Hacking:

Book 1

What EVERY Beginner Needs to

Know

Book 2
Tips and Tricks to Get Past the
Beginner’s Level
OceanofPDF.com
 Hacking:

What EVERY Beginner Needs to

Know
OceanofPDF.com
Table of Contents

Introduction
Chapter 1: Introduction to Hacking
Chapter 2: Ethical Hacking vs. Criminal Hacking
Chapter 3: Passive and Active Attacks
Chapter 4: Mapping Out Your Hacks
Chapter 5: Basic Spoofing and Man in the Middle Attack Techniques
Chapter 6: Hacking Passwords
Chapter 7: Hacking a Network Connection
Chapter 8: Popular Tools for Hacking
Conclusion

OceanofPDF.com
Introduction

Hacking is an interesting art form that requires a user to possess a solid

understanding of how computers work. Many of us may be conditioned to
regard a hacker as a criminal, someone who has obtained unauthorized
information and is using it in unethical ways to their own advantage.
However, you may be surprised to discover that there is so much more to it
than that. Sure, there are some unethical hackers that will engage in the
behaviors described above, but there are many who will learn how to hack
solely for the benign purpose of protecting themselves, their family
members, or a business that they are associated with. There are also users
who are attempting to gain access into an unauthorized system simply
because they are curious and not because they desire to engage in malicious
activities or some type of sabotage.

BONUS: Revolutionary Credit Repair Secrets

And as a special thank you to my readers, my co- author Michael McCord-
has graciously agreed to give away copies of his book- Revolutionary
Credit Repair Secrets- Cardinal Rules to Get You a Perfect Credit Score.
You will receive outstanding tips to improve your credit score and your
financial health.

To get instant access to this book and more awesome resources, check out
the link below:

CLICK HERE
As an added bonus, subscribers will be given a chance to get exclusive
sneak peeks of upcoming books on Computers and Technology and
discounts that will not be available to the general public. You will also have
the opportunity to obtain free copies of my subsequent books with no
strings attached. Don’t worry, we treat your e-mail with the respect it
deserves. We will not spam you and that’s a promise!
What You Will Find In this Hacking Book
The world of hacking is interesting and also exceedingly complex. This
guidebook will take a look at hacking and all the various components that it
entails. We will look at what hacking is, how it has evolved since the 1960s
and the different manners in which hacking has been utilized over time.

After gaining a good understanding of hacking and an awareness of how it

works, you will be prepared to learn some of the basics of hacking.
Afterwards, you will be geared up to engage in some fairly basic hacking
activities yourself. There are many reasons that you may want to hack,
many of which don’t require any mischief on your part. One such reason
may be your understandable desire to secure and protect your personal
information. Having the correct plan and the right strategies to do so will
make this task much easier and much safer to accomplish.
Even as a beginner, you can easily learn how to hack. It’s not rocket science
and it’s a Hollywood myth that you need to be a brilliant techno-genius to
be able to hack effectively. This guidebook will provide the road map and
the strategies that you need to get started with this worthwhile endeavor.
Since this is a beginner’s book, the strategies we will show you may not be
the most sophisticated options out there, but conversely they will also be
less risky than some of the techniques more advanced hackers implement.
In time though you can easily reach a more advanced level based on your
personal goals, desires, and work ethic. Overall, we will show you how to
get started with hacking and we will help you get the information that you
want to start learning like a professional.
Additionally, if you are interested in going beyond the world of Hacking
and diving into Computer Programming, we have numerous books that
cover this topic. We have guides on Python, JavaScript and SQL.
Additionally, for anyone interested in surfing the Internet anonymously, we
still soon have a great book on TOR and Anonymous Internet Surfing.
Please visit our Amazon Author Page to check out guides like these:

CLICK HERE

CLICK HERE
 CLICK HERE

If you check out our Programming Library, you WILL increase your
earning capacity and marketability at any company dramatically. You will
confidently walk into any interview knowing that your skill sets will be
valued and you have something unique to bring to the table. So don’t miss
out!!
You don’t need to have a degree in computer sciences or have worked with
computers all your life in order to get started on hacking. Some people do
have those things under their belt and while it is certainly an advantage, it is
not a prerequisite. You simply need to have an interest in computers and the
ability to learn. So let’s get started with learning about hacking and how to
put it to good use for yourself to successfully achieve your desired
outcomes.

OceanofPDF.com
Chapter 1: Introduction to Hacking

We have all heard about hackers thanks to our media and the way that
Hollywood likes to portray them in movies. We think of someone who is
smart and sits in their basement while getting onto any network that they
choose. It is exciting when we watch movies and the media portray hacking
in their own ways, but neither Hollywood nor the mainstream press really
shows the true story of hacking.
The term hacker came up during the 1960s and was originally used to
describe a programmer or someone who was able to hack out a computer
code. These people were able to see future ways to use a computer and
would create new programs that no one else could. They were basically
innovators in their fields at the time and they would ultimately end up being
the ones who led the computer industry to where it is today.
These early hackers were interested in their work. They were excited to
create a new program, but they wanted to learn how other systems worked
as well. If there happened to be a bug in another system, these hackers
would be the ones who would create patches that could help fix the
problem.
While at first these people were visionaries that helped to create programs
and even fix what wasn’t working for others, things started to change once
the computer system started going over into networks. Then the term hacker
would expand to be seen as someone who was able to get onto a network
where their access was restricted. Sometimes this hacker may have been on
a particular network because they were curious to find out how it worked
and other times it was for more malicious intents and purposes.
As you can see, there is a big difference between what was seen as a hacker
a few decades ago and what is seen as a hacker today. Some of this
confusion exists because there are two sides to hacking- which we will
analyze in more detail later- and each one will work slightly differently to
either expose or protect the network in question.

The process of hacking is something that is often in the news, but most
people don’t understand what it is all about. Basically, hacking is the
process of modifying the software and hardware of a computer to
accomplish a goal that was outside its original purpose. It can also include
any time that someone enters into a network that they are not allowed.
Those who engage in this process are known as hackers and they are often
able to get onto computers, systems, and find access to information they
may not be authorized to.
While the media may lead us to believe that all hackers are up to no good,
for the majority of them, this is just not the case. Some just see it as a
challenge and an adrenaline rush to get onto a system, even if they
shouldn’t. Others enjoy learning about computers and figuring out what
they are able to do. Most of the hacking that goes on today is not meant to
be destructive or criminal at all, although the law may look at these things
differently.

Since many hackers are considered computer prodigies, there are actually
quite a few corporations in America who employ them on their technical
staff. These hackers are able to work with the company to figure out any
flaws present in the security system, making it easier to fix these problems
before a criminal hacker gets in. These individuals can help stop identity
theft, protect the organization, and so much more.
In addition, computer hacking has led to other developments in technology.
One such example is Dennis Ritchie, a former hacker, who created the
UNIX operating system, which had a big impact on how Linux was later
developed. Shawn Fanning, who is the creator of Napster, is also known as
a computer hacker as well as a leader in technology.

Of course, it is those with less noble motives for hacking that are the ones
that get the most intention. Some are out to steal your personal information,
break into a company’s information, and get onto a network without the
proper authorization. This is a criminal offence and can land you in jail for
20 years as well as have you paying many hefty fines. These are the types
of people that have brought about heavier laws against hacking, more
stringent anti-virus and malware, and more.
As you can see, there are many sides to the hacking world. Most hackers
are just really interested in computers and have the ability to put this
knowledge to work in the technology field while others are less noble and
will work to get onto networks and steal information that is not theirs.

Common Terms to Know

Now that you have an idea of what hacking is about, it is important to know
some of the common terms that come about in the hacking word. Make sure
to look over some of these terms and understand them because that will
make it much easier to absorb the information in the following chapters.
Adware—adware is a type of software that is designed to make
pre-selected adds come on your software. Some of it will be
malicious and will take over your computer and slow down your
system, tying up resources and making it impossible to use the
computer how you want.
Back door—this is a point of entry into a computer or system
that will circumvent normal security and is often used to access a
computer system or network. The system developer may have
created this as a shortcut during the developmental stage, but if
they forget to remove it, hackers can get it. Sometimes, the
hacker is able to create their own back door into the system.
Black hat—this is the bad guy, the hacker that wants to use the
information in a bad way. They may also share this information
with other black hats to exploit the system.
Cookies—this is a bit of information that a website will store in
your computer browser about your search history. It can save
time when filling out forms on a site and so on. A hacker could
get this information and use it if you don’t delete on occasion.
Cracker—these are the hackers that use their skills to get onto
sites and networks illegally, usually to cause harm.
Firewall—this is a barrier on the system that helps keep
unwanted intruders away from the network. These can be either
a software or a physical device and if it is designed well, it can
keep hackers out.
Gray hat—this is a hybrid between white hat and black hat. They
usually work to expose flaws that are in the security of the
system. They may use some illegal means to do so, but can help
to protect an individual or company in the process, sometimes
even working for that company.
Key logger—this program won’t destroy your computer, but it
will log every stroke that you make on the computer. The
information can be sent back to a black hat who will use it to
determine your username and password to use later. This can put
your banking information, private information, and even social
media at risk. Often this is combined with a screenshot hack so
that the hacker has better access to what sites you are visiting
when you type in your information.
Malware—this is a malicious program that will cause damage
and can include things like logic bombs, time bombs, worms,
viruses, and Trojans.
Phishing—this is when you receive a message, usually in email,
that looks legitimate, but is from a black hat who is trying to get
personal information. You may receive something that looks like
it comes from your bank, for example, asking for your name,
address, PIN, and social security number. Remember that banks
and other institutions will never ask for this online. A good way
to stay safe with these emails is to never click on the link directly
in the email. Go to your search browser and type in the website
and visit from there.
Virus—this is a malicious code or program that will attach to
another program file and even replicate itself to infect other
systems. It is kind of like the flu in that it will spread around and
infect many systems at once. It can be spread using a networked
system, a memory stick, CD, or through email.
White hat—these are hackers that use their skills for ethical
purposes. They may use them to thwart off a black hat and keep
the computer system working properly. Many companies will
hire white hats to keep their system running properly.
Man in the middle attack—this is when the hacker will insert
themselves into the network in order to watch traffic and change
the messages that are being sent. The system will see them as
legitimate and the targets often don’t realize that their messages
and traffic are being manipulated. When the first computer sends
information, it will go to the hacker computer, who can then
make changes to the information, or just read it through to learn
about the network, before sending it on to the intended receiver.
Both the receiver and the sender will assume that the hacker
should be there if the man in the middle attack works
successfully.
Brute force attack—this is a tactic that can take a bit of time
since it will use all combinations of letter, numbers, and
characters to get onto a system. It is inefficient, but it does work
and is often saved for when all other alternatives are not
working.
Denial of service attack—this is an attack that is used to make a
network or website unresponsive. It is often achieved when the
hacker sends a huge amount of content requests so that there is
an overload to the server. While the server is unresponsive, the
hacker is able to get in and get the information that they want.
IP—this is the internet protocol address. It is the fingerprint that
every device will carry to help it to connect. If the hacker has the
 IP address of a device, they are able to find out where it is
located, track any activity on it, and even find out who is using
the computer.
These are just a few of the terms that you may come across when dealing
with the hacking world. There are many other terms of attacks that black
hats can perform on computer systems in order to receive information they
want, take over the computer and more. Understanding the various methods
of attack and learning how hacking works can help you to understand the
many different aspects of the hacking world.

Common Misconceptions About Hacking

Hacking has been around for some time and because of the media and what
you have heard about the process, you may have some misconceptions
about what this process is about. Here we will explore some of the common
misconceptions with hacking to develop a better understanding.
Hacking is always illegal
When you read an article online or in a newspaper about hacking, it is
usually in regards to the illegal hacking where someone got onto a network
they weren’t supposed to and caused mayhem or hackers that spread
malware and viruses. These types of hacking are illegal, but that doesn’t
mean that all hacking is illegal.
There is a type of hacking called ethical hacking. These are people who
work for companies to help them expose flaws in the system, those who
work to keep others out, and so on. These people will help to protect
networks and systems for companies and individuals, rather than using
them for evil purposes.
All hackers are young

Another misconception that you may come across is that all hackers are
young, either they are teenagers or in their early 20s. While there are some
hackers who fit into this age range, hackers are anyone who knows a lot
about computers and how to get into places they may not be allowed in.
Often younger hackers are the ones who are caught doing illegal hacking
because they are younger with less experience, but anyone of any age can
be a hacker.
Security software will stop hacking

Having a security system in place may help to keep your computer safe
from some threats, but it is not always a safe way to protect from all
hackers. Hackers are often able to get through this software in order to get
your sensitive information. Plus, often the issue isn’t because of the
software, but because the user does something wrong. Hackers are going to
use tricks and other ways to convince you to let them in to your system,
regardless of the software you have on your computer.
For example, you may have the best security system on your computer, but
if you click on a link and hand over the information, the hackers still won.
Many times hackers will send emails or information looking like someone
else, like your bank, and request this personal information. Those who
aren’t paying attention will send out the information and expose themselves
to the hacker, regardless of their security software.
Hacking Needs, a lot of software
Thanks to Hollywood, there are many rumors and misconceptions that
come with hacking and one of these is that you need special software,
sometimes obtained illegally, in order to hack onto other systems. But in
reality, you only need some simple tools to get it done. For example, you
can use a Web application for hacking that will take a look at different
websites and find the vulnerabilities that are on them. White hat hackers
will use these to help find the mistakes and make the website safer, but the
black hat hackers will go through this to exploit the website.
For the most part, hacking is about trying lots of different things, just a bit
differently, until you find a way that breaks the system. You won’t need the
most exotic software to do this, but you will need some horsepower on the
computer and a lot of patience to get it done.

