What is Hacking ?

Introduction to Hacking and Hackers!!

This is My First Tutorial Of Hacking . In this tutorial I will Tell you what is hacking.. ethical hacking security…who are hackers…why we do hacking…and Introduction to some basic terms…
First of all I will try Explain what the Hacking really is…

What Is Hacking??

Technically, a hacker is someone who is enthusiastic about computer programming and all things relating to the technical workings of a computer.Everyone here thinks that hacking is just stealing of data and information illegally but this perception is absolutely wrong

“Hacking is unauthorized use of computer and network resources. (The term “hacker” originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)” – wikipedia

Hacking definition by me –

“Hacking is art of Exploiting and finding loop holes in the security and use them to benefit the others” 🙂

WHO ARE HACKERS ??

Everybody here thinks that hackers are criminals of the virtual world (i.e Cyber World ). But this thought is also wrong. Hackers are not always criminals.. It doesn’t have any doubt that Hackers are extremely genius peoples in the field of Computers…

Hackers are categorized in to three Parts :-

1.White Hat Hacker : – A white hat hacker or “Ethical Hacker” is a white hat because he/she doesn’t destroy/exploit systems he/she has broken into. and instead somehow notifies the admin of the cracked systems security holes and flaws.

2.Black Hat Hacker : – A black hat or “CRACKER” on the other hand is a hacking into systems (usually) only to destroy something or to steal information like bank information.

3.Grey Hat Hacker : – the grey hat is just in between them in some way maybe not always leaving a note to the admin telling about the flaws in the system or the loop hole he/she used. or maybe just peeking abit in the logs.

Some Terms in Hacking you have to be know :-

Threat –An action or event that might compromise security. A threat is a potential violation of
security.

Vulnerability –Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.

Exploit –A defined way to breach the security of an system through vulnerability. i.e Use the vulnerability to damage the database or system.

Attack –An assault on system security that derives from an intelligent threat. An attack is any action that violates security.

Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation.

Security – A state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable.

That’s all for today I think You all would have like this and want to see more.. I will regularly post material. THANKS FOR READING !!

Have Fun and keep Hacking 🙂

HOW TO HACK A GMAIL ACCOUNT OR PASSWORD

As i always start my tutorial with brief introduction about the topic, so let’s discuss again what actually is phishing.

What is Phishing?

Phishing in normal words is a word derived from the word fishing. As in fishing we make a trap for the fish to get caught similarly in case of Phishing we make a trap to hack the user password. Phish basically means fake, things that are deviating from original product. Technically Phishing is a technique to hack victims account password using the phish or fake pages. In phishing we sent the fake page links to the victim in spoofed manner so that we will not able to recognize that the page is real or fake. Now when victim enters his credentials in the fake page two different process occurs simultaneously. First it writes a log file having username and password and second process redirects the user to the original website page with username entered and displaying password is incorrect. 

How to recognize Phish Pages?

There are two ways to recognize the Phish pages and both depends on the awareness of the user. There are some other ways also to protect yourself from Phishing but as we Prevention is better that cure. If you know how its done then surely you will also know what are its loopholes and how can we detect it.

Ways to recognize Phish Page:

1. Check the Address bar, if the URL you are visiting does not match with the original website link then its a fake page.

2. If you are a great coder or understands HTML well then you can easily revert back the attack and check the hackers hacked log file. But if you by mistake entered your own details it cannot be deleted. For this you need to use IDM and run the website grabber. There in log file you can see all details of the accounts that hacker has hacked.

What’s new features in this Gmail phisher?

Since its a new phisher so friends there should be something new in it. Isn’t it. Yups, what do you think i have added in this phisher. 

I have added few awesome features in this phisher and list is below:

1. Incorrect password shown page bug removed

Previously what happens when user login using phisher it redirects to the original page and displays password is incorrect. But now it doesn’t show that but even do more smarter thing… As for phishing account we have to sent the email to victim, and now if victim has read the mail that means he is already login so what i have done i have utilized the cookie hack and result is guess what, when victim login using fake page he login’s in to his own original account without even showing any message or anything. Technically its called Tabnabbing another name of advanced Phishing.

