''Never Click on any unknown link''- but WHY?

(image source: Freepik)

As a rule of thumb cyber experts always say never click on any unknown or suspicious link. But ever wonders why?

Well, today I'm gonna show you why. There are several reasons and several attacks available on the internet from phishing, clickjacking, cookie stealing and so on. But I will show you the simplest one for which you need neither any PC nor kali Linux nor any technical knowledge. Just a mobile with a web browser and a working internet connection that's it! 

So there is a website named IPlogger using which one can easily gather information about a target victim. Can log his IP, approx physical location, mobile handset model number, ISP info, Exact system date and time, latitude and longitude, OS running in your system with version, browser info and so on. 

I'm attaching the screenshots below to show what in reality it looks like.

This is what the website interface looks like. The smart data option collects device information. If you turn it on it will gather the victim's device info. I've intentionally hidden some of the sensitive info. And this attack I've performed on myself.

Once the victim clicks the link you've sent then their logs will be shown here. And if you click on the smart data option it will show you the victim's info.

And this is how the victim's device info looks like

See, here my device's model number has been detected as well, so one can perform any attack upon me by just finding this particular model number's current open/unpatched vulnerability. So think twice before clicking any suspicious link.

And there goes my GPS info my exact location Which I've hidden.

And this link can be shortened or can be manipulated by using any other links as well. Like you can copy any Youtube Url and shorten it here and after shortening there will be so many options available here like tracking GPS data, tracking device data, etc, to look it innocent you can also shorten this URL using bitly or TinyURL as well. So one can't even recognize what's going on behind the scene during the whole redirection process. Within a fraction of a second, they will be landed on that youtube video that you manipulated using a tracker. And the victim's data will be collected from there. 

In Ethical hacking, this process is called Information Gathering. Obviously, if someone is performing this step without one's concern that is illegal. And if the victim complains about this the attacker or whoever is collecting the info may get behind the bar!

Note:- This website was built for research purposes so whoever is misusing the website may face legal issues.

One can also send you this kind of QR code instead of a URL because this website also provides links through QR codes as well. So don't just scan any random qr code for fun! and can be shared using various social media platforms as well. So be careful before clicking or scanning any!

So now the questions arises how to be safe or how to check if someone is keeping an eye on you?

Well, it is as simple as the previous one this website also has a tool to counter-attack. It is called URL Checker. Just paste the suspicious URL here and it will show you the actual URL and redirection. 

Here I've encoded a YouTube Url using a Bitly URL. So this website opens up the actual destination of that shortened/suspicious URL. So you can also get to know any URL's destination without clicking on the link, And the good news is that you can click the destination URL from here as well so Congrats! you have successfully avoided the tracker/trap!

So never forget to scan any suspicious URL before scanning. 

Note:- This blog is only for educational purposes misusing this information/tools may create legal issues. 

Ethical Hacking for Beginners (Chapter-10)

 DATABASE

In computing, a database is an organized collection of data stored and accessed electronically.

A database management system (DBMS) is the software that interacts with end-users, applications, and the database itself to capture and analyze the data. 

Uses of DBMS:-

• Real-world entity:-A modern DBMS is more realistic, and its architecture is based on real-world elements. It also takes advantage of the properties and behavior. A school database, for example, might employ students as an entity and their age as a property.

• Relation-based tables:- Tables are created in DBMS by combining entities and their relationships. By simply looking at the table names, a user can figure out how a database is structured.

• Isolation of data and application:- A database system is not the same as the data it stores. A database is an active entity, whereas data, on which the database works and organizes, is said to be passive. To make its own process easier, DBMS saves metadata, which is data about data.

• Less redundancy:- When any of a relation's characteristics have redundancy in values, DBMS follows the rules of normalization, which separates the relation. Normalization is a scientific and mathematically complex procedure for reducing data redundancy.

