New Post


Sunday, November 25, 2012
BEH Online Ethical Hacking Class : Configure Machine for Hacking

BEH Online Ethical Hacking Class : Configure Machine for Hacking

Hey friends, welcome to HackingLoops. Before starting BEH(Born Ethical Hackers) classes we must configure our system or machine for performing hacking tasks. Because performing hacking can cause damage your systems too and also its one of the major step for beginners to know which all tools we need to install on our system to learn Hacking. Below i have provided quick Hacking setup list which will help you to perform Ethical Hacking Lab tasks with ease. So go through them and install below items.

Born Ethical hackers
Tools for Born Ethical Hackers Lab

List of Tools need to be pre installed for setting up your system to perform BEH Lab tasks :
1. VMware ( for installing and mounting virtual operating systems).
2. Backtrack or Matruix OS Linux Live Disk or Operating system which need to be mounted on  VMware.
3. Installing servers :
a. IIS for windows based servers.
b. Apache Tomcat.
c. MySQL workbench.
d. Wamp for running PHP codes.
4. Microsoft Visual Studio ( full package with XML spy)
5. IDA pro
6. Swf Flash Decompiler
7. Olydbg
8. VB Decompiler
9. Filezilla FTP client
10. Resource Hacker
11. NMAP
12. Wireshark
13. Mozilla Firefox with Firebug or Google Chrome or IE8 +

The above is the mandatory list that you must have before performing Hacking stuff.

The other tools we will discuss on regular basis with our hacking classes. I hope you all will be able to install these tools on your machine. You might face problem in doing so, i am ready to help you out. If you have any issues while installing these or any problem in configuring those, feel free to ask.

Now its only 4 days for BEH class to start.
Sunday, November 18, 2012
Understand how Linux Password works | etc/Passwd File Format

Understand how Linux Password works | etc/Passwd File Format

Hey Friends, Hackingloops is back with another cool fundamental tutorial. Today we will learn How Linux Password works and will understand etc/Passwd file format in detail. Ahha... Forgot most of you are unaware what i am talking about. So let me explain first what is etc/Passwd is? Where it is used?
In Linux/Unix operating system etc/Passwd is place where all passwords are stored in encrypted format. To be more clear, /etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root).

Understanding fields in /etc/passwd

The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows.
Generally, passwd file entry looks as follows (click to enlarge image):
/etc/passwd file format
/etc/passwd file format

  1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file)
  5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Task: See User List

/etc/passwd is only used for local users only. To see list of all users, enter:
$ cat /etc/passwd
To search for a username called tom, enter:
$ grep tom /etc/passwd

/etc/passwd file permission

The permission on the /etc/passwd file should be read only to users (-rw-r--r--) and the owner must be root:
$ ls -l /etc/passwd
-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd

Reading /etc/passwd file

You can read /etc/passwd file using the while loop and IFS separator as follows:
# seven fields from /etc/passwd stored in $f1,f2...,$f7
while IFS=: read -r f1 f2 f3 f4 f5 f6 f7
 echo "User $f1 use $f7 shell and stores files in $f6 directory."
done < /etc/passwd

Your password is stored in /etc/shadow file

Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.
Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.

Thats all for today ! hope you all have enjoyed the article. If you have any queries ask in form of comments.

Thursday, November 8, 2012
3 Necessary things to become Expert Hacker

3 Necessary things to become Expert Hacker

Hey friends, being on road of Born Hackers club, i wish to share few of my thoughts that are necessary to become Expert Hacker. Hacking is always a fun, its something like playing pranks using your brain. Most of us always think that Hacking is just related to cracking someone's email or Facebook and then embarrassing the victim by doing childish pranks with his email or Facebook accounts. But if i share the truth, its absolutely not at all what we call word Hacking. I am not here redefining that word Hacking but its necessary for newbies/ignorants to know what actually is Hacking? 

Expert Hacker, How to become hacker, 3 things for being a hacker
3 Things to Become Expert Hacker

And before telling newbies/ignorants what Hacking actually is? I want to share what comes in category of newbies/ignorants. Below are some points which explains lot about newbies/ignorants :

1. Media/News : They always manipulate the word Hacking and always portray it as bad thing. Just for making their news spicy they portray the complete Hackers community as Criminals.
2. Parents/Elders(specially relatives who loves to gives advices) : I keep them in ignorants list because they never had hands on Hacking and what they listen from Media/News, they impose on their children and force their children to quit Hacking.
3. New Comers/ Newbies in Hacking : Most peoples are attracted toward hacking for one the following reasons. First to play pranks with their friends by hacking their emails or Facebook accounts. Second, the persons who want to take revenge and few times wanna hack girlfriends account.

Now what actually is Hacking? Ahh.. you might have read that in several books or online. Actually it varies from portal to portal, book to book etc. According to me :

Hacking is art of exploring the hidden things that are being hidden from general usage and finding loop holes in the security and use them to benefit the others.

Few days back i was going through some article on Times of India, and i was really shocked by seeing their definition of Hacking and more shocking was they have given references of wikipedia, so i browsed wikipedia and was totally shocked by seeing their definition. I am sure you all feel the same:

"Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)"

I hope now you all understand why i said first learn about ignorants and newbies. They completely forgot about the security aspect before defining above definition. For every good there is bad and what i thinks people enjoys bad stuff.

Now lets discuss what are 3 Necessary Things to become an Expert Hacker. We all know man is a born hacker. He keeps on exploring new things and new ways of doing things smartly and this curiosity ends with his life.

But do you really think all persons are that much smart. If you ask me then its Yes. Its the society and the environment around them which makes them stagnant. Is you life become stagnant or poised at some point. If yes, then i am your motivation. Below are the 3 necessary points which i feel are the necessities to become an Expert Hacker:

1.  Different Mindset i.e.Thinking stuff in different manners (Think jara Hatke ) : There are several ways of doing things. Say i want to send a email, some people will use GMail to send mail, some will use yahoo and some like us(Hackers) will use telnet or self set up mailers.

2. Curiosity ( kuch naya seekhne ka kidaa) : You must be curious in how things work rather on i have to use this. For example: you want to send email, so you must be curious in what is going inside like how mail is sent, what process is going in background. The day you get this ability none can stop you in becoming a great hacker.

3. Learning is the Key : The day you stop doing this you will again become a noob or novice. Continuous learning is the key. Never limit your scope of learning things and languages, more you learn more differently you can think, more you discover and more you enjoy.

That's all from my end for today. We all know we are born Hackers but we are lost in somewhere middle. May be i can act as torch for you to show you correct path.

Lokesh Singh
Owner of Hackingloops and CCodechamp
Designed by Hackingloops.