Category Archives: Ethical Hacking

Purely about hacking, Anyone can hack following the simple methods listed in articles here.

A Massive Hole In The Internet Security – Heartbleed Vulnerability

Most probably Heartbleed is going to be the vulnerability of the decade in the internet history. You might have heard the word Heartbleed, received bunch of mails from your favorite web services. This article will help non-technical people to understand What Heartbleed is, and how to be immunized  to the bug.

Heartbleed is a bug disclosed to the public on 7th April, 2014. It is a vulnerability in the open source SSL(Secure Socket Layer) cryptography library. This open source OpenSSL is software implemented in server side which is responsible for security and integrity of the data while in its transmission. The communication between your system/PC and the web server have to be sent through a secure line to avoid attackers to eavesdrop in the middle. Whatever URL that has ‘s’ at the end of http like htts://, you know for sure those sites implementing the SSL for security. To avoid this middle man attack all the data sent through this secure line is encrypted in the both end while sending and de-crypted  at the other end.

Its like sending messages as cipher, to decode the cipher the PC or your Server needs the key. These keys are digital keys that has to be exchanged between the two communicating ends. Meanwhile the connected PC continuously checks the liveliness of the link by requesting a signal from Server. The server sends the signal to all the connected nodes (PCs) in a ordered frequency. This signal is called ‘Heartbeat’. If the end node doesn’t get this heartbeat signal for a moment of time, then it assumes the server is down and closes the connection.

Here comes the vulnerability part. When a node request for a heartbeat signal from the server with a particular size, the server will respond to it with the data it needed at the same size requested. But it failed to check the validity of the size. So if a hacker requests for the heartbeat signal with some little big size than it needed, then the server respond with the data it needed and for remaining size it adds up the data from the server memory. Unfortunately that data are very critical sensitive data of users of the server, that includes passwords, credit card numbers, and most of the unencrypted data and other cookie information, session details etc.

Image Courtesy :

Image Courtesy :


It is believed more than half a million web servers were affected by this, and millions of data has been hijacked. No body is sure with the infographs of this attack, but many web services openly accepted they were victimized.

It seems Google patched their servers on March 21st  and Cloudflare on 31st. Cisco announced that its most of the equipment has been vulnerable to this attack, which in turns leaves our sensitive data at risks. We know CISCO’s hardware constitutes the majority of internet.

How to be get immunized from this bug… Solution is simple, change all your login credentials like passwords, security questions, PINs etc. Log out of all the accounts from all the devices you use and login again with new passwords. Update all your softwares, apps. This applies for all the services. All other steps has to be taken by your service offerers, as they have to update their OpenSSL with the patches for the bug.

Not all the websites has been attacked, it is a guess that most of them were. Ironically the services which hasn’t update their OpenSSL for long time stayed secure. And the early adapters of the patch also immune to this attack. As I am using LastPass for managing my digital credentials, it helped me finding the attacked websites and I changed my passwords for those sites which listed under attacked.

For more reading : CNet , Heartbleed

Hope the article helps. Will see you in another. Don’t hesitate to register your views in the below comment box.

Browsing In Public Computers? How To Bookmark Online

This is simple trick for begginers. You can skip to next paragraph if you know what bookmark is. Bookmarking helps us to save/organize the link of a page that contains  helpful information while we browsing through and access it in the future. If you have your own computer(PC), then you can just bookmark the page in your browser, by clicking the “star” in the right side or the URL bar (where you type the address like ‘’) and can access it anytime.

What if we want to bookmark something when we are in a public computer (say public library, college, etc ).  I would like to share one solution (out of many) using Google Bookmarks. You can access your online bookmark here (You have to login with your gmail credintials). You can bookmark any of the page you browsing and that will be stored in cloud and you can access it anywhere.

 How To Bookmark?

This link will help you

In short, drag this link (click the link, hold, move it towards the bookmark bar, and release it) Book Mark This Page, If you can’t find your bookmark bar, first enable the view of bookmark bar.

Now whenever you want to bookmark a page, just click the link. A pop up will come to the view, add up the details, click save. Thats all. Don’t forget to “Sign Out” if your browsing session is over. Soon after you get signed out, no one can access your bookmark on that public computer.

Understanding Phishing With Example

Have you ever heard the words ‘phishing’, ‘spoofing’ before? Most of us thinking that phishing and spoofing are same but it is not and we think that spoofing is a type of hacking and again it is big ‘NO’.


