Tuesday, March 25, 2014

How To Become A Hacker

Nowadays, every other college or school student wants to be a hacker. Due to media hype, the term hacker is considered both cool and criminal at the same time. Now, since my blog is basically about my journey into hacking, I receive many emails on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. In this article I will attempt to answer these and more. I will give detailed technical instructions on how to get started as a beginner and how to evolve as you gain more knowledge and expertise in the domain. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems.

Image courtesy of Salvatore Vuono/FreeDigitalPhotos.net

"Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation."

The first important step to becoming a hacker is to read this article by Eric Raymond http://www.catb.org/esr/faqs/hacker-howto.html It has become the de-facto standard guideline for aspiring hackers.

The hacker mindset
In order to become a hacker, you must start thinking like one. We encounter all kinds of technology in our real life. Look at them from a hacker's perspective by thinking of ways to hack them. Hacking is not only about computers. It is also about how you use logic and ingenuity to solve the problems you encounter in your day today life. Nothing is really hack-proof. Auto-rickshaw meters, electronic voting machines, electronic doors, biometric systems, cars and even a yatch have all been hacked in the past. Whenever you encounter any technology, think about how it can be exploited to perform another action. You should possess a natural curiosity for solving puzzles and taking up challenges.

Know your technology
Becoming a hacker is no easy task. It will not happen in days or weeks. It will take you many months and  even years to reach to the level where you can call yourself a hacker. The main reason for this is that being a hacker requires a lot of technical know-how. If you want to hack a computer, it only seems logical that you first know how it works, right? You should be familiar with the ins and outs of computers and know a little bit about everything in the IT domain. For this, you need to learn many things. This learning phase is when most aspiring hackers will give up.
General IT knowledge:
·         Learn how to install Windows and Linux. Use VirtualBox or VMware to practice this.
·         Learn networking concepts like IP address, subnets, TCP/IP, OSI model, LAN,WAN
·         Functions of switch, router, firewall, access point etc
·        What is DNS, DHCP, SNMP, ARP, NAT?
·         What is HTTP, FTP, Telnet, RDP, SSH, POP, SMTP, SSL, NetBios?
      These bullet points are just bare minimum concepts, and you have to learn them thoroughly. For instance, you need to know how data travels through the OSI layers, and the role of each layer in the data transfer.      I would recommend taking a networking course  such as CompTIA's N+ certification. 

Programming  Languages
Programming knowledge is necessary, although not mandatory to become a hacker. Some of the world's best hackers started out as programmers. If you know programming, you will be able to dissect code and analyze it. You will be able to write your own scripts or your own hacking tools. So, which programming language should you learn then? HTML and JavaScript are languages of the internet. So make sure you learn them first. they are also incredibly easy to grasp and learn.  If your are enrolled in an undergraduate computer science degree, you will most probably be learning C,C++ and Java. These three major languages are good and you should keep learning them, but for a hacker, Python is the best language. "Why?" You ask. Because python is an extremely powerful language and it easy to learn at the same time. With Python you can achieve your results with minimal coding, and it does not need to be compiled. That means, just as you finish writing a script, you can immediately run it without having to compile it. And later on in life, if you decide to become a programmer instead of a hacker, Python can develop GUI applications also. In fact, a large part of YouTube is written in Python.
 Another language you should learn is PHP. PHP is also free and open source. It is a server side scripting language, meaning, login pages and other web based forms are handled by PHP. Knowledge of ASP. NET will also be helpful. You should also know MySQL commands and syntax. This knowledge will be vital later when you perform SQL injection attacks against websites. Download XAMPP package and start practicing PHP and MySQL
Another important thing to note is that most colleges will not teach you advanced programming concepts. File handling and Network socket programming are two very important concepts you should familiarize yourself with, regardless of the language.

Open Source
The hacker community is a big supporter of Open Source software. You should contribute to open source projects when you can. In order to improve your programming skills, you can start an open source project and work on it. Download the source code of popular open source projects and study the code. Sourceforge and Github are excellent starting points. Alternatively, start your own project and post the source code online. This will help you get recognition.

