Hacking Any PC using IP Address

Literally, hacking is to get something or someone on the internet without their consent or interest. While speaking of a short, hacking is a very easy job, it is as if instead of the using front door, finding a hidden door of a house and the seizure of valuables(hijacking the precious things). Among the main hacking, hacking through the IP address is one of the most common yet with a powerful beggining.

You may want to hack the website and put your advertisement there or grab some database information.
In this type of hacking, you are playing with the web server’s computer instead of the administrator’s computer.
Because for eg. www.website.com is in a separate Web server instead of the personal computer.

Another might be to access the computer of your friend from your home. Again, based on IP, and it is only possible when your friend’s computer is online. If it is off or not connected to the Internet, allowing external IP hacking(remote IP Hacking) is quite impossible.

Well, both have the same process. So Let's summarize what we should do.

First Of All Confirm the site or the computer you wanna hack.

1. Discover or trace their IP addresses.

2. Verify that the IP address is online

3. Scan open ports

4. Check the doors Venerability(for venerable ports)

5. Access through the door(probably the port).

6. Brute force username and password

Now let me just briefly describe the basic steps that a child can also understand if you didnt get.

First, get the IP address of the victim.

To get the IP address of the victim's website, ping for it in command prompt.

For example,

ping www.google.com
=>
To retrieve the IP address of google.com

That's how we can get the IP address of the victim's website.

What about your friend's PC? You can't do www.yourfriendname.com, huh?
Finding the IP address of your friend's PC is a bit complicated and most difficult, if it has a dynamic IP address, which changes constantly.

A common method to detect the IP address of your friend is talking to him.

Go Here From your Friend's Computer:
http://www.tracemyip.org/
From Here You Can Check Out His IP-Address & Note It Down somewhere.

Now, did you have the IP address?
If yes then do check it out if he/she's online? ITo know the online status just ping the IP address, if it is online it will reply.

If the IP address is online, scan for the open ports. Open ports are like closed doors, without locks, you can get in and out easily.

Use the Advanced Port Scanner to scan all open and venerable ports/doors.

Now that you have the IP address and open port of the victim, now you can use telnet to try to access it. 

Make sure you have telnet enabled on your computer or install it from:
Control Panel > Add or Remove Programs > Add Windows Components

Then open command prompt and use the telnet command to access the IP address.
Use the following syntax for the connection.

You will be prompted for login information.

If you can easily guess the information then it's okay. Or you can use some brute force tools below.

1. Brutus

Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - is also free. It 'available for Windows 9x, NT and 2000, there is no UN * X version available although it is possible at some point in the future. This Windows-only cracker bangs against network services of remote systems trying to guess passwords using a dictionary and its permutations. It supports HTTP, POP3, FTP, SMB, Telnet, IMAP, NTP, and more.

Platform: Windows

2. THC-HYDRA

This tool enables the rapid dictionary attacks against systems connecting to the network, including FTP, POP3, IMAP, Net-bios, Telnet, HTTP authentication, LDAP NNTP, VNC, ICQ, SOCKS5, PCNFS, and more. Includes SSL support and is apparently now part of Nessus.

Platform: UNIX , Windows

3. TSGrinder

TSGrinder terminal server is the first gross instrument of force. The main idea is that the administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel for the process of TS Logon that helps to keep IDS from catching the attempts. This is a "dictionary" based attack tool, but has some interesting features like "1337" conversion and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same way, and lets you specify how often you try a combination of username / password on a particular connection.

