Sunday 6 July 2014

How a Domain Name is Hijacked and How to Protect it

In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So, let me first tell you what domain hijacking is all about.
Domain hijacking is a process by which Internet Domain Names are stolen from its legitimate owners. It is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The Operation of a Domain Name is as Follows:

Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and theweb hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows:
  1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.
  2. From this domain control panel, we point our domain name to the web server where the website’s data (web pages, scripts etc.) are actually hosted.
For a clear understanding let me take up a small example:
John registers a new domain called “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y).
Now, whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What Happens When a Domain Name is Hijacked?

Now, let us see what happens when a domain name is hijacked. To hijack a domain name, you just need to gain access to the domain control panel and point the domain name to some other web server other than the original one. So, to hijack a domain you need not gain access to the target web server.
For example, a hacker gets access to the domain control panel of  “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).
In this case the John’s domain name (abc.com) is said to be hijacked.

How the Domain Names are Hijacked?

To hijack a domain name, it is necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients:
  1. The domain registrar name for the target domain.
  2. The administrative email address associated with the target domain.
These information can be obtained by accessing the WHOIS data of the target domain. To get access to the WHOIS data, go to whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this, you’ll get the “Administrative contact email address”.
To get the domain registrar name, look for the words something like: “Registered through:: XYZ Company”. HereXYZ Company is the domain registrar. In case if you do not find this, scroll up and you’ll see ICANN Registrarunder the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.
The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So, to take full control of the domain, the hacker will have to hack the administrative email associated with it. Email hacking has been discussed in my earlier post: How to hack an email account.
Once the hacker takes full control of this email account, he will visit the domain registrar’s website and click onforgot password in the login page. There, he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done, all the details to reset the password will be sent to the administrative email address.
Since the hacker has the access to this email account, he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

How to Protect the Domain Name from Getting Hijacked?

The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. You can read my earlier post on how to protect your email account from being hacked. Another best way to protect your domain is to go for a private domain registration.
When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public.
whenever a hacker performs a WHOIS lookup for your domain name, he will not be able to find your name, phone or the administrative email address. Thus, the private registration provides an extra security and protects your privacy. Even though it costs a few extra bucks, is really is worth for its advantages.
I hope that this article has helped you. You can express your feedback through comments.

How to Use Google for Hacking

Google serves almost 80 percent of all the search queries on the Internet, proving itself as the most popular search engine. However, Google makes it possible to reach not only the publicly available information resources, but also gives access to some of the most confidential information that should never have been revealed.
In this post, you will find the information on how to use Google for exploiting security vulnerabilities that exists within many websites. The following are some of the ways to use Google for hacking:

1. Using Google to Hack Security Cameras:

There exists many security cameras that are used for monitoring places like parking lots, college campus, road traffic etc. With Google, it is possible to hack these cameras so that you can view the images captured by them in real time. For this, all you have to do is just use the following search query in Google. Type in the Google search box exactly as given below and hit enter:
inurl:”viewerframe?mode=motion”
Click on any of the search results (Top 5 recommended) and you will gain access to the live camera which has full controls. You will see something as follows:
Hacking Live Camera
As you can see in the above screenshot, you now have access to the Live cameras which work in real-time. You can also move the cameras in all the four directions, perform actions such as zoom in and zoom out. This camera has really a less refresh rate. But there are other search queries through which you can gain access to other cameras which have faster refresh rates. In order to access them, just use the following search query:
intitle:”Live View / – AXIS”
Now, click on any of the search results to access a different set of live cameras. Thus, you have hacked Security Cameras using Google.

2. Using Google to Hack Personal and Confidential Documents:

Using Google, it is possible to gain access to an email repository containing CV of hundreds of people which were created when applying for their jobs. The documents containing their Address, Phone, DOB, Education, Work experience etc. can be found just in seconds.
intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”
You can gain access to a list of .xls files (excel documents) which contains contact details including email addresses of large group of people. To do so, type the following search query and hit enter:
filetype:xls inurl:”email.xls”
Also, it is possible to gain access to the documents potentially containing information on bank accounts, financial summaries and credit card numbers using the following search query:
intitle:index.of finances.xls

3. Hacking Google to Gain Access to Free Stuffs:

Ever wondered how to hack Google for free music or eBooks. Well, here is a way to do that. To download free music, just enter the following query on Google search box and hit enter.
“?intitle:index.of?mp3 eminem
Now, you’ll gain access to the whole index of Eminem album where in you can download the songs of your choice. Instead of eminem you can substitute the name of your favorite album. To search for the eBooks all you have to do is replace “eminem” with your favorite book name. Also replace “mp3″ with “pdf” or “zip” or “rar”.
I hope you enjoy using Google for hacking stuffs on the Internet. If you’ve liked this post, please pass your comments. Cheers!

