hey hey hey.. PLz dont get excited ….this isn’t real hacking..hacking is no kids job.
BUT what i am going to tell u is pretty interesting. Just open any web page be it google or be it this Blog or may be ur BLog . Enter the code written below in ur address bar and hit enter and ur web is ready to be edited.
javascript:document.body.contentEditable=’true’; document.designMode=’on’; void 0
IMP : just change the sign ‘ by again typing the same sign from ur keyboard
wordpress changes the sign automaticaly so if u want the trick to work.. just change it
Edit the Page as u like … Enjoy
HACKING
Orkut A KIDS JOB NOW .. yes it is..
Feeling safe every time u open orkut account ,let me tell u clearly orkut isn’t safe now a days as the no. of hacking cases are just going berserk.Even a kid can hack ur account as the hacking is no longer an enigma ,with loads of communities to ready teach you hacking.
Most hackers (i guess, all of them) use the techniue called “PHISHING”. This means somewhat same as fishing . In this type people usually get hack ur account (get ur passwords or cookies) by instigating you to do a mistake (means unless u take the bait u are safe) .This clearly suggests hacking can be avoided by being more cautious.
Well,You must be wondering if i am nuts , hacking is no kids job!! yes It is!!!. now a days u can expect a kid too to hack orkut.Orkut hacking needs no Pre requisites of any kind, u dont need to be programmer nor a certified ethical hacker. All u need to have is orkut account and u are ready to hack.. yes!! this is todays situation. Every thing is available for the purpose ,all u need is to implement those things. In short if i can hack an account without any knowledge then u can too…But the main aim of my post is not to teach u hacking or to make u guys hackers but to make u aware so that u can prevent any loss to ur accoount.
It all started when one night i got a scrap stating ” ur account has been hacked ” when i replied arrogantly he asked me to check my communties and when i checked there were some communties which i had never joined it was that time when the word hack sank into my brain. Fortunately the hacker claimed to be an ethical hacker so dint harm my account and just asked me to change my password.
But it may not be the case for every one of you .Your hacker may not be a good hearted soul like the one i confronted .So the best way to avoid getting hacked is to have sufficient knowledge about it..that’s what i did .. I asked the guy who hacked my account to teach me but he dint .and when he insisted he asked his friend to teach me .that guy just gave me the link of a community where hacking was being taught in public . It was quite interesting and actually i found myself so involved that i was just reserching for hacking for the whole day. I was somewhat getting used to the word hacking in orkut. And even managed to hack one my friends account .But that was the first and the last one i tried.
Without deviating away from topic let me mention u abt some of the main techniques people use .. first one ,the most easiest one is a fake login page which exactly looks like an orkut page , people (hackers) persuade u too enter orkut through the fake login page..the page instead of opening to orkut sends ur login ID and password to the hackers mail ID. Isn’t that a peice of cake for the hacker ?? infact ,i hacked my friends account through this method only . Second one and the most widely used is the java script technique . here hacker uses some java scripts .He asks u to enter this script in the address area and tell u that it would increase ur fans list ,or some people call it ” earthquake script”, “see the magic”.Greedy fools like me can easily fall for this . this script once used sends ur cookies of orkut to the hacker and he can access ur account without ur password.Well doesn’t it sound too easy. yes , it is..!! This is the method which most of the people use.
Here are the steps to avoid ur account from being hacked
• Never open orkut through any other pages other than orkut no matter who gives it.
• Dont keep ur password to easy to be guessed.
• Though some scripts can be usefull like scrap book flooder and font javascript,use them carefully some of them may be hackers script.
• If u feel that the script used may be hackers one change the password immediatly.
The main Gist of my post is that people should be aware of whats happening around there may be few more tricks on the way but the best way to elude that is to get to know more abt hacking so if u are a orkut user check out those communties which teach hacking ..Once u know about it u would be more cautious abt it.. Ironically there are even communities which teach google and yahoo hacing..and sardonically there are lot of softwares which adds to ur trouble creating trojans and viruses .
HOPE the post gave u some light to elude hacking.
So be cautious and happy orkutting.. !!
REAL HACK TO ANY WEBSITE:
I want to worry you.
I want to show you just one way that hackers can get in to your website and mess it up, using a technique called SQL Injection. And then I'll show you how to fix it. This article touches on some technical topics, but I'll try to keep things as simple as possible. There are a few very short code examples written in PHP and SQL. These are for the techies, but you don't have to fully understand the examples to be able to follow what is going on. Please also note that the examples used are extremely simple, and Real Hackers™ will use many variations on the examples listed.