[sniplet postads]

spoofing is delivering a website which is pretending like a legitimate website to deceive or impost the viewers who visiting the website. Here no means of user information is collected for example: ebay spoof. A duplicate website pretends like a original ebay site where an user came and pays some amount for some purchase where originally no purchase is made all the paid money flows to the fraud or imposter’s credit card account.


[sniplet postads]

Phishing causes some serious problem because here your information is collected. “Fishing” the term changed to “phishing” represents the hacker spreads the fish net or hook to every body in the internet but only few were victimized. Consider some fake login page of paypal which was created and owned by a hacker, you entering your username and password in that page thinking that you are trying to log in to paypal, as soon as you click the login button of the page the username and password was sent to the hacker. Now Hacker has every control of your paypal account.

[sniplet postads]

The picture shows the example of two fake login pages of two famous email providers. These login pages looks like very same to the original. The links to this fake login pages were sent by emails and when some body clicks the link they will be brought to this page. If they enter their username and password then it will record it and forwards the page to the original login page. In this phishing attack the phishing mails will be sent in at least thousands if not so in millions. Out of this large numbers very few only victimized.

So all the spoof are not phishing attack. spoof is a general attack where the consequence is not high as from the phishing.

Reverse DNS or IP Look Up and WHOIS Look Up

In computer networking, reverse DNS look up or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address using the Domain Name System (DNS) of the Internet. To simplify DNS is a table kinda thing which stores the domain name corresponds to the IP address of that particular domain name or server IP address in which the website is hosted.

[sniplet postads]

Whois look up is finding the IP address of the server corresponds to the domain name while reverse DNS lookup is vice verse, that is finding the domain name from the IP address.Doing an IP look Up or WHOIS look up is very simple, there are numerous web service which do this all you have to do is to enter the domain name or IP in the website, in few seconds it gives you all information regarding your query. It provides the information like

[sniplet postads]

  • Name of the domain
  • ISP
  • Location of the server
  • Registrant of the domain
  • Address of the registrant
  • Registrant’s email id

Here the first 3 information are 100% correct while the others may or may not be correct, because those details are entered by the domain registrant when he buys the domain form the registrar. People who practices hacking or some unethical activities never enter the original detail, and some times the registrar itself provide some duplicate mail id and address in name of privacy to the registrant. When the scenario is like this you can’t find out the original owner of the domain, but through  the other details you can find out the server and its location.

[sniplet postads]

Why DNS look up is needed? Please read other articles under the category ‘Ethical Hacking‘. When hacker attack is detected through means like internet, Trojan horse, then you have to find out where the hacker’s server is located or to where the Trojan is sending the details, if it is email hacking you need to find out where the email is generated from.

If you find this article useful, subscribe with your mail id from updates. You may find the subscribe box in the right column of this page.

Ethical E-Mail Hacking – Identifying Sender

Any email can pretend itself it is from a trusted site, but in fact it was created by some hackers and served by their servers. When this spoof or forged mail is sent in at least thousands while not in millions. We already seen in the previous post by reading e-mail headers we can identify the sender when the mail seems to be some spoof.

Below is a email header of a mail I sent from my hosting server with PHPmailer. Because normal mail clients never allow you to change the from mail address and other data. This mail pretends where it is from some trusted web site to you but it is created from my server. I have changed some data in below header, due to some security reasons.

[sniplet postads]

Before reading the header your mail looks like this when I receive it in my gmail inbox.

From: <>
Subject: Verify Your Account Details

Now, you can say this mail is from to verify your account details. Okay lets read the header of this mail which is given below.

Received: by with SMTP id cd8cs166526ibb;
        Mon, 11 Oct 2010 19:39:48 -0700 (PDT)
Received: by with SMTP id t37mr3252242ano.122.1286851188074;
        Mon, 11 Oct 2010 19:39:48 -0700 (PDT)
Return-Path: <>
..................// content removed to reduce confusion
..................// some details of intermediate servers.
..................// No need to consider this.
Received: from ( [])
        by with ESMTPS id q23sm3375542yba.17.2010.
        (version=SSLv3 cipher=RC4-MD5);
        Mon, 11 Oct 2010 19:39:46 -0700 (PDT)
Date: Tue, 12 Oct 2010 02:39:44 +0000
From: <>
Subject: Verify Your Account Details.
Message-ID: <>
X-Priority: 3
X-Mailer: PHPMailer ( [version 2.0.4]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

[sniplet postads]

This email header determine where a message is sent, and records the specific path the message follows as it passes through each mail server. To follow the path of a message chronologically, read from the bottom of the header, and work your way up. In this header the mail passes through more than 2 mail servers so I removed the information to reduce confusion. Our motto is to find where the mail is generated, for that read the first ” Received: ” data (from bottom), it specifies that this mail is from “” with the ip address of “″ and it includes a timestamp “17.2010.″ which means exactly at “Mon, 11 Oct 2010 19:39:45″.

