WHAT'S NEW?
Loading...


Note : Make sure you read Part 1 bedore continuing. Click Me to read.

Welcome to the second part of the series of how to become a perfect hacker. In the previous tutorial we learnt the importance of programming and which languages to start with. In this tutorial we'll move to some advance things you need to learn for becoming a perfect hacker.

Switch to Linux

Go and see every advanced programmer or hacker, which OS is he using. I'm sure most of them would be using some Linux based distribution. The reason Linux is so popular, is because it's Open Source which means it's source code is on-line and is free to use for developers. Hence, numerous developer around the globe have contributed their best to the kernel and made it so great. It also beat others in terms of security.

So, If you have never used any Linux distribution in your life and switching form windows or Mac OS, I would suggest you to start with Ubuntu Linux, which is one of the most popular Linux distribution. It's is more like windows or Mac OS and is more user friendly. The next step is to get used to it. Learn some basic Linux terminal commands and get used to working with terminal.
Now when you have gained sufficient knowledge about Ubuntu, it's time to switch to a more advanced pen testing distribution. I would suggest Kali Linux but there are more alternatives.

Kali Linux is just another Distribution based on Linux kernel but there's something special about it. It is packed with thousands of free pen testing tools which will help you in becoming a perfect hacker. 

If you have reached this level learning everything I write, then trust me, you'll find your way yourself. You'll know what to do next, where to go next.

The reason you were asked to learn programming, so that when you loophole in any web app or software, you can write your own exploit. This prevents you from just being a script kiddie.

Resources: 


So, this ends the series of How to become a perfect Hacker. Please share this you found this info helpful so that even other can be benefited from it. Do ask any questions in the comments.


I've been getting a lot of requests from people who are new to the InfoSec community and wanna master the art of Ethical Hacking or formally speaking, Penetration Testing. But the biggest mistake that noobs make is that they start with "how to hack facebook account." Don't worry if you are too doing that. Even I did that when I was a noob, but as I gained more knowledge, I knew there as something wrong. I never started the right way, I wish someone would have guided me and I might not have wasted so much time fooling around the internet searching - "how to hack facebook" lol..

So, this post is made for those who are new to InfoSec community and need the right directions. So, First let's clear some misconceptions by the following FAQ's

How to Hack a Facebook account?

This is one of the most silliest and most noobic question in the InfoSec community. Honestly speaking, Facebook doesn't spend millions of dollars on it's security so that anyone could come and hack it. They have one of the most amazing security professionals securing it's data. So it's nearly impossible to hack a Facebook account. Yeah, It's not impossible, there are many pen testers who have reached a certain level that they can find loops holes in applications and write their own exploits, but these chances are very rare.

So, for the sake of this post, I went around the internet and searched for techniques to hack a Facebook account and this is what I found:

  • Phishing - It is a technique of creating a fake Facebook login page and somehow fooling the user to login. According to me this is the only way practical way possible. I'm not promoting it but if you wanna know what it is and wanna learn this, head over to my post - Fb hacking by wapka phishing 
  • Keylogging - It is a technique of installing a malicious software on victims computer which automatically captures keystrokes and send them to the attacker. But they can be easily detected by an Antivirus or even a firewall would stop them. So, that's not possible too.
  • Stealer's - Almost 80% of the users save their password on their browsers so that that they don't have to type it again. Stealer's are malicious software's that grabs those passwords and sends to the attackers. Again they can be detected by any Antivirus software.
  • Session Hijacking - This is a technique of hijacking one's session on the same network. We do not get someone's password but can get his session if he using the http - the non secure protocol. But obviously we know that Facebook uses https which is encrypted and hence this techniques doesn't works too.
  • DNS spoofing - It is an additional to phishing and can be used to make your phishing attack strong. If your victim is on the same network, you can use this technique to change the original Facebook page to your own fake page and hence can get access to victims Facebook account. But in real world scenarios, the victim is not usually on your network.
  • Facebook hacking software - I would say nothing about this but just one word "FAKE". Never trust site's which gives you Facebook hacking software's, either they are infection your computer by making you download spywares or just earning by making you click on ads.
  • facebook.py - How can you forget this brute forcing python script. It was a security loophole on Facebook that allowed attackers to brute force someone's password. But this vulnerability has been fixed. I repeat, it has been fixed.
From the above discussion, it's clear that there's no technique that exist today that can hack Facebook account. But you can be the one who can find a loophole but you have to learn and master the art of hacking.

How to become a perfect Hacker?

