i

C ONTENT S BEHC: Introduction to Born Ethical Hackers Club ...................................................3 Hack! What the hell it is?? ...................................................................................3 Hacking: What is it?? ...........................................................................................5 Most Important terms ..........................................................................................6 Can Hacking be Ethical? If yes, then How and what is Ethical? ...............................7 Difference between Hackers and Crackers.............................................................7 What you will learn with BEHC? ............................................................................8 Security and its three basic pillars (C.I.A) .............................................................9 How hackers perform their hack attacks? ............................................................11 Phase 1: Information gathering and Reconnaissance ........................................11 Phase 2: Scanning the target ..........................................................................12 Phase 3: Breaking the system and Gaining the Access......................................12 Phase 4: Maintaining the access without getting acknowledged .........................13 Phase 5: Removing and covering traces ...........................................................13

BEHC: INTRODUCTION TO BORN ETHICAL HACKERS CLUB

BEHC stands for Born Ethical Hackers Club. BEHC is a part of campaign that Hackingloops has started to train internet and general users Ethical Hacking and Network Security so that they can cope up with current web world which in itself a new world and most important buggy and unsecured one. BEHC is owned by Lokesh Singh a.k.a Lucky (owner of Hackingloops / Hackomaniac / Isoftdl). Now you all people will be thinking why I made this group and named as Born Hackers. As we all know, we all doing some amazing stuff from the day we are born. There are two ways of living life. First following the great persons and second creating your own paths. And believe me friends you can become one of the great hacker only by choosing second path i.e. innovative thinking and creating your own paths and rules. I can just guide you what is the path and how you going to run(because walking is just a waste of time :P) on it. Thats all about BEHC. Follow BEHC @ Facebook and @ twitter So friends, I am not going to bore you more and lets start our journey to become a great Hacker.

HACK! WHAT THE HELL IT IS??

Technically, Hack is overriding or modifying stuff to achieve something uncommon to normal user say overriding normal procedures of doing things or modifying things to achieve something hidden or uncommon. Lets understand it with an example. Suppose we wish to change the administrator password of windows operating system. Now we all know that we can change windows password by following below procedure:

For windows 7 operating system:

GO TO CONTROL PANEL USER ACC OUNTS SELEC T USER CHANGE PASSWORD SAVE NEW PASSWORD .

The above explained procedure is normal way that users use to change windows administrator or users password. But we all know that there are several uncommon ways of changing windows administrator or users password. These ways is what we call HACK. Now in above explained procedure wont work if I dont have administrator rights or I forgot the administrator password. Now how I will change the administrator password or unlock system. Here the term Hack and Hacker will come into picture. Now we have to use uncommon ways to achieve the target as normal procedure is no longer working in our situation. We can do above tasks by several methods according to levels of Hackers. Novice Users: They will format the windows operating system or will take experts help. Script Kiddies (beginner level hackers): They will use Linux live disks or Emergency rescue disks to reset the password. Medium Level Hackers (who have good knowledge of system and hacking tools): They will use advance Hacking tools like OPHCrack or Backtrack OS to retrieve the password. Elite Hackers (expert level hackers): Why to use any third party tool (know how to do with third party tools) when I can do this manually by breaking into system root and reset it. I will explain all the above methods in forthcoming classes but I want to tell the elite ones procedure to give you an idea about up to what level we will learn things. So below is the procedure how Elite Hackers will do: Elite Hackers do things based on situations say how I will do if its my own system and if its somebody elses system (i.e. I want to break into his/her system without getting tracked). If its my own system, I have two choices: First, I can reset the password and Second, I can retrieve the password.

If its somebody elses system, I am left with only one choice i.e. I need to retrieve the password because if I reset it then victim will know that somebodys has broken into his/her system and you cannot call yourself elite if you can be tracked. So as a elite hacker I will try to retrieve the administrator password without getting tracked or caught and its simplest way is using OPHCrack Live CD because this is the only possible way to retrieve the existing password without resetting it. All other methods reset the windows password. Alternatively, I will insert windows operating system CD/DVD and try to retrieve the windows password encrypted file and then decrypt it at my own system. I will share the exact methods in later classes.

HACKING: WHAT IS IT??

