Saturday, January 7, 2017

Tuesday, January 3, 2017

Friday, December 30, 2016

How to Recover linux root and user password in easy way

Introduction

Hey! This article is for beginners but people who are not beginners can also read it. 
If you have read my other post on How to install Linux then you know that while making a video tutorial on How to install Linux OS i forgot my user password. 
So, i had to make a another video tutorial to show you that how to handle this kind of situation. 

You can watch the video Tutorial below: 



Lets begin!!

How to hack Linux Password   

Trust me hacking, cracking and resetting passwords is not an easy job. It takes a lot of research and hard work to get the job done.

and you must me thinking that if i have created a full video tutorial on how to tackle this situation then why i am wasting my time in creating a blog post. Well, in video tutorial we cannot explain everything.

Now, i will come back to the main topic on How to crack Root and user password of linux. Well, its not an easy job as i said and not too complicated also. I will tell you the easy steps in a moment but first we will clear the concept of passwords in Linux.

Concept of Passwords

Everyone one knows that a string of characters that allows access to a computer, interface, or system is called a password but the question arises that what makes password so special and important and secured!!.

Well, the answer to this is, We may remember password as plain text but computer system always stores it in either encrypted form or hashed form. For those who do not understand what is difference between encryption and Hashing. Let me tell you in a simple language that encryption is an reversible process and hashing is an irreversible process. which makes hashing more secure and which is the reason that most of the OS and websites stores passwords in hashed format. 

You must be thinking that how these passwords are hashed. well its an off topic for now but i will explain it in another post. For know just keep it in mind that When we create a new password we put it as a plain text in the password box and upon submitting it goes from series of processes before it gets saved into the database or system or configuration files and these processes changes the plain text into hashed or encrypted forms. 

In Linux 

We have two passwords:
  • Root Password
  • User Password
Root password is used to carryout all the administrative tasks in Linux where User Password is to to do basic tasks in Linux. 

Both of these passwords are stored in 2 different configuration files:
  • Shadow File
  • Password.conf File
Both of these files are stored in /etc folder. one thing i want to tell you that Shadow file is the only file in the linux which has no read , write and execute permissions even to root also. 

Now, lets discuss the Steps:

Step 1: At the booting menu select the OS with navigation keys and press "e"



Step2: Now you will see 3 lines:
  • Hard Disk's Header
  • Kernel Image Link
  • Initrd Image Link 



Use navigation keys to select the kernel image line and press "e" again.

Step 3: Now give space after quiet and type 1 and press enter 



Step 4: Now you will come back to the previous screen now press "b" to boot the system




Step 5: Now your system will boot in Single user mode and after you get the shell type this command without inverted commas 

passwd -d username



in the place of username enter the name of user like in my case i will write cybergears because i have to change the password of cybergears or you can also type root if you want to change the root password.

 remember "-d" is a switch to delete the password. this command will delete the password of that particular user and you can set password later 


Step 6: After run the above command press init 0 command to shutdown the system and then boot it again and login to your system.

Step 7: Now we will set the Password for that user. Open Terminal or console and go to super user mode and ether the following command:

passwd username



and hit enter here, replace username with the user whose password you are going to set. in our case its cybergears. Now set the password and you are done.

For other ways of getting passwords have a look at this article


 

Wednesday, December 28, 2016

How to Install Linux

Introduction

This article is designed for beginners, however those who are not beginners can also follow this article if they want.

In this article i will be demonstrating the proper process of installing any Linux OS and i will be using Red hat Enterprise Linux version 6 for the demonstration. 

Installing Linux in a proper way is not an easy job as compared to windows OS installation. There is a series of manual work when it comes to install Linux OS. I have also created a Video Tutorial on " How to install Linux" on my you tube channel you can watch the tutorial video.

Why should i read this article 

Well, i think you must be having this thought in your mind right now!. So i want to clear this thing in the beginning:
  • You will get the proper knowledge of every installation wizard option.
  • You will learn how to partition disk manually in a proper way to install linux
  • You will be able to manage the memory in a proper way.
  • You will able to install OS in a dual boot mode etc.

