HackDigits -

Friday

How to Hack a Database

Warning: The purpose of article is to develop programs to prevent the hackers from hacking databases. This article lists the common methods used to hack databases.

Steps

Use wireless access points. Amateur hacking technique called "wardriving," which uses wireless access points to find vulnerable networks from which to launch attacks.

Use SQL injection. Once connected to those private networks, Hackers uses a well-known technique called "SQL injection" to trick Web applications into forking over private information that gave him deeper access into networks. Even though it sounds complicated, techies liken this kind of hack to simply turning the front doorknob to get into a house.

In the seven-layer Open System Interconnection model, a popular reference guide for securing a network software stack, the application layer is at the top. SQL injection is a Web-based attack that happens on this surface level. Securing the application layer is entry-level security stuff.
Hackers use either a Web application scanner or Web application firewall to guard against SQL injections. A Web application scanner likely would have likely caught the SQL injection vulnerabilities . If it didn't, an application firewall probably would have isolated the attacker from gaining access to other parts of the compromised networks.

Warnings

Only do this in your databases.

How to Appear to Hack a Website

Ever Feel like changing a website? Now you can! Make websites look stupid! Amaze your friends!

Go to this website

After copying the different javascript hacks onto a notepad

(so you don't have to keep going back to keep copying different things)

go to a website you want to edit.

If you want to use the Text Edit, read this step. For Image Dance, read the next one. Copy the said java hack and paste it to the browser bar. Hit enter, wait a few seconds, then edit it as if it's a notepad program!

For Image Dance, copy the said java hack and paste it to the browser bar.

Press enter, wait a few moments, and the images should be dancing!

If you want it to go faster, hover the cursor to the browser bar and look for the

"R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200"

and change the numbers to desired amount. Enjoy!

Warnings

No possible dangers. It shouldn't even be considered hacking

Things You'll Need

A java capable internet browser (like IE.)

A good internet connection

Thursday

How to Pretend to Hack a Website

Today, i will teach you how to hack.. but Note: This does not really affect the website content at all. What you change is only visible on your computer. Then as soon as you refresh the page it will be back to normal for you too.

Steps

Go to the page you want to hack and wait for it to be loaded fully.

If you do it before, it will only edit what has already loaded.

Copy this code into the url bar:

javascript: document.body.contentEditable = 'true'; document.designMode = 'on'; void 0

Hit Stop! If it worked right the links will have turned a more saturated blue, and when you click somewhere you'll be able to edit text

Edit! You can change text by highlighting it and typing. You can stretch or delete images just by clicking on them. Or you can just highlight the whole page and hit delete! Have fun!

Type the following code to make the page uneditable again:

javascript: document.body.contentEditable = 'false'; document.designMode = 'off'; void 1

Once you have made the page uneditable again, left-click in the URL Bar and press ESC. This will reset the URL to the page you are on, making it look authentic! Or you can open another tab and go back to the edited page!

Tips

You can use this to remove ads.

This can be a good way to prank friends.

You should have JavaScript enabled to do this. If you do not, you can simply enable it in your browser preferences.

How to Hack (Steps)

Before You Hack

Learn a programming language.

You shouldn't limit yourself to any particular language, but there are a few guidelines.

C is the language the Unix was built with. It (along with assembly language) teaches something that's very important in hacking: how memory works.

Python or Ruby are high-level, powerful scripting languages that can be used to automate various tasks.

Perl is a reasonable choice in this field as well, while PHP is worth learning because the majority of web applications use PHP.

Bash scripting is a must. That is how to easily manipulate Unix/Linux systems—writing scripts, which will do most of the job for you.

Assembly language is a must-know. It is the basic language that your processor understands, and there are multiple variations of it. At the end of the day, all programs are eventually interpreted as assembly. You can't truly exploit a program if you don't know assembly.

Know your target.

The process of gathering information about your target is known as enumeration. The more you know in advance, the fewer surprises you'll have.

Hacking

Use a *nix terminal for commands. Cygwin will help emulate a *nix for Windows users. Nmap in particular uses WinPCap to run on Windows and does not require Cygwin. However, Nmap works poorly on Windows systems due to a lack of raw sockets. You should also consider using Linux or BSD, which are both more flexible, more reliable, and more secure. Most Linux distributions come with many useful tools pre-installed.

Secure your machine first. Make sure you've fully understood all common techniques to protect yourself. Start with the basics — have you found a server hosting a site about illegal or possibly bad activity? Attempt to hack it in any way you can. Don't change the site, just make it yours.

Test the target. Can you reach the remote system? While you can use the ping utility (which is included in most operating systems) to see if the target is active, you can not always trust the results — it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators.

