API tools faq
paste
Advertisement
johnmahugu

how to become a hacker (whitehat greyhat blackhat etc)

johnmahugu
Jul 6th, 2015
1,754
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.61 KB | None | 0 0
raw download clone embed print report
  1. How to Become a Hacker
  2. ---------------------------------
  3. 1. Learn TCP/IP, Basic Information gathering, Proxies, Socks, SSL, VPN, VPS, RDP, FTP, POP3, SMTP, Telnet, SSH.
  4. 2. Learn Linux, Unix, Windows - You can do this using vmware or any virtual desktop utility.
  5. 3. Learn a programming language that's compatible with all OS - Perl, Python, C .
  6. 4. Learn HTML, PHP, Javascript, ASP, XML, SQL, XSS, SQLI, RFI, LFI
  7. 5. Learn Reverse engineering and crack some programs for serials easy ones like mirc, winzip, winrar or old games.
  8. 6. Code a fuzzer for common protocols - ftp, pop3, 80, 8080 - Pick some free software like ftp server, mail server, apache or iis webserver or a webserver all-in-one pack, or teamspeak, ventrilo, mumble.
  9. 7. Code a tool that uses grep to sort out unique code in source codes.
  10. 8. Make a custom IPtable, IPsec firewall that blocks all incoming traffic and out going traffic and add filters to accept certain ports that your software or scripts use.
  11. 9. Pick a kernel in linux or unix, also pick a Microsoft OS version lets say Winxp pro sp2 put them on the virtual desktops (vmware) and find and code a new local exploit in those versions, then install a Apache webserver on the Linux/Unix and a IIS webserver on the winxp pro and attempt to find and code a new local reverse_tcp_shell exploit.
  12. 10. Learn Cisco Router and Switch configuration and setup.
  13. 11. Learn Checkpoint Setup and Config
  14. 12. Learn Wifi scanning, cracking, sniffing.
  15. 13. Pick a person in you phonebook for the area code you live in or city then ring the person on a anonymous line like skype or a payphone or a carded sim and attempt to social engineer the person for his name, address, data of birth, city born, country born, ISP connected with, Phone company connected with, What bank he/she uses and anything else you can get. Then Attempt to ring using a spoof caller ID software with the person's phone number - call the ISP and try reset the password to his/her internet connection/ webmail, get access to bank account or ask them to send out a new *** to a new address (drop) with a new pin, reset of phone company passwords.
  16. 14. Use your information gathering skills to get all the information off a website like a shop then use the spoof callerID software or hack your phone to show a new number of the Webserver's Tech Support number then ring the shop owner and try get the shop site password.
  17. 15. Do the same thing but attempt to use a web attack against a site or shop to gain admin access.
  18. 16. Once got access upload a shell and attempt to exploit the server to gain root using a exploit you coded not someone else s exploit.
  19. 17. Make your own Linux Distro
  20. 18. Use your own Linux Distro or use a vanilla Linux gnome (not kde) keep it with not much graphics so you can learn how to depend on the terminal and start from scratch install applications that you will only need for a blackbox (Security test box), make folders for fuzzers, exploits, scanners..etc Then load them up with your own scripts and other tools ( By this stage you shouldn't need to depend on other peoples scripts).
  21. 19. Learn macosx and attempt to gain access to a Macosx box whether it be your own or someones else s.
  22. 20. Create a secure home network and secure your own systems with your own Security policies and firewall settings.
  23. All this isn't a over night learning it will take a nice 3 - 4 years to learn a bit of this 5+ years to learn most of it and even then you may need time to keep learn as IT keeps changing everyday.
  24. Okay first off, I did not write this entire thing. I give the credit to AnonOps IRC #setup channel, Im just sharing these tools to anyone who needs them ;). Happy hacking newbloods.
  25.  
  26. I will be updating this list with more tools soon.
  27.  
  28. **[DD/MM/YYYY]
  29. **UPDATED 07/07/2015
  30.  
  31. IMPORTANT!!: Always use a VPN when using these tools: https://newblood.anonops.com/vpn.html and #opnewblood
  32.  
  33. Links:
  34. https://anonops.com
  35. https://webchat.anonops.com
  36.  
