Wednesday, November 17, 2010

HTTP SESSION HIJACKING (Cookie Stealing)

When you log in to your account at a website, your web browser sends your username and password to the website server. The password is first encrypted and then send over the network. Then the server checks the username and password against the database and if they both match then sends to the user's browser a "cookie" (a text which the browser uses for further requests to the web server) but unlike the password the cookies are not encrypted and are sent as it is over the network, this cookies can be easily captured as they travel through the network or a busy WI-FI. The newly released Firefox extension "FIRESHEEP" makes it more easy. Actually so easy that even a total nube can capture this cookies.
for more information and to download firesheep visit here FIRESHEEP

Tuesday, November 16, 2010

HACKING GMAIL AND FACEBOOK ACCOUNTS USING GMAIL SECURITY QUESTION


I like to check the password retrieval option of different sites and when i was checking out Gmail's option i found and interesting thing. Its not something ingenious or new thing but thought of sharing the observation with everybody so please forgive me if it seemed to you a time waste.
So first lets take a look at the Gmail's password retrieval option.
So when you click on the 'forgot password' option and provide the email id, in Gmail it gives you three password reseting options.

Wednesday, September 1, 2010

A DUMB METHOD TO HACK EMAIL IDs

We all know that hackers are one of the most creative people in the world and they always invent ingenious hacking methods. Here is a method for "mass hacking" email ids. Though its a smart method, mostly the dumb people fall prey to it. Lets have a look at this method.

While randomly searching, i found this procedure for automatically hacking email ids. Here is the procedure as i found it. Lets do an autopsy of this so called easy hacking procedure.
NOTE:- The procedure in normal black writing is the fake hacking method and the notes in red are the explanation by me.

Tuesday, August 31, 2010

THE HACKER'S JARGON FILE

The hacker's jargon file is like a hacker's slang dictionary. It is mostly collected from the early hacking cultures. It was first started by Raphael Finkel of standford university. After that it was further broadened and multiple version of it were published.It gives a insight in the hacker cultures with their typical styles of writing and chating online. Though it sounds a bit technical it is very entertaining to read. In recent years Eric Raymond is maintaining the file.The last revision to it was made in DEC 2003 so its a bit old but even then it is worth reading. ENJOY !!!
GO TO JARGON FILE

Saturday, August 28, 2010

HISTORY OF HACKING (discovery channel documentary)

This is a discovery channel documentary on "history of hacking" giving a brief account of the development of Hacking and tells about the new trends and techniques evolved with time.

It is focused on three legendary hacker personalities.
1) John Draper ( also known as Captain Crunch) :- The story of evolution of Phreaking is told using John Draper's experiences, a famous figure in Phreaking.

2)Steve Wozniak :- The co-founder of APPLE also famously known as "The other Steve" . Steve Wozniak made the first apple computer in his garage, which is widely considered as the first successful personal computer. 

3) Kevin Mitnick :-Last but not the least is the famous celebrity in hacking Kevin Mitnick. He represents the modern face of hacking. Famous for penetrating networks of famous companies like Nokia, Motorola etc.

its a bit old documentary but a sure watch one.

it is available on YOU TUBE here is the link   go to the video

you can also download it from here
DOWNLOAD (files tube)
DOWNLOAD (torrent link)

Wednesday, August 25, 2010

Web Hacking-Attacks And Defense

The book gives you information about  how Web hacking occurs and teaches you enhanced skill at developing defenses against such Web attacks. Technologies covered in the book include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line.

Tuesday, August 24, 2010

DECRYPTING DVD TO STORE THEM IN HARD-DRIVE

DVD are very prone to damage and scratches. They are costly so there is a need to save them as a copy on the hardrive but the copy protection doents allow the user to do so. so here is are some free sofwares to to decrypt the dvd.

DVD DECRYPTER    >DOWNLOAD
DVD43     >DOWNLOAD        

Sunday, August 22, 2010

Certified Ethical Hacker Study Guide

Kimberly Graves, CEH, CWSP, CWNP, CWNA, has over 15 years of IT experience. She is founder of Techsource Network Solutions, a network and security consulting organization located in the Washington, DC area. She has served as subject matter expert for several certification programs-including the Certified Wireless Network Professional (CWNP) and Intel Certified Network Engineer programs-and has developed course materials for the Department of Veteran Affairs, USAF, and the NSA.The Certified Ethical Hacker exam is quickly becoming one of the most popular security certifications offered today. Candidates much prove their ability in not only identifying security risks from all levels, but also how to address those risks. This book provides a concise, easy to follow approach to this difficult exam.

