7 important truth on Man in the middle attack


Wanna know all the stuff you need to know about Man in the middle(MITM) attack? including the basic concepts, types, prevention, etc. If your answer is yes, I suggest you read further.



This particular topic is one of the most asked cyber-security questions on the net. Just like most search terms, I'm gonna break it this way;


  1. What is Man in the middle attack?
  2. How does it work?
  3. Typical example
  4. Real life instances
  5. Different forms of MITM attack?
  6. What are the types of MITM attack?
  7. How do I prevent a MITM attack?

To better understand this concept, you'll be reading this from a victim's perspective rather than the attacker. Pay attention!


1. What is Man in the middle attack?

A man-in-the-middle attack is a known cybercrime where a malicious actor secretly inserts himself into an online conversation between two individuals(sometimes more), impersonates both parties involved and accesses information that is being sent by the two parties to one another.

This type of cyber attack basically requires three players to be carried out; the victim, the individual/s the victim is trying to communicate with, and the hacker(Man in the middle), who ’s trying to intercept the victim’s communications with the purpose of getting critical information.

7 important truth on Man in the middle attack


Note that the victim in this scenario isn’t aware of the man in the middle.

A practical example of a MITM attack is active eavesdropping. In this example, the hacker attempts independent links with the victims and conveys messages between them, making them think they're communicating directly with each other over a secure private connection, when in truth, the whole conversation is being controlled by the attacker.

MITM attack is one of the forms of session hijacking. Other forms similar to a MITM attack are:


  • Sidejacking - This involves sniffing of data packets with the purpose of stealing session cookies and in the process hijack a user’s session. These cookies login information in some cases are unencrypted, even if the website was secure.



  • Evil Twin - This can be called a rogue Wi-Fi network appearing to be from a legitimate network. When a user joins a rogue network, an attacker can launch a MITM attack, thereby intercepting useful data sent between you and the network.



  • Sniffing - This is when a malicious actor uses a readily available tool or program to intercept data being transmitted from or to your device.


2. How does Man in the middle attack work?

How does this work? what actually happens in the background is that the hacker manages to have some form of control over the network topology thereby being able to insert himself in-between the client and the server.

A befitting example of this is DNS spoofing. The attacker convinces your computer system that www.amazon.com doesn’t map to any of the Amazon server IPs, but to his(the attacker) server IP. The client not knowing what's going on then connects to the attacker instead of Amazon. The hacker can then decide to forward the client’s traffic to Amazon servers or not

Address Resolution Protocol(ARP) is another interesting example. This is used to map a network address to a physical address like a MAC address. An IPv4 address is an example of the network address.
7 important truth on Man in the middle attack
Check out the ARP cache of one’s computer system.
ARP comes with a flaw though, it being that you can't verify that the ARP packet is telling the truth.

Check this out;

The Router asks, “Who and where is 192.168.1.103?”, a system at 192.168.1.105 replies, “192.168.1.103 is at ff:ff:ff:ff:ff:ff (192.168.1.105’s MAC)”. The router doesn't know that this packet is coming from a totally different system. For the router, 192.168.1.103 is 192.168.1.105. This is known as ARP spoofing.

So what basically happens in a man in the middle attack is that the attacker continuously sends ARP packets to the victim claiming that the attacker’s system is the router.
Here, the attacker is sending ARP replies to the victim (192.168.1.17) saying that he's the router. It says 192.168.1.1 is at 8:0:27:f1:77:4e(attackers MAC)
The victim’s computer goes ahead and sends all the packets to the attacker’s computer, all the while thinking it is actually the router and the attacker then forwards those messages to the actual router. Editing and taking the information he needs in the process.

There’s a more complex and sophisticated MITM attack involving Border gateway protocol(BGP) where you can divert the routing to the internet for an entire domain.

3. Typical example?

7 important truth on Man in the middle attack

An example? Let’s say your friend receives an email that seems to be from his bank, encouraging him to sign into his account dashboard to confirm his contact information. 

He clicks on a link(saying maybe click here to sign in) in the email and is redirected to what looks like his bank’s website. Then he signs in and carries out the requested task and in the process unknowingly giving out his info.

