tag:blogger.com,1999:blog-24409176738926328552024-03-06T10:15:05.320+05:30Hack VirusThe Blog Content is only for educational purpose,I gathered all the essential hacking tutorial and news on single blog,where you can learn so many things based on Ethical Hacking.Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.comBlogger29125tag:blogger.com,1999:blog-2440917673892632855.post-3962474041068969812014-09-11T15:27:00.000+05:302014-09-15T16:32:04.602+05:30How to Install VMware in Windows<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; border: 0px none; font-family: Arial,Helvetica,sans-serif,'Bitstream Vera Sans'; font-size: 12px; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="font-family: Arial;"> Following
are general steps used to start the VMware Tools installation in most
VMware products. Certain guest operating systems may require different
steps, but these steps work for most operating systems. Links to more
detailed steps for different operating systems are included in this
article. Make sure to review the VMware</span><span style="font-family: Arial;"> </span><span style="color: black;">documentation<span style="font-family: Arial;"> </span><span style="font-family: Arial;">for the product you are using.</span></span></div>
<div style="background-color: white; border: 0px none; font-family: Arial,Helvetica,sans-serif,'Bitstream Vera Sans'; font-size: 12px; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="font-family: Arial;"> To install VMware Tools in most VMware products:</span></div>
<ol style="background-color: white; color: #666666; font-family: Arial, Helvetica, sans-serif, 'Bitstream Vera Sans'; font-size: 12px; margin-top: 5px;"><span style="color: black;">
</span>
<li><div style="border: 0px none; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: Arial;">Power on the virtual machine.</span></span></div>
</li>
<span style="color: black;">
</span>
<li><div style="border: 0px none; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: Arial;">Log in to the virtual machine using an account with Administrator or root privileges.</span></span></div>
</li>
<span style="color: black;">
</span>
<li><div style="border: 0px none; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: Arial;">Wait for the desktop to load and be ready.</span></span></div>
</li>
<span style="color: black;">
</span>
<li><div style="border: 0px none; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: Arial;">Click <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Install/Upgrade VMware Tools</b>. There are two places to find this option:</span></span></div>
<ul>
<li><div style="border: 0px none; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: Arial;">Right-click on the running virtual machine object and choose <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Install/Upgrade VMware Tools</b>.</span></span></div>
</li>
<li><div style="border: 0px none; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: Arial;">Right-click on the running virtual machine object and click <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Open Console</b>. In the Console menu click <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">VM</b> and click<b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Install/Upgrade VMware Tools</b>.<br /><br /><b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Note</b>: In ESX/ESXi 4.x, navigate to <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">VM</b> > <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Guest</b> > <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Install/Upgrade VMware Tools</b>.</span><span style="font-family: Arial;"> In Workstation, navigate to <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">VM > Install/Upgrade VMware Tools.</b></span></span></div>
</li>
</ul>
</li>
<span style="color: black;">
</span>
<li><div style="border: 0px none; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: Arial;">Based
on the operating system you specified when creating the virtual
machine, the correct ISO CD-ROM image containing VMware Tools is mounted
to the virtual CD-ROM of the virtual machine.<br /><br />To verify the operating system you have selected, perform one of the following:</span><span style="font-family: Arial;"><br /></span></span></div>
<span style="color: black;">
</span><ul><span style="color: black;">
</span>
<li><div style="border: 0px none; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: Arial;">Right-click the running virtual machine object and choose <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Edit Settings</b> > <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Options</b> > <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">General Options</b> > <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Guest Operating System</b> and <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Version</b>.</span></span></div>
</li>
<span style="color: black;">
</span>
<li><div style="border: 0px none; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: Arial;">Right-click the running virtual machine object and click <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Open Console</b>. In the Console menu click <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">VM</b> > <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Edit Settings</b> ><b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Options</b>> <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">General Options</b> > <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Guest Operating System</b> and <b style="border: 0px none; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Version</b>.</span></span><br />
<br />
<span style="color: black;"><span style="font-family: Arial;">Source: VMware India </span></span></div>
</li>
</ul>
</li>
</ol>
</div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-45937252456978922132014-09-11T15:25:00.000+05:302014-09-15T16:32:36.376+05:30How to Install OS in VMware & Troubleshooting <div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; border: 0px none; font-family: proxima-nova,Arial,sans-serif; font-size: 16px; line-height: 18px; margin-bottom: 18px; padding: 0px; vertical-align: baseline;">
<span style="color: #444444;">Windows
7 documentation covers information on how to install the operating
system in a virtual machine. For additional information about the
operating system, refer to the instructions included in the installation