Friday, August 13, 2010

HOW TO USE PATCH FILE ( provided with cracked softwares)

Generally the executable files which are provided by software developers to fix some bugs in their software or as a update to the latest version of their softwares used by the users are called Patch Files. But the executable files provided with softwares to crack them are also called Patch files.
If you download softwares using torrent and other p2p sharing sites you will often get a patch file with it to bypass the registration of the software and use the software for free, but many times the downloader doesn't understand how to use the Patch, so here is the method

Wednesday, August 11, 2010

GENUINE SERIAL KEYS AND CRACKS

Many sites on the Internet claim to provide free genuine keys and cracks for softwares and games, but mostly all of them are spam and ad sites. So here is a site which genuinely provides free serial ,keys and cracks. ENJOY !!!

WWW.SERIALS.WS

Tuesday, August 3, 2010

CRACKING ACCESS DATABASE PASSWORD (using CAIN & ABEL)

Windows Access is a software from Microsoft for database management.Access database are widely used in many softwares and fields, but this database are mostly password protected by the creator. so here is a tutorial to crack this password in just few seconds using the software CAIN & ABEL.

Step 1) Download and install the software CAIN & ABEL (its a freeware and can be downloaded for free from here  DOWNLOAD
                                        DOWNLOAD ( mirror )

Monday, August 2, 2010

HACKER MANIFESTO

This is a small essay written in 8 January 1986  by Loyd Blankenship a hacker who went by the handle (or pseudonym) of "The Mentor". He wrote this after he was caught. It was published in the "Phrack" hackers magazine.

Saturday, July 24, 2010

Matriux- open source security distro

Matriux is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.
With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.

DOWNLOAD

Wednesday, July 14, 2010

SECURITY MEASURE AGAINST USB HACKING

Now-a-days usb hacking has become very popular because its easy and quick. Computers in institutions and other public places are especially vulnerable to it. So here is a software to protect your computer from such kind of threats.


USB LOCK
usb lock is one of the best software to restrict the unauthorized use of USB storage devices, cd-rom and floppy. Without blocking other important usb devices like printer, mouse, camera etc

DOWNLOAD (torrent link)

DOWNLOAD (rapidshare)

Sunday, July 4, 2010

EASY METHOD TO ACCESS BLOCKED WEBSITE FROM YOUR COLLEGE OR SCHOOL (tutorial)

Many websites are blocked in schools and colleges for avoiding the misuse of the Internet but you can easily bypass this. Some of them use sophisticated methods but mostly the the preventive measures are not good enough to keep a curious student out. Some them can be bypassed using some very easy techniques, here is one such method.

Sunday, June 27, 2010

RESET WINDOWS XP PASSWORD IN 5 MINUTES...

Did your parents or some elder brother set a login password to prevent you from using computer or you think they may in future then here is a way to reset windows XP password in five minutes

*MAKING THE PASSWORD RESET CD*

Thursday, June 24, 2010

RAR ARCHIVE PASSWORD CRACKER

Many times the free software or books you download online are rar archives which are password protected.first they fool you and allow you to download the files saying that they are absolutely free but when you try to decompress them they ask you for a password and tell you to visit some site to get the password.this really sucks. you cant do anything but to visit the site or just delete the file in frustration but there is one more option, you can try to crack the password first of all let me tell you there are no such software as rar password remover there are software which can brute force the password but cant remove it instantly.here is one such password cracker


RAR PASSWORD REMOVER

Saturday, June 19, 2010

SECURITY MEASURE TO BE TAKEN BEFORE INSTALLING HACKING SOFTWARES

1) Please keep your antivirus updated because every passing minute hundreds of new virus and trojans are born and left loose in the cyberspace.

2) Use software like "spyware doctor" to protect you against spying trojans ,cookies etc and keep it updated.

3) If you have downloaded a file or setup and after clicking it, if you notice that it is taking very long time to install or is responding weirdly stop the process right there, if it is not closing use task manager to close it and delete the file permanently, it was probably installing a backdoor in your computer.

4) If some software needs you to disable the antivirus or it is suggested such by the uploader please first check this things
  • is the software popular and made by some reliable company.
  • check if any comments are given at the downloading site always read them to get some hint about the health of the software.
5) If you thing everything is OK then take a chance and download it, if the software requires the antivirus to be disabled don't disable the antivirus right away, first give it a try with antivirus enabled and see what reaction the antivirus gives if the the antivirus gives it a clean cheat then well and good. mostly the antivirus detects a hacking software as a security threat or a trojan if it does so you may take a try with it but if it detects any other thing then trojan like backdoors, virus, worm, adware, then avoid installing it.

