How to hack remote computer using IP Address

How to hack remote computer using IP Address

Posted by Abhishek Anand

Literally, hacking is accessing something or somebody in internet without their permission or interest. While, speaking in summary, hacking is very easy job, it is like instead of using front door, finding the hidden door of a house and hijacking the precious things. Among all the hacking, hacking via IP address is one of the most common yet powerful beginning.

You may want to hack the website and put your advertisement there or grab some database information In this type of hacking, you are playing with the web server’s computer instead of the administrator’s computer. Because, www.website.com is hosted in separate web server rather than personal computer.

Another can be accessing your friend’s computer from your home. Again this is IP based and this is possible only when your friend’s computer is online. If it is off or not connected to internet then remote IP hacking is totally impossible.

Well, both of the hacking has the same process. Let’s summarize what we must do.

1. Confirm the website or a computer you want to hack.
2. Find or trace their IP address.
3. Make sure that IP address is online
4. Scan for open ports
5. Check for venerable ports
6. access through the port
7. Brute-force username and password

Now let me describe in brief in merely basic steps that a child can understand it.

First, getting the IP address of victim.

To get the IP address of the victim website, ping for it in command prompt.

For example,

ping www.google.com

will fetch the IP address of Google.com

This is how we can get the IP address of the victims website.

How about your friend’s PC? You can’t do www.yourfirend’sname.com, can you? Finding your friend’s IP address is little tough job, and tougher it is if he has dynamic IP address that keeps changing.

One of the widely used method to detect IP address of your friend is by chatting with him.

You might find this article helpful

• How to get the IP address using MSN/Yahoo/Pidgin messenger

Now you got the IP address right? Is it online?

To know the online status just ping the IP address, if it is online it will reply.

If the IP address is online, scan for the open ports. Open ports are like closed door without locks, you can go inside and outside easily.

Use Advanced Port Scanner to scan all open and venerable ports.

Now you’ve IP address and open port address of the victim, you can now use telnet to try to access them. Make sure that you’ve telnet enabled in your computer or install it from Control panel > Add remove programs > add windows components.

Now open command prompt and use telnet command to access to the IP address. Use following syntax for connection.

telnet [IP address] [Port]

You’ll be asked to input login information.

If you can guess the informations easily then it’s OK. Or you can use some brute-forcing tools like this one.

In this way you’ll able to hack remove computer using only IP address:

Read More

Make real Money

GOT FIRST PAYMENT OF 50 EUROS FROM MARKETGLORY BY PLAYING GAME FREE

Hello friends, this is to inform all Hackingloops users that Marketglory has passed the payment test. Today i got my first payment of 50 Euros from marketglory, so they really pay. So friends its safe to join marketglory, your time will not be wasted. Marketglory is an strategic game very similar to mafia wars which allows you to convert all virtual money into real money and you can cash out that when you reach minimum withdrawal amount i.e. 20 Euros. Earning is little slow at start but once you get rhythm then its an perfect money making opportunity. So why you guys still waiting join market glory now and earn real money for playing game for which you previously get nothing but marketglory pays for it. Join Now by clicking image below

Click here to Join
Click to Join Now
  
Tips to earn fast in Market Glory:

There are too many things to do in market glory game, but i will first explain the start up things fast so that you can earn and upgrade fast.
There are 4 basic things in game :
1. Energy
2. Experience
3. Knowledge
4. Productivity : Its mean of above three.

1. Referral Fights : After registering in marketglory, you can see fight option in menu there first one is Referral fights. In one day you can fight 10 times, you will get fight bonus of everytime based on your energy. If you regularly fight 10 times you will be some amount depending upon your energy.
Energy can be increased by Consuming milk, food, coffee, wine, cheese, buying clothes, buying house. But remember for first two days no need to buy anything from market.  On third day when you have some balance buy high quality milk from local market because it costs lowest and gives 5 Energy points. So from third day first consume milk and then fight for next one week but note milk can only be purchased once in 24 hours. This will boost your funds a bit, then you can focus on clothes, clothes give energy for 10 days.

