Documente Academic
Documente Profesional
Documente Cultură
Hacking
The Ultimate Beginner’s Guide to Using
Penetration Testing to Audit and Improve the
Cybersecurity of Computer Networks, Including
Tips on Social Engineering
© Copyright 2019
All Rights Reserved. No part of this book may be reproduced in any form without permission in writing
from the author. Reviewers may quote brief passages in reviews.
Disclaimer: No part of this publication may be reproduced or transmitted in any form or by any means,
mechanical or electronic, including photocopying or recording, or by any information storage and retrieval
system, or transmitted by email without permission in writing from the publisher.
While all attempts have been made to verify the information provided in this publication, neither the author
nor the publisher assumes any responsibility for errors, omissions or contrary interpretations of the subject
matter herein.
This book is for entertainment purposes only. The views expressed are those of the author alone and should
not be taken as expert instruction or commands. The reader is responsible for his or her own actions.
Adherence to all applicable laws and regulations, including international, federal, state and local laws
governing professional licensing, business practices, advertising and all other aspects of doing business in
the US, Canada, UK or any other jurisdiction is the sole responsibility of the purchaser or reader.
Neither the author nor the publisher assumes any responsibility or liability whatsoever on the behalf of the
purchaser or reader of these materials. Any perceived slight of any individual or organization is purely
unintentional.
Table of Contents
Introduction
Chapter 1 – Fighting against companies
Chapter 2 – Ethical Hacking Defined
Chapter 3 – War on the internet
Chapter 4 – Engineer’s mind
Chapter 5 – The Almighty EULA
Chapter 6 – The danger of defaults
Chapter 7 – John Deere
Chapter 8 – Copyright
Chapter 9 – YouTube ContentID
Chapter 10 – Tracking users
Chapter 11 – DRM
Chapter 12 – GEMA, the copyright police
Chapter 13 – Torrents
Chapter 13 – Sports channels
Chapter 14 – Megaupload and Anonymous
Chapter 15 – Julian Assange
Chapter 16 – Patents
Chapter 17 – Penetration testing
Chapter 18 – Jailbreaking Android/iPhone
Chapter 19 – Shut up Cortana
Chapter 20 – Hacking WiFi
Conclusion
Glossary
Introduction
Ever feel like you don’t even own the hardware and software you paid dearly
for? Ever get the impression that you have to ask for permission before installing
or changing a program on your device? Ever feel like Facebook and Instagram
are listening to your conversations to show you relevant ads? You’re not alone.
Half-baked products and services that chip away at your sense of ownership,
independence and privacy are a part of a global wave of corporate indifference
that micromanages and spies on honest, uniformed customers. None of it is
intentional or meant to cause harm, which makes it all the more damning.
By the time you’re finished with this book, you’ll learn:
• how technical experts with a genuine desire to make the world a better
place actually do so
• how their products and companies become a cherished brand, loved by
customers
• how businessmen with no technical expertise slowly creep into positions of
control in those same companies
• how these businessmen erode good will and product quality until there’s
only the brand name left
• how they start spying on the customers in order to create sophisticated
behavior profiles that can be sold to advertising companies
• how customers slowly walk away from brands and companies they used to
love until only the dumbest customers remain
• and finally, how these companies have to enact monopolies and pretty
much extort customers because nobody wants their services and products
anymore
There’s a silver lining in all of this, and that is ethical hacking. This book will
shine a light on how engineers think and show you how to discern their original
intentions, helping you adopt their attitude and perfect their products despite
managerial crud doing their worst to stop you. In a world where everything is
slowly becoming more managed and overbearing, this book is an attempt to take
back some of that original awesomeness envisioned by engineers and at least
make your world a slightly better place.
Chapter 1 – Fighting against companies
Imagine two giants fighting out in the open. They could be swinging trees at one
another or hurling entire hills like pebbles. Anyone caught in the crossfire will
have a bad day, but nearby towns could also get trampled in a second, and the
entire landscape is sure to be completely destroyed as a consequence of this
fight. The giants don’t care about the little people scurrying around, unless they
start posing a threat or draw too much attention to themselves. Giants would also
not obey kings, councils, moral standards or any rules of fair play, though they
might pretend to do so when it suits them. After all, would you follow rules set
by people 50,000 times smaller than you?
