How to learn Ethical hacking Freely

Ethical hacking Overview , This post is belongs to the module of How to learn Ethical hacking Freely

Here you learn what is the role of an ethical hacker and what you can and what you cannot do as an ethical hacker.One more thing i want to mention that It Takes Time to Become a Hacker. So have pateince and google is the best way you can learn.

Hacking is a hobby, a lifestyle, and an attitude , A drive to figure out how things work.Before Starting you must know about what is hacking and the type Of hackers. Continue reading “How to learn Ethical hacking Freely”

Types of hacker

Types of hacker !!

Several subgroups of the computer underground with different attitudes and aims use different terms to demarcate themselves from each other, or try to exclude some specific group with which they do not agree, they give more emphasis to a spectrum of different categories, such as white hat, grey hat, black hat

and script kiddie.

A Cracker or Cracking is to “gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system”. These subgroups may also be defined by the legal status of their activities. Continue reading “Types of hacker”

Skills Required to become a Computer hacker

Following are some must know things for a hacker or you can say requirements of hacker or Skills Required to become a Computer hacker
Skills Required to become a Computer hacker
Skills Required to become a Computer hacker
Operating System:
As a hacker you must have upper hand skills in Operating systems Windows, Linux and Unix. Once you master Linux and Unix you’ll hardly face problem getting yourself on MAC. As we’ll move further we will cover both of them in short and then slowly move our level to advanced.
Networking:
A hacker must have expertise in field of networking even if you don’t have them you must be knowing about some basic terms used in networking. Please click on following links and try to grasp topics as thoroughly as you can.
The reality is that a hacker should know networking to best level. Just knowing above terms is not sufficient though you’ll not encounter that much problem while learning. We still recommend you buying a book on networking that should cover networking to level of pin points. My personal favor is to book Data Communication And Networking by Behrouz Forouzan
Knowledge About Setting Up And Configuring Servers:
Yes that is necessary for a hacker so when we will move ahead with flow. We will cover configuring IIS 7, Apache, Vertrigo on Windows and Apache on Linux. Both HTTP and FTP servers will be covered.
Programming:
Absolutely no one can deny all best hackers in world have master hand in programming. Following are must know programming languages but you can even make things work even if you don’t know them. In any case I would recommend you learn programming.
HTML, C, C++, Java, SQL, Python, Perl, PHP and Ruby.
At most basic level my advise will be you must know HTML, C, SQL, PHP and ruby.
Tools:

Backtrack is platform which is specially crafted and designed for penetration testing. Metasploit is framework that is used to create and experiment with exploits and payloads. Both are must for a hacker today. Alternative to Backtrack is Knoppix Security Edition and Mautrix, if you master Bactrack you’ll easily master both of them. So I will not leave them apart from our list, we’ll also cover them.

Disclaimer : This information is just for educational purpose. If someone use in malicious activity then only he is responsible for it.

Hacking – Tips for Learner

Many people on net impressed by the word “hacking” might do a little search on google about learning hacking. No doubt, they are at the right place. I would have rather use words – they are on the right track but will they open up the right door and gain something or they will just end up becoming a victim them self. Continue reading “Hacking – Tips for Learner”

How can I browse anonymously ?? | Anonymous Surf | Web anonymizer |

Anonymous Surf
How can I browse anonymously or stay invisible online ? Is these among those questions which bother you for keeping your privacy online. Anonymizers, proxy servers, VPN and VPS are some options that can help you out. All above services are also offered as paid service but for here we will just have our look on free services. Continue reading “How can I browse anonymously ?? | Anonymous Surf | Web anonymizer |”

How Can We Hack ??

How Can We Hack
Before start to learn How Can We Hack or  Hacking you must have the deep knowledge  of hacking means from most basic.

Whenever term hacker comes before many people consider it as a guy sitting inside a room or garage with a bottle or beer and a Laptop or Desktop doing wonders on click of buttons. But the reality check is hacking is not that easy as portrayed in movies and television and term hacker doesn’t mean a computer criminal. Continue reading “How Can We Hack ??”

Ethical Hacking – how to start learn hacking ?

As many of newbies asking this quetion so for all these people who are new at this whole Scenerio and do not really understand what hacking is all about and where to begin, I offer up these links to some great places to start learning.

Ethical Hacking - how to start learn hacking
Ethical Hacking – how to start learn hacking

News:
www.digg.com
www.slashdot.org

Presentations:
http://www.lessig.org/freeculture/free.html  <– A speech given talking all about the problems facing culture when dealing with copyright and other digital laws.

Podcasts:
http://www.grc.com/SecurityNow.htm <– This is fantastic for people who are new to the field.  If you have the time or motivation, go back and listen to them from day 1, they assume you know very little if anything and hit on all of the major topics in the security field.  Fantastic show.

IPTV Shows:
http://www.binrev.com/ <– Produce a good IPTV show and also have forums that are usually helpful.
http://www.hak5.org  <— Duh….

Tutorial sites:
http://www.remote-exploit.org  <– Pretty good resources, some very nice video tutorials on various exploits.  Defiantly check out the tutorial section.
http://www.irongeek.com/ <– Excellent tutorials/information/articles.
http://www.antionline.com/ <– Tutorials, tools and forums full of helpful people.