But please note there is no guarantee that hacking software detected as security threat or trojan is totally clean but you have to take chances, because no risk no gain.

SECURITY TIPS AGAINST PHISHING ATTACK

1) Always check the url of the login page of your account before logging in any site.if the url shows any other address then website you want to log in please dont do it.

2) Never follow any link to any site that is offering you anything free like free laptops, mobile recharge, or any other costly items remember nobody offers anything free to anybody.

3) Use different passwords for different accounts dont use the same password for all the accounts because it is easy to remember, because the first thing any hacker will do after hacking any of your account is try to check if it is the same for your other accounts. better lose one then all.

Friday, June 18, 2010

HACKING WINDOWS XP EBOOK

This is great book on windows XP hacking. From this book you can learn very interesting xp hacks like increasing its speed, customizing it, protecting it better.


DOWNLOAD

Wednesday, June 16, 2010

CRACKING WINDOWS USER PASSWORD USING "CAIN AND ABEL"

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

Monday, June 14, 2010

DOWNLOAD THE BEGINNERS BOOK TO HACKING "HACKING FOR DUMMIES" FOR FREE



Description


There is certainly no shortage of books in this genre- Counter Hack, Hack Attacks Revealed and the best-selling Hacking Exposed (and all of its spin-offs) have covered this information in grueling detail. What sets this book apart is that it does not assume you are already a CISSP or network security guru. Being a "For Dummies" book means that it is written from the assumption that you don't know anything and the information is written in plain English and in terms that even a child could often understand.






DOWNLOAD (torrent link)

Friday, June 11, 2010

PHISHING TUTORIAL FOR BEGINNERS


PHISHING is a hacking method in which the attacker sends a email or link. clicking on which will take you to a site which looks exactly the same as the site you use like facebook, orkut, gmail etc. where you will be told to provide your information and bingo! you are hacked and the best part is after that you will be redirected to the original website and some common reason like network or server problem will be shown, so you wont even come to know that you were hacked.

here is a tutorial about how you can try phishing and have some fun.

STEP 1) First you must sign for a free webhosting service like www.byethost.com
And register your subdomain. After registration you will have a subdomain like www.yourname.byethost.com (Please select the name of the website wisely and please don't add the name of the website whose phishing page you are making eg. if you are making phishing page of Facebook then pls don't add the word Facebook in the name of the phishing as this website are easily detected and block.)

STEP 2) Now login to your account go to "control panel" then in site management option go to "online file manager" and open the folder "htdocs".

STEP 3) Now DOWNLOAD THIS FILE to your computer and extract the files inside it, you will see folders named facebook, orkut etc. choose which account you want to hack and open the folder, inside the folder you will find two files index.htm and write.php.

STEP 4) Now login to to your Byethost's cpanel (all the details of the byethost account will be there in the confirmation email send by byethost) choose "online file manager" in the cpanel.

STEP 5) (There were many suggestions to make this point more clear so i have divided this 5th step itself into some substeps. hope this will help the readers to understand this step more easily).
  • There are two files in the phisher file downloaded by you, "index.htm" and "write.php. Now right click on "index.htm" and select "edit", the file will open in notepad, press "ctrl + a" to select the whole text and copy it.
  • Now in the cpanel of your byethost account click on "online file manager". In it there is a folder "htdocs" click on it. In it there is a file also called "index.htm", there is a option to edit it, choose the edit option. Now a new window will open, delete all the text in it and paste what you had copied earlier from the "index.htm" in your phisher file. Click on the on the save icon and you are done!.


STEP 6) Now your homepage www.yourname.byethost.com has become a phisher. open it, you will see that your page www.yourname.byethost.com has become the login page of the site you want to hack.now all you have to do is send this link to the person whose account you want to hack.when he tries to login through it you will receive a file passes.txt in your "htdocs" folder of your byethost account which contains the username and password of your victim.

ENJOY!

Note:- Please use this phishing only on some close friends or relative who will take this sportingly and get aware of the online threats. Using this on somebody whom you don't know will qualify as a crime.

KEYLOGGING AND USING KEYLOGGERS

One of the most popular and easy way of hacking passwords, social networking accounts and other information is keylogging.
Keylogging in general refers to keeping a track of the keys pressed on a computer system.
There are two ways to keylogging.
1) Using a physical device which is connected to the computer, which keeps track of the keys pressed on the computer .
2) Using a keylogger software.

