9:10 AM
Nyi Nay Min
1. Learn TCP/IP, Basic Information gathering,Proxies, Socks, SSL, VPN, VPS, RDP, FTP, POP3,
SMTP, Telnet, SSH.
2. Learn Linux, Unix, Windows - You can do this using vmware or any virtual desktop utility.
3. Learn a programming language that's compatible with all OS - Perl, Python, C .
4. Learn HTML, PHP, Javascript, ASP, XML, SQL, XSS, SQLI, RFI,LFI
5. Learn Reverse engineering and crack some programs for serials easy ones like mirc,
winzip, winrar or old games.
6. Code a fuzzer for common protocols - ftp, pop3, 80, 8080 - Pick some free software like
ftp server, mail server, apache or iis webserver or a webserver all-in-one pack, or
teamspeak, ventrilo, mumble.
7. Code a tool that uses grep to sort out unique code in source codes.
8. Make a custom IPtable, IPsec firewall that blocks all incoming traffic and out going
traffic and add filters to accept certain ports that your software or scripts use.
9. Pick a kernel in linux or unix, also pick a Microsoft OS version lets say Winxp pro sp2
put them on the virtual desktops (vmware) and find and code a new local exploit in those
versions, then install a Apache webserver on the Linux/Unix and a IIS webserver on the winxp
pro and attempt to find and code a new local reverse_tcp_shell exploit.
10. Learn Cisco Router and Switch configuration and setup.
11. Learn Checkpoint Setup and Config
12. Learn Wifi scanning,cracking, sniffing.
13. Pick a person in you phonebook for the area code you live in or city then ring the
person on a anonymous line like skype or a payphone or a carded sim and attempt to social
engineer the person forhis name, address, data of birth, city born, country born, ISP
connected with, Phone company connected with, What bank he/she uses and anything else you
can get.Then Attempt to ring using a spoof caller ID software with the person's phone number
- call the ISP and try reset the password to his/her internet connection/ webmail, get
access to bank account or ask them to send out a new *** to a new address (drop) with a new
pin, reset of phone company passwords.
14. Use your information gathering skills to get all the information off a website like a
shop then use the spoofcallerID software or hack your phone to show a new number of the
Webserver's Tech Support number then ring the shop owner and try get the shop site password.
15. Do the same thing but attempt to use a web attack against a site or shop to gainadmin
access.
16. Once got access upload a shell and attempt to exploit the server to gain root using
aexploit you coded not someone else s exploit.
17. Make your own Linux Distro
18. Use your own Linux Distro or use a vanilla Linux gnome (not kde) keep it with not much
graphics so you can learn how to depend on the terminal and start from scratch install
applications that you will only need for a blackbox (Security test box), make folders for
fuzzers, exploits, scanners..etc Then load them up with your own scripts and other tools (
By this stage you shouldn't need to depend on other peoples scripts).
19. Learn macosx and attempt to gain access to a Macosx box whether it be your own or
someones else s.
20. Create a secure home network and secure your own systems with your own Security policies and firewall settings. All this isn't a over night learning it will take a nice 3 - 4 years to learn a bit of this 5+ years to learn most of it and even then you may need time to keep learn as IT keeps changing everyday.
This tutorial has been written By Ayubkhan And ahmed taker and is NOT for public distribution.All information in this tutorial is for educational purposes only. Any illegal activity relating to this tutorial is not my responsibility, although I would like to say I don't care how you use it, I do. So please do not use this for Black-hat activities. One day when you grow up you might realise that you have been a skid, by using mass-deface techniques and SQLi for your entire life. Do not just hack a site because it is there. I have a few sites of my own and its annoying, unproductive, and pointless.
Ayub Khan
{[['
']]}
']]}
Posted in: Hacking
0 comments:
Post a Comment