• Consistency:-Every relation in a database must be consistent in order for the database to be consistent. There are approaches and strategies that can detect attempts to leave a database in a state of inconsistency. When opposed to older data storage applications such as file-processing systems, a DBMS can give more consistency.

• Query Language:- A query language is included in the DBMS, making data retrieval and manipulation more efficient. To extract a set of data, a user can utilise as many and as different filtering choices as needed. It was previously impossible where a file-processing system was used.

Application of DBMS:-

• ACID Properties:−DBMS follows the concepts of Atomicity, Consistency, Isolation, and Durability (normally shortened as ACID). These principles are used to manipulate data in a database through transactions. In multi-transactional situations and in the event of failure, ACID features assist the database to stay healthy.

• Multiuser and Concurrent Access:− The DBMS enables a multi-user environment, allowing multiple users to access and manipulate data at the same time. Although there are limitations on transactions when many users attempt to access the same data item, the users are never aware of them.

• Multiple views:− For various users, DBMS provides many perspectives. A Sales department user will see the database differently from a Production department user. Users can get a focused view of the database based on their needs with this functionality.

• Security:− Multiple views, for example, provide some security by preventing users from accessing data belonging to other users or departments. When entering data into a database and retrieving it later, DBMS provides mechanisms to set limitations. Multiple users can have distinct perspectives with various functionalities thanks to DBMS's many different levels of security features. A user in the Sales department, for example, cannot see data from the Purchase department. It can also be controlled how much data from the Sales department is displayed to the user. Because DBMSs are not kept on disc-like traditional file systems, it is extremely difficult for criminals to crack the coding.

Users in DBMS:-

A typical database management system (DBMS) has users with various rights and permissions who utilize it for various purposes. Some users retrieve information, while others back it up. A DBMS's users can be roughly classified as follows:-

• Administrator:- Administrators are in charge of maintaining the database management system and administering the database. They are in charge of ensuring that it is utilized properly and by whom it should be used. To preserve isolation and enforce security, they construct access profiles for users and apply constraints. Administrators are also responsible for DBMS resources like the system license, needed tools, and other software and hardware maintenance.

• Designers:- Designers are the individuals that are responsible for the database's aesthetics. They maintain a tight eye on what data should be saved and how it should be stored. They are in charge of identifying and designing the entire set of entities, relations, constraints, and views.

• End Users:- End users are the ones who profit from having a database management system. Simple viewers who pay attention to the logs or market rates to advanced users such as business analysts are examples of end-users.

ER Model:-

The ER model defines a database's conceptual view. It is based on real-world entities and their relationships. The ER model is a viable alternative for developing databases at the view level.

Entity:-

An entity can be an animate or inanimate real-world thing that can be easily identified. Students, professors, classes, and courses provided, for example, can all be considered entities in a school database. All of these entities have certain characteristics or traits that distinguish them.

An entity set is a group of entities that are similar in type. Entities with similar attribute values may be found in an entity set. A Student set, for example, could contain all of a school's students, while a teacher's set could contain all of a school's teachers from all faculties. Entity sets do not have to be disjoint.

Attributes:-

The properties of entities, referred to as attributes, are used to represent them. Every attribute has a value. A student object, for example, might have properties such as name, class, and age.

Attributes have a domain, or range, of values that can be applied to them. A student's name, for example, cannot be a numerical value. It has to be in alphabetical order. The age of a student cannot be negative, for example.

Entity-Set and Keys:- 

A key is a single attribute or a group of properties that uniquely identifies an entity inside a set of entities.

A student's roll number, for example, makes him or her identifiable among classmates.

• Super Key:- A group of properties (one or more) that collectively identifies an entity in an entity set is referred to as a super key.

• Candidate Key:- A candidate key is a very simple super key. There may be more than one candidate key in an entity collection.

• Primary Key:- A main key is one of the candidate keys used by the database designer to identify the entity collection uniquely.

