sample copy. not for distribution. · google and yahoo and ….(any other marks used) have been...
TRANSCRIPT
Sample Copy. Not For Distribution.
i
How To Break Security
& Hack It
Sample Copy. Not For Distribution.
ii
Publishing-in-support-of,
EDUCREATION PUBLISHING
RZ 94, Sector - 6, Dwarka, New Delhi - 110075 Shubham Vihar, Mangla, Bilaspur, Chhattisgarh - 495001
Website: www.educreation.in
________________________________________________________________
© Copyright, Authors
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted, in any form by any means, electronic, mechanical, magnetic, optical, chemical, manual, photocopying, recording or otherwise, without the prior written consent of its writer.
ISBN: 978-1-5457-0284-0
Price: ` 205.00
The opinions/ contents expressed in this book are solely of the authors and do not represent the opinions/ standings/ thoughts of Educreation or the Editors . The book is released by using the services of self-publishing house.
Printed in India
Sample Copy. Not For Distribution.
iii
HOW TO Break Security
& HACK IT
By
VIJENDRA ATRE
EDUCREATION PUBLISHING (Since 2011)
www.educreation.in
Sample Copy. Not For Distribution.
iv
Sample Copy. Not For Distribution.
v
This book is dedicated to
Vivek Atre
Sample Copy. Not For Distribution.
vi
DISCLAIMER
The book contains the author and has been published for
educational purposes only. It does not in any way deem
to legitimize certain steps that may be illegal under
applicable law and organization policies in different parts
of the world. The book does not contain any legal advice
or any legal permission or
clarifications/warranties/advice on what may be deemed
as legal. Readers are advised to examine the privacy
policy, taking their own decisions. They cannot rely on
the present publication as defence in any proceeding. The
publisher and author are not liable for any steps that a
reader may take based on this publication and have made
no representations/warranties in relation to publication
and are not responsible for any reader who may be faced
with liability based on steps that may have been taken
after reading the publication. Google and Yahoo and
….(any other marks used) have been used descriptively
as the marks are owned by third parties.
P
Sample Copy. Not For Distribution.
vii
CONTENTS
Sr.No CONTENTS
P.NO
1. Basic Information of Internet… 1
2. Types of Hacker 5
3. Way of Hacking 7
4. Domain Name System (DNS) 11
5. IP (Internet Protocol) 13
6. How to change IP with the help
of Proxy List
15
7. Proxy Server 19
8. Web Proxy server 21
9. The Onion Router (TOR) 24
10. Secure VPNs 28
11. The MAC address 31
12. How to change MAC address 35
13. Translation Tools 39
14. Key loggers 41
15. Unblock Facebook chat if
www.facebook.com is blocked
43
16. Hack FB a/c with the help of 45
Sample Copy. Not For Distribution.
viii
Social Engineering
17. Phishing 56
18. Email Spoofing 65
19. Email Tracing 68
20. How to use Pandora in India 73
21. SQL Injection 75
22. Dork List 85
23. Computer Worms 102
Sample Copy. Not For Distribution.
How to Break Security & Hack it!!!!!
1
Basic Information of Internet
www: The term WWW refers to the World Wide Web or simply
the Web. The World Wide Web consists of all the public Web sites
connected to the Internet worldwide, including the client devices
(such as computers and cell phones) that access Web content. The
WWW is just one of many applications of the Internet and
computer networks.
The World Web is based on these technologies:
HTML - Hypertext Markup Language
HTTP - Hypertext Transfer Protocol
Web servers and Web browsers
Researcher Tim Berners-Lee led the development of the original
World Wide Web in the late 1980s and early 1990s. He helped
build prototypes of the above Web technologies and coined the
term "WWW." Web sites and Web browsing exploded in
popularity during the mid-1990s.
Also Known As: World Wide Web
Website: A website is a collection of web pages (documents that
are accessed through the Internet), such as the one you're looking
at now. A web page is what you see on the screen when you type
in a web address, click on a link, or put a query in a search engine.
