Basics of Ethical hacking and CEH

Note: This is a long post so the PDF version is also available. You can download the PDF version. Click Here to Download (Wait for few seconds and then click on skip)

Hello Guys!!! Hope you had a wonderful weekend. And KIITians, although the exams are over but yet it’s not the right time to sleep instead utilize these time to learn something new.

I know it’s a boring Monday again and you all guys must be expecting any new trick. But I am sorry to disappoint you, rather than giving a trick today I will give you the basic idea about hacking and the CEH course. Well those who don’t know about CEH, it stands for Certified Ethical Hacker, now I guess you all may have got some idea regarding this.

The CEHv8 has got 19 module all together. To get training you need to register to any institute and then pay them with lots of money and again pay them for the certificate exam. Just try to learn all those online and practice the questions and then appear directly for the certificate exam. Anyway I won’t give any boring lecture to you guys rather than I will tell you about those 19 modules.

Module 1: Introduction to Ethical hacking

Module 2: Footprinting and Reconnaissance

Module 3: Scanning networks

Module 4: Enumeration

Module 5: System Hacking

Module 6: Trojans and Backdoor

Module 7: Viruses and Worms

Module 8: Sniffers

Module 9: Social Engineering

Module 10: Denial of service

Module 11: Session Hijacking

Module 12: Hacking Web-servers

Module 13: Hacking Web Applications

Module 14: SQL injection

Module 15: Hacking Wireless Networks

Module 16: Evading IDS, Firewalls and Honeypots

Module 17: Buffer Overflow

Module 18: Cryptography

Module 19: Penetration Testing

So, I guess you all guys must be interested in knowing about each one of them. So, in today’s post I will give introduction about all the modules and what all it actually content.

Module 1: Introduction to Ethical hacking

(This module is bit boring, I know you guys hate theories) Through this module you can come to know about:

•        The elements of information security and its functionality
•      Security challenges
•      Effects of hacking
•      Who the hacker is actually
•      Classes of hackers
•      Types of hackers
•      Hacking phase
•      Types of attack on the system
•      Why ethical hacking is necessary
•       Scope and limitations of ethical hacking
•      What do ethical hackers do
•      Vulnerability research

Module 2: Footprinting and Reconnaissance

Footprinting is the step in which we gather information about our victim. Through this module you can come to know about:

•      What is Footprinting?
•      Objectives of Footprinting.
•      Footprinting Threats
•      Internet Footprinting
•      Competitive Intelligence
•      WHOIS Footprinting
•      DNS Footprinting
•      Network Footprinting
•      Website Footprinting
•      Email Footprinting
•      Google Hacking
•      Footprinting tools
•      Footprinting Countermeasures
•      Footprinting Pen testing

Module 3: Scanning networks

Scanning is the set of procedures for indentifying hosts, ports and services of network. It is one of the components of intelligence gathering for an attacker to create a profile of the target organization or person. This module covers about:

•      Types of scanning and understanding the CEH scanning methods
•      Checking Live systems and open ports
•      Understanding Scanning techniques
•      Different tools present to perform scanning
•      Understanding banner grabbing and OS fingerprinting
•      Drawing network diagrams of vulnerable hosts
•      Preparing proxies
•      Understanding Anonymizer
•      Its countermeasures
•      Scanning Pentesting

Module 4: Enumeration

Enumeration is the process of extracting user names, machine names, network resources, shares, and services from a system. It is mainly conducted in the intranet environment. Through this module you can know about:

•        Enumeration and its techniques
•      NetBIOS Enumeration
•      Enumerating user accounts
•      SNMP Enumeration
•      Unix/Linux Enumeration
•      LDAP/Active directory Enumeration
•      NTP Enumeration
•      SMTP and DNS Enumeration
•      Enumeration Countermeasures

Module 5: System Hacking

This is one of the longest module. System hacking mainly involves cracking the passwords and breaking through the security of the system. This process is done after we completely pass the above steps. Through this module you can come to know about:

