0 A Beginners Guide to Ethical Hacking launched

 I am very happy to tell you that my book "A Beginners guide to Ethical Hacking" has just launched.I have been working on this book for past few months.I have dedicated this book completely to beginners who want to become hackers.

 

How will the information in the book affect me?

• You will learn All Ethical hacking techniques and also you will learn to apply them in real world situation
• You will start to think like hackers
• Secure your computer from trojans,worms, Adwares etc
• Amaze your friends with your newly learned tricks
• You will be able to protect your self from future hack attacks

And Much more...

Reality about Password Hacking softwares

You might have heard about some paid password hacking softwares which claim to hack a password on entering the email account.But in reality all those softwares are fake.If you believe what they say then you are just wasting your time and money.These all softwares are fake.If there exists such a software, will there be any security on web. And all expert engineers at Google, Yahoo and other services are not mad. They are all engaged in ensuring security of their customers ie email account owners. So, no such software exists.
So stop wasting your time and money on these foolish softwares and services and learn real Ethical Hacking methods which hackers use to access email accounts.

For Download Link visit the following site
IRZZAT - Ethical Hacking Book

0 Top 10 Ways How Hackers Can Hack Facebook Accounts In 2012

Facebook is one of the most widely used social networking site with more than 750 million users, as a reason if which it has become the number 1 target of hackers, I have written a couple of post related to facebook hacking here at RHA, In my previous post which I wrote in 2010 related to facebook hacking and security 4 ways on How to hack facebook password, I mentioned the top methods which were used by hackers to hack facebook accounts, however lots of things have changed in 2012, Lots of methods have went outdated or have been patched up by facebook and lots of new methods have been introduced, So in this post I will write the top 10 methods how hackers can hack facebook accounts in 2011.

10 Ways How Hackers Can Hack Facebook Accounts In 2011

So here are the top 10 methods which have been the most popular in 2011:

1. Facebook Phishing 

Phishing still is the most popular attack vector used for hacking facebook accounts, There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and "Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.

I have explained the step by step phishing process in my post below:

• How To Hack Facebook Password

2. Keylogging 

Keylogging, according to me is the easiest way to hack a facebook password, Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victims computer will record every thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address. I have dedicated a half of my newsest book "An introduction to keyloggers, RATS And Malware" to this topic.

3. Stealers 

Almost 80% percent people use stored passwords in their browser to access the facebook, This is is quite convenient but can sometimes be extremely dangerous, Stealers are software's specially designed to capture the saved passwords stored in the victims browser, Stealers once FUD can be extremely powerful. If you want to how stealers work and how you can set up your own one?, Kindly refer the book above.

4. Session Hijacking

Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection, In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account, Session hijacking is widely used on Lan's. I have already written a three part series on How session hijacking works? and also a separate post on Facebook session hijacking.

Further Information

• Gmail Cookie Stealing And Session Hijacking Part 
• Gmail Cookie Stealing And Session Hijacking Part 2
• Gmail Cookie Stealing And Session Hijacking Part 
• Facebook Session Hijacking Attack(Recommended)

5. Sidejacking With Firesheep

Sidejacking attack went common in late 2010, however it's still popular now a days, Firesheep is widely used to carry out sidejacking attacks, Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards wifi users.

To know more about sidejacking attack and firesheep, read the post mentioned below:

• Firesheep Makes Facebook Hacking Easy

6. Mobile Phone Hacking

Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.

The most popular Mobile Phone Spying softwares are:

1. Mobile Spy
2. Spy Phone Gold

7. DNS Spoofing 


If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.

8. USB Hacking 

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser, I have also posted related to this attack which you can read by accessing the link below:

• Usb password stealer To Hack Facebook Passwords

9. Man In the Middle Attacks


If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article, We have written a couple of articles on man in the middle attacks which canb be accessed from the links mentioned below:

• Man In the Middle Attacks With SSL Strip

If you are really interested in learning how man in the middle attacks, you can view the presentation below by oxid.it.

10. Botnets 

Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.


Facebook Hacking Course

Facebook hacking course is a facebook security course created by me, which tells you exactly how how hackers can compromise your facebook accounts and what can you do to protect your facebook accounts from getting hacked.

Click here to get access to the course

Hope you have enjoyed reading the post as much i did while writing.

Note: Copying or reproducing this article is strictly prohibited and will lead to certain consequences, If you are reproducing or copying this article, make sure that you give a proper credit.

0 Protect Your Website Against SQL Injection

Hacker-one: “ YES, I DID IT !!! “

Hacker-two: “What ? “

Hacker-one:” I HACKED ANOTHER SITE!!! “

Hacker-two: “Great!!! How did you do that? “

Hacker-one:” SQL INJECTION !!! :p “


Yes, one of the common methods that are being used by hackers is SQL INJECTION.

Sites get hacked by the sql injection due to the loop hole that is left by developers most of the times while developing a web application.

I will be explaining you today how to avoid SQL INJECTION when you are developing a web application with PHP.

I will be explaining with the help of an example, suppose we have text fields on our form

1. User Name

2. Password

and a login button.

When we login, the validation for the valid user is checked on the back-end. If the user is a valid user, he logs into the system else an error message “incorrect username or password” is shown.

What happens on the back-end,

$userName=$_POST[‘userName’];


$password =$_POST[‘password’];

$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password= ‘”.$password.”’ ;  ”;

This is where the developer has left a loop hole if instead of password I enter  ‘ or ‘a’=’a the password field has the value


$password is  ‘or ‘a’=’a

Lets place this value in query and the query becomes

$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password=’ ‘or ‘a’=’a’;   ”;

You can see clearly , password doesn’t match but the other statement  a=a matches so  OR operator will work and the user will login into the system without knowing the actual password. I can even give you the names of some famous websites  where you can inject sql or use this technique.

HOW TO AVOID IT ???

Don’t treat the field values as mentioned above

Use this function

function BlockSQL Injection($str){           

return str_replace(array("'",""","'",'"'), array("'",""","'","""), $str);

}

This will replace the characters( that can break the string) in the string.

So you can use this function as

$userName= BlockSQL Injection ($_POST[‘userName’]);


$password = BlockSQL Injection ($_POST[‘password’]);


Now the hacker wont be able to break the QUERY STRING.

We have many frameworks in PHP that provide this functionality such as quotes_to_entities($string) in CODE IGNITER.

Use some desgin pattern when you are building a big application, model, controller, your view layers and DAO (data access object layer) must be implemented to make it losely coupled and extensible.

A huge number of sites have been developed in core php, where we don’t use any framework. Wordpress is very secure but when it comes to PLUGINS (that we donwload and use), they can have the loop holes inside them. Stay alert while developing web applications, you never know when you are gonna get hacked. Stay blessed! :)

Good Luck !