Learn Everything About Phishing

This summary is not available. Please click here to view the post.

FAQ: Phishing to Hack Email Account Passwords

Hack RuneScape User Account Password | RuneScape Phishing

I have told you how to hack various sites using phishing, like Facebook, Gmail, RapidShare, etc. Now, I am adding one more article about how to hack Runescape account using Runescape Phishing.

Before we start Please Note: Phishing is legally offensive. I am not responsible for any action done by you.


How to Hack RuneScape Account Password?

1. First of all download RuneScape Phisher from here.

2. The downloaded folder contains two files:

• Index.htm and
• update.php

3. Now, sign up for free webhost or webhosting service like:

• www.yourfreehosting.net
• www.drivehq.com
• www.110mb.com
• www.t35.com
• www.esmartstart.com

4. After you login to your account, go to File Manager and upload these two files mentioned in Step 2.

5. Now, send this phisher link (index.html link) to your victim and make him login to his Runescape account using your sent Phisher.

5. Once he logs in to his Runescape account using Phisher, all his typed Runescape id and password is stored in "passwords.txt". This file is created in your webhost control panel as shown below.


6. So, you have obtained Runescape password and can easily hack runescape account.

So friends, I hope you are now able to hack Runescape account password using Runescape Phishing. I have tried my best to keep this tutorial simple to help you hack runescape account.

Do you have questions, comments, or suggestions? Feel free to post a comment!

Know More About Phishing Attacks

Phishing is a method of stealing login info (usernames and passwords) by directing the victim to a clone (fake) login page, that logs the login info without the knowledge of the victim. Such clone website is known as a phisher. eBay, PayPal and other online banks are common targets. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.

Recent phishing attempts have targeted the customers of banks and online payment services. Social networking sites such as Orkut are also a target of phishing.

Spoofed/Fraudulent e-mails are the most widely used tools to carry out the phishing attack. In most cases we get a fake e-mail that appears to have come from a Trusted Website . Here the hacker may request us to verify username & password by replaying to a given email address.

How to protect yourself against phishing?

• Use your login info in the correct places only.

Don't ever put your login info anywhere else than the page you registered to, unless it's a trusted service, such as youtube or blogger, asking for your google account's info).

• Make sure the website you're logging in isn't fake.

Whenever you login to a website, if you didn't type the URL (address) of the website yourself, i.e. if you clicked a link that led you to the login page (from message, website, search engine results), always check the url (address) to see if you're in the right place.

For instance, if you're logging in your facebook account, make sure the url appears as http://www.facebook.com/
Where a phisher page would look like http://www.facebook.freewebs.com/, or http://www.facebook.spam.com/, or any url whose part before the .com isn't exactly the same as the page you want to login to.

• Make sure the links you're clicking aren't fake.

Whenever you're clicking a link, check where the link goes before clicking it. Links can be masked to appear as something else than the page they're leading to. For example, www.google.com leads to yahoo instead of google. Fortunately, in most browsers, whenever you point your mouse cursor over the link, the true location of the link is displayed on the bottom left part of the screen.
This is particularly important because it can protect you from another, rarer but more dangerous method called cookie stealing, which is basically automatically stealing your account if you're previously logged in the website.

Know that links to phishing pages are usually spread via email, and often represent impersonating trusted services and persons, such as making the email appear as it's sent from the website you've registered to, or a friend of yours whose account has been compromised.


What to do if you have spotted a phisher?

• Report the phisher as soon as you can. Report the phisher's address here: http://www.google.com/safebrowsing/report_phish/

• If the phishing attempt has been done via message, report the message in any of the following services:

http://www.reportphish.org/forwardphish.php
http://www.us-cert.gov/nav/report_phishing.html

• If you received the message from a friend's compromised account, inform your friend, and other friends that might be in danger.

• If possible, inform the admin of the website that the phisher is made for.

So the Bottom line to defend from phishing attack is

1. Never assume that an email is valid based on the sender’s email address.

2. A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.

3. An email from trusted organization will never contain attachments or software.

4. Clicking on a link in an email is the most insecure way to get to your account. 

What is Social Engineering?

Social Engineering is the art of Hacking In Real Life. Social engineering is the art of getting people to tell you stuff that they usually wouldn’t disclose, through the use of words and your appearance.

A good Social engineerer (or as I love to call these types of people, “Bullshit artists”), can make people believe nearly anything.

I will use the example of someone trying to get someone’s password:

Now the most important thing is having a believable story. If you go to someone and say “hotmail have requested i get your password for account checking”, then they will most likely tell you to piss off.

One of the most common ways that i use, is “I’m doing a survey”. Make a fake survey, attach it to a clip board, and just walk up to the person and start asking him questions.

For example:
Hi, my name is Alexander, and I am doing a survey on how strong peoples passwords are. You will be surprised at how insecure most people’s passwords are, and you may find it extremely worrying about how insecure your password may be. If you don’t mind, would you allow me to ask you a few questions?

The person will think “insecure personal information” and 9 times out of 10 will agree to talk to you.

Ask them questions like “does your password contain letters numbers and symbols”, “how long is your password” (when they are counting, watch their lips to see if they spell the words/numbers out), etc.

You may also be able to give them the “i also have a good way of calculating how strong your password is. This isn’t necessary but you can give me a password you use most frequently and i can calculate how strong it is”, but that sometimes pushes the bar a little too much.

Prevention of Social Engineering

As you can probably see above, the power of SE can EASILY be used against people. It is always a good idea to be aware of people who you don’t know, but it is also good practice to watch people you DO know. Don’t be getting paranoid about things, because that isn’t what i mean, but SE is the EASIEST way to hack anything.

Here are some tips of keeping safe:

I cant have a complete list, because Social Engineers are constantly changing the ways in which they gain trust.
A few things to look out for:

Something that is too good to be true

If its too good to be true, then it probably is. Always make sure that the person is trusted, or is well known. Hey, don’t just go on that, the person may have fooled everyone, but it is always good to ask yourself “If this is such a good offer, how can he/she be offering it.”

