Ask Rahul Tyagi | Our Reply in 72 Hours Guaranteed - Rahul Tyagi Official Blog | Information Security
Sunday, 2016-12-11, 4:52 PM
Welcome Guest
Site menu
Login form
Buy Wifi Hacking Adapter
 

Best Laptop for Hacking
 










Ask Rahul Tyagi | Our Reply in 72 Hours Guaranteed

Main » FAQ [ New question ]

Answer:Dear users now you can ask your questions here, and get reply from Rahul Tyagi himself with in 72 hours. Follow the rules of the FAQ section and enjoy our new feature.

You can ask any of your doubts here things like hacking facebook,accounts, gmail hacking ,cc hacking etc will be depeted on immediately ad user or guest's IP will be banned. So please ask your queries only related to professional infosec.

General Computer and cyber world queries are allowed and will be answered in respective time limit for sure.


Question By: Rahul Tyagi (defaultNick)

Answer:http://pastebin.com/CRsx7mhK

Question By: Rahul Tyagi (defaultNick)

Answer:Mainly All infosec companies follow OWASP Top 10 vulnerability testing.

You can try these testings on your websites which are enough to generate a gud tsting report.

1. By pass authentication tests ( SQL Injection )

2. Union based Injections

3. Error based Injections(For aspx)

4. Web Application firewall penetration testing (If deployed)

5. Cross Site Scripting

6. Cross Site Flashing

7. DDOS Attack testing


These above attacks except DDOS you can deploy manually and if you are intrested in making a automated report i recommend go fr Acunetix or IBM Rational Scanner.

For checking XSS You can try many online xss scanners like www.xss-scanner.com or google dom based online xss scanner. for SQLi you can hands on Pro Version of Havij.(Havij Pro also handles Error based injection)

Question By: Rakesh Verma

Answer:You can follow this article for learning cookie grabbing.

http://www.101hacker.com/2011/09/hack-yahoo-accounts-by-stealing-session.html

Question By: Saurabh kumar





Answer:Well dear first at our end its not possible in a easy manner but yes , TOR is also a company under law enforcement work, they only give details to crime investigation agencies. Before giving you fake ip they log your real ip n with every fake IP your real IP relates.

And by giving the traced IP of TOR even they can give details dat at what time that fake IP was given to this ISP user. so at the end v can grab the person.

But in short in India its not at all possible hence answer is Big NO

Question By: Pandya yash kishorkumar


sir my question is if i am using TOR in vidalia den my ip address will be continueosly changing even google is confused about my current location and i have heard dat criminals are using this type of techniques for mail

so how we can find the actual ip address and how we can trace the mail for this type of difficulty

Answer:I think i have already answered your question above please refer the above answer. thanks

Question By: Yash Pandya


Sir i have found xss vulnurability in so many websites and reported it succesfully but i want to know how to deface the website using xss and csrf vulnurability,how to hack database and imp files from server using this type of vulnurabilities

Answer:First its gud your have found XSS and reported the respective organisations, second i do not support defacement of websites as you can google there is not a single hit in which i encourage defacement. But yes instead of defacement you come research on how to protect websites from SQL injection and Preventions for coders against XSS attacks . That will be much better.

Question By: Yash Pandya


Sir i am using backtrack in vmware workstation 10, i am able to do penetration testing with all modules but here i am facing problem in cracking wap or wep password . so my question is is dat possible to crack wap or wep usning backtrack in vmware virtual machine or any batter option to crack wap encryption

Answer:Dear Yash,

Well In VMware your wirless card becomes wired so through vmware you can not crack any wifi unless your laptop is from HCL or you are using a external wifi adapter.

Rest if you want to crack WPA and WPA-2 encryption keys:-

1. FOr WEP --> Gerix Wifi Cracker in Backtrack
2. WPA- WPA2--> Reaver in Back track here is the article i wrote on hacking WPA and WPA-2 security.

http://ethicalhacking.do.am/news/cracking_wpa_wpa_2_keys_with_kali_linux/2013-06-14-387

Question By: Yash pandya


SIR I HAVEE TESTED SO MANY WEBSITES FOR RFI FAULT BUT I HAVE NOT FOUND SINGLE WEBSITE WHICH IS VULNURABLE TO THIS ATTACK MAY BE MY METHOD IS WRONG SO I WANT YOU TO POST ONE TUTORIAL ON REMOTE FILE INCLUSION WITH SCREENSHOT SO WE CAN UNDERSTAND IT . THANKS

Answer:Dear YAsh he he i think you have lots of questions lol :P anyways well RFI and LFI are very hard to get these days but still i recommend go for GHDB from www.exploit-db.com and get some dorks google it and you will get it definitely.

