how hacker's hack facebook & an - muzaffar khan
DESCRIPTION
how hacker hack facebook idTRANSCRIPT
HowHacker’sHackFacebook&anyPc?
AboutthisBook
Thebook“HowHacker’sHackFacebook&anyPc?”consistsofsomeoftricks&methodsusedbyhacker’sallaroundtheworldtohackanyFacebookaccount&any Pc. Please don’t use this book for any badpurpose(i.e) Hacking others Facebook account (or)othersPcbutuse itonly toprotectyouraccount (or)Pcfromhacker’s!Theauthorofthebookisnotresponsibleforanythingyoudoagainstlawwiththehelpofthisbook!
-MuzaffarKhan(Author)
www.ebook777.com
Index
01.Introduction02.Trick1:ResetthePasswordMethod03.Trick2:KeyloggerMethod04.Trick3:PhishingMethod05.Trick4:StealingCookiesMethod06.Trick5:HackusingFriend’sMobileMethod07.Trick6:UsingStealerstoHackFacebook08.Trick7:MobilePhoneHacking09.Trick8:DNSSpoofing10.Trick9:USBHacking11.Trick10:ManintheMiddleAttack12.HowtoProtectYourself13.SystemIntrusion14.UsingTrojantohackPc15.ToolsUsedbyhackers&lotsmore!
Introduction:
Despite the security concerns that have plagued Facebook for years, mostpeople are sticking around and newmembers keep on joining. This has ledFacebook to break records numbers with over one billion monthly activeusersasofOctober2012—andaround600millionactivedailyusers.
WeshareourlivesonFacebook.Weshareourbirthdaysandouranniversaries.Weshareourvacationplansandlocations.Wesharethebirthsofoursonsandthedeathsofourfathers.Weshareourmostcherishedmomentsandourmostpainfulthoughts.Wedivulgeeveryaspectofourlives.Weevenclamortoseethelatestversionsevenbeforethey’rereadyforprimetime.
Butwesometimesforgetwho’swatching.
WeuseFacebookasatooltoconnect,buttherearethosepeoplewhousethatconnectivityformaliciouspurposes.Werevealwhatotherscanuseagainstus.Theyknowwhenwe’renothomeandforhowlongwe’regone.Theyknowthe answers to our security questions. People can practically steal ouridentities—andthat’sjustwiththevisibleinformationwepurposelygiveaway
throughourpublicFacebookprofile.
The scariest part is that as we get more comfortable with advances intechnology,weactuallybecomemoresusceptibletohacking.Asifwehaven’talready done enough to aid hackers in their quest for our data by sharingpublicly,thoseintheknowcangetintoouremailsandFacebookaccountstostealeveryotherpartofourlivesthatweintendedtokeepawayfrompryingeyes.
Infact,youdon’tevenhavetobeaprofessionalhackertogetintosomeone’sFacebookaccount.
ItcanbeaseasyasrunningFiresheeponyourcomputerforafewminutes.Infact,Facebookactuallyallowspeopletogetintosomeoneelse’sFacebookaccountwithoutknowing theirpassword.Allyouhave todo ischoose threefriendstosendacodeto.Youtypeinthethreecodes,andvoilà—you’reintotheaccount.It’saseasyasthat.
InthisarticleI’llshowyouthese,andacoupleotherwaysthathackers(andeven regular folks) can hack into someone’s Facebook account. But don’t
www.ebook777.com
worry,I’llalsoshowyouhowtopreventitfromhappeningtoyou.
To Understand how hackers hack facebook account’s,you have to assumeyourselfasahackerthroughoutthisbookbecauseinordertocatchatheifthepolice should think likea thief inorder tocatchhimveryeasily likewise inordertounderstandhacker’s,youhavetothinklikeahacker!
Method1:ResetthePassword
Theeasiestway to “hack” into someone’sFacebook is through resetting thepassword.Thiscouldbeeasierdonebypeoplewhoarefriendswiththepersonthey’retryingtohack.
Thefirststepwouldbetogetyourfriend’sFacebookemaillogin.Ifyoudon’talreadyknowit,trylookingontheirFacebookpageintheContactInfosection.
Next,clickonForgottenyourpassword?andtypeinthevictim’semail.Theiraccountshouldcomeup.ClickThisismyaccount.
Itwillaskifyouwouldliketoresetthepasswordviathevictim’semails.Thisdoesn’thelp,sopressNolongerhaveaccesstothese?
ItwillnowaskHowcanwereachyou?Typeinanemailthatyouhavethatalsoisn’tlinkedtoanyotherFacebookaccount.
Itwillnowaskyouaquestion. Ifyou’reclose friendswith thevictim,that’sgreat. Ifyoudon’tknow toomuchabout them,makeaneducatedguess.Ifyoufigureitout,youcanchangethepassword.Nowyouhavetowait24hourstologintotheiraccount.
If you don’t figure out the question, you can click onRecover youraccount with help from friends. This allows you to choose betweenthreeandfivefriends.
www.ebook777.com
Itwillsendthempasswords,whichyoumayaskthemfor,andthentypeinto the next page. You can either create three to five fake Facebookaccountsandaddyourfriend(especiallyiftheyjustaddanyone),oryoucan choose three to five close friends of yours thatwould bewilling togiveyouthepassword.
HowtoProtectYourselffromthismethod: UseanemailaddressspecificallyforyourFacebookanddon’tput thatemailaddressonyourprofile.Whenchoosingasecurityquestionandanswer,makeitdifficult.MakeitsothatnoonecanfigureitoutbysimplygoingthroughyourFacebook.No pet names, no anniversaries—not even third grade teacher’s names.It’saseasyaslookingthroughayearbook. Learn about recovering your account from friends.You can select thethree friends youwant the password sent to. Thatway you can protectyourselffromafriendandothermutualfriendsganginguponyoutogetintoyouraccount.
www.ebook777.com
Method2:UsingKeyloggerSoftwareKeyloggerAsoftwarekeyloggerisaprogramthatcanrecordeachstrokeonthekeyboardthattheusermakes,mostoftenwithouttheirknowledge.Thesoftwarehastobedownloadedmanuallyonthevictim’scomputer.Itwillautomaticallystartcapturing keystrokes as soon as the computer is turned on and remainundetectedinthebackground.Thesoftwarecanbeprogrammedtosendyouasummaryofallthekeystrokesviaemail.
