What are the things that you need to become a hacker?

What are the things that you need to become
a hacker?

1. Programming Knowledge:
→ C/C++
→ Web designing (HTML/CSS,Javascript,P
HP,etc)
→ Visual Basic
→ VBscript,Batch file programming,Aut
ohotkey script
writing.

2. Basic Networking Knowledge:
→ Understanding of various networking
protocols (TCP/
IP,HTTP,etc)
→ Different forms of network encryption
→ Understanding of packets.

3. Experience with UNIX / LINUX Operating
Systems.

4. Ability to think like a Criminal

How to hack Gmail account?

How to hack Gmail accounts !!

The Internets MOST ASKED QUESTION OF ALL TIME !
HOW CAN I HACK HOTMAIL/GMAIL/YAHOO/FACEBOOK
OK ?

Here is the “CORRECT” answer,
I’m merely disappointed by the number of technically illiterate people around the world. The most popular question in any hacking related site is “How to hack e-mail” its not tolerated in any security/hacking related forum and if asked you can expect to get a rant from people. the reason is simple because there are NO ways of hacking a e-mail address by easy means and the people who know this fact often get very annoyed when most people don’t understand WHY its NOT POSSIBLE

The hacking of a e-mail is possible when a person who owns the account gets hacked. the other way is to hack them directly from the e-mail servers which is most unlikely because these sites use sophisticated Intrusion Detection and highly skilled consultants who are up to date with exploits and patch’s. unless you are a real professional hacker its highly unlikely you will ever break into a e-mail server.

People MUST understand that there are NO PROGRAMS/SOFTWARE’S that can hack a e-mail password when you enter an e-mail address. to understand this better let me explain you how e-mail works
Lets say you have a gmail account
When you enter your username and password and hit login what happens is your outgoing e-mail server encrypts the login information and sends over the network to its destination which is a gmail server which can ONLY decrypt the encrypted credentials then these were checked against its database and if they match it will re direct you to your mail inbox. to authenticate you with the gmail server, it will send you a cookie ( a text file ) with a session ID to your browser confirming that you are authenticated so the gmail server.
So there was a time when e-mail servers gave the option to NOT to use SSL cause it slows down the e-mail. because of the time it takes to encrypt. it was a “happy time” for the hackers who simply used a wifi hotspot to sniff session ID and break into emails !!! why ? because If anyone sniffs your session ID he can use it to login into you mail WITHOUT the password because the session ID is the proof of authentication as I mentioned earlier ^ but with almost all the e-mail servers NOW use a SSL encryption and the Session ID is also encrypted so by sniffing its NOT possible to decrypt the ID !
So there goes Packet Sniffing 
You may ask so what ? why the encryption cannot be cracked ?
Because The encryption uses Hypertext Transfer Protocol over Secure Socket Layer and public/Private key encryptions technique which is almost impossible to crack. Do some Research on these terms and you will know why its not possible to crack.

So now the next possible way is to somehow hack into the gmail servers and pull the password hash’s and then crack them. well, sadly not many people have succeeded doing it because its highly impossible and way too risky
Now after reading all this you might have a slight idea why I ask people who claim “they can hack any e-mail” to prove it !! so if you can make a program that can somehow bypass all the security and bring the password from the gmail server then you deserve a noble prize !!!

NOW ASK ME HOW TO HACK A E-MAIL ?

Ok you clearly know its almost impossible but the good news is that its possible to hack a individuals computer or a web server. most people lack of common sense and so many people have NO technical knowledge whatsoever. so by hacking them its possible to steal their passwords.

Because we can’t hack the password from the servers but we can hack it from the people who use it..
There are so many ways..
here are some of the methods,

1. Fake Login page – Fake page also known as phishing. This process involves creating a fake login page of a certain e-mail and tweaking the password authentication process so when the user inserts login details it will be sent to the hacker. This is the easiest way to hack when the victim has no technical knowledge.

2. Social Engineering – Humans have certain weaknesses and this process involves exploiting someone’s weakness to retrieve a credential such as a password. for an e.g: There are many incidents in the past like once when a hacker phoned a employee of a company (victim) and identified himself as the Technical Engineer of that company and instructed the employee (victim) to follow a set of FAKE system error checking and eventually received his login password from him by simply convincing him to reveal them. its just simple as that/ it does takes lot of confidence and skill.