We live in a world dominated by companies that are just like these giants. They
may seem intimidating until you realize that they’re also slow, stupid, half-blind
and utterly predictable. In fact, the only thing these giants have going for them is
their overwhelming strength, which they can’t even use properly, randomly
causing chaos and destruction wherever they step. Thinking their power can be
harnessed is utter lunacy and yet governments all around the world keep trying
to do so, offering deals that ultimately hurt the little people. By working with the
government, tech giants can get unprecedented privileges, both legal and
monetary, while the government can exercise influence without constitutional
boundaries. Regular users are just an afterthought, a statistic that’s useful in the
aggregate as a bragging right but are otherwise left to themselves.
Throughout this book, you’ll be presented with arguments showing how all
companies eventually become giants, trampling the people they’re supposed to
be working for. You’ll also learn how the only recourse is for each of us to
independently find ways to live a relatively sheltered life and slightly weaken
these companies until they decide to play fair. No organization or legislation can
truly rein the giants in, but a group of determined people who are small,
independent and practically invisible can, and in doing so also make their lives
just a tiny bit more comfortable. This is where you come in as you vote with
your wallet and use your brain for the benefit of all of humanity.
Ethical hacking is perhaps the most thrilling way to use any given product, but
we have to keep our wits about us and not abuse what we know to become
villains. Techniques will be described theoretically as much as possible to avoid
censorship as hacking is still a taboo topic in the mainstream thanks to popular
culture. If you want to work as an ethical hacker, keep in mind that the way you
bring value to companies is by finding security loopholes before someone with
malicious intentions find them.
There are skill levels to ethical hacking, ranging from simple social engineering
to elaborate programming. This book won’t presume you prefer one or the other
or have an aptitude in any of them. A genius programmer might be a stuttering
mess and a social butterfly might type with one finger and yet they both have the
same chances of being successful hackers. Whatever your skills are, you should
work on them and refine them during your entire life because there’s money to
be made hacking.
Computers are increasingly involved in our lives, so knowing how and why they
work can prevent and solve a great many problems you would otherwise need to
pay someone else to fix. Any hacking skill you learn over the course of your life
can be used to make money. It’s just that with ethical hacking you can do it
legally, by improving products, customizing services and using those skills to
teach and tutor others in person and over the internet. Like all decent teaching
materials, this book will give you a glimpse into what’s possible to whet your
learning appetite – the rest is up to you.
Conclusion
We live in a maddening world. Things seem to be going faster and faster, with
apparently no option to keep anything under our control. We’re forced to
abandon old ideas, principles and habits as we’re engulfed by cyberspace. More
and more, we’re living online, where large companies reign and have no
intention of relinquishing the throne. In fact, they’re increasingly seizing what
used to be public domain and this goes unnoticed, without mainstream media
fanfare or even a constructive mention in the news.
Smart machines and digital brains decide on whether our behavior is kosher and
punish us within an instant. Any appeal is a formality and protests are memory-
holed. Weak and powerless, you can keep shouting at the void, filled with
resentment or you can learn to adapt. The sad truth is that there’s simply no
defeating the tech giants, so we have to wait for them to die a natural death.
Big companies collude with one another to keep a tight grip on the market and
emerging technologies. As small startups rise to fight them, they too get
absorbed and have their potential added to the conglomerate. Individuals have no
say in the matter, as CEOs are insular, detached from reality and stubbornly
dedicated to increasing company revenue. No amount of protesting, yelling or
punishment will make them pay attention to the needs of the little guy. But there
is a ray of light in all of it, a glimmer of hope as that same stubbornness makes
them blind to small, consistent ethical hacking efforts by individuals.
Ethical hacking is a wonderful mix of legal uncertainty and technical acuity that
gives you the power to choose what should have been provided by the free
market, the same one trounced by the giants. From one day to the next, ethical
hacking allows you to make a swath of tiny choices, such as how to enjoy
content and which tools to use for what. By becoming a part of the minority that
understands control mechanisms and knows how to bypass them, you’ll
gradually arrive at a higher vantage point, giving you more choices and thus
greater happiness.
Technology is here to stay but it shouldn’t be adored or glorified it’s just a tool
and should be accepted based on its merits rather than on our emotional
vulnerability induced by marketers. By thinking like an engineer, you’ll see the
world around you as a set of constraints that can be bent just a little bit to extract
maximum utility from whatever you happen to be using. It won’t be pretty, but it
will work and, oh, will be it satisfying.
Glossary
4chan – Popular image board, praised for its anarchism. Users describe
themselves as “smart people pretending to be idiots”.
Anonymous – Fancy and scary name for “I have no clue who that hacker was”.
May have originated on 4chan.
Attack surface – Measure of company’s vulnerability to hacking. Increases with
complexity and the number of systems attached to each other.
Black hat – Malicious individual who hacks to profit, spy or cause mayhem.