How to Hack a Gmail Password

With Gmail being one of the most widely used email services across the globe, it has also become a favorite place for many to engage in secret relationships and exchange cheating messages.
As a result, sometimes it becomes inevitable for people to hack the password of their partners’s email account to reveal the secret. Therefore, it’s no wonder why many people want to know how to hack a Gmail password.
In this post, I am going to discuss some of the Real and Foolproof ways that actually work. However, before that I want to make you aware of some of the common myths and scams associated with email hacking.
  1. There is no ready-made software program that can hack Gmail password (or any other email password) with just a click of a button. So, stay away from those websites that are waiting to rip off your pockets by selling fake products.
  2. Most of the email hacking services on the Internet claim to hack any email password for just a small fee of say $100. I have personally tested many of those services and all I can tell you that they are nothing more than a scam.
With my experience of over 10 years in the field of ethical hacking and cyber security, I can tell you that there are only two ways to hack Gmail or any other email password. They are:

1. Keylogging: Easiest Way to Hack Gmail

Keylogging is the easiest way to gain access to any email account. Keylogging involves the use of a small software program called the keylogger. This keylogger when installed on a given computer will capture each and every keystroke typed on the keyboard including all types of passwords.
While some people have a basic understanding of what a keylogger is and how it works, many are completely new to this concept. So, I have compiled some of the most FAQs about keyloggers, so that people who have heard this term for the first time can get a better understanding of keylogger and its working.
Does it require any special knowledge to use keyloggers?
No, absolutely not! Keyloggers are designed in such a way that even the first time users also find it easy to install and control. Anyone with a basic knowledge of computer can use it with ease.
If I install the keylogger program, can the user come to know about its presence?
Right after the installation process is completed, the keylogger goes completely hidden and continues to work in the background. Hence, it is impossible for the users of the computer to know about its presence.
But, what if I do not have physical access to the target computer?
Well, you need not worry as I am going to suggest one of the best keylogger program that supports installation on a local computer as well as a remote computer. I recommend the following keylogger as the best:

Easily Access any Email

How SniperSpy works?
To hack the password, all you need to do is just install SniperSpy (installation takes only a few seconds) on the computer of the target user. When the target user logs into his Gmail account from this computer, the login details (username and password) are captured and uploaded instantly to the SniperSpy servers. You can later access the stored logs to find out the password.
What are the Operating Systems supported by SniperSpy?
SniperSpy is fully compatible with Windows 2000/XP/Vista/7/8 and Mac. You can download it from the link below:

Download SniperSpy – for Windows and Mac

What about mobile Devices?
For cell phones and mobile devices, there is a mobile version of the same program called Mobile Spy which you can download from the following link:

Download Mobile Spy – for Mobile Devices
Supported Devices: Android, Windows Mobile, BlackBerry, iPhone, Apple iPads, iPods, Android tablets and Symbian phones.

2. Phishing (For advanced users only):

Phishing is a way to capture sensitive information such as usernames, passwords and credit card details. Phishing usually involves the use of a spoofed web page (or a fake website) whose look and feel is almost identical to that of the legitimate websites like Gmail, Yahoo and Hotmail. When the users try to login from these fake pages and enter their passwords there, the login details are stolen away by the hacker.
However, creating a fake login page and taking it online to successfully hack the password is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. In addition to that, carrying out a phishing attack is a serious criminal offence. So, if you are new to the concept of hacking passwords, then I only recommend using the keyloggers as they are the easiest the safest way to hack any online password.