Someone who you never usually talk to has started being really interested in you

They might just have become really interested in you, but what for? If they start asking really strange/personal questions, I would recommend you play the “Playing it hard” game. Ask them the same question as your answer, and refuse to tell them until they tell you. Then just be like “I don’t believe you”. Doesn’t matter if its true or not, but what you have just done is proven to them they aren’t as trusted as they believed they were, even if its only psychological. Then just make up an excuse so you need to go. There are plenty of ways to just get out of something, but i prefer the method where you beat them at their own game. Make it SO much more entertaining =)

Someone you don’t know asks you for your details

Obviously you don’t give them out, you would have to be stupid to do that.

As a rule of thumb, just make sure that the person isn’t trying anything. You will find it hard to pick a real good Social engineerer, but just remember that there are always people out there who aren’t that good, trying it.

Remember: Never give out details, or secure information such as your passwords. Use passwords that aren’t anything to do with your age/DOB/FirstName/Surname etc. All of that can be found too easily.

This Post was written with the beginner in mind, and just defines the basics of the Social Engineering techniques.

What Are Anonymizers?

Just about everything you do in a computer is logged. In Windows, there are event handels that log main events performed by the user, such as logging into the computer. On Linux, even things such as error logging for the xorg server is performed, and some programs that users intent to use for malicious purposes, even log locally on the computers, without the users consent. The programs are not logging because they know you are conducting abuse, but because the logging is used for error-checking. However, if you find yourself in trouble, the error-logs can point the police to evidence of your mis-doing.

Say you manage to attack and compromise a webserver, and remove the logs, you're still not safe though. There is another thing that prevents you from being completely undetectable, Your IP/Domain address, and this is what this tutorial will primarily be focusing on.

What is an Anonymizer?

Anonymizers are online services that eliminate the trail of information that you leave behind, whilst surfing, so that your online activities cannot be traced back to you. The anonymizers vary in sophistication depending on the level of security and number of features that you require. Some anonymizers require the use of client software and others only require that you log onto their website before browsing other sites.

How do Anonymizers work?

You essentially surf the Web through the anonymizer site, going to that site first and then routing all your pages from there. When you send a page request through the anonymizer, it acts like a super-proxy server, stripping off the header of each data packet, thus making your request anonymous. The requested page is then fed through the anonymizer back to your Web browser.


In order to avoid being tracked, one can use an anonymous proxy to surf the web. An anonymous proxy makes sure your IP address does not get stored on the web server logs. Web servers log every ?GET? request made, together with date, hour, and IP. But if you are accessing the Internet through a proxy server, then the IP of the proxy is logged and not yours.
In case you do not go through an anonymous proxy, then you are actually risking vital information that belongs to you. For example, a hacker can easily find out your IP Address, your web browser, your Operating System and even the previous URL that you have visited. You can also be easily located geographically (provided one has the necessary software tools) because people can find out a whole lot of things that give your location. Like your hostname, your continent, your country, your city and even your Internet Service Provider.
Consider the scenario where a hacker gets access to your computer, he can find out your name, email address, telephone number, various user ID's and passwords, details about software you use and your preferences, locations of files and folders, the search strings that you used and literally hundreds of other personal things. All this information is stored in files like SYSTEM.ini, USER.dat, SYSTEM.dat etc. One very important file is the nsform??.TMP which stores all the data inside every Netscape form you've ever submitted, with and without SSL, when the submission failed or was canceled.

Some of the best Anonymizers:

• Anonymouse - A very good free anonymizer. By using this CGI proxy you can anonymously surf web pages, send anonymous e-mails and look at news.


• ProxyKing.net - This anonymizer service keeps websites from tracking your internet movements by preventing them from placing cookies on your home computer.


• AnonymousIndex.com - Anonymous private surfing service, hide your ip, manage website ads, referrers and cookies through this free web based proxy.


• HideMyAss.com - Free anonymous browsing, for the times when you REALLY need to hide your ass online!


• ProxyFoxy.com - Proxy Foxy offers you free anonymous surfing. With our free tool you can surf the Internet safe and secure without revealing your identity. Avoid cookies, spyware and other malicious scripts.

What is a Hacker / Cracker?

A Hacker is known to build things, solve problems and not break or crack any system. The computer industry initially hired good programmers to make sure how to full proof their system. However, over the years, the media, journalism and writers have played a very important role in changing the real meaning of the word hacker. They themselves are very confused in the term Hacker and a Cracker. A typical definition of a Hacker, that today comes to you mind is that a Hacker, is a person who tries to gain unauthorized access to any property and computers. The term Hacker came as slang from the computer world. So, different people have given different definitions to it. But what remains the common point is, that whenever you hear the word hacker, the first think that comes to your mind is always negative and bad. However, the real meaning of a hacker is a programmer who really finds it thrilling to learn more about it, who likes to explore more details about the programming language and hence stretches his or her capabilities more than any average person.

What is a Cracker?

Crackers are people who get cheap thrill out of cracking computer codes, and breaking into systems. Hence, these are the people who have negativity around them and they only believe in breaking or cracking an access to any kind of system that they have no authorization to. They are malicious annoying people who try to uncover sensitive information by poking their unwanted nose everywhere. Hackers on the other hand are knowledgeable and responsible people. They like to take intellectual challenges and like to overcome all limitations that are there in a particular system. Learning to hack is not very easy. It is a special gift that is only given to a selected few. Only people who are good in searching and keeping themselves updated about the latest technology are the one who are blessed with it. Only being good with computers does not qualify one to be a good hacker. Some people also reapply their hacking knowledge to different fields like music and electronic. It is also said the every hacker is independent of any kind of hack he does, call it in the computer field or elsewhere. Hackers are known to be ethical, wise in their practice.

The realty is: “Hackers build things, crackers break them.”

Today the hacker world has been given 3 different names. The White hat hackers, who do all the good things and are positively motivated people, Then we have the Black hat hackers also called the crackers who are usually into negative work of cracking and breaking into someone’s system and finally the third and the last are the gray hat hackers who explore the best of both the worlds. To conclude, we can say that Hackers are people who are skilled programmers that work for a positive cause or a goal, either for themselves or for an organization which could be private as in an industry or for the government.