  37. Useful Channels:
  38. #opnewblood
  39. #setup
  40. #ddos
  41. #hackers
  42. #tutorials
  43. #k35h
  44.  
  45.  
  46. .::HACKING TOOLS::.
  47. ----------------------
  48.  
  49.  
  50.  
  51. .::Languages::.
  52. -----------------
  53.  
  54. -> [Python]
  55. Download: http://www.python.org/download/
  56. Information: https://docs.python.org/3/
  57. Features: Hacker tier programming language, a must have download to run a lot of the programs listed below.
  58.  
  59. -> [Perl]
  60. Download: https://www.perl.org/get.html
  61. Information: https://www.perl.org/docs.html
  62. Features: Perl 5 is a highly capable, feature-rich programming language with over 26 years of development. A must have to run many of the below programs.
  63.  
  64. -> [PHP]
  65. Download: http://php.net/downloads.php
  66. Information: http://php.net/docs.php
  67. Features: PHP is a popular general-purpose scripting language that is especially suited to web development. Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world.
  68.  
  69.  
  70.  
  71. .::DDoSers::.
  72. -----------------
  73.  
  74. -> [Pyloris]
  75. Download: http://sourceforge.net/projects/pyloris/ [and] http://motomastyle.com/pyloris/
  76. Pyloris Tutorial: http://pastebin.com/MTyHYXJe
  77. Pyloris Usage: http://motomastyle.com/usage/
  78. Tor Switcher: http://pastebin.com/dMaMrii9
  79. Features: PyLoris for [Windows, MacOs X, Linux] is a scriptable tool for testing a servers vulnerability to connection exhaustion. Tkinter GUI, Scripting API, Anonymity, TOR Proxying, SOCKS Proxying, denial of service [DoS] attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.
  80.  
  81. -> [Hping]
  82. Download: http://www.hping.org/ [and] http://wiki.hping.org/94
  83. Getting Started with hping3: http://wiki.hping.org/94
  84. Installation Guide/Usage: http://pastebin.com/wpQf54sS [and] http://wiki.hping.org/94
  85. Features: Hping is a packet generator and analyzer for the TCP/IP protocol. Supports TCP, UDP, ICMP and RAW-IP protocols,, command-line oriented TCP/IP packet assembler/analyzer.
  86.  
  87. -> [TorsHammer]
  88. Download: http://packetstormsecurity.org/files/98831
  89. Installation Guide: http://pastebin.com/DMYUCxup
  90. Features: Tors Hammer for Linux is a Slow POST tool. Kills most unprotected web servers running Apache and IIS via a single instance. Kills Apache 1.X and older IIS with ~128 threads, newer IIS and Apache 2.X with ~256 threads. It can also be run through the Tor network to be anonymized.
  91.  
  92. -> [THCSSL]
  93. Download [Windows]: http://www.thc.org/thc-ssl-dos/thc-ssl-dos-1.4-win-bin.zip
  94. Download [UNIX]: http://www.thc.org/thc-ssl-dos/thc-ssl-dos-1.4.tar.gz
  95. Information: http://www.thc.org/thc-ssl-dos/
  96. Features: The tool departs from traditional DDoS tools. It does not require any bandwidth and just a single attack computer [Bot]. THC-SSL-DOS exploits asymmetric property by overloading the server and knocking it off the Internet.
  97.  
  98. -> [HOIC]
  99. Download: http://www.mediafire.com/?jkc7924jsa0161z
  100. Guide/Example: http://pastebin.com/csqLqY9N
  101. HOIC Tutorial: http://pastebin.com/A07EiA98
  102. Features: HOIC [High Orbit Ion Cannon] is an Windows executable file with a GUI screen. High-speed multi-threaded HTTP Flood, Flood up to 256 sites at once, Use of Boosters to increase DoS output, and more.
  103.  
  104. -> [Slowloris]
  105. Download [Linux]: http://ha.ckers.org/slowloris/
  106. Installation Guide: http://pastebin.com/qPTcedu2
  107. Requirements: This is a Perl program requiring the Perl interpreter with the modules IO::Socket::INET, IO::Socket::SSL, and GetOpt::Long.