Installation Steps

This tutorial is designed to install Red Hat Linux if you are installing other Linux OS then skip to the Step 9 because the rest of the process will be different for other Linux. 


Step 1: Boot the Linux OS Media Disk or ISO file and press enter on the first option "Install or upgrade an existing system". You can switch between options using up and down arrow keys.


 Step 2: On welcome screen you will be asked to check the media. Switch the options using right and left nav keys. Its up to you whether you want to check the media. if you want to do it then  press enter on ok otherwise select Skip and press enter. This only purpose of check media is to look for any error in the media before proceeding further.


Step 3: After Skipping or checking the media the installation will be begin and you will see a graphical user interface click next and choose default language and then press next again.

Step 4: Then select your keyboard layout.

Step 5: After pressing next you will be asked to choose the type of storage setting you want to use. Red hat Linux offers a variety of features which includes Servers and Simple Desktops. 

If you are installing Redhat for basic home use then select first options i.e. Basic Storage Devices and if you are installing for SAN environment then use Specialized Storage Devices and click next.

Step 6: Now its time to configure the network and setup the domain. Enter your hostname or leave it default depending upon you. And if you have a working Ethernet connection or wifi connection then click on configure network and make the settings otherwise you can skip this step. It can be done later also. 


Step 7: Select your timezone and click next.


Step 8: Now its time to set the root password. This password will help you to get root level access. The password must me minimum 6 characters long and to make it strong use minimum 10 character password which contains a combination of  Alphabets, Numerics and Special Characters.


Step 9: This is the main part of this article. In this part we are going to make a custom layout for our linux OS but before that i want to explain few things.


We will discuss all these options one by one:
  1. Use All Space: Well if you select this option, the whole storage device will be formatted and you will lost all your saved data. But if you have an empty Hard Disk  and you want only Linux OS in your System then you can use this option.
  2. Replace Existing Linux System(s): This option will format only the already installed linux partitions and will install the new OS on the same partition layout.
  3. Shrink Current System: This option will shrink the size of linux partitions without formatting the current installed Linux OS.
  4. Use Free Space: Suppose your storage media already contains data in it and there is some free unallocated space in it then this option will use all the free space in your storage device to install the OS without harming your existing data. This option is similar to First option but with extra feature.
  5. Create Custom Layout: If you want to create a custom layout then you will use this option and this tutorial is designed to use the custom approach in a proper way. So Lets continue with Last option.
Step 10: Click on custom layout and click next you will se screen like this 


Every linux OS must have 4 Partitions to work properly.
  • Swap - Used as virtual memory by RAM
  • /boot - Contains Booting Mechanism
  • / - The main Partition which contains all the Configuration Files
  • /home - The User's Space e.g Documents and Settings Desktop etc.
Now will will create all these partitions one by one.

Step 11:  First create Swap Partition by clicking on create button. After that you will see a popup window. Now select General Partition and Click Create.


Now, Click on File System Type and select Swap and set its size depending upon your ram size i am using 2000 MB and click OK.

Step 12: Follow the above step again by clicking the remaining free space and this time select file system as ext4 and Select mount point to  /boot and give it size according to your requirement  the minimum recommended size for this partition is 500MB.


Step 13: Repeat the above process and this time select / as your mount point and set its size. The minimum recommended size for / partition is 8GB but you can use according to the free space you have i am using 10 GB

Step 14: Now select /home as your mount point and set its size. you can use all the free space left for this partition because this space will store your personal data so use proper space according to your requirement i am using around 13 GB.


Now, after its all done the Scene will look like this:


Step 15: Now click next and you will be asked to format the newly created layout. click on write changes to disk. but keep one thing in mind that after committing the changes there is no go back so only proceed if you are sure. 


Step 16: If you are installing Red hat Linux then you will asked to configure the boot loader in the final step.


Here you can change the default boot loader and set boot loader password.
In the list you will see the list of OS that will be shown in the Booting menu in case if you are having another os installed in the system then it will be displayed in the list and if its not displaying then add it otherwise you will not able to boot into that OS in the booting menu. 

There is one more thing Red hat users need to do. I will not discuss it here in this article because i have created a video tutorial on my you tube channel you can see the whole process in the video below.

