i

C ONTENT S

BEHC: Introduction to Born Ethical Hackers Club ...................................................3

Hack! What the hell it is?? ...................................................................................3
Hacking: What is it?? ...........................................................................................5
Most Important terms ..........................................................................................6
Can Hacking be Ethical? If yes, then How and what is Ethical? ...............................7
Difference between Hackers and Crackers.............................................................7
What you will learn with BEHC? ............................................................................8
Security and its three basic pillars (C.I.A) .............................................................9
How hackers perform their hack attacks? ............................................................11
Phase 1: Information gathering and Reconnaissance ........................................11
Phase 2: Scanning the target ..........................................................................12
Phase 3: Breaking the system and Gaining the Access......................................12
Phase 4: Maintaining the access without getting acknowledged .........................13
Phase 5: Removing and covering traces ...........................................................13
BEHC: INTRODUCTION TO BORN ETHICAL
HACKERS CLUB
BEHC stands for Born Ethical Hackers Club. BEHC is a part of campaign that
Hackingloops has started to train internet and general users Ethical Hacking and
Network Security so that they can cope up with current web world which in itself a
new world and most important buggy and unsecured one.

BEHC is owned by Lokesh Singh a.k.a Lucky (owner of Hackingloops / Hackoma-

niac / Isoftdl). Now you all people will be thinking why I made this group and
named as Born Hackers. As we all know, we all doing some amazing stuff from the
day we are born. There are two ways of living life. First following the great persons
and second creating your own paths. And believe me friends you can become one
of the great hacker only by choosing second path i.e. innovative thinking and creat-
ing your own paths and rules. I
can just guide you what is the
path and how you going to
run(because walking is just a
waste of time :P) on it. Thats all
about BEHC.

Follow BEHC @ Facebook and @

twitter

So friends, I am not going to bore

you more and lets start our jour-
ney to become a great Hacker.

HACK! WHAT THE HELL IT IS??

Technically, Hack is overriding or modifying stuff to achieve something uncommon
to normal user say overriding normal procedures of doing things or modifying
things to achieve something hidden or uncommon.

Lets understand it with an example. Suppose we wish to change the administrator

password of windows operating system. Now we all know that we can change win-
dows password by following below procedure:
For windows 7 operating system:

GO TO CONTROL PANEL USER ACC OUNTS SELEC T USER CHANGE PASS-

WORD SAVE NEW PASSWORD .

The above explained procedure is normal way that users use to change windows
administrator or users password.

But we all know that there are several uncommon ways of changing windows ad-
ministrator or users password. These ways is what we call HACK.

Now in above explained procedure wont work if I dont have administrator rights or
I forgot the administrator password. Now how I will change the administrator pass-
word or unlock system.

Here the term Hack and Hacker will come into picture. Now we have to use un-
common ways to achieve the target as normal procedure is no longer working in
our situation.

We can do above tasks by several methods according to levels of Hackers.

Novice Users: They will format the windows operating system or will take experts
help.

Script Kiddies (beginner level hackers): They will use Linux live disks or Emer-
gency rescue disks to reset the password.

Medium Level Hackers (who have good knowledge of system and hacking
tools): They will use advance Hacking tools like OPHCrack or Backtrack OS to re-
trieve the password.

Elite Hackers (expert level hackers): Why to use any third party tool (know
how to do with third party tools) when I can do this manually by breaking into sys-
tem root and reset it.

I will explain all the above methods in forthcoming classes but I want to tell the
elite ones procedure to give you an idea about up to what level we will learn
things.

So below is the procedure how Elite Hackers will do:

Elite Hackers do things based on situations say how I will do if its my own system
and if its somebody elses system (i.e. I want to break into his/her system without
getting tracked).

If its my own system, I have two choices: First, I can reset the password and
Second, I can retrieve the password.
If its somebody elses system, I am left with only one choice i.e. I need to retrieve
the password because if I reset it then victim will know that somebodys has broken
into his/her system and you cannot call yourself elite if you can be tracked.