Question By: Yash pandya


i want to know full tutorial of cybergate.and also help for the downloading
fud cypter

Answer:You can get full video tutorial from this link http://www.youtube.com/watch?v=ySZDVGUp1QQ

and can download the cyber gate from below link too
http://www.filecrop.com/cyber-gate.html

FUD Crypters Binders you can download from here: www.transmissionhacking.webnodes.com

Warning: CYber Gate is illegal on live and remote machine do not attack remote machine its only for testing attacks on your environment to understand the attack for a RAT.

Question By: Jainam rajpara


There are many websites for example in which question papers can be obtained but they can't be assessed without password so how can they be hacked so that i can have a assess to it?

Answer:Well i never checked for any of these kind of websites , i always use to study my subject and pass the exams :) . So instead of looking for exam papers read your books properly. Bcz after your study only your knowledge is going to help you in corporate world.

Question By: mumpi guha


Sir, i am using super hide ip and use russian proxy but some link are not open properly like this site...tell me why..??? is it possible to if i use another country proxy then open this site or other...???

Answer:You can try Anonymox Plugin in Mozilla firefox , or use ultra surf.

Google Ultra Surf and download it works fine if not the Hot spot security sheild will work.

In VPNs you can try Proxpn it provided 2048bit encryption

Question By: Manish Gupta


i talking about..this type syntax is like

"inurl:websitename"

plz know this syntax with example

Answer:Dear Jainam,

You can use google in any ways to find the vulnerabilities in websites.

Like finding adminpanel of webistes

Random Admin pages: "adminlogin.php"

Target based Dorks : site:victim.com adminlogin

There are many kind of attacks you can perform via google dorks

for more information on it i recommend Exploit-db's GHDB.

Google it :- Exploit DB GHDB

Question By: Jainam rajpara


I'm diffing a patch in windows 7 I've extracted the patched file from the .msu file i want to triggering the vulnerability now can you please give me an example ?

Answer:Well first please let us know what kind of vulnerability you are talking about, untill we do not know the vulnerability we can't suggest you the compatible exploit for that so please specify the vulnerability type first.

Question By: Amine


I am b.tech student & i want to make career in ethical hacking ......kindly guide me what should i do?

Answer:Dear Sangeeta,

First you have to come up with a certification in the filed of ethical hacking, you can join our CCSE V.2 course and after training you can apply as information security consultant any where.

For international certification you can go for EC-COUNCIL's CEH dat's bit expensive for you in starting.

Last thing read read read maximum you can , learn about security rather than hacking. Because no company will hire you if you only know how to hack, so how to protect is more important.

If you are looking for a distance edutcaion hacking course you can get our Official Hacking Crux toolkit in Rs 1499 only it has One Book + Two DVD WIth video course and software. For people who are starter its the best kit till date.

For ordering FIll the form here : http://goo.gl/2gyda  and learn ethical hacking by sitting at home.

Question By: Sangeeta Bisth


Sir,please sent me setps of cracking wifi on gerix wifi cracker in backtrack?

Answer:Dear Rajat you cna try ferix wifi cracker avilable in backtrack its an automated too very easy to use.

Or go for gerix wifi cracker another tool.

If you are doing it for free then manually cracking will be a bit difficult for you.


You can get this video tutorial for help

https://www.youtube.com/watch?v=VnD3d_JCjnQ


Question By: Rajat Rawat


Hi sir i want to know from which website i can get the basic idea of ethical hacking?

Answer:There are many websites but if you really wana start basics of ethical hacking and security i suggest go for www.insecure.in its gud site for new bee to start off.

Question By: Manayata


sir I just notice that we can login in facebook with a white space <BR> in our username or e-mail id for example spouse my username is <BR> "rockstar" and we can longin into fb with "rock star" and "rock.star" <BR> how can it possible because id n user name are always unique?

Answer:Well this question can be better replied by facebook itself :) mail them and let us know too, as we havnt tried it ever.