The first method is less preferred as the devices are costly and they have to be physically connected to the computers which is hard if you don’t have physical asses to the computer but they have their own merits like they are not detected by firewalls and antivirus software.
But mostly keylogger software are preferred as they are cheap, easy to use and provide many extra features like remote spying , making a quick installing package which is very useful if you don’t have physical asses to the computer. They can work in hidden mode, means they wont show in your added programs list and can only me assessed by pressing some special sequence of keys but they have their own demerits like they are detected by latest firewalls and antivirus softwares .
But there are many keyloggers out there which can bypass the firewalls and fool the antivirus.
Use those keyloggers which come under the category of parenting control or spying software, which are used by parents to keep an eye on their child’s online activities they are antivirus friendly, means they wont be detected by antivirus because if they were detected by antivirus then they wont be of any use as the child will know he is been spied on. Some antivirus, at extreme may just give a warning. But these keyloggers also have some disadvantages like they don’t have features like making remote installation package.

HACKING SOCIAL NETWORKING SITES LIKE ORKUT ,FACEBOOK,MYSPACE ETC.








I have noticed, that most people get interested in hacking just to hack their Friend's or enemy's social networking account, so i am writing this tutorial to introduce you to some basic, easy and popular techniques to hack social networking accounts.

lets start with the easier ones



1)KELOGGNG
One of the most popular and easy way of hacking passwords and other information is keylogging. Keylogging in general refers to keeping track of the keys pressed on a computer system using software or hardware devices.

for detailed tutorial on keylogging and keyloggers please click here KEYLOGGING to go to my post on keylogging

2)PHISHING ATTACK
PHISHING is a hacking method in which the attacker sends a email or link to the target. Clicking on which will take him to a website which looks exactly the same as websites like facebook, myspace, orkut, paypal, ebay etc. where he will be told to provide his information or login details and bingo! he is hacked and the best part is after that he will be redirected to the original website and some common reason like network or server problem will be shown, so he won't even know that he was hacked. Though a bit hard, phishing attack can give excellent results.

for a detailed tutorial on phishing please click here PHISHING to see my post on phishing.


3) HTTP SESSION HIJACKING ( Cookie Stealing)
When you log into a social networking website, they provide you with a 'cookie' which is like your passport while you are logged in. Every time you open a new page in your account, the website checks whether you have the cookie, if you don't, you are not allowed to go further. Http session hijacking is a method used to get hold of  the target's cookie, which can then be used to bypass the log in procedure and directly get entry to the target's social networking accounts.

For tutorial on Http session hijacking please visit my post FIRESHEEP TUTORIAL (Http Session Hijacking)

Thursday, June 10, 2010

lets take sometime understanding the concept of hacking

Hacking refers to the re-configuring or re-programming of a system to function in ways not facilitated by the owner, administrator, or designer.

and HACKER IS WHO DOES HACKING

THERE ARE MANY CATEGORIES OF HACKERS OR HACKER ATTITUDES.

WHITE HAT

A white hat hacker breaks security for non-malicious reasons, just for testing their own security system . This type of hacker enjoys learning and working with computer systems, and consequently gains a deeper understanding of the subject.

GREY HAT

A grey hatted hacker is a hacker of ambiguous ethics and/or borderline legality, often frankly admitted.

BLUE HAT

A blue hat hacker is someone outside computer security consulting firms that are used to bug test a system prior to its launch, looking for exploits so they can be closed.

BLACK HAT

A black hat hacker usually the malignanat one, sometimes called "cracker", is someone who breaks computer security without authorization or uses technology (usually a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity.

ELITE (or known as 1337 )

Elite is a term used to describe the most advanced and the greatest hackers who are always on "the cutting edge", and a step ahead of everybody else; and one who fully understands the true meaning of what it means to be a hacker. One who is elite finds new security flaws for others to follow, rather than just follow security flaws discovered by others.

Script kiddie

A script kiddie is novice, a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept.

Noob (term for newbie)

A noob is a term used to describe someone who has almost no knowledge of the workings of technology, and hacking; yet sometimes pretend to be experts on the topic or declare themselves as "Hackers" when they have no idea on the topic or the true meaning of what is actually means to be a Hacker. Noobs also lack the discipline it takes to be a true hacker. Noobs are at an even lower level than "Script Kiddies" in Hacker terms.

Saturday, June 5, 2010

welcome

Welcome all slaves of the cyberworld.
There is a general opinion that hacking is some mystical thing dangling between quantum physics and wizardry and can only be done when you master all computer and networking related aspects like programming , hardware , etc. but this is not true a child with some knowledge of basic computing can do interesting things with some knowledge of hacking.This blog is dedicated to beginners in hacking who want to impress and gain some respect and admiration by doing some easy hacks.
 
© 2009 BASIC HACK AND TECH FOR BEGINNERS. All Rights Reserved | Powered by Blogger
Design by psdvibe | Bloggerized By LawnyDesigns