Wednesday, July 16, 2014

Tutorial on Hacking With Kali Linux

Hacking With Kali Linux


Why Kali Linux?


With Kali Linux, hacking becomes much easier since you have all the tools (more than 300 pre-installed tools) you are probably ever gonna need. Others can be downloaded easily. Now this tutorial will get you started and you'll be hacking with Kali Linux before you know it.




The problem with beginners

Now, I've been dealing with beginners since a long time. What they want is magic. A tool which is easy to use, works on Windows, can be download by searching on Google and clicking on the first link we see, and will do all the hacking itself on the push of a button. Sadly, no such tool exists. Hacking is an art, and it takes years of practice to master it. So how to get started? Having no idea about hacking is okay, but being a newbie with computers in general is not allowed. When I say beginner, I mean someone who has no experience with programming and with hacking methodologies. I didn't mean someone who needs a 1 page guide on how to download a tool. If you want to be a hacker, you have to work hard. So how to get started? If you have installed Kali Linux,  click here to skip past the installation paragraphs and go to hacking section of this post)






Getting Started

Now, I am not boring you with theory (^ As if all this wasn't enough theory). My aim is to get you to the point where you can start hacking with Kali Linux as soon as possible. What I'm gonna do is tell you what to do. The process is rather simple :-


Things get tough now

If you have no previous experience with Linux and virtual machines and all that stuff, getting Kali Linux up and running won't be a piece of cake.You have 2 options :


1. Read the Kali official documentation

That will give you an idea about what is a virtual machine, how OS can be run from USB, and how to create a partition and run 2 OS simultaneously. This is what I recommend. For that, go to Kali Official Documentation . 

2. Read my modified version of Kali documentation

The second option is to look at these posts, which are just sparingly modified versions of the Kali docs, and offer no advantage other than saving your time as their documentations cover much more than what the ones here do, and you don't really need to know all so much... yet. I'm linking them up here:



    Command Line Interface

    Some bash commands
    Now, if you are really sure about becoming a hacker, you have to get used to linux, and specifically the command line interface. It is often compared to (and rightly so) to command prompt of Windows, but Linux' cli is much efficient and better than command prompt. What you have to do is do all the usual tasks you do in Windows in cli of Linux. Use cd to navigate, poweroff to shutdown, etc.
    A pretty awesome site for that is - http://linuxcommand.org/
    Going through the complete site is on its own enough exercise to keep you occupied for a month, but you can proceed gradually. The first few tutorials here will keep in mind that you don't have much info about cli, and will be really beginner friendly.



      Some Useful Commands:

      If you don't plan on learning all of linux cli commands, here are a few that will keep your boat afloat.
      1. The default username and password is 'root' and 'toor'. 
      2. Type 'poweroff' in the terminal to shutdown. 
      3. apt-get command can be used to install tools and updates. 
      4. apt-get update and apt-get upgrade will update all the programs installed on your machine. 
      5. apt-get dist-upgrade will install the latest distribution of Kali(i.e. it upgrades your OS).

      PS : Tapping <tab> while typing makes Kali complete the word for you . Double tapping <tab> makes it display all possible words starting with the incomplete word. Ctrl+c stops the functioning of any tool that is running. Pressing the up arrow key shows the command you last typed.


      Some Real Hacking With Kali Linux

      Assuming you've gone through the above steps and are comfortable with your new hacking environment, its time to do some real hacking with Kali Linux. My recommendation would be to start by hacking a wifi, then do some penetration testing, and maybe read something on Denial of Service when you have free time. Links here-

      Hack wireless networks in Kali Linux using aircrack 

      Penetration Testing In Kali For Beginners

      Denial Of Service Attacks



        Monday, July 14, 2014

        Evil Twin Tutorial

        Prerequisites

        1. Kali Linux
        2. Prior experience with wireless hacking
        You will also need to install a tool (bridge utils) which doesn't come pre-installed in Kali. No big deal-
        apt-get install bridge-utils

        Objectives

        The whole process can be broken down into the following steps-
        1. Finding out about the access point (AP) you want to imitate, and then actually imitating it (i.e. creating another access point with the same SSID and everything). We'll use airmon-ng for finding necessary info about the network, and airbase-ng to create it's twin.
        2. Forcing the client to disconnect from the real AP and connecting to yours. We'll use aireplay-ng to deauthenticate the client, and strong signal strength to make it connect to our network.
        3. Making sure the client doesn't notice that he connected to a fake AP. That basically means that we have to provide internet access to our client after he has connected to the fake wireless network. For that we will need to have internet access ourselves, which can be routed to out client.
        4. Have fun - monitor traffic from the client, maybe hack into his computer using metasploit. 
        PS: The first 3 are primary objectives, the last one is optional and not a part of evil twin attack as such. It is rather a man in the middle attack. Picture credits : firewalls.com


        Information Gathering - airmon-ng

        To see available wireless interfaces-
        iwconfig



        To start monitor mode on the available wireless interface (say wlan0)-
        airmon-ng start wlan0
        To capture packets from the air on monitor mode interface (mon0)
         airodump-ng mon0
         After about 30-40 seconds, press ctrl+c and leave the terminal as is. Open a new terminal.


