Strawberrry
Forum Veteran
Mega H(ac)king Tutorial (PLEASE NOTE THAT THE CENSORED WORDS OR (*****) stands for h(a)ck/h(a)cking since PHC doesn't allow those words because im still not used to it)
The h(a)cker manifesto: You do not have permission to view the full content of this post. Log in or register now.
This tutorial is not for any particular types of häçker â whether Blackhat or Whitehat. This tutorial is merely here to inform you. I have tried to include every topic I could think of or find into this MEGA häçkING GUIDE!
I do not have the time or space to go into detail on every piece of software I mention, but I will mention them all anyway so that you can do your own research into them if you are interested.
PLEASE REPLY AND SAY THANKS TO KEEP THIS THREAD ALIVE. I SPENT HOURS WRITING THIS, BUT IT ONLY TAKES 10 SECONDS TO SAY THANKS!
Before we start, I must say that the best Operating System to use for häçking is (IMO) Kali Linux. This is the replacement for backtrack, which was also very good. Backtrack and Kali both come with heaps and heaps of useful tools installed by default. I personally have Kali Linux installed on a flash drive so I can just boot it up wherever I go. You should become very familiar with linux distros and their usage, especially the command line, because many tools involve using the command line. Click here for a good tutorial series.

AV â Antivirus is software installed on most computers to protect the computer from viruses
Backdoor â A program running on a host that we âownâ so that we can connect to it at a later time even if the vulnerability is patched. For example, cryptcat is a backdoor with a nearly undetectable.
Crypter - A program used to encrypt/disguise a malicious program (like a RAT or other virus) so that antivirus software cannot detect it as a virus.
Cookies â files stored on your computer that are used by a webpage to track you, authenticate you and remember you. sâ ĂŠĂĄling session cookies is a type of attack to access sites as someone else (by sâ ĂŠĂĄling their session cookie, the site thinks that you are them). You can remove unwanted cookies through your browsers settings and with flash cookie remover (flash cookies are stored separately to browser cookies).
Ddos/Dos - Distributed denial of service attack / Denial of service attack respectively. This is the term given to the flooding of hosts with packets of data from multiple sources / a single source and the server basically overloads. Ddos attacks are much more effective than Dos attacks.
DNS â Dynamic Name Server. This is a server which is used to find the IP address of hosts from their domain name â like an electronic phone book. DNS use uses port 53 for lookups.
E-Wh(o)ring â Not exactly häçking, this is a money making method. The name is pretty self-explanatory â online prostitution. But the e-whoring section is located inside beginner häçking, so I thought I would mention it here. A tip for running multiple skype accounts at once: run the second one with a command line and use the /secondary tag.
Embedded System â A mini computer embedded inside something like a car, ATM (95% of ATMs run windows XP), etc. We can âhäçkâ these by getting the firmware off it (from the manufacturerâs website or from hardware debugging like jtag). Once we have the firmware, we can decompile it and find exploits similar to how we crack software. Embedded systems are also harder to häçk from the point of view that we can only sometimes achieve a connection to them over which we can actually attack them (e.g. we canât remotely attack a non-networked vending machine). Videos: häçking an ATM, häçking surveillance cameras.
FTP - File Transfer Protocol. An FTP server is a server used to store and send files.
FUD - Fully UnDetectable. A program which is FUD cannot be detected by ANY anti-virus program. UD - UnDetectable. A program which is UD is mostly undetectable but can be detected by some anti-virus programs. There are 2 types of detection: runtime and scantime. If a program is only FUD at scantime, it means that it can be detected as a virus when it is executed.
Hexadecimal â the base 16 number system which is commonly used to represent binary bytes in 2 digit codes (e.g. 00101010 binary = 42 decimal = 2A hexadecimal). You should familiarise yourself with the 3 different bases, especially for cracking and writing exploits.
Honeypot - A honeypot is a computer system that looks enticing to a häçker. It looks important and vulnerable, enough that the häçker attempts to break in. It is used to entrap häçkers and as a way to study the techniques of häçkers by the security community.
IDS â Intrusion Detection System. This is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. We need to be careful to avoid detection by an IDS if we are attacking a network/computer. An example is Snort.
IP address - The address used to identify your network while on the Internet. Every computer has a different IP address, and therefore every IP address is unique.
JDB - Java Driveby. A malicious java applet embedded in a webpage, which will attempt to execute something (e.g. a virus) on a visitorâs computer. The victim is presented with a 'allow plugin to run' notification before the driveby can execute. This is a common spreading technique for RATs. Setup tutorial for a JDB.