  108. Features: Slowloris for Linux holds connections open by sending partial HTTP requests. Set the port Slowloris is flooding, add the Number of Sockets you want to open, and more.
  109.  
  110.  
  111.  
  112. .::Network Scanners and Sniffers::.
  113. ---------------------------------------
  114.  
  115. -> [dsniff]
  116. Download dsniff: http://monkey.org/~dugsong/dsniff/
  117. Information: http://monkey.org/~dugsong/dsniff/faq.html
  118. Features: dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data [Passwords, e-mail, files, etc.]. Also has ARPspoof, DNSspoof, and MACof facilitate the interception of network traffic normally unavailable to an attacker. [e.g, due to layer-2 switching]. SSHMITM and WebMITM implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
  119.  
  120. -> [Nipper]
  121. Download: http://sourceforge.net/projects/nipper/?source=directory
  122. Features: This software will be used to make observations about the security configurations of many different device types such as routers, firewalls, and switches of a network infrastructure.
  123.  
  124. -> [Uniscan]
  125. Download: http://sourceforge.net/projects/uniscan/
  126. Information: http://dougpoer.users.sourceforge.net/documentacao.php
  127.  
  128. -> [WPScan]
  129. Download: http://wpscan.org/
  130. Features: WPScan is a black box WordPress vulnerability scanner.
  131.  
  132. -> [UNIX-Privesc-Checker]
  133. Download: http://pentestmonkey.net/tools/audit/unix-privesc-check
  134. Features: This is a script that runs on UNIX systems. It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. databases).
  135.  
  136. -> [Cintruder]
  137. Download: http://sourceforge.net/projects/cintruder/
  138. Information: http://cintruder.sourceforge.net/#docs
  139. Features: Captcha Intruder is an automatic pentesting tool to bypass captchas.
  140.  
  141. -> [Wireshark]
  142. Download: https://www.wireshark.org/download.html
  143. Information: http://www.wireshark.org/docs/
  144. Features: Wireshark is a network protocol analyzer for UNIX and Windows. Similar to aircrack-ng.
  145.  
  146. -> [CMSexplore]
  147. Download: https://code.google.com/p/cms-explorer/downloads/list
  148. Information: https://code.google.com/p/cms-explorer/wiki/Usage
  149. Features: CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running. It can be used to aid in security testing. While it performs no direct security checks, the explore option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible.
  150.  
  151. -> [NetworkMiner]
  152. Download: http://sourceforge.net/projects/networkminer/
  153. Information: http://sourceforge.net/apps/mediawiki/networkminer/index.php?title=NetworkMiner
  154. Features: NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic.
  155.  
  156. -> [Nmap]
  157. Download: http://nmap.org/download.html
  158. Features: Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing.
  159. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services [application name and version] those hosts are offering, what operating systems [and OS versions] they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
  160.  
  161. -> [Nikto]
  162. Download: https://cirt.net/Nikto2
  163. Features: includes over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
  164.  
  165. -> [ACPF]
  166. Download: http://packetstormsecurity.com/files/92222/Admin-Control-Panel-Finder-2.0.html
  167. Features: Admin control panel finder.
  168.  
  169. -> [Cain & Abel]
  170. Download: http://www.oxid.it/cain.html
  171. Features: Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
  172.  
  173.  
  174.  
  175. .::Password and Hash Cracking::.
  176. ----------------------------------
  177.  
  178. -> [HashcatPlus]
  179. Download: http://hashcat.net/oclhashcat/
  180. Information: http://hashcat.net/wiki/
  181. Note: Check GPU driver requirements.
  182. Features: oclHashcat-plus is a GPGPU-based multi-hash cracker using a brute-force attack [implemented as mask attack], combinator attack, dictionary attack, hybrid attack, mask attack, permutation attack, and rule-based attack.
  183.  
  184. -> [JohnTheRipper]
  185. Download: http://www.openwall.com/john/
  186. Information: http://www.openwall.com/john/doc/
  187. Features: Its primary purpose is to detect and crack weak UNIX passwords.
  188.  
  189. -> [Aircrack-ng]
  190. Download: http://www.aircrack-ng.org/downloads.html
  191. Information: http://www.aircrack-ng.org/doku.php?id=Main
  192. Features: It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.
  193.  
