[ULTIM ATE B EGINNER HANDB OOK TO COM PUTER HACKING ESSENTIALS: LEARN ETHICAL HACKING, PENETRATION TESTING AND B ASIC SECURITY: 50+ FREE RESOURCES TO HELP YOU M ASTER THE ART OF HACKING] BY [NEIL W CARSON] What is a Hacker? Originally Hackers Were Not Computer Based So What Is a Hacker Now Why are hackers important? Differences: Black, White, Grey, and Red Hacker? Black Hat Hacker : Bad Guy White Hat Hacker: Good Guy Grey Hat Hacker: The I “do it for fun” guy Red Hat Hacker: The “I it for legal money” guy Neophyte: The Noob Definition and Importance: Ethical Hacker Guidelines of an Ethical Hacker Importance of an Ethical Hacker The Tools: Ethical Hacker Why Un-Ethical Hackers? What’s the Difference? Some People Just like to watch it Burn Another Get-Rich Quick Scheme The Tools: Un-Ethical Hacker Beware the DEEP WEB (and ironically made by the Navy) Developed by the Navy How it works Browser Beware They are Watching Preventive Security and Reactive Security Preventive Security What we Detect? A lot When we Detect it? All the time Reactive Security SSH, HTTPS, HTTP, SSL and FTP: Web Safety SSH and FTP are Server Side Transfer, While HTTP and HTTPS are Web Side Transfer How Blindingly Simple: Hack Your Windows Password How to Hack Someone Else on Your Group Network A Blunt Guide: Become an Ethical Hacker WHAT IS A HACKER? ORIGINALLY HACKERS WERE NOT COMP UTER BASED Hacker literally means to break to your benefit, which means that when you used something in manner that it was originally not intended to be used; you have become a hacker Originally, when you decided to optimize or make something better by taking it a part and then putting it back together in a more efficient way, sometimes even adding something to make it better, this in it of itself was what it meant to be a hacker If you took a toaster and changed the quality of the heating coils so that it would take less power but cook faster, you were a hardware hacker If you chose to wake up early every morning and brushed your teeth while you took a shower, you were a life hacker If you decided to make a method that allowed you to work faster, you were a efficiency hacker You could have literally been a hacker for anything you decided to improve SO WHAT IS A HACKER NOW Hackers are now often associated with computers and while terms like Life Hacker are still popular terminology, a term that directly describes an action, the general meaning of a hacker is within a computer A hacker is a person who programs, navigates, or develops a method that allows them access into an area that they are not normally allowed to have access inside of This means that a person who can “view source” and then read the language the website is developed in so that they can manually remove the code that pops up those annoying advertisements is a hacker WHY ARE HACKERS IMP ORTANT? Hackers make the world go around in the cyber world and the main cause for improvements in technology in general Whenever a person is able to gain access they are not supposed to gain access to, the person who runs security must now come up with a new and improved way to protect the company The same goes for the advertisement and media industry, because people are blocking advertisements and downloading media all of the time It is so simplistic to download a YouTube video that the music industry focuses heavily on live events for money instead of the actual music album itself Artists have to put intricate watermarks on their photos in order to ensure that hackers not just simply download the pictures from the source and sell them If it were not for hackers, the development of technology would be a lot slower and the world would not benefit After all, it’s not just security hackers improve, but technology itself We will discuss how they it later, but hackers can download information in mid-process if it is not fast enough and unsecure This has lead to developing methods that let web browser provide a fast connection to their users and a direct line to not only make it difficult for hackers, but also makes it faster for the consumers of the internet Not all of the technology improvements are accredited to these hackers, but a good portion of good practices can be and that’s why, as much of a problem hackers are, hackers are actually beneficial to the internet HOW B LINDINGLY SIM PLE: HACK YOUR WINDOWS PASSWORD Your Windows is a lot less secure than you think and using encryption to protect your files can be really important First, you need to understand what the Safe Mode is If you not know what the Safe Mode is, this will be a good guide for you In technical terms, this is called a Safe Boot and Safe Mode was not originally on the computer In fact, almost nothing was actually on the computer back in the time when people used gold toothbrushes to clean motherboards Initially, you had a boot file on a Floppy and when your computer messed up, you simply restarted and pushed the Floppy back in to the computer Once we started having a bigger local space, Operating System manufacturers thought it would be easier to just have a Safe Mode on the computer The Safe Mode is a version of the software that was the last working configuration of the computer, which is why many of your programs will still be there when you boot up the computer There are several modes in Safe Mode