media.</span></div>
<h2 style="background-color: white; border: 0px none; clear: none; font-family: proxima-nova,Arial,sans-serif; font-size: 22px; font-weight: normal; margin: 0px 0px 16px; padding: 0px; vertical-align: baseline;">
<span style="color: #444444;">
Installation Instructions</span></h2>
<div style="background-color: white; border: 0px none; font-family: proxima-nova,Arial,sans-serif; font-size: 16px; line-height: 18px; margin-bottom: 18px; padding: 0px; vertical-align: baseline;">
<span style="color: #444444;">You can install Windows 7 in a virtual machine using the corresponding Windows 7 distribution CD.</span></div>
<h3 style="background-color: white; border: 0px none; font-family: proxima-nova,Arial,sans-serif; font-size: 14px; margin: 0px 0px 14px; padding: 0px; vertical-align: baseline;">
<span style="color: #444444;">
Prerequisites</span></h3>
<div style="background-color: white; border: 0px none; font-family: proxima-nova,Arial,sans-serif; font-size: 16px; line-height: 18px; margin-bottom: 18px; padding: 0px; vertical-align: baseline;">
<span style="color: #444444;">Before you begin, verify that the following tasks are complete:</span></div>
<ul style="background-color: white; font-family: proxima-nova,Arial,sans-serif; font-size: 14px; padding-left: 20px;">
<li style="font-size: 16px; line-height: 14px; margin: 10px 0px;"><span style="color: #444444;">Read the Microsoft System Requirements for the recommended storage and memory values.</span></li>
<li style="font-size: 16px; line-height: 14px; margin: 10px 0px;"><span style="color: #444444;">Create
and configure a new virtual machine, with the appropriate virtual
storage and virtual memory to support the intended workload.</span></li>
</ul>
<h3 style="background-color: white; border: 0px none; font-family: proxima-nova,Arial,sans-serif; font-size: 14px; margin: 14px 0px; padding: 0px; vertical-align: baseline;">
<span style="color: #444444;">
Installation Steps</span></h3>
<ol style="background-color: white; font-family: proxima-nova,Arial,sans-serif; font-size: 14px; padding-left: 20px;">
<li style="font-size: 16px; line-height: 14px; margin: 10px 0px;"><span style="color: #444444;">Insert the Windows 7 CD or DVD in the CD-ROM drive.</span></li>
<li style="font-size: 16px; line-height: 14px; margin: 10px 0px;"><span style="color: #444444;">Turn on the virtual machine to begin installing Windows 7.</span></li>
<li style="font-size: 16px; line-height: 14px; margin: 10px 0px;"><span style="color: #444444;">(Optional) If you are using VMware Paravirtual as the default SCSI controller, you can install Windows 7 32-bit using the <tt>pvscsi-windows2003.flp</tt> driver and Windows 7 64-bit using the <tt>pvscsi-windows2008.flp</tt> driver.</span></li>
<li style="font-size: 16px; line-height: 14px; margin: 10px 0px;"><span style="color: #444444;">Follow the prompts to complete the installation.</span></li>
<li style="font-size: 16px; line-height: 14px; margin: 10px 0px;"><span style="color: #444444;">Install VMware Tools.</span></li>
<li style="font-size: 16px; line-height: 14px; margin: 10px 0px;"><span style="color: #444444;">(Optional)
On VMware Fusion, install Boot Camp drivers so that the guest operating
system can access hardware devices on the physical machine.<br />Windows 7 32-bit supports only Boot Camp 3 drivers and Windows 7 64-bit requires Boot Camp drivers to be installed individually.<br /><br />Done!!! <span style="font-family: Arial;"> </span></span></li>
</ol>
<span style="color: #444444;"><span style="font-family: Arial;">Source: VMware India</span></span></div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-33641873027224260542014-05-10T17:06:00.000+05:302014-05-10T17:07:34.366+05:30How to Hack Twitter Account<div dir="ltr" style="text-align: left;" trbidi="on">
<h3 class="post-title entry-title">
<br />
</h3>
In this article i'm going to show you how to hack a Twitter Username and Password using phishing.<br />
<br />
<a href="http://1.bp.blogspot.com/_F7GuXCzPQdY/S6qFlcqjQPI/AAAAAAAADgo/NK1GaQ6Wzuk/s1600/twitter+hack.png"><img alt="" border="0" src="http://1.bp.blogspot.com/_F7GuXCzPQdY/S6qFlcqjQPI/AAAAAAAADgo/NK1GaQ6Wzuk/s400/twitter+hack.png" id="BLOGGER_PHOTO_ID_5452317177281724658" style="cursor: pointer; display: block; height: 210px; margin: 0px auto 10px; text-align: center; width: 300px;" /></a><br />
Now
i know most of you already know what is phishing and how can it be
used, but for those who don't know here is a short explanation.<br />
It's
simply like this... Phishing site is a exactly same page of the normal
twitter login page. But when you enter your email and the password on
login field, phishing sites save those login details, then the owner of
the phishing site can login to your twitter account with your details
later! The only way to recognize a phishing site is reading the address
bar of the browser. It should be the normal twitter login URL. If you
see something like "www.newtwitter.com/login.php",
"www.twitterbeta.com/login.php", etc.<br />
<br />
<br />
<a href="http://4.bp.blogspot.com/_F7GuXCzPQdY/S6qEUC93JXI/AAAAAAAADgg/ECO7WapDMTU/s1600/twitter_site.png"><img alt="" border="0" src="http://4.bp.blogspot.com/_F7GuXCzPQdY/S6qEUC93JXI/AAAAAAAADgg/ECO7WapDMTU/s400/twitter_site.png" id="BLOGGER_PHOTO_ID_5452315778813994354" style="cursor: pointer; display: block; height: 223px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a><br />
Now before we start Please Note: <span style="font-weight: bold;">Phishing is legally offensive. I am not responsible for any action done by you.</span><br />
<br />
<span style="font-size: 130%;"><span style="font-weight: bold;">How to Hack Twitter Account Password?</span></span><br />
<br />
1. First of all download Twitter Phishing files* from google or you may create your own fake twitter page .<br />
for files contact via email ...* due to security reasons files are not uploaded...<br />
<br />
2. The downloaded file contains:<br />
<ul>
<li>twitter.html</li>
<li>twitter.php</li>
<li>password.txt</li>
</ul>
3. Upload all of the files to any free webhost site like:<br />
<ul>
<li><a href="http://www.yourfreehosting.net/">www.yourfreehosting.net</a></li>
<li><a href="http://www.esmartstart.com/">www.esmartstart.com</a></li>
<li><a href="http://www.110mb.com/">www.110mb.com</a></li>
<li><a href="http://www.drivehq.com/">www.drivehq.com</a></li>
<li><a href="http://www.t35.com/">www.t35.com</a></li>
</ul>
4.
