You have probably heard of network hacking before, Right? But how exactly does one go about it? In this Tutorial i plan to teach you the basics in VERY simple & easy to understand ways and terminology (Big word, yes i know. If you are confused by the word terminology, Please grab the nearest fist and shove it in your... Um, Face.) Steps To Successfully "Hacking" a "Network": Footprinting: Footprinting is the first thing you SHOULD do in order to successfully hack a network. Footprinting is the act of collecting as much data/information about the network/computer system as possible. Doesn't really seem that important, but the information you gain from this task will help you in the long run. Things you should try and recover: Email's Names & Numbers (Depending on the severity of your attack) What the company does. And any other related information that you can find. But how does one go about collecting this information. Give *THIS SITE* a visit. The amount of information you can recover is amazing. Also, one of the most important bunch of numbers you will almost ever come across when "network hacking". The ip address. There are many tools/sites that will do this (even the command prompt). But I use THIS SITE as it is much easier than anything else Finding Open Ports (Port Scanning) When you perform this task you collect some relevant information that will lead you down a successful path on your way to bringing you helpless victim down (In a educational way ov course ). By finding open ports, you can learn what services are running on them, then possibly exploit them . Programs to port scan: There are HEAPS out there. But for me nothing beats nmap. ( *DOWNLOAD HERE* ) just put your target, and put there url in the box and hit scan... Now was that hard? You will notice the different profiles. I would recommend using "intense scan" for less detection rates. I believe that nmap also has a operating system function which would come in EXTREMELY HANDY. Be careful with it tho as it will be very loud and could blow your cover. Now that you have scanned you victim, hopefully you will see some open ports, Yes? good. This list below list the most common ports (lowest to highest) in use today: 20 FTP data (File Transfer Protocol) 21 FTP (File Transfer Protocol) 22 SSH (Secure Shell) 23 Telnet 25 SMTP (Send Mail Transfer Protocol) 43 whois 53 DNS (Domain Name Service) 68 DHCP (Dynamic Host Control Protocol) 80 HTTP (HyperText Transfer Protocol) 110 POP3 (Post Office Protocol, version 3) 137 NetBIOS-ns 138 NetBIOS-dgm 139 NetBIOS 143 IMAP (Internet Message Access Protocol) 161 SNMP (Simple Network Management Protocol) 194 IRC (Internet Relay Chat) 220 IMAP3 (Internet Message Access Protocol 3) 443 SSL (Secure Socket Layer) 445 SMB (NetBIOS over TCP) 1352 Lotus Notes 1433 Microsoft SQL Server 1521 Oracle SQL 2049 NFS (Network File System) 3306 MYSQL 4000 ICQ 5800 VNC 5900 VNC 8080 HTTP Phew... Banner Grabbing OK now "Banner Grabbing" is something you can do if you want to "exploit" one of there services (You need to port scan before doing this). It is the act of getting the program running on the open port that you scanned before. You will be using the command prompt for this. Example scenario: Just scanned my target and found that port 3306 (Use the port list i included above to find out what each port is for.) I would open up CMD and type the following: telnet http://www.yourvictim.com 3306 (or the port of your choice) You will then get some information back, kinda like a banner (Hence why it is called "Banner Grabbing"). It should give you a name of the program running on that port. You will then need to exploit it (IF POSSIBLE). Once you have the program name and version (when you did the telnet command, you should have got these). You will need to check that program on a exploit database (See THIS thread for some good exploit databases). If the program has a exploit, USE IT and take control of you victim with ease... If you cant find a exploit, try a different port and repeat the steps above. Penetrating (Using Exploits) Before we get started, I want to list some of the different TYPES of exploits: Perl PHP Python C C++ They are the most common types of exploits Now i need to explane exactly how this all works, i am gonna try to do it with simplicity. Ok say you have done all the banner grabbing stuff, and you found the program running that port and you have looked it up on a exploit database, And you found a exploit. We will say that the exploit we found was a DOS one (The program has a weakness to this specific DoS exploit). You could run it against the victim AND BAM. You win!!! Of course you will need to know how to actually "RUN" the exploit. I might write another tutorial on running them, but for now this is it. If you would like to write a tutorial on "Running exploits" or there is already one on HC, please tell me and i will link it in this tutorial. If you know how to run exploits then have fun (I am sure you could find one on Google somewhere) |
Online tools to check your website...