Monday, December 5, 2016

Facebook Hacking

How to hack facebook account 

Well, to start with this is the most searched query on google now a days. According to google's AdWord Keyword Planner more than 135000 people search this query through out the day on google's search engine. 
Even, to find out if it's true i also searched "How to hack facebook" on google.com and i found a lot of videos and services in which people claims that they can hack any facebook account, even i also found some websites and videos who claims that by downloading their software you can hack any facebook account and which is a big lie and this is the reason that i am writing this article to reveal the truth. 

Guys, one thing i want to clear in the beginning that there is no software online or offline that can penetrate facebook's servers by exploiting their billion dollar Intrusion Detection and Prevention systems. So, Next time if someone offers you facebook hacking tool even for free do not install it in your system because nothing is free in this world.

In order to make this article more informative i will start with a little introduction about "How facebook works"

How Facebook Works

Well, facebook is one of the crowded social network in the world and to cut the crap short millions of people login to facebook every day. To manage and keep running such a huge network facebook uses variety of open source software, services, tools and programming languages some of them are actually created by facebook. We will discuss them one by one.

Basically, Facebook works on LAMP technology and LAMP stands for Linux, Apache, MySQL and PHP. Which means facebook servers are powered by Linux Operating System which is open source and is highly powerful and to run facebook.com webste on that linux server facebook uses apache web server which is also open source software and very powerful web server and to hold billion's of facebook's user data i.e. profile, chats, login, credintials, photos , videos etc. facebook uses MySql which is a open source database and very power full but a little bit slow  and facebook uses PHP aka Hypertext Processor to transmit data from mysql to your computer screen . PHP is popular language when it comes to create dynamic website but its a little slow and not designed to handle such a huge network like facebook. 

So, to over come this problem facebook uses variety extra tools to speed up the process namely, Memcache to speed up data delivery. Facebook has also develop a Remote Procedure call framework called "The Thrift" it is a lightweight framework application which offers cross-language support which saves the developmental process.

Besides all these tools and frameworks and software facebook mainly uses 3 more things to work properly:

             1. Scribe, It is a log server to log every activity in the whole system.

             2. Cassandra is a Database Management System designed to handle large amounts of data spread out across many servers. It powers Facebook’s Inbox Search feature and provides a structured key-value store with eventual consistency.

             3. HipHop For PHP, It is  a source code transformer for PHP script code and was created to save server resources. HipHop transforms PHP source code into optimized C++. After doing this, it uses g++ to compile it to machine code.


This is a basic over view of facebook working if i go in depth it will take more than 50 pages and they say the can hack facebook with a single 2 mb application LOL.
Now, You get all the basic info needed to Hack facebook account and trust me it not an easy job actually, its nearly impossible to hack facebook because it pays millions to its workers to keep it safe and unbreakable, moreover facebook organizes bug bounty programs around the glob every year to tackle every weak point.  

But wait....  if  facebook can't be hacked then why i am writing this article, whats the point in that. well, we may not be able to hack facebook but we can hack facebook users, there is always another way. Facebook may be paying handsome salary to its security researchers to keep it safe but every user is vulnerable to hack unless he/she has some technical knowledge about hacking stuff.


Introduction to facebook hacking

As i said, if you can't hack facebook then hack facebook user instead but now question arises how to do that!!!. I will answer it in a second but before that i want to tell you something important. 

Facebook Hacking Software

As i said earlier there is no such software that can hack facebook account with a single click. Lets discuss what actually these software are. 


When you download these kind software you start them and they ask for the facebook ID url of that person's Profile whom password you want to hack and you provide the id of that account then you press the hack button and software starts processing something and within 50 seconds it shows the profile picture and name of the victim whose id you want to hack and you think its working then after some time you get the message that the id has been hacked to get the password please follow the link and download the password and blah.... blah...  blah....and 
When you open the link it ask you to complete a small survey to unlock the file or ask for money to reveal the password or gives you a rar or zip file which is password protected and you have to complete a survey to get the password.