Hacking is derived by merging two words HACK and ING i.e. Hack and its working. Technically, Hacking is an art of exploring uncommon things or modifying things to achieve uncommon functionalities. But nowadays this definition is altered because of our Media and few old folks who even dont know how many keys are there on keyboard or dont even know how to pronounce the word Computer. Our cool Media has represented Hacking as an art of deceiving web users to achieve malicious goals. I was watching NDTV and other TV news channels, this is how they have defined the word Hacking and they categorized all smart internet and computer users as criminals. And old folks like Parents. Ok leave others parents I will share things about mine. One day I was performing penetration testing on ICIC I website and in between I called my father and told him that see how many vulnerabilities and bugs this IC ICI bank website has. Now you will be surprised what he replied Thief stop bugging bank website, you will go to Jail. I really felt bad and told my father what the hell you are saying, I am just analyzing website to report the bugs to their developers and his reply was Stop doing crap stuff. I was shocked but didnt say anything because it is because of euphoric hype created by Media. So friends, dont get demotivated by things that you see on media or hear from folks. They are saying it bad because it is represented as bad to them by our media. Actually its not only media who is responsible for this. Its us also. Why so?

Because when i frankly asked people, why you want to learn Hacking? This is the reply what I got: 1. 2. 3. 4. 5. 6. I want I want I want I want I want I want to to to to to to hack my friends emails and Facebook 40% have fun 30% become security professional or Ethical Hacker 15% see what my girlfriend is doing 11% take revenge 3% learn cool stuff 1%

See only 16% people (15% Ethical hackers + 1% learn cool stuff) want to learn ethical hacking for good reasons. I will teach you everything but its solely your decision whats your reason to learn Hacking.

MOST IMPORTANT TERMS

Threat An action or event that might compromise security. Usually a threat is a potential violation of security. Exploit It is defined way to breach the security of a computer or network system through vulnerabilities found during system analysis or penetration testing. Vulnerability It is a weakness, design, or implementation error that can lead to an unexpected, undesirable event or module compromising the security of the system. Target Target can be any system or network or web application which a Hacker wishes to hack. Attack Attack is basically system violation which is launched against any system or network or web application. Security It is a set of rules which are made to harden system so that others cannot penetrate into the system. Are you all still unclear about above terms, what they practically mean? So lets consider an example, we want to hack into some website and deface the website home page. Then, threat is defacing a website, exploit is the procedure that we will use to hack it, vulnerability is SQL injection bug in the website, target is website itself, attack is website hacking and defacement, security is set of rules which we will use to make system harden so that hacker cannot hack it.

We cannot make a system which is completely unhackable; we can only make system harden so that it cannot be hacked.

CAN HACKING BE ETHICAL? IF YES, THEN HOW AND WHAT IS ETHICAL?

Yes, Hacking can be Ethical. Major companies nowadays are expanding their bus iness to attract web users and we all know web world is still unsecure. So these companies hire hackers to test their website against several hacking attempts. This is also called Penetration testing. Hence, Companies by themselves allows hackers to hack their web application to test the security of their web application. So the hackers which got the authority from company to hack their system are called Eth ical Hackers or Professional Hackers. For performing such tasks Ethical hackers are handsomely paid. In IT world terminology this type of Hacking is referred as Penetration testing. Is this the only way to become Ethical Hacker? Answer is absolutely NO. There are several hackers who find out the bugs in the web application or system and report them back to company instead of using those bugs to attack the web application. This type of hackers are also considered as Ethical Hacker but technically there is separate term defined in hacking world for such hackers which is known as Grey Hat Hackers.

DIFFER EN C E BETW EEN H AC KERS AND C RACK ER S

There is a very thin line difference between the hacker and cracker. Like a coin has two faces heads or tails, similar is true for computer experts. Some uses their techniques and expertise to help the others and secure the systems or networks and some misuses them and use that for their own selfish reasons. There are several traditional ways that determines the difference between the hackers and crackers. I will provide you these ways in order of their acceptance in the computer and IT market. First of all, let me provide you the basic definitions of both hackers and crackers. Hackers: A Hacker is a person who is extremely interested in exploring the things and reco n-

dite workings of any computer system or networking system. Most often, hackers are the expert programmers. These are also called Ethical Hackers or white hat hackers. And the technique or hacking they perform is called ethical hacking. Ethical Hacking Means you think like Hackers that is first you Hack the System s and find out the loop holes and then try to correct those Loop Holes. These types of hackers protect the cyber world from every possible threat and fix the future coming security loop holes. These peoples are also called as "GURU's" of Computer Security. Crackers: Crackers or Black Hat hackers or cheaters or simply criminals, they are called criminals because they are having the mindset of causing harm to security and they steals very useful data and use it in wrong ways. Phishers also come in this category who steals account info and steal your credit card nos. and money over the Net.

