Saturday 14 May 2011

How To Become A Hacker ?

First of all i want to make one thing clear to you that hacking is not an art that can be mastered overnight. It requires knowledge, skills, creativity, dedication and of course TIME. Everyone can become a Hacker provided they learn it from the basics. So if you wanna become a hacker, then all you need is a good source that will teach you hacking from the basics.

Who is Hacker?
The term hacker is used in popular media to describe someone who breaks into computer systems. 

Types of hacker?

1.Black hat hackers:
Black-hat hackers (also known as crackers) are the ones who write virii, destroy data, and deface websites along with other illegal activity. This type of hacker will not end up at a very good job due to a bad reputation, and usually ends up in jail for a long period of time.

2.White hat hackers:

White hat hackers, also known as "ethical hackers," are computer security experts, who specialize in penetration testing, and other testing methods,
to ensure that a company's information systems are secure. Such people are employed by companies where these professionals are sometimes called "sneakers

3.Grey hat hackers:
Grey-hat hackers are borderline white/black hats. They sometimes prank unsuspecting users and cause general mayhem. While they think this kind of activity is harmless, they may face long periods of jail time, and rejection

How to become a professional hacker?

In order to become a professional hacker one must know types of hacking attacks,There are a lot of different attacks but I'm going to cover some of these
Eavesdropping -
This is the process of listening in or overhearing parts of a conversation. It also includes attackers listening in on your network traffic. Its generally a passive attack, for example, a coworker may overhear your dinner plans because your speaker phone is set too loud. The opportunity to overhear a conversation is coupled with the carelessness of the parties in the conversation.

Snooping
This is when someone looks through your files in the hopes of finding something interesting whether it is electronic or on paper. In the case of physical snooping people might inspect your dumpster, recycling bins, or even your file cabinets; they can look under your keyboard for post-It-notes, or look for scraps of paper tracked to your bulletin board. Computer snooping on the other hand, involves someone searching through your electronic files trying to find something interesting.

Interception -
This can be either an active or passive process. In a networked environment, a passive interception might involve someone who routinely monitors network traffic. Active interception might include putting a computer system between sender and receiver to capture information as it is sent. From the perspective of interception, this process is covert. The last thing a person on an intercept mission wants is to be discovered. Intercept missions can occur for years without the knowledge of the intercept parties.

Modification Attacks -
 This involves the deletion, insertion, or alteration of information in an unauthorized manner that is intended to appear genuine to the user. These attacks can be very hard to detect. The motivation of this type of attack may be to plant information, change grades in a class, alter credit card records, or something similar. Website defacements are a common form of modification attacks

Denial of service attack:
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking.

Dictionary attacks: 
A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary.

Brute force attacks: 
Brute Force Attack is the most widely known password cracking method. This attack simply tries to use every possible character combination as a password. To recover a one-character password it is enough to try 26 combinations (‘a’ to ‘z’). It is guaranteed that you will find the password.

Replay Attacks -
These are becoming quite common, This occur when information is captured over a network. Replay attacks are used for access or modification attacks. In a distributed environment, logon and password information is sent over the network between the client and the authentication system. The attacker can capture this information and replay it later. This can also occur security certificates from systems such as kerberos: The attacker resubmits the certificate, hoping to be validated by the authentication system, and circumvent any time sensitivity.

Common email hacking methods:A person cant become a professional hacker without knowing about common email hacking methods
1.Phishing
2.Keylogging
3.Javascripts
4.Bruteforce
5.Primary email adress hack

Hack Websites Using Havij

Warning :- This article is only for educational purposes, By reading this article you agree that this blog is not responsible in any way for any kind  of damage caused by the information provided in this article
 
According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive information like (User Name , Passwords) to access the site and Hack it.One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.


Step1: We will use google dorks to find the vulnerable websites, there is a big list of google dorks  which I will post in my future articles but at this time we will only use the following:
            inurl:index.php?id=
            inurl:trainers.php?id=
            inurl:buy.php?category=
            inurl:article.php?ID=
Just search google using one of the dork and you will see a lot of vulnerable websites.

Step2: Open any one of the website than put  after the link look:
If you get the following SQL error, that means the website is vulnerable to SQL-injection attack.  

Step3: Find SQL injection Vulnerability in tour site and insert the string (like http://www.target.com/index.asp?id=123) of it in Havij as show below.




Step 4: Now click on the Analyse button as shown below.




Step 5: Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:



Step 6: Now click on the Tables button and then click Get Tables button from below column as shown below:



Step 7: Now select the Tables with sensitive information and click Get Columns button.After that select the User name and Password Column to get the User name and Password and click on the Get Table button.
Step 8: Normally web server uses MD5 encryption technique, you have to decrypt this password use havij option MD5 or other MD5 decryption tools.
Step 9:After decrypting the password, you have to find the admin login page of the website. To do that use Havij options.
Step 10: Now you can login as the admin user and control the website as you want
Countermeasures:
1.Renaming the admin page will make it difficult for a hacker to locate it


2.Use a Intrusion detection system and compose the signatures for popular SQL injection strings

Warning :-

This article is only for educational purposes, By reading this article you agree that this blog is not responsible in any way for any kind  of damage caused by the information provided in this article.

