Hacking and Pen Testing: Become an Expert in Computer Hacking and Security- Free Chapter Included!
According to author James Smith, hacking is a skill that can be useful in many different ways. Knowledge of hacking can be used as the backbone to securing your own computers and systems. A favorite quote of Mr. Smith sums it up very well: "The first step to making yourself secure, is knowing how vulnerable you are." Share
What made you write this book?
The reason I chose to write this book was because hacking is increasingly becoming a threat as we move more and more of our life online. Nowadays companies and individuals both store very important files and information in online databases. As well as use their websites and online portals to communicate with their followers or customer base. All of this means that people are much more vulnerable to a hacker and stand to lose much more. Because of that I wanted to create a book that helped educate both companies and individuals on exactly what a hacker is capable of as well as the different methods they use to accomplish their hacks. With the knowledge of what they are capable of people are more likely to be able to predict where their vulnerabilities are and then prevent anything from happening.
What new knowledge did you gain whilst writing this book?
When I originally came up with the idea to write this book I already knew a lot about hiding your identity online with things such as VPN’s, Proxies, Tor, etc.. So I didn’t learn a whole lot in that realm. I did, however, spend a lot of time researching the different methods that hackers use to penetrate systems and some of them were very unexpected. The main things that were new to me were some of the common system vulnerabilities (which I was unaware of) as well as how they carried out specific types of hacks. I also was made aware of just how many websites online have serious vulnerabilities. The numbers are staggering.
If you are interested in learning more about hacking and penetration testing, the book is available on Amazon in both eBook and Paperback formats. Bellow is the first chapter of Hacking and Pen Testing: Become an Expert in Computer Hacking and Security (Penetration Testing, Cyber Security, Hacking).
Part One: What is Hacking?
This book is about hacking and other forms of computer crime. I make no apologies for my choice of subject matter.
The plain fact is, any computer security expert is also a hacker. You have to understand the nature of the threats facing you, your company, and your clients before you can hope to defend against it. Likewise, it’s not only a matter of knowledge and experience; the mindset of a hacker must also be embraced. In today’s world, it is no longer sufficient to install an antivirus program and update it whenever you remember.
So, some of the information in this book will enable you to do bad things. I can’t help that any more than I could write a book about DIY woodworking and later prevent you from hitting someone with a hammer. I can only ask you to remember this: stealing a credit card number online is absolutely no different from stealing somebody’s wallet. If you deliberately harm another person using information from this book, the consequences are your responsibility, and I will have exactly no sympathy for you.
So what is this thing, hacking? A cop, a computer science professor, a SysAdmin, and a hacker will each have divergent definitions. So, for this book, let’s just say that hacking is the battle between information “wanting to be free” and information wanting to stay private. This battle goes back to long before computers had even been thought of.
Historically, hacking and counter-hacking started with codes or cyphers. The first system for coding messages I know of started in ancient Rome, where it was used for sensitive communications between the political leadership and generals in the field. It worked as follows: the sender had a carved stick, around which he wrapped a strip of paper before writing his letter. If the message was stolen along the way, the proto-hacker would only see a long ribbon with some scratches on it. The recipient, however, had an identically shaped stick. All he needed to do was wrap the letter around this, and he could easily read the message in clear text (well, in Latin).
The same considerations led to more and more sophisticated cyphers. A merchant in Venice might have wanted his agent in Milan to buy olive oil in bulk. A spy might have needed to send a report on which road an enemy army was following. A king might have wanted to send instructions to his ambassador about what treaty terms he was willing to accept for his country; in all these cases, it is not only important to convey the information, but also that hostile parties do not know what it is you know, and cannot, in fact, send their own messages pretending to be you.
This was the birth of cryptography, the study of codes and code-breaking, which any aspiring hacker will need to become very familiar with. Cryptography, in fact, led directly to the development of modern computers.
All of us are familiar with digital computers; some would even say that a calculating machine without a mouse and screen can’t be a “real computer.” However, a mechanical device with gears and levers can perform calculations, and analog computers are in use even today (such as in aircraft avionics). The former, mechanical kind of computer was used by the Nazis in the Second World War to encipher military message traffic – a machine known as Enigma.