Question By: Sunil Verma


Sir, is dat necessary to have such certificate for making career in ethical hacking field ??? bcz without attanding any seminar or classes i am able to hack website using sql injectn and with many exploit i am able to hack wifi and now after your kind help m also able to crack wap and wep keys so i am electronics&communicatn enginner so i am good in networking and wireless communication too but i dont have any CEH or CCSE certificate m also able to do sms spoofing using temper data i mean i have learn a lot in cyber security field so plz guide me what should i do should i go for any classes or not??

Answer:Well its great that you have knowledge about security aspects but one thing is there, that if you want to make career in the field of information security then you must have CEH or further LPT bcz without these certifications outside India and in India very few companies will recognize you as professional white hat. Hence its better to have Certifications like these and then join any company.



Question By: Yash Pandya


Respected sir, i have found xss vulnurability in 3 websites in dat 1--> newtronics company mumbai 2--> my college website and the last one is big CISCO but first two orgenisation have no time to replay me back :D but cisco team replied me dat dey will fix the bug soon but still 2 day pass away but bug is still der and by using this vulnerability an attcker can steal cookies redirect an user to infected sites and deface the website.
so what can i do now??

Answer:We wil be able to answer your first question only that is CISCO is not replying, well they have their own criteria of following and patching the vulnerability, like some companies can take up top 3 months even for reply. Hence you have to wait for the reply ....

Question By: Yash Pandya


How to use http://hellomicrosoft.hpage.co.in/ and how to use
c00kye gRaBb3R what is procedure to run cookie??


Answer:Well dats part of email hacking so i wont be able to answer you can better google search for it :)

Question By: Raji Pandya


Sir i want to know the complete use of asterisk and proper download link for voip calling before 6 month there was a website mobivoix which allow user to voip call from any number to any one . so i want to knw is der any other website who allow its user to call from anty number to anyone.



Answer:There are many websites that cna help you to call with random number.

But you can go for evaphone.com its gud.

Question By: Rajal Shah


sir, i was trying to call a person by his own number by using the website mobivox but i
think the site is not correct.....its a business site...so please sir reply me to solve this query
Thank you

Answer:Well till now in India its highly illegal to call spoofing , but you can tru evaphone.com jus google evaphone and you can call you relatives friends with any random number suggested by the organisation website.

Question By: Arpit gang


What is the procedure to use rainbow table

Answer:Dear Shuhant raval,

You can not use ranbow tables manually but you can use automated applications like Ophcrack
that can use the ranbow table criteria to crack down the SAM and extract the password.

Google 0phcrack and you will get it easily.

Question By: Shuhant Raval


Dear Rahul,

I want to do ethical hacking course with certification.Kindly guide me which institute is good for that.

Kindly reply me.

Warm Regards

Answer:You can join our LCEH , one of the most advanced certification on information security and ethical hacking.

http://www.lucideus.com/pdf/Lucideus_Summer_Training.pdf

Question By: SAKET BHAGAT


Since I am a b.tech student and opted for the self-study for CEH
certification. Therefore, I need to attend the training at an ATC
(Accredited Training Center). Sir, I have the following queries;

1. What books should I prefer for the study of certification?
2. I have attended the workshop conducted by Mr. Sunny Vaghela.
So it will be sufficient for the training and if not what are
the best available options for the training?
3. Whether techdefence provides the training or not?

Please add more information which you think is necessary.

Waiting for a prompt reply...>

Answer:Training Certification is offcoure required. to get job dear. 

http://www.lucideus.com/pdf/Lucideus_Summer_Training.pdf

here is INdia's most advanced information security cerification  known as LCEH

Question By: Neeraj Kumar Gupta


Sir i want to know how to make uid=0 and gid=o to take over the database of website. 

Answer: Rooting server is totally different thing, first you have to get server details , hen compatible shell(Control Panel) then access to the shell, and at the end of the day, you need 777 permissions on the same server

Question By: Jay


Dear sir i am running two os on dell lapy windows 7 and ubuntu ,i have tried to add backtrack using rasiprocity but its not working so guide me how to install.

Answer:Let me know you want t make it dual book or you want to run it on virtual environment.

Question By: Akash


Dear sir actually some one change my windows password and i am not able to login in my laptop so plz help me to crack password of windows 7

Answer:Dear,

Nirav Patel

Please refer these tools below and you can crack any windows based operating system.