So as a elite hacker I will try to retrieve the administrator password without getting
tracked or caught and its simplest way is using OPHCrack Live CD because this is
the only possible way to retrieve the existing password without resetting it. All oth-
er methods reset the windows password. Alternatively, I will insert windows operat-
ing system CD/DVD and try to retrieve the windows password encrypted file and
then decrypt it at my own system. I will share the exact methods in later classes.

HACKING: WHAT IS IT??

Hacking is derived by merging two words HACK and
ING i.e. Hack and its working.

Technically, Hacking is an art of exploring un-

common things or modifying things to achieve
uncommon functionalities.

But nowadays this definition is altered because of

our Media and few old folks who even dont know
how many keys are there on keyboard or dont even
know how to pronounce the word Computer.

Our cool Media has represented Hacking as an art of

deceiving web users to achieve malicious goals. I
was watching NDTV and other TV news channels,
this is how they have defined the word Hacking and
they categorized all smart internet and computer users as criminals.

And old folks like Parents. Ok leave others parents I will share things about mine.
One day I was performing penetration testing on ICIC I website and in between I
called my father and told him that see how many vulnerabilities and bugs this IC ICI
bank website has. Now you will be surprised what he replied Thief stop bugging
bank website, you will go to Jail. I really felt bad and told my father what the hell
you are saying, I am just analyzing website to report the bugs to their developers
and his reply was Stop doing crap stuff. I was shocked but didnt say anything be-
cause it is because of euphoric hype created by Media.

So friends, dont get demotivated by things that you see on media or hear from
folks. They are saying it bad because it is represented as bad to them by our me-
dia.

Actually its not only media who is responsible for this. Its us also. Why so?
Because when i frankly asked people, why you want to learn Hacking? This is the
reply what I got:

1. I want to hack my friends emails and Facebook 40%

2. I want to have fun 30%
3. I want to become security professional or Ethical Hacker 15%
4. I want to see what my girlfriend is doing 11%
5. I want to take revenge 3%
6. I want to learn cool stuff 1%

See only 16% people (15% Ethical hackers + 1% learn cool stuff) want to learn
ethical hacking for good reasons.

I will teach you everything but its solely your decision whats your reason to learn
Hacking.

MOST IMPORTANT TERMS

Threat An action or event that might compromise security. Usually a threat is a
potential violation of security.

Exploit It is defined way to breach the security of a computer or network system

through vulnerabilities found during system analysis or penetration testing.

Vulnerability It is a weakness, design, or implementation error that can lead to

an unexpected, undesirable event or module compromising the security of the sys-
tem.

Target Target can be any system or network or web application which a Hacker
wishes to hack.

Attack Attack is basically system violation which is launched against any system
or network or web application.

Security It is a set of rules which are made to harden system so that others can-
not penetrate into the system.

Are you all still unclear about above terms, what they practically mean? So lets
consider an example, we want to hack into some website and deface the website
home page. Then, threat is defacing a website, exploit is the procedure that we will
use to hack it, vulnerability is SQL injection bug in the website, target is website
itself, attack is website hacking and defacement, security is set of rules which we
will use to make system harden so that hacker cannot hack it.
We cannot make a system which is completely unhackable; we can only
make system harden so that it cannot be hacked.

CAN HACKING BE ETHICAL? IF YES,

THEN HOW AND WHAT IS ETHICAL?
Yes, Hacking can be Ethical. Major companies nowadays are expanding their bus i-
ness to attract web users and we all know web world is still unsecure. So these
companies hire hackers to test their website against several hacking attempts. This
is also called Penetration testing. Hence, Companies by themselves allows hackers
to hack their web application to test the security of their web application. So the
hackers which got the authority from company to hack their system are called Eth i-
cal Hackers or Professional Hackers.

For performing such tasks Ethical hackers are handsomely paid. In IT world termi-
nology this type of Hacking is referred as Penetration testing. Is this the only way
to become Ethical Hacker?

