9 ways to know the password of others

Im A HACKING " HACKING IS NOT A CRIME "






no program without a gap. many ways to get passwords as hackers even more than that we will read below. hopefully make us more cautious. How It The? There are many ways to obtain a password. Some of them do not require special expertise. Here are the ways of the most common and most frequently used : 


[1]. Social Engineering 
[2]. Keylogger 
[3]. Web Spoofing 
[4]. Facing Email 
[5]. Password Cracking 
[6]. Session hijacking 
[7]. Being a Proxy Server 
[8]. Utilizing User Negligence FiturBrowser In Use 
[9]. Googling

[1]. Social Engineering 



Social Engineering is the name of a technique of gathering information by exploiting gaps victim psychology. Or may be also said to be "fraud" Social Engineering requires patience and caution to the unsuspecting victim. We are required to be creative and able to think like a victim. Social Engineering is the art of "forcing" people to do things according to your expectations or desires. Of course the "coercion" that do not openly or outside of normal behavior is usually done with the victim. Humans tend to believe it or easily influenced against people who have big names, had been (or is trying) to provide relief, and have the words or a convincing appearance. This is often used social engineering to ensnare the perpetrator the victim. Often the perpetrator make a condition that we have some sort of dependency kepadanya.Ya, without us knowing he's conditioned us in a problem and make (as if - if only) that he can overcome that problem. Thus, we would tend to do what he instructed without feeling suspicious. Social Engineering is sometimes a serious threat. It seems to have no link with the technology, but watch out for social engineering remains feasible because it could be fatal for your system. Why? Because after a computer still can not get away from humans. Yes, there is no one system komputerpun on this earth that can be separated from human intervention. anything as good as your defense, if you are already controlled by the attacker through social engineering, then maybe you are the one who opened the entrance for the attackers. 


[2]. Keylogger 


Keylogger is software that can record user activities. Recordings were saved as plain text or images. Keylogger work on pounding the keyboard user. This application is able to recognize these forms as sensitive as a password form for example. There are safe ways to avoid keyloger: 1. Use passwords with special characters such as !@#$%^&*(){}[]. Most keyloger will ignore these characters so that the perpetrator (Mounting keyloger) will not get your real password. 2. Prepare your password from home, save in the form of text. When you wish to enter a password, copy-paste tingal ajah. Keyloger will read your password by pounding the keyboard. But this way is somewhat risky. Why? because when you make a copy, your data will be stored in the clipboard. Currently, many found free software that can display the data in the clipboard. 


[3]. Web Spoofing 


Still remember the case pecurian BCA Bank Account number of customer? Yes, that's one obvious example of Web spoofing. The core of this technique is to utilize a user error when typing a website address in the address bar. Basically, Web Spoofing is an attempt to deceive the victim into thinking he is accessing a particular site, but it's not. In the case of BCA, players create a site that is very similar and identical to the original site so that the victim is fooled would not hesitate to fill in sensitive information such as user name and password. In fact, because the site is a scam site, then all the valuable information was recorded by a fake web server, which is owned by the perpetrator. 


[4]. Facing Email 


Facing an email? Yes, and very easy to do this. One way is to use a utility mailsnarf contained in dsniff. How it works is by blocking Mailsnarf data packets through the Internet and compile them into an email intact. Dsniff and mailsnift is a software to work on the basis of WinPcap (equivalent to libcap on Linux) is a library that captures data packets. Captured packets will be stored in a file by Windump, while Dsniff and MailSnarf further act of analyzing these data packets and display the password (dsniff) or email content (mailsnarf). 


[5]. Password Cracking 


"Hacking while sleeping." That phrase commonly used by people who perform password cracking. Why? Because in general dibuthkan a long time to perform password cracking. Could for hours, even days and - today! It all depends on the target, whether the target using a common password, the password has a length of an unusual character, or a combination of passwords with special characters. One of the software used to do this is by using Brutus, one type of software remote password crackers are quite famous. Brutus works with technical dictionary attack or Bruce-force attack against the ports http, POP3, ftp, telnet, and NetBIOS. Dictionary Attack works with tried out the words in the dictionary passwords. While brute - force attack works with tried out all combinations of letters, numbers, or characters. Brute Force atack working very slow and time consuming depending on the type of computer specs and character length password. Currently many sites are close access to the login access to the business on an ongoing basis to no avail. 


