How to Hack Like a Pornstar E-Book

How to Hack Like

a Pornstar

Master the secrets of hacking through real-life hacking scenarios

Copyright © 2017 Sparc FLOW

All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.

ISBN 978-1-5204-7851-7

Foreword

This is not a book about information security. Certainly not about IT. This is a book about hacking: specifically, how to infiltrate a company’s network, locate their most critical data, and make off with it without triggering whatever shiny new security tool the company wasted their budget on.

Whether you are a wannabe ethical hacker or just an enthusiast frustrated by outdated books and false media reports, this book is definitely for you.

We will set up a fake – but realistic enough – target and go in detail over the main steps to 0wn the company: building phishing malware, finding vulnerabilities, rooting Windows domains, p0wning mainframes, etc.

I have documented almost every tool and custom script used in this book. I strongly encourage you to test them and master their capabilities (and limitations) in an environment you control and own. Given the nature of this book, it is ludicrous to expect it to cover each and every hacking technique imaginable, though I will try my best to give as many examples as I can while staying true to the stated purpose of the book.

I will do a flyover of some concepts like IPSEC, TOR, and NTLM by briefly explaining how they work and what they mean in the context of the hacking scenario. If you feel like you want to go deeper, I strongly advise you to follow the links I offer near each item and explore the dark, fun concepts behind each technique and tool.

Note: Custom scripts and special commands documented in this book are publicly available at www.hacklikeapornstar.com.

By the same author:

How to Hack Like a GOD

How to Investigate Like a Rockstar

Ultimate Hacking Challenge

Important disclaimer

The examples in this book are entirely fictional. The tools and techniques presented are open-source, and thus available to everyone. Pentesters use them regularly in assignments, but so do attackers. If you recently suffered a breach and found a technique or tool illustrated in this book, this does in no way incriminate the author of this book nor imply any connection between the author and the perpetrators.

Any actions and/or activities related to the material contained within this book is solely your responsibility. Misuse of the information in this book can result in criminal charges being brought against the persons in question. The author will not be held responsible in the event any criminal charges are brought against any individuals misusing the information in this book to break the law.

This book does not promote hacking, software cracking, and/or piracy. All the information provided in this book is for educational purposes only. It will help companies secure their networks against the attacks presented, and it will help investigators assess the evidence collected during an incident.

Performing any hack attempts or tests without written permission from the owner of the computer system is illegal.

Safety first

“I am a blank slate – therefore I can create anything I want.”

Tobey Maguire

If there is a section that most hacking books and blogposts currently disregard, it is the ‘stay safe’ section on hacking. In other words, they fail to detail the schemes and techniques a typical hacker can use to guarantee a certain level of anonymity and safety. You may be the best hacker in the world, but if you cannot control your footprint on the internet and correctly erase your trail, you will simply crash and burn.

So before trying out new techniques, we will cover in detail how to stack up layers of security to ensure maximum protection. If you want to start hacking right away, feel free to jump to Section 3, but make sure you find the time to read this section at a later time.

The single most effective rule for hacking safety can be summed up in seven words: ‘Start from scratch each and every time’. By “from scratch”, I mean get a new computer, new hotspot, new IP address, and new servers for each hack. Investigators will look for common patterns between attacks. They will try to piece small evidence together to obtain a bigger and clearer picture: ‘Did we see this IP in another attack? Which browser was it using at that time1? Which Gmail/Yahoo/Microsoft/Facebook account did it access?’.

Do not think for a second that law enforcement agencies are working alone when conducting an investigation. They have access to a pool of information, ranging from your local Internet Service Provider’s record to social network sites’. To get a sense of the massive surveillance projects conducted by governments (the USA, France, Canada, UK, etc.) check out Edward Snowden’s story2 and prepare to be amazed.

Starting afresh each time helps keeping a shroud of mystery around the artifacts gathered by an investigator, and will prevent them from combining elements to trace them back to your real identity.

The first corollary of the blank slate principle is to never use your home/university/work IP address. Never. Not even with two layers of anonymity on top of it. Always assume that at some point, a small glitch in the system could somehow leak your real IP to an investigator: a tiny detail you omitted, the limits of some technology, or NSA’s superpower intelligence systems. A small connection to the real world is all it takes to motivate a law enforcement agent to dig deeper, issue warrants, and pressure you to confess. We do not want that.

First layer – Blend in

Which IP should you use, then? I would strongly recommend public Wi-Fi hotspots like fast-food places (Starbucks, Olympus, McDonalds, etc.) or large public gathering places like malls, train stations, etc., as long as there are enough people to hide you from possible cameras.

When accessing the Wi-Fi hotspot, they might ask you for personal information, but of course you can just enter any information you want. If they ask for mobile verification, choose another spot or use a prepaid SIM card – paid for in cash – if you have access to one.

