Hacking Master Tips & Tricks

Hacking

How to install Kali Linux Operating System in your PC..??

Kali Linux

Intro :-

Setup :-

Cheat Engine can help you save some time and cut corners on a few video games. It's a great option if you're into a game but don't want to invest more time in the game than you have to offer. Using the popular Plants vs. Zombies game as an example, you can get cheating and save time while having all the fun it offers. It's important to know all of your available cheats so you can get the most of your games.

Steps

Download Cheat Engine. You can find it athttp://cheatengine.org/downloads.php.

Download the game you want to use Cheat Engine on. This tutorial will use Plants vs. Zombies.

Open both the game and Cheat Engine.

Click on the "open processes" icon in upper left Cheat Engine window.

In the process list, click the "PlantsVsZombies.exe" option. Click on "open."

�

�

Select the value you want to change. For instance, when you open a new game of Plants vs. Zombies, you see you have only 25 suns.

Enter the new value in Cheat Engine. For example, enter 25 in the Hex field and click "First Scan." You'll get a lot of data in the table at left marked "Address" and "Value."

See the value change inside the game. For instance, when you pick up another sun in Plants vs. Zombies, your energy will be 100.

Unethical hacking can be called an illegal activity to get unauthorized information by modifying a system’s features and exploiting its loopholes. In this world where most of the things happen online, hacking provides wider opportunities for the hackers to gain unauthorized access to the unclassified information like credit card details, email account details, and other personal information. 

So, it is also important to know some of the hacking techniques that are commonly used to get your personal information in an unauthorized way.

10. Keylogger

Keylogger is a simple software that records the key sequence and strokes of your keyboard into a log file on your machine. These log files might even contain your personal email IDs and passwords.

Keylogger is one of the main reasons why online banking sites give you an option to use their virtual keyboards.

9. Denial of Service (DoS\DDoS)

A Denial of Service attack is a hacking technique to take down a site or server by flooding that site or server with a lot of traffic that the server is unable to process all the requests in the real time and finally crashes down.

For DDoS attacks, hackers often deploy botnets or zombie computers which have got the only work to flood your system with request packets.

8. Waterhole attacks

If you are a big fan of Discovery or National Geographic channels, you could relate easily with the waterhole attacks. To poison a place, in this case, the hacker hits the most accessible physical point of the victim.

For example, if the source of a river is poisoned, it will hit the entire stretch of animals during summer. In the same way, hackers target the most accessed physical location to attack the victim. That point could be a coffee shop, a cafeteria etc.

Once hackers are aware of your timings, they might create a fake Wi-Fi access point and modify your most visited website to redirect them to you to get your personal information.

7. Fake WAP

Even just for fun, a hacker can use software to fake a wireless access point. This WAP connects to the official public place WAP. Once you get connected the fake WAP, a hacker can access your data, just like in the above case.

6. Eavesdropping (Passive Attacks)

Unlike other attacks which are active in nature, using a passive attack, a hacker just monitors the computer systems and networks to gain some unwanted information.

The motive behind eavesdropping is not to harm the system but to get some information without being identified.

5. Phishing

Phishing is a hacking technique using which a hacker replicates the most-accessed sites and traps the victim by sending that spoofed link.

Once the victim tries to login or enter some data, the hacker gets that private information of the target victim using the trojan running on the fake site.

4. Virus, Trojan etc.

Virus or trojans are malicious software programs which get installed into the victim’s system and keeps sending the victims data to the hacker.

3. ClickJacking Attacks

ClickJacking is also known by a different name, UI Redress. In this attack, the hacker hides the actual UI where the victim is supposed to click.

In another word, the attacker hijacks the clicks of the victim that aren’t meant for the exact page, but for a page where the hacker wants you to be.

2. Cookie theft

The cookies of a browser keep our personal data such as browsing history, username, and passwords for different sites that we access. Once the hacker gets the access to your cookie, he can even authenticate himself as you on a browser.

1. Bait and switch

Using bait and switch hacking technique, the hacker runs a malicious program which the user believes to be authentic. This way, after installing the malicious program on your computer, the hacker gets unprivileged access to your computer.

If you are working in a Linux system, donot work as a root user, especially when trying with new stuffs. Else you may have to compromise your entire system. You can switch to your root user when you know what you are doing. Beware of the fact that, even if you are running the application as a non-root user, the trojan can still works and get the user files/ keylogs etc. So as a general advice, I might say, never download untrusted contents especially from IRC, IM, small sites. torrents, warez etc.

Windows is an entirely different platform. If you are limiting yourself without the administrative privilages in windows, it will be pretty hard to keep on working, while in Linux, working as a non-root user and switching to a root user is pretty easy.