You need an advanced degree to be a hacker

Some hackers do have an advanced degree for their jobs. These are the ones
who maybe have a love for computers and work for a big company to find
flaws in the system. They went to school to help get their foot in the door
and to ensure that they knew the latest technology in hacking to help out
others.

Becoming a hacker does not require years of education. In fact, many of the
best hackers have never gone to college at all, or at least not for a computer
related study. You just need to have a love for computers and the ability to
learn how they work. You can easily learn how to do a lot of the work with
hacking from your own home and many of those who get into the hacking
field go this way rather than through college.

Chapter 2: Ethical Hacking vs. Criminal Hacking

There are two worlds when it comes to hacking. There are those who will
use their hacking skills to help out others. They may do it in their free time
and find loopholes or back doors in a corporate website and alert that
company in order to help them. Some of these individuals even work for
hospitals, corporations, and other companies with the sole purpose of
finding and fixing any low points in security to keep personal information
safe. They may hack through the system, but they do it in an ethical way to
help out.
The other world is a bit darker and is full of hackers that use their skills for
their own personal advantages. They may hack through a system to get
personal information. They can send emails and links requesting personal
information for identity theft and other mischief. They are not helping out
anyone but themselves in this process.

Each of these worlds will work the same when it comes to hacking and
using the same tools, but they will do so for different reasons. While the
media will spend most of their time looking at the black hat hacking- those
who get in trouble for their endeavors- there is a whole world of ethical
hacking that is doing a lot of good in the world and saving people a lot of
money, time, and headaches in the long run.

Ethical Hacking
Ethical hackers are going to use a lot of the same techniques and methods
as criminal hackers to get past the defenses in place for a network, but they
are going to do so for different reasons. Ethical hackers go past the security
systems in order to document these loopholes and provide some advice on
how to fix these issues. Many of them will work for the corporation that has
the website so they can make the documentation and help to put a plan in
place to fix the issue. Others may just find out about the loophole and will
notify the company, without having any affiliation with them.

The idea behind ethical hacking is to check out the security of a network.
The company understands that there are hackers out there who may want to
get on the network and steal personal information. When it comes to online
stores, hospitals, and other companies, there can be a lot of personal
information for a wide range of clients. If a black hat gets in, this
information is freely available and thousands of people could be affected.
Knowing this information, companies will hire white hats to help locate any
vulnerabilities that will be in their system. They will also spend time trying
to figure out whether any malicious activities could happen within the
software in the future. These vulnerabilities are often going to be found in
improper system configurations, such as a software flaw, and the white hat
will work to get them fixed up to protect that valuable information.

Pretty much any company that has their connection over the internet and
holds personal information of their clients on the database should consider
having a white hat help them out, or at least someone who has knowledge
of basic hacking. This will help them take care of the vulnerabilities a bit
better and will make it easier to protect their customers.
While hacking has been around for a bit, it wasn’t until the 1970s when the
first ethical hacking process began. The United States realized that they
were in possession of a lot of personal information and that black hats
would love to get this information. The government decided to call in
experts, who were known as red teams, to hack into the computer systems
and find where any vulnerabilities were. This soon became a big industry
within the information security market and many big corporations now
include this kind of work in their infrastructure to keep safe.
Now that so much personal information is being shared over the internet,
there are various standards in place that require all organizations that
connect to the internet to have a penetration test. This is basically a test that
the organization has to go through to ensure that their information is safe
and that the loopholes are all taken care of. Smaller organizations may hire
an ethical hacker to help out with this on occasion to keep up to date and
bigger companies will have whole teams that work for them full time to
keep intruders out.

There are many ways that an ethical hacker can help out their clients and it
is becoming a growing field. While many people still feel that a hacker is
someone who is only up to mischief or interested in stealing information,
there are many more hackers who work in an ethical way to help keep
computer networks safe. They may use some of the same techniques as
their black hat counterparts, but they use them for good rather than evil.
Ethical hacking has grown in popularity and has been a great way for
organizations to take their security into their own hands. A white hat hacker
will work for the company to go through the hacking process to help keep
clients’ information safe from unscrupulous people. Some security
professionals go by different names because they don’t like the correlation
with “hacker” but they work in a similar manner- for the purpose of helping
out.

Criminal Hacking
The other side of hacking is a bit darker. Rather than trying to protect the
personal information of others and to help a company stay safe, a criminal
hacker steals the information for their own personal use. They may get into
a company’s network in order to steal emails and credit card numbers to use
as their own. They may send a virus around or ask for information,
pretending to be someone else, to harm the other person and help
themselves.
Basically, criminal hacking is any act that is committed by someone who
has a lot of knowledge of computers who will then use their information to
accomplish various acts of intellectual property theft, identity theft, credit
card fraud, vandalism, terrorism, and other crimes on the computer. It will
often infringe on the privacy of the other person or groups of people and
can even cause some damage to a computer based property. There are a lot
of reasons that criminal hacking will happen, but often it is to see a
financial gain for the hacker.
There are several ways a criminal hacker can get onto the network and find
personal information they can use maliciously. Viruses are a popular option
that can get on your computer and will send the information back to the
original sender. Trojan horses will get to your computer because they look
like a legitimate program but are often providing an easy backdoor for the
hacker to get into your system. Other programs can quietly add on to your
computer and will document your keystrokes in order to figure out your
username and passwords to emails, banking sites, and more.
Another method that many black hat hackers will use is to send emails.
These emails will look like they come from legitimate sites, such as your
bank, and will have links inside. If you click the link, you may end up with
a virus or another issue on the computer. Some will even go so far as to
send you a form asking for personal information. If you provide the
information, you will find that it goes straight to the hacker and the request
was never from your bank or the source it claimed.
There is a lot of damage that can be caused by black hat hackers, especially
if an individual or company is not taking the right steps to ensure there is
computer safety around them. People could lose a lot of money, have to
deal with identity theft, and so much more. It is a good idea to always keep
a vigilant eye out to find when these breaches could be happening.
There are some cases of famous hackers over the last few decades. For
example, David Smith is one of the most notable of these cases when he
launched the Melissa Virus in 1999. This virus was able to get to 1.2 million
computers and businesses in Europe and the United States lost $80 million.
Once he was caught, Smith was convicted of criminal hacking and had a
sentence of forty years. He was released after just shy of two years in prison
after agreeing to work for the FBI.
This is just one of the cases of criminal hacking and most of them will not
happen so widespread as the one above. Still, they cost millions of dollars
in financial losses each year to many businesses when a “black hat” hacker
is able to get onto a computer and take this personal information.
There is basically a race between the black hat and white hat hackers. The
white hats are working to close up all the loopholes and back doors that
they can find on networks and other computers and the black hats are trying
to get in before things are closed or find a new way to cause a mess.
Sometimes the white hats win and can keep people out, but there are many
times when a black hat will be able to beat them to it and will do their
damage.
White hat and black hat hackers will use a lot of the same techniques in
order to take over a computer system. They will be able to get onto the
systems in the same way, look at the information, and complete the same
tasks. The difference in that an ethical hacker is going to do this in order to
find vulnerabilities in a network in order to fix them while a criminal hacker
is more interested in finding out personal information, causing loss for a
company, and causing other mischief with their work.

OceanofPDF.com
Chapter 3: Passive and Active Attacks

There are many different attacks that a hacker can perform on your
computer. It is often going to depend on the kind of information they would
like to get from the network and how active they are planning on being in
all the work. Here are some of the ways that a hacker can attempt to get
onto the system.
All types of attacks that a hacker can perform will fit into two categories;
passive attacks and active attacks. Passive attacks are often seen as research
since the hacker will get onto the system but won’t cause any damage until
later after they have time to look around. Active attacks are the ones where
the hacker has learned about the system and is ready to do their damage.
Let’s look at the differences between these two attacks and how the hacker
will work with each one.

Passive Attacks
A passive attack is when where the hacker is going to wait for the right
opportunity to get onto your system and cause havoc. The hacker may get
onto your system, and then waits a bit before performing their attack. This
is usually a good way for the hacker to get onto and then observe your
network, the software that is used, and what security measures you have in
place before starting their attack.
The passive attacks are the ones that will happen when a hacker will
monitor to find the vulnerabilities in a system without making any changes
in your system. It is basically a way for the hacker to research your system,
without you knowing, so their attacks are more effective. There are several
different types ways that you can classify these types of attacks.
1. Active reconnaissance—by using port scanning, the intruder is
able to listen to the targeted system and then engage it to find
where any weak points are. It is effective for finding the
vulnerable spots and then the hacker will be able to engage these
weak points and exploit them.
2. Passive reconnaissance—this is when the hacker is going to sit
back and just study the system without actively engaging the
system. It can include masquerading, dumpster diving, and war
driving.
These are two tactics that are great tools when the hacker wants to find the
vulnerabilities in a computer system so that you can prevent the attacks
later on. Once you use the reconnaissance tactics, you will be able to see
where any weak points are located. You may also find that installing an
intrusion prevention system, or IPS, will help to protect your automated
methods, port scans, and more on the system.

Active Attacks
Active attacks are meant to get onto a system and take over the information.
They can cause more immediate harm to the system because the hacker is
actively trying to get information and take things that don’t belong to them.
The network often won’t know that the hacker is there, but the hacker will
be able to get in and cause whatever issues they would like. Some examples
of active attacks that are common include:
Masquerade attack

With this attack, the hacker is going to pretend to be a user of the network.
They will be able to trick the system into thinking they have authorization
to gain access to private files and information. Sometimes the hacker will
be able to do this through back door methods but often it is from gaining
passwords and user IDs or exploiting a security flaw.
Once the hacker is able to get onto the system, they will be able to do
everything that a regular user can on the system. They can make changes to
the software, delete files, kick out other users on the network, and more.

Session replay
With this attack, the hacker is going to get onto the system to create
automatic authentication each time the target goes onto a particular website.
This attack will be able to exploit the nature of the web for storing URLs,
cookies, and forms in a browser. When the hacker gets this data, the hacker
can then do a session replay attack the hacker can effectively work of the
system like everyone else.
The session replay attack is not going to happen on real time so this can
make it hard for the legitimate user to catch. Often, it is only found when
the user fins there are discrepancies on their account of some kind. Often, it
is only found once identity theft has occurred and the user will have to go
through and try to get it all fixed.

Denial of Service and Distributed Denial of Service

When talking about a DoS attack is when the hacker will deny service or
access to someone who is an actual legitimate user of the system. You will
then see the services on the computer slow down or they will stop working
as you are on them. On the other hand, a DDoS attack will involve a big
number of systems that were compromised by a hacker in order to attack
one specific target.
While neither of these attacks are used to destroy a security system or to
take data, it is often used to generate loss of profit or to make the computer
system worthless during use. There may be a loss in connectivity
throughout the network and none of the services will work. Depending on
the overall goal of the hacker, these attacks can destroy files as programs on
the computer.

When one of these attacks is going on, it is similar to noticing that your
internet connection is slow. You may feel that the performance of the
network is really slow and you are not able to access any of the websites
that you want. Luckily, there are a few ways you can see if you are a good
target for one of these attacks. If you are getting a lot of spam or a lot of
traffic that seems a bit unusual, it may be time to check out some signs of
being hacked.

OceanofPDF.com
Chapter 4: Mapping Out Your Hacks

When you start with hacking, you should create a plan of attack. Every
hacker needs to have a good idea of what they want to do and where they
may find vulnerabilities in the system. Before you start learning some of the
strategies that can make hacking successful, lets learn a bit more about how
to map out your hacks.
When you are looking to find vulnerabilities, you will not need to check all
of the security protocols that are on your devices all at one time. This is just
going to make things confusing and sometimes it can cause more problems
than it is worth because you will have to deal with too much at once. This
means that you need to break up all the testing into parts that are more
manageable for you.
Many times, it is best to just start with one system or application that you
would like to check out first and then slowly go through the list, doing it
one at a time, until you reach the end. When determining which system you
would like to work on first, ask these questions:

If your system is attacked, which one would cause the most

trouble for you, or which one would be the hardest to fix if you
lost it?
If your system is attacked, which one would be the most
vulnerable, therefor the easiest, for the hacker to go after.
Which parts of the system you are working on are the least
documented and may hardly even be checked? Are there any that
you have never seen before?
This should make it easier for you to pick which systems you want to work
on and you can create the right goals for this process. You should consider
keeping some notes along the way to make it easier to get this process done
right and so that you can document if there are any issues along the way.

Organizing the Project

When you are ready to run your tests, the devices, applications, and systems
that you should check include:
1. Switches and routers
2. Workstations, laptops, and tablets connected to the system
3. Client and server operating systems
4. Database, application, and web servers.
5. Firewalls
6. File, print, and email servers

You may have to run a variety of tests in order to get it all taken care of and
how many tests that you run will really depend on the amount of systems
and devices that you need to take care of. For example, on a small network,
it is easier to test everything without wasting a lot of time in the process.
Luckily, when you go through this process, there is some flexibility so you
should just choose to spend your time on what seems to make the most
sense.

When Should I Hack?

The next question that a lot of people have is when should they start
hacking. When you are making your goals, make sure that you plan these
tests during times that will cause the smallest amount of disruption for the
other users. For example, you should not do testing on the system during
the early morning hours if this is the busiest time of day for the business.
This not only will slow down the work that other employees will be able to
do, but if you run into issues, you may find that you can slow things down
even more while figuring it out.

So, make sure to find a time that will not cause too much disruption. Many
time doing the tests after hours is best so that you aren’t bothering anyone
and you have plenty of time to fix mistakes if they happen to come up.
Also, before getting started on any of the tests, make sure that everyone else
on the system knows about the tests and has information about when you
will perform them, how long they will take, and other pertinent information.

What will others see?

