Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials

Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed

Join facebook group THE HACKER DEVIL

Basic Lab Setup For Hacker

Basic Lab Setup For Hacker

In this tutorial we will discus how you can setup a lab for yourself to practice hacking on your system. At very basic level a hacker is in need of 2-3 systems with a Wired LAN or Wireless LAN. But if you are the one who has started just like me with just one laptop or computer then possibly there's no way you can match this setup. So following was my solution to start practicing with only one laptop or PC meeting above criteria of multiple computers connected in LAN. At most basic level following are your requirements.

A Computer:
First of all a computer which must have minimum following configuration.
A processor with 1.7GHz clock speed,
120GB + Hard disk
2GB RAM, Please note than your RAM must be above 1GB for practicing. If your RAM is less than 1GB or 1GB I 'll highly recommend you buy 512MB module extra or 1GB gigs for you.

A Virtual PC Emulator:
A virtual PC emulator is needed since I assumed you don't have multiple PC's to setup your lab, even if you have it I would prefer to advice you to use a Virtual PC Emulator. There are several options to pick from but our pick is “Oracle's Virtual Box”. Reason its open source means free, low on resources, supports all kind of network types, no problem to setup screen options, it automatically setups resolution once you install guest installation and have nearly all that features that a professional virtual PC emulator may have. Following is download link to virtual box latest version.

A professional choice is VM-Ware. You can purchase it from following link if you want to run it on Mac.

Though VM-Ware have several advantages over Virtual Box, virtual box is just good to go. Prefer it if you want to shed money.

An Online Synchronization Service:
If you think even that needs shedding money, then I want to assure there's again a free alternative available, its name is Drop Box. Go to and create your personal free account then download its setup file and install for synchronization.

A Static IP Address:
Now that will be problem to get a static IP address since a static IP Address may cost you nearly $100 I.e approximately Rs.5000. But don't worry about it we have a free alternative solution to counter problem of static IP. So when there'll be need I 'll clear how to tackle it else even if you have money to shed I will not recommend it.

A PC restore utility:
There are no free alternative to PC Restore Utilities so we will work out on evaluation version. Download Farconics Deep Freeze from following link

IP Address Hiding Utility:
Proxy Servers, Anonymizors and VPS are some IP address hiding options. We will discuss them when their need will come in to play.

High Speed Internet Connection:
Of course when you want to learn hacking you need a high speed Internet connection. Opt for a USB dongle by BSNL, TATA, Reliance as mobile broadband and BSNL land-line broadband is just much better option. If you don't have high speed connection and you work on slower connection like GPRS and dial-ups its hard to learn hacks done over Internet.

Before you proceed create a separate partition for installation of Virtual system, the partition must be at least 15GB in size. First of all download latest version of Oracle's Virtual Box and install it on your system. While installation it'll ask several times about installing various components just press OK for all of them because you'll need them all.
Watch following video tutorial on how to setup and install OS in Virtual System.
Once installation is done virtual box will come up with several pop ups when you'll be using it, please read each pop up because they are your tutorials to master “Virtual System Environment”. Please please please, don't skip any of those pop ups. When your installation will be over you'll see virtual system isn't really working in full screen. To tackle it run virtually installed system click on devices and “Install Guest Additions”. From next time it will run in full screen.

Setting up virtual system is done, now jump up to the next part start your virtual system open web browser of virtual system and download Drop-Box application and sign in to it. Now onwards whenever you'll download any software for hacking paste it into Drop Box default folder, it'll synchronize it with your online storage. After installing and signing up Drop Box download Deep Freeze don't install it now. Shut down your Virtual System and copy virtual hard disk as backup in another folder, start system and install Deep Freeze, before installing it read its online manual so that you should not get problem using it. Now when your Deep Freeze evaluation time expires just delete older hard disk and copy the backup and start over again. This will keep your evaluation copy last forever. If you haven't yet understood what we actually did with virtual box then I should clear we just setup a Virtual LAN for our practice using just a single computer. So you can't now boast you don't have a LAN to practice or a remote host to practice. You can run two virtual systems simultaneously if you have at least 2GB RAM. This not only solves our problem of private LAN to practice but it indirectly also offers you remote host to attack on. Our personal say is don't install virtual system on Windows XP or Vista, get Windows 7 or Server 2008.

