Docsity
Docsity

Prepare-se para as provas
Prepare-se para as provas

Estude fácil! Tem muito documento disponível na Docsity


Ganhe pontos para baixar
Ganhe pontos para baixar

Ganhe pontos ajudando outros esrudantes ou compre um plano Premium


Guias e Dicas
Guias e Dicas


Curso básico hacker, Manuais, Projetos, Pesquisas de Computação avançada e segurança de rede

Entenda basicamente o que fazer em certas situações.

Tipologia: Manuais, Projetos, Pesquisas

2021

Compartilhado em 04/06/2021

osvaldo-gosta-da-silva
osvaldo-gosta-da-silva 🇧🇷

5

(1)

1 documento

1 / 77

Toggle sidebar

Esta página não é visível na pré-visualização

Não perca as partes importantes!

bg1
HACKING SECRETS REVEALED
Information and
Instructional Guide
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d

Pré-visualização parcial do texto

Baixe Curso básico hacker e outras Manuais, Projetos, Pesquisas em PDF para Computação avançada e segurança de rede, somente na Docsity!

HACKING SECRETS REVEALED

Information and

Instructional Guide

HACKING SECRETS REVEALED

Production of  S&C Enterprises

DISCLAIMER

The authors of this manual will like to express our concerns about the misuse of the information contained in this manual. By purchasing this manual you agree to the following stipulations. Any actions and or activities related to the material contained within this manual is solely your responsibility.

The misuse of the information in this manual can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this manual to break the law.

(Note This manual was created for Information purposes only.)

Introduction

HE internet is ever growing and you and I are truly pebbles in a vast ocean of information. They say what you don’t know can’t hurt you. When it comes to the Internet believe quite the opposite. On the Internet there a millions and millions of computer users logging on and off on a daily basis. Information is transferred from one point to another in a heartbeat. Amongst those millions upon millions of users, there’s you.

As humble a user you may be of the Internet, you are pitted against the sharks of the information super highway daily. Problem with that is the stealth by which it happens. Currently about 30-40% of all users are aware of the happenings on their computer. The others simply either don’t care or don’t have the proper “know how” to recognize if their system is under attack and or being used.

You bought this manual because you are concerned about your privacy on the Internet. As well you should be. On the Internet nothing is quite what it appears to be. The uninformed will get hurt in many ways.

T

By no means am I going to make a ludicrous claim that this manual will protect you from everything. What I will say is that by reading this manual hopefully you will be in a better situation to protect yourself from having your information compromised.

Did you know it doesn’t matter if you’re connected to the net 24hrs a day or 15 min’s a day your system is vulnerable. Not only is it vulnerable in that 15 min’s you can possibly loose all your data get locked out of your own system and have all your confidential information like your “Bank Account Numbers”, “Your Budget”, “Your personal home address” compromised.

Don’t give me wrong, I’m not trying to throw you into a state of paranoia either. What I am saying is that if you’re not careful you leave yourself open to a wide range of attacks.

Perhaps you’re skeptical and saying to yourself “Oh I don’t do anything on the net except check my E-mail etc that sort of thing can’t happen to me.”

Okay I like a challenge let’s do a test!

SYSTEM INTRUSION IN 15 SECONDS

System intrusion in 15 seconds, that’s right it can be done. If you possess certain security flaws your system can be broken into in less that 15 seconds.

To begin this chapter I’d like you to do the following. Connect to the Internet using your dial up account if you are on dial up. If you are on dedicated service like High Speed connections (ie, Cable and DSL) then just proceed with the steps below.

  • Click Start
  • Go to Run
  • Click Run (It’s a step by step manual) :-)
  • Type^ Winipcfg
  • Hit the Enter Key

Chapter

Once you have the IP address write it down, then close that window by clicking (OK) and do the following.

  • Click Start
  • Go to Run (Click on Run )
  • Type command then Click OK

At this point you should see a screen that looks like this.

Type the following at the Dos Prompt

  • Nbtstat –A IP address

For example: nbtstat –A 207.175.1.

(Please note that you must type the A in capitol letters.)

This will give you a read out that looks like this

NetBIOS Remote Machine Name Table


Name Type Status


J-1 <00> UNIQUE Registered

WORK <00> GROUP Registered

J-1 <03> UNIQUE Registered

J-1 <20> UNIQUE Registered

WORK <1E> GROUP Registered

WORK <1D> UNIQUE Registered

MSBROWSE.<01>GROUP Registered

(Again info has been omitted due to privacy reasons)

The numbers in the <> are hex code values. What we are interested in is the “Hex Code” number of <20>. If you do not see a hex code of <20> in the list that’s a good thing. If you do have a hex code <20> then you may have cause for concern. Now you’re probably confused about this so I’ll explain.

