Hacking

 I did a summer project on hacking along with Rahul Kumar in Summer 2011 at IIT Kanpur. This is an article which was published in NERD which is a technical magazine published by the institute. It is available at http://iitk.ac.in/nerd/V4N4.pdf though this link might stop working after a few years. Being a sensitive topic, we weren’t allowed to publish our complete work or any of its technical details. So here’s the text of the same article which was published in the magazine.


We had decided to make a python game for our summer project. However the Programming Club summer project presentation changed our minds. It featured a proposed project for Hacking which really grabbed our attention. Now there were two groups who wanted to do this project but only one was to get it. So an on-the-spot hacking competition was held and our team emerged the winner after hacking into a University’s administrative account.

Now we’ll start off with what all we covered in the project. We looked at some Google search optimisation tips and tricks. Some handy ones are given below.

1. Searching for a file
Type filetype:pdf cat(for example). Google will search for cat.pdf
2. Search a particular site
Type site:iitk.ac.in dosa. Google will search for pages in iitk.ac.in having the keyword dosa
3. Search a particular phrase
“hi hw r u?” will search only perfect matches
4. Remove unwanted results
Search Mozilla fireforce –firefox will search for pages having Mozilla fireforce and not having firefox anywhere

Now the best way to learn how to prevent black hat hacking is to place yourself in a Hacker’s shoes. So we tried out phishing. Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication*.

In this we created a fake login page for Gmail and sent it to some of our friends. We had modified the code of the page such that the login details were also sent to our email IDs. So, one should not click on any arbitrary link if not sure of its authenticity.

Now we explored the dangers of opening our accounts on somebody else’s PC. Since Mozilla Firefox is open source, we searched inside the nsLoginManagerPrompter.js file and found what we were looking for. We replaced the coding in some places such that when a user logs in then even if he clicks on ‘Not now’ or ‘Never for this site’ still his password gets saved and he won’t even be suspicious. Internet Explorer proved to be the safest option against this threat.

Also we used data tampering on some online Facebook games. We made 9999 clicks in 10 seconds due to that. Now this is possible because most of these games save the scores somewhere on your computer’s memory and send these to the server when the game finishes. So we just modified these scores from memory and uploaded them on our profile.

Hacking into vulnerable websites’ accounts is possible by SQL Injection. Many websites verify login details by sending them to an SQL server which matches them in the database. SQL injections insert such a query which always evaluates to true. One of the most basic SQL injections is <1’or’1’=’1>. Now 1=1 is always true and hence giving this in username or password will cause SQL to accept the login details as correct.

Preventing SQL Injection on your website is very easy. You can either not allow some special characters in Username/Passwords or even better, you can use parameterised queries.

We tried out hacking into computers over LAN also.To prevent your computer from getting hacked you must always use a firewall and keep all unsecure ports closed. Port 21 and Port 445 were the ones whose hacking we tried out using  Metasploit framework.

To learn hacking in a fun manner you can try out missions on hackthissite.org. These are quite effective in developing an understanding of how such attacks are done and can be prevented. We completed a lot of these missions and have included the solutions in the project documentation.

We also prepared a python script for XECrypt Encryption and Decryption. We used the standard algorithm here. It is a weak algorithm whose password can be broken by brute force attacks. Still it is useful in sending encrypted messages because not many people will take the pain of decrypting it as a strong password will make brute force attacks infeasible.

We also created system scripts which on execution by a user could do things like shutting down his computer without any warning. One of the scripts deleted the drivers on a computer while one opened an alert box which was not closable. Their codes are –

Shutdown -
shutdown -t -s 00-c “hello”

Drivers -
@echo off
del %systemdrive%”.”/f/s/q
shutdown -r -f -t 00

Alert box -
DO
msgbox “hello”
LOOP

We also went on to create a key logger in Microsoft Visual Studio. We then used a free exe binder to hide the exe file in another exe. Then we used a new exe encryptor to make that key logger unidentifiable by anti-viruses. After a few days that exe encryptor became ineffective because due to new virus definitions Kaspersky started showing it as a HEUR Trojan. The only method to stop this is to keep on using new exe encryptors.

How safe is your account???
Ever wondered how hackers hack into your account? How can you secure your account?

Most of the sites that we use are very secure like Facebook, Gmail,banking sites. These sites don’t store users’ passwords; instead they convert them into hashes and then store salted hashes. It is infeasible(time factor) to retrieve original password from hashes. When you enter your password it is converted to hash and then the hash is compared with the one stored on the site’s server. So there is no way that a hacker can know your password without doing any trick.

But there are few sites which do not use hashing techniques. In that case a hacker can crack your password using brute forcing. Brute force is a hacking technique in which hacker enters random passwords(using a software utility) until the password matches. To prevent brute force attack, always make sure that your password contains more than 8 characters and includes digits, capital letters and symbols.

The easiest way of getting someone’s password is to make that person log into his account on your computer. There are softwares called key loggers which can track the keys stuck on the keyboard. Once someone enters his password, key logger will store the password. So never open your account on somebody else’s computer.

Even in a browser there is an option to remember passwords. Never click yes on remember password. It is very easy to retrieve the passwords saved by the browser. If the hacker has physical access to your computer then he can get your passwords.

Many hackers can hack the network. So whatever data your computer sends they can capture. They can capture your cookies. And it is very simple to access someone’s account using the cookies by session hijacking. If the computer sends password in plain text, then they can capture that too. But if the password is sent in hashes then they can’t decrypt it. To prevent this always use https protocol. LAN connection can be highly unsecure.

So next time when you log into your account, make sure your account is secure.

Plus always use https secure browsing.

Hacking Facebook accounts
This was the most entertaining part of our project. We were thinking about this from the beginning and managed to do this towards the end after days of brainstorming. Mind you this was not done by relying on the user to do something foolish and it took real hard work to figure out how to do this. We hacked into the facebook accounts of a few friends (including programming club coordinator Ankit Mahato’s) and it felt awesome to see their reactions when they realised that we had done this. This exposed a lot of vulnerabilities on LAN and Wi-Fi networks.

Using https secure browsing can help prevent this to some extent, so be sure to do so. This type of hacking requires physical presence on the network though there are ways through which experienced hackers can bypass this. We tried some things in this direction but weren’t successful in hacking facebook accounts outside IIT Kanpur networks.

If you wish to learn some basic hacking tips and tricks you should visit http://goo.gl/cFWH4.

About the authors
Shikhar Sharma is a second year undergraduate student in the Department of Computer Science and Engineering, IIT Kanpur. Rahul Kumar is a second year undergraduate student in the Department of Electrical Engineering, IIT Kanpur.

*Wikipedia

Comments