How to Hack a Facebook Password

Being one of the most widely accessed social networking sites, Facebook has also become a popular place for many to exchange secret messages and manage illicit relationships. Therefore, it’s no wonder many people make up their minds to hack the Facebook password of their loved ones. May be you’re in a similar situation or just want to hack Facebook, this article will surely help you out by shedding some light on the possible ways to do that.
Every day, I get a lot of emails from people requesting me to hack Facebook passwords of their spouse, girlfriend or boyfriend so as to reveal their secret relationships (if any). Most of them are even willing to pay for the service. I strongly deny any such requests as I do not provide any paid hacking service on my site. However, in order to keep the knowledge free, I have decided to write down this post using which you can easily manage to hack the Facebook profile of your choice.

Possible Ways to Hack a Facebook Password:

1. Keylogging – The Easiest Way!

Keylogging refers to simply recording each and every keystroke that is  typed on a specific computer’s keyboard. This is possible with the use of a small computer program called keylogger (also known as spy software). Once installed, this program will automatically load from the start-up, runs in the invisible mode and start capturing each and every keystroke that was typed on the computer. This obviously includes the password of Facebook, email or any other online account.
Some keyloggers with advanced features can also capture screenshots and monitor every activity of the computer. To use it, it doesn’t demand any special knowledge. That means, anyone with a basic knowledge of computer can install and use this software with ease.
Hence, for a novice computer user, this method is the easiest way to hack a Facebook password. I recommend the following keylogger as the best one to fulfill your needs:
Easily Access Facebook Password
Why SniperSpy is the Best?
Today, there exists hundreds of keyloggers on the market where many of them are nothing more than a crap. However, there are only a few that stand out of the crowd and SniperSpy is one among them.
I personally like SniperSpy for its REMOTE INSTALLATION FEATURE. With this, you can install it on a remote computer without the need for having physical access to it.
Here is a summary of benefits that you will receive with Sniperspy:
  1. REMOTE INSTALLATION
    SniperSpy can be installed on remote computers even if you’re miles away from them.
  2. 100% STEALTH OPERATION
    Operates in a complete stealth mode so that it remains undetected.
  3. NEVER GET CAUGHT!
    Since SniperSpy operates in a total stealth mode and remains undetected, you need not have the fear of being traced back or getting caught.
  4. EXTREMELY EASY TO USE!
    SniperSpy is a very small program, installs in a few seconds and is extremely easy to use even for newbies.
  5. WORKS ON WINDOWS & MAC
    Fully compatible with Windows 2000/XP/Vista/7/8 and Mac.

How it Works?

How SniperSpy Works
You can easily drop the deployment module onto a word document, image or any other file and send it to the target Facebook user. SniperSpy will install silently on the target computer and the monitoring process will begin.
You can login to the secure control panel from any browser and start viewing the logs to get the password!
So, if you are really serious to hack Facebook password then SniperSpy is for you. Go grab it now and expose the truth!
Download SniperSpy – for Windows and Mac
For Mobile Users:
For mobile usage such as cell phones and tablets, there is a mobile version of this program called “Mobile Spy”.
Download Mobile Spy – for Mobile Devices
Supported Phones: BlackBerry, Android, Symbian, iPhone and Windows Mobile.

2. Phishing – The Difficult Way:

The other common way to hack passwords or online accounts is via Phishing. This method will make use of a fake login page (often called as spoofed web page) which will exactly resemble the original one. Say for example, a spoofed web page of Facebook looks exactly same as that of the original page. This page is actually created by the hacker and is hosted on his own server. Once the victim enters his/her password in such a fake login page, the login details are stolen away by the hacker.
Phishing requires specialized knowledge and high level skills to implement. Therefore, it would not be possible for a noob user (perhaps like you) to attempt this trick. It is a punishable offense too. So, I recommend that you stay away from phishing and make use of the keylogger, as it is the easiest and the safest way.

Facebook Hacking Methods that Do Not Work:

  1. Many scam websites claim to have found out a certain vulnerability in Facebook servers which as a means can be exploited to crack the password. Unfortunately, there is no such vulnerability in Facebook (or any other online account) that can be exploited to crack the password. Never go behind any of those websites that promise to give you the password upon payment or completing a free survey.
  2. There is no ready-made software program that is available to hack Facebook password (except the keylogger). In fact, keyloggers are pretty generic and are designed to log the keystrokes of a specific computer which is often used to hack passwords.