09/09/2015 BY FUAD

TESFAYE
All the information provided in this
book is for educational purposes
only.
⦁ 1. “Art of hacking” is just a term that represents the name of the book
and is not a book that provides any illegal information. “art of
hacking” is a book related to Computer Security and not a book that
promotes hacking/cracking/software piracy.

2. This book is totally meant for providing information on "Computer

Security”, "Computer Programming” and other related topics and is no
way related towards the terms "CRACKING” or "HACKING”
(Unethical)

⦁ 3. The virus creation section in this book provides demonstration on

coding simple viruses using high level programming languages.
These viruses are simple ones and cause no serious damage to the
computer. However we strongly insist that these information shall
only be used to expand programming knowledge and not for causing
malicious attacks.

⦁ 4. All the information in this book is meant for developing Hacker

Defense attitude among the readers and help preventing the hack
attacks. “Hacking for Beginners” insists that this information shall
not be used for causing any kind of damage directly or indirectly.
However you may try these codes on your own computer at your own

1
 risk.

⦁ 5. The word "Hack” or "Hacking” that is used in this book shall be

regarded as "Ethical Hack” or "Ethical Hacking” respectively.

⦁ 6. We believe only in White Hat Hacking. On the other hand we

condemn Black Hat Hacking.
ABOUT AUTHOR

⦁ Fuad tesfaye is grade 10 student and want to be best hacker

⦁ I want the world full of hacking and all country know about hacking

⦁ And I wish ethiopia will be best hackers country

Preface

⦁ Computer hacking is the practice of altering computer

hardware and software to carry out a goal outside of the
creator‘s original intention. People who slot in computer
hacking actions and activities are often entitled as hackers.
The majority of people assume that hackers are computer
criminals. They fall short to identify the fact that criminals
and hackers are two entirely unrelated things. Media is liable
for this. Hackers in realism are good and extremely
intelligent people, who by using their knowledge in a
constructive mode help organizations, companies,
government, etc. to secure credentials and secret information
on the Internet.

2
 ⦁ This Book is written by keeping one object in mind that a
beginner, who is not much familiar regarding computer
hacking, can easily, attempts these hacks and recognize what
we are trying to demonstrate. Here we have incorporated the
best ethical hacking articles in this volume, covering every
characteristic linked to computer security

⦁ So Take care of yourself and Defend Yourself By hacking

the hacker and be safe after that. So if you know how to hack
a hacker then you can know how to prevent the hacker.

Acknowledgements
⦁ Book or volume “Art of hacking” is tremendously complex to
write, particularly without support of the Almighty GOD... I
am more than ever thankful tor the inspiration which I got for
learning hacking and getting such great opportunity to write
the book. I am also thankful to my partner who facilitated me
at various research stages of this book and helped me to
complete this book and mentioned me new suggestion for the
book To finish, I am thankful to you also as you are reading
this book. I am sure this will book make creative and
constructive role to build your life more secure and alert than
ever before Again Nothing but “Hack It and Have It...”

⦁ Fuad tesfaye

SECTION 1:- The Theatrical concepts and

3
Explanation.
⦁ 1.CONCEPT OF
HACKING………………………………………………………….6

⦁ What Is Hacking

⦁ Types Of Hacker

⦁ Why Hackers Hack?

⦁ Prevention From Hacker

⦁ Steps Performed By Hackers

⦁ Working Of An Ethical Hacker

⦁ 2.EMAIL HACKING
………………………………….…....………………………………12

⦁ How Email Works?

⦁ Email service Protocols

⦁ Email Spoofing

⦁ PHP Mail Sending Script

⦁ Phishing

⦁ Prevention From Phishing

⦁ Email Tracing

4
⦁ Keystroke Loggers

⦁ Securing Your Email Account

⦁ 3.WINDOWS HACKING AND

SECURITY…………...…..…………………………

⦁ Security Architecture of
Windows………..……………………………………..

⦁ Windows user account

Architecture…………………………………………….

⦁ Cracking Windows User Account password

………………………………...

⦁ Windows User Account Attack

………………………………………………....…

⦁ Counter Measures of Windows Attack

…….…………………………………..

⦁ To hide a file behind an image

………………………………….………………..…

⦁ Make a private
folder…………………………………………………………………..

⦁ To run net user in Vista and Windows 7

…………………………………..…...

⦁ Brute Force Attack

5
 ………………………………………………………………….…

⦁ Rainbow table attack

……………………………………………………………………

⦁ Counter Measures for Windows Attack

………………………………………

⦁ 4. TROJANS IN BRIEF...…..…………….………….……..
…………..………………

⦁ Knowing the Trojan ……………………………………………………………

⦁ Different Types of Trojans …………………………………………………

⦁ Components of Trojans ……………………………………………………….

⦁ Mode of Transmission for Trojans

…………………………………………

⦁ Detection and Removal of Trojans

…………………………………………

⦁ Countermeasures for Trojan attacks

………………………………………

⦁ 5. ATTACKS ON WEB SERVER AND SECURITY

…………………………

⦁ Introduction to Web
Servers..…………………………………………………

⦁ The Basic Process: How Web servers work

6
 ……………………………

⦁ Attacks on Web servers

…………………………………………………………

⦁ Web Ripping
……………………………………………………………………………

⦁ Google Hacking ……………………………………………………………………

⦁ Protecting Your Files from Google

……………………………………………

⦁ Cross Site Scripting (XSS)

……………………………………………………………

⦁ Directory Traversal Attack

…………………………………………………………

⦁ Database Servers
………………………………………………………………………

⦁ Login Process on the websites

……………………………………………………

⦁ SQL injection
…………………………………………………………………………………

⦁ Input validation on the SQL Injection …………………………………

…………

⦁ PHP Injection: Placing PHP backdoors

7
 …………………………………………

⦁ Directory Access controls

……………………………………………………………

⦁ How Attackers Hide Them While Attacking

…………………………………

⦁ Types of Proxy Servers

………………………………………………………………

⦁ 6. WIRELESS
HACKING…………………………………...…………………...………

⦁ Wireless Standards
…….……………………………………………………………

⦁ Services provided by Wireless Networks ……………………………..