Website Hijacking

Okay! Here I go…
Every website that you visit or every website that is completely well available in the net obviously has somebody controlling it. I guess you call the guy ADMIN ?
Alright so does the admin sit there at the other end and wait for you to enter login ID and password and then check it out with his collection and allows or denies permission to access ?
Is it the case ?
Obviously “NO” would be the reply, the admin has a control panel as in case of your PC you have a control panel where you have designed and predefined things to manage your system. The same goes here the control panel is the mother of any website where the admin acts as a very good obedient kid. The control gives a database to the admin to store all the ID’s and passwords and when you try logging in you enter the ID and password which is then approved by the website database storing the ID’s and passwords.
Hence we all know that human are more intelligent than machine as we created machine so we can cheat the machine, that is we bypass the database procedure in some cases and in some cases we cheat the machine and upload our shells or deface the website or in some cases the worst is we poke and poke and poke the database using database management system technique and steal all the information from the database and gain access to the website. Have you guys not seen movies where one guy gets the other guy drunk and flatter him and acquire the required info ? That is the same in this case 3 too. We name this cases like the first case is called kidding where you bypass the asp governed sites, the second is XSS (cross site scripting method) and 3rd is the SQLi (my sequel commands injection).
Now how many of you are aware of binary coding ?
Well I am here for the one’s who haven’t yet.
Binary coding is in terms of 0′s and 1′s for every single thing we type as this is only what the system understands actually. even for ON ad OFF its o for OFF and 1 for ON.
in case of TRUE-FALSE o for FALSE and 1 represents TRUE.
so we’ll move direct to the first hijacking method that is KIDDING or call it KIDDO method:
usually the admins are a bit more intelligent as they have been gifted with few extra pounds of brain by their mother, so they use their login page as followed by domain name:
/ADMIN
/admin
/Admin
/Administrator
/administrator
/ADMINISTRATOR.
Now whats the password how do we find that out? In fact who cares and why should we waste our limited pounds brain finding the password for an asp governed website when we can simply bypass the database.
Lets see how…
There are few gates that you must know before you attempt the bypass method:
AND gate and OR gate, as the name suggest AND similar to ADD (so this gate multiplies any two input and returns the output)
where as the OR gate adds the inputs and returns the output value correspondingly.

Now we bypass the password using these tables making the database to read this conditions instead of typing the password and then the machine converts it to binary and then checks it out, we simply give it the binary codes directly and make the machine check the condition and give us access!
Remember this bypass is for asp governed site only so lets take an asp governed site and show it to you:
Go to Google and search for  asp login site and type the username/user ID as types I have mentioned above and in place of password try bypassing it using this method.
0 ‘or’ 0 ‘=’ 0 and hit enter you are either logged in or denied, if denied then try
1 ‘or’ 1 ‘=’ 1 and enter :)
Enjoy this, you have the entire tables above ;)
Then XSS and SQLi are too big to be posted in this post so it will be posted in my next post following thing… Hope you enjoy by then :)

XPath is a language that has been designed and developed to operate on data that is described with XML. The XPath injection allows an attacker to inject XPath elements in a query that uses this language. Some of the possible goals are to bypass authentication or access information in an unauthorized manner.

We are gonna learn using simple example. Download code from here & put it in your local server directory.

XPATH Injection Tutorial

XPath is a language that has been designed and developed to operate on data that is described with XML. The XPath injection allows an attacker to inject XPath elements in a query that uses this language. Some of the possible goals are to bypass authentication or access information in an unauthorized manner.

We are gonna learn using simple example. Download code from here & put it in your local server directory.

Sample XML Document which we gonna use:-

<Employees>
<!-- Employees Database -->
  <Employee ID="1">
    <FirstName>Johnny</FirstName>
    <LastName>Bravo</LastName>
    <UserName>jbravo</UserName>
    <Password>test123</Password>
    <Type>Admin</Type>
  </Employee>
  <Employee ID="2">
    <FirstName>Mark</FirstName>
    <LastName>Brown</LastName>
    <UserName>mbrown</UserName>
    <Password>demopass</Password>
    <Type>User</Type>
  </Employee>
  <Employee ID="3">
    <FirstName>William</FirstName>
    <LastName>Gates</LastName>
    <UserName>wgates</UserName>
    <Password>MSRocks!</Password>
    <Type>User</Type>
  </Employee>
  <Employee ID="4">
    <FirstName>Chris</FirstName>
    <LastName>Dawes</LastName>
    <UserName>cdawes</UserName>
    <Password>letmein</Password>
    <Type>User</Type>
  </Employee>
</Employees>

Bypass Authentication:-

Browse to the login.php page; here we can see simple login form.

