The best computer and OS for a hacker. Hacker utilities for Android and iPhone

If we wanted to make a book based on the coolest hacking articles published in our magazine, it would be so thick that if we stacked all the published volumes on top of each other, the resulting tower would be as tall as the Burj Khalifa. Okay, okay, “that’s not accurate” :). After all, why publish historical articles that have lost their relevance? Instead, we will collect the coolest texts on information security, which have been published over the past few years and which you might have missed.

In the last issue, we made a selection on , which was primarily of interest to programmers, reversers and software engineers. Today we present to your attention articles devoted primarily to the hacker craft - everything related to hacking the OS, DBMS, penetration testing of IT infrastructure, OS and application software vulnerabilities. You will also find half-forgotten or little-known features and tricks that will be useful in practice if you are truly devoted to our cause! Please note: just listing these articles would take up six full pages of the old paper “Hacker”. 🙂

Forensic memory analysis. Examining processes in Windows 7

After a hack or data leak, when the incident has already happened and it cannot be silenced :), forensic scientists get involved in the case computer security, or, as they are often called, forensic experts. In search of the “patient zero” through whom the hack occurred, they have to collect and analyze evidence. In this article you will get to know some analysis techniques RAM , researching Windows processes, ways to identify rootkits that use undocumented features of the NT kernel, and learn some little-known coding tricks.

The material will be useful to anyone involved in or simply interested in forensics.

Manual resuscitation of a memory dump. Manual Memory Recovery Guide

A common situation: the code is securely packaged and in order to analyze the program or malware you have to take a memory dump and then manually pick it out with other tools. But there is a problem - the dump taken may turn out to be broken, that is, unsuitable for analysis. And what to do in this case? Just in this article, my friend, they will tell you how competently dump an image from memory and how to restore it if it is damaged. If you are a reverse engineer or a forensics expert, believe me, this will definitely come in handy someday!

Laboratory workshop on Metasploit Framework. Hidden tricks of MSF

Who doesn't know MSF? This " swiss knife"is one of the five most used tools by pentesters, and just any more or less advanced security specialist. The tool is constantly being developed and updated, many new features and little-known options appear that are easy to miss, but they really expand the capabilities or make the work much more convenient and comfortable. Automation of frequently repeated operations also plays an important role. The presented material will talk about some of the features of MSF, more or less advanced built-in capabilities of the tool, as well as the possibilities of automating routine operations, which will save you a lot of time. You simply must know this!

Meterpreter in action. Tricky Tricks via MSF

Those who have at least somehow immersed themselves in the topic of working with the Metasploit Framework know how many opportunities a correctly forwarded “payload” provides on a vulnerable machine. We are talking about Meterpreter, a universal advanced payload - both what is included there and what we can add manually. You will learn how to use payload correctly and effectively for your benefit, what features Meterpreter has, and of course, you will be able to test all this in practice. In conjunction with the previous article about the Metasploit Framework, this turns out to be a real must-read for a beginner or a slightly more advanced pentester.

DNS Feedback. We bypass barriers and organize access to the Network

So, you got to a vulnerable machine in corporate network large company. However, the firewall cuts off all unknown connections, and the list of ports to which you can connect is fixed. Accordingly, Reverse tcp shell and especially bind tcp shell will no longer work. And will our machine really remain out of reach? This is where the trick of encapsulating the connection into the legitimate DNS traffic of the vulnerable machine will come to your aid. Do you think it's difficult? In the material, they will tell you about DNS and how you can play with GET/POST requests in order to quietly penetrate the corporate perimeter.

DNS: feedback. Advanced payload for tunneling

What if the vulnerable machine does not have access to the Internet at all or the traffic filtering rules are so strict that it is impossible to create a tunnel as described in the previous material? The second part of the article on DNS tunneling explains how to solve this problem using more clever and sophisticated techniques. You will learn how to modify the shell in such a way that it receives control commands wrapped inside service traffic, how to set up a bot that performs all this routine, and, in fact, how to use all this to gain access to the car we need.

DNS attacks: yesterday, today, tomorrow. Ghost Domain Names and other 0day methods to hack the domain name system

Have you heard about DNS attacks? The once sensational Ghost Domain Names attack has a chance of being implemented now. About her and other methods of attacking domain system is discussed in this article.

Don't believe your eyes. Current spoofing methods today

The heyday of spoofing attacks occurred in historical times by today's standards. However, to this day there are still methods and tools that allow you to successfully replace objects in a network segment. This is a rather risky part of attacks, for example on remote banking systems, and is also often used in template pentests. From this article you will understand how easy it is to carry out a spoofing attack and what this can lead to in the future.

Not enough rights? Enough: 8 tricks to bypass group policies in a domain

Do you feel like a guest on your work laptop? Do you dream of customizing your desktop, browser, network and update system for yourself? We present to your attention a set of eight tricks that allow you to somehow bypass the use of group policies domain. Of course, some of the techniques may no longer work on Windows 10, but old versions of Windows (XP - 7) are still alive on corporate machines, and many old bugs still work. The article provides a set of ready-to-use recipes; you can try them on your computer and prove to admins that GPO is not as good as it is praised.