In this scenario, the MITM sent your friend the email, making it appear to be legitimately from his bank. This particular attack involves phishing i.e tricking him to click on a link in the email that appears to come from his bank. 



Note that the hacker had to create a replica of your bank's website

Another analogy:

Let's say Debra and Justice are having a conversation online; Mary intends to eavesdrop on the conversation but at the same time remain transparent.

Mary could tell Debra that she is Justice and tell Justice that she is Debra. This would consequently make Debra believe she’s currently texting Justice while revealing her version of the conversation to Debra.

Mary then gathers needed information from the conversation, alter and twist the response,  and pass the message across to Justice (who still thinks he’s having a good talk with Debra). As a result, Mary transparently hijacked their entire conversation.

4. Real life instances of a MITM attack?

Enough of made up scenarios. Let's look at a few real life man in the middle attacks;

7 important truth on Man in the middle attack

  • In 2013, the Browser owned by Nokia Xpress was made known to be decrypting HTTPS traffic on the Nokia's proxy servers, enabling the company to access its customers' encrypted browser traffic. Nokia, however, said that the content was only stored temporarily and they have technical and organizational measures put in place to prevent unwarranted access to private information. cite

  • In 2003, a remarkable non-cryptographic man in the middle attack was carried out by a Belkin wireless network router. Periodically, it hijacks HTTP connections being routed through it to a destination and self-respond as the intended server. After the reply is sent, instead of the of the web page the user requested, was a commercial for a Belkin product. After several complaints from technically literate users, this particular 'feature' was removed from the router's firmware. cite
Other notable mentions are;
  • Comcast uses a man in the middle attacks to inject JavaScript code into 3rd party web pages, displaying their ads on top of the pages. cite

  • NSA impersonation of Google. cite

5. Different forms of Man in the middle attack

MITM attacks are of two forms; one that involves malware, and another that involves physical proximity to the proposed target. The first form, just like the fake bank scenario above, is also referred to as a man in the browser attack.

  • Man in the browser attack

With a MITB attack, the attacker requires a way to inject malicious programme into the victim’s computer system. This can be achieved by conducting a phishing attack.

The malware installs on the browser without the user ’s consent and knowledge. The malware then records the data/information sent between websites and the victim, such as online shops, and forwards it to the attacker.


Going back to the forms of MITM attack. Hackers execute a MITM attack in 2 phases — interception and decryption.

In a traditional man in the middle attack, attackers need access to a vulnerable Wi-Fi router. These types of connections are likely to be found in public places with free Wi-Fi hotspots, and in some cases, in some people’s homes, i.e when they fail to protect their network properly. Attackers will go ahead to scan the router in search for specific vulnerabilities such as a weak password.


Once a vulnerability is found, attackers use some hacking tools to intercept and read the victim’s transmitted data


A successful MITM attack doesn't stop after it intercepts. The victim’s encrypted data needs to be unencrypted, that way, the attacker can read and act upon it.

6. What are the types of man in the middle attack?

IP spoofing 

Each computer online has an internet protocol (IP) address, which is somewhat similar to the street address of your home. By spoofing an IP address(changing the IP), a hacker is able to trick you into thinking you’re interacting with someone or a website you’re not, probably allowing the attacker to have access to sensitive information you’d otherwise not share.

DNS spoofing

Domain Name Server(DNS) spoofing is a type of MITM attack that forces a victim to a fake website instead of the real one the victim intends to visit. Victims of DNS spoofing think they’re visiting a safe, trusted site, instead, they’re unknowingly interacting with a fraudster. Here, the attacker's mission is to divert traffic from the real website and capture user login details.


HTTPS(Hypertext Transfer Protocol Secure) spoofing

When doing online transactions, be on the lookout for “HTTPS” in the website URL, rather than “HTTP”. This shows that the site is secure and trusted. A hacker can trick your browser into believing it’s visiting a secure site when it’s not.


SSL hijacking

If your computer connects to an unsecured server specified by “HTTP”, the server can on its own redirect you to the secure version of the server, specified by “HTTPS.”

Connecting to a secure and trusted server basically means standard security protocols are in order, protecting all the data you have in common with that server.

SSL is short for Secure Sockets Layer, a protocol that sets up encrypted links between the web server and your browser.

