I want to learn

Hacker's lodge

Suxes:
This is what shd b making front page and not " should I eat with fork or spoon?"

hahaha. eat with your hand ooo

bigdrey:
On daily basis, we here or receive complaints of accounts being hacked, information being stolen, privacy intrusions and many more which shows that there are several methods used by hackers in hacking your account and also getting your personal information.

We have researched the most popular methods used by every hackers in getting your password and we are providing some countermeasures to those methods in this post.

NB: This post is not to teach you how to hack, but will provide a more secured suggestion on how prevent your password being hacked.

1. Phishing
Phishing is the most easiest and popular hacking method used by hackers to get someone account details. In Phishing attack, hacker will send fake page of real website like Accessbank, facebook to victim. When someone login through that fake page his details is automatically sent to the hacker. This fake pages can be easily created and hosted on free web-hosting sites.

Countermeasure: Phishing attacks are very easy to avoid. The url of this phishing pages are different from the real one. For example URL of phishing page of Accessbank might look likeAccesbank.com (As you can see There is only one "s". Always make sure that websites url is correct, and never follow an email link to login account details (Especially Bank Accounts).


2. BruteForce Attack
Any password can be cracked using Brute-force attack. Brute-force attacks try every possible combinations of numbers, letters and special characters until it matches the correct password. Brute-force attacks can take a very long time depending upon the complexity of the password. And the cracking time is determined by the speed of computer and complexity of the password.

Countermeasure: Use long and complex passwords. Try to use combination of upper and lowercase letters along with numbers and possibly characters. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.

Example: Passwords like "myrealname" or "mypassword" can be cracked easily whereas computer will take thousand of days to crack passwords like "Ya34lL!"


3. Rats and Keylogger
In keylogging or RATing the hacker sends keylogger or rat to the victim. This allows hacker to monitor every thing victim do on his/her computer. Every keystroke is logged which includes passwords and usernames. Moreover hackers can even control the victims computer to perform some remote functions.

Countermeasure: Never login to your bank account from cyber cafe or someone else computer. If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated. And never install any file from the internet without proper scanning and verifying the source.


4. Rainbow Table
A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm such as md5 or CHA5 and is transformed into something which is not recognizable. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very commonly used hashing algorithm to store passwords in website databases is MD5. It is almost similar to dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords.

Example: ("hello" in md5 is 5d41402abc4b2a76b9719d911017c592 and empty string ("" is d41d8cd98f00b204e9800998ecf8427e

Countermeasure: Make sure you choose password that is long and complex. Creating tables for long and complex password takes a very long time and a lot of resources.

5. Guessing
This looks silly but this can easily help hackers to get ones password within seconds. If the hacker knows you, he can use information he knows about you to guess your password. Hacker can also use combination of Social Engineering and Guessing to acquire your password.

Countermeasure: Don't use your name, surname, phone number or date of birth as your password. Try to avoid creating password that relates to you. Create complex and long password with combination of letters and numbers which has nothing really about your personal information.


6. Social Engineering
Social engineering is process of manipulating someone to trust you and get information from them. For example, if the hacker was trying to get the password of a co-workers or friends computer, he could call him pretending to be from the IT department and simply ask for his login details. Sometimes, hackers call the victim pretending to be from bank and ask for their credit cards details. Social Engineering can be used to get someone password, to get bank credentials or any personal information.

Countermeasure: If someone tries to get your personal or bank details, refer them to check their database. If they are legit, they should have every details they need without having to call you.
Never ever give your password and credit card details for any reason.

Source: http://blog.windrey.com/6-common-methods-cracking-passwords-countermeasures/

Lovely piece.
A real eye opener.

9ce 1

Wen I c posts like this, I know Nigeria is not all lost........... dis is a warning to those who prefer snake stories! Make baba god cause tanker of common sense to crush you!

donbugy:
Nice write up and if you are interested in phishing and cracking and setting up RAT and Keyloggers then check out my signature.

I need the application

A friend once tried a tool that uses the bruteForce method, it took it some days to ascertain the number of characters in the password, then it will take it about 632 years to crack the password.



He was like, "shey na me be methuselah nii"

I think the method is more efficient for cracking incomplete passwords.

And phishing? I will blame some ridiculous hosts for this.

I could remember the troubles a friend faced when he tried hosting a site similar to New York County Bank (NYCB)

Trusteer can also help you detect phishing sites.

DDOS - Distributed Denial of s3rvice Attack. Your system can be used as an object of an attack, i.e used to attack another system without your knowledge.


Remedy: Pull the plugs when u suspect or notice your system acting funny

Thanks for the Information

Helpful tips thanks a lot.

donbugy:
Nice write up and if you are interested in phishing and cracking and setting up RAT and Keyloggers then check out my signature.

bro I have sent you a request

good one

Decent and informative post

concur

Baroque:
nice

kudos to your elbow I learn something here

Informative

donbugy:
Nice write up and if you are interested in phishing and cracking and setting up RAT and Keyloggers then check out my signature.