Answer is absolutely NO. There are several hackers who find out the bugs in the
web application or system and report them back to company instead of using those
bugs to attack the web application. This type of hackers are also considered as Eth-
ical Hacker but technically there is separate term defined in hacking world for such
hackers which is known as Grey Hat Hackers.

DIFFER EN C E BETW EEN H AC KERS AND C RACK ER S

There is a very thin line difference between the hacker and cracker. Like a coin has
two faces heads or tails, similar is true for computer experts. Some uses their tech-
niques and expertise to help the others and se-
cure the systems or networks and some misus-
es them and use that for their own selfish rea-
sons.

There are several traditional ways that deter-

mines the difference between the hackers and
crackers. I will provide you these ways in order
of their acceptance in the computer and IT
market. First of all, let me provide you the ba-
sic definitions of both hackers and crackers.

Hackers: A Hacker is a person who is extreme-

ly interested in exploring the things and reco n-
dite workings of any computer system or networking system. Most often, hackers
are the expert programmers. These are also called Ethical Hackers or white hat
hackers. And the technique or hacking they perform is called ethical hacking.

Ethical Hacking Means you think like Hackers that is first you Hack the System s and
find out the loop holes and then try to correct those Loop Holes. These types of
hackers protect the cyber world from every possible threat and fix the future com-
ing security loop holes. These peoples are also called as "GURU's" of Computer Se-
curity.

Crackers: Crackers or Black Hat hackers or cheaters or simply criminals, they are
called criminals because they are having the mindset of causing harm to security
and they steals very useful data and use it in wrong ways. Phishers also come in
this category who steals account info and steal your credit card nos. and money
over the Net.

WHAT YOU WILL LEARN WITH BEHC?

Now its really a cool question what we will learn in BEHC C lasses. And your answer
is here, we will learn below topics in details along with basic Hacking and Technolo-
gy Stuff.

Note: We will learn all basic stuff and below list of attacks precisely.

Injection Based Attacks: Binary planting

Blind SQL Injection Full Path Disclosure
Standard SQL Injection (manual pro- Path Manipulation
cedure) Path Traversal
Tool Based SQL Injection Relative Path Traversal
Blind XPath Injection
Standard XPATH Injection Cross Site Scripting attacks:
XPATH Injection Java Cross Frame Scripting
Command Injection Cross Site History Manipulation
Comment Injection Attack (XSHM)
Argument Injection or Modification Cross Site Tracing
Custom Special Character Injection Cross-Site Request Forgery (CSRF)
Special Element Injection Cross-site Scripting (XSS)
Eval Injection (Direct Dynamic Code Cross-User Defacement
Evaluation) CSRF
Direct Static Code Injection XSRF
LDAP injection CORS OriginHeaderScrutiny
Resource Injection CORS RequestPreflighScrutiny
Server-Side Includes (SSI) Injection
Code Injection Encryption/Decryption Attacks:
Cryptanalysis
Directory Based Attacks: Double Encoding
Unicode Encoding Cash Overflow

HTTP Based Attacks:

Session Based Attacks: HTTP Request Smuggling
Man-in-the-browser attack HTTP Response Splitting
Man-in-the-middle attack Brute force attack
Repudiation Attack Cache Poisoning
Session fixation Parameter Delimiter
Session hijacking attack Web Parameter Tampering
Session Prediction Format string attack
Page Hijacking
Forced browsing Mobile Based Attacks:
One-Click Attack Mobile code: invoking untrusted mo-
Click jacking bile code
Mobile code: non-final public field
Denial of service Attacks: Mobile code: object hijack
Denial of Service
Asymmetric resource consumption Others:
(amplification) Account lockout attack
Buffer overflow attack Spyware
Traffic flood Setting Manipulation
Regular expression Denial of Service - Trojan horse
ReDoS Windows: DATA alternate data stream
Overflow Binary Resource File

SEC UR ITY AN D ITS TH R EE BASIC P ILL AR S (C . I. A)

Security as a condition is the degree of resistance to, or protection from, harm. It
applies to any vulnerable and valuable asset, such as a person, dwelling, co mmuni-
ty, nation, or organization. Establishing or maintaining a sufficient degree of securi-
ty is the aim of the work, structures, and processes called "security." In IT (Info r-
mation Technology) world, security is the resistance that Designer or company in-
troduces so that it cannot be breached. In IT world, Security has three foundation
pillars known as C.I.A.

