Guide to Hacking Computers for Beginners
Contents
Chapter 1 – Introduction
What it Takes to Become a Good Hacker
Chapter 2 - An Overview of Hacking
Chapter 3 – Attack Types and Famous Viruses
1. Code Red6
2. Sasser
3. Zeus
4. The I Love You Attack
5. Melissa
6. The Conficker Worm
7. MyDoom
8. Stuxnet
9. Crypto Locker
10. Flashback
In Summary
Chapter 4 (will continue...........next post)
Chapter 1 – Introduction
The general public usually has two competing viewpoints of hackers. Some people revere them as brilliantly minded individuals while others look down on them as petty criminals. While both perceptions could be true for many experthackers, the public’s perception has been twisted and contorted by what they see on television dramas and in the movies. Because your average user doesn’t understand how a computer or the Internet works from a technical perspective, they can’t hope to begin to understand what hackers actually do.
In fact, the term ‘hacker’ usually carries a negative connotation to it. Ask any non-technical person what a hacker is, and they’ll give you a response such as,
“They’re the bad guys that steal people’s credit cards, listen to my phone calls, and work with terrorist organizations.” For some reason – likely accredited to entertainment media – hackers get a bad rap and most people would instantly
assume that their behaviors are illegal. These stigmas couldn’t be further from he truth, because the reality is that there are many types of hackers. Some of them are good, some of them are bad, and some lie somewhere in between.
There is no single motivation that drives every hacker and no blanket statement that you can use to accurately describe every hacker in the world. Also consider that hacking isn’t an inherently evil practice and you can do it legally. Some
people even like to do it for a hobby. More practically, however, some peopleget paid big bucks as consultants to try to hack into a corporate network in an effort to find security holes. Be forewarned, though. If you start abusing your knowledge it is a slippery slope to the dark side, and nothing good ever happens once you’re there. If your curiosity has gotten the better of you, if you just want to be able to understand what’s going on in the movies and the news, or you have a goal of becoming a competent hacker, I want to personally introduce you to hacking and guide you to achieving your goals. The problem most people have when they
want to start hacking is that they find material that isn’t written for novitiates. Once you get the basics under your belt and you can actually apply the knowledge you will learn in this book, you’ll find that you are much more educated than your peers and that technology is actually pretty exciting. As the tools hackers use have changed over the last couple decades, people that take an interest and develop a passion for hacking have changed as well. Though technology is only getting more complex with each passing year, the toolshackers utilize are becoming more sophisticated – making the learning curve much less steep for newbies. In this guide, I am going to teach you a lot of valuable information about
hacking such as:
-What hacking is and what hacking isn’t.
-Hacking terminology and hacker culture.
-Types of attacks and the most famous hacks of all time.
-Ethical considerations and fair warnings about becoming a hacker.
-Fundamental concepts that will serve as a foundation to build hacking skills.
-How to install Linux operating systems using VMWare to setup hacking tools.
-Step-by-step guides for ping sweeps and port scanning.
-How to map network topologies and perform reconnaissance techniques.
-How to use advanced software to find security holes.
This is designed to be an all-inclusive guide that will not only give you an understanding of the basic technical concepts you will need to become a hacker,
but also introduce you to some fascinating software and show you step-by-step how to use it. I’m sure most of you want to get started hacking right away, but I urge you to spend time learning the basics before moving on to some of the more challenging attacks discussed in this book.