and, generally, you will want to use just the regular Safe Mode However, for this exercise, we want to only have the command prompt and not boot up the actual Operating System This is called; Safe Mode with Command Prompt On Windows, when you started up the computer, it is set up by default so that when you press F8 on your keyboard a DOS menu will show up on your computer to let you choose the type of Safe Mode you want to use When you select Safe Mode with Command Prompt, you will only be booting the Command Prompt So, what is the Command Prompt? The Command Prompt is actually Windows’ version of a CLI, or command line interpreter, that lets you alter data within your system without using the Windows GUI, graphical user interface It’s very important to note that the Command Prompt is not DOS, the menu before it was a DOS menu, but the Command Prompt is just an interpreter to tell your computer what it is that you want it to We will be using too bits of data within this, one is called a command and the other is called an identifier A command is just that; a word that tells your computer what you want to In this case, the command will be; net Net is a command that is literally referring to a network that you will want to access You have Net file, Net Config, and a lot of other “net’s” In this case, you will want to type net user User is an identifier that literally means a “User of this Computer.” So far, we have told the computer that we want to “Access the Network of Users on this Computer.” Next, you will want to access an actual account This is where the user-name comes in to play, as this will identify which user you want to access and change Our user will be called Bob; net user Bob Therefore, what we have told the computer is that we want to “Access the Network of Users on this Computer so that we can alter the Data of Bob.” Now that we have gone this far, the next part is the password of Bob We will change this to “Y” like so; net user Bob Y This will mean that when we boot up the computer next time, Bob will have a new password, which we changed to Y HOW TO HACK SOM EONE ELSE ON YOUR GROUP NETWORK If you plan on becoming an Ethical Hacker, It's important never to engage in "black hat" hacking, so be sure that you ask for that person’s permission Time to head back on to that wonderful Command Prompt for this one The Command Prompt is where most basic hacking takes place and will often be the primary place where one where practice their skills on unsuspecting victims Do note that this is only showing how to access a computer on your own network provided you don’t already have access to it To see if they are even on your network you have to type; net view This will tell you who is on the same network as you are Do note that if you are on a hardline connection and if they are on a wireless connection, you will not be on the same network unless you are specifically connected through the Group Network If you are both using the same connection, you should be on the same network unless you have one of the very unique modems that prevent this However, most likely this is not one of your modems and you will be able to this You will see something similar to; \\Bob-PC \\Nancy-PC These are the actual names of the computers on your network Next you will use the Tracert command and this command allows you to track the data to the point of destination, which is where their IP address is So, let’s target Bob again (poor Bob); tracert bob-pc The command line will run this and let’s say we find his IP address, which looks like this; Tracing route to bob-pc.lan [192.168.1.78] With that IP address, we now begin to hack into his computer Now, odds are we’ll need to Change our Directory, so then we type; cd \ This will bring us all the way to the C: drive and then we type; cd Windows This will allow you to access the Windows directory Then you will want to grab so Network Binary Statistics on the Attributes from his ip address, so you type; nbtstat -a 192.168.1.78 This will bring you the LAN and the WAN of your network to find that individual So now that we have that, let’s go ahead and view his stuff to see what we want to use net view \\192.168.1.78 What will come up are the current “disks” on his computer and these are folders that are open to the internet by default So, let’s go ahead and start going through their stuff, let’s say his “Documents” are there net use x: \\192.168.1.78 \documents The disk will now show up in your My Computer area along with your other disks, like C: The only way to prevent this from happening is to make sure that all the folders are private and to disable a few ports that are not necessary for you to be on the internet, but are there in case you ever determine you want to share information A B LUNT GUIDE: B ECOM E AN ETHICAL HACKER There are a few steps to becoming an employed Ethical Hacker and you want to begin with learning the basics of how a computer works You’ll want to see how to can hack into other computers and learn the basics of networking Once you have a good grasp on the technology, you’ll want to head over and grab some certificates, but it does depend on where you get your certificates as to what business will want to employ you CERTIFICATES Both Windows and Cisco provide Security Certificates for their hardware/software components