Relationship:-

The link between two or more entities is referred to as a relationship. A student, for example, enrolls in a course, and an employee works in a department. Works at and Enrolls are two types of relationships.

Degree of Relationship:-

The degree of a relationship is determined by the number of participating entities.

• Binary = degree 2

• Ternary = degree 3

• n-ary = degree

Cardinality:-

The number of entities in one entity set that can be linked to the number of entities in another set via a relationship set is known as cardinality.

• One-to-one:- A single entity from entity set A can only be linked to one entity from entity set B, and vice versa.

• One-to-many:-a one-to-many relationship An entity from entity set A can be linked to several entities from entity set B, however an entity from entity set B can only be linked to one entity.

• Many-to-one:- At most one entity from entity set A can be linked to one entity from entity set B, however an entity from entity set B can be linked to several entities from entity set A.

• Many-to-many:- A single entity from A can be linked to multiple entities from B, and vice versa.

Some popular DBMS Software:-

MySQL.

Microsoft Access.

Oracle.

PostgreSQL.

dBASE.

FoxPro.

SQLite.

IBM DB2.

In this chapter, we will discuss some basic and important commands of SQL.

• SELECT - extracts data from a database, 

Eg:- SELECT * FROM table_name;

• UPDATE - updates data in a database, 

Eg:-UPDATE table_name

SET column1 = value1, column2 = value2, ...

WHERE condition;

• DELETE - deletes data from a database, 

Eg:- DELETE FROM table_name WHERE condition;

• INSERT INTO - inserts new data into a database, 

Eg:- INSERT INTO table_name

VALUES (value1, value2, value3, ...);

• CREATE DATABASE - creates a new database, 

Eg:- CREATE DATABASE database_name;

• ALTER DATABASE - modifies a database, 

Eg:- ALTER DATABASE olddb_name MODIFY NAME= newdbname

• CREATE TABLE - creates a new table, 

Eg:- CREATE TABLE table_name (

    column1 datatype,

    column2 datatype,

    column3 datatype,

   ....

);

• ALTER TABLE - modifies a table, 

Eg:- ALTER TABLE table_name

ADD column_name datatype;

• DROP TABLE - deletes a table, 

Eg:- DROP TABLE table_name;

• CREATE INDEX - creates an index (search key), 

Eg:- CREATE INDEX index_name

ON table_name (column1, column2, ...);

• DROP INDEX - deletes an index, 

Eg:-DROP INDEX index_name ON table_name;

• MIN():- returns the smallest value of the selected column. 

Ex:- SELECT MIN(column_name)

FROM table_name

WHERE condition;

• MAX():- returns the largest value of the selected column.

Ex:- SELECT MAX(column_name)

FROM table_name

WHERE condition;

SQL Injection:- It is the most important concept in Ethical Hacking.SQL injection is a type of code injection that has the potential to completely ruin your database. One of the most frequent web hacking tactics is SQL injection. SQL injection is when malicious code is injected into SQL statements via web page input.

Eg:- 1=1 statement- 

Suppose a user is inserting input as 21 OR 1=1

Because OR 1=1 is always TRUE, the SQL above will return ALL entries from the "Users" table.

Does the preceding example appear to be hazardous? What if the table "Users" has both names and passwords?

It will look something like this:- 

SELECT * FROM Users WHERE UserId = 21 OR 1=1;

= is always true

uName = getRequestString("username");

uPass = getRequestString("userpassword");

sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'

By typing " OR ""=" into the user name or password text box, a hacker could gain access to user names and passwords in a database:

It will look something like this if the hacker enters " or ""=" on both user id and password:-

SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

So, this is the last blog of this series. And this series was for absolute beginners who are either not from any tech background or not so much comfortable with the Computer environment but still passionate about Ethical Hacking/Cyber Security. 

So if you’re comfortable up to this and want to learn more in detail with Live Attack tutorial or with Lab then you can check out my Computer training center’s website or you can fill out this form so that I can get back to you asap or you can simply just fill out the query form in this site’s contact section below or you can DM me on my Mobile number or email id for more details.