What it Takes to Become a Good Hacker One of the reasons some hackers become so successful is because they have a
passion for what they are doing. Their personality drives them to tackle extremely difficult challenges, which is why some hackers break systems just to see if they can. If you are going to want to become a prolific hacker, it takes the
same two things as any other skill you want to build: time and practice. If you can’t figure something out in the first two minutes, don’t give up. Some of the pros will spend weeks or even months planning and executing their attacks. And
once you get the basics under your belt, you’re going to be able to implement these techniques in a matter of minutes. Arguably, I would say the hardest part for a newbie is getting their environment setup. Past that, things start to get easier and you can really start to sink your teeth into how the technology works. Before we get to the juicy details, we should begin with an overview of hacking so you understand some rudimentary concepts and perceptions about hacking
Chapter 2 - An Overview of Hacking
To your average computer user who doesn’t understand much about Internet and network security, hackers are shrouded in a cloud of mystery. Most people don’t
understand what they do or how they do it. And the movies don’t help to demystify them, either. Countless action movies portray a character that takes the role of a hacker that can break into top secret computer systems to save the world. When the camera pans over their computer screens, you see them typing strange letters and numbers into a command prompt that, for all you know, is a foreign language. Humorously enough, the hackers in the movies frequently use a tool called NMAP, which I will show you how to use later in this book. If you’ve seen The Matrix Reloaded, Dredd, Fantastic Four, Bourne Ultimatum, Die Hard 4, or The Girl With The Dragon Tattoo (amongcountless others), you have already seen actors using NMAP to facilitate their hacking endeavors in the movies.
But what exactly is hacking? Hacking means a lot of different things to a lot of different people. It is an umbrella term used to describe hundreds, if not thousands, of various techniques that can be utilized to use computers and information systems in unintended ways. At its core, hacking means using a computer to gain unauthorized access to another computer system or data that is protected or restricted. This is the most conventional meaning of the word hacking. Once a hacker has gained access to an unauthorized system, he or she then has the ability to steal information, change configurations, alter information, delete information, and install further malicious code to capture even greater control over the target system. The list goes on and the sky is the
limit regarding what an experienced hacker can do once they find a way into a computer system.
However, there is a lot more to hacking than clicking a button to attack a computer. You will need to use tools and scanners to map the local network
topology and use reconnaissance techniques to gather information and look for vulnerabilities. The good news for newbies is that these tools are highly automated today. In the past, hacking software hadn’t been created that aggregated vast amounts of code and tools into simple and easy to use commands. As such, hackers in the past needed highly intimate understandings of the technologies they were trying to break and it was difficult to do so. Having an extremely deep understanding of technology today will certainly help you become a better hacker, but my point is that these tools are becoming increasingly easy to use. In fact, there are young kids and teenagers that are too curious for their own good and take advantage of highly sophisticated tools to break into systems they have no business accessing. Understand that these tools simplify the hacking process considerably. If a teenager can hack into a system using simple tools, guess what? You can too!
But what does it take to excel as a hacker? Well, most hackers have several things in common. First of all, they are experienced software developers and can craft malicious programs and viruses that further their cause. Furthermore, most hackers are competent Linux users. Linux operating systems are extremely secure and provide virtually limitless access to the latest penetration and security tools – for free! In addition, some Linux operating systems such as Kali Linux were designed for the sole purpose of hacking and network penetration. Linux can be scary for newbies, but I will show you how to run Linux and use some special tools later in this book in a simplified and easy to understand manner. Lastly, hackers almost always have a working knowledge of networking topics such as IP addresses, ports, and the dirty details of how different networking protocols operate. Some tools even exploit vulnerabilities in these network protocols, and the knowledge of these exploits combined with the ability to craft computer programs is what makes some hackers truly formidable.
Some of these techniques are outside the scope of this book since this guide was created for beginners, but if you really want to excel as a hacker you would do well to study and practice these concepts. Though we won’t touch on software development in this guide, I will certainly show you step-by-step how to install and use some various hacking tools that the pros take advantage of and teach you
Perhaps you have already experienced the negative consequences of malware. One of the most popular ways that malware is distributed is through the medium of online downloads, whereby a downloadable file has been corrupted with malware that the user then downloads and installs. You’ll see this frequently with most files hosted with P2P (Peer-to-Peer) file sharing programs such as Bit Torrent. Malware gets its name by combing two other terms: MALicious softWARE. It can also be used as an umbrella term used to describe many different types of attacks, and it could mean any software that is used by an attacker to create access to a target’s data, block them from their data, or change information on their computer.