In an SSL hijacking, the hacker uses a different computer and a secure server to intercept all the data passing through the server to the user’s computer.


Email hijacking

Attackers can target email accounts of financial institutions like banks. Once access is gained, they are able to monitor transactions between the customers and the institution.

The attackers can then decide to spoof the bank’s email address and email to customers. This convinces the victim to follow the hackers’ instructions instead of the bank’s. As a result, an unwitting victim may end up sending money to the attacker.


Stealing browser cookies

To better grab the concept of a stolen browser cookie, you first need to understand what one is; a browser cookie is simply a  piece of information a website stores on your computer system.

online retailers like Amazon might store the personal info you enter and cart items you’ve selected on a cookie, that way, you need not re-enter same information when you return.

A hacker can steal your browser cookies and gain access to sensitive information.

7. How do I protect my system from a MITM attack?

7 important truth on Man in the middle attack


Strong WEP/WAP Encryption on Access Points

Having a very strong encryption mechanism on wireless access points(WAP) helps prevent unwanted persons from connecting to your network. A somewhat weak encryption mechanism allows a hacker to easily brute-force his way into a network and starts MITM attacking. 

The stronger the encryption, the safer.


Virtual Private Network

VPNs is used to create a secure browsing environment for information within a LAN(local area network). They create a subnet using key-based encryption for secure communication. If this is done properly, the attacker will not be able to decipher the traffic in the VPN even if he happens to get on a network that is shared.


Force HTTPS

HTTPS is used to safely communicate over HTTP with the help of public-private key exchange. This helps prevent an attacker from making sense from the data he may be sniffing. 

Webmasters should not provide HTTP alternatives.


Public Key Pair Based Authentication

A man in the middle attack involves spoofing something. RSA public key pair authentication can be used in numerous layers of the stack in ensuring that the people or website you are in communication with are actually the people you want to be communicating with.



Summary

It is all scary from a victim's perspective of man in the middle (MITM) attack. Sometimes times the fear is due to knowing little or no info on the topic. 

After reading through this, most users might panic with the knowledge that they have been keeping their devices vulnerable and might have fallen victim to an attack. The best thing to do in such a scenario is to keep calm.


Join us on facebook if you appreciate this post.
Got a spare old android phone? read on and you're gonna know how to put it to good use; turning it into a security camera. Great to be used as a baby monitor✌

Is it really possible to use a smartphone as a monitoring device without any knowledge of I.T? The short answer is YES. You don't need any sort of Cyber training to use your smartphone as a spy device.



How is this practicable? By installing necessary security applications and using them in the manner I'll show you as you scroll down the page.

How to use your android phone as a security camera


What you're about to read further is common sense for some experienced individuals, but alien to many. For the experienced ones, I'll gladly welcome any form of contribution to the methods I'm gonna use here. For the not-so-experienced, read on!


Breaking it down in these steps;
  1. Get IP Webcam
  2. Setting it up
  3. Streaming
  4. Positioning your camera
  5. Mounting

1. How to use android phone as a security camera

Let's dive in to the topic at hand;

Step 1: Get a security camera app for android

To kick this off, you need an app used as a security camera. Most such app offers the same features as; cloud streaming, motion detection and alerts. local streaming and recording/storing footage locally or remotely.

Despite lots of options online, the best for me is IP webcam. Now the pro version cost $3.99 to unlock all features, but there's also a free-to-use version. Though this version can't be compared to the paid one, it still got some cool features.

IP Webcam broadcasts both over the cloud and locally with the help of a service called Ivideon, so you can watch your stream, live from anywhere. Get the Ivideon app for android on Playstore.

In short, IP Webcam is used for videoing and Ivideon for streaming.

Step 2. To set up your Android phone as a security camera:

After you must have downloaded and installed IP webcam, follow the below procedures to set it up:

  • Open IP Webcam

  • Set your video preference, effects, power management settings, and motion and sound detecting.

How to use your android or ios phone as a security camera

  • Go to Local broadcasting>>login/password to set up your unique login details when streaming locally. Streaming locally is public. Reason why you should have a password. That way only you can stream your video.

