2) The hacker manifesto
3) What is hacking?
4) Choosing your path
5) Where should I start?
6) Basic terminology
9) Java Driveby’s
11) Dosing and DDosing, what’s the difference?
12) Staying anonymous
15) Alternatives, tips and tricks
16) Extending your knowledge
17) Closing section
SECTION 1 – Introduction
Hi there. If you are reading this, you’re either an eager to learn beginner hacker, or an upgraded member here to judge my work. Well, in either case, I’m sure you will enjoy this thread and increase your knowledge of hacking. I will be going over ALL the basics of hacking, and a lot more. I’ve included tutorials aswell, so you could say this is an all-in-one guide.
SECTION 2 – The hacker manifesto
The hacker manifesto (also known as the conscience of a hacker) is an essay written by a hacker known as ‘The Mentor’. It is often said to give an insight into the psychology of hackers. If you are hoping to start learning the art of hacking, this will certainly give you the right mindset for the job. “The Hacker Manifesto by +++The Mentor+++ Written January 8, 1986 Another one got caught today, it’s all over the papers. “Teenager Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”… Damn kids. They’re all alike. But did you, in your three-piece psychology and 1950’s technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world… Mine is a world that begins with school… I’m smarter than most of the other kids, this crap they teach us bores me… Damn underachiever. They’re all alike. I’m in junior high or high school. I’ve listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. “No, Ms. Smith, I didn’t show my work. I did it in my head…” Damn kid. Probably copied it. They’re all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it’s because I screwed it up. Not because it doesn’t like me… Or feels threatened by me.. Or thinks I’m a smart ass.. Or doesn’t like teaching and shouldn’t be here… Damn kid. All he does is play games. They’re all alike. And then it happened… a door opened to a world… rushing through the phone line like heroin through an addict’s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought… a board is found. “This is it… this is where I belong…” I know everyone here… even if I’ve never met them, never talked to them, may never hear from them again… I know you all… Damn kid. Tying up the phone line again. They’re all alike… You bet your ass we’re all alike… we’ve been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We’ve been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert. This is our world now… the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn’t run by profiteering gluttons, and you call us criminals. We explore… and you call us criminals. We seek after knowledge… and you call us criminals. We exist without skin color, without nationality, without religious bias… and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.”
– Taken from http://www.mithral.com/~beberg/manifesto.html
That is the essay. It’s quite impressive isn’t it? After reading it you should have an idea of the mindset any hacker should have. I read it about 5 months ago and it has certainly sent me on the right track.
SECTION 3 – What is hacking?
What is hacking? Well, whatishacking.org defines it as “the practice of modifying the features of a system, in order to accomplish a goal outside of the creator’s original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker. Computer hacking is the most popular form of hacking nowadays, especially in the field of computer security, but hacking exists in many other forms, such as phone hacking, brain hacking, etc. and it’s not limited to either of them.” – Taken from whatishacking.org That’s a great definition but in my opinion hacking is much more than that. In my opinion, hacking isn’t something you can just ‘learn’. It’s not just a skill, it’s an art. Hacking requires knowledge. Knowledge is power. In order to gain said knowledge, and the power that comes with it, a change of lifestyle is required, along with a certain amount of secrecy. Learning ‘how’ to hack takes time and dedication. There’s no easy way to get better at it. That’s right, no shortcuts and its unlikely you’re going to get a helping hand. Like everything else in life, it takes practice. Don’t go crying to others if it doesn’t work out, just keep calm and carry on. If you are serious about becoming a hacker, you will need to be willing to change your lifestyle, and dedicate yourself to the task. With enough dedication and hard work you will excel at hacking.
SECTION 4 – Choosing your path
Ask any stranger what a hacker is, they will probably give you a really negative answer; identity theft, hacking accounts, stealing, to name a few. The reality is actually quite different. There are a few kinds of hackers, you probably only know about the bad ones. This section should give you a better understanding of the different kinds of hackers, and help you decide which kind you should become.
Black hat hackers: These are the bad guys you always hear about. These are the people giving other hackers a bad name. Black hat hackers are the ones who commit crime. They steal identities, hack accounts, ddos sites and just go about causing havoc.
Grey hat hackers: Grey hats are basically good guys. They still do illegal stuff, but they report it to the person/company they are targeting. So… Basically they do bad stuff and help people to fix it.
White hat hackers: White hat hackers are the good guys. They fix stuff and help people. They don’t do illegal stuff. You’ve probably never heard of an event where a hacker does something good but these guys do that all the time.