Thinking of a Hacker

The thinking of a hacker is very much the same as that of a good program developer. Hackers who have been successful have developed a common strategy over a period of time. This strategy is to very patiently and carefully document every step, which is what the programmers do. They are good at analyzing and following a methodical approach of investigation. So when they start they don’t have much as in the background, they start from the starch and gradually build what is called the entire roadmap or game plan.
It is a known fact that in order to think like a master hacker one should imitated all the big hackers both intellectually and emotionally. As they always work on a different platform and it is the platform of Self Belief.

1. The typical thinking of a Hacker is that, they believe that the world is full of ongoing problems which continuously need solutions to it. So looking for solutions should be the ultimate aim and not giving up till the time the problem is cracked.

2. Another fundamental that they work on is that, the same wheel should not be invented twice as it will be a waste of time and effort both. Brains with creativity should be used for new proposes and not older ones. So, they believe in the theory that time is precious and make the best out of it.

3. The third fundamental truth that they believe in is that, repetition is what leads to success and no word like boredom can be found in their dictionary.

4. The next good thing they believe in is Freedom. Most of the hackers work independently and that is a strong foundation for them to grow. It is said that freedom has no limit to the growth of an individual.

5. No replacement for a good attitude. An attitude to fight and not flight. One can give up whenever he or she wants. It is only the attitude that makes you different from the other.

6. Hackers believe in a value system that is not negotiable and do not compromise on it, because if they do then they would be crackers and not hackers.

Documentation is said to be the wisest thing that any developer a simple programmer or a hacker maintains. At times finding solutions is so difficult that is only the documentation that can help one understand the entire process all over again. It is like hunting for a treasure hunt in a jungle with small clues that take you to the next clue and one step closer to the final gift. 

Know More About Cryptography

In my previous post I've been explaining the Basics of Cryptography, so that every beginner can know about it. Here is one more article i am going to write on "Cryptography". Lets start:

What is encryption

Encryption is the technique of converting data from a plain text into what is called cipher text. Cipher text is information that has been encrypted using an algorithm or cipher into a character string. This data can be converted back into its original form or reverse the process is called decryption. To recover the original data that was once in plain text you need the decryption key, the decryption key will undo the process which encrypting the data has done. A decryption key is what determines the output of either the cipher or algorithm.


History

Cryptography in greek means: "hidden secret". Cryptography was originally created to encrypt secret data to protect unwanted eyes from seeing the original piece of text. This is still what encryption is mainly used for today. The development of digital computers and electronics after WWII made possible much more complex ciphers. Furthermore, computers allowed for the encryption of any kind of data representable in any binary format, unlike classical ciphers which only encrypted written language texts; this was new and significant.


Types of encryption

There are many types of encryption techniques. Here I will be going over:

• DES
• MD5
• NTLM
• LM

Encryption can be broken through techniques of cracking such as:

• Bruteforce
• Dictionary attack
• More..

DES: DES stands for Data Encryption Standard. It was selected by the NBS(National Bureau of Standards). In 1974 it was created by the IBM team.


MD5: MD5 stands for Message-Digest algorithm 5. MD5 has a 128-bit hash value. MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1.


NTLM: NTLM stands for NT Lan Manager. During protocol negotiation, the internal name is nt lm 0.12. The version number 0.12 has not been explained. It is the successor of LANMAN (Microsoft LAN Manager), an older Microsoft authentication protocol, and attempted to be backwards compatible with LANMAN. NTLM was followed by NTLMv2, at which time the original was renamed to NTLMv1.

LM: LM stands for Lan Manger. LAN Manager hash is one of the formats that Microsoft LAN Manager and Microsoft Windows versions previous to Windows Vista use to store user passwords that are fewer than 15 characters long. This type of hash is the only type of encryption used in Microsoft LAN Manager (hence the name) and versions of Windows up to Windows Me.


Cryptanalysis

Cryptanalysis is the art of analyzing a cryptographic scheme. There are a wide variety of cryptanalytic attacks, and they can be classified in any of several ways. A common distinction turns on what an attacker knows and what capabilities are available.


Cracking techniques

There are some different types of cracking techniques. I will discuss in the paper. First being brute force.

Brute forcing is a strategy used to break the encryption of data. It involves traversing the search space of possible keys until the correct key is found. The selection of an appropriate key length depends on the practical feasibility of performing a brute force attack. By obfuscating the data to be encoded, brute force attacks are made less effective as it is more difficult to determine when one has succeeded in breaking the code.

Dictionary attack: A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary.

Hope all your concepts about cryptography are clear now.

Learn What is Cryptography

Cryptography has been around almost as long as language. People have been communicating for thousands of years and have been trying to keep information secret for just as long. Many cryptography methods have been in use for years, and still hold precedence today while leaps in technology have brought forth new methods. My hope is to instill a basic understanding of cryptography and to help people interested in the subject establish a base to witch they can move forward from.


For starters, there are some basic terms that are universal to anything related to cryptography and should thus be memorized.

Plain-text is a unencrypted message,
[ My name is Bob]

Cypher text is plaintext after it has been encrypted,
[ yM eman si boB]

A Key is what the receiver of the message uses to decrypt the message

While its obvious what I've done to the sentence, the difference is clear. One is readable while the other appears to be garble.

Plain and cypher text are universal when it comes to encryption, and are the basis for a encrypted message. One must become the other and then reversed to read the message.

Now on to cyphers; Cyphers can be divided into two main categories, with many sub categories within. The main two are Traditional and Modern cyphers. Traditional cyphers are basic, and have been around for a long time, while modern cyphers utilize the advancements in technology, mainly computers, making them much more advanced.

Traditional cyphers come in two main flavors: Substitution and Transposition. Both involve taking plaintext and mixing it up to create cypher-text. A very basic example would be pig latin. you are taking a message and saying it backwards, ie the example i gave earlier.
With Substitution, you take plaintext, and substitute characters within the message for others, thus scrambling it. Only the person receiving the message has the key and can unencrypted it. Substitution is specific in that when you scramble the message your moving individual characters around, or changing them out for new characters. With transposition your utilizing the same methods as with substitution but your scrambling sections of the message, instead of individual characters. The block of plaintext could be any where from a couple characters long to several sentences or more. Both still utilize the same method for the overall encryption and thus have the same weakness.

Frequency Analysis

Lets say for a moment that you receive an assignment to decode some cypher-text. You start looking at the message, and as notice that some characters appear more often then others. Frequency analysis, basically the use of statistics, involves taking these re-occurring characters and assigning new characters to them based on statistical data.