CNET has FreeKeylogger, which as the title suggests, is free. If this isn’twhatyou’re lookingfor,youcansearchforother freekeyloggersorpayforone.
HardwareKeyloggerTheseworkthesamewayasthesoftwarekeylogger,exceptthataUSBdrivewith the softwareneeds tobe connected to thevictim’s computer.TheUSBdrivewillsaveasummaryofthekeystrokes,soit’sassimpleaspluggingittoyourowncomputerandextractingthedata.YoucanlookthroughKeelogforprices,butit’sbithigherthanbuyingthesoftwaresinceyouhavethebuytheUSBdrivewiththeprogramalreadyonit.
www.ebook777.com
HowtoProtectYourselffromthismethod:Useafirewall.Keyloggersusuallysendinformationthroughtheinternet,so a firewallwillmonitor your computer’s online activity and sniff outanythingsuspicious. Installapasswordmanager.Keyloggerscan’tstealwhatyoudon’ttype.Password mangers automatically fill out important forms without youhavingtotypeanythingin. Updateyour software.Onceacompanyknowsofanyexploits in theirsoftware, they work on an update. Stay behind and you could besusceptible. Changepasswords.Ifyoustilldon’tfeelprotected,youcanchangeyourpasswordbi-weekly.Itmayseemdrastic,butitrendersanyinformationahackerstoleuseless.
Method3:Phishing
This option is much more difficult than the rest, but it is also the mostcommon method to hack someone’s account. The most popular type ofphishinginvolvescreatingafakeloginpage.ThepagecanbesentviaemailtoyourvictimandwilllookexactlyliketheFacebookloginpage.Ifthevictimlogs in, the information will be sent to you instead of to Facebook. Thisprocessisdifficultbecauseyouwillneedtocreateawebhostingaccountandafakeloginpage.
Theeasiestwaytodothiswouldbetofollowourguideonhowtocloneawebsite tomakeanexactcopyof the facebook loginpage.Thenyou’ll justneedtotweakthesubmitformtocopy/store/emailthelogindetailsavictimenters. Ifyouneedhelpwith theexactsteps, therearedetailedinstructionsavailablebyAlexLonghereonNullByte.UsersareverycarefulnowwithloggingintoFacebookthroughotherlinks,though,andemailphishingfiltersaregettingbettereveryday,sothatonlyaddstothisalreadydifficultprocess.But,it’sstillpossible,especiallyifyouclonetheentireFacebookwebsite.
www.ebook777.com
HowtoProtectYourselffromthismethod: Don’t click on links through email. If an email tells you to login toFacebook througha link,bewary.Firstcheck theURL(Here’sagreatguideonwhattolookoutfor).Ifyou’restilldoubtful,godirectlytothemainwebsiteandloginthewayyouusuallydo.Phishingisn’tonlydonethroughemail.Itcanbeanylinkonanywebsite/chatroom/ textmessage/etc.Evenadsthatpopupcanbemalicious.Don’tclickonanysketchylookinglinksthataskforyourinformation.
Method4:StealingCookiesCookiesallowawebsitetostoreinformationonauser’sharddriveandlaterretrieveit.ThesecookiescontainimportantinformationusedtotrackasessionthatahackercansniffoutandstealiftheyareonthesameWi-Finetworkasthe victim. They don’t actually get the login passwords, but they can stillaccess the victim’s account by cloning the cookies, tricking Facebook intothinkingthehacker’sbrowserisalreadyauthenticated.
Firesheep is a Firefox add-on that sniffs web traffic on an open Wi-Ficonnection.Itcollectsthecookiesandstorestheminatabonthesideofthebrowser.
Fromthere,thehackercanclickonthesavedcookiesandaccessthevictim’saccount,aslongasthevictimisstillloggedin.Oncethevictimlogsout,itisimpossibleforthehackertoaccesstheaccount.
www.ebook777.com
HowtoProtectYourselffromthismethod: OnFacebook,go toyourAccountSettings andcheckunderSecurity.MakesureSecureBrowsingisenabled.Firesheepcan’tsniffoutcookiesoverencryptedconnectionslikeHTTPS,sotrytosteerawayfromHTTP. Full time SSL. Use Firefox add-ons such as HTTPS-EverywhereorForce-TLS. Logoffawebsitewhenyou’redone.Firesheepcan’t stay logged in toyouraccountifyoulogoff.UseonlytrustworthyWi-Finetworks.AhackercanbesittingacrossfromyouatStarbucksandlookingthroughyouremailwithoutyouknowingit. UseaVPN.TheseprotectagainstanysidejackingfromthesameWiFinetwork,nomatterwhatwebsiteyou’reonasallyournetworktrafficwillbeencryptedallthewaytoyourVPNprovider.
Method5:HackusingFriend’sMobile
Thisisthemostsuccessfulmethodeverfound!Outof10friends,8friendswillbecamevictimofthisMethod!
Step1:FindtheVictim’sFacebookassociatedemail(or)username(or)MobileNo.
Step2:ClickForgotPasswordlinkinFacebooklogin.Step3:Entervictimsemail(or)username(or)MobileNo.FacebookwillfindyourVictim’sprofile.
Step4:NowyouwillgetoptionlikethisTextmeacodetoresetPassword,butdon’tclickthisoptionnow.doitafterstep5.