How To Crack Windows Admin Password

Some times it necessary to know admin passwords in schools ,colleges to log in with admin privileges to do various things

There are many way to crack passwords. But in this tutorial I will explain a very basic method using a single tool to crack windows password .

Things we need :

1.
Pwdump or Fgdump to extract password hashes

In this tutorial I will be using Pwdump 


Extracting Password hashes :-

1. Open My computer and go to C:\Windows\system32 . now place the Pwdump file which we download earlier

2. Now open command prompt and navigate to C:\Windows\system32 \Pwdump

Using cd command and click enter

 Example :-

Cd C:\Windows\system32 \Pwdump

3. Now you can see a list of Pwdump commands as shown




4. Now enter pwdump - localhost >>“ destination of output file “ (for 32 computers) and pwdump -x localhost >> “destination out put file “(for 64 bit computers )


Example :-

Cd C:\Windows\system32 \Pwdump localhost >> C:\hashes.txt

Cd C:\Windows\system32 \Pwdump -x localhost >> C:\hashes.txt





5. Now open  the Out put  file  you can see the names of the different  users with password hashes Now copy the hashes  corresponding to the admin account

Cracking The Hashes
Considering that we are in school/college were we cant use tools to crack passwords so as an alternative we are using online password cracking sites

1. Go to online password cracking sites like www.cracker.offensive-security.com , www.onlinehashcrack.com and paste the hash select hash type as LM and click decode

2.By this way we are able to crack windows password using a single tool

Note:- If your not able to crack password hashes online use tools like john the ripper to crack password hashes . You can even copy the hashes and decoded it in your house

download john the ripper

How To Delete Your Friend's Facebook Account

This tutorial is education purpose only, once deleted profile can never
be recovered.
This is an extreme example of Social Engineering technique, we need following things to do so.
1.     Victim’s profile link ( you can get it easily )
2.     His/Her Email which he/she uses to sign in
3.     His/Her birth date which he/she has used in the profile
4.     Make an Email ID on gmail or yahoo with the first name and last name same as on victim’s facebook profile.


Now you will get this screen




a)Enter details. In the place of ‘ email address where you can be contacted enter the fake email u created.

b)You will get a email on that ID in which facebook people will ask your problem. Reply to them that you are XYZ ( victim’s name ) and you cant access your facebook account. Also you have lost access to your Email Address associated with the account. You don't know what to do now. The hacker is coming online regularly and using your account.

c)Next Day or Same Day you will get an Email that your account is disabled

 

Make free calls from computer to any mobile



Make free CALLS from computer on Telephone (100 % free) !
Using this VOIP program, you can call landline numbers in any country for FREE.

FreeCall is still a Freeware app but you only get 300 minutes a week.
To bypass this restriction:

Keep the setup.exe. Freecall’s protection system is quite flawed, when the program announces you cannot use any more minutes = Uninstall and reinstall and it will reset your 300 minutes which only takes a moment.

A)You MUST make an account with the program when it loads up. Then when your logged in (it will say at the bottom: ‘The client is logged on’)

B)Go to the dial pad TAB, ignore the on screen buttons, at the bottom type in your number and remember you need to add country codes at the beginning – NO spaces in the number either.

C) And it does do all countries for free – i’ve used it from NZ to england, USA, Spain and Aussie and they used it back.

D) If it didn’t work, you need to check your firewall settings etc, this is an obvious but a program like this needs full access.



How to Find Someone Else IP Address through Yahoo Messenger?

or Internet Protocol address is like the address of yours when you are connecting to the internet. Usually IP address contain the Information of your location and else.
To find out someone IP Address using Instant Message in Yahoo Messenger, the steps should be like this:
First Make IM / PM with the target and built Peer to Peer Connection with him. Usually, Peer to Peer Connection would stand if you Send him a Picture or Webcam.S econd. Open your Commant Prompt Windows using Start :: Run :: cmd. Command Prompt Windows while you sending the file or Picture to the target type netstat -a or netstat -n

Then you should be appears the list of connection of yours. Find the port 80 or 81 that usually used to make a Peer to Peer connection in Yahoo Messenger. Remote Port 5100 for Webcam and Voice Chat usually use 5000 and 5001. Ther Right of the Port is IP Address, if the port is like what I told you above, the the IP in front of it should be the IP address of him!
Keywords:
how to find an ip address from someones webcam,how to trace who one is chatting with using yahoo,how to trace webcam,how to trace someone through yahoo IM,how to trace people location at ym with ym,how to trace ip addresses through yahoo messenger,how to trace ip address using yahoo messenger,how to trace ip address through yahoo messenger,how to trace ip address in yahoo messenger by sending picture,how to trace instant messenger,how to trace an ip address through yahoo messenger,how to track ip address using yahoo,IP address yahoo messenger cam,locate ip of yahoo chat message,yahoo messenger track location,yahoo messenger how to tell if someone is talking to someone else,yahoo messenger connection to someone else,who else is on yahoo messenger,track someone using yahoo,track someone through yahoo messenger