Hacking Learn fast Hack to hack, strategies and hacking methods, Penetration testing Hacking Book and Black Hat Hacking (17… (Alex Wagner) (Z-Library)

📄 File Format: PDF

💾 File Size: 1.5 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

(This page has no text content)

📄 Page 2

  HACKING 17 Most Dangerous Hacking Attacks           Volume 4 by ALEX WAGNER

📄 Page 3

Copyright All rights reserved. No part of this book may be reproduced in any form or by any electronic, print or mechanical means, including information storage and retrieval systems, without permission in writing from the publisher.                                     Copyright © 2017 Alex Wagner

📄 Page 4

    Disclaimer This Book is produced with the goal of providing information that is as accurate and reliable as possible. Regardless, purchasing this Book can be seen as consent to the fact that both the publisher and the author of this book are in no way experts on the topics discussed within and that any recommendations or suggestions that are made herein are for entertainment purposes only. Professionals should be consulted as needed before undertaking any of the action endorsed herein. Under no circumstances will any legal responsibility or blame be held against the publisher for any reparation, damages, or monetary loss due to the information herein, either directly or indirectly. This declaration is deemed fair and valid by both the American Bar Association and the Committee of Publishers Association and is legally binding throughout the United States. The information in the following pages is broadly considered to be a truthful and accurate account of facts and as such any inattention, use or misuse of the information in question by the reader will render any resulting actions solely under their purview. There are no scenarios in which the publisher or the original author of this work can be in any fashion deemed liable for any hardship or damages that may befall the reader or anyone else after undertaking information described herein. Additionally, the information in the following pages is intended only for informational purposes and should thus be thought of as universal. As befitting its nature, it is presented without assurance regarding its prolonged validity or interim quality. Trademarks that are mentioned are done without written consent and can in no way be considered an endorsement from the trademark holder.

📄 Page 5

Table of Contents   Introduction Chapter 1 – Adware / Spyware / Malware Chapter 2 – Man in the Middle Chapter 3 – ARP Poisoning Chapter 4 – Wireless attacks Chapter 5 – Phishing, Vishing, Whaling Chapter 6 – Password Cracking Chapter 7 – Spoofing Chapter 8 - Spamming Chapter 9 – Xmas Tree Attack Chapter 10 – Botnet Chapter 11 – SQL Injection Chapter 12 - Distributed Denial of Service Chapter 13 – Worms &Virus types Chapter 14 – Logic Bombs Chapter 15 – Backdoors & Trojans Chapter 16 – Ransomware Chapter 17 – WannaCry

📄 Page 6

Introduction     Congratulations on purchasing this book and thank you for doing so. This book is designed to focus on the most common hacking methods exist today. You will be exposed to how the most dangerous attacks are implemented using multiple methods. If you are thinking of becoming an Ethical Hacker, also known as Penetration tester, the concepts explained in this book will provide an excellent learning opportunity that you can use in real life. The contents in this book are explained in everyday English to help you grasp these concepts faster. All through this book is designed to explain the techniques, Volume 2, and Volume 3 is focusing more on step by step implementation process. I have demonstrated 90% of hacking techniques in Volume 2 and Volume 3 step by step, using multiple operating systems and several software for the purpose of helping you learn how to implement certain commands in order to successfully gain power over any network. If you are only interested in knowing how hacking works and how it is carried out, this book will be beneficial to you. For those who are only seeking to understand the theory behind hacking attacks, this book will also help you. In order to become an Ethical Hacker, you must understand first the why hackers and cybercriminals are operating in such large scale. It is vital to understand how certain hacking methods are done in order to avoid become a victim yourself. This book will help you get ready against hackers and the most dangerous hacking attacks exist in our current world. There are plenty of books on this subject in the market, thanks again for choosing this one! Every effort was made to ensure the book is riddled with as much useful information as possible. Please enjoy!  

📄 Page 7

Chapter 1 – Adware / Spyware / Malware   Malware First I will begin to tell you that most probably you will find Malware on Windows operating systems because most operating systems out there in a production environment are indeed some Windows based operating systems. When you think a hacker point of view, there is no sense to create malware for operating systems that only take 30% of the world’s operating systems. Instead, the ones that are most common should be infected. There are many different types of Malware out there, so I will begin to explain some of them, however first let me list the most common types for your reference.   •    Adware •    Worms •    Viruses

