Home Blog Page 9

How to learn Ethical hacking Freely


Ethical hacking Overview , This post is belongs to the module of How to learn Ethical hacking Freely
Here you learn what is the role of an ethical hacker and what you can and what you cannot do as an ethical hacker.One more thing i want to mention that It Takes Time to Become a Hacker. So have pateince and google is the best way you can learn.
Hacking is a hobby, a lifestyle, and an attitude , A drive to figure out how things work.Before Starting you must know about what is hacking and the type Of hackers.

Types of hacker


Types of hacker !!
Several subgroups of the computer underground with different attitudes and aims use different terms to demarcate themselves from each other, or try to exclude some specific group with which they do not agree, they give more emphasis to a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie.
A Cracker or Cracking is to “gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system”. These subgroups may also be defined by the legal status of their activities.

Hacking – Tips for Learner


Many people on net impressed by the word “hacking” might do a little search on google about learning hacking. No doubt, they are at the right place. I would have rather use words – they are on the right track but will they open up the right door and gain something or they will just end up becoming a victim them self.

Ethical Hacking – how to start learn hacking ?


As many of newbies asking this quetion so for all these people who are new at this whole Scenerio and do not really understand what hacking is all about and where to begin, I offer up these links to some great places to start learning.

http://www.lessig.org/freeculture/free.html  <– A speech given talking all about the problems facing culture when dealing with copyright and other digital laws.
http://www.grc.com/SecurityNow.htm <– This is fantastic for people who are new to the field.  If you have the time or motivation, go back and listen to them from day 1, they assume you know very little if anything and hit on all of the major topics in the security field.  Fantastic show.
IPTV Shows:
http://www.binrev.com/ <– Produce a good IPTV show and also have forums that are usually helpful.
http://www.hak5.org  <— Duh….
Tutorial sites:
http://www.remote-exploit.org  <– Pretty good resources, some very nice video tutorials on various exploits.  Defiantly check out the tutorial section.
http://www.irongeek.com/ <– Excellent tutorials/information/articles.
http://www.antionline.com/ <– Tutorials, tools and forums full of helpful people.
Programming Related:
Teach Yourself C in 21 Days: http://neonatus.net/C/index.html
Teach Yourself C++ in 21 Days: http://cma.zdnet.com/book/c++/
The Art of Assembly Language Programming: http://maven.smith.edu/~thiebaut/ArtOfAssembly/artofasm.html
Microsoft Developers Network: http://msdn.microsoft.com
—-Web Programming:
HTML: http://www.w3schools.com
PHP: http://www.php.net
ASP.NET: http://www.asp.net/Default.aspx?tabindex=0&tabid=1
SQL: http://www.mysql.com
Perl: http://www.perl.com/
Python: http://www.python.org
Security Related:
SecurityFocus: http://www.securityfocus.com/
Milw0rm: http://www.milw0rm.com
SecurityForest: http://securityforest.com/wiki/index.php/Main_Page
If you are interested in websec (web security) you should pretty much understand the different protocols on the web, i.e TCP/IP, FTP, HTTP, SSH, etc.
Knowledge of HTML, PHP, ASP, SQL, Perl, and Python is good.
HTML: http://www.w3schools.com
PHP: http://www.php.net
ASP.NET: http://www.asp.net/Default.aspx?tabindex=0&tabid=1
SQL: http://www.mysql.com
Perl: http://www.perl.com/
Python: http://www.python.org

Video Resources:
Watching/reading papers or videos from past conventions such as Shmoocon, DefCon, or BlackHat, is a good idea.
And last but not he least is Crazylearner.
May be some of the best site is still left. so share your best site in comment section.Please contribute to this post.
keep visitnig
Disclaimer : This information is just for educational purpose. If someone use in malicious activity then only he is responsible for it.

