5 Phases of Hacking

1. Reconnaissance :

This is the first step of Hacking. It is also called as Footprinting and information gathering  Phase. This is the preparatory phase where we collect as much information as possible about the target. We usually collect information about three groups, 

1. Network
2. Host
3. People involved

There are two types of Footprinting :

Active: Directly interacting with the target to gather information about the target. Eg Using Nmap tool to scan the target.

Passive: Trying to collect the information about the target without directly accessing the target. This involves collecting information from social media, public websites etc.

2. Scanning:

Three types of scanning are involved :

Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host.

Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with help of automated tools.

Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the haking process.

3. Gaining Access :

This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data.

4. Maintaining Access : 

Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that target.

5. Clearing Track :

No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created. 

That's It !!!

if you like this post please like & share with your friends..

Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 

https://www.h4ck3rthebook.blogspot.com

Twitter : https://www.twitter.com/thehackingsage

Instagram : https://www.instagram.com/thehackingsage

Github : https://www.github.com/thehackingsage

& DON'T FORGET TO SUBSCRIBE..!!!

YouTube : https://www.youtube.com/hacktronian

Happy Hacking !!!

Can Police & Hackers Really Track You With Your Phone? (Guide)

In the movies, people on the run are often hunted down because of their cell phones. There are countless scenes where expensive smartphones are smashed to bits, or dropped in rivers, to evade capture by nefarious government operatives or well-equipped mobsters.

Hopefully you’re not in that situation. But if you were, do you really need to go that far? We asked the experts what information your cell phone is really broadcasting about you, how to protect yourself, and what it would take to truly go off the grid.

The Simple Options Don’t Work :

If you suspected your phone were being tracked and wanted to start covering your tracks without snapping it in half, your first bet might be to simply turn on airplane mode. That won’t cut it.

“Every phone has two operating systems,” explains Gary S. Miliefsky, CEO of SnoopWall, “One that connects to cellular networks, and one that interfaces with the consumer. Airplane mode may only disable features in the consumer facing operating system, such as Android or iOS, but not in the OS used between the phone and the carrier network. A phone may be giving out a ‘ping’ and you’d never know it.”

Communicating At All With A Cell Tower Could Expose You :

It doesn’t even need to be sending out GPS coordinates — communicating at all with a cell tower could expose you. By comparing the signal strength of your cell phone on multiple cell towers, someone looking for you can approximate your location with triangulation. This requires access to data from your mobile network, which should keep it out of reach for criminals, but carriers can be compelled to provide that data to law-enforcement agencies.

So How About Removing The SIM Card ?

“Removing the SIM may work to stop most cyber criminals, but every phone has a built-in feature set of identifiers that may be detected via tools like Stingray devices now used by the police and military, as well as fake 2G cell towers put up by the NSA,” Gary explains, “Forcing a phone to 2G means no encryption and it’s easily detected and tracked.”

Stingrays are also known as cell-site simulators, or IMSI catchers. They mimic cell phone towers and send out signals that can trick your cell phone into replying with your location and data that can be used to identify you. And they’re surprisingly widely used.

The American Civil Liberties Union has a map and list of federal agencies known to use cell-site simulators, which includes the FBI, the DEA, the Secret Service, the NSA, the U.S. Army, Navy, Marshals Service, Marine Corps, National Guard, and many more. For obvious reasons, it’s not an exhaustive list.

What About Wi-Fi ?

At short range, you can be tracked by Wi-Fi. Every time you turn Wi-Fi on, your phone is sending out a signal that includes your unique MAC address, which is kind of like a fingerprint for digital devices. This kind of technology is already being used by stores to track your movements. It’s not ideal for surveillance, because of the limited range, but if someone has obtained your MAC address it could be used to deduce something like when you enter or leave a specific building.

The simple solution here is to avoid unencrypted public Wi-Fi. It’s also possible, on some phones, to change or spoof your MAC address. Some Android apps can help you do it, but you might have to root your phone. With iOS 8, Apple introduced more security by randomizing your MAC address, though, according to iMore, this feature may not work as well in practice as you’d hope.

Miliefsky also notes other reasons to avoid public Wi-Fi networks: so-called man-in-the-middle attacks and fake “trusted” routers. Fake Wi-Fi access points are also sometimes called “evil twins,” and they’re designed to look like a legitimate Wi-Fi network, but they’re actually operated by an attacker. If you connect, then they can eavesdrop, or direct you to a fake website where they can obtain sensitive passwords and other information.

Man-in-the-middle attacks are more common, because an attacker just has to be in range of an unencrypted Wi-Fi access point, and they can potentially intercept messages between two parties, or even interject new messages.

