The Content Provided on HackClarify are Only for Security Awareness & Educational Purposes Only, Hackclarify is Not Responsible for any Harm Done!
Place Your Ads Here By Requesting Using The Contact Form
Add to Google Reader or Homepage Add to Netvibes Add to Yahoo! Subscribe in NewsGator Online Add to My AOL

The Only True Guide to Learning how to Hack

9:23 AM Article by Unknown


You stay up all night on the PC typing and typing. No, you're not hacking. You're begging someone on IRC to teach you how to hack! Let's look at the facts:

1. You're a luser and you're annoying. No one likes you if you ask others how to hack without taking the least amount of innitiative.

2. You're not worthy of any title even resembling hacker, cracker, phreaker, etc., so don't go around calling yourself that! The more you do, the less likely you are to find someone willing to teach you how to hack (which is an infinitesimal chance, any way).

3. You're wasting your time (if you couldn't infer that in the first place). Many real hackers (not those shitty script kiddies) spend all their insomniac hours reading and, yes even, HACKING! (Hacking doesn't necessarirly (but usually does) mean breaking into another system. It could mean just working on your own system, BUT NOT WINDOWS XP (unless you're doing some really menacing registry shit, in which case, you're kind of cool).)

You're probably thinking, "Then what should I do. If no one's going to help me, how can I possibly learn to hack?" Have you ever tried READING (I assume this far that you are literate). Read anything and everything you can get your hands on! I recommend hitting a computer store and looking for discount books (books that are usually out of date, but so are a lot of the systems on the 'net, so they're still relevant!). You'll be surprised what you can learn from a book even when you're paying a dollar for every hundred pages.

I recommend the following books to start off with:

--------------------------
* Maximum Security I or II: this is not a guide to hacking, despite what you might have heard, but you can get enough info to learn the basics of how hackers hack! (Isn't that more fun than being lamed, email bombed, and kicked of IRC).

* Practical Unix and Internet Security (Sec. Edition): This is mostly a book about how to secure Unix (if you don't know what Unix is, either shoot yourself now, or read O'Reilly's Learning the Unix OS), but half of learning to hack is learning a system from the inside out. How can you expect to hack a site (w/o using a kiddie script, which i must restate, is NOT hacking) if you don't know how to use the system?!

* Linux Unleashed/Red Hat Linux Unleashed: these books are kind of cool. First of all, they come with Red Hat Linux (*sigh*, just go to www.linux.org and read everything there) 5.1 and 5.2 respectively (if you get the newest versions of the book, whi ch you should). Read everything you can from it.

* Sendmail in a nutshell: This is only after you read everything else. Sendmail, for those of you who still don't know, is a program that sends mail. It sounds stupid, but this is a buggy program, and usually is the avenue of attack many hackers take because of it's vulnerabilities.

* TCP/IP Blueprints: this will clear up a lot of things concerning TCP/IP.

* TCP/IP Administration: haven't read it, but can't wait to! (I've been bogged down by a lot of other REAL computer stuff).

After you've read them all, re-read them! Trust me, you gain a ton of information the second time you read them just as you gain perspicacity the second time through a movie with a twisted plot. Then, read a ton of RFCs. RFCs are Request for Comments but the people who practically shaped the Internet. Here is a good list of RFCs (the books above give about the same list):
---------------
    * RFC0760 - DoD Standard Internet Protocol
    * RFC0792 - Internet Control Message Protocol
    * RFC0819 - The Domain Naming Convention for Internet User Applications
    * RFC0821 - Simple Mail Transfer Protocol
    * RFC0822 - Standard for the Format of ARPA Internet Text Messages
    * RFC0976 - UUCP Mail Interchange Format Standard
    * RFC1123 - Requirements for Internet Hosts -- Applications and Support
    * RFC1135 - The Helminthiasis of the Internet (Morris Worm)
    * RFC1244 - Site Security Handbook
    * RFC1521 - MIME (Multipurpose Internet Email Extensions) Part One
    * RFC1522 - MIME (Multipurpose Internet Email Extensions) Part Two
    * RFC1651 - SMTP Service Extensions
    * RFC1652 - SMTP Service Extension for 8bit-MIMEtransport
    * RFC1652 - SMTP Service Extension for Message Size Declaration
    * RFC1675 - Security Concerns for IPng
    * RFC1704 - On Internet Authentication
    * RFC1739 - A Primer On Internet and TCP/IP Tools
    * RFC1750 - Randomness Recommendations for Security
    * RFC1825 - Security Architecture for the Internet Protocol
    * RFC1891 - SMTP Service Extension for Delivery Status Notifications
    * RFC1892 - The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages
    * RFC1893 - Enhanced Mail System Status Codes
    * RFC1894 - An Extensible Message Format for Delivery Status Notifications
    * RFC1918 - Address Allocation for Private Internets
    * RFC1920 - Internet Official Protocol Standards

