You are on page 1of 8

TheMostIndepth

Hacker
s
Guide

By:
DawoodKhana.k.a,
Aleri0nV0RT3X
(Volume:1)

Book or
V
olume "The Most InDepth Hackers Guide: Volume: 1 is tremendously complex to write,
particularly withoutsupport of theAlmightyGOD Allah. I expressheartfeltcreditto
My Parents without
themI have noexistence.Iammorethan ever thankfultomyteacher
Sir.KhairUllahfortheinspiration
whichIgot to write thebook.I amalsothankfultomyfriendsandpartnerwhofacilitatedme.Tofinish,I
am thankful to you also as you are reading this book. I am sure this will book make creative and
constructiveroletobuildyourlifemoresecureandalertthaneverbefore.

Who am I?
You might have come across the term ethical hacker? The good guy? Yes, thats
what exactly I like to call myself. For hacking you need to have a basic knowledge of
programming.
S
omeoneaskedme,"Howdidyoutakeinterestinprogrammingandhacking?"
It
was more like an inspiration that I got from my brother.
My first ever attempt at programming
was making a simple page in HTML with a big"Helloworld"init.Towhichofcoursemyfather
smiled and said, "well done.". Then came hacking. My hacking career started back in 2009. 7
yearspassedand thereis stillsomuchtolearn.Mysoulpurposeof thisbookisnottosellitbut
to raise awareness of the danger we face today, and yes, to help teach people about the
hackerstradition.:)

By learning you will teach, by teaching you will learn


- Latin Proverb

Copyright
Notice

This report may not be copied or reproduced unless specific permissions have been
personally given to you by the author Dawood Khan. Any
unauthorized use,
distributing,reproducingisstrictlyprohibited.

LiabilityDisclaimer

The
information provided in this eBook is to be used for educational purposes only.
TheeBook creatoris innowayresponsibleforanymisuseofthe
informationprovided.
All of the
information in this eBook is meant to help the reader develop a
hacker
defense attitude in order to prevent the attacks discussed. Innoway should you use
the
information tocause any kindofdamagedirectly orindirectly. Theword
Hack
or

Hacking
in this eBook should be regarded as
Ethical
Hack
/
Ethical
hacking

respectively.Youimplementthe
information
givenatyourownrisk.

This bookis totally meantfor providing


informationon"
Computer
Security
,"
Computer
Programming
and other related topics and is no way related towards the terms
"
CRACKING
or"
HACKING
(
Unethical
).

Few articles (tutorials) in this book may contain the


information related to "
Hacking
Passwords
or "
Hacking
Email
Accounts
(Or
Similar terms). These are not the
GUIDES of
Hacking
. They only provide
information aboutthelegalways of retrieving
the
passwords
. You shall not misuse the
information to gain
unauthorized access.
However you may try out these hacks on your own
computer at your own risk.
Performing
hack
attempts (without permission) on
computers that you do not own is
illegal.

Some of the tricks provided by us may no longer work dueto fixturein the bugs that
enabled the exploits. The author is not responsible for any direct or indirect damage
causedduetotheusageofthehacksprovidedinthebook.

TheMostIndepthHackersGuideby
DawoodKhan
2

Tableof
Contents

A. Introduction
......
3
1.Whatisa
Hacker
?
2.Typesof
Hackers
.
3.Whatdoesittaketobecomea
hacker
?

B. Website
Hacking

..............................................
6
(StructuredQueryLanguage
Injection
)
1.Understanding
SQL

Injection
.
2.HowtoUse/
Create

Dorks
.
3.Finding
Columns
&the
Vulnerable

Columns
.
4.Obtainingthe
SQL

Version
.
5.Obtaining
Tables
&
Columns
(Remote
File

Inclusion
)
6.UnderstandingRFI
7.UsingRFITo
Exploit

Website
8.
Advanced
RFIusing
PHP
streams
(Local
File

Inclusion
)
9.UnderstandingLFI
10.ExploitingLFI
Vulnerabilities
(
CrossSite

Scripting
)
11.UnderstandingXSS
12.XSSAttack
(Broken
Authentication
and
Session

Management
)
13.UnderstandingBrokenAuthenticationandSessionManagement
14.
Brute

Force

Attack
15.
Session

Hijacking
(DNS
Cache

Poisoning
)
16.UnderstandingDNS
Cache

Poisoning
17.DNS
Background
18.
Cache

poisoning
withoutresponseforgery
19.Blindresponseforgeryusingbirthday
attack
(Heartbleed)
20.UnderstandingHeartbleed
21.Heartbleed
Vulnerability
22.The
Impact
OfHeartbleed
23.Scanning
Methodology
24.
Impact
on
Popular

Websites

TheMostIndepthHackersGuideby
DawoodKhan
3

C. Remote
Administration

Tool
...
41
1.WhatisaRAT?
2.HowtosetupRAT.
3.Howisitbeingdistributed?