A web page can contain any type of information, and can include
text, color, graphics, animation and sound.
Chapter 1
Sample Copy. Not For Distribution.
Vijendra Atre
2
When someone gives you their web address, it generally takes you
to their website's home page, which should introduce you to what
that site offers in terms of information or other services. From the
home page, you can click on links to reach other sections of the
site. A website can consist of one page, or of tens of thousands of
pages, depending on what the site owner is trying to accomplish.
Why Do People Visit Websites?: Generally, people look at
websites for two primary reasons:
1. To find information they need. This could be anything from a
student looking for pictures of frogs for a school project, to finding
the latest stock quotes, to getting the address of the nearest Thai
restaurant.
2. To complete a task. Visitors may want to buy the latest best-
seller, download a software program, or participate in an online
discussion about a favorite hobby.
The main thing to remember in creating a website is that you're not
creating the website for you; you already know about the
information or service you have to offer. You're creating the site
for your visitors, so it should contain the content they want, and be
organized in a way that makes sense, even to an outsider.
We'll tell you how to create and improve your website in further
articles, but the main thing to remember is this: A website is a
means of communication, and it is only successful when its
message is received by the intended user.
Domain: The web is the busiest place we know today, with
millions of websites now available online, competing to catch the
users’ attention. Apart from the common marketing and search
engine optimization techniques, one of the key weapons website
owners use in ‘fighting’ for their visitors’ attention is the name of
their website - i.e. their domain.
Subdomain: Subdomain Also called a child domain, a domain that
is part of a larger domain name in DNS hierarchy. DNS hierarchy
consists of the root-level domain at the top, underneath which are
Sample Copy. Not For Distribution.
How to Break Security & Hack it!!!!!
3
the top-level domains, followed by second-level domains and
finally subdomains. For example, in the domain name
webopedia.internet.com, "webopedia" is a subdomain of the larger
second-level domain "internet.com."
HTTP: Short for HyperText Transfer Protocol, the underlying
protocol used by the World Wide Web. HTTP defines how
messages are formatted and transmitted, and what actions Web
servers and browsers should take in response to various
commands. For example, when you enter a URL in your browser,
this actually sends an HTTP command to the Web server directing
it to fetch and transmit the requested Web page.
The other main standard that controls how the World Wide Web
works is HTML, which covers how Web pages are formatted and
displayed.
HTTP is called a stateless protocol because each command is
executed independently, without any knowledge of the commands
that came before it. This is the main reason that it is difficult to
implement Web sites that react intelligently to user input. This
shortcoming of HTTP is being addressed in a number of new
technologies, including ActiveX, Java, JavaScript and cookies.
HTTPs: HyperText Transfer Protocol Secure.
Virus:
A computer virus is a program or piece of code that is loaded onto
your computer without your knowledge and runs against your
wishes. Viruses can also replicate themselves. All computer
viruses are man-made. A simple virus that can make a copy of
itself over and over again is relatively easy to produce. Even such a
simple virus is dangerous because it will quickly use all available
memory and bring the system to a halt. An even more dangerous
type of virus is one capable of transmitting itself across networks
and bypassing security systems.
Since 1987, when a virus infected ARPANET, a large network
used by the Defense Department and many universities, many
antivirus programs have become available. These programs
periodically check your computer system for the best-known types
of viruses.
Sample Copy. Not For Distribution.
Vijendra Atre
4
Some people distinguish between general viruses and worms. A
worm is a special type of virus that can replicate itself and use
memory, but cannot attach itself to other programs.
Computer worms: Computer worms are malicious software
applications designed to spread via computer networks. Computer
worms are one form of malware along with viruses and Trojans. A
person typically installs worms by inadvertently opening an email
attachment or message that contains executable scripts.