A team of British engineers and mathematicians, a man named Alan Turing prominent among them, set themselves the task of hacking Enigma. They designed their own mechanical computer to help them, which was the direct ancestor of the first general-purpose, programmable digital computer.
Some historians state that the work done by this group of government-sponsored hackers shortened the war by two to four years, while Winston Churchill claimed that Allan Turing had made the single biggest contribution to the war effort of anyone. After the war, though, and with the information age already established partly on his work, Turing committed suicide by eating a poisoned apple. When Steve Jobs (founder of Apple Computers) was asked if Turing’s death had been the inspiration for the famous Apple logo, he replied, “No, but God, we wish it were.”
The World War had ended, the Cold War was on, there were secrets to be kept, secrets to share, and secrets to steal. Cryptography and other forms of hacking had already been shown to be crucial to national interests; in the decades to come there would be a hacker arms race nearly as important as the one involving tanks and thermonuclear bombs.
Still, the advent of the computer had changed the world, and not only for politicians and generals. Computers shrank from the size of a building to that of a room, to that of a car and so on. Their price decreased from where only government budgets could support them, to where large corporations could operate one or two, to where they started appearing in universities and eventually in homes.
This was still not the beginning of what we think of as hacking today. Of course, programmers were busy exploring the limits of what their equipment was capable of and doing things that had never been done before, sometimes on a weekly basis. But, they were generally still working in teams in university or government labs, with no real reason to probe for exploits in the same systems they were responsible for.
However, there was one group of individualistic misfits who liked to take things apart to see how they worked…and how they could be made to work differently. Typically, they also liked to chat, and the telephone system was their playground.
They spent hours dialing around the system, listening to the clicks and beeps to figure out how switching worked on the network. In order to understand the intricacies, they stole technical manuals from the phone company’s garbage, impersonated repairmen and operators and even broke into exchanges.
Once they had this knowledge, they could see no reason not to use it. Free long-distance phone calls, untraceable numbers, and listening in on others’ conversations became their specialties. For this purpose, they designed home-built electronics to mimic switching tones and signals, called “boxes” in blue, black, red, and other colors.
They called themselves “phreaks.” They were usually inquisitive teenagers. Some went to jail. They performed their exploits against a faceless, monopolistic phone company who, those of them who thought about it at all would have argued, used their dominant market position to exploit consumers. But by all accounts, their real motivation was just a desire to tinker with something complex to see how it works.
When phones met computers, networking was born. It was, by no means, the World Wide Web of today, nor the “internet of things” of tomorrow, or even ARPANET. However, your workstation could phone up a BBS (Bulletin Board Service) to read and post forum comments. Business and government had servers which accepted dial-up connections. If you couldn’t afford a full computer of your own, you might be able to spring for a terminal – just a keyboard, screen or teletype, and a modem – and rent time on a computer that might be located a thousand miles away. The desire of technically astute youngsters to fiddle with interesting toys had, remarkably, not disappeared. The available toys had just become more interesting.
Then, the internet came along, and shortly afterwards,all hell broke loose, security-wise.
There you have the history of hacking over two millennia: the contest between secrecy and publicity. As soon as one side gains a small lead, the other overtakes it again. This has been the historical pattern so far and seems unlikely to change anytime soon. One ironic aspect of this race is that the runners can switch teams in midstride, talk openly with their opposition about tactics, tools, and strategies, and any individual may choose to work for “openness” in one context and “security” in another.
It’s a strange world, after all.
Hackers at a Glance
Fueled by (often uninformed and hysterical) media reports, the public impression of a hacker is a socially awkward teenager who moves ones and zeroes around in order to make life miserable for everyone else. This might be true in a small number of cases, but like people in general, hackers have their own characteristics, goals, and ideals.
To start with, we might as well give the general classification regarding their motives:
- A black hat is what you might otherwise call a computer criminal. They try to invade and violate a network for personal gain, or simply to cause damage. For instance, they might steal a server’s user information to sell on to other hackers, or threaten a DoS attack (see later) on a company’s network unless a ransom is paid. Black hats generally work together in small, loosely organized groups, where status is determined entirely by technical ability.
