Hacker (computer security)

From Wikipedia, the free encyclopedia.

Anonymous-Philippines

from:interaksyon.com

Pages

Thursday, April 25, 2013

Hacker (computer security)



In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.[1] The subculture that has evolved around hackers is often referred to as the computer underground and is now a known community.[2] While other uses of the word hacker exist that are not related to computer security, such as referring to someone with an advanced understanding of computers and computer networks, they are rarely used in mainstream context.[citation needed]They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker,[3] not making a difference between computer criminals (black hats) and computer security experts (white hats).[4] Some white hat hackers claim that they also deserve the title hacker, and that only black hats should be called crackers.

Hacking a website using SQL injection


Hacking a website using SQL injection:Full method with Pics
Now Lets start---->
Things you will need -->
1. Havij SQL injection Tool, download it from here(Run as Administrator)
2. A sql vunerable site, I am taking this site http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2 as an example.
3. A very important thing i.e mind.
Checking for sql vulnerability --->
Here i am taking http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2 as an example. 
Now to check is this site vulnerable to sql, I will simply add ' after the site url
like this http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2'
and i get this error on the site
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
It means that site is vulnerable to sql injection.
Exploiting the vulnerable site ---> 
1. Open Havij and paste site url in target field and hit enter.
2. Now wait for Havij to get all the databases of the website.
3. Now click on available databse of site and click on Get Tables like i am gonna select 535480_toyonorte of my site like in image
 .



4. By clicking Get Tables Havij will look after the tables available in the database.
5. Now after the scanning Havij will get all tables, now the main work start , you have to check it there table available named as admin, users and something similar to these words like i get usuario in my website and select it and click on Get Columns. Like in pic given below.




6. Now after clicking Get Columns havij will get all the columns available in users table.
7. In my case i found diffrent columns like id, login, pass an many more.
8. Now select the columns and click on Get Data like in pic given below.





9. Now havij will look after the data available in columns login and password i.e admin username and passowrd like i get 
username --> adminpassword--> 21232f297a57a5a743894a0e4a801fc3 (in encrypted form)
Like in image below





10. Now after i get username and password there is a problem that passowrd i s encrypted in mdm language , so we have to crack it .
11. To crack encrypted password just copy password click on MD5 tab in havij and paste the encrypted password in MD5 hash field and hit start.Now havij will try to crack the password. Like i cracked in image given below.





12. Now i get Password cracked as admin.
13. Now we will check for admin panel where we gonna login with username and passoword.
14. To find admin panel click Find Admin tab in Havij and click start. Now havij  will check the admin panel of website.
In my case i found http://toyonorte.com.co/admin/ as admin panel, now open it in a web browser and login with username and password and now you are in admin panel.
Notes--->
1. Website hacking is illegal
2. Use proxy, tor, vpn for your security.
3. This is for only educational purpose.


[TOOL]SQLSentinel:SQL Injection Vulnerability Scanner



[TOOL]SQLSentinel:SQL Injection Vulnerability Scanner
Hey friends this is D@rk TruTH. Sorry for posting very late i was busy in my studies because my exams are coming.
Today I am bringing a new SQL injection hunter tool named SQLSentinel.
What is SQLSentinel -->
This tool is very good if u want to test a site vulnerable to SQL injection.
This tool use crawling function first found out links like index.php?id= and then check that these links are vulnerable or not.
It only found out vulnerabilities, but not hack it.

Usage of tool --->
1. First download it from Here

2. Open .zip file and click on sqlsentinel.jar and it will open but make sure you have installed java.

3. After opening it add website url in Url box and click Start.
4. If it found some vulnerabilities then it will show you in Working logs text box like i get some in image given below.





5. Use Havij or any other SQL injection tool to hack website.

Note:-->
Only for educational purpose. 



How to Become a Hacker



What does it take to become a hacker? 

