The First Step Towards Hacking - Book
The book is written in Burmese. It is not a translation.
The book was released on 22.8.2023.
A Telegram link is included in the book for all buyers to join.
Book value: 55,000 kyats
Paper books are sold out (as of February 2024) and cannot be purchased anymore.
Only the PDF version is available.
PDF Version: 30,000 Ks
If you want to order the eBook (PDF version), you can contact us through the links below:
Contents
Sr# Description Page No.
Chapter 1 : Frequently Asked Questions 1-7
Chapter 2 : Basic Concepts of Programming
2.1. Introduction 8
2.2. Introduction to Binary 9-12
2.3. Bitwise Operators 12-13
2.4. Hexadecimal 13-15
2.5. Introduction to Programming 15-16
2.6. C Programming Language 16-22
2.6.1. Data Types & Variables in C 22-24
2.6.2. Operators in C 25-26
2.6.3. If Statement & Switch in C 26-29
2.6.4. Looping in C 29-32
2.6.5. Break & Continue in C 32-33
2.6.6. Arrays in C 34-35
2.6.7. Strings in C 36
2.6.8. User Input in C 37-38
2.6.9. Memory Addresses & Pointers in C 38-39
2.6.10. Functions in C 39-41
2.6.11. strcpy/strncpy in C 41-42
2.7. Computer Memory 43
2.7.1. RAM (Random Access Memory) 43
2.7.2. Memory Segmentation 43-44
2.7.3. Programs in Memory 45-47
2.7.4. Processors 47
2.7.5. Registers 48-49
2.8. Assembly Language Basics 49
2.8.1. Machine Language Vs Assembly Vs C 50
2.8.2. Syntax of Assembly 50-56
2.9. Introduction to GDB 56-62
Chapter 3 : Welcome to Hacking World
3.1. Are you sure to walk into Hacking World 63
3.2. How to earn by Hacking 63
3.2.1. How to earn by Black Hacking 63-64
3.2.2. How to earn by White Hacking 65-66
3.3. Types of Hackers (Vocabularies) 66-71
3.4. Studying Some Definitions 71
3.4.1. Attacks Types, Attack Mediums & Attack Vectors 71-72
3.4.2. Vulnerabilities 72-73
3.4.3. Exploits Vs Payloads 73
3.4.4. Malwares 74
3.5. Steps of Hacking 74
3.5.1. Reconnaissance 74-75
3.5.2. Scanning 75
3.5.3. Gaining Access 76
3.5.4. Maintaining Access 76-77
3.5.5. Clearing Track 77-78
Chapter 4 : Metasploit Framework Basic
4.1. Introduction 79
4.2. Definitions 79-81
4.3. Start Using Metasploit 81-88
4.4. Scanning with Metasploit 88-91
4.5. Metasploit Database 91-93
4.6. Exploiting with Metasploit 93-98
Chapter 5 : Reconnaissance
5.1. Information Gathering 99
5.2. Passive Reconnaissance 100
5.2.1. Google Hacking 101-105
5.2.2. Netcraft 105-107
5.2.3. WHOIS 107-108
5.2.4. Shodan 108-110
5.2.5. Info Gathering through DNS 110-111
5.2.6. SubDomain Bruteforcing 112
5.2.7. Querying DNS Cache 113-114
5.2.8. Passive OS Detection 114-119
5.2.9. Finding Emails 119-123
Chapter 6 : Active Reconnaissance
6.1. Introduction 124-125
6.2. Nmap 125-129
6.2.1. Scanning with OS & Version Detection 130-132
6.3. hping3 133-136
6.4. WhatWeb 136-138
6.5. BuiltWith 138-139
Chapter 7 : Finding Vulnerabilities
7.1. Introduction 140-141
7.2. Vulnerability Scanning 141
7.3. About Vulnerability Scanners 141-144
7.4. Scanning with OpenVAS 144-147
7.5. Scanning with Nmap 147-150
7.6. Scanning with ZAP 150-153
Chapter 8 : Password Cracking
8.1. Introduction 154
8.2. History of Passwords 155
8.3. Concepts of Password Cracking 155-159
8.4. Cracking Linux Password 159-163
8.5. Cracking Windows Password 163
8.5.1. SAM 163-165
8.5.2. LM Authentication System 165
8.5.3. NTLM 165-166
8.5.4. Windows Target (Win 7,8,10,11) 166-173
8.5.5. Cracking Hashes 173-174
8.6. Cracking Zip and RAR Passwords 175-178
8.7. Cracking PDF Passwords 178