        Creating the twin

        Now we will use airbase-ng to create the twin network of one of the networks that showed up in the airodump-ng list. Remember, you need to have a client connected to the network (this client will be forced to disconnect from that network and connect to ours), so choose the network accordingly. Now after you have selected the network, take a note of it's ESSID and BSSID. Replace them in given code-

        airbase-ng -a <BSSID here> --essid <ESSID here> -c <channel here> <interface name>
        If you face any problems, a shorter code will be-
        airbase-ng --essid <name of network> mon0 
        Remove the angular brackets (< & >) and choose any channel that you want. Also, the BSSID can be randomly selected too, and doesn't have to match with the target. The interface would be mon0 (or whatever is the card you want to use) . The only thing identical about the twins has to be their ESSIDs (which is the name of the network). However, it is better to keep all parameters same to make it look more real. After you are done entering the parameters and running the command, you'll see that airbase turned your wireless adapter into an access point.
        Note : We will need to provide internet access to our client at a later stage. Make sure you have a method of connecting to the net other than wireless internet, because your card will be busy acting like an AP, and won't be able to provide you with internet connectivity. So, either you need another card, or broadband/ADSL/3G/4G/2G internet.

        Man in the middle attack : Pic Credits:  owasp.net

        Telling the client to get lost

        Now we have to ask the client to disconnect from that AP. Our twin won't work if the client is connected to the other network. We need to force it to disconnect from the real network and connect to the twin.
        For this, the first part is to force it to disconnect. Aireplay will do that for us-
        aireplay-ng --deauth 0 -a <BSSID> mon0 --ignore-negative-one


        The 0 species the time internal at which to send the deauth request. 0 means extremely fast, 1 would mean send a packet every 1 seconds, 2 would mean a packet every 2 seconds, and so on. If you keep it as 0, then your client would be disconnected in a matter of seconds, so fire up the command, and press ctrl+c after a few seconds only. Note that the deauth is sent on broadcast, so all the clients (not just one) connected to the network will disconnect. Disconnecting a specific client is also possible.

        Not the real one, but why the fake one

        Even after being disconnected from the real AP, the client may choose to keep trying to connect to the same AP a few more times, instead of trying to connect to ours. We need to make our AP stand out, and for that, we need more signal strength. There are 2 ways to do that-

        1. Physically move closer to the client.
        2. Power up your wireless card to transmit at more power. 
        The latter can be done with the following command -
        iwconfig wlan0 txpower 27
        Here 27 is the transmission power in dBm. Some cards can't transmit at high power, and some can transmit at extremely high power. Alfa cards usually support upto 30dBm, but many countries don't allow the card to transmit at such powers. Try changing 27 to 30 and you'll see what I mean. In Bolivia, however, you can transmit at 30dBm, and by changing the regulatory domain, we can overcome the power limitation.
        iw reg set BO
        iwconfig wlan0 txpower 30
        It is strongly advised to not break laws as the transmission limits are there for a reason, and very high power can be harmful to health (I have no experimental evidence). Nevertheless, the client should connect to you if your signal strength is stronger than that you the real twin.

        Note : If you are unable to get your client to connect to you, there is another option. You can leave him with no options. If you keep transmitting the deauth packets continuously (i.e. don't press ctrl+c after the client has disconnected), he will have no choice but to connect to you. However, this is quite an unstable situation, and the client will go back to the real twin as soon as it gets the chance.


        Give the fake AP internet access

        Now we need to provide internet access to the fake AP. This can be done in various ways. In this tutorial, we will consider that we have an interface x0 which has internet connectivity. Now, if you are connected to net via wireless, replace x0 with wlan1 or wlan0, a 3G modem will show up as ppp0. Nevertheless, you just have to know which interface is providing you with internet, and you can route the internet access to your client.

        Interfaces

        • x0 - This has internet access
        • at0 - This is create by airbase-ng (wired face of the wireless access point). If you can somehow give internet access to at0, then the clients connected to your fake wireless network can connect to the net.
        • evil - This is an interface that we will create, whose job will be to actually bridge the networks.