To find where the vulnerabilities are in the system, you need look at it from
the point of view of a criminal hacker. You are too close to the system and
looking at it with fresh eyes can make a difference. You may be used to the
system and know how it works inside and out, but the criminal hacker is
going to be without some of this knowledge but still with the ability to look
at it from a new angle. To figure out what the hacker is seeing, which may
be different than what you are seeing, you need to figure out which trails
the system is using when someone is on the network.
As a hacker, you have a few options when trying to gather these trails and a
good option is to do an online search. For this you need to search about the
organization that you are working for. If you want to do tests for your own
personal system, just do a search that is related to you. You can then
perform a probe and find out what others are able to see about your system.
You can use a local port scanner, tools to see what is being shared, and
more to catch these issues.

Once you are done with this, there are other searches that you can do
online. Take the time to search for:
Contact details that will point right towards people who are
connected with your business. You can do some background
checks through ZabaSearch, ChoicePoint, and USSeach.
Recent press releases about changes in the organization.
Previous mergers and acquisitions of the company
SEC documents
Any trademarks or patents associated with the company.
Incorporation filings. These are often found through the SEC.
This may take some time, but it gives a good idea of what others are able to
see and find out about your company. At times, a simple keyword search is
not going to be enough to bring out all the information, so make sure that
you do a more advanced search to catch everything. Now that you have an
idea of what searchers are able to easily find about the company online, it is
time to do a map of the network and look where the vulnerabilities may be.

Mapping out the network

Now you can make your plan on you would like to do the ethical hacking.
First, you must have a good idea of what others already know about the
system. If it is your personal computer, you should be the only one who
knows anything but if you are doing this through work, the network will be
much larger as others will get on as well. While most people feel like they
have anonymity while online, every time you do a search on your computer,
you are leaving little footprints behind that could allow someone in.

A good place to look to see who has access to your network is to look on
Whois. This is a tool that is often used to see whether a domain name is
available or not, but you can also use it to look at the registration of a
particular domain. If your domain is on there, it increases the chance that
your contact information and email addresses are already being broadcasted
online.
Whois can provide information about DNS servers that are on your domain
as well as some details about the tech support of your service provider.
Make sure to look at the DNSstuf which will be able to provide information
like:
The information on which host will handle the email for that
domain.
The location of all hosts
General information about your registration for the domain
 Information about whether this host has been listed as a span
host.
There are other sites that you can get this information from and you may
want to check out a few different ones to check that your information isn’t
popping up in other places on the internet. Whois is a great place to get
started, but it should not be your ending point.

Google Groups and Forums

Another place that you need to check to make sure your information is
secure is through Google groups and forums. These often have a ton of
information about your network, often without you having posted it, and
can be dangerous for your security. You can sometimes find full qualified
domain names, usernames, and IP addresses on here. Doing a simple search
through these posts will bring up private information that should never be
out there and could expose a lot of your private information.

Luckily, if you find that there is confidential information on one of these

sites, it is possible to get it removed. You must have the right credentials to
do so, such as working in the IT department of the company whose
information is out there. You will then need to go to the support personnel
for that Google group or the forum and file a report to get it removed.

Privacy Policies

Your website probably has a privacy policy that will let anyone who gets
onto it know the information that you may collect and how it will be
protected when they come to the site. While this is good information for the
client to know and understand before giving away any personal
information, your policy should not go to the extreme of divulging other
information that could help out a hacker who is trying to get into the
system.
For those who are starting out their website for the first time or who wants
to have someone write the privacy policy for them, you should be careful
about not broadcasting any personal information about the company and
how it works to anyone else. If you put information about your security
protocols, for example, or about the firewall in place, you are giving
criminal hackers some clues on how to get around it. Even if the privacy
policy has been in place for some time, you will still need to go through it
and make some changes if it is giving out personal information.

Starting on the system scan

While you are looking for traces of your network online, you are gaining an
idea of where hackers will be able to launch their own attacks. You should
be looking for any and all places where a hacker could get in by exploiting
your vulnerabilities including:
1. Take a look at the information that came up on the Whois search
and see how the IP addresses and hostnames can all be laid out.
With this site, it is easy to verify all the information and see
where a hacker may try to attack your system.
2. Take a bit to scan the internal hosts and see what a possible user
may be able to access. Don’t forget the possibility that an
attacker could come from within the organization so it is
sometimes hard to point out when something is going wrong in
house.
 3. Check out the system’s ping utility. You may need to use a
separate third party utility that is able to ping several addresses at
the same time. NewScan Tools or SuperScan are great options. If
you are unsure about what the gateway IP address is, you can
search for it through www.whatismyip.com.
4. You now should do an outside scan of the system by going
through all of the open ports. Open up Nmap or SuperScan and
check out what others are able to see on the network with a tool
like OMnipeek or Wireshark.
These scans are a great way to have an idea of what others are able to see if
they are scanning your IP addresses. Without the proper security in place, a
hacker can do the same process that you just did and find out about the
services that you are running, such as email and web servers, learn the
authentication requirements for sharing on the network, and even get on
through remote access. You will have to figure out how to block these, but
at least you have an idea of what they are able to see at this point.

Find the Vulnerabilities

Once you can see how a hacker will be able to get into the security system,
it is easier to figure out how the hacker will want to target the computer.
You should consider using some different tools to manage these
vulnerabilities. You should always be on the lookout for future
vulnerabilities as well; just because they weren’t present when you first got
started on this process doesn’t mean they won’t cause issues. Being alert to
the system can help you keep your personal, or the company’s personal
information, safe.

OceanofPDF.com
Chapter 5: Basic Spoofing and Man in the Middle
Attack Techniques

Whether you are an ethical hacker or a criminal hacker, there are many
different things that you can do to get onto a system. They need to be good
at researching and have the patience to wait until a vulnerability shows up
in a system or network so that they can make their move. But with some
time and work, they will be able to get into the network through a variety of
means and make the network collect the information that they want. There
are a variety of masquerading and spoofing techniques that will make this a
bit easier.

Spoofing
Spoofing is one of the first and best techniques that a hacker will be able to
use. Spoofing is a technique where a hacker is able to pretend to be another
website, software, organization, or person. The idea is that the hacker will
pretend to be someone allowed access to the network in order to get through
the security protocols and to get access to private information that could be
useful to the hacker. The system will believe that the hacker should be there
and the hacker can just walk through and get whatever they want. There are
several different techniques of spoofing that a hacker would love to use
including.
IP Spoofing
With this technique, the hacker will be able to mask their IP address or
change it so that the network is fooled to think that the hacker is a
legitimate user. The hacker could be in another part of the world and will
convince the targeted network that it is one that can use the system. The
hacker can do this by imitating another IP address that has met the criteria
set up the network administrator. Once they are on, the hacker has the
ability to take over the network, change files, and so much more without
being detected.
This spoof technique is going to work because it is able to find a trusted IP
address. Once the trusted IP address is found, the hacker will be able
change their headers to fool the network even more so that it feels that the
hacker is allowed to be there and they will gain full access. The hacker can
look at personal information, change files, and even sent harmful packets to
the network without any trace back to the original hacker.

DNS Spoofing
Another spoofing technique is known as DNS spoofing. This method is
going to trick a user who is trying to get onto a legitimate site. The hacker
will take the IP address and then when a user clicks on it, they will be sent
to a malicious website where the hacker has complete control. Sometimes
the hacker will take over a legitimate website and turn it to their use, but
often they will change around a letter or two to trick people. Users who
aren’t paying attention or who type in the address wrong will be sent to a
bad website and the hacker can take credentials and private information
from the user.
Often the user will not realize that they are being tricked. They will get onto
the website and figure that it is just where they want to be. They can put in
private information, send payment, and more while the hacker is collecting
it all privately.
For the hacker to get this to work, they need to have the same LAN as their
target. This requires the hacker to search for a weak password on one of the
machines that is on the network, something that is possibly even from a
different location. Once the hacker accomplishes this, they will be able to
redirect all users to their website and easily monitor the activities that are
done there.

Email Spoofing

Email spoofing can be useful when a hacker is looking to bypass security of

the email. For the most part, email servers are pretty good at recognizing
when something is legitimate and when something is spam. Anything that
looks like spam or which can be unsafe for your computer will be kept out
of the inbox and most people will never see it. But with email spoofing, the
hacker is able to bypass the email security and will send you emails that
have malicious attachments with them.

Phone Number Spoofing

With phone number spoofing, the hacker will use false phone numbers or
area codes in order to mask the identity and location of the hacker. This is
really a way for the hacker to get into your voicemail messages or to send
out text messages using this spoofed number, or even mislead the target
about where the call is located. For example, if the hacker is able to have a
number similar to a government office, the target may be willing to hand
over personal information.
The biggest issue with these attacks is that most network administrators are
not able to easily spot the attacks and the hacker will get to stay on the
network and cause a lot of damage in the process. The hacker is able to go
through the network easily because of the security protocols and the
possibility that the hacker can interact with all the users on the network. The
hacker is then able to conduct more man in the middle attacks as well.

Man in the Middle Attacks

The next kind of attack that a lot of hackers will use, and a good follow up
after a spoofing attack, is man in the middle attacks. Some hackers will
stick with a passive attack and will just be able to view the data and go no
further, some will want to do an active attack and cause some more issues.
A man in the middle attack is going to be done when the hacker does an
ARP (Address Resolution Protocol), spoofing. With this the hacker is going
to send false ARP messages over the network that they took over. When it is
pulled off, the fake messages are going to allow the hackers to link in to the
IP address of another user, one who is allowed to be on the server. Once the
hacker has done this, they will be able to receive all the data that the users
are sending over to the IP address the hacker is using.
So basically with this, the hacker is taking over an IP address and making it
their own. They will receive all files, communication, and other information
that is meant to go to the original user and they can use it however they
would like. The hacker has the ability to get onto the network while
receiving all traffic that goes on the network as well.
 1. Session hijacking—this is when the hacker will use their false
ARP to still the user’s ID for the session. The hacker will be able
to hold on to the information about the traffic and use it at a later
date to get access to the account.
2. Denial of service attack—this is an attack done when the ARP
spoof links several IP addresses to the target. During this attack,
the data that should be sent to the other IP addresses are sent to
one device. This is going to result in an overload of data.
3. Man in the middle attack—with this attack, the hacker is going
to pretend that they are non-existent inside the network. Since
they are hidden, they are able to modify and intercept messages
that are sent between two or more users on the network. The one
network may send a legitimate email, but the hacker will take it
and change the information to be more malicious before sending
it on. The second user will open the malicious information,
believing it to be safe.
So how does a hacker go about doing a man in the middle attack or ARP
spoofing? Here we will look at one of the ways that a hacker can do this
using a tool known as Backtrack, which is really similar to Kali Linux:

Step 1: Do some research

The first thing that the hacker will need to do is find out the data that they
need to get started. Using a toll such as Wireshark can help with this. Firing
these tools up will allow the hacker to see the traffic that they can connect
with through wired or wireless networks and can give them a good starting
point.
Step 2: Use a wireless adapter and then place into monitor mode
To get started, take out the wireless adapter and make sure it is on monitor
mode. This allows you to see what traffic is going into the connection, even
if the traffic shouldn’t be there. This method works the best for hubbed
networks because there isn’t as much security as switched networks.

If you know the types of information that is being sent to the other users on
a switch, or you want to bypass it completely, you can attempt to make
changes to the entries on the CAM table that will map out the MAC and IP
addresses that are sending information to each other. When you change
these entries, you can get ahold of the traffic that is meant to go to someone
else. For this to work, you will need to do an ARP spoofing attack.

Step 3: Fire up the Backtrack

This is the point where you will bring out the Backtrack software. You will
need to pull up the Backtrack and then pull up all three terminals. Next, you
will replace the MAC address from the target client with your personal
MAC address. The code for doing this is: arpspoof [client IP] [server IP].
Once you do that, you will need to reverse the order of the IP addresses in
the string that you just used. This is going to tell the server that your
computer is the authorized one so that you are allowed to get onto the
system and perform other tasks. You are basically going to become the
server and the client so you can receive packets of information and change
them how you wish. It also goes the other way around.
For those who are using Linux, you can use the built in feature known as
ip_forward, which will make it easier to forward the packets you are
receiving. Once you turn this feature on, you will be able to go back into
Backtrack and forward these packets with the commandecho 1
>/proc/sys/net/ipv4/ip_forward.
This command is going to make it easier to be right between the client and
the server. You will get all the information that goes between these two and
as the hacker, you can use the information as you wish. You could look at
the system, take personal information, or change anything you want about
information that is shared.

Step 4: Check the traffic with Dsniff

Now you will have front row access to all the information being sent on the
network. You should use the BackTrack tool to sniff out the traffic and give
you a clearer picture. You will need to activate the feature to get it to work.