As I discussed in my previous tutorials, the Windows is the most targetted Operating System because of its popularity and lack of strong security measures. In windows, you have to install a Antivirus Software as the first step defense. Also, you have to update your antivirus as soon as a new update is availble. Without the proper updation of your antivirus softwares, they are nothing but a resource hungry daemon. So, to stay safe, never download any softwares from untrusted sources.

"In a few years, men will be able to communicate more effectively through a machine than face to face," Taylor wrote in the 1968 paper.

Ok. Now we're going to have some discussions about the basic configs and security checks you should take so that you can be safe in your hacking deeds. Well, the cyber-world is no way dissimilar to the actual world, where lots of crimes are committed everyday, and ofcourse you don't want to be targetted by some dull skids, and also, you may never need cops outside your door if ever you did something dull, out of curiosity. 

What is the "Limit" of your Machine?

First of all, as everything we start, here also we must know what is the "limit" or capacity of your computer. You need to know the basic specifications of your computer like:

The memory size of the RAM and the HDDThe speed of your processorHow extreme your graphics card can go, etc

Now you will be more aware of the limitations of your system as you have completed a background check of your machine. So you know what you CAN do and what you CAN'T do with your box.

Essential Softwares you need to Install in your Machine?

Guess what? This tutorial is mostly biased to support Windows Operating system because of one and only one reason, its reach to the public and the easness in its usage. Frankly, Windows is the most commonly used Operating System in the word as you all may know. And it is only because of its popularity these hackers/ breachers are attacking mostly windows systems. The velow programs that are discussed will work mainly on windows but some of it will work in Linux/ Mac too.

1. Anti-Virus Program

Yes, every one will know about it. No need of an explanation here. This is the first line of defense that every one will take. It is adviable to be used in every system, so as to ensure the security at the cost of performance and resources.

2. Virtual Machine

At the word that we are currenlty living in, The Virtual Machines are the inevitable part of the System of a Hacker. Every latest viruses that is being released everyday can easily byepass the antivirus securities. Though the antivirus softwares constantly updates their defintions to include more virus signatures, by that time the viruses would have done their tasks.

Here, we are the one who will be making RATS/ Keyloggers and exploits. So the risk of testing these kinds of stuffs will be high as, many times, we may have to compromise the stability of our Operating Systsm and may have to re install them.

So basically, what is a virtual machine? Well, it is a virtual computer inside you OS which is being simulated to perform the real computer tasks in reality. As I said, when you are creating exploits and all, sometimes things can go fataly wrong and you may lose all of your valuable data. So as a remedy, we can use a virtual machine to develop and test our stuffs. The virtual machine will create a virtual hard disk and executes all the programs withi it. So the scope of your program's execution environment will be contained within the virtual hard disk inside you virtual machine and you can keep your hot operating system safe and sound.  

The main disadvantages of the vitual machines are , they will take a lot of resources to sinulate a virtual computer inside your real one. It can be ignored when we can foresee the benefits that we will be getting.

3. Sandboxie

So, now you will be thinking about developing some exploits/ RATS. In that case, your system will be your laboratory. So we must give our lab, its own defences.

Sandboxie is a program that will let you run your suspicious programs inside it. Usually, the execution will be done in some remote memory locations that are isolated from the main execution environment. So when you run the application within it, we can easily terminate it at our need without causing a damage to our  "Lab'.

4. COMODO Firewall

As an additional security, you can install a firewall in additional to the host operating systems default firewall. Comodo firewall holds some flexible UI so as to monitor every actions that are being performed through our open ports. So using this, we can monitor our inbound and outboud connections and check if anything suspicious is being happening, when you are idle. 

5. VPN (Virtual Private Network)

This one is almost discussed twice in the beginners tutorials. So you are now having knowledge about what I had to tell here, so I am not repeating it here. :)

Let us start our journey from the basics ! Below are some frequently used words, their brief meaning and acronyms that are commonly used in this world !

ACRONYMS

R.A.T :-> Remote Administration Tool

DrDoS :-> Distributed Reflected Denial of Service Attack, uses a list of reflection servers or other methods such as DNS to spoof an attack to look like it's coming from multiple ips. Amplification of power in the attack COULD occur.

VPS :-> Virtual Private Server

SE :-> Social Engineering

HTTP :-> Hyper Text Transfer Protocol. The foundation of data communication for the World Wide Web.

SSH :-> Secure Shell, used to connect to Virtual Private Servers.

FTP :-> File Transfer Protocol. Used for transferring files over an FTP server.

