The Phrack ezine – Electronic hacking culture magazine

What is Phrack ezine?

In the 1980s and 1990s, the hacking culture was gaining momentum. Coinciding with the same era, Phrack ezine was introduced as an aid for Hackers worldwide. 

Phrack ezine is an electronically operated underground magazine written by hackers. It is specially written for computer security professionals and hackers. It holds special significance in the hacking culture and is one of the oldest and longest running hacker magazines. Since the early days of hacking culture, Phrack ezine is considered as one of the most essential sources of information for hacking professionals.

This magazine is open for contributions from writers and hackers who are eager to publish their work and share their unique ideas of the area of interest. 

Origin and founders:

The first edition of Phrack ezine was published on 17 November 1985. It was founded by two people, better known by their pen names, Taran King and Knight Lightning. Both of the founders also did most of the editing for their magazines and edited upto 30 articles. Initially these editions were published in a bulletin board called Metal shop where Taran King worked as an administrator. Later, the editions were widely copied by other board systems. The headquarters of Phrack are located in Austin, Texas. 

Sum and substance

Phrack provides insight on the following subjects and topics to the hacking community:

  • Phreaking: Phreaking is the process to hack, experiment and explore telecommunications. 
  • Software Cracking: This is the process of altering a software to disable or remove features.
  • Hacking: This is a method by which computer experts can obtain unauthorized access to another computer, software or data.
  • Computer security: It is gaining protection against theft and damage in computer networks and softwares.
  • Cryptography: It is conversion of plain or simple data into encrypted code messages to prevent third-party interventions.

With all these topics discussed in Phrack, it was considered a guideline for the hackers and was also called a handbook and manifesto for all hackers.

The regular editions of Phrack ezine also contain news and updates of the hacker community, they also featured an influential hacker from underground and testimonies of hackers all over the world.

Legal trials

Phrack ezine had to encounter a legal challenge in February 1989. The contributors and editors of Phrack reprinted some confidential data information of BellSouth computers. This document was known as E911 which was worth $80,000. Knight Lightning was arrested and charged with fraud. A legal trail occurred. However, soon it was proven the document E911 could be bought for over $13 over a phone call at BellSouth. The case collapsed and Phrack ezine continued to thrive until 2005. 

It was declared Phrack was coming to an end with its 63rd edition. However, the 64th issue was published in 2007. 

Famous Articles of Phrack

Some of the most notable publications of Phrack include:

  • The Hacker manifesto:

It is written by a renowned hacker and computer security professional, The Mentor, as a guide for amateur hackers.

  • Smashing The Stack For Fun And Profit:

Written by an eminent computer scientist, Aleph One, this article gives an introduction and guide to stack buffer overflow.

  • The Art of Scanning:

This article by Fydoor introduced the audience with scanning options and tools of nmap Internet. 

Phrack ezine gained popularity in the initial years. It continued to grab public eye-balls with it’s interesting issues and headlines it made everyday. Lately, it has been irregular with it’s publications yet it achieved a milestone in the history of hacking culture. In years to come, we can hope for the revival of Phrack ezine. 

Ethical Hacking testing – USB Rubber Ducky

What is USB Rubber Ducky?

There is a surfeit of devices available in the market for pentesting and hacking devices and systems. These devices are usually designed to facilitate ethical hacking and fortify the security of your device and networks. 

USB Rubber Ducky is a human interface gadget that resembles a USB pen drive. However, it is used for penetration testing and hacking. 

How does a USB Rubber Ducky work?

You must be wondering how this little device conducts the enormous pentesting and hacking tasks.

USB Rubber Ducky acts like a Human Interface device just like familiar devices that include keyboards, mouse and joysticks. It behaves like an interface between the computer and the human. Thus, it cannot be detected by computers. Any anti-virus systems or firewalls cannot even notice it. 

USB Rubber Ducky acts like a keyboard has keystrokes by default, which are enabled automatically as soon as it connects to laptops or computers. It enacts the commands given by the user. The commands used are called payloads. Payloads are unique codes used by hackers. The payload used by USB Rubber Ducky is written in Ducky Script. The device runs at a swift speed of 1000 words per minute and steals the targeted user’s data. 

What does USB Rubber Ducky consist of?

