Sunday, April 17, 2011

Some FAQ's that you must know about hacking .

I get lots of emails from anonymous people who ask me to hack a facebook or gmail or live account and they are also willing to pay for it too . I never reply to such mails because of the obvious reason that "hacking is not dirty" . You just cannot use your tricks to fool others and steal their information . Everyone loves his/her privacy . 
But there are some good questions too . Some eager learners ask me very good questions which sometimes makes me also do some searching and finding( i am not an expert :-) ) . 

I got a mail from one of my blog reader regarding the basic problems he faced while learning hacking . The problems were quiet genuine and every hacker who is eager to learn will face these common problems . The answers of these questions cannot be found in books . Here are some questions that he kept in front of me . I thought it will be good if i post in on my blog so that if others have similar problems then maybe it could help them . 
I would suggest you that you go through this article before reading this questioner .

Here are the questions : 

Ques : 1.You mention that the 1st step is to gain all the information of the target.That is,ip address,location etc.I know an easy way of locating an ip address is through online ip address locators but i personally prefer pinging a url.My problem in step 1 is what to do after this stage of finding the ip address.How do you find the location of the server and how do you 'banner grab'?How can i perform reconnaissance in step 1?

Ques 2.Can i use NMap in step 1 to find the services runing on the server?

Ans 1,2You have put in some genuine problems . See once you the ip address of the website/webserver(using ping or net) then all you hav to do now is search for the available services running on it . Banner grabing is quiet an old technique now and now it doesnt provide much information . See the screenshot in which i first found out the IP address of by pinging(as u mentioned) . 

After that i hav used nmap to find the available services running (in the screenshot ,since blog is on google server so information is returned) . U can hav intense scan to find out the available services . hope this answers ur first and second question . 

Ques 3.A question that has really been bugging me for a long time is this.Many people talk about hacking a website with login information but the website i want to hack doesn't have a login page but i know the institution.Its physically here.Can i still gain access to their server through their website?Is it that most probably their website is linked to their server?

Ans 3 :
Now coming to ur third question ..We generally use sql injection attack to hack websites having login page. Suppose the website dsnt hav a login page then all u hav to do is find the available services . Its guaranteed that some service must definetly be available on the server on which the site is hosted. Find that service(in most common cases its a FTP service or an SSL service ) .. Nmap will give you information about what FTP client(or some other service) is used and what version is it .  
Then you hav to use the third step of my article (Hacking websites/webserver) to find the available bugs and exploits on perticular vrsion of service.

Ques 4 .When you ping or query a website,is there a chance that the target ip can be notified that a specific computer is pinging them?And if so,what counter measures can you take to remain anonymous?

Ans : See if the target is monitoring ping data packets then there are chances for you to get identified. But considering that the website recieves lots of hits per minute , it becomes a bad idea to monitor every data packet . So network administrators generally dont monitor ping data packets. But in case you need to be anonymous then you can do a UDP scan on the target . Its never monitored seperatly . It i considered as a part of valid data packet . See in NMAP there is an option for UDP scanning too.

Ques 5 .Before performing an attack,i know that hackers most importantly don't want to get caught so they take measures to remain anonymous.I wanted to know if changing your ip address is a good way of doing this.I have heard of some softwares that assign you an ip address after bouncing you through multiple other addresses so that when someone wants to trace you,they keep getting bounced from one ip address to the other.Do you recommend this method and if so,which software would you recommend?

Ans 5 : Yes bouncing the ip address is a secure way of hiding your identity and stay completely anonymous .
My personal best software is platinum hide ip .
you cn download its cracked version from this link ;

Ques 6 .Mac Address.An IT Technician told me that security officers search for hackers Mac addresses to get to them because the mac address represents the physical address.I there a way of changing or concealing you mac address?

Ans 6 : Your IT technician told you what he has read in books . MAC address are very difficult to trace and they are not a foolproof technique to trace a hacker . Here are the reasons why - 

>Generally the laptop manufacturers do not ensure that the MAC address is unique or not because there is no governing body for it . There are possibilities that two different systems can have the same MAC address . 

>secondly MAC address can be overridden to some fake value very easily using C programming .

>thirdly The MAC address is used by the network to identify which piece of hardware a packet of information is to be sent to. In other words, it's used only on connections from one piece of networking equipment to the next.
That means that when information leaves your computer it has your computer's MAC address, but when it arrives at your router that MAC address is removed. When the information is sent by your router further upstream to your ISP's router, it contains the MAC address of your router. When it moves from the ISPs router to another router on the internet, it contains the MAC address of the ISPs router.