We're going for a promotion. Recipes for raising privileges under Windows

We continue the topic of trepanning Windows. When you perform a pentest or penetrate for other purposes, for example, Active domain Directory, the machine on which the site is hosted, or workplace accountant with 1C, you will almost certainly be faced with the task of raising your privileges. For her decision will determine whether you can move forward or not. This article describes everything (or almost everything) related to moving up in Windows systems - eleven techniques that will help you go from guest to local or domain administrator.

Domain attacks. Taking over the corporate network

The vast majority of companies for the custom corporate sector use Windows base Server and directory service Active Directory, even if the rest of their racks are filled to capacity with cars with *NIXs. Therefore, control over a domain is a tasty morsel for any hacker or pentester. Accordingly, you cannot do without administrator privileges. But how to get them is what we will talk about in this article. Vulnerabilities in network services and OS, holes in the network architecture and authentication problems, SMB Relay and timeless ARP spoofing... Must read for everyone interested in pentests.

Give back the rights! How to bypass restrictions on a work computer

Another material on the topic of obtaining admin rights on local or network machine. There are a lot of recipes and techniques, so even if some don’t work, there is still a chance of success. Both “insider” flash drives and loading from hidden section, using alternate NTFS streams to bypass file permissions. Quite a lot of attention is paid to activating prohibited USB ports. In addition, you will learn about tricks with shortcuts, deflating group policies, and bypassing bans on running software that is not included in the white lists. How do you like this set? You will definitely find something for yourself, and a pentester should definitely study it.

We study and open BitLocker. How does Windows disk protection work and what is needed to hack it?

Encryption of local drives and removable media is one of the fundamentals of ensuring Windows security, declared by its developers. Moving away from marketing promises and PR, how reliable is the technology? After all, it is very often used in the corporate sector by default.
In this article we will analyze the device in detail different versions BitLocker (including those pre-installed in latest builds Windows 10) and, of course, we will show you how to bypass this built-in protection mechanism. And whether to use BitLocker after this or not is up to you to decide.

7 recipes for preparing Windows passwords. How to dump and use password hashes from Windows accounts

Once upon a time, in the old days, dumping and then brute force passwords from admin accounts was a surefire and very popular way to gain administrative privileges. Now, with the development of other protection mechanisms, the topic has become somewhat outdated, but is still alive!

The article provides a complete collection of recipes describing how to dump user password hashes, restore the original pass using brute force (brute force) and use the extracted hash to gain access to protected resources using flaws in the NTLM authentication protocol. And the value of the material is that it contains a minimum of theory - only practice. A real case for a pentester!

Don't rub salt in my password. Reanimating a dead MD5

We have already described in detail in the previous article about hacking account passwords on Windows machines. Continuing the topic, let's talk about the so-called salted hashes, which require a slightly different approach to crack. We will mainly talk about the MD5 algorithm, its shortcomings - the appearance of collisions (repetitions) and how this can be used for successful brute force. If you are a coder and are ready to write scripts to exploit flaws in MD5, this material is definitely for you!

Anonymous attack on Windows. Tricky tricks of a seasoned hacker

The article takes us back to the era of operating systems from XP to Vista, showing how, with the help of long-known but still working features, you can get a list of users through a zero session, capture an RDP terminal connection, and what can be configured in the system registry to protect yourself from unwanted eyes and playful hands.

Steal in 60 seconds. Remote Dedik mining method running Windows

Have you ever dreamed of taking over someone else's server and feeling like a god? 🙂 The material contains real advice on how to hijack a remote server using the same MSF and several types of shell in the Meterpreter format. Of course, a patch for this vulnerability has long been released, but, as you know, you can still find cars on the Internet running an outdated or unupdated OS. Armed with information after reading the article, you can try your strength and luck. What if?

Hacking script. We analyze typical attack scenarios on corporate networks

This article is based on many years of experience of pentesters from Positive Technologies, who annually perform hundreds of penetration tests for major companies both in Russia and abroad. During this time, experts have accumulated large number typical situations and general cases telling about the most typical scenarios of successful attacks, which made it possible to gain control over the customer’s network in 80% of cases. The material discusses common mistakes and common options hacking companies. By reading the article, you will be able to analyze how secure your network is, and if you are a pentester yourself, you will receive a set of ready-to-use scripts.

We measure vulnerabilities. Classifiers and metrics of computer flaws

Lately More and more often you hear the phrases: “There is a vulnerability, there is a vulnerability, a gap was found in this software, a hole in that service.” And for each such vulnerability, a bulletin is issued that describes the problem itself, recommendations from developers, and other measures that you can take to protect yourself. All this information is published on bug tracks, special sites that collect information about vulnerabilities. Anyone can get acquainted with this information, and more enterprising people can always buy an exploit for this vulnerability or a ready-made attack tool on the black market. When you read reviews like this, you probably noticed that each bug is classified in a certain way. What is “vulnerability measurement”, what criteria are used to measure it, and why do you need to know it at all? You will find the answers in this article.