Once you have uploaded the files in the directory, send this phisher
link (twitter.html) to your victim and make him login to his Twitter
account using your sent Phisher.<br />
<br />
5. Once he logs in to his Twitter account using Phisher, all his typed Twitter id and password is stored in "password.txt".<br />
<br />
<a href="http://1.bp.blogspot.com/_F7GuXCzPQdY/S6qC3Wb3pvI/AAAAAAAADgQ/5wkKtU_-_LQ/s1600/twitter.png"><img alt="" border="0" src="http://1.bp.blogspot.com/_F7GuXCzPQdY/S6qC3Wb3pvI/AAAAAAAADgQ/5wkKtU_-_LQ/s400/twitter.png" id="BLOGGER_PHOTO_ID_5452314186312296178" style="cursor: pointer; display: block; height: 82px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a><br />
6. Now, open password.txt to get hacked Twitter id and password as shown.<br />
<br />
<a href="http://2.bp.blogspot.com/_F7GuXCzPQdY/S6qDM-luyjI/AAAAAAAADgY/7TR26f6d-X4/s1600/pass.png"><img alt="" border="0" src="http://2.bp.blogspot.com/_F7GuXCzPQdY/S6qDM-luyjI/AAAAAAAADgY/7TR26f6d-X4/s400/pass.png" id="BLOGGER_PHOTO_ID_5452314557868329522" style="cursor: pointer; display: block; height: 135px; margin: 0px auto 10px; text-align: center; width: 239px;" /></a><br />
That's all. Simple, but effectively... Cheers
<br />
<br />
Do you have questions, comments, or suggestions? Feel free to post a comment!
</div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-85636018136778211672014-05-06T14:29:00.000+05:302014-09-25T13:25:48.788+05:30 How to Hack Wi-Fi: Creating an Evil Twin Wireless Access Point<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<header>
<h1 class="bb-dark" itemprop="name">
<span style="font-size: small;">Our first task will be to creating an <strong>evil twin access point</strong>. Many new hackers are anxious to crack Wi-Fi passwords
to gain some free bandwidth (don't worry, we'll get to that), but there
are so many other Wi-Fi hacks that are far more powerful and put so
much more at risk than a bit of bandwidth.</span></h1>
</header>
<section>
<h2 class="sectionHeadline">
What's an Evil Twin AP?</h2>
The evil twin AP is an access point that looks and acts just like a legitimate AP and entices the end-user to connect to <em>our</em> access point. Our aircrack-ng suite has a tool, <strong>airbase-ng</strong>, that can be used to convert our wireless adapter
into an access point. This is a powerful client-side hack that will
enable us to see all of the traffic from the client and conduct a
man-in-the middle attack.</section><section>
<h2 class="step">
Step 1: Start Airmon-Ng</h2>
First , we need to check whether our wireless card is operational.<br />
<ul>
<li><strong>bt > iwconfig</strong></li>
</ul>
<figure class="whtGallery" id="58839300docPartGal880029" role="group"><div class="gallery-layout" style="height: 301px; overflow: visible;">
<div class="gallery-layout-container">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img.wonderhowto.com/img/original/07/97/63509756626252/0/635097566262520797.jpg" rel="nofollow" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/07/97/63509756626252/0/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data.w654.jpg" style="height: 301px; margin-left: 0px; max-width: 532px; width: auto;" /></a></div>
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"></figure></div>
</div>
</figure> As
we can see, our wireless card is operational and has been assigned
wlan0. Our next step is to put our wireless card into monitor or
promiscuous mode. We can do this simply by:<br />
<ul>
<li><strong>bt >airmon-ng start wlan0</strong></li>
</ul>
<figure class="whtGallery" id="31475177docPartGal880031" role="group"><div class="gallery-layout" style="height: 300px; overflow: visible;">
<div class="gallery-layout-container">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img.wonderhowto.com/img/original/09/97/63509756637640/0/635097566376400997.jpg" rel="nofollow" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/09/97/63509756637640/0/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data.w654.jpg" style="height: 300px; margin-left: 0px; max-width: 532px; width: auto;" /></a></div>
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"></figure></div>
</div>
</figure> Airmon-ng
has put our wireless into monitor mode and renamed it to mon0. Now our
wireless card is capable of seeing all the wireless traffic.</section>
<section>
<h2 class="step">
Step 2: Start Airdump-Ng</h2>
Our next step is to begin capturing traffic on our wireless card. We do this by typing:<br />
<ul>
<li><strong>bt > airodump-ng mon0</strong></li>
</ul>
<figure class="whtGallery" id="57571674docPartGal880033" role="group"><div class="gallery-layout" style="height: 300px; overflow: visible;">
<div class="gallery-layout-container">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img.wonderhowto.com/img/original/25/39/63509756725468/0/635097567254682539.jpg" rel="nofollow" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/25/39/63509756725468/0/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data.w654.jpg" style="height: 300px; margin-left: 0px; max-width: 532px; width: auto;" /></a></div>
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"></figure></div>
</div>
</figure> We
can see all the wireless access points in our range along with all
their vital statistics. The neighbor that we suspect of downloading and
selling child porn is on an AP with the SSID "Elroy."<br />
If we do
everything right, we can clone his AP and get him to connect to our evil
twin. When he does that, we'll be able to see all of his traffic, as
well as potentially inserting our own packets/messages/code into his
computer.</section>
<section>
<h2 class="step">
Step 3: Wait for the Suspect to Connect</h2>
Now we
just wait for the suspect to connect to his wireless access point. When
he does, it will appear in the lower part of the airodump-ng screen.</section>
<section>
<h2 class="step">
Step 4: Create a New AP with Same SSID & MAC Address</h2>
Once
he has connected to his AP, we can use airbase-ng to create a fake, or
evil twin, of his AP. We can do this by opening a new terminal and
typing:<br />
<ul>
<li><strong>bt > airbase-ng -a 00:09:5B:6F:64:1E --essid "Elroy" -c 11 mon0</strong></li>
</ul>
<figure class="whtGallery" id="31399842docPartGal880035" role="group"><div class="gallery-layout" style="height: 300px; overflow: visible;">