Lets take the word Experience. I'll encrypt the word and now we have GZRGTKGPEG. If we look at the word it becomes obvious once broken down that the letter g occurs the most out of the other characters with a total use of 4 times. Using statistics, if G is the most common occurring letter in the word, then we could associate this with E and substitute them.

EXRETKEPEE

Now looking at the alphabet you will see that G is two places to the right of E. We'll move the rest of the letters two characters back to get the original word Experience. This is Frequency Analysis in a nut shell. Using modern computer programs this basic technique can be applied to large quantities of cypher text, or can be used to create complex encryptions by layering the movement of characters of blocks of characters. While these can become incredibly complex they can still all be broken the same way given enough time and resources.

While Traditional cyphers can be very complex the weaknesses in there use led to the creation of Modern cyphers witch we will now take a look at.

Modern cyphers can be broken down into two main sub categories as well as several other types not related to the basic system used by the main two.
These two typed are Private Key (symmetric key) and Public Key (asymmetric key) encryptions. Well go through them in this order.

Private Key is simply a password system that keeps the key secret. The same key can be used to encrypt and decrypt, and is less complex then a public key system.
If Bob encrypts a message with Key A and sends it to Tom, Tom will use his copy of key A to decrypt it. The key must be secret to maintain the security of the cypher.

Public Key (asymmetric key) is a system that used a public key in conjunction with private keys. It utilizes a different key to encrypt and decrypt. Bobs company makes a key for encrypting messages that is commonly used, but when Bob sends the message to Tom, Tom uses his private key to decrypt it. If one key is compromised, the other part remains secret, thus maintaining security. This system can become very complex.

Since we covered the basics for Encryption, ill now talk a little about some basic methods for cracking cyphers, such as the ones above.

We already covered Statistical Analysis earlier but it is far from the only way to crack cypher text. Another common method involves Brute Forcing. This involves using a program to make repeated attempts to crack a cypher until it succeeds. This however takes time.

An exercise. is a scenario involving a simple cypher. Bob has a message for Tom. He used key A to encrypt it. Tom has key A as well making this a private key. The cypher-text looks like this:

7 14 7 18 10 3 16 22 21 7 3 22 7 24 7 20 1 22 11 15 7 22 10 7 1 9 7 22 10 11 9 10
The key: 1 = A

Its pretty simple from this point, as obviously you'll notice that every number represents the spot of a letter in the 26 letter alphabet.
Decrypted it looks like this:

GNGRJCPVU GCV GXGTA VKOG VJGA IGV JKIJ

Still looks like garble, but if we use statistical analysis we can crack the cypher text and get Bobs important message.
A quick google search will reviel that the most common letter in the english languadge is E . A quick look at the cypher text will show that G is the most common occurring letter in the sentence. Thus we'll start by swamping G for E:

ENERJCPVU ECV EXETA VKOE VJEA IEV JKIJ

Still garble but were moving in the right direction. Once agin a google search will show that the next most common letter statistical is T.
After scanning our cypher-text we see that V is the second most common letter there so once agin we start swapping:

ENERJCPTU ECT EXETA TKOE TJEA IET JKIJ

The pattern witch you might have already guessed is each character moved 2 spaces to the right. A becomes C, etc.... With that knowledge we can now finish the decoding process.

ELEPHANTS EAT EVERY TIME THEY GET HIGH

Now our cypher-text has been decrypted into readable plaintext and Bobs message to Tom becomes understandable. Not sure of the meaning tho, maby Bob was on something at the time but that aside, this shows how to types of encryptions can be used in conjunction. While this was a very simple cypher, something much more complex can be constructed using the same means, and that same cypher can be broken using Frequency Analysis, and by looking for patters. While everything taught here is at a very basic level it can be taken to great complexities when dealing with real world use.

I hope this has taught you something of the basics of cryptography. Once i get the time i plan on making more of these, with the next one dealing with a common but more complex cypher common to computer use. This is of course the Hash Algorithm.

Know More About The Hackers

As I’m surfing blogs and other security related Websites these days, I’m seeing a lot of good advice on how people can protect themselves from hackers. Everyone advises people to use anti-virus/spyware software, use a firewall, update everything as required, and to be careful when opening email and browsing Websites. There is also good advice about what to do in the event someone gets hit with malware that makes its presence know by causing all types of errant computer behavior. But what many bloggers and Websites don’t seem to be writing about, are hackers that can circumvent these and other types of security measures, including network intrusion detection systems.


Professional and Top Tier Hackers

There are hackers out there that are much smarter than the type of hackers you hear about in the media. They don’t go after every computer, they don’t try to obtain millions of credit card number or Facebook passwords, and they are not out to cause chaos and mayhem. These hackers target specific organizations and individuals for specific information. They spend a lot of time doing reconnaissance on their targets to determine what type of computing and security infrastructure is in place, how users act to specific stimuli (i.e. email, free removable media delivered via postal mail, etc.), and how fast people react to certain types of detectable malware. To these hackers, what we refer to as “security” is nothing more than technical obstacles that can be overcome by careful research and planning. Avoiding detection by anti-virus/spyware and network intrusion detection systems is simply a matter of testing tools against everything out there and making modifications to avoid known signatures and heuristic algorithms. These are the type of hackers that develop zero-day exploits and take advantage of other zero-day exploits as soon as they are announced.


At home

If you’re a home user and only have the basics (firewall + anti-virus/spyware), you don’t stand a chance against a more sophisticated hacker. Your anti-virus/spyware software won’t detect their presence and you won’t see any errant computer behavior. The hacker is going to do all kinds of things to your computer that you won’t even be aware of, including but not limited to: making configuration changes; swapping out legitimate programs and utilities; disabling certain security features; and taking anything and everything of possible interest. After he’s obtained what he’s looking for, he’ll erase every trace of his activities and tools from your computer and disappear.


At the office

If you’re in an office environment, depending on your organization’s security, a more sophisticated hacker is going to be a lot more careful about what he does to your computer, but he will go after any information on your computer, shared drives and internal Websites that he can access using your credentials. There are many other things a hacker may do on your computer, depending on what his objectives are and what he knows he can get away with without being detected. Because he’s done his homework, his activities are less likely to draw the attention of system administrators and security personnel. He also knows that lingering too long on a computer will increase his chances of being detected, so as soon as he has accomplished his objectives, he’ll cleanup after himself and leave.