•      Password Cracking and its techniques
•      Types of Password attacks
•      Automatic Password cracking algorithm
•      Privilege Escalation
•      Executing Application
•      Keyloggers
•      Spyware
•      Rootkit
•      Detecting Rootkits
•      NTFS Data Stream
•      What is Steganography?
•      Steganalysis
•      Covering tracks

Module 6: Trojans and Backdoor

Trojans are program in which the malicious or harmful codes are contained inside the apparently harmless programming or data in such a way that it can get control and cause damange, such as ruining the file allocation table on victim hard disk. With the help of a Trojan, an attacker gets access to the stored passwords in the Trojaned computer and would be able to read personal documents, delete files and display pictures, or even send messages on the screen. With this module you can know about:

•      What is Trojan?
•      Overt and Covert Channels
•      Purpose of Trojans
•      Indications of Trojan attacks
•      Common Ports used by Trojans
•      How to infect using Trojans
•      How to deploy a Trojan?
•      Types of Trojans
•      How to detect Trojans?
•      Evading Anti-virus techniques
•      Countermeasures
•      Anti-trojan softwares
•      Penetration testing

Module 7: Viruses and Worms

Virus is a self-replicating program that produces its own code by attaching copies of itself into other executables codes

•      Introduction and stages of Virus life
•      Working of virus
•      Virus analysis
•      Types of viruses
•      Writing a simple virus program
•      Computer Worms
•      Worm Analysis
•      What is sheep dip Computer?
•      Malware analysis procedure
•      Virus detection Methods
•      Countermeasures
•      Anti-virus tools
•      Penetration testing for virus

Module 8: Sniffers

Sniffing is the process in which we constantly get sensitive information about our victim after gaining the access of the victim network. We use sniffers for that and it can cover up the network data, personal emails and other messages, network traffic, etc. This module helps you to understand:

•      Lawful Intercept
•      Wiretapping
•      Sniffing Threats
•      Types of Sniffing
•      Hardware Protocol Analyzers
•      MAC Attacks
•      DHCP Attacks
•      ARP Poisoning Attacks
•      Spoofing Attacks
•      DNS Poisoning
•      Sniffing Tools
•      Countermeasures

Module 9: Social Engineering

There is no measure to measure the stupidity of humans. So social engineering basically deals with the stupidity of human and take advantage of that. Through this module you can learn:

•      What is Social Engineering?
•      Why is Social Engineering Effective?
•      Phases in a Social Engineering Attack
•      Common Targets of Social Engineering
•      Types of Social Engineering
•      Common Intrusion Tactics and Strategies for Prevention
•      Social Engineering through Impersonation on Social Networking Sites
•      Risks of Social Networking to Corporate Networks
•      Identify Theft
•      How to steal Identity?
•      Countermeasures
•      Pen Testing

Module 10: Denial of service

It is an attack on computer or network which stops the primary use of resources. In this attack, attacker flood a system with the garbage requests which overload the resource and prevents it from performing the important and primary works. This module covers:

•      What is DoS and DDoS attack?
•      How DDoS attack works?
•      Symptoms of DDoS attack.
•      Internet Relay Chat (RLC)
•      DoS attack technique
•      Botnet
•      Botnet Ecosystem
•      DDoS case study
•      DoS Attack tools
•      Detection Techniques
•      Countermeasures
•      Techniques to defend against Botnets
•      Protection tools
•      Penetration testing

Module 11: Session Hijacking

In this attack the attacker hijack the data transfer between two computer or network and then seals the valid session ID and finally snoop through the data. This module covers:

•      What is Session hijacking?
•      Key session hijacking techniques
•      Brute force
•      Spoofing vs. Hijacking
•      Types of Session Hijacking
•      Session Hijacking in OSI model
•      Application Level Session Hijacking
•      Network Level Session Hijacking
•      TCP/IP Hijacking
•      Session Hijacking tools
•      Countermeasures
•      IPSec Architecture
•      Penetration testing

Module 12: Hacking Web-servers

Through this attack we can deface a website, tamper a data, compromise user account, etc. This module covers:

•      Open Source Webserver Architecture
•      IIS Webserver Architecture
•      Why Web Servers are compromised?
•      Impact of Web Server Attacks
•      Web Application Attacks
•      Web Server Attack Methodology
•      Web Server Attack Tools
•        Countermeasures
•      How to defend against web server attacks?
•      What is Patch Management?
•      Patch Management Tools
•      Web server security tools
•      Penetration testing

Module 13: Hacking Web Applications

This is the longest module and it takes time and patience to complete this topic. We know that web application provide an interface between the user and the web server through web pages. Now in this attack we are attacking the web application and try to gain active or passive access to them. This includes XSS, SQLi, CSRF, RFI, LFI etc. This module covers:

•      Web Application introduction and its componenets
•      How Web Application Work?
•      Web Application Architecture
•      Unvalidated Input
•      Parameter/ Form Tampering
•      Injection Flaws
•      Hidden Field Manipulation Attack
•      XSS Attacks
•      Web Services Attacks
•      Hacking Methodology
•      Web Application Hacking Tools
•      Countermeasure
•      Web application Security tools
•      Web application Firewalls
•      Web application Pen testing

Module 14: SQL injection

It is one of the most common website vulnerability and most of the websites still includes this vulnerability. It is a flaw in web application and not in the database or the web server issue. Even after a lot of digging, most of the programmer are still not aware about this vulnerability. This module covers:

•      Introduction to SQL Injection
•      Threats of SQLi Attacks and Examples
•      SQLi Detection
•      SQLi Error Messages
•      SQLi Black Box Pen testing
•      Types of SQLi
•      Simple SQLi Attack
•      Union Based SQLi
•      Error-based SQLi
•      Blind SQLi
•      Advanced SQLi
•      SQLi Tools
•      Signature Evasion Techniques
•      Countermeasures
•      SQLi Detection tools

Module 15: Hacking Wireless Networks

In the most common words we can say hacking Wi-fi. Any network which uses the wireless networks are on the target of this attack. This module covers:

•      Wireless Networks
•      Types of Wireless Networks
•      Wi-Fi Authentication Modes
•      Types of Wireless Encryption
•      WEP Encryption
•      WPA/WPA2
•      Wireless Threats
•      Wireless Hacking Methodology
•      Wireless Hacking Tools
•      Bluetooth Hacking
•      Countermeasures
•      Wi-Fi Security Tools
•      Penetration Testing

Module 16: Evading IDS, Firewalls and Honeypots

Intrusion Detection Systems commonly called as IDS gathers and analyze the information from and within a computer or network, to identify the possible violation of the security policy, which includes the unauthorized access and its misuse.

Firewall are the hardware or software or the combination of both and are used to prevent the unauthorized access to the network or computer.

Honeypot is an information system resource that is expressly set up to attract and trap people who attempt to penetrate an organization’s network. This module covers:

•      Intrusion Detection Systems (IDS)
•      Ways to Detect an Intrusion
•      Types if IDS
•      Firewall and its types
•      Firewall Identification Techniques
•      Honeypot
•      Types of Honeypot
•      How to set up a Honeypot?
•      IDS, Firewall and Honeypot System
•      Evading IDS
•      Evading Firewall
•      Detecting Honeypots
•      Firewall Evading tools
•      Countermeasures
•      Penetration testing

Module 17: Buffer Overflow

A generic buffer overflow occurs when a buffer that has been allocated a specific storage space has more data copied to it than it can handle. This module covers:

•      Buffer Overflows (BoF)
•      Stack-Based Buffer Overflow
•      Heap-Based Buffer Overflow
•      Stack Operation
•      Buffer Overflow Steps
•      Attacking a Real Program
•      Smashing the Stack and its examples
•      How to mutate a buffer overflow exploit
•      Identifying Buffer Overflows
•      Testing for Heap Overflow Conditions: heap.exe
•      Steps for testing of Stack Overflow in OllyDbg Debugger
•      BoF Detection Tools
•      Countermeasure and its tools
•      Pentesting

Module 18: Cryptography

Cryptography is the conversion of data into a scrambles code that is decrypted and sent across a private or public network. This module covers:

•      Cryptography and its types
•      Ciphers
•      Advanced Encryption Standard (AES)
•      RC4, RC5, RC6 Algorithyms
•      RSA (Rivest Shamir Adleman)
•      Message Digest Function: MD5
•      Secure Hashing Algorithm (SHA)
•      Cryptography Tools
•      Public Key Infrastructure (PKI)
•      Digital Signature
•      SSL (Secure Sockets Layer)
•      Disk Encryption
•      Disk Encryption Tools
•      Cryptography attack
•      Cryptanalysis Tools

Module 19: Penetration Testing

Penetration testing are methods that attackers use to gain unauthorized access to an organization’s networked systems and then compromise with them. This module includes:

•      Penetration Testing (PT)
•      Security Assessments
•        Risk Management
•      Automated Testing
•      Manual Testing
•      Enumerating Devices
•      DoS Emulation
•      Hacker Shield
•      Pentest using various Devices
•      VigilENT
•      Web Inspect
•      Tools

So these were the overview of the topics to be covered in the CEH course and we also need to practice this in regular basis.

Author: Unpredictable

If you have any query then feel free to comment below or for more info mail us @ prashantsavior@gmail.com. Don't forget to like our Facebook page and stay updated.

                                

Enjoy Internet Pack Without Recharging

I have seen many posts and have got many messages about people asking how to use free internet using mobile and PC's. So here are some of the ways through which you can use
1. Using the proxy address on mobile phone
2. Using NMD in PC.
3. Using Droid VPN

Today in this tutorial I will be teaching you guys, how to use free internet in mobile phones. This is presently for the Indian Telecom services, you need to check for the proxy servers for your own country.

Before starting the tutorial, I am expecting that you guys have smart phones and you can edit the access point.
If not then I am doing here for the Samsung cell phones, first go to settings --> wireless and networks --> mobile networks --> access point names --> (click option button) New APN

Note: *** To use this trick make sure you have zero balance in your account because it is not our fault if your balance gets screwed up, as these proxies sometimes don't work.
***Don't forget to disconnect and reconnect after you have used 60 MB data.

---------------------------------------------------------------------------------------------
For Aircel User:-

Name: aebhi
Apn: aircelwap
Proxy: 172.17.83.69
Port: 8080

---------------------------------------------------------------------------------------------
For Vodafone User:-

Apn: Internet
Proxy: 186.149.156.119
Port: 8080

---------------------------------------------------------------------------------------------
For Idea User:-

Apn: internet
Proxy: 112.231.178.191
Port: 8080

---------------------------------------------------------------------------------------------
For Reliance User:-

Apn: internet
Proxy: 197.253.29.199
Port: 8080

---------------------------------------------------------------------------------------------
For BSNL User:-

Apn: internet
Proxy: 192.168.87.163
Port: 8080

---------------------------------------------------------------------------------------------
For TATA Docomo User:-

Name: Tata Docomo
Apn: TATA.DOCOMO.INTERNET
Proxy: 010.124.094.007
Port: 80

---------------------------------------------------------------------------------------------

Author:Unpredictable

PC trick will be added soon so stay tune with us on Facebook to get updates. For more information contact us @ prashantsavior@gmail.com

How To Change Mac Address

Note: This information is solely for the educational purpose. Author can't be blamed for the misuse of this information.

Everyone at some point of time wants to remain anonymous in the internet. Some thinks that just by changing the IP address we can remain anonymous. But its not obvious in all the cases. If you are working on the public wifi then anyone can track you down with your mac-id. Now talking about the MAC address (media access control address) is a unique identifier assigned to network interfaces for communications in the physical network segment. They are used as network address in most IEEE 802 network technologies, including ethernet.

A note to KIITians and to other college students: While using the college internet we are being restricted not to visit certain sites, torrent download, using Bluestack and even the proxy server are ban. And if someone tries to bypasses it they are being blocked by the college network. Then you need to contact the college authority to unblock your net connection. Now, what they actually do is that they keep a track on your MAC address and they block your MAC address and so you are not able to use the net. The best solution is that you change your MAC address whenever they block your net and you can access your net again.