If they ask for email confirmation, use a ‘Yopmail.com’ account. It is a website that gives access to a mailbox in literally two seconds, which is quite useful for validation links and spam messages.

Second layer – Smuggle data like a ‘champion’

The second layer of hacking safety is by far the most important one. It usually consists of a tunneled network that encrypts anything that travels in it and ideally maintains zero journals about who accessed which IP address.

TOR3 is a free, open-source project that does just that. It is a network of servers that exchange encrypted information. For example, a request will leave your computer from France, enter the TOR network, get encrypted a few times, and leave from a server in China before reaching its final destination (Facebook, Twitter, etc.).

The service visited (Facebook) cannot see the original IP address; they only see the IP address of the exit node. Since multiple people are using this exit node, it can quickly become very confusing for anyone investigating later on.

The first node knows your real IP address (and thus your real location) but does not know which exit node your request will end up using.

Given a big number of nodes available to bounce users’ requests, the chances of going through both a malicious entry and exit node seem pretty low. While that is true, there are still ways to break a user’s anonymity that have proven quite effective.

Imagine a malicious website that injects code into your TOR web browser. The code installs malware that issues normal requests (that do not go through TOR) to a website controlled by the government. This effectively removes every layer of protection TOR was providing. Such scenarios are totally within the realm of intelligence agencies or serious corporations.

Moreover, it has long been rumored that some federal agencies control a good deal of nodes on the TOR network, and can therefore correlate different information and statistics in order to uniquely identify TOR users; beware of the limits of this service.

If TOR is not the best option for you, another way to go is a VPN provider – preferably a paid4 one so that you can ensure a certain level of quality.

A Virtual Private Network (VPN) is an encrypted network between two or more machines. A VPN provider builds a tunnel between your workstation and one of their servers. Any request you issue from your browser will go through that server, hiding your real IP address in the process.

Every request out of the computer is encrypted. Your local ISP will not know which traffic you are sending or which IP address you are contacting, which is quite useful for evading censoring programs put in place by government agencies.

In this setup, of course, the VPN provider is the weakest link. It knows your original IP address and thus your location (even your name, if you paid with your credit card). Some VPN services, however, ensure that their servers are hosted in countries neutral to most law enforcement agencies and keep zero logs of what happens on their servers. Check out https://www.privacytools.io/ for some examples.

Third layer – The last stand

To recap, we are connected to a public hotspot and issue all of our requests through TOR or a VPN server.

You may think that is perfect, but there is one major issue with this setup: the bandwidth is too slow to perform any real attack. Plus, the IP-masking techniques will make it difficult to use some tools and techniques later on (port scans and reverse shells, to list but a few).

This is where our final piece comes into play: a Virtual Private Server (VPS) directly connected to the internet. We will control this server through our low bandwidth link and instruct it to issue heavy requests to targets using the large bandwidth at its disposal:

This VPS, named “Front Gun server” here, will of course be paid for in Bitcoin.5 (or any another anonymous cryptocurrency). Indeed, there is no evidence more compelling (and easier to track) than credit card data. You can find a list of providers accepting Bitcoin at the following URL6.

This server can host any operating system you feel most comfortable with. For example, you can install Linux KALI7. It comes prepackaged with handy tools, saving you some trouble. Personally, I prefer to have both a Windows and a Linux machine for maximum flexibility. A way to achieve this is to have a Windows Box with a virtual machine hosting Linux KALI for instance.

Suppose an investigator is tracking the attack. They will identify the IP of the Front Gun server and eventually seize it – if possible – or hack it to inspect incoming IP connections. These IP addresses will end up being VPN exit nodes used by hundreds or thousands of other users. The VPN provider is in a neutral country that does not keep logs or have access to credit card information. Even if by some miracle, they choose to cooperate with law enforcement and spy on their users, they will hand over a public hotspot IP address likely located in another country and used by thousands of users every day. This is all a long series of regressions, making the investigation less and less rewarding until eventually the cost outweighs the damage and (hopefully) the case is dropped.

Since the Front Gun server is the one launching all attacks, that is where you should download and install all of your favorite tools. There is no need to keep anything on your local computer, thus dramatically lowering the chances of being affiliated with any malicious behavior.

In fact, your local computer might only consist of a temporary operating system booted via a live USB key8. This way, any data even remotely tying you to the attack will be erased after every reboot.

As for which Linux distribution to choose, if you are using TOR network, prefer WHONIX9 or TAILS10, which encapsulates all traffic inside the TOR network. Otherwise, Linux KALI might be the easiest option, though any Linux distribution will do, provided you can install the VPN client on it.

Getting in

“There is a crack in everything, that’s how the light gets in.”

Leonard Cohen

You found the perfect spot to anonymously obtain free internet, you have set up a TOR/VPN network, and you have a virtual private server to act as a Front Gun. You feel pumped; you are ready!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!