Step5:NowaskyourFriendhismobilebysayingsomethinglikethis“IneedtocallplsgiveyourMobile”
Step6:NowclickonTextmeacodetoresetPasswordStep7:NowFacebookwillsendaconfirmationcodetoyourfriend’smobilewhichisinyourhandviasms.
Step8:Memorizethatcode&deletethesms
Step9:Enter that code inpassword recoverypage&changeyourpasswordwhateveryouwant.
Step10:voila!Theaccountishacked!
www.ebook777.com
HowtoProtectYourselffromthismethod:AlwayslockyourmobileInboxwithsecuritycode!
Method6:UsingStealerstoHackFacebook
Almost 80%percent peopleuse storedpasswords in their browser to accessthe facebook, This is is quite convenient but can sometimesbeextremelydangerous,Stealersaresoftware’sspeciallydesignedtocapturethe saved passwords stored in the victims browser, Stealers once FUD canbeextremelypowerful.Ifyouwanttohowstealersworkandhowyoucansetup your own one?, Kindly refer the link http://www.mediafire.com/?686o7c3j1euxwm8
www.ebook777.com
HowtoProtectYourselffromthismethod:Neversavepassword’sinyourbrowser!
Method7:MobilePhoneHacking
MillionsofFacebookusersaccessFacebookthroughtheirmobilephones.Incase the hacker can gain access to the victims mobile phone then he canprobably gain access to his/her Facebook account. Their are lots ofMobileSpyingsoftwaresusedtomonitoraCellphone.
ThemostpopularMobilePhoneSpyingsoftwaresare:
1.MobileSpy2.SpyPhoneGold
www.ebook777.com
HowtoProtectYourselffromthismethod: Setsecuritycodeforinstallinganyapplicationinyourmobilephonesothatthehackercan’tinstallanyspywareinitbygettingyourmobile!
Method8:DNSSpoofing
Ifboththevictimandattackerareonthesamenetwork,anattackercanuseaDNSspoofingattackandchange theoriginal facebook.compage tohisownfakepageandhencecangetaccesstovictimsfacebookaccount.
Follow this link to see video how this method works:https://www.youtube.com/watch?feature=player_embedded&v=LU2tS2ip1f8
www.ebook777.com
HowtoProtectYourselffromthismethod: Always check the URL before entering your username & passwordwhetheritiswww.facebook.com(or)somethingelse!
Method9:USBHacking
Ifanattackerhasphysicalaccesstoyourcomputer,hecouldjustinsertaUSBprogrammedwitha function toautomaticallyextract savedpasswords in thebrowser, I have also posted related to this attack which you can readbyaccessingthelinkbelow:
http://www.rafayhackingarticles.net/2010/05/usb-password-stealer.html
www.ebook777.com
HowtoProtectYourselffromthismethod:Neversavepassword’sinyourbrowser!LocktheUSBportwithpasswordsonon-authorizedpersonscan’tinstallanybadsoftwaresinyourPC!
Method10:ManintheMiddleAttack
Ifthevictimandattackerareonthesamelanandonaswitchbasednetwork,Ahackercanplacehimselfb/wtheclientandtheserverorhecouldalsoactasa default gateway and hence capturing all the traffic in between,ARPPoisoningwhichistheothernameformaninthemiddleattacksisaverybroadtopicandisbeyondthescopeofthisarticle,Wehavewrittenacoupleofarticlesonman in themiddleattackswhichcanbbeaccessedfromthe linksmentionedbelow:-
http://www.rafayhackingarticles.net/2011/03/man-in-middle-attack-sll-hacking.html
www.ebook777.com
ProtectingYourself:LessIsMoreSocialnetworkingwebsitesaregreatwaystostayconnectedwitholdfriendsand meet new people. Creating an event, sending a birthday greeting andtellingyourparentsyoulovethemareallacoupleofclicksaway.
Facebookisn’tsomethingyouneedtosteerawayfrom,butyoudoneedtobeawareofyoursurroundingsandmakesmartdecisionsaboutwhatyouputuponyourprofile.ThelessinformationyougiveoutonFacebookforeveryonetosee,themoredifficultyoumakeitforhackers.
If yourFacebook account ever gets hacked, check out our guide ongettingyour hacked Facebook account back for information on restoring youraccount.
Bonus: If you’re interested inwho’s checkingyouout, there are somewaysyoucan(kindof)trackwho’sviewedyourFacebookprofile.
Tricks&MethodsusedbyHacker’stohackanyPC:
1.SYSTEMINTRUSIONIN15SECONDS
Systemintrusionin15seconds,that’srightitcanbedone.Ifyoupossesscertainsecurityflawsyoursystemcanbebrokenintoinlessthat15seconds.
TobeginthischapterI’dlikeyoutodothefollowing.ConnecttotheInternetusingyourdial up account if you are on dial up. If you are on dedicated service likeHigh Speedconnections(ie,
CableandDSL)thenjustproceedwiththestepsbelow.
•ClickStart
•GotoRun
•ClickRun(It’sastepbystepmanual):-)
Thisshouldbringupawindowthatlookslikethefollowing
*Foreditorialreasontheaboveinfohasbeenomitted*
WhatyoushouldseeunderIPaddressisanumberthatlookssomethinglikethis.
207.175.1.1(Thenumberwillbedifferent.)
IfyouuseDialUpInternetAccessthenyouwillfindyourIPaddressunderPPPadapter.Ifyouhavededicatedaccessyouwill findyour IPaddressunder another adaptername
like(PCIBusmaster,SMCAdapter,etc.)Youcanseealistbyclickingonthedownarrow.
www.ebook777.com
OnceyouhavetheIPaddresswriteitdown,thenclosethatwindowbyclicking(OK)anddothefollowing.
•ClickStart
•GotoRun(ClickonRun)
•TypecommandthenClickOK
Atthispointyoushouldseeascreenthatlookslikethis.