Follow these simple steps to change the MAC address:

Step 1: First Download this software which is properly known as Technetium Mac-Changer Click Here to Download

Step 2: Extract it and install it on your computer. (hopefully you won't face problem in installing)

Step 3: Open it and then check in the "Link status" which are "up, operational".

Step 4: Click on Random MAC address and then finally click on change now. (Don't forget to check all the options especially "Use '02' as the first octet of MAC address".

Step 5: You can also change the name of the address from drop down menu.


If you face any further problem then don't hesitate to ping me up. You can comment below, or send me email at @ prashantsavior@gmail.com or even you can inbox me in Facebook. Don't forget to like our Facebook Page and stay updated.

Author: Unpredictable

Google Dork - A curse or A Blessing

It is said that everything you searches in google results in some answers. But do you know that the Google is so powerful that it can even reflect your private information. 
These private information are accessed by many hackers in order to exploit you. Some of them are even very helpful to make our search results more accurate and easy.

"Those who live the internet for them its a blessing and those who knows the internet for them its a curse. It depends upon you how you make it for you."Now we have done enough of talking lets get right into it.

I use google.com as my primary search engine because it presently tops the charts as far as
the sites that it indexes which means more pertinent info per search.

1. Page translation.
Just because someone speaks another language doesn't mean they dont have anything useful to say. I use translation tools like the ones found at

http://babelfish.altavista.com
and

http://world.altavista.com
to translate a few key words I am searching for. Be specific and creative because these tools arent the most accurate things on the planet.

2. Directories.
These days everything is about $$$. We have to deal/w SEO (search engine optimization) which seems like a good idea on paper until you do a search for toys and get 5 pornsites in the first 10 results. Using a sites directory will eliminate that. You can narrow your search down easily by looking for the info in specific catagories. (PS google DOES have directories, they're at: directory.google.com)

3. Here are some tips that google refers to as "advanced"

A. "xxxx" / will look for the exact phrase. (google isnt case sensitive)
B. -x / will search for something excluding a certain term
C. filetype:xxx / searches for a particular file extention (exe, mp3, etc)
D. -filetype:xxx / excludes a particular file extention
E. allinurl:x / term in the url
F. allintext:x / terms in the text of the page
G. allintitle:x / terms in the html title of that page
H. allinanchor:x / terms in the links

4. OR
Self explanatory, one or the other... (ie: binder OR joiner)

5. ~X
Synonyms/similar terms (in case you can't think of any yourself)

6. Numbers in a range.
Lets say you're looking for an mp3 player but only want to spend up to $90. Why swim through all the others? MP3 player $0..$90 The 2 periods will set a numeric range to search between. This also works with dates, weights, etc

7. +
Ever type in a search and see something like this:
"The following words are very common and were not included in your search:"
Well, what if those common words are important in your search? You can force google to search through even the common terms by putting a + in front of the denied word.

8. Preferences
It amazes me when I use other peoples PCs that they dont have their google search preferences saved. When you use google as much as I do, who can afford to not have preferences? They're located on the right of the search box, and have several options, though I only find 2 applicable for myself...
A. Open results in new browser
B. Display 10-100 results per page. (I currently use 50 per page, but thats a resolution preference, and 5X's the default)

9. *
Wildcard searches. Great when applied to a previously mentioned method. If you only know the name of a prog, or are looking for ALL of a particular file (ie. you're DLing tunes) something like *.mp3 would list every mp3.

10. Ever see this?
"In order to show you the most relevant results, we have omitted some entries very similar to the X already displayed. If you like, you can repeat the search with the omitted results included." The answer is YES. yes yes yes. Did I mention yes? I meant to.

11. Search EVERYWHERE
Use the engine to its fullest. If you dont find your answer in the web section, try the group section. Hell, try a whole different search engine. Dont limit yourself, because sometimes engines seem to intentionally leave results out.
ex. use google, yahoo, and altavista. search the same terms... pretty close, right? Now search for disney death. Funny, altavista has plenty of disney, but no death...hmmm.