📄 Page 8

•    Spyware •    Trojan Horse •    Botnet •    Rootkit •    Backdoor •    Logic bomb   As you see there are so many different types of Malware that are often difficult to identify what type of Malware you might get infected. The reality is that some of the Malware might be working together and then it would be even harder to remove them from your computer. An example would be that you get infected with a Trojan Horse. However, while you would get busy to remove it, in the meanwhile, there would be an additional Backdoor that would get installed on another machine automatically. What happens in such situation is that you might believe that you have removed every malicious software from your PC, however in the meanwhile, another software would install itself that would re-infect your PC once again. Sometimes they might be working together, and once you would delete a certain malicious file, it would trigger another file to re- infect your PC. You could potentially get infected by simply browsing the web, and clicking on something that shouldn’t, these might be an advert of some sort, but it can also come from a genuine website. Another form might be that you have received an e-mail and sometimes by opening the email without even clicking on anything can cause an installation of malware. Some of the e-mails would ask you to follow individual links to provide your opinion on a certain product or website, these all can trigger a malware that is very malicious. From personal experience, I had once a malware that was an Adware, and pretty much any website I have opened, I kept on getting pop

📄 Page 9

advertisements. Anytime I have deleted all the software that wasn’t from a genuine source, I have realized that after a while they all re-appeared with the same date of installation, even I didn’t even touch my computer. Malware exists for the purpose of financial gain, and some of the types are written for the only purpose of stealing credit card details, usernames, and Passwords. Advertising windows can also make money for hackers in the way of being an affiliate for a particular product, and they would get a percentage of you, or anyone would buy those simply from does who would use those links that are kept on popping up on your screen. Some of these advertising pop-ups might be visible already on your screen even right after you would open a web browser, and that would be an adamant indication that you have some malware on your computer. Malware would use many methods. However the most common are to look for known vulnerabilities of an older version of operating system or the previous version of the application. To avoid malware from targeting your computer, you must make sure that you are always running the latest operating systems available. Additionally, the applications that you have on your PC all must always be up to date with the most recent upgrade.   Adware This is easily recognized as your computer screen would be full of advertisements that literally would become so annoying that they would drive you crazy. If you are aware of Adware by experienced these types of issues in the past, you would know that it’s one of the worst out there and the reason for that is so difficult to remove it that you just cannot be sure how to do so. When you have an Adware on your computer, you would be able to recognize it by situations such as by only reading your favorite blog, then all of a sudden multiple ads would pop up on your screen. Mostly

📄 Page 10

advertisements and those are not necessarily the ones that you would be interested, so as I mentioned they are very annoying. The primary purpose could many other thinks. Other than advertising only, and some of the Adware-s might be working with other malware that is logging all the information that you are accessing, every website you visiting, possibly logging all the usernames and passwords too and all those information would be redirected and routed back to the hacker. Regards to performance issues, it’s very common that multitasking such as opening multiple websites would slow down a bit, and often wouldn’t even work, and your CPU would be spiking and would be continuously above 70%. In some situation, you could even experience that your machine is irresponsive and looks like it’s frozen. Some of the events could cause to damage your CPU (Central Processing Unit) so poorly that it could be critical. In case you are unable to click on anything your best bet is to go ahead and open task manager, by using the combined keystrokes Ctrl + Alt + Delete

📄 Page 11

and choose the Task Manager from there. Once you open your Task Manager, first check the user's Tab, making sure there are no other users remotely connected. Then test the CPU utilization in the Performance window, and see If your CPU is only spiking sometimes or it’s continuously high. Sure if you are multitasking you will have higher CPU utilization then if your computer is only in a standby mode, however, I am sure that you would suspect if there are significant performance issues with your machine. It also depends on what other software are running in the background and how much RAM you have on your computer, as well how much RAM Is currently used and so on.         In case you believe that your CPU is indeed highly utilized, your next move should be to go on the tab called: Processes, and begin to analyze by sorting them as the highest CPU used, and to achieve that just click on the tab CPU. Then you should be able to see what processes are using the most CPU on your computer. Any of the processes that are not familiar with you can right click and select properties for further understanding of what Corporation has created them. However, if you see that some them are just taking too much of your CPU, you should shut down the applications by selecting them then click on End Task. Another way to close unwanted processes is by right-clicking on them and select End Task. I can tell you from experience that often to shut down Adware processes this is the only way to End them before it would take down your computer completely. Once when I have been multitasking by opening multiple websites, after few minutes on each site I had numerous advertisements started to pop up, then I have left my laptop up and running for so long that Adware process was spiking the CPU for so long that turned my Laptop off. When I have