That's it for now. If anything else interests you about the Internet, try to look up an RFC for it.

Read anything you can about Internet security in general (but not stuff like "How to Hack" (but keep reading this!)). Subscribe to mailing lists. Some of my favorites are bugraq, happy hacker (interesting stuff), and MC2. By now, you should be advanced enough to breeze through Carolyn Meinel's "Guide to (mostly) Harmless Hacking." It's got something interesting stuff, but not enough to be "3l1t3."

Okay, now for the big step: the step from lamer to hacker! If you have not already, install Linux. Now it's okay for you to go online to usenet groups and ask for help installing Linux, 'cuz quite frankly, if pretty f*** hard! NEVER, EVER, EVER expe ct to get it on the first try just right. The next thing to do is learn programming. I reco mmend learning C++ first because it will help you understand a lot about programming, it's easy to use, and is a lot like the other programming languages you should also learn. Read these books:

    * Teach Yourself C++ in 21 Days: the name says it all
    * Learning Perl: an AMAZING book on learning Perl
    * Programming Perl: the next step after Learning Perl
    * Perl Cookbook: the next step after Programming Perl
    * Core Java (Volume I & II): these books are by the makers of Java. Java is a really cool language to say the least, but you should at least learn C++ before so you can understand classes.

Now, you may be saying I may have been a bit hypocritcal by saying not to ask how to hack but to ask about installing Linux. The thing is that Linux people are usually pretty nice, and the people who are Linux gurus want more than anything for Linux to prosper, and are willing to help you out. Oh, by the way, if you've installed Linux the way you want it (which does not include throwing you Linux box out the window and yelling, "I LIKE THIS JUST FINE!"), congratulations. You have now earned my respect.

Okay, I mentioned kiddie scripts earlier, and I'll follow up on it now. Kiddie Scripts are auto hacking programs that will do all the work for you. You don't want that. I do condone downloading them and learning from them, but don't become a script kid die. The only place they go in life is jail (not where you want to be).

Now, you should know a great deal about hacking. You have a compendium of information at your fingertips with a mental index. You want the best advice? Don't hack. Odds are, you will get caught, and then it goes down on your criminal record, and unless you did something fan-f***-tastic, like hacking the white house security cameras and get video of Slick Willie getting a BJ, you can pretty much kiss your computer future goodbye, cuz no one will hire a convicted hacker. If you do hack, be a white hat hacker. For example, upon breaking into a site, leave a note maybe including how to contact you (not through the phones, mail, real email address etc., do it through a hotmail account or something) or how to fix it. They may be nice enough to offer you a job! That's right, there are some people who get paid to hack and do what they love.

In conclusion, you may have noticed that this was not a real guide to hacking.
This was a guide to LEARNING how to hack, which, if you want to be a real hacker, you will have to do

There is no one way to hack. (If so, it would be a lot easier for system administrators to keep you out!) It's a variety of different tricks as well as the ability to keep up with current vulnerabilities in software and hardware. You should also learn how to program. Even though Kevin Mitnick was infamous among the hacker culture for being the most wanted cracker, he couldn't even write his own exploits! That's pretty sad. Please use whatever information you have wisely and responsibly, and distribute it only to people who are worthy of it.