List of Top 5 Ethical Hacking Course


List of Top 5 Ethical Hacking Course
One of my reader ask me about Ethical courses so i try to put little info about top 5 ethical hacking course.And its also a first module on How To Learn Ethical Hacking

List of top 5 ethical hacking course
List of top 5 ethical hacking course

CEH (Certified Ethical Hacker)
The Certified Ethcial Hacker is a professional certification provided by EC-Concil. EC-council is world’s largest computer security certification provider organisation.A  Certified Ethical Hacker has obtained a certification in how to look for the vulnerabilities in the target systems and uses the same knowledge and tools.
A Starting Salary of a Certified Ethical Hacker according to Payscale is around $75000 USD
CHFI (Computer Hacking Forensic Investigator)
The Certified Hacking Forensic Investigator is a professional certification provided again by EC-COUNCIL. This certification is designed to look at network security in its investigation phase, detecting attacks and properly extracting evidence to report the crime adn conduct to prevent future attacks.
A Starting Salary of a Certified CHFI according to Payscale is around $85000 USD
ECSA ( EC-Council Certified Security Analyst)
ECSA is a professional certification provided by EC-Council. The ECSA Certification is a complementary certification to EC-COuncil’s CEH certification by exploring the analytical phase of ethical hacking.
A Starting Salary of a ECSA  according to Payscale is around $75000 USD
CISA (Certified Information System Auditor)
CISA is a professional certification for information technology audit professionals sponsored by the Information System and Control Association. Candidates for the certification must meet requirements set by ISACA.
A Starting Salary of a CISA according to Payscale is around $84000 USD
CISSP (Certified Information Systems Security Professional)
CISSP is an independent information security certification governed by not-for-profit. CISSP was the first information security credential accredited by ANSI ISO/IEC Standard 17024:2004 accreditation. It is formally approved by U.S. Department of Defense in both their Information Assurance Technical and Managerial Categories.
A Starting Salary of a CISSP according to Payscale is around $1,29,829 USD

How to bye pass Firewall 2


Welcome back in section of How to bye pass firewall. Earlier we discuss about Identification of Firewall in post How to bye pass Firewall. In this post we discuss about tools to bye pass the firewall and study about Its technique.

How to bye pass Firewall 2
How to bye pass Firewall

Breaching Firewalls

One of the easiest and most common ways for an attacker to slip by a firewall is by installing network software on an internal system, which communicates by using a port address permitted by the firewall’s configuration

  • A popular port is TCP port 80, which is normally used by web server
  • Many firewalls permit traffic using port 80 by default

Byepassing a firewall using HTTP Tunnel

Httptunnel creates a bi-directional virtual data path tunneled in HTTP requests. The requests can be sent via an HTTP proxy, if desired.

Placing Backdoors through Firewall

The Reverse WWW Shell
This backdoor should work through any firewall that allows users to surf the WWW. A program is run on the internal host, which produces a child everyday at a special time.

  • For the firewall, this child acts like a user; using the browser client to surf the Internet. In reality, this child executes a local shell, and connects to the WWW server operated by the hacker via a legitimate-looking http request, and sends a stand-by signal
  • The legitimate-looking answer of the WWW server operated by the hacker is, in reality, the command the child will execute on its machine in the local shell.

Hiding behind a Covert channel : Loki

LOKI is an information tunneling program.
LOKI uses Internet Control Message Protocol (ICMP) echo response packets to carry its payload. ICMP echo response packets are normally received by the Ping program, and many firewalls permit the responses to pass
Simple shell commands are used to tunnel inside ICMP_ECHO/ICMP_ECHOREPLY and DNS name lookup query/reply traffic. To the network protocol analyzer, this traffic seems like ordinary packets of the corresponding protocol. However, to the correct listener ( the LOKI2 daemon), the packets are recognized for what they really are.

Tools to Bye Pass Firewall

007 Shell

007 Shell is a covert shell ICMP tunneling program. It works similar to LOKI. 007 Shell works by putting data streams in the ICMP message past the usual 4-bytes (8-bit type, 8-bit code, and 16-bit checksum)

ICMP Shell

ICMP Shell (ISH) is a telnet-like protocol. It provides the capability of connecting a remote host to an open shell, using only ICMP for input and output The ISH server runs as a daemon on the server side. When the
server receives a request from the client, it will strip the header and look at the ID field. If it matches the server’s ID, then it will pipe the data to “/bin/sh.” It will then read the results from the pipe and send them back to
the client, where the client then prints the data to stdout.

UltraSurf (Download)

tools-How to bye pass Firewall
A free circumvent software available online, perhaps powerful enough to bypass any industry level firewall at its default configuration.It enables users to browse any website freely just the same as using the regular browser while it automatically searches the highest speed proxy servers in the background.


