@safe-mail.net. Makhter has been a
security researcher with a blackhat side for quite a while. He has worked on many Corporate Hacking schemes before and knows how to get useful
information from some of the useless sites and solutions out there.
This being said, there are multiple readers who will not do anything with this information or will perhaps find ways to defeat this effort. To those people
we say tough luck – these are concepts that can be replicated throughout the ages and does not pertain to a single group.
You should be fairly technical, although this is not for those “Leet” enough to develop their own zero-day exploits or use the latest bugs like the HeartBleed
bug that came out at the time of writing this guide. The more your technical prowess, the more likely you are to come up with complicated attacks that
can’t be traced, but a simple key-logger with enough caution goes a long way.
Your mind wanders to thinking how it is you got this job. Perhaps you didn’t get that promotion or you wonder why your work wasn’t being
appreciated by your superiors. Cutbacks and layoffs are always happening in your company, and you feel very expendable. The 9 to 5 grind makes you
crazy, because even though your company brags about a stress-free environment and a gym membership for its employees, you never got to use the gym
membership and your days are filled with stress.
You are one of the million workers that make this world run. A system where Governments make money, to give them to banks and corporations so that
they can give them to you, at a pay-rate that makes you sacrifice your life for the end goal of consistent competition, consumerism and capitalism.
HACKERS UNITED The Free Guide to Corporate Hacking / Espionage
Imagine if you would, the ability to counterfeit money as good as the ones out of the mint. They could be used to pay off all your bills and get you out
of your financial woes. What if you knew how that project you did would advance the fields of medicine, however, your company is keeping it secret for
I.P. reasons. What if your coworker/boss that you hate seems to get a free ride while you do all the work? You get paid 40$ per hour while the company is
overbilling the government for your work with a GSA rate 3 times that value.
Edward Snowden is a rights activist hero defending the people against corrupt government, but imagine if he maintained his position in Booz-Allen
while leaking all the confidential data he leaked. If Edward Snowden had this guide, he would not have needed to run to Russia and become a fugitive. He
would just have been an anonymous actor of good from the inside.
Hacking has the potential for great change, either good or bad. In the end it depends on an individual’s level of conscience and integrity. Hackers are
interested in getting access into systems, confidential data and changing the system from inside. You have a parking ticket, your friend in the court
database can take care of that. Your house in foreclosure, remove it from the foreclosed database from the bank. Everyone has access to a small piece of
this data-driven world and, with sharing, everyone is able to benefit.
First thing you will need to do is steal access from someone else or create your own access. This is to hide your actions under the guise of someone else.
This can be done using a software or hardware keylogger, or something like metasploit. A software keylogger needs to be combined with a boot
authorization bypass such as Kon-boot or OphCrack if the victim’s computer is off. This guide assumes you know how to pirate software using Bittorrent
and ThePirateBay or whichever torrent site and P2P sharing tool you use.
For laptops only use software keyloggers and ones that do not require an install process for quick deployment. There are a few that can be found online
and it is a relatively simple program for hackers to make provided they know basic coding skills (Windows – C$ .Net, Macs – Xcode / Objective-C,
Linux – GNU C++) from open-source solutions. I would not trust compiled keyloggers unless I fully vetted them under a Virtual Machine (VM). For
desktop computers and computer terminals with weird OS/applications on start, you may need to have some hardware keyloggers handy. You could also
use RAT Trojans to gain full access to the system (google around for them).
There is many times when you get software from the DarkNet and you are not sure what it does, what it doesn’t do and what more it does than what is
stated. The way to vet any compiled software is to use a packet sniffer like WireShark or Fiddler and observe it during a test run of the application. Some
tools allow for HTTPS decryption by installing a rogue SSL Certificate (such as Fiddler for Windows OS). This allows you to see the exact messages being
sent to servers to make sure it does what is intended and nothing more.