Listen to me by using these tools/software its you who have been hacked not your victim or enemy.
These software contains either virus, Trojan Horse, worms or spywares or keyloggers. So, avoid them they are hoax tools.

Only way to hack facebook users

 According to my knowledge, there are only 3 ways to hack facebook users remotely and 1 out of them is specifically for LAN users or Local Area Network users for example People connected to your hostel's wifi or people connected to home router at home falls in LAN network category. And the rest two are flexible they can be used Locally or Remotely or via Internet  near or far way from you for example if i want to hack a user From United States of America from India then i will use the rest 2 techniques and these techniques are:

                       1. Session Hijacking/Packet Capturing (for LAN or same network users)
                       2. Using Keylogger 
                       3. Phishing Attack

Session Hijacking/Packet Capturing:

Whenever we login into any website which requires username and password to login stores a temporary unique session variable into a file which is temporarily stored into your system.This file does not contains your username and password but a encrypted unique string known as session variable which has ability to access your facebook profile without using your password but unfortunately session variable is only valid until your logout of your facebook account or close the web browser after that its useless every time you login to your facebook account you gets different session variable.

The purpose of storing session is very simple. The websites like facebook refreshes its pages time to time after 5 to 10 mins of login and if this happens you get to the login screen again after every 5 to 10 minutes so to overcome this problem and give you smooth experience facebook and many more dynamic websites uses session variables and program their system to look for session variable every time the page refresh if the variable is valid then the page refresh to the current position of the user and if the variable is not valid it redirects to the login page again.

So, one thing is clear from here if we manage to get the session variable of our victim we can access their account without knowing their username and password but it is only possible if the hacker and victim are on the same network. And now the question is how to do that. Well, i will show you how exactly its done but not in this article but in other article please subscribe my blog and keep visiting i will demonstrate this process by making a video on my you tube channel. Now,lets move to the next Part.

Using Keylogger:

Well, Keylogger is a kind of spy software which is used to capture the keystroke of the victim's keyboard and send them back to the hacker anonymously through internet. To know more about keylogger please check this article.

Phishing Attack:

Just put the pressure on your brain and try to remember how you login to your facebook's account. 
 1. you go to www.facebook.com
 2. You enter your Username in username field 
 3. Then you enter your Password in password field
 4. and then you press or click login button and voila.  you are in .

In this attack we are only interested in username and password fields. You must be thinking that what i am talking about. Well, you got a point. Listen to me carefully if you are a web developer you must be familiar with the concept of HTML FORMS and if you not then no need to worry i will clear your all the doubts.

Whenever we want to pass our information to the server we use HTML Forms in our case where you type your username and password is called as HTML Form its only purpose to transfer everything written in those boxes to the server when Login button is pressed and the basic format of HTML Form is shown below:

<form action="xyz.com" method="post">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" name="login" value="login" />
</form>

If you go to facebook.com in the login screen if you press ctrl + u  you will be able to see the source code of facebook login page and you will see a lot of weird stuff but along with it somewhere this <form ............. /form> will be shown too .  and this is what we are looking for. Now lets move further let me explain the above code to you.
The above code says that whenever you press login button after entering username and password the data in the username and password field is transferred to the link which is written inside double quotes i.e. xyz.com in facebook's case its a long address. as we cannot access that address directly but the main point is that action field.  Suppose if we manage to change that action address to our custom made address then the password written by the victim will directly come to us in plain text field. 

It sounds simple but trust me it ain't you cannot change the facebook.com's page code because its compiled to your system from the server. You cannot change it however you can view it. 

So, What if you manage to make a exact copy of facebook's login page with little customization in form action target address and send it to your victim and if they enter their login info into that fake page. you will get their login details without any problem. 

Still confused???

Its OK have a look at this demonstration video i specially created for you ..  I recorded this video live on you tube to declare it 100% work capability Here are its both parts. have a look at it and reserve your queries for the comment box. 

This is only a demonstration video i will make another one with proper explanation.

