Tuesday, March 22, 2011

#1 – Essential Frugal Hacker's Toolkit


For those of you who don't know me, I'm a network security analyst and project manager. I lead a team of network security analysts whose job it is to perform vulnerability assessments for the Department of Defense and to perform penetration tests for some commercial customers. Not only do I lead my team and work the contracts/business side of the house, a lot of the time I find myself on the ground at testing sites, working side by side with my employees. I am a competent tester and a very technical person, so
when scheduling conflicts arise and my team can't cover testing completely, I step in and lend a hand. Previous to this gig, I worked as a UNIX administrator for nearly fifteen years and managed a 1500
workstation hospital's mixed-technology network. I know Windows. I know Linux. I know (some) Cisco. I know SQL. I've programmed web applications in Perl, Javascript and PHP.

Basically, I'm a technology hound. I like to know how things work and I don't stop researching until I
find a satisfactory answer.

But I'm not a celebrity chef. And I'm not Stephen King. I'm not rich. I live day to day on a budget. And
I'm guessing that if you are reading this, then you do, too. After all, not everyone is lucky enough to have a limitless cash flow. 

In essence, I have to hack on a dime budget. I tend to piece together my computers and I rarely pay for

software (I don't pirate, I simply don't buy Microsoft Windows, if, in fact, I don't need it). I like to keep my dollars where they belong—in my own wallet, not someone else's.

So, with a frugal wallet in mind, I've put together what I feel is an essential hacker's toolkit. I've

included in it a small array of hardware, some specialty, some not and I'm here to tell you from the get-go that there will, indeed, be holes in our toolkit. There are some tools that simply cost too much
to seriously think about including in a frugal hacker's toolkit. And, if I'm totally honest, there will probably be tools that pop up along the way that we'll simply add to our toolkit. (I mean, the chances
that I'll remember everything right at the time of writing are slim to none)

Since we're frugal (and not flat broke), we are going to spend a little money here and there.

However, what money we do spend, will be done for a reason: to easily get us results. Since we're hackers, we're lazy, right? And who really wants to sit and spin crucial cycles making a free/incredibly
cheap piece of hardware to work when we can spend a quick $30 and get that piece of hardware to work within a few minutes? I don't know about you, but I'll dish out a couple of bucks to save myself a headache and hack into a system faster.

So where do we start? Well, the following list is my starting point. Whenever I build a hacking toolkit, this is the checklist of equipment I usually pull together. Let's go over it, shall we?


Here's what you're going to need to amass in your collection. I've been able to piece together most of
this kit from castoffs at my job. If you're job has an IT department, you might be able to get friendly with a tech and luck into a late model in the discard pile, as well. 

Let's start, shall we?

  1. A Late Model Laptop (Use the following specifications as a guideline. You can vary with any
    particular component, but try to stick close to the specs. You'll get the best experience if you keep the hardware modern—not necessarily new or the latest and greatest, just modern)
  • 80GB Hard Drive (or larger)
  • 1GB – 2GB RAM
  • CD/DVD ROM Drive (A writer is not
  • Built-In Wireless Card capable of
    being put into “monitor mode” (see below) OR
  • PCMCIA slot/USB slot for wireless
    card that can be put into “monitor mode”
  • Ethernet Cable Port
  • Multiple USB Ports
  1. A wireless card that is capable of being put into “monitor mode” (more on what “monitor
    mode” means later, but for now, stick to any wireless card that has the following chipsets built into it). Other than the actual laptop, this is where you want to spend some actual money. Not a lot
    of it, but some.
Wireless Chipsets to research:
  • Atheros (AR5XXX, AR9XXX)
  • Broadcom (B43XX Family)
  • Intel Pro Wireless and Intel Wifi
    Link (Centrino)
  • Ralink (RT2X00)
  • Realtek (RTL8187)

  1. Two or three Ethernet cables – you never know when things break
  2. A USB Bluetooth Adapter
  3. A small, inexpensive hub – we're going to use this for wired network sniffing
  4. Two or three USB flash drives (sticks are the most preferable option here: 4GB-8GB, nothing more)

Basically, to demonstrate to you that I'm practicing what I preach, I'll be piecing together my own kit and documenting it all along the way. So, throughout these lessons, you'll see what I see and you'll learn what I learn. This will be an in-depth look at penetration testing techniques, skills that you'll need to hack a network and the tools you can use to evaluate a given network's security.