Becoming a great hacker isn’t easy and it doesn’t happen quickly. Being creative helps a lot. There is more than one way a problem can be solved, and as a hacker you encounter many problems. The more creative you are the bigger chance you have of hacking a system without being detected. Another huge 8
quality you must have is the will to learn because without it, you will get nowhere. Remember, Knowledge is power. Patience is also a must because many topics can be difficult to grasp and only over time will you master them.



Do I Really Need It?

You might be asking yourself, do I even need to learn a programming language? The answer to that is both yes and no. It all depends on what your goals are. Nowadays, with all the point and click programs out there, you can be a fairly good ethical hacker without knowing any programming. You can do some effective hacking if you understand all of the security tools very well. Even if you understand what’s going on in the background of these programs, most people will still classify you as a script kiddie. Personally I think you should learn some programming. Even if it’s the very basics, it’ll give you a much better understanding of what’s going on. Also, once you learn how to program well, you’ll be able to develop your own exploits, which is great in many ways:
1. You’ll be considered an elite hacker.
2. Imagine a black hat discovers a vulnerability and codes an exploit for it that no one else knows about. The black hat would be able to take down thousands of machines before anyone discovers and patches the vulnerability.
3. You will feel so much more satisfied having created your own program or exploit. I promise you this.

So my advice is, don’t settle for being a point and click hacker. Take some time to understand even just the basics of programming and an entire new world of hacking will open up to you.

Where should I start?

Many people finally decide that they are going to begin learning a programming language, but don’t know where to start. I believe that before you begin to learn a programming language, you should first master HTML (HyperText Markup Language). HTML is part of what makes up all of the website pages you see on the internet. HTML is very easy to learn and it’ll get you used to looking at source code. 11
From there I would suggest starting your programming life with C. C is one of the most popular languages, and it is what makes up the majority of the exploits out there today. C also makes up some of the most powerful hacking programs and viruses that are out there today.

Best way to learn

So how should I go about learning the programming language of my choice?
1. Purchase a beginners book on your programming language. Before you choose the book, make sure you read the reviews to make sure it’s a good choice.
2. It is important that once you begin learning the programming language through your book, you don’t take big breaks. Taking long breaks will cause you to forget things you learned in the beginning that apply to the rest of the book.
3. Do ALL of the practice problems provided in the book. The only way you will become better is by applying what you learn.
4. When something difficult comes up or something that makes no sense to you, don’t avoid or skip it. Instead embrace it! This is how you actually learn. If you still don’t understand it after going over it multiple times, find someone that can help you.
5. Join a programming forum. Search for a website on your programming language that has a large user base. There will be many professionals on there that will be able to help you when you get stuck.
6. Practice. Practice Practice. Think of ideas for fun programs that you could make and program them!

Types of Hacker




Types of Hacker

A white hat hacker is a computer and network expert who attacks a security system on behalf of its owners or as a hobby, seeking vulnerabilities that a malicious hacker could exploit. Instead of taking malicious advantage of exploits, a white hat hacker notifies the system’s owners to fix the breach before it is can be taken advantage of.

A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. A black hat will maintain knowledge of the vulnerabilities and exploits they find for a private advantage, not revealing them to the public or the manufacturer for correction.

A gray hat is a skilled hacker who sometimes will act legally and other times may not. They are a cross between white hat and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.

Which one are you? 

What are crackers and hackers?




What are crackers and hackers? 

A cracker (also known as a black hat hacker) is an individual with extensive computer knowledge whose purpose 

Is to breach or bypass internet security or gain access to software without paying royalties. The general view is that, while hackers build things, crackers break things. Cracker is the name given to hackers who break into computers for criminal gain; whereas, hackers can also be internet security experts hired to find vulnerabilities in systems. These hackers are also known as white hat hackers. Crackers’ motivations can range from profit, a cause they believe in, general maliciousness or just because they like the challenge. They may steal credit card numbers, leave viruses, destroy files or collect personal information to sell. 

Crackers can also refer to those who reverse engineer software and modify it for their own amusement. The most common way crackers gain access to networks or systems is through social engineering, whereby the cracker contacts employees at a company and tricks them into divulging passwords and other information that allows a cracker to gain access.