Determine the operating system (OS). Run a scan of the ports, and try pOf, or nmap to run a port scan. This will show you the ports that are open on the machine, the OS, and can even tell you what type of firewall or router they are using so you can plan a course of action. You can activate OS detection in nmap by using the -O switch.

Find a path or open port in the system. Common ports such as FTP (21) and HTTP (80) are often well protected, and possibly only vulnerable to exploits yet to be discovered.

Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming.
An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be bruteforced.

Crack the password or authentication process. There are several methods for cracking a password, including brute force. Using brute force on a password is an effort to try every possible password contained within a pre-defined dictionary of brute force software

Users are often discouraged from using weak passwords, so brute force may take a lot of time. However, there have been major improvenments in brute-force techniques.
Most hashing algorithms are weak, and you can significally improve the cracking speed by exploiting these weaknesses (like you can cut the MD5 algorithm in 1/4, which will give huge speed boost).
Newer techniques use the graphics card as another processor — and it's thousands of times faster.
You may try using Rainbow Tables for the fastest password cracking. Notice that password cracking is a good technique only if you already have the hash of password.
Trying every possible password while logging to remote machine is not a good idea, as it's easily detected by intrusion detection systems, pollutes system logs, and may take years to complete.
It's often much easier to find another way into a system than cracking the password.

Get super-user privileges. Try to get root privileges if targeting a *nix machine, or administrator privileges if taking on Windows systems.

Most information that will be of vital interest is protected and you need a certain level of authentication to get it. To see all the files on a computer you need super-user privileges - a user account that is given the same privileges as the "root" user in Linux and BSD operating systems.
For routers this is the "admin" account by default (unless it has been changed); for Windows, this is the Administrator account.
Gaining access to a connection doesn't mean you can access everything. Only a super user, the administrator account, or the root account can do this.

Use various tricks. Often, to gain super-user status you have to use tactics such as creating a buffer overflow, which causes the memory to dump and that allows you to inject a code or perform a task at a higher level than you're normally authorized.

In unix-like systems this will happen if the bugged software has setuid bit set, so the program will be executed as a different user (super-user for example).
Only by writing or finding an insecure program that you can execute on their machine will allow you to do this.

Create a backdoor. Once you have gained full control over a machine, it's a good idea to make sure you can come back again. This can be done by backdooring an important system service, such as the SSH server. However, your backdoor may be removed during the next system upgrade. A really experienced hacker would backdoor the compiler itself, so every compiled software would be a potential way to come back.

Cover your tracks. Don't let the administrator know that the system is compromised. Don't change the website (if any), and don't create more files than you really need. Do not create any additional users. Act as quickly as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to log-in with this password, the server should let them in, but shouldn't contain any crucial information.

Tips

Keep in mind, if your target is not doing their best to keep you out, you won't ever become good. Of course, don't get cocky, don't think about yourself as the best of the best. Make this your goal: you must become better and better. Every day that you didn't learn something new is a wasted day. You are all that counts. Become best, at any cost. There are no half-ways, you must give fully of yourself. As Yoda would say, "Do or do not. There is no try."

There is a major difference between a hacker and a cracker. A cracker is motivated by malicious (namely: money) reasons, while hackers attempt to retrieve information and gain knowledge through exploration - ("bypassing security"), at any cost and in any way which may not always be legal.

Unless you're an expert or a professional hacker, using these tactics on a popular corporate or government computer is asking for trouble. Keep in mind there are people a bit more knowledgeable than you who protect these systems for a living. Once found, they sometimes monitor intruders to let them incriminate themselves first before legal action is taken. This means you might think you have free access after hacking into a system, when in fact, you're being watched, and may be stopped at any moment.

Hackers are those who built the internet, made Linux, and work on open source software. It's advisable to look into hacking as it's quite respected, and requires a lot of professional knowledge to do anything serious in real environments.

Remember, hacking is not about breaking into computers, getting a well paid job, selling exploits on the black market, nor helping anyone compromise secure machines. You're not here to help the admin do his job. You're here to become the best.

Read books discussing TCP/IP networking.

Although it's great that there are many legal, safe training grounds available for anyone, the sad truth is that you won't become even mediocre if you don't perform potentially illegal actions. You can't become anyone if you won't find real problems on real systems, with the real risk of getting caught. Keep that in mind.