Once installed on a computer, worms spontaneously generate
additional email messages containing copies of the worm. They
may also open TCP ports to create networks security holes for
other applications, and they may attempt to "flood" the LAN with
spurious Denial of Service (DoS) data transmissions.
vulnerability scanning: The automated process of proactively
identifying vulnerabilities of computing systems in a network in
order to determine if and where a system can be exploited and/or
threatened. While public servers are important for communication
and data transfer over the Internet, they open the door to potential
security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security
flaws based on a database of known flaws, testing systems for the
occurrence of these flaws and generating a report of the findings
that an individual or an enterprise can use to tighten the networks
security.
Vulnerability scanning typically refers to the scanning of
systems that are connected to the Internet but can also refer to
system audits on internal networks that are not connected to the
Internet in order to assess the threat of rogue software or malicious
employees in an enterprise.
V
Sample Copy. Not For Distribution.
How to Break Security & Hack it!!!!!
5
Types of Hacker
A hacker is basically someone who breaks into computer networks
or standalone personal computer systems for the challenge of it or
because they want to profit from their innate hacking capabilities.
The hacker subculture that has developed among these new-age
outlaws is often defined as the computer underground, although as
of late it has evolved into a more open society of sorts. At any rate,
here are the different types of hackers.
White Hat: A white hat hacker is someone who has non-
malicious intent whenever he breaks into security systems and
whatnot. In fact, a large number of white hat hackers are security
experts themselves who want to push the boundaries of their own
IT security ciphers and shields or even penetration testers
specifically hired to test out how vulnerable or impenetrable (at the
time) a present protective setup currently is. A white hat that does
vulnerability assessments and penetration tests is also known as an
ethical hacker.
Black Hat: A black hat hacker, also known as a cracker, is the
type of hacker that has malicious intent whenever he goes about
breaking into computer security systems with the use of technology
such as a network, phone system, or computer and without
authorization. His malevolent purposes can range from all sorts
Chapter 2
Sample Copy. Not For Distribution.
Vijendra Atre
6
cybercrimes such as piracy, identity theft, credit card fraud,
vandalism, and so forth. He may or may not utilize questionable
tactics such as deploying worms and malicious sites to meet his
ends.
Grey Hat: A grey hat hacker is someone who exhibits traits from
both white hats and black hats. More to the point, this is the kind of
hacker that is not a penetration tester but will go ahead and surf the
Internet for vulnerable systems he could exploit. Like a white hat,
he\'ll inform the administrator of the website of the vulnerabilities
he found after hacking through the site. Like a black hat and unlike
a pen tester, he will hack any site freely and without any prompting
or authorization from owners whatsoever. He will even offer to
repair the vulnerable site he exposed in the first place for a small
fee.
Elite Hacker: As with any society, better than average people are
rewarded for their talent and treated as special. This social status
among the hacker underground, the elite (or, according to the
hacker language that eventually devolved into leetspeak, 31337)
are the hackers among hackers in this subculture of sorts. They are
the masters of deception that have a solid reputation among their
peers as the cream of the hacker crop.
Script Kiddie: A script kiddie is basically an amateur or non-
expert hacker wannabe who breaks into people's computer systems
not through his knowledge in IT security and the ins and outs of a
given website, but through the prepackaged automated scripts
(hence the name), tools, and software written by people who are
real hackers, unlike him. He usually has little to know knowledge
of the underlying concept behind how those scripts he has on hand
works.
V
Sample Copy. Not For Distribution.
How to Break Security & Hack it!!!!!
7
Way of Hacking
This comprises of either taking control over terminal(or Server) or
render it useless or to crash it.. Following methods are used from a
long time and are still used..
Denial of Service –DoS attacks give hackers a way to bring down
a network without gaining internal access. DoS attacks work by
flooding the access routers with bogus traffic(which can be e-mail
or Transmission Control Protocol, TCP, packets).
Distributed DoSs –Distributed DoSs (DDoSs) are coordinated
DoS attacks from multiple sources. A DDoS is more difficult to
block because it uses multiple, changing, source IP addresses.