📄 Page 12

tried to turn it back on it was useless, so I had to install a new operating system to use that laptop again.     My last advice if you experience an Adware, and your computer is suffering from using too much of CPU, you should turn off your computer before it’s too late. Next, hopefully, you will be still able to turn back on then try to save all your important document to an external hard drive, and install a new operating system. Unfortunately, there is no guaranty that your files will not be infected, especially if you had a rootkit format of malware installed previously, however, to save your computer’s CPU from potential damages new operating systems that I would recommend. You might be able to download an excellent anti-virus,  such as Kaspersky of Norton, however often these Antivirus software wouldn’t help as much as you would expect. Also, you must understand that some form of Adware might have been written in another combined form. Once you would try to remove the malware, the malicious software would react by activating another piece of software that would pop up on your screen and then would pretend to be an Anti- Malware or some Anti-Virus that would be able to remove all the Adware from your computer. Now you have to be careful as this is another method that hackers would use, that is to make you pay for an Anti-virus that would not remove anything, in fact, while you would install this so called Anti- virus, what you would be doing is installing another malware that would continuously infect your computer.   Recommended Antivirus Software is:   •    Kaspersky •    Symantec •    McAfee •    Norton

📄 Page 13

•    ESET   Spyware This is another malware, yet this type of software is designed mainly to spy on computers. To fully understand the reason why these types of Malware is so dangerous, I will begin saying the most common effects when dealing with Spyware. First spyware could very likely be operating on your computer like Adware, meaning lots of advertisements. However, these types of ads would be popups that you might be interested in purchasing. What hackers would do is try to advertise an individual product to you from the third party with a hope of you as a victim would buy, and they would be getting an affiliate commission from each of those purchases. To narrow down your interest and understand your buying habits they would begin to spy on you, by monitoring your activities daily. For monitoring purposes, you would find that most Spywares have keyloggers built into them. Keyloggers log everything that you type into your computer even if you are not online. I mean everything, so let me give you an example: Let's assume that you would write something like Hi John! Then you would backspace John and change it to Jack > it would be visible too. Keyloggers log every keystroke that you type, even if it’s a mistake that you correct

📄 Page 14

without saving the file, and that would be online web browsing, emails, Facebook messages, or offline word document, notepad you name it.   All those details would be transferred to another software that would analyze and understand your interest and start to advertise certain products to you. You would never realize that someone was logging all your information, as well you would never know that has been sold on the internet, it’s happening day and night all the time. To get spyware to your computer, you might be downloading a free software that has been written with the intention of installing spyware on computers. The actual software could have been designed as a genuine free software, however, if the hackers would realize millions of people would download it, they would infect it with spyware and then re-upload it on a similar website. Victims then begin to download it, and all through the software would work just fine, however, while the installation takes place, additionally, you would be installing a spyware too, that would begin to act maliciously on your computer. The same method would apply for: •    free movies, •    free music, •    free pictures, •    free operating systems, •    free software and so on.   They all could have a hidden unwanted spyware inside, as hackers would know that millions of people are downloading such products all the time. If you are good with math you should be able to understand; this would be a good business for them, of course, this is illegal. Therefore I would recommend you to stay away from unlawful activities. This criminal activity is known as Affiliate fraud, and many large Cyber Criminal Organizations are operating as their primary income.

📄 Page 15

  As you can see Malware types are dangerous as they would win against many victims one way or another. They would keep on advertising products and make money off you. If not they would try to manipulate you into buying fake antiviruses, they might do a Ransomware (more on this in a later chapter) with a locked screen and demand payment, or if you don’t want to participate, then they would just destroy your operating system, then your computer eventually. Either way, the end goal is always financial gain, and believe me, malware is not designed for some people, instead as many as possible. Spyware itself is the one that specifically designed to go after your money, either your Credit Card or Bank account information so that it can be sold on the dark web. Worse is that hackers would use your Bank account information and take money out of your account.   Protection against Man in the Middle attack To do something against a Man in the Middle if you have one or two computers, you should make sure that you have an excellent antivirus. Preferably one of those I have mentioned in Chapter 1, however, you must make sure that your Antivirus is up to date every day, perhaps configure it by having auto-updates. Therefore once the Anti-virus company would come up with the latest upgrade, you would have a chance for more protection against bad guys.

📄 Page 16

Chapter 2 – Man in the Middle     Man in the middle indeed what the name implies, therefore someone would be sitting and listening to the source and the destination while traffic flow would be generated. Additionally listening and capturing traffic, the man in the middle can copy and save all the traffic, then all that can be replayed and analyzed in more depth. In Volume 2 I have explained in greater details the reasons why implementing and becoming a Man in the Middle is beneficial for Ethical Hackers as well Security Engineers, however, if you have not gone through that book yet, I would highly advise you to do so to get the most out of this book. A quick recap on that subject was an example that you as Security Engineer might have to analyze a newly designed application, making sure it has no