Step 5: Grab the data and credentials

At this point, you just need to wait to see the client log on to the right
server. Once you do this, you are going to be able to see the username and
password right in front of you. Since the administrators and the users will
use these credentials on all of the computer systems and services, you will
be able to use the credentials as well. This will make it simple to get onto
the system and see whatever you would like. You are right in the middle of
the information, have the credentials to get onto the system, and are pretty
much invisible so you as the hacker will have full range mess around with
the system and make changes at that time.
OceanofPDF.com
Chapter 6: Hacking Passwords

The biggest target of hackers is to get passwords, mainly because they are
really easy to get. Most people think that they just need to come up with a
longer password in order to protect themselves, but there is more to it than
that. If the hacker is able to use some of the tricks we stated earlier in this
chapter, it does not matter how long your username and password is, they
will still have it sent directly to them.
Confidential log in information, including passwords, are considered the
weakest links in security because the only thing it relies on is secrecy. Once
the secret is out, the security is pretty much gone. This is why it is such a
big deal when a big company is hacked and all the username and passwords
are leaked. The hacker is now able to get onto the system and use your
information however they wish. Sometimes, the user themselves will
inadvertently give out their own password for hackers to use.
So how do you hack a password? There are several ways that the hacker can
do this including a physical attack, social engineering, and inference. There
are also a few different tools that are used to crack passwords including:

1. Cain and Abel—this one is good to help with Windows RDP

passwords, Cisco IOS hashes and more.
2. Elmcomsoft Distributed Password Recovery—this one is able to
get PGP and Microsoft Office passwords and has been used in
order to crack distributed passwords as well as recover up to
10,000 networked computers.
 3. Elmcomsoft System Recovery—this has the ability to set
administrative credentials, rest expirations on passwords, and
reset passwords on Windows computers.
4. Ophcrack—this will use rainbow tables to crack passwords for
Windows.
5. Pandora—this can be a good one to use to crack Novell Netware
accounts either online or offline.
Some of these tools do have a shortfall because they will require the hacker
to have physical access to the system they are hacking. But once the hacker
has access to the system that you are protecting, they will be able to dig into
all of your encrypted and password protected files with just a few tools.
Often, the hacker is not going to have access to your computer to do a
password hack and they will rely on some other tools. Some examples of
other methods used to hack a password include:
1. Dictionary attacks—these are attacks that will make use of
dictionary words against the password database. This makes it
easier to figure out if there is a weak password in the system.
2. Brute force attacks—these are capable of cracking all types of
passwords because they are going to use all combinations of
numbers, special characters, and letters until the device is
cracked. The biggest flaw with this technique is that it can take a
ton of time to uncover the password.
3. Rainbow attacks—these are good for cracking any hashed
passwords. The tool is really fast compared to others, but it is not
able to uncover passwords that are more than 14 characters.
 4. Keystroke logging—this is one of the best techniques for
cracking a password because it is asking the targeted computer to
basically send over the information. The hacker is able to place a
recording device on the targeted system to take in all the
keystrokes done on the computer. The information is then sent
over using programs such as KeyGhost.
5. Searching for weak storages—there are a lot of applications in
computers that will store the passwords locally, making them
vulnerable to a hacker. When you have physical access to the
computer, it is easy to find the passwords through text searches
and sometimes they are even stored on the application.
6. Grab the passwords remotely—often it is not possible to
physically access a system, it is still possible to get the
passwords from a remote location. You will need to do a
spoofing attack first, exploit the SAM file and have the
information sent to you.
Once the hacker has access to these passwords, it is easier for them to get
the information that they want. They can use the passwords to get onto the
network, to get to emails, find out financial accounts, and so much more.
You must remember that passwords are a huge vulnerability in your system
and to figure out more secure ways to protect your system.

OceanofPDF.com
Chapter 7: Hacking a Network Connection

Another exploit that you can try to take on is hacking a network connection.
By doing this, the hacker is able to conceal their identity, enjoy bandwidth
for bigger downloads, and have an easy way in to conduct illegal activities.
Once the hacker is inside, it is really easy for them to decrypt the traffic for
the user and capture them. Just imagine all the different things a hacker is
able to do or get ahold of when they are on a Wi-Fi connection and all the
trouble the target may have to sort out later.
Before doing a test hack over an internet connection, you must first
understand that there are different levels and types of security that are
around when protecting the wireless connection. This is going to make a
difference on the level and type of attack that could be performed on the
network. For example, if you have very little security over the wireless
connection, it is not going to take that much work for the hacker to get on
the system and do what they want. But for those with more encryption and
security, the hacker will have to be a bit craftier before taking over. Some of
the basic wireless protocols you may run into:

1. WEP—this stands for wired equivalent privacy and it is designed

to provide privacy for those who are on a wired connection. This
one is pretty easy to crack because the hacker is easily able to
capture the initialized vector. The use of this encryption style is
often found on older devise and wireless connections that have
not been updated, leaving them more vulnerable to an attack.
2. WPA or WPA1—this protocol was created as one of the ways to
address some of the weaknesses present with WEP encryption. It
 uses the Temporal Key Integrity Protocol to make these
improvements without having the user install new hardware on
their computers. Pretty much it will use the same security as that
found on a WEP connection, but it has some added bonuses that
make it harder to attack.
3. WPA2-PSK—this is used a lot by small businesses and will
allow the user to have a pre-shared key, also known as a PSK.
This one is a bit more secure than the other two options since
there is this added protection, but there are some vulnerabilities.
4. WPA2-AES—this protocol is going to use the Advanced
Encryption Standard in order to encrypt data. Most systems that
use this will also have a RADIUS service to make it harder to get
in. This one is still possible to hack, it just takes a bit longer than
the other ones.

Hacking through a WEP Connection

WEP connection is one of the easiest connections to hack through and if
you have this kind of connection, you should really run some tests to figure
out if you are being hacked or what changes you can make. To do this, the
hacker will need a few tools including BackTrack, aircrack-ng, and a
wireless adapter. Then to get started:

1. Load up the aircrack-ng inside of BackTrack. You will be able to

fire up the BackTrack and then plug in the wireless adapter to
find out if it is running. To do this, enter Iwconfi. The program
should tell you which adapters it is able to recognize and
 hopefully yours is on there. You may see other ones, such as
wland1 and wlano as well.
2. Take the wireless adapter and put it into promiscuous mode.
Now you will be able to see which connections are available. To
do this, enter “airmon-ng start wlano”. The airmon-ng will then
change the name of your interface so it reads mom0. You will
then have the wireless adapter into monitor mode and simply by
entering “airodump-ng mon0” you will be able to see all of the
access points as well as who is attached to these access points
within the range of your adapter.
3. Start capturing your access point. You will need to pick which
connection you want to get on and then capture it. You can do
this by using the command
1. Airodump-ng –bssid [BSSID of target] -c [channel
number] -w WEPcrack mom0.
2. Once you enter this command, the BackTrack is going
to start capturing packets fro the access point on the
right channel. This will send the hacker all the packets
that it needs in order to decode any passkeys that are
present so they can get onto the wireless. However, it
is important to realize that getting these packets will
often take some time. If you need to get the packets
quickly, it may be time to add in an ARP traffic.
4. Inject the ARP traffic—for anyone who doesn’t want to wait
around for the packets from WEPkey capture, doing an ARP
packet and having it replay can help you get the packets that you
need to crack the WEPkey. Since you already have the MAC and
 BSSID address from the target thanks to doing step 3, you will
be able to use them to enter the following command:
1. Aireplay-ng -3 -b [BSSID] – [MAC address] mon0
2. This will allow you to capture the ARPs through the
access point of the target. You must keep going in
order to capture the IVs that will come in as well.
5. Crack the WEPkey. Once you have the necessary amount of IVs
in your WEPcrack file, it is time to run your aircrack-ng. Put in
the command:
1. Aircrack-ng [name of file]
2. The aircrack-ng will enter the passkey in a
hexadecimal format. You will just need to apply this
key into your remote access point and then you are on
the program. You can use it for free internet, to take
over a computer on the system, and much more.

The Evil Twin Hack

The steps above are going to get you onto a wireless network that you are
perhaps not allowed to be on. Some hackers may be fine with this because it
allows them to get on for free bandwidth that they won’t have to pay for.
But, there are also other network connection hacks that the hacker ca
attempt that will be more powerful while also providing better access to the
network rather than just using a free internet connection. One of these
powerful hacks is known as the evil twin access point hack.

The evil twin hack is an access point that will act like the access point that a
user connects to, but it is manipulative. The target will just see their regular
access point and think it is safe to get on, but this manipulative access point
is used by a hacker to send the target to the hackers’ premade access point,
where the hacker can then start a dangerous man in the middle attack.
As a beginner hacker, you may need some practice doing the evil twin
attack. Some basic steps to try out include:

1. Turn on BackTrack and start the program airmon-ng. Check to

see if your wireless card is running properly by entering
bt>iwconfig.
2. Once you have the wireless card, it is time to put it into monitor
mode. You will be able to od this by entering the command bt
>airmon-ng start wlan0.
3. Now you need to fire up the airdump-ng. you will start capturing
the wireless traffic that your wireless card is able to detect. To do
this, enter the command bt >airodump-ng mon0. After this step,
you will have the ability to see all access points that are in range
and can pick out the one that belongs to your target.
4. You will need to wait for when the target connects. Once the
target gets onto the access point, you can copy the BSSID and
the MAC address that you want to hack into.
5. Now the hacker will need to create an access point that has the
same credentials.
1. First, pull up a new terminal and type in bt > airbase-
ng -a [BSSID] –essid [“SSID of target] -c [channel
number] mon0
2. This is going to create the access point that you want.
It will look the same as the original access point so the
 target will click on it, but it puts the hacker right in the
middle as the one in control.
6. De-authenticate the target—for the target to get onto your new
access point, you will need to get them off the one they are
connected to. Since many wireless connections will go with
802.11, everyone who is connected to the access point will be
de-authenticated when you do this. When the target tries to get
back on to the internet, they will connect automatically to the
one with the strongest signal, which in this case will be your
manipulated access point.
1. To get the target off their access point, make sure to do
the following command: bt > aireplay-ng –deauth 0 -a
[BSSID of target]
7. Turn the signal of the evil twin up. The trick on this one is to get
the fake access point to have a strong signal. It needs to be at
least as strong, but preferably stronger, than the original point of
access. This can be tricky because you are likely further away
than the original access point.
1. Iwconfig wlan0 txpower 27 will help you to turn up
the signal on your access point.
2. This can add 500 milliwatts to your power. If you are
too far away though, this may not be enough. You
either need to be closer to the target or consider a
newer wireless card that is able to go up to 2000
milliwatts.
8. Put the evil twin to good use—once you have established the evil
twin and you know that the target and the network are all
 connected to it, it is time to take the steps needed in order to
detect all the activities going on in the system. It often depends
on what you want to do with the system for where you will go
from here.
1. There are a lot of options of what to do at this point.
Hackers who have gone and created an evil twin are
interested in more than just free wireless so they will
often do man in the middle attacks, intercept traffic,
add in new traffic, or steal information from the
system, often without the target realizing.
Hacking through a network connection can give a hacker a lot of
possibilities. Some choose to just do this for the free bandwidth when they
want to download a lot of information and they either don’t have internet or
don’t have enough to do the work. But there are many hackers who will get
on these internet connections in the hopes of causing some mischief and
damage. Either way, it is important to learn how to protect your internet
connection to keep your personal information safe from any hackers.

OceanofPDF.com
Chapter 8: Popular Tools for Hacking

Whether you are a criminal or ethical hacker, there are many great tools that
you can use to help protect your personal system, help protect a larger
system, or attack a system. These tools are going to help to make things
easier and can help you to find the vulnerabilities in the system. Many of
them are crowd-sourced through the internet and you can look through
forums and other hubs online that are devoted to hackers.

As an ethical hacker, you should use some of the common tools to detect
these vulnerabilities, administer hacks, and even conduct tests. Some of the
most popular hacking tools you can use either as a criminal or ethical
hacker include:

Ipscan or Angry IP Scanner

The IP scanner is used to figure out what the IP address for a target
computer is so that the hacker can track them It can snoop through the
network ports to check for any gateways that make it easier to get into the
targeted system. It is not just used by criminal hackers since system
administrators and engineers will be able to check for any vulnerabilities in
their personal systems.
An ipscan can be used across various platforms because it is open source
and it is praised for being a really effective hacking tool. Most beginner
hackers will start out with this tool because it is easy to use and really
efficient.
Kali Linux
This application is relatively new, coming out during 2015, and is a favorite
with hackers because of all the great features that come with it. This is a
toolkit that is centered around security and you will be able to run it through
the USB or a CD without having to install it on the computer. The toolkit
will be able to work on most of the interfaces that you will need for hacking
including cracking Wi-Fi passwords and creating spoof messages and fake
networks.

Cain and Abel

As one of the biggest manufacturers of computers and software system, the
Microsoft brand is trusted by millions of users. Cain and Abel is a hacking
toolkit that will work against Microsoft operating systems and can be used
by criminal hackers to get through the system or by ethical hackers in order
to protect systems that are using these operating systems.
There is a lot that you can do with this tool. You can recover passwords for
your wireless network, user account passwords and it is possible to use
some forcing methods in order to crack the passwords. Some will use the
Cain and Abel program in order to record their VoIP conversation sessions.

Burp Suite

For those who are looking to find vulnerabilities in their websites or

networks, Burp Suite can make it easier. This tool will look at each cookie
that is present on a website and can allow the hacker to start connections
inside the website applications.
There are a several methods to try to accomplish this. For criminal hackers,
they will use a Burp Suite to examine the cookies on the website in order to
figure out where the holes in security are so you are able to take advantage.
Criminal hackers will be able to start their own connections on the website
to make it collect information or run applications that they want to be in
control. On the other hand, ethical hackers can look at how the website
works and find vulnerabilities that are there to keep it safe.

Ettercap

Another tool that is really efficient is Ettercap. This one is used by hackers
who would like to launch man in the middle attacks. The whole idea is to is
to convince two systems that they are talking to each other, but the hacker is
in the middle as a relay person. One system may send a message, but the
hacker will take over the message and relay something different. This is a
great tool that helps to steal or manipulate transactions so that the data is
transferred differently between the systems. It is also a great way to
eavesdrop on conversations between the networks.

John the Ripper

When it comes to using brute force to crack passwords and get into a
system, the John the Ripper tool is one of the best. Many hackers don’t like
using brute force because these tactics can sometimes take too much time,
but Jack the Ripper is one of the most efficient if you are trying to recover
passwords that have been encrypted. It is a good way for new hackers to
start with finding passwords and getting onto a new network or can be
added to your other choices to get into the network.