Depraved programming. ROP tricks that lead to victory

When delving into the topic of vulnerabilities and exploits, you can often hear about a “buffer overflow,” as a result of which it is then possible to execute arbitrary code on the victim’s system. So, this bug can be created purposefully, for example, using the reverse method oriented programming, or ROP. This technique, using freed memory functions, format string errors, and so on, will help cope with DEP and even ASLR protection mechanisms. An exploit that spreads malware and exploits a vulnerability in Acrobat Reader (CVE-2010-0188) is a prime example of this. Additionally, this same method was once used by pwn2own to hack an iPhone and in an exploit against PHP 6.0 DEV. How to do this - read in this article.

Exploit "on the knee". We write an exploit using improvised means

Any advanced pentester sooner or later has to face the task of creating an exploit for a specific service or system. Although theoretical materials There are many, and there is still a shortage of practical and understandable examples. In this article, the task was to write a working exploit for a specific program. We will look at all the intricacies and try to understand exactly how vulnerabilities are found and successfully exploited. If you are a reverse engineer or a pentester, this is a must read!

We pick at the armor of Windows. Let's find out what ACL/DACL is and how it can be exploited

At the heart of file security NTFS systems access control lists, also known as ACLs, and based on it system list file permission management. Despite the fact that NTFS shows itself to be a very persistent FS, as Malchish-Kibalchish said, “the Russians have secret passages, and you can’t fill them up.” After all, if you bypass ACL restrictions, a hacker can gain privileged access to absolutely any files, including system files, which already poses serious risks. The material reveals the theory of ACL/DACL, tells what you can tinker with here, and, of course, looks at examples of how the flaws found can be exploited to your advantage.

Taming the wild pussy, or leaking passwords with suitcases. Hacking routers through SNMP flaws

It's no secret that Cisco is the most popular network equipment vendor. And therefore, there is no need to prove that the vast majority of companies will use switches and routers from this manufacturer as the basis of the network, or at least the core. It is logical that any critical error in their firmware can jeopardize normal work and connectivity not only of the corporate network, but also of particularly important segments of the Internet. The article talks about several Cisco vulnerabilities that you simply must know about - from hacking a router via SNMP to leaking passwords through a GRE tunnel.

Bluetooth tricks. Little tricks for using the “blue tooth”

In the old days, when everyone had virtually no phone unlimited internet, people were actively exchanging files via Bluetooth. Blue tooth, it’s just that now it has a slightly different purpose - communication between various wearable devices and in the world of the Internet of things.

What does all this mean for a hacker? Having the right tool on your smartphone or tablet, you can work real miracles - we intercept remote communication and control someone else’s device, sniff out traffic, find invisible devices and even DDoS devices detected nearby.

Master class on resuscitation of nixes. Methods for dealing with Linux and FreeBSD failures

UNIX has long proven itself to be a reliable and predictable system. But it happens that after system error or another failure, the further fate of the operating system depends entirely on the qualifications of its owner. UNIX's design is so simple and straightforward that the OS can be lifted off its knees, no matter what state it is in. The material discusses the most typical and common crash situations of *NIX systems: a worn out MBR record and forgotten password root, freezes and spontaneous reboot OS, kernel panic, crash hard drive, incorrect setting xorg.conf, missing video driver, incorrect configuration network interfaces, non-working DNS resolution - and recipes for eliminating them and restoring functionality are given.

How to become ssh-friendly. Full-guide on using Secure Shell

SSH is de facto the most popular and frequently used protocol remote access to Linux. Is it necessary to talk about the degree of reliability and security of the protocol through which the administrator connects to the server? But in addition to security settings, SSH has a bunch of options that will make working in the terminal more comfortable, enjoyable and faster. The article contains the most complete manual on correct use Secure Shell one hundred percent.

The evil legacy of Windows. Conceptual methods of hacking Linux via a flash drive and protection against them

What Windows user doesn’t remember troubles with flash drives and the annoying virus from Autorun? Linux users have always looked down on this problem, saying it doesn't concern them. This is partly true, but not everything is as smooth as we would like. Penguin had its own problems - this is .autorun, similar in functionality, a flaw Adobe Acrobat Reader with fonts, as a result of which you can run anything in Nautilus, buggy drivers that incorrectly process removable media, and features that allow you to bypass security mechanisms such as AppArmor, ASLR, PIE and NX bits. Already interested? Then read the material and you will find out how it was.

*NIX backdoor of instant preparation. We integrate into the authentication system of Linux, BSD and macOS

After the task of penetrating the car has been completed, it is necessary to somehow gain a foothold on it without arousing suspicion. For example, create new account or infect the victim with some kind of backdoor, which, like a faithful servant, will wait for execution commands from the owner. Even though *NIX systems are much more secure than other platforms, there is a very easy to implement and fairly secretive method that surprisingly few people know about. This is a modification of the PAM authentication system modules, which is used by all modern UNIX systems. The material provides a theory on PAM modules, an example of C++ code for writing your own backdoor, and techniques for integrating it into legal authentication modules.

Attacks on Tomcat. We study common attack methods on Apache Tomcat and ways to counter them

Apache Tomcat is the leader in the number of installations on servers and distribution in the world. It ranks sixth in popularity among web servers in the W3Techs ranking, which, of course, automatically makes it an attractive target for attackers. The default settings do not allow you to withstand common attack methods, so the material contains specific recipes and recommendations used both for testing for the possibility of hacking and for countering attackers who encroach on your shrine.