D. Keylogger
.......
46
1.Whatisa
Keylogger
?
2.
Keylogger

Applications
3.Howtosetup
Keylogger
4.Remotelyinstalling
Keylogger
using
Meterpreter

E. BotnetsandIRC
Bots
..
54
1.Understanding
Botnets
andIRC
Bots
2.Typesof
Botnets
3.Formationof
Botnet
/IRC
Bots
4.Typesofattacks
5.Howtosetup
Botnet
6.HowtosetupIRC
Botnet

F. Cryptography,
Encryption
,and
Decryption

64
1.Understanding
Cryptography
2.Historical
Background

(
Cryptography
)
3.
Data

Encryption
and
Decryption
4.
Symmetric
and
Asymmetric

Encryption
5.Secure
Communications
EqualsBetter
Privacy
6.Cryptographic
Hash

Function
7.Files
Encryption
and
Decryption
8.Term
Crypters

(
Encryption
softwares)

G. Introductionto
Penetration

Testing
..
81
1.Whatis
Penetration
test?
2.History
(
Penetration

testing
)
3.Multiple
Penetration

Testing

Tools
4.HowToConduct
Penetration

Testing

H. DecompilingandReverseEngineering

87
1.WhatisReverseEngineering?
2.ReasonsforReverseEngineering.
3.TypesofReverseEngineering.
4.SoftwareObfuscation
5.Whatare.NETDecompilers?
6.SometoolsforReverseEngineering

TheMostIndepthHackersGuideby
DawoodKhan
4

Chapter1:Introduction

Whatisa
Hacker
?

In the
computer
security context, a
hacker is someone who likes to tinker with electronics or
computer systems. Hackers like to explore and learn how
computer systems work, finding
ways to make them do what they do better, or do things they werent intended todo.Hackers
may be motivated byamultitudeofreasons,suchas profit,protest,challenge,enjoyment, orto
evaluatethoseweaknessestoassistinremovingthem.

Several subgroups of the


computer underground with different attitudes use different terms to
demarcate themselves from each other, or try to exclude some specific groupwithwhomthey
donotagree.

Typesof
Hackers

White
Hat
:
These are considered the good guys. White
hat
hackers dont use their skills for
illegal purposes.They
usuallybecome
Computer
Securityexperts andhelp
protect people from
the
Black
Hats
.
The term "
white
hat
" in
Internet slang refers to an
ethical
hacker
. This
classification also includes individuals who perform
penetration tests and
vulnerability
assessmentswithinacontractualagreement.

A
white
hat
hacker is a
computer
security specialist who breaks into protected systems and
networks to test and to access their
security
. White
hat
hackers use their skills to improve
security by exposing
vulnerabilities beforemalicious
hackers(knownas
black
hat
hackers
)can
detectand
exploit
them.

DefinitionfromTechopedia

Black
Hat
:
These are considered the bad guys. Black
hat
hackers
usually use their skills
maliciously for personal gain. They are the people that
hack banks, steal credit cards, and
deface
websites
. Black
hat
hackers break into secure networks to destroy, modify, or steal
data
or to make the network unusable for those who are
authorizedtousethenetwork.Black
hat
hackers are also referred to as the "crackers" within the
security
industry and by modern

TheMostIndepthHackersGuideby
DawoodKhan
5

programmers. These two terms (


White
hat &
Black
hat
) came from the old western movies
wherethegoodguyswore
white

hats
andthebadguyswore
black

hats
.

A
black
hat
hacker is an individual with extensive
computer
knowledge whose purpose is to
breach or bypass
internet
security
. Black
hat
hackers are also known ascrackersordarkside
hackers
.Thegeneralviewisthat,while
hackers
build

things,crackersbreakthings.