        Creating evil

        We will use Bridge control utility provided by Kali, brctl. Execute the following code-
        brctl addbr evil
        This will create the bridge. Now we have to specify which two interfaces have to be bridged-
        brctl addif evil x0
        brctl addif evil at0
        We can assign an IP to the interfaces and bring them up using-
        ifconfig x0 0.0.0.0 up 
        ifconfig at0 0.0.0.0 up
         Also bring up the evil interface (the interfaces aren't always up by default so we have to do this many times)
        ifconfig evil up
        Now to auto configure all the complicated DHCP settings, we'll use dhclient
        dhclient3 evil & 
        Finally, all the configurations have been completed. You can execute ifconfig and see the results, which will show you all the interfaces you have created.
        Officially, the evil twin attack is complete. The client is now connected to your fake network, and can use the internet pretty easily. He will not have any way to find out what went wrong. However, the last objective remains.

        Have fun

        Now that the client is using the internet via our evil interface, we can do some evil stuff. This actually comes under a Man In The Middle attack (MITM), and I'll write a detailed tutorial for it later. However, for the time being, I will give you some idea what you can do.

        Sniffing using Wireshark

        Now all the packets that go from the user to the internet pass through out evil interface, and these packets can be monitored via wireshark. I won't teach you how to use it here, since it is a GUI tool. You can take a look at their website to get an idea on how to use wireshark. Pic credits: The picture on the right has been directly taken from their website. 

        Special Thanks

        Matthew Bernard for his useful comment with some tips and a number of corrections http://www.kalitutorials.net/2014/07/evil-twin-tutorial.html?showComment=1406591245609#c5539483407421385761
        The screenshots have also been taken by him and provided to me for usage (I would love to see more helpful visitors like him).

        Sunday, July 6, 2014

        Sql Ebook: A Primer on SQL

        Sql Beginners Ebook

        Author's personal note

        Welcome to the second edition of A Primer on SQL. The first edition was more popular than I had initially imagined. The overwhelming response and the many readers who wrote back with comments or a simple thanks, led me to putting efforts into making the second edition. There are many corrections and clarifications throughout the chapters, alongiwth two major changes. The introduction of using SQLite as an alternative DBMS in the text, and a new chapter on calculated fields. I hope that old and new readers find this text even more useful now in its presentation. I have tried to keep the spirit of the original text, a short introduction to the basics. As always, your questions, comments, criticism, encouragement and corrections are most welcome and you can e-mail me at rhlbatra[aht]hotmail[dot]com. Rahul Batra (24th February 2014) Preface to the first edition Welcome to the first edition of A Primer on SQL .
        As you would be able to see,the book is fairly short and is intended as an introduction to the basics of SQL. No prior experience with SQL is necessary, but some knowledge of working with computers in general is required. My purpose of writing this was to provide a gentle tutorial on the syntax of SQL,so that the reader is able to recognize the parts of queries they encounter and even be able to write simple SQL statements and queries themselves.
        Your questions, comments, criticism, encouragement and corrections are most welcome and you can e-mail me at rhlbatra[at]hotmail[dot]com. I’ll try answering all on-topic mails and will try to include suggestions, errors and omissions in future editions. Rahul Batra (8th October 2012)
        PS: "Author's personal note" Author here means the author of the book not the one who wrote the blog post

        About the author

        Rahul Batra was first introduced to programming in 1996 in GWBASIC, but he did not seriously foray into it till 2001 when he started learning C++. Along the way, there were dabblings in many other languages like C, Ruby, Perl and Java. He has worked on Oracle, MySQL, Sybase ASA, Ingres and SQLite. Rahul has been programming professionally since 2006 and currently lives and works in Gurgaon, India.

        Preview of the book

        Download the book

        You can download the book for free here -  https://leanpub.com/aprimeronsql
        You can also choose to pay for the book which will help the author.

        Read the book online

        You can read the book online right here-

        Reverse Engineering Ebook : Hacking the XBOX

        About XBox Hacking

        The Xbox video game console from Microsoft® is an exciting piece of hardware, and not just because it can play the latest video games. The powerful and cheap Xbox has the potential to be used as a PC, an all-in-one media player, or even a web server. Unfortunately, there is a dearth of books that can teach a reader how to explore and modify modern electronic hardware such as the Xbox. Most electronics textbooks are theory-oriented and very focused, whereas real hacking requires a broad set of practical skills and knowledge.
        Also, the few practical books on hardware hacking that I had as inspiration as a child have long been outdated by the fast pace of technology. This book is intended to fill the need for a practical guide to understanding and reverse engineering modern computers: a handbook for a new generation of hackers. The ultimate benefit of hacking the Xbox is its educational value, or as the saying goes, “Given a fish, eat for a day; learn to fish, eat for a lifetime.” Hence, this book focuses on introducing basic hacking techniques — soldering, reverse engineering, debugging — to novice hackers, while providing hardware references and insight that may be useful to more seasoned hackers. The Xbox has served to educate both the security community and the hacking community: not because it is an outstanding example of security, but because it is a high profile, high volume product made by a large company whose focus was recently defined to be security by its chairman.1  The Xbox experience shows that building trustable clients in a hostile user environment is hard, even for a large, well-funded company. One observation is that this risk and difficulty of building cheap, trustable hardware clients places an upper bound on the impor- tance of the secret that can be trusted to such client hardware. In addition, the Xbox provides a consistent teaching example, with almost 10 million nearly identical units out there at the time of writing. The similarity of the Xbox’s architecture to a vanilla PC adds even more educational value to Xbox hacking, since much of the discussion in this book also applies directly to the much broader subject of PCs.