Check to see if your site is banned from Google:
http://www.iwebtool.com/google_banned
Check the future predictions of your page ranks:
http://www.iwebtool.com/pagerank_prediction
Find out what keywords are popular are your website:
http://www.iwebtool.com/keyword_density
Find those backlinks linking to you, their Description, Language and Size.
http://www.iwebtool.com/backlink_checker
This tool will display up to 10 popular keywords matching your initial keyword
http://www.iwebtool.com/keyword_suggestion
Find how many links your domain has on the most common search engines
http://www.iwebtool.com/link_popularity
Check your website's Google PageRank on major Google datacenters instantly
http://www.iwebtool.com/pagerank_checker
Use this online tool to see what your ranking is. Find out how popular your website is to users and search engines.
http://www.iwebtool.com/rank
Use this tool to check what search engine position you have for Google and Yahoo
http://www.iwebtool.com/search_engine_position
Create a preview of how your website will appear on Google, MSN and Yahoo Search
http://www.iwebtool.com/search_listings_preview
Find out how Spider bots view your website. This includes most major search bots including Google, MSN and Yahoo!
http://www.iwebtool.com/spider_view
View the PageRank of links visually rather than in text.
http://www.iwebtool.com/visual_pagerank
See the source code of any online sites. Find out exactly how those websites are made!
http://www.iwebtool.com/code_viewer
View a site's meta information, you can also copy and paste the tags onto your website.
http://www.iwebtool.com/metatags_extractor
Extract links from a specific web page.
http://www.iwebtool.com/link_extractor
Extract the HTTP Headers of a server. Find out exactly what your browser reads.
http://www.iwebtool.com/http_headers
Get rid of all those extra white spacing in your HTML websites using this tool. Optimize your sites for faster load.
http://www.iwebtool.com/html_optimizer
Hide all your HTML source code simply with this html encrypter. Prevent your code from being stolen by other web***s.
http://www.iwebtool.com/html_encrypter
http://www.iwebtool.com/google_banned
Check the future predictions of your page ranks:
http://www.iwebtool.com/pagerank_prediction
Find out what keywords are popular are your website:
http://www.iwebtool.com/keyword_density
Find those backlinks linking to you, their Description, Language and Size.
http://www.iwebtool.com/backlink_checker
This tool will display up to 10 popular keywords matching your initial keyword
http://www.iwebtool.com/keyword_suggestion
Find how many links your domain has on the most common search engines
http://www.iwebtool.com/link_popularity
Check your website's Google PageRank on major Google datacenters instantly
http://www.iwebtool.com/pagerank_checker
Use this online tool to see what your ranking is. Find out how popular your website is to users and search engines.
http://www.iwebtool.com/rank
Use this tool to check what search engine position you have for Google and Yahoo
http://www.iwebtool.com/search_engine_position
Create a preview of how your website will appear on Google, MSN and Yahoo Search
http://www.iwebtool.com/search_listings_preview
Find out how Spider bots view your website. This includes most major search bots including Google, MSN and Yahoo!
http://www.iwebtool.com/spider_view
View the PageRank of links visually rather than in text.
http://www.iwebtool.com/visual_pagerank
See the source code of any online sites. Find out exactly how those websites are made!
http://www.iwebtool.com/code_viewer
View a site's meta information, you can also copy and paste the tags onto your website.
http://www.iwebtool.com/metatags_extractor
Extract links from a specific web page.
http://www.iwebtool.com/link_extractor
Extract the HTTP Headers of a server. Find out exactly what your browser reads.
http://www.iwebtool.com/http_headers
Get rid of all those extra white spacing in your HTML websites using this tool. Optimize your sites for faster load.
http://www.iwebtool.com/html_optimizer
Hide all your HTML source code simply with this html encrypter. Prevent your code from being stolen by other web***s.
http://www.iwebtool.com/html_encrypter