The USB Rubber Ducky consists of the following parts that help it accomplish its tasks efficiently:

MicroSD card:

MicroSD cards store all the payloads and ducky scripts. When the device is connected to the targeted device, it steals the data using the payloads saved in the MicroSD card. The payloads saved here are transferred to the keyboard adapter for creating keystrokes. 

MicroSD-to-USB adapter:

This is a mini plastic USB dongle used to mount the MicroSD card on the device as a regular USB device to transmit the payload. 

Mini keyboard adapter:

This is a tiny silicon chip that inserts a MicroSD card on it. The keyboard adapter is responsible for sending keystrokes to the device. 

Once you have USB Rubber Ducky in your hands, you need to create your first payload to get started by installing Duck Encoder. 

To create your payload through the Duck Encoder, fit the microSD card in your computer and make your payload using Ducky scripts. Once your payload is ready, you are prepared to use the device. 

Key Features of USB Rubber Ducky:

The Key features and advantages of the USB Rubber Ducky includes:

  • This device is usually used as a key injection tool for commanding keystrokes. These keystrokes might vary in nature. Those employed in ethical hacking are positive keystrokes, while those used for illegal data thefts are negative.
  • The device is also used for scrutinizing the vulnerabilities and weaknesses of the targeted system. 
  • Once you are aware of the vulnerabilities of your system, you can increase your system security. 
  • The device is quick and efficient, capable of sending 1000 words per minute. 
  • The security system of your system is also unable to detect the device. Therefore, there is no hindrance while using the USB Rubber Ducky.

Conclusion:

USB Rubber Ducky can quickly get you the required credentials and essential data at lightning speed with few keystrokes and at a cheaper rate. Hence, It is a highly recommended pentest tool.

Wifi Pineapple

WiFi Pineapple uses and its latest version

What is WiFi Pineapple?

Hacking culture and data thefts have prevailed in our society with the advent and rapid progress of technology. It has become increasingly essential for us to secure our data. For our convenience, various network security administrators are working to ensure the safety of the users. They conduct pentesting tasks that are similar to ethical hacking. These tests help to scrutinize and analyze the security system’s vulnerabilities and weaknesses, which allows the illegal hackers in the system exploitation. 

Penetration tests are easily carried out with the help of WiFi Pineapple

WiFi Pineapple is a wireless auditing device from Hak5 that helps ethical hackers or security administrators to conduct pen-testing. 

WiFiEngineers of Hak5 created WiFi Pineapple in 2008 to facilitate security admins and make advanced pentesting convenient.

Working of a WiFi Pineapple

WiFi Pineapple works in a relatively simple way. The device behaves as a hotspot honeypot and acts as a man in the middle. It stays transparent to the user. The user connects to the honeypot, not the actual wireless access. It inspects the data flow between the user and the network. The honeypot then transmits the SSID of the wireless location you have connected to. You may also Know: Religion Uses Technology To Influence and Control

The other way that WiFi Pineapple works is by artificially connecting you to a WiFi hotspot you might have used in the past. It might be your workplace WiFi or home WiFi. The device examines all the WiFi access points and tricks the user to automatically connect to the fake WiFi without revealing the actual SSID or network number. The user assumes they have connected to it in the past since the auto-connect feature is enabled. After the user is connected to the WiFi, the WiFi Pineapple collects all the required information, including the network SSID and other data. 

Uses of WiFi Pineapple

WiFi Pineapple is used for the following purposes:

Penetration Testing:

WiFi pineapple is used for Penetration testing. The features offered by the device are easily accessible and powerful. Users can easily download the suite of testing modules called PineAP. It provides logging, tracking, and reporting tools that can efficiently conduct the MitM attacks. 

Various companies hire professionals to carry out pentesting to audit their network and secure their networks. 

With tools provided by WiFi Pineapple, pentesting is convenient.

Hacking:

When the WiFi Pineapple gains access to the targeted network, it can even hack the user’s device, including the personal information and passwords. Therefore, the users must not connect to public networks or use a VPN. 

The latest version of WiFi Pineapple

Hak5 has come up with a brand new version of WiFi pineapple device called WiFi Pineapple Mark VII. The latest version offers impeccable performance ranging from an easy-to-use user interface with a massive application ecosystem, supercharging your workflow. It also allows penetration testing and Cloud C2 for obtaining remote access to a device not within your range from anywhere. It also makes MIT attacks easier. Another impressive feature of Mark VII is, it doesn’t need any software installation. It is now accessible on Windows, OS, and Android.