“If you are using HTTPS, TLS, or SSL it’s harder to eavesdrop on public Wi-Fi, but there have been some exploits like the SSL Heartbleed attack,” Miliefsky explains.

The TLS and SSL standards are supposed to ensure that your communications are encrypted. That’s why the Heartbleed vulnerability was such a big deal. It was an OpenSSL bug that potentially enabled cyber criminals to collect sensitive information, like encryption keys, so they could set up undetectable man-in-the-middle attacks.

The Threat Within :

You may have concerns about privacy infringement from threats like Stingray, but there are easier ways to track us. Most criminals go for the low-hanging fruit, and the biggest threat for tracking and spying is probably malware.

“Public Wi-Fi is a smaller risk than trusted apps being creepware and spying on you,” suggests Miliefsky.

There are a lot of commercial, mobile spyware products on the market that can enable someone to intercept your emails, text messages, and calls.

In Some Cases It May Even Be Possible For Hackers To Remotely Access Your Smartphone Microphone Or Camera :

“You may have already installed an app you trust that can do this,” Miliefsky says, “Just go to the Google Play store or Apple iTunes and look at the permissions of some of the most popular apps like Flashlights, Bibles, Battery Maximizers, QR Readers, Password Managers, other utilities and games.”

Gary’s company SnoopWall hit the headlines last year with a Flashlight Spyware Report. It revealed that many popular flashlight apps in the Play Store were asking for a suspiciously long list of permissions, enabling them to theoretically do all sorts of things, like track you via GPS, access text message history, and access call logs.

In some cases it may even be possible for hackers to remotely access your smartphone microphone or camera, as Gary demonstrated on Good Morning America.

Steering Clear of Malware :

The good thing about malware is that you have to install a malicious app. You can avoid opening SMS attachments, avoid apps from unknown sources, and cast a suspicious eye over your installed app list.

“It’s absolutely time for a spring cleaning,” suggests Gary, “Delete all the apps you don’t use.”

For the apps you decide to keep, Gary recommends checking four things:

Permissions (Are there too many for what the app needs to do?)

Privacy policy (Read it closely.)

Company website (Are they based in malware hotbeds like China, Russia, Brazil, or India?)

App developer email (Send one to see how they respond.)

“If you don’t like what you see with these four items, dump it and find a better, less privacy-invasive alternative,” says Gary, “You may have to buy an app to get one that doesn’t use ad networks and have creepware behaviors, but it’s worth 99 cents to reclaim your identity, isn’t it?”

How Do You Avoid Being Tracked ?

There’s a difference between something being possible and something being probable. With a little bit of common sense, most of us can avoid any problems. Make sure you have lock-screen security, so no one can physically install an app on your phone when you’re not looking, follow the advice above about installing new apps, and avoid public Wi-Fi. If you absolutely must access public Wi-Fi, then use a VPN service or app. That will safeguard you against the most likely criminal threats.

Being tracked by a rogue FBI agent, hostile foreign government, or extremely well-equipped criminal gang is a different matter. If your concerns run this crazy deep, there are only a couple of foolproof options to safeguard your privacy.

“To avoid being tracked it’s best to put your phone in a PrivacyCase, or remove the battery,” says Miliefsky. A PrivacyCase wraps your phone in shielding that blocks signals from going in or out, kind of like going into a basement.

If you’re wondering why turning the phone off might not be enough, it’s because of malware, like PowerOff Hijack. You won’t find it in the Play Store, and it requires your device to be rooted in order to work, but AVG reported more than 10,000 installations, mostly in China. It plays your usual shutdown animation and turns the screen blank, but actually keeps the device on, so that it can monitor you.

So if you truly want to go off-grid in a hurry, remove the battery. Of course, many modern smartphones, like the iPhone 6 and the Galaxy S6, don’t let you do that. So maybe the movies weren’t exaggerating after all : You may have to smash or ditch that smartphone if you really want to evade surveillance entirely.

You May Also Like : How to Track a Cell Phone ?

Enjoy!!! :)

What is Social Engineering ?

This is one of the oldest techniques of hacking when a hacker takes advantage of trusting human beings to get information from them .

Social Engineering – Social engineering is when a hacker takes advantage of trusting human beings to get information from them ( like in the movie Hackers 1 if anyone has seen it. When the hero tries to take over a television network).
For example, if the Hacker was trying to get the password for a co-workers computer, he (Even though I use “he”, hackers are of both genders, and I just chose to use “he” in these examples.) could call the co-worker pretending to be from the IT department. The conversation could be something like:

Bob– “Hello Suzy. My name is Bob and I’m from the IT department. We are currently attempting to install a new security update on your computer, but we can’t seem to connect to the user database and extract your user information. Would you mind helping me out and letting me know your password before my boss starts breathing down my neck? It’s one of those days, ya’ know?”
Suzy would probably feel bad for Bob and let him know her password without any hesitation. BAM! She got social engineered. Now the hacker can do whatever he pleases with her account.