PC
Tools

Grey
Hat
:
The term "
grey
hat
" or "
gray
hat
" in
Internet slang refers to a
computer
hacker or
computer
security expert whose
ethicalstandardsfallsomewherebetweenpurelyaltruisticand
purely malicious. The term began to be used in the late 1990s, derived from the concepts of
"
white
hat
" and "
black
hat
"
hackers
. A
grey
hat
hacker may surf the
Internet and
hack into a
computer
system for the sole purpose of notifying the administrator that their
system has a
security defect, for example. They may then offer to correct the defect for a fee. Even though
grey
hat
hackers may not necessarily perform
hacking for their personal gain,
unauthorized
accesstoa
system
canbeconsideredillegaland
unethical
.

Neophyte:
A neophyte ("newbie", or "noob") is someone who is new to
hacking or phreaking
and has almost no
knowledge or experience of the workings of technology and
hacking
. The
wordneophytemeans,apersonwhoisnewtoasubjectoractivity..

Script Kiddie:
These are the wannabe
hackers
. They are looked down upon in the
hacker
community because they are the people that make
hackers look bad. Script kiddies
usually
have no
hacking skills and use the
toolsdevelopedbyother
hackerswithoutany
knowledgeof
whatshappeningbehindthescenes.

Intermediate
Hackers
:
These people
usually know about
computers
, networks, and have
enough
programming
knowledge to understand relatively what a
script might do, but like the
script kiddies they use predeveloped wellknown exploits( a piece of
code that takes
advantage of a bug or
vulnerability in a piece of software that allows you to take
control of a
computer

system
)tocarryoutattacks.

Elite
Hacker
:
These are the skilled
hackers
. They are the ones that write the many
hacker
tools and exploits out there. They can break into systems and
hide theirtracksormakeitlook
like someone else did it. You should strive to eventually reach this level. Elite
groups such as
MastersofDeceptionconferredakindofcredibilityontheirmembers.

Hacktivist:
Ahacktivistisa
hacker
who
utilizes
technologyto
publicize
asocial,ideological,
religiousorpolitical
message
.Hacktivismcanbedividedintotwomain
groups
:

Nation
State
:
Intelligence
agenciesandcyberwarfareoperativesofnation
states
.

Organized

Criminal
Gangs:
Groups
of
hackers
thatcarryout
organized

criminal
activitiesfor
profit.

TheMostIndepthHackersGuideby
DawoodKhan
6

Whatdoesittaketobecomea
Hacker
?

Becoming a great
hacker isnt easy and it doesnt happen quickly. Being creative helps a lot.
There is more than one way a problem can be solved, and as a
hacker you encounter many
problems. The more creative you are the bigger chance you haveof
hackinga
systemwithout
being
detected
. Another huge quality you must have is the willtolearnbecausewithoutit,you
will get nowhere. Remember,
Knowledge is power. Patience is also a must because many
topicscanbedifficulttograspandonlyovertimewillyoumasterthem.

Thinkcreatively.
Hackers are like artists, philosophers, and engineersallrolled upintoone.
They believe in freedom and
mutual responsibility. The world is full of fascinating problems
waiting to be solved.Hackerstakeaspecialdelightinsolvingproblems,sharpeningtheirskills,
andexercisingtheir
intelligence
.

Learntolovesolvingproblems.
Noproblemshouldever haveto besolvedtwice.Think of

it as a communityinwhichthetimeof
hackersisprecious.Hackersbelieve sharing
information
is a moral responsibility. When you solve problems, make the
information
public to help
everyonesolvethesameissue.

Learntorecognize andfight authority.


The enemy of the
hacker is boredom, drudgery,
and authoritarian figures who use censorship and secrecy to strangle the freedom of
information
.Monotonousworkkeepsthe
hacker
from
hacking
.

Be competent.
Anyone who spends time on Redditcanwriteuparidiculouscyberpunk
user
name and pose as a
hacker
.Butthe
Internetisagreat
equalizer
,andvaluescompetenceover
ego and posture. Spend time working on your craftandnotyourimageandyou'llmorequickly
gain respect than
modeling yourself on the superficial things we think of "
hacking
" in
popular
culture.

TheMostIndepthHackersGuideby
DawoodKhan
7

Toreadmoreusethelinksbelow

BookVersion:
http://www.lulu.com/shop/dawoodkhan/themostindepthhackersguide/paperback/product22
468179.html

EbookVersion:
http://www.lulu.com/shop/dawoodkhan/themostindepthhackersguide/ebook/product224680
05.html

TheMostIndepthHackersGuideby
DawoodKhan
8