May be employed by companies to thwart competition or by states to lead
cyber-warfare with plausible deniability.
Closed source software – Proprietary code that’s under a EULA. The owner of
such code may put any number of restrictions on its use. Intended for the
dumbest customer around.
Cloud – Remote storage for local hardware and software. For example, using
smartphone’s camera and app to snap pictures but keeping them on a provided
server halfway across the world. Makes EULA easy to enforce and makes
ethical hacking impossible.
ContentID – YouTube’s copyright enforcement system. Fully automated and
entirely abusable by large corporations. Ripe for ethical hacking.
Cookies – Text files used to identify returning visitors. Abused by companies
that use them to track users and create behavior profiles.
Copyleft – Customer-friendly copyright. States that software belongs to the
public, but any user can modify it for his own needs and sell such modified
software for profit.
Copyright – Legal right to own, modify, copy and sell some work. Meant as a
legitimate way for creators to earn a living but increasingly being used to
bludgeon the little guy into submission.
Cracking – Removing DRM from software, usually by replacing executable
files with cracked ones.
Cyber-warfare – Persistent digital attacks and retributions on a company or
state. Has been happening ever since the invention of internet.
Dark Web – Hidden side of the internet. Rife with illegal and immoral content.
Accessible through tools such as Tor.
Data mining – Collection of customer data from unusual or unexpected sources.
For example, a printer constantly connected to the internet may be feeding back
to the company the number and content of pages printed.
DMCA – Digital Millennium Copyright Act, enacted in 1998. Allows
corporations to exercise their copyright stranglehold online with little effort. See
safe harbor provision.
Doxxing – Debunking a person’s online anonymity. Typically involves releasing
someone’s phone number, address and where they work or go to school so others
can prank him.
DRM – Digital Rights Management. Umbrella term for methods to disable
ethical hacking. May be done under the guise of preventing piracy. Most
prolific in video games.
Ethical hacking – Making your world a better place by hacking products so
they work as advertised.
EULA – End User License Agreement. Sort-of contract you are meant to adhere
to when installing software. Has dubious legal weight but companies try to
enforce it in a cloud-only setting.
Fair use – Exception to copyright that allows use of protected works under
certain circumstances. Since fair use rules are nebulous, copyright holders have
more funds to defend their copyright than fair use creators to defend their rights.
Feature creep – Propensity of software to become burdened with features of
little utility.
Feelies – Physical DRM. Now mostly appears in the form of merchandise
included in collector’s editions.
First sale doctrine – Exception to copyright that protects resellers who bought
the product directly from the author.
GEMA – German copyright police. Terrorizes schmucks and DJs.
Hacking – Unauthorized modification of some product to allow unintended use.
May be done maliciously (black hat), out of curiosity (white hat) or to extract
more utility (ethical hacking).
Hacktivism – Political activism combined with hacking. May involve educating
others on the importance of hacking, online privacy and software utility.
Hash – Numerical fingerprint of software or text. Meant to be unique but some
older hashing algorithms (such as MD5) create too many collisions.
Honeypot – Seemingly innocuous digital area that is intensely surveilled, such
as a torrent sharing website that works with law enforcement to catch pirates.
Internet of Things – Ruse to access telemetry from items we use daily, such as
socks.
IP address – Series of numbers that shows where the online visitor is from.
Companies may block certain IP addresses from viewing their content, for
example, Hulu blocks non-US visitors. May be temporarily changed using a
VPN.
Jailbreaking – Gaining full admin privileges on a smartphone. Typically done
through a PC with freely available software that gives current phone user full
rights.
Javascript – Dynamic programming language. Found everywhere online. May
be used to execute black hat hacking attacks on unsuspecting web users.
Kim Dotcom – Famous for ethical hacking. FBI went through the trouble of
going to New Zealand to snag him.
LARP – Elaborate fantasy that one has convinced himself is real. Popular term
for liars on 4chan.
Machine learning – Software self-improvement, akin to evolution in living
beings.
Metadata – Anonymized usage statistics. Useful to engineers for
troubleshooting software and hardware. Increasingly used by businessmen and
marketers to hack into consumers’ minds.
NET Act – 1997 law that considers hobby sharing of copyrighted works online a
crime, with up to five years jail sentence.
Open source software – Software free to own, distribute, edit and make money
off of. Usually more difficult to use than closed source software. Necessary for
any hacker worth his salt.
Patent – Claim of right on an idea. Highly contentious. Closes the market to
upcoming competition.
Patent minefield – Array of patents bought by a company. Used to legally
pester competitors.