Here is an another example email header (only first “Received:” is shown)

Received: from source ([]) by ([]) with SMTP; 	Wed, 20 Aug 2003 21:40:05 CDT

In this case, ([]) – was smart enough to know the email really came from ip So we can find the sender’s domain or ip address from the email headers almost all the time.

[sniplet postads]

What can we do with the hacker’s ip address, we have to find the domain name, server location, owner of that domain, etc etc. We can do this by DNS Look up or else we can simply notify the domain owner whose domain is abused by the hacker, in the above full header the abused domain is “”. The next article will brief this, so stay subscribed to in the below box.

Ethical E-Mail Hacking – Email Headers

In the previous article of this Ethical E-mail Hacking series, we learned how simple “reply to” address column is used to deceive a recipient of email. If you receive an email from a recipient, how will you find the sender, “From Address” is not the only option because as we seen in previous topic a hacker can change the from address very easily. Here the E-mail headers plays important role.

The email header is the information that travels with every email, containing details about the sender, route and receiver. It is like a flight ticket: it can tell you who booked it (who sent the email), the departure information (when the email was sent), the route (from where it was sent and how did it arrive to you) and arrival details (who is the receiver and when it was received). As when you would book a flight ticket with a false identity, the same goes for emails: the sender can partially fake these details, pretending that the email was sent from a different account (common practice for spammers or viruses).

[sniplet postads]

Every e-mail client including web based clients like Gmail, yahoo mail have feature to show full e-mail headers. Normally most of the e-mail clients hide this, because only the body of email is important to the readers perspective, like we check the papers in the letters and not the envelope, but these envelopes are very important. Given screen shots will explain how to make your client to show the headers. Normally the button will captioned with “View Full Headers”.

E-Mail Header Link In Gmail

Example E-Mail Header Link In Gmail

[sniplet postads]

E-Mail Header Link in Yahoo

Example E-Mail Header Link in Yahoo

Okay I hope you found “View Header” button in your email client. Now just click it to see the header of that particular email. The header of a mail might look like this. (example code from Google)

Received: by with SMTP id e3cs239nzb; Tue, 29 Mar 2005 15:11:47 -0800 (PST)
Received: from ( []) by with SMTP id h19si826631rnb.2005.; Tue, 29 Mar 2005 15:11:47 -0800 (PST)
Message-ID: <>
Received: from [] by via HTTP; Tue, 29 Mar 2005 15:11:45 PST
Date: Tue, 29 Mar 2005 15:11:45 -0800 (PST)
From: Mr Jones
Subject: Hello
To: Mr Smith

[sniplet postads]

Now read the header from bottom to top. This typical header explains that this email is sent to ‘Mr smith’ with subject ‘Hello’ (body of message was already shown in the mail). The next lines says that this is from ‘Mr Jones’ sent at so and so time. As we already seen this from address can be modified by the sender that means anyone can send this mail with the name ‘Mr Jones’ pretending the mail is from Mr Jones but actually it was sent by some ‘x’. This is like writing others name in the envelope’s from address section instead of writing their own name, so that the letter seems to be from others. So we checking the sender, and sender’s mail server and ip of the server. Here the server is ‘’ and ip of it is ’′.

If you have difficulty in reading the headers don’t worry, it is not that much hard. Knowing some terms like ‘Return Path’, SMTP, HTTP, Message-ID, etc will help you. Please write your comments to provide you more better written-ed articles in future.

Ethical E-Mail Hacking – Reply To Address

The stream of articles under Ethical E-mail Hacking covers the ideas of hacking a mail. To readers clarification e-mail hacking is different from ‘email account’ hacking. Here we hacking e-mails not mail accounts. In order to find the e-mail spoofs, forgery and other modern attacks. we need to know some basics of email and it is better to know how to hack an e-mail to avoid hacking and being victimized by hackers.