WHAT YOU WILL LEARN WITH BEHC?

Now its really a cool question what we will learn in BEHC C lasses. And your answer is here, we will learn below topics in details along with basic Hacking and Technology Stuff. Note: We will learn all basic stuff and below list of attacks precisely. Injection Based Attacks: Blind SQL Injection Standard SQL Injection (manual procedure) Tool Based SQL Injection Blind XPath Injection Standard XPATH Injection XPATH Injection Java Command Injection Comment Injection Attack Argument Injection or Modification Custom Special Character Injection Special Element Injection Eval Injection (Direct Dynamic Code Evaluation) Direct Static Code Injection LDAP injection Resource Injection Server-Side Includes (SSI) Injection Code Injection Directory Based Attacks: Binary planting Full Path Disclosure Path Manipulation Path Traversal Relative Path Traversal Cross Site Scripting attacks: Cross Frame Scripting Cross Site History Manipulation (XSHM) Cross Site Tracing Cross-Site Request Forgery (CSRF) Cross-site Scripting (XSS) Cross-User Defacement CSRF XSRF CORS OriginHeaderScrutiny CORS RequestPreflighScrutiny Encryption/Decryption Attacks: Cryptanalysis Double Encoding

Unicode Encoding Session Based Attacks: Man-in-the-browser attack Man-in-the-middle attack Repudiation Attack Session fixation Session hijacking attack Session Prediction Page Hijacking Forced browsing One-Click Attack Click jacking Denial of service Attacks: Denial of Service Asymmetric resource consumption (amplification) Buffer overflow attack Traffic flood Regular expression Denial of Service ReDoS Overflow Binary Resource File

Cash Overflow HTTP Based Attacks: HTTP Request Smuggling HTTP Response Splitting Brute force attack Cache Poisoning Parameter Delimiter Web Parameter Tampering Format string attack Mobile Based Attacks: Mobile code: invoking untrusted mobile code Mobile code: non-final public field Mobile code: object hijack Others: Account lockout attack Spyware Setting Manipulation Trojan horse Windows: DATA alternate data stream

SEC UR ITY AN D ITS TH R EE BASIC P ILL AR S (C . I. A)

Security as a condition is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, co mmunity, nation, or organization. Establishing or maintaining a sufficient degree of security is the aim of the work, structures, and processes called "security." In IT (Info rmation Technology) world, security is the resistance that Designer or company introduces so that it cannot be breached. In IT world, Security has three foundation pillars known as C.I.A. C.I.A stands for Confidentiality, Integrity and Availability. Any attempt to breach any of these is considered as attack. General information about these terms can be easily extracted from their names but lets discuss these in detail to understand them properly. Confidentiality: Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card

transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds. Integrity: Integrity refers to the trustworthiness of information resources. It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity. It also includes "origin" or "source integrity" -- that is, that the data actually came from the person or entity you think it did, rather than an imposter. Integrity can even include the notion that the person or entity in question entered the right information -- that is, that the information reflected the actual circumstances (in statistics, this is the concept of "validity") and that under the same circumstances would generate identical data (what statisticians call "reliability"). On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong. Availability: For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disru ptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks. Almost all modern organizations are highly dependent on functioning info rmation systems. Many literally could not operate without them. Availability, like other aspects of security, may be affected by purely technical issues (e.g., a malfunctioning part of a computer or communications device), natural phenomena (e.g., wind or water), or human causes (accidental or deliberate). While the relative risks associated with these categories depend on the particular context, the general rule is that humans are the weakest link. (That's why each user's ability and willingness to use a data system securely are critical.)

HOW HACKERS ATTACKS?