Furthermore, a key logger is yet another type of malicious program, and as youmight have guessed its sole purpose is to log the keystrokes of the user who has been infected. This is absolutely disastrous for the target user, because an attacker will be able to record and view every single key that the target types on their host system. This includes usernames and passwords, Google searches, private instant messaging conversations, and even payment card data. If an attacker has successfully installed a key logger, the target is at the mercy of the attacker. There’s no telling what the attacker could do next – they could hack into the target system by using the information they gathered such as usernames and passwords, steal money using their payment card data, or use their host system to carry out attacks on other hosts on the same network.
Next, you should also be familiar with the idea of a rootkit. Rootkits are extremely dangerous because they serve to edit background processes in an effort to hide the malicious activities of an attacker. This will help viruses, key loggers, and other malicious code exist for extended periods of time withoutdetection on the target system. They can even serve to hide software that would have been otherwise detected and quarantined by security software.
Last but not least is the infamous Trojan horse, sometimes called a Trojan virus or a backdoor virus. They are extremely problematic because they can be slipped into innocent-looking applications and they are very hard to detect without the right security software. There could even be a Trojan horse lurking in the depths of your personal computer right now, and they are frequently used to gain complete control of a target system. Now that you have a basic understanding of the different types of malicious code hackers employ to do their bidding, you should know about some of the largest
and most famous computer viruses of all time. Some of them are actually other types of malicious code such as Trojan horses, but people still refer to them as viruses. Any expert hacker will have heard of these famous attacks before, so you should know them as well.
Also, if you get the inkling to try your hand at using one of these methods on your own by hunting around on the Internet for freely distributable code that will allow you to attack a target system, just know that you’re setting yourself up for a disaster. Humorously enough, some hacking newbies try to find rootkits and key loggers to attack hosts. But here’s the catch – some hackers actually facilitate their attack by taking advantage of people who want access to these types of programs.
And the end result isn’t pretty. In the end, the newbie hacker might actually install an expert hacker’s virus and unknowingly infect their own operating system! And don’t forget that there are ethical and legal implications as well. Many, if not all, of the people responsible for these famous attacks were severely punished. So don’t try to research and implement these types of viruses at home!
1. Code Red
I know what you may be thinking, and no, this has nothing to do the movies. When people think of hacking in the movies, they think of top secret military bases getting hacked by a teenager and raising their alert level to ‘code red.’ Believe it or not, it is rumored that the two engineers who discovered and named this attack were merely drinking the disgusting cherry-flavored soda when they first identified the worm back in 2001. This worm was pretty darn nasty, and its targets were servers that were running the Microsoft IIS software for web
servers.
This attack relied heavily on an exploit found in the code that left servers vulnerable to a buffer overflow issue in an older version of code. However, it was a huge problem and very difficult to detect because it had the ability to run solely in memory (RAM, or short term storage as opposed to long term storage such as a hard disk drive). And things got out of hand pretty quickly, too. After it had compromised a system, it would then try to make hundreds of copies to infect other web servers. Not only that, but it gobbled up a ton of local server resources that all but crippled some of the target systems.
2. Sasser
Sasser is another worm designed to target Windows (noticing a pattern here?). It first found its way into the spotlight back in 2004 and was created by a legendary and infamous hacker named Sven Jaschan who was also responsible for another famous worm named Netsky. One reason this worm made Internetsecurity headlines was that it had affected more than a million targets! Yet again, this worm took advantage of a buffer overflow vulnerability that caused target systems to crash.
It also made it nearly impossible to reboot your computer without removing the power cable and it caused many computers to crash completely. To be fair, most people saw this worm as a nuisance as opposed to a serious threat. But it cannot be denied that it caused massive and widespread disruption. It even infected critical infrastructure devices that caused networks to perform very poorly. Like other types of worms, it used its target computers to propagate and multiply
itself to other computers.