  • Now, to broadcast the stream remotely, you have to register or log in to Ivideon(if already registered).
How to use your android or ios phone as a security camera
Ivideon on PC after sign in

How to use your android or ios phone as a security camera
Ivideon on Android after sign in

  • Locate cloud streaming from your IP Webcam app, then select Ivideon and log in to connect your Ivideon account to the IP Webcam.

  • To begin streaming, select Start server at the very bottom of the app of your IP Webcam.




Step 3. Streaming your video from anywhere

Now to the fun part;

  • To view the stream locally:

you'll see an IP at the bottom of the video like https://192.156.43.1.7070 type it in the web address bar of your pc or phone. It'll tell you insecure url but don't worry since you have your own dedicated password. Continue with the login.


A pop up will show asking for your username and password. After successful login, you'll be directed to your dashboard.

How to use your android or ios phone as a security camera
Streaming locally from PC

Locate Video renderer and select Browser to start streaming.

Note: make sure that your android phone is currently videoing on IP Webcam

  • To view the stream using Ivideon

Alternatively, you can stream directly from your Ivideon account. This is even better because it increases privacy(private not public)

To do this is very simple. Start the server in your IP Webcam(you must have linked your Ivideon account to IP Webcam by now), then login to your Ivideon account from your pc/desktop/android. You'll see a thumbnail of the current stream. Click on it and watch.


Step 4: Choosing a spot to position your camera

Choosing the best spot to place your phone is very challenging as you'll be careful to make sure it won't fall off or get seen. You may wanna position it at the main entrance to your home or wherever you think might be particularly vulnerable.

You can also set up an IP camera as a baby monitor.

If you have multiple old phones lying around, you can set up multiple cameras for fairly robust video coverage if you have multiple old phones lying around.


Step 5: Mounting and powering up your camera(s)

To mount the camera, a little smartphone tripod or suction car mount works perfectly and helps you fix the android in an inconspicuous place.

smartphone tripod
Loha smartphone tripod
Joby mini tripod
Best tripod for height



To broaden the view, you might consider purchasing a wide angle lens for your phone. These ones below are my top pick:

How to use your android or ios phone as a security camera


Note that streaming takes a lot of power since the phone will be turned on for a long time. To solve this issue, you might wanna position the phone close to a power source. A long Micro-USB or lightning cable will add some flexibility to your camera positioning.

Make sure you put your phone on silent. Putting it on airplane mode is advisable. Don't forget to on your wifi right back in order to access the internet.


If you really want to use your phone as a security camera, mostly for photographers, then a tripod(very important) and a lens(less important) will be useful. You can check them out from the below links:


Summary


Hopefully, by now you should know all you need to know on how to use your android phone as a security camera. You can go ahead and monitor your household when you're not at home.



With numerous scams, hacks and malware, the Internet can somehow feel as dangerous as a battleground these days

Top Internet Safety Tips to Stay Safe Online

No one can deny that the Internet is a massive and vast part of so many people’s everyday lives as it is quite useful, fun and informative. Be noted – no matter how safe you feel when using it, you gotta secure your safety.




Good news is that you can protect your identity and information for years to come by getting into a habit of using good Internet safety practices.



In order to be safe on the Internet, keep your social media credentials private so that no one can easily find your details online. Let’s make it short, we’ve compiled a list of 7 Internet Safety tips which might help you learn how to stay safe while using the Internet;

  1. Create Secure internet Passwords
  2. Keep Your  Software Updated
  3. Use Two-Factor Authentication
  4. Boost your network security
  5. Use Antivirus Software to increase safety
  6. Click smartly
  7. Only visit secure URLs

 Start scrolling down!

Always Create Secure internet Passwords


According to the survey in 2016, around 4% of people used “123456” as their password, making it the most common and easy to crack password of 2016. 

Creating a secure and strong password is one of the easiest and most effective things you can do to prevent brute force password hacks. Simply, the more bulletproof password, the more difficult it is for hackers to infect your system. 

8 Top Internet Safety Tips to Stay Secure Online


Tips for creating a secure password are;

  • The password shouldn’t be less than 10 characters
  •  Do include a mix of numbers, special characters and lower case and upper case characters
  • Words from the dictionary shouldn’t be used
  • Don’t create a similar password for different websites

Having a strong password is very essential especially now we're living in an era of widespread hacks. One database breach on a website can reveal thousands if not millions of user passwords.