The Windows operating system may be easy and convenient for most users, but it is certainly not suited for hackers. With the exception of few windows only tools, most hacking tools run best under Linux environment. I have given a list of 10 best hacking tools here. 9 out of those 10 tools run best under Linux. You can use any Linux distribution like Ubuntu or Fedora, but BackTrack and Kali are two major Linux distros specifically designed for hackers. They come loaded with all the popular hacking tools, saving you from the trouble of downloading them yourself. If you are not comfortable with leaving windows as yet, you can use VirtualBox to install BackTrack in your system, or you can dual boot your operating systems.
Information Technology is a huge field. If you look at your college or university, your professors know about programming concepts and theory, the System Administrator knows about networks and systems, the website developers know web programming and designing. You, as a hacker, must know all these things and more.

Even under the domain of hacking, there are many sub categories like web application security, network security, digital forensics, reverse engineering etc. Nobody can be good at everything. After you have adequate knowledge and experience in "general" hacking, you can choose a speciality and become an expert in it.

Now, let's talk about actual hacking. Create your own virtual lab and practice hacking. Here is a guide on how to do this. Learn the top ten hacking tools thoroughly and apply them in your practice. If you have a good understanding of the theoretical concepts of hacking and other technologies, these tools will be a breeze to use. Practice web application hacking using live websites that are meant to be hacked. A good example is www.hackthissite.org. There are plenty of other such websites. Google is your best friend.
One good way to learn hacking is to download pdf and video resources and studying them. CBT-nuggets and other institutes' video tutorials are available in torrents. YouTube hosts plenty of tutorials on every topic. Take a look at www.securitytube.net as well.
 I would recommend a method that I used when I started off. Start by maintaining a journal and make a list of all the hacks you want to achieve. Example, if you are in college, your objective may be - bypassing web filtration, accessing the attendance logs etc. Work on these objectives until you achieve them. Similarly, your objective may be to get into someone's system. Work on it consistently without giving up until you are successful. Record everything in your journal. This will help you reflect on how far you have come.

 Keep practicing and keep learning. That is the only way to go. If you are in college, don't waste your time partying or facebooking. Time is precious. Utilize your every waking moment. If you know people who have websites or small companies, talk to them and ask them to give you a chance at performing penetration tests(ethical hacking) for their websites and networks. This will give you real world experience. You must, however, remember to get their permission in writing. Hacking someone's website or system without written authorization is illegal and you could very well end up in jail. Verbal authorization is not valid in a court of law. Once you are able to hack their websites, write a report and submit to them.

So, that is how you become a hacker! As you can see, becoming a hacker is a long process so if you are in it only for the heck of it this is not the domain for you. After all that has been said, you should remember to be ethical at all times. Ethical hacking is a risky domain if you are careless and you do not want to end up in the wrong side of law.

Please feel free to leave feedback or ask any queries in the comment section.

Thursday, March 6, 2014

Book Review: Web penetration Testing With Kali Linux

I recently finished the book Web Penetration Testing With Kali Linux by Joseph Muniz and Amir Lakhani and I decided to write a review of it. It is a book about performing penetration tests (In layman terms: hacking) specifically on web applications. I found the title catchy and intriguing because web penetration testing is currently  the biggest area in the world of information security and Kali is the latest penetration testing platform.

Image courtesy: Amazon.in

The book highlights most of the standard  techniques in hacking and testing web applications.  It follows five steps of hacking, reconnaissance, target  evaluation, exploitation, privilege escalation and maintaining access. The first two chapters deal with the basic concepts and reconnaissance. They also teach you how to install Kali in a VM. For the third chapter onwards, the attacks are classified into server side attacks, client side attacks, Attacking authentication, web attacks etc. In server side attacks, the authors have shown the usual pentesting tools such as metasploit, w3af, hydra, SSLstrip etc. Under client side attacks, there are Social Engineering  Toolkit ,MITM proxies, Nessus etc. Under authentication and web attacks, there is Wireshark, man in the middle attacks, dnssniff and arpspoof, Firefox plugins , Burpsuite, Denial of service etc. If you are a seasoned penetration tester, by now you may have noticed that most of these tools and techniques are standard practice and there is nothing new here.  What the authors have essentially done is, bring together all the tools and techniques for penetration testing so that they all fit under one platform, Kali Linux. Kali has most tools preinstalled, so, the idea here is to identify all tools relevant to web application pentesting. In all the chapters, there is a brief  explanation of the attack methodology, and a very small demo of the tool. The last chapter covers report writing and a brief about auditing standards. There is also mention of several reporting tools.