2. Log File Contains more additional Information

I am sure you will love this information what more log file contains. Previously it only contains the username and password. Now log file contains all the cookie details along with IP address of the victim. And now why it becomes more significant. Previously what happens some good people means people that know phishing technique login’s through the Phish page but enters the wrong credentials and use some abusive words in login. Now when they type that also i will get their Magic cookie or simply called session cookie and IP address that i can use to hack their PC and account.

Steps to Hack Gmail Account Password Online:

 1. Download the Gmail Phisher (Click here to Download).

2. Extract the rar file and now you will get three files namely:

• Index.htm
• Isoftdl_log.txt
• next.php

3. Now go to Free Hosting website (click here to go to free hosting website) and register a new account on it.

4. After registering Go to File Manager on the website and Create a new directory name it as Gmail of whatever you want.

5. Now double Click on the directory to open it and click on Upload. Now browse the three different files one by one from three upload boxes and click on upload.

6. Now Open the Index.htm page and you will see your fake page which looks absolutely similar to Gmail original page. Below is the Snapshot of Fake Gmail Page:

                              How to hack Gmail account password online : Fake Page

7. You can directly send the above URL  to the victim but its quite detectable. So we need to spoof it. So that become little bit difficult for victim to recognize it. For that visit tk domain maker website(click here to visit).

 8. Now Send the Spoofed link in the mail to the victim

9. Now when user login using the fake page the data in log file is written which will look like below:

                                         How to hack gmail password : Log file

10. That’s all friends now you have the user name password of the victim.

BEST STEPS TO HACK FACEBOOK ACCOUNT

Hacking Facebook Account Password: Facebook Phishing for Hacking Facebook

Facebook has evolved into one of the hottest social networking website in the world. Here is a simple tutorial that you can use to hack your friend’s facebook password. Here i’m writting on hacking Facebbok password using Facebook Phisher.
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites,auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.[Read more about phishing on Wikipedia]

Facebook Phisher

Please Note: Phishing is legally offensive. I am not responsible for any action done by you.

Hacking Facebook password:

Phishing is the most commonly used method to hack Facebook. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites likeYahoo , Gmail, MySpace etc. The victim is fooled to believe the fake facebook page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her facebook login details are stolen away. I recommend the use of Phishing to hack facebook account since it is the easiest one.

1. First of all download Facebook Phisher

2. The downloaded file contains:

• Index.html
• write.php

3. Upload both files to any of these free webhost sites:

• www.yourfreehosting.net
• www.drivehq.com
• www.110mb.com
• www.t35.com
• www.esmartstart.com

4. Now, send this phisher link (index.html link) to your victim and make him login to his Facebook account using your sent Phisher.

 

5. Once he logs in to his Facebook account using Phisher, all his typed Facebook id and password is stored in “passes.txt”. This file is created in your webhost control panel as shown.

If you dont get passes.txt, try refreshing your page.Once you get passes.txt, you get Facebook password and can easily use it for hacking Facebook account.

6. Now, open passes.txt to get hacked Facebook id and password as shown.

 
Hope this tutorial was useful for you.

HOW TO HACK GMAIL ACCOUNT

With Gmail being one of the most widely used email services across the globe, it has also become a favorite place for many to engage in secret relationships and exchange cheating messages. As a result, sometimes it becomes inevitable for people to hack the email account of their spouse or girlfriend so as to reveal the secret. So, it’s no wonder why many people want to know “how to hack a Gmail account”.

In this post, I am going to tell you some of the Real and Working ways to hack a Gmail account. However, before that, I want to make you aware of the common myths and scams associated with email hacking.

1. There is no readymade software program that can hack Gmail with just a click of a button. So, stay away from those websites that are waiting to rip off your pockets by selling fake products.

2. Most of the email hacking services on the Internet claim to hack Gmail password for just a small fee of say $100. I have personally tested many of those services and all I can tell you that they are nothing more than a scam.