  194. -> [HashID]
  195. Download: https://github.com/psypanda/hashID/tree/26f455dc94d7c3985411a837fdc5821f98edbbd7
  196. Features: Supports 93 hash algorithms.
  197.  
  198. -> [RainbowCrack]
  199. Download: http://project-rainbowcrack.com/index.htm
  200. Features: RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.
  201.  
  202. -> [Ncrack]
  203. Download: http://nmap.org/ncrack/
  204. Features: Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
  205.  
  206.  
  207.  
  208. .::SQL Injection and XSS::.
  209. ---------------------------
  210.  
  211. -> [SQLmap]
  212. Download: http://sqlmap.org/
  213. Information: https://github.com/sqlmapproject/sqlmap/wiki
  214. Features: SQLmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
  215.  
  216. -> [XSSer]
  217. Download: http://sourceforge.net/projects/xsser/files/?source=navbar
  218. Information: http://xsser.sourceforge.net/#docs
  219.  
  220. -> [Darkd0rk3r]
  221. Download: http://packetstormsecurity.com/files/117403/Dark-D0rk3r-1.0.html
  222. Features: Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. Used to find LFI and SQLi.
  223.  
  224. -> [Havij]
  225. Download: http://itsecteam.com
  226. Features: Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application.
  227.  
  228.  
  229.  
  230. .::Miscellaneous::.
  231. -------------------------
  232.  
  233. -> [Image-EXIFtool]
  234. Download: http://www.sno.phy.queensu.ca/~phil/exiftool/
  235. Information: http://stuff.mit.edu/afs/athena/contrib/graphics/src/Image-ExifTool-6.99/html/ExifTool.html
  236. Features: The Image::ExifTool library provides an extensible set of Perl modules to read and write meta information in a wide variety of image, audio and video files.
  237.  
  238. -> [QuickStego]
  239. Download: http://quickcrypto.com/download.html
  240. Information: Steganography is the science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message. So hide text messages within an image.
  241.  
  242. -> [Social Engineering Toolkit]
  243. Download: https://github.com/trustedsec/social-engineer-toolkit/
  244. Features: The Social-Engineer Toolkit [SET] was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering.
  245.  
  246. -> [TMAC]
  247. Download: http://www.technitium.com/tmac/
  248. Features: Technitium MAC Address Changer is a Windows based tool that allows you to spoof MAC addresses of your Network Interface Card [NIC] irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine.
  249.  
  250. -> [Maltego]
  251. Download: http://www.paterva.com/web6/products/download.php
  252. Information: http://www.paterva.com/web6/documentation/index.php
  253. Features: Collects and displays information regarding the relationships between people, companies, websites, infrastructure, and organizations.
  254.  
  255. -> [Creepy]
  256. Download: http://ilektrojohn.github.io/creepy/
  257. Information: http://ilektrojohn.github.io/creepy/
  258. Features: Cree.py is a geolocation OSINT tool. Offers geolocation information gathering through social networking platforms such as Twitter, Flickr and Instagram.
  259.  
  260.  
  261.  
  262. .::Operating Systems::.
  263. --------------------------
  264.  
  265. -> [Kali Linux]
  266. Download: http://www.kali.org/downloads/
  267. Information: http://www.kali.org/official-documentation/
  268. Features: Kali is a custom Linux distribution that focuses all around penetration testing and hacking. It includes hundreds of hacking tools that will assist you in any kind of attack. Highly recommended for advanced users as well as novice users that are new to hacking.
  269.  
  270. -> [Parrot OS]
  271. Download: http://www.parrotsec.org/download/
  272. Information: http://www.parrotsec.org/doc/index.php/Main_Page
  273. Features: Parrot OS is another custom Debian-based system that has a custom hardened linux 3.16 kernel. It is a close competitor to Kali Linux, its just far less known by the community. Has about the same amount if tools and can has a built in option to connect to TOR. Also has another OS called ParrotCloud that is specifically designed for servers. It consists in a lightweight Parrot system without graphic interfaces, wireless and forensic tools and many other tools that can be considered useless in a remote-controlled virtual environment.
  274.  
  275. ----------------------------------------------------------------
  276. k3ss
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!