3. Keylogger – Its an application which runs hidden from a user in the background and logs/records all the keystrokes of a user. when a user types something it will be recorded and saved. when the system goes online the recorded details will be sent to the hacker. which can contain a e-mail login detail. the keyloggers are outdated and most of them are detected by anti-virus programs. but when used in a LAN network or when the hacker has physical access to a system it proves to be effective. so if your girlfriend/boyfriend is cheating on you this is the way to go.. but I still think smart people don’t keep “cheating related e-mails in their inbox” he he
The downfall of keyloggers are that not many keyloggers can be deployed remotely and they are often picked by anti-virus programs (which can be avoided by using code obfuscation or packing/crypting, changing Entry point..but its more complex)
Another downfall of keylogger is that most of them don’t use any encryption and the data is sent as it is, with a skilled reverse engineer its possible to track down the hacker by breaking the file and analysing the code.

4. Trojans – Programs which are often known as backdoors. these programs are similar to keyloggers but they can execute certain commands sent by the hacker. most Trojans have a built in password stealer which is an application that can steal stored browser passwords. also in addition they have far more sophisticated functions such as webcam capture (YES the hacker can see you when you pick your nose) ability to browse/download/edit your files and folders, audio recording, etc.. different Trojans have different functions. All hacker has to do is create a server and send it to the victim and once the victim opens the file it will drop into the victims system and connect to hackers client. now he can issue commands to his server which is in the victims computer and manipulate it whatever the way he likes.
Trojans are very easy to use and most of them use encryption and security evasion techniques and there are TONS of tutorials all over internet if anyone interested in using them.

I hope I have covered enough information. so next time when you see someone asking “How to hack email” Please point it to this thread. so he/she don’t waste his/her time and money.
My advise is if you have a personal issue such as cheating/breaking up I encourage you to sort them by other means. or maybe Go see a doctor. if she dumped you.

Detecting Rats & Keyloggers Using CMD And Task Manager

Detecting Rats & Keyloggers Using CMD And Task Manager

In this tutorial, I’ll be showing you the easiest way of finding out malicious applications installed on your PC that transfer data using the internet without you knowing it.

As stated in the title, we’ll be using TaskManager and CMD for the purposes of this tutorial.

Part 1 :- Customizing Taskbar

1. To get started, open up your TaskManager by right clicking your TaskBar and selecting TaskManager or just hit CTRL+ALT+DEL to get it open.

2. Once that is done, click the “Processes” tab of your TaskManager and click View -> Select Columns -> Make sure that “Process Identifier(PID)” is ticked.

Pic :- http://bit.ly/1d0oijj

3. Now click the PID column to make sure that all the processes are sorted in a specific order. This step is not necessary, but it will make it easier for you to detect processes using their IDs.

Pic :- http://bit.ly/HiyQ1A

Part 2 :- Using CMD

Once you’ve done that right, we’re going to move on to part 2 of our tutorial, which is using CMD to view established connections.

Assuming you know how to open up CMD, I’m just going to rush through step 1.

1. Start -> Run -> CMD
OR
Just type in cmd in the searchbar if you’re running a system powered by Windows7.

2. Once cmd is open, I want you to type in “netstat -ano”.
Your result should be something like this:

Pic :- http://bit.ly/1a8Zhnl

3. Now what we’re interested in are only the connections with the state “ESTABLISHED”.
Isolate them out and look for the PID right next to them. There will be many connections with “ESTABLISHED” state, you’ll have to repeat the following steps for all of them.

Pic :- http://bit.ly/1a1ZcvP

This is the fun part. Now go back to the TaskManager and look for the name of the process(es) that has the same PID(s) as the one you found with the ESTABLISHED connection(s)

Pic :- http://bit.ly/HgdPFM

In the above case, it’s a safe and trusted application known as Dropbox, so I’m good. But incase you find a process which you do not know, if it’s something like svchost.exe that you’re sure is infected, right click the process and select “Open File Location”.

Now all you have to do is right click the file and scan it using your AV or upload it to an online scanner such as VirusTotal.com and check if it’s infected.

Pic :- http://bit.ly/HiztZ8

It’s as easy as that.

How to Hack Website with IIS Exploit?

How to Hack Website with IIS Exploit?

Hack Website with IIS Exploit.

with IIS Exploit we can upload the Defaced page on the Vulnerable Server without any Login. It is most Easiest way to Hack any site.

STEP 1: Click on Start button and open “RUN”.
STEP 2: Now Type this in RUN

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

Now A Folder named “Web Folders” will open.

STEP 3: Now “Right-Click” in the folder and Goto “New” and then “Web Folder”.