C.I.A stands for Confidentiality, Integrity and Availa-

bility. Any attempt to breach any of these is consi-
dered as attack. General information about these
terms can be easily extracted from their names but
lets discuss these in detail to understand them
properly.

Confidentiality: Confidentiality is the term used to

prevent the disclosure of information to unauthorized
individuals or systems. For example, a credit card
transaction on the Internet requires the credit card number to be transmitted from
the buyer to the merchant and from the merchant to a transaction processing net-
work. The system attempts to enforce confidentiality by encrypting the card num-
ber during transmission, by limiting the places where it might appear (in databases,
log files, backups, printed receipts, and so on), and by restricting access to the
places where it is stored. If an unauthorized party obtains the card number in any
way, a breach of confidentiality has occurred.

Confidentiality is necessary (but not sufficient) for maintaining the privacy of the
people whose personal information a system holds.

Integrity: Integrity refers to the trustworthiness of information resources. It in-

cludes the concept of "data integrity" -- namely, that data have not been changed
inappropriately, whether by accident or deliberately malign activity. It also includes
"origin" or "source integrity" -- that is, that the data actually came from the person
or entity you think it did, rather than an imposter.

Integrity can even include the notion that the person or entity in question entered
the right information -- that is, that the information reflected the actual circums-
tances (in statistics, this is the concept of "validity") and that under the same cir-
cumstances would generate identical data (what statisticians call "reliability").

On a more restrictive view, however, integrity of an information system includes

only preservation without corruption of whatever was transmitted or entered into
the system, right or wrong.

Availability: For any information system to serve its purpose, the information
must be available when it is needed. This means that the computing systems used
to store and process the information, the security controls used to protect it, and
the communication channels used to access it must be functioning correctly. High
availability systems aim to remain available at all times, preventing service disru p-
tions due to power outages, hardware failures, and system upgrades. Ensuring
availability also involves preventing denial-of-service attacks.

Almost all modern organizations are highly dependent on functioning info rmation
systems. Many literally could not operate without them. Availability, like other as-
pects of security, may be affected by purely technical issues (e.g., a malfunctioning
part of a computer or communications device), natural phenomena (e.g., wind or
water), or human causes (accidental or deliberate).

While the relative risks associated with these categories depend on the particular
context, the general rule is that humans are the weakest link. (That's why each
user's ability and willingness to use a data system securely are critical.)
HOW HACKERS PERFORM THEIR HACK
ATTACKS?
There are several ways using which Hackers perform Hack attacks. I have broken a
complete Hacking attempt into several phases (generally). How a hacker performs
hacking attempt is solely dependent on Hacker but we can tell the fundamentals of
doing it because fundamentals are always same. Most hackers architect their hack-
ing attempt before performing a hacking attempt to understand what he is going to
do and how he is going to perform it and how he will prevent himself from being
caught. Hackers who hack without thinking anything prior are considered as novice
hackers and they can be easily tracked or caught during the process because each
step is damn important. Also chances of success increases when we follow some
procedure rather than following nothing.

I have divided any hacking attempt into 5 different phases mentioned be-
low:

Phase 1: Information Gathering and Reconnaissance

Phase 2: Scanning the target

Phase 3: Breaking the system and Gaining the Access

Phase 4: Maintaining the access without getting acknowledged

Phase 5: Removing and covering traces

This is how a hacking attempt is launched o r performed. Now lets learn these
phases in detail to get a clear view.