So what can you do?

You can reduce your chances of being a victim of these types of hackers by implementing additional security measures and following best practices. Notice that I said reduce, not eliminate. Also keep in mind that you have to weigh the risk versus cost and your ability to use and manage more advanced security measures.
For home, here are some things you should consider:

• Purchase an Internet Security Suite. This does much more than just anti-virus/spyware software. Not all products offer the same features, so you’ll have to do some research. If you already have an Internet Security Suite, you may want to compare it with more current offerings from other companies.
• If you shop online or manage your finances online, purchase credit monitoring and identity theft protection. Check monthly statements for unusual or unauthorized transactions.
• Use a separate computer just for managing your finances online.
• Buy your kids a separate computer. They really don’t know better when it comes to computer security, so you’re more at risk if you share the same computer.
• If you use PayPal, open a separate bank account just for PayPal transactions.
• Don’t copy documents containing confidential or propriety information from work onto a internet connected home computer. This includes sending yourself documents via email. These are exactly the type of documents a hacker is looking for and expecting to find on your home computer.
• Use a virtual environment (virtual machine) for browsing Websites, like VMware Player\or something like it.
• Use a Hotmail, GMail or Yahoo email account instead of your ISP email account to register for Websites and download software. If your ISP allows you to create more than one email account, use a separate email account just for financial institutions.

If you own or manage a business and have concerns that your organization may not have adequate protection against more sophisticated hackers, you need to speak to your security team about these types of issues. If you don’t have someone in-house, contact a computer security firm. A computer security firm can do a security and risk assessment, and provide you with a variety of options that meet your needs and budget. The most important assessment you can do yourself, is determining what information is of value to global competitors and how providing competitors with that information can negatively impact your business. This includes customer information as well.

Hacking FAQs

I get a lot of emails about hacking. It’s hard for me to answer each and every question which is asked more frequently. So here I have compiled some of the Most Frequently Asked Questions (FAQs) about Hacking. Hope it helps. Don’t forget to pass your comments.

• What is Hacking?


• Who is a Hacker?


• What is The Hacker Terminology?


• How Do I Hack?


• What do I need to be able to hack?


• How Hackers Work?


• What is The Hacker Toolbox?


• How do I secure my computer from being Hacked?


• Famous Hackers

What is Hacking?

Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. Hacking is the art of exploiting the flaws/loopholes in a software/module. Since the word “hack” has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills.

Who is a Hacker?

Most people think that hackers are computer criminals. They fail to recognize the fact that criminals and hackers are two totally different things. Media is responsible for this. Hackers in reality are actually good and extremely intelligent people who by using their knowledge in a constructive manner help organizations, companies, government, etc. to secure documents and secret information on the internet. Hackers like to explore and learn how computer systems work, finding ways to make them do what they do better, or do things they weren’t intended to do.

What is The Hacker Terminology?

As hacker terminology changes a lot over time some of the terms here may not still be relevant when they are being used. Despite this, most of the terminology will stay and only change slightly if it does; there is more new terminology than there is editing old terminology.

• Hacker: A person who modifies something to perform in a way that was different than it was made to do. Not just to do with computer hacking, but in this case it is.


• Cracker: Crackers are people who break into a computer system for an offensive purpose, for example defacement. A cracker is still a hacker.


• Ethical Hacker: People who hack into systems for defensive purposes, often people hired by companies to pen-test their network.


• White hat hacker: Somebody with defensive security intentions, similar to an ethical hacker. White hat hackers existed before ethical hackers.


• Black hat hacker: A hacker with malicious or offensive intentions


• Gray hat hacker: A combination between white and black hat hackers. We typically say that a gray hat is a white hat by day and a black hat by night. White hats are technically gray hats because black hat hackers can use the tools that white hats use as well. The chances are all white hats have done some black hat hacking at one point because they must have learned to use the tools that they are using ethically to hack a system otherwise they would have no hacking experience.


• Script Kiddie: A person who uses tools with no contribution to the hacking community, kiddies don't know how to create their own tools or use advanced tools and constantly use the same tools to hack a server or system, often not effectively. To some degree all hackers are script kiddies, but a good hacker has the ability to make intelligent decisions such as determining false positives from virus scans.


• Hacktivism: Hactivists perform Hacktivism. Hacktivism is a combination between two works: hacker and activist. Somebody who hacks for a cause; maybe they are environmentalists hacking against companies that they think are destroying the environment


• Vulnerability: A weakness that could lead to compromised security. It may be discovered accidentally. Somebody may write a script to exploit this vulnerability.


• Exploit: A defined method of hacking vulnerability.


• 0Day: An unreported exploit, typically requires some scripting or coding knowledge, this could be virus, malware or spyware. This can be worth a lot of money if sold to a company. Although extremely risky to sell to companies due to the fact that it is illegal.


• War Drivers: People who take some kind of portable device, for example a USB drive or a laptop and just go to a public location. Then they pick up a wireless signal and possibly see what software it is running and maybe find exploits for that software, but war drivers are not limited to this. They often just use this for free internet in the case they don't have access to it themselves.


• Black Box Attacks: Security testing with no knowledge of the network infrastructure, for example attacking a company from the internet.


• White Box Attacks: Security testing with complete knowledge of the network infrastructure.


• Gray Box Attacks: Internal testing from the perspective of a generic user inside the infrastructure, this user would not be an admin but just a normal user.


• Reckless Admins: An admin who is careless, for example using the same password for all of the different things in the network. A reckless admin may not use the latest patches even though they are readily available.

How Do I Hack

There is no easy way how to hack. Google is your best friend.. REMEMBER THAT! Read any information you can find on hacking. Read hacking forums and check out hacking websites. Learn a programming language like C++. Get a book like Hacking for Dummies which will teach you a lot. The best way to start hacking is to teach yourself !!!

What do I need to be able to hack?

Firstly you need to understand how your computers operating system works, networks and protocols works, security settings and general PC knowledge. After you understand how it works you need hacking tools which helps you to hack.