Ques 7 :Do website ip addresses ever change since they are constantly online to be accessed anytime of the day?(Sticky ip address)

Ans : IP address generally dont change. If they change their servers then the address changes but it gets updated in every DNS server that the address has been changed to some different value so its not a big thing to worry. 

Ques 8 :OS fingerprinting.You didn't mention this step but i'm sure it falls in step 2 under enumeration where you find out the os of the target so as to know what attack you can/canot do.My question is,since all i have is a web address,if you port scan and os fingerprint it using angry ip scanner and NMAP,are you getting results of the computer/server that is hosting that website?

Ans : Yes you are correct . When we have to bring a website online then we have to upload it on a web server . That webserver can have a linux , or windows or solaris operating system . This is what you see when you do os scan using any scanner .

Ques 9 : .Please correct me if i'm wrong,but if my sole purpose is to gain access to an institutions server so as to gain access to their database and all i have is their website,basically i should be looking for a path to take me to that server,right?

Ans 9 : Yes again you are almost correct . The website hosted on the server will provide you the path or you can say exploit to reach to the admin area without authentication.
If you are trying anythin on the website like scanning , exploit etc then it goes directly on the server so indirectly the website is your front end to the server .

Ques 10 : .Again,correct me if i'm wrong but are all websites hosted from a webserver?Again,when you use NMAP to scan target ip addresses,whats the difference between it scanning the ip address of a computer and that of a website?When you get results of open ports after scaning the ports on a website ip address,are those ports of the server on the computer hosting the website?

Ans 10 : Yes all websites are hosted on a webserver as they are 24x7 online so any user can access the site anytime . 
See weather you scan a server or a single user pc , they are both the same thing . All you have to do is find its IP address . When you scan a server then you get lots of services running on it and when you scan any random internet user then you donot get too many services . Just some basic pots like 339,1204,8080 etc .
And one more thing scanning a website ip address is equivalent to scanning the server hosting it.
So the open ports that you get when you scan the site is the services that are running on the webserver for that perticular website . If suppose a single server is hosting two different websites . if one website is an email service providing website then you will find port 110 open on the server and if the second site is a file downloading site then you will find the FTP port 21 open for that same server. Got it .
To hack the first site you will have to exploit the email service and two hack the second website you will have to exploit the FTP client . Indirectly the same server has two different ways to hack it.

Ques 11 : .When looking to gain access to a computer,website or a server,which common ports will you be looking to find opened?
Eg:If you already know the ip address of a computer,what ports would you hope to find opened so as to perform an attack to gain entry to that computer?

Ans : This is an irralavant question . Any number of ports can be open on any website . you just cannot say that this is always present and this one is not . Nut keep one thing in mind that the non standard open ports are easy to exploit than the standard ones .    

Ques 12 : .Once i perform a port scan on a target,and get results of various opened ports,how do you know which attack techniques to perform in regard to the open ports?Eg;A port scan result shows that ports139 is open.Port 139 as we know is a NetBIOS port.Am i right when i say then that you can go to command prompt and use nbtstst to check for any shared drives on the target host?
Which attack techniques are performed on ports 21,22,80,139,443 and 445?Another port that i'm interested to know about is port 3389.What does it do?

Ans 12 : See you just cannot use cmd to know shared drives on the target , you first need to get authorized access to the system . NetBIOS is not very attractive port to hack.
when you scan a website that has some ports open then your next step should be to find out what type of service/software is managing that port . Suppose port 80 is open . Its the port for establishing HTTP connections. So now you have to find out the software that is governing that HTTP service . For example its running a Microsoft IIS version 5 on port 80 . then you have to find an exploit for that perticular version of IIs server . You can use metasploit for this purpose .
Port 3389 is an intresting port . i was about to tell you about it.
Its basically the port used for remote client connection service . If i have to connect through a remote desktop client then port 3389 is used . Lots of exploits have been found for different versions of windows and linux having this port open . good network admins generally keep this port close .
use metasploit to know more about this port and various exploits.

Questions are always wlcome provided they are relevant . Its always good to learn . Keep yourself safe .
Feel free to ask any question regarding hacking . I am also eager to learn too . 
I will keep updating this post as i find some more good questions for you all . 
Do comment .



  1. This question and answers are really help full thanx

  2. Thanks for a nice share you have given to us with such an large collection of information. Great work you have done by sharing them to all. simply superb. Photo Recovery

  3. Really great for a beginners...