Yes guys this gotta be the one !!

MORE SHARES AND COMMENTS WILL LEAD TO BETTER ARTICLES AND PDF VERSIONS
Subscribe,Comment & Share


Read More Add your Comment 9 Replies


PrintPDF

SQL Injectioning? How does it Work?

9:01 AM Article by Unknown

A large number of websites are vulnerable to SQL injection attacks, I must say that its just the fault of the website admin, Who has designed it. I am going to discuss here that what is SQL injection and how it is accomplished. Now-a-days, many noobs find an SQL error in database by automated scanners and just exploit it for fun. But that is not a good act. Even i haven't used my skills for any bad purpose. This post is about those people who don't know that their website is actually vulnerable to such attack, also i am going to tell you that how its done and how to catch this vulnerability.Due to such vulnerability a Hacker can gain access to your website within a minute, Yes its true.

What is SQL Injection?
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
In simple words I must say that hacker injects certain characters in the admin authentication area and gains access as admin.

How is basic SQL injection Accomplished?
Google is very helping in hacking, due to dork technique, Now you will think that what is dork?
Dork: A search enquiry to find a website specific to an attack type etc.
A few dorks are below, which are used to find, vulnerable site:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
(Note: I am not giving all dorks, due to the fact that i might go illegal, You may be just learning but we can't trust everyone.)

These dorks are pasted in the search bar of google.com. and then searched to find the website.

After finding the required target, injection is accomplished, like in the login fields of admin, as password following injections are inserted:
' or '1'='1
' or 'x'='x
(Google to get more, It would be illegal if i post here all.)

In simple words:
Username : Admin
Password : 'or'1'='1
Hit login and you are in, All the sites are not vulnerable and this is just for learning purpose, WiredHacks is not responsible for any harm or damage caused.


That was just a simple tutorial to give you basic information of SQL injection. There are more advanced techniques too. But some other day i will discuss.


How to check that your website is vulnerable?
Well, After reading the basics above you might have got the concept of SQL injection. But many tools are also available to scan your website or server for such errors in database, Note, When error occurs it means that website is vulnerable.
First Method:
Here is an online scanner:
http://webhosting.blackoutaio.com/~sqli/
For example, If you want to scan, www.website-yasar.com then put this in scanner bar:
inurl:php?=id+site:website-yasar.com
 If you get:

http://www.website-yasar.com/product.php?id='3 <== Success

Then it means that website is vulnerable and can be exploited easily by getting the number of colums.
(Note: catid, data, num is also used in addition to id. Simply replace id with your desired value in the dork of scanner.)
Here i got screen shot of a Website with dork "data" instead of "id" vulnerable to the attack it has scanned it overall and here are results:
 


Second Method:
Here is an automated scanner, Which is for newbies, Just click scan and take rest.
Go to this link to get detailed information on how to find SQL vulnerability in website.
To get Acunetix vulnerability scanner Trial version go here.


Hope, Now you might be aware of SQL injections. Futher information will be posted later.
 


Read More Add your Comment 2 Replies


PrintPDF

Hack A Password Protected Website

12:54 AM Article by Unknown


Here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .
Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a ‘games’ directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can’t get past an opening “PasswordRequired” box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it’s hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don’t care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let’s say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be on the index page and ready to follow the links for downloading.


Read More Add your Comment 0 Replies


PrintPDF

 
Supported/Suggested Browsers for our site
Fight Spam! Click Here!

Don't Copy Articles

Protected by Copyscape Plagiarism Detector
DMCA Protected

Expand HackClarify

Hacking Tips & Tricks

If HackClarify articles have helped you in learning then copy code below and give a small place to this image in your blog or website:

Attribution

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Dont Copy or Reproduce Articles.

© 2012 | Founded & Maintained by Samin Yasar | All Rights Reserved