Also, some essential reading that I think you'll find interesting is listed below. I'll be drawing from a lot of reference material and some of these books will contain in-depth data for us, as hackers.

HACKING EXPOSED 6 by Stuart McClure, Joel Scambray, and George Kurtz
HACKING EXPOSED WIRELESS by Johnny Cache, Joshua Wright, and Vincent Liu
THE DATABASE HACKER'S HANDBOOK by David Litchfield, Chris Anley, John Heasman and Bill Grindlay
THE WEB APPLICATION HACKER'S HANDBOOK by Dafydd Stuttard and Marcus Pinto
OFFICIAL CERTIFIED ETHICAL HACKER REVIEW GUIDE By Steven DeFino, Barry Kaufman, Nick Valenteen and Larry Greenblatt
THE ART OF DECEPTION by Kevin Mitnick and William L. Simon
THE ART OF INTRUSION by Kevin Mitnick and William L. Simon


  1. "i am [..] a very technical person"
    So please, delete all your lines feed when you copy-paste your text...

    1. INSTEAD OF GETTING A LOAN, CHECK OUT THE BLANK ATM CARD IN LESS THAN 24hours {blankatmhaker@gmail.com}

      Am Mark Oscar,I want to testify about Jack Robert blank ATM cards which can withdraw money from any ATM machines around the world. I was very poor before and have no hope then I saw so many testimony about how Jack Robert send them the ATM blank card and use it to collect money in any ATM machine and become rich. I also email him and he sent me the blank card. I have use it to get 70,000 dollars. withdraw the maximum of $5,000 daily. Jack Robert is giving out the card just to help the poor. Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email Him on how to get it now via: blankatmhaker@gmail.com or call/Text on +1(406) 350-4986

  2. What? i think he is REAL, keep it up man, i like read yours

  3. Real Hackers use Linux.

    Up to date laptops? pah. Newer model laptops are more likely to have hardware tracking in them (stuff that tracks not only the HDD if you get my drift).

    So unless you're willing to part with it (dump it) when your hacking is done (even if you're using someone else's connection) the older laptop the better.

    You don't need a Quad Core, 6GB RAM loaded 1GB Graphics card packed Laptop for hacking, Just something that's reasonable. You're not playing Crysis, just running programs.
    A fast internet connection is more important than a blistering fast computer.

    Otherwise, good information here.

  4. Hey Drew- thanks for creating this blog! I'm relatively new to security penetration testing, and this blog guide is excellent.

    Regarding the essential reading recommendations you make above, I just purchased the first on the list (Hacking Exposed 6), for about $12 on half.com (they want over $30 for it new!), and was wondering if that will suffice for now or do we need the rest of the listed literature.

    Anyways, I'm onto the next blog about installing backtrack. I have a Win 7 with Ubuntu installed as a virtual machine within VirtualBox. My laptop is a desktop replacement, so it is pretty powerful- do you think it will be fine for me to use it for my "hacking" adventures, or should I get a cheaper, older model that will only have backtrack installed on it?


  5. Why a laptop? Why not desktops?

  6. Hi,

    This is one cool blog so big up on hard work!
    I think you need to add "Wireshark Network Analysis - Second Edition" to the reading list.



  7. BEST WAY TO HAVE GOOD AMOUNT TO START A GOOD BUSINESS or TO START LIVING A GOOD LIFE..... Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email (williamshackers@hotmail.com) for how to get it and its cost . .......... EXPLANATION OF HOW THESE CARD WORKS.......... You just slot in these card into any ATM Machine and it will automatically bring up a MENU of 1st VAULT $1,000, 2nd VAULT $5,000, RE-PROGRAMMED, EXIT, CANCEL. Just click on either of the VAULTS, and it will take you to another SUB-MENU of ALL, OTHERS, EXIT, CANCEL. Just click on others and type in the amount you wish to withdraw from the ATM and you have it cashed instantly... Done. ***NOTE: DON'T EVER MAKE THE MISTAKE OF CLICKING THE "ALL" OPTION. BECAUSE IT WILL TAKE OUT ALL THE AMOUNT OF THE SELECTED VAULT. email (williamshackers@hotmail.com). We are located in USA.

  8. Hello everyone, this message is only for people that live in united state if you are interested in credit card top up email us via: jameshacker157@gmail.com we only need people that are very faithful and you will also gain from this alot.

  9. I read this blog this is an excellent information about ethical hacking, learn Ethical Hacking Online Course