AckCmd is a client/server combination for Windows 2000 that opens a remote command prompt to another system (running the server part of AckCmd). It communicates using only TCP ACK segments. This way the client component is able to directly contact the server component through the firewall.


tools used for byepass firewall
tools used for byepass firewall

Tor is a system intended to enable online anonymity, composed of client software and a network of servers which can hide information about users’ locations. Tor provides perfect anonymity it makes it more difficult to trace internet traffic to the user, including visits to Web sites, online posts, instant messages, and other communication forms.
Hope you enjoy above sessions. Keep visiting 🙂

How to bye pass Firewall

Indian Internet and Mobile Market Statistics

How to bye pass Firewall
To bye pass the Firewall you must know the firewall identification means full information about Firewall like type , version , and rules of almost every firewall on a Network.

These are three technique for Firewall Identification

  • Port scanning
  • Firewalking
  • Banner grabbing

Port Scanning (How to bye pass Firewall)

Some firewalls have obvious signatures
  • Check Point’s FireWall-1 listens on TCP ports 256, 257, 258, and 259
  • Check Point NG listens on TCP ports 18210, 18211, 18186, 18190, 18191, and 18192 as well
  • Microsoft’s Proxy Server usually listens on TCP ports 1080 and 1745

Here we are providing you , the ways by which you can conceal your Scanning

  • Randomize target ports
  • Randomize target addresses
  • Randomize source ports
  • Distributed source scans
  • Using multiple computers on the Internet, each taking a small portion of the scanning targets
These techniques will fool most IDS systems with default rules.
And here are the Countermeasure of above
  • Block unneeded ICMP packets at your border router
  • Use an Intrusion Detection System, such as Snort
  • IPPL is a Linux daemon that detects port scans (link Ch 901)
  • Cisco routers have ACL rules to block scans

Firewalking (How to bye pass Firewall)

Firewalking is a method to collect information from remote network that are behind firewalls. Firewalk Looks Through a  Firewall

 In above figure  , Suppose The target is Router3
We want to know which ports Router3 blocks, and which ports it allows through.
Phase 1: Hopcount Ramping
  1. First Firewalk sends out a series of packets towards the destination with TTL=1, 2, 3, …
  2. When the target (Router3) is reached, that determines the TTL for the next phase
  3. In this example, the Target is at TTL=3, so all future packets will use TTL=4

Phase 2: Firewalking

  1. TCP or UDP paclets are sent from the scanning host to the Destination
  2. They all have TTL=4

Firwalking Countermesure

  • You can block “ICMP TTL expired” packets at the gateway
  • But this may negatively affect its performance
  • Because legitimate clients connecting will never know what happened to their connection

Banner Grabbing

Banner are messages sent out by network services while connecting to the service.They announce which service is running on System
Banner grabbing is simple method of OS detection, its also help to find services runs by Firewall. there are three measure services send out through it is TELNET , FTP and Web Server.
Banner Grabbing Countermeasures

  • Eliminate the open port on your firewall
– A management port should not be open externally anyway
  • If you must leave the ports open on the external interface of your firewall
–Change the banner to display a legal warning reminding the offender that all attempts to connect will be logged

How to bye pass Firewall

Breaching  Firewall
Byepassing a firewall using HTTP Tunnel
Placing Backdoors through Firewall
Hiding behind a Covert channel : Loki
The above topic and tools to bye pass firewall cover in next post as How to bye pass Firewall 2



This post  will familiarize you with Firewall , bypass the firewall and tools to bye pass it.
A hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization
It restricts information that comes to your computer from other computers, giving you more control over the data on your computer and providing a line of defense against people or programs that try to connect to your computer without invitation.
In fact, that’s why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.

Firewall objective
Its main objectives are to filter:
what should come in the intranet (inbound traffic) and
what should come out of the intranet (outbound traffic).

Packet Filtering Firewall : They are usually part of a router and each packet is compared to a set of criteria before it is forwarded, dropped, or a message is sent to the originator.

Circuit level Gateway : they monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. On the other hand, they do not filter individual packets.

Application level gateways : also called proxies, are application specific. An application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. They offer a high level of security, but have a significant impact on network performance.

Stateful Multilayer Firewalls : combine aspects of the other three types of firewalls. They filter packets at the network layer and evaluate contents of  packets at the application layer. They allow direct connection between client and host, and they rely on algorithms to recognize and process application layer data instead of running application specific proxies.

Firewall defense your network using one of two access denial methodologies:

  • may allow all traffic through unless it meets certain criteria, or
  • may deny all traffic unless it meets certain criteria

And Criteria to be configured for  firewall


So these are four criteria on which your network should be defensed by Anti virus. The next post will be on How to bye pass Firewall

Must Read