Lab setup tutorial is over now go and setup your systm to get started. Please ask if you have got any problems related to setup, if everything is fine please don't forget to convey me. Thanks for reading keep visiting.

Ethical Hacking | An Introduction

Ethical Hacking | An Introduction

Whenever term hacker comes before many people consider it as a guy sitting inside a room or garage with a bottle or beer and a Laptop or Desktop doing wonders on click of buttons. But the reality check is hacking is not that easy as portrayed in movies and television and term hacker doesn't mean a computer criminal.

So here first of all we'll clear all our misconceptions related to words hackers and hacking.

From Where This Word Came:
The word hacking has history in late 1960's, the time when computers were nothing but mighty pieces of machines and a computer just meant a machine that can compute. Electrical and Electronics geeks used to optimize circuits to make any system/circuit work faster, better and reliably. The job they used to do on circuits was known as hack. With time computer geeks also started finding way out to optimize their system to work better so in fact hacking was nothing but always a kind of reverse engineering. With time in professional world a word hacker got meaning, a person who is highly skilled in hardware, software and networking components. Then movies started portraying hackers do only dirty works and hence today the word hacker has a negative face according to people. No matter how the word met to a dreadful end a hacker always had all qualities that was first put forward in its definition may the be criminal or ethical. Criminal hackers are also known as Crackers.

Types Of Hackers:

White Hats: White hat hackers are good guys who use their hacking skills for defensive purposes. Organizations and industries pay them high salaries to protect their systems and networks from intrusion.

Black Hats: Black hats are actually bad guys in filed. Their main job is to breach security and make money. They make money by using their hacking skills for offensive purposes.

Grey Hats: Gray hats are hackers who work for offensive and defensive purposes depending on situations. They are hired by people to intrude and protect systems.

Hactivist: A hacktivist is kinda hacker who thinks hacking can bring out some social changes and hacks government and organizations to show his discomfort over some trivial issues.

Suicide Hackers: Suicide hackers are those who hack for some purpose and even don't bother to suffer long term jail due to their activities. They can be bad as well as good.

Script Kiddie: A script kiddie is a person who boasts breaking system using scripts and codes written by others though he hardly knows what the code does.

Phreak: It is a person who tries to intrude systems for fun or malicious personal activities. Mostly they are children of age 12-15 who don't even know wrong consequences of hacking.

Types Of Hacking:

Local Hacking: This type of hacking is done when a hacker has full access to the system to implant a virus, keylogger and RATs

Remote Hacking: Remote hacking is done on a remote system using Internet.

Social Engineering: Social Engineering is kinda interacting skill that a hacker uses to manipulate people giving out sensitive information. Its kinda trick done using good verbal, social skills and understanding.

Terminologies Used Under Hacking:

Threat: A threat is an environment or situation that could lead to a potential breach of security. Ethical hackers look for and prioritize threats when performing a security analysis.

An Exploit: An exploit is a piece of software that takes advantage of a bug, glitch, or vulnerability, leading to unauthorized access, privilege escalation, or denial of service on a computer system.
Vulnerability: A vulnerability is an existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing bad or damaging instructions to the system. In easy word vulnerability is weakness in system.

Payload: Payload is agent that helps in taking advantage of vulnerability in remote hacking.

Attack: An attack occurs when a system is compromised based on a vulnerability.
Types Of Attack:

1.Operating System Attack
2.Application level Attack
3.Shrink Wrap Code Attack
4.Misconfiguration Attack

Operating system attack is attack done on specific type of OS. Such attack is done using flaws in programs and services shipped with OS. Application level attack is done over faulty coding practices done over software during its development. Shrink Wrap Code attack are attacks done over UN-refined scripts used for making task simpler. Last is misconfiguration attack, it is kinda attack which is done over mis-configured system or a system with default settings.

Work Of An Ethical Hacker:
Job of an ethical hacker is to use all his skills and tools used by malicious hackers to find vulnerabilities in system and then provide it security against those vulnerabilities.