Patent troll – Litigious entity owning a patent of dubious import that pesters
companies and individuals until some of them cough up cash.
Penetration testing – Attempt to determine attack surface of a company by a
white hat hacker.
PIPA – Other half of the 2011 SOPA proposal. Would allow copyright holders to
cut off US citizens from visiting supposed copyright-infringing websites found
outside the US.
Pirates – Derogatory term for people who download, use and share DRM-free
software or otherwise avoid copyright enforcement using loopholes.
Public domain – Information and ideas freely usable by everyone. Anathema to
tech companies.
Red Ring of Death – Xbox 360’s unfixable hardware failure. Caused by poor
engineering of the parts that get weakened when the console overheats.
Safe harbor provision – Legal exception to DMCA that allows content
aggregators and providers to keep functioning. Without it, ISPs and sites like
Google would have to shut down if any content they provide infringes anyone’s
copyright.
Social engineering – Gaining and exploiting the trust of people towards
authority.
SOPA – A 2011 Congress proposal to give law enforcement authority to shut
down supposed copyright infringing websites. Would have jeopardized the
structure of the internet. See PIPA.
Telemetry – Data on usage, such as how many times you launched a program.
Internet of Things would access real-world usage data, such as how many times
you opened your fridge.
Tor – The Onion Router. Bounces internet traffic between all participants to
conceal the origin. May be heavily surveilled by intelligence agencies.
Torrent – Decentralized sharing service. Nearly impossible to stop.
VPN – Virtual Private Network. Routing your internet traffic through an
accomplice to make it seem like he is visiting an address instead of you. Tor is
an open source software VPN.
White hat – Curious individual who hacks while causing minimal disturbance.
May be employed by companies to analyze their security. See penetration
testing.
Zero-day weakness – Previously unknown vulnerability in software. Worth a lot
of money to black hats.
[1]
https://arxiv.org/pdf/1707.08945.pdf
[2]
https://www.pcworld.com/article/256643/the_pandoras_box_of_stuxnet_duqu_and_flame.html
[3]
https://www.nytimes.com/2018/04/04/technology/google-letter-ceo-pentagon-project.html
[4]
https://techcrunch.com/2018/01/08/james-damore-just-filed-a-class-action-lawsuit-against-google-saying-
it-discriminates-against-white-male-conservatives/
[5]
https://gab.ai/
[6]
https://www.cnet.com/news/after-pittsburgh-synagogue-shooting-paypal-bans-gab-social-network/
[7]
https://www.autohotkey.com/
[8]
https://www.newyorker.com/magazine/2015/05/04/the-engineers-lament
[9]
https://www.youtube.com/watch?v=6prtCtxk1ho
[10]
https://www.businessinsider.com/steve-jobs-threw-ipod-prototype-into-an-aquarium-to-prove-a-point-
2014-11
[11]
https://www.inc.com/john-brandon/heres-why-bill-gates-used-to-memorize-employee-license-plates.html
[12]
https://www.youtube.com/watch?v=J-GVd_HLlps
[13]
https://www.makeuseof.com/tag/10-ridiculous-eula-clauses-agreed/
[14]
https://law.justia.com/cases/federal/district-courts/FSupp/908/640/1457490/
[15]
https://law.justia.com/cases/federal/appellate-courts/F3/86/1447/538242/
[16]
https://law.justia.com/cases/federal/district-courts/FSupp/846/208/1687655/
[17]
https://www.businessinsider.com/bill-gates-letter-eradicate-four-diseases-2015-1
[18]https://www.gnu.org/licenses/gpl.html
[19]
https://www.eff.org/deeplinks/2016/12/john-deere-really-doesnt-want-you-own-tractor
[20]
https://motherboard.vice.com/en_us/article/xykkkd/why-american-farmers-are-hacking-their-tractors-
with-ukrainian-firmware
[21]
https://www.scribd.com/document/339340098/John-Deere-letter#from_embed
[22]
https://www.nytimes.com/2016/05/25/business/dealbook/peter-thiel-is-said-to-bankroll-hulk-hogans-suit-
against-gawker.html
[23]
https://law.justia.com/cases/federal/district-courts/FSupp/871/535/1685837/
[24]