⦁ MAC Address filtering

…..……………………………………………………………

⦁ WEP key encryption

……………………………………………………………………

⦁ Wireless attacks ………………………………………………………………

⦁ MAC spoofing ……………………………………………………………………

⦁ WEP cracking ………………………………………………………………………

⦁ Countermeasures for Wireless attacks ………………………….….….

⦁ 7. MOBILE HACKING-SMS AND CALL

8
 FORGING……..…………,,……………

⦁ What Does It Involve

………………………………………………………………

⦁ Call Spoofing / Forging

………………………………………………………………

⦁ SMS Forging
………………………………………………………………………………………

⦁ Bluesnarfing …………………………………………………………………………

⦁ 8. INFORMATION GATHERING AND

SCANNING……...………………………

⦁ Why Information gathering?

…………………………………………………

⦁ Reverse IP mapping …………………………………………………………

⦁ Information Gathering Using Search Engine ………………………

⦁ Detecting ‘live’ systems on target network

……………………………

⦁ War dialers ………………………………………………………………

⦁ 9.
SNIFFERS………………………………………………...……………………………
.……

⦁ What are Sniffers? ……………………………………………………

9
⦁ Defeating Sniffers………………………………………………………

⦁ Ant Sniff ……………………………………………………………………………

⦁ 10. LINUX
HACKING…………………………………………………………………………

⦁ Why used
Linux? ..............…………………………………………………………………

⦁ Scanning Networks ………………………………………………………………

⦁ Hacking tool Nmap ………………………………………………………………

⦁ Password cracking in Linux ………………………………………………

⦁ SARA (Security Auditor’s Research Assistant) ………………………

⦁ Linux Root kits

………………………………………………………………………

⦁ Linux Tools: Security Testing tools

……………………………………………

⦁ Linux Security Countermeasures

……………………………………………
SECTION 2:- The Tutorial based hacks and
explaination as online.

⦁ 1.How to chat with your friends using Ms-

DOS……….….…………………80

⦁ 2.How to change your ip

10
 address………………………..…………………………81

⦁ 3.How to fix corrupted XP

files………………………………………………………82

⦁ 4.Delete an
“undeletable………………………………..….…………………………86

⦁ 5.What is
steganography?..................................................………………87

⦁ 6What is MD5 and how to use

it……………………………………………………89

⦁ 7.what is pishing and its

demo………………………………………………………92

⦁ 8.How to view hidden passwords behind asterisk(* * * *

*……………94

⦁ 9.Tab napping a new pishing

attack……………………………..….……………97

⦁ 10.Hack Facebook account using Facebook

hacker……………….…………99

⦁ 11.What are key

loggers?........................................................... ……….101

⦁ 12.How to remove new folder

virus……………………………..………………….102

⦁ 13.Mobile hack to call your friends from their own

11
 numbers….………..105

⦁ 14.Internet connection cut-off LAN/WI-

FI……………………...………………..107

⦁ 15.WEP cracking using Airo

Wizard…………………………….…………………….111

⦁ 16.12 security tips for online

shopping………………………….………………….112

⦁ 17.How to check if your Gmail account hacked or

not………......…………115

⦁ 18.Beware of common internet scams and

frauds…………………………….116

⦁ 19.12 Tips to maintain a virus free

pc…………………………...………………….118

⦁ 20.10 Tips for total online

security……………………………………………………120

⦁ 21.Making a computer
virus…………………………………….……………………….124

⦁ 22.SQL injection for website

hacking…………………………...…………………..128

⦁ 23.How a’ DenaIl server ’attack

works…………………………..………………….131

⦁ 24.XSS vulnerability found on YouTube

12
 explained………...………………….134

⦁ 25.Hacking deep
freeze…………………………………….……………………………..136

⦁ 26.How to watch security cameras on

internet……………..………………….138

⦁ 27.How to find serial numbers on Google

………………….……………………139

⦁ 28.How to download video from

Facebook………………………………………141

⦁ 29.Hack a website by remote file

inclusion……………………………………….143

⦁ 30.What is CAPTCHA and how it works?..................................

………….145

⦁ 31.Hack a password of any operating

system……………....……………………147

⦁ 32.Make a private folder with your

password…….………..……………………149

⦁ 33.Making a Trojan using beast

2.06………………………..…………………………155

⦁ 34.Hacking yahoo messenger for multi

login……………….………………………156

⦁ 35.5 Tips to secure your Wi-Fi

13
 connection…………………...………………………157

⦁ 36.Upgrade window 7 to any higher

version………………..………………………158

⦁ 37.world’s top internet hackers of all

time…………………..………………………165

1. Concept of Ethical Hacking

⦁ The Art of exploring various security breaches is termed as Hacking.

⦁ Computer Hackers have been around for so many years. Since the
Internet became widely used in the World, We have started to hear
more and more about hacking. Only a few Hackers, such as Kevin
Mitnick, are well known.

⦁ In a world of Black and White, it’s easy to describe the typical

Hacker. A general outline of a typical Hacker is an Antisocial, Pimple-
faced Teenage boy. But the Digital world has many types of Hackers.