B.S.I.T



IT 11 – Information Technology Fundamentals
This course introduces the students to what information technology is, it’s different areas (Computer Programming, Networking, Multimedia Design, Database management Systems, Systems Administration, Project Management) and will help them think and analyze computer hardware and software problems and Development logically
It also discusses the awareness and significance of Information Technology, Understanding the different areas of information technology and acquiring ideas on the different areas of information technology.

IT 12 – Computer Application 1
The primary objective of this course is to illustrate the intermediate level features of windows, word processing, database, spreadsheet, email and contacts (Outlook) and presentation software. Basic Internet usage will also be presented. Throughout the course, business simulations will be used to enhance key concepts of each application. This course will utilize Microsoft Office 2007 software.

IT 13 – Computer Programming 1 – Java
Introduction to Programming 1 teaches students to program using the Java programming language with the help of the Netbeans Integrated Development Environment. As an introduction, this course gives students an overview of the different components of the computer, different number systems and its conversions and Problem-solving strategies.

IT 14 – Computer Programming 2–Advanced Java
Introduction to Programming 2 provides a more detailed discussion of the different object-oriented programming concepts including classes, inheritance and polymorphism. Event-handling, exception handling and API programming are also taught to the students in this course. The students will learn about advanced programming techniques such as recursion and abstract data types (stacks, queues and linked structures) as well.
IT 15 – Fundamentals of Internet Application HTML & Java Script
This course formally introduces students to learn the most important   topics of HTML, including creating an HTML document, viewing an HTML file in a web browser, working with tag text element, including heading, paragraphs and lists, inserting special characters, lines & graphics; creating hyperlinks text links, working with colons, and images; creating text and graphical tables, using tables to enhance page design, creating and working with frames; controlling the behavior of hyperlinks on page frames; creating an on-line forms.

IT 16 – Computer Organization
This course will orient the student about the different peripherals used in the computer system, the student will learn how to disassemble and assemble a computer from computer 486 to a latest model and install different operating system and application software.
This course provides an overview of the architecture and organization of a computer, how it is built. It includes a discussion of the CPU, memory, I/O organization and peripherals.

IT 17 – Networking Management
This course will orient the student about the different peripherals used in the computer system, the student will learn how to disassemble and assemble a computer from computer 486 to a latest model and install different operating system and application software.
This course provides an overview of the architecture and organization of a computer, how it is built. It includes a discussion of the CPU, memory, I/O organization and peripherals.

IT 18 – Object Oriented Programming 1 (VB.NET)
The Computer Programming 4 course introduces the students to Visual Basic Application Development with Database Connectivity using ADODB component. This course prepares the students for more advanced programming in Database Management with the use SQL Programming. This course also prepares the students to high-level programming such as Advance Microsoft VB.NET with RDLC and Crystal Reporting.
This course provides the students with the fundamental understanding of object-oriented programming using Java. It introduces the different concepts that are commonly associated with object programming.

IT 19 – Discrete Structures
This course covered the mathematical topics most directly related to computer science. Topics included: logic, relations, functions, basic set theory, countability and counting arguments, proof techniques, mathematical induction, graph theory, combinatorics, discrete probability, recursion, recurrence relations, and number theory. Emphasis will be placed on providing a context for the application of the mathematics within computer science. The analysis of algorithms requires the ability to count the number of operations in an algorithm.

IT 20 – Quality Consciousness and Habits with Personal Development
The Information Systems professional will be expected to contribute to business growth and organizational efficiency by knowing enough about the business to decide how computers may help, and knowing enough about computers to decide what potential improvements in business processes can be achieved. Increasingly, organizations are realizing that they need IS professionals who possess business and management ability alongside their specialist IT knowledge. All managers must appreciate the organization’s mission, strategy and objectives, be aware of how the business works, and be able to manage effectively and influence decision makers in order to achieve the organization’s aims. And be aware on What happening in the world of Information technology Today

IT 21 – Operating Systems Applications
This course will orient the student about the different peripherals used in the computer system, the student will learn how to disassemble and assemble a computer from computer 486 to a latest model and install different software. Identify the different peripheral of a computer system, Enhance knowledge in hardware servicing and practice, Basic troubleshooting of hardware and software issues. Installation of hardware and software.
This course provides an introduction to the concepts, theories and components that serve as the bases for the design of classical and modern operating systems. Topics include process and memory management, process synchronization and deadlocks.