If in such scenario, you use the same password in another website, a hacker can easily trace it and log in to your account.



Keep Your  Software Updated


Software security is a battle which doesn’t end and never will be. As susceptibilities arise and security errors are oppressed, whereas developers always patches updating their software and deliver users with better protection. In short, enabling automatic updates means great peace of mind as delaying these updates leaves your operating system more susceptible to an attack.


Latest Technology Updates don’t harm your computer or smartphone but keep your operating system, web browser, and other software up to date to reduce the overall risk of a security breach.


Use Two-Factor Authentication


Taking a two-factor authentication takes your e-safety to the next level, without a doubt. 

Several well-reputed websites that contain vital financial or personal information such as LinkedIn, Gmail, PayPal, and banking websites has already adopted this measure of extra security. 



Most of the websites text verification code, while others may send a link in the email for authentication. Whether you like or not, but 2FA is indeed an effective way of preventing fraudulent activities.


Boost your network security


When at home or in your workplace, you probably make use of a strong password protected router, thereby encrypting your data. When not at home. I bet you love connecting your devices to public Wi-Fi as it doesn’t charge even a penny? Keep in mind that it poses some significant security risks.




An example is; Man-In-The-Middle attack is quite common on public Wi-Fi through which hackers get access to your personal emails, and passwords with less hassle.


Now that you've read the first two tips before this one and you're about working on keeping your logins safe, also make sure your connections are secure.


Tip: While using public Wi-Fi, assume someone is watching you. Never enter login details or banking information when connecting but if you do need to send some sort of important information, use  a VPN (Virtual Private Network) to create a more secure connection.


Use Well-reputed Antivirus Software to increase safety


Antivirus software plays a vital role in helping you stay secure on the Internet. A well-known and leading IT security solution prevents malicious software from entering into your operating system and clean up any issues which might slip past your system’s defences. 


All you have to do is, enable auto updates and ensure your antivirus settings are suited to your browsing habits and needs.


Antiviruses aren't really used by those who are experienced in IT as their are better advanced ways of protecting yourself from online hacks. Notwithstanding, this measure is a great way for the ordinary persons with no knowledge of IT to secure from malitious apps and programmes downloaded on the internet.


Click Smartly



Now that you’re about putting great tech measures into place, also make sure you don’t invite danger to your system or revealing your details through clicking of suspicious links. 


Have you ever somehow been on and required to put your login details on a webpage resembling a popular social network or website like facebook? Maybe you've received a spam email saying something like "click here to get blah blah". Ignore such request.


This type of attack is known as phishing attack or social engineering, where you're tricked into revealing personal or sensitive information for fraudulent purposes.


Another reason you should click smartly while online is the risk of infecting your system with malware. Don't respond to that suspicious message urging you to "click here" or "download this" by reciprocating to the request. 


Doing such exposes your system to great risk.\



Only release your personal info on secure URLs


When shopping online, or doing sensitive transactions on the internet, always be on the lookout to see if the site’s address begins with “https”, instead of “http”, and has a padlock icon in the URL field saying Secure


This shows that the website uses encryption to scramble your information so it can’t be intercepted by hackers.


Also, be on watch for website URLs having bad grammar or misspellings in their web addresses. They're likely to be copycats of legitimate websites created to trick you into thinking it is the actual site you have in mind(like what I talked about on the previous tip). 


Use this safe search tool  McAfee to stay miles clear of risky sites.




Summary

The internet is never a fully safe nor secure place. Plenty people discovered this the hard way every day and seem not to know how it all happened.

Hopefully, these above tips will go a long way in making sure your safety is guaranteed while online.

You need to check out the concepts of a Man in the middle attack to better understand this topic.


Written by
Top Internet Safety Tips to Stay Secure Online



Gohar Abbas from Techenguru.com

Internet safety guidelines are aside for a short second, we’ve also got you covered if you’re in a search of Cool Gadgets Reviews as well as Latest Updates about Hackers Lounge and Life Hacks.
Hello!