<div class="gallery-layout-container">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img.wonderhowto.com/img/original/67/42/63509756736996/0/635097567369966742.jpg" rel="nofollow" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/67/42/63509756736996/0/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data.w654.jpg" style="height: 300px; margin-left: 0px; max-width: 532px; width: auto;" /></a></div>
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"></figure></div>
</div>
</figure> Where <em>00:09:5B:6F:64:1E</em> is the BSSID, <em>Elroy</em> is the SSID, and -<em>c 11</em> is the channel of the suspect's AP.</section>
<section>
<h2 class="step">
Step 5: Deauthentication or Bumping Him Off</h2>
Our next step is to bump the "neighbor" off
his access point. The 802.11 standard has a special frame called
deauthentication that, as you might expect, deauthenticates everyone on
the access point. When his computer tries to re-authenticate, he will
automatically reconnect to the strongest AP with the ESSID of "Elroy."<br />
We can do this by using aireplay-ng with the deauth packet:<br />
<ul>
<li><strong>bt > aireplay-ng --deauth 0 -a 00:09:5B:6F:1E</strong></li>
</ul>
Note
that we once again used his BSSID in the aireplay-ng command. If our
signal is stronger than his own AP, he will automatically reconnect to
our evil twin!</section>
<section>
<h2 class="step">
Step 6: Turn Up the Power!</h2>
The crucial link in
the evil twin hack is to make certain that our fake AP is closer or
stronger than the original or authentic AP. This could be a critical
weakness when physical access is unavailable. In airports and other
public places, this is no problem, but in our scenario here, we don't
have physical access and it's very likely that his AP is closer and
stronger than ours. Don't let this deter us!<br />
First, we can turn up
the power on our access point in attempt to be stronger than his. Even
next door, this may work as most access points automatically
down-regulate their power to the minimum necessary to maintain a
connection to its clients. We can boost our AP to maximum power by
typing;<br />
<ul>
<li><strong>iwconfig wlan0 txpower 27</strong></li>
</ul>
This command will boost our power output to the maximum legally allowable in the United States, 27 dBm or 500 milliwatts.<br />
In
some cases, even boosting power to 500 mWs may prove to be inadequate.
If we try to turn up the power to the maximum on our Alfa wireless
cards—1,000 mWs or 30 dBm—we get the error message below (some of the
newer cards can actually transmit at 2,000 mWs or four times what is
legally allowable in the U.S.).<br />
<ul>
<li><strong>iwconfig wlan0 txpower 30</strong></li>
</ul>
<figure class="whtGallery" id="53578890docPartGal880037" role="group"><div class="gallery-layout" style="height: 300px; overflow: visible;">
<div class="gallery-layout-container">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img.wonderhowto.com/img/original/29/42/63509756748400/0/635097567484002942.jpg" rel="nofollow" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/29/42/63509756748400/0/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data.w654.jpg" style="height: 300px; margin-left: 0px; max-width: 532px; width: auto;" /></a></div>
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"></figure></div>
</div>
</figure> <strong>Note:
This next step is illegal in the U.S., so be careful using it unless
you have specific permission or are a member of law enforcement.</strong><br />
Every
nation has its own set of Wi-Fi regulations. Some allow more power and
more channels than the U.S. For instance, Bolivia allows the use of
channel 12 and a full 1,000 mWs of power. We can get our Alfa card to
use Bolivian regulations by simply typing:<br />
<ul>
<li><strong>iw reg set BO</strong></li>
</ul>
Now that we are in Bolivian regulatory domain, we can boost our power to its maximum by typing:<br />
<ul>
<li><strong>iwconfig wlan0 txpower 30</strong></li>
</ul>
<figure class="whtGallery" id="21108926docPartGal880039" role="group"><div class="gallery-layout" style="height: 299px; overflow: visible;">
<div class="gallery-layout-container">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img.wonderhowto.com/img/original/51/32/63509756759195/0/635097567591955132.jpg" rel="nofollow" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/51/32/63509756759195/0/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data.w654.jpg" style="height: 299px; margin-left: 0px; max-width: 532px; width: auto;" /></a></div>
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"></figure></div>
</div>
</figure> Check output power by typing:<br />
<ul>
<li><strong>iwconfig</strong></li>
</ul>
<figure class="whtGallery" id="45031292docPartGal880041" role="group"><div class="gallery-layout" style="height: 299px; overflow: visible;">
<div class="gallery-layout-container">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img.wonderhowto.com/img/original/53/28/63509756770349/0/635097567703495328.jpg" rel="nofollow" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/53/28/63509756770349/0/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data.w654.jpg" style="height: 299px; margin-left: 0px; max-width: 532px; width: auto;" /></a></div>
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"></figure></div>
</div>
</figure> And
we can now see at the end of the second line that our power is now up
to 30 dBm or 1000 milliwatts, enough to overwhelm all the other local
access points even from several houses away!</section>
<section>
<h2 class="sectionHeadline">
The Evil Twin Is Now Working</h2>
Now that we have our neighbor connected to our AP, we can take the next steps toward detecting his activity.<br />
We can use software like Ettercap
to conduct a man-in-the middle attack. This way, we can intercept,
analyze, and even inject traffic to this user. In other words, because
he has connected to our AP, we have almost total access to his data both
coming and going. If he really is downloading or selling child porn, we
can intercept it.<br />