We flex our muscles. Methods and tools for hacking MySQL databases

It's no secret that MySQL is one of the most common DBMS. It can be found everywhere, which is why database security is very important: if an attacker gains access to the database, then there is a high risk that not only will all the information be lost, but the attacker will also lose the entire resource. This material contains up-to-date information on the algorithm for hacking and post-exploitation of MySQL, all the most commonly used tricks and techniques, including those from the arsenal of pentesters. After reading it, someone will repeat the theory again, and someone will learn something new. So go for it!

Attack on the Oracle. Detailed guide to attack vectors on Oracle DB

Needless to say, Oracle is a top and widely used DBMS? All the most valuable data, from financial transactions to the results of military experiments or modeling of space objects, circulates in its depths. Like its younger brother MySQL, this DBMS is a real tasty morsel for a hacker, and any pentester will not bypass it. The article provides the most important and most typical vectors of attacks on tables and program code bases Oracle data- hacking of user accounts, execution of arbitrary code, injections into requests, scheduler bugs and much more. All sections are provided with visual illustrations and code examples. So, if you are involved in pentesting and/or are interested in internal device Oracle, be sure to open it.

Blind injections. Exotic rough injection

While researching the topic of DBMS security, I came across an old but interesting material on the use of injections in SQL queries. The material describes tricks that may someday be useful to you in practice. At the very beginning of the article, the necessary theoretical foundations SQL, such as functions and query structure, then illustrates tricks using NULL, prequeries to identify potential holes, INSERT tricks, and provides general example using the entire described arsenal. Having trained on a training database using these techniques, you can confidently begin testing a real database almost automatically, that is, as the title of the article says, blindly!

In this part I want to talk about the choice of hardware and the choice of OS for a hacker. Immediately regarding the OS - I will talk about the choice between Linux and Windows, I will not talk about Linux distributions. As for the hardware, I’m not a big hardware specialist, I’ll just share with you some observations that were formed based on practice.

Computer for a hacker

Let's start with the good news - for penetration testing, hacking, any average computer. If you decide to take up a new hobby or learn computer security (very useful for web application programmers, and anyone else who would like to avoid becoming a victim of hackers), then you don't need to go to the store to buy a new computer.

However, when choosing a new computer, there are some things you can consider that will help your computer (and therefore you) be more efficient at certain tasks.

Desktop or laptop?

A desktop computer has many advantages: it is more powerful, cheaper, easy to upgrade and repair, it has more convenient keyboard, more ports, larger screen and much more. And there is only one drawback - lack of mobility. If you are not faced with the task of visiting sites, and in general you are just learning, then desktop computer would be preferable.

Video card for pentester

We don't need a video card, of course, for games. We need it to iterate over hash sums (hashes). A hash is the result of data processing using a special algorithm (hash function). Their peculiarity is that the same data has the same hashes. But it is impossible to recover the original data from a hash. This is especially often used, for example, in web applications. Instead of storing passwords in cleartext, most websites store hashes of those passwords. If you enter your username and password, the website calculates the hash of the password you entered and compares whether it matches the one that was previously saved. If it does, then you have entered the correct password and are gaining access to the site. What is all this for? Imagine that a hacker managed to gain access to a database (for example, through SQL injection) and learned all the hashes on the site. He wants to log in as one of the users, but cannot - the website requires a password, it does not accept hashes.

You can recover a password from a hash, for example, using brute force (there are also rainbow tables, but this is not about them now, and their essence boils down to the same thing - calculating hashes for candidate passwords). We take a candidate password, for example, “superbit”, calculate the hash sum for it, compare it with the existing hash sum - if they match, then the password for the user is “superbit”, if not, then we take the next candidate password, for example, “dorotymylove”, we calculate the hash sum for it, compare it with the one we learned from the site’s database, if it matches, then we know the password, if not, we continue further.

This operation (hashes enumeration) can be done using central processor, there are many programs that can do this. But it was noticed that it is much faster to iterate over hashes using a video card. Compared to a CPU, using a GPU increases the search speed by tens, hundreds, thousands or more times! Naturally, the faster the hashes are searched, the greater the likelihood of a successful hack.

Popular video cards are AMD, GeForce and Intel HD Graphics. It is not always possible to get much out of Intel HD Graphics; they are not particularly powerful and are not purchased separately - so we will not dwell on them much.

The main choice is between AMD and GeForce. Much more popular GeForce video cards. They have proven themselves in games, they have a huge army of fans. But AMD is better suited for brute force hashes, no matter how frustrating it is for GeForce fans. AMD video cards from the average price category show approximately the same results as GeForce video cards from the top category. Those. Instead of one top-end GeForce, you can buy 2 cheaper AMD ones and get a higher speed of hash enumeration.

I rethought this moment. Comparing data from and prices in online stores, I came to the conclusion that there is no difference. Top GeForces are more than twice as powerful as top Radeons. And the price is about twice as high. Plus you need to know that AMD drivers have a very painful relationship with most Linux distributions. Currently hashcat on Linux only supports AMDGPU-Pro, which only supports newer graphics cards. And even if you are planning to buy a computer with a new AMD video card, then first check out the list of supported Linux distributions - it is short, it is quite possible that your OS is not there.