2. Work Daily : Work is important task and you can work once in 24 hours and will get paid according to your productivity. If you work 3 days consecutively without miss then you will get work bonus on third day which is 10 times normal daily wage. So if you get wage of 1 then you will get work bonus of 10 on third day. So continuity is the key in work field.

3. Markets : There are two types of markets in marketglory, one is local market and other is global market. In local market you can buy products in local currency and in global market you can buy things in gold. 10 Currency is equal to 1 Gold and 5 Gold is equal to 1 Euro. Average keeps fluctuating around it.

Initial days tasks to do (maintain the order to gain maximum profits):
Day 1: Nothing, 10 referral fights, work
Day 2: Nothing, 10 referral fights, work
Day 3: Buy High Quality Milk, 10 Referral fights, work ( will get work bonus)
Day 4: HQ Milk, 10 referral fights, work
Day 5: HQ Milk, 10 referral fights, work
Day 6: HQ Milk, work, 10 referral fights, Work bonus based on productivity, first work then fight because you will get 10 times approx work bonus.
Day 7: HQ Milk, One HQ Food ( please set according to food timings as its served 4 times in a day), so you will have 11 energy now, 10 referral fights, work. Now do this regularly, but always check the food consumption timing and milk consuming both should be close to each other. 10 fights will give you atleast 10 local currency. Now for this day repeat the day 7 for as long as you want. Then you can buy clothes and houses to keep constant energy above 25. Means near 2.5 Local currency per fight.

Note: Don't use financial market for currency exchange too frequent because tax is deducted for using it. Convert once a week is a good option. First week you will have near 10-15 Local Currency but by next week it will be near 20+ and then constantly increase.

Join Market Glory now :

http://www.marketglory.com/strategygame/Abhishek12



We all know there are shortcuts to everything, if you want to earn fast invest some Euros in your account and spend them wisely like open companies in countries like Phillipines, turkey etc, upgrade you area rank to get regular euro bonus. Arena is important to earn fast. Daily arena bonus is provided depending upon your arena rank but for arena there are 3 basic requirements i.e. one attack weapon, one defense weapon and 5 Energy points. This should be present in your account at time of 12:00 server time to get arena bonus.

If you have any queries ask me in form of comments. Have fun and earn money.

Read More

HOW TO VERIFY PAYPALWITHOUT CREDIT CARD OR DEBIT CARD

HOW TO VERIFY PAYPAL WITHOUT CREDIT CARD OR DEBIT CARD

Posted By: Abhishek Anand

Hello Guys welcome back , Today I am going to share with you all "How to verify the Paypal Account Without having Credit Card or Debit Card" . This is the General Problem, So we are discussing that.Most of us Think that its Pity Difficult to verify Paypal Account without Credit or Debit Card but believe me Guys its Easy like 123... in a Go...So Read On...


For Verifying Paypal Account you will need two Things:
1. A Paypal Account (lol its Obvious).
2. A Bank Account (that you will attach with paypal to verify ur Account).

VERIFY YOUR PAYPAL ACCOUNT:
Follow the Below Simple Steps to Verify your Paypal Account and Enjoy the Full Features of Paypal Without Restrictions:

Step1 : Login to your PayPal account then Open “my account Tab”. Go to “Profile” then click “Add/edit Bank Account”.  Add and then complete all the needed information.

Step2: PayPal will email you a notification on how to confirm your bank accountand get verified. PayPal will make two small deposits to your bank accounton a specific date.

Step3: Check your bank account and note the exact amounts of those deposits.

Step4: Log in to your PayPal account and click Confirm bank account on the Account Overview page. Enter the two deposit amounts to get verified.


That's all the Process to Verify the Paypal Account. So Enjoy Guys.
If you have Any Query Ask in Form Of Comments :)

Read More

HOW TO USE PREMIUM ACCOUNTCOOKIES OF PAID WEBSITES

HOW TO USE PREMIUM ACCOUNTCOOKIES OF PAID WEBSITES

Posted By: Abhishek Anand

Premium cookies are those cookies which provides us authorization or rights to access the premium account without actually having or Owning it. Cookies are basically strings that have the information of the session for a particular user and the website path. By using the premium cookies, we can get the access of the premium account access and thus we can download as much as we want from those file hosting websites like Hotfile, Fileserve, Filesonic, Rapidshare, Megaupload etc..

