Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    From $11.99/month after trial. Cancel anytime.

    How to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK
    How to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK
    How to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK
    Ebook214 pages1 hour

    How to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK

    By Sparc FLOW

    4/5

    ()

    Read preview

    About this ebook

    This is not a book about information security. Certainly not about IT. This is a book about hacking: specifically, how to infiltrate a company’s network, locate their most critical data, and make off with it without triggering whatever shiny new security tool the company wasted their budget on.
    Whether you are a wannabe ethical hacker or an experienced pentester frustrated by outdated books and false media reports, this book is definitely for you.
    We will set up a fake – but realistic enough – target and go in detail over the main steps to pwn the company: building phishing malware, finding vulnerabilities, rooting Windows domains, pwning a mainframe, etc.

    LanguageEnglish
    Publishersparc flow
    Release dateJan 26, 2017
    ISBN1520478518
    How to Hack Like a Pornstar: A Step by Step Process for Breaking into a BANK

    Related to How to Hack Like a Pornstar

    Titles in the series (3)

    View More
    View More

    Related ebooks

    Security For You

    View More
    View More

    Related podcast episodes

    Related categories

    Reviews for How to Hack Like a Pornstar

    4/5

    4 ratings2 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

    • 5/5

      When it comes to hacking and private investigation, contact (hack4net8@gmail .com) he is a professional cyber hacker. He granted me access to monitor my cheating wife phone, WhatsApp, Facebook, Snapchat etc. reach out to him for help
    • 5/5
      Honestly nothing else better! I wouldnt waste my time with all the other books that teach you textbook garbage that we all learnt in school nothing exciting THIS GUY IS A BOSS!!!!

    Book preview

    How to Hack Like a Pornstar - Sparc FLOW

    How to Hack Like a Pornstar

    A step-by-step process for breaking into a bank

    Copyright © 2021 Sparc FLOW

    All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.

    Foreword

    This is not a book about information security. And it’s certainly not about IT. This is a book about hacking—specifically, how to infiltrate a company’s network, locate their most critical data, and make off with it without triggering whatever shiny new security tool the company wasted their budget on.

    Whether you are a wannabe ethical hacker or just an enthusiast frustrated by outdated books and false media reports, this book is definitely for you.

    We will set up a fake—but realistic enough—target and go in detail over the main steps to 0wn the company: building phishing malware, finding vulnerabilities, rooting Windows domains, pwning mainframes, and so forth.

    I have documented almost every tool and custom script used in this book. I strongly encourage you to test them and master their capabilities as well as their limitations in an environment you control and own. Given the nature of this book, it is ludicrous to expect it to cover each and every hacking technique imaginable, though I will try my best to give as many examples as I can while staying true to the stated purpose of the book.

    I wrote this book as a hacking introduction, intended for an audience a tad familiar with computer science. We will not, and cannot, tackle the latest Windows security features without first covering some basic concepts that every hacker should know, such as pass-the-hash, dumping LSASS memory, and so on. Keep in mind that the attacks presented in this book are tightly tied to their context. You cannot replay a payload crafted for a Windows 2012 server on a 2019 version and expect to get away with it. But if you break down that same payload, understand what it does and how, you can make it work just as fine on newer versions. That’s what we will try to learn together.

    I will do a flyover of some concepts like IPSEC, TOR, and NTLM by briefly explaining how they work and what they mean in the context of the hacking scenario. If you feel like you want to go deeper, I strongly advise you to follow the links I offer near each item and explore the dark, fun concepts behind each technique and tool.

    Note: Custom scripts and special commands documented in this book are publicly available at www.sparcflow.com.

    Important disclaimer

    The examples in this book are entirely fictional. The tools and techniques presented are open source and thus available to everyone. Pentesters use them regularly in assignments, but so do attackers.

    If you recently suffered a breach and found a technique or tool illustrated in this book, this in no way incriminates the author of this book, nor does it imply any connection between the author and the perpetrators.

    Any actions and/or activities related to the material contained within this book are solely your responsibility. Misuse of the information in this book can result in criminal charges being brought against the persons in question.

    The author will not be held responsible in the event that any criminal charges are brought against any individuals who have misused the information in this book to break the law.

    This book does not promote hacking, software cracking, and/or piracy. All the information provided in this book is for educational purposes only. It will help companies secure their networks against the attacks presented, and it will help investigators assess the evidence collected during an incident.

    Performing any hack attempts or tests without written permission from the owner of the computer system is illegal.