• Shoulder surfing – Shoulder surfing is exactly what it sounds like. The Hacker would simply attempt to look over your shoulder as you type in your password. The hacker may also watch weather you glance around your desk, looking for a written reminder or the written password itself.

• Guessing – If you use a weak password, a Hacker could simple guess it by using the information he knows about you. Some examples of this are: date of birth, phone number, favorite pet, and other simple things like these.

Now that we have the simple low-tech password cracking techniques out of the way, let’s explore some high-tech techniques. Some of the programs I will use in my examples may be blocked by your anti-virus programs when you attempt to run them. Make sure you disable your anti-virus program when you decide to download and explore them.

Enjoy!!!

What is Brute Force Attack?

Note:- This information is for educational purpose only so that you can know about various kinds of password cracking techniques. the author or THE HACKiNG SAGE is not responsible for any kind of misuse of this information. We aim only to create awareness so that people can protect themselves from getting hacked and save themselves in this unsafe world of hacking.

In My previous post I covered Dictionary Attack used to crack passwords in detail. In this Post I am Going to cover Brute Force Attack.


Brute Force Attack :

With time, Brute Force Attack can crack any passwords. Brute-force attacks try every possible combination of letters, numbers, and special characters until the right password is found. Brute Force Attack can take a long time. The speed is determined by the speed of the computer running the cracking program and the complexity of the password. Below I will show you how Brutus can be used against the same FTP server but this time using the brute-force option.

1. Put in the target and port the same way you did for the dictionary attack. For the pass mode choose Brute-force and click range.

2. If you have an idea of what the password might be, then you can choose the right option. For example if you know a site that requires your password to be a certain length then you’ll know what to put down as a minimum length thus narrowing down the end results and shortening the cracking process.

3. I chose lowercase alpha which has the second smallest amount of combinations. Even at second smallest it came up with 321, 272,407 possible password combinations. Now you know why it can take so long to crack one password.

Enjoy!!!

What are Rainbow Tables? (md5 Encryption)

Rainbow Tables

A Rainbow table is a huge pre-computed list of hash values for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm that transformed it into something absolutely foreign. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very common hashing algorithm used as security to store passwords in website databases is MD5 encryption.


Let’s say you are registering for a website. You put in a username and password. Now when you submit, your password goes through the MD5 algorithm and the outcome hash is stored in a database. Now since you can’t get the password from the hash, you may be wondering how they know if your password is right when you login. Well when you login and submit your username and password, a script takes your password and runs it through the md5 algorithm. The outcome hash is compared to the hash stored in the database. If they are the same, you are admitted.

If I were to run the word “cheese” through the md5 algorithm, the outcome would be fea0f1f6fede90bd0a925b4194deac11. Having huge tables of every possible character combination hashed is a much better alternative to brute-force cracking. Once the rainbow tables are created, cracking the password is a hundred times faster than brute-forcing it. I will show an example of rainbow table cracking when we get into Windows password cracking.

I am sure it might have helped. To get the complete info do read my post on md5 encryption, Have given a hyperlink for it in the text.


now share this information with your friends and Enjoy !!!

What is a Dictionary Attack ?

Note:- This information is for educational purpose only so that you can knowabout various kinds of password cracking techniques. the author or THE HACKiNG SAGE is not responsible for any kind of misuse of this information. We aim only to create awareness so that people can protect themselves from getting hacked and save themselves in this unsafe world of hacking..

Dictionary Attacks :

A Dictionary Attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren’t vulnerable to this kind of attack. In the following example, I will use Brutus, a very common password cracker (download link given below), to show a dictionary attack against an ftp server. Brutus is a Windows only program, but at the end of this chapter I will list a couple more password crackers, some of which are made for Mac, Windows, and Linux.

Before I get into the example, you must first know what an FTP server is. FTP stands for File Transfer Protocol. FTP is a simple way to exchange files over the internet. If a Hacker got FTP access to my website, he could delete/upload anything he wants on my server. An FTP address looks similar to a website address except it uses the prefix ftp:// instead of http://. I set up an FTP server on my computer so I could demonstrate. You can get Brutus at http://www.hoobie.net/brutus/..

1. First the hacker would choose a target. In this case it’s my home computer and the IP address for your home computer is 127.0.0.1 .

2. By going to ftp://127.0.0.1 I get a pop-up box asking for a username and password.


3. Next the hacker would launch a program similar to Brutus and attempt to crack the password.

4. In the target you put the IP address of the website and to the right select the appropriate option, which in this case is FTP.