How to use premium accounts cookie for Hotfile, Fileserve, Filesonic, Rapidshare

Below i have shared how to use premium cookies for different websites and get the access of premium account to download unlimited from paid file hosting websites.

  

First of all you need to install Cookie Editor:

1. Install the latest version of Firefox
2. Go to this link -- https://addons.mozilla.org/en-US/firefox/addon/13793/
and install add and edit cookies and restart Firefox.

HOTFILE Instructions:

1. Sign up a new Free account on http://hotfile.com

2. Sign in with your hotfile free account.
3. From the Firefox menu, click to Tools then select Cookie Editor.
4. Now in filter bar search for hotfile
5. The cookie name is AUTH ( you need to sign-in first to hotfile before you can see the cookie auth ) .
6. Now copy the Premium Cookie to the content bar. Click on save.
7. Copy/Paste the link that you want to download to Firefox.


FILESERVE OR FILESONIC Instructions:

1. Open www.fileserve.com
2. Now on firefox click tools>cookie editor
3. Now in the top of cookie editor you will see a filter bar
4. Now in filter bar search fileserve
5. The cookie name is PHPSESSID
6. Now copy the Premium Cookie to the content bar. Click on save.
7. Copy/Paste the link that you want to download to Firefox.


RAPIDSHARE Instructions:

1. Sign in with your Rapidshare free account.
2. From the Firefox menu, click to Tools then select Cookie Editor.
3. Now in filter bar search for Rapidshare
4. The cookie name is ENC ( you need to sign-in first to rapidshare before you can see the cookie enc ) .
5. Now copy the Premium Cookie to the content bar. Click on save.
6. Copy/Paste the link that you want to download to Firefox.


MEGAUPLOAD Instructions:

1. Sign in with your megaupload free account.
2. From the Firefox menu, click to Tools then select Cookie Editor.
3. Now in filter bar search for megaupload
4. The cookie name is USER ( you need to sign-in first to Megaupload before you can see the cookie user ) .
5. Now copy the Premium Cookie to the content bar. Click on save.
6. Copy/Paste the link that you want to download to Firefox.

Read More

HOW TO HACK DATABASE ONLINE TUTORIAL PART 1 - BASICS OF DATABASE HACKING

Posted By: Abhishek Anand

Hello friends, welcome to worlds one of the best Ethical Hacking Teaching websites online. Today we will learn basics of Database Hacking, how to hack database online. In this tutorial we will learn what should we know prior to begin database hacking like what is database? Different types of Databases? What is Query? What all things we must know before starting to hack a Database? Most of us have heard things daily in the news that some website is Hacked? 1000's of customers crucial information is leaked. Millions of credit card information stolen by some Hacking Group. What is that? Well that is nothing just Hackers have owned the Database of the Company or website. In layman terms, Database is the heart of any Website. Like our heart pumps in blood in our veins similarly Queries flow though the database to and fro on all requests. Similarly like heart, if we own the database that means we have captured everything because its the database where everything small piece of information is stored. So Hackers only rule should be forget the rest OWN the database.  Lets learn what all things hacker should know or have before hacking any database online.

What Is a Database?

A database is a system of software to store and retrieve information in a structured format. Early databases were flat files, kind of like a big Excel file. As databases got bigger and bigger, this simple structure proved inefficient.

As a result, a scientist at IBM, Dr. Codd, developed a structure that came to be known as the relational database model. It is this model that about 97% of all databases now use, and this includes all the major software companies.

The basics of the relational model is that data should be placed in separate tables with unique keys that link the tables to avoid data duplication and to ease the retrieval of this data.

The Structure of a Database

This relational database model links data from separate tables by using a shared column or "key". The diagram below is of a simple relational database model where all the tables are linked by the column "ID". Structure sample is shown below:

Major Vendors in the Database Market

The enterprise database market has multiple vendors offering products that can accomplish the same task, but in different ways. The major players in this market are:

Oracle : They are the behemoth in this market with nearly 50% market share. They own multiple different database software products, including their namesake and MySQL.