PART 1


 

PART 2



Please Subscribe to my channel for Further Videos

https://www.youtube.com/channel/UCWj1e516HULwfS2JxW9Mv3w

 Some Technical Stuff

When you create an account on facebook. You enter all the info like username , password etc and then press signup button ..  after pressing signup button the data you entered passes through different processes before it gets saved to the database. and if  the information you provided is according to facebook's requirements it gets hashed i mean it gets converted to special set of alphanumeric string specially your username and password with the help of an irreversible algorithm i.e its a one way process once its converted it cannot be converted back to the normal form and the only way to crack it and it is a very long process depending upon the complexity of the data or in our case password. Easy and small passwords are cracked easily. 

For example: suppose i created an account on facebook with the password "12345" it will stored as "827ccb0eea8a706c4c34a16891f84e7b" in the database

The Conclusion

Let us assume if you are succeeded to  break the security of facebook and able to gain direct access to the database where the password is stored. you will never get plain text password you will always get hash and as i said earlier hash cannot be dehashed  it can only be cracked and suppose if the password you are trying to crack is more than 8 characters in length then it will take years to crack even NASA's attached array processors will take months to crack a password more than 8 characters alphanumeric. So, you cannot hack facebook directly and no software can. However you can hack the user because users are easy to hack.

From the Author 

This article is for education purpose only. Hacking is a crime. I am not responsible for any kind of legal action Thank you.
Hey, if you liked my article feel free to share and if you have question feel free to contact:



Thursday, October 27, 2016

Concept of keylogger



Introduction to Keylogger 




If you are familiar with Computer Hacking Culture, you probably would have listen about the Term "Keylogger". Well Today in this article we will discuss this topic in detail. If you are new in the computer world, you must be thinking about two things right now:
  • What is Computer Hacking
  • What is Key Logger

Well, If you want to know about computer hacking please refer to my another article "Introduction to Computer Hacking". 


Let's talk about the main topic for now i.e. Keylogger. Well I will answer this question in a minute, I am saying this because  to understand what keylogger is one must understand its basic and logic first.

I am assuming that you already know the working of keyboard and its basic design also.


Ok, Let's begin......


We all know that every keyboard has a combination 5 types of keys:

  •  Function Keys
  • Numeric Keys
  • Alphabetical Keys
  •  Arithmetic  Keys
  • Special Keys

All these keys performs their own defined function when pressed. For Example : When you press "A" Key from the keyboard, the letter "A" is printed on the screen similarly with all the remaining keys.

This was the basic detail. In order to know the exact meaning and working of Keylogger we need to have depth knowledge of working of these keys.

Working of Keyboard Keys


You must be thinking that why I am talking about Keyboards so much , Well wait for a while you will get your answer. So, !!  are you ready to take a dive in technical ocean!!! 


First thing you need to know that computer recognize a different language than we humans do, I mean to say that Computer does not know English language or any other language it converts the human understandable language to the computer understandable form and it is called Hi level language conversion to Low Level Language Conversion.

  •  Hi Level Language is a language that is understandable by us Human Beings. For Eg. English, Hindi etc.
  • Low Level Language is a language that computer understands i.e.  Binary Language or machine language.

You must be thinking that then why letters on keyboard keys are always Printed in Hi Level Language and what is binary language and what is the need for conversion. Well, I will answer these questions of yours one by one.


  1.  If English is a human's language than Binary is a digital circuit's language. In Binary language for example The letter A is written as "01000001" and our human mind is not very good with numbers i mean to say that human mind can process alphabet more efficiently than numbers and to prove that let's take an example of letter  "A" Just close your eyes and think about letter "A" in your mind your mind will start guessing things that starts with "letter A" like an apple, or someone's name that starts with "A" example Aryan etc. it's like Google search you type something in search box and Google starts guessing things on the basis of your query. Now, Similarly Picture a number  "1" in your mind like the same way you did earlier with letter "A" you will see nothing will come into your mind. 
  2. So, This activity tells us that our mind is good with letter but not numbers and this is the reason why all the website addresses are in English language and all the keys have English or hi level language printed on our keyboard.
  3. Binary Language as i discussed before is a digital circuit's language. All the digital circuits operates on binary or machine language or Low level Language. To know more about Binary Language Please check this article.

Now, We have enough knowledge to understand the working and concept of Key logger. Now, i will answer your much awaited question.