In general, perhaps at one time Radeons really were better than GeForce for brute-forcing passwords, once upon a time AMD drivers were installed in Linux with one command, but this is no longer the case. If I were building a computer or buying a laptop now, I would choose models with GeForce.

Iterating over hashes will be needed:

• when testing web applications for penetration (sometimes);
• at Wi-Fi hacking(almost always);
• when cracking the password of encrypted disks, wallets, files, password-protected documents, etc.) (always).

RAM

Only when using one program did I encounter a lack of RAM. This program is IVRE. For most other situations, the RAM of an average or even low-power computer should be enough to run almost any application in a single thread.

If you plan to use the OS for pentesting in virtual machine, then in this situation it is better to take care of a sufficient amount of RAM.

RAM requirements of virtual machines:

• Arch Linux with graphical interface- 2 gigabytes of RAM for very comfortable work
• Kali Linux with graphical interface - 2 gigabytes of RAM for normal operation
• Kali Linux with GUI - 3-4 gigabytes of RAM for very comfortable work
• Any Linux without a graphical interface - about 100 megabytes for the system itself + the amount that the programs you run will consume
• Windows latest versions- 2 GB to just start (lots of slowdowns)
• Windows latest versions - 4 GB or more for comfortable work.

For example, I have 8 gigabytes on my main system, I allocated 2 gigabytes of RAM to Arch Linux and Kali Linux, I run them (if necessary) simultaneously and work comfortably in them. If you plan to use the OS for pentesting in virtual machines, then I would recommend having at least 8 gigabytes - this is enough to comfortably run one or two systems, and most programs are on these systems.

However, if you plan to run many programs (or one program in many threads), or if you want to build a virtual computer from several virtual machines, then 16 gigabytes will not be superfluous (I plan to increase it to 16 gigabytes on my laptop, fortunately there is two empty slots).

Anything more than 16 gigabytes of RAM is unlikely to ever be useful to you during pentesting.

CPU

If you are going to iterate over hashes and do it using the central processor, and not graphics card, then the more powerful the processor, the faster the search will go. Also powerful processor With a large number cores will allow you to work in virtual machines with greater comfort (I allocate 2 cores to each virtual machine with a graphical interface).

The vast majority of programs (except those that iterate over hashes) are not demanding on processor power.

Hard drive

There are no special requirements. Naturally, it is more pleasant to work with an SSD.

Pentester computer on VPS/VDS

Well, “in addition” VPS allows you to organize your own web server, mail server, file storage, cloud for cooperation, ownCloud, VPN, basically anything that Linux can do with a white IP. For example, I organized monitoring of new versions of programs (on the same VPS where https://suip.biz/ru/ - why pay twice): https://softocracy.ru/

VPS allows you to install both a computer with a command line interface and a graphical desktop environment. As they say, “taste and color…” all markers are different, but personally I am an ardent opponent of installing an OS with a graphical desktop environment as a server. If only because it is simply expensive - for comfortable work you need to buy tariff fees with 2+ gigabytes of RAM. And even this may not be enough, depending on running programs and their quantities.

On an ARM device, I would recommend installing an OS without a graphical desktop environment and choosing among devices those that are more powerful. The result could be an assistant who is almost invisible, who never sleeps and is always doing something for you, while consuming almost no electricity. If you have a direct IP, you can install a web server, mail server, etc. on it.

Linux or Windows for hacking?

Most of the programs that are used in pentesting from Linux are cross-platform and work great on Windows. The only exceptions are programs for Wi-Fi. And the point is not in the programs themselves (Aircrack-ng, for example, is a cross-platform set of programs that comes with official binaries for Windows), but in monitor mode network adapter on Windows.

Windows has its own certain potential, there is Cygwin, which can do much of what it is capable of command line Linux. I have no doubt that there are a large number of pentesters who use Windows. In the end, the main thing is not what OS is installed, but understanding technical aspects, understanding of the network, web applications, etc., and ability to use tools.

Those who choose Linux as their hacking OS platform have the following benefits:

• There are many ready-made distribution kits where the corresponding specialized programs are installed and configured. If you install and configure all this on Windows, then it may turn out that it’s faster to deal with Linux.
• Tested web applications, various servers and network equipment usually runs or is based on Linux or something similar. By mastering the Linux OS and its basic commands, you simultaneously learn the “goal” of pentesting: you gain knowledge of how it works, what files it may contain important information, what commands to enter into the resulting shell, etc.
• Number of instructions. All foreign books on pentesting (I haven’t seen any domestic ones) describe working specifically in Linux. Of course, you can speculate and transfer the commands to Windows, but the effort spent on making everything work as it should may be equal to the effort required to master Linux.
• Well, Wi-Fi. On Linux, if your network card it supports, no problem with monitor mode.

Hacking is finding vulnerabilities in a network or computer in order to gain access. Becoming a hacker is not easy, and in this article we will cover the basics.

To become a hacker, you need deep knowledge of programming languages, hacking methods, searching for vulnerabilities, network design, operating systems, etc. You must also have a creative type of thinking. You must quickly adapt to the situation, find non-standard solutions, be creative.

While the skills described above can be developed over time, understanding, for example, MySQL or learning how to work with PGP encryption requires a lot of learning. And for a long time.

