Thursday, April 26, 2012

My book on hacking A guide, A representation of todays condition of cyber lif3 of hackers

hi guys wassup i was a skid before but i left that path and went in the search of truth and knowledge. SQL injection is fun but then i realized that thats not true hacking and now i am changed....... Looking at the current condition of skids and new beginners i wrote a small book to start with. it does not contain any article,tutorial,or 0day exploits it contains real life and experiences that are experienced by young hackers it contains inspirational things that will help people a lot. hope you like it. my main motive was to direct young progressing hackers to a path that will lead to a good hacking carrier omg too much philosophy :P but its important too download

Monday, April 23, 2012

How to become d0x pr00f

hi friends after exams i am free now will write some posts. yesterday i saw 1 one of my friends exposing s3rverexe. and s3rverexe also tried to expose him but failed. so today i will give you some tips on not letting your identities exposed. so first never share any information on forums, dating sites. matrimonial websites, or not even Facebook as now Google indexes its posts and comments. and be aware of adding unknown friend in your real account and never put a connection between your real and fake account. mostly if you are in INDIA you don't need to worry much as there are not any public records. but for countries like USA there are sites which have many information about you by credit-card etc.
Only hiding everything is not fun always. sometimes even misdirection also makes fun.
real life example. i tired to get information about coded32 i googled his name i got his threads and in one thread i saw that he posted his university results then i thought that there was someone of similar profile on facebook. he had chosen a person similar to his behavior,living place(old ), and university. that was a type of misdirection
so you can also try it on others and secure your identity online. this becomes important after passing of CISPA.
stay saFE.

Saturday, April 7, 2012

Introduction to SCADA hacking

hi guys wassup today i will tell you about SCADA hacking some other reosurces 

so first what is SCADA ? its abbreviated as Supervisory Control and Data Acquisition so basically there are lots of hardwares in it ans used in power grids, Dams and many other industires. they use primitive softwares that are easy to exploit. remember Stuxnet that exploited Iran`s windows computer to exploit iran`s nuclear facility which was of Siemens. same way there are lots of companies who make SCADA and for ease of use and to control them from remote places they have internet connection
so basically there are PLC (programmable logic contoller) which are exploited mostly. the I/O cycles are controlled by RISC (Reduced instruction set computing) processor

PLCs use RISC processors to run continuous, cyclical programs and they take time in their I/O cycle to talk to the SCADA unit and receive instructions from the SCADA to modify its instruction sets or operating parameters. SCADA typically operates by evaluating the input data and determine if it is within an allowable set of parameters

1st how to find vulnerable SCADA devices
you must know what an HTTP header does and also that we can know that what software or authentication a server is running. with the use of that we will find vulnerable SCADA devices. A website called Shodanhq does and makes our work easy
from that a specific code(something like dorks) we can get lots of SCADA

2nd exploits
SCADA exploits are hard to get  coz no one shares that sometimes you need to make your own but you can get some from exploit Db or there is are modules by metasploit to exploit some of them are here or here 

RESOURCES
1. shodanhq.com
2. scadahacker.com
3. SCADA dorks list 
4.SCADA security research and tools 

warning SCADA hacking is a very very  dangerous it can get people killed and lot of property damage... and end up in your life in jail for longer time and
this article is for education purposes only

Friday, April 6, 2012

ROOTCON 6 Philippines premier hacking conference

One of my friends from cebu city (Philippines) is a blogger at theprojectxblog.net and blog.rootcon.org
its a awesome conference for hackers and security professionals registration is not that expensive every body can visit these conference...
the main language of communication will be english
for more visit here =>>https://rootcon.org

Monday, April 2, 2012

Social engineering- The art of human hacking


you might be confused that why this thing is here right ? social engineering is also a type of hacking with humans. so i thought lets do something new!!


the official portal of social engineering defines it like this.....

Social Engineering (SE) is both incredibly complex and amazingly simple.
What really is social engineering? We define  it as the act of manipulating a person to accomplish goals that may or may not be in the “target’s” best interest. This may include obtaining information, gaining access, or getting the target to take certain action.

Due to the mystery surrounding this dark art many people are afraid of it, or they feel they will never be able to accomplish a successful social engineering test. However, every time you try to get someone to do something that is in your interest, you are engaging in social engineering. From children trying to get a toy from their parents to adults trying to land a job or score the big promotion, all of it is a form of social engineering.
so why i am posting this is because you can try something new and interesting thing and i am also personally interested in this method of hacking. So how you can start Social engineering
it totally depends on your mind power and observation  power . you need to think how humans behave in what type of situation for eg in a bomb blast every body wants safety people think that they are insecure ? so a good social engineer will try to feel people that they are secure like winning trust on people and they think that he cares about US or me, remember social engineering is not like cheating people or frauding them in traps etc.its just for educational knowledge
think of a salesmen or a TV advertisements they are perfect examples of social engineering on people to sell their products,
Wikipedia defines it like this
" it is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim." Although it has been given a bad name by the plethora of "free pizza", "free coffee", and "how to pick up chicks" sites, aspects social engineering actually touches on many parts of daily life. Many consider social engineering to be the greatest risk to security "
So sometimes it become more easy with Facebook ..HOW??
consider a scenario where a girl is chatting with a boy (a classic example where girl is thought to be SEr)
so from starting if the girl didnt knew the boy in real life then the boy is surely going to do some flirt (for common people) and the girl gets most common and basic details by using some special word etc(you know that)
so what are we talking here
basically what i think SE is like telling some one that hey i am here for you..
mostly strangers need more time than known ones to get SEd,
mostly sometimes its like feeling of commonness for eg a person from india has went to london or america or some where else and some person from india meets him and asks are you indian he says yeah i am indian and nice to meet you and so on...
another example
like someone who meets a guitarist or a singer and says i am also a guitarist or something else so they feel more power-full as they have same type of hobbies
other thing i learned from (Ashish mistry he is a grest SE and IT security specialist )that SEers that they learn your local language to become more closer to you.
if you want to do more research on it then  visit this sites will post more after some time.
and like fingerprinting you should have good background information about victim. and yeah kevin mitnik was considerd one of the best social engineer of his time
1st hope number 6
2nd social-engineer
3rd its about how humans behave and react  2knowmyself

Twitter Delicious Facebook Digg Stumbleupon Favorites More