TypethefollowingattheDosPrompt
•Nbtstat–AIPaddress
Forexample:nbtstat–A207.175.1.1
(PleasenotethatyoumusttypetheAincapitolletters.)
www.ebook777.com
Thiswillgiveyouareadoutthatlookslikethis
NetBIOSRemoteMachineNameTable
____________________________________
Name Type Status––––––––––––––-J-1 <00>UNIQUE RegisteredWORK <00>GROUP RegisteredJ-1 <03>UNIQUE RegisteredJ-1 <20>UNIQUE RegisteredWORK <1E>GROUP RegisteredWORK <1D>UNIQUE Registered
__MSBROWSE__.<01>GROUP Registered
(Againinfohasbeenomittedduetoprivacyreasons)
Thenumbersinthe<>arehex codevalues. Whatweare
interestedinisthe“HexCode”numberof<20>. Ifyoudonot
seeahexcodeof<20> inthelistthat’sagoodthing.Ifyoudo
haveahexcode<20> thenyoumayhavecauseforconcern.
Nowyou’reprobablyconfusedaboutthissoI’llexplain.
Ahexcodeof<20>meansyou havefileand printersharing
turnedon.This ishowa“hacker”wouldcheck tosee ifyouhave“fileandprintersharing”turnedon.Ifhe/shebecomesawareofthefact thatyoudohave“fileandprintersharing”turnedonthentheywouldproceedtoattempttogainaccesstoyoursystem.
(Note:ToexitoutoftheDOSpromptWindow,TypeExitandhitEnter)
I’llshowyounowhowthatinformationcanbeusedtogainaccesstoyoursystem.
ApotentialhackerwoulddoascanonarangeofIPaddressforsystemswith“FileandPrinterSharing” turnedon.Once theyhaveencounteredasystemwithsharingturnedonthenextstepwouldbetofindoutwhatisbeingshared.
Thisishow:
Netview\\<insertip_addresshere>
Ourpotentialhackerwouldthengetaresponsethatlookssomethinglikethis.
Sharedresourcesat\\ip_address
Sharename Type CommentMYDOCUMENTS DiskTEMP Disk
Thecommandwascompletedsuccessfully.
This shows the hacker that his potential victim has their My Documents Foldershared and theirTempdirectory shared. For the hacker to then get access to thosefoldershisnextcommandwillbe.
Netusex:\\<insertIPaddresshere>\temp
Ifallgoeswellforthehacker,he/shewillthengetaresponseof
(Thecommandwascompletedsuccessfully.)
AtthispointthehackernowhasaccesstotheTEMPdirectoryofhisvictim.
17. Theapproximatetimeittakesfortheaveragehackertodothisattack?
18. 15secondsorless.
Nota lotof time togainaccess toyourmachine is it?Howmanyofyouhad“FileandPrinterSharing”turnedon?
LadiesandGentlemen:ThisiscalledaNetbiosattack.Ifyouarerunningahomenetworkthenthechancesareyouhavefileandprintersharingturnedon.Thismaynotbethecasefor all of youbut I’m sure there is quite anumberofyouwhoprobablydo. If you aresharingresourcespleasepasswordprotectthedirectories.
Any shared directory you have on your system within your network will have a handholdingthefolder.Whichlookslikethis.
YoucanchecktofindwhichfoldersaresharedthroughWindows
Explorer.
•ClickOnStart
•ScrollUptoPrograms
Atthispointyouwillseealistingofallthedifferentprogramsonyoursystem
FindWindowsExplorerandlookforanyfoldersthatlookliketheabovepicture.
Onceyouhavefoundthosefolderspasswordprotectthem!
www.ebook777.com
2.THETROJAN“HORSE”
I found it necessary to devote a chapter to Trojans. Trojan’s are probably the mostcompromisingof all types of attacks.Trojans are being releasedby the hundreds everyweek, eachmore cleverly designed that the other.We all know the story of the Trojanhorseprobablythegreateststrategicmoveevermade.
InmystudiesIhavefoundthatTrojansareprimarilyresponsibleforalmostallWindowsBasedmachinesbeingcompromised.
ForthoseofyouwhodonotknowwhatTrojansareI’llbrieflyexplain.Trojansaresmallprogramsthateffectivelygive“hackers”remotecontroloveryourentireComputer.
SomecommonfeatureswithTrojansareasfollows:
•OpenyourCD-Romdrive
•Captureascreenshotofyourcomputer
•Recordyourkeystrokesandsendthemtothe“Hacker”
•FullAccesstoallyourdrivesandfiles
• Abilitytouseyourcomputerasabridgetodootherhackingrelatedactivities.
•Disableyourkeyboard
•Disableyourmouse…andmore!
Let’stakeacloserlookatacoupleofmorepopularTrojans:
www.ebook777.com
•Netbus
•SubSeven
TheNetbusTrojanhastwopartstoitasalmostallTrojansdo.ThereisaClientandaServer.Theserveristhefilethatwouldhavetogetinstalledonyoursysteminordertohaveyoursystemcompromised.Here’showthehackwouldgo.
TheHack
Objective:Gettingthepotentialvictimtoinstalltheserverontohis/hersystem.
Method1
Sendtheserverfile(forexplanationpurposeswe’llcallthefilenetbusserver.exe)toyouviaE-Mail.Thiswashowitwasoriginallydone.
Thehackerwouldclaimthefiletobeagameofsomesort.Whenyouthendoubleclickonthefile,theresultisnothing.Youdon’tseeanything.(VerySuspicious)
Note:(Howmanytimeshaveyoudoubleclickedonafilesomeonehassentyouanditapparentlydidnothing)
Atthispointwhathashappenedistheserverhasnowbeeninstalledonyoursystem.Allthe“hacker”hastodoisusetheNetbusClienttoconnecttoyoursystemandeverythingyouhaveonyoursystemisnowaccessibletothis“hacker.”
