sample copy. not for distribution. · google and yahoo and ….(any other marks used) have been...

Sample Copy. Not For Distribution.

i

How To Break Security

& Hack It


ii

Publishing-in-support-of,

EDUCREATION PUBLISHING

RZ 94, Sector - 6, Dwarka, New Delhi - 110075 Shubham Vihar, Mangla, Bilaspur, Chhattisgarh - 495001

Website: www.educreation.in

________________________________________________________________

© Copyright, Authors

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted, in any form by any means, electronic, mechanical, magnetic, optical, chemical, manual, photocopying, recording or otherwise, without the prior written consent of its writer.

ISBN: 978-1-5457-0284-0

Price: ` 205.00

The opinions/ contents expressed in this book are solely of the authors and do not represent the opinions/ standings/ thoughts of Educreation or the Editors . The book is released by using the services of self-publishing house.

Printed in India


iii

HOW TO Break Security

& HACK IT

By

VIJENDRA ATRE

EDUCREATION PUBLISHING (Since 2011)

www.educreation.in


iv


v

This book is dedicated to

Vivek Atre


vi

DISCLAIMER

The book contains the author and has been published for

educational purposes only. It does not in any way deem

to legitimize certain steps that may be illegal under

applicable law and organization policies in different parts

of the world. The book does not contain any legal advice

or any legal permission or

clarifications/warranties/advice on what may be deemed

as legal. Readers are advised to examine the privacy

policy, taking their own decisions. They cannot rely on

the present publication as defence in any proceeding. The

publisher and author are not liable for any steps that a

reader may take based on this publication and have made

no representations/warranties in relation to publication

and are not responsible for any reader who may be faced

with liability based on steps that may have been taken

after reading the publication. Google and Yahoo and

….(any other marks used) have been used descriptively

as the marks are owned by third parties.

P


vii

CONTENTS

Sr.No CONTENTS

P.NO

1. Basic Information of Internet… 1

2. Types of Hacker 5

3. Way of Hacking 7

4. Domain Name System (DNS) 11

5. IP (Internet Protocol) 13

6. How to change IP with the help

of Proxy List

15

7. Proxy Server 19

8. Web Proxy server 21

9. The Onion Router (TOR) 24

10. Secure VPNs 28

11. The MAC address 31

12. How to change MAC address 35

13. Translation Tools 39

14. Key loggers 41

15. Unblock Facebook chat if

www.facebook.com is blocked

43

16. Hack FB a/c with the help of 45


viii

Social Engineering

17. Phishing 56

18. Email Spoofing 65

19. Email Tracing 68

20. How to use Pandora in India 73

21. SQL Injection 75

22. Dork List 85

23. Computer Worms 102


How to Break Security & Hack it!!!!!

1

Basic Information of Internet

www: The term WWW refers to the World Wide Web or simply

the Web. The World Wide Web consists of all the public Web sites

connected to the Internet worldwide, including the client devices

(such as computers and cell phones) that access Web content. The

WWW is just one of many applications of the Internet and

computer networks.

The World Web is based on these technologies:

HTML - Hypertext Markup Language

HTTP - Hypertext Transfer Protocol

Web servers and Web browsers

Researcher Tim Berners-Lee led the development of the original

World Wide Web in the late 1980s and early 1990s. He helped

build prototypes of the above Web technologies and coined the

term "WWW." Web sites and Web browsing exploded in

popularity during the mid-1990s.

Also Known As: World Wide Web

Website: A website is a collection of web pages (documents that

are accessed through the Internet), such as the one you're looking

at now. A web page is what you see on the screen when you type

in a web address, click on a link, or put a query in a search engine.

A web page can contain any type of information, and can include

text, color, graphics, animation and sound.

Chapter 1


Vijendra Atre

2

When someone gives you their web address, it generally takes you

to their website's home page, which should introduce you to what

that site offers in terms of information or other services. From the

home page, you can click on links to reach other sections of the

site. A website can consist of one page, or of tens of thousands of

pages, depending on what the site owner is trying to accomplish.

Why Do People Visit Websites?: Generally, people look at

websites for two primary reasons:

1. To find information they need. This could be anything from a

student looking for pictures of frogs for a school project, to finding

the latest stock quotes, to getting the address of the nearest Thai

restaurant.

2. To complete a task. Visitors may want to buy the latest best-

seller, download a software program, or participate in an online

discussion about a favorite hobby.

The main thing to remember in creating a website is that you're not

creating the website for you; you already know about the

information or service you have to offer. You're creating the site

for your visitors, so it should contain the content they want, and be

organized in a way that makes sense, even to an outsider.

We'll tell you how to create and improve your website in further

articles, but the main thing to remember is this: A website is a

means of communication, and it is only successful when its

message is received by the intended user.

Domain: The web is the busiest place we know today, with

millions of websites now available online, competing to catch the

users’ attention. Apart from the common marketing and search

engine optimization techniques, one of the key weapons website

owners use in ‘fighting’ for their visitors’ attention is the name of

their website - i.e. their domain.