14
 ⦁ Hackers are human like the rest of us and are, therefore, unique
individuals, so an exact profile is hard to outline. The best broad
description of Hackers is that all Hackers aren’t equal. Each Hacker
has Motives, Methods andSkills. But some general characteristics
can help you understand them. Not all Hackers are Antisocial,
Pimple-faced Teenagers. Regardless, Hackers are curious about
Knowing new things, Brave to take steps and they are often very
Sharp Minded.

Hacker

⦁ Hacker is a word that has two meanings:

⦁ Traditionally, a Hacker is someone who likes to play with Software or

Electronic Systems. Hackers enjoy Exploring and Learning how
Computer systems operate. They love discovering new ways to work
electronically.

⦁ Recently, Hacker has taken on a new meaning — someone who

maliciously breaks into systems for personal gain. Technically, these
criminals are Crackers as Criminal Hackers. Crackers break into
systems with malicious intentions.

⦁ They do it for Personal gain, Fame, Profit and even Revenge. They
Modify, Delete and Steal critical information, often making other
people's life miserable.

⦁ Hacking has a lot of meanings depending upon the person’s

knowledge and his work intentions. Hacking is an Art as well as a
Skill. Hacking is the knowledge by which one gets to achieve his
Goals, anyhow, using his Skills and Power.

⦁ Most people associate Hacking with breaking law, therefore calling

all those guys who engage in hacking activities to be criminals. We

15
 agree that there are people out there who use hacking techniques to
break the law, buthacking is not really about that. In fact, hacking is
more about following the law and performing the steps within the
limits.

Hacker vs. Cracker

⦁ What Is the Difference Between a Hacker and a Cracker?

⦁ Many articles have been written about the difference between

Hackers and crackers, which attempt to correct public
misconceptions about hacking. For many years, media has applied
the word Hacker when it really meansCracker. So the public now
believe that a Hacker is someone who breaks into computer systems
and steal confidential data. This is very untrue and is an insult to
some of our most talented Hackers.There are various points to
determine the difference between Hackers and crackers

⦁ Definition - A Hacker is a person who is interested in the working of

any computer Operating system. Most often, Hackers are
programmers. Hackers obtain advanced knowledge of operating
systems and programming languages. They may know various
security holes within systems and the reasons for such holes.
Hackers constantly seek further knowledge, share what they have
discovered, and they never have intentions about damaging or
stealing data.

⦁ Definition - A Cracker is a person who breaks into other people

systems, with malicious intentions. Crackers gain unauthorized
access, destroy important data, stop services provided by the server,
or basically cause problems for their targets. Crackers can easily be
identified because their actions are malicious.

⦁ Whatever the case, most people give Hacker a negative outline.

16
 Many malicious Hackers are electronic thieves. Just like anyone can
become a thief, or a robber, anyone can become a Hacker,
regardless of age, gender, or religion. Technical skills of Hackers vary
from one to another. Some Hackers barely know how to surf the
Internet, whereas others write software that other Hackers depend
upon.

Types of Hacker

⦁ Let’s see the categories of Hackers on the basis on their knowledge.

Coders

⦁ The Real Hackers are the Coders, the ones who revise the methods
and create tools that are available in the market. Coders can find
security holes and weaknesses in software to create their own
exploits. These Hackers can use those exploits to develop fully
patched and secure systems.

⦁ Coders are the programmers who have the ability to find the unique
vulnerability in existing software and to create working exploit
codes. These are the individuals with a deep understanding of the
OSI Layer Model and TCP/IP Stacks.

Admins

⦁ Admins are the computer guys who use the tools and exploits
prepared by the coders. They do not develop their own techniques,
however they uses the tricks which are already prepared by the
coders. They are generally System Administration, or Computer
Network Controller. Most of the Hackers and security person in this
digitalworld come under this category.

⦁ Admins have experience with several operating systems, and know

how to exploit several existing vulnerabilities. A majority of Security

17
 Consultants fall in this group and work as a part of Security Team.

Script Kiddies

⦁ Next and the most dangerous class of Hackers is Script kiddies, They
are the new generation of users of computer who take advantage of
the Hacker tools and documentation available for free on the
Internet but don’t have anyknowledge of what’s going on behind
the scenes. They know just enough to cause you headaches but
typically are very sloppy in their actions, leaving all sorts of digital
fingerprints behind. Even though these guys are the teenageHackers
that you hear about in the news media, they need minimum skills to
carry out their attacks.

⦁ Script Kiddies are the bunnies who use script and programs
developed by others to attack computer systems and Networks.
They get the least respect but are most annoying and dangerous
and can cause big problems withoutactually knowing what they are
doing.

⦁ Types of Hackers on the basis of activities performed by them.

White Hat Hacker

⦁ A White Hat Hacker is computer guy who perform Ethical Hacking.

These are usually security professional’s withknowledge of hacking
and the Hacker toolset and who use this knowledge to locate
security weaknesses and implement counter measures in the
resources.

⦁ They are also known as an Ethical Hacker or a Penetration Tester.

They focus on Securing and Protecting IT Systems.

Black Hat Hacker

18
 ⦁ A Black Hat Hacker is computer guy who performs Unethical
Hacking. These are the Criminal Hackers or Crackers who use their
skills and knowledge for illegal or malicious purposes. They break
into or otherwise violate the system integrity of remote machines,
with malicious intent.

⦁ These are also known as an Unethical Hacker or a Security Cracker.

They focus on Security Cracking and Data stealing.

Grey Hat Hacker

⦁ A Grey Hat Hacker is a Computer guy who sometimes acts legally,

sometimes in good will, and sometimes not. They usually do not
hack for personal gain or have malicious intentions, but may or may
not occasionally commit crimes during the course of their
technological exploits.

⦁ They are hybrid between White Hat and Black Hat Hackers.

