SHARE
TWEET

N00bGuide

CyberAktivist Nov 16th, 2015 (edited) 9,841 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. _____ _                __            _         ___       _     _      
  2. /__   \ |__   ___    /\ \ \___   ___ | |__     / _ \_   _(_) __| | ___  ®
  3.  / /\/ '_ \ / _ \  /  \/ / _ \ / _ \| '_ \   / /_\/ | | | |/ _` |/ _ \ ©
  4. / /  | | | |  __/ / /\  / (_) | (_) | |_) | / /_\\| |_| | | (_| |  __/
  5. \/   |_| |_|\___| \_\ \/ \___/ \___/|_.__/  \____/ \__,_|_|\__,_|\___|
  6.                                                                      
  7.  
  8.  
  9. First and foremost, it is important for you to understand that 'hacking' is a broad term. There are many aspects
  10. to it, most of which require several programming skills, but that shouldn't stop you from using the tools made
  11. available by the internet for you to take advantage of.
  12. Go to the HTMLdog website and learn some HTML first, it is a great website and you will progress in no time. Also,
  13. consider Python as your first programming language; it is a tradition to recommend Python to newbies because it is
  14. the fundamental and appropriate language that will kickstart you in the world of computing. So, now that you are
  15. set and ready to continue with the quest, allow me to present to you a simplistic and minimalistic reference guide.
  16.  
  17. On a side note, before you start, make sure your internet connection has some sort of protection, either through a
  18. proxy or a VPN. DO NOT TAKE ANY RECOMMENDATIONS FROM OTHER ANONYMOUS MEMBERS, EVEN OPS.
  19. They could be trying to hook you up with a VPN-service that is cooperating with the feds.
  20. Do your own research on your VPN, Privacy policy, Terms of Agreement etc. NOBODY IS GOING TO JAIL FOR YOU.
  21. After that, pay with anonymous payment methods, again, do your own research on those methods too.
  22.  
  23. [PS: Do NOT perform DDoS attacks while on VPN. They may protect your data from the destination, but don't go as far
  24. as trusting them when you're sending endless packets over their servers. Needless to say, your safety is not of any
  25. concern to me so take care of yourself first.]
  26.  
  27.  
  28.  
  29. ----------
  30. OS Picking
  31. ----------
  32. For hacking specifically, it is recommended to use open source Operating Systems (OSes) such as Linux distributions
  33. that have root (Administrator) privileges in order to get the most out of the tools you use. Let me give you some
  34. ordered examples:
  35.  
  36. FOR LINUX NOOBS
  37. 1) Mint — great to learn Linux and for hacking as well, tools can be added easily, and has a lovely desktop.
  38. 2) Ubuntu — same as mint, but better approach toward learning Linux than just looking good. Mint is based on it.
  39. 3) Tails — strongly recommended as a Virtual Machine, it is closest to anonymity you can get.
  40.  
  41. Despite what other anons and the internet is saying, Kali isn't useful to you unless you have your own server to work on.
  42. The OS is broken and insecure, and is built for security pentesters.
  43. Kali will provide very poor security unless you know what you're doing.
  44.  
  45. --------------
  46. Wireless Cards
  47. --------------
  48. In case you do as I suggested above, and get yourself a Virtual Machine (VM) with either of the three recommended
  49. distributions, you will need a USB Wireless Network Adapter in order to be able to execute wireless attacks from it.
  50. This is needed because a Virtual Machine cannot share a single wireless card with the host machine. For the sake of
  51. convenience, price, accuracy, packet injection and sniffing capabilities, I strongly recommend a very widely used
  52. card called the Alfa AWUS-036NHA with the AR9271 chipset, which can be found by following the link directly below:
  53. http://www.simplewifi.com/alfa-802-11b-g-n-high-power-adapter-150mbps-atheros-ar9271-chipset.html
  54.  
  55.  
  56.  
  57. ---------
  58. Anonymity
  59. ---------
  60. There is a constant presence of fear in everyone's mind that our information is being monitored 24/7/365 by people
  61. behind monitors all day long, searching for private data and invading your personal life. Well, this conspiracy is
  62. something experienced by those who have something to hide from the authorities, whether it is illegal or possibly
  63. embarrassing.
  64. Either way, there is one thing you must know — you will never be able to fully protect yourself while
  65. browsing on the internet. However, there are several tools and techniques you may embed in order to get as close as
  66. possible to being anonymous online. True anonymity lies in several layers of data transfer, which is difficult for
  67. an individual to achieve without knowledge of 3rd-party software that allows such possibilities.