Examples of white hat hackers are:
• Cyber security teams
• IT consultants
Now that you have a better understanding of the ‘types’ of hackers, you need to choose your path. This requires a lot of thinking, because you need to consider the possibilities of each path. Black hat is the easiest path to choose. It’s ‘fun’ and it has the most benefits. It also is the only one that will get you in trouble and maybe even arrested. Grey hat is a slightly more difficult path. You (technically) are a good guy but most people won’t see you as such. Grey hats have a hard time because although they are trying to help, the method they are using isn’t really that legal. If you do choose to be a Grey hat, be aware that some people won’t believe you are really trying to help, and you may still get in trouble. The last and most difficult path is White hat. As I mentioned before, White hats are the good guys. Their job is to help. Becoming a White hat may seem boring but you are helping people, and that should be a reward in itself. The only problem with becoming a What hat is that you will have to start out as a Black hat. I personally would recommend that you start out as a Grey hat. You’ll get more out of it.
SECTION 5 – Where should I start?
This is the question that most people ask. I honestly don’t think there is any one place to start. Ask around on any forum and people will always tell you to learn to use RAT’s and keyloggers. To be honest I wouldn’t recommend doing that straight away. I would advise to learn the basic terminologies of hacking (see section 6) and try to get an idea of exactly what everything means. It’s really important to understand stuff before you go downloading random hacking programs from the Internet. It you don’t know how to use them, or if they are viruses, you only have yourself to blame.
SECTION 6 – Basic terminology
As I mentioned in the previous section, it is important to have a decent amount of knowledge about hacking before you can start. So I’ve taken the liberty of typing up a list of common terminologies you should know.
Ddos – Distributed denial of service attack. This is where a website is flooded with packets of data from multiple sources and the server basically overloads. Ddos attacks are often confused with Dos attacks.
Dos – Denial of service attack. This is where a site is flooded with packets of data from a single source. A Dos isn’t as effective as a ddos, but it is a lot easier, as you can Dos straight from cmd.
404 Error – The error you are given when a site is down. If you have attacked a site and don’t see this, your attack wasn’t successful.
cmd – Command prompt. This is basically MS-Dos, except it’s now just a program with some commands rather than an OS. Cmd can be used to perform tasks using commands.
.bat – Batch file extension. This is the file type which is opened in cmd. Most .bat’s that you will see online will be malicious. Some are good though.
RAT – Remote Administration Tool. RAT’s are the most commonly used tools by beginner hackers. RAT’s are favored because they are easy to use and they perform many functions. They also allow control over of the infected computer, which makes them very popular. Slave – A user which has been infected with your keylogger/RAT.
Keylogger – A program which logs the keystrokes of a computer. These are usually the first things that beginner hackers learn to use. They have a lot of functions but they aren’t as good as RAT’s.
Crypter – A program used to change the hash sum of a malicious program so that it is undetectable by anti-virus programs.
FUD – Fully UnDetectable. A program which is FUD cannot be detected by ANY anti-virus program. UD – UnDetectable. A program which is UD is mostly undetectable but can be detected by some anti-virus programs.
JDB – Java Driveby. A fake site which contains a java applet. This java applet is used to download and execute (run) a certain program. The victim as to click the ‘allow plugin to run’ button to start the applet.
Silent Java Driveby – A java driveby that’s downloads and executes a file without the user seeing any pop-ups. These are more effective than normal java driveby’s as they are less suspicious.
Direct link – The direct download link to a certain file. When you download a file from a site (e.g. Mediafire), you are given a download link which redirects you to a page with a download button. However a direct link is a link which leads directly to the file. There is no download button, the download starts straight away.
FTP – File Transfer Protocol. An FTP server is a server used to store and send files.
OS – Operating system
vb – Microsoft Visual Basic. This is a coding language used to make a lot of programs.
.NET – Microsoft .NET framework. This is another coding language made by Microsoft. It is used to create programs.
C/C+/C++/C# – Commonly use coding languages. They are often used to code games.
IP address – The address used to identify your network while on the Internet. Every computer has a different IP address, and therefore every IP address is unique.
VPN – Virtual Private Network. This is a network you can connect to on a computer. It will give you anonymity while online. A VPN will hide your IP address by tricking sites and programs into thinking you are somewhere you are not.
Proxy – A proxy redirects web traffic through a virtual tunnel to another IP address. A proxy is like a VPN but only tricks websites, not the whole computer. That may seem like a lot of things to remember, but it’s not that much considering those are just the basics. Don’t let that put you off learning though, once you start to learn one thing, another will follow and so on so forth.