8.8. Cracking WiFi Passwords 178-182
8.9. Using Password Lists 183
8.9.1. Password Lists in Kali 183-185
8.8.2. Crunch 185-187
8.9.3. Cewl 187-188
8.9.4. CUPP 189-192
8.10. Bruteforcing 193-197
8.11. Online Password Cracking 197
8.11.1. Medusa 198-200
Chapter 9 : Exploiting Windows System
9.1. Introduction 201-203
9.2. Attacking Windows 7 Machine 203-207
9.3. About Eternalblue Vulnerability 207-208
9.4. Exploiting with Metasploit 208-209
9.5. Getting Shell Without Exploiting 210
9.5.1. LLMNR & NBNS 210-213
9.5.2. About NTLM Authentication 213-217
9.5.3. Responder 217-223
9.6. Exploiting with Metasploit Framework 223
9.6.1. Creating Payloads using msfvenom 223-225
9.6.2. Encoding Payloads using msfvenom 225-227
9.6.1. Embedding Payloads in Files 227-228
9.7. Exploiting with Hoaxshell 228-231
9.8. Exploiting with Havoc Framework 231-233
9.9. Exploiting with Villain 233-237
9.10. Exploiting with Veil 237-244
Chapter 10 : Testing With Metasploitable3 (Windows)
10.1. Introduction 245
10.1.1. Setting Up Metasploitable3 (Windows) 245-247
10.2. Attacking Metasploitable3 Machine 247-252
10.3. Eternalblue Exploit 252
10.4. Bruteforcing FTP Server 253-255
10.5. IIS Directory Traversal 255-258
10.6. IIS FTP DoS 258-260
10.7. Attacking SSH Service 260-263
10.8. Attacking Web Service 263-266
10.9. Exploiting UDP Port 137 266-269
10.10. Exploiting UDP Port 161 269-275
10.11. Exploiting SMB 275-281
10.12. Exploiting RMI 281-282
10.13. Exploiting MySQL 283-289
10.14. Exploiting RDP 289-292
10.15. Exploiting Oracle GlassFish 292-297
10.16. Exploiting Windows Remote Management Service 298-301
10.17. Exploiting Tomcat Server 302-309
10.18. Exploiting Port 8020 309-311
10.19. Exploiting Port 8585 311-319
10.20. Exploiting Wordpress 319-330
10.21. Exploiting Jenkins 330-340
Chapter 11 : Sniffing & Spoofing
11.1. Introduction 341-342
11.2. Definitions 342
11.2.1. What is Sniffing 342-343
11.2.2. What is Spoofing 342-345
11.3. About Carnivore 346
11.4. Promiscuous Mode 346
11.5. TCPDump 347-350
11.6. Wireshark 350-363
Chapter 12 : Post Exploitation (Windows)
12.1. Introduction 364-366
12.2. Post-Exploitation in MSF 366-370
12.3. Windows Password Phishing 370-373
12.4. System Enumeration After Attack 373-375
12.5. User Enumeration After Attack 376-377
12.6. Network Enumeration After Attack 378-380
12.7. Password Hunting After Attack 380-385
12.8. Antivirus Enumeration 386-389
12.9. Using Automated Tools 389-393
12.10. Kernel Exploits 393-396
12.10.1. Privilege Escalation with Metasploit 396-400
12.10.2. Privilege Escalation Via Shell 400-408
12.11. Making Persistence 408-409
12.11.1. Persistence Via Meterpreter 409-411
12.11.2. Persistence Via New User 411-412
12.11.3. Persistence Via RDP 412-414
12.11.4. Using Veil for Persistence 414-418
12.11.5. Using Shellter 418-423
Chapter 13 : Exploiting Linux Systems
13.1. Introduction 424
13.2. Exploiting FTP Server 425-431
13.3. Exploiting SSH Service 431-433
13.4. Exploiting Drupal Web Framework 434-437
13.4.1. Exploiting Payroll Application 437-439
13.4.2. Exploiting phpMyAdmin 439-441
13.5. Enumerating NetBIOS 442-444
13.6. Exploiting SMB Service 445-449
13.7. Exploiting Ruby on Rails 449-456
Chapter 14 : Post-Exploitation (Linux)
14.1. Introduction 457
14.2. System Enumeration After Attack 457-460
14.3. User Enumeration After Attack 460-463
14.4. Network Enumeration After Attack 463-466
14.5. Password Hunting 466-468
14.6. Enumerating Automated Tools 468-475