Subdomain: Subdomain Also called a child domain, a domain that

is part of a larger domain name in DNS hierarchy. DNS hierarchy

consists of the root-level domain at the top, underneath which are



3

the top-level domains, followed by second-level domains and

finally subdomains. For example, in the domain name

webopedia.internet.com, "webopedia" is a subdomain of the larger

second-level domain "internet.com."

HTTP: Short for HyperText Transfer Protocol, the underlying

protocol used by the World Wide Web. HTTP defines how

messages are formatted and transmitted, and what actions Web

servers and browsers should take in response to various

commands. For example, when you enter a URL in your browser,

this actually sends an HTTP command to the Web server directing

it to fetch and transmit the requested Web page.

The other main standard that controls how the World Wide Web

works is HTML, which covers how Web pages are formatted and

displayed.

HTTP is called a stateless protocol because each command is

executed independently, without any knowledge of the commands

that came before it. This is the main reason that it is difficult to

implement Web sites that react intelligently to user input. This

shortcoming of HTTP is being addressed in a number of new

technologies, including ActiveX, Java, JavaScript and cookies.

HTTPs: HyperText Transfer Protocol Secure.

Virus:

A computer virus is a program or piece of code that is loaded onto

your computer without your knowledge and runs against your

wishes. Viruses can also replicate themselves. All computer

viruses are man-made. A simple virus that can make a copy of

itself over and over again is relatively easy to produce. Even such a

simple virus is dangerous because it will quickly use all available

memory and bring the system to a halt. An even more dangerous

type of virus is one capable of transmitting itself across networks

and bypassing security systems.

Since 1987, when a virus infected ARPANET, a large network

used by the Defense Department and many universities, many

antivirus programs have become available. These programs

periodically check your computer system for the best-known types

of viruses.


Vijendra Atre

4

Some people distinguish between general viruses and worms. A

worm is a special type of virus that can replicate itself and use

memory, but cannot attach itself to other programs.

Computer worms: Computer worms are malicious software

applications designed to spread via computer networks. Computer

worms are one form of malware along with viruses and Trojans. A

person typically installs worms by inadvertently opening an email

attachment or message that contains executable scripts.

Once installed on a computer, worms spontaneously generate

additional email messages containing copies of the worm. They

may also open TCP ports to create networks security holes for

other applications, and they may attempt to "flood" the LAN with

spurious Denial of Service (DoS) data transmissions.

vulnerability scanning: The automated process of proactively

identifying vulnerabilities of computing systems in a network in

order to determine if and where a system can be exploited and/or

threatened. While public servers are important for communication

and data transfer over the Internet, they open the door to potential

security breaches by threat agents, such as malicious hackers.

Vulnerability scanning employs software that seeks out security

flaws based on a database of known flaws, testing systems for the

occurrence of these flaws and generating a report of the findings

that an individual or an enterprise can use to tighten the networks

security.

Vulnerability scanning typically refers to the scanning of

systems that are connected to the Internet but can also refer to

system audits on internal networks that are not connected to the

Internet in order to assess the threat of rogue software or malicious

employees in an enterprise.

V



5

Types of Hacker

A hacker is basically someone who breaks into computer networks

or standalone personal computer systems for the challenge of it or

because they want to profit from their innate hacking capabilities.

The hacker subculture that has developed among these new-age

outlaws is often defined as the computer underground, although as

of late it has evolved into a more open society of sorts. At any rate,

here are the different types of hackers.

White Hat: A white hat hacker is someone who has non-

malicious intent whenever he breaks into security systems and

whatnot. In fact, a large number of white hat hackers are security

experts themselves who want to push the boundaries of their own

IT security ciphers and shields or even penetration testers

specifically hired to test out how vulnerable or impenetrable (at the

time) a present protective setup currently is. A white hat that does

vulnerability assessments and penetration tests is also known as an

ethical hacker.

Black Hat: A black hat hacker, also known as a cracker, is the

type of hacker that has malicious intent whenever he goes about

breaking into computer security systems with the use of technology

such as a network, phone system, or computer and without

authorization. His malevolent purposes can range from all sorts

Chapter 2


Vijendra Atre

6

cybercrimes such as piracy, identity theft, credit card fraud,

vandalism, and so forth. He may or may not utilize questionable

tactics such as deploying worms and malicious sites to meet his

ends.

Grey Hat: A grey hat hacker is someone who exhibits traits from

both white hats and black hats. More to the point, this is the kind of

hacker that is not a penetration tester but will go ahead and surf the

Internet for vulnerable systems he could exploit. Like a white hat,

he\'ll inform the administrator of the website of the vulnerabilities

he found after hacking through the site. Like a black hat and unlike

a pen tester, he will hack any site freely and without any prompting

or authorization from owners whatsoever. He will even offer to

repair the vulnerable site he exposed in the first place for a small

fee.