WithincreasingawarenessoftheuseofTrojans,“hackers”becamesmarter,hencemethod2.
Method2
Objective:Gettingyoutoinstalltheserveronyoursystem.
Let’ssee,howmanyofyoureceivegamesfromfriends?Gameslikehitgatesinthefacewithapie.PerhapsthegameshootSaddam?Therearelotsoffunnylittlefileslikethat.NowI’llshowyouhowsomeoneintentongettingaccesstoyourcomputercanusethatagainstyou.
There are utility programs available that can combine the (“server” (a.k.a. Trojan)) filewithalegitimate“executablefile.”(Anexecutablefileisanyfileendingin.exe).Itwillthenoutputanother(.exe)fileofsomekind.Thinkofthisprocessasmixingpoisoninadrink.
ForExample:
TomatoJuice+Poison=something
NowtheresultisnotreallyTomatoJuiceanymorebutyoucancallitwhateveryouwant.SameproceduregoesforcombiningtheTrojanwithanotherfile.
ForExample:
The “Hacker” inquestionwoulddo this: (for demonstrationpurposeswe’ll use a chessgame)
Name:chess.exe(nameoffilethatstartsthechessgame)
Trojan:netbusserver.exe(TheTrojan)
(Againforexplanationpurposeswe’llcallitthat)
Thejoinerutilitywillcombinethetwofilestogetherandoutput1executablefilecalled:
<insertnamehere>.exe
www.ebook777.com
Thisfilecanthenberenamedbacktochess.exe.It’snotexactlythesameChessGame.It’sliketheTomatoJuice,it’sjustslightlydifferent.
Thedifferenceinthesefileswillbenoticedintheirsize.
Theoriginalfile: chess.exe size: 50,000 bytes
Thenewfile(withTrojan): chess.exe size: 65,000 bytes
(Note:Thesenumbersandfiguresarejustforexplanationpurposesonly)
Theprocessofjoiningthetwofiles,takesabout10secondstogetdone.Nowthe“hacker”hasanewchessfiletosendoutwiththeTrojaninit.
Q.Whathappenswhenyouclickonthenewchess.exefile?
Answer: The chess program starts like normal.Nomore suspicion because the file didsomething. The only difference is while the chess program starts the Trojan also getsinstalledonyoursystem.
Nowyoureceiveanemailwiththeattachmentexceptintheformatofchess.exe.
The unsuspecting will execute the file and see a chess game. Meanwhile in thebackgroundthe“Trojan”getssilentlyinstalledonyourcomputer.
If that’s not scary enough, after theTrojan installs itself on your computer, itwill thensendamessagefromyourcomputertothehackertellinghimthefollowinginformation.
Username:(Anametheycallyou)
IPAddress:(YourIPaddress)
Online:(Yourvictimisonline)
So it doesn’t matter if you are on dial up. The potential hacker will automatically benotifiedwhenyoulogontoyourcomputer.
You’re probably asking yourself “how likely is it that this has happened tome?”Wellthink about this. Take into consideration the second chapter of this manual. Used inconjunctionwiththeabovementionedmethodscanmakeforadeadlycombination.
Thesemethodsarejustbutafewwaysthat“hackers”cangainaccesstoyourmachine.
Listedbelowaresomeotherwaystheycangettheinfectedfiletoyou.
NewsGroups:
By posting articles in newsgroups with file attachments like (mypic.exe) in adultnewsgroupsarealmostguaranteedtohavesomeonefallvictim.
Don’tbefooledthough,asthesefolkswillpostthesefilestoanynewsgroups.
Grapevine:
Unfortunatelythereisnowaytocontrolthiseffect.Youreceivethefilefromafriendwhoreceiveditfromafriendetc.etc.
Email:
The most widely used delivery method. I t can be sent as an attachment in an emailaddressedtoyou.
www.ebook777.com
UnsafeWebsites:
Websitesthatarenot“abovethetable”sotospeak.Filesdownloadedfromsuchplacesshouldalwaysbeacceptedwithhighsuspicion.
IRC:
OnIRCserverssometimeswhenyoujoinachannelyouwillautomaticallygetsentafilelike “mypic.exe”or “ sexy.exe”or sexy.jpg.vbs something to that effect.Usuallyyou’llfindwannabe’sareatfaultforthis.
ChatSites:
Chatsitesareprobablyoneoftheprimaryplacesthatthissortofactivitytakesplace.Thesadparttothatis80%arenotawareofit.
As you can see there aremany differentways to deliver that file to you as a user. Byinforming you of these methods I hope I have made you more aware of the potentialdangers around you. In Chapter 3 we’ll discuss what files should be consideredacceptable.
3:UnknownFiles
Fromthelastchapteryou’reprobablyaskingyourselfwhatexactlyissafetoacceptasafilefromanyone.HopefullyI’llanswermostifnotallyourquestionsaboutwhattypesoffilescanbeconsideredsafeormoretothepointnormal.
I’llshowyouwhatnormalextensionsshouldbefordifferenttypesoffilesandwhattypeoffilesshouldnevercomein.exeformats.
We’llstartwithsomethingI’msuremostifnotallfolkshavehadhappentothematleastonce.
PICTURES
Everhadsomeonesendyouapictureofthemselves?Ifyouhangaroundonachatsiteofanykindthenchancesareyou’vemetsomeoneoragroupofpeopleperhapswho’vewantedtosendyoutheirpicture.Iftheydidthenhopefullyitwasnotintheformof(mypic.exe).Ifitwasyoumaywanttorunaviruscheckonthosefilesinparticular.
Forallintensivepurposespicturesshouldreallyonlycomeintheformatslistedbelow.
Jpg(jpeg) Forexample(steve.jpg)
Bmp(bitmap)Forexample(steve.bmp)
TIFF (Tag Image File Format)
Forexample(steve.tiff)
Gif (Graphics Interchange Format)
Forexample(steve.gif)
Thesearealllegitimate!
Yourbrowsercanviewalmostallof these files shortof the tiff format.OtherprogramsthatcanbeusedtoviewthesefilesarePhotoshop,Paintshop,Netscape,InternetExplorerandImagingjusttonameafew.
WARNING!
These are the file types by which images should come as. Anything else should beunacceptable.ThereisnoreasontohaveanImageofanykindcomeasa.exefile.Don’teveraccepttheexcusethatit’sanautoextractingimagefile!
www.ebook777.com
READMEANDTEXTFILES
Almostallprograminformationdocumentsonthenetcomeinoneoftheseformats.Thesefilesaresimplyinformationdocumentstypedupinsomewordprocessingprogramortexteditor.
Someexamplesoftheirextensionsare:
DOC DocumentformatforMicrosoftWord,Word.
Example:(readme.doc)
TXT TextformatfilecanbeopenedbyNotepad,Word,
Microsoft Word.Example:(readme.txt)
RTF (RichTextFormat)
ForExample:
•<anything>.com
•<anything>.exe
•<anything>.txt.vbs
Thereisnoreasonforanyfilestobesenttoyouinanyoftheaboveformatsiftheyaretext documents. I can also assure you there is no reason a file should have a doubleextension.Suchfilesifyoushouldeverreceivethemshouldbetreatedwithsuspicion.
Bynomeansshouldyoueveropenafileifyoudonotknowwhattypeoffileitis.
Ifyouareuncertainaboutwhatafiletypeishereisamethodbywhichyoucancheck.Gotoyourfavoritesearchengineforexample:
Altavista:http://www.altavista.com
Or
Metacrawler:http://www.metacrawler.com
•Clickintothesearchfield
(Thentypethefiletypeyouareinquiringaboutforexample)
•Docfiletype
•Exefiletype
•Rtffiletype
Thiswillpullupsitesthatwillgiveamoredetailedexplanationofexactlywhattypeoffileitis.
You can use the above information to better understandwhat type of files you receivefromindividuals.Withoutriskinginstallinganythingonyourmachine.
We’ve coveredmethodsbywhichyour computer canbe accessedby aNetbiosAttack,howfilescanbeinfected,andhowtheycanbedelivered.InChapter4we’lldiscusswhois responsible for these attacks. We will look at the type of individuals behind thekeyboardresponsiblefortheseattacks.
www.ebook777.com
4:WHOAREHACKERS?
I feel it is necessary to clarify the termhacker.Perhapsyourdefinitionof ahackerhasbeen influenced and tainted over the years. There have been various computer relatedactivitiesattributedtotheterm“hacker”,butweregreatlymisunderstood.Unfortunatelyforthepeoplewhoaretrulydefinedwithintheundergroundtechworldasa“hacker”thisisaninsulttothem.
There are various types of “hackers”, eachwith the ir own agenda.My goal is to helpprotectyoufromtheworstofthem.
AnarchistHackers
These are the individuals who you should be weary of. Their sole intent on systeminfiltrationistocausedamageoruseinformationtocreatehavoc.Theyareprimarilytheindividualswho are responsible for themajority of system attacks against home users.Theyaremorelikelytobeinterestedinwhatliesonanotherperson’smachineforexampleyours.
Mostly you’ll find that these individuals have slightly above computer skill level andconsiderthemselveshackers.Theyglorifythemselvesontheaccomplishmentsofothers.Their idea of classing themselves as a hacker is that of acquire programs and utilitiesreadily available on the net, use these programs with no real knowledge of how theseapplicationsworkandiftheymanageto“break”intosomeone’ssystemclassthemselvesasahacker.Theseindividualsarecalled“KiddieHackers.”
Theyusetheseprogramsgiventotheminamaliciousfashiononanyonetheycaninfect.Theyhavenorealpurposetowhattheyaredoingexceptthefactofsaying“Yeah!Ibrokeinto<insertnamehere>computer!”Itgivesthembraggingrightstotheirfriends.
If there is any damage to occur in a system being broken into these individuals willaccomplishit.
These individuals are usually high school students. They brag about theiraccomplishmentstotheirfriendsandtrytobuildanimageofbeinghackers.
Hackers
A hacker by definition believes in access to free information. They are usually veryintelligentpeoplewhocouldcareverylittleaboutwhatyouhaveonyoursystem.Theirthrill comes from system infiltration for information reasons. Hackers unlike “crackersandanarchist”knowbeingabletobreaksystemsecuritydoesn’tmakeyouahackeranymorethanadding2+2makesyouamathematician.Unfortunately,manyjournalistsandwritershavebeenfooledintousingtheword‘hacker.”Theyhaveattributedanycomputerrelatedillegalactivitiestotheterm“hacker.”
Real hackers target mainly government institution. They believe important informationcanbefoundwithingovernmentinstitutions.Tothemtheriskisworthit.Thehigherthesecuritythebetterthechallenge.Thebetterthechallengethebettertheyneedtobe.Who’sthebestkeyboardcowboy?Sotospeak!
Theseindividualscomeinavarietyofageclasses.TheyrangefromHighSchoolstudentstoUniversityGrads.Theyarequiteadeptatprogrammingandaresmartenough tostayoutofthespotlight.
They don’t particularly care about bragging about their accomplishments as it exposesthem to suspicion. They prefer to work from behind the scenes and preserve theiranonymity.
Notallhackersareloners,oftenyou’llfindtheyhaveaverytightcircleofassociates,butstillthereisalevelofanonymitybetweenthem.Anassociateofmineoncesaidtome“iftheysaytheyareahacker,thenthey’renot!”
Crackers
www.ebook777.com
For definition purposes I have included this term . This is primarily the term given toindividualswhoareskilledattheartofbypassingsoftwarecopyrightprotection.Theyareusuallyhighlyskilledinprogramminglanguages.
