Thoughts of a coder

It’s how I think! It’s how I code!

Archive for category Hacking and Cracking

How to hack gmail / yahoo / hotmail

Dec 18

Posted by Sandaruwan Gunathilake in Hacking and Cracking, Internet | 10 Comments

Thousands of people searches through the internet for the above topic, and apparently they come up with quite nice articles which explains how to hack. Most of those are sending an email to a specific email address of the service provider which is a system account. What you have to do is, send an email from your account with your password and also add the email account to be hacked into it. I’s very easy, they give you the format of the email, you just have to insert the two values and send the email to the system account. And just after you send the email, the system account logs into your account and then do some bullshit(this changes from article to article) and send back the password of other person. Pretty cool isn’t it?

This method is really simple. As I mentioned before, this technique is called social engineering. Once you sent your password, it’s a hack! They have used social engineering to get into your account.

There is one thing you need to keep in mind before searching through the internet for above topics, don’t fall into pitfalls. There are thousands of security experts working on securing the email services, so it’s very unlikely there are flaws on those. In other hand, even if there’s a flaw, who would want to share it? As a matter of fact, just after he shared it the service provider will get alerted and they’ll close the hole, and the founder won’t be able to exploit it any longer.

So, if you really really want to hack into email accounts (I strongly recommend not to), find your own way. The best possible is to use social engineering.

Please don’t post comments asking to hack something. You’ll not get any replies.

SQL Injection

Feb 22

Posted by Sandaruwan Gunathilake in Hacking and Cracking | 8 Comments

LAMP, a commonly used web development combination. Linux, Apache, MySql and PHP. Since, the language, PHP is designed for web developing, the language is very simple and anyone can learn it easily. And combining it with MySQL allows you to build very powerfull web sites.

There is one dangerous mistake that some people may do. Directly passing the values from the user to the database. How it could be so dangerous? I’ll show you an example.

Let’s say you have a login form and line like this in the action page.

$result=mysql_query(“SELECT * FROM users WHERE username=’”.$_POST['username'].”‘ AND pwd=’”.$_POST['password'].”‘”) ;

Normally, The script will add the values from the user into the sql query. So, It will be something like :

SELECT * FROM users WHERE username=’sandaruwan’ AND pwd=’secret’

There is nothing wrong with it. But let’s say, Instead of typing my username, if i type something like :

sandaruwan’#
What would happen? The script will insert this statement into the query. So, It will be something like :

SELECT * FROM users WHERE username=’sandaruwan’#’ AND pwd=’secret’

The symbol # means, comment out the rest of the query. In that case, the final query is like :

SELECT * FROM users WHERE username=’sandaruwan’

So, no matter what is the password, The script will allow you to login. Very simple!!! but effective.

Tags: , ,

Social Engineering

Feb 13

Posted by Sandaruwan Gunathilake in Hacking and Cracking | 3 Comments

One day, in an afternoon, when you are relaxing in your home, you get a call from HSBC and they tell you they are rechecking credit cards. “Could you please tell me, your credit card number?”. Just without thinking much, most probably what you’ll do is tell it. And your personal details, etc. So, next month when the bill comes, you know someone has illegally used your credit card.

Basically, that’s social engineering; Gathering information by talking to the people. This is easier than hacking, and probably more effective. Because in a computer system, system admin can patch the vulnerable products but there is no patch for human stupidity.

Just wanted to tell you, “Beware of Social Engineers”.

Tags: ,

FreeCell – Allow any move

Feb 12

Posted by Sandaruwan Gunathilake in Hacking and Cracking | No Comments

“That move is not allowed” – most probally you have got this message several times when you are playing freecell. This message is bit of a headache. I wanted get rid of it. With the great help of W32Dasm, it was pretty easy.

The first step was disassembling the game. Then, I searched through the code for “That move….”. It only appeared only once which makes our job much easier. backtrack, backtrack, backtrack, it was really easy. Then I was able to find out a jump : “jbe 01003C2B” at offset 2F7C. Changing those into ‘nop’s will allow you to make any move except the moves on top bars. So, I was going around here and there in the code and managed to change the top bar. Since it is 3:23 AM, I’m not going to explain how to do it. If you want to change the top bars, you can apply the same theory. It is also changing few jumps. Hint : Try to use debugging feature of W32DASM.

Tags: ,

Arp Poisoning

Feb 8

Posted by Sandaruwan Gunathilake in Hacking and Cracking | 4 Comments

When you guys wants to do packet sniffing what do you do? Just running a packet sniffer? That’ll work if your network is connected using a hub. Not in a switched enviroment. So, the solution is arp poisoning.

Arp Poisoning, one great method of hacking. The basic idea behind arp poisoning is changing the packet destination by fooling the computer. In a local area network the computers are uniqly identifical by the MAC address and IP address. The top level software communicate using the IP addresses. So, when a software wants to connect to another machine, it creates a data packet and put the destination IP address. Then, the kernel takes the packet. The kernel have a table called ARP table which have information about ip address againts the mac addresses. So, the kernel looks at the ARP table and then takes the relevent MAC address. If MAC address is not available in the table, it sends an arp request saying “Hey, xxx.xxx.xxx.xxx, send me your MAC address”. So, the other computer sends an arp reply. At that point first computer update it’s arp table. Then the kernel inject that MAC into the packet and give it to the network card. The network card only look at the MAC address. So, the packet’s final destination is the computer pointed by the MAC address; no matter what the ip address is.

Now think like this. Let’s say there are three computers. A,B and C. You are in the computer A and your MAC address is 00:00:00:FF:FF:FF. So, we want to track messages between computer B and C. What we have to do is create two fake arp replies. One is saying “I’m computer B, my MAC address is 00:00:00:FF:FF:FF” and other saying “I’m computer C, my MAC address is 00:00:00:FF:FF:FF”. So, you keep broadcasting both messages, the first message to the computer C and other to the computer B. Then you have to put an ip forwarding program and configure it to redirect the packets to it’s original destination. Now all packets go through your computer. It’s time to sniff.

You can also do some other interesting stuffs. If you want to ban someone from the network, what you have to do is send an arp reply to the gateway saying “Hey, I’m computer X, my MAC address is 00:00:00:00:00:00″. Since there is no MAC address like that, messages from the gateway won’t reach the computer. Ya, finally, you banned them.

Tags: ,

Get Adobe Flash playerPlugin by wpburn.com wordpress themes