You are on page 1of 7

network administrator password

webcam hack through network wif


android unlocker/password breaker
server hacker
hack computer through
and android phone
....wif
...bluetooth
....simply accessing it
Complete List of Topics
Introduction to Ethical Hacking
IP Addresses
IP Enumeration and Tracing
IP Hiding and Bypassing Restrictions
Proxy Servers, VPNs and Proxy Bouncers
HTTP Tunnelling, Unblocking Websites and People Hacking
Network Reconnaissance & Information Gathering
Metasploit
Spoofng Attacks, Google Dorking and Website Enumeration.
Trojans, Keyloggers and Spyware Attacks
Mobile Phone Exploits
Password Cracking Attacks
Windows Vulnerabilities
Data Encryption, Data Hiding and Steganography
DOS Attacks
Distributed DOS Attacks
Web Attacks
Cookie Stealing and Session Hijacking
Phishing Attacks
Open Redirection Attacks
Cross Site Scripting Attacks
Data Sniffing
ARP Poisoning
SQL Injection
Advanced SQL Injection
25 Attacks with Backtrack / Kali
Meterpreter & Post Exploitation Attacks
Advanced Meterpreter & Post Exploitation Attacks
Post Exploitation Scripts and Modules
Shell Attacks
Bind Shell Attacks
Reverse Shell Attacks
Wi-Fi Cracking
WEP Cracking
WPA Cracking
WPA2 Cracking
Computer Forensics & Honeypots
Social Engineering Toolkit Attacks
Kali Hacking
Advanced Kali Hacking
Project Work for Hands-On Experience
1. Trojan programs that share fles via instant messenger.
2. Phishing
3. Fake Websites.
4. Spoofng
5. Spyware
6. Electronic Bulletin Boards
7. Information Brokers
8. Internet Public Records
9. Trojan Horses
10. Wormhole Attack
Security Attacks
This page lists types of security attacks. This document will address security
issues, measures, and policies which take these types of attacks into
consideration.

DoS- Denial of Service


Trojan Horse - Comes with other software.
Virus - Reproduces itself by attaching to other executable fles.
Worm - Self-reproducing program. Creates copies of itself. Worms that spread
using e-mail address books are often called viruses.
Logic Bomb - Dormant until an event triggers it (Date, user action, random
trigger, etc.).
Hacker Attacks

I use the term "hacker attacks" to indicate hacker attacks that are not automated
by programs such as viruses, worms, or trojan horse programs. There are various
forms that exploit weakneses in security. Many of these may cause loss of
service or system crashes.

IP spoofng - An attacker may fake their IP address so the receiver thinks it is


sent from a location that it is not actually from. There are various forms and
results to this attack.
The attack may be directed to a specifc computer addressed as though it is from
that same computer. This may make the computer think that it is talking to itself.
This may cause some operating systems such as Windows to crash or lock up.
Gaining access through source routing. Hackers may be able to break through
other friendly but less secure networks and get access to your network using this
method.
Man in the middle attack -
Session hijacking - An attacker may watch a session open on a network. Once
authentication is complete, they may attack the client computer to disable it,
and use IP spoofng to claim to be the client who was just authenticated and
steal the session. This attack can be prevented if the two legitimate systems
share a secret which is checked periodically during the session.
Server spoofng - A C2MYAZZ utility can be run on Windows 95 stations to
request LANMAN (in the clear) authentication from the client. The attacker will
run this utility while acting like the server while the user attempts to login. If the
client is tricked into sending LANMAN authentication, the attacker can read their
username and password from the network packets sent.
DNS poisoning - This is an attack where DNS information is falsifed. This attack
can succeed under the right conditions, but may not be real practical as an
attack form. The attacker will send incorrect DNS information which can cause
traffic to be diverted. The DNS information can be falsifed since name servers do
not verify the source of a DNS reply. When a DNS request is sent, an attacker can
send a false DNS reply with additional bogus information which the requesting
DNS server may cache. This attack can be used to divert users from a correct
webserver such as a bank and capture information from customers when they
attempt to logon.
Password cracking - Used to get the password of a user or administrator on a
network and gain unauthorized access.
Some DoS Attacks

Ping broadcast - A ping request packet is sent to a broadcast network address


where there are many hosts. The source address is shown in the packet to be the
IP address of the computer to be attacked. If the router to the network passes
the ping broadcast, all computers on the network will respond with a ping reply
to the sttacked system. The attacked system will be flooded with ping responses
which will cause it to be unable to operate on the network for some time, and
may even cause it to lock up. The attacked computer may be on someone else's
network. One countermeasure to this attack is to block incoming traffic that is
sent to a broadcast address.
Ping of death - An oversized ICMP datagram can crash IP devices that were made
before 1996.
Smurf - An attack where a ping request is sent to a broadcast network address
with the sending address spoofed so many ping replies will come back to the
victim and overload the ability of the victim to process the replies.
Teardrop - a normal packet is sent. A second packet is sent which has a
fragmentation offset claiming to be inside the frst fragment. This second
fragment is too small to even extend outside the frst fragment. This may cause
an unexpected error condition to occur on the victim host which can cause a
buffer overflow and possible system crash on many operating systems.