Conclusion: At last what I want to tell, nothing happens in clicks of buttons. A hacker is highly skilled person in field of computing who usually have ample knowledge about software, hardware, OS, networking and programming. A hacker may it be criminal or ethical has immense patience, determination, organization, discipline and persistence. An attacker may spend months of time planning, analyzing and executing an attack. This shows his level of dedication to achieve whatever goal he/she has set. A person can never become a good hacker unless he have all above qualities.

Note: Now onwards we will cover hacking as our main stream topic on this blog. Real hacking is never done over lamers who hardly knows about security, it is done over a person who is highly skilled as you are. You can never learn hacking until you do some practical and gain knowledge about field so now onwards I urge you to perform practicals that will be now posted on this blog on your own system. Next no tutorial will be taken as a lamer so they will be in possible higher details, so this may happen that you may not understand something. Rather than keeping yourself mum I plea you to please ask whenever you encounter a problem or get bothered by topic. Whenever I 'll post on hacking I 'll try to keep a theoretical and one practical tutorial, you are requested to read both and grasp matter completely. Thanks for visiting and please tell are you clear with all points discussed or need some explanation on your difficulty.

Free Ethical Hacking Training

Free Ethical Hacking Training

Hi guys after I posted third part to (The RAT Remote Access Tool) I got nearly half dozen mails by visitors about starting a “Free Ethical Hacking Training” on my blog. I have no issues starting “Free Ethical Hacking” tutorials on my blog but surely when I mean Ethical Hacking it does not mean giving links for cracked software. When I mean Ethical Hacking I mean it as a professional training.
If you are really interested then show some support to this post via your comments or we'll continue as before taking lame tutorials as most of the sites take. I gonna cover all things from what is hacker, types of hacker, concept of elite hacker, real steps involved in hacking and patching up system, windows + LINUX hacking and prevention, remote hacking, vulnerability assessment, penetration testing etc, that means everything professional if you are really interested. And don't bother about tools because most of the tools used for hacking are Open Source that means they are free and I guarantee you'll not have to shed a penny on purchasing any of the tool because free alternatives also work fine. As our reader if you are ready to support I am ready to turn this blog into “Free Ethical Hacking Blog”. So please put your opinion. Please comment and thanks for visiting.

The RAT (Remote Administration Tool)

The RAT (Remote Administration Tool)

Finally we covered fourth and last part to Remote Administration Toll. Following are the post and what we covered in it. Please feel free to read them again if you were unable to understand anything and still if you have any difficulty you can surely ask using comment box.

The RAT (Remote Administration Tool): In this chapter we covered how we can build a RAT using RAT client cerberus.

The RAT (Remote Administration Tool)-2: In this post we discussed how an attacker manages to hide his RAT server in your PC in spite of strong and powerful Anti-Virus and malware detection suite.

The RAT (Remote Administration Tool)-3: Here we discussed how we can manually detect presence of RAT in system if Anti-Virus fails to detect it

The RAT (Remote Administration Tool)-4: This is last part here we covered how to take precautionary steps for keeping yourself safe from attacker's tricks to fool you execute RAT server.

The RAT (Remote Administration Tool)-4

The RAT (Remote Administration Tool)-4

Prevention Against A RAT Attack

Now we are to the last part of RAT Remote Access Tool. Up till now we have covered how a RAT is created, how attackers manage to hide presence of RAT in victim's PC and how we can manually detect and take action against presence of RAT if our Anti-Virus Program or Security suite fails to detect it. Now in this part we'll learn how we can prevent ourselves from getting caught by a RAT attack.

As told in RAT-2 attacker does some process to hide detection of RAT from Anti-Virus program but you are not fool to click on any suspected file unnecessarily. So most of the time an attacker uses Trojan vector to execute his RAT server on victim. There can be many method an attacker can use to hide his malicious code in some kinda media that can transfer it to victim, such media is known as vector. A vector is responsible for spreading of viruses worms and RATs.

A vector may be a simple image file, executable file, media file or even a website. So now lets have our look on each one by one.