https://www.copyright.gov/legislation/dmca.pdf
[25]
https://support.google.com/youtube/answer/2797370?hl=en
[26]
https://www.scottsmitelli.com/articles/youtube-audio-content-id
[27]
https://www.wired.com/2011/11/youtube-filter-profiting/
[28]
https://youtu.be/gjvoJe4_v9k?t=277
[29]
https://youtu.be/Tqj2csl933Q
[30]
https://support.google.com/youtube/answer/2807622?hl=en&ref_topic=2778544
[31]
https://productforums.google.com/forum/#!topic/youtube/XrpgfBLBXKg;context-place=forum/youtube
[32]
https://news.ycombinator.com/item?id=18744657
[33]
https://www.reddit.com/r/videos/comments/a74f7p/youtubes_content_claim_system_is_out_of_control/eccs4zq/
[34]
https://torrentfreak.com/youtubes-copyright-protection-system-is-a-total-mess-can-it-be-fixed-181222/
[35]
https://www.youtube.com/watch?v=cK8i6aMG9VM
[36]
https://guilfordjournals.com/doi/abs/10.1521/jscp.2014.33.8.701
[37]
https://impossiblehq.com/complete-guide-leaving-google/
[38]
https://www.theregister.co.uk/2018/08/30/mozilla_will_not_track/
[39]
https://adblockplus.org/en/filters#elemhide_domains
[40]
https://betanews.com/2018/11/02/google-security-javascript/
[41]
https://addons.mozilla.org/en-US/firefox/addon/adnauseam/
[42]
https://www.theregister.co.uk/2018/08/30/mozilla_will_not_track/
[43]
https://superuser.com/questions/93442/windows-7-doesnt-start-after-installing-a-game-with-starforce-
protection
[44]
https://www.extremetech.com/extreme/76636-ubisoft-drops-starforce-drm
[45]
https://arstechnica.com/gaming/2018/11/hitman-2s-denuvo-drm-cracked-days-before-the-games-release/
[46]
https://torrentfreak.com/ubisofts-no-cd-answer-to-drm-080718/
[47]
https://www.makeuseof.com/tag/5-strange-video-game-copy-protection-measures-used-in-history/
[48]
https://www.youtube.com/watch?v=QDKguXtrSxU
[49]
http://files.courthousenews.com/2008/09/23/Spore.pdf
[50]
https://www.wired.com/2008/01/rumor-insider-r/
[51]
https://www.eurogamer.net/articles/2015-07-02-peter-moore-recounts-xbox-360-red-ring-of-death-saga
[52]
https://boingboing.net/2018/09/14/he-got-vossed.html
[53]
https://en.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany
[54]
https://www.techdirt.com/articles/20111114/02034116758/gema-once-again-demands-royalties-creative-
commons-music-it-has-no-rights-over.shtml
[55]
https://www.techdirt.com/articles/20130425/17042522839/how-gema-is-still-worst-collective-rights-
organization-world.shtml
[56]
https://www.theguardian.com/uk-news/2015/oct/12/uk-hoverboard-crackdown-all-you-need-to-know
[57]
http://www.bittorrent.org/beps/bep_0003.html
[58]
https://www.tennessean.com/story/sports/nfl/titans/2017/09/25/why-nfl-players-protest-national-
anthem/700004001/
[59]
https://www.cnet.com/news/trump-doesnt-carry-a-cellphone-or-use-email-report-says/
[60]
http://www.sportlemon.tv/
[61]
http://feed2all.org/
[62]
https://www.entrepreneur.com/article/228590
[63]
https://www.theguardian.com/technology/2012/jan/20/megaupload-shutdown-guns-cars-cash-seized
[64]
https://youtu.be/pMas0tWc0sg?t=58
[65]
https://twitter.com/kimdotcom
[66]
https://www.techdirt.com/articles/20150326/18041530458/how-us-government-legally-stole-millions-
kim-dotcom.shtml
[67]
https://www.bloomberg.com/news/articles/2015-10-02/nevada-patent-troll-takes-on-google-samsung-in-
london-court
[68]
https://www.eff.org/deeplinks/2016/03/stupid-patent-month-mega-troll-intellectual-ventures-hits-florist-
do-it-computer
[69]
https://www.supremecourt.gov/opinions/13pdf/13-298_7lh8.pdf
[70]
https://threader.app/thread/1063423110513418240
[71]
https://www.darkreading.com/attacks-breaches/strange-but-true-penetration-testing-stories/d/d-
id/1136508
[72]
https://www.macrumors.com/2017/01/13/apple-vs-samsung-reopened/
[73]
https://forum.xda-developers.com/showpost.php?p=52329946&postcount=76
[74]
https://www.oo-software.com/en/shutup10
[75]
https://www.networkworld.com/article/3238664/wi-fi/80211-wi-fi-standards-and-speeds-explained.html
[76]
https://portforward.com/
[77]
https://www.amazon.com/gp/product/B010O1G1ES