Solemn Statement: This article is for technical exchange only and must not be used for illegal activities.
In many movies and TV shows, the main character always has a computer expert by their side: these individuals can hack into the villain’s network, breach security defenses, crack passwords, and obtain important documents in mere minutes. Their computer screens are filled with incomprehensible graphics and numbers, and the only thing you can understand is that progress bar, which, accompanied by tense background music, slowly approaches 100%…
Does the above scene and trope seem familiar to you?
Hackers in film and television are, of course, exaggerated and dramatized, but hackers in the real world also have a suite of tools at their disposal. Here, I have compiled a list of 20 commonly used tools. With these, you too can transform into a computer expert and become the focus of attention.
Below, we introduce ten commonly used hacking tools from both the system terminal perspective and the network side.
System terminal tools are mainly used for purposes such as reverse engineering and cracking.
Debugging tool, abbreviated as OD, is quite popular in the community. Its hacker-like interactive interface and rich, convenient debugging features make it a first-choice tool for software cracking enthusiasts.
WinDbg is also a debugging tool from Microsoft, with less flashy interfaces but a powerful kernel. It comes with a set of powerful debugging commands, and while those accustomed to GUI debugging tools may find it a bit awkward at first, you will absolutely love it after some time.
Its most distinctive feature is that it can perform kernel driver debugging combined with VMware virtual machines. It can also be used to learn operating system kernels, making it an essential tool for driver enthusiasts.
IDA is absolutely a top-tier tool in the community, a powerful disassembly engine with source code-level function building plugins, essential for reverse engineering and analysis.
Function call execution flowchart mode:
Supports analysis of multiple operating systems such as Windows, Linux, and OSX, and instruction sets like x86, x64, ARM, and even Java bytecode.
This tool is less well-known compared to the above ones. It is used to monitor function call situations of target processes, allowing you to monitor any process of your choice, viewing the key system functions they call, along with corresponding parameters and return values.
If the monitoring target is not clear, and you want to find out which process is doing something bad, ProcMon can be useful. It loads into the OS kernel through drivers, achieving comprehensive system monitoring where no process behavior can escape its eyes, making it a common tool for detecting host activity.
Windows’ built-in task manager is too weak; this is a brand-new enhanced version of the task manager, a full name Process Explorer. It often comes paired with the above-mentioned ProcMon as brother software.
PCHunter is a domestic software, its predecessor being Xuetur. It’s a Swiss army knife for monitoring system security on the Windows operating system.
PCHunter can help you eliminate processes that the task manager cannot, reveal hidden processes, driver programs, detect keyloggers, and examine if any malicious programs are modifying kernel code, among other things.
This is a tool for reverse engineering applications on the Android platform. From the name alone, you can tell that it can convert executable dex files within an Android APK package into jar files.
Once converted into a jar file, how do you view the Java source code? This is where jd-gui comes in, achieving decompilation of Java bytecode back into source code, with quite high readability.
After hackers breaching your computer, they usually obtain your username and password to keep coming back. Usernames are easy to get but computer passwords?
This famous tool developed by foreign experts, Mimikatz, can do it. Once executed, it can find your password stored in your computer’s memory—isn’t that terrifying?
The tools in the network section are even more impressive; connecting to the network means stepping out of your computer and into a much wider space.
WireShark is a well-known tool, known even outside the security industry. As a regular back-end development engineer, mastering network data packet capturing is a basic skill.
WireShark is a powerful packet capture tool supporting field decoding for almost any communication protocol you can think of. Through it, the data flowing through the network becomes translucent and obvious.
Fiddler is also a packet capture tool, differing from WireShark’s pure packet capture analysis—it leans more towards web traffic based on the HTTP protocol. Its HTTP protocol decoding support is better, and it is easier to use.
Moreover, Fiddler has another important function: it can set up proxies, commonly used to analyze encrypted HTTPS traffic.
Before network penetration, a critical step is to gather information, understanding what services the penetration target has enabled and what version the software is running. With this information, you can choose which vulnerabilities to exploit.
Nmap is a well-known network scanning tool, invoked in Linux via command line, with a visual interface called Zenmap. It analyzes targets’ information by initiating network data packet detection.
Netcat, known as the Swiss army knife of network tools, is a powerful, widely-used tool for network penetration.
Netcat command shorthand nc, through which you can do:
- Port scanning
- Network communication
- File transfer
- Encrypted transmission
- Disk cloning
- Remote control
- …
In short, the Swiss army knife will never let you down, an excellent assistant for your work!
Nessus, proclaimed as the world’s most popular vulnerability scanning tool, comes with a rich vulnerability signature library; the graphical interface reduces operational difficulty.
SQL injection is one of the most common vulnerabilities in web server applications. Tools for launching SQL injection attacks abound, with SQLMap being one such tool. Its extensive parameters provide strong injection capabilities.
However, since it operates via command line, it’s not as easy to use as some foolproof graphical tools.
Hydra, this name may sound very familiar; that’s right, it’s from the Marvel universe’s Hydra. The name itself sounds commanding; it’s an automated cracking tool supporting numerous protocols including POP3, SMB, RDP, SSH, FTP, POP3, Telnet, MYSQL, and more. It can easily defeat most weak passwords.
Metasploit is the most widely used tool for network penetration. To call it a tool is somewhat inaccurate; it is more of a platform, a workshop, offering numerous tools within, through which you can complete almost every stage of the hacking process, from information gathering, probing, scanning, vulnerability attacks, to data transfer.
This is claimed to be the scariest “search engine” on the internet. Note that it differs from regular internet content search engines like Baidu and Google, as it targets computers, phones, cameras, printers, and other tangible network devices.
Shodan, Chinese translated as “Satan,” constantly crawls the entire internet’s information, analyzing these network-connected devices.
Inspired by Shodan, Zhizhi Chuanyu in China has created a similar product: The Eye of Zhongkui, English name zoomeye.
You can search any IP address, website, or other information on Zoomeye, and it will inform you about the IP: which world location this IP is in? What kind of host is behind this IP?
With Github as an example, let’s see the distribution of GitHub’s servers:
It appears the servers are mainly in the U.S. Let’s click the first one to explore:
Geographical location, open port services—it tells you everything.
These are all great tools, but they must not be used for illegitimate purposes. Especially with the introduction of the Cybersecurity Law, you can no longer casually pick up tools and start scanning here and there or find yourself programming from prison.
This article is part of the Tencent Cloud Self-Media Synchronization Exposure Plan, shared via a public WeChat account. Originally published: 2020-04-29, if you experience infringement, please contact [email protected] for removal. SQLTCP/IPHackerFiddlerHTTP
https://cloud.tencent.com/developer/article/1626842
“`