Ethical Hacking

⦁ Ethical Hacking is testing the resources for a good cause and for the
betterment of technology. Technically Ethical Hacking means
penetration testing which is focused on Securing and Protecting IT
Systems.

Hacktivism

⦁ Another type of Hackers are Hacktivists, who try to broadcast

political or social messages through their work. A Hacktivist wants

19
 to raise public awareness of an issue. Examples of hacktivism are
the Web sites that were defaced with the Jihad messages in the
name of Terrorism.

Cyber Terrorist

⦁ There are Hackers who are called Cyber Terrorists, who attack
government computers or public utility infrastructures, such as
power stations and air-traffic-control towers. They crash critical
systems or steal classified government information. While in a
conflict with enemy countries some government start Cyber war via
Internet.

Why Hackers Hack?

⦁ The main reason why Hackers hack is because they can

hack. Hacking is a casual hobby for some Hackers — they
just hack to see what they can hack and what they can’t
hack, usually by testing their own systems. Many Hackers
are the guys who get kicked out of corporate and
government IT and security organizations. They try to bring
down the status of the organization by attacking or stealing
information.

⦁ The knowledge that malicious Hackers gain and the ego

that comes with that knowledge is like an addiction. Some
Hackers want to make your life miserable, and others
simply want to be famous. Some common motives of
malicious Hackers are revenge, curiosity, boredom,
challenge, theft for financial gain, blackmail, extortion, and
corporate work pressure.

20
 ⦁ Many Hackers say they do not hack to harm or profit
through their bad activities, which helps them justify their
work. They often do not look for money full of pocket. Just
proving a point is often a good enough reward for them.

Prevention from Hackers

⦁ What can be done to prevent Hackers from finding new

holes in software and exploiting them?

⦁ Information security research teams exist—to try to find

these holes and notify vendors before they are exploited.
There is a beneficial competition occurring between the
Hackers securing systems and the Hackers

breaking into those systems. This competition provides us with

better and stronger security, as well as more complex and
sophisticated attack techniques.

⦁ Defending Hackers create Detection Systems to track

attacking Hackers, while the attacking Hackers develop
bypassing techniques, which are eventually resulted in
bigger and better detecting and tracking systems. The net
result of this interaction is positive, as it produces smarter
people, improved security, more stable software, inventive
problem-solving techniques, and even a new economy.

⦁ Now when you need protection from Hackers, whom you

want to call, “The Ethical Hackers”. An Ethical Hacker
possesses the skills, mindset, and tools of a Hacker but is

21
 also trustworthy. Ethical Hackers perform the hacks as
security tests computer systems.

⦁ Ethical Hacking — also known as Penetration Testing or

White-Hat Hacking —involves the same Tools, Tricks and
Techniques that Hackers use, but with one major
difference: Ethical hacking is Legal.

⦁ Ethical hacking is performed with the target’s permission.

The intent of Ethical Hacking is to discover vulnerabilities
from a Hacker’s viewpoint so systems can be better
secured. Ethical Hacking is part of an overall information
Risk Management program that allows for ongoing security
improvements. Ethical hacking can also ensure that
vendors’ claims about the security of their products are
legitimate.

⦁ As Hackers expand their knowledge, so should you. You

must think like them to protect your systems from them.
You, as the ethical Hacker, must know activities Hackers
carry out and how to stop their efforts. You should know
what to look for and how to use that information to thwart
Hackers’ efforts.

⦁ You don’t have to protect your systems from everything.

You can’t.The only protection against everything is to
unplug your computer systems and lock them away so no
one can touch them—not even you. That’s not the best
approach to information security. What’s important is to

22
 protect your systems from known Vulnerabilities and
common Hacker attacks.

⦁ It’s impossible to overcome all possible vulnerabilities of

your systems. You can’t plan for all possible attacks —
especially the ones that are currently unknown which are
called Zero Day Exploits. These are the attacks which are
not known to the world. However in Ethical Hacking, the
more combinations you try — the more you test whole
systems instead of individual units — the better your
chances of discovering vulnerabilities.

Steps Performed By hackers

1) Reconnaissance

2) Scanning

3) Gaining Access

4) Maintaining Access

5) Clearing Tracks

• Performing Reconnaissance

• Scanning and Enumeration

• Gaining access

• Maintaining access and Placing Backdoors

23
• Covering tracks or Clearing Logs

Phase I: Reconnaissance

⦁ Reconnaissance can be described as the pre-attack phase

and is a systematic attempt to locate, gather, identify, and
record information about the target. The Hacker seeks to
find out as much information as possible about the target.

Phase II: Scanning and Enumeration

⦁ Scanning and enumeration is considered the second pre-

attack phase. This phase involves taking the information
discovered during reconnaissance and using it to examine
the network. Scanning involves steps such as intelligent
system port scanning which is used to determine open
ports and vulnerable services. In this stage the attacker can
use different automated tools to discover system
vulnerabilities.

Phase III: Gaining Access

⦁ This is the phase where the real hacking takes place.

Vulnerabilities discovered during the reconnaissance and
scanning phase are now exploited to gain access. The
method of connection the Hacker uses for an exploit can be
a local area network, local access to a PC, the Internet, or
offline. Gaining access is known in the Hacker world as
owning the system. During a real security breach it would
be this stage where the Hacker can utilize simple

24
 techniques to cause irreparable damage to the target
system.

Phase IV: Maintaining Access and Placing Backdoors

⦁ Once a Hacker has gained access, they want to keep that

access for future exploitation and attacks. Sometimes,
Hackers harden the system from other Hackers or security
personnel by securing their exclusive access with
Backdoors, Root kits, and Trojans.

⦁ The attacker can use automated scripts and automated

tools for hiding attack evidence and also to create
backdoors for further attack.