  68. Remember, there's no magical tool that let's you be 100% anonymous online.
  69. You will NEVER be 100% anonymous in a system that is designed to be traceable.
  70. Let's get straight to the point. The following techniques will help to achieve a high anonymity level:
  71.  
  72. • TOR — found at https://www.torproject.org/ it allows you to connect through several nodes before reaching a server,
  73.        and that way all data transfer stays private. For maximum browsing anonymity,
  74.         use the TOR browser in combination with a good, paid VPN as well.
  75.  
  76. • VPN — stands for Virtual Private Network and is a server that you connect through before you reach anything online.
  77.        From a security point of view, it is the safest and most anonymous tool to use, as long as you trust the VPN
  78.        provider.
  79.  
  80. • Proxy — This is another possible way to achieve good anonymity, but is often slow and unreliable for torrenting or
  81.          downloading large files. Proxy websites can be found anywhere online, but preferably use proxy servers that
  82.          need configuration of the browser settings, since that will likely cause fewer javascript and HTML issues.
  83.  
  84. • More Useful Tools/Guides
  85.  
  86.                 1) Anonymous file sharing: https://onionshare.org
  87.                2) File uploading: http://tinyupload.com/  and  https://anonfiles.com/
  88.                 3) http://www.deepdotweb.com/jolly-rogers-security-guide-for-beginners/
  89.  
  90.  
  91.  
  92. ----------------
  93. DoS & DDoS Tools (don't use them unless instructed)
  94. ----------------
  95. HOWEVER: if anybody tells you to use tools such as LOIC, XOIX, HOIC or any other similar tools, do not listen to them
  96.         since they obviously are not aware of the incredibly high risks of getting caught when using them. Tools that
  97.         end in OIC are easily traced to your IP address and expect to get in trouble if you use them. Besides, using
  98.         them on your own will cause no damage to public IPs due to the severe limitations. So, end point, forget it!
  99. ======================================================================================================================
  100. TOR's Hammer (works on systems that have Python installed.)
  101. • Note: this tool allows the use of the TOR browser to prevent getting caught. I recommend and, in some ways, insist
  102.  that you do so, because nobody other than you is liable for the damage you will cause from using this tool.
  103. How to Set Up:
  104. 0) Download it first, duh! http://sourceforge.net/projects/torshammer
  105. 1) Download python. Note: Mac users have it preinstalled
  106. 2) Place the torshammer folder (unpackaged) on your Desktop
  107. 3) In the torshammer folder there will be a file called 'torshammer.py' that you will need to open with a text editor
  108. 4) Inside the file, use the Find & Replace function to replace the three occurrences of '9050' with '9150' and save
  109. 5) Open CMD or Terminal and type (without quotes) "cd Desktop" and then "cd torshammer"
  110. 6) Now open the TOR browser and wait for your new identity. To ensure it works, visit at least 2 >DIFFERENT< websites
  111. 7) In your CMD / Terminal type (without quotes) "./torshammer.py -t example.com -r 300 -T"
  112.   To understand the syntax of the command, 'cd' to the torshammer folder and type (without quotes) "./torshammer.py"
  113.  
  114. Slowloris
  115. One of my favorite tools that I used when I started DoSing.
  116. IPV4 version: http://ha.ckers.org/slowloris/slowloris.pl
  117. IPV6 version: http://ha.ckers.org/slowloris/slowloris6.pl
  118. To download, simply copy the text to a file and save it as slowloris.pl and/or slowloris6.pl respectively.
  119. You will need perl in order to run Slowloris, tutorials of which can be found online.
  120.  
  121. Ufonet
  122. >>> https://github.com/epsylon/ufonet
  123. I will not explain here how to set this up, since you have Google at your disposal.
  124.  
  125. MDK3
  126. This is preinstalled on Kali Linux and it basically allows to deauthenticate any Wi-Fi routers in range by overloading
  127. them with empty packets until they can no longer operate, thus taking them down locally on your own (DoS).
  128. ======================================================================================================================
  129.  
  130.  
  131.  
  132. -----------------------
  133. Password Cracking Tools
  134. -----------------------
  135. Ophcrack
  136. Read info      >>> http://blog.codinghorror.com/rainbow-hash-cracking
  137. Download       >>> http://ophcrack.sourceforge.net
  138.  
  139. L0phtCrack
  140. It is an alternative to Ophcrack and is used to crack Windows passwords from hashes.
  141. http://www.l0phtcrack.com/download.html
  142.  
  143. John the Ripper
  144. >>> http://www.openwall.com/john
  145.  