Microsoft SQL Server : Microsoft entered this market in the early '90s by teaming up with Sybase to develop an enterprise database offering. As a result, MS SQL Server and Sybase still share many similarities. Originally, Microsoft was only a player in the small business market, but is slowly gaining traction in the larger enterprise market.

MySQL : This is an open-source database that you will find behind so many web sites, in part, because it's free.

IBM DB2 : IBM was the original enterprise database provider and made many the major developments in database design, but like everything about IBM, it has been in decline in recent decades.

Other major vendors include Sybase, SAS, PostgreSQL (open source), and many others. Generally, like any hack, we need to do good recon to determine the software and version to be successful as most of the database hacks are vendor specific.

Structured Query Language (SQL)

When IBM developed the early databases, they also developed a programming language for managing and manipulation this data. They called it "Structured Query Language" or as it is generally known, SQL.

This is a simple language that uses English words in similar ways that humans who speak English use them. For instance...

SELECT means "select some data from columns in a table"
FROM means "get the data from this table"
WHERE means select the data that meets this condition (lastname = 'Singh').

Furthermore, words such as UPDATE, INSERT, and DROP mean in SQL exactly what you would expect them to mean.

SQL is not picky about syntax, but it is picky about logic. Although best practice is to CAPITALIZE all keywords (SELECT, FROM, WHERE), it's not required. In addition, white space is ignored. All but Microsoft, though, require that a SQL statement to end in a semicolon (;). On Microsoft products, it's optional.

SQL is standardized by ANSI, but this standardization only includes about 80% of the language or the core of SQL. Software publishers are free to add additional commands and features that are not part of the standard. This can sometimes make it difficult to transport SQL code between DBMS. It also makes it critical to do good reconnaissance on the database to know the manufacturer and the version before attacking as the attacks are often specific to the manufacturer and the version.

Each of the DBMS can be used from a command line, but each has its own GUI. Recently, MySQL released a new GUI called Workbench as seen in the previous section.

Oracle, Microsoft, and the others have similar GUIs that allow the administrator to access their systems.

Basic SQL Query

When we need to extract data from the database, it's said that we are "querying" the database. As databases are repositories for data, the ability to extract or query data is among the most important functions. As a hacker, we want to extract data, so the query is critical to getting the goods.

The basic structure of the query looks like this:

SELECT <columns>
FROM <table>
WHERE <conditions>

This statement says "give me the data in the columns listed in the SELECT statement from the table that comes after the FROM keyword but only give me the rows that meet the conditions that come after the WHERE keyword."

So, if we wanted to get first name, last name, username, and password from the staff table for employees with the last name of "Singh" we could construct a statement like this:

SELECT first_name, last_name, username, password
FROM staff
WHERE last_name = 'Singh";

SQL Injection

SQL injection is the most common database attack and is probably responsible for the largest dollar volume of losses from cyber crime and advanced persistent threat (APT).

It basically involves putting SQL commands in the data forms of webpages that connect to a database. These forms then send these SQL commands back to the database and the database will either authenticate the user (yes, authentication is a database function) or give up the target data.

In future tutorials, we will spend quite a bit of time using SQL injection tools and executing SQL injection attacks.

Other Vulnerabilities

Besides showing you how to do SQL injection, we will examine some of the other of vulnerabilities in databases. These involve authentication, using the database to compromising the operating system, and several others.

Now that we having covered the basics things related to databases, in future tutorials I will show you how to hack into these databases, so keep coming back!

If you have any queries ask me in form of comments. 

Read More

10 STEP GUIDE TO PREVENT SQL INJECTION

Posted By: Abhishek Anand

Hello Friends, it new year and now lets dedicate this year to Web security and ethics.

Note my point:

" Security doesn't suffers because of Hackers, It suffers because of unaware developers and inappropriate programming techniques".

So friends, let have a resolution this year that we will learn everything and utilize our knowledge only for Good causes and HackingLoops will always be there to help you in fulfilling your resolution.

