Hacking For Dummies (2015)
Chapter 3- Some major Hacking ventures
Email hacking& Windows Hacking
In today’s world the email has emerged as one of the most basic way of connection and communication. Whether you want to greet your friend who is sitting miles apart or you have to email some commercial order for your business activity, the electronic email is the most economical, trustworthy and rapid way of communication.
But because it is being rapidly used, so it also being exploited by the hackers, basically the sending and receiving procedure of the emails is governed through different Email servers. All types of Email service providers organize and connect to the Email Server, whenever a person signs in to the email account. All the digital communication is processed through servers. These severs operate worldwide.
The security protocols of an email system:
Although the emails are considered to be the fastest means of communication, which are deemed to be reliable and quick, yet we hear hacking news about the emails and the respective accounts. So it infers that in the context of hacking we need to analyze the system if security which is extended by these email service providers and main servers. There is a need to understand that what are the vulnerabilities which are exploited by the hackers, when they aim for an email; aim.
Some people think that if the email accounts do not contain any important email or personal email, than there is no need to protect these accounts. But the email security is not only needed to maintain the email security. But the hacker can use your email account for malicious or event terrorist activity. So in this case a strong password will surely help.
Email spoofing is a process which involves falsification of a particular Email header. In this case the email will appear to be originated from a source or sender, other than the real sender. Email spoofing is usually targeted through spam sending, so that when the recipient opens the spam he may give the way to the hacker, to start the spoofing.
Spoofing is sometimes regarded as the fake emails and there are multiple ways to send fake emails, even without knowing the password of the email owner, so email accounts are quite vulnerable.
Sending the fake emails
There can be tow major ways for sending fake emails, discussed below:
Ø Using web script
The various Programming languages including ASP and PHP can allow a person to use an email sending functions, in which a fake header can be easily implemented in the form ” From: To: Subject:”
Even you can find the email sending scripts on a number of different sites which provide the fake email sending scripts for different purposes.
Most of these websites are Anonymous, some include:
Ø Open Rely servers
An Open Mail Relay follows the Simple Mail Transfer Protocol(SMTP) server. Thus server provides an opportunity to anyone, to send emails through some account, through its special configuration. It can send emails other than the ‘Originating’ or ‘To’ format.
Now as these servers are available a hacker can easily use these servers and guide these servers to send emails, as and when required. The sending of the email is easier through this method because it doe not require any kind of password for opening the specific email address. The hacker will just select a particular email account and the work will be done.
The windows posses a system of security which is based upon the following major components:
Ø Local Security Authority (LSA)
Ø Security Reference Monitor (SRM)
Ø Security Account Manager (SAM)
All of the three components come out as the basic building blocks for securing a windows account. When pertaining to the LSA it is supposed to be the security subsystem. It validates both the remote as well as the local log on of the system. So the basic security policy is translated through the LSA.
SAM comprises of passwords and username, so the information can be regarded as the one which can be found on the hard disk. SAM information can make use of local registry or that of the active directory. When the SAM data base clear the user as part of the server, he or she can then start using the service.
SRM is more like an architectural object which makes use of requests preceded by the user to get access to a number of different objects pertaining to the system.
Learning the architecture of windows security
The passwords for the user account passwords are maintained under a hexadecimal format of SAM, known to be the” hashes”.
When any of the Passwords is translated into Hashes, it is not possible to turn it back to thesimple clear text.
All the windows Passwords are kept and Transmitted in a special encrypted format which is referred to as thee Hash. Whenever a user starts using windows account he or she enters the passwords, which was set originally. The entered password is then compared with the stored hashes. If both of these match then the user is authenticated to carry on the access to the windows account. It is known as a process of Response. Challenge
Whenever a hacker tries to hack the windows, he needs to get these hashes crackers. Both manual and automated methods can be used by the hacker, in gaining access to the password. As opposed to email hacking, this may not require password access, windows hacking needs to be proceeded through password access. The most prevalent methods which are used to crack the Passwords of a windows account include:
ü Brute-force method
ü Rainbow Table attack
Types of windows hacking attacks
Ø To monitor and control; all types of accounts operated on a computer
Ø To make alterations in the original password, without the knowledge of the user
Ø To create new user account
Ø To delete the already exiting account of the user
Ø To create invisible account in a computer system
Barriers for windows hacking attack
Ø Using the BIOS setup, a Change in the Boot Sequence can be a good measure. The sequence of first, second and third boot device can be as follows:
ü Hard Disk (1st boot drive)
ü DVD/CD drive (2nd boot device)
ü Removable (3rd boot device)
Ø Creating a stronger BIOS password
Ø Implementing the physical Lock at your personal computer cabinet