Programming Related:
Teach Yourself C in 21 Days: http://neonatus.net/C/index.html
Teach Yourself C++ in 21 Days: http://cma.zdnet.com/book/c++/
The Art of Assembly Language Programming: http://maven.smith.edu/~thiebaut/ArtOfAssembly/artofasm.html
Microsoft Developers Network: http://msdn.microsoft.com
—-Web Programming:
HTML: http://www.w3schools.com
PHP: http://www.php.net
ASP.NET: http://www.asp.net/Default.aspx?tabindex=0&tabid=1
SQL: http://www.mysql.com
Perl: http://www.perl.com/
Python: http://www.python.org

Security Related:
SecurityFocus: http://www.securityfocus.com/
Milw0rm: http://www.milw0rm.com
SecurityForest: http://securityforest.com/wiki/index.php/Main_Page

If you are interested in websec (web security) you should pretty much understand the different protocols on the web, i.e TCP/IP, FTP, HTTP, SSH, etc.

Knowledge of HTML, PHP, ASP, SQL, Perl, and Python is good.

HTML: http://www.w3schools.com
PHP: http://www.php.net
ASP.NET: http://www.asp.net/Default.aspx?tabindex=0&tabid=1
SQL: http://www.mysql.com
Perl: http://www.perl.com/
Python: http://www.python.org
Tools:
http://www.insecure.org/nmap/
http://www.cirt.net/code/nikto.shtml
http://www.nessus.org/
http://www.metasploit.com/

 

Video Resources:
Watching/reading papers or videos from past conventions such as Shmoocon, DefCon, or BlackHat, is a good idea.

And last but not he least is Crazylearner.

May be some of the best site is still left. so share your best site in comment section.Please contribute to this post.

keep visitnig

Disclaimer : This information is just for educational purpose. If someone use in malicious activity then only he is responsible for it.

List of Top 5 Ethical Hacking Course

List of Top 5 Ethical Hacking Course

One of my reader ask me about Ethical courses so i try to put little info about top 5 ethical hacking course.And its also a first module on How To Learn Ethical Hacking

List of top 5 ethical hacking course
List of top 5 ethical hacking course

 

CEH (Certified Ethical Hacker)

The Certified Ethcial Hacker is a professional certification provided by EC-Concil. EC-council is world’s largest computer security certification provider organisation.A  Certified Ethical Hacker has obtained a certification in how to look for the vulnerabilities in the target systems and uses the same knowledge and tools.
A Starting Salary of a Certified Ethical Hacker according to Payscale is around $75000 USD

CHFI (Computer Hacking Forensic Investigator)

The Certified Hacking Forensic Investigator is a professional certification provided again by EC-COUNCIL. This certification is designed to look at network security in its investigation phase, detecting attacks and properly extracting evidence to report the crime adn conduct to prevent future attacks.
A Starting Salary of a Certified CHFI according to Payscale is around $85000 USD

ECSA ( EC-Council Certified Security Analyst)
ECSA is a professional certification provided by EC-Council. The ECSA Certification is a complementary certification to EC-COuncil’s CEH certification by exploring the analytical phase of ethical hacking.
A Starting Salary of a ECSA  according to Payscale is around $75000 USD

CISA (Certified Information System Auditor)

CISA is a professional certification for information technology audit professionals sponsored by the Information System and Control Association. Candidates for the certification must meet requirements set by ISACA.
A Starting Salary of a CISA according to Payscale is around $84000 USD

CISSP (Certified Information Systems Security Professional)

CISSP is an independent information security certification governed by not-for-profit. CISSP was the first information security credential accredited by ANSI ISO/IEC Standard 17024:2004 accreditation. It is formally approved by U.S. Department of Defense in both their Information Assurance Technical and Managerial Categories.
A Starting Salary of a CISSP according to Payscale is around $1,29,829 USD

IT infrastructure in software companies

In this post i am gonna tell you, about how IT infrastructure is organized in Multinational  software companies.This post can also be used as a reference for non software companies also.With technology infrastructure i mean how various people are connected with each other , how mails and other message applications are organized .We are not going into details of development infrastructure.We are only going into details of the underlying support infrastructure.

So what are the requirements of IT infrastructure ?

First of all IT infrastructure should connect each and every person of the company irrespective of office location.

IT infrastructure should also connect each and every department of the company with each employee of the company irrespective of office location.

The communication should be fast .The communication should not be delayed.

The communication channel should be broad . If one person wants to share a file with other person , proper channel must be there .

It should be secure .

Various infrastructure channels and tools must be accessed at a click of a mouse.

Various software and hardware tools which are used to implement this IT infrastructure.

Lets start with core of IT infrastructure .The core consists of intranet.

Suppose my company is located in different locations across the world.Each of this location can contain one or more offices. The systems in these offices are connected to each other . The offices in one location are connected to each other

likewise all offices in all other locations are connected .These locations which may spread across the world are also interconnected.This forms the intranet of a company.

Basic intranet is comprised of hardware and software .Hardware includes cable , servers , routers and various other equipments . Software comprises of servers like unix or windows server and some other tools which are basically hidden from the end employee.