Assuming that you start from level 0. First thing that you wanna learn is how to code. Yup it's one of the most important thing because without knowing how to program, you'll just become a script kiddie. 
So, step one is to learn to program. But from which language you should start with. 
  • HTML - This is one of the most fundamental language. I know many would say, "What's the use of HTML in hacking" but trust me, this is gonna help a lot.
  • JavaScript - This is gonna be useful when finding vulnerabilities like XSS ( Cross Site Scripting) and some others. HTML too play a significant role in this.
  • PHP & SQL - This two are very much important because there's exist some serve vulnerabilities like SQL injecton and plus many websites and CMS are built on PHP and SQL databases, so who know, you might find a vulnerability on some of the most popular applications.
  • Python - This is one of the most useful languages because, it will help you to write exploits and programmers are switching to Python to build web applications.
  • Java -  This language exist from decades and is quite popular. More than 3 billion devices run on Java and it's not just limited to build computer software's. There are more that a billion android devices running and and android app's are programmed in Java. So, this is very helpful in writing android exploits as well as computer exploits.

Resources :

  • Python 3 tutorials - Basically Python has two versions. Python 2.7 and Python 3.x. Python 2.7 is the most popular and has more libraries, modules and documentation available online while Python 3 is the future of Python. Both the languages are almost similar. Here's an excellent discussion on Python 2 vs Python 3 . It'll help you decide which one you should choose. There are a bunch of tutorials online.  Just search for Python2/Python 3 tutorials.


So, these were some of the resources which might help you in learning programming. This was part one of this article and if you want me to continue with part 2, Do comment.

Continue with Part 2 - http://www.hackerslite.in/2016/04/how-to-become-a-perfect-hacker-two.html


Welcome to the sixth tutorial of the series Complete Nmap beginners course. In this tutorial we'll learn how to detect operating system of a host.
  • -O - This option enable's OS detection.

Alternativey,
  • -A - This option can be used to enable OS detection along with other things.
So, this was a shot but useful tutorial on detecting OS using Nmap.




Welcome to the fifth tutorial of Complete Nmap beginners course. In this tutorial we'll learn some techniques of detecting Services and it's versions running on specific ports.

  • -sV (Version detection) - This option can be simply used to detect version of a serivce running on a port.

  • --allports - This option tells Nmap to not to exclude any port from version detection. i.e. it scans every port.

  • --version-intensity <intensity> - This option has values varying rom 0 to 9. Selecting option 9 will take much longer but will be much accurate while setting option 0 will take much shoter but will be highlt inaccurate. The -sV option has a intensity of 7.

  • --version-light : This enables light mode scanning i.e. it's intensity is 2.

  • --version-all - This option tries every single probe. It's intensity is 9.


So, this was a tutorial on detecting services and it's version. In next tutorial we'll learn some techniques of detecting Operating System.




From the past three tutorials we have learned about some basic nmap techniques, host discovery and some port scanning techniques and have covered most of the part. Past few tutorials were quite lengthy but it's not the case now. The following tutorials will be quite short and easy now. So, in the tutorials we'll cover the topic "Port Scanning Specifications."

In addition to all of the scan methods discussed previously, Nmap offers options for specifying which ports are scanned and whether  the scan order is randomized or sequential. By default, Nmap scans the most common 1,000 ports for each protocol.

  • -p <port ranges> - This option can be specified to scan particular port ranges. For eg



The following will just scan ports from 1 to 100

  • --exclude-ports <port ranges> - We also have an option to exclude a range of ports which scanning multiple ports. for eg.



The following command will scan all the ports from 1 to 100 excluding ports from 100 to 200.


So, this was a short tutorial on "Port Scanning Specifications". In next tutorial we'll learn about Detecting Services and Version running on specific ports.



We'll in the past couple of tutorials we have learnt Nmap basic scanning and techniques of host discovery. In this post we're gonna learn various port scanning techniques.

  • -sS (TCP SYN Scan) - SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It allows clear, reliable differentiation between the openclosed, and filtered states.

  • -sT (TCP connect Scan) - This is the case when a user does not have root/admin privileges.This is the same high-level system call that web browsers, P2P clients, and most other network-enabled applications use to establish a connection. When SYN scan is available, it is usually a better choice.

  • -sU (UDP Scans) - While most popular services on the Internet run over the TCP protocol, UDP services are widely deployed.Because UDP scanning is generally slower and more difficult than TCP, some security auditors ignore these ports. This is a mistake, as exploitable UDP services are quite common and attackers certainly don't ignore the whole protocol.

  • -sN; -sF; -sX  (TCP NULL, FIN, and Xmas scans) - The key advantage to these scan types is that they can sneak through certain non-stateful firewalls and packet filtering routers. Another advantage is that these scan types are a little more stealthy than even a SYN scan. Don't count on this though—most modern IDS (Intrusion Detection System) products can be configured to detect them.This scan does work against most Unix-based systems though. Another downside of these scans is that they can't distinguish open ports from certain filtered ones, leaving you with the response open | filtered.
  1. Null scan (-sN) - Does not set any bits (TCP flag header is 0)
  2. FIN scan (-sF) - Sets just the TCP FIN bit.
  3. Xmas scan (-sX) - 
  4. Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree

  • -sA (TCP ACK scan) - This scan is different than the others discussed so far in that it never determines open (or even open|filtered) ports. It is used to map out firewall rulesets, determining whether they are stateful or not and which ports are filtered.
 The ACK scan probe packet has only the ACK flag set (unless you use --scanflags). When scanning unfiltered systems, open and closed ports will both return a RST packet. Nmap then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they are open or closed is undetermined. Ports that don't respond,or send certain ICMP error messages back, are labeled filtered.