With my experience of over 8 years in the field of ethical hacking and security, I can tell you that there are only two ways to hack Gmail password. They are:

1. Keylogging

2. Phishing

Keylogging: Easiest Way to Hack Gmail

Keylogging is the easiest way to gain access to any email account. Keylogging involves the use of a small program/software called the keylogger (also called as a spy software). This keylogger, when installed on a given computer, will capture each and every keystroke typed on the keyboard including passwords. Keylogger operates in a complete stealth mode and thus remains undetected.

The use of keyloggers doesn’t demand any special knowledge. So, anyone with a basic knowledge of computer can install and use the keylogger. To hack the password, all you need to do is, just install it on the computer of the target user. Once the victim logs into his Gmail account from his/her computer, the login details (username & password) are captured and stored instantly. You can later access the stored logs to find out the password.

But what if you do not have physical access to the computer?

Well, you need not worry since I am going to suggest one of the best keylogger program that supports installation on a local computer as well as a remote computer. I recommend the following keylogger as the best:

• SniperSpy – for Windows (Tested)

 

• SniperSpy – for Mac (Tested)

If you do not have physical access then you need to use the remote installation feature to remotely deploy the kelogger.

 

Phishing: 

Phishing is a way to attempt to capture sensitive information such as usernames, passwords and credit card details. Phishing usually involves the use of a fake login page (or fake website) whose look and feel is almost identical to that of the legitimate websites like Gmail, Yahoo and Hotmail. When the users try to login from these fake pages and enter their passwords there, the login details are stolen away by the hacker.

However, creating a fake login page and taking it online to successfully hack a Gmail password is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. In addition to that, carrying out a phishing attack is a serious criminal offence. So if you are new to the concept of hacking passwords, then I recommend using the keyloggers as they are the easiest the safest way.

CHANGING YOUR IP ADDRESS

How to change your IP address in less than a minute? The following trick gives you a step-by-step procedure to change your IP address. 

1. Click on “Start” in the bottom left hand corner of screen.

2. Click on “Run”.

3. Type in “command” and hit ok.You should now be at an MSDOS prompt screen.

4. Type “ipconfig /release” just like that, and hit “enter”.

5. Type “exit” and leave the prompt.

6. Right-click on “Network Places” or “My Network Places” on your desktop.

7. Click on “properties”.

You should now be on a screen with something titled “Local Area Connection”, or something close to that.

8. Right click on “Local Area Connection” and click “properties”.

9. Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General” tab.

10. Click on “Use the following IP address” under the “General” tab.

11. Create an IP address (It doesn’t matter what it is. I just type 1 and 2 until i fill the area up).

12. Press “Tab” and it should automatically fill in the “Subnet Mask” section with default numbers.

13. Hit the “Ok” button here.

14. Hit the “Ok” button again. You should now be back to the “Local Area Connection” screen.

15. Right-click back on “Local Area Connection” and go to properties again.

16. Go back to the “TCP/IP” settings.

17. This time, select “Obtain an IP address automatically”.

18. Hit “Ok”.

19. Hit “Ok” again.

20. You now have a new IP address.

Some ISPs do not support this type of procedure and hence there are chances of getting back the same old IP address even after trying this hack. In this case you need to switch off the modem and then switch it on to get the new IP address.

NOTE: All these tricks works only if you have a dynamic IP address. But if you have a static IP address you have no option to change your IP.

Popularity: 3% [?]

HIDE YOUR IP ADDRESS

Every time your computer is connected to the Internet, it is assigned a public IP address which is used to uniquely identify your computer. Wherever you visit websites or use Internet services, your public IP is also transmetted and recorded in the logs kept on those servers. Thus, your IP address makes it possible to trace all your web activities back to you.

So, How do I Hide my IP Address?

The best and the easiest way to hide your IP address is by using a proxy server (anonymous proxy server) in one form or the other. A proxy server is a special type of server which acts as an intermediary between your home computer (or network) and rest of the Internet. This proxy server makes requests for Internet services/information on behalf of your computer using it’s own IP address instead of yours. The obtained information is then passed on to your computer. Thus, your computer is indirectly connected to the Internet via a proxy server where the IP address of the proxy server is exposed and your actual IP address remains concealed. Web proxies are identified by a combination of URL and TCP port number which is similar to something as below:

http://207.133.133.205:35

In the above example, http://207.133.133.205 is the URL of the proxy server and 35 is the port number. There are a variety of these proxy servers available:

Transparent Proxy Server
This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used to speed-up the web browsing since thay have a very good ability to cache websites. But they do not conceal the IP of it’s users. It is widely known as transparent proxy because it will expose your real IP address to the outside world. This type of proxy server will not hide your IP address.