IT 22 – Object Oriented Programming 2 (Adv. VB.NET)
The Object oriented Programming course introduces the students to Visual Basic Application Development with Database Connectivity using OLEDB component. This will also cover Advance Reporting Technology using .NET Reports and Crystal Reports.

IT 23 – Computer Programming 3 Visual Fox Pro 9
Visual Fox Pro is a database management system (DBMS) that adheres to the two program design paradigm- the Structured Programming and Object-Oriented Programming (OOP). With these two paradigms, we can design and develop powerful and flexible business application systems such as Point-of-Sale (POS) systems, Inventory Control System, Enrollment System, Payroll System, Shipping Reservation System, Hotel Reservation System, Hospital Billing System, and much more to mention, that involves manipulating stored data in tables or tables. We can accomplish these data records manipulation using the older style of searching data through locate and seek command and using relational database management system (RDBMS) standard in data records manipulation : the Structured Query Language( SQL) through select and its related commands.

IT 24 – Database Management System 1
This course acquires a wide understanding on Applications and their Capabilities. Students become aware of the significance of Database Application. They will be familiarize themselves with Different Lingo, Roles, and Environment Structure of the DAO and ADODC Components, define the properties of DAO and ADODC Components, and learn how to manipulate (modify, delete, and add records) the database.

IT 25 – Graphic Design
This course provides advance knowledge on Graphic Design, Photography and Photo Editing, Video Editing and Subtitling, and Desktop Publishing using Corel Draw, Photo Paint, Photo Shop and Magix application.

IT 26 – Systems Analysis Design
This course teaches the application of software engineering techniques in the information system life cycle. There is an emphasis on project management and formal analysis, design, implementation and evaluation techniques. Use of various software engineering analysis and design tools and techniques are covered: information gathering for defining system requirements, entity-relationship diagrams, data flow diagrams, data dictionaries, and prototyping. The course will also present current topics, such as extreme programming, rapid application development (RAD), and the capability maturity model (CMM). This course will provide hands-on practice with project management and systems development through exercises in PERT/CPM and the design and prototyping of inputs/outputs, data structures, program modules, and documentation.

IT 27 – Database Management System 2 (Adv. SQL)
This course unit offers an introduction to the latest, cutting-edge research outcomes in the area of database management systems (DBMSs). It starts with a brief overview of the internal architecture of traditional DBMSs, and proceeds to cover a range of advanced systems that extend that architecture to different execution environments than the classical, centralized one. The viewpoint adopted throughout is systems-oriented and research-oriented. Focus falls on the impacts on classical query processing functionality (i.e., impacts on other DBMS-provided services such as storage, concurrency and transaction management are largely ignored) with the use of Adv. SQL.

IT 28 – Elective 1  (Data Warehousing and Data Mining)
In the introduction, besides learning basic terminology, students will learn the need for and uses of data warehouses and how they differ from traditional databases. Two sections follow in which the specialized data model and tools used in data warehouses are presented. Once students have acquired sufficient knowledge of the nature of data warehouses, the course presents an overview of the process by which data warehouses are designed and populated. The course concludes with a discussion of some existing technologies, including SQL, and the degree to which they address, or don’t address, the requirements of data warehousing. Laboratory exercises are designed to demonstrate the difficulties present in some parts the warehousing process. Specifically addressed are the problems associated with extraction, transformation and loading data and the inadequacies of SQL for use in On- Line Analytical Processing (OLAP).
This course introduces basic concepts, tasks, methods, and techniques in data mining. The emphasis is on various data mining problems and their solutions. Students will develop an understanding of the data mining process and issues, learn various techniques for data mining, and apply the techniques in solving data mining problems using data mining tools and systems. Students will also be exposed to a sample of data mining applications.