Phase V: Clearing Tracks

⦁ In this phase, once Hackers have been able to gain and

maintain access, they cover their tracks to avoid detection
by security personnel, to continue to use the owned
system, to remove evidence of hacking, or to avoid legal
action. At present, many successful security breaches are
made but never detected. This includes cases where
firewalls and vigilant log checking were in place.

Working of an ethical hacker

Obeying the Ethical Hacking Commandments:

⦁ Every Ethical Hacker must follow few basic principles. If he

do not follow, bad things can happen. Most of the time

25
 these principles get ignored or forgotten when planning or
executing ethical hacking tests. The results are even very
dangerous.

Working ethically:

⦁ The word ethical can be defined as working with high

professional morals and principles. Whether you’
performing ethical hacking tests against your own systems
or for someone who has hired you, everything you do as an
ethical Hacker must be approved and must support the
company’s goals. No hidden agendas are allowed!
Trustworthiness is the ultimate objective. The misuse of
information is absolutely not allowed. That’s what the bad
guys do.

Respecting privacy:

⦁ Treat the information you gather with complete respect. All

information you obtain during your testing — from Web
application log files to clear-text passwords — must be kept
private.

Not crashing your systems:

⦁ One of the biggest mistakes is when people try to hack

their own systems; they come up with crashing their
systems. The main reason for this is poor planning. These
testers have not read the documentation or misunderstand

26
 the usage and power of the security tools and techniques.

⦁ You can easily create miserable conditions on your systems

when testing. Running too many tests too quickly on a
system causes many system lockups. Many security
assessment tools can control how many tests are
performed on a system at the same time. These tools are
especially handy if you need to run the tests on production
systemsduring regular business hours.

⦁ Executing the plan:

⦁ In Ethical hacking, Time and patience are important. Be

careful when you’re performing your ethical hacking tests.
A Hacker in your network or an employee looking over your
shoulder may watch what’s going on. This person could use
this information against you. It’s not practical to make sure
that no Hackers are on your systems before you start. Just
make sure you keep everything as quiet and private as
possible.

⦁ This is especially critical when transmitting and storing your

test results. You’re now on a reconnaissance mission. Find
as much information as possible about your organization
and systems, which is what malicious Hackers do. Start with
a broad view of mind and narrow your focus. Search the
Internet for your organization’s name, your computer and
network system names, and your IP addresses. Google is a
great place to start for this.

27
 ⦁ Don’t take ethical hacking too far, though. It makes little
sense to harden your systems from unlikely attacks. For
instance, if you don’t have an internal Web server running,
you may not have to worry too much about. However,
don’t forget about insider threats from malicious
employees or your friends or colleagues!

2. Email hacking

How Email Works?

⦁ Email sending and receiving is controlled by the Email

servers. All Email service providers configure Email Server
before anyone can Sign into his or her account and start
communicating digitally.

⦁ Once the servers are ready to go, users from across the
world register in to these Email servers and setup an Email
account. When they have a fully working Email account,
they sign into their accounts and start connecting to other
28
 users using the Email services. Email Travelling Path

⦁ Let’s say we have two Email providers, one is Server1.com

and other is Server2.in, ABC is a registered user in
Server1.com and XYZ is a registered user in Server2.in.

⦁ ABC signs in to his Email account in Server1.com, he then

writes a mail to the xyz@server2.in and click on Send and
gets the message that the Email is sent successfully.

⦁ But what happens behind the curtains, the Email from the
computer of abc@server1.com is forwarded to the Email
server of Server1.com. Server1 then looks for server2.in on
the internet and forwards the Email of the server2.in for
the account of XYZ. Server2.in receives the Email from
server1.com and puts it in the account of XYZ.

⦁ XYZ then sits on computer and signs in to her Email

account. Now she has the message in her Email inbox.

29
Email Service Protocols

SMTP

⦁ SMTP stands for Simple Mail Transfer Protocol. SMTP is

used when Email is delivered from an Email client, such as
Outlook Express, to an Email server or when Email is
delivered from one Email server to another. SMTP uses
port 25.

POP3

⦁ POP3 stands for Post Office Protocol. POP3 allows an Email

30
 client to download an Email from an Email server. The
POP3 protocol is simple and does not offer many features
except for download. Its design assumes that the Email
client downloads all available Email from the server,
deletes them from the server and then disconnects. POP3
normally uses port 110.

IMAP

⦁ IMAP stands for Internet Message Access Protocol. IMAP

shares many similar features with POP3. It, too, is a
protocol that an Email client can use to download Email
from an Email server. However, IMAP includes many more
features than POP3. The IMAP protocol is designed to let
users keep their Email on the server. IMAP requires more
disk space on the server and more CPU resources than
POP3, as all Emails are stored on the server. IMAP normally
uses port 143.

Configuring an Email Server

⦁ Email server software like Post cast Server, Hmailserver,

Surge mail, etc. can be used to convert your Desktop PC
into an Email sending server.

⦁ HMailServer is an Email server for Microsoft Windows. It

allows you to handle all your Email yourself without having
to rely on an Internet service provider (ISP) to manage it.
Compared to letting your ISP host your Email, HMailServer
adds flexibility and security and gives you the full control

31
 over spam protection.

Email Security

⦁ Now let’s check how secure this fast mean of

communication is. There are so many attacks which are
applied on Emails. There are people who are the masters of
these Email attacks and they always look for the innocent
people who are not aware of these Email tricks and ready
to get caught their trap.

⦁ You have to make sure that you are not an easy target for
those people. You have to secure your Email identity and
profile, make yourself a tough target.