        A little teaser to what the book contains
        It is nearly 300 pages so it contains a lot
        of stuff (on a variety of topics)
        Another interesting aspect of Xbox hacking is the underground society of hardware hackers following the Xbox. The people who hacked the Xbox and the expertise they attained will be relevant long after the Xbox has become a dusty yard sale piece. Hence, there is a conscious social focus to this book. I have included profiles of a sampling of Xbox hacking personalities. The hope is to inspire people, through role models, to pick up a screwdriver and a soldering iron and to start hacking. Instilling this sort of exploratory spirit in the younger generations will be important in the long run for preserving the pool of talented engineers that drove the technology revolution to where it is today. Many of today’s engineers got their start hacking and tinkering with ham radios, telephones and computers which, back in that day, shipped with a complete set of schematics and source code. This pool of engineering talent is essential  for maintaining a healthy economy and for maintaining strong national security in the computer age.

        Download the book

        You can download the book from this website http://www.nostarch.com/xboxfree/ or use the direct link
         http://bunniefoo.com/nostarch/HackingTheXbox_Free.pdf

        Read the book online

        You can read the book right here. Take a look at a few pages and see if you like the book and want to download and read it all.

        Thursday, July 3, 2014

        Hacking Secret Ciphers With Python

        About the ebook


        There are many books that teach beginners how to write secret messages using ciphers. There are a couple books that teach beginners how to hack ciphers. As far as I can tell, there are no books to teach beginners how to write programs to hack ciphers. This book fills that gap.
        This book is for complete beginners who do not know anything about encryption, hacking, or cryptography. The ciphers in this book (except for the RSA cipher in the last chapter) are all centuries old (helps develop basic concepts), and modern computers now have the computational power to hack their encrypted messages.



         No modern organization or individuals use these ciphers anymore. As such, there’s no reasonable context in which you could get into legal trouble for the information in this book.
        This book is for complete beginners who have never programmed before. This book teaches basic programming concepts with the Python programming language. Python is the best language for beginners to learn programming: it is simple and readable yet also a powerful programming language used by professional software developers. The Python software can be downloaded for free from http://python.org and runs on Linux, Windows, OS X, and the Raspberry Pi.
        There are two definitions of “hacker”. A hacker is a person who studies a system (such as the rules of a cipher or a piece of software) to understand it so well that they are not limited by the original rules of that system and can creatively modify it to work in new ways. “Hacker” is also used to mean criminals who break into computer systems, violate people’s privacy, and cause damage. This book uses “hacker” in the first sense. Hackers are cool. Criminals are just people who think they’re being clever by breaking stuff. Personally, my day job as a software developer pays me way more for less work than writing a virus or doing an Internet scam would.
        On a side note, don’t use any of the encryption programs in this book for your actual files. They’re fun to play with but they don’t provide true security. And in general, you shouldn’t trust the ciphers that you yourself make. As legendary cryptographer Bruce Schneier put it, “Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break. It’s not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around.”
        This book is released under a Creative Commons license and is free to copy and distribute (as long as you don’t charge money for it). The book can be downloaded for free from its website at http://inventwithpython.com/hacking. If you ever have questions about how these programs work, feel free to email me at al@inventwithpython.com.

        Anonymous Security Handbook

        About the ebook

        This is a security handbook by Anonymous (internet activists or hacktivists) to help it's members stay anonymous. While it has no direct utility for you in the context of anonymous, it has a lot of useful information which which help you protect your privacy on the internet and stay safe as a hacker. You can find more about anonymous here.


        Anonymous – The Über-Secret Handbook



        Note: While I didn't find anything in the ebook which said it was licensed under creative commons, I assumed that it isn't copyrighted and I am free to propagate this material via my blog.

        Wednesday, July 2, 2014

        Encryption - Crypters ebook

        The crypter Handbook

        This ebook can be read directly via your browser.


        If you have difficulty reading the book, go to this page to get a full screen view or download the ebook for offline reading.   https://docs.google.com/file/d/0B5UZaaEGmAw7SkEydGE1UTlPTUk/


        See the last few pages of the book for licensing and bibliography. (info about original author and his website)