- A white hat is exactly the opposite of his counterpart. In general, equally skilled, they perform “penetration testing,” instead of malicious attack, investigating a network for security vulnerabilities without exploiting them. If successful, they will let the SysAdmin or product vendor know, instead of looting and pillaging. Their motivation may be simple technical curiosity, or they may have been contracted by a specific company to carry out a security audit. Due to the level of knowledge and skill involved, some can easily command a salary of $ 100,000 a year or more, without the risk of going to jail. Another name for white hatting is “ethical hacking” and a number of recognized qualifications exist to prove proficiency in the discipline.
- A gray hat falls somewhere in between. The hat colors, incidentally, come from the symbolism of old westerns. Picture quality was too poor to always identify faces, so the bad guys universally wore black hats, and the sheriff white. Stretching this analogy a little bit, if a white hat is like an actor playing the part of a villain, a gray hat is just playing for fun. He may dredge up a security flaw in a network and offer to correct it – for a suitable fee, of course. Alternatively, they might find an exploit inherent in some piece of software and publish the information instead of exploiting it for themselves.
- A blue hat refers to a freelance security expert. Blue hats make their living conducting penetration testing, especially on new products prior to rollout.
- Hacktivism falls somewhere outside even these elastic categories. A hacktivist is a hacker activist, who uses his abilities to promote his particular moral message to society or attack the online activities of his perceived opponents. They may, for instance, resort to DDoS attacks against organizations whose goals are contrary to their own or distribute supposedly confidential information to the public. The latter can be referred to as “right to know” or “information wants to be free.” Whether you agree with their motives in any given case is up to you, but they are distinct in that they are motivated to hack by conscience or ideology.
- Intelligence agencies and law enforcement are some of the most prolific hackers around. Not only must important political and military secrets be safeguarded from foreign powers (or independent hackers!) but enemies may also be attacked online. All large militaries have an information war department of some sort, dedicated both to defending against and perpetrating cyber-terrorism.
- Finally, organized crime has not been slow in appreciating the ill-gotten gains information theft can bring. As large syndicates and mafias already have the infrastructure to, for instance, launder money, they have partnered with hackers to commit purely criminal acts on a large scale. Hackers for hire are also strongly rumored to work for respectable corporations on occasion, either to steal competitor’s trade secrets orto engage in outright, but undetectable, sabotage.
- Aside from these hats describing their motives, hackers can also be classified based on their widely varying skill levels:
- A script kiddie is an aspiring hacker who has little basic knowledge of computers and networks, but who can download and use intrusion programs written by expert hackers; even if they can’t quite explain what the program is actually doing!
- A newbie is, as you might have guessed, a neophyte hacker with little experience. They tend to lurk on hacking-computer-and-coding-related message boards hoping to learn new skills.
- Elites are hackers with enormous prestige, usually gained by practically demonstrating their skills in either the white hat or black hat worlds. This status is not earned with a degree or other qualification but is bestowed by the hacking community at large (or within forums with similar membership).
Alternatively, it can be said that hackers are creative, technologically proficient people who like to find new ways of solving problems, while crackers are those who seek to penetrate computer systems for whatever reason. Take your pick, but you will see these terms time and time again.
This book is not intended to take you right from script kiddie to elite in one week; no force on earth can do that. A truly skilled hacker requires a profound knowledge of SQL, databases, cryptography, TCP/IP and network architecture, programming down to assembler level, HTML, PHP, assorted standards, such as IEEE 802.11…the list is technically not endless, but as soon as you master something new, you discover three things you still need to learn. For that matter, we can easily add “soft skills” such as applied psychology and business processes to the list.
What we will be doing, though, is systematically present the tools, techniques, and principles that hackers use, so that the reader has the background to continue his education on his own if he wishes. If you enjoy learning about how things truly work, instead of just ticking the correct boxes and hoping for the best, this can be a very rewarding journey lasting a lifetime. At the same time, as being very general, we’ve also tried to include sufficient practical examples to enable the average SysAdmin administrator to guard against most common threats. At the very least, if you make your living maintaining even a small office network or running a website, you should be able to verify for yourself that it is not vulnerable to well-known exploits.
Types of Attack
If you are new to hacking, we are quite away from discussing how exactly to implement the following techniques. However, we have to start somewhere, and knowing what is meant by the following terms will help you tremendously in understanding the next time you read about hacking in the media.