    Content table

    How to Hack Like a Pornstar

    Foreword
    Safety first

    Blank slate

    Smuggle data like a champion

    Third layer—The last stand

    System anonymity

    Getting in

    Gotta phish them all

    Emails emails emails

    Email content

    Basic evil attachment

    Empire strikes back

    Ol’fashioned

    Public exposure

    Mapping public IP addresses

    Web applications

    Miscellaneous services

    North of the (fire)wall

    Know thy enemy

    The first touch down

    Stairway to heaven

    Fooling around

    Rise and fall

    It’s raining passwords

    Inside the nest

    Active Directory

    Where are we going?

    Password reuse

    Missing link

    More passwords

    Hunting for data

    Exfiltration technique

    Strategic files

    Targeted emails

    Wide net emails

    Customer records

    Hacking the unthinkable

    Pole position

    Riding the beast

    Hunting for files

    Hold on, isn’t that cheating?

    Rewind - First contact

    Then there were CICS

    Programs, transactions, and some pwnage

    Closing note

    Safety first

    Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say

    Edward Snowden

    If there is a section that most hacking books and blog posts currently disregard, it is the stay safe section on hacking. In other words, they fail to detail the schemes and techniques a typical hacker can use to guarantee a certain level of anonymity and safety. You may be the best hacker in the world, but if you cannot control your footprint on the internet and correctly erase your trail, you will simply crash and burn.

    So, before trying out any nifty hacking techniques, we will cover in detail how to stack up layers of security to ensure maximum protection. If you want to start hacking right away, feel free to jump to Chapter 2, but make sure you find the time to read this section at a later date.

    Blank slate

    The single most effective rule for hacking safety can be summed up in seven words: Start from scratch each and every time. By from scratch, I mean get a new computer, new hotspot, new IP address and new servers for each hack.

    Investigators will look for common patterns between attacks. They will try to piece small evidence together to obtain a bigger and clearer picture: "Did we see this IP in another attack? Which browser was it using at that time¹? Which Gmail/Yahoo/Microsoft/Facebook account did it access?"

    Do not think for a second that law enforcement agencies are working alone when conducting an investigation. They have access to a pool of information, ranging from your local internet service provider’s record to social network sites databases. To get a sense of the massive surveillance projects conducted by governments (the USA, France, Canada, UK, etc.), check out the story of Edward Snowden², a former NSA contractor and whistleblower who brought to light some of the most shocking surveillance programs conducted by the United States government. Prepare to be amazed.

    Starting afresh each time helps keep a shroud of mystery around the artifacts gathered by an investigator, and doing so will also prevent them from combining elements to trace them back to your real identity.

    The first corollary of the blank slate principle is to never use your home/university/work IP address. Never. Not even with two layers of anonymity on top of it. Always assume that, at some point, a small glitch in the system could somehow leak your real IP address to an investigator. This could be a tiny detail you omitted, a stray DNS call made by a tool you haven’t fully mastered, or the NSA’s superpower intelligence systems.

    A small connection to the real world is all it takes to motivate a law enforcement agent to dig deeper, issue warrants, and pressure you to confess. We do not want that.

    Which IP should you use, then? I would strongly recommend public Wi-Fi hotspots, like fast-food places (Starbucks, Olympus, McDonalds, etc.) or large public gathering places, like malls and train stations, as long as there are enough people to hide you from possible cameras. People tend to form special bonds with their neighborhoods; it’s comfy and it feels familiar, so they just go to the local café to perform their hacking business. No. There should be no ties or pattern that could link back to your real identity. Hop on a train and try a hotspot from a different city altogether. Even better, get a car and drive around looking for open hotspots.

    When accessing a Wi-Fi hotspot, you might be asked for your personal information, but, of course, you can just enter any information you want. If they ask for mobile verification, choose another spot or use a prepaid SIM card—paid for in cash—if you have access to one.

    If they ask for email confirmation, use a throwaway email provider, such as Maildrop.com. It is a website that gives you access to a mailbox in literally two seconds, which is quite useful for validation links and spam messages.

    Smuggle data like a champion

    The second layer of hacking safety is by far the most important one. It usually consists of a tunneled network that encrypts anything that travels in it and, ideally, maintains zero journals about who accessed which IP address.

    TOR, available at https://www.torproject.org, is a free, open-source project that does just that. It is a network of servers that exchange encrypted information. For example, a request will leave your computer from France, enter the TOR network, get encrypted a few times, and leave from a server in China before reaching its final destination (Facebook, Twitter, etc.).

    The service visited, say, Twitter, but cannot see the original IP address; they only see the IP address of the exit node. Since multiple people are using this exit node, it can quickly become very confusing for anyone investigating later on.

    The first node knows your real IP address, and thus your real location, but it does not know which exit node your request will end up using.

    Given the large number of nodes available to bounce user requests, the chances of going through both a malicious entry and exit node seem pretty low. While that is true, there are still ways to break a user’s anonymity that have proven quite effective.

    Imagine a malicious website that injects code into your TOR web browser. The code

    Enjoying the preview?
    Page 1 of 1