And accept one bitter truth :

"You can never stop hackers to hack something, you can just make his task harder by putting some extra security"

SQL injection is one of the most common and dangerous security threat in the software and web industry. SQL injection is nothing, just a failure to prevent the applications (web or software) database structure consistent. SQL injections are dangerous because they are a open windows to hackers to enter in your system through your Web interface and perform whatever they like i.e. delete tables, modify databases, exposing your users informations, or even get hold of your corporate network.

Some people say SQL injection is because of web hosting providers weak security system but my dear friends, SQL injection is a programming based issue, and believe me it has nothing to do with Web hosting providers. It's completely a programmatic issue i.e programmer has forgot to handle the strings properly in its application or sometimes doesn't handled the dynamic queries and its variables correctly. ok..ok.. Let me explain this in detail how SQL injection or any other web or application injection attack works?

My first question is that why SQL injection attacks occurs so frequently?

The answer is quite simple, SQL is most popular language for database management and all know, popularity drives risks. More people know the things, more vulnerabilities can be discovered. But this is partially true in case of SQL injection. I can understand sometimes loophole or bug lies with the programming language but most of times its because of lack of sufficient knowledge. When i was a college student, i attended a SQL coaching classes, i appreciate what knowledge they have provided me but its ironical, they never taught me secured programming practices and not a single lecture on how to harden the SQL server and how to fix its loopholes. And i can guarantee its the same case for most of us and programmers or web developers that suffers most are self learners. Always consider the fact 

"Little knowledge is a dangerous thing".

SQL injection risks arise every time when a programmer creates a dynamic database query, which contains or accepts user input. So SQL injection can be prevented by following two things:

1. Avoiding use of dynamic queries.

2. Not allowing user inputs in your queries

Oops! both solution sounds little bit weird isn't it... off  course these solutions sounds ridiculous, as most of queries are dynamic in case of complex websites, and second if you don't allow user input into your queries, efficiency will be hugely affected. Accessing user data will going to take ample amount of time and everybody knows, users don't like to wait... 

So friends lets see the solutions in more technical way, that which 10 steps can protect your website from SQL injection:

 1. Use dynamic SQL if and only if there is no other alternative

 2. Escape user input always

 3. Always assume magic quotes is off

 4. Install security updates and patches regularly

 5. Remove all the dead SQL's or other codes that you don't use

 6. Never display the system defined error message for SQL errors 

 7. Store database credentials in a separate file

 8. Use the principle of least privilege

 9. Disable shells

 10. Use SQL injection Hack tools to check vulnerabilities

Lets discuss these techniques one by one in detail to make our website fire proof against all SQL injection hacking attempts:

1. Use Dynamic SQL queries if and only if there is no other alternative

Dynamic SQL can almost always be replaced with prepared statements, parameterized queries, or stored procedures. For instance, instead of dynamic SQL, in Java you can use PreparedStatement() with bind variables, in .NET you can use parameterized queries, such as SqlCommand() or OleDbCommand() with bind variables, and in PHP you can use PDO with strongly typed parameterized queries (using bindParam()).

In addition to prepared statements, you can use stored procedures. Unlike prepared statements, stored procedures are kept in the database but both require first to define the SQL code, and then to pass parameters.

Parameterized Queries:

SQL Server, like many other database systems, supports a concept called parametrized queries. This is where the SQL Query uses a parameter instead of injecting the values directly into the command. 

Consider the following Query:

string cmdText=string.Format("SELECT * FROM Customers "+
    "WHERE Country='{0}'", countryName);
SqlCommand cmd = new SqlCommand(cmdText, conn);

the same query can easily rewritten using parameters:

 string commandText = "SELECT * FROM Customers "+
    "WHERE Country=@CountryName";
SqlCommand cmd = new SqlCommand(commandText, conn);
cmd.Parameters.Add("@CountryName",countryName);

The value is replaced by a placeholder, the parameter, and then the parameter's value is added to the Parameters collection on the command.