Warnings

Don't delete entire logfiles, instead, just remove only the incriminating entries from the file. The other question is, is there a backup logfile? What if they just look for differences and find the exact things you erased? Always think about your actions. The best thing is to delete random lines of log, including yours.
Although you may have heard the opposite, don't help anyone patch their programs or systems. This is considered extremely lame and leads to being banned from most hacking communities. And if you would release a private exploit someone found, he may become your enemy — and he's probably better than you are .
Be extremely careful if you think you have found a very easy crack or a crude mistake in security management. A security professional protecting that system may be trying to trick you or setting up a honeypot.
Misusing this information may be a local and/or federal criminal act (crime). This article is intended to be informational and should only be used for ethical - and not illegal - purposes.
Hacking into someone else's system may be illegal, so don't do it unless you are sure you have permission from the owner of the system you are trying to hack or you are sure it's worth it and you won't get caught.
Never do anything just for fun. Remember it's not a game to hack into a network, but a power to change the world. Don't waste that on childish actions.
If you aren't confident with your skills, avoid from breaking into corporate, government, or military networks. Even if they have weak security, they could have a lot of money to trace and bust you. If you do find a hole in such network, it's best to hand it to more experienced hacker that you trust who can put these systems to good use.

Things You'll Need

A (fast operating) PC or laptop with a connection to the Internet.
A Proxy (optional)
An IP scanner
Petaflops Help

How to Ping an IP Address

PING tests the connection between two network nodes by sending packets to a host and then reporting the time it takes to get a response. The nodes can be in a Local Area Network, Wide Area Network or anywhere on the internet. To ping an IP address, follow these instructions.

Steps

Go to Start > Run and type cmd. You can also search for cmd.exe in the Windows Search function.

Press OK to launch Windows Command.

Type ping (hostname goes here) or ping (IP address goes here).

For example, to ping wikiHow’s main web server, type ping www.naijadigits.blogspot.com.

To have your PC ping itself, type ping 127.0.0.1.

Hit Enter to see your ping output.

Linux

1. Open a telnet/TERMINAL window.

2. Type ping (hostname goes here) or ping (IP address goes here). For example, to ping hackdigits’s main web server, type ping www.hackdigits.blogspot.com. To have your PC ping itself, type ping 127.0.0.1.

3. Hit Enter to see your ping output.

Mac OS X

1. Go to Applications folder > Utilities > Network Utility.

2. Click on the Ping tab and specify a domain or IP Address. For example, to ping wikiHow’s main web server, type ping www.wikihow.com.

3. Click Ping.

Ping Output

1. The first line of output: This describes what ping is going to do. For example:

ping example.com

PING example.com (192.0.32.10): 56 data bytes

2. The ensuing lines of output: If the packet ping sends to the target host arrives, is echoed back and received, ping will display lines like:

64 bytes from 192.0.32.10: icmp_seq=0 ttl=240 time=98.767 ms

64 bytes from 192.0.32.10: icmp_seq=1 ttl=240 time=96.521 ms

64 bytes from 192.0.32.10: icmp_seq=2 ttl=240 time=95.766 ms

64 bytes from 192.0.32.10: icmp_seq=3 ttl=240 time=95.638 ms

64 bytes from 192.0.32.10: icmp_seq=4 ttl=240 time=95.414 ms

64 bytes from 192.0.32.10: icmp_seq=5 ttl=240 time=93.367 ms

* You may need to press CTRL+C to stop ping.

3. The final lines of output: Ping will then summarize the results like:

6 packets transmitted, 6 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 93.367/95.912/98.767/1.599 ms

If ping fails

1. One of the failures ping reports is:

ping: cannot resolve example.com: Unknown host

This usually means that the you have misspelled the hostname. Try another hostname like example.com (really). If that reports “Unknown host,” then the problem is most likely the address of the domain name server.

* Ping using the host’s IP address instead of its name (ex. 192.0.32.10). If this is successful then either the address you are using for the domain name server is incorrect or it is unreachable or down.

2. Another error message is:

ping: sendto: No route to host

This may mean the address of the gateway is incorrect or that the connection from your PC is not up and running.

* Ping 127.0.0.1: that's your own PC. If this fails, the network configuration or the NIC (Network Interface Card) may be bad. Replace the NIC or add a new one (they are really cheap these days).

* Check the cable from your PC to your router, especially if the connection worked previously.

* Most PC NIC ports have an indicator light that indicates a good connection and one that blinks as data is transferred. As the ping command transmits packets at about 1 per second, you should be able to see the data light blink.

* Check that the router has the proper indicators light (and no faults), including the one that indicates a good connection to your PC. If a fault indicator is on, follow the cable from your PC to the router to make sure it is properly connected, then call your cable or broadband provider if necessary.

* Boot a live CD. This is a system that will automatically set up the NIC and let you use a ping to verify that all the hardware is working. It does not do anything to your hard disk and when you're done, just boot your regular system.