- Information gathering
- Scanning
- Gaining access
- Maintaining access
- Clearing tracks
I will talk about these each individually at a later time. Right now I'm busy trying to finish up some video tutorials.
Saturday, July 9, 2011
The 5 step process to hacking
I will talk about these each individually at a later time. Right now I'm busy trying to finish up some video tutorials.
Vulnerability Research Websites
Doing some research on vulnerabilities is essential to a hacker. Here's a list of sites you can visit to do just that.
Monday, July 4, 2011
commandprompt.exe Fundamentals
Being familiar with the command-line interface on your operating system is absolutely essential to being a good hacker. It also helps when you're having issues with your wireless network. Below is a list of various commandprompt.exe commands (the Windows operating system's command-line interface) that you should be familiar with.
Learn how to use these commands. Here you can find all these commands and their correct syntax.
- dir
- rmdir
- cd
- ren
- ping
- move
- ip config
- netstat
- Ctrl + c
- cls
- /?
- help
Learn how to use these commands. Here you can find all these commands and their correct syntax.
Thursday, June 30, 2011
Interesting Fact About regedit.exe
regedit.exe is a GUI (graphical user interface) application that allows a user with administrator privliges to modify the registry. Most people do not know of any other way of accessing/modifying data in the registry.
That brings up an interesting point. Suppose you are able to create a registry value that is hidden to regedit.exe. This would be enough to fool the majority of the population into thinking that the registry value does not exist. Interestingly enough, this is possible. If you create a registry value which is longer than 255 characters it will not be displayed in regedit.exe. The only way to verify the existence of such a registry value is to use the command prompt.
In order to do this you must know how to use the "REG QUERY" command. An example of how to use this command to check for hidden registry values in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" is below.
"REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s"
Note: When entering the command into command prompt do not include the quotation marks. Also, "REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" is where a lot of malicious programs create a registry value in order to run at startup. I will talk more in depth about the registry some other time.
I plan on dedicating my next post to explaining various command prompt commands and why they might be useful. I also plan on creating a YouTube account sometime in the near future so that I can upload some video tutorials.
That brings up an interesting point. Suppose you are able to create a registry value that is hidden to regedit.exe. This would be enough to fool the majority of the population into thinking that the registry value does not exist. Interestingly enough, this is possible. If you create a registry value which is longer than 255 characters it will not be displayed in regedit.exe. The only way to verify the existence of such a registry value is to use the command prompt.
In order to do this you must know how to use the "REG QUERY" command. An example of how to use this command to check for hidden registry values in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" is below.
"REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s"
Note: When entering the command into command prompt do not include the quotation marks. Also, "REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" is where a lot of malicious programs create a registry value in order to run at startup. I will talk more in depth about the registry some other time.
I plan on dedicating my next post to explaining various command prompt commands and why they might be useful. I also plan on creating a YouTube account sometime in the near future so that I can upload some video tutorials.
Tuesday, June 28, 2011
Good, Bad or Somewhere In Between
This post is intended to educate aspiring hackers about the different types of hackers and their motivations. Although you can be a good hacker without knowing this type of information, I believe that you will have a higher level of understanding about hacking in general if you do know this type of information.
Hackers always share one thing in common. They possess the ability to hack, but what are their intentions? What gives them the motivation to hack? In order to classify a hacker one must know the meaning of the following terms: white hat, black hate and grey hat.
White hat: The first type of hacker which I will be describing is a white hat (also known as an ethical hacker). A white hat is someone who hacks with good intentions. An example of a white hat is a penetration tester. A penetration tester is someone who is payed to attempt to exploit a network with the notion of finding vulnerabilities which were previously unknown to the network owner (usually an organization of some sort). They then report these previously unknown vulnerabilities to whoever is in charge of securing the network. White hats do not hack with malicious intent.
Black hat: A black hat can be thought of as the "bad guy". He/she hacks purely for their own personal gain or any other unethical reason. Black hats hack with malicious intent.
Grey hat: A grey hat is someone who is in between a white hat and a grey hat with their intentions. Their actions at times may classify as white hat or black hat. For example, a grey hat may find a previously unknown vulnerability in Windows and report it to Microsoft (white hat thing to do). The same person may also use a variety of vulnerabilities to hack into your computer (black hat thing to do). For this reason, grey hat hackers are a bit unpredictable in their behavior.
Hopefully now you have the ability to classify hackers based on their intentions.
Hackers always share one thing in common. They possess the ability to hack, but what are their intentions? What gives them the motivation to hack? In order to classify a hacker one must know the meaning of the following terms: white hat, black hate and grey hat.
White hat: The first type of hacker which I will be describing is a white hat (also known as an ethical hacker). A white hat is someone who hacks with good intentions. An example of a white hat is a penetration tester. A penetration tester is someone who is payed to attempt to exploit a network with the notion of finding vulnerabilities which were previously unknown to the network owner (usually an organization of some sort). They then report these previously unknown vulnerabilities to whoever is in charge of securing the network. White hats do not hack with malicious intent.
Black hat: A black hat can be thought of as the "bad guy". He/she hacks purely for their own personal gain or any other unethical reason. Black hats hack with malicious intent.
Grey hat: A grey hat is someone who is in between a white hat and a grey hat with their intentions. Their actions at times may classify as white hat or black hat. For example, a grey hat may find a previously unknown vulnerability in Windows and report it to Microsoft (white hat thing to do). The same person may also use a variety of vulnerabilities to hack into your computer (black hat thing to do). For this reason, grey hat hackers are a bit unpredictable in their behavior.
Hopefully now you have the ability to classify hackers based on their intentions.
An Introduction to Wireless Exploitation (the blog)
Hello everyone,
In this post I would like to get things started by letting you all know a little bit about myself.
I am currently a computer science major in college. I am interested in all aspects of computer science, but I would have to say that my top three interests within computer science are software engineering, wireless security and computer security. I love learning about these subjects as I find them very interesting.
I am looking forward to blogging about different ideas and topics which I find interesting. I hope that when you read my blog you will be able to take something away from it. I will do my best to update my blog a few times per week.
Thanks for reading!
In this post I would like to get things started by letting you all know a little bit about myself.
I am currently a computer science major in college. I am interested in all aspects of computer science, but I would have to say that my top three interests within computer science are software engineering, wireless security and computer security. I love learning about these subjects as I find them very interesting.
I am looking forward to blogging about different ideas and topics which I find interesting. I hope that when you read my blog you will be able to take something away from it. I will do my best to update my blog a few times per week.
Thanks for reading!
Subscribe to:
Posts (Atom)