Anonymous Proxy Server
This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. Anonymous proxy server is detectable, but provides reasonable anonymity for most users. This type of proxy server will hide your IP address.

Distorting Proxy Server
A Distorting proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers. This type of proxy server will hide your IP address.

High Anonymity Proxy Server (Elite Proxy)
An Elite proxy server does not identify itself as a proxy server and will not make the original IP address available to the outside world. This type of proxy server will hide your IP address.

Which Proxy is the Best?

Clearly High Anonymity Proxy (Elite Proxy) is the best to hide your IP address. Because of it’s nature, the elite proxy neither identifies itself as a proxy server nor will expose your real IP address to the Internet. Hence, it provides maximum privacy for your Internet activities.

You can obtain a long list of proxy server URLs on Google and configure your browser settings so as to make them working for you. However, most of the free proxy servers you get on the Internet will not be effective in concealing your IP address. Even if some of them work they will be too slow and may take several minutes for a single webpage to load.

So, in order to connect to a blazing fast elite proxy server, I recommend you to use the following IP Hiding software:

Hide the IP (Tested)

Hide the IP will put you behind a blazing fast Elite Proxy Server(High Anonymous Proxy) with just a click of a button. With this program, you need not worry about configuring your browser settings.

All you have to do is just install the program and select the proxy server you want to be behind. It offers a list of countries from which you can decide which country to be indicated as your origin.

How to ensure that the IP is hidden?

Before you hide your IP address, you can check your real IP by visiting the following website:

WhatIsMyIPAddress.Com

Once you get your real IP, switch on your IP hiding software. Now once again visit the above site and check your IP address. If you see a new IP then this means that your software is doing the right job.

Also, the above site (Whatismyipaddress.com) is capable of detecting many proxies. If you see the words such as “suspected proxy server or network sharing device” or similar words then, it means that the proxy you are using is not an Elite Proxy.

Download Hide the IP now and see the difference for yourself. For more information on this product, visit Hide the IP homepage from the following link:

Hide the IP (Download Link)

HOW TO TRACE IP ADDRESS

In my earlier post I had discussed about how to capture the IP address of a remote computer. Once you obtain this IP address it is necessary to trace it back to it’s source. So in this post I will show you how to trace any IP address back to it’s source. In fact tracing an IP address is very simple and easy than we think. There exists many websites through which you can trace any IP address back to it’s source. One of my favorite site is ip2location.com.

Just go to http://www.ip2location.com/demo.aspx and enter the IP address that you want to trace in the dialog box and click on “Find Location”‘. With just a click of a button you can find the following information for any given IP address.

1. Country in which the IP is located

2. Region

3. City

4. Latitude/Longitude

5. Zip Code

6. Time Zone

7. Name of the ISP

8. Internet Speed

9. Weather Station

10. Area Code and

11. Domain name associated with the IP address.

A sample snapshot of the results from ip2location.com is given below

You can also visually trace route any IP address back to it’s location. For this just visit http://www.yougetsignal.com/tools/visual-tracert/ and enter the IP you want to trace in the dialog box and hit the “Proxy Trace” button. Wait for few seconds and the visual trace route tool displays the path Internet packets traverse to reach a specified destination.

HOW TO FIND IP ADDRESS OF REMOTE COMPUTER

Most of you may be curious to know how to find the IP address of your friend’s computer or to find the IP address of the person with whom you are chatting in Yahoo messenger or Gtalk. In this post I’ll show you how to find the IP address of a remote computer in simple steps.

I have created a PHP script to make it easier for you to find the IP address of the remote computer of your choice. Here is a step-by-step process to find out the IP address.

1. Download the IP Finder script (IP_Finder.ZIP) that I have created.

2. Open a new account in X10Hosting (or any free host that supports PHP).

3. Extract the IP_Finder.ZIP file and upload the two files ip.php and ip_log.txt into the root folder of your hosting account using the File Manager.