⦁ If you have an Email I’d Do not feel that it does not matters
if hacked because there is no important information in that
Email account, because you do not know if someone gets
your Email id password and uses your Email to send a
threatening Email to the Ministry or to the News Channels.

⦁ Attacker is not bothered about your data in the Email. He

just wants an Email ID Victim which will be used in the
attack. There are a lots of ways by which one can use your
Email in wrong means, i am sure that you would have come
across some of the cased where a student gets an Email
from his friends abusing him or cases on Porn Emails where
the owner of the Email does not anything about the sent
Email

32
Email Spoofing

⦁ Email spoofing is the forgery of an Email header so that the

message appears to have originated from someone or
somewhere other than the actual source. Distributors of
spam often use spoofing in an attempt to get recipients to
open, and possibly even respond to, their solicitations.
Spoofing can be used legitimately.

⦁ There are so many ways to send the Fake Emails even

without knowing the password of the Email ID. The Internet
is so vulnerable that you can use anybody's Email ID to
send a threatening Email to any official personnel.

Methods to send fake Emails

⦁ Open Relay Server

⦁ Web Scripts

Fake Emails: Open Relay Server

⦁ An Open Mail Relay is an SMTP (Simple Mail Transfer

Protocol) server configured in such a way that it allows
anyone on the Internet to send Email through it, not just
mail destined ‘To’ or ‘Originating’ from known users.

⦁ An Attacker can connect the Open Relay Server via Telnet

and instruct the server to send the Email.

⦁ Open Relay Email Server requires no password to send the

33
 Email.

Fake Emails: via web script

⦁ Web Programming languages such as PHP and ASP contain

the mail sending functions which can be used to send
Emails by programming Fake headers i.e.” From: To:
Subject:”

⦁ There are so many websites available on the Internet which

already contains these mail sending scripts. Most of them
provide the free service.

⦁ Some of Free Anonymous Email Websites are:

⦁ www.Mail.Anonymizer.name (Send attachments as well)

⦁ www.FakEmailer.net

⦁ www.FakEmailer.info

⦁ www.Deadfake.com

⦁ www.hackingtech.co.tv/index/0-93

PHP Mail sending script

34
Consequences of fake emails

⦁ Email from your Email ID to any Security Agency declaring a

Bomb Blast can make you spend rest of your life behind the
iron bars.

⦁ Email from you to your Girlfriend or Boyfriend can cause

Break-Up and set your friend’s to be in relationship.

⦁ Email from your Email ID to your Boss carrying your

Resignation Letter or anything else which you can think of.

⦁ There can be so many cases drafted on Fake Emails.

Proving a fake Email

⦁ Every Email carry Header which has information about the

Travelling Path of the Email

⦁ Check the Header and Get the location from the Email was

35
 Sent

⦁ Check if the Email was sent from any other Email Server or
Website

⦁ Headers carry the name of the Website on which the mail

sending script was used.

Email Bombing

⦁ Email Bombing is sending an Email message to a particular

address at a specific victim site. In many instances, the
messages will be large and constructed from meaningless
data in an effort to consume additional system and
network resources. Multiple accounts at the target site may
be abused, increasing the denial of service impact.

Email Spamming

⦁ Email Spamming is a variant of Bombing; it refers to

sending Email to hundreds or thousands of users (or to lists
that expand to that many users). Email spamming can be
made worse if recipients reply to the Email, causing all the
original addressees to receive the reply. It may also occur
innocently, as a result of sending a message to mailing lists
and not realizing that the list explodes to thousands of
users, or as a result of a responder message (such as
vacation(1)) that is setup incorrectly.

Email Password Hacking

36
 ⦁ There is no specified attack available just to hack the
password of Email accounts. Also, it is not so easy to
compromise the Email server like Yahoo, Gmail, etc.

⦁ Email Password Hacking can be accomplished via some of

the Client Side Attacks. We try to compromise the user and
get the password of the Email account before it reaches the
desired Email server.

⦁ We will cover many attacks by the workshop flows, but at

this time we will talk about the very famous 'Phishing
attack'.

Phishing

⦁ The act of sending an Email to a user falsely claiming to be

an established legitimate enterprise in an attempt to scam
the user into surrendering private information that will be
used for identity theft.

⦁ The Email directs the user to visit a Web site where they
are asked to update personal information, such as
passwords and credit card, social security, and bank
account numbers, that the legitimate organization already
has. The Web site, however, is Bogus and set up only to
steal the User’s information.

37
Phishing scams could be

⦁ Emails inviting you to join a Social Group, asking you to

Login using your Username and Password.

⦁ Email saying that Your Bank Account is locked and Sign in

to Your Account to Unlock IT.

⦁ Emails containing some Information of your Interest and

asking you to Login to Your Account.

⦁ Any Email carrying a Link to Click and asking you to Login.

38
Prevention against Phishing

⦁ Read all the Email Carefully and Check if the Sender is

Original

⦁ Watch the Link Carefully before Clicking

⦁ Always check the URL in the Browser before Signing IN to

your Account Always Login to Your Accounts after
opening the Trusted Websites, not by Clicking in any other
Website or Email.

Email Tracing

⦁ Tracing an Email means locating the Original Sender and

Getting to know the IP address of the network from which
the Email was actually generated.

⦁ To get the information about the sender of the Email we

first must know the structure of the Email.

⦁ As we all know the travelling of the Email. Each message

39
 has exactly one header, which is structured into fields. Each
field has a name and a value. Header of the Email contains
all the valuable information about the path and the original
sender of the Email.

⦁ For tracing an email Address You need to go to your email

account and log into the email which you want to trace
after that you have to find the header file of the email
which is received by you.

⦁ You will get Source code of the email.