But one of the biggest problems with this worm is that users didn’t upgrade their operating systems after a patch had been created. Both public and private sector organizations were affected like news stations, transportation systems, healthcare organizations, and even some airline companies. But what was the end result? The damages were collectively chalked up to be approximately $18 billion dollars! What happened to the infamous Jaschan, you ask? Fortunately for him, he was still young so he received a slap on the wrist considering how much damage he did. He ended up with a suspended sentence lasting 21 months.
3. Zeus
The Zeus virus was really a Trojan horse created to infect (can you guess which operating system?) Windows machines in an effort to force them to carry out varying procedures that were deemed to be criminal activity. Most typically, it would be used to carry out key logging activities and man-in-the-middle attacks that would allow an attacker to first sift through web browsing information before sending it to the intended web server. It most frequently infected hosts by utilizing innocent-looking applications as a transport medium into the intended targets, but the attack also employed phishing techniques.
After it had been discovered in 2009, it had ruined thousands of individual file download and FTP accounts from the largest banks and corporations. Those involved include Amazon, Bank of America, Oracle, and even Cisco. The attack also allowed the hackers to steal usernames and passwords to social media sites, email accounts, and banking information.
4. The I Love You Attack
The ‘I Love You’ attack is so impressive and revered in hacker communities because it created a whopping $10 billion dollars in estimated damages. What’s more impressive is that researchers believe that 10% of every computer
connected to the Internet at the time was infected with this virus. Infecting 10% of the Internet with a computer virus is staggering to say the least. Things started becoming so terrible that some of the larger organizations as well as
governmental agencies around the world started shutting down their mailing systems in an effort to avoid becoming infected.
5. Melissa
This naughty virus was supposedly named after an exotic dancer the creator, David L. Smith, had once known. Supposedly, the very root of the virus was an infected text document that was uploaded to the alt.sex Usenet group with the appearance of being a collection of usernames and passwords for subscription and membership-only pornographic websites. But once a user downloaded this
Word document, all hell would break loose and the virus would activate.
To start, the virus would look at the first 50 addresses in the infected host’s email address book and start sending those addresses emails. In turn, this would severely disrupt email services of large enterprises and governmental bodies. Furthermore, the virus would even corrupt documents by adding references to the television show The Simpsons. However, the original Word document was eventually traced back to Smith and he was arrested within a week of the virus’s propagation. Although Smith only ended up serving 20 months of prison time and a $5,000 fine (he originally had a 10 year sentence) because he turned snitch on other hackers and helped the FBI make more arrests. To top it all off, it was estimated that the damages from his virus totaled approximately $80 million dollars.
6. The Conficker Worm
The Conficker worm first appeared in 2008 and it comes from an unknown origin. This worm was especially troublesome because it created a botnet (a group of infected computers networked together) of more than 9 million different hosts that harmed governmental agencies, large enterprises, and simple individual users alike. This worm makes the top 10 list because it caused damages estimated at a staggering 9 billion dollars. It was able to infect Windows machines due to an unpatched vulnerability dealing with background network services.
After a host had been infected with the worm, the worm would wreak havoc by preventing access to Windows updates and antivirus updates, and it could even lock user accounts to prevent people from logging in and cleaning up the worm. If that weren’t bad enough, the worm would then continue its attack by installing malicious code that would make the target computer part of the botnet and scam users into sending the attacker money by holding their computer ransom. Microsoft and third party antivirus software providers eventually released updates to combat and patch this worm, but it did massive amounts of damage before a solution could be reached.
7. MyDoom
MyDoom was first seen back in 2004, and it was one of the fastest email worms to infect masses of computers since the I Love You attack. The creator of this attack is still unknown, but it is rumored that the creator was paid big money to carry out this attack due to the message included in the virus that read, “Andy, I’m just doing my job. Nothing personal, sorry.”