PHASE 1: INFORMATION GATHERING AND RECONNAI SSANCE

As the name suggests, in this phase

we collect all the necessary infor-
mation that we can gather or possi-
ble to gather. We can call this phase
as preparatory phase also because
this is where the preparation of
hacking attempt is made. What is
the use of this step? Practically this
is one of the most important phases
because this step helps us in eva-
luating the target and provides all
basic information that we can be
useful.
Consider an example: I want to hack somebodys Facebook account. Now what ex-
actly we are looking in Information Gathering Phase; First whose Facebook account
I want to hack, name of the user, his date of birth, his email address, his phone
numbers(current and previous one if possible), his/her fianc/spouse details, his
city of birth, his education background, his favorite things, passions, hobbies etc.

We all know that we can extract above mentioned things quite easily. Now how this
can be useful. First we can use above information for launching Social Eng ineering
attack (according to latest research 80% people use passwords that are related to
above details). Secondly we can use these details to retrieve accounts or recover
passwords. Thirdly, we can use his/her favorites/hobbies/passions to create a
phishing/Key logging trap. We can do much more these are just examples.

I hope this clears why this is so much important step or phase.

PHASE 2: SCANNING THE TARGET

This phase is applicable to selected category to hack-
ing attempts like hacking networks, operating sys-
tems, web applications, web hosting servers etc.

In this phase we launch a Port (in case of network) or

URL (in case of Websites) to identify the vulnerability
in the system like open ports or vulnerable URLs.
This is one of the most important steps for launching
hacking attempts on websites or network servers or
web servers.

Consider an example, I want hack some website. In

information gathering phase, I will identify all the ba-
sic details about the website and its admin or owner. In scan phase I will launch a
URL scan to identify infected URLs (URLs that can vulnerable to Injection attacks,
Cross Site scripting attacks, other script based attacks) and launch a scan on web
server to identify anonymous logins or other FTP or port related bugs.

PHASE 3: BREAKING THE SY STEM AND GAINING THE ACCE SS

This is the step where the actual hacking attempt is launched. In this system hack-
er exploits the vulnerabilities that are found in the scanning phase to gain the
access of the system.

Continuing the above example, now user has identi-

fied that so and so URL is vulnerable to SQL Injection
attack. Now in this phase Hacker will launch the SQL
injection attack on the website to get the admin or
root access.
Is there any assurance that hacking attempt is successful, if hackers followed above
phases?

Young generation want to become Ethical Hacker or just want to limit itself to
Girlfriends email and Facebook?

Excited to learn further! Wait for next issue.

PHASE 4: MAINTAIN ING THE AC C ESS WITHOUT G ETTING AC KNOWLEDGED

In this phase Hacker tries to maintain his ownership inside the victim s system or
web server. By ownership, I meant that we can upload, download, configure or ma-
nipulate the data whenever we want.

Maintaining access depends upon the host system. For Example, if we have hacked
into victims computer system, we will install keyloggers, backdoors or spy rootkits
so that we can remain inside the victims system. Now if we have hacked into some
website, then we will create one more admin user inside the database or change
the file permissions or simply enable the anonymous login so that whenever we
want, we can hack into website again.

Hence the tools like keyloggers, Rats, Trojans, spywares are general tools to main-
tain access into the system.

PHASE 5: REMOVING AND COVERING TRACES

This is one of the most important phase of any hacking attempt. This is the step
where you cover your tracks or misdeeds from getting
detected or being caught.

This is necessary to avoid detection and most important-

ly to avoid legal action against you.

This step generally involves deleting of logs, altering of

logs, tunneling, proxifying your details including IP ad-
dress and other important data. Why this is so impor-
tant? Consider one example, I hacked into someones
website and defaced it. Now if victim is good enough
then he will check the upload logs. Upload logs co ntains
the IP address and system details from which file has
been upload and if he want he can lodge a complaint
against you in cyber cell and believe me cyber cell hardly
takes 10 minutes to reach anywhere. Then either you go
to jail or need to pay defamation charges. Hence its always mandatory to cover
your tracks to avoid legal action against you.

i
If a Hacker wants to get into your system then he will, what all you can do is that make his
entry harder.