Tuesday, 31 December 2013

Basic tips on hacking challenges in websites

These are the very basic tips to solve challenges and a beginner knowledge in hacking
"Google is the biggest teacher for any Security Researcher or Enthusiast".
Websites :

Web hacking :
Tip 1 : Look for web source page by right click -> View Page Source.
Tip 2 : Use Inspect element wisely to change the data.(Right click -> Inspect Element).
Tip 3 : URL location helps you to know the directories and for SQL injection problems.
Tip 4 : Use "Tamper Data" and "Add n Edit Cookie" plugins in firefox for tampering and cookie editing         challenges.
Tip 5 : Use "No script" plugin to disable javascript  and view page source is the biggest source for javascript challenges.

Cryptography Challenges :
Best tool : Crypt tool.
Link : cryptool-online.org

You can use online version of crypt tool in the website.

Basic ciphers :
1. Base64 Decoder => base64decode.org
  a. LM , NTML Hash cracker => onlinehashcrack.com
  b.md5 hash cracker => md5online.org/
  c. sha1 hash cracker => crackstation.net/
3.Caeser (ROT 13,ROT 47,Shift Caeser) cracking => online-calculators.appspot.com/caesar/
4.Morse Code (Google around a bit there is a lot of online tools).
5.Vigenere,RSA is all good in Crypt tool so i suggest to download the tool.

Stegonography Challenges :

Tools : Adobe photoshop or GIMP,Paint,Notepad++,Winrar.

Tip 1 : JPG images renaming to rar and getting the file is the simplest and basic of all.
           copy /b temp.jpg + temp.rar temp.jpg => wat does this do is copy a rar merge it with a jpg image.
           basic challenge in stegonography.
Tip 2 : Opening image in notepad ++ would reveal the answers.
Tip 3 : Brightness,Contrast modification can be the answers for few challenges.
Tip 4 : Outguess,Stegdetect are few tools that may come in handy.

Crack me's or Reverse engineering challenges :

Tools : Linux Os,GDB,Olly dbg,IDA Pro.

Tip 1 : Strings command is the first thing every reverser looks for.
Tip 2 : Modifying jumps and NOP ing would help.
Tip 3 : Stack contents,Registers all will help.

Forensics :
Tools : Wireshark,Notepad++,Binwalk,Volatility

Tip 1 : File command in linux helps to find the type of file and accordingly tools can be used.
Tip 2 : Properties of file,Details about file,file signature all helps.
Tip 3 : Memory dumps use Volatility tool to get in and out of it.


enter valid comments.Suggestions are most welcome and would be interested in correcting my mistakes.