How to become a hacker? - Information Gathering

 Basically there are five steps in order to hack anything in this world:

·         Information Gathering

·         Scanning

·         Gaining Access

·         Maintaining Access

·         Covering Tracks

In this post I’ll write about Information Gathering.

Information Gathering:

                Information gathering is a very important technique in order to begin with hacking. It means to gather as much of information about the target either it can be a network, can be a company’s website anything you want. Information gathering can be classified in two groups:

·         Active

·         Passive

Active

Means you are directly interacting with the target.

For example:  the telephone calls or by meeting with the person to extract its company’s info. Let’s consider an instance that a person is working in some company and got irritated with them and he decides to hack the company’s confidential data from some computer now as a member of the Company he has got some rights to talk to any official person in his company. So, he will just interact with them and will gather the information whatever is best for him. This means he comes under active information gathering Technique.

Passive

Means you are indirectly interacting with the target.

                For example:  Either on the news channel or by the source of internet. In this case if some cracker wants to crack the security of any website the best source of information gathering will be GOOGLE. He will just type the name of the company and all his information required to hack will be on GOOGLE.

Methods to gather the information:

·         Ping technique:   Ping technique is the best method to know the IP address of any website. Ping is actually used to check whether the connection between the target and the attacker’s machine is maintained or not.

o   Go to Start  -> cmd and click open

o   Type command ‘ping <name of the website>’ ex: ping nptrick.tk

We get the IP address but what is the use of getting an IP address. This IP address plays actually a very vital role in any of the hacking technique. Everything depends simply on the ip address.

·         Reverse Lookup:  After finding the IP address its time for reverse lookup. Reverse lookup is a technique which is used to check for the hosting that the website on which an attacker is going to attack is on dedicated server or on shared server. A dedicated server will only hold a single website. And a shared server will hold number of websites hosted on one single website.

There are many online tools available that will check for the reverse lookup like:

o   http://www.yougetsignal.com/tools/websites-on-web-server/

o   http://www.ipchecking.com/

o   http://www.whois.sc/

o   http://www.domaintools.com/research/reverse-ip/

But apart from these online tools crackers usually prefer http://www.bing.com/ . The above techniques of information gathering are the best ones but there are some others like Domain Analysis in which the information about the DNS (Domain Name Service) are available.

·         Tools:

o   Netifera: Netifera is a tool which is used to gather the information through one single click. It is a very powerful tool which gives you a complete platform to gather the information about the target whatever the website you want to attack……………

How to do it is very simple. This tool is pre-installed in BACKTRACK – A Linux OS. The information which a cracker will gather be:

1.       IP ADDRESS

2.       REVERSE LOOK UP ( Check for shared or Dedicated)

3.       No. of websites hosted if it is shared

4.       DNS (DOMAIN NAME SERVICES) etc.

Now NETIFERA gives all such kind of information like this:

HOW TO OPEN NETIFERA:

                      Backtrack -> Information Gathering -> Network Analysis -> Network Scanners -> Netifera

Read More

VoIP Tutorial on SIP vulnerability & Exploitation: Part 1

What is SIP?

SIP is an application layer control protocol used for signaling in VoIP. It is the most widely used and supported protocol in VoIP today. Due to it being an open protocol. It is supported on a wide array of commercially available devices like the Linksys PAP2, Cisco Phones, and many, if not all, IP PBXs. The protocol is used to create two party, multiparty, or multicast sessions, and is independent of the transport layer, meaning that it can use TCP, UDP, SCTP, ATM, etc. for signaling, and is both IPv4 and IPv6 compatible. It is also a text based signaling protocol, using UTF-8 encoding. This allows for human readable SIP messages.

                SIP typically operates on the default port of 5060, and connects servers with clients and other endpoints. It is voice, and video, and data compatible. Throughout its development, SIP has allowed for delivery of many of the advanced call processing features of SS7, including ANI, CPN, and DNIS delivery.

SIP supports five parts of establishing and terminating communications:

1.       User Location

2.       User Availability

3.       User Capabilities

4.       Session Setup: establishment of call parameters at both called and caller ends.

5.       Session Management: transfer and termination, modifying session parameters, and invoking services.

SIP communicates via messages. These messages are typically communicated via headers, not unlike http.

Exploiting SIP vulnerability

The first thing you are going to do is run wireshark on a computer on the same subnet as the computer that will hold the conversation. If it is easier for you, this can be on the computer that is going to be running the softphone, or any other computer that can sniff the packets. For myself I found it easier to set up my laptop to monitor the conversation, but that’s just me.

Since I chose to monitor the conversation from another computer/IP, I am going to need to use some trick to ensure that I get both sides of the conversation. For this I will implement an ARP cache Poisoning attack. This is accomplished using Arpspoof. I simply opened a terminal and typed:

arpspoof –i ath0 192.168.1.1 (this is because the host i.e. router is at 192.168.1.1)

I will write more on ARP Spoofing on future posts.