To become a hacker you need:

Learn and use a UNIX system, such as Ubuntu or MacOS

Initially, UNIX systems were intended for programmers developing software, and not for users who are not related to the IT field. UNIX systems are the systems on which almost the entire Internet runs, since they are mainly used as a server (most often Debian and Ubuntu). You can't become a hacker without learning them and learning how to use a terminal.

For Windows users

If you use Windows, there is good news for you: there is no need to delete your current system and format the disk. There are several options for working with Linux:

1. Learn VirtualBox (an operating system emulator program). Once you learn it, you will be able to run the operating system within the operating system. It sounds scary, but the program can be very useful.
2. Install Linux next to Windows. If you do everything correctly, system bootloaders will not conflict. This is done quite simply: there are many manuals on the Internet.

Learn HTML markup language

If you are not yet familiar with programming, then I don’t even understand what you are doing on this site then you have a great opportunity to start your journey by learning Hyper Text Mark-Up Language. No matter what you see on the site, know that it is all HTML.

Let me give you an example using HTML, even if it is a little related to PHP. At the beginning of 2015, a vulnerability was discovered in WordPress theme, which allows you to upload derivative (executive) files to the server. The file in which the vulnerability was found is admin/upload-file.php. Here it is:

To make a submission form for this file, you need to know HTML. By sending a file that, for example, retrieves all passwords or gives access to a database, you are free to do whatever you want with the web service.

So, knowledge of HTML is needed in order to:

1. Look for web resource vulnerabilities.
2. Exploit these vulnerabilities.

Learn several programming languages

As we all know, in order to break the rules, you first need to know them. The same principle works for programming: to break someone's code, you must know how programming languages ​​work and be able to program yourself. Some of the most recommended languages ​​for learning:

• Python: it is perhaps the best language for web development. Two large frameworks are written on it, on which a huge number of web applications have been created, these are Flask and Django. The language is well constructed and documented. The most important thing is that it is very easy to learn. By the way, many developers use Python to create simple and complete automation.
• C++: a language used in industrial programming. It is taught in schools and universities. Servers are written on it. I recommend starting to learn languages ​​with it, because it contains all the principles of OOP. Once you learn to work with it, you can easily master other languages.
• JavaScript, JQuery: Basically, almost all websites use JS and JQuery. You need to know that these sites depend on JS, for example, forms for entering passwords. After all, some sites do not allow you to select and copy some information, do not allow you to download a file or view the content, however, to do this, you just need to disable JS in the browser. Well, to disable JavaScript, you need to know: a) in what situations the operation (protection) of the site depends on it; b) how JavaScript is connected and in what ways can scripts be blocked.
• SQL: the most interesting thing. All passwords and personal data are stored in databases written in SQL. The most common database management system is MySQL. To understand how to use MySQL injection, you need to know what MySQL injection is. To understand the essence of MySQL injection, you need to know what MySQL queries are, what the syntax of these queries is, what the database structure is, how data is stored, what tables are, etc.

Explore network devices

You must clearly understand networking and how it works if you want to become a hacker. It is important to understand how networks are created, to understand the difference between the TCP/IP and UDP protocols, etc. Find out what network you are using. Learn how to set it up. Understand possible attack vectors.

With in-depth knowledge of various networks, you will be able to exploit their vulnerabilities. You also need to understand the design and operation of the web server and website.

Explore

This is an integral part of learning. It is necessary to understand the algorithms of various ciphers, for example, SHA-512, OpenSSL algorithm, etc. You also need to understand hashing. Cryptography is used everywhere: passwords, bank cards, cryptocurrencies, trading platforms, etc.

Kali Linux: some useful software

• NMAP:- Nmap (“Network Mapper”) is a free open-source program that comes pre-installed with Kali. Written by Gordon Lyon (also known as Fyodor Vaskovich). It is needed to discover hosts and various services, thus creating a “network map”. It is used for network scanning or security auditing, to quickly scan large networks, although it works fine with single hosts. The software provides a number of features for computer network exploration, including host and operating system detection. Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) those hosts offer, what OSes they run, what types of packet filters/firewalls they use, and dozens of other characteristics.
• Aircrack-Ng:- Aircrack is one of the most popular programs for cracking the WEP/WPA/WPA2 protocol. The Aircrack-ng suite contains tools for capturing packets and handshakes, deauthorizing connected users, traffic generation, and tools for network brute force and dictionary attacks.

Conclusion

In this article, we have covered the basics, without which you are unlikely to become a hacker. Speaking of employment. As a rule, people involved in information security either work as freelancers, fulfilling orders from individuals, or work for a company, ensuring the security of stored data, perform the work of a system administrator, etc.

This is, in my opinion, the best brochure-style guide on SQL injection. The volume of material discussed in the manual is simply enormous! Nothing superfluous, no “pouring water”, everything is clear and structured.

Introduction to Web Application Security
-Classical vulnerability exploitation technique, injection of SQL statements (SQL Injection)
-Blind SQL Injection
-Working with the file system and executing commands on the server when exploiting the SQL Injection vulnerability
-Methods for bypassing software security filters
-Methods for bypassing Web Application Firewall (WAF)

The art of hacking and protecting systems
The book covers different types of software: operating systems, databases, Internet servers etc. Numerous examples show exactly how to find vulnerabilities in software. The topic is especially relevant since software security is currently receiving more and more attention in the computer industry.