Sniffing –Sniffing refers to the act of intercepting TCP packets.
This interception can happen through simple eavesdropping or
something more sinister.
Spoofing –Spoofing is the act of sending an illegitimate packet
with an expected acknowledgment (ACK), which a hacker can
guess, predict, or obtain by snooping
SQL injection –SQL injection is a code injection technique that
exploits a security vulnerability occurring in the database layer of
Chapter 3
Sample Copy. Not For Distribution.
Vijendra Atre
8
an application. It uses normal SQL commands to get into database
with elevated privileges..
Viruses and Worms – Viruses and worms are self-replicating
programs or code fragments that attach themselves to other
programs (viruses) or machines (worms). Both viruses and worms
attempt to shut down networks by flooding them with massive
amounts of bogus traffic, usually through e-mail.
Back Doors –Hackers can gain access to a network by exploiting
back doors administrative shortcuts, configuration errors, easily
deciphered passwords, and unsecured dial-ups. With the aid of
computerized searchers (bots), hackers can probably find any
weakness in the network.
So, not interested in these stuffs.. huh??? wait there is more for
you.. So, how about the one related to hacking the passwords of
email and doing some more exciting stuffs.. The various methods
employed for this are:
Trojan Horses –Trojan horses, which are attached to other
programs, are the leading cause of all break-ins. When a user
downloads and activates a Trojan horse, the software can take the
full control over the system and you can remotely control the
whole system.. great..!!! They are also referred as RATs(Remote
Administration tools).
Key loggers –Consider the situation, everything you type in the
system is mailed to the hacker..!! Wouldn't it be easy to track your
password from that.. Key loggers perform similar functionalities..
So next time you type anything.. Beware..!! Have already posted
about key loggers and ways to protect yourself from them..
Brute Forcing –The longest and most tiring job.. don't even
consider this if you don't know the SET of password for your
victim..
Secret Question –According to a survey done by security
companies, it is found that rather than helping the legitimate users
Sample Copy. Not For Distribution.
How to Break Security & Hack it!!!!!
9
the security questions are more useful to the hackers.. So if you
know the victim well try this..
Social Engineering –Ya this was one of the oldest trick to hack..
Try to convince your user that you are a legitimate person from the
system and needs your password for the continuation of the service
or some maintenance.. This won't work now since most of the
users are now aware about the Scam.. But this Social Engineering
concept is must for you to have to convince victim for many
reasons..!!!
Phishing – This is another type of key logging, here you have to
bring the user to a webpage created by you resembling the
legitimate one and get him to enter his password, to get the same in
your mail box..!! Use social engineering..
Fake Messengers – So it’s a form of phishing in the application
format.. getting user, to enter the login info in the software and
check your mail..!!!
Cookie Stealer -Here the cookie saved by the sites are taken and
decoded and if you get lucky.. You have the password..!!!
Hmmm.. not satisfied with single account at a time..?? so there are
ways to hack lots of accounts together.. I know few but there exists
many..!! listed are the ones i know and will teach you in coming
posts...
DNS Poisoning or PHARMING - So, phishing is a tough job..
isn't it..?? convincing someone to enter their password at your
page..?? what if you don't have to convince..?? what if they are
directed automatically to your site without having a clue..?? Nice
huh..?? Pharming does the same for you.. More about it in my next
post..
Whaling - This method gets you the password of the accounts
which are used by the hackers to receive the passwords.. So you
Sample Copy. Not For Distribution.
Vijendra Atre
10
just have to hack one ID, which is simplest method( Easy then
hacking any other account, will tell you how in coming posts..) and
you will have loads of passwords and so loads of accounts at your
mercy..!!!
V
Sample Copy. Not For Distribution.
How to Break Security & Hack it!!!!!
11
Get Complete Book At Educreation Store
www.educreation.in
Sample Copy. Not For Distribution.
Sample Copy. Not For Distribution.