Metasploit
This tool is widely celebrated among hackers because it is really efficient at
helping an ethical hacker. Metasploit will be a good way to help identify
security issues that may be present in the network. Beginner hackers can
use this as a network planning tool to check if someone is on their network,
if they are authorized, and where a criminal hacker may try to get on to the
network.

Aircraft-ng and Wireshark

These tools are often used together in order to hack into user passwords and
IDs and to find the wireless connections through Wi-FI. Wireshark will be
the sniffer in the packet in order to find where the wireless connection is
and the Aircraft-ng will capture the information so that you can get onto the
network. There are a lot of other tools that are available in both suites to
allow you to monitor the security of your Wi-Fi connection.

These are just a few of the tools that you can use to help get started with
hacking, whether you are working as an ethical hacker or a criminal hacker.
It is important to keep up on the industry to find out which new products are
coming out. Even as an ethical hacker, you need to look on hacking blogs
and forums in order to find out which new tools are coming out. If you
aren’t looking and keeping up with the new tools, a criminal hacker will use
them against you. There are always new tools that are coming up and they
can make it easier to find vulnerabilities in your system and to protect
yourself and your network.

OceanofPDF.com
Chapter 9: How to Hack a Website
One popular place that hackers like to attack is websites. They are able to get onto a website and then
when someone else comes to visit what looks like a legitimate site, they will be able to attack the
computer. Here we will look at a few of the attacks that are available when trying to take over a
website.

Directory traversal attack

The directory is basically the folder that the web designer would have used in order to store the files
for the website. This means that a directory traversal attack is when the hacker is able to get into this
directory and navigate through all of the files that are inside. There are a few sensitive files for your
website that can be located in these directories include the confi, htaccess, and root files.

Now, if you want to be able to get access to a text file, let’s say that it is called abcdefg.txt and it is
located in the directory file called John, you would need to type the command “….abcdefg” in order
to move to the area where it is stored. Notice that there are four dots that are in front of it to ensure
that you are able to move up two folders (the two dots is just to move up one folder and then the four
dots would be to move up two folders).

A directory traversal attack is going to be an HTTP exploit that is aimed at getting ahold of some files
that are restricted or even viewing some random files that are on the webs server, such as the SSL
private keys and the password files. Most of the time, hackers are usually going to want to get into
the root directory of the server, and with the help of the dot slash technique, they will be able to do
this. This is a vulnerability that many web servers need to work on to keep the web servers safe.

A hacker is able to perform searches in order to figure out which types of files are considered
publicly accessible inside of the website directory. The hacker may want to use the HTTrack website
copier, which is a spider program, that is able to find all of the files that are publicly accessible. This
tool is free to use and really easy since you will just need to load it up, give the project a name, and
then instruct the software which website it needs to mirror. It may take up to a few hours, but the
HTTrack will be able to show you all of the records and files that the website will contain and will
make sure that they are all stored inside of your drive C: My Websites.

Many of the sites that you will check out will contain information that is sensitive and shouldn’t be
viewed publicly, such as the source codes and even the application scripts. You should take some
time to watch out for any .rar or lzip files in the websites servers. Even pdf and .html files can
contain some of this sensitive information that the hacker would want to get ahold of.

Another way that the hacker is able to search through to find some public files is to go through
Google. You will be able to bring out the advanced queries in Google in order to expose some of the
sensitive information, as well as webcams, critical server directors, credit card numbers and more.
This is because whenever Google goes through and searches a website, it is going to store all of these
records in files that are in its cache, making them easy for hackers to find. In fact, these are even
easier to use because the hacker doesn’t need to mirror a specific website and then manually search
through the files to find what they want.

There are a few queries that you are able to use in Google in order to get the information that you
want including:

Site:hostname keywords: when you use this query, Google is going to search for any
keyword that you want. You could type in the keyword or the website that you want to
get the information that you would like. For example, you could tpe in something like
site:www.bigmoneyspeaker.com credit card and see what Google has in store for you.
Filetype: file-extension site: hostname: when you are using this query, Google is going
to look for a type of file on the website that you want to target. You can look for db,
rar, pdf, zip, and doc files based on what you would like to find. A good example of
how to write this out includes filetype: pdf site: www.madhatter.com.

These are just a few types of operators that you are able to use in order to get the information that
you want out of your website. This is why it is so important for you to be careful with the
information that you are putting online because if the website is not careful with your information,
the hackers will be able to get ahold of it when they want.

Protecting your directory

It is up to the website developer to make sure that they are protecting the website from these types of
attacks. There are three countermeasures that are the most successful with these issues including:

Avoid storage private, confidential, or old records on the service. You want to make
sure that only the DocumentROot or the htdocs folder is only containing the files that
are needed in order to make the website run properly. You should also make sure that
the files never contain any information that is sensitive.
Prevent Google and some other search engines from going onto the site and storing
data that is sensitive into their cache. You are able to do this by configuring your
robots.txt file.
You can also make sure that the web server you use is configured to only allow certain
directories to be accessible by the public. You can also set up a minimum privileges to
help control how much public access there is and then only allows access to the
directories that is needed to help the site run the right way.

Another option that you may want to consider is to use the Google Hack Honeypot. This is a tool that
is able to attract malicious hackers while you get a chance to see how they are hacking into your site.
You will then be able to make some changes to ensure that they stay away from your website by
putting in the right countermeasures.

Hackers are often looking for ways to get onto a website and get personal information from the
clients that are on that website or to use it as a way to attack others who come through and use the
website. Learning how the hacker is able to make the attack and then using the right countermeasures
will ensure that your website stays safe and that the hackers never reach any personal information
that may be stored on there.

OceanofPDF.com
Conclusion

Thank you for purchasing this book!

I hope this book was able to help you to understand more about hacking and
how it is not all black and white hat like most people think. There are
different worlds when it comes to hacking and while the media may portray
it as something bad and sinister, there are many applications where you can
use it in your life to do some good, or at least in a way that won’t cause
mischief.
The next step is to start putting some of the techniques and strategies that
you learned to work. These are meant to help you out as a beginner,
someone who may have a love of computers but who hasn’t had a chance to
figure out hacking on their own. They are not the only means of hacking
that you can use, but they will give you a practical place to start on your
journey.
Additionally, please visit our Amazon Author page for more great info and
resources.
You will find all the books you need to learn about:

Python Programming, SQL, JavaScript, and even TOR if that’s

something you fancy!!
Last but not least, if you enjoyed this book and thought it was helpful, we
certainly won’t say no to a 5-star review on Amazon.
Thank You and Best of Luck in Your Hacking Endeavors!!!

OceanofPDF.com
 Hacking:
Tips and Tricks to Get Past the Beginner’s Level

OceanofPDF.com
Table of Contents

Introduction
Chapter one: Ethical Hacking and Criminal Hacking
Chapter two: Password Hacking
Chapter three: Network Hacking
Chapter four: Techniques That Assist Hackers in Hacking
Chapter five: Step by Step Guide on How to Hack
Chapter six: Protection is Key
Chapter seven: Mistakes are Made, But They Can be Fixed
Chapter eight: Let’s Make it Easier With Some Tips and Tricks
Chapter nine: Think Like a Hacker
Chapter ten: Captain Crunch
Chapter eleven: Steve and Steve
Conclusion

OceanofPDF.com
 Copyright 2016 by Mark Anderson- All rights reserved.

The follow book is reproduced below with the goal of providing

information that is as accurate and reliable as possible. Regardless,
purchasing this book can be seen as consent to the fact that both the
publisher and the author of this book are in no way experts on the topics
discussed within and that any recommendations or suggestions that are
made herein are for entertainment purposes only. Professionals should be
consulted as needed prior to undertaking any of the action endorsed herein.

This declaration is deemed fair and valid by both the American Bar
Association and the Committee of Publishers Association and is legally
binding throughout the United States.

Furthermore, the transmission, duplication or reproduction of any of the

following work including specific information will be considered an illegal
act irrespective of if it is done electronically or in print. This extends to
creating a secondary or tertiary copy of the work or a recorded copy and is
only allowed with express written consent from the Publisher. All additional
right reserved.

The information in the following pages is broadly considered to be a

truthful and accurate account of facts and as such any inattention, use or
misuse of the information in question by the reader will render any resulting
actions solely under their purview. There are no scenarios in which the
publisher or the original author of this work can be in any fashion deemed
liable for any hardship or damages that may befall them after undertaking
information described herein.

Additionally, the information in the following pages is intended only for

informational purposes and should thus be thought of as universal. As
befitting its nature, it is presented without assurance regarding its prolonged
validity or interim quality. Trademarks that are mentioned are done without
written consent and can in no way be considered an endorsement from the
trademark holder.

Introduction

Congratulations on purchasing Hacking and thank you for doing so.

The following chapters will discuss more advanced techniques that are
going to be utilized to take your beginner level skills to a whole new level
in hacking.

You know the basics of hacking, and you purchased this book so that you
can learn more about it. Wise decision! As I’m sure you can see just by
turning on CNN, Hacking is a very mainstream topic nowadays.
Throughout the entire 2016 American election cycle it was discussed by all
the pundits. There were claims that the Russians may have hacked the
election. And now, the CIA officially came out and announced (with no
evidence) that the Russian government was involved in hacking the US
election to help Donald Trump attain the presidency. Only time will tell if
these claims are accurate or not. Nonetheless, this is no doubt a topic that
deserves further analysis and has piqued many people’s interest.
Hacking is going to take a lot of patience and time, so if you cannot
contribute the time that is necessary to get into a system, then it is not wise
that you begin to try until you find that you have the necessary time to
devote to this endeavor. You are going to be advancing yourself
professionally with your new hacking skills.

BONUS: Revolutionary Credit Repair Secrets

And as a special thank you to my readers, my co- author Michael McCord-

has graciously agreed to give away copies of his book- Revolutionary
Credit Repair Secrets- Cardinal Rules to Get You a Perfect Credit Score.
You will receive outstanding tips to improve your credit score and your
financial health.
To get instant access to this book and more awesome resources, check out
the link below:

CLICK HERE

As an added bonus, subscribers will be given a chance to get exclusive

sneak peeks of upcoming books on Computers and Technology and
discounts that will not be available to the general public. You will also have
the opportunity to obtain free copies of my subsequent books with no
strings attached. Don’t worry, we treat your e-mail with the respect it
deserves. We will not spam you and that’s a promise!

A Quick Note About Hacking

Hacking has its place in the world, but hacking is highly illegal! If you are
hacking into an unauthorized system and get caught, not only can you end
up with a hefty fine, but you may find that you are spending time in jail.

Please, if you are going to use your newfound hacking skills, you need to
make sure that you are only getting into systems that are either your own set
up through virtual environments, or into someone else’s system that not
only knows that you are trying to hack into it, but has given you written
permission to get into their system. An example could be a company you
are working for that has authorized you- in writing- to hack into their
system to locate vulnerabilities and security threats.

Written permission is going to protect you in the event that the system’s
administrator tries to take you to court, because you are going to have the
proof that you need to say that you were allowed to do what you did.

Please, be safe in hacking, think about your future and think about the
system that you are hacking. Be picky when it comes to what systems you
try to get into and what you do once you have gotten into that system.

Additionally, if you are serious about hacking, then an understanding of

programming languages is a must. Some of the languages that you need to
know are:

- HTML: this is going to assist you in hacking on web pages. Most

of the web pages that you see are going to be written in HTML.

- JavaScript: another web hacking programming language

JavaScript is going to aid on the client side.

- PHP: not only will this help with web hacking, but it is going to
be on the server side of the program.
 - SQL: is a language that is going to communicate with the
different databases that are on the internet so that you can get into
them.

- Python, Perl, Rub, and Bash: as higher level languages, these

programs are going to be the tools that you need so that you can write
script to get into the systems you want to get into.

- C and C++: these are also high level programming but it is going
to be used more for shell codes and exploit writing.

-Java, VBScript, CSharp, Visual Basic: these ones are going to have
other uses for you when you are hacking into systems depending on
the situation that you are in

The good news is that a quick visit to our Amazon Author Page will provide
you with numerous guides that you need to master these programming
languages:

CLICK HERE
CLICK HERE

CLICK HERE
 CLICK HERE

If you check out our Programming Library, you WILL increase your
earning capacity and marketability at any company dramatically. You will
confidently walk into any interview knowing that your skill sets will be
valued and you have something unique to bring to the table. So don’t miss
out!!

Now without further ado, let’s get into the meat and potatoes of this book.
It’s time for you to improve your Hacking skills and vastly surpass the
Beginner’s Level.

OceanofPDF.com
Chapter one: Ethical Hacking and Criminal Hacking

With the beginner’s guide, you learned that there are two different kinds of
hackers. Ethical hackers, and criminal hackers. Each hacker is going to use
techniques that are going to be similar to get into the system that they want
access to. However, there are some major differences between the two
besides just the definition of their names.

Hackers that are ethical

Ethical hackers can be referred to as white hat hackers because they are
using their hacking skills to get into a system for good. They are not getting
into the system to harm a company or an individual. Instead, they are going
to find all the weaknesses in the system and therefore they are going to be
helping people to add extra security so that others cannot get into the
system.

As discussed in the Introduction, it does not matter if you are hacking on

your own, or if you are hacking for a company, you have to know
programming languages.
To become an ethical hacker, you are also first going to have some sort of
experience in the IT field. Military service can also count as IT experience
because joining the military offers IT classes if you enroll in a military
specialty that is related to this field. Not just that, but having military
service is going to look favorable on your resume.

You should get the certification that is for A+. Having other certifications
and experience in the technical field are going to be a major plus for you.
The higher up in the position that you can get, the more experience you are
going to have obviously because you are going to be proving your skills
over and over again and demonstrating that you can handle more
responsibility and technical challenges.