Keylogging is one of the most basic things in hacking. I explained what a keylogger is in section 6. Downloading a good, free keylogger isn’t that hard to do. Just search around HackForums and you will find one in about 30 seconds. I would recommend using SysLogger as it is free and really easy to use. It has many features and allows for the logs to be sent via Email or an FTP server. SysLogger has a really nice interface, so you should be able to figure out how to use it. However if you can’t figure it out, or would like to know how to use it before getting it, here is a tutorial I typed up a while ago:
Are your friends bothering you? Need to get back at someone? Or do you just want to learn some of the basics of hacking accounts? In any case, this thread will be INCREDIBLY useful to you.
First of all, heres what this method will require and what it will involve:
– Computer (duhh)
– Internet connection
– Keylogger, we will be using one called SysLogger
– Making a fake program that the target will want to open
– An email (preferably a Gmail)
So, lets get started.
First thing you will need is SysLogger. You can download it at the bottom of the thread.
Open it up. You will be given a message, just click ‘OK’.
It should open up the GUI.
Tick the following boxes:
– Encrypt email
– Delete cookies
– Block AV sites
– USB spread
– Kill Taskman (optional, leave blank if you want this to be more stealthy)
– Force steam
– Clipboard logger
– Screen logger
Those options will do the following:
Stealers = Sends you saved passwords for internet browsers
Block AV site = Stops the victim from checking an antivirus site if they get suspicious
USB spread = Infects any USB devices plugged into the machine, so if they are put into other computers they will infect them
Startup = Runs the keylogger every time the machine is switched back on
Kill Taskman = Stops the victim opening task manager
Clipboard logger = Saves anything copy/pasted
Screen logger – Sends you a screen shot of the victims PC
Next we have to tick the box called ‘Enable Error’. This will give the victim an error message when they open the file, make sure you put in something creative, but relevant the fake program.
Click ‘Test Error’ to make sure it is working.
Now we need to fill in the mailing options. I recommend using mail as opposed to FTP because it is more secure and its a lot easier. Put in your email address and password. If you are using a Gmail you don’t have to change the ‘SMTP’ options, if you aren’t google the SMTP options for your email provider. Click ‘test email’, if a box pops up saying success, you’ve done everything right, if not, go back and do it again. There should be a box below that which says ‘Interval’. Set that to whatever time you want.
Now click ‘Change file properties’. This will open up another GUI. Find an icon that suits your fake program here
The icon changer might not work for everyone. If it doesn’t, download a free icon changer from google.
Close the properties window.
Click ‘Build Server’. This will build the keylogging file. Make sure you have your antiviruses disabled as they will delete the file. You can reactivate them when you are done.
Congrats, you’ve built the keylogger!
Now all you need to do is send it to your victim and get them to open it!
If you accidentally open your keylogger, just open up SysLogger and click ‘Cure’. Type in the name of the file and you will be cured.
I hope you guys find this useful!
If you do, please post a thanks.
Hope this helps you guys
SECTION 8 – RAT’s
RAT stands for Remote Administration Tool (though some people say it stands for Remote Administration Trojan). You can find a definition of what a RAT is in section 6. As I mentioned in that section, a RAT has a lot more functions than a keylogger. Using a RAT can also allow you to get photos of your slave if they have a webcam. I don’t currently have a tutorial on how to use a RAT, so you will have to search for one yourself, sorry about that.
However I do recommend the following RAT’s:
• Dark comet (free)
• Blue banana (paid, but very cheap)
They are very easy to use and have many useful functions. In my opinion I think those are the best RAT’s around (that don’t cost too much).
SECTION 9 – Java Driveby’s
Java driveby’s (often referred to as JDB’s) are the easiest way to infect people with your RAT/keylogger. A detailed definition of a JDB can be found in section 6. But to sum it up in a few words, a JDB is a fake site that uses java to infect people. JDB’s are incredibly easy to set up. All they need is a webhost which allows you to upload files. Some good free ones are 000webhost.com and dolphhost.com. I recommend 000webhost because it is easier to use. It also offers free domains.
SECTION 10 – Crypters
Crypters are programs which are used to change the hash sum of a malicious file so that they are not detected by anti-virus programs. Crypters which are FUD are better because they make files completely undetectable. UD crypters make the file mostly undetectable but some programs can still detect it. If you are thinking about setting up a JDB or any other method of spreading your RAT/keylogger, I recommend making your server FUD as it will increase the chances of actually getting slaves. If you want to get a crypter, there are a lot of free ones and paid ones around. I recommend getting a paid one as it will stay FUD for longer.
SECTION 11 – Dosing and DDosing, what’s the difference?
