Saturday, June 25, 2011

HACKING TECHNIQUES UNVEILED


HACKING TECHNIQUES UNVEILED.
Protect Yourself From Ethical Hackers.


                
INTRODUCTION:

Hi, since im just beginners in this topic please bear with the amateurish writing.

We see  millions of people going to different forums and websites and asking "how do i hack an email?", "Can you hack blah for me?” So thought to create a tutorial which will give you the basic idea about what the heck is a "HACK", and how to DEFEND YOUR SELF AGAINST HACKERS.

I do not take any responsibility if you use this tutorial in unethical way. This is written to help you to beware of what’s going around, and save your self by not being hacked!

BACKGROUND:

Hacking started way too far when the windowsd 98 was designed. Hacking is basically finding out the loop holes and trying leak some information out of it, which may lead you to get some critical information like passwords, credit card details. Sometimes hacking is done just because of the personal offenses.

INITIALIZATION:

Getting back to the main point, I am going to discuss some of the ways of hacking in brief. Hacking is basically bifurcated in 2 major parts.

 1. Email or the user information
 2. Web based hacking.

Email or user information:

These days the most commonly used and famous way of hacking user information like Emails, Passwords, Credit card details. Once a personal email is hacked the hacker gains access to all other social networking sites like facebook, twitter, tumblr etc. The methods are as follows:

 (i). Phishing
 (ii). Brute Forcing
 (iii). Keylogging
 (iv). Trojans

(i). Phishing:

Phishing is the other most commonly used trick to hack email passwords. This method involves the use of Fake Login Pages whose look and feel are almost identical to that of legitimate websites. Fake login pages are created by many hackers which appear exactly as Gmail or Yahoo login pages.

Once you enter your login details on such a fake login page, they are actually stolen away by the hacker. However, creating a fake login page and taking it online to successfully hack an email account is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. Also, phishing is considered as a serious criminal offense and hence it is a risky job to attempt phishing attack.

This is widely used by new people trying to entering into ahcking world.
 Most recent example in india was some scam with ICICI bank, lots of user info was stolen as far as i remember. I read it somewhere in the news paper and was thinking what the hell ?

                                

(ii). Brute Forcing:

Brute forcer is basically a program which could be called as a "cracker". In brute focer you put the username you want to hack, and as a password you put a notepad file which has almost all of the existing english words in it. So what it does is, it will try each and every word from that file and see if anything matches. You might have noticed some topics like "huge pass list" on different forums, they are nothing but the password list to put into your bruteforcer.!

Disadvantages:
 1. Sometimes brute forcing may just go for ages!
 2. It isnt guaranteed
 3. These days many people have alpha-numeric-symbol password which is real tough for brutefocer to detect
 4. Most of the famous sites like yahoo, gmail are designed in such a way that it will put the "image captcha" after 3 incorrect login attempts, which stops the bruteforcer.

(iii). Keylogging:

Keylogging simply refers to the process of recording each and every keystroke that a user types on a specific computer’s keyboard. This can be done using a small software program called keylogger (also known as spy software). Once you install this program on the target computer, it will automatically load from the start-up and start capturing every keystroke typed on that computer including usernames and passwords. A keylogger software will operate in a complete stealth mode and thus remains undetected.

                       

In order to use this software, you don’t need to have any special knowledge of hacking. Anyone with a basic knowledge of computer should be able to install and use this software with ease. Keylogging can also be performed through remote servers without physical acess to the victim’s computer by the spam emails. Once a personal email is hacked the hacker gains access to all other social networking sites like facebook, twitter, tumblr etc. E.g., SnperSpy.

Disadvantages:
 1. When victim receives the keylogger, in most of the cases, their anti virus would auto delete them. So you have to convince them to desable the anti virus by bluffing something.
 2. Sometimes firewall blocks the keylogs from being sent. There are some programs which are known as "crypters" which will help you to make your server's undetectable. So your victim's anti-virus would not be able to detect them.

(iv). Trojans:

Trojans are like father of keyloggers. Trojan sends you the keylogs just as keyloggers, on top of that, it lets you take the control of victim's computer. Edit / delete/ upload / download files from or to their computer. Some more funny features like it will make their keyboard go mad, it may kep on ejecting and re-inserting the cd ROM. Much more..

 Disadvantages:
 Same as keyloggers.


Web Hacking:

I will discuss some most commonly used web hacking techniques which helps hackers to hack any website.

                                        
                         

1. SQL Injection
 2. XSS
 3. Shells
 4. There are some more but they are TOOO big to be discussed in here.

1. SQL Injection:
                                              

Most of the websites these days are connected to an SQL Database. Which helps them to store usernames and passwords [encrypted] when a guest registers to their website. SQL database processes a querie everytime a user logs in. It goes to the database, validates the password, if its correct then it logs in the user and if its not then it gives an error.
 So the basic funda is executing a command to parase a query in the database to try to exploit the internet information of the database. I cant really put the entire tutorial about because this is the most complicated way to hack a website!

P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .

Code:
yoursite.com/index.php?id=545

Just add a ' like this at the end
Code:
 yoursite.com/index.php?id=545'

2. XSS:

XSS is another nice way to hack some website. Suppose if some website/ forum is allowing HTML in the psot or articles, then a hacker can post a malicious script into the content. So whenever a user opens up the page, the cookies would be sent to the hacker.

3. Shells:

Shell is a malicious .php script. What you have to do is, find a palce in any website where you can upload any file like avatars, recipe, your tricks, your feedbacks. And you try to upload your shell files from there. And if its uploaded then WHOA! You open it from the URL bar and u can see the entire "FTP" account of that web hosting. You can rename/edit /upload/download anything u want including the index page.
 This is also known as defacing.

And many more methods which are too big to be discussed here.

Finally:

So basically there are methods of protecting urself from hackers but finally ur always vulnerable too. Remember the hacking world develops faster than the cyber security world.

Thanks for reading,
By Arjun Ramkrishnan


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)