Tuesday, 31 December 2013

Basic tips on hacking challenges in websites

These are the very basic tips to solve challenges and a beginner knowledge in hacking
"Google is the biggest teacher for any Security Researcher or Enthusiast".
Websites :
1.hackthissite.org
2.securityoverride.org
3.enigmagroup.org
4.wechall.net
5.dareyourmind.net
6.canyouhack.it
7.thisislegal.com
8.newbiecontest.org

Web hacking :
Tip 1 : Look for web source page by right click -> View Page Source.
Tip 2 : Use Inspect element wisely to change the data.(Right click -> Inspect Element).
Tip 3 : URL location helps you to know the directories and for SQL injection problems.
Tip 4 : Use "Tamper Data" and "Add n Edit Cookie" plugins in firefox for tampering and cookie editing         challenges.
Tip 5 : Use "No script" plugin to disable javascript  and view page source is the biggest source for javascript challenges.

Cryptography Challenges :
Best tool : Crypt tool.
Link : cryptool-online.org

You can use online version of crypt tool in the website.

Basic ciphers :
1. Base64 Decoder => base64decode.org
2.Hashes
  a. LM , NTML Hash cracker => onlinehashcrack.com
  b.md5 hash cracker => md5online.org/
  c. sha1 hash cracker => crackstation.net/
3.Caeser (ROT 13,ROT 47,Shift Caeser) cracking => online-calculators.appspot.com/caesar/
4.Morse Code (Google around a bit there is a lot of online tools).
5.Vigenere,RSA is all good in Crypt tool so i suggest to download the tool.



Stegonography Challenges :

Tools : Adobe photoshop or GIMP,Paint,Notepad++,Winrar.

Tip 1 : JPG images renaming to rar and getting the file is the simplest and basic of all.
           copy /b temp.jpg + temp.rar temp.jpg => wat does this do is copy a rar merge it with a jpg image.
           basic challenge in stegonography.
Tip 2 : Opening image in notepad ++ would reveal the answers.
Tip 3 : Brightness,Contrast modification can be the answers for few challenges.
Tip 4 : Outguess,Stegdetect are few tools that may come in handy.

Crack me's or Reverse engineering challenges :

Tools : Linux Os,GDB,Olly dbg,IDA Pro.

Tip 1 : Strings command is the first thing every reverser looks for.
Tip 2 : Modifying jumps and NOP ing would help.
Tip 3 : Stack contents,Registers all will help.

Forensics :
Tools : Wireshark,Notepad++,Binwalk,Volatility

Tip 1 : File command in linux helps to find the type of file and accordingly tools can be used.
Tip 2 : Properties of file,Details about file,file signature all helps.
Tip 3 : Memory dumps use Volatility tool to get in and out of it.

5 comments:

  1. very good !!!!

    ReplyDelete
  2. i want to know the user name and password of this 104.225.8.239 server. can you hack this private server(sorry for my bad english)

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. What exactly should I begin with?And, do you have a github?Thanks

    ReplyDelete

enter valid comments.Suggestions are most welcome and would be interested in correcting my mistakes.