Year of issue: 2006
Language: Russian

A guide for beginner hackers and more
This manual consists of 3 books:
1. Hacking from the very beginning: methods and secrets
2. Intelligent guidance hacking And phreaking
3. Guide for hackers

Year of issue: 2006
Language: Russian

Hacking and customizing Linux. 100 Pro Tips and Tools
The book is collection of professional advice, allowing to increase work efficiency servers under control Linux OS.
Topics covered: Basics servers, version control of control files and their backup, networking, operation monitoring servers, information security issues, writing scripts in the language Perl, as well as the three most important programs under OS Linux - Bind 9, MySQL And Apache.
The book is intended for network administrators at various levels, as well as users Linux OS who want to explore the capabilities of this operating system in more depth.
Year of issue: 2006
Language: Russian

Hacking techniques - sockets, exploits, shell code
In his new book, James Foster, the author of several best-selling books, describes for the first time the methods used hackers For attacks on operating systems and application programs. He gives examples of working code in languages C/C++, Java, Perl And NASL, which illustrate methods for detecting and protecting against the most dangerous attacks. The book sets out in detail issues that are essential for any programmer working in the field of information security: socket programming, shell codes, portable applications and writing principles exploits.
After reading this book, you will learn:
Develop independently shell code;
Transfer published exploits to another platform;
Modify COM objects to suit your needs Windows;
Improve the Web crawler Nikto;
Understand exploit"doomsday";
Write scripts in language NASL;
Identify and attack vulnerabilities;
Program at level sockets.
Year of issue: 2006
Language: Russian

Anti-hacker. Computer network protection tools
Are being considered: means of support security And analysis systems; funds for attacks And research systems on the network; system and network tools audit, as well as tools used in judicial practice and in the investigation of incidents related to hacking of computer systems. For IT professionals.

Year of issue: 2003
Language: Russian

Hacking Windows XP
The book is a selection of the best chapters about hacking Windows XP, as well as providing system security"from" and "to". Just a huge manual about hidden settings Windows XP, her optimization, command line, register and about much more in an accessible and understandable form for young people hackers and for those people who want to protect themselves from possible threats.
The book is of a high level and well executed.
Year of issue: 2004
Language: English

Hacking. The Art of Exploitation
This is not a catalog exploits, and a tutorial on the basics hacking, built on examples. It details what everyone should know hacker and, more importantly, what everyone should be aware of security specialist to take measures that will not allow hacker make a successful attack. The reader will need good technical training and full concentration, especially when studying code examples. But it is very interesting and will allow you to learn a lot. About how to create exploits by using buffer overflow or format strings how to write your own polymorphic shellcode in the displayed symbols, how to overcome the execution ban in stack by returning to libc how to redirect network traffic, hide open ports and intercept connections TCP how to decrypt wireless protocol data 802.11b using attack FMS.
The author looks at hacking as the art of creative problem solving. It refutes the common negative stereotype associated with the word "hacker", and puts the spirit first hacking and serious knowledge.
Year of issue: 2005
Language: Russian

Collection of books and articles by Chris Kaspersky
Excerpts: "We live in a harsh world. The software around us contains holes, many of which are the size of elephants. The holes are filled with hackers, viruses and worms, raiding from all corners of the network. The vast majority of remote attacks are carried out by buffer overflow(buffer overfull/overrun/overflow), a special case of which is stack overflow. One who owns technology buffer overflows, rules the world! If you're looking for a guide to the land of overflowing buffers, complete with a comprehensive survival guide, this is the book for you! Open the doors to the amazing world behind the façade high level programming, where those gears rotate that set everything else in motion.
Why are overflow errors fundamental? What can you do with them? How to find a vulnerable buffer? What restrictions does it impose on shell code? How can these limitations be overcome? How to compile shell code? How to send it to a remote node and remain unnoticed? How to bypass a firewall? How to catch and analyze someone else's shell code? How to protect your programs from overflow errors?
It's no secret that the antivirus industry is a closed "club" that possesses information intended only for "its own people." Partly this is done for security reasons, partly because the pernicious spirit of competition makes itself felt. This book partially lifts the curtain of secrecy..."
Books:

Code Optimization Effective Memory Usage
HACKER DISASSEMBLING UNCOVERED (Draft)
Portable shell-coding under NT and linux
Portable shell-coding under NT and linux! (eng)
Portable shell-coding under NT and linux (rus), 2 chapters
Notes from a Computer Virus Researcher
Notes of a computer virus researcher 2, fragment
Notes from mice
IDA Mindset
Debugging without source code
Amendments
Mental disassembly technique (excerpt from Hacking Techniques and Philosophies)
CD protection techniques
Program optimization technique
Network attack technique
Shrinking the Internet
Hacking Fundamentals