How Hackers Work

Thanks to the media, the word "hacker" has gotten a bad reputation. The word summons up thoughts of malicious computer users finding new ways to harass people, defraud corporations, steal information and maybe even destroy the economy or start a war by infiltrating military computer systems. While there’s no denying that there are hackers out there with bad intentions, they make up only a small percentage of the hacker community.

The term computer hacker first showed up in the mid-1960s. A hacker was a programmer — someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers — they saw the potential of what computers could do and created ways to achieve that potential.

A unifying trait among these hackers was a strong sense of curiosity, sometimes bordering on obsession. These hackers prided themselves on not only their ability to create new programs, but also to learn how other programs and systems worked. When a program had a bug — a section of bad code that prevented the program from working properly — hackers would often create and distribute small sections of code called patches to fix the problem. Some managed to land a job that leveraged their skills, getting paid for what they’d happily do for free.

As computers evolved, computer engineers began to network individual machines together into a system. Soon, the term hacker had a new meaning — a person using computers to explore a network to which he or she didn’t belong. Usually hackers didn’t have any malicious intent. They just wanted to know how computer networks worked and saw any barrier between them and that knowledge as a challenge.

In fact, that’s still the case today. While there are plenty of stories about malicious hackers sabotaging computer systems, infiltrating networks and spreading computer viruses, most hackers are just curious — they want to know all the intricacies of the computer world. Some use their knowledge to help corporations and governments construct better security measures. Others might use their skills for more unethical endeavors.

Here, we’ll explore common techniques hackers use to infiltrate systems. We’ll examine hacker culture and the various kinds of hackers as well as learn about famous hackers, some of whom have run afoul of the law.

What is The Hacker Toolbox?

The main resource hackers rely upon, apart from their own ingenuity, is computer code. While there is a large community of hackers on the Internet, only a relatively small number of hackers actually program code. Many hackers seek out and download code written by other people. There are thousands of different programs hackers use to explore computers and networks. These programs give hackers a lot of power over innocent users and organizations — once a skilled hacker knows how a system works, he can design programs that exploit it.

Malicious hackers use programs to:
Log keystrokes: Some programs allow hackers to review every keystroke a computer user makes. Once installed on a victim’s computer, the programs record each keystroke, giving the hacker everything he needs to infiltrate a system or even steal someone’s identity.
Hack passwords: There are many ways to hack someone’s password, from educated guesses to simple algorithms that generate combinations of letters, numbers and symbols. The trial and error method of hacking passwords is called a brute force attack, meaning the hacker tries to generate every possible combination to gain access. Another way to hack passwords is to use a dictionary attack, a program that inserts common words into password fields.
Infect a computer or system with a virus: Computer viruses are programs designed to duplicate themselves and cause problems ranging from crashing a computer to wiping out everything on a system’s hard drive. A hacker might install a virus by infiltrating a system, but it’s much more common for hackers to create simple viruses and send them out to potential victims via email, instant messages, Web sites with downloadable content or peer-to-peer networks.
Gain backdoor access: Similar to hacking passwords, some hackers create programs that search for unprotected pathways into network systems and computers. In the early days of the Internet, many computer systems had limited security, making it possible for a hacker to find a pathway into the system without a username or password. Another way a hacker might gain backdoor access is to infect a computer or system with a Trojan horse.
Create zombie computers: A zombie computer, or bot, is a computer that a hacker can use to send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes seemingly innocent code, a connection opens between his computer and the hacker’s system. The hacker can secretly control the victim’s computer, using it to commit crimes or spread spam.
Spy on e-mail: Hackers have created code that lets them intercept and read e-mail messages — the Internet’s equivalent to wiretapping. Today, most e-mail programs use encryption formulas so complex that even if a hacker intercepts the message, he won’t be able to read it.

How do I secure my computer from being Hacked?

Having a basic knowledge of computer security and related topics such as Virus, Trojans, spyware, phishing etc. is more than enough to secure your computer. Install a good antivirus and a firewall.

Famous Hackers

Steve Jobs and Steve Wozniak, founders of Apple Computers, are both hackers. Some of their early exploits even resemble the questionable activities of some malicious hackers. However, both Jobs and Wozniak outgrew their malicious behavior and began concentrating on creating computer hardware and software. Their efforts helped usher in the age of the personal computer — before Apple, computer systems remained the property of large corporations, too expensive and cumbersome for average consumers.

Linus Torvalds, creator of Linux, is another famous honest hacker. His open source operating system is very popular with other hackers. He has helped promote the concept of open source software, showing that when you open information up to everyone, you can reap amazing benefits.

Richard Stallman, also known as "rms", founded the GNU Project, a free operating system. He promotes the concept of free software and computer access. He works with organizations like the Free Software Foundation and opposes policies like Digital Rights Management.

On the other end of the spectrum are the black hats of the hacking world. At the age of 16, Jonathan James became the first juvenile hacker to get sent to prison. He committed computer intrusions on some very high-profile victims, including NASA and a Defense Threat Reduction Agency server. Online, Jonathan used the nickname (called a handle) “c0mrade.” Originally sentenced to house arrest, James was sent to prison when he violated parole.

Greg Finley/Getty Images
Hacker Kevin Mitnick, newly released from the Federal Correctional Institution in Lompoc, California.

Kevin Mitnick gained notoriety in the 1980s as a hacker who allegedly broke into the North American Aerospace Defense Command (NORAD) when he was 17 years old. Mitnick’s reputation seemed to grow with every retelling of his exploits, eventually leading to the rumor that Mitnick had made the FBI’s Most Wanted list. In reality, Mitnick was arrested several times for hacking into secure systems, usually to gain access to powerful computer software.

Kevin Poulsen, or Dark Dante, specialized in hacking phone systems. He’s famous for hacking the phones of a radio station called KIIS-FM. Poulsen’s hack allowed only calls originating from his house to make it through to the station, allowing him to win in various radio contests. Since then, he has turned over a new leaf, and now he’s famous for being a senior editor at Wired magazine.

Adrian Lamo hacked into computer systems using computers at libraries and Internet cafes. He would explore high-profile systems for security flaws, exploit the flaws to hack into the system, and then send a message to the corresponding company, letting them know about the security flaw. Unfortunately for Lamo, he was doing this on his own time rather than as a paid consultant — his activities were illegal. He also snooped around a lot, reading sensitive information and giving himself access to confidential material. He was caught after breaking into the computer system belonging to the New York Times.