We also should be able to intercept email and passwords to other applications and networks. We could even inject a meterpreter or other listener into his system for further access and control.</section></div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-54951960861133804272014-05-04T13:44:00.000+05:302014-05-04T13:44:12.463+05:30How to Hack WiFi(Password) on Backtrack 5 R3<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
</div>
<br />
<span style="font-family: Times,"Times New Roman",serif;"><span style="font-size: small;"><b>Fern</b>-WiFi-Cracker is a Wireless Penetration Testing Tool written in <span class="skimlinks-unlinked">python.It</span>
provides a GUI for cracking wireless networks. Fern Wi-fi cracker
automatically run aireplay-ng, airodump-ng and aircrack-ng when you
execute Fern-WiFi-Cracker. They are run separately but Fern-WiFi-Cracker
uses the aircrack-ng suite of tools. You can use Fern-WiFi-Cracker
for Session Hijacking or locate geolocation of a particular system
based on its Mac address. Before using Fern-WiFi-Cracker make sure that
your <strong>wireless card supports packet injection.</strong></span></span><br />
<span style="font-family: Times,"Times New Roman",serif;"><span style="font-size: small;">
</span></span><span style="font-family: Times,"Times New Roman",serif;"><span style="font-size: small;"><span id="more-650"></span></span></span><br />
<span style="font-family: Times,"Times New Roman",serif;"><span style="font-size: small;">
</span></span><br />
You can open Fern-WiFi-Cracker with go to<br />
<b><i>Backtrack >> Exploitation Tools >> Wireless exploitation tools >> WLAN exploitation >> Fern-WiFi-Cracker</i></b><br />
<br />
<br />
The above steps are show in blew fig.<br />
<br />
<img alt="Fern WiFi Cracker" class="size-full wp-image-651 aligncenter" height="465" src="http://hackithaveit.files.wordpress.com/2013/06/fern-wifi-cracker.jpg?w=620&h=465" width="620" /><br />
<br />
<br />
Then select your wireless interface.<br />
<br />
<img alt="Fern WiFi Cracker 2" class="size-full wp-image-652 aligncenter" height="465" src="http://hackithaveit.files.wordpress.com/2013/06/fern-wifi-cracker-2.jpg?w=620&h=465" width="620" /><br />
<br />
<br />
Click the Wi-Fi logo button on the top and it will start the network
scanning. You can set setting by double click in the application window.<br />
<br />
<img alt="Fern WiFi Cracker 3" class="size-full wp-image-653 aligncenter" height="465" src="http://hackithaveit.files.wordpress.com/2013/06/fern-wifi-cracker-3.jpg?w=620&h=465" width="620" /><br />
<br />
<br />
After scanning you will see active button of WiFi WEP cracking or WPA
cracking. Because the available of WiFi is WEP click the button.<br />
<br />
<img alt="Fern WiFi Cracker 4" class="size-full wp-image-654 aligncenter" height="465" src="http://hackithaveit.files.wordpress.com/2013/06/fern-wifi-cracker-4.jpg?w=620&h=465" width="620" /><br />
<br />
<br />
New dialog box will open. Set the setting with select the WEP
network from the list and select the type of attack. After you complete
set the setting now launch the attack with click the Attack button.<br />
<br />
<img alt="Fern WiFi Cracker 5" class="size-full wp-image-655 aligncenter" height="465" src="http://hackithaveit.files.wordpress.com/2013/06/fern-wifi-cracker-5.jpg?w=620&h=465" width="620" /><br />
<br />
<br />
Wait until the progress bar 100% complete and after it’s complete the
Fern WiFi Cracker will starts aircrack for cracking wifi password.<br />
<br />
<img alt="Fern WiFi Cracker 6" class="size-full wp-image-656 aligncenter" height="465" src="http://hackithaveit.files.wordpress.com/2013/06/fern-wifi-cracker-6.jpg?w=620&h=465" width="620" /><br />
<br />
<br />
Password will be shown in the button of window.<br />
<b>Done,Enjoy !!!! </b></div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-52890239915764213282014-02-22T15:10:00.002+05:302014-02-22T15:10:55.134+05:30How To Hack WhatsApp using Sniffers<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 class="separator" style="clear: both; text-align: left;">
<u>Three Ways to hack WhatsApp </u></h2>
<div class="separator" style="clear: both; text-align: left;">
WhatsAppSniffer is a tool for root terminals to read WhatsApp
conversations of a WIFI network (Open, WEP, WPA/WPA2). It captures the
conversations, pictures / videos and coordinates that aresent
or received by an Android phone, iPhone or Nokia on the same WIFI
network. It has not been tested with W indows Phone terminals. It can’t
read the messages written or received by the BlackBerry’s, as they
use their own servers and not WhatsApp’s.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div>
This application is
designed to demonstrate that the security of
WhatsApp’s communications is null. WhatsAppSniffer just use the TCPDump
program which reads all the WIFI network packets and filters those which
has origin or destination WhatsApp’s servers. All messages are in plain
text, so it does not decrypt anything, complying fully with the legal
terms of WhatsApp (3.C: “While we do not disallow the use of sniffers
Such as Ethereal, tcpdump or HttpWatch in general, Any we do going
efforts to disallow reverse-engineer our system, our protocols, or
explore outside the boundaries of the ordinary requests made by clients
WhatsApp …. “)<br /> For WPA/WPA2 encrypted networks, if uses the tool ARPSpoof (optional). <h4>
Requirements</h4>
<ol>
<li>A <a href="http://en.wikipedia.org/wiki/Android_rooting" rel="nofollow" target="_blank">Rooted Android Device</a>.</li>
<li>Your Victim Should Use Same Wi-Fi Through Which you are connected.</li>
<li><a href="https://www.dropbox.com/s/007var5gl52apnn/WhatsAppSniffer%20Donate%20%E2%98%85%20root%20v1.03%20%7E%20Go%21%20H4X.apk" rel="nofollow" target="_blank">WhatsAppSniffer Donate ★ root v1.03</a>.</li>
</ol>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT3zcJatizNND_PqFL5CaiVv-nfUn6R6dDcviAWrYvaU9WKVNTu6JDqZ8Ul-lv4cABoGJhWlm8O7cJIzMInYXhXVFrbbwSJnXdrEOV8PsJVojGhmu-9sjpaMmg4czoFH8H8d00CRWu8ZM/s1600/a.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT3zcJatizNND_PqFL5CaiVv-nfUn6R6dDcviAWrYvaU9WKVNTu6JDqZ8Ul-lv4cABoGJhWlm8O7cJIzMInYXhXVFrbbwSJnXdrEOV8PsJVojGhmu-9sjpaMmg4czoFH8H8d00CRWu8ZM/s1600/a.jpg" /></a></div>
<br />
<h2>
2. Decrypting Conversations</h2>
<div>
have
your victim locked his whatsapp? or you want all his conversation on
your PC. Generally for security reasons WhatsApp encrypt Conversation
while taking backup in SD Card or Phone Memory.But i have found a tool