HirenBoot CD : www.hiren.info/pages/bootcd


Download the ISO image and make it Bootable cd or USB pen-drive through this below application 




Question By: Nirav patel


Sir i have used metasploit for lan networks but but i do not found any use of metasploit for penetration test for web applications plz giude me how to use it for website penetration test?

Answer:Dear Raj,

With msf we can hack all most anything relates to technology available. You can hack mobiles phones, windows, linux, mac etc etc. Its jus anything you can pwn with msf along with latest private and public exploits.

In msf we have many way to execute remote web application exploits to get access of the servers and many other vulnerabilities.

For more basic you can refer my paper from exploit-db.com, here is the link

 

Question By: Raj


i want to modify causal game like subway surfers ,temple run to make unlimited coins....

Answer:Well first let us know you want to modfy android apk or , .exe for modifying .exe , this comes under technique known as reverse engineering. For modifying .exe file you can use.

1. Resource Hacker : http://www.angusj.com/resourcehacker/reshack_setup.exe




Question By: Maulik Rajpara


Dear sir, since long time i have dis question bcz i have not seen any advertisement of cyber security analyst needed or ethical hacker needed i have not even heard from any 1 dat any company hiring cyber security analyst or ethical hacker so if i will get ceh or ccse certificate den after in which company i can make my carrier ??

Answer:Well first thanks for asking such a fab question, and i love to reply this kind of questions. First lets talk about career in cyber security, well dear there are many fields where people are being hired but yes if you are looking for persons with Title ethical hackers then its difficult to quote. People are hired as Web Application Penetration Testers, professional Reverse Engineering, Network security Administrator, Android malware analyzers and many more..

The only thing which matters how hard you are on the works and how much passionate you are in security field. Certifications does matters, but more matter is your spark. if the spark is there , with the time that spark will be converted into fire and every company will love see and hire you for the same.

To start with you can come to us with thsi certification called LCEH, here is the link http://www.lucideus.com/training/ come and see how hard we  do things and how much serious we took things .


Question By: Rajal shah


DEAR SIR,SOME DAYS AGO I LOGGED IN MY FACEBOOK ACCOUNT FROM MY BOYFRND;S LAPTOP AND HE GOT MY PASSWORD :D SO MY QUESTION IS HOW TO KNW THE PRESENSE OF ANY KEYLOOGER BCZ DAT KEYLOGGER CAN BE OPENED ONLY BY PRESSIN SOME KEY COMBINATION SO PLZ HELP ME SO FROM NEXT TYM WHEN I USED MY BF OR ANY OTHER PERSON LAPTOP I CAN SECURE MY LOGIN.



Answer:

Answer: Well there are lots of keyloggers so i cannot suggest you a rock solid solution for this, but yes maximum people go for trial version keyloggers which can be seen at task manager bar. Hence you can identify the keylogger before typing the password.

Rest you can install Keyscrabmbler in Mozilla firefox as add on and even then if they have keylogger no one can see what you have typed. :) and i hope you can force your BF to install keyscrambler in his browser ha ha . Gud Luck .   


Question By: Nirali Patel


What is the complete method to root android phone?



Answer:

There are lot of ways to root android device but it different from Mobile Vendor to Vendor and OS dear. But you can try Unlock Root its good application to start with. Make A Google Search Unlock Root. 


Question By: Tejas Tharu


What are these cyber forensics?? and how are they useful to a ccse student?? and is there any other website or material where we can understand cyber forensics properly?? how are these used??



Answer:

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

Students can adopt this field to become a cyber forensic investigator and can help investigation agencies in any cyber crime incident.

Students can start learning from this Youtube Link : https://www.youtube.com/channel/UC7X3iS_dQ0seZbdkrZ0R-fA

Thanks


Question By: Rakesh Chandra


Sir please tell me about the best keyloager and from where i can download it.



Answer:

Well dear there is nothing like best keylogger of bad it depends upon how a person is using it. I woul recommend Family Keylogger which i suggest to parents to monitor their children's activities on internet. 

You ca download Family Keylogger from This Link : spyarsenal.com/familykeylogger/

Thanks


Question By: Sahil Puri


Dear Rahul,

I'm very much interested to take this course. This is a serious inquiry!!! Can you please tell me how much this training cost in terms of your fees, how many days it takes? and for those days what is the estimated cost of an accommodation which one has to use for the duration of the course?