STEP 4: Now type the name of the Vulnerable site in this. e.g.” http:// victimsite .com/” and click “Next”.

STEP 5: Now Click on “Finish”

STEP 6: Now the folder will appear. You can open it and put any deface page or anything.

STEP 7: I put text file in that folder. Named “securityalert.txt” (you can put a shell or HTML file also). If the file appear in the folder then the Hack is successful but if it don’t then the site is not Vulnerable.

Now to view the uploaded site i will go to ” http:// victimsite .com/ securityalert.tx t”
In your case it will be ” www.[sitename].com/[file name that you uploaded] ”

Done! //Education PurPose

HACKING FACEBOOK, WHATSAPP, MYSPACE, TWITTER AND OTHER SOCIAL NETWORKING SYSTEMS

HACKING FACEBOOK, WHATSAPP, MYSPACE, TWITTER AND OTHER SOCIAL NETWORKING SYSTEMS
Well this is the question in everybodies mind that how can we hack a email account or How do others do it. When I started reading about Hacking I also search about this question and search for the Softwares that can do it for me but there was nothing that work.

Then comes the websites like hackfacebook.net that claim to hack 98% of facebook accounts for only 140 euros. But that is a BIG FRAUD. So question comes to mind How do we Hack the Accounts.

In real there are few ways to hack any account and they all work but there are not easy and not 100% efficient but with time you can master them all.
The ways Are (for nOObs)
1) Key logging
2) Phising
3) Brute force
4) Social Engineering (I call it Hacking the human)
5) Guessing the Security Password.

I will Post a detailed Articles about all these ways soon but summaries are as following.

KEYLOGGING: Keylogging is the way in which you sent a Keylogger remotely or install it on a computer to which you have Physical access. Keylogger is a Program that note down every thing a user write on a computer and some Keyloggers also capture the Pictures of the screen. SO with this way you can Know the Password that the user write.

Phising: Phising is the way in which a person is tricked to go to a Fake website exactly like the real one (e.g. Facebook). And if that person enter the password then the password is stored in the website that the Hackers can get. This way works very well with Stupids.

Brute Force: Brute force is the way of hacking in which software try every possible password. This way is 100% accurate but it can take millions of years to complete. So it is complete failure most of times.

Social Engineering: This way is really efficient with your friend whome you can trick to tell you the sensitive information like asking them to accept a keylogger an trick the to tell you their security Question’s answer.

Guessing the Security Password: This way can be the easiest or most difficult. But if you know the person then you can easily answer the question.

How to hack JomSocial CMS based websites

JomSocial ~ Joomla Shell Upload Vulnerability

You need:
A Shell
Tamper Data
Vulnerable Site
& a Brain

Preparation:
1. Get a shell here. (recommend: c99.php)
2. Download Tamper
3. Find a vuln site. *refer to Dorking*

Dorks:
inurl:/com_community/
inurl:/images/originalvideos/
inurl:/index.php?option=com_community&view=videos

Preparing your Shell:
1. Download a shell.
2. Put it in a folder (ex. “myshell”)
3. Copy the shell to the same folder and rename it to “yourshell.php.flv”
4. Now in your folder you have 2 files, “myshell.php” & “myshell.php.flv”.

Getting Access to site:
1. Register a fake account.
2. Active your fake account.
3. Go to your profile page.
4. Click on Add Video.
5. Choose upload video from computer.
Uploading your Shell:
Upload a video from your computer, please note that if you only see Add video from URL that means the site is not vuln.

The reason for having created a file called “myshell.php.flv”, is to trick the uploader into thinking that you are uploading a FLV file.

Uploading shell:
1. Go to upload page, click on add video.
2. Select Add video.
3. Select Upload from Computer.
4. Browse to your “myshell.php.flv”.
5. Input Title.
**before you click on upload**
6. Firefox -> Tools -> Tamper Data, click on Start Tamper Data.
7. Now click UPLOAD.
8. Tamper data will then show you if you want to tamper, uncheck continue to tamper then click on tamper.
9. Look for “myshell.php.flv” then delete the .flv part meaning you will have “myshell.php” left.
10. SUBMIT.
11. Wait for it, and you will see the successful upload page.
12. Congrats you have uploaded a shell.

Shell location:
1. Go to http://[slave]/images/originalvideos/
2. There you will find folders named in numbers. (yours is most likely the last/bottom folder)
3. Most of the folders will contain .flv, .avi && etc etc.
4. Your folder will contain a random generated name with a PHP file extension.
5. Open your “random.php”

%d bloggers like this: