Sunday, July 28, 2013

Who is a hacker? What are computer hackers?

Who is a hacker?

It is not necessary that to become a hacker you need extreme computer skills! There is a BIG misconception that "A hacker is a person who sits in front of his box [computer] hacking webistes / programming viruses all day!" NO! its completely wrong!
 Before understanding the term "hacker", try to understand the meaning of the word "Hack".
Hack means to find solutions to problems or to study a particular thing/object and modify it according to our needs to make it work efficiently and faster..! Alternately, A Hack can be any act by which we can recreate an object to make it work our way!
A Hacker is a person who knows "How to Hack" i.e. how to make efficient use of things according to one's need.
Computer Hackers are the ones which study computers, understand how things work around inside the box and try to make full use of it with the help of programming skills. There are two types of Computer Hackers :
i] Hardware Hackers
ii] Software Hackers

1] Hardware Hackers:

This type of hackers work with the hardware [it may be cellphone, cpu, gps etc] and modify/build gadgets for their own purpose. Not much people are interested in working with the hardware.

2] Software Hackers:

This type of hackers are the ones which work with any type of computer/mobile software and find bugs or create viruses to gain access to other systems legally or illegally. This hackers are expert computer programmers. They are further classified into three types :
a] White Hat
b] Black Hat
c] Gray Hat

Any queries regarding this post will be answered via comments, or you can ask me on my facebook page!

White Hat, Black Hat and Gray Hat hackers

Continued Who is a hacker? What are computer hackers?

a] White Hat Hackers : 

A White Hat hacker is not a person who wears a White Hat! He/She is a person who hacks any system or software in a legal way by reporting the bug to the creator/programmer/security personal of the software/system. Some companies have their own "Bug Bounty" Programs i.e. They may list your name with a "Thanks" message for helping them find bugs in their system. In some cases the company might give some amount of money based on the severity of the bug. The White Hat hackers who find and report bugs in such softwares are termed as "Bounty Hunters".

b] Black Hat Hackers :

A Black Hat hacker is opposite of a White Hat hacker. Instead of reporting the bug to the respective authority he tries to make use of the bug for his own malicious purpose. Such hackers create viruses and key-loggers to steal login information of the victims and earn money through it. These hackers also hack into websites and steal credit card information from the website.

c] Gray Hat Hackers :

The work of this type of hackers depends on the situation i.e. sometimes they may need to act like a White Hat hackers and sometimes like Black Hat hackers hence they are known as "Gray Hat Hackers"

Any queries regarding this post will be answered via comments, or you can ask me on my facebook page!

Saturday, July 20, 2013

Hack a Facebook by Resetting the Password!

 From few days many of my friends from my college asked me whether I know how to hack a facebook account. Well that's the reason for writing this post. In this post I will tell you how to hack a facebook account using 'Forgot Password' option.
    Well, there are many ways to get access to someone's facebook account but the most commonly used three methods are :

1. Reset Password of Victim.
2. Use Phishing method [Fake Login Page].
3. Using Keyloggers.

Out of this three I am going to discuss here the first method which is very easy.

*NOTE : You cannot hack each and every facebook account using any method! The people working at facebook are not fools to let you do it that easily.

Never use any website/software which says that it can hack facebook accounts! Such websites and softwares [Viruses] are created by hackers and instead of hacking someone's account you yourself might loose access to your account! 
Also note that you agree this condition before reading further : You solely are responsible for doing any illegal activities and this post should be read just for educational purpose and to know how hackers hack facebook accounts so that you can secure your account!

Okay lets get started!
Before you try to hack a facebook account using this method, first create a new email id [You'll get to know why soon!]
1. Whenever you try hacking into someone's account the first step is to identify and gather as much information as possible about the victim. For ex. Email id, phone no. , date of birth, interests/hobbies etc. You can find it in their facebook account easily.

2. Now after getting the information about the victim logout of your facebook account and click on the 'Forgot Your Password' link given just below the login box or click here.

3. Now if you know any of the information [email id or username or full name] of the victim just enter it and click 'search'.
You will get a prompt like this :

Click To Zoom
Since we do not have access to the victims email address we will click on 'No longer have access to these'.
Now if you get a page which asks you to enter a new email id then you are lucky because it means that the victim has set a security question! :)

Click To Zoom

4. Now enter the new email address which I told you to create earlier in this tutorial and click 'Continue'.
Click To Zoom

5. We are almost there! Its the last barrier between us and the victim's facebook account! Now here comes the test of your guessing power and knowledge you have about your victim. Try guessing the answer and if you get it correct then it will ask you to enter the new password! :D
[Note that in some cases the facebook account might get locked for 24 hrs!]

If in case the above shown method doesn't work for you then you can try hacking into the email address of the victim using the same method [Forgot Password] and then reset the password.

Any queries regarding this post will be answered via comments, or you can ask me on my facebook page!

Wednesday, July 17, 2013

Avoiding SQL Injection via Base64 Encoding

Recently I was working on a small project programmed in PHP and MySQL. At first, while coding, I had forgotten to check whether the code is safe from SQL injection or not! Then while testing my PHP scripts I mistakenly inputed a " ' " apostrophe and BAM! i got an error stating :

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near..."

     I understood what must have happened in the code, I had forgotten to add code to sanitize/test the $_POST[]; variable for improper inputs! Now I had two chances :
1. Use Regular Expressions and match the input for invalid input  OR
2. Do it my way : Try to encode the input string before executing the SQL statements.

I wanted to choose a simpler way for fixing this SQL injection bug, so here's what i decided to do :
I thought that if I pass base64 encoded data in mysql query I would not have to use complicated regular expressions to sanitize input and I would be easily able to store the input data in base64 format in the database without any security risk.

1. Accept input using this code : $my_var = base64_encode($_POST['input']);
Done ! Now I was able to use my INSERT statement without any errors!

*Note that when you use the SELECT statement for outputting the information from database define a new variable $new_data = base64_decode($selected_data); to convert the base64 encoded data stored in DB back to decoded text.

Here's a short Algorithm :
*Accepting input :
1. READ INPUT via $_POST[] or $_GET[]
2. CONVERT INPUT to Base64 encoded text : INPUT = base64_encode(INPUT);
3. INSERT new encoded INPUT into DATABASE.

*Outputting value from DB :
1. SELECT data from DB in a variable ex. $data = mysql_query();
2. DECODE base64 encoded data from DB : $data = base64_decode($data);
3. Output the data.

In this way you can easily get rid from sql injection vulnerabilities in your scripts.

Liked this post? Then why not join our Facebook page to stay updated :