Common Methods for Hacking Computer Terminals(Servers):


This comprises of either taking control over terminal(or Server) or render it
useless or to crash it.. following methods are used from a long time and are still
used..

1. Denial of Service -
DoS attacks give hackers a way to bring down a network without gaining internal
access. DoS attacks work by flooding the access routers with bogus traffic(which
can be e-mail or Transmission Control Protocol, TCP, packets).
2. Distributed DoSs -
Distributed DoSs (DDoSs) are coordinated DoS attacks from multiple sources. A
DDoS is more difficult to block because it uses multiple, changing, source IP
addresses.

3. Sniffing -
Sniffing refers to the act of intercepting TCP packets. This interception can
happen through simple eavesdropping or something more sinister.

4. Spoofng -
Spoofng is the act of sending an illegitimate packet with an expected
acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping

5. SQL injection -
SQL injection is a code injection technique that exploits a security vulnerability
occurring in the database layer of an application. It uses normal SQL commands
to get into database with elivated privellages..

6. Viruses and Worms -


Viruses and worms are self-replicating programs or code fragments that attach
themselves to other programs (viruses) or machines (worms). Both viruses and
worms attempt to shut down networks by flooding them with massive amounts
of bogus traffic, usually through e-mail.

7. Back Doors -
Hackers can gain access to a network by exploiting back doors administrative
shortcuts, confguration errors, easily deciphered passwords, and unsecured dial-
ups. With the aid of computerized searchers (bots), hackers can probably fnd
any weakness in the network.

So, not interested in these stuffs.. huh??? wait there is more for you.. So, how
about the one related to hacking the passwords of email and doing some more
exciting stuffs.. The various methods employed for this are:

8. Trojan Horses -
Trojan horses, which are attached to other programs, are the leading cause of all
break-ins. When a user downloads and activates a Trojan horse, the software can
take the full control over the system and you can remotely control the whole
system.. great..!!! They are also reffered as RATs(Remote Administration tools).
I've written about them here.

9. Keyloggers -
Consider the situation, everything you type in the system is mailed to the
hacker..!! Wouldn't it be easy to track your password from that.. Keyloggers
perform similar functionallities.. So next time you type anything.. Beware..!!
Have already posted about keyloggers and ways to protect yourself from them..
read it here.

10. BruteForcing -
The longest and most tiring job.. don't even consider this if you don't know the
SET of password for your victim..

11. Secret Question -


According to a survey done by security companies, it is found that rather than
helping the legitimate users the security questions are more useful to the
hackers.. So if you know the victim well try this..

12. Social Engineering -


Ya this was one of the oldest trick to hack.. Try to convince your user that you are
a legitimate person from the system and needs your password for the
continuation of the service or some maintainence.. This won't work now since
most of the users are now aware about the Scam.. But this Social Engginering
concept is must for you to have to convince victim for many reasons..!!!

13. Phishing -
This is another type of keylogging, here you have to bring the user to a webpage
created by you resembling the legitimate one and get him to enter his password,
to get the same in your mail box..!! Use social engginering.. A detailed guide for
the phishing can be found here or an introductory and setup explanation here

14. Fake Messengers -


So its a form of phishing in the application format.. getting user, to enter the
login info in the software and check your maill..!!!

15. Cookie Stealer -


Here the cookie saved by the sites are taken and decoded and if you get lucky..
You have the password..!!!

Hmmm.. not satisfed with single account at a time..?? so there are ways to hack
lots of accounts together.. I know few but there exists many..!! listed are the ones
i know and will teach you in coming posts...

16. DNS Poisoning or PHARMING -


So, phisihing is a tough job.. isn't it..?? convincing someone to enter their
password at your page..?? what if you don't have to convince..?? what if they are
directed automatically to your site without having a clue..?? Nice huh..??
Pharming does the same for you.. More about it in my next post..

17. Whaling -
This method gets you the password of the accounts which are used by the
hackers to recive the passwords.. So you just have to hack one ID, which is
simplest method( Easy then hacking any other account, will tell you how in
coming posts..) and you will have loads of passwords and so loads of accounts at
your mercy..!!!

I would like to add one thing the methods metioned under exiting ways are easy
but are for newbiees and script kiddies so if you really want to learn hacking then
do some real work, then relaying on the softwares or tools.. will give info of that
in my later posts.. or comment if you want any more info..