********* - A program which logs the keystrokes of a computer. Here is a tutorial on how to code a ********* in VB.
OS - Operating system. Common operating systems brands include Windows, Apple (OSX), Linux (many variations, open source), openBSD, etc.
Pentest â Penetration test. This is what âwhite hat häçkersâ perform, häçking into networks and systems to find vulnerabilities, and then reporting their findings to the company in order to help them improve their security.
Pivoting â Moving from one âownedâ box on a network to attack others, in an attempt to âownâ the entire network. Meterpreter can be used to do this very well.
Programming Languages â Structured languages that can be compiled into a program. Coding knowledge is essential to cracking software and creating exploits, etc â especially scripting ability in a language like perl. Other common languages include c/c++, Java, C#, F#, VB, Haskell, Scala, D, PHP, SQL, HTML (not actually a programming language), javascript, python, ruby, etc.
Proxy - A proxy is a host which redirects traffic through it. Proxy servers can be used for both anonymity and to control traffic/block sites. Most schools use a proxy server to control the sites accessed.
RAT - Remote Administration Tool/Trojan. RATs are a type of virus which can be used to control a computer remotely as well as other functionality. RATs are very popular häçking tools because once a user is infected you have a lot of control over their system. Used commonly with crypters.
Silent JDB â This is the same as a JDB, but there are no popups or notifications to the user when the applet is executed.
Spammer â Software which sends heaps of text messages or emails to a single address to either really annoy them or the equivalent of a DOS.
Spoofing â Making something look different to what it is. We can spoof email addresses and dns addresses in order to trick users into thinking an email came from another address, or that they are visiting a legitimate website, when instead they are looking at something the attacker has created.
SOCKS - Socket Secure is an Internet protocol that routes network packets between a client and server through a proxy server. It is a lower level protocol than HTTP (hypertext transfer protocol).
VPN - Virtual Private Network. A network between systems which doesnât physically exist â it only exists over existing connections like the internet. A VPN can be used for anonymity, because you can use it to redirect your traffic through an anonymous proxy elsewhere in the world.
VPS - A virtual private server is a virtual machine sold as a service by an Internet hosting service. A VPS runs its own copy of an operating system, and customers have superuser-level access to that operating system instance, so can install almost any software that runs on that OS. Typically, you would set up some form of redirection/routing/forwarding on the server to use it as a proxy.

This refers to the act of checking out the network, getting familiar with its layout, etc, in order to attack it - in other words, we are just gathering target information. We try to create a complete profile, with domain names, network blocks and individual IP addresses.
There is no one way to footprint. Different situations will take different paths. In general, we try to find:
This part of the attack can be both technical and physical. We consult as many sources as possible to glean information about the network.
A good starting point is the targets website â where we can look for email addresses, links to other servers, contact information, etc. It is sometimes easier to download an entire website to view offline than looking at it online, check out my tutorial here. You can use the wget command on linux. FOCA is another tool to use to find some very useful information about websites such as metadata.
Perform whois searches on domains to gain more information, including nameservers, etc. Link. The whois command on linux is also very useful, you can use it to perform very specific searches â for example registrar queries, organizational queries, domain queries, network queries and POC queries.
Use netcraft to find a lot of useful information about a site.
Some tools will help with the footprinting process, for example Spiderfoot.
EDGAR is also a semi-useful resource.
We can also use a security flaw in misconfigured DNS servers called Zone transfers to easily get a lot of information about the system. A zone transfer can give us an entire blueprint of the target network â internal hostnames and IP addreses.
This code demonstrates how to manually request a zone transfer from a misconfigured DNS server:
That will save the information in a file called dns_zone_transfer which we can then view to gain more information. We can use commands like grep to find systems in the zone transfer that are potentially vulnerable to attack, and we can find systems with interesting names that may be very useful to us â for example we may find a backup server or something. It is often useful to find âtestâ systems which are often badly set up, and then rarely used â because they are the perfect place to set up our âcampâ in the network.
There are a lot of useful network query tools we can use to gain information as well, including the host command:
Or
Also, check out the dig command on Linux which is also a very useful command.
Some other good tools can be downloaded here.
Traceroute is a useful tool which we can use to map out networks. In Linux, this is the traceroute command, and in windows this is the tracert command. By using this command with an IP address of domain name, we can see what route our packet takes to get to a server. We can use the âp âs switches with the command to set a specific port to use â in case only certain ports are allowed through a firewall, etc. Port 53 is the DNS lookup port so that is generally allowed through:

By now, you should have retrieved a lot of useful information about the target network. We now want to dive a bit deeper to find out more.
Nmap, Hping (which can also be used for DOS attacks with a spoofed IP address), Netdiscover, P0f, and Xprobe2 are among the many tools we can use to gather info on remote targets that can be useful in revealing open ports, running services, and operating systems.
Firstly, we can use the ping command to test if hosts are âaliveâ â on and responsive. This is slow to test a lot of hosts though, so we can also use âping sweepsâ to test a lot of hosts at once. One way to do this is with fping and gping on linux. Another way is to use a great tool called NMAP. Install nmap, and we can use the nmap command with the âsP switch for ping sweeps:
In that command, we specify the subnet 192.168.1.0/24 which is the IP address range of 192.168.1.0 - 192.168.1.255. Now we have a list of hosts which are alive.
We can use ICMP queries to find out a bit more about a system. Use the icmpquery command on linux to find system time and netmask of a router:
Now we will move on to port scanning. Port scanning uses packets of data sent to ports on a machine to test whether they are âopenâ or listening for connections on the ports, or whether they are closed. We try to find open ports on machines to see if we can exploit the software running on those ports and gain access to the machine. There are a lot of different types of port scan, including TCP connect, SYN, FIN, XmasTree, Null, ACK, Windows, RPC and UPD scans. One tool that you can use to port scan systems is Netcat â it has been called the swiss army knife of network tools â but once again we can use nmap to scan for ports. Use the nmap âh command for command line help. You will see something like this as a result from a scan:
Another aspect of scanning is to detect what OS a computer is running. There are 2 ways to do this: actively and passively. Active OS identification can be detected if the computer you are scanning has intrusion detection software installed, and works by sending packets to it and looking for replies unique to each OS. Passive scanning works by monitoring packets sent by the computer to other devices, and looking for unique OS âfingerprintsâ. We can use nmap again for active OS identification:
Nmap also has the amazing ability to map out an entire network graphically in the Zenmap GUI - after a scan just choose the topology tab.
Here is a tutorial on a cool tool (Nikto) to scan for vulnerabilities.
Nessus is also a very powerful vulnerability scanning tool. Download here.
Here is an interesting tutorial on coding your own portscanner in perl.
The h(a)cker manifesto: You do not have permission to view the full content of this post. Log in or register now.
This tutorial is not for any particular types of häçker â whether Blackhat or Whitehat. This tutorial is merely here to inform you. I have tried to include every topic I could think of or find into this MEGA häçkING GUIDE!
I do not have the time or space to go into detail on every piece of software I mention, but I will mention them all anyway so that you can do your own research into them if you are interested.
PLEASE REPLY AND SAY THANKS TO KEEP THIS THREAD ALIVE. I SPENT HOURS WRITING THIS, BUT IT ONLY TAKES 10 SECONDS TO SAY THANKS!
Before we start, I must say that the best Operating System to use for häçking is (IMO) Kali Linux. This is the replacement for backtrack, which was also very good. Backtrack and Kali both come with heaps and heaps of useful tools installed by default. I personally have Kali Linux installed on a flash drive so I can just boot it up wherever I go. You should become very familiar with linux distros and their usage, especially the command line, because many tools involve using the command line. Click here for a good tutorial series.

AV â Antivirus is software installed on most computers to protect the computer from viruses
Backdoor â A program running on a host that we âownâ so that we can connect to it at a later time even if the vulnerability is patched. For example, cryptcat is a backdoor with a nearly undetectable.
Crypter - A program used to encrypt/disguise a malicious program (like a RAT or other virus) so that antivirus software cannot detect it as a virus.
Cookies â files stored on your computer that are used by a webpage to track you, authenticate you and remember you. sâ ĂŠĂĄling session cookies is a type of attack to access sites as someone else (by sâ ĂŠĂĄling their session cookie, the site thinks that you are them). You can remove unwanted cookies through your browsers settings and with flash cookie remover (flash cookies are stored separately to browser cookies).
Ddos/Dos - Distributed denial of service attack / Denial of service attack respectively. This is the term given to the flooding of hosts with packets of data from multiple sources / a single source and the server basically overloads. Ddos attacks are much more effective than Dos attacks.
DNS â Dynamic Name Server. This is a server which is used to find the IP address of hosts from their domain name â like an electronic phone book. DNS use uses port 53 for lookups.
E-Wh(o)ring â Not exactly häçking, this is a money making method. The name is pretty self-explanatory â online prostitution. But the e-whoring section is located inside beginner häçking, so I thought I would mention it here. A tip for running multiple skype accounts at once: run the second one with a command line and use the /secondary tag.
Embedded System â A mini computer embedded inside something like a car, ATM (95% of ATMs run windows XP), etc. We can âhäçkâ these by getting the firmware off it (from the manufacturerâs website or from hardware debugging like jtag). Once we have the firmware, we can decompile it and find exploits similar to how we crack software. Embedded systems are also harder to häçk from the point of view that we can only sometimes achieve a connection to them over which we can actually attack them (e.g. we canât remotely attack a non-networked vending machine). Videos: häçking an ATM, häçking surveillance cameras.
FTP - File Transfer Protocol. An FTP server is a server used to store and send files.
FUD - Fully UnDetectable. A program which is FUD cannot be detected by ANY anti-virus program. UD - UnDetectable. A program which is UD is mostly undetectable but can be detected by some anti-virus programs. There are 2 types of detection: runtime and scantime. If a program is only FUD at scantime, it means that it can be detected as a virus when it is executed.
Hexadecimal â the base 16 number system which is commonly used to represent binary bytes in 2 digit codes (e.g. 00101010 binary = 42 decimal = 2A hexadecimal). You should familiarise yourself with the 3 different bases, especially for cracking and writing exploits.
Honeypot - A honeypot is a computer system that looks enticing to a häçker. It looks important and vulnerable, enough that the häçker attempts to break in. It is used to entrap häçkers and as a way to study the techniques of häçkers by the security community.
IDS â Intrusion Detection System. This is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. We need to be careful to avoid detection by an IDS if we are attacking a network/computer. An example is Snort.
IP address - The address used to identify your network while on the Internet. Every computer has a different IP address, and therefore every IP address is unique.
JDB - Java Driveby. A malicious java applet embedded in a webpage, which will attempt to execute something (e.g. a virus) on a visitorâs computer. The victim is presented with a 'allow plugin to run' notification before the driveby can execute. This is a common spreading technique for RATs. Setup tutorial for a JDB.
********* - A program which logs the keystrokes of a computer. Here is a tutorial on how to code a ********* in VB.
OS - Operating system. Common operating systems brands include Windows, Apple (OSX), Linux (many variations, open source), openBSD, etc.
Pentest â Penetration test. This is what âwhite hat häçkersâ perform, häçking into networks and systems to find vulnerabilities, and then reporting their findings to the company in order to help them improve their security.
Pivoting â Moving from one âownedâ box on a network to attack others, in an attempt to âownâ the entire network. Meterpreter can be used to do this very well.
Programming Languages â Structured languages that can be compiled into a program. Coding knowledge is essential to cracking software and creating exploits, etc â especially scripting ability in a language like perl. Other common languages include c/c++, Java, C#, F#, VB, Haskell, Scala, D, PHP, SQL, HTML (not actually a programming language), javascript, python, ruby, etc.
Proxy - A proxy is a host which redirects traffic through it. Proxy servers can be used for both anonymity and to control traffic/block sites. Most schools use a proxy server to control the sites accessed.
RAT - Remote Administration Tool/Trojan. RATs are a type of virus which can be used to control a computer remotely as well as other functionality. RATs are very popular häçking tools because once a user is infected you have a lot of control over their system. Used commonly with crypters.
Silent JDB â This is the same as a JDB, but there are no popups or notifications to the user when the applet is executed.
Spammer â Software which sends heaps of text messages or emails to a single address to either really annoy them or the equivalent of a DOS.
Spoofing â Making something look different to what it is. We can spoof email addresses and dns addresses in order to trick users into thinking an email came from another address, or that they are visiting a legitimate website, when instead they are looking at something the attacker has created.
SOCKS - Socket Secure is an Internet protocol that routes network packets between a client and server through a proxy server. It is a lower level protocol than HTTP (hypertext transfer protocol).
VPN - Virtual Private Network. A network between systems which doesnât physically exist â it only exists over existing connections like the internet. A VPN can be used for anonymity, because you can use it to redirect your traffic through an anonymous proxy elsewhere in the world.
VPS - A virtual private server is a virtual machine sold as a service by an Internet hosting service. A VPS runs its own copy of an operating system, and customers have superuser-level access to that operating system instance, so can install almost any software that runs on that OS. Typically, you would set up some form of redirection/routing/forwarding on the server to use it as a proxy.

This refers to the act of checking out the network, getting familiar with its layout, etc, in order to attack it - in other words, we are just gathering target information. We try to create a complete profile, with domain names, network blocks and individual IP addresses.
There is no one way to footprint. Different situations will take different paths. In general, we try to find:
- Domain Names (both external and internal)
- Network blocks
- Specific IPs (both reachable by internet and unreachable outside the local network)
- Access control mechanisms
- System architectures
- Intrusion detection systems
- an enumeration of the system (user and group names, system banners, routing tables, SNMP information)
- Networking protocols
This part of the attack can be both technical and physical. We consult as many sources as possible to glean information about the network.
A good starting point is the targets website â where we can look for email addresses, links to other servers, contact information, etc. It is sometimes easier to download an entire website to view offline than looking at it online, check out my tutorial here. You can use the wget command on linux. FOCA is another tool to use to find some very useful information about websites such as metadata.
Perform whois searches on domains to gain more information, including nameservers, etc. Link. The whois command on linux is also very useful, you can use it to perform very specific searches â for example registrar queries, organizational queries, domain queries, network queries and POC queries.
Use netcraft to find a lot of useful information about a site.
Some tools will help with the footprinting process, for example Spiderfoot.
EDGAR is also a semi-useful resource.
We can also use a security flaw in misconfigured DNS servers called Zone transfers to easily get a lot of information about the system. A zone transfer can give us an entire blueprint of the target network â internal hostnames and IP addreses.
This code demonstrates how to manually request a zone transfer from a misconfigured DNS server:
Code:
[bash]$ nslookup
Default Server: dns.example.com
Address: 192.168.0.1
>> server 192.168.0.1
Default Server: [192.168.0.1]
Address: 192.168.0.1
>> set type=any
>> ls âd Example.com. >> /tmp/dns_zone_transfer
There are a lot of useful network query tools we can use to gain information as well, including the host command:
Code:
host âl Example.com
Code:
host âl âv ât any Example.com
Also, check out the dig command on Linux which is also a very useful command.
Some other good tools can be downloaded here.
Traceroute is a useful tool which we can use to map out networks. In Linux, this is the traceroute command, and in windows this is the tracert command. By using this command with an IP address of domain name, we can see what route our packet takes to get to a server. We can use the âp âs switches with the command to set a specific port to use â in case only certain ports are allowed through a firewall, etc. Port 53 is the DNS lookup port so that is generally allowed through:
Code:
traceroute âS âp53 10.10.10.2

By now, you should have retrieved a lot of useful information about the target network. We now want to dive a bit deeper to find out more.
Nmap, Hping (which can also be used for DOS attacks with a spoofed IP address), Netdiscover, P0f, and Xprobe2 are among the many tools we can use to gather info on remote targets that can be useful in revealing open ports, running services, and operating systems.
Firstly, we can use the ping command to test if hosts are âaliveâ â on and responsive. This is slow to test a lot of hosts though, so we can also use âping sweepsâ to test a lot of hosts at once. One way to do this is with fping and gping on linux. Another way is to use a great tool called NMAP. Install nmap, and we can use the nmap command with the âsP switch for ping sweeps:
Code:
nmap âsP 192.168.1.0/24
We can use ICMP queries to find out a bit more about a system. Use the icmpquery command on linux to find system time and netmask of a router:
Code:
TIME:
icmpquery ât 192.168.0.1
NETMASK:
Icmpquery âm 192.168.0.1
Now we will move on to port scanning. Port scanning uses packets of data sent to ports on a machine to test whether they are âopenâ or listening for connections on the ports, or whether they are closed. We try to find open ports on machines to see if we can exploit the software running on those ports and gain access to the machine. There are a lot of different types of port scan, including TCP connect, SYN, FIN, XmasTree, Null, ACK, Windows, RPC and UPD scans. One tool that you can use to port scan systems is Netcat â it has been called the swiss army knife of network tools â but once again we can use nmap to scan for ports. Use the nmap âh command for command line help. You will see something like this as a result from a scan:
Code:
C:\Users\whoami>nmap 192.168.1.1
Starting Nmap 6.46 ( http://nmap.org ) at 2014-07-01 21:02 N
Nmap scan report for example.com (192.168.1.1)
Host is up (0.0068s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp filtered ssh
23/tcp open telnet
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5431/tcp open park-agent
MAC Address: 00:11:22:33:44:55
Nmap done: 1 IP address (1 host up) scanned in 10.60 seconds
Another aspect of scanning is to detect what OS a computer is running. There are 2 ways to do this: actively and passively. Active OS identification can be detected if the computer you are scanning has intrusion detection software installed, and works by sending packets to it and looking for replies unique to each OS. Passive scanning works by monitoring packets sent by the computer to other devices, and looking for unique OS âfingerprintsâ. We can use nmap again for active OS identification:
Code:
nmap âO 192.168.1.15
Nmap also has the amazing ability to map out an entire network graphically in the Zenmap GUI - after a scan just choose the topology tab.
Here is a tutorial on a cool tool (Nikto) to scan for vulnerabilities.
Nessus is also a very powerful vulnerability scanning tool. Download here.
Here is an interesting tutorial on coding your own portscanner in perl.

