This worm was incredibly sly because it took on the appearance of an email error. After a user had clicked on the “error” to view the problem the worm would send copies of itself to people found in the email address book of the infected system. Furthermore, it would copy itself into peer-to-peer directories on the infected hosts to spread throughout the network. It is also believed that the worm is still lurking on the Internet to this day, and it caused approximately $38 billion dollars’ worth of damages.
8. Stuxnet
This attack has a somewhat political background as it is thought to have been created by the Israeli Defense Force in conjunction with the American government. While some of the past viruses were created out of malice contempt, or the curiosity to see just how much damage a prolific hacker could create, this virus was created for the purpose of cyberwarfare. The goal was to stymy the initiatives of the Iranians to create nuclear weapons, and almost two thirds of hosts infected by this virus were located in Iran.
In fact, it is estimated that the virus was successful in damaging 20% of the nuclear centrifuges in Iran. More specifically, this virus targeted PLC (Programming Logic Controllers) components which are central to automating
large machinery and industrial strength equipment. It actually targeted devices manufactured by Siemens, but if it infected a host that didn’t have access to Siemens products it would lurk on the host system in a dormant state. Essentially, it would infect the PLC controllers and cause the machinery to operate far too fast – which would ultimately break the machinery.
9. Crypto Locker
This virus is another example of a Trojan horse that infected Windows machines, and the goal was to ransom target computers in exchange for money. This Trojan was very cunning because it had several different ways to spread to
other computers. However, it was incredibly troublesome because after it had infected a host, it would then proceed to encrypt the hard drive with an RSA key that the owner of the computer never had access to. If you wanted your files to
be unencrypted, you would have to pay money with prepaid methods or bitcoins to the initiators of the attack.
Many people were successful in removing the Trojan from their computers, but they still had one gargantuan problem: the files on their hard drive were still inaccessible because they could not be decrypted without the key. Fortunately
the leader of the attack, Evgeniy Bogachev, was caught and the keys used to encrypt the targets’ hard drives were released to the public. Apparently, the attack was successful in garnering $3 million from the ransoms, and it infected
about half a million targets.
10. Flashback
I always love it when Apple evangelists claim to PC users that their computers are superior to Windows machines because their code is infallible and there is no way to get a virus on a Mac. While it’s true that Windows machines are more susceptible to viruses, Macs aren’t perfect either. Such was the case with the Flashback Trojan that was first observed in 2011. This Trojan used infected websites to inject faulty JavaScript code into the host browser, and it made infected Mac hosts part of a botnet. Believe it or not, this Trojan had infected over 600,000 Mac computers and a few of those were even contained at Apple HQ. Also, though numerous warnings and solutions have been created for this
Trojan, many believe it is still lurking in the depths of the Internet and that thousands of Macs are still affected.
In Summary
Viruses, malware, and Trojan horses are just one facet of hacking, though. The truth is that these viruses were created by experts who had a deeper knowledge of computing systems than many of the security experts. All of the people who carried out these attacks were expert software developers and coders. If you think you want to become as infamous as these types of hackers, you’re going to need to become an expert software developer. There’s no way around it. However, I would hope that this section only opened your eyes to the potential some of these attacks have to cause widespread devastation and costly damages.
Again, please understand that the purpose of this guide isn’t to teach you how to create a program that will harm other people’s computers, rack up massive multimillion dollar damages, and leave you with heavy consequences such as
prison time and ungodly fines. However, as a white hat hacker, you need to be aware that these types of attacks exist so you have a basic hacking vocabulary and some foundation knowledge.
I will, however, show you how to crack various passwords, map network topologies, exploit vulnerabilities, and scan targets for security flaws. In these types of examples, we will be focused on hacking into a single target host or network instead of trying to release a plague upon the global Internet. All of that in good time, however, because first you need to understand the different types of hackers that lurk on the Internet, ethical considerations regarding your use of the knowledge in this book, and the consequences of your actions should you misuse this information and get caught red-handed.
0 Comments