As a new guy in the hacking world, I bet you'd want to know how to create a virtual hacking lab. If you don't know what this is or you just don't care enough to create one, I suggest you read this post thoroughly because it is highly essential.


How to Create a Virtual Hacking Lab



The hacking lab creates a safe environment to practice your hacks. This way you won't have to worry about the risk of failure when trying a hack in the real world because any slip off can be devastating.


Hacking isn't like most professions. In most, you fail and dust yourself off. But in this, you fail and probably spend some time behind bars. This makes practising very important, and this is where the virtual hacking lab comes in.


Many newbies find it pretty difficult to set up a dedicated lab to practice hacks. This article does justice to this problem.

I'll be breaking the tutorial down in 6 steps to make it easier to comprehend;


  1. Download VMware Workstation or Player
  2. Download Kali VMware Images
  3. Unzip Images
  4. Open VMware Image
  5. Download & Install Targets
  6. Download Old Applications

Let's go!

Step 1: Download VMware Workstation or Player

You should practice hacking within a virtual environment. You set up a hacking system like Kali Linux, and some victims to exploit. Essentially, you'll likely want multiple OS and software to enable you try out a variety of hacks.

How to Create a Virtual Hacking Lab


Virtual machines and a virtual network offer the safest way to set up a hacking lab. 


There are numerous virtualization systems available, including Oracle's VirtualBox, KVM, Microsoft's Virtual PC and Hyper-V, Citrix, and VMware's Workstation, VMware Player and ESXi.


In a case of a lab environment, I recommend VMware's Workstation or Player. The workstation is a purchasable product that costs as high as $200 after the free 30-day trial, while the Player is free-to-use.


The difference between these two is that the Workstation can both create and play, while the Player is used to just play VMs.


Download VMware's Workstation or Player here.


Step 2; Download Kali VMware Images

After you must have installed the virtualization system, your next step is to download the VMware images of Linux(provided by offensive language). These images help you to run from Workstation or player instead of creating a virtual machine. 



These images have already been created by Offensive Security. This basically means that you can then use it in either Workstation or Player once you download the VM of Kali.


Step 3; Unzip Images

You need to unzip the downloaded files using one of the several free available zip utilities like WinZip, WinArchiver, etc. 


Download and install the one that suits your fancy and unzip the files. The screenshot below shows the unzipped Kali files using the free trial of WinZip.



Step 4; Open VMware Image

When you must have unzipped all the files, your next step is to open up the virtual machine. Be sure to know the location you unzipped the VM image.

Next is to open the Player or the VMware Workstation. Go to file and open like in the below image.

How to Create a Virtual Hacking Lab


This opens a window like in the below image.


This shows the VMware VM file that you're gonna load into VMware. Note that I'm using the "amd64" which is simply the 64-bit version. The 32-bit version will work though, but a lil bit slower.

Next, after you do so, VMware starts your VM and displays the below image.





Now, hit the little green button in your screen that says "Power on this virtual machine." It will now display a Kali screen.

How to Create a Virtual Hacking Lab

Use "root" as User and "toor" as Password to get started hacking!


Step 5; Download & Install Targets

Now, download and install your target system. You could use your own host Windows system since this is merely a practice, you might wanna use an older and easier to hack system. 


I recommend installing a Windows Vista, XP, Server 2003, or an older version of Linux. You can use these systems to practice hacking since they have known security vulnerabilities. Later, when you think you're climbing up the ladder, you can now install and use Windows 7 and 8 for your hacks.


If you don't have a copy of these older OS, you can easily purchase them on the internet. At last check, it was sold for as low as $9.66 on Amazon, but that can change anytime.


Alternatively, you can get these OS for free on torrent sites, but BEWARE!..you'll likely be downloading more than you bargained for.


These free downloads often come with rootkits that embed in your system when you open the file.


You can get older versions of Linux from the distribution.

f

Step 6; Download Old Applications

Now that you have your operating system, you're gonna be needing apps and software to run on these older versions. These older versions have plenty known security flaws that you can check your hacking skills.


You can use the website "Old Apps" to download many of these.

How to Create a Virtual Hacking Lab

Hit me up in the comment section if you got stuff to say or add on how to create a virtual hacking lab.