XSS (CSS) :-> Cross Site Scripting

Malware :-> Malicious Software

Skid :-> Script Kid/Script Kiddie

DDoS :-> Distributed Denial of Service

VPN :-> Virtual Private Network

Nix :-> Unix based operating system, usually refered to here when refering to DoS'ing.

SQL :-> Structured Query Language. It usually goes along with a word after it, such as "SQL Injection."

FUD :-> Fully Undetectable

WORDS

FUD :-> Fully undetectable, can be used in many terms. Generally in combination with crypters, or when trying to infect someone.

LOIC/HOIC :-> Tool(s) used by many anonymous members to conduct DDoS attacks. It is not recommended to use these under any circumstances.

Trojan :-> A Trojan is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer.

Botnet :-> Computers infected by worms or Trojans and taken over by hackers and brought into networks to send spam, more viruses, or launch denial of service attacks.

SQL Injection :-> An SQL injection is a method often used to hack SQL databases via a website, and gain admin control of the site.

Root :-> Highest permission level on a computer, able to modify anything on the system without restriction.

Warez :-> Software piracy

White Hat :-> A "white hat" refers to an ethical hacker, or a computer security expert, who specializes in penetration testing and in other testing methods to ensure the security of a businesses information systems. (Good guy, per se)

Rootkit (ring3 ring0) :-> A powerful exploit used by malware to conceal all traces that it exists. Ring3 - Can be removed easily without booting in safemode. Ring0 - Very hard to remove and very rare in the wild, these can require you to format, it's very hard to remove certain ring0 rootkits without safemode.

Script Kiddie :-> A script kid, or skid is a term used to describe those who use scripts created by others to hack computer systems and websites. Used as an insult, meaning that they know nothing about hacking.

IP Grabber :-> A link that grabs someone's IP when they visit it.

DDoS :-> Distributed denial of service. Flooding someones connection with packets. Servers or web-hosted shells can send packets to a connection on a website usually from a booter.

VPS :-> The term is used for emphasizing that the virtual machine, although running in software on the same physical computer as other customers' virtual machines, is in many respects functionally equivalent to a separate physical computer, is dedicated to the individual customer's needs, has the privacy of a separate physical computer, and can be configured to run server software.

Malware :-> Software designed to do all kinds of evil stuff like stealing identity information, running DDoS attacks, or soliciting money from the slave.

Phreak :-> Phone Freaks. Hackers who hack cell phones for free calling. Free Long distance calling. Etc.

Bot :-> A piece of malware that connects computer to an attacker commonly using the HTTP or IRC protocal to await malicous instructions.

Shell :-> The common meaning here is a hacked web server with a DoS script uploaded to conduct DDoS attacks via a booter.

ANSI Bomb :-> ANSI.SYS key-remapping commands consist of cryptic-looking text that specifies, using ansi numeric codes to redefine keys.

DOX :-> Personal information about someone on the Internet usualy contains real name, address, phone number, SSN, credit card number, etc.

Worm :-> Software designed to spread malware with little to no human interaction.

Deface :-> A website deface is an attack on a site that changes the appearance of the site or a certain webpage on the site.

Keylogger :-> A software program that records all keystrokes on a computer's keyboard, used as a surveillance tool or covertly as spyware.

Remote Administration Tool :-> It's a general term for a hack that can let someone remotely control your computer with admin access.

Black Hat :-> A hacker who performs illegal actions to do with hacking online. (Bad guy, per se)

 

“ANYONE WHO KNOWS ABOUT THIS FLAW AND DIDN’T ACTIVELY TRY TO REMEDY IT SHOULD BE FIRED. WE CAN’T HAVE 300 SOME MILLION AMERICANS, AND REALLY THE GLOBAL CITIZENRY, BE AT RISK OF HAVING THEIR PHONE CONVERSATIONS INTERCEPTED WITH A KNOWN FLAW SIMPLY BECAUSE SOME INTELLIGENCE AGENCIES MIGHT GET SOME DATA,” HE SAID. THAT IS NOT ACCEPTABLE.”

Hackers Can Steal Your Password Just by Monitoring Smart-Phone  Sensors

"Most smartphones, tablets and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera, and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer," Dr. Maryam Mehrnezhad, the paper's lead researcher, said describing the research.

"But because mobile apps and websites don't need to ask permission to access most of them, malicious programs can covertly 'listen in' on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords."

"Despite the very real risks, when we asked people which sensors they were most concerned about we found a direct correlation between perceived risk and understanding," Mehrnezhad said. "So people were far more concerned about the camera and GPS than they were about the silent sensors."