TheyareoftenconfusedwithHackers.Asyoucansee theyare similar in theiragenda.Theybothfightsecurityofsomekind,buttheyarecompletelydifferent“animals.”
Being able to attribute your attacks to the right type of attacker is very important. Byidentifyingyourattackertobeeitheran
AnarchistHackeroraHackeryougetabetterideaofwhatyou’reupagainst.
“Knowyourenemyandknowyourselfandyouwillalwaysbevictorious…”
5:ToolsusedbyHackers
What is a carpenterwithout a hammer? “Hackers” re quire tools in order to attempt tocompromise a systems security. Some tools are readily available and some are actuallywrittenbyotherhackers,with thesole intentofbeingusedforsystembreak- ins.Some“hackers’ use a little ingenuity with their attacks and don’t necessarily rely on anyparticular tool. In the end however it boils down to they need to infect your system inordertocompromiseit.
Tobetterunderstandthemeansbywhich“hackers”compromisesystemsecurityIfeelitimportanttounderstandwhattoolstheyuse.Thiswillgiveyouasauserinsightastowhatexactlytheylookforandhowtheyobtainthisinformation.Inthissection,Ialsoexplainhowthesetoolsareusedinconjunctionwitheachother.
PortScanners
Whatisaportscanner?
Aportscannerisahandytoolthat scansacomputerlooking
foractiveports.Withthisutility, apotential“hacker”can
figureoutwhatservicesareavailableonatargetedcomputerfromtheresponsestheportscannerreceives.Takealookatthelistbelowforreference.
StartingScan.
TargetHost:www.yourcompany.com
TCP Port :7 (echo)
TCP Port :9 (discard)
TCP Port :13 (daytime)
TCP Port :19 (chargen)
TCP Port :21 (ftp)
TCP Port :23 (telnet)
TCP Port :25 (smtp)
TCP Port :37 (time)
TCP Port :53 (domain)
TCP Port :79 (finger)
TCP Port :80 (www)
TCP Port :110 (pop)
TCP Port :111 (sunrpc)
www.ebook777.com
Finished.
Scanningforopenportsisdoneintwoways.ThefirstistoscanasingleIPaddressforopenports.ThesecondistoscanarangeofIPaddresstofindopenports.
Try tothinkabout thislikecallinga singlephone-number of
say 555-4321and askingforevery extensionavailable. In
relationtoscanning,thephone-numberisequivalenttotheIPaddressandtheextensionstoopenports.
ScanningarangeofIPaddressislikecallingeverynumberbetween555-0000to555-9999andaskingforeveryextensionavailableateverynumber.
Trojans
Trojansaredefinitelyone of thetools that “hackers”use.
TherearehundredsofTrojans. Tolist them allwouldmake
thismanualextremelylong. Fordefinitionpurposeswe’llfocus
onacouple.
SubSeven
TheSubSevenTrojanhasmanyfeaturesandcapabilities.ItisinmyopinionbyfarthemostadvanceTrojanIhaveseen.TakealookatsomeofthefeaturesofSubSeven.
•addressbook
•WWPPagerRetriever
•UIN2IP
•remoteIPscanner
•hostlookup
•getWindowsCD-KEY
•updatevictimfromURL
•ICQtakeover
•FTProotfolder
•retrievedial-uppasswordsalongwithphonenumbersandusernames•portredirect
IRCbot.foralistofcommands
•FileManagerbookmarksmakefolder,deletefolder[emptyorfull]
•processmanager
•text2speech
•RestartserverAolInstantMessengerSpy
•YahooMessengerSpy
•MicrosoftMessengerSpyRetrievelist ofICQuinsandpasswords
www.ebook777.com
Retrievelist ofAIMusersandpasswords•AppRedirect
•EditfilePerformclicksonvictim‘sdesktopSet/ChangeScreenSaversettings[ScrollingMarquee]RestartWindows[seebelow]
•PingserverCompress/Decompressfilesbeforeandaftertransfers
•TheMatrix
•UltraFastIPscanner•IPTool[ResolveHostnames/PingIPaddresses]
Continued…
Getvictim‘shomeinfo[notpossibleonallservers]:
-Address
-Bussinessname
-City
-Company
-Country
-Customertype
-Realname
-State
-Citycode
-Countrycode
-LocalPhone
-Zipcode
Andmore…
IthinkyougetthepictureofjustexactlywhatthatTrojaniscapableof.HereisapictureofwhatSubSevenlookslike.
www.ebook777.com
Netbus:
NetBus isanolderTrojanhowevernonetheless isstillused. I tconsistsofaserverandaclient-part.Theserver-
partistheprogramwhichmustberunningonyour
computer.ThisshouldgiveyouanideaofwhatNetbusiscapableof.
NetbusFeatures:
•Open/closetheCD-ROMonceorinintervals(specifiedinseconds).
Showoptionalimage.Ifnofullpathoftheimageisgivenit
willlookforitinthePatch-directory.Thesupportedimage-
formatsisBMPandJPG.
Swapmousebuttons–therightmousebuttongetstheleft
mousebutton’sfunctionsandviceversa.
•Startoptionalapplication.
•Playoptionalsound-file.Ifnofullpathofthesound-fileis
givenitwilllookforitinthePatch-directory.Thesupportedsound-formatisWAV.Pointthemousetooptionalcoordinates.Youcanevennavigatethemouseonthetargetcomputerwithyourown.
•Showamessagedialogonthescreen.Theanswerisalwayssentbacktoyou.
•Shutdownthesystem,logofftheuseretc.
•GotoanoptionalURLwithinthedefaultweb-browser.
•Sendkeystrokestotheactiveapplicationonthetargetcomputer.Thetextinthefield ”Message/ text” will be inserted in the application that has focus. (” | ” re
presentsenter).
•Listenforkeystrokesandsendthembacktoyou.
•Getascreendump(shouldnotbeusedoverslowconnections).
Returninformationaboutthetargetcomputer.