Am interested in learnin,I wil snd u an e-mail,plz try n reply 2it

Keylogger is fun.. I had a waresight (007) software one time .. damn I messed with people's head a lot.. I even had an anti deep freeze software for computers with deep freeze.. good old days

bigdrey:
On daily basis, we here or receive complaints of accounts being hacked, information being stolen, privacy intrusions and many more which shows that there are several methods used by hackers in hacking your account and also getting your personal information.

We have researched the most popular methods used by every hackers in getting your password and we are providing some countermeasures to those methods in this post.

NB: This post is not to teach you how to hack, but will provide a more secured suggestion on how prevent your password being hacked.

1. Phishing
Phishing is the most easiest and popular hacking method used by hackers to get someone account details. In Phishing attack, hacker will send fake page of real website like Accessbank, facebook to victim. When someone login through that fake page his details is automatically sent to the hacker. This fake pages can be easily created and hosted on free web-hosting sites.

Countermeasure: Phishing attacks are very easy to avoid. The url of this phishing pages are different from the real one. For example URL of phishing page of Accessbank might look likeAccesbank.com (As you can see There is only one "s". Always make sure that websites url is correct, and never follow an email link to login account details (Especially Bank Accounts).


2. BruteForce Attack
Any password can be cracked using Brute-force attack. Brute-force attacks try every possible combinations of numbers, letters and special characters until it matches the correct password. Brute-force attacks can take a very long time depending upon the complexity of the password. And the cracking time is determined by the speed of computer and complexity of the password.

Countermeasure: Use long and complex passwords. Try to use combination of upper and lowercase letters along with numbers and possibly characters. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.

Example: Passwords like "myrealname" or "mypassword" can be cracked easily whereas computer will take thousand of days to crack passwords like "Ya34lL!"


3. Rats and Keylogger
In keylogging or RATing the hacker sends keylogger or rat to the victim. This allows hacker to monitor every thing victim do on his/her computer. Every keystroke is logged which includes passwords and usernames. Moreover hackers can even control the victims computer to perform some remote functions.

Countermeasure: Never login to your bank account from cyber cafe or someone else computer. If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated. And never install any file from the internet without proper scanning and verifying the source.


4. Rainbow Table
A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm such as md5 or CHA5 and is transformed into something which is not recognizable. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very commonly used hashing algorithm to store passwords in website databases is MD5. It is almost similar to dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords.

Example: ("hello" in md5 is 5d41402abc4b2a76b9719d911017c592 and empty string ("" is d41d8cd98f00b204e9800998ecf8427e

Countermeasure: Make sure you choose password that is long and complex. Creating tables for long and complex password takes a very long time and a lot of resources.

5. Guessing
This looks silly but this can easily help hackers to get ones password within seconds. If the hacker knows you, he can use information he knows about you to guess your password. Hacker can also use combination of Social Engineering and Guessing to acquire your password.

Countermeasure: Don't use your name, surname, phone number or date of birth as your password. Try to avoid creating password that relates to you. Create complex and long password with combination of letters and numbers which has nothing really about your personal information.


6. Social Engineering
Social engineering is process of manipulating someone to trust you and get information from them. For example, if the hacker was trying to get the password of a co-workers or friends computer, he could call him pretending to be from the IT department and simply ask for his login details. Sometimes, hackers call the victim pretending to be from bank and ask for their credit cards details. Social Engineering can be used to get someone password, to get bank credentials or any personal information.

Countermeasure: If someone tries to get your personal or bank details, refer them to check their database. If they are legit, they should have every details they need without having to call you.
Never ever give your password and credit card details for any reason.

Source: http://blog.windrey.com/6-common-methods-cracking-passwords-countermeasures/

very informative

There is this phishing site that has caught my browser. xl4m or something. When I am on some websites once I click it redirects me to another advertising site opening a new tab as it does it. Please how do I get rid of this? It is really bothersome right now. Thanks.

[quote author=bigdrey post=44245721]
................

op bigdrey what about torrents? Those software cracks we often download from torrent sites, are they safe to install on the PC without fear of hacking?

Ifebazz:
There is this phishing site that has caught my browser. xl4m or something. When I am on some websites once I click it redirects me to another advertising site opening a new tab as it does it. Please how do I get rid of this? It is really bothersome right now. Thanks.

open it browser, u will see either on the top left corner the browser menu, click on it, it will show u a drop down menu, click on settings and scroll down, u will see "default reset" or something, I cant remember now, if u click it.....its like factory reset on ur fone, it takes ur browser back to its default settings......if u don't find it on settings, den check advanced settings u will see it......i ve helped several of my colleagues solve dat problem.

[quote author=akagson post=44283078][/quote]
Make sure your antivirus is regularly upto date, and scan d torrents befre installing.

Security

This is whatz suppose to be on a FP not "see d snake I saw clapping in church "

Lol.. Was thinking I would see something new

Thanks a lot... Very matured and helpful post

April fool.

I wish I'd seen this post before someone phished my Facebook account, ... I was sent a Facebook link to vote for a fake social media contest (I was just trying to help ),

Just like you said, it was exactly like Facebook site but I didn't notince the fake URL (so I was told to login again)... The dude in notime, changed my login email, passwords and some vital details... thanks to my security questions that helped me regain my account back.