12. Search for specific file type
Use the engine to search for the specific file type like 3gp, mp4, pdf, xls, doc, etc...
ex. if you want to search for a pdf on hacking just visit google.com and in search type:- hacking filetype:pdf

If you've read this far into this tutorial without saying, "Great, a guy that copied a few google help pages and thinks its useful info" then I will show you WHY (besides accuracy, speed, and consistancy finding info on ANYTHING) its nice to know how a search engine works. You combine it with your knowledge of other protocol.

Example:
Want free music? Free games? Free software? Free movies? God bless FTP! Try this search:
intitle:"Index of music" "rolling stones" mp3
Substitute rolling stones/w your favorite band. No? Try the song name, or another file format. Play with it. Assuming SOMEONE made an FTP and uploaded it, you'll find it.

For example....I wanted to find some Sepultura. If you don't know about this Brazillian band then google them out.
intitle:"Index of music" "Sepultura" mp3 <-- nothing
intitle:"Index of música" "Sepultura" mp3 <-- nothing
intitle:"Index of musica" "Sepultura" mp3 <-- not good enough
intitle:"Index of music" "Sepultura" * <-- found great stuff, but not enough Sepultura

At this point it occurs to me that I may be missing something, so I try:
intitle:"index of *" "sepultura" mp3 <-- BANG!
(and thats without searching for spelling errors)
Also try inurl:ftp

I find that * works better for me than trying to guess other peoples mis-spellings.

The same method applies for ebooks, games, movies, SW, anything that may be on an FTP site.

intitle:"index of" "google hacks" ebook

***Now sometimes there are certain searches which are blocked by college and still we want to open those sites and download their content. If you want such tricks to open them without using proxy then contact me @ prashantsavior@gmail.com or comment below.

Article by: Unpredictable

Distributed Denial of Service Attack - DDoS attack (Part-1)

Hey guys! Sorry for being away for quite long. Today I am going to post on a very easy but harmful hack.
We can easily take down many sites from this although it is for small period but yet it can suffer a huge loss.
I hope many of you have guessed my topic of today's discussion. Yes its Distributed Denial of Service (DDoS) attack.
We can perform this attack in many ways but today I am posting the tutorial on slowloris but before we start lets see what is DDoS attack.

About: DDoS, fairly called as Denial of Service attack is one of the most powerful attack which is very tough to stop by any of the server although it takes time to perform.
In this we send a huge amount of packets to the port of the site which is open usually it is port 80 or attacks on those port which are open and ready to accept the packets.
These huge amount of packets creates a great traffic in the site and ultimately take it down till the attack is being performed or the server blocks the ip which is sending the packets.

Many of you must be thinking that what will happen if the site goes down for few hours???
Think about the big shopping sites like flipkart, ebay, amazon, etc., if they get down for few hours how much they will suffer a loss. Similarly, if someone attacks on stock exchange then just think how much unthinkable loss can happen in hours.

***Performing DDoS attack is under cyber crime. So think before you act.
Words for white hat hackers: Report the admin of the web page if you find any unimportant open port which is accepting the packets.
Words for programmers: Please check your codes and make sure most of the ports are closed and the codes are properly written and has no open segments.
Words for black hat hackers: Follow the tutorial to take down the site and don't forget to use proxy.

DDoSing via Slowloris:
Step 1: Download and install "active perl" from the link Click here to download Active Perl
Step 2: Download this slowloris script by clicking here Click here to download slowloris and save in any of your desired location and file extension as .pl (this is extension for perl script files). Like I have saved it in C:\downloads\DDOS\slowloris
Step 3: Open cmd by pressing windows+r (run dialog box appears) and then type cmd and hit enter.
Step 4: Go to the location by typing its address.
C:\downloads\DDOS
and press enter
Step 5: Run the slowloris script on the site. Here my target site is www.target-site.com
C:\downloads\DDOS> slowloris.pl -dns www.target-site.com -port 80 -timeout 1 -num 1000 -cache

Here you can change the port number to any other port which is open.

Check the site after few hours. Boom... You have taken it down.
For any query please comment below or write to us @ prashantsavior@gmail.com and don't forget to like our Facebook Page

Author: Unpredictable