If the application does not properly filter such input, the tester will be able to inject XPath code and interfere with the query result. For instance, the tester could input the following values:

Username: ' or '1' = '1
Password:  ' or '1' = '1

Looks quite familiar, doesn't it? Using these parameters, the query becomes:

string(//Employee[uname/text()='' or '1' = '1' and passwd/text()='' or '1' = '1']/account/text())

As in a common SQL Injection attack, we have created a query that is always evaluated as true, which means that the application will authenticate the user even if a username or a password have not been provided.

Blind Xpath Injection:-

If there is no knowledge about the XML data internal details and if the application does not provide useful error messages that help us reconstruct its internal logic, it is possible to perform a Blind XPath Injection attack whose goal is to reconstruct the whole data structure.

Browse to the search.php page. Enter any number, When you provide number it will display FirstName related to their ID.

Enter ' or '1' = '1 in search , & you will get all FirstName regardless of any ID(Number).

In blind Xpath injection we have to provide special crafted query to application, if query is true we will get result otherwise we will not get any result.Till now We don`t know about any parent or child node of XML document.

Guessing of parent node:-

Supply following query to application & observe result.

' or substring(name(parent::*[position()=1]),1,1)='a

Nothing append , we don`t get FirstName of users.It means first letter of parent node is not "a". Now supply following query

' or substring(name(parent::*[position()=1]),1,1)='E

You get result , It means first letter of parent node is "E"

To guess second letter of parent node supply following query

' or substring(name(parent::*[position()=1]),2,1)='m

Following the same procedure, we can extract the full name of the parent node, which was found to be 'Employee'.

We can also get child node. Browse to the xpath.php page & enter following query.

//Employee[position()=3]/child::node()[position()=4]/text()

You got output from parent node Employee id 3 & child node whose position is 2.

To get whole document put following query.

//Employee

It`s just concept how to retrieve data from XML document using XPATH injection.XPath contains two useful functions that can help you automate the preceding attack and quickly iterate through all nodes and data in the XML document:

• count() returns the number of child nodes of a given element, which can be used to determine the range of position() values to iterate over.
•  string-length() returns the length of a supplied string, which can be used to determine the range of substring() values to iterate over.

I used recon-ng xpath bruteforcer for xpath injection attack & we will get back end XML file.

Useful Links & Blind XPATH injection Tools:-

https://www.owasp.org/index.php/XPATH_Injection

https://www.owasp.org/index.php/Blind_XPath_Injection

Creating custom username list & wordlist for bruteforciing.

During brute-forcing every time you need custom  password list & username list. Username list is as well as important as password list, it should be unique for every organization.If we use traditional large number of username list , then it will be tedious process.Custom username list also useful in username enumeration.

Creating custom username list:-

(1)Jigsaw:-
During information gathering stage , you may use jigsaw script. It is great script for gathering employees `s details like full-name, position, department, email addresses.You should use script with your jigsaw credential.

some times email address`s initial can be username of employee.So you can get different username from output of jigsaw script.

 (2)Username script:-

If you have full name of users then you can use username.py script to generate possible username by using different combination of first name & last name.

I also write bash script which generate possible username using first name, last name & birth date.

Creating Custom word list:-

 

(1)Cewl:-

Custom Word List generator. CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words.

(2)Wyd:-

wyd is a password profiling tool that extracts words/strings from supplied files and directories. It parses files according to the file-types and extracts the useful information, e.g. song titles, authors and so on from mp3's or descriptions and titles from images.

(3)Cupp:-

People spend a lot of time preparing for effective dictionary attack. Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password.

 

Building your first Android application....

Welcome to Android application development!!!!!!!!!!!!