⦁ For Rediff mail-

⦁ For Yahoo mail

40
 ⦁ For Gmail-

⦁ Now see from bottom to top and the first IP address you
find is the IP address of the sender. Once you have the IP
Address of the sender, go to the URL www.ip2location.com
and Find the location of the IP Address

And you are done we have traced the person.....

41
And from where he had sent the email. Keystroke loggers

⦁ Keystroke Loggers (or Key loggers) intercept the Target’s

keystrokes and either saves them in a file to be read later,
or transmit them to a predetermined destination accessible
to the Hacker.

⦁ Since Keystroke logging programs record every keystroke

typed in via the keyboard, they can capture a wide variety
of confidential information, including passwords, credit
card numbers, and private Email correspondence, names,
addresses, and phone numbers.

⦁ Types of keyloggers

⦁ Hardware keylogger

⦁ Software keylogger

⦁ Some Famous keyloggers

⦁ Actual Spy

⦁ Perfect Keylogger

⦁ Family Keylogger

⦁ Home Keylogger

⦁ Soft Central Keylogger

⦁ Adramax Keylogger

42
Securing your Email account

⦁ Always configure a Secondary Email Address for the

recovery purpose.

⦁ Properly configure the Security Question and Answer in the

Email Account.

⦁ Do Not Open Emails from strangers.

⦁ Do Not Use any other’s computer to check your Email.

⦁ Take Care of the Phishing Links.

⦁ Do not reveal your Passwords to your Friends or Mates.

3. Windows Hacking and Security Security Architecture of
Windows

⦁ There are three components of Windows Security:

LSA (Local Security Authority)

SAM (Security Account Manager)

SRM (Security Reference Monitor)LSA (Local Security Authority)

43
⦁ LSA is the Central Part of NT Security. It is also known as
Security Subsystem. The Local Security Authority or LSA is a
key component of the logon process in both Windows NT
and Windows 2000. In Windows 2000, the LSA is
responsible for validating users for both local and remote
logons. The LSA also maintains the local security policy.

⦁ During the local logon to a machine, a person enters his

name and password to the logon dialog. This information is
passed to the LSA, which then calls the appropriate
authentication package. The password i s sent in a non-
reversible secret key format using a one-way hash function.
The LSA then queries the SAM database for the User’s
account information. If the key provided matches the one in
the SAM, the SAM returns the users SID and the SIDs of any
44
 groups the user belongs to. The LSA then uses these SIDs to
generate the security access token

SAM (Security Account Manager)

⦁ The Security Accounts Manager is a database in the

Windows operating system (OS) that contains user names
and passwords. SAM is part of the registry and can be
found on the hard disk.

⦁ This service is responsible for making the connection to the

SAM database (Contains available user-accounts and
groups). The SAM database can either be placed in the local
registry or in the Active Directory (If available). When the
service has made the connection it announces to the
system that the SAM-database is available, so other
services can start accessing the SAM-database.

⦁ In the SAM, each user account can be assigned a Windows

password which is in encrypted form. If someone attempts
to log on to the system and the user name and associated
passwords match an entry in the SAM, a sequence of
events takes place ultimately allowing that person access to
the system. If the user name or passwords do not properly
match any entry in the SAM, an error message is returned
requesting that the information be entered again.

⦁ When you make a New User Account with a Password, it

gets stored in the SAM File.

45
 ⦁ Windows Security Files are located at “C:\Windows
\System32\Config\SAM”

⦁ The moment operating system starts, the SAM file becomes

inaccessible.

SRM (Security Reference Monitor)

⦁ The Security Reference Monitor is a security architecture

component that is used to control user requests to access
objects in the system. The SRM enforces the access
validation and audit generation. Windows NT forbids the
direct access to objects. Any access to an object must first
be validated by the SRM. For example, if a user wants to
access a specific file the SRM will be used to validate the
request. The Security Reference Monitor enforces access
validation and audit generation policy.

⦁ The reference monitor verifies the nature of the request

against a table of allowable access types for each process
on the system. For example, Windows 3.x and 9x operating
systems were not built with a reference monitor, whereas
the Windows NT line, which also includes Windows 2000
and Windows XP, was designed with an entirely different
architecture and does contain a reference monitor.
Windows user account architecture

⦁ User account passwords are contained in the SAM in the

Hexadecimal Format called Hashes.

46
 ⦁ Once the Passwords converted in Hashes, you cannot
convert back to the Clear Text.

Cracking Windows User Account password

⦁ Passwords are Stored and Transmitted in an encrypted

form called a Hash. When a User logs on to a system and
enters a password, a hash is generated and compared to a
47
 stored hash. If the entered and the stored hashes match,
the user is authenticated (This is called the
Challenge/Response).

⦁ Passwords may be cracked manually or with automated

tools such as a Brute-force method or the Rainbow Table
attack.

48
⦁ In this if we put the password and windows vey the
password we entered on teen with the file in which the
49
 password is stored of ours.

⦁ This is stored in a file named SAM

⦁ It is shown in the picture above. Now we need to attack this

file.

⦁ For this we need to open this file but it is not possible as it

is in process by the computer from its start up.

⦁ And we suppose that the file opens then also we cannot

see the passwords stored in it because they are encrypted
in the form of HASHES.

⦁ And they and not be decrypted. Ad it is the hardest

encryption done and decryption is not easy. But it is not
impossible.

50
 ⦁ We Need a Bootable CD named Hiren boot and Can Crack
the Password. But Another Attack – Go to C:\Windows
\System32\

⦁ Copy the File cmd.exe to desktop and rename it to

sethc.exe

⦁ Now copy the file sethc.exe to C:\Windows\System32\ and

will give an error, give that error YES. And replace it. Now
You Are Done.

⦁ Now At the Login Screen Press SHIFT Key 5 times and a

beep Sound will come and Command prompt will open.