I'm not a beginner to computers but almost a beginner when it comes to ethical hacking.

Sincerely,
Marz



Answer:

Dear Marz thanks for your query , but we do not have any Lab in Chandigarh at this time. If you really wana do the certification from our Organisation then you can come down to New Delhi . It wil cost you Rs 20000 for One month training from us and living cost will be near 7-8k a month. 

Rest you can visit www.lucideus.com/winter for seats availability. 

Thanks


Question By: Marz Hamidi


Hello Sir,
i lost my yahoo account password, also the answer of my security ques. and i also forget the password of my alternate email address.and my registered mobile no. is here but the option of sending msg to your mobile is not working..i have only the way to recover my account ..but that is not working ..i send you the details of my account at following :-
my account :- gumbernitish@yahoo.in
security ques :- what is the first name of your favourite uncle ?
Alternate email :- gumbernitish00@gmail.com

i lost both the passwords of the id nd also forget the answer of security ques.. sir , its urgent ..please do something ..nd recover it
Thanking you,
Nitish gumber
8054488537



Answer:

Dear Nitesh, its bit hectic process but you can try the following process.

In case of a hacked account send a mail describing your problem to account-security-help@cc.yahoo-inc.com. If this doesn't help, call Yahoo: 1-408-349-1572, or 1+ 
866-562-7219 then press on #2 explain to a customer service person what happened. They will ask you to do certain things and then they compare your original info with the changed info. Within 24 hrs you should get your account back! 


Question By: Nitish Gumber


Dear sir how can i use the xhydra software?



Answer:

Dear you can follow this video to learn the use of XHydra www.youtube.com/watch?v=h5mHLOssHaE

Thanks


Question By: Shahnavaz Khan


How To Use Cain And Able ?
Any Other Spftwear Like Cain And Able ?



Answer:

Here is a easy video to understand the Cain n Abel Try This : https://www.youtube.com/watch?v=jNCr6r078Qw


Question By: Cute Devil


Dear sir i want to make my virus(trojan) fully undedectable ?



Answer:

Dear Kishan,

There is no 100% method to make a virus trojan FUD free. Crypters like Saddam and Sikandar Crypters are used to make RAT FUD hence you can try those.

Rest try transmissionhacking.webnodes.com they have a large number of application cypters.


Question By: kishan sharma


Which processor is better APU Quad Core A10 or Intel 3rd gen. Ci5



Answer:

If you are a hardcore gamer and love multemedia work then you can go for APU but i will recommend this also with 2GB graphics card it will be a bloody machine ;) go for it.


Question By: Jigyashu


<Since i am doing the self preparation for the CEH certification and don't have any work experience regarding information security. So, whether its necessary to have training at some accredited training center, and if needed then please list down the center and add additional information which you think is necessary.?



Answer:

We cannot comment on this bcz CEH is a white hand certification , as we have LCEH which is far more advance than CEH. 


Question By: Neeraj Kumar Gupta


After building server in beast 2.06 how can I attack on the victim's ip address?if possible, can u give some tutorial or screenshots to describe this more correctly?



Answer:

Here is a tutorial : www.youtube.com/watch?v=JpeYt0DP8Jw but use only for education purpose. 


Question By: MANOJ KUMAR


From where i can download mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe??? plez tell me i wanna hack passwords through my pendrive



Answer:

Its a very old attack you are trying, i wont suggest you to proceed bcz it works only on windows xp. but still if you want here you can learn www.youtube.com/watch?v=yTGGQGKHz2c


Question By: MUKUL SHARMA


Hello Sir,
I am commerce graduate, I want to make my carrier in computer networks, hacking. could you please guide me from where can i start? and what can i do first? I am interested in linux, ccna, ccnp also

Answer:It does not a issue if you are from computer background or not. but yea if you are it will be a add on. To start you can join our Summer or Winter training program on ethical hacking. http://www.lucideus.com/training/  and it will be great if you are interested in linux and other things. 

Question By: Manan Patel


I Want to make my career in Cyber Security...plz Help me



Answer:

Please join LCCSA www.lucideus.com/winter


Question By: Chaudhary Tarun A


What is post based sql injection how to use it?



Answer:

Here is a tutorial for you to understand Post SQL injection www.youtube.com/watch?v=b7CjWif1ELI


Question By: Raj Sharma