Vector Image File: As stated earlier a RAT file might be very very small in size of 100kbs-200kbs only. But as we are now prone to high definition image files only whose resolution usually remains above 1800x1600 with possible better color depth making it 1MB – 3MB in size. They can store 100-200kbs information in them very easily. If an attacker want to execute RAT from vector image it appends RAT to end of Image file thus when you click on image, image opens without any problem but also invokes appended executable ultimately infecting victim's computer. The appending is usually done via a software providing binary addition of files without change in their integrity. Now what is binary addition method to add files and how it works is beyond scope of this post. Now this kinda images are distributed by attackers using torrents and by spamming. Have you ever found an e-mail in your inbox with “Nude Pics Of Aishwarya Rai For Free(HD)”, “Katrina Kaif Nude Pics Revealed(HD)”. Now fact number one any how you always know that pics does not really exists and fact number two even if it exist then they are fake pics created using Photo editing tools like Adobe Photoshop or Gimp. Then why to make yourself eager unnecessarily. Keep yourself away from such things, these are tricks by attackers to download those high quality fake images in which they have hidden their dirty stuff.

Executable File: Many RAT clients by default offer you adding a legitimate executable file with their server code so that once the victim runs legitimate file he/she gets infected. These files are usually spread using torrents and Dark Warez sites. Dark Warez sites are those where a software is provided with its key-gen or crack executable, they are also known as pirate sites. Attackers usually bind their files in keygens and crack executable s, I think I don't need to mention this, because if you have ever downloaded any file from such kinda site your anti-Virus might have got in form. Most people disable Anti-Virus thinking its false alarm but Anti-Virus makers are not fools to give you a false alarm on every such file downloaded from Dark Warez site. They are actually malicious and hence we find most of our college computers are always infected with malware.

Media: Media files like audio and video both can contain malcious code and wrapping against them a RAT file can never get detected since we hardly find any reduction and compromise in quality of media. People who always stay online for movies and music usually become prey to such infected media files. A better defense is always keep your media players and flash player to newest version.

Websites: Now a days many web technologies allow a web page to execute Active X contents on the visitor's PC via browser. Browsers are per-configured to run scripts and scripting languages responsible
for execution of these Active X elements. Sites which support Java drive by and flash scripts are more likely to put you in trouble. That's the reason why most of the time I advise to avoid flash contents on your blog because they can be exploited very easily. To avoid getting infected from websites which run malicious codes on your PC always keep your eyes on notification and keep pop-up blocker on and use some good Internet security suite.

I hope we covered nearly everything related to RAT one by one. I hope I kept things pretty understandable and detailed so that you can grasp them easily. Tell us what extra you desire to know from us regarding this topic. Please don't forget to tell me are all those parts falls to your expected mark or not. Thank you, keep visiting and please convey me what are your opinion on all RAT related topics we discussed so far.

The RAT (Remote Administration Tool)-3

The RAT (Remote Administration Tool)-3

Counter And Defense Against RAT Attack

Welcome to the third part of The RAT tutorial and I am extremely sorry you have to wait a little more so see this article coming up. By the way in this section we ll make ourselves aware how we can counter and create a defense against RAT attack. Dear visitor if you are reading this post without reading its previous parts then I urge you to please read,

before you read this.

So as seen before RAT may use any unknown port to communicate with attacker and the best defense against any process communicating using unknown port is firewall. There are various commercial firewalls available but here are few good free firewalls that can even lead a commercial firewall bow down to its feet. Following are few good free firewall programs on basis of their ranking by customers,

1.Online Armour
2.Zone Alarm
3.Comodo Firewall
4.Private Firewall

People consider Online Armour as one of the toughest free firewall available, by the way I prefer Comodo Firewall. Comodo firewall also shows you process which are communicating, port numbers via which they are communicating and full path of process invoking executable file, here's a view of how Comodo shows you process.
Now as we discussed in RAT-2 a RAT becomes fully undetectable if he/she applies any process discussed in previous RAT post. That means if your anti-virus fails to detect it, following can be symptoms that can appear on your system which can help you identify its presence,

1.Disable Of Task Manager and Disable Of Folder Option
2.Sudden Opening And Closing Of CD/DVD-ROM
3.Blue Screen Of Death or Just Blue Screen
4.High Bandwidth Consumption
5.Sudden Open Of Web Pages
6.Pop Ups
7.Change Of Wallpaper
8.Disappear Of Mouse Arrow, Start Button and Task Manager

If you find any of the above things happening on your PC its time to manually check your system for RAT. But as I told you before RAT server may hide in known processes or may even use only known ports to communicate with attacker so detection would not be easy. Here we'll learn step by step approach how you can manually detect its presence.