It’s likely that there are thousands of hackers active online today, but an accurate count is impossible. Many hackers don’t really know what they are doing — they’re just using dangerous tools they don’t completely understand. Others know what they’re doing so well that they can slip in and out of systems without anyone ever knowing.

FAQ: How do I hack?

Learn How to Become a Hacker

These days i am getting more and more emails where my readers are asking me to teach them how to hack. Here is a message i received few days ago that made me laugh: "Alexander, please teach me how to hack email account and i will give you my girlfriend for one night".
So here i will answer some of the most frequently asked questions that every beginner asked before start hacking.

The best way to start hacking is to teach yourself !!!


How do I hack?

There is no easy way how to hack. Google is your best friend.. REMEMBER THAT! Read any information you can find on hacking. Read hacking forums and check out hacking websites. Learn a programming language like C++. Get a book like Hacking for Dummies which will teach you a lot.

What do I need to be able to hack?

Firstly you need to understand how your computers operating system works, networks and protocols works, security settings and general PC knowledge. After you understand how it works you need hacking tools which helps you to hack.

What is command prompt (cmd- the little dos Windows)?

Go START, RUN and type in: "cmd"

What can I do in cmd?

You can can do various things with it like run exploits or do a ping request.

Why does some of the hacking tools I download just close itself when I open them?

Lots of hacking tools are DOS based and has to be run through CMD. If you double click on the program it will open a DOS box and automatically close the box. From CMD you can navigate to the directory which your hacking tool is stored in and run it from there. Other hacking tools are GUI ( graphical user interface ) based and it will open like a normal Windows based program.

What is a IP address?

Every computer connected to the Internet or some network has a IP address. Goto START, RUN and type in "cmd" then type in "ipconfig" it will show you your IP address or addresses. It will look something like this : 81.35.99.84. IP = internet protocol.

How do I find someone's IP address?

There are many ways to find someones IP address. Here are two tutorials that will teach you how to hack an IP Address: How to Hack Someones IP Address and How to Find The IP Address of An Email Sender

What can I do with a IP?

Well you need someone's IP before you can hack, portscan or DOS them.

What is 127.0.0.1 IP?

It is your PC's local loopback IP address.

Why do I have two IP addresses when I do a ipconfig?

Well if your on a local LAN (Local area network) you will have a IP like 192.168.0.1. If your also directly connected to the internet you will have another IP address like 80.87.34.56. 192.168.0.1 is your local IP which you use to communicate with your local internet network (lan) and 80.87.34.56 is your internet IP.

What is a static and dynamic IP address?

Static means permanent set IP address - like a website will have a static IP address, it never changes. Dynamic means temporary IP address - dailing up to the Internet with a modem or most ADSL connections has dynamic IP's. Every time you logon to the Internet your ISP ( Internet Service Provider ) will issue you a new IP address.

I have sent someone a trojan but I cannot connect to their PC?

Either they are running a firewall which blocks you from connecting to their PC, or they are connected to the internet through a router.

What do I do when someone is behind a router and I want to control their PC with a trojan?

You will need to use a trojan which uses reverse connections - meaning you don't connect to the host, the host connects to you. Bifrost is a trojan which has the mentioned function. Remember when someone is behind a router and your using IPstealer to get hold of their IP address, you are actually getting their routers IP, not their actual PC's IP. The router will have the persons internet IP (WAN IP) and their PC will have a different IP - their LAN IP.

How do I check if my own PC is infected with a trojan?

Do a port scan on your PC and check which ports are open. If you find any open ports in this trojan port list you might be infected with a trojan. Download the trojan you think you might be infected with and connect to that specified port.

What is a router?

A device which is used to route data on a network. a Router decides where certain traffic should be sent to.

What is a firewall?

Its a software or hardware device which can block or permit certain ports or IP's or certain kinds of data.

What is a port and what can I do with it?

Every program running on your PC which has some network function uses a specific port to send an receive data though. If you do a port scan you will see which ports are open on the host you scanned. Port 80 is normally a web server. Port 21 a FTP server ect ect.. Trojans also uses ports. Check this list of trojan ports, if you find an open port in this list, the host might be infected with a trojan, download the trojan and try connecting to the port.

How do I do a port scan?

You need a program like SuperScan to do a portscan. Then all you do is add the ip you want to scan.

Why do you want to scan ports?

If you scan a PC with a port scanner, it will show you which programs or services are running on the PC.

Common ports:

Ping : 7
Systat : 11
Time : 13
NetStat : 15
SSH : 22
Telnet : 23
SMTP : 25
Whois : 43
Finger : 79
HTTP : 80
POP : 110

What is a exploit?

It's a poorly coded piece in software which you can use to gain access to the system. There is many exploits available for the various MS Windows's out there.

How do I use a exploit?

You first need to compile the exploit with a program like Bloodshed C++ compiler. Then you can start the exploit through command prompt and see if the system your trying to exploit is vulnerable to that specific exploit. Scroll down for more information about exploits.

What is a exploit POC?

POC stands for proof of concept and it the proof that a exploit works.
What is a DOS attack? - It is when too much data is being sent to a host and it cannot handle all the data and disconnects from the Internet.

How do I see what connections is currently made to my PC?

In cmd type in "netstat" - it will show you IP addresses of connections to your PC and what port it is using.

What is a MAC address?

Its a hard coded number, almost like a name which is embedded into a network card. It identifies the manufacturer of the card and a unique number for the card. No two network cards in the world has the same MAC address.

How do I find out my own or someone else's MAC address?

Your own MAC = Goto cmd and type in "ipconfig /all"
MAC address looks something like this : 00-13-20-A3-0B-4C
Someone else's MAC address you need their IP address and then goto cmd and type in "nbtstat -a 192.168.0.5" or whatever IP they use. This will show you their MAC address as well as their currently logged on user.

What is a Windows Registry and how do I access it?

Its where Windows stores most of the configurations of your operating system and most programs installed. You might used it to make a trojan server file you uploaded to the PC run automaticly when Windows starts up. To access the registry go START, RUN and type in "regedit"
Careful what you change in the registry, it might screw up you PC.. First make a backup of the registry.