📄 Page 17

vulnerabilities that can be exploited before it would be used in a Production Environment. I have explained by using BurpSuite could be an excellent option that would not only be used to implement a Man in the Middle attack but analyze packets in more depth. As I mentioned, BurpSuite can be one of the best software for the purpose of monitoring and understanding exactly how a new Application would behave once in use. To have BurpSuite functioning, the only method would be to become a Man in the Middle. Once you are a Man in the Middle, you are becoming the Endpoint to both, the source as well to the destination. Monitoring traffic flow in an authorized manner is very common amongst Security Engineers. However, there is a dark side to it too that I will now begin to explain.   Listening The reality is that once there is a Man in the Middle between your laptop and your router, you might never even find out. That’s scary. However, it’s the sad true. Man in the Middle attack can be implemented in many different ways, and I have explained and applied the three most common ways that hackers could use against victims in the Book: Volume 2 – 17 must-have tools every Hacker should have By someone listening to your traffic could mean that everything you type in the computer could be recorded and analyzed in depth. Everything means your usernames and passwords to all websites you would visit, of course, the list of all those sites you would visit, anything you download from the internet or able to access, including all your Bank Details, all your social networking details, e-mails, and the list goes on. Your data is very much considered a highly valued information to hackers and they would try to leverage on it in multiple ways.   Redirecting traffic Black hat hackers can listen to your traffic flow in monitoring mode. However they would also try to redirect your traffic for affiliate frauds, so

📄 Page 18

your wouldn’t get the response that you meant to be, and many people would just believe that thinks have changed with a particular website as they not seem to appear as they used to be. That’s right; once a Black Hat hacker would have gained enough information from your browsing habits, and find it that you do visit eBay 5- 10 times a day, the Hacker would try to use some template and manipulate you to visit a fake eBay website. Taking it further, the Hacker with evil intention would be trying thinks like you forgot to purchase an individual Item, the one that got stuck in your browsing history, of might have been learned from your browsing habits. Then the Hacker would try to make you pay for an item on a fake website, using PayPal or other paying methods used over the Internet. Once you would be presented with the payment link after you would type your details, it wouldn’t work. If you already know the reason why then congratulations! The answer is indeed to steal your PayPal information by what you would type into the fake PayPal link. This time you don’t make any payment, however, the Hackers would have logged all the information already that would be enough for them to make any other real Payments on other platforms, but believe it or not, this is happening all the time, day and night all over the word in every minute. So the cherry on the top is that these type of hackers wouldn’t use your information to purchase items or products on the internet. Instead, they would sell them in batches on the dark web for an average price of 10x Units of Credit Card Details + passwords for the mean price of $5. Sure the price is not always same, and if these Man in the middle attacks were implemented on a large Company’s systems, Black Hats would have full access to financial purchases that the Company would frequently participate, and once they would identify that, they would raise the price of the Black Market. Typically they would ask for a price in worth of dollars. However, they would ask to get paid in Bitcoin to be untraceable. Therefore they never would be found. Redirected traffic might results as an affiliate fraud, so they would begin to make you advertising certain websites by manipulating into seeing ads that

📄 Page 19

you might be interested, and that’s where they would introduce some malware, such as spyware.   Injecting payload into existing traffic: Additionally, Blackhat Hackers would be able to insert the particular payload into the flow by changing some of the details of the traffic, and this could be implemented in both ways. Some of these injecting methods might be changing the source details telling the destination that the address of origin should be the Hackers laptop. Therefore they would receive the answer first. The other way to implement these techniques is not touching the source details. However the destination details would be analyzed and changed, so the end users or victims would receive a different web page and not the one that they have asked for in the first place. This could happen in many forms too, and hackers could be sending back to the source a fake web page that would ask you to download a fake JAVA application that required to proceed to the internet page. Another way might be that you could be receiving a message similarly to JAVA application but this time it would be ADOBE reader upgrade would be required to proceed to the web page. The issue is that recognizing the exact upgrade requirements and the fake ones are tough. Therefore you might do a test by asking someone else if they would visit the same web page what would be the outcome. In case it’s not the same, then you should be able to recognize that probably someone else is sitting between your computer and your destination.

📄 Page 20

Chapter 3 – ARP Poisoning   Man in the middle attack could come in many forms as I mentioned before but the most common implementation is ARP poisoning.   ARP Poisoning To introduce the technique of ARP poisoning, you should understand the basics of ARP its purpose and how it functions, even not required to become an ARP expert the bare minimum is to know some basics   ARP stands for Address Resolution Protocol, the purpose of this protocol is to translate the IP Addresses to their MAC Addresses (Physical addresses) of all the networking devices that reside on the LAN (Local Are Network). To implement this command on the Windows operating system, you may proceed by opening a command line interface and type arp –a