40+ Free Hacking Tutorials

  Here are some great hacking tutorials and resources that you can explore in your journey to learn hacking:

1. Hacking Tutorials for Beginners By BreakTheSecurity.com

Unless you know how to hack, you cannot defend yourself from hackers. Break The Security(BTS) provides Penetration Testing and Ethical Hacking tutorials. It guides users to get into the PenTesting and Ethical Hacking World.

2. How to learn Ethical hacking By Astalavista.com

You can learn all there is to know about Ethical hacking over here.

3. Penetration Testing Tutorial By Guru99.com

Here you learn Penetration Testing by practice. The goal of this testing is to find all security vulnerabilities that are present in the system being tested. This tutorial takes boredom out of learning and makes education a fun experience.

4. Backtrack Penetration Testing Tutorial

This Backtrack Penetration Testing Tutorial is a penetration testing tutorial using Backtrack Linux. Backtrack is the best penetration testing distribution. Offers some penetration testing programs and these programs will used in this Backtrack Penetration Testing Tutorial.

5. Introduction to Penetration Testing

The difference between penetration testing and hacking is whether you have the system owner’s permission. This tutorial helps you understand this better.

6. Information Gathering with Nmap

This tutorial consists of a series that will give a basic walkthrough of a penetration test. However, many tools on the backtrack distro will not be covered in these and could be asked from the author separately.

7. Simple How To Articles By Open Web Application Security

Series of articles describing how to perform a specific activity that contributes to application security.

8. The Six Dumbest Ideas in Computer Security

Introduces you to the six dumbest ideas in computer security: the anti-good ideas that come from misguided attempts to do the impossible.

9. Secure Design Principles

While there are many specific security practices, they flow from a small set of well-accepted principles. Understanding the fundamental principles puts you in the best position to implement specific practices where needed in your own projects. This tutorial guides you through the same.

10. 10 steps to secure software

The author and security analyst recommends that programmers follow some principles for developing secure software that is today's weakest link.

11. Introduction to Public Key Cryptography

Public-key cryptography and related standards and techniques underlie security features of many Red Hat products, including signed and encrypted email, form signing, object signing, single sign-on, and the Secure Sockets Layer (SSL) protocol. This document introduces the basic concepts of public-key cryptography.

12. Crypto Tutorial

The page contains many crypto tutorials, totalling 973 slides in 12 parts, of which the first 10 (+ part 0) are the tutorial itself and the 12th is extra material which covers crypto politics.

13. Introduction to Cryptography

Deals with the very basics of cryptography.

14. An Overview of Cryptography

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter.

15. Cryptography Tutorials Herong's Tutorial Examples

Collection of notes and sample codes written by the author while he was learning cryptography technologies himself. Topics include blowfish, certificate, cipher, decryption, DES, digest, encryption, keytool, MD5, OpenSSL, PEM, PKCS#8, PKCS#12, private key, public key, RSA, secret key, SHA1, SSL, X.509.

16. The Crypto Tutorial Herong's Tutorial Examples

Easy-to-use, interactive cryptography tutorial. You have the opportunity to learn the secrets of cryptography in 30 lessons without having any background knowledge.

17. Handbook of Applied Cryptography 

This ebook contains some free chapter from one of the popular cryptography books.

18. Network Penetration testing Guide

Risk assessment is a critical first-step in the information security lifecycle. Network penetration testing offers an invaluable way to establish a baseline assessment of security as it appears from outside the organisation's network boundaries.

19. How to hack anything in Java

Many applications in the enterprise world feature thick Java clients. Testing the security of such applications is considered practically more difficult than a similar browser-based client because inspecting, intercepting and altering application data is easy in the browser.

20. Mcafee on iPhone and iPad Security

Mobile application penetration testing is an up and coming security testing need that has recently obtained more attention, with the introduction of the Android, iPhone, and iPad platforms among others.

21. A Good Collection of White papers on security and vulnerabilities

Collection of white papers from different sources and some of these white papers are really worth referring.

22. Engineering Principles for Information Technology Security

The purpose of the Engineering Principles for Information Technology (IT) Security (EP-ITS) is to present a list of system-level security principles to be considered in the design, development, and operation of an information system.

23. Basic Principles Of Information Protection

As computers become better understood and more economical, every day brings new applications. Many of these new applications involve both storing information and simultaneous use by several individuals. The key concern in this paper is multiple use. For those applications in which all users should not have identical authority, some scheme is needed to ensure that the computer system implements the desired authority structure.

24. Open Web Application Security Project

Application security principles are collections of desirable application properties, behaviors, designs and implementation practices that attempt to reduce the likelihood of threat realisation and impact should that threat be realised.

25. Cryptography Course

Learn about the inner workings of cryptographic primitives and how to apply this knowledge in real-world applications!