[sniplet postads]

We use webmail like gmail, yahoo mail, rediff anything, you name it or else we use mail clients like outlook, thunderbird etc to send and receive e-mails. “Reply-to” is the option which is almost absent in the APIs of today’s email clients. Usually to send a email we need a from address, and we need to enter one or more ‘to address’, subject, body. Like BCC, CC, we almost lost the option of specifying ‘reply-to’ address in our e-mails.

Before continuing, open the above image in a new browser tab. You can find ‘Reply To’ text box where we can provide another e-mail id other than the sending id even if it is not belongs to the mail server and even in sometimes the email id may not exists.If this column is filled with some other person’s email id. When your e-mail arrives to the inbox of recipient, it will appear to the have been sent from another person whose mail id is specified in the ‘reply-to’ address field.

[sniplet postads]

Scenario 1:

A mail is sent by a fraud from with ‘reply to’ address (eg:, with a deceiving subject and body with a link to hoax website which collects your information. When this mail arrives, it seems the mail was sent from because it was in the reply to column and the id is almost hided. You now clicking the link provided in the spoof mail and entering the data like password, username in the hoax website.

In this scenario 1 you have been victimized by a simple reply-to data modification because it is shown clearly and original mail id is hided. By the instance of seeing the reply-to mail id, you are now made to believe that the email is from the legitimate source, but it is not. So whenever you receive a mail don’t forget to check the from address, instead of checking the reply-to address before clicking any links in that e-mail.

[sniplet postads]

Note: In gmail and yahoo, there is an option called “show details” on the top of the mail which shows the reply to and sender email id s separately.

Message-ID: <>
 Received: from [] by via HTTP; Tue, 29 Mar 2005 15:11:45 PST
 Date: Tue, 29 Mar 2005 15:11:45 -0800 (PST)
 Subject: Managing Account Information
 To: Mr You

Here the fraud is sending this mail with subject “Managing Account Information” from “” through “” via HTTP, but the reply to address has “” so the mail seems to be from This is the place where you are being cheated by the fraud.

What We Learned: It is easy to spoof a mail with reply to address, and an email with a from mail id (over written by reply-to mail id) is need not to be the original sender’s mail id. So any one can pretend to be another person while sending email to you.

Ethical E-Mail Hacking – Understanding Basics

What is Hacking?  Hacking is defined as intentionally accessing a computer without authorization or exceeds authorized access, and wikipedia says “hacker is a person who breaks into computers and computer networks, either for profit or motivated by the challenge”.

Why Ethical Hacking? If a hacker tries to hack your computer system, you need to stop him and safe guard your system and personal data from hacking, To prevent hacking you need to know about it. Ethical Hacking is hacking someones system with good intention , and the person who doing ethical hacking is “Ethical Hacker” and widely known as “White Hackers”. Say example (!)if you try to find the hacker who hacked in to your system, (2)Paypal obtaining the information of some hackers who hacked in to the accounts of their customer.

[sniplet postads]

However, Hacking e-mail account is a different from ethical hacking, but by knowing ethical hacking you can able identify the hoax(spoof) mail, hacker, information about hacker, and at most your name will not be in hacker’s victim list. Before briefing in to the subject, here I am not going to explain the steps ‘how to hack any ones mail account’ instead I explain hacking techniques and how to find that if you are subjected to it as a victim. This will help you to stay away from hackers and guard you data from them.


[sniplet postads]

E-Mail is expanded as ‘Electronic Mail’. E-mail is a digital message when composed by a user with the help of MUA(Mail User Agent) in a system sent to the computer network normally ‘internet’ using SMTP (Simple Mail Transfer Protocol) to the ISP (Internet Service Provider) which resolves a domain name to determine the fully qualified domain name of the mail exchange server in the DNS(Domain Name System). After this, mail will be posted or delivered to the recipient using POP(Post Office Protocol) to recipient’s MUA. Keeping non technical person’s understandability in mind I am trying to mute the technical things.

[sniplet postads]

In this ‘Ethical E-mail Hacking’ stream of articles we are going to learn about E-mail headers, Tracking E-mail, Tracing through time stamp and IP Whois Lookup, Phishing, Malicious HTML and Java script codes in e-mail, Spoof web sites and services, and Modern hacking methods and how to avoid it like using Digital signature, Encryption etc, . I am still looking ways to cover other things like Encryption, Eavesdropping, etc, without using too much technical gimmicks. Finally I am not going to teach you how to hack, but just how to safe guard yourself from hackers attack.

To Get Updates Of This Article Stream In Your Mail Subscribe In Below Green Box.