[6]. Session Hjacking 


Session hijacking is of increasing popularity among attackers. Regular session hijacking is done by imitation cookies. So basically, we should be able to mimic the cookies of the victim to get their login session. Then how do I get the victim's cookies? 1. By analyzing Cookies. This method is relatively difficult. 2. Stealing Cokies. For example, the attacker wanted to get an account of the A. The attacker can easily make some kind of script that inserted Java script in the email to be sent to korban.Saat victim opens the email, without conscious cookiesnya will be stolen and recorded into a webserver by using a PHP script. Lately, most often the target is a Friendster account. There are inserts a scipt through testimonials, there are inserted in their own profiles to steal the cookies of the victim and others. I have tips for this: 1. Do not use Internet Explorer browser When you wish to open other people's profiles, do not use Internet Explorer. Write down the address you intending to see the profile, log out first from your account and clear out all cookies, then open the destination Friendster profile. 2. Check the source code When receiving a testimonial, please check your source code. Are there foreign script or words that are synonymous with piracy, such as: "Hacked", "DEFACED", "Owned" .. etc. .. If in doubt ... .... ajah reject .. 3. Logout suddenly. Beware when without any apparent reason suddenly you logout by itself from your account. When you are prompted to enter your username and password, see your addressbar first! whether you are on a site that should or not. Check the source code on the form action tersebut.Lihat page, where your information will be sent. Actual session hijacking can be prevented if only the service providers pay attention to the following: 1. Assign a unique session identifier 2. Set the system identifier, a random pattern 3. Session identifier independent 4. Session identifiers can be mapped with the connection client side. Another phenomenon is that, until the time this article was published, was still found many users who do not sign out after opening the account. Thus, another person who uses a computer and open the same website that has been opened by the first person will be automatically logged into the victim's account. 


[7]. Being a Proxy Server 


We can gather information with a proxy server for victims to be able to surf. With a proxy server, the whole identity of the surfer can be ours. 


[8]. Utilizing user Negligence in the use of browser features

Each browser must have features intended to ease and convenience of users in surfing.Among them is the presence of the cache and Password Manager.On the Internet of course a lot of websites whose content has not changed in several days (for example spyrozone.tk nich .. hehehe Well, for sites like these caches become very useful. Cache will store the results of browsing the files so it will if you come againbrowser to that site no longer have to download a second time from the server so that every page of your site that have been previously open will open more quickly. All that is usually governed by the header time to live.Why, how about the news provider sites are always up to date? For sites like that, time to live it will be set = 0 so that later you will continue to download every time you visit.Quite convenient is not it? Yes, but the threat began to emerge. Try now you explore the options related to the cache in your browser. Of course you can see that there are facilities to determine how much the temporary files that can be stored on disk. Search also the location where the files are saved.Try to open the folder, you will see html files and image files from sites you have visited.In IE browsers, you can view the location of the cache files by exploring the menu Tools -> Internet Options -> SettingsSo what can be obtained? yet only the files "trash"? Hmm ... now you try to copy all the files there into a folder. Then open one of their HTML files. If it is a public computer, you can find any site that is accessed by the person before you.Hmm .. just by looking at your temporary files can even see the password and etc.. I met many sites store passwords and display them in the url. Of course you also must have often read in various tutorials.Most current browsers have facilities for storing passwords. For example, when receipts Mozilla Firefox, you'll often receive a confirmation dialog box asking if you want your password saved or not by PasswordManager. Most users tend to choose the YES option, whether it be with full awareness or if they do not know (read: do not want to know) what the purpose of the dialogue box.Other people who then use a browser that can very easily get the password the victim by entering the menu Tools -> Options -> Security -> Saved passwords.Another example is the wand password facility owned by the Opera browser. When you enter a user name and password in a form and press the submit button, opera by default will ask for confirmation to you whether you want the browser store your id and password or not. Again and again ... mostly netter careless, they tend to choose the option "YES".And then? Others who then use the browser that can view any site that is accessed by the user, point your browser to the site, place the cursor on a form the user name, press [ALT] + [ENTER] and BOOOMM!! Why? Do not be surprised first! Hehehe .. login form will automatically be filled with victims complete with user name password; D (It's fun Enough ..These are just a few examples, explore the feature-firtur another browser!


[9]. Googling


Google.com. Many sites have collapsed, password and number - credit card number stolen as a result of man-made miracle that menyalahgunaan the past, this is easy dilakukan.Hanya by typing certain keywords associated with the user name and password, you can harvest hundreds of passwords a user through google. But now it looks like you have to bite the fingers if you use the above manner; DDo not be sad before because Google has just spawned a new product, the Google Code Search. Start a new threat arises, "the clever" This can now crawl through to the archive files that are in a public web server directory. Be careful who had a habit to store important information in it (passwords, and other valuable info) should start the habit now, it is removed. Always protect sensitive folders for your site can live longer. If not ... yach .. wait ajah there are people who take advantage of this new product google to dredge sensitive information from your web server. and if it happens ... so be prepared .. "Playground" you will be taken over by it ..CoverWew ... there are lots of ways not to get another account? So, always be careful. Always vigilant when in public places, even on your personal computer though because it could be your friend or anyone who borrows your computer has a purpose that is not good ..



( AZHAR " HACKING" ) 
Previous
Next Post »
2 Komentar
avatar

Mas saya baru di terima GA, tapi saya kurang tau cara mengelola dengan baik... mulai dari pasang GA di blog Indo, datangin trafic dan agar tidak melanggar TOSnya... aku bingung mau hub. km dimana? sekarang km kan udah kerja, jd jarang online!! bales diemail ya kalau sempat aoneshoper@gmail.com

Balas
avatar

salam sejahtera kawan.. maksimal 3 iklan bisa di pasang di website atw blog.. jangan lebih dari 3, entar kena TOS. gmn de km sehat ?
iya saya udh kerja, di luar negeri

Balas

Terimakasih telah berkomentar