So, stay updated and keep learning. Will see you in the next blog.

Ethical Hacking For Beginners (Chapter-9)

What is computer Hardware:-

Computer hardware includes the physical parts of a computer system. Like processor, cabinet, motherboard, mouse, keyboard, monitor, hard disk drive, solid state drive, ram, smps, optical disk drive, heatsink, graphics card, cpu cooler, sound card, speaker etc.

Source:- Wikimedia

List of computer hardware and their work:- 

• SMPS:- Switched Mode Power Supply. It converts AC to DC as per hardware components requirement.

• Motherboard:- The main component of a computer system which holds all the elements. Ram, processor, connects hdd, odd, ssd, monitor etc.

• Processor:- The brain of a computer which processes all the program operation in a computer system.

Types of cpu socket:-

LPA (LAND GRID ARRAY)

PGA (PIN GRID ARRAY)

• Storage Device:- HDD, SSD, ODD are called storage devices. This devices are connected through SATA(Serial ATA 7 pin), PATA/ATA(Parallel ATA 40 pin), SCSI (Small Computer System Interface 60-80 pins), Nvme/ M.2 for ssd

• RAM:- The Volatile Memory which is accessed randomly while the system is in operation. 

Types of Ram architecture

SIMM (Single in Line Memory Module)

32 bit data path

DIMM (dual in-line memory module)

Transfer 64 bits of data at a time.

RDIMM (Registered DIMM)

DIMM with improve reliability.

DDR (Dual Data Rate)

Sends double the amount of data in each cbck signal. It has 184 pins.

DDR2

It is faster than DDR because it allows for higer bus speeds. Use less power compare to DDR. It has 240 pins.

DDR3

Twice fast comparison DDR2. Use less power then DDR2.It has 240 pin.

DDR4

Use less power then DDR3. It has 288 pin.Process higher speed than DDR3.Use less power.

• ROM:-Bios and booting module is stored in ROM.(Read Only Memory) – It is a Non-volatile memory. Data in ROM is permanently return and is not erased when you power off your computer

• Socket:- Physical connection b/w motherboard and Processor. (where processor fit) responsible for transmitting energy to the Processor.

Sockets are mainly 2 types.

LGA:- Land grid array

PGA:- Pin grid array.

• Core:- Core is defined as the brain of a CPU. It is responsible for processing speed. The more core it has the more speed it can achieve because in that case, it can simultaneously perform more operations than a single processor or brain can.

• PCI Slot:- Peripheral component interconnect port used for connecting peripheral devices such as graphics card sound card. PCI is the bigger slot and PCI Express has variants like PCI X1, X3, X5, X16, etc.

• North and South Bridge:- These 2 bridges control all connected components of a motherboard. Northbridge controls RAM, CPU, AGP, and South Bridge control I/O devices, Bios, PCI Express, USB, etc. These 2 bridges are interconnected with linker to each other.

Some common problem faced when these 2 bridges fails or malfunction:- 

NorthBridge related:- No display, No RAM detected, Graphics related problem, flickering display.

SouthBridge related:- PC restart and shutdown automatically, BIOS Corruption, BSOD(Blue screen of death), unrecognized hardware, PC Freezes, Slow or lagging performance, etc.

• CPU Ports:- 

• PS2 PORT– USE FOR CONNECT KEYBOARD AND MOUSE

          Purple– keyboard            Green– Mouse

• USB Port– 2.0, 3.0, 3.1, 3.2, Type C-latest

• Lan Port Or NIC Card– to connect to ethernet cable. 2.5G, 5G, 10G Lan

• WiFi Antenna:- For Connect Wifi Antenna (Highend Motherboard have this)

• Audio port– MIC — Pink

•  Headphone– Green

• Audio out — Blue

• Side Speaker:- White

• Rear Speaker:- Black

• Subwoofer/center:- Orange

• OFC port:- Transmit optical audio out

• VGA Port– To connect display to cpu. 9pins

• HDMI/Display port– high display multimedia interface

         Used for to watch HD video in display.