on XDA that claims to decrypt all the whatsapp conversation down to your
PC.</div>
<div>
If you have some access over his device you
can also send files from Bluetooth to your device and later read all the
conversations.</div>
<div>
This tool is called <a href="http://forum.xda-developers.com/showthread.php?t=1583021" rel="nofollow" target="_blank">WhatsApp Xtract</a> and for this all credits goes to <a href="http://forum.xda-developers.com/member.php?u=3594618" rel="nofollow" target="_blank">ztedd</a></div>
<div>
Some general advice on how to backup Whatsapp and get the database file:</div>
<h4>
Android</h4>
<div>
- In Whatsapp go to settings – more – Backup Chats<br /> - Copy the folder “Whatsapp” on the SD card to your backup location (e.g., PC)<br />
- (ideally also) use the app Titanium Backup to backup the full
whatsapp application together with its data, copy the backup from the
folder “TitaniumBackup” on the SD card to your backup location (e.g.,
PC)<br /> - Use this tool Whatsapp Backup Extractor (download in this
thread) to show the chats in a friendly readable format. The necessary
files “wa.db” and “msgstore.db” you will find inside the Titanium Backup
archive “com.whatsapp-[Date]-[some digits].tar.gz”, alternatively
(without Titanium Backup) you can use the msgstore.db.crypt file from
the folder Whatsapp/Databases on the SD card.</div>
<h4>
iPhone</h4>
<div>
- use Itunes to create an <em>unencrypted</em> Backup<br />
- use an Iphone Backup Tool to get the file
net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite, e.g. I-Twin or
Iphone Backup Extractor. Make sure to create an unencrypted backup with
Itunes, as these tools can’t handle encrypted backups. Another
possibility are forensic tools like UFED Physical Analyzer.)</div>
<h4>
Blackberry</h4>
<div>
- sync your blackberry with desktop manager and then copy the messagestore.db file from SD<br /> - however, it seems that this file is encrypted? Currently we don’t know how to get the unencrypted messagestore.db file<br /> - Blackberry not supported yet!</div>
<h4>
Nokia</h4>
<div>
- not known yet<br /> - Nokia not supported yet!</div>
</div>
<div>
For Further Detail about this Method you can move to <a href="http://forum.xda-developers.com/showthread.php?t=1583021" rel="nofollow" target="_blank">this Forum of XDA</a>.</div>
<h2>
3. Using Spywares</h2>
<div>
Using
3rd Party Spywares can be very useful for spying not only WhatsApp
Conversation but also many things like, you can able to Track GPS
Location, you can capture the lock screen passwords and they can be also
used for monitoring Websites. there are many spywares in the market but
i recommend is <a href="http://www.bosspy.com/" rel="nofollow" target="_blank">BOSSPY</a>. Because it’s free <img alt=":)" class="wp-smiley" height="15" src="http://i2.wp.com/www.plusdroid.com/Blogandnews/wp-includes/images/smilies/icon_smile.gif?w=584" width="15" /> </div>
<h2>
Misconceptions about WhatsApp hacking</h2>
I have received a number of E-Mail Most of them were asking for help
for hacking their partner’s WhatsApp and I have replied them all. but
lots of people were having misconceptions about whatsapp hacking so let
me discuss over here. <ol>
<li>Hacking WhatsApp is
Much Harder than Hacking Facebook and Twitter as Facebook and Twitter
can be Hacked using Social Engeenering Techniques like Phising and many
others when we compare to hack someones WhatsApp Account and Gain Full
Access over his Account – It is nearly Impossible.</li>
<li>There is no
tool that can hack whatsapp and give you a full access over someone’s
whatsapp account. Yes, there are Lot’s of Youtube Video’s ,Websites
Filled with “WhatsApp Hack Tool” which claim that they can but the
reality is they can’t.</li>
</ol>
<br />
<br />
* This article is for educational purposes only. we are not responsible for actions of any individual</div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-36852488686311126862013-10-06T03:32:00.001+05:302014-01-06T13:09:37.064+05:30How to Show/Hide Files using Command Prompt<div dir="ltr" style="text-align: left;" trbidi="on">
This Trick will help you to show/hide files & folders using command prompt.<br />
This trick is not similar to hiding files from folder options area which is not that secured compared to this.<br />
Only you can make it visible if you know the file name or folder name.<br />
It is useful when you want to see some system folders and files because these type of operations can't be possible by general method.<br />
And if your PC is virus infected,in that case this command will help you to find and that delete virus containing file and often we see sometimes we stored some data in PEN DRIVE but when we open explore PD the data is not visible and we think that maybe file is deleted and but when check space in PD,some space is covered because the file or folder is hidden due to virus or may be due to other reason.<br />
so Just try it out.Only a two step process.<br />
<span style="font-weight: bold;"><span style="font-weight: bold;"></span> </span><br />
<ol style="text-align: left;">
<li>
<span style="color: #cfe2f3;"><span style="font-weight: bold;">Press windowkey+R: Run command dialog box appears. or go to start and click run. <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv4GJmP9QhyphenhyphenTihvSuehLO3hFfcwUjmj2sZ50BjRT7t2MzCqQbVtv2rVKrgmkPDj6UNuBIwbGuZWGfTdv-54v0M8aV7ioh3pbIpgiSeE7mwRZDcPmxifBeMKlCkExMQ9jt438T8G1KXLmQ/s1600/1.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv4GJmP9QhyphenhyphenTihvSuehLO3hFfcwUjmj2sZ50BjRT7t2MzCqQbVtv2rVKrgmkPDj6UNuBIwbGuZWGfTdv-54v0M8aV7ioh3pbIpgiSeE7mwRZDcPmxifBeMKlCkExMQ9jt438T8G1KXLmQ/s1600/1.gif" /></a></div>
</span></span></li>
<li><span style="color: #cfe2f3;"><span style="font-weight: bold;">
Now type "cmd" and hit enter. A command prompt window displays.</span></span></li>
<li><span style="color: #cfe2f3;"><span style="font-weight: bold;">
Now type attrib +s +h E:\myfolder and hit enter.<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdndeFXJW7yupzgOWsz312mN9AapmY2-CAnpJlFr1UymEnxWF3VUKKPFVpozt3kFg60fxoMRz-mhsmvMjcK3UmVhVa0C_keNHYpSiuTpF2U618xQzSQ88RrYYLDmKSD3A1cUauko2oW9o/s1600/2.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdndeFXJW7yupzgOWsz312mN9AapmY2-CAnpJlFr1UymEnxWF3VUKKPFVpozt3kFg60fxoMRz-mhsmvMjcK3UmVhVa0C_keNHYpSiuTpF2U618xQzSQ88RrYYLDmKSD3A1cUauko2oW9o/s1600/2.gif" height="200" width="400" /></a></div>