Now, fire up Wireshark, and begin to capture packets on the interface that is connected to the network. In my case that was my Wi-Fi card: ath0. Next, initiate a call with the softphone we configured in the last tutorial, and have a lovely conversation with whomever. Stop logging packets after the conversation is complete, and take a look at what you’ve got. In wireshark, click on Analyze -> Decode As, and select SIP from the list, then click Apply. Go back to the list of captured packets, sort them by protocol, and highlight a packet that reads something like:

“RTP type=ITU-T G.711 PCMU, SSRC=blah blah blah”.

Next click on Statistics -> RTP -> Show All Streams. This will show you all of the RTP streams that you captured. One will be the Forward stream, and one will be the Reverse. You can usually tell because of the IP addresses, but there is also a “find the reverse stream” button. Click on the forward stream, shift + click on the reverse, and click on the Analyze button.

Another window will pop up, and will have a button on the bottom left labeled “Save Stream”… or something very similar. Click on it, select .au, name your file and save. You can use Audacity to convert the .au file into a .wav or .mp3.

In Part-2 of this tutorial we will explore brute forcing authentication, DoS attacks, and injecting Audio into ongoing conversations using RTP packet injection techniques.

Read More

Concept Of Hacking

Computer hacking is the practice of altering computer hardware and software to carry out a goal outside of the creator’s original intention. People who slot in computer hacking actions and activities are offend entitled as hackers.

                The term hacking can be termed as the art of breaching of the security of the admin panels or the control panels in order to extract the information. And the Principle of hacking also states that, “If a hacker or a malicious person wants to get into any system say server, computer systems or networks he/she will be there is nothing you can do to stop them. There’s only one thing you can do is to make it harder for them to enter into your security system.”

Always remember this quote that in this world nothing is 100% secure it’s just a matter of time that one day the security has to be broken.

Generally Hackers are divided into four classes:

Black Hat

Person having the extraordinary skill in hardware and software and implement their knowledge in the destructive manner. These are the persons whom definition in today’s world as a hacker. The Black Hat community actually does the hacking for the sake of enjoyment or revenge. As at present the Anonymous is famous as a Black Hat for taking revenge on the governments of different countries.

White Hat

Persons using their skills in a defensive way and secure their systems so that crackers do not gain access to these. And white hats are actually the persons who perform their skills to stop Black Hats. White Hats are also known as The HACKERS.

Grey Hat

Persons using their skills for both offensively and defensively. Grey Hats actually work in an offensive manner till when they got their rights but when time comes to take revenge they act like Black Hats.

Suicide Hackers

Those who do hacking and do not bother about if they have to spend 20 years in jail. This class of hackers are also known as the ‘script kiddies’. This class is basically a very dangerous class because these are young generation hackers and usually use the scripts that are made by others.

Read More

Why hire a hacker?

If you need a flat head screwdriver to remove a screw, would you use a cross head?

Of course you wouldn’t – it wouldn’t work for one reason. Similarly, if you needed to dig a hole would you use a spoon? While you’d get the job done the time wasted could be better invested elsewhere. It’s only natural to use the tool that’s been perfectly designed for the job yet, for some reason, when it comes to securing the corporate infrastructure, many are frightened by the idea of hiring a hacker. I believe they’re missing out.

                Not all hackers are the same so here are the skills, I believe, a hacker should display:

Out of the Box

My hacker definition sums this up perfectly. Rather than looking at how something should work, a hacker will approach it from a different angle. He won’t try your ‘security doors’ to make sure they’re locked, but instead push on the wall around to see if the bricks hold up and if the windows have glass – does the putty hold them in place.

‘No’ isn’t in his vocabulary

Tenacity is another key skill a hacker must possess – someone who doesn’t take ‘no’ for answer. Take a locked door – there are a number of ways of ‘opening’ it and a hacker will keep trying until he manages it. Of course the easiest way is to locate the key but, if one isn’t on hand, then can the lock be picked? Can it be drilled? What about cutting the lock out altogether? I think the phrase from a legendary film – You’re only supposed to blow the bloody doors off perfectly encapsulates a hacker’s enthusiasm to get the job done.

Morals of an alley cat

Now, before everyone starts baying for my blood, I don’t for one minute advocate paying a criminal for his services – unless they’re rehabilitated and you’re into second chances. However, a hacker needs to think and act like a criminal or what’s the point. Criminals don’t play by the rules and being afraid to push the boundaries is why a lot of companies end up experiencing breaches.

Porridge for breakfast

While I’ve said there’s no reason why a rehabilitated hacker shouldn’t be employed, it does raise serious concerns – primarily, why did they get caught? Professional hackers will pride themselves on their skill at infiltrating systems, undetected and will certainly not want to leave an electronic ‘fingerprint’. A criminal conviction shouldn’t be seen as a ‘qualification’ but rather testament that perhaps they’re not up to the job!

A big head

An egotistical hacker isn’t necessarily a brilliant hacker - in fact quite the reverse is often true. I’ve sat and listened to far too many people claiming responsibility for something that I’ve known they didn’t do – often because I was in fact responsible, but that’s for another time.

                There are a number of reasons why bragging is a bad trait in a hacker:

·         They should be able to prove their ability rather than just talk about it

·         If they’re loose lipped they could inadvertently expose the organization to ridicule

·         A hacker likes nothing better than ridiculing someone else’s inadequacy

SOURCE: Dominique karg – chief hacking officer at alienvault

Read More