IT 29  – Web Programming  (PHP/MySQL)
Much of the content on the internet is generated dynamically by computer programs. This course will explore the various technologies involved, including forms, HTML, Java scripts, SQL databases, PHP/MySQL Server-Side-Scripting Technology and a bunch of other acronyms. The specific programming language(s) and tools we will look at will depend on the background and skills of the participants, but will include at least HTML, SQL. JavaScript, PHP, and frameworks such as HTML::Mason and Rails are other possibilities.
Concepts of web programming such as client and server side development, dynamic web pages, installation and maintaining Apache web server for Windows platforms. Design of static and dynamic web pages, PHP scripts is emphasized.

IT 30  – Software Engineering
This course in systems engineering examines the principles and process of creating effective systems to meet application demands. Concepts, problems, and methods of systems engineering are introduced in lectures and discussions and applied in assignments and through semester-long group projects. The focus is on systems of hardware and software components engineered to perform complex behavior. Such systems embed computing elements, integrate sensors and actuators, operate in a reliable and timely fashion, and demand rigorous engineering from conception through production. Applications of robotics technology, which by definition constitute complex systems, will be used to illustrate applications and the challenges in engineering complex systems.
The course is organized as a progression through the systems engineering processes of analysis, design, implementation, and deployment with consideration of verification and validation throughout. Case studies and guest lectures in each phase present best practice in the field, and both successes and failures are considered. Reading assignments from textbooks and current literature tie theory to practical methods of creating complex engineered systems.

IT 31 – Professional Ethics  and Values Education
The course introduces ethics and ethical theories; provides discussions on the ethical dilemmas and issues facing IT practitioners. An appreciation and discussion of the Code of Ethics of I. T. Professionals; cybercrimes and appropriate Philippine Laws are also included.

IT 32 – IT Elective 2 (Management Information Systems)
In today’s business environment, information systems play a critical role in almost every organization. Information systems not only perform routine functions in organizations, but increasingly often they are critical to the organization’s achievement of its strategic long term goals. It is therefore essential that manager, professionals, and those serving in many other capacities be fluent in the language of information systems and understands the role that information systems play in organizations. In order to be most effective, mangers, professionals, and others must also understand how information systems are designed, constructed, implemented, and managed.

IT 33 – Multimedia Systems
Multimedia has become an indispensable part of modern computer technology. The integration of video and audio technology with various communication systems is one of the most important aspects of modern electronic systems. This course will provide an introduction to a systems level approach for multimedia systems and will provide an accessible context for subsequent modules on detail aspects of communications, computing and signal processing. Concepts of digitizing, efficient storage, processing and delivering of multimedia data, such as image, video, audio, speech, music, graphics and text, within a broad multimedia usage framework will be addressed.

Free Elective 1 -  E-Business
Electronic commerce may be thought of as a revolution in progress. If organizations are going to take advantage of the new Internet technologies, the must first address them as an integral part of their strategic perspective. Businesses are recognizing the Internet’s role in the decision process that organizations go through in analyzing and purchasing goods and services. Electronic commerce is the use of computer networks to improve organizational performance. Increasing profitability, gaining market share, improving customer service, and delivering products faster, cheaper, better are some of the organizational performance gains possible with e-commerce. E-commerce is more than ordering goods from an on-line catalog. It involves all aspects of an organization’s electronic interactions with its stake holders, the people who determine the future of the organization. Topics covered are   E-business Strategy, Business Models in the new world,  Cyberservices,  E-business relationships , E-business technology ,  E-Marketing and e-payment , Antecedents and barriers to e-commerce , Business Process Management  and  Post-mordenism.