What is Key logger


In simple language, key logger is a kind of malicious software which is used by cyber criminals to capture the victim's key strokes and save them in a secret file and then send it to the owned through a particular medium.

Working of Key logger




Suppose you are an internet banker. You make huge transactions from one bank to another in the whole day . In order to make those transactions you will have to login to your bank account online i.e. if you have your correct Login Credentials only then you will be able to manage your transactions. That means if someone knows your login credentials he/she can make transactions from your account too. 


So, the basic concept of key logging is to steal this kind of curtail information from the victim without letting them know.


A computer infected with key logger captures all the key strokes that are made by the victim from the keyboard of that particular computer in binary form and stores them in a secret storage and then sent it to the cyber criminal who created it  through internet or by other mean. 

Key Logger In your System


If key logger is installed in your system your system will start showing some of the common symptoms .

  • Delayed System Booting or starting
  • Frequent Hangs
  •  Sudden Screen flashing after particular interval of time
  •  Slow Processing
  • Delay in displaying the character after pressing key from the key board. etc.

Now, You must be thinking that how key logger sends information to the Cyber Criminal! well, if you want to know that you must have the basic knowledge of computer networks.

Computer Networks


Well, if you search on internet you will get plenty of knowledge about Computer Networks. In simple Words when two or more computers or devices connected together in order to share information through a medium is called computer networking and that "medium" is called  computer network and that medium can be anything wired or wireless or combination of both. 


It is a vast concept and will be discussed in other article, for now we will be focusing on the role of network in key logger concept.

Role of Computer Network in Key logger Concept


Key logger always works on the concept of Server Client Model of network topology i.e. a cyber criminal installs the key logger's server in his/her system and configures it to listen to a particular connection  and in same way  he/she also configures the client key logger to  send data to that particular connection silently via Computer Network.  


Modern Keylogger have become very handy and intelligent. Some of the key logger comes with automated configuration and provides the functionality of not logging the key strokes only but capturing screenshot of current window , recording voice calls and even recording net traffic also. and send the interval reports through emails also.

How it Happens


Now, Let's talk about how key logger gets into your system.


Simply, Creating or configuring key logger is easy as compared to fooling the Victim to install it on their system.  Cyber Criminal sends keylogger  through:

  •  Malicious websites
  • Patching Them in Popular Applications and upload them on the un verified websites or torrent websites or cracks or patches of Cracked Software.
  •  Malicious Advertisements
  • Through Network or Email Link.
  • Through Portable Media or Manual Installation.

Protection Measures


Yes, It is True you can also protect yourself from this kind of threats. 


  •   Update Your Operating System regularly
  •   Configure or Check your Firewall
  •   Install Internet Security Suits and Update them regularly.
  •   Do not Download Things from un trusted Source
  •   Do not click on annoying adds while surfing from un trusted source
  •   Do not Download Cracked Software
  •   Do not Download Data from Torrent Sites with making Security Measures
  •   Do not Open unknown Emails and Download attachments. Always scan before Download.

While entering critical information like login Credentials on internet  always use Virtual Keyboards because keylogger can only steal key strokes but there is no key logger is available till date which can capture mouse movements .

Things To Know


Keylogger are not only used for malicious purpose but their form of Software Key logger is used by Employers to keep an eye on their employees  to see what they are doing and these kind of keylogger are commercially available on internet.

Important Information




Keyloggers are or two types :

  •  Software Keylogger
  •  Hardware Keylogger

I have told you about software keylogger. however, Hardware Keylogger are difficult to detect in case if they are embedded in the chip of a component. But Normally they look like a USB Pen drive which can be connected in the USB Port and USB Keyboard than connected to that key logger. While Using Computer in Cyber Cafe, an intelligent person will check the USB port of keyboard to see if its directly attached to the mother board or not. if its attached directly then you can use internet on that system. 



Software Keylogger can be detected manually also. We are working on a video tutorial soon it will be uploaded on our you tube channel and shared on our social media profiles including our blog.



If you like this Article please Like share and Comment



Twitter: @cybergears25

You Tube: Cybergears