Both of these places are where you’re going to want to grab your certificates because Windows is the most popular Operating System and Cisco is the most popular hardware industry Both of these certificates are equally as important, but be sure to start at the very bottom and work towards a basic security certificate There are companies that look to hire people with the bare minimum of certificates, so don’t feel pressured like you have to be above and beyond, but ideally you’ll want to work towards those certificates as time passes PRACTICE Practice, practice, and practice to get far in the industry, because the more you practice the better you become Learn a programming language, learn how to develop websites, or just try and solve issues in your own community There are a lot of way to put your skills to use The best part is that you learn something extra every time you practice because no two-software configurations are ever the same, and no two computers will have the same issue for the same reason; until you are in a massive organization and then you’ll see it a lot CODING Coding is not 100% crucial to being an Ethical Hacker, but you will go a lot further if you know a single computer language compared to if you know nothing One of the most common to learn is C++, and its newest cousin C#, which is one of the most widely used languages out there The more languages you know the better off you are However, before you start learning code there is one crucial lesson you need to learn; ObjectOriented Languages, Functional-Oriented Languages, and Procedural-Oriented Languages OOL focuses on objects and will have code that is very readable by most anyone that understands a little bit of code Objects are simply data that has data inside of it FOL is a language based entirely around functions and how they interact with each other Procedural must be coded line-by-line so that the computer compiles the instructions order, which the previous two could have been all over the place Each language is simply a style of how you interact with the computer Test one of each out to see what you prefer most and learn that one language This will open a lot of doors, even if you don’t decide to become an Ethical Hacker, and the more languages to learn the more doors you will open EXTRA FREE RESOURCES FOR HACKERS Looking to secure your job as an ethical hacker? Here are highly recommended books and resources on hacking for beginnings or advanced hackers This list will help you save time in looking for additional free resources to help you further your studies We will update this book with more resources shortly Books The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) CEH Certified Ethical Hacker All-in-One Exam Guide Metasploit: The Penetration Tester's Guide Hacking: The Art of Exploitation, 2nd Edition BackTrack Wireless Penetration Testing Beginner's Guide CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide Beginners Tutorials How to learn Ethical hacking - Astalavista.com Introduction to Penetration Testing Penetration Testing Tutorial - Guru99.com Cybrary – This platform provides free online IT and Security training videos that are super easy to follow Hacking Tutorials for Beginners - BreakTheSecurity.com Simple How To Articles By Open Web Application Security Information Gathering with Nmap The Six Dumbest Ideas in Computer Security Security-Related Articles http://www.blackhat.com/ http://www.astalavista.com/ http://www.2600.com http://packetstormsecurity.com/ http://www.hacking-tutorial.com/ http://hackaday.com/ http://www.hackthissite.org/ http://www.hitb.org/ http://pentestmag.com https://www.ssllabs.com/ http://www.evilzone.org/ http://www.securitytube.net/ http://www.metasploit.com/ http://sectools.org/ http://www.breakthesecurity.com/ Videos Defcon: How I Met your Girlfriend – Defcon, a most popular hacker conference Open Security Training- Youtube 90 hour Playlist Cryptography Course By Dan Boneh of Stanford University OWASP AppSec USA 2011: compilation highlights of OWASP conference Vulnerability Databases And Resources http://www.exploit-db.com/ http://cvedetails.com http://www.securiteam.com/ http://secunia.com/advisories/ http://1337day.com/ http://securityvulns.com/ http://www.securityfocus.com/ http://www.vupen.com/english/security-advisories/ http://www.vupen.com/blog/ http://oval.mitre.org/ http://www.osvdb.org/ http://insecure.org/sploits_all.html http://zerodayinitiative.com/advisories/published/ Forums For Hackers And Security Professionals Stackoverflow for security professionals http://www.hackforums.net/forumdisplay.php?fid=47 http://forums.securityinfowatch.com/ http://darksat.x47.net/ http://forums.cnet.com/spyware-viruses-security-forum/ ...[ULTIM ATE B EGINNER HANDB OOK TO COM PUTER HACKING ESSENTIALS: LEARN ETHICAL HACKING, PENETRATION TESTING AND B ASIC SECURITY: 50+ FREE RESOURCES TO HELP YOU M ASTER THE ART OF HACKING] BY [NEIL... guy Neophyte: The Noob Definition and Importance: Ethical Hacker Guidelines of an Ethical Hacker Importance of an Ethical Hacker The Tools: Ethical Hacker Why Un -Ethical Hackers? What’s the Difference?... emotions, and even their heart rate and sometimes their brain waves All of this information is used to determine the strength of the security and what it will be like for the person on the other end of