  • -sO (IP scan) - IP protocol scan allows you to determine  which IP protocols (TCP, ICMP, IGMP, etc.) are supported by target machines.

So, these were some of the basic port scanning techniques. In next tutorial we'll cover the topic "port scanning specification."


Welcome to the second part of the Complete Nmap beginners guide and this post is on Host Discovery. One of the most important part of any reconnaissance is knowing your targets. Here's what host discovery comes into.


  • -sL (list scan) - The list scan is a form of host discovery that simply lists each host of the network(s) specified, without sending any packets to the target hosts.The list scan is a good sanity check to ensure that you have proper IP addresses for your targets. If the hosts sport domain names you do not recognize, it is worth investigating further prevent scanning the wrong company's network.

  • -sn(no port or ping scan) - This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the host discovery probes. Systems administrators often find this option valuable as well. It can easily be used to count number of hosts in a network.

  • -PS<port list> (TCP SYN Ping) - This option sends an empty TCP packet with the SYN flag set. Default port is 80.

The following command will send an empty TCP packet with SYN flag set from ports 1 to 100.

  • -PA<port list>  (TCP ACK Ping) - The TCP ACK ping is quite similar to the just-discussed SYN ping. The difference, as you could likely guess, is that the TCP ACK flag is set instead of the SYN flag.Default port is 80.

The following command will send an empty TCP packet with ACK flag set from ports 1 to 100.


  • -PU<port lists> (UDP Ping) - Another host discovery option is the UDP ping, which sends a UDP packet to the given port. Default port is 40125. A highly uncommon port is used because sending to open ports is often undesirable for this particular scan type. The primary advantage of this scan type is that it bypasses firewalls that only fliters TCP.

  • -PE(ICMP Ping) - In addition to the unusual TCP, UDP and SCTP host discovery types discussed above, Nmap can send the standard packets sent by the ping program. Nmap sends an ICMP echo request packet to the target IP addresses, expecting a echo reply in return from available hosts. But usually it is not recommended because most firewalls block it.

  • Nmap can also be used for trace routing buy using --traceroute option


Speeding the Scan

Nmap scans usually takes time and are quite slow. Various techniques are used to slash time and one of them is, telling Nmap, not to do a DNS resolution.

What is DNS resolution?

Each web server (and indeed any host connected to the internet) has a unique IP address in textual form, translating it to an IP address (in this case, 207.142.131.248) is a process known as DNS resolution or DNS lookup; here DNS stands for Domain Name Service

  • -n (no DNS resolution) - This option tells Nmap to never do reverse DNS resolution on the active IP addresses it finds. Since DNS can be slow even with Nmap's built-in parallel stub resolver, this option can slash scanning times.

So, this was host discovery on Nmap. Hope you have learned a lot and in next topic, we'll learn various port scanning techniques.




Welcome to the first post in Complete Nmap beginners guide. In this post we'll learn some of the basic Nmap Scanning techniques.

The basic command for scanning a hostname or ip is



where the ip address can also be replaced with host name or domain name. This was simply scanning a single ip/host name but what if you wanna scan multiple host names or ip addresses. You can obviously try this



This will probably work and scan all the three addresses but when you have a bunch of addresses to scan, typing each address will give pain in your ass. So, here's a net little trick. If you wanna scan multiple ip address of the same network, you can use

this will indeed scan all the three IP address(192.168.1.1, 192.168.1.2, 192.168.1.3) and save your time too. But there's one more short cut too. Typing



this will scan 256 address ranging from 192.168.1.1 to 192.168.1.256. You can also use 16 instead of 24 which will scan 65,536 address ranging from 192.168.1.1 to 192.168.255.255. Using 0 will scan the entire internet while using 32 will just scan a single ip address.

Nmap also supports a feature to scan IP address/host names from a text file. For this simply create a text file and write all the IP addresses separating then with lines. Eg
when done, save the file and execute the following : nmap -iL <location of file with file name>

assuming my file is called scan.txt and it's located a the Desktop, command looks like this


-iR <no. of hosts> can be used to scan desired number of random hosts from the internet


The following command will scan 10 random hosts from the Internet.

Excluding hosts


While scanning multiple hosts you can exclude some hosts which you would not like to scan by using : --exclude <host>
This will exclude 192.168.1.10 from those 256 hosts it will scan.

You can also exclude multiple hosts from a text file by using --exclude <destination and name of file>


So, that was Scanning basics of Nmap. In next posts we'll learn about discovering hosts.