As told earlier a RAT can hide it self in process space of another process like explorer.exe, iexplorer.exe, scvhost.exe, services.exe. Open your firewall and check out if explorer.exe or services.exe are communicating with remote host. If yes then you are infected because these processes never communicate with any remote host. Now the process that communicate are svchost.exe and iexplorer.exe.

To find out whether iexplorer.exe is communicating with remote host as client to installed RAT server close Internet Explorer, wait for 5-6 seconds and see if its communicating then you are infected. Now if attacker has configured to close connection as soon as Internet Explorer(IE) closes you will not be able to detect its presence in firewall, in this case you have to keep yourself prepared by watching how much memory IE takes while opening leave IE like that and open “Task Manager” by typing taskmgr.exe in RUN window. Keep your eye on memory consumption(not CPU consumption) of IE if it fluctuates even after 1 minute then you can be sure you are 100% infected.

What if attacker decides to hide process in scvhost.exe? In this case open firewall and watch for ports with which svchost.exe is communicating. Make sure port numbers should be 53 or 443 on remote host in listening mode only, if not then you are infected. Now if attacker has planted port number 53 or 443 in RAT for communication with svchost.exe then how you gonna detect. Now here you'll need a little technical brain, a scvhost.exe process runs in three modes,

System Mode: Which never communicates with internet
Local Mode: Which never communicates with internet
Network Mode: Which communicates with internet.

All three modes run as different processes with different process IDs. Now the Network Mode scvhost.exe runs as network service, so open taskmgr.exe and locate scvhost.exe where username is Network Service now note process ID, disconnect from network and wait for 1-5 minute monitoring that process memory consumption. You have to wait for 5 minutes just because even after disconnecting scvhost.exe does not settle down network and hence memory usage appears fluctuating for long time. Once memory usage becomes stable then wait for sometime and monitor it for memory usage fluctuation, it should not be above 2 MBs.

Now above were manual method to identify presence of RAT in your system if your Anti-Virus and even malware detection software fails to detect RAT. So far as my view is concerned Norton, Avast Professional, Avira and AVG professional are best Security Suites available to tackle all kind of software based threats and malware. And if you use your system for critical purposes then you are the fellow who is in very much need of “Black Ice Defender”. It is awesome piece of code written specially to avoid any kind of intrusion on your system.
Now I know above article is real damn technical since I provided with details that hardly anyone could provide, please feel free to ask questions if something got very tough. In next part we'll cover what are precautionary steps towards a RAT attack till then have a nice time, keep visiting and don't forget to tell us your view about third topic to RAT Remote Access Tool series.

Creating Comments To Increase Your Visitors

Creating Comments To Increase Your Visitors

As we left some points to cover in our previous post Why People May Stop Visiting Your Blog, I thought rather than writing this as its second part better mold article for commenting for visitors. I am sorry since most of you might be in hope that I 'll post next part to The RAT. But I know if you are blogger you'll be definitely interested in knowing how comments can help you increase visitors. But before you read further I want to aware you this post will be very long, if you are really interested in increasing your visitors then please read all points else stop reading because reading half will not prove beneficial. Most of you might be already knowing influential comments work better to get new visitors but how much you can guarantee your comments are read by others. Practically very few people read your comments and even if they got influenced by your comment from where the hell they gonna know you have a blog or not. So lets move on we have several points to cover, you'll find answer to above question below.

Good Comments And Comment System: As a reader any person would like to see his/her comment appear very first on any post, so set your comment system to show newer posts first. So the most recent comment will appear very first and it'll make your commenter happy. Next remove limitations like log ins and sign ups to comment, asking for sign up or log-ins means go back my visitor and never return and once you said that why he/she will return. Have a look how on following image, it'll definitely show you how an ideal commenting platform appears,
If you are using blogger, go to comments settings and enable anonymous comment. And while commenting bloggers should use “Name/URL” option to comment not any other type. And even though you have used “Name/URL” option explicitly mention link to your blog at bottom like this,

<a href= “Link to your latest post/blog”>Recent post name/blog title</a>

because this is the step that'll create wonders for you.
Find An Influential Commenter To Reply: If you found there is any person who had given an awesome reply and surely people might be getting attracted to read him/her. Take little time and apply your brain to reply him with killing comment that should drop down the comment he/she had put forward. This ll definitely bring you all those visitors that will be attracted to him/her to you, please don't bother about you are wrong or not because if you are then definitely you'll be proven wrong but don't mind because proving wrong will be giving you visitors. I don't think that's a big deal.