Using Stored Procedures

Stored Procedures add an extra layer of security in to the design of a software or web application. In this case, as long as the interface on the stored procedure stays the same, the table structure can change with no noticeable consequence to the application that is using the database. This layer of abstraction also helps put up an extra barrier to potential attackers. If access to the data in SQL Server is only ever permitted via stored procedures, then permission does not need to be explicitly set on any of the tables. Therefore, none of the tables should ever need to be exposed directly to outside applications. For an outside application to read or modify the database, it must go through stored procedures. Even though some stored procedures, if used incorrectly, could potentially damage the database, but anything that can reduce the risk is beneficial.

Stored procedures can be written to validate any input that is sent to them to ensure the integrity of the data beyond the simple constraints otherwise available on the tables. Parameters can be checked for valid ranges. Information can be cross checked with data in other tables.

2. Escape User Input

The second biggest evil for SQL injections is user input. While you can’t always avoid user input completely, the next best thing is to escape it. Escaping user input doesn’t do as good job as limiting dynamic queries but still it can stop many SQL injection attacks. For instance, if you are using PHP, for GET and POST, use htmlspecialchars() to escape XSS characters and addslashes(), in case you using database. Alternatively, you can escape user input from inside your database but since the exact code varies from one database to the next, you should check with the docs of your database for the exact syntax to use.

3. Always assume magic quotes is turn off

When the magic_quotes_gpc variable is off, this can prevent some (but not all) SQL injection attacks. Unfortunately Magic quotes are not an ultimate defense against SQL injection and but their is much worse - sometimes they are turned off by default and you more worse is that you are not aware about it. This is why it is necessary to have code for the substitution of quotes with slashes. 

Here is the simplest way to turn off magic quotes:

$username = $_POST['username'];
$password = $_POST['password'];
if (!get_magic_quotes_gpc()) {
   $username = addslashes($username);
   $password = addslashes($password);

4. Install security updates and patches regularly

Even if your code doesn't have SQL vulnerabilities, when the database server, the operating system, or the development tools you use can have SQL vulnerabilities, and this is also risky. And everything that can become a risk should be taken care of. This is why you should always patch your system, especially your SQL server.

5. Remove all the dead SQL or other codes that you don't use

Database servers are complex beasts and they have much more functionality than you need. As far as security is concerned, more is never better. For instance, the xp_cmdshell extended stored procedure in MS SQL gives access to the shell and this is just what a hacker dreams of. This is why you should disable this procedure and any other functionality, which can easily be misused. Just remove or at least disable any functionality you can do without.

6. Never display the system defined error message for SQL errors

Error messages are useful to an attacker because they give additional information about the database and SQL queries. And all SQL attacks are usually based on type of error issued by SQL means type of error decides the hackers approach for hacking the website or application. A better solution that does not compromise security would be to display a generic error message that simply states an error has occurred with a unique ID. The unique ID means nothing to the user, but it will be logged along with the actual error diagnostics on the server which the technical support team has access to. This will protect your system even if SQL throws errors, hackers will never came to know that what error occurred. So play safe to enjoy safe.

7. Store database credentials in a separate file

In order to minimize the damage in case of an SQL injection attack, always store database credentials in a separate encrypted file. Now even if a hacker manages to break in, he or she won’t benefit much as he cannot do much in your database.

8. Use the principle of least privilege

The principle of least privilege is highly beneficial and it applies to SQL injections as well. Always think or check twice about what privileges you are providing to user or object. Suppose you wan to provide moderator access to some user, so only provide him the access of those tables which he/she need, rather than proving him the access of whole database. If you have to provide access to a system, its better to create partitioned table spaces inside database and provide access only to specific table space. This technique will drastically reduce the attack surface.

9. Disable Shells

Many databases offer shell access to the database which essentially is what an attacker or hacker needs. Because of this you need to close this open loophole. Every service provider has different method to disable the execution of shells on their database. So consult your Database documentation about how to disable shell access for your particular database or table space or particular table.

10. Use SQL injection Hack tools to check vulnerabilities 

Last but not the least, think like hacker. How a hacker can hack my database through SQL injection, what tools and techniques he can use to find the loopholes. You should always have a dry run of SQL injection hack tools like SQLi, Haviz, SQL injectme etc.  More if you can afford retina vulnerability scanner then its too good. As it consists of all latest exposed vulnerabilities.

Read More