People often get confused when they are asked to explain the difference between a dos and a ddos. It even confuses me a little bit but I will try my best to explain it. A dos is a simple denial of service attack. It takes a web page offline for a moment but the attack isnt distributed, so it won’t affect everyone. It isn’t that effective. However a ddos attack distributes the attack, meaning it will affect other people aswell. This is a much more effective way of taking down a site as it will affect more people.
If you want to know how to do either of these, there are a few different methods:
• Dosing program
• DDosing program
• Use cmd to ping the site
• Host booter
• Refreshing the page
I will be going over the following:
– Using a DDosing program (DDos)
– Using cmd to ping the site (Dos)
– Refreshing the page (Dos)
Using a DDosing program: There are a lot of programs that can do this. I recommend one called Goodbye. It’s hard hitting and free. To download it go to: http://www.mediafire.com/download.php?9jy6y8t9rjcj4fu
How to use Goodbye: Find the URL of the site you want to DDos. Type in the site and then the page you want the traffic to go to.
Example: Site – website.com Page – /example.htm
Press “Start ” to start the attack.
Once the number of blocked packets is above 400 you should stop the attack as anything after that will be redundant (won’t have any further effect).
Pinging the site: I couldn’t remember this method off the top of my head so I have referenced a post made on NextGenUpdate.
1. Open cmd and type ‘ping example.com’ ^Replace example.com with the site you want to attack
2. Write down the IP address that shows up.
3. So you would type this in ur cmd: ping XX.XXX.X.XXX -t -l ##
^Replace XX.XXX.X.XXX with the IP address you want to attack
^^Replace ## with the amount of time you want to send the attack for. The longer the attack, the more effective it will be.
4. Allow the process to finish. Check back a bit later to see if the site is down.
Refreshing the page: You are probably thinking I’m an idiot for posting this method, but it’s probably not what you expected it to be.
I’d like to point out that this method does not involve:
• Pressing F5
• Clicking refresh
So… You guessed it. We will be using an auto-refresher. I recommend Auto-Refresh Plus in the Chrome webstore. Download it and select custom time. Set it to 1 second. This will reload the page every second, and eventually overload the server. This may take some time.
SECTION 12 – Staying anonymous
Staying anonymous while online is something that many people can’t seem to do. Every day, I go on HF and look through the beginner hacking section. And every time I see 10-20 threads all asking the same sort of thing. “How to hide IP?” “Change IP?” “Free VPN?” “How to staying anonymous?”. And I always see the same replies. “Damn kid. Doesn’t even know how to use a proxy” “We are not your army” “Ever heard of this magical thing called Google?” “Use the search button before posting”. For those of you that encounter that sort of thing, I hope the following sections answer your questions. First off, why is it important to stay anonymous? Well, this question shouldn’t really need answering. If you don’t stay anonymous, your effectively allowing people to steal your identity. It’s important to cover your tracks while online because there will always be somebody there, waiting to exploit even the first slip-up they see. Moral of the story: STAY ANONYMOUS!! The following 4 sections will teach you how to do that.
SECTION 13 – Proxies
Everyone has heard of proxies. Thing is, most people have no idea how to use them. Before I show you how to use a proxy, I will explain a little bit about what a proxy is and what it does. Every network has its own IP address. When you visit a website, it logs your IP address. Now, some websites don’t like certain IP addresses to access them. So they block that IP address from accessing the page. What a proxy is, is basically a tunnel that all the traffic from that page goes through. The tunnel sends the traffic to another IP address. This tricks the website into thinking that the IP address at the end of the tunnel is yours, and allows you access to the page. Now that you know what a proxy is, you can set one up. First off, find a proxy (free proxies can be found athttp://hidemyass.com). Every (common) browser has proxy settings, so find your browsers proxy settings area. For Google Chrome, go ‘Tools’–>’Advanced’–>’LAN options’–>’Proxy settings’. Type in the proxy then select the appropriate settings (e.g. HTTPS or Socks5). Then you need to restart Chrome (just close it then open it again). Go to http://whatismyip.com to check if the proxy is working properly. If it is, it should display a different IP to your actual one.
SECTION 14 – VPN’s
Many of you have probably heard of VPN’s before. For those of you who don’t know what they are, VPN’s are VirtualPrivateNetworks. A detailed explanation of what they are can be found in section 6. Connecting to a VPN is really easy.
I will teach you how to connect to a VPN on:
• Your PC
• Your iDevice
Before I teach you how to do that, you will need to find a VPN to use. Here is a list of VPN’s you might want to try.