IT 34 – Capstone Project- Technopreneurship
This course presents students with an opportunity to put all of students’ business skills to the test as they work with actual high technology, meet veteran entrepreneurs and startup experts, and prepare and pitch their business plans.  Experiencing the opportunity to “bridge the gap between theory and practice”. Students will identify and analyze entrepreneurial opportunities throughout their career. This course encourages students to practice managing risk and return and learn from failure.  Our objective is to help students have more fun and success with their career by practicing entrepreneurship. We believe that at least once in their career they will be faced with a golden opportunity.  We intend to provide students with the background and tools necessary to recognize that opportunity when it appears seize it and build a successful new business. The business plans will concentrate on the fundamentals of building a great business, including the business proposition, the business model, the customer need being fulfilled, the product, the competition, the market, the industry, the channels of distribution, the customer, the selling cycle, price points, innovation, forms of business entities, operations management and funding requirements.

IT 35 – Distributed Systems
This module introduces the fundamental characteristics of distributed systems, their models and architectures, together with the methods and technology used during their design and implementation. The issues to be discussed will include topics such as distributed system architecture, communication mechanisms, protocols, consensus algorithms, real-time and synchronization issues, storage organization access control, object-based distributed systems, fault-tolerance, naming, security and code mobility.

IT Elective 4 – Systems Integration
This course focuses on the integration of information systems in organizations, the process by which different computing systems and software applications are linked together physically or functionally. It examines the strategies and methods for blending a set of interdependent systems into a functioning or unified whole, thereby enabling two or more applications to interact and exchange data seamlessly. The course will explore tools and techniques for systems integration as well as proven management practices for integration projects.

Free Elective 2 – Principles and Method of Teaching
The course introduces prospective teachers to the nature of teaching. It deals specifically with the principles of effective instruction and the concomitant process involved; instructional planning and demonstration teaching. It is blend of theoretical information and selected matching actual experience.  At the end of the course, the students are expected to demonstrate an in-depth knowledge and understanding of the concepts of teaching and the teaching profession, acquire decision-making skills related to methodologies and instructional delivery systems, display competencies in applying teaching strategies appropriate for a particular learning situations and manifest professionalism and professional work ethics benefitting a teacher.

Free Elective 3 – Human and Computer Integration
This course is an introduction to models and methods of human computer interaction, including: HCI theory; interface development methods, such as user-centered design, prototyping, and participatory design; evaluation and testing techniques, such as heuristic evaluation, the cognitive walkthrough, and usability testing; user-interface programming; and ethical and societal issues. The information exchange between humans and computer systems will be examined. Aspects of input/output devices, software engineering, and human factors will be discussed with respect to human-computer interactions. Topics include: text and graphic display; user modeling; program design, debugging, complexity and comprehension; and current research studies and methodologies.

IT 36 – Internship/OJT/Practicum/Defense of Capstone Project
This course provides practical general training and experience in the workplace. The OJT Coordinator with the Trainer develops and documents an individualized plan for the student. The plan relates the workplace training and experiences to the student’s general and technical course of study. The guided external experiences may be paid or unpaid.  Competencies  such as Database creation and management, Resources, Interpersonal, Information Systems, Programming, Analysis, Design, Basic Skills ,Thinking Skills and Personal Qualities.


Top 5 most famous hackers of all time


  
1  Jonathan James: james gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at the age of 16. In an anonymous PBS interview, he professes. “I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off.” James also cracked into NASA computers, stealing software worth approximately $1.7 million.



2   Adrian Lamo: lamo’s claim to fame is his break-ins at major organizations like the New York Times and Microsoft. Duded the “homeless hacker,” he used internet connections at kinko’s, coffe shops and libraries to make his intrusions. In a profile article, “he hacks by day, squats by night,” lamo reflects, “I have a laptop in Pittsburgh, a change of clothes in D.C. it kind of redefines the term multi-jurisdictional.”



3    Kevin Mitnick: a self-proclaimed “hacker poster boy,” mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The deparment of justice describes him as “the most wanted computer criminal in united states history. “His exploits were detailed in two movies: freedom downtime and takedown.



4    Kevin Poulsen: also known as dark dante, he gained recognition for his hack of LA radio’s KIIS_FM phone lines, which earned him a brand new Porsche, among other items. His hacking specialty, however, revolved around telephones.





5    Robert Tappan morris: morris, son of former National Security Agency scientist Robert Morris, is Known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of his crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.