But this is the core and nothing to do with most of employees except IT department which handles and maintain these resources.

Applications for IT infrastructure

Most important application in IT infrastructure is email.Every company maintains it email policy .Each employee of the company is given a company email id like employee.name@company.com.

Now the email technology is privately employed by company.For example a company may choose to microsoft platform to implement their email infrastructure .Example of software are microsoft exchange sever and microsoft outlook.

IT infrastructure in software companies
IT infrastructure in software companies

Besides email company maintains a chat type software known as office communicator . This software can be used to communicate with any employee of the company. Besides chatting this software can be used to share files , share screens ,allowing remote control etc .One such example of this tool is Microsoft lync.

IT infrastructure in software companies
IT infrastructure in software companies

Next for security purposes , a desktop and server monitoring tool is also installed in each and every system.This tool maintains logs of system usage.

Another thing is that each and every employee has an employee id . This id is synchronized with your company email id.

You can use this id to login into your system and other software tools.

Another important hardware which is connected to company intranet is voice over ip phone .Most of the employees are provided with ip phone .

Another software tool is support system .This software is maintained at company intranet .Whenever you need help or resource with any department of company raise a call (known as ticket ) on this application,Your query will be solved in 24 hrs max by the concerned department employee.From hairpin to airplane ticket anything can be availed with this system.

Now suppose you are not in any company office and want to access your mails or in short company intranet.How will you do that ? You can use internet to connect to your company intranet with vpn.

SAP tools are used to maintain employee information like his salary and other information.

Remember intranet is protected by very powerful firewalls and everything is logged .

So this forms the brief view of technology infrastructure of most companies.

For more articles like this visit www.crazylearner.org

How to bye pass Firewall 2

Welcome back in section of How to bye pass firewall. Earlier we discuss about Identification of Firewall in post How to bye pass Firewall. In this post we discuss about tools to bye pass the firewall and study about Its technique.

How to bye pass Firewall 2
How to bye pass Firewall

Breaching Firewalls

One of the easiest and most common ways for an attacker to slip by a firewall is by installing network software on an internal system, which communicates by using a port address permitted by the firewall’s configuration

  • A popular port is TCP port 80, which is normally used by web server
  • Many firewalls permit traffic using port 80 by default

Byepassing a firewall using HTTP Tunnel

Httptunnel creates a bi-directional virtual data path tunneled in HTTP requests. The requests can be sent via an HTTP proxy, if desired.

Placing Backdoors through Firewall

The Reverse WWW Shell
This backdoor should work through any firewall that allows users to surf the WWW. A program is run on the internal host, which produces a child everyday at a special time.

  • For the firewall, this child acts like a user; using the browser client to surf the Internet. In reality, this child executes a local shell, and connects to the WWW server operated by the hacker via a legitimate-looking http request, and sends a stand-by signal
  • The legitimate-looking answer of the WWW server operated by the hacker is, in reality, the command the child will execute on its machine in the local shell.

Hiding behind a Covert channel : Loki

LOKI is an information tunneling program.
LOKI uses Internet Control Message Protocol (ICMP) echo response packets to carry its payload. ICMP echo response packets are normally received by the Ping program, and many firewalls permit the responses to pass

Simple shell commands are used to tunnel inside ICMP_ECHO/ICMP_ECHOREPLY and DNS name lookup query/reply traffic. To the network protocol analyzer, this traffic seems like ordinary packets of the corresponding protocol. However, to the correct listener ( the LOKI2 daemon), the packets are recognized for what they really are.

Tools to Bye Pass Firewall

007 Shell

007 Shell is a covert shell ICMP tunneling program. It works similar to LOKI. 007 Shell works by putting data streams in the ICMP message past the usual 4-bytes (8-bit type, 8-bit code, and 16-bit checksum)

ICMP Shell

ICMP Shell (ISH) is a telnet-like protocol. It provides the capability of connecting a remote host to an open shell, using only ICMP for input and output The ISH server runs as a daemon on the server side. When the
server receives a request from the client, it will strip the header and look at the ID field. If it matches the server’s ID, then it will pipe the data to “/bin/sh.” It will then read the results from the pipe and send them back to
the client, where the client then prints the data to stdout.

UltraSurf (Download)

 

tools-How to bye pass Firewall

ultrasurf

A free circumvent software available online, perhaps powerful enough to bypass any industry level firewall at its default configuration.It enables users to browse any website freely just the same as using the regular browser while it automatically searches the highest speed proxy servers in the background.

AckCmd

AckCmd is a client/server combination for Windows 2000 that opens a remote command prompt to another system (running the server part of AckCmd). It communicates using only TCP ACK segments. This way the client component is able to directly contact the server component through the firewall.

Tor(Download)

tools used for byepass firewall
tools used for byepass firewall

Tor is a system intended to enable online anonymity, composed of client software and a network of servers which can hide information about users’ locations. Tor provides perfect anonymity it makes it more difficult to trace internet traffic to the user, including visits to Web sites, online posts, instant messages, and other communication forms.

Hope you enjoy above sessions. Keep visiting 🙂