For You

Chapter 1 Introduction to Ethical Hacking

In This Chapter
 Understanding hacker objectives
 Outlining the differences between ethical hackers and malicious hackers
 Examining how the ethical hacking process has come about
 Understanding the dangers that your computer systems face
 Starting the ethical hacking process
This book is about hacking ethically — the science of testing your computers
and network for security vulnerabilities and plugging the holes you
find before the bad guys get a chance to exploit them.
Although ethical is an often overused and misunderstood word, the Merriam-
Webster dictionary defines ethical perfectly for the context of this book and
the professional security testing techniques that I cover — that is, conforming
to accepted professional standards of conduct. IT practitioners are obligated to
perform all the tests covered in this book aboveboard and only after permission
has been obtained by the owner(s) of the systems — hence the disclaimer
in the introduction.
How Hackers Beget Ethical Hackers
We've all heard of hackers. Many of us have even suffered the consequences
of hacker actions. So who are these hackers? Why is it important to know
about them? The next few sections give you the lowdown on hackers.
Defining hacker
Hacker is a word that has two meanings:
 Traditionally, a hacker is someone who likes to tinker with software or
electronic systems. Hackers enjoy exploring and learning how computer
systems operate. They love discovering new ways to work electronically.
 Recently, hacker has taken on a new meaning — someone who maliciously
breaks into systems for personal gain. Technically, these criminals are
crackers (criminal hackers). Crackers break into (crack) systems with
malicious intent. They are out for personal gain: fame, profit, and even
revenge. They modify, delete, and steal critical information, often making
other people miserable.
The good-guy (white-hat) hackers don't like being in the same category as the
bad-guy (black-hat) hackers. (These terms come from Western movies where
the good guys wore white cowboy hats and the bad guys wore black cowboy
hats.) Whatever the case, most people give hacker a negative connotation.
Many malicious hackers claim that they don't cause damage but instead are
altruistically helping others. Yeah, right. Many malicious hackers are electronic
thieves.
In this book, I use the following terminology:
 Hackers (or bad guys) try to compromise computers.
 Ethical hackers (or good guys) protect computers against illicit entry.
Hackers go for almost any system they think they can compromise. Some
prefer prestigious, well-protected systems, but hacking into anyone's system
increases their status in hacker circles.
Ethical Hacking 101
You need protection from hacker shenanigans. An ethical hacker possesses
the skills, mindset, and tools of a hacker but is also trustworthy. Ethical hackers
perform the hacks as security tests for their systems.
If you perform ethical hacking tests for customers or simply want to add
another certification to your credentials, you may want to consider the ethical
hacker certification Certified Ethical Hacker, which is sponsored by ECCouncil.
See www.eccouncil.org/CEH.htm for more information.
Ethical hacking — also known as penetration testing or white-hat hacking —
involves the same tools, tricks, and techniques that hackers use, but with one
major difference: Ethical hacking is legal. Ethical hacking is performed with
the target's permission. The intent of ethical hacking is to discover vulnerabilities
from a hacker's viewpoint so systems can be better secured. It's part
of an overall information risk management program that allows for ongoing
security improvements. Ethical hacking can also ensure that vendors' claims
about the security of their products are legitimate.
10 Part I: Building the Foundation for Ethical Hacking
To hack your own systems like the bad guys, you must think like they think.
It's absolutely critical to know your enemy; see Chapter 2 for details.
Understanding the Need to
Hack Your Own Systems
To catch a thief, think like a thief. That's the basis for ethical hacking.
The law of averages works against security. With the increased numbers and
expanding knowledge of hackers combined with the growing number of system
vulnerabilities and other unknowns, the time will come when all computer
systems are hacked or compromised in some way. Protecting your systems
from the bad guys — and not just the generic vulnerabilities that everyone
knows about — is absolutely critical. When you know hacker tricks, you can
see how vulnerable your systems are.
Hacking preys on weak security practices and undisclosed vulnerabilities.
Firewalls, encryption, and virtual private networks (VPNs) can create a false
feeling of safety. These security systems often focus on high-level vulnerabilities,
such as viruses and traffic through a firewall, without affecting how hackers
work. Attacking your own systems to discover vulnerabilities is a step to
making them more secure. This is the only proven method of greatly hardening
your systems from attack. If you don't identify weaknesses, it's a matter of
time before the vulnerabilities are exploited.
As hackers expand their knowledge, so should you. You must think like them
to protect your systems from them. You, as the ethical hacker, must know
activities hackers carry out and how to stop their efforts. You should know
what to look for and how to use that information to thwart hackers' efforts.
You don't have to protect your systems from everything. You can't. The only
protection against everything is to unplug your computer systems and lock
them away so no one can touch them — not even you. That's not the best
approach to information security. What's important is to protect your systems
from known vulnerabilities and common hacker attacks.
It's impossible to buttress all possible vulnerabilities on all your systems. You
can't plan for all possible attacks — especially the ones that are currently
unknown. However, the more combinations you try — the more you test whole
systems instead of individual units — the better your chances of discovering
vulnerabilities that affect everything as a whole.
Don't take ethical hacking too far, though. It makes little sense to harden your
systems from unlikely attacks. For instance, if you don't have a lot of foot traffic
Chapter 1: Introduction to Ethical Hacking 11
in your office and no internal Web server running, you may not have as much
to worry about as an Internet hosting provider would have. However, don't
forget about insider threats from malicious employees!
Your overall goals as an ethical hacker should be as follows:
 Hack your systems in a nondestructive fashion.
 Enumerate vulnerabilities and, if necessary, prove to upper management
that vulnerabilities exist.
 Apply results to remove vulnerabilities and better secure your systems.
Understanding the Dangers
Your Systems Face
It's one thing to know that your systems generally are under fire from hackers
around the world. It's another to understand specific attacks against your systems
that are possible. This section offers some well-known attacks but is by
no means a comprehensive listing. That requires its own book: Hack Attacks
Encyclopedia, by John Chirillo (Wiley Publishing, Inc.).
Many information-security vulnerabilities aren't critical by themselves.
However, exploiting several vulnerabilities at the same time can take its toll.
For example, a default Windows OS configuration, a weak SQL Server administrator
password, and a server hosted on a wireless network may not be
major security concerns separately. But exploiting all three of these vulnerabilities
at the same time can be a serious issue.
Nontechnical attacks
Exploits that involve manipulating people — end users and even yourself —
are the greatest vulnerability within any computer or network infrastructure.
Humans are trusting by nature, which can lead to social-engineering exploits.
Social engineering is defined as the exploitation of the trusting nature of human
beings to gain information for malicious purposes. I cover social engineering
in depth in Chapter 5.
Other common and effective attacks against information systems are physical.
Hackers break into buildings, computer rooms, or other areas containing critical
information or property. Physical attacks can include dumpster diving
(rummaging through trash cans and dumpsters for intellectual property,
passwords, network diagrams, and other information).
12 Part I: Building the Foundation for Ethical Hacking
Network-infrastructure attacks
Hacker attacks against network infrastructures can be easy, because many
networks can be reached from anywhere in the world via the Internet. Here
are some examples of network-infrastructure attacks:
 Connecting into a network through a rogue modem attached to a
computer behind a firewall
 Exploiting weaknesses in network transport mechanisms, such as TCP/IP
and NetBIOS
 Flooding a network with too many requests, creating a denial of service
(DoS) for legitimate requests
 Installing a network analyzer on a network and capturing every packet
that travels across it, revealing confidential information in clear text
 Piggybacking onto a network through an insecure 802.11b wireless
configuration
Operating-system attacks
Hacking operating systems (OSs) is a preferred method of the bad guys. OSs
comprise a large portion of hacker attacks simply because every computer
has one and so many well-known exploits can be used against them.
Occasionally, some operating systems that are more secure out of the box —
such as Novell NetWare and the flavors of BSD UNIX — are attacked, and
vulnerabilities turn up. But hackers prefer attacking operating systems like
Windows and Linux because they are widely used and better known for their
vulnerabilities.
Here are some examples of attacks on operating systems:
 Exploiting specific protocol implementations
 Attacking built-in authentication systems
 Breaking file-system security
 Cracking passwords and encryption mechanisms
Application and other specialized attacks
Applications take a lot of hits by hackers. Programs such as e-mail server
software and Web applications often are beaten down:
Chapter 1: Introduction to Ethical Hacking 13
 Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol
(SMTP) applications are frequently attacked because most firewalls and
other security mechanisms are configured to allow full access to these
programs from the Internet.
 Malicious software (malware) includes viruses, worms, Trojan horses,
and spyware. Malware clogs networks and takes down systems.
 Spam (junk e-mail) is wreaking havoc on system availability and storage
space. And it can carry malware.
Ethical hacking helps reveal such attacks against your computer systems.
Parts II through V of this book cover these attacks in detail, along with specific
countermeasures you can implement against attacks on your systems.
Obeying the Ethical Hacking
Commandments
Every ethical hacker must abide by a few basic commandments. If not, bad
things can happen. I've seen these commandments ignored or forgotten when
planning or executing ethical hacking tests. The results weren't positive.
Working ethically
The word ethical in this context can be defined as working with high professional
morals and principles. Whether you're performing ethical hacking tests
against your own systems or for someone who has hired you, everything you
do as an ethical hacker must be aboveboard and must support the company's
goals. No hidden agendas are allowed!
Trustworthiness is the ultimate tenet. The misuse of information is absolutely
forbidden. That's what the bad guys do.
Respecting privacy
Treat the information you gather with the utmost respect. All information
you obtain during your testing — from Web-application log files to clear-text
passwords — must be kept private. Don't use this information to snoop into
confidential corporate information or private lives. If you sense that someone
should know there's a problem, consider sharing that information with the
appropriate manager.
14 Part I: Building the Foundation for Ethical Hacking
Involve others in your process. This is a "watch the watcher" system that can
build trust and support your ethical hacking projects.
Not crashing your systems
One of the biggest mistakes I've seen when people try to hack their own systems
is inadvertently crashing their systems. The main reason for this is poor
planning. These testers have not read the documentation or misunderstand
the usage and power of the security tools and techniques.
You can easily create DoS conditions on your systems when testing. Running
too many tests too quickly on a system causes many system lockups. I know
because I've done this! Don't rush things and assume that a network or specific
host can handle the beating that network scanners and vulnerabilityassessment
tools can dish out.
Many security-assessment tools can control how many tests are performed
on a system at the same time. These tools are especially handy if you need to
run the tests on production systems during regular business hours.
You can even create an account or system lockout condition by social engineering
someone into changing a password, not realizing that doing so might
create a system lockout condition.
The Ethical Hacking Process
Like practically any IT or security project, ethical hacking needs to be planned
in advance. Strategic and tactical issues in the ethical hacking process should
be determined and agreed upon. Planning is important for any amount of
testing — from a simple password-cracking test to an all-out penetration test
on a Web application.
Formulating your plan
Approval for ethical hacking is essential. Make what you're doing known and
visible — at least to the decision makers. Obtaining sponsorship of the project
is the first step. This could be your manager, an executive, a customer, or
even yourself if you're the boss. You need someone to back you up and sign
off on your plan. Otherwise, your testing may be called off unexpectedly if
someone claims they never authorized you to perform the tests.
Chapter 1: Introduction to Ethical Hacking 15
The authorization can be as simple as an internal memo from your boss if
you're performing these tests on your own systems. If you're testing for a
customer, have a signed contract in place, stating the customer's support and
authorization. Get written approval on this sponsorship as soon as possible
to ensure that none of your time or effort is wasted. This documentation is
your Get Out of Jail Free card if anyone questions what you're doing.
You need a detailed plan, but that doesn't mean you have to have volumes of
testing procedures. One slip can crash your systems — not necessarily what
anyone wants. A well-defined scope includes the following information:
 Specific systems to be tested
 Risks that are involved
 When the tests are performed and your overall timeline
 How the tests are performed
 How much knowledge of the systems you have before you start testing
 What is done when a major vulnerability is discovered
 The specific deliverables — this includes security-assessment reports
and a higher-level report outlining the general vulnerabilities to be
addressed, along with countermeasures that should be implemented
When selecting systems to test, start with the most critical or vulnerable
systems. For instance, you can test computer passwords or attempt socialengineering
attacks before drilling down into more detailed systems.
It pays to have a contingency plan for your ethical hacking process in case
something goes awry. What if you're assessing your firewall or Web application,
and you take it down? This can cause system unavailability, which can
reduce system performance or employee productivity. Even worse, it could
cause loss of data integrity, loss of data, and bad publicity.
Handle social-engineering and denial-of-service attacks carefully. Determine
how they can affect the systems you're testing and your entire organization.
Determining when the tests are performed is something that you must think
long and hard about. Do you test during normal business hours? How about
late at night or early in the morning so that production systems aren't affected?
Involve others to make sure they approve of your timing.
The best approach is an unlimited attack, wherein any type of test is possible.
The bad guys aren't hacking your systems within a limited scope, so why
should you? Some exceptions to this approach are performing DoS, socialengineering,
and physical-security tests.
Don't stop with one security hole. This can lead to a false sense of security.
Keep going to see what else you can discover. I'm not saying to keep hacking
16 Part I: Building the Foundation for Ethical Hacking
until the end of time or until you crash all your systems. Simply pursue the
path you're going down until you can't hack it any longer (pun intended).
One of your goals may be to perform the tests without being detected. For
example, you may be performing your tests on remote systems or on a remote
office, and you don't want the users to be aware of what you're doing. Otherwise,
the users may be on to you and be on their best behavior.
You don't need extensive knowledge of the systems you're testing — just a
basic understanding. This will help you protect the tested systems.
Understanding the systems you're testing shouldn't be difficult if you're hacking
your own in-house systems. If you're hacking a customer's systems, you
may have to dig deeper. In fact, I've never had a customer ask for a fully blind
assessment. Most people are scared of these assessments. Base the type of
test you will perform on your organization's or customer's needs.
Chapter 19 covers hiring "reformed" hackers.
Selecting tools
As with any project, if you don't have the right tools for ethical hacking, accomplishing
the task effectively is difficult. Having said that, just because you use
the right tools doesn't mean that you will discover all vulnerabilities.
Know the personal and technical limitations. Many security-assessment tools
generate false positives and negatives (incorrectly identifying vulnerabilities).
Others may miss vulnerabilities. If you're performing tests such as socialengineering
or physical-security assessments, you may miss weaknesses.
Many tools focus on specific tests, but no one tool can test for everything.
For the same reason that you wouldn't drive in a nail with a screwdriver, you
shouldn't use a word processor to scan your network for open ports. This is
why you need a set of specific tools that you can call on for the task at hand.
The more tools you have, the easier your ethical hacking efforts are.
Make sure you that you're using the right tool for the task:
 To crack passwords, you need a cracking tool such as LC4, John the
Ripper, or pwdump.
A general port scanner, such as SuperScan, may not crack passwords.
 For an in-depth analysis of a Web application, a Web-application assessment
tool (such as Whisker or WebInspect) is more appropriate than a
network analyzer (such as Ethereal).
Chapter 1: Introduction to Ethical Hacking 17
When selecting the right security tool for the task, ask around. Get advice
from your colleagues and from other people online. A simple Groups search
on Google (www.google.com) or perusal of security portals, such as
SecurityFocus.com, SearchSecurity.com, and ITsecurity.com, often produces
great feedback from other security experts.
Hundreds, if not thousands, of tools can be used for ethical hacking — from
your own words and actions to software-based vulnerability-assessment programs
to hardware-based network analyzers. The following list runs down
some of my favorite commercial, freeware, and open-source security tools:
 Nmap
 EtherPeek
 SuperScan
 QualysGuard
 WebInspect
 LC4 (formerly called L0phtcrack)
 LANguard Network Security Scanner
 Network Stumbler
 ToneLoc
Here are some other popular tools:
 Internet Scanner
 Ethereal
 Nessus
 Nikto
 Kismet
 THC-Scan
I discuss these tools and many others in Parts II through V when I go into the
specific hack attacks. Appendix A contains a more comprehensive listing of
these tools for your reference.
The capabilities of many security and hacking tools are often misunderstood.
This misunderstanding has shed negative light on some excellent tools, such
as SATAN (Security Administrator Tool for Analyzing Networks) and Nmap
(Network Mapper).
Some of these tools are complex. Whichever tools you use, familiarize yourself
with them before you start using them. Here are ways to do that:
18 Part I: Building the Foundation for Ethical Hacking
 Read the readme and/or online help files for your tools.
 Study the user's guide for your commercial tools.
 Consider formal classroom training from the security-tool vendor or
another third-party training provider, if available.
Look for these characteristics in tools for ethical hacking:
 Adequate documentation.
 Detailed reports on the discovered vulnerabilities, including how they
may be exploited and fixed.
 Updates and support when needed.
 High-level reports that can be presented to managers or nontechie types.
These features can save you time and effort when you're writing the report.
Executing the plan
Ethical hacking can take persistence. Time and patience are important. Be
careful when you're performing your ethical hacking tests. A hacker in your
network or a seemingly benign employee looking over your shoulder may
watch what's going on. This person could use this information against you.
It's not practical to make sure that no hackers are on your systems before
you start. Just make sure you keep everything as quiet and private as possible.
This is especially critical when transmitting and storing your test results.
If possible, encrypt these e-mails and files using Pretty Good Privacy (PGP) or
something similar. At a minimum, password-protect them.
You're now on a reconnaissance mission. Harness as much information as
possible about your organization and systems, which is what malicious hackers
do. Start with a broad view and narrow your focus:
1. Search the Internet for your organization's name, your computer and
network system names, and your IP addresses.
Google is a great place to start for this.
2. Narrow your scope, targeting the specific systems you're testing.
Whether physical-security structures or Web applications, a casual
assessment can turn up much information about your systems.
3. Further narrow your focus with a more critical eye. Perform actual
scans and other detailed tests on your systems.
4. Perform the attacks, if that's what you choose to do.
Chapter 1: Introduction to Ethical Hacking 19
Evaluating results
Assess your results to see what you uncovered, assuming that the vulnerabilities
haven't been made obvious before now. This is where knowledge counts.
Evaluating the results and correlating the specific vulnerabilities discovered
is a skill that gets better with experience. You'll end up knowing your systems
as well as anyone else. This makes the evaluation process much simpler
moving forward.
Submit a formal report to upper management or to your customer, outlining
your results. Keep these other parties in the loop to show that your efforts
and their money are well spent. Chapter 17 describes this process.
Moving on
When you've finished your ethical hacking tests, you still need to implement
your analysis and recommendations to make sure your systems are secure.
New security vulnerabilities continually appear. Information systems constantly
change and become more complex. New hacker exploits and security
vulnerabilities are regularly uncovered. You may discover new ones! Security
tests are a snapshot of the security posture of your systems. At any time,
everything can change, especially after software upgrades, adding computer
systems, or applying patches. Plan to test regularly (for example, once a
week or once a month). Chapter 19 covers managing security changes.
Created By at 1 comment:

Where to Go from Here

The more you know about how hackers work and how your systems should
be tested, the better you're able to secure your computer systems. This book
provides the foundation that you need to develop and maintain a successful
ethical-hacking program for your organization and customers. Keep in mind
that the high-level concepts of ethical hacking won't change as often as the
specific information-security vulnerabilities you're protecting against. The art
and science of ethical hacking will always remain an art and a science — and
a field that's ever-changing. You must keep up with the latest hardware and
software technologies, along with the various vulnerabilities that come about
year after year. No one best way to hack your systems ethically exists, so
tweak this information to your heart's content. Happy (ethical) hacking!
Created By at No comments:

Part VIII: Appendixes

This part includes two appendixes that cover ethical hacking reference materials.
This includes a one-stop reference listing of ethical hacking tools and
resources, as well as information on the Hacking For Dummies Web site.
Created By at No comments:

Part VII: The Part of Tens

This part contains tips to help ensure the success of your ethical hacking
program. You find out how to get upper management to buy into your ethical
hacking program so you can get going and start protecting your systems. This
part also includes the top ten ethical hacking mistakes to avoid and my top
ten tips for ethical hacking success.
Created By at No comments:

Part VI: Ethical Hacking Aftermath

After you've performed your ethical hack attacks, what do you do with the
information you've gathered? Shelve it? Show it off? How do you move forward?
This part answers all these questions and more. From developing
reports for upper management to remediating the security flaws that you discover
to establishing procedures for your ongoing ethical hacking efforts,
this part brings the ethical hacking process full circle. This information not
only ensures that your effort and time are well spent, but also is evidence
that information security is as an essential element for success in any business
that depends on computers and information technology.
Created By at No comments:

Part V: Application Hacking

Application security is gaining more visibility in the information-security arena
these days. An increasing number of attacks are aimed directly at various
applications, which are often able to bypass firewalls, intrusion-detection
systems, and antivirus software. This part discusses hacking specific applications,
including coverage on malicious software and messaging systems,
along with practical countermeasures that you can put in place to make your
applications more secure.
One of the most common network attacks is on Web applications. Practically
every firewall lets Web traffic into and out of the network, so most attacks are
against the millions of Web applications available to almost anyone. This part
covers Web application hack attacks, countermeasures, and some application
hacking case studies for real-world security testing scenarios.
Created By at No comments:

Part IV: Operating System Hacking

Practically all operating systems have well-known vulnerabilities that hackers
often use. This part jumps into hacking three widely used operating systems:
Windows, Linux, and NetWare. The hacking methods include scanning your
operating systems for vulnerabilities and enumerating the specific hosts to
gain detailed information. This part also includes information on exploiting
well-known vulnerabilities in these operating systems, taking over operating
systems remotely, and specific countermeasures that you can implement to
make your operating systems more secure. This part also includes case studies
on operating-system hack attacks.
Created By at No comments:

Part III: Network Hacking

Starting with the larger network in mind, this part covers methods to test
your systems for various well-known network infrastructure vulnerabilities.
From weaknesses in the TCP/IP protocol suite to wireless network insecurities,
you find out how networks are compromised using specific methods of
flawed network communications, along with various countermeasures that
you can implement to keep from becoming a victim. This part also includes
case studies on some of the network hack attacks that are presented
Created By at No comments:

Part II: Putting Ethical Hacking in Motion

This part gets you rolling with the ethical hacking process. It covers several
well-known hack attacks, including social engineering and cracking passwords,
to get your feet wet. The techniques presented are some of the most
widely used hack attacks. This part covers the human and physical elements
of security, which tend to be the weakest links in any information-security
program. After you plunge into these topics, you'll know the tips and tricks
required to perform common general hack attacks against your systems, as
well as specific countermeasures to keep your information systems secure.
Created By at No comments:

Part I: Building the Foundation for Ethical Hacking

This part covers the fundamental aspects of ethical hacking. It starts with an
overview of the value of ethical hacking and what you should and shouldn't
do during the process. You get inside the hacker's mindset and discover how
to plan your ethical hacking efforts. This part covers the steps involved in
the ethical hacking process, including how to choose the proper tools.
Created By at No comments:

How This Book Is Organized

This book is organized into eight parts — six regular chapter parts, a Part of
Tens, and a part with appendixes. These parts are modular, so you can jump
around from one part to another as needed. Each chapter provides practical
methodologies and best practices you can utilize as part of your ethical hacking
efforts, including checklists and references to specific tools you can use,
as well as resources on the Internet.
Introduction 3
Created By at No comments:

Foolish Assumptions

I make a few assumptions about you, aspiring information-security person:
 You're familiar with basic computer-, network-, and information-securityrelated
concepts and terms.
 You have a basic understanding of what hackers do.
 You have access to a computer and a network on which to test these
techniques.
 You have access to the Internet in order to obtain the various tools used
in the ethical hacking process.
 You have permission to perform the hacking techniques in this book.
Created By at No comments:

What You Don’t Need to Read

Depending on your computer and network configurations, you may be able to
skip chapters. For example, if you aren't running Linux or wireless networks,
you can skip those chapters.
Created By at No comments:

How to Use This Book

This book includes the following features:
 Various technical and nontechnical hack attacks and their detailed
methodologies
 Hack-attack case studies from well-known and anonymous hackers and
other security experts
 Specific countermeasures to protect against hack attacks
Each chapter is an individual reference on a specific ethical hacking subject.
You can refer to individual chapters that pertain to the type of systems you're
assessing, or you can read the book straight through.
2 Hacking For Dummies
Before you start hacking your systems, familiarize yourself with the information
in Part I so you're prepared for the tasks at hand. The adage "if you fail
to plan, you plan to fail" rings true for the ethical hacking process. You must
get written permission and have a solid game plan.
This material is not intended to be used for unethical or illegal hacking purposes
to propel you from script kiddie to mega hacker. Rather, it is designed
to provide you with the knowledge you need to hack your own or your customers'
systems — in an ethical and legal manner — to enhance the security
of the information involved.
Created By at No comments:

About This Book

Hacking For Dummies is a reference guide on hacking computers and network
systems. The ethical hacking techniques are based on the unwritten rules of
computer system penetration testing and information-security best practices.
This book covers everything from establishing your hacking plan to testing
your systems to managing an ongoing ethical hacking program. Realistically,
for many networks, operating systems, and applications, thousands of possible
hacks exist. I cover the major ones that you should be concerned about.
Whether you need to assess security vulnerabilities on a small home-office
network, a medium-size corporate network, or across large enterprise systems,
Hacking For Dummies provides the information you need.
Created By at No comments:

Who Should Read This Book? If

If you want to hack other people's computer systems maliciously, this book is
not for you.
Disclaimer: If you choose to use the information in this book to hack or break
into computer systems maliciously in an unauthorized fashion, you're on your
own. Neither I, as the author, nor anyone else associated with this book shall
be liable or responsible for any unethical or criminal choices that you may
make and execute using the methodologies and tools that I describe. This
book is intended solely for the IT professional to test information security in
an authorized fashion.
Okay, now that that's out of the way, time for the good stuff! This book is for
you if you're a network administrator, information-security manager, security
consultant, or someone interested in finding out more about legally and ethically
hacking your own or a customer's information systems to make them
more secure.
As the ethical hacker performing well-intended information-security assessments,
you can detect and point out security holes that may otherwise be
overlooked. If you're performing these tests on your own systems, the information
you uncover in your tests can help you win over management and
prove that information security should be taken seriously. Likewise, if you're
performing these tests for your customers, you can help find security holes
that can be plugged before malicious hackers have a chance to exploit them.
The information in this book helps you stay on top of the security game and
enjoy the fame and glory that comes with helping your organization and customers
prevent bad things from happening to their information.
Created By at No comments:

haking trick and tips full book

Welcome to Hacking For Dummies. This book outlines computer hacker
tricks and techniques — in plain English — to assess the security of
your own information systems, find security vulnerabilities, and fix the vulnerabilities
before malicious and criminal hackers have an opportunity to
take advantage of them. This hacking is the professional, aboveboard, and
legal type of security testing — which I call ethical hacking throughout the
book. Computer and network security is a complex subject and an evermoving
target. You must stay on top of it to ensure your information is protected
from the bad guys.
You can implement all the security technologies and other best practices
possible, and your information systems may be secure — as far as you know.
However, until you understand how hackers think and apply that knowledge
to assess your systems from a hacker's-eye view, you can't get a true sense of
how secure your information really is.
Ethical hacking — sometimes referred to as penetration testing or white-hat
hacking — is a necessary requirement to ensure that information systems are
truly secure on an ongoing basis. This book provides you with the knowledge
required to successfully implement an ethical hacking program, along with
countermeasures that you can implement to keep malicious hackers out of
your business.
Created By at No comments:

test email

nothing to display
Created By at 3 comments:

earn money

tame ahi apel link ne flow kari ne software download karo matlab ke html file download karo ane adsense ne kai rite handle karvu te samjo


darek file ne opan karo tamara web ma tya ek ad jevu dekhase tena par clik karo jo clik karva thi tema add tamare opan thati hoy to darek file chek karo ane darek add work kare che ke nahi te juvo


jo tamara pc ma darek add work karshe to tame ghar betha mahine 15000 thi vadhu kamai sako cho


aatli kari lidha pachi  tame adsense ma acount opan karo ane tyarbad aa rite tame pan file banavi ne tamari jatej clik karo tamne add nu pement mali jashe
site nu list niche che darek ne chek kari lejo jaruri che
balvi studio 0
balvistudio 1
balvistudio 2
balvistudio 3
balvistudio 4
balvistudio 5
balvistudio 6
balvistudio 7
balvistudio 8
aa badhi file download kari ne opan karo tyarbad tame tema tamari file add kari sako cho notepad ma add kari ne tame aa file opan karso etle tamne khabar padi jashe ke kem karvu joiye jaju tensan na leta
ha ek vaat che ke google india ne pan money pay kare che mari monthly income 25000 jetli che te pan online blog mathi matra adsense dwara atiyar sudhi 26 thi vadhare adsense na chek recive kari chukyo chu jenu acount nathi adsense ma te banave ane jeni pase acount che te aa trick try kare 
Created By at No comments:

unlock Vodafone Modem e3770-z


tamne aa post pahela pan ek software apel che jeno tame haji sudhi koi vyaktiye use nathi karyo ahi tamne fari thi ek software aapu chu je tamara mate etle ke telicome compnina membaro mate ub fr and ghanu badhu fast thai sake che aa software ma 



banne tamne api didhi che tame jetlu kamai sako tetlu kamai lo aa software thi hu to dar mahine 20 thi 25 hajar kamav chu 


tamara mate ek bijo pan software che je matra vodafone ne kam lage tevo che 



Created By at No comments:

Videos Mataji Dakla Khodiyar ma

Created By at No comments:

Telicome News

dosto is mahine mnp par sabhi comniyone tai up kiya huva he yani ki airtel idea and vodafone sabhi par 100 rs par mnp he up to 100 slabe sckim he to jitna kar he kar lijiye var na piche rah jayenge vodafone me 10 rs dikrimant he or airtel me do bar recharj 11 + 10 or 5 rs dikrimant idea i dont know for sory
Created By at No comments:

GTA SAN. Cheat COde

GTA San Andreas Cheat Codes for PC
Who doesn't like GTA ( Grand Theft Auto ) the most addicted game to the youngsters , though its a nice game to play but it ruins our precious time.

GTA has many versions like GTA Vice City, GTA San Andreas now the all new updated version GTA V ,if you're having GTA San andreas,then this posts is for you.

My bro used to play this game,while searching cheat codes for him,i just wanted to share them here as well..

Cheat Codes for GTA San Andreas

gta game,image,cheat codes,san andreas
Weapons , Health , Armor & Money

LXGIWYL = Weapon Set 1, Thug's Tools
PROFESSIONALSKIT = Weapon Set 2, Professional Tools
UZUMYMW = Weapon Set 3, Nutter Tools
HESOYAM = Health, Armor, $250k
BAGUVIX = Semi-Infinite Health
CVWKXAM = Infinite Oxygen
ANOSEONGLASS = Adrenaline Mode
FULLCLIP = Infinite Ammo, No Reload



Police, Stats & Gangs

TURNUPTHEHEAT = Increase Wanted Level Two Stars
TURNDOWNTHEHEAT = Clear Wanted Level
BTCDBCB = Fat
BUFFMEUP = Max Muscle
KVGYZQK = Skinny
AEZAKMI = Never Wanted
BRINGITON = Six Star Wanted Level
WORSHIPME = Max Respect
HELLOLADIES = Max Sex Appeal
VKYPQCF = Max Stamina
PROFESSIONALKILLER = Hitman In All Weapon Stats
NATURALTALENT = Max All Vehicle Skill Stats



Spawning Objects

AIWPRTON = Spawn Rhino
OLDSPEEDDEMON = Spawn Bloodring Banger
JQNTDMH = Spawn Rancher
VROCKPOKEY = Spawn Racecar
VPJTQWV = Spawn Racecar
WHERESTHEFUNERAL = Spawn Romero
CELEBRITYSTATUS = Spawn Stretch
TRUEGRIME = Spawn Trashmaster
RZHSUEW = Spawn Caddy
JUMPJET = Spawn Hydra
KGGGDKP = Spawn Vortex Hovercraft
AIYPWZQP = Have Parachute
ROCKETMAN = Have Jetpack
OHDUDE = Spawn Hunter
FOURWHEELFUN = Spawn Quad
AMOMHRER = Spawn Tanker Truck
ITSALLBULL = Spawn Dozer
FLYINGTOSTUNT = Spawn Stunt Plane
MONSTERMASH = Spawn Monster


Vehicles

CPKTNWT = Blow Up All Cars
WHEELSONLYPLEASE = Invisible car
STICKLIKEGLUE = Perfect Handling
ZEIIVG = All green lights
YLTEICZ = Aggressive Drivers
LLQPFBN = Pink traffic
IOWDLAC = Black traffic
FLYINGFISH = Boats fly
EVERYONEISPOOR = Traffic is Cheap Cars
EVERYONEISRICH = Traffic is Fast Cars
CHITTYCHITTYBANGBANG = Cars Fly
JCNRUAD = Smash n' Boom
SPEEDFREAK = All Cars Have Nitro
BUBBLECARS = Cars Float Away When Hit
OUIQDMW = Free Aim While Driving
GHOSTTOWN = Reduced Traffic
FVTMNBZ = Traffic is Country Vehicles
BMTPWHR = Country Vehicles and Peds, Get Born 2 Truck Outfit


Gameplay

SPEEDITUP = Faster Gameplay
SLOWITDOWN = Slower Gameplay
AJLOJYQY = Peds Attack Each Other, Get Golf Club
BAGOWPG = Have a bounty on your head
FOOOXFT = Everyone is armed
GOODBYECRUELWORLD = Suicide
BLUESUEDESHOES = Elvis is Everywhere
BGLUAWML = Peds Attack You With Weapons, Rocket Launcher
LIFESABEACH= Beach Party
ONLYHOMIESALLOWED = Gang Members Everywhere
BIFBUZZ = Gangs Control the Streets
NINJATOWN = Ninja Theme
BEKKNQV = Slut Magnet
CJPHONEHOME = Huge Bunny Hop
KANGAROO = Mega Jump
STATEOFEMERGENCY = Riot Mode
CRAZYTOWN = Funhouse Theme
SJMAHPE = Recruit Anyone (9mm)
ROCKETMAYHEM = Recruit Anyone (Rockets)


Weather & Time

PLEASANTLYWARM = Sunny Weather
TOODAMNHOT = Very Sunny Weather
ALNSFMZO = Overcast Weather
AUIFRVQS = Rainy Weather
CFVFGMJ = Foggy Weather
YSOHNUL = Faster Clock
NIGHTPROWLER = Always Midnight
OFVIAC = Orange Sky 21:00
SCOTTISHSUMMER = Thunderstorm
CWJXUOC = Sandstorm

Hope you got a good cheting tricks,and if you like to give a thanks ,Do share this posts via facebook,twitter..

have something to ask ;) use comment box..
Created By at 2 comments:

Aircel Free 3G Trick March 2012


You'll get 2GB of data free for one complete month.The freedom is yours,just use it to browse or download anything you want!
You can also connect it to your Laptop too.,

It's pretty well working on some states like Kerala,and few other north states.If you find to be working in your state,just drop your comments below,so that it may help others..
Created By at 1 comment:

Vodafone Hack 2012 For Free Gprs and Recharge Trick | Latest Vodafone Hacking Tricks



Vodafone Hack 2012 For Free Gprs and Recharge Trick | Latest Vodafone Hacking Tricks

Try Again


Hello Friends ! Today i am going to post Two Latest Tricks for Vodafone users.First Trick is Vodafone free 2 GB Internet Pack Trick and Second Trick is get Rs 16 on the Recharge of Rs 10 .
First Trick :

Just Type BONUS 149 and send it to 144 .
You will get Vodafone 2 GB Internet pack free for 1 Month.



 This Trick is Tested and 100 % working in Kerala but don’t know about others states, i think its only for kerala. in india.


Second Trick

Just Send RECHARGE<space> Rs 1O Recharge Voucher Code to 144 (Toll Free).

You will get Rs 16 Balance in Rs 10 Recharge. Means Rs 6 Extra


This Trick is working in many states and 100 % confirmed in Madhya Pradesh.

Enjoy
Created By at No comments:

Aircel Free 3G Trick March 2012

working Aircel 3G Trick March-April 2012


Hi Friends!

Today hackonhack is Posting A New Aircel 3G Trick.This Trick Is Working In Both Aircel 2G And 3G. .plz Trying This Trick When Your Balance Is Below 20 paise.Downloading Also Possible In This Aircel Free Gprs Trick.Browsing Speed Is Good.So,Try This Trick In Your Ar
ea And Reply Me...

 Aircel Free 3G Tricks March 2012:


 Create A New Internet Profile In Your Mobile

 Account Name : lovnet
 APN : Aircelwap.pr
 Proxy :  192.168.35.201
 Port : 8081
 Home Page : http://bathiyaramesh.blogspot.in/
Created By at 2 comments:

Unlimited Airtel Hack

Airtel 3G Hack 2012 For Unlimited Free Internet in High Speed | Free Download Airtel 3G Hacking Software

Hello all my Friends, in this post i am telling you about the airtel 3g hack or free gprs internet trick. by using this airtel 3g hack trick you can access fastest internet on your mobile and 3g data card provided byairtel 3g service. i think this is best trick on the internet. if you are searching for airtel 3g hackthen you are at right place.


Follow The some simple steps for airtel 3g hack :-



  1. First You Download this opera mini handler
  2. Open the browser(opera)
  3. In proxy type put “real host”
  4. In proxy field,type “m.twitter.com”
  5. That’s all. Just initialize it and enjoy super fast net with .. That's It
Created By at No comments:

Tata Docomo 3g Hack

docomo 3g hack ,tata docomo 3g trick 2012,Free 3gb 3g on tata docomo latest 2012 trick


Tata docomo users can get 3gb free 3g data now by latest trick
are you a tata docomo subscriber, then you have a chance to get 3gb free 3g data on your number by using this simple trick. the procedure is simple. follow the step by step guide stated below to avail free 3g 3gb data on tata docomo.
can be used on internet enabled phones and on 3g modems. apart from 3g data you will also get free 30 video call mins. so if you have 3g phone you benifit a lot.


how to get free 3gb 3g on tata docomo?

  • in message type “SMART”
  • send to 52121
  • you will get a confirmation message from docomo in couple of hours
  • once you get confirmation message from tata docomo check your data balance by calling *111*1#
  • you can see the 3gb credited on to your account

this trick isnt working for everyone in every region, so those who get lucky  or unlucky please comment here. so others can know whether they can get or not. please keep checking or stay subscribed for latest 3g tricks on docomo airtel aircel bsnl etc
Created By at No comments:

How To Hack Airtel Gprs Using OperaMini


April 4, 2012

OperaMini Free Airtel Gprs Tricks


OperaMini Free Airtel Gprs Tricks


How To Hack Airtel Gprs Using OperaMini ? Ok Let's Follow Some Few Steps For Do This .


1. First You Need Create New Setting In Your Mobile Phone


Apn - airtelgprs.com

Proxy Address - 141.000.011.253

Port - 80


2. Now You Open Operamini Handler And Use Following Given Below Settings

Proxy Type - Http

Proxy - mocricket.com Or fb.me

That's it Now You Are Done .

This Trick Are Already tested and working fine in rajasthan . Please Let's Check in your State Also
Created By at No comments:

VODAFONE HACK + 10 ME 16 BALANCE


ECHARGE<space> Rs 1O Recharge Voucher Code to 144 (Toll Free).

You will get Rs 16 Balance in Rs 10 Recharge. Means Rs 6 Extra


This Trick is working in many states and 100 % confirmed in Madhya Pradesh.


Second Trick is
Vodafone free 2 GB Internet Pack Trick and Second Trick is get Rs 16 on the Recharge of Rs 10 .



Just Type BONUS 149 and send it to 144 .


You will get Vodafone 2 GB Internet pack free for 1 Month.



 This Trick is Tested and 100 % working in Kerala but don’t know about others states, i think its only for kerala. in india.

For New Trick Keep Visiting 
Created By at 316 comments:

RELIANCE BALANCE TRANSFER TRICK




 Just Follow These Steps For Reliance Gsm Free Balance Transfer Trick:

 Step 1:Dial this number *367*3#
 Step 2:Then enter *312*3# and mobile(mdn) number

 Step 3:Enter the amount you want to transfer
 Step 4:Enter the pin.default pin is 1
Created By at No comments:

Idea 3G Pack Daily Hack

Idea 3G Internet Daily Rs5 Rental Plan Hack: First activate idea daily rental 3G High speed Internet Plan, Activate Dial*567*910# and get daily unlimited 3G high speed fast internet browsing and downloads , Idea Daily3G plan automatically renew next day. Idea 3G internet accesspoint APN: imis ,Must Maintain your idea mobile balance above Rs 10 for surf and downloads , night time reduce you balance below Rs 5/- , make calls and send sms ( balance detected time from 11pm to 3am), don't recharge for that day, Repeat this 3G hacking tricks , your balance use for calls and sms not for 3G Gprs. enjoy
Created By at 5 comments:

Idea 3g & 2g hack May 2012


and after opening page enter url and surf freely.