Elite Hacker: As with any society, better than average people are

rewarded for their talent and treated as special. This social status

among the hacker underground, the elite (or, according to the

hacker language that eventually devolved into leetspeak, 31337)

are the hackers among hackers in this subculture of sorts. They are

the masters of deception that have a solid reputation among their

peers as the cream of the hacker crop.

Script Kiddie: A script kiddie is basically an amateur or non-

expert hacker wannabe who breaks into people's computer systems

not through his knowledge in IT security and the ins and outs of a

given website, but through the prepackaged automated scripts

(hence the name), tools, and software written by people who are

real hackers, unlike him. He usually has little to know knowledge

of the underlying concept behind how those scripts he has on hand

works.

V



7

Way of Hacking

This comprises of either taking control over terminal(or Server) or

render it useless or to crash it.. Following methods are used from a

long time and are still used..

Denial of Service –DoS attacks give hackers a way to bring down

a network without gaining internal access. DoS attacks work by

flooding the access routers with bogus traffic(which can be e-mail

or Transmission Control Protocol, TCP, packets).

Distributed DoSs –Distributed DoSs (DDoSs) are coordinated

DoS attacks from multiple sources. A DDoS is more difficult to

block because it uses multiple, changing, source IP addresses.

Sniffing –Sniffing refers to the act of intercepting TCP packets.

This interception can happen through simple eavesdropping or

something more sinister.

Spoofing –Spoofing is the act of sending an illegitimate packet

with an expected acknowledgment (ACK), which a hacker can

guess, predict, or obtain by snooping

SQL injection –SQL injection is a code injection technique that

exploits a security vulnerability occurring in the database layer of

Chapter 3


Vijendra Atre

8

an application. It uses normal SQL commands to get into database

with elevated privileges..

Viruses and Worms – Viruses and worms are self-replicating

programs or code fragments that attach themselves to other

programs (viruses) or machines (worms). Both viruses and worms

attempt to shut down networks by flooding them with massive

amounts of bogus traffic, usually through e-mail.

Back Doors –Hackers can gain access to a network by exploiting

back doors administrative shortcuts, configuration errors, easily

deciphered passwords, and unsecured dial-ups. With the aid of

computerized searchers (bots), hackers can probably find any

weakness in the network.

So, not interested in these stuffs.. huh??? wait there is more for

you.. So, how about the one related to hacking the passwords of

email and doing some more exciting stuffs.. The various methods

employed for this are:

Trojan Horses –Trojan horses, which are attached to other

programs, are the leading cause of all break-ins. When a user

downloads and activates a Trojan horse, the software can take the

full control over the system and you can remotely control the

whole system.. great..!!! They are also referred as RATs(Remote

Administration tools).

Key loggers –Consider the situation, everything you type in the

system is mailed to the hacker..!! Wouldn't it be easy to track your

password from that.. Key loggers perform similar functionalities..

So next time you type anything.. Beware..!! Have already posted

about key loggers and ways to protect yourself from them..

Brute Forcing –The longest and most tiring job.. don't even

consider this if you don't know the SET of password for your

victim..

Secret Question –According to a survey done by security

companies, it is found that rather than helping the legitimate users



9

the security questions are more useful to the hackers.. So if you

know the victim well try this..

Social Engineering –Ya this was one of the oldest trick to hack..

Try to convince your user that you are a legitimate person from the

system and needs your password for the continuation of the service

or some maintenance.. This won't work now since most of the

users are now aware about the Scam.. But this Social Engineering

concept is must for you to have to convince victim for many

reasons..!!!

Phishing – This is another type of key logging, here you have to

bring the user to a webpage created by you resembling the

legitimate one and get him to enter his password, to get the same in

your mail box..!! Use social engineering..

Fake Messengers – So it’s a form of phishing in the application

format.. getting user, to enter the login info in the software and

check your mail..!!!

Cookie Stealer -Here the cookie saved by the sites are taken and

decoded and if you get lucky.. You have the password..!!!

Hmmm.. not satisfied with single account at a time..?? so there are

ways to hack lots of accounts together.. I know few but there exists

many..!! listed are the ones i know and will teach you in coming

posts...

DNS Poisoning or PHARMING - So, phishing is a tough job..

isn't it..?? convincing someone to enter their password at your

page..?? what if you don't have to convince..?? what if they are

directed automatically to your site without having a clue..?? Nice

huh..?? Pharming does the same for you.. More about it in my next

post..

Whaling - This method gets you the password of the accounts

which are used by the hackers to receive the passwords.. So you


Vijendra Atre

10

just have to hack one ID, which is simplest method( Easy then

hacking any other account, will tell you how in coming posts..) and

you will have loads of passwords and so loads of accounts at your

mercy..!!!

V



11

Get Complete Book At Educreation Store

www.educreation.in


sample copy. not for distribution. · google and yahoo and ….(any other marks used) have been...

Documents