  146. Reaver
  147. This is specifically a WPA(&2) Wi-Fi cracking tool, supporting routers with WPS (Wireless Protected Setup) enabled
  148. It is preinstalled on Kali Linux, and hopefully on the other hacking Linux distributions too. It does NOT work
  149. on Windows, in fact Windows is the least reliable OS for hacking, so I regard it as a skiddie OS.
  150.  
  151. Aircrack-ng
  152. Cracks WPE & WPA; it analyzes wireless encrypted packets and then tries to crack passwords via its cracking algorithm.
  153. http://www.aircrack-ng.org/install.html
  154.  
  155. Hydra
  156. This uses brute force and dictionary attacks to crack any password that is on a specific wordlist. It is well built
  157. and is very configurable, giving you a wide range of options to pick from, and limits to set. Here's a great tutorial:
  158. http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-online-passwords-with-tamper-data-thc-hydra-0155374
  159.  
  160. Hashcat
  161. Uses your GPU to crack hashes, very strong.
  162. http://hashcat.net/hashcat/
  163.  
  164. --------------------------------
  165. Man In The Middle (MITM) Attacks
  166. --------------------------------
  167. Note: enable routing first, by typing in terminal (without quotes) "echo 1 > /proc/sys/net/ipv4/ip_forward"
  168. ================================
  169. Wireshark
  170. Extremely configurable and versatile, and has close to no limitations as to functionality.
  171. Kali Linux has it preinstalled. For Windows and Mac, download it here: https://www.wireshark.org/download.html
  172.  
  173. Ettercap
  174. As usual, it is preinstalled on Kali Linux. It performs marvellously, and supports 'driftnet' (for image capturing).
  175. >>> http://ettercap.github.io/ettercap/downloads.html
  176.  
  177.  
  178.  
  179. ----------------
  180. Website Scanning
  181. ----------------
  182. nmap
  183. This is great for port scanning, checking whether a host is up, ping scan, TCP and UDP, etc.
  184. >>> http://nmap.org/download.html
  185.  
  186. Nikto
  187. It performs comprehensive tests against web servers for items including potentially dangerous files, performs checks
  188. for outdated server versions, and version specific problems.
  189. >>> https://github.com/sullo/nikto
  190.  
  191. Dmitry
  192. About it  >>>  http://linux.die.net/man/1/dmitry
  193. Download  >>>  http://packetstormsecurity.com/files/download/35796/DMitry-1.2a.tar.gz
  194.  
  195. Vega
  196. A powerful vulnerability scanner.
  197. >>> https://subgraph.com/vega/download
  198.  
  199. CL2 (filename)
  200. This is a simple web crawler written in Python that indexes all hyperlinks of a particular webpage and/or website.
  201. >>> https://ghostbin.com/paste/vg3af
  202.  
  203. FTP-Spider
  204. Written in perl, it cleverly scans FTP servers and logs their directory structure, detects anonymous access & writable
  205. directories, and looks for user specified data.
  206. http://packetstormsecurity.com/files/35120/ftp-spider.pl.html
  207.  
  208. Arachni
  209. This is a framework developed to assess web app security and evaluate them in real time.
  210. Read about it & download it here >>> http://www.arachni-scanner.com/
  211.  
  212.  
  213.  
  214. --------------
  215. Useful To Note
  216. --------------
  217. Detailed information about IP addresses — http://www.ip-tracker.org
  218. A course I highly recommend you follow — http://offensive-security.com/metasploit-unleashed/Main_Page
  219. Find out what websites are built with — http://builtwith.com
  220.  
  221.  
  222. ======================================================================================================================
  223. ======================================================================================================================
  224.  
  225.  
  226.  
  227. ----------
  228. ALL IN ALL
  229. ----------
  230. Conclusion: You are prepared for anything if you are able to apprehend the work that lies ahead, but let me tell you,
  231.            no one is going to endlessly spoon-feed you the information and knowledge, because all you will learn is
  232.            how to copy from someone else. I think the old saying "practice makes perfect" fits this pretty damn well
  233.            from my point of view, and I'm not saying that you can't ask anything, but if you want to learn fast, do
  234.            it the hard way and look it up yourself, that's all!
  235.  
  236.  
  237. For the record
  238. All tools used above are compatible with Linux distributions (apart from L0phtCrack) and are best used with the three
  239. OSes that I listed at the very beginning. In my personal opinion, and I'm sure many people would agree with me here,
  240. Windows is not suited best for the tools listed above. However, it would be useful for you to get hold of a Virtual
  241. Machine program in that case, such as VirtualBox (( https://www.virtualbox.org/wiki/Downloads )), and a disk image
  242. of a Linux distribution.
  243.  
  244.  
  245. If you read the whole lot, that should get you started, and remember to have fun! Good luck :D
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top