There are security certifications that you should look into getting as well
that will then help you get a position with information security. In the
position that you obtain in information security, you should strive to get
through the testing that is offered for penetration of systems while you are
getting used to using the tools that are needed for hacking.

The next thing that you are going to want to do is work towards the
certification that is going to label you a Certified Ethical Hacker that the
International Council of Electronic Commerce Consultants offers.

At the point in time that you have gotten all of the certifications and
experience necessary, you can now annotate that you are an ethical hacker
on your resume and begin looking for a job in the field.
You are not just going to need to have technical skills to be a hacker, you
also need to have skills with people, the ability to manipulate programs, run
programs, be good at solving problems, and have a work ethic that is going
to stand out among others that may be trying to get jobs as ethical hackers
as well.

To remain an ethical hacker, you need to be sure that you are not falling into
any hacking activities that are going to be considered illegal.

Criminal hacking

Just like with ethical hacking, criminal hackers are known as black hat
hackers. They are the ones that are going to use their hacking skills to harm
others.

As a criminal hacker, you are going to use the same tools that are going to
be used for ethical hacking, the only difference is that you are not going to
get the education or certificates that will label you as a hacker that is out
there to help others.

Criminal hackers are going to be using their skills for fraud, theft,
vandalism, and terrorism. All these crimes are going to be done on a
computer and will most likely involve the internet in one way or another.
And, criminal hackers are not going to limit themselves to hacking into
companies or the government, they will also try and get into personal
computers as well because they are going after any information that is
going to help them and harm the person that they have targeted.

The biggest thing to remember about criminal hacking is that it is going to

be considered a federal offense and is going to be taken seriously inside of
the States. When you are looking at the law, you are going to realize that
hacking is going to be defined as gaining access to a system without having
the proper permission or going over that permission to get a hold of access
that has been restricted from your view. This information can be any
number of files that are saved onto a computer be it government, business,
or individual.

The tools that are used for hacking will be used in order to complete these
tasks. Trojan horses are going to be used to appear as a program that is
legitimate, but instead it is going to give a criminal hacker access to the
system as a backdoor, but the user of the system is never going to know that
they put a virus on their computer until it is too late.

Programs such as Sniffer are going to be used to get passwords so that

access can be granted into various platforms without having to break
through the security that may be in place. Viruses and other spyware is
going to be another way that hackers are going to have access to any system
that they want.
Criminal hackers work on the fact that not everyone pays attention to what
is going on with their system. Viruses are going to be placed in various
programs or emails that are going to work their way into a system and
therefore will not be detected until the hacker has the information that they
are looking for and by that time, it is too late.

Criminal hackers do not always get away with the crimes that they commit.
Many actually end up getting caught and end up spending time behind bars
as well as having a fine that they have to pay for what they have done.

Believe it or not, there are some very famous names that have contributed
to the advancement of technology that first started out as a criminal hacker
but then turned their lives around and helped with the technological world
that we enjoy today.

Punishments

- If you are found hacking in India which means that you are
tampering with a computer or destroying files you are going to be
fined up to 20000 rupes which is $294.85but you will also be placed
in prison for up to three years at least. You may end up getting a
longer sentence depending on what you were doing and what the
situation is.
 - It is also in India that if you hack into a website to tamper with it
then you are going to also get up to three years in prison, but your
fine is going to be 50000 rupees. That is $ 737.12.
- In the Netherlands, hacking is known as having any work that is
going to intrude upon the automated work that is going to go against
the law. Any intrusion is going to be using log ins that you stole,
sending out false signals, or even breaking past security measures.
You will end up with a year in prison and a fine with a mark on your
record that is a felony in the fourth category.
- The United States is going to forbid any use of a computer that is
not authorized if it is protected. Most of the protected computers in
the United States are those that are used for the government or
financial institutions.

You do not have to just break into these computers, you can use a computer
to interfere with foreign communication whether that computer be located
here in the United States or somewhere else. You are tampering with
government relations.

The punishment may be a year in a federal prison or

a fine but that fine is not going to be above $5,000.
OceanofPDF.com
Chapter two: Password Hacking

Passwords are one of the easiest ways to get into a computer without people
knowing that you have been in their system. In this chapter, you are going
to get the experience you need to get into a system with an administrators
account as well as how to hack passwords on mobile devices.

Administrator Accounts

Step one: you need to get into the administrator account. With this account,
any password that is on the computer can be changed and there are not
going to need to be any tools used for this.

On an XP system, the computer will need to be rebooted into safe mode

before the administrator account can be accessed on the welcome screen.

Many times, this account is not going to have any password. And, if you are
the only user, or the main user to a computer, then your account is already
going to be the administrator account.
Step two: now you need to go to the control panel and go to the user
accounts. On Windows 8 you will press the windows button and x at the
same time to get to the menu.

Step three: after you have gotten to where you can make changes to the
accounts on the computer, you will pick which account it is that you are
wanting to get into.

Step four: at this point you are going to be able to change the password to
this account. Normally a button is going to be in a list so that you can select
it to change the password. If you want to remove the password you will
either leave it blank, or select the button that says remove password.

Step five: once you have completed all the other steps, you are going to
have access to the account! You can now log in and do what you are
wanting to do. Be careful though because if the person is not able to get
back into their account, they are going to know that you changed their
password and wonder why you were in their account in the first place.

Wi-Fi passwords on iPhones

Step one: open Cydia so that Aircrack can be installed. You can use
ihackmyi.com/cydia or you can do a repo that is going to install the
application that you need.
Step two: in this step a computer has to be utilized so that the permissions
for the files that are in the application can be set to allow you access to use
the program.

Step three: WinSCP needs to be opened from the /var/ terminal

Step four: at this point, a code is going to need to be entered into the
program so that you are able to go back to using your mobile device.

The code is: sysctl- w security.mac.proc_enforce = 0

security.mac.vndoe_enforce-0/aircrack

Step five: back on your phone, you will open the program. If you have not
already installed the program on your phone, this is a good time to install it
because you are going to need to use it.

Step six: once the program is installed, the terminal has to be launched and
there is going to be a log in that is going to enable you to get into the
program.

Step seven: there is going to be a command that has to be entered so that

you can activate Airlock. Once the code has been added to the program, you
are going to need to find the tip method which is going to take you a few
moments.

All files that you work with can be put onto your pc so that you can work
from that if you want to.

Hacking Wi-Fi Passwords on an Android

Step one: not all Android devices use a WPS PIN to be hacked. Each device
will be different and you will need to have a rooted Broadcom chipset.

Step two: install bcmon so that you can monitor the chipset that you have
chosen to use. The chipset and bcmon is going to be how you will crack the
pin to the device. The APK file is going to be free and can be found on a
code website on Google.

Step three: bcmon should be run once the APK file is installed. There are
going to be tools that you are going to be prompted to install and you
should install them. After their installation has happened, enable the mode
that is going to allow you to monitor.
In the even that your application crashes, just reopen it and try again. If it
crashes more than once, you are going to need to find a different device to
use.

Step four: now run your terminal. The terminal is going to look a lot like the
Linux system. you can enter codes and have the command be executed once
you hit enter.

Step five: figure out where the access point is that you are trying to get into.
There are going to be multiple access points for you to select from when
you are using the encryption from WEP.

Step six: the MAC address needs to be correct. This is going to be the
address to the router and if you do not have the correct one, then you are
going to end up not getting into the Wi-Fi that you are wanting access to.

It is recommended that you write down the address to the router so that you
are absolutely positive that you are getting on the proper channel.

Step seven: the channel that you have selected to use needs to be scanned so
that data can be collected. This is going to take several hours before the
password can be cracked.
Step eight: after the appropriate number of packets has been collected, you
are going to need to try and crack the password to the network.

Step nine: the password should not be a hexadecimal after you have
finished. Once the cracking process has been completed, a message is going
to be displayed that is going to be followed by a form that is in
hexadecimal. You need to make sure that the password is going to work
because the key that you have is not going to work after the code has been
cracked. The key that you have is not going to have the colons in it instead,
the numbers are going to be entered in sequence so that there are no spaces
separating them.

OceanofPDF.com
Chapter three: Network Hacking

There are several things that you can do to get into a network using your
hacking abilities.

Ping

Every Wi-Fi has an IP address that is assigned to it. Even the computer that
you use to hack into someone else’s system is going to have an IP address.

An IP address is going to be a series of numbers that is unique to that router.

However, the IP address alone is not going to tell you much on its own.

To convert the address, you are going to use the ping option. The DNS is
also going to help to get the name of the domain. Ping is going to stand for
packet internet groper and is going to be on all versions of Windows that
their clients are going to use.

After you have logged into the internet, you are going to need to need to
open up the shell for DOS and then insert a command for ping. This is
going to look for the domain name and then display it on the computer that
you are using.
The use of ping is going to usually be the first step that you are going to
take when you are trying to hack into a network. The ping is going to reach
out to your target and tell you if it is online or offline.

Multiple IP addresses are not going to be able to be converted into domain

names. When you are wanting more control of your ping, you are going to
use ping commands.

Ping sweep

This is going to involve ping, but instead of using it to get into a system, it
is going to search the IP addresses that are open in a specific area around
you. Using this is only going to be useful when you are not sure where you
want to attack therefore you are going to know where you can get into
without necessarily knowing who the target is or even where they are
located.

Tracert

This program is another tool that is going to get information about the host
no matter how remote. It is going to use ICMP.
Tracert is going to locate data by sending out packets from the source
computer to the computer that is the target. The computer that is being used
for hacking is going to get an IP address sent back to it after connecting and
is thus going to reveal all of the stations that are going to start with the
connection that you have to the internet.

Should the name not be able to be revealed with ping, then this program is
going to be able to give it, or even the last station that the attacker visited.
This can end up causing concern when it comes to the name of the internet
provider that the hacker is using and where they are located.

Port scanning

At the point in time that the system that has been targeted is listed online,
the next thing to do is to scan the system for any open ports that can be used
to get in.

The port scanners that you can choose from is going to be numerous and
they can be found online. However, most of these scanners are going to use
techniques that are going to end up getting the hacker caught because they
are outdated.

Nmap is not going to only scan all the ports that are open on a system, it is
also going to tell you the operating system and the version numbers of the
programs that are being used on that computer.
Common ports
There are some of the more common ports that are going to be opened for
hackers to get into and in this list, you are going to find not just the port
name, but the service that normally runs it.

- 445 SMB it is going to use NetBios instead of TCP unless it has to

use TCP
- 20 FTP Data it is used mostly for file transfers.
- 443 SSL a secure layer for the sockets
- 21 FTP another one for file transfers
- 389 LDAP
- 22 SSH
- 220 IMAP3 this will use the internet message access version 3
- 23 Telnet
- 194 IRC which is used for the chat that is going to go between the
computer and the internet
- 25 SMTP mail transfers
- 161 SNMP a network management
- 53 DNS the domain name
- 143 IMPA the internet message but it is not going to be a specific
version
- 68 DHCP the host for configuration
- 139 NetBIOS
- 79 Finger
- 137 NetBIOS-ns
- 80 HTTP
- 110 POP3 the post office protocol version 3 is going to be used.

OceanofPDF.com
Chapter four: Techniques That Assist Hackers

Hacking is used for a number of reasons. It can be anything from personal

to a job. However, no matter what you are using hacking for, you need to be
able to know some techniques that are going to aid you in your hacking
journey.

Anonymity

As a hacker, you are not going to want to be discovered. Therefore, you are
going to need to make sure that you can get into a system without leaving
any traces. There are some ways that this can be done.

- Telenet which will hide the actions that are done on a system.
- Proxies
- Programs that are written in C language
- Secured tunnels
- Another person’s username and password
- Software that is going to hide the IP address that they are using

When you hide your true identity then you are making it harder for people
to know who you are when they are trying to trace your IP address back to
your computer so that they can figure out who is hacking their computer.
Getting out

Traces should not be left in the system that you enter. If you leave a trace,
then you can be tracked and then get into trouble. Do not mess with the files
because the system administrator is going to know when the files have been
messed with. A back door should also be left open so that you have a way
out but also a way back in should you want to get back in it.

Be sure that you are not leaving too big of backdoor open for you to get
back in. You do not want your target knowing where you got into their
computer or where you are going to be getting back in. If they figure that
out, then they are going to be able to close it before you can use it again.

Data on the target

Hacking requires that you know all about your target. The more that you
know, the easier it is going to be to get into their system.

- You will want to know any data that you think is going to assist
you in getting in to your target’s system.
- The IP address that they are using.
 - Telenet or Tracert so that you can check to see if the computer is
online. You are not going to be able to get on the system unless it is
online.

Keystroke log

Keystrokes can be recorded by a program that is placed on your computer

and your target’s computer. This is going to reveal anything about your
target that you are looking for.

You can learn their entire identity but logging their keystrokes long enough.

The keystroke programs can be purchased online or a thumb drive with the
program on it. This program is going to create a list of every key that the
user hits so that you are able to get the information that you want.

Passwords

Passwords are going to be the best way to go when hacking a system. there
are programs that will run algorithms to try and figure out the correct
combination that you need to get the password. This will also be a trial and
error so it is best that you use methods that are going to be more likely to
get you the password.

Be careful though because there are some systems that will lock you out of
the system if you try too many passwords that are not correct.

There are some steps that you can take so that you can get someone’s
password.

Step one: Use the information that you have gathered on that person.
Sometimes if you already know the person’s password for one site, then it
may be the password that they use on other sites.

Step two: Look through their computer if you have access to it. There may
be a folder or a file that holds all of the information that you need to get into
any account that they have on their computer. Make sure that you look at it
so that you can see if you can find their passwords and make sure that you
use the proper password that they have written down.