• DVI Port– Support digital signal

         If we use DVI port for display, we have to external audio port for audio as it only supports video.

• Expansion slot—To add extra ports to CPU Parallel advanced Technology Attachment 40 pin Data transmission is parallel

• BIOS And CMOS Reset Pin:- Used to restore BIOS if crashed or corrupted and reset CMOS data such as Date, time, BIOS, and hardware settings. (Only available on Highend Motherboards)

• BIOS:- The Basic Input Output System, or BIOS, is a very small piece of code contained on a chip on your system board. When you start your computer, BIOS is the first software that runs. It identifies your computer's hardware, configures it, tests it, and connects it to the operating system for further instruction.

There are 2 types of bios:- Legacy and UEFI Bios

Legacy:- Legacy BIOS is run by option Read-Only Memory (ROM's), which collectively is limited to 64 KB of storage. The option ROMs that legacy systems run will only work if they are compatible with the hardware that is running with it.

UEFI:- In UEFI BIOS the drivers have virtually no space limitations and are compatible with upgraded forms of hardware. Drivers are written separately and can be uploaded using a flash drive. The information uploaded onto the system is then processed by UEFI’s programming interface, which configures the data to ensure compatibility.

• CMOS Battery – CMOS(Complementary Metal-oxide Semiconductor), Battery provide a power supply of BIOS chip to maintain date and time. It have two size

• CACHE MEMORY – Self memory of processor is called cache memory there are three types of cache memory

• Hard Disk Partition:- There are 2 types of hdd partition available for installing windows OS.

• MBR (Master Boot Record ) – The area of hard disk which is used to detect BIOS and start the booting process of HDD(Track 0, Sector 0, Cylinder 0)

• GPT (GUID Partition Table)(Globally Unique Identify) – It is same of MBR. All Morden PC Operating System Support GPT including MAC OS and Windows OS.

• File System:-  format is method to create allocation table of any storage media and the process complete with help file system. There are following File System

• FAT (File Allocation Table) 

• FAT-32 Max File size 4GB, Max partition size 2TB, No corruption repair, Compression not available.

• NTFS (New Technology File System) Max file size 16TB, Max partition 8PB(Peta Byte), Auto corruption capability, Compression available

• CDFS (CD/DVD)

• Minimum Specs for installing Windows:- 

Component	Bit	Windows 11	Windows 10	Windows 8	Windows 7	Windows XP
Processor	32	Not available	1GHz or Higher	1GHz or Higher	1GHz or Higher	300MHz or Higher
	64	1GHz or Higher	1GHz or Higher	1GHz or Higher	1GHz or Higher	300MHz or Higher
RAM	32	Not Available	1GB	1GB	1GB	128MB or higher
	64	4GB or Greater	2GB	2GB	2GB	128MB or Higher
HDD	32	Not Available	16GB	16GB	16GB	1.5GB minimum
	64	64GB or Greater	20GB	20GB	16GB	1.5GB Minimum
Graphics Card	N/A	DirectX12 or Higher supported	DirectX9 or Higher supported	DirectX9 or Higher supported	DirectX9 or Higher supported	Any SVGA video card

• NAS:- Network-attached storage (NAS) is a file-level computer data storage server connected to a computer network providing data access to a heterogeneous group of clients. NAS is specialized for serving files either by its hardware, software, or configuration.

• SAM:- Security Account Manager is a database file in Windows OS where it stores Users’ passwords. Which is used to authenticate local and remote users.It contains passwords in an encrypted format.

The location of the file is:-  C:\windows\system32\config\SAM

 In the next chapter, we will discuss the Database and its basics. Till then Happy Learning!