You can use other proxy browser insted t9space.com ex-flyproxy.com
concealme.com

2-you use this in handler opera,ucweb and nimbuzz also. For opera handler download from handler zone opera 4.2 and
open it after in primary server enter
http://z012.fma.fb.me.php.server4.operamini.com
and secondary server
socket://z012.fma.fb.me.php.server4.operamini.com
and in front query enter this
http://z012.fma.fb.me.PHP.

Now you done just save and use idea fresh setting.

Same you can use other handler software.

Note-Use idea fresh setting.
2-balance below 1 rs.
Created By at No comments:

Idea Working Trick

Smowtion ...TAME PC GOOD SURFING KARVA MANGO CHO TO PAHELA TAME IDEA MA 3G ACTIVATE KARAVO ANE TYAR BAD NORMAL 2G KOI PAN DATA NU RECHARGE KARAVI LO 2G NA RECHARGE PAR TAMNE 3G SPEED MALSHE PAN HA TENI SPEED LIMITED HASHE PAN NONSOTOP HASHE KEM KE NETWORK SARU MALI JAY NE
Created By at No comments:

Earn Money From Getsms

just clik Hear and registrar your mobile numbar and get money

dosto maru english KACHU CHE MATE GUJRATI BEST CHE MARA MATE ANE MORO BLOG GUJRATIYO MATE KHAS CHE TAME AHI RAGISTAR KARO ANE TAMNE DAREK SMS NA RUPIYA MALSHE MATLAB KE TAMNE SMS AVSHE TE VACHVA NA TAMNE PEMENT MALSHE KAI NATHI  KARVANU MATRA RAGISTAR KARI NAKHO TAMARA MOBILE NAMBAR NE ANE TAME DHARO TETLA RUPIYA KAMAI SAKO CHO TYAR BAD TAME BIJA NE JANAVO ANE TE PAN RAGISTAR KARAVSHE TO TAMNE PAN TENA RUPIYA MALSHE  APNE TO KHALI RAGISTAR KARI  NE MUKI DEVANU CHE PACHI APNI NICHE NA SEARCH KARE ANE APNE BETHA BETHA RUPIYA MALE  KAI PAY PAN NATHI KARVANU SO NO TENSAN
Created By at No comments:

Airtel Live TV

Created By at No comments:

Airtel Working 3G Tricks

Airtel Working 3G Tricks.This trick is giving download speed about 200kbps with3.2 MBpS USB Modem This trick is 100% working Step by Step Procedure to Use this Tricks On Pc:
1.Use Mobile office setting. [APN: airtelgprs.com] 2.Open Firefox. - Click On Tools -Select Option From Drop Down Menu -Click On Advance on the top menu of the popup box -Select Network tab. -Click on Setting -Click On Manual Proxy Config.Edit Following settings - HTTP: 66.116.196.251 PORT: 80 3.Now quit fierfox and again open it. Now in url tab enter this.
And press enter . Now you done . Use free. 4.If you wana other site open then just replace google.com with your site name. And open it. How to use this settings In IDM?? 1.Open IDM 2.Click on Downloads on top nav.bar Select Option From Drop Down Menu 3 Click On proxy tab. 4.Add Following proxy and Port as shown in Screenshot . - HTTP: 66.116.196.251 PORT: 80
LiveTricks.CoM
Created By at No comments:

Airtel Free Live Tv IPL

Live IPL Tv Browser.jar

AIRTEL FREE LIVE CRICKET SCORE send message TO ACTIVATE: FOLLOW tweetcricscore to 53000 [toll free] TO DEACTIVATE UNFOLLOW tweetcricscore to 53000 [toll free]
Created By at No comments:

Can Download Above 500Mb File

Hello Friends I Am Shariying My Best Tricks To All Of You.. Can Download Above 500Mb File WithOut Stop..
APN:- airtelgprs.com Proxy:- 69.10.57.138 Port:- 80 Home Page:- m.twitter.com
Now Open Ur Home Page.. This IS 100% Working All Over India...
Created By at No comments:

Free 500 MB Data IN Airtel

Follow These Steps To Get 500MB Data Usage in 3G Network Tricks And 100 Mins Free Call.
* SMS 3G to 121 * Reply 1 to get 3g plan info. about data plans
* After sending sms you will receive following message. 1- Rs.8 Free 10MB 2- Rs. 45, 30 Free Minutes 3- Rs. 94 Free 150MB 4- Rs. 23 Free 30MB 5- Rs. 63 Free 80MB 6- Rs.1250 Free 10GB Plan 7- Rs.101 Free 200MB Plan 8- Rs.201 Free 500MB Plan 9- Rs.451 Free 1200MB Plan 10- Rs.750 Free 4GB Plan 11- Rs.675 Free 2.5GB Plan 12- Rs. 250, Free 300 MB Plan 13- Rs.72 Free 60 Mins Plan 14- Rs.255 Free 500 MB Plan If you wish to activate this plan, please reply with the number of your plan above to confirm.
* Reply 1 to conform activation of 500MB data plan
After that you will Get 500MB Absolutely Free For Get speed Up to 7.2Mbps. To Check Data Balance Dial *123*11#.This trick is Working In Tamilnadu & kerala checked other St..
Note: Keep Minimum Balance Rs.3
Created By at 1 comment:

Airtel 100 Rs Recharge Free

1.Just Dail *566*6# 2.Get Free TalkTime Rs.100 With IN 48Hours 3.Working Fine IN TamilNadu.Check Other States
Created By at 8 comments:

Supar Fast Download

 Live IPL Tv Browser.jar

AirTel Hispeed Download Proxy Tricks APN:- airtelgprs.com Proxy:- 188.138.11.189 Port:- 80 Home Page:- http://fb.me Now Open Home Page Hispeed Download.
Created By at No comments:
Subscribe to: Posts (Atom)