A hex code of <20> means you have file and printer sharing turned on. This is how a “hacker” would check to see if you have “file and printer sharing” turned on. If he/she becomes aware of the fact that you do have “file and printer sharing” turned on then they would proceed to attempt to gain access to your system.

(Note: To exit out of the DOS prompt Window, Type Exit and hit Enter)

Not a lot of time to gain access to your machine is it? How many of you had “File and Printer Sharing” turned on?

Ladies and Gentlemen: This is called a Netbios attack. If you are running a home network then the chances are you have file and printer sharing turned on. This may not be the case for all of you but I’m sure there is quite a number of you who probably do. If you are sharing resources please password protect the directories.

Any shared directory you have on your system within your network will have a hand holding the folder. Which looks like this.

You can check to find which folders are shared through Windows Explorer.

  • Click On Start
  • Scroll Up to Programs

At this point you will see a listing of all the different programs on your system

Find Windows Explorer and look for any folders that look like the above picture.

Once you have found those folders password protect them. Don’t worry I’ll show you how to accomplish this in Chapter 8 in a visual step by step instruction format.

Netbios is one of the older forms of system attacks that occur. It is usually overlooked because most systems are protected against it. Recently there has been an increase of Netbios Attacks.

Further on in this manual we shall cover some prevention methods. For now I wish only to show you the potential security flaws.

Some common features with Trojans are as follows:

  • Open your CD-Rom drive
  • Capture a screenshot of your computer
  • Record your key strokes and send them to the “Hacker”
  • Full Access to all your drives and files
  • Ability^ to^ use^ your^ computer^ as^ a^ bridge^ to^ do^ other hacking related activities.
  • Disable your keyboard
  • Disable your mouse…and more!

Let’s take a closer look at a couple of more popular Trojans:

  • Netbus
  • SubSeven

The Netbus Trojan has two parts to it as almost all Trojans do. There is a Client and a Server. The server is the file that would have to get installed on your system in order to have your system compromised. Here’s how the hack would go.

The Hack

Objective: Getting the potential victim to install the server onto his/her system.

Method 1

Send the server file (for explanation purposes we’ll call the file netbusserver.exe) to you via E-Mail. This was how it was originally done.

The hacker would claim the file to be a game of some sort. When you then double click on the file, the result is nothing. You don’t see anything. (Very Suspicious)

Note: (How many times have you double clicked on a file someone has sent you and it apparently did nothing)

At this point what has happened is the server has now been installed on your system. All the “hacker” has to do is use the Netbus Client to connect to your system and everything you have on your system is now accessible to this “hacker.”

The joiner utility will combine the two files together and output 1 executable file called:

.exe

This file can then be renamed back to chess.exe. It’s not exactly the same Chess Game. It’s like the Tomato Juice, it’s just slightly different.

The difference in these files will be noticed in their size.

The original file: chess.exe size: 50,000 bytes

The new file (with Trojan): chess.exe size: 65,000 bytes

(Note: These numbers and figures are just for explanation purposes only)

The process of joining the two files, takes about 10 seconds to get done. Now the “hacker” has a new chess file to send out with the Trojan in it.

Q. What happens when you click on the new chess.exe file?

Answer: The chess program starts like normal. No more suspicion because the file did something. The only difference is while the chess program starts the Trojan also gets installed on your system.

Now you receive an email with the attachment except in the format of chess.exe.

The unsuspecting will execute the file and see a chess game. Meanwhile in the background the “Trojan” gets silently installed on your computer.

If that’s not scary enough, after the Trojan installs itself on your computer, it will then send a message from your computer to the hacker telling him the following information.

Username: (A name they call you)

IP Address: (Your IP address)

Online: (Your victim is online)

So it doesn’t matter if you are on dial up. The potential hacker will automatically be notified when you log on to your computer.

You’re probably asking yourself “how likely is it that this has happened to me?” Well think about this. Take into consideration the second chapter of this manual. Used in conjunction with the above mentioned methods can make for a deadly combination.

These methods are just but a few ways that “hackers” can gain access to your machine.

Listed below are some other ways they can get the infected file to you.

News Groups:

By posting articles in newsgroups with file attachments like (mypic.exe) in adult newsgroups are almost guaranteed to have someone fall victim.

Don’t be fooled though, as these folks will post these files to any newsgroups.

Grapevine:

Unfortunately there is no way to control this effect. You receive the file from a friend who received it from a friend etc. etc.