⦁ In the command prompt type “explorer.exe” and Hit Enter

a desktop will open in the tab mode. Use The Computer
Unlimited….

1) To see all the account present on the computer TYPE ON

CMD [NET USER]

2) To change the password without knowing the old

password.[NET USER ADMIN*]

3) To make a new user account. [Net user hacker /add]

4) To Delete the Existing user account.[ Net user hacker /delete]

5) To make a hidden account in computer.***** { Works only in

windows XP}

[Net user hacker /add]

51
[Net local group users hacker /delete]

⦁ Note: - To login to this Hidden Account Press (ONLY FOR

WINDOW XP)

⦁ Ctrl + Alt + Delete + Delete

⦁ And give the hidden user name in the user name field and
password respectively.

⦁ And the above are to be executed in command prompt. And

the hacker indicates the respective user name. Or the name
of the account.

Counter Measures of Windows Attack.

1) Change the Boot Sequence in the BIOS setup. Keep Hard Disk
As 1st boot drive, then CD/DVD drive as 2nd boot device &
Removable port as the 3rd boot device.

2) Put the BIOS password.

3) Put the physical Lock behind the cabinet of PC. (Put Lock).

To hide a file behind an image.

To hide a file behind a image file which means that if any one
opens that image he will see the image only but if you open in a
special way then you can open the hidden file behind the image.
So to hide the file behind a image open CMD.exe

52
1) Select an image to be used for hiding file behind the image.

2) Now select a file to hide behind the image and make it in .RAR
format. With the help of the WinRAR.

3) And most important is that paste both the files on desktop and
run the following command on the command prompt.

4) And then type the following command.cd desktop

[Copy /b imagename.jpg + filename.rar finalnameofimage.jpg]

53
And then hit enter the file will be created with the file final file
name of the image.

Make a Private Folder

54
 To make Private folder which nobody can open, delete, see
properties, rename. To make such a folder you need to make a
folder with any name. For example- manthan on desktop. And
then open command prompt and then type the following
command on the screen.

Then type

And hit enter the folder is locked To open the folder just: replace
with: f

And the folder is opened Cd desktop [ Cacls folder /E /P

everyone:n]

And hit enter the folder is locked

To open the folder just: replace with: f

And the folder is opened

55
To run net user in Vista and Windows 7

⦁ Go to Start > Type CMD in Search Box

⦁ Right Click on CMD Icon and choose the option “Run as

administrator”

56
Brute force password guessing is just what it sounds like: trying a
random approach by attempting different passwords and hoping
that one works. Some logic can be applied by trying passwords
related to the person’s name, job title, hobbies, or other similar
items.

57
 ⦁ Brute force randomly generates passwords and their
associated hashes.

⦁ There are tools available to perform the Brute force attack

on the Windows SAM File. Most famous tool available for
Windows User Account Password Brute forcing is Cain and
Abel. Another one is Sam Inside.

Rainbow Table Attack

⦁ Rainbow Table Attack trades off the time-consuming process

of creating all possible password hashes by building a table
of hashes in advance of the actual crack. After this process is
58
 finished, the table, called a rainbow table, is used to crack
the password, which will then normally only take a few
seconds.

⦁ We can use the Live CD to crack the Windows password

using the Rainbow table attack technique. Most famous Live
CD available is Oph Crack.

Oph Crack

Counter Measures for Windows Attack

59
Creating Backdoors for windows

Creating Hidden Accounts.

⦁ Use the Net User Command to Create a Hidden Account in

Windows: Net User Hidden user /add

⦁ And then use the Command Net Local group Users Hidden
user /delete

⦁ Log Off the Current User, Press ALT+CTRL+DEL combination

2 times to get the ‘Classic Windows User Login Screen’

⦁ Type the Username as Hidden user and Hit Enter, you will
get Logged In Sticky Keys Backdoor.

⦁ Sticky Keys application can be used as the Backdoor in

Windows Operating System.

60
 ⦁ Command Prompt file ‘CMD.EXE’ can be renamed to
‘SETHC.EXE’ in C:\Windows\System32 Folder.

“This trick will not work in Windows Vista and Windows 7”.

⦁ After this one can hit the Shift Key 5 times on the User Login
Screen and will get the Command Prompt right there. Net
User command can be used to modify User Accounts
thereafter.

Change the Boot Sequence

⦁ You should change the boot sequence in the BIOS so that

your computer is not configured to boot from the CD first. It
should be configured as Hard Disk as the First Boot Device.

⦁ This will protect your computer from the attacking Live CDs.

61
 ⦁ You may press Del or F2 Key at the System Boot to go to the
BIOS Setup.

4. Trojans in Brief

62
This tutorial will include the understanding concept of Trojan,
Dangers created by Trojans, how they can come to your
computer, how do they destroy you and your data. How many
types of Trojans are there, how Trojans are attached behind other
applications and finally the most important, Detection of Trojan
on your computer and their prevention to safeguard your system
and your data.

Knowing the Trojan

A Trojan is a malicious program misguided as some very important

application. Trojans comes on the backs of other programs and
are installed on a system without the User’s knowledge. Trojans
are malicious pieces of code used to install hacking software on a
target system and aid the Hacker in gaining and retaining access
to that system. Trojans and their counterparts are important
pieces of the Hacker’s tool-kit.Trojans is a program that appears
63
to perform a desirable and necessary function but that, because
of hidden and unauthorized code, performs functions unknown
and unwanted by the user. These downloads are fake programs
which seems to be a original application, it may be a software like
monitoring program, system virus scanners, registry cleaners,
computer system optimizers, or they may be applications like
songs, pictures, screen savers, videos, etc..

64