14.7. Escalation Path: Kernel Exploits 475-478
14.8. Escalation Path: Passwords & Permissions 479-482
14.9. Escalation Path: Sudo 482-489
14.10. Escalation Path: SUID 490-495
14.11. Escalation Path: Capabilities 496-497
14.12. Escalation Path: Scheduled Tasks 497-501
Chapter 15 : Web Hacking Background Knowledge
15.1. Introduction 502
15.2. Web Servers 502-504
15.3. Web Clients 504-505
15.4. HTTP Vs HTTPS 505-506
15.5. HTTP Methods or HTTP Verbs 506-508
15.6. Web Server Fingerprinting 509
15.6.1. With NetCat 509-511
15.7. Directories & Files Enumeration 511-512
15.7.1. With DirBuster 513-518
15.7.2. With Dirb 518-522
15.8. OWASP 522-523
15.8.1. OWASP Top 10 Vulnerabilities 523-524
Chapter 16 : Learning To OWASP Top 10
16.1. Introduction 525
16.2. Broken Access Control 525-532
16.3. Cryptographic Failure 532-535
16.4. Injection 536
16.5. Insecure Design 537-538
16.6. Security Misconfiguration 539
16.7. Vulnerable & Outdated Components 540-541
16.8. Identification & Authentication Failure 541-543
16.9. Software & Data Integrity 543
16.10. Security Logging & Monitoring Failure 544
16.11. Server Side Request Forgery 544
Chapter 17 : SQL Injection
17.1. Introduction To Database 545
17.2. Introduction To MySQL 545-546
17.3. MySQL Basics 546-555
17.4. Using AiO Labs V5 555-557
17.5. What Is SQL Injection 558
17.6. Understanding The Working Flow 559-561
17.7. Breaking Original Query 561-562
17.8. Fixing Errors 562-564
17.9. Finding Columns 564-566
17.10. Finding Vulnerable Columns 567-569
17.11. Finding Table Names 569-574
17.12. Finding Column Names 574-575
17.13. Dumping Credentials 575
17.14. Error Based SQL Injection (GET) 576-578
17.15. Error Based SQL Injection (POST) 578-582
17.16. Blind Injection (GET) 583-592
17.17. Blind Injection (POST) 593-595
17.18. Dumping Into OutFiles 595-598
17.19. Header Injection 598-603
17.20. Cookie Injection 603-605
17.21. Bypassing Filters 606-607
17.22. Bypassing Web App Firewalls 608-612
17.23. SQL Injection Test In DVWA 612-614
17.24. SQL Injection With SQL Map 615-617
Chapter 18 : Other Injection Attacks
18.1. Introduction 618
18.2. Command Injection 618-622
18.3. Cross Site Scripting (XSS) 623
18.3.1. Reflected XSS 623-625
18.3.1.A. Redirecting To Malicious Web Pages 625-626
18.3.1.B. Setting A Trap For Victim 626-632
18.3.1.C. Cookie Stealing 632-634
18.3.1.D. Bypassing Obstacles 634-637
18.3.2. Stored XSS 637-639
18.3.3. DOM XSS 640-647
18.4. XML/XPath Injection 647-652
18.5. XML External Entities (XXE) 653-658
18.6. Server-Side Template Injection 658-664
18.7. Object-Relational Mapping (ORM) Injection 664-665
Chapter 19 : Other Web Attacks
19.1. Introduction 666
19.2. Cross-Site Request Forgery (CSRF) 667-671
19.3. Server-Side Request Forgery (SSRF) 672-677
19.4. File Upload Vulnerability 678-686
19.5. Remote Code Execution (RCE) 687-689
19.6. File Inclusion (LFI & RFI) 690-694
19.7. JavaScript Attack 695-700
19.8. Authentication Attacks 700
19.8.1. Login BruteForce 700-703
19.8.2. Weak 2FA Bypass 704-705
19.8.3. Bypass Password Reset Broken Logic 705-706
Chapter 20 : Conclusion
20.1. Introduction 707
20.2. Social Engineering 707-708
20.3. Preparing For WAN Attacks 709-711
20.4. Continuous Learning 712-713
20.5. Building A Strong Community 713-714
20.6. Final Thoughts 714-715
20.7. References 716
2 Comments
Where can I get book ? Now I live in South Dagon.
ReplyDeleteဒီစာအုပ်မှာလို့ရသေးလားဆရာ?
ReplyDelete