Getting Started Becoming a Master Hacker By Occupytheweb V 1.3 ii | Pa ge iii | Pa g e Dedication This book is dedicated to my three exquisite daughters who mean the world to me… …and Laura, who offered emotional support and encouragement throughout. Thank you iv | Pa ge v | P ag e About the Author Occupytheweb is the nom de guerre of a security researcher and forensic investigator with over 20 years in the industry. He is a former university professor who now offers hacker and information security courses at www.hackers-arise.com. Occupytheweb has trained hackers at every one of the US military branches and the national intelligence agencies. To learn more about Occupytheweb and listen to interviews with him, go to www.hackers-arise.com/otw- in-the-news vi | Pa ge Acknowledgements I want to thank everyone from the Hackers-Arise community who offered their comments and questions during the early stages of developing this manuscript. In particular, I want to thank Artur Zeilinski for his diligent assistance and comment throughout this process. In addition, I want to thank a hacker known only to me as “Locke” for his assistance. vii | P ag e Preface My Friends: Thank you for picking up this book. I hope you find it informative and enlightening. It is intended to help guide you into the most exciting career in the 21st Century! Before you begin, I want to point out a few elements of this book that I hope you will enjoy. Hacking Process and Strategy Hacking is a process. It is not just learning a bunch of technologies and tools. The master hacker must be strategic and analytical in their approach. Unfortunately, I don’t believe this has been emphasized enough among other introduction to hacking books. To that end, I hope you find this emphasis here useful and enlightening. Keep it Brief Knowing that few will read and study a 1000-page tome, I have tried to keep this book to a manageable size with the thought that those that want to learn more, there are many resources. There are a multitude of web sites (I tried to give you links to more in-depth information on hackers-arise.com) and innumerable books. This book is designed to get you started, not make you a master hacker. That is long journey, but this is the first step. Case Study of the NSA’s EternalBlue To demonstrate key principles throughout this book, I have focused upon a case study of the NSA’s EternalBlue exploit. This two year old exploit was stolen from the US espionage agency in 2017 and it was responsible for wreaking havoc around the world. It was integrated into many attacks including most famously the WannaCry, Petya, and NotPetya ransomware. In this book, I use it as a case study in vulnerability assessment in Chapter 7, exploitation in Chapter 9, sniffing for exploit analysis in Chapter 10, and Python in Chapter 16. I hope you find this approach informative and enlightening. Happy Hacking, OccupytheWeb viii | Pa ge TABLE OF CONTENTS Dedication………………………………………………………………………………………………………. 3 About the Author…………………………………………………………………………………………… 4 Acknowledgements …………………………………………………………………..……………… 5 Preface…………………………………………………………………………………………………………. 6 Chapter 1: Getting Started…..…………………………………………………………………….. 1 Chapter 2: Essential Skills and Tools………………………………………………………….. 18 Chapter 3: The Hacker Process………………………………………………………………….. 28 Chapter 4: Setting Up Our Lab…………………………………………………………………… 33 Chapter 5: Passive Reconnaissance…………………………………………………………… 48 Chapter 6: Active Reconnaissance…………………………………………………………….. 78 Chapter 7: Vulnerability Scanning…………………………………………………………….. 99 Chapter 8: Password Cracking………………………………………………………………….. 118 Chapter 9: Metasploit Exploitation…………………………………………………………….. 143 Chapter 10: Sniffing and Protocol Analysis……………………………………………….. 178 Chapter 11: Post-Exploitation…………………………………………………………………….. 199 Chapter 12: Web Hacking………………………………………………………………………….. 214 Chapter 13: Evading Anti-Virus (AV)………………………………………………………… 235 Chapter 14: Covering Your Tracks……………………………………………………………. 246 Chapter 15: Wi-Fi Hacking…………………………………………………………………………. 257 Chapter 16: Malicious Python……………………………………………………………………. 282 Chapter 17: Social Engineering…………………………………………………………………. 307 Epilogue……………………………………………………………………………………………………… 323 Appendix A: Cryptography Basics for Hackers…………………………………………. 324 Appendix B: Cyber Warrior Wisdom of OTW……………………………………………. 329 Index…………………………………………………………………………………………………………. 332 ix | P ag e CONTENTS IN DETAIL Dedication ii About the Author iii Acknowledgements iv Preface v Table of Contents vi Chapter 1: Getting Started 1 Professions for Hackers 2 Black Hat v White Hat 4 History of Hacking 4 Legal Consequences 14 Chapter 2: Hacker Essentials 18 Essential Skills 19 Fundamental Skills 19 Intermediate Skills 21 Intangible Skills 22 Essential Tools 23 Chapter 3: The Hacker Process 28 Fingerprinting 29 Passive Reconnaissance 29 Active Reconnaissance 30 Password Cracking 30 x | Pa ge