There are times that someone will use the same password but change it up
just enough to make it different on another site.

Step three: Try the password forgotten button. If you have access to
someone’s email, all you are going to need to do is hit that you forgot the
password and follow the instructions in the email.

You are going to need to make sure that you delete the email that you get
from the site that is going to help you to restart the password process or else
they are going to know that someone has gotten into their account therefore
they are going to change the password to something that is harder for you to
use or they will delete the entire account.

If you are on their computer, Then you are going to need to save the
password to their browser so that they do not know that you have gotten
into their account. The more time that passes that they do not know that
you’ve gotten into it, the more time you are going to have to get in and get
any information that you want.

Step four: There are some common passwords that most people use because
they do not think that anyone is going to guess it, but because so many
people use them, it is easy for people to figure out the password and get in.

Password
123456789
Jesus
Monkey
Letmein
Ninja
Ashley
Trustno1
Welcome
 Master
Step five: People use personal information for passwords all the time. Try
using names, important dates, or zip codes to get their password. The more
you know about them, the easier it is for you to determine what is important
to them.

Step six: Be blunt. If you are trying to get into a friend or family members
account, they may give you the password. But, you may also find that you
lose their trust because they are going to feel like you are violating their
privacy.

In most cases, you are going to be asked what you want with their password
and you will want to have a good reason as to why you are wanting their
password.

Step seven: Find someone who may know the password. A spouse or best
friend who knows the password. Catching them off guard may get you their
password because they are not thinking of the accounts privacy.

Viruses

A virus is going to give you a way into a computer and it is as simple as

sending out an email to the victim that they open.
Backdoors

There are codes that can be entered onto your victim’s computer that are
going to enable you to get into a system without ever needing a password.

Emails

Programs have been developed that are going to direct emails to you so that
you can read them before they ever get to their destinations.

Zombies

A zombie computer is going to be used by a hacker that is going to establish

a connection through the computers through things like emails. This
connection is going to allow the hacker to use the computer to get into other
computers and create a nest.

Firewalls

A firewall is vital so that your personal information can be restricted outside

of the use on your computer
Proxy servers

Proxy servers are a good target for when you are hacking.

Search engines

Search engines are going to be the place that you are going to find the tools
that you need for hacking. They can be downloaded to your computer so
that you have instant access to them when you are hacking.

Left behind

On a victim’s computer, you do not need to modify their files, but you do
want to leave a file or two that is going to let you back into the system.
These folders should not be ones that are going to easily be found or else
you are going to lose your access to that computer.

OceanofPDF.com
Chapter five: A Step by Step Guide on how to Hack

Hacking can be done in different ways, but there are some main steps that
you are going to want to follow so that you can get into the system that you
have targeted.

First things first

- You need to be able to read and write several different

programming languages. The more that you know, the more you are
going to understand how operating systems are going to
communicate.
- Gather all the information possible about your target. Knowing
their weak spots is going to be the spots that you decide to attack so
that you do not have to spend too much time trying to find a weak
spot. Not only that, but you are going to be able to have a backup
plan just in case the first plan does not work.

The process

- For any commands that you enter, a nix terminal should be used.
Programs such as Nmap or Cygwin are going to have nix terminals
that will be perfect for you to enter your commands.
- Secure your computer. Should your machine not be secured, you
are going to be traced easier and that will end up resulting in things
such as jail time or a lawsuit.

- If you do not have the confidence that you need to hack into a
different system, set up a virtual laboratory so that you can hack your
own system.

- Use a ping tool to see if you can even get into your victim’s
computer. The results that you get are not always going to be able to
be trusted because the system administrator can turn their computer
of which is going to end up making you lose your target.

- Ports need to be scanned with pOf or Nmap. The ports are going
to be displayed as active which if they are, then you are going to have
the ability to use that one to get in.

- Most ports use FT or HTTP which will cause them to have less
security. Not just that, but they are going to be easier to discover with
your scans.

- Brute force can be used when you are trying to hack passwords.

- Algorithms are going to speed up the cracking process.

- However, algorithms have their weaknesses which cause them to
easily be exploited.

- A graphic card is another way that a system can be accessed and it

is going to be one of the fastest ways that you can get into a system.

- As stated earlier, do not try every password possible or else you

will end up locked out of the system and the administrator is going to
be notified.

- IP addresses are going to require tablets that are rooted with a

TCP program that is installed. This program is going to enable you to
gain access to any site, even if it is secured.

- When other nix machines are being targeted, root privileges need
to be established. The files are going to be open for you to see once
you have acquired the proper privileges and most of the time this is
going to be a super user status.

- Buffer overflows are going to be a great method to gain super user

status. Memory dumps are going to be done so that a code is placed
in the code and therefore you can do tasks that are above the level of
access that you currently have.

- SSH servers will be the best server to set a backdoor up on.

 - Do not allow the system’s administrator to know that their system
has been hacked.

Changes should not be made to anything and files should

not be created unless absolutely necessary.
When additional users are made, you are going to be found
out faster than if you just leave the user accounts alone.

These are just the basics of hacking. There are more specific steps that you
should follow when you are trying to hack into specific areas.

Logins

- Place your computer in safe mode

- Open the run option on your computer
- Type in “control userpasswords2” and hit enter
- Any password that is listed on the computer can be changed or
recovered.
- Reboot your computer so that the changes are saved.

Remote hacking

- The LogMeIn program needs to be downloaded on your computer

This program is free but can be purchased so that you have
full access to it
 It will need to be on both computers. It is especially
helpful should your computer be stolen or you want to get
onto a family member’s computer.
An account is going to need to be made for the website

- Log into the website

- Select which computer you are wanting to get into
- Different computers should be added that you are wanting remote
access to
- You need to know the username and password for the computer
that you are wanting to get into or whatever website you are trying to
get into on that computer
- Once you have clicked remote control you can look at what is
happening on the screen.

Do not move your mouse or click on anything

- Log out and move on!

OceanofPDF.com
Chapter six: Protection is Key

Protecting your computer is a big thing that is going to ensure that you are
not going to be hacked. There are some ways that are kind of obvious and
others that you may not know about.

Methods for protection

- Back all your files and folders up

They should be stored somewhere that is not on your

computer

DropBox and OneDrive are just two places that are online

that can be used for backing up your files.

- Firewalls are vital!

A proper firewall is going to help protect your computer

against viruses.

There are some applications that want to disable your

firewall. It is recommended that you do not do this but it is

up to you on if you want to allow it or not.

- Security settings
All the cookies on your computer should be erased

The internet zone should be set for high and at least

 medium on the sites that you trust

Cookies are not going to be dangerous but they will track

your activity

- Disable unnecessary content

JavaScript or ActiveX may invite viruses that you do not

want on your system

- Antivirus applications

Your antivirus application should update every time that

there is a new update

There are new viruses that are being created each and

every day therefore the updates will help protect against

these

- If an email arrives that is not from someone you know and it has
an attachment, it should not be opened.
Viruses could be attached to the email and it will get into

your system once it is opened.

If it is from someone that you do not know or even from

someone that you know but are not expecting from, just

delete it to be on the safe side.

Should it be from someone that you know, ask them to see

 if it is safe for you to open.

- Only download programs from sites that you completely trust

Do not send downloads to friends or family because you

could infect their computer if yours is infected.

- Turn off your computer and disconnect

A system that is shut off is not going to be open for a

hacker to get access to.

The internet is a good place for hackers to try and get into

your system and if you are not connected to it, then you are

protecting yourself.

- When you are creating passwords, you should never use the same
one.
Some sites offer a two-step authentication where a second

password will be asked for should the first one be entered

incorrectly.

Other sites are going to ask you for a code before you can

sign in from a new device.

When your email or phone number have been changed,

you should update it with the sites that you are using as
 well.

- The only sites that you should use are the ones that have HTTPS
before the URL
- Your home network should have a password that only you and
your family know.
The majority of routers are going to have a sticker that has

a default password for that router.

This password should be changed

If this password is not changed, then you are leaving your

router open to be hacked.

If your computer asks for an encryption, you need to pick

the WPA-2

Try and avoid WEP and WPA because these are going to

have major security flaws

The SSID for your router needs to be hid so others cannot

find it.

- There is technology all around us.

You can now go to the sore and buy washers, dryers,

fridges, and even ovens that have Wi-Fi connection!

There are major security flaws in these devices that the

 companies are now working on.

They were put out with these flaws because the companies

were trying to get the devices out as quickly as they could

and did not think about the safety of their users.

The security of your devices is going to be on you, so you

need to do what you can so that you can protect not only

you, but your loved ones as well.

Password Managers

- A password manager is going to aid in keeping someone from

using brute force to crack your password
- There are password generators that you can use to give you
random passwords that are going to be saved so that you do not have
to memorize the password and it is harder for others to get a hold of.
- There are applications that are cross platform such as LastPass
 that will work on your phone as well as your computer.

Two-factor authentication

- This is not going to be a hundred percent effective in keeping

people out of your account. It is a stop gap when you are logging on
to a device that you have never logged in on before.
- Twitter uses text messages with temporary passwords
This password allows you to get into your account but this
is done to ensure that you are the one that is trying to get
into it.
- Alerts will be sent to you when someone is trying to access your
account.
The alerts can be set up for those that use your password
but use it on a device that has never been used before.
- Microsoft, Apple, Twitter, and Google all use two step
authentications.

Backing up data

- The iCloud is not as secure as you think that it is.

- Personal data like photos or documents should not be kept on
 external servers
External servers are sites like Dropbox or Flikr
- A safer choice is to use a server that you can get onto even if you
are not online.
- The cloud is actually easy to be hacked and is going to be like a
treasure chest to a hacker because there are all sorts of personal
information that are put on it.
- When you are backing up your information you should keep it
protected as well as local so that it is harder for hackers to get into.

Linked accounts

- When accounts are linked, a hacker is not only going to have

access to that site, but to whatever it is linked to.
- It is going to be hard to avoid linking accounts together because
whatever site you are trying to get onto always gives you the option
to link accounts so that it is easier to log in and you do not have to go
 through the whole sign up process because the information is going
to be pulled from the other account.
- But, you can avoid this by taking the extra time to just go through
the sign up process so that you do not give a hacker access to
something that can lead them into all of your information.
- Logs in should be unique to you and passwords for every site that
you use should be different.
- If you have accounts linked, it is a good idea to unlink them.
It is an even better idea if you just remove accounts that
you are no longer using.

Security questions

- Security questions are meant to add an extra layer of protection to

your data.
They are simple questions that are easy for you to answer
so that you do not have to worry about forgetting the
answer.
- But, the question should not have the true answer tied to it.
Instead, you should make up a unique answer that is not going to
have anything to do with the question.
Example: “ Where did you get married? ” Answer: “ July ”
The answer should be something that you are going to
 remember!

Misinformation

- Putting out information that is not true on the internet is not too
uncommon.
- One of the most powerful tools that you are going to have to
protect yourself against hackers is to use misinformation.
- The key to all the things that you need to put on the internet can
be changed from the truth so that a hacker cannot simply look the
information up online and get ahold of your data.
You can change your birthday, birth location, where you
currently live, and even who your family members are.
- On social media, you do not need to tell others who your family
they know who they are and the entire world does not have to know
If you tag your mother as your mom, then a hacker is
going to have instant access to what your mom ’ s maiden
name is.

Password protection

- When you get a new device, you should always put a password
that only you know on it.
A computer is going to be the easiest way for a hacker to
have access to all of your personal information.
Should your computer get stole, if there is no password on
it, you are inviting a hacker to get onto it and steal any
 information that they so desire.
- This is not only going to protect you, but those that you are in
contact with as well.
- When someone hacks into your account, they are going to go for
your contacts firs before they do anything else.

Credit cards

- Your bank can give you a card number that is only going to work
temporarily
They may also be able to give you a card number that will
only work one time.
- A credit card number is going to be tied directly to you so with
that number, any other data that is yours can easily be taken.
- Hackers only need the last four of your card to be able to get your
identity.
- Multiple cards that are all linked to the same account are going to
cause all the cards to be compromised should one be stolen.

Privacy on websites

- When you have your own website, private information of yours

can be found if someone does a query on whois.
- This information should be privatized so that you can protect your
information.
First you are going to log into your site
Then you are going to look for the option that allows you
to make your data private
If you do not find it, call the site ’ s support and have them
help you with it.
You may have to pay a few extra dollars but it is going to
protect you in the long run.

OceanofPDF.com
Chapter seven: Mistakes are Made, But They Can
be Fixed

Everyone makes mistakes, it is unavoidable. However, as a hacker, these

mistakes can either get you caught by your victim or they can get you
caught by the government!

Back up of files

If you do not back up your files before you start hacking into someone’s
computer, when they trace the line back to you, then you are going to be
found out faster. Not only that, but you are also becoming a target for other
hackers.

Should your compute be shut down by someone because they found out you
hacked them, then you are going to lose everything that is important to you.

Not reading and just clicking

This is one of the best ways that a hacker can get into a system. But, it can
also come back to bite you in the butt. If you do not read what you are
agreeing to, you may be putting something on your computer that is going
to make it to where you can easily be traced and therefore get in trouble for
what you are doing.

So, read what you are agreeing to before you continue. Where most people
get caught, is in the fine print.

Not saving work

Hacking is not going to be like writing code where you can lose an entire
program if you do not save your work, but it is still important that you make
sure that the changes that you make to programs is saved or else your
program is not going to work like you want it to.

Imagine if a program crashes in the middle of what you were doing and you
have to go back in and change everything back to what it was before so that
you can do what you were doing.

This is just going to take up a lot of time and therefore you are going to lose
valuable time getting into the system. So, save your work!