</span></span></li>
<li><span style="color: #cfe2f3;"><span style="font-weight: bold;">
The folder "myfolder" will be hidden which cannot be viewed by any search options.</span></span></li>
<li><span style="color: #cfe2f3;"><span style="font-weight: bold;"> To view this folder again, use the same command but replace '+' with '-' on both flags 's' and 'h'<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjicGj_Nbb7NYKBKRzjRNVXgFz-p8nGiWc_VDZho989R41R2_atXjkqvO_MyRBFpqNS5t4AadQKsRT6nNiq47cz3WS2jpGo1J9CvVtfeFlmZPYS9Ed5ijKERb0nz8YmdZILrHHNC46PD7o/s1600/3.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjicGj_Nbb7NYKBKRzjRNVXgFz-p8nGiWc_VDZho989R41R2_atXjkqvO_MyRBFpqNS5t4AadQKsRT6nNiq47cz3WS2jpGo1J9CvVtfeFlmZPYS9Ed5ijKERb0nz8YmdZILrHHNC46PD7o/s1600/3.gif" height="201" width="400" /></a></div>
</span></span></li>
</ol>
</div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-28400829472281758752013-05-10T15:52:00.000+05:302013-05-10T15:52:55.418+05:30Transparent Proxies in Squid<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<span style="color: #666666;">With, the extremely uncontrollable growth in the number of Hackers, not only system administrators of servers have to worry about the security of their system, but even if you are running a standalone PPP Linux box, you simply cannot afford to ignore your system's security.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">If your system is the main server which communicates with the external untrusted network called the Internet, or even if you simply use your linux box to connect to your ISP and surf the net through PPP, then you should definitely think about installing a firewall on your system.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">The preferable and the best option in this case is to install a commercial firewall. However, this option is not always possible and is more often than not unnecesarry. Buying, installing and configuring a good commercial firewall is not only expensive but most beginners find it pretty formidable. OK, I do not want to go through the hassle of a commercial firewall, what do I do? Well, 'ipchains' hold the key for you.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">The Firewalling code in the Linux Kernel chnaged considerably after the release of Kernel 2.2. Since then, a lot of new utilites and features have been added. Amongst these improvements, is a kewl feature called 'ipchains', which is primariarly used for configuring the firewalling rules and other such related details.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">*************************</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">HACKING TRUTH: The usage of ipchains is very much similiar to that of ipfwadm. For more information(like,help on setting rules.) refer to the wrapper script:</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"> /sbin/ipfwadm_wrapper</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">**************************</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Anyway, in this manual, we will learn about how to use ipchains to configure a transparent proxy on your linux box.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">So what exactly is a transparent proxy?</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Well, a transparent proxy is basically something which fools the client (who connect to the server running the</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">transparent proxy) into believing that they are directly connected to the web server (and not through a proxy.). OK, I am sorry, that is not exactly the correct way to describe it. ;-) Read on for a better description.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Well, a transparent proxy works in the following manner: It listens to a specific port (like the HTTP port i.e. 80) for any connections. As soon as it gets a request for a connection (in this case a HTTP request for a file.) then it redirects the user i.e. connection to another port on the same machine. Now this new port to which the connection is transferred is actually running a Proxy.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">So, in affect what happens is, the client i.e. the user who connects to the server where the transparent proxy installed, assumes that it is directly connected and is communicating with the HTTP daemon. However, the truth of the matter is that all communication is being carried out via the proxy running on the server. All this would be clearer when you see the below picture of what happens:</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Client --------> Server(Port 80 or HTTP)</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;">The rules of the ipchains transfers client to the port where the proxy is running. So, now the communication takes place in the following manner:</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Transparent proxies with Squid By Ankit fadia hackingtruths.box.sk Proxy Servers</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Client --------> Server(Port of Proxy) --------> Server (Port 80 or HTTP)</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;">So, the connection to Port 80 is indirect, however the client has little idea about it.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Now, that you know the working of transparent proxies, let us get down to configuring them on your machine.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">However, before we get down to the actual process, you need to check whether this is possible on you system or not.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Simply look for the file:</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;"> /proct/net/ip_fwchains</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;">If you have this file, then well and good, else you will have to recompile your Kernel. However, I am sure almost 98% of you would definitely have this file.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">NOTE: In this case, we will be transferring all connections from Port 80 to Port 8080 where Squid runs by default.