5. The default port is 21 but some websites change this to make them a little more secure. If you find out that the port isn’t 21, you can find the right one by doing a port scan. We will get into this later in the book.

6. If you don’t know any of the usernames for the FTP server, then you will have to get a list of the most common usernames.

7. For a dictionary attack you will have to choose the pass mode Word List and browse and select the file containing your word list. You can get some good password lists at 
http://packetstormsecurity.org/Crackers/wordlists/



8. Once you hit Start the program will attempt to connect to the server and begin to try all the possible combinations from your lists.


9. If you’re lucky, eventually it’ll get the right Username:Password combination.


10. A smarter hacker would use a proxy when using a program like this. What a proxy does is cloaks your IP address by sending your connection request through another computer before going to the target. This is a smart idea because Brutus leaves a huge log of your presence on the target server.



11. In place of the IP address 127.0.0.1 would be the hackers IP address. Footprints like these get a hacker caught and into a lot of trouble with the law.

Enjoy!!!

What Is Private and Public IP Addresses?

Internet Protocol (IP) addresses are usually of two types:Public and Private. If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place. In this post I will try to explain the difference between a public and a private IP address in layman’s terms so that it becomes simple and easy to understand.

What are Public IP Addresses?

A public IP address is assigned to every computer that connects to the Internet where each IP is unique. Hence there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to “find each other” online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway.

A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting webpages or services on the Internet. On the other hand a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet. Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP.

You can check your public IP address by visiting www.whatismyip.com

What are Private IP Addresses?

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks):

10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216)
172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576)
192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other. Say for example, if a network X consists of 10 computers each of them can be given an IP starting from 192.168.1.1 to192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above).

Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. It is possible to interconnect two private networks with the help of a router or a similar device that supports Network Address Translation.

If the private network is connected to the Internet (through an Internet connection via ISP) then each computer will have a private IP as well as a public IP. Private IP is used for communication within the network where as the public IP is used for communication over the Internet. Most Internet users with a DSL/ADSL connection will have both a private as well as a public IP.

You can know your private IP by typing ipconfig command in the command prompt. The number that you see against “IPV4 Address:” is your private IP which in most cases will be 192.168.1.1 or 192.168.1.2. Unlike the public IP, private IP addresses are always static in nature.

Unlike what most people assume, a private IP is neither the one which is impossible to trace (just like the private telephone number) nor the one reserved for stealth Internet usage. In reality there is no public IP address that is impossible to trace since the protocol itself is designed for transperancy..

What is Metasploit & How to use Metasploit Framework?

What is Metasploit | How to use Metasploit Framwork

History of Metasploit :

What is Metasploit Project : The Metasploit Project is a computer security project which aims at providing information about security vulnerabilities and helps in penetration testing and Patching the exploits.

Metasploit framework is its famous sub project, a tool for developing and executing exploits against a remote machine. Apart from Metasploit Framework, Metasploit Project is well known for is anti-forensics and loopholes evading tools.

Other important sub-projects include the Opcode Database, shellcode archive, and security research.

About the Metasploit framework :

Metasploit Framework was programmed by HD Moore in 2003 as a network tool using PERL scripting language. It was reprogrammed using RUBY. You can develop and execute exploits against any target machine using this framework.
this framework comes with many inbuilt exploits and payloads.

Basic steps on How to use Metasploit Framework :

1. Searching and configuring an exploit : Searching exploit on the basis of data acquired by scanning and footprinting the target machine.(current version of Metasploit comes with around 800 exploits against different services.

2. Choosing and configuring a Payload : Payload is the code that will be executed upon the successfully entry into the target machine, for example, a remote shell.

3. Choosing the encoding technique to encode the payload so that the intrusion-prevention system (IPS) will not catch the encoded payload;

4. Executing the exploit.

The capability of combining any exploit with any framework is the best feature of Metasploit Framework..

Metasploit runs on all versions of unix and windows also. It includes two command line interface, a web browser based interface and a GUI.
Choosing exploit and payload is tricky work, you need to gather information about the target machine in order to make the eploit work. this information can be gathered using Port scanning and network scanning techniques Which will be covered in upcoming posts.

Where to get Metasploit Framework?

You can download the free version from the official Metasploit site :- 

http://www.metasploit.com/download/

The free version also comes as a preinstalled application in all versions of Backtrack.

Have a look at the other Penetration tools by Metasploit Project :-

http://www.metasploit.com/about/choose-right-edition/

Well Metasploit framwork might be a new tool to play with for some of you. Metasploit framework is pretty cool to play with and once you learn to use it the right way for Ethical Hacking, you are going to use this penetration testing tool often.


want to learn more from us, if yes then make sure that you subscribe to +THE HACKiNG SAGE and get regular updates on your email id..:)

Enjoy!!! :)