The book is a good read and it covers a very vast array of topics, but it isn't as detailed as I had hoped. All in all, if you are a beginner in the penetration testing scenario, this book is for you. It will serve as a good starting point for testing web applications. However, like I mentioned before, the techniques aren't too detailed, so you will have to supplement your reading with Google searches if you want to be thorough. And as for the professional penetration tester, the book will serve as a reference to cover all bases while pentesting. 

Sunday, February 23, 2014

EC-Council Website Has Been Hacked, Again

EC-Council's official website(http://www.eccouncil.org/) has been defaced yet again. EC-Council is a leading ethical hacking certification provider. This has happened before. See here. The irony here is that the company is supposed to be a world leader in providing information security certification to stay safe from hacks like this.

At the time of writing this blog post (8PM IST,23 Feb '14), EC-Council's official website remains defaced. The hacker(s) have uploaded a passport of Edward Snowden in the homepage. The heading reads "owned by certified unethical software security professional".
Here is a screenshot of the defaced webpage-

The hacker(s) mocked EC-Council for reusing their passwords. Apparently, that's how they got hacked The message read -

Defaced again? Yep,good job reusing your passwords morons jack67834#

This goes to show that no system is really secure. Any organisation can be hacked, and EC-Council is no exception. But I think they should be more careful because they need to maintain a certain repute for their certifications. 

Friday, January 17, 2014

5 ways to bypass antivirus

Antiviruses are a big  annoyance for hackers. When a hacker wants to penetrate a system, the success or failure of that hack often depends on whether the target computer has an antivirus or not. Thus, bypassing antiviruses are naturally a hot topic among hackers. Although there are no fool-proof methods to bypass antivirus, I have listed here 5 methods which could work depending on your situation.

   Image courtesy of Stuart Miles/ FreeDigitalPhotos.net

1. Metasploit polymorphic encoder
The metasploit framework comes with an excellent set of tools that includes a polymorphic encoder that can "encode" your trojan or virus such that antiviruses would not be able to recognize its signature, thus avoiding detection. You need Backtrack or Kali to do this. The best encoder under msfencode is shikata ga nai, which can be used to "encode" and obfuscate your payload(read trojan) multiple times. 
A detailed tutorial on this can be found here. Also, here is a video tutorial on metasploit backdoors and encoders.

2. Crypters/Packers
Crypters and packers are specialized tools that can encrypt and pack your payload(read trojan or virus) so that antivirus cannot get to the actual core of the payload. The encryption on the payload prevents antiviruses from peeking inside. Because of this, antiviruses will not detect your trojan. Once you are ready to deploy the trojan, the payload gets unencrypted and unpacked to unleash all malicious activities and infections.
There are many crypters available online both free and paid. However, a note of caution is that crypters are not so reliable. There are chances that the crypters will not work. You can even create your own crypters if you are good at programming.

3.Binary editing
Antiviruses use file signatures to detect viruses. These file signatures are unique patterns inside the virus. They are very small(a few dozen bytes).  Binary editing involves finding the file signatures and directly altering it. Once the contents of the file signature are changed, the antivirus will no longer recognize the signature.This can be done using a Hex Editor.
For more info, refer to the paper Taking Back Netcat 

4. Modify Source code
If you have the source code of the program/virus, you can modify it. For instance, If there is a switch case condition in the code, convert it into  if-else. This should not affect the functioning of the program in any significant way. There are many other changes that you can make, like changing variable names, upper to lower case etc.
int num=0;
can be changed to
int NUm=0;

5. Recompile the payload/Use an alternate version
If you have the source code of the virus, you can recompile it using a different compiler. It will create a completely fresh executable. That way, there is a chance that the antivirus will no longer recognize the signature.
If you are using a readymade program, then try using a different version. For example, if you are planning to install netcat on your victim's system and the antivirus is flagging it, then you can use other editions of netcat (nc.exe) like mocat, netcat2, cryptcat etc.

Keeping in mind that these techniques are not sure to work every time,  if you still didn't succeed, you can always write your own virus/trojan/keylogger from scratch. That is the only way of avoiding antivirus signature based detection. Again, you must be careful in writing the code because antiviruses also have behavior-based detection also known as heuristics detection.

Disclaimer: Only for educational purposes.Use this information at your own risk.