PERFORM

THEIR

HACK

There are several ways using which Hackers perform Hack attacks. I have broken a complete Hacking attempt into several phases (generally). How a hacker performs hacking attempt is solely dependent on Hacker but we can tell the fundamentals of doing it because fundamentals are always same. Most hackers architect their hacking attempt before performing a hacking attempt to understand what he is going to do and how he is going to perform it and how he will prevent himself from being caught. Hackers who hack without thinking anything prior are considered as novice hackers and they can be easily tracked or caught during the process because each step is damn important. Also chances of success increases when we follow some procedure rather than following nothing. I have divided any hacking attempt into 5 different phases mentioned below: Phase 1: Information Gathering and Reconnaissance Phase 2: Scanning the target Phase 3: Breaking the system and Gaining the Access Phase 4: Maintaining the access without getting acknowledged Phase 5: Removing and covering traces This is how a hacking attempt is launched o r performed. Now lets learn these phases in detail to get a clear view.

PHASE 1: INFORMATION GATHERING AND RECONNAI SSANCE

As the name suggests, in this phase we collect all the necessary information that we can gather or possible to gather. We can call this phase as preparatory phase also because this is where the preparation of hacking attempt is made. What is the use of this step? Practically this is one of the most important phases because this step helps us in evaluating the target and provides all basic information that we can be useful.

Consider an example: I want to hack somebodys Facebook account. Now what exactly we are looking in Information Gathering Phase; First whose Facebook account I want to hack, name of the user, his date of birth, his email address, his phone numbers(current and previous one if possible), his/her fianc/spouse details, his city of birth, his education background, his favorite things, passions, hobbies etc. We all know that we can extract above mentioned things quite easily. Now how this can be useful. First we can use above information for launching Social Eng ineering attack (according to latest research 80% people use passwords that are related to above details). Secondly we can use these details to retrieve accounts or recover passwords. Thirdly, we can use his/her favorites/hobbies/passions to create a phishing/Key logging trap. We can do much more these are just examples. I hope this clears why this is so much important step or phase.

PHASE 2: SCANNING THE TARGET

This phase is applicable to selected category to hacking attempts like hacking networks, operating systems, web applications, web hosting servers etc. In this phase we launch a Port (in case of network) or URL (in case of Websites) to identify the vulnerability in the system like open ports or vulnerable URLs. This is one of the most important steps for launching hacking attempts on websites or network servers or web servers. Consider an example, I want hack some website. In information gathering phase, I will identify all the basic details about the website and its admin or owner. In scan phase I will launch a URL scan to identify infected URLs (URLs that can vulnerable to Injection attacks, Cross Site scripting attacks, other script based attacks) and launch a scan on web server to identify anonymous logins or other FTP or port related bugs.

PHASE 3: BREAKING THE SY STEM AND GAINING THE ACCE SS

This is the step where the actual hacking attempt is launched. In this system hacker exploits the vulnerabilities that are found in the scanning phase to gain the access of the system. Continuing the above example, now user has identified that so and so URL is vulnerable to SQL Injection attack. Now in this phase Hacker will launch the SQL injection attack on the website to get the admin or root access.

Is there any assurance that hacking attempt is successful, if hackers followed above phases? Young generation want to become Ethical Hacker or just want to limit itself to Girlfriends email and Facebook? Excited to learn further! Wait for next issue.

PHASE 4: MAINTAIN ING THE AC C ESS WITHOUT G ETTING AC KNOWLEDGED In this phase Hacker tries to maintain his ownership inside the victim s system or web server. By ownership, I meant that we can upload, download, configure or manipulate the data whenever we want. Maintaining access depends upon the host system. For Example, if we have hacked into victims computer system, we will install keyloggers, backdoors or spy rootkits so that we can remain inside the victims system. Now if we have hacked into some website, then we will create one more admin user inside the database or change the file permissions or simply enable the anonymous login so that whenever we want, we can hack into website again. Hence the tools like keyloggers, Rats, Trojans, spywares are general tools to maintain access into the system.

PHASE 5: REMOVING AND COVERING TRACES

This is one of the most important phase of any hacking attempt. This is the step where you cover your tracks or misdeeds from getting detected or being caught. This is necessary to avoid detection and most importantly to avoid legal action against you. This step generally involves deleting of logs, altering of logs, tunneling, proxifying your details including IP address and other important data. Why this is so important? Consider one example, I hacked into someones website and defaced it. Now if victim is good enough then he will check the upload logs. Upload logs co ntains the IP address and system details from which file has been upload and if he want he can lodge a complaint against you in cyber cell and believe me cyber cell hardly takes 10 minutes to reach anywhere. Then either you go

to jail or need to pay defamation charges. Hence its always mandatory to cover your tracks to avoid legal action against you.

If a Hacker wants to get into your system then he will, what all you can do is that make his entry harder.