Sometimes Its Better To Stay Controversial: When you read any controversial post you must also comment controversially rather than “I have no words to say”, “I disagree” etc. that doesn't put any impact. A better commenting person is that who replies according to post and not as formality.

Be Honest: Always be honest with the person who you read, don't read comments of others and reply something same like them to show of you actually read him/her. Read his/her post then reply, the person does same hard work as you do to write that post and no matter that post goes good or bad its better to read them, reply with bad comment (doesn't mean offensive) but read it completely.

Make Your Own URL Easy To Remember: You might be knowing since every blog platform appends its own name with your blog URL and due to which your blog URL becomes damn big. Using URL shortening services like come handy here. People remember you blog title than URL, use this to create short URL using remains common to all what changes are letters after / . This is title of my blog,

and this is shortened URL

Advantage of this is your visitor when want to visit you will not have to type that big URL and next while leaving link in comment you will reduce chances of typing wrong URL. Next you can append it again to generate links to your blog posts. Here's an example how, I have written an article “Save Your Facebook Account” now have a look on its URL its damn big, by the way this another URL works fine and same as URL of above one,
And also describes contents of your post, in this URL dolod means “DAYS OF LIFE OF DEVIL” and facebook means “Save Your Facebook Account”. This will not only help you remember links to your own posts while commenting but will also aid your visitors to directly jump to the required post by shortened URL.

Comment On All Kind Of Blog: As a blogger the thing that I have learned is that a blogger only learns and tells others what he/she has learned. So it's better not to limit your learning by visiting same kinda blog as you have, such things can never give you loyal visitors. Try to read everyone and increase your knowledge and keep yourself updated with time technology, news, views, analysis and new visitors.

In Your Comment Indirectly State What You Want: Bloggers always remain eager to know what his/her visitor like most from him/her in his/her post. Don't tell this directly, here's an example, “I was hoping you'll post an article on __________ software”. And try to find out how many can reply you. This will not only make the blogger happy but will also make an opportunity to get your repliers as your visitors.

You Have Something Same: If you find the blogger you visit regularly has written an article which is somewhat similar to some post on your blog, state it there in your comment. Then you'll find that there are some people who have habit to compare will surely jump to your blog to compare, thus you'll earn extra visitors. (This condition applies only if your post is not inferior to the post in which you will leave comment).

Use Commenting Platform: There are several external platforms available like disqus and intensedebate for comments. Use them than your default comment system if possible. Reason, if you have seen a blogger/wordpress comment system. You'll find complete page reloads after you press submit. This is what people with slower connection will never accept, you'll loose them just because while commenting complete page reloads and that is what they can't afford on slower connection. External commenting platforms eliminate this problem, only comment platform reloads not the complete page, also they offer you e-mail delivery when someone leaves you a comment. So create an e-mail filter and pull all your comments in some comment folder. Please read further to know how this can prove beneficial.(Please note that keep syn option enabled in your comment platform account)

Selecting A Right Time To Comment: Right time to leave comment on someone's blog is when you have posted a new post on your blog. Yes, its the right time. Here your comment folder will come to play. Open this folder when you post something new on your blog, then one by one read and reply everyone, visit their blog if they have left a link comment there come back and repeat whole procedure until you are done. Then select all mails in that folder and press delete.

I hope I have covered almost all points that will not only help you get more visitors but will also help making commenting procedure easy. If you think we left something or you don't agree with something I will be quite happy to know about that. Tell me whether you agree or not. You can leave a link to “Why People May Stop Visiting Your Blog” and to this post on your blog for your readers. Thanks for visiting have a nice time and don't forget to tell us what you feel about above post.

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security