Don’t get hacked!

We always end up in saying this work is not so easyespecially when we have little experience in particular work. This is a typical human psychology though I am not writing any article on psychology. Probably this might be the reason which made me to write this article after quite a long gap. Before getting into the core of this discussion, I strongly apologize all the tech geeks for using very little technical details. Of course my intention is to reach even non-technical person using internet for his/her own benefits.

Here we go.  What is HACKING?

I suggest you to look into dictionary to get its meaning. Because it’s literal meaning has been corrupted and exploited by some people engaged in antisocial and destructive work in the name of HACKERS.Most of us fail to recognize the fact that criminals and hackers are two totally different things.Hackers in reality are actually good and extremely intelligent people who by using their knowledge in a constructive manner help organizations, companies, government, etc. to secure documents and secret information on the internet.

Here comes into picture the concept of ETHICAL HACKING. Let us follow the same analogy from here on. Ethical Hacking means testing the resources for a good cause and for the betterment of technology. Technically Ethical Hacking means penetration testing which is focused on Securing and Protecting IT Systems.

Prevention from Hacking:

It’s impossible to overcome all possible vulnerabilities of your system.You can’t plan for all possible attacks, especially the ones that are currently unknown which are called Zero Day Exploits.These are the attacks which are not known to the world. However in Ethical Hacking, the more combinations you try, the more you test whole system instead of individual units — the better your chances of discovering vulnerabilities.As the saying goes “In order to catch the thief, you need to think like a thief”, prevention can be possible only when you are aware of the STEPS PERFORMED BY HACKERS.

Reconnaissance: It can be described as the pre-attack phase and is a systematic attempt to locate, gather, identify, and record information about the target.

Scanning: This phase involves taking the information discovered during reconnaissance and using it to examine the network.

Gaining access: This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access.

Maintaining access: Once a Hacker has gained access, they want to keep that access for future exploitation and attacks.

Clearing tracks: In this step, hackers cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action.

More Hacking

Hacking, being the wide concept I wish to discuss only few common ways through which internet users are being attacked and possible security measures to prevent it to certain extent. The whole discussion can be divided under 2 main categories.

1. Email Hacking:

The most effective and easiest way to trace an email is to analyze its email headers. This can be done by just viewing the full header of received email.

1.1 Fake mail: Web Programming languages such as PHP and ASP contain the mail sending functions which can be used to send emails by programming Fake headers i.e.” From: To: Subject:”. There are so many websites available on the Internet which already contains these mail sending scripts. Most of them provide the free service. You can just google it and use it to send fake mails.

1.2 Email password Hacking (Phishing): It is not so easy to compromise with the email servers like Yahoo, Gmail, etc. It can be accomplished via some of the client side attacks, one such is phishing. It is a way of attempting to acquire information such as usernames, passwords, and credit card details by pretending as a trustworthy entity in an electronic communication.

Suspicious acts:

• Email inviting you to join a social group, asking you to login using your username and password.
• Email saying that your bank account is locked and sign in to your account to unlock it.
• Email containing some information of your interest and asking you to login to your account.
• Any email carrying a link to click and asking you to login.

Security measures:

• Read all the email carefully and check if the sender is original.
• Watch the link carefully before clicking.
• Trace back all your mails which you find suspicious. ( Header verification)
• Always check the URL in the browser before signing in to your account.
• Always login to your accounts after opening the trusted websites, not by clicking in any other website or links coming through any other email.

2. Windows Hacking:

Windows is the most commonly used operating system in our country. Thus it is essential to take care of attacks that are being done on your system without your conscious. Let us consider one of the most useful utility of windows called SAM,Security Accounts Manager which is a database in the windows operating system (OS) that contains user names and passwords. SAM is part of the registry and can be found on the hard disk.  When you create a new user account with a password, it gets stored in the SAM file. Windows Security Files are located at“C:\Windows\System32\Config\SAM”. The moment operating system starts, the SAM file becomes inaccessible. User account passwords are contained in the SAM in the hexadecimal format called Hashes. Once the Passwords converted in Hashes, you cannot convert back to the clear text.

2.1 Windows password cracking: Windows password stored in SAM file in the form of hashes can be reset using Net User Username * command in the command prompt. After entering the command you can either leave blank to erase SAM file entry or you can enter new password.

The Commands are as follows:

• To check the User Accounts: Net User
• To Add a New User Account: Net User Username Password /add
• To Delete a User Account: Net User Username /delete
• To Change the Password of User Account: Net User Username *

Apart from this, it is also possible to crack passwords using brute force techniques, which is an act of guessing passwords in random manner. However there are tools available to perform these Brute force attacks on the Windows SAM File. Most famous tool available for Windows User Account Password Brute forcing is Cain and Abel. Another one is SamInside.

2.2 Creating Hidden accounts:

Use the Net User Command to Create a Hidden Account in Windows:
Net User Hiddenuser /add

And then use the Command: Net Localgroup Users Hiddenuser /delete

Log off the current User, Press ALT+CTRL+DEL combination 2 times to get the ‘Classic Windows User Login Screen’. Type the Username as Hiddenuser and Hit Enter, you will get Logged In

2.3 Key loggers: You must be careful while using other’s computer or browsing in internet café. There might be chances of recording your sensitive information such as passwords, credit card info etc. which you type using keyboard. This can be using special purpose software called key loggers.

2.4 Hiding files behind folders:

You can hide your important Files behind the Folders in your Hard Disk. Let us say we have a text file ‘Secret.txt’ and a folder ‘C:\Info’. To hide the text file behind the folder, command is as follows

Type Secret.txt > C:\Info:Secret.txt

Now delete the Original File, to view the hidden file, command is as follows Start C:\Info:Secret.txt

• To search the hidden files, ADS Tool ‘Streams’ can be used.
• To Search the Hidden Files: Streams –S C:\Info
• To Delete the Hidden Files: Streams –D C:\Info

Security measures:

• Configure strong login password: d54$@[a]
• Change your passwords regularly.
• Check for installed key loggers.
• Configure syskey security: start > run > syskey
• Check for hidden user accounts:  Net User
• Change boot sequence order in BIOS: Hard Disk First Boot Device
• Set password for BIOS setup: Any strong password
• Physically secure your computer: Lock your cabinet (If possible)

Hacking is evolving over days and time to time. Hence it takes gb’s of documents to explain about hacking.  It’s just my attempt to make you aware of few basic concepts and terms which you come across in your daily life without your conscious. Here by I wish to end up my discussion hoping to see smile on your face.  Happy learning!!

More Hacking

Posted in: Hacking