If your website doesn't use a database, you can relax a bit; this article doesn't apply to your site — although you might find it interesting anyway. If your site does use a database, and has an administrator login who has rights to update the site, or indeed any forms which can be used to submit content to the site — even a comment form — read on.
Warning
This article will show you how you can hack in to vulnerable websites, and to check your own website for one specific vulnerability. It's OK to play around with this on your own site (but be careful!) but do not be tempted to try it out on a site you do not own. If the site is properly managed, an attempt to log in using this or similar methods will be detected and you might find yourself facing charges under the computer misuse act. Penalties under this act are severe, including heavy fines or even imprisonment.
What is SQL Injection?
SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site's SQL to gain access to confidential information or to change or delete the data that keeps your website running. I'm going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator - even if he doesn't know the password.
Is your site vulnerable?
If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.
In the password field, type or paste this:
x' or 'a' = 'a
If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative:
x' or 1=1--
Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up.
If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and "skript kiddies" know all this stuff; your web techs need to know it too.
The technical stuff
If you were able to log in, then the code which generates the SQL for the login looks something like this:
$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";
When you log in normally, let's say using userid admin and password secret, what happens is the admin is put in place of
$username
and secret is put in place of
$password
. The SQL that is generated then looks like this:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'secret'
But when you enter
x' or 'a' = 'a
as the password, the SQL which is generated looks like this:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a'
Notice that the string:
x' or 'a' = 'a
has injected an extra phrase into the WHERE clause:
or 'a' = 'a'
. This means that the WHERE is always true, and so this query will return a row contain the user's details.
If there is only a single user defined in the database, then that user's details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random. If you are lucky, it will be a user without administration rights (although it might be a user who has paid to access the site). Do you feel lucky?
How to defend against this type of attack
Fixing this security hole isn't difficult. There are several ways to do it. If you are using MySQL, for example, the simplest method is to escape the username and password, using the mysql_escape_string() or mysql_real_escape_string() functions, e.g.:
$userid = mysql_real_escape_string($userid);
$password = mysql_real_escape_string($password);
$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";
Now when the SQL is built, it will come out as:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x\' or \'a\' = \'a'
Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause.
This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in - not just data that is being used for login.
There's more
This has just been a brief overview. There are many more hacking techniques than SQL Injection; there are many more things that can be done just using SQL Injection. It is possible to directly change data, get access to confidential information, even delete your whole database — irrespective of whether the hacker can actually log in — if your website isn't set up correctly.
If you are hungry for more, this detailed article from SecuriTeam explains other techiques hackers might use, as well as some of the methods hackers use to work out the structure of your database, the userid of the admin user, gain access to your system's configuration, etc
HACK WIRELESS LAN:
Watch hack wireless lan tutorials to learn all about how to hack wireless lan with this collection of free how to videos, like Hack wireless networks with AirPwn, Hack a weak WPA wireless network, and Hack a wireless or wifi network with DeAuth.
HACK YAHOO,GMAIL,HOTMAIL:
1. Open the website of HotMail or GMail or YahooMail, its your wish. If you want to HACK yahoo id, then goto www.yahoomail.com
2. Now press “CTRL+U”, you will get the source code of yahoo page. NOw press “CTRL+A” copy all the text.
3. Open NOTEPAD, now paste it here. SAVE it as YAHOOFAKE.HTML
4. Now open the the file yahoofake.html using noepad, here you ll find a code which starts with
( This code is for Yahoo. For any other site this code will be different but you need to find the code starting with (form method=”post” action=”xxxxxxxxxxxxx”))
5. Now in place of (form method=”post” action=”xxxxxxxxxxxxx”)
put the following code after placing your form id:
Now Save the yahoofake.html.
To hack the victim’s password and username the victim has to login through this page. Many people had sent me queries about how to make someone login through your link in the previous version. I have the solution for that also.
First of all upload your page using some free webhosting services. Tip: Register to those webhost which don’t give their own ads and which gives URL of type “your site name.webhost.com”.
Now select your site name as mail.yahoo.com/support. You can also add some rubbish numbers and make is very long so that the victim does not see the name of webhost in the link.
Now send a fake mail from support_yahoo@yahoo.com to the victim’s email address with subject ” Account Frozen” and in the mail write that Due to some technical errors in yahoo we need you to login through this link otherwise your account will be frozen.
After reading this your victim will click and login through the page you created and as you have give the redirection URL as the URL of the site itself so it will goto the login page again and the victim will think that he might have given wrong password so the page came again but in reallity the username and password has been sent to your email account you specified and the victim is still not knowing that his account is hacked.