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">You could always transfer connections to any proxy port of your choice, by changing the revelant parts. I have taken up Squid, as it is the most common one.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Firstly, in order to transfer all connections from Port 80 to Port 8080, add the following lines to your startup script, so that they are executed each time you boot up.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Note: The server IP is xxx.xx.xx.xx</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;">ipchains -A input -p TCP -d 127.0.0.1/32 www-j ACCEPT</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">ipchains -A input -p TCP -d xxx.xx.xx.xx/32 www-j ACCEPT</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">ipchains -A input -p TCP -d 0/0 www-j REDIRECT 8080</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">NOTE: If you are using ipfwadm, then add the following lines to the startup script:</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">ipfwadm -I -a-a -P tcp-s any/0 -D 127.0.0.1</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">ipfwadm -I -a-a -P tcp-s any/0 -D xxx.xx.xx.xx</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">ipfwadm -I -a-a -P tcp-s any/0 -D any/0 80 -r 8080</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Once this is done, then configure Squid by following the below process. Please note that you need atleast Squid 2.x to be able to make use of Transparent Proxies. Anyway, to configure Squid, edit the, /etc/squid/squid.conf file and</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">make the following changes:</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;">httpd_accel_host virtual</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">httpd_accel_port 80</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">httpd_accel_with_proxy on</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">httpd_accel_uses_host_header on</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"><br /></span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Then,restart Squid by typing:</span></div>
<div style="text-align: justify;">
<span style="color: #666666;"> /etc/rc.d/init.d/squid.init restart</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Linux Users: I also suggest you compile and execute the following C program. It is simply great and allows you to configure or control Firewall rules etc.</span></div>
<div style="text-align: justify;">
<span style="color: #666666;">Yup, your transparent proxy is configured and running!!!</span></div>
</div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-35272461418002581172013-04-21T15:08:00.000+05:302013-05-08T15:50:20.732+05:30Kali Linux offers new brand of pen-testing tools<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="byline space-1 s-11 c-4" style="background-color: white; border: 0px; color: #778596; font-family: 'Helvetica Neue', Helvetica, sans-serif; font-size: 0.93em !important; line-height: 1.43em; margin-bottom: 10px !important; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px; vertical-align: baseline;">
<div class="author" style="border: 0px; font-family: inherit; font-size: 13px; font-style: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">
By Selena Frye</div>
<div class="date" style="border: 0px; font-family: inherit; font-size: 13px; font-style: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="font-size: 14px; line-height: 19px;"><br /></span>
<span style="font-size: 14px; line-height: 19px;">BackTrack Linux no more. The popular open source package of penetration testing tools now has a new platform and a new name.</span></div>
</div>
<br />
<article style="background-color: white; color: #37414b; font-family: 'Helvetica Neue', Helvetica, sans-serif; font-size: 14px; line-height: 19px;"><div class="separator" style="clear: both; text-align: center;">
<a href="http://i.techrepublic.com.com/blogs/kali-home-large-slider2.jpg" style="border: 0px; color: #003399; cursor: pointer; font-family: inherit; font-style: inherit; margin-left: 1em; margin-right: 1em; margin-top: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;"><img alt="" class="size-full wp-image-4267 alignleft" src="http://i.techrepublic.com.com/blogs/kali-home-large-slider2.jpg" style="border: none; float: left; font-family: inherit; font-style: inherit; margin: 15px 15px 15px 0px !important; padding: 0px; vertical-align: baseline;" title="kali-home-large-slider2" /></a></div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 15px; padding: 0px; vertical-align: baseline;">
BackTrack Linux, a specialized distribution of penetration testing tools, has long been a favorite of security specialists and IT pros. It is often a tool recommended in TechRepublic discussions and in <a href="http://www.techrepublic.com/blog/opensource/six-ways-to-use-linux-live-cds-in-your-business/3054" style="border: 0px; color: #003399; cursor: pointer; font-family: inherit; font-style: inherit; margin: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">round-ups of open source tools</a> for IT pros. The creators of BackTrack recently announced that in lieu of a new version, they have instead built a <a href="http://www.kali.org/news/birth-of-kali/" style="border: 0px; color: #003399; cursor: pointer; font-family: inherit; font-style: inherit; margin: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">brand new distribution called Kali Linux</a> that fulfills the same general purpose.</div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 15px; padding: 0px; vertical-align: baseline;">
Writing five days after its initial release, the Kali team reported <a href="http://www.kali.org/kali-monday/kali-linux-release-aftermath/" style="border: 0px; color: #003399; cursor: pointer; font-family: inherit; font-style: inherit; margin: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">over 90,000 downloads</a> and had already added more documentation and even an early bugfix. But what exactly is new in Kali and why did they scrap BackTrack and start all over? After putting together a wishlist of what they wanted in the next version of BackTrack, the developers realized they were looking at major changes:</div>
<blockquote style="border-left-color: rgb(232, 232, 232); border-left-style: solid; border-width: 0px 0