Đang tải... (xem toàn văn)
(BQ) This book, give you an overview of hacking and penetration testing, show you how it’s done, and then I’m going to tell you how to keep your systems secure so that you can’t be hacked!
HACKING BEGINNER’S TO INTERMEDIATE HOW TO HACK GUIDE TO COMPUTER HACKING, PENETRATION TESTING AND BASIC SECURITY TABLE OF CONTENTS Introduction DISCLAIMER What is Hacking? Script Kiddie White Hat Hacker Black Hat Hacker Grey Hat Hacker Hacktivists How to Become a Hacker Web Hacking Writing Exploits Reverse Engineering Finding Exploits and Vulnerabilities Step 1 Step 2 Step 3 Step 4 What is Penetration Testing? What Is A Penetration Test? How to Get Started with Penetration Testing SQL Injection The 5 Phases of Penetration Testing Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks Basic Security How to Protect Yourself from Trojans or a Virus Protecting Yourself Top 10 Security Practices Everyone Should Be Following Use Anti-Virus Software Leave UAC Enabled Enable Your Firewall and Configure It Properly Uninstall Java Keep Your Software Fully Up to Date Be Wary Of Programs You Install and Run Don’t Download Cracked or Pirate Software Be Very Aware of Phishing and Social Engineering Never Reuse Passwords Use Secure Passwords Conclusion Resources PREVIEW OF “LINUX GUIDE FOR BEGINNERS” © Copyright 2016 by Matheus Sartor & Jonathan Brum - All rights reserved This document is geared towards providing exact and reliable information in regards to the topic and issue covered The publication is sold with the idea that the publisher is not required to render accounting, officially permitted, or otherwise, qualified services If advice is necessary, legal or professional, a practiced individual in the profession should be ordered - From a Declaration of Principles which was accepted and approved equally by a Committee of the American Bar Association and a Committee of Publishers and Associations In no way is it legal to reproduce, duplicate, or transmit any part of this document in either electronic means or in printed format Recording of this publication is strictly prohibited and any storage of this document is not allowed unless with written permission from the publisher All rights reserved The information provided herein is stated to be truthful and consistent, in that any liability, in terms of inattention or otherwise, by any usage or abuse of any policies, processes, or directions contained within is the solitary and utter responsibility of the recipient reader Under no circumstances will any legal responsibility or blame be held against the publisher for any reparation, damages, or monetary loss due to the information herein, either directly or indirectly Respective authors own all copyrights not held by the publisher The information herein is offered for informational purposes solely, and is universal as so The presentation of the information is without contract or any type of guarantee assurance The trademarks that are used are without any consent, and the publication of the trademark is without permission or backing by the trademark owner All trademarks and brands within this book are for clarifying purposes only and are the owned by the owners themselves, not affiliated with this document INTRODUCTION The very fact that you are reading my book is an indicator that you are interested in learning the fine art of hacking You could also be concerned with the safety and security of your home or office computer system or network — and who isn’t, these days? Computer hacking is the act of “breaking” into a computer system or network by modifying hardware or software to things that the manufacturer definitely did not intend them to Hacking used to be an activity done purely for fun and the spirit of adventure: an activity that people got into, individually or as a collective, just to see if they could succeed Nowadays, however, when people think of hacking they think of hijacking hardware or software — of getting these things to perform all kinds of malicious actions Every week we read about another major company or financial institution that has been hacked into, resulting in the theft of customer data, or massive amounts of money, or information held by financial insiders, or even trade secrets Now more than ever, it’s vitally important that you keep both your computer and your Internet connection safe and secure so that you don’t become the next victim You’ve heard of unethical hackers — what about the ethical hackers? Ethical hackers, sometimes referred to as the “white hats”, are the hackers who work at keeping individual users and companies safe Indeed, some of the world’s biggest hackers have gone on to provide the world with technology that is useful and constructive — and perhaps one of the best-known of them all was the late Steve Jobs, co-founder of the mighty Apple company He started out as a hacker, and went on to provide us with cutting edge technology and innovative hardware Unethical or malicious hackers, sometimes referred to as the “black hats”, can face prison time and heavy fines if caught And a cracker, a person who breaks through security codes to steal personal information or destroy an information system, can face prison sentences of up to 20 years Let that be a lesson to anyone who is considering becoming a cracker or an unethical hacker In my book, I am going to give you an overview of hacking and penetration testing I am going to show you how it’s done, and then I’m going to tell you how to keep your systems secure so that you can’t be hacked! that can easily be tampered with On the other hand, movies, albums, or e-books are just media files — they will either play or they won’t That said, there are malicious individuals who will disguise malware to look like a video — so again, the warning to download only from trusted sources holds true here Be Very Aware of Phishing and Social Engineering Most of the major email clients and browsers will do what they can to protect you from a phishing attack, but there is always room for improvement in those measures A phishing attack is the Internet version of a person who calls you on the phone and pretends to be your bank asking for your bank details or credit card numbers Banks don’t do this sort of thing, either by phone or by email Be very aware of online requests for personal information Make sure that if you do have to give out your card numbers or bank details, you only give them to legitimate websites or individuals Look for the SSL icon in the address bar of your browser; it might take the form of a closed lock or of a green check mark The presence of that icon shows that the web page you’re currently on is correctly and sufficiently encrypted so as to protect the information that you’re about to send If you need to access your bank accounts using the online banking facility of your bank, do it through the bank’s official website If you receive an email that purports to be from your bank and that asks for your personal information or account details, do not click on any links in that email! Open a new browser window or tab, and type in the actual address of your bank’s official website, and log in to your account using the link from your bank’s official website Doing it any other way might open you up for an attack from phishers, who will attempt to steal your personal details using a an official-looking website Phishing might sound like a fairly sneaky way of stealing your personal information — but it’s amateurish compared to theft of personal information by means of social engineering methods These methods rely on the psychological manipulation of people, forcing them to perform actions that they wouldn’t do otherwise, or pushing them to divulge otherwise confidential information Some social engineering methods used for hacking and unauthorized entry into otherwise secure networks are almost surprisingly simple: Kevin Mitnick, once a notorious computer hacker and now a cybersecurity consultant, claimed that it was much easier to fool someone into giving out a password to a given computer network or information system, compared to spending hours or days on hacking into that same network or system You’ve actually seen social engineering methods on TV and in the movies, and they aren’t even new, as they’ve even been used by none other than Agent 007 himself, James Bond The trick is to be aware of them instead of falling for them Never Reuse Passwords Many people reuse their passwords across different accounts and different websites Using one password to access a number of different sites is dangerous It only takes one leak — if your password gets stolen from one website, then it opens up the very real possibility that your data could be stolen from all of the other sites that you use Don’t think that attackers won’t try to login to any number of websites with the same credentials, hoping that one — or even more — of those websites will yield a hit It is absolutely critical that you have unique passwords for the different websites that you use, and particularly the ones that you use most often This is especially true for your email accounts, as well as your social media accounts Since you keep your personal information and confidential data in these accounts, you should take steps to keep these accounts secure Start with a strong and unique password for each account It seems that password leaks are becoming more and more common these days; it seems that we hear about some new instance of account information getting stolen and then leaked to the Internet at large The only way to protect yourself from these attacks is to use a different password on every site and for every account — and make sure that you change them frequently If necessary, use a password manager to help you — but make sure that this password manager comes from a reliable and trustworthy source! Use Secure Passwords Recent password leaks have shown that a lot of people use really simple passwords such as “12345”, “letmein” or “iloveyou” This is a risky move and one that can easily be avoided Again, using a password manager can be helpful in this case These managers can help you to come up with secure passwords Passwords don’t necessarily have to be overly long or extremely complicated — they just have to be strong A strong password has a high level of randomness or entropy, which means that it avoids common sequences of letters or numbers It also doesn’t fall easily into patterns that can be inferred from commonplace information such as sequences of numbers that add up to a birthdate or an anniversary, or sequences of letters that resolve into dictionary words As I said earlier, I cannot possibly talk about every single security measure that exists under the sun What most of it boils down to, however, is really nothing more than sheer common sense You will need to take the time to make sure that you maintain your security while you use your computer on the Internet You will need to make sure that you update your system regularly and that all of your software is up to date The amount of time that it takes you to this is nothing compared to the time it will take you to deal with the situation if you do end up a victim of cybercrime, or if you do get hit by a virus or malware attack — and let’s not forget the potential financial costs of such an attack Ask yourself this — is it worth the risk of not taking the time to secure your system? Would you rather be safe or sorry? Or are you prepared to leave it all to chance and hope that, fingers crossed, nothing