Comb the captured data for login details to Emails/websites/corporate intranets (Salesforce) of the other person and ensure their emails are either
forwarding to a fake account you have access to or have a cloned mailbox with their POP/IMAP settings to get mail from them as soon as it comes. You
must create an alert system, a way to know when you are compromised and leave your activities. Do not access the information you got while in the
office. Wait until you are at a public Wi-Fi spot (or at your home while using TOR or strong proxies before utilization).
If you work for a retail company or a website designing firm, you could place a small bit of JavaScript on front-end web servers of checkout process to
capture credit card information. This won’t help you to cash out in real life because the CVC1 codes are missing, but anything digital like eBooks,
Software, Subscriptions, Steam Games, PSN / XBOX live games, Penny Auction Bids and more can be purchased using stolen Credit/Debit Card data.
Know that you won’t affect peoples’ bank accounts because banks now have automated ways of detecting fraud and automatically reimbursing the
cardholders.
But we’re not here for Credit Cards, We’re here for access and data. You can put the same JavaScript or backend PHP to capture usernames and passwords
to login portals. If it’s an intranet, you have the possibility to capture more targets in your organization and masquerade as them instead. The
JavaScript / PHP function should do a simple HTTP request to a 3rd party like Parse.com or Cloudmine account so you can store and visualize the data.
HACKERS UNITED The Free Guide to Corporate Hacking / Espionage
Combing through emails are a great way of finding dirt on an employee. It’s also a good way to learn your opponent and find the chain of command.
But this doesn’t mean you’re done. Only if you worked in a very small company would this be the solution to your problem. For larger organization,
there are IDS/IPS and active Firewalls that might be detecting activities on the network. In government there are Secure Operation Centers that are
monitoring 24/7 and storing that information. This is why the next step is gaining an anonymous user on the network.
You need to find a vacant computer or Ethernet jack on a router or wall socket. Vacant computers are easy, everything is network connected, so a Trojan
would give you or your remote tech-savvy accomplice to access the network. For an Ethernet jack, you need to connect it to a laptop you have not
connected previously to the network. Most networks in large corporations and sometimes small businesses keep network history for quite a while. This
new terminal would be your first entry point into the system. Have you or your techy friend setup a VPN or SSH into the terminal so as to get remote
access afterhours. Make sure the terminal OS is Linux – Preferably the latest Backtrack build.
Backtrack contains Metasploit and Armitage, which are really fun tools for pivoting (jumping from access to access) and hacking a network. If you
haven’t practiced with Metasploit or Armitage, it would be best to play around with your own networks or VMs. Make sure you are really good at
knowing the most useful exploits to use against your specific network, if your corporations uses a lot of Macs instead of Windows, use exploits that are
specific for hacking that OS. There are a lot of videos online for Armitage usage, and training yourself in this tool will take about a week.
Armitage is able to map out the network using NMAP and Nessus scans. Once the network architecture is fully realized, you need to gain access to
whichever computer has access to databases. If your company has a third party that is storing the data, capture the officials emails that is in charge of
communicating with the third party. For smaller organizations, you can do a whois domain registry search online to find the official. There is a
possibility for more than one person to be in contact with the third party, however, once you gain access to the mail server management, you can create
a rule to prevent the others from getting emails. The domain registrar is in charge of where the mail is sent (MX record) and possibly hosts it themselves.
You can have the MX record changed such that your personal mail server can receive all the mail before forwarding it to their mail server. This should
only be done if either you have good connections abroad to setup such a mail-server because smart email filters will notice all their mail coming from
the same IP. For small companies, you can get domain registrars to connect to your shadow servers, to mimic interactions just as the site would but
instead would be sending data straight to you. This is also quite difficult and needs knowledge of web-scraping.
ENDING NOTES
Do everything after understanding the risks involved, and do it with the level of caution advised. Only you can truly know the level of protection your
institution has. Try to remove traces of your actions from logs and the files you leave behind. Create a backdoor as a contingency plan. Risk should
balance reward, and if there isn’t much in your organization worth stealing or gaining access to, then there is no need for this guide.
CONTACT INFO
Makhter
makhter@safe-mail.net