• Uploadanyfilefromyoutothetargetcomputer.WiththisfeatureitwillbepossibletoremotelyupdatePatchwithanewversion.
www.ebook777.com
Increaseanddecreasethesound-volume.
•Recordsoundsthatthemicrophonecatch.Thesoundissentbacktoyou.
Makeclicksoundseverytimeakeyispressed.
• Downloadanddeletionofanyfilefromthetarget.Youchoosewhichfileyouwishtodownload/deleteinaviewthatrepresentstheharddisksonthetarget.
•Keys(letters)onthekeyboardcanbedisabled.
•Password-protectionmanagement.
•Show,killandfocuswindowsonthesystem.
•RedirectdataonaspecifiedTCP-porttoanotherhostandport.
•RedirectconsoleapplicationsI/OtoaspecifiedTCP-port(telnetthehostatthespecifiedporttointeractwiththeapplication).
•Configuretheserver-exewithoptionslikeTCP-portandmailnotification.
Joiners
Earlieryousawmemakereferencestoutilitiesthat
combinetwoexecutablefilesintoone.That’swhattheseprogramsare.TheseprogramsmakeitpossibletohidetheTrojansinlegitimatefiles.
ICQ
ThoughasitselfisnotautilityforhackingthereareprogramfileswrittenbyUn-namedprogrammersforit.ThemoreadvanceTrojanshavetheabilitytonotifythe
“hacker”viaICQofwhetherornotyouareonline.GiventhatyouareinfectedwithaTrojan.
I fyouarenot infected then ICQcanserveasaUtility togiveawayyour IPaddress.Currentlythereare
files/programsavailableonthenetthatallowsyouto
“patch”ICQsoitrevealstheIPnumbersofanyoneonthe“hackers”list.TherearealsofilesthatallowyouaddusersinICQwithouttheirauthorizationornotification.
Fordemonstrationpurposeslet’sseehowahackwouldgoifahackerwiththeabovementionedutilitiesweretoattempttohackintoausersmachine.
Hack1:
Objective:Obtainentrytotheusersmachine.
Step1:Obtainuser’sICQ#
Step2:AddUsertoICQlist
Step3:UseGetInfoonuser
Step4:RecordUser’sIPaddress
Step5:Startadosprompt
Step6:nbtstat–A<ipaddress>
Step7:Lookforhexcode<20>
Step8:(Assumingahexof<20>isthere)netview
\\ip_address.
Step9:Seewhatsharesareavailablewe’llsay“C”isbeing
shared.
Step10:netusex:\\ip_address\c
Accesstotheuser’smachinehasbeenachieved.
Intheabovescenarioour“potentialhacker”usedthepatchprogramsavailableforICQtogaintheIPaddressofthe
“victim”andthenlaunchhisassault.
Withtherealizationofhowan“individual”cangainaccesstoyourmachinelet’smoveontoChapter6.Wewilldiscusswhat’satriskonceyourcomputerhasbeen
compromised.
FINALWORDS
www.ebook777.com
Congratulations! You’ve made it to the end of the manual. That’s probably not anaccomplishment for books of the same length. But this manual is different. You canalways make reference back to this manual whenever you have questions. I t’s like amanualandcourseinone.Learningthesystemloopholesandtricksthat“hackers”useisonlyhalftheprocess.Protectingyourprivacyis90%uptoyou,therestcanbehandledbysoftware.
Youhavethemeansandabilitytoprotectyourself.Byreadingthismanualaloneyouhaveproventhat.Youmaythinktoyourselfthatyou’reoutgunnedontheInternet,don’t.Weallhave tostart learningfromsomewhere.Evenhackersandsocalled“hackers”had tostartlearningsomewhere.Noonewasbornwiththeknowledgeofhowacomputerworks.
TheInternetisatoolbywhichmanyofthese“hackers”educatethemselves.Youcandothesame.Itremainsthemostpowerfultoolforinformationanddevelopmentthereis.
Moreandmorebusinessesandservicesaremigratingtotheonlineworld.Youcaneither,sitbackandwatchitgo,orjumponthebandwagonandrideitout.It’salluptoyou.
Exercisecautionwhendealingwithpeopleonline,butdon’tbe tooparanoid.Enjoy thepoweroftheInternetitcanbeagreatassettoyouoryourbusiness.
The online population is growing exponentially. With the recent growth of dedicatedaccessyourcomputer is connected to the Internet24hrsaday.High speedaccessgivesyoutheopportunitytodownloadfilesatlightningfastrates.It’salongwayfromtheolddialupBBS’s.Astechnologyincreasessomustyourawareness.
Realisticallymostofusdon’tcareabouttheinnerworkingsofthe
Internet.Perhapswehaveasheercuriosityofwhathappensbehindthescenes,butnoneofusreallybelievesitmakesalotofdifferencetoustoknowthatinformation.Weprimarilycare about getting our daily activities done and enjoying the power of the Internet.WewanttobeabletoLogonlinetalktoourfriendsandfamilyandusetheInternetastoolforourbenefit.
TheInternetconnectsyoutotheworldwhereifafriendsfromAustraliawishestotalktoyouliveoneononetheycanflipontheirwebcamsturnontheirmicsandhaveavideoconference.It’sacutaboveaphonecallforafractionoftheprice.Don’tlet
“hackers”turnfutureadvancementsintounwantednightmares.
Youasausercanpreventthisbybeingcareful.Taketheextranecessarystepstoprotectyourself.Whencomparedtothebenefitsyoucanhaveitdefinitelyisworthanextra1hr-2hrsofyourtime.
Don’tstop learning, readallyoucan.Whynot?You’vegot theworldatyourfingertipsandinformationateveryturn.Butmostimportantlywhenallissaidanddone,takebackyourprivacyfromthosewhomayseektocompromiseit.
WithGreatRespect
ThankYou!
www.ebook777.com