$100,000 per week without expenses or gestures
blue pill-red pill - the matrix has windows longhorn
Hidden potential of manual assemblies
Obj files on the trestle bed or
On-line patching in secrets and tips
Rak counterfeit CRC16-32
SEH at the service of the counter-revolution
TOP10 software defender errors
Unformat for NTFS
Windows on one floppy disk
Hardware virtualization or emulation without brakes
Archaeological excavations of the vista-longhorn core
Archive of old articles
x86-64 architecture under the assembler's scalpel
Assembly - extreme optimization
Assembly language is easy
Assembly puzzles or whether a machine can understand natural language
Assembly perversions - stretching the stack
Assembly without secrets
Audit and disassembly of exploits
Database under attack
Combating resource leaks and overflowing buffers at the linguistic and extra-linguistic level
All Chris Kaspersky
Eternal life in DIY games
Hack patch-guard
Hacking and protecting WebMoney
Hacking TVs up close and at a distance
Burglary through cover
War of the Worlds - Assembler vs C
War of the Worlds - assembler vs si
CD recovery
NTFS recovery - do-it-yourself undelete
Data recovery on NTFS partitions
Recovering deleted files under BSD
Recovering deleted files under Linux
Data recovery from laser discs
The rebirth of lost data - recovery of deleted files under LINUX
survival in systems with brutal quotas
Race to extinction, ninety-five survive
extracting information from pdf files or hacking eBooks with your own hands
Life after BSOD
Notes on hard drive data recovery
Capturing and releasing hostages in executable files
Capturing other people's botnets
Capturing ring 0 in Linux
Protecting games from hacking
Protected axis without antiviruses and brakes
Star power turns to dust
Learning English Turbocharged
Linux kernel research
How to customize an exploit for yourself
How CRC16 and 32 are counterfeited
Counterintelligence with soft-ice in hands
Borderless copying or advanced CD protection techniques or copy-resistant CDs
Who's Who of Asians
Manual therapy of non-traditional self-control
Metaphysics of wmf files
Multi-core processors and problems caused by them
The power and pitfalls of automatic optimization
Obituary on Web-Money Keeper Classic
Poor choice of priorities on the PDP-11 and its legacy on C
Obfuscation and how to overcome it
Fusion Debugging Basics with linice
Features of disassembly under LINUX using tiny-crackme as an example
BIOS patch
Buffer overflow on systems with a non-executable stack
Overflowing buffers are active defenses
Intercepting library functions in linux and bsd
Escape from vm ware
Escape through the firewall
diving into gdb technique and philosophy or debugging binaries under gdb
Do-it-yourself polymorphic generator
Following in the footsteps of MS IE OBJECT tag exploit
Overcoming firewalls from the outside and inside
Kernel ghosts or stealth modules
Programming - with or without a wife
Programming in machine codes or soft-ice as a logger
Hide and seek in linux
Overclocking NTFS
Overclocking and braking Windows NT
Overclocking mice or high-speed web surfing for extreme sports enthusiasts
The real philosophy of a non-existent world
Hard drive repair and restoration
Manual Trojanization of applications under Windows
Fishing on a local network - sniffering
Crackme, hiding code on API functions
Ultra-fast import of API functions
Secrets of assembling disassembler listings
Secrets of kernel hacking
Secrets of conquering the elves
Cool tricks from the mouse
Speed ​​scam
Hidden features of DSL modems
Comparison of assembly translators
Old anti-debugging techniques in a new way
Is it open source?
Techniques for surviving in troubled waters or how to wear antivirus shoes
Optimization techniques for Linux, comparison of gcc and inel c (part 1)
Optimization techniques for Linux, comparison of gcc and inel c (part 2)
Optimization techniques for Linux, comparison of gcc and inel c (part 3)
Optimization technique for Linux
Technique for dumping protected applications
Turbo driver transfer from Windows to LINUX-BSD
Universal malware detection method
Executable file packers for LINUX-BSD
NTFS file system from outside and inside
Hacker tricks or how to put a breakpoint on jmp eax
Hackers love honey"
NT Kernel Hack
Six sins of malware writers
Syringe for bsd or functions on the needle
Expert opinion - email security
Extreme CPU overclocking
Electronic money - to trust or not
Elves big and small

Top programs for hackers 2014-2015

Burp Suite is an excellent web hacking tool that many pentesters can use to test the vulnerability of websites and targeted web applications. Burp Suite works using detailed knowledge of the application, which has been removed from the HTTP protocol. The tool works through an algorithm that is customizable and can generate a malicious HTTP attack request that hackers often use. Burp Suite is particularly indispensably useful for detecting and identifying vulnerabilities for SQL injection and Cross-Site Scripting(s).

1. it can be used as an interceptor
2. packet logger
3. for detecting network intrusions

THC Hydra - Often seen as another password cracker. THC Hydra is extremely popular and has a very active and experienced development team. Essentially Hydra is fast and stable for hacking logins and passwords. It uses a dictionary and Brute Force attacks to try different combinations of usernames and passwords on the login page. This hacking tool supports a wide range of protocols, including Mail (POP3, IMAP, etc.), Database, LDAP, SMB, VNC, and SSH.

Wapiti has a very loyal following. As a pentesting tool (or Framework), Wapiti is capable of scanning and identifying hundreds of possible vulnerabilities. Basically, this multi-purpose hacking tool can check the security of web applications by executing a black box system. That is, she does not study the source code of the application, but scans the application's HTML pages, scripts and forms, where she can insert her data.

Today this is the top program for a hacker. Do you have information that is newer than ours?- Share it in the comments. Any questions?- ask. We will always answer and explain everything.