How do I hack a webpage/ web server?

Search on google for IIS hacking tutorial, but remember not all webservers run IIS!

What is IIS?

It is Microsoft's web server. IIS - Internet information server. Most webservers run on port 80.

How do I hack into a Gmail, Yahoo or Hotmail email account?

Every now and then someone discovers a way to get into those email servers, but the service provider fixes the security hole so fast, there is no straight answer for that. Best way is to install a keylogger on the victims PC and get their login details. Otherwise download THIS program which you can use to brute force a hotmail account.

How do I hack into a POP3 email account?

Hydra 5.3 is a program which you can use to crack POP3 accounts. You will need a wordlist which Hydra will use to crack the POP3 password.

What is a keylogger?

It is a program you install on someone's PC which captures every key that is pressed on their keyboard which is emailed to you or stored into a file.

How do I get the administrator account password while logged in to the PC?

Locally run a program like Adminhack for local administrator account cracking. If you need to do it remotely run a program like Venom or Starbrute.

What is a SAM file?

SAM file is the file which stores all the user accounts and their password hashes like the Administrator account. SAM file is stored in "C:\WINDOWS\system32\config" but it is locked and inaccessable while you are busy using Windows - meaning you can't copy it while your in Windows. You need to boot up with another operating system like NTFSDOS or Linux with NTFS support. When you copied the SAM file you can crack the passwords stored in the SAM file with a program like LC5. With Pwdump6 it is possible to get access to the SAM file while logged into windows. It can also connect to a remote PC and grab the password hashes from the SAM file. Administrator account is needed.

How do I reset a administrator or some other account password on Win2K/WinXP/WinNT/Win2003?

Download Offline NT Password & Registry Editor which you can use to create a bootup disk or CD and then boot up the PC and then you can reset the password. Just remember that this program will not show you the password, you can only change the password.

How do I crack a administrator password?

If you need to crack a administrator password you will need to copy the SAM file to another machine and crack it. Download this NTXP-Cracker program which has included everything you need to boot up the PC, copy the SAM file and crack the SAM file on another machine.

How do I find out what operating system does my target run?

Download Detect and use it against your targets IP address.
Result:
C:\>detect.exe 127.0.0.1[*]------------------------------[*][*] XP/2K OS Detector[*][*] by: illwill & phr0stic[*][*]------------------------------[*]
[+] Finding Host 127.0.0.1
[+] Connected to 127.0.0.1
[+] Bytes Sent: 222
[?] The box seems to be Windows XP


Basically these are the frequently asked questions every beginner asked. Hope you'll find this post useful.

FAQ: Phishing to Hack Email Account Passwords

What is Phishing and how to use it for hacking?

I have written much about Phishing on this blog. I received large response for my indepth tutorial on Phishing to hack email account password. Thanks a lot for your kind co-operation. Many readers were able to get the trick or hack of Phishing and how to use Phishing to hack email account. But, some readers were just not able to get out their problems. I have written this article for such readers to help them sort out their Phishing related problems.

I was just going through comments made by you guys and noticed some readers left unanswered or they were not convinced by me. So, here are answers to some of commonly asked questions for Phishing.


1. First of all lets clear What is Phishing:

Basicly phishing is way of sending a fake page to victim which resembles the original page and ask the victim to login with the provided modified page called as phisher. This the most popular method used by hackers to hack email account passwords like myspace, gmail, yahoo, orkut, facebook, etc.

2. Does Phishing help in hacking email passwords?

This was the most basic question I read. No doubt, the reader is newbie and hence I have included this question over here. Helping newbies is my prime purpose. The answer is "Yes. Phishing is meant for hacking email passwords".

3. Which email passwords can be hacked using Phishing?

Phishing can be used to hack any email password or any online account password. It can be email account like hotmail, gmail, yahoo; social networking site account like myspace, orkut, faceboook; banking account; file sharing account or any account you want.

4. How do I perform Phishing?

Phishing is one of the easiest hacking methods. The only thing is you have to get the actual idea of what you have to do to hack email password. You can learn Phishing and how to make your own Phisher by referring my articles "How to Make a Phisher to Hack Any E-Mail Account Password" and "Software to Create Your Own Phisher".

5. What are webhosts?

Webhosts, to explain in short, are offering free webspace where we can upload our created phisher. Phisher is fake login page that we create and we have to upload it on internet. So, we need some space on internet for phisher which is provided by such free webhosts.

I would recommend you following webhosts:

• www.yourfreehosting.net
• www.drivehq.com
• www.110mb.com
• www.t35.com
• www.esmartstart.com

6. Why I can't upload write.php?

Well to upload write.php file, your webhost must support php files. Try using webhosts I have illustrated in Q.5. They all support php.

7. Why I can't run Phisher Creator software on my computer?

For being able to run Phisher Creator software, your computer must have necessary library files installed. Install Library files package and even .NET Framework.

8. How do I send Phisher link to victim?

Get the Anonymous Emailer software and create a fake email and post the phisher link in this email. Ask victim to login to his account using this link. Also try using your logic to make him login to your sent phisher.

9. Why I don't get passes.txt file?

Passes.txt file is created only after victim logins with our sent phisher. If you are trying it, login using phisher and then go to file manager of FTP account. You will see passes.txt file created. If file is not present, try refreshing the page and you'll get it. If you're still not able to get passes.txt file, do one of following:

• Re-login using phisher.
• Change your webhost.
• Re-start from beginning.

Sorry for this... but this has helped many visitors as they don't know where they had made a mistake. So, its always best to restart the process.

10. How do I get my Phisher link?

Go to File Manager. Upload your phisher created by Phisher creator. Now, click on uploaded "index.htm" file. You will see fake page. Now, in address bar, you will get your Phisher link. This is your Phisher link. Send this phisher link to your victim.

11. Why Phishing is not working for me?

I'm received many questions like this. I helped many readers and finally reached conclusion that most of them were not reading my article completely and carefully. So, read article completely and carefully. This is most common error made by readers.


Thats it. I hope now, you will have most of your doubts about Phishing cleared. This article is meant only for you.

Enjoy Phishing to hack email password...