Man in the Middle Attack
The important feature of this kind of attack is that it relies on unsecured or poorly secured communication methods between different computers. It’s best illustrated by a diagram:
As you can see, a man in the middle attacks relying on intercepting communication between two parties who trust each other, and he either alters the content of the messages or replays the messages at a different time in a different context.
There are dozens of variations on this theme and have been used to crack everything from automated teller machines to military friend-or-foe detection.
SQL (Structured Query Language) is a wonderful tool for interacting with databases. It makes life easier for a lot of people, and it makes life easier for hackers as well.
This problem occurs where inputs on, say, a web form are processed directly by SQL, without commands written in SQL being removed. For instance, a password box’s contents might be processed as
Allow access IF password = 1234
If somebody enters “whatever OR 1=1” as a password, this function becomes
Allow access IF (password = 1234 OR 1=1)
In other words, the two comparisons are ORrd and 1=1 is always true, so access is granted.
This is one of the oldest security flaws in existence and continues to be a threat. A malicious user could gain access to an entire database, including being able to alter, add, and delete records.
If a hacker can insert his own content onto a website, or create a “spoofed” website resembling some legitimate page, he can layer coding so that a malicious link is visually hidden behind some button that the user really wants to click such as one that will close an ad. In effect, when he clicks on “Win a Free iPod,” his mouseclick has been hijacked to do something else entirely.
Denial of Service (DoS)
In this kind of attack, the goal is not to steal information, but to temporarily disable a webpage or other online service. This is generally accomplished by sending high volumes of irregular traffic to a server, drowning out legitimate requests.
A variant of this is a distributed denial of service attack (DDoS), where a number of computers are taken over so that the attack seems to originate from several different points.
As the name suggests, the entire goal here is to extort money from the victim. A malware program is somehow introduced to the target machine and encrypts part of the hard drive so that the user can’t recover his data. That is unless he sends a payment in Bitcoin to the hackers, who will then helpfully allow him to view his files again. One variant, CryptoLocker, managed to provide its creators more than $ 40 million in ill-gotten gains.
Types of Malware
Malware and hacking go hand in hand. Why spend all week trying to crack a logon, when it’s possible to inject a rootkit onto the target’s hard drive? For this reason, we should briefly discuss the different categories of malware in terms of what they are and how they operate.
Once one of these is installed, it is extremely difficult to get rid of. Rootkits are very stealthy pieces of software that allow the remote control of an affected system. Once a hacker has control, he can execute programs, copy files, change configuration settings, and alter software (perhaps to enable further attacks), or use the computer as part of a botnet for coordinated DDoS attacks or to originate spam campaigns.
Spyware gathers information about user behavior, including web use, keystroke logging to capture passwords and account information, and can even modify browser or network settings to compromise security further. Spyware infection can be the result of exploiting known vulnerabilities on a system, penetration by a trojan, or may be bundled with a downloadable software. This leads us neatly into our next topic:
There’s a lot of free software available on the internet. Some of it is completely legitimate and written as publically-auditable open source projects for a variety of reasons. Others are stripped-down editions of a commercial, paid program to allow users to try it out and order the professional package if they think it’s useful.
Still, others are supported by in-program advertising, much like many websites. This is usually a legitimate strategy to gain revenue, but some of these programs attempt to target advertising more effectively by monitoring user activity and stealing information. This crosses a line from “annoying” to “risky” in terms of security – your data and where it goes should really be under your control.
These can be thought of as containers for other types of malware, designed to be undetectable by security programs. It may be as simple as a downloadable.pdf with malicious code embedded.
Once the file (.dll,.pdf or whatever) is executed, an avenue for further exploitation is opened. Additional malware can be installed, data stolen, or the computer can be discreetly taken over and used as part of a botnet, or even as a proxy server, relaying the hacker’s internet connection to hide his real-world identity.
Although their purpose can be any of those described above, the defining characteristic of a virus program is its ability to replicate itself and spread to other computers. Typically attaching themselves to executable programs, many other file types are also vulnerable.
Worms dig tunnels through computer networks, looking for systems with exploitable vulnerabilities and infecting these. Additionally, they can serve as delivery mechanisms for other malicious programs intended to steal passwords, create botnets or whatever the creator desires. The chief difference between a worm and a virus is that a virus needs some sort of user action (e.g. sending an email) to spread, while worms look for new attack routes all by themselves.