Subscribe to my mailing list

* indicates required

Hi there✋. 


Have you ever wondered how easy or possible it is to hack into your pal's computer? Or maybe you know it's possible but do not know the steps to follow. 



I say to you; bring out your note if you ain't with your computer. Keep reading lad.




I've always been asked by viewers on how to hack a computer. I'll be showing you one of my tricks. This trick is done in 4 steps;

  1. Getting started
  2. Trial and error
  3. Gathering necessary information
  4. Getting in

Before you keep reading though, i'll suggest you take a look at our disclaimer page.
Let's get to work!



How to hack into A Computer connected to the same network(Lan)

This trick is perfect for those working in an office where everyone is connected to the same network. It can also be carried out in a College.

What you need

  • Windows OS
  • Cain and Abel

The obvious first thing to do is find a Computer to hack into. You can begin if you're connected to the WAN or plugged into the LAN.

Open up your Cain and Abel. Get it here if you don't have it installed,

This hacking program has a built-in sniffer feature that looks for all available IP addresses in a local subnet. 

Now pay attention!

Step 1

Getting started!

Click on the sniffer tab after the software opens. Click the Start/Stop sniffer, and click the blue cross.

5 Easy steps to Hack Into a Computer



Another window will pop up after this, select “All host in my subnet” and click ok.


It'll now begin to scan

5 Easy steps to Hack Into a Computer


The Computer names, IP's and mac addresses will display. Write them down and try to remember the IP address you wish to hack into. It's okay if you can't tell whether the IP address belongs to a Computer, modem, router etc.

The next step will tell you what to do.




Step 2

Trial and error

This stage is here in case you don't know if what you have is a Computer, printer, router or whatever else is connected to the WAN.

If you did get the IP address of the target though, I still recommend you read through this
section.

Click on the start menu, type in cmd, and click ok.

This will bring up the command prompt which is where you'll be doing most of the hacking.

Next, you'll be reading certain commands in quotes that you'll need to be input into the command prompt. Do not by any way put these commands in quotes. It won't work. I put quotes only to avoid confusing you.

Type in “ping (IP address of the target).” For example in this tutorial, “ping
192.168.1.103.”

This lets you know if the target is online or not

It will look something like this if the target is online.

5 Easy steps to Hack Into a Computer

It will look like this if the target is offline:

5 Easy steps to Hack Into a Computer

This hack can only be done if the target is online. So switch to a different target if it's not or wait for it to come online.

You'd wanna know how to crack a wifi password and a website

Step 3

Gathering necessary information.

Input this command “nbtstat –a (IP address of target).” A suitable example would be
“nbtstat –a 192.168.1.103.”

This will display if file sharing is enabled. If it is, it will give you the; currently logged on user,  computer name and workgroup.

5 Easy steps to Hack Into a Computer



Step 4

Getting In

It’s time!.

By now you should know that: your target is online, has file sharing, and the computer name.

Locate the shared drives or printers. Type “net view (IP Address of Target)”
Example for this tutorial would be: “net view 192.168.1.103”



You just found the share name. In this case, "C" is under the share name signalling that C is the only shared thing on the PC or computer.

To the right, "Disk" is displayed under Type. Meaning that it is the actual C DISK of the computer. The C DISK is most times an entire person’s hard drive.



If you observe carefully, for my hack I already used “K,” so now I use “G” instead. You may do the same for multiple hacks.

It will say “The command completed successfully.” if it worked.

You may have to go retrace your steps if it didn't.

Now open “my computer” under the start menu. There your recently created network
drive will be there.



Note that you won't be able to access this drive if you disconnect from the WAN or LAN. Hence the name Network Drive.

Don't worry though, you won't have to repeat the same procedure all over again since the drive will not be deleted after you disconnect. You can still access it whenever you reconnect.



Congratulations! You’re DONE HACKING!



Commands used;

  • PING
  • NBTSTAT -a (IP Address of Target)
  • NET VIEW (IP Address of Target)
  • NET USE K: (IP Address of Target)(SHARENAME)

Program used;

Cain and Abel.

Pretty easy right? this sums up the steps to hack into a Computer.




Subscribe to my mailing list

* indicates required