This post will help you how to build your first Android app. You’ll learn how to create an Android project and run a debuggable version of the app. You'll also learn some fundamentals of Android app design, including how to build a simple user interface and handle user input.

Before you start, be sure you have your development environment set up. You need to:

1. Download the Android SDK.
2. Install the ADT plugin for Eclipse (if you’ll use the Eclipse IDE).
3. Download the latest SDK tools and platforms using the SDK Manager.

 If you haven't already done these tasks, start by downloading the Android SDK and following the install steps. Once you've finished the setup, you're ready to begin.....

1. Click New in the toolbar.
2. In the window that appears, open the Android folder, select Android Application Project, and click Next.

Figure 1. The New Android App Project wizard in Eclipse.
3. Fill in the form that appears:
   • Application Name is the app name that appears to users. For this project, use "My First App."
   • Project Name is the name of your project directory and the name visible in Eclipse.
   • Package Name is the package namespace for your app (following the same rules as packages in the Java programming language). Your package name must be unique across all packages installed on the Android system. For this reason, it's generally best if you use a name that begins with the reverse domain name of your organization or publisher entity. For this project, you can use something like "com.example.myfirstapp." However, you cannot publish your app on Google Play using the "com.example" namespace.
   • Minimum Required SDK is the lowest version of Android that your app supports, indicated using the API level. To support as many devices as possible, you should set this to the lowest version available that allows your app to provide its core feature set. If any feature of your app is possible only on newer versions of Android and it's not critical to the app's core feature set, you can enable the feature only when running on the versions that support it (as discussed in Supporting Different Platform Versions). Leave this set to the default value for this project.
   • Target SDK indicates the highest version of Android (also using the API level) with which you have tested with your application. As new versions of Android become available, you should test your app on the new version and update this value to match the latest API level in order to take advantage of new platform features.
     
   • Compile With is the platform version against which you will compile your app. By default, this is set to the latest version of Android available in your SDK. (It should be Android 4.1 or greater; if you don't have such a version available, you must install one using the SDK Manager). You can still build your app to support older versions, but setting the build target to the latest version allows you to enable new features and optimize your app for a great user experience on the latest devices.
   • Theme specifies the Android UI style to apply for your app. You can leave this alone.
   Click Next.
   
4. On the next screen to configure the project, leave the default selections and click Next.
5. The next screen can help you create a launcher icon for your app. You can customize an icon in several ways and the tool generates an icon for all screen densities. Before you publish your app, you should be sure your icon meets the specifications defined in the Iconography design guide.
   Click Next.
   
6. Now you can select an activity template from which to begin building your app. For this project, select BlankActivity and click Next.
   
7. Leave all the details for the activity in their default state and click Finish.

Your Android project is now a basic "Hello World" app that contains some default files. To run the app,How you run your app depends on two things: whether you have a real Android-powered device and whether you're using Eclipse. This lesson shows you how to install and run your app on a real device and on the Android emulator, and in both cases with either Eclipse or the command line tools.

Whether you're using Eclipse or the command line, to run your app on the emulator you need to first create an Android Virtual Device (AVD). An AVD is a device configuration for the Android emulator that allows you to model different devices.

Figure 1. The AVD Manager showing a few virtual devices.

To create an AVD:

1. Launch the Android Virtual Device Manager:
   1. In Eclipse, click Android Virtual Device Manager from the toolbar.
   2. From the command line, change directories to <sdk>/tools/ and execute:

      android avd

2. In the Android Virtual Device Manager panel, click New.
3. Fill in the details for the AVD. Give it a name, a platform target, an SD card size, and a skin (HVGA is default).
4. Click Create AVD.
5. Select the new AVD from the Android Virtual Device Manager and click Start.
6. After the emulator boots up, unlock the emulator screen.

To run the app from Eclipse:

1. Open one of your project's files and click Run from the toolbar.
2. In the Run as window that appears, select Android Application and click OK.

Eclipse installs the app on your AVD and starts it.

Enjoy developing....