4. You can rename the ip.php to any name of your choice.

5. Set the permission to 777 on ip_log.txt.

Now you are all set to find the IP address of your friend or any remote computer of your choice. All you have to do is send the link of ip.php to your friend or the person with whom you’re chatting. Once the person click’s on the link, his/her IP address is recorded in the file ip_log.txt.

For your better understanding let’s take up the following example.

Suppose you open a new account in X10hosting.com with the subdomain as abc, then your IP Finder link would be

http://abc.x10hosting.com/ip.php

You have to send the above link to you friend via email or while chatting and ask him to visit that link. Once your friend clicks on the link, his IP address will be recorded along with the Date and Time in the ip_log.txt file. After recording the IP address, the script will redirect the person to google.com so as to avoid any suspicion.

To find the recorded IP address check the logs using the following link.

http://abc.x10hosting.com/ip_log.php

The sample log will be in the following format

79.92.144.237 Thursday 07th of May 2009 05:31:27 PM
59.45.144.237 Thursday 07th of May 2009 05:31:28 PM
123.92.144.237 Thursday 07th of May 2009 05:31:31 PM

NOTE: You have to replace abc with your subdomain name.

HACK A BSNL BROADBAND FOR YOUR SPEED

If you are a BSNL broadband user, chances are that you are facing frequent DNS issues. Their DNS servers are just unresponsive. The look up takes a long duration and many times just time out. The solution? There is small hack on BSNL for this. Use third party DNS servers instead of BSNL DNS servers or run your own one like djbdns. The easiest options is to use OpenDNS. Just reconfigure your network to use the following DNS servers:

208.67.222.222
208.67.220.220

Detailed instructions specific to operating system or your BSNL modem are available in the OpenDNS website itself. After I reconfigured my BSNL modem to use the above 2 IP addresses, my DNS problems just vanished! Other ‘freebies’ that come with OpenDNS are phishing filters and automatic URL correction. Even if your service provider’s DNS servers are working fine, you can still use OpenDNS just for these two special features. After you hack BSNL DNS servers, you will see a noticeable improvement in your broadband speed.

Popularity: 10% [?]

HOW TO HACK AN ADSL ROUTER

Almost half of the Internet users across the globe use ADSL routers/modems to connect to the Internet however, most of them are unaware of the fact that it has a serious vulnerability which can easily be exploited even by a noob hacker just like you. In this post I will show you how to exploit a common vulnerability that lies in most ADSL routers so as to gain complete access to the router settings and ISP login details.

Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in the Default username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later. This makes it possible for the attackers to gain unauthorized access and modify the router settings using a common set of default usernames and passwords. Here is how you can do it.

Before you proceed, you need the following tool in the process

Angry IP Scanner

Here is a detailed information on how to exploit the vulnerability of an ADSL router.

Step-1: Go to www.whatismyipaddress.com. Once the page is loaded you will find your IP address. Note it down.

Step-2: Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for.

Suppose your IP is 117.192.195.101, you can set the range something as 117.192.194.0 to 117.192.200.255 so that there exists atleast 200-300 IP addresses in the range.

Step-3: Go to Tools->Preferences and select the Ports tab. Under Port selection enter 80 (we need to scan for port 80). Now switch to the Display tab, select the option “Hosts with open ports only” and click on OK.

I have used Angry IP Scanner v3.0 beta-4. If you are using a different version, you need to Go to OptionsTools instead of

Step-4: Now click on Start. After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image.

Step-5: Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers the default username-password pair will be admin-admin or admin-password.

Just enter the username-password as specified above and hit enter. If you are lucky you should gain access to the router settings page where you can modify any of the router settings. The settings page can vary from router to router. A sample router settings page is shown below

If you do not succeed to gain access, select another IP from the list and repeat the step-5. Atleast 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.

What can an Attacker do by Gaining Access to the Router Settings?

By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or play any kind of prank with the router settings. So the victim has to reconfigure the router in order to bring it back to action.

The Verdict:

If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack. 

Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model.

Warning!

All the information provided in this post are for educational purposes only. Please do not use this information for illegal purposes.