Turning your computer off

Turning off your computer when you are being traced does not mean that
you are going to stop the trace. Plus, if you shut your computer down with
programs open, you are harming the hard drive on your computer.

So, do not turn your computer off just to stop something because you are
going to end up doing more harm than good and you may find that you have
ruined your computer for good.

Email attachments

Just like you are sending out emails to put viruses on a victim’s computer,
does not make you immune to someone trying to do it to you. So, follow the
rule and do not open anything from someone that you do not know. You
may not only open yourself up to being attacked, you are opening yourself
up to being discovered as a hacker.

Installing

Most of the programs that you are going to use as a hacker are going to be
downloaded off the internet. Be sure that you are getting the programs from
a source that you trust or else what you think is a program that will help
you, is going to end up destroying your computer because someone else has
put a virus in it and duplicated the program for people who do not always
pay attention to what they are downloading.

Up to date

Keep your computer up to date so that you are not running on outdated
software. Should your computer be slow, you are going to be able to be
tracked a lot faster because your computer is not as fast as it is supposed to
be.

OceanofPDF.com
Chapter eight: Let ’ s Make it Easier With Some
Tips and Tricks

You already know how to hack, and some of the information that you have
read may seem redundant but it is going to help you. So are having some
easier ways for you to know how to get into a system.

If you have some tips or tricks in your back pocket, you are going to find
that hacking is going to be ten times easier than you believed it to be.

- Passwords are going to be one of the easiest ways to get into

someone’s system
- Keystrokes will also help reveal a lot about a person. You can
learn not only their identity, but their passwords as well.
- Viruses can be sent out through emails or instant messages to your
victims
- Spying on someone’s email is going to allow you to know more
about a person’s habits
- Zombie computers are a good way to create a connection between
computers so that you can use that computer to do something else.
That way if you are traced, it comes to that computer and not yours.
- Leave open a backdoor if you plan on getting back into the system
again. It is going to save you time on hacking the system therefore
you are in and out quicker than you were the first time.

OceanofPDF.com
Chapter nine: Captain Crunch

Captain Crunch, Crunch, or even Crunchman was born Thomas Draper in

1943. Draper is a former phone phreak and a legendary programmer and
hacker amongst the computer programming world and security world.

At a young age, Draper built a home radio station from the discard military
components. Draper also received psychological treatment due to what
people thought was a chemical imbalance.

In 1964, Draper enlisted into the Air Force and was stationed in Alaska.
While there, he gained access to a local telephone switchboard in which he
used to help his fellow servicemen make free phone calls home.

After being re-stationed in Maine, Draper made a pirate station but was
forced to shut it down when a legitimate radio station objected to his
station. After being discharged from the Air Force, Draper moved to Silicon
Valley where he worked as an engineering technician as well as being
tasked with working on the early cordless phones.
In order to gauge his stations reception, Draper drove around testing a pirate
radio transmitter that he built himself. While doing this, he broadcasted a
telephone number. One of his callbacks was from a man named Denny that
was later identified as Denny Teresi. Meeting Teresi introduced Draper into
the world of phone phreaks.
Due to a large percentage of phone phreaks being blind, they wanted Draper
to build a multifrequency tone generator. This later became known as the
blue box. The purpose behind the tone generator was so that they could gain
access into the AT&T system easier using the tones. In doing this, they
would not have to use an organ and cassette recordings in order to get their
free calls.

A boy who used the name Joybubbles had the gift of being able to perfectly
match the pitch of the frequencies that were being used. This boy was
informed that a toy whistle would emit a tone that was exactly 2600 hertz,
which was the same tone that AT&T used to indicate that a trunk line was
open and ready to route the next incoming call. The tone frequency would
enable the trunk line too close down one end of the line but leave the line
connected in operator mode so that it could be used to make calls. Draper
experimented with the blue box and the tones that it emitted in order to
make other tones that the phone companies used.

Draper and others discovered that they were limited to call-routing switches
that relied on in band signaling. New equipment relied almost exclusively
on out of band signaling. With the use of separate circuits, the equipment
was able to transmit voices and signals. Unfortunately for Draper, they were
no longer be able to use the Cap’n Crunch whistle that Draper had
developed. Now, the whistle is a valued collector’s item.

In 1972, Draper was arrested for toll fraud thanks to the help of the 1971
Esquire article. For his crimes, Draper was sentenced to five years on
probation. Wozniak actually sought Draper out and it was in Wozniak’s
dorm room that Draper began to teach Wozniak and Jobs in the ways of
phone phreaking, passing his skills down to the boys.
In 1977, Draper provided services to Apple as an independent contractor.
This is where Draper was able to create the “Charlie Board,” a phone
interface board that was used in Apple II personal computers. The Charlie
Board could instantly identify phone lines and signals –just like the ones
used to make free calls-. This was something that a modem would not be
able to do for many decades.

The technology that Draper provided Apple would later be used to tone
activated things such as voicemail, calling menus, and various other
products.

Draper never marketed his Charlie board due to the fact that it would be a
prohibitive cost with an AT&T approved connection. With the industrial
suppression by AT&T, his previous arrest, as well as the hostility between
Jobs and Draper, marketing the Charlie Board became almost impossible
without Draper most likely ending up in prison.

But, Wozniak would later use the BASIC cross-assembler that Draper wrote
in the development of Apple I and Apple II.

Between 76 and 78, Draper served two prison sentences, both for phone
fraud. While serving his sentences, two psychiatrists that were court
appointed to examine Draper found two different findings. One found that
Draper was fine and there was nothing wrong with him, while the other
found that he was psychotic and had an underdeveloped sense of people.

While serving his third prison sentence, Draper wrote the first word
processor (EasyWriter) for Apple II. Thanks to a work program, Draper was
able to gain access to a computer where he was able to code most of
EasyWriter, but, he did take copies of it “home” –back to his cell- every
night in order to continue his work.
In later years, Draper beat Bill Gates out for the IBM contract where he was
able to port EasyWriter. This deal helped Draper by a Mercedes as well as a
house in Hawaii.

After his company Capn’ Software posted less than $1million in revenue in
six years, Draper sued his software distributor for an unauthorized version
of EasyWrite being released without Draper’s permission. Thankfully, they
were able to settle outside of court.
Due to the criminal record that he held along with his eccentricities, Draper
found it hard to be hired by many corporations, even though Draper had a
pedigree and could easily demonstrate his qualifications. The last major
corporation that hired Draper was Autodesk in the late 1980s.

In the 1990s, Draper became immersed in the burgeoning rave scene. This
helped support his itinerant lifestyle and he wrote code in Australia and
India as well as developed websites. It is rumored that a rave website
located in Sydney got reports from Draper on some of the rave events that
he had attended while in Sydney.
Between the years 1999 and 2004, Draper worked for ShopIP as their Chief
Technical Officer. This was a computer security company backed by
Wozniak which featured an OpenBSD based firewall.

ShopIP was the first security company that would feature hackers as
security consultants as well as the first to use OpenBSD. Draper as well as
the company were featured in The Register and The New York Times.

Once again Draper was the Chief Technical Officer only this time it was for
a company called En2go from 2005-2010. As senior developer, Draper also
worked for a VoIP client called Kan Talk!.
All of Draper’s software history includes:

The Motorola 6800 Cross Assembler for CallComputer built in

1974
The Charlie Board which was built in 1977
Forth 1.7 for Apple II in 1978
EasyWriter in 1980
1986-1989 Draper developed Advanced 3-D Graphic Design
Systems for Autodesk
Draper does website development which he started in 1994 and
is still doing today.
Draper’s Crunchbox Firewall for ShopIP in 1999-2004.
 The VOIP application for Onlnstant which he did in 2005
And finally the Channel Manager for the Flyxo Media System
with En2Go in 2005-2010.

There is an often repeated story that Draper got on a public phone and
“phreakd” his phone call around the world. At no charge to him, Draper
routed his call through phone switches in Japan, Russia, England, and
several other countries. It wasn’t until his call was routed through at least a
dozen countries that he dialed the phone next to him and it began to ring.
Picking the phone up, Draper spoke into phone A only to hear his voice on
phone B moments later. His voice was heard faintly, but it was still there.
This was a trick that Draper repeated at parties that he attended.

Another story is that Draper and one of his friends placed a direct call to the
White House while Nixon was in office. It wasn’t until they gave the
operator the president’s code name –Olympus- that they were put through to
talk to someone that sounded just like Richard Nixon. In order to see how
far they could push their prank, Draper’s friend went on to tell the man
about a supposed toilet paper shortage in Los Angeles. At this point in time,
the man on the other end got extremely angry and asked them how they
managed to get connected to speak to him.

Due to his help in advancing technology, Draper’s story is mentioned in

several pop culture movies. In a movie called Sneakers, Draper and the
young boy Joybubbles as well as a few other hackers in prison providing
Phreaing services to criminals while there.
In the movie Cowboy BeBop, Draper is mentioned specifically by his
hacker tag when they are saying that “Cap’n Crunch broke into the national
phone system with a plastic whistle.”

Also in the movie Pirates of Silicon Valley Draper is portrayed by Wayne

Pere.

During an episode of The Rockford Files Draper is being chased down for
his involvement in a murder investigation.
Even in the book Read Player One by Ernest Cline Draper is used as the
key to unlocking one of the mysteries that are mentioned in the story.

There is even an unreleased documentary that Draper did called Hackers

Wanted.

OceanofPDF.com
Chapter ten: Steve and Steve

Wozniak and Jobs used hacking in order to help improve technology. In this
chapter, you are going to learn how they were able to do this.
Just like in a previous chapter, Jobs and Wozniak used a popular way of
hacking in order to break into different computers.
Even though they used their hacking for good, what they were doing was
still illegal!

Back in the 60s the term hacker was used to describe someone who was an
expert at programming. As the years went on and more people got into
hacking, the skills used in order to gain access to a system have gone from
being “completely innocent” to having people who use it for illegal activity
on the computer. Either way you look at it, the ones who use their skills to
program a computer and make it better, or the ones who use their skills in
order to gain access to a person’s private information, they are both skilled
individuals. Some of the biggest names in technology today started out
“hacking” back in the beginning days of computers.

At the Computer History Museum in California, there is a device on display

called a Blue Box. This box was used to interrupt phone signals and was
invented by two hackers that are extremely well known today – Steve Jobs
and Steve Wozniak.
As stated, the Blue Box was used to interrupt phone signals. It was a
hacking activity that is known as phone phreaking.

Today, phone calls are a series of connections that place you through to who
you wish to talk to. Back in the beginning, this was done by a human
operator who would help you get through to the person you wanted to speak
with. When the automatic exchanges came into place, they route your call
to its destination by communicating with one another. The automatic
exchanges use a series of audible tones known as signaling which came
around in the 60s and 70s.

The tones that phones used proved to be the weak spot that hackers
exploited.

The blue box emulates the signaling tones used by telephone exchanges.
When these tones are played through a speaker that is connected to the
phone’s handset, the automatic exchanges are fooled into believing that they
are receiving a signal. Anything became possible once the hacker
understood all the signaling tones that were used.

A hacker could figure out how a call was routed by billing the processes,
overriding the charging, and this would help them to overcome any
blocking restrictions that a phone company had put in place. In the early
1970s this is what Jobs and Wozniak designed and began to sell. Using false
names, (Berkeley Blue and Oaf Tobar), Jobs and Wozniak entered into the
illegal world of Phone Phreaker.
Wozniak and Jobs started with Phone Preakering because they were
interested in the challenge it gave them to take something apart and figure
out how it works, and then find ways around it. By the time that they did
figure it out, they also figured out that they could make money off of it, and
that is when they began the illegal action of selling their work.

Now motivated by the new technical challenges that were coming out with
the advancement of technology, Wozniak and Jobs abandoned their life of
crime and moved on to different challenges. In an interview with Jobs, he
claimed that if it hadn’t been for the Blue Boxes that he and Wozniak
experimented on, Apple would not exist today.

Blue Boxes became extinct when the telephone companies began to adopt
an out of band signal that would spate and dedicate the connections that
were used for exchange to exchange any communication.

By today’s definition, Wozniak and Jobs would be considered hackers. But,

were they really hackers or were they just skilled programmers? The line is
thin in deciphering which side they fell on. They did know that they were
engaging in illegal activities with their Blue Box. Is the only reason that
they are not considered hackers because they are now a household name
thanks to creating Apple?
On the other hand, things could have turned out very differently for
Wozniak and Jobs. Due to all the hacks that have happened within the
government now days, their Blue Boxes and other hacking antics would be
far less likely to just be dismissed as harmless rebellion thanks to people
feeling more sensitive to our privacy and communications. In fact, it is very
possible that if Wozniak and Jobs had continued with their illegal activities,
they would have ended up serving time.

But, since they learned a lot thanks to the use of their blue boxes. Without
having dabbled in the darker side of hacking, Wozniak and Jobs would have
never created the worldwide company that we all know and enjoy today.

OceanofPDF.com
Conclusion

Thank for making it through to the end of Hacking, let’s hope it was
informative and able to provide you with all of the tools you need to
achieve your goals whatever they may be.

The next step is to take what you have learned here and either put it to good
use or begin to work towards a career in hacking.

Just remember that hacking is not going to be looked upon favorably and
that you should never try and gain access to a system without permission.

Everything that was written in this book was for educational purposes only.

Additionally, please visit our Amazon Author page for more great info and
resources.

CLICK HERE

You will find all the books you need to learn about:
Python Programming, SQL, JavaScript, and even TOR if that’s something
you fancy!!
Last but not least, if you enjoyed this book and thought it was helpful, we
certainly won’t say no to a 5-star review on Amazon.
Thank You and Best of Luck in Your Hacking Endeavors!!!

OceanofPDF.com