can or will go wrong? Think it will never happen to you? Think again! CONCLUSION Thank you again for purchasing this book! I hope this book was able to help you to understand the basics of hacking and penetration testing, as well as the basics of keeping yourself safe while surfing the Internet For those of you who thought that I would be telling you how to hack into a bank or a major company, sorry to disappoint you That sort of thing would make me unethical The best ethical approach I can take is to show you harmless hacking and penetration techniques You can go a long way if you want to become an ethical hacker; there are plenty of jobs for those who know exactly what they are doing and big companies that will pay big bucks to make sure their systems are protected The best place to start is on your own computer system: learn how to protect it and make it secure It is a great place to learn how a system can be hacked Once you understand the basics of security then you can go on to learn the basics of hacking and penetration testing Take a look around the Internet and you’ll find plenty of resources and courses that will teach you how to become an ethical hacker Once again, I must reiterate that I will not be held responsible for any unethical hacking that arises as a result of the information in this book Finally, if you enjoyed this book, then I’d like to ask you for a favor, would you be kind enough to leave a review for this book on Amazon? It’d be greatly appreciated, not just by me but by other potential readers too Click here to leave a review for this book on Amazon! Thank you and good luck! RESOURCES Python Ruby CSS JavaScript PHP SQL Reverse Engineering SecurityFocus Database MITRE Corporation PREVIEW OF “LINUX GUIDE FOR BEGINNERS” LINUX LINUX GUIDE FOR BEGINNERS: COMMAND LINE, SYSTEM AND OPERATION CHAPTER THE BASICS Did you know that due to Android’s dominance on smartphones, tablets, and other mobile devices, Linux has turned into one of the largest installed bases in all generalpurpose systems? Although it is not the top pick for desktop computers, Linux remains as an exemplary model of free and open source collaborative projects Since it operates on embedded systems, it is very useful on television, facility automation controls, video game consoles, network routers, smartwatches, and, as mentioned, mobile devices Linux’s simplistic design makes it a favorite of programmers While others like a bit of complexity, some programmers prefer straightforward concepts In its original nature, it is a leading OS (or Operating System) on mainframe computers, supercomputers, and numerous servers As a beginner in Linux, start learning the fundamentals What are the essentials about Linux? HISTORY OF LINUX In 1991, Linux was officially released Originally, its development centered as a free OS for different Intel x8-based personal computers Its creator, Linus Torvalds, announced that the OS’ creation is partly due to a micro server kernel’s unavailability back then As an open source collaborative project, its source code is free to use Under its respective license’s term, it can also be modified for commercial and non-commercial distribution Since it is compliant with POSIX (or Portable Operating System Interface), Linux is a dependable OS It has undergone and passed assessment for API (or Application Programming Interface), standard utility interfaces, and command line shells LINUX COMPONENTS The seamless activities of Linux are attributable to its essential components There are seven of these Seven essential components: Applications availability Linux presents the availability of thousands of applications, and these applications are available for immediate installation It is similar to Windows Store and Apps Store that lets you search for a preferred application Once done searching, you can install the app from a centralized location Daemons Daemons are Linux components that serve as background services Examples of background services are sound, printing, and scheduling These are launched either after a desktop login or during boot Desktop environments Desktop environments refer to components with user interaction Examples are GNOME, Unity, and Cinnamon Enlightenment Each of these comes with configuration tools, file managers, calculators, web browsers, and other built-in features Graphical server A graphical server is Linux’s subsystem Its primary duty is displaying graphics on your screen You can also refer to it as “X” or the “X server” The boot loader Linux’s management of your computer’s boot process is handled by the boot loader Usually, it is in the form of a splash screen Once this splash screen pops up, it will slowly proceed into the booting process The kernel Linux’s core is called the kernel It is in charge of management for the memory, peripheral devices, and CPU The shell The shell is Linux’s command line It permits control via typed commands in a text interface Click here to check out the rest of Linux Beginners Guide on Amazon ...HACKING BEGINNER’S TO INTERMEDIATE HOW TO HACK GUIDE TO COMPUTER HACKING, PENETRATION TESTING AND BASIC SECURITY TABLE OF CONTENTS Introduction DISCLAIMER What is Hacking? Script Kiddie... becoming a cracker or an unethical hacker In my book, I am going to give you an overview of hacking and penetration testing I am going to show you how it’s done, and then I’m going to tell you how to keep your systems secure so that you can’t be hacked!... don’t get the permission in writing, in the form of a contract, you are nothing more than a hacker That is the fundamental difference between hacking and penetration testing To give you a bit of background on penetration testing, we first need to look at what this testing does, and what a penetration tester is looking for