Websites

26. http://www.astalavista.com/

27. http://packetstormsecurity.com/

28. http://www.blackhat.com/

29. http://www.metasploit.com/

30. http://sectools.org/

31. http://www.2600.com/

32. DEF CON - Hacking conference

33. http://www.breakthesecurity.com/

34. http://www.hacking-tutorial.com/

35. http://www.evilzone.org/

36. http://hackaday.com/

37. http://www.hitb.org/

38. http://www.hackthissite.org/

39. http://pentestmag.com

40. http://www.securitytube.net/

Best Wi-Fi Hacking Tools Ever

 

1. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

-Features :

1. 802.11b, 802.11g, 802.11a, 802.11n sniffing
2. Standard PCAP file logging (Wireshark, Tcpdump, etc)
3. Client/Server modular architecture
4. Multi-card and channel hopping support
5. Runtime WEP decoding
6. Tun/Tap virtual network interface drivers for realtime export of packets
7. Hidden SSID decloaking
8. Distributed remote sniffing with Kismet drones
9. XML logging for integration with other tools
10. Linux, OSX, Windows, and BSD support (devices and drivers permitting)

2. NetStumbler

NetStumbler is a tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It runs on Microsoft Windows operating systems from Windows 2000 to Windows XP. A trimmed-down version called MiniStumbler is available for the handheld Windows CE operating system.

-Used for :

1. Wardriving
2. Verifying network configurations
3. Finding locations with poor coverage in a WLAN
4. Detecting causes of wireless interference
5. Detecting unauthorized ("rogue") access points
6. Aiming directional antennas for long-haul WLAN links

3. WireShark

Wireshark is the world's foremost network protocol analyser. It lets you see what's happening on your network at a microscopic level. It is the de facto standard across many industries and educational institutions.

-Features :

1. Deep inspection of hundreds of protocols, with more being added all the time
2. Live capture and offline analysis
3. Standard three-pane packet browser
4. Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
5. Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility

4. AirSnort

AirSnort is a Linux and Microsoft Windows utility (using GTK+) for decrypting WEP encryption on an 802.11b network. Distributed under the GNU General Public License,[1] AirSnort is free software. However, it is no longer maintained or supported.

5. CoWPAtty

CoWPAtty automates the dictionary attack for WPA-PSK. It runs on Linux. The program is started using a command-line interface, specifying a word-list that contains the passphrase, a dump file that contains the four-way EAPOL handshake, and the SSID of the network. 

Topmost Hacking/Security Tools

 

1. Nmap: 

Nmap is the most popular one, recently evolved into the 4.x series. Nmap or Network Mapper is a free open source utility which is used for network exploration or security auditing. It can scan large networks rapidly, and it can work fine against single hosts too. Nmap uses raw IP packets to determine the availability of hosts on the network, and their service. Nmap also determines what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and several other characteristics too. Nmap is compatible with most types of computers and both console and graphical versions of this tool are available. Nmap is free and open source and it can be used by beginners as well as pros. Download Nmap here.

2. Nessus Remote Security Scanner: 

Nessus is a closed source option now, though it comes for free. Nessus, which works with a client-server framework, is the world’s most popular vulnerability scanner and it is used across 75,000 organizations world-wide. Nessus helps in effective cost-cutting when auditing is done for business-critical enterprise devices and applications. Download Nessus here.

3. John the Ripper: 

John the Ripper is a fast password cracker which is available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Primarily it detects weak Unix passwords and it also supports Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, along with several more with contributed patches. Download John the Ripper here.

4. Nikto: 

This is an Open Source (GPL) web server scanner. It performs comprehensive tests against web servers for multiple items, and the list includes over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Updates are made frequently to scan items and plugins. Nikto is a good CGI scanner. Get Nikto here.

5. SuperScan: 

SuperScan is a powerful TCP port scanner, pinger and resolver and an update, SuperScan 4, has arrived recently. If you are looking for an alternative to nmap on Windows with a decent interface, Ithen SuperScan is highly recommended which you can download here.

6. p0f: 

P0f v2 is a versatile passive OS fingerprinting tool which has some basic requirements to identify the operating system like machines that connect to your box (SYN mode), machines you connect to (SYN+ACK mode), machine you cannot connect to (RST+ mode) and so on. Basically this tool can take fingerprint of anything but no active connection is made with the target machine. Get it here.

7. Wireshark (Formely Ethereal): 

This is a GTK+-based network protocol analyzer which lets you capture and interactively browse the contents of network frames. Wireshark aims to create a commercial-quality analyzer for Unix and it works great on both Linux and Windows (with a GUI). It's quite user-friendly which can reconstruct TCP/IP Streams. Download it here.

8. Yersinia: 

Yersinia is a network tool which is designed in a way so that it can take advantage of some weakness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, certain network protocols are implemented like Spanning Tree Protocol (STP), Dynamic Trunking Protocol (DTP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, VLAN Trunking Protocol (VTP) and more.Download Yersinia here.

9. Eraser: 

Eraser is an advanced security tool, primarily for Windows, and it allows you to completely remove sensitive data from your hard drive. It gets overwritten several times with carefully selected patterns. Eraser is compatible with Windows 95, 98, ME, NT, 2000, XP and DOS. It is a Free software and its source code is released under GNU General Public License. Eraser is an excellent tool which keeps your data safe anyhow. Download Eraser here.

10. LCP: 

LCP program mainly focuses on user account passwords auditing and recovery in Windows NT/2000/XP/2003. Its other specialisations include accounts information import, passwords recovery, brute force session distribution and hashes computing. LCP is a good free alternative to L0phtcrack. Get LCP here.

11. Cain and Abel: 

This is one of the most famous password cracking systems across the world. Cain & Abel is a password recovery tool used for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by just sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations and so on.Download this program here.

12. Kismet: 

This is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet is compatible with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. It is also a good wireless tool as long as your card supports rfmon. Download here.

Courtesy: Darknet.org.uk