• http://bestcanadavpn.com Best Canada VPN
• http://hideme.ru HideMe.ru
• http://hotspotshield.com Hotspot Shield
• http://hidemyass.com HideMyAss
• http://nvpn.comn VPN
• http://openvpn.net OpenVPN
How to connect to a VPN on your PC:
This will teach you how to connect to a VPN on your PC.
– Click on the WiFi icon on the taskbar.
– Select the option ‘Open Network and Sharing Center’
– Click ‘Connect to a new connection or network’ – Select ‘Connect to a workplace’ and then click next
– Click next – Select ‘Use my internet (VPN)’ – Type in the address of the VPN you want to connect to
– Type in the username and password then click Connect – You should see the screen
You’re done! This should appear.
How to set up a VPN on your iDevice:
Heres how to connect to a VPN using your iDevice. For this tutorial we will be using the free VPN, BestCanadaVPN. I will be going over all the steps needed to set this up and a few other things. First off, you need to open up settings. Now go “General”–>”Network”–>”VPN” Now tap the “Add VPN configuration” button. It will bring up this menu. Now fill in the boxes with these. Description: VPN Server: bestcanadavpn.com Account: free Secret: (put anything here) Now we need to get the password. So open up safari and head over to bestcanadavpn.com You will see the password on the homepage. Now type the password into the “Password” box in the VPN configuration. Now tap “Save”. Congratulations! You have just set up the VPN on your iDevice! Now you need to connect to it. To do that just press the “On” button. Once you are connected, it will say so and a VPN icon will appear in the status bar. ***PLEASE NOTE*** The VPN password changes every 24 hours. Using a VPN will provide a significant amount more protection that a proxy, but won’t make you completely untraceable.
SECTION 15 – Alternatives, tips and tricks
This section will cover some of the alternatives to proxies and VPN’s. These methods are probably a little bit harder to use, but they are just as good (if not better).
Change your IP
Most routers have a setting which allows you to clone your MAC address and set it as your IP address. This allows you to hide your location and disguise it as. Use anonymous web searches Some sites offer anonymous web searches. This doesn’t offer very good anonymity, but hey, it’s better than nothing.
This amazing little shortcut can clear cookies and data, web history and autofill data incredibly quickly! It’s great and takes almost no time to do.
Put Tor on a USB
Tor is a network which provides anonymity while on the Internet. Most schools will not allow you to download it and install it. So just download it onto a USB at home and run it when you get to school. Your school won’t have a clue what you are doing online!
Use private browsing
Most browsers have a private browsing option. This opens up a session which doesn’t save cookies, and can’t be tracked in an administrator system. Its great because anyone can use it.
Double Desktop Switcher
Yup, everyone knows this one, but it does work! Download Double Desktop Switcher onto a USB and bring it to school. You can do whatever you want and when a teacher walks by just press the hotkey to change screens.
Use your mobile/iPod
Most schools think they are smart an monitor all the traffic on their computers. The reality is that they are dumb idiots as they don’t monitor mobile traffic. I have downloaded torrents and done a whole bunch of stuff on my iPod and my school hadn’t had a clue!
Use public computers
Don’t do hacking stuff from home. Go to an Internet cafe or the library. Bring all your stuff on a USB and run it from that.
If you seriously want to stay safe while online, try this: Go to a public place and use a public computer. Sign in with fake information. Connect to a paid VPN. Go online using private browsing. Then set up your browser so it used a paid web proxy. Open up Tor on your USB. Go to a site which offers anonymous web searching.
With all of that, your Internet will probably be so slow it’s unbearable, but you will be anonymous!!!! Oh yeah… did I mention that all of these will slow your internet connection speed? No? Too bad.
I’m kidding. They will slow down your connection, but not by very much, so the trade-off is worth it.
SECTION 16 – Extending your knowledge
“Don’t learn to hack, hack to learn”. You’ve probably seen that posted all around the internet. To a certain extent, it’s true. Hacking is often used to gain knowledge you wouldn’t otherwise be able to know. However if you don’t learn to hack, how can you hack?
This section will help you discover ways to extend your knowledge of hacking. Now, in order to do this, you will need to spend extensive amounts of time browsing the internet. There’s no other way. There are also no shortcuts. If you don’t put in the work, you won’t get the results. End of story.
Now that we’ve got that out of the way, let’s begin.
Since you’re probably too lazy to use google, here are some useful sites:
Those are pretty much the only sites you will need to start off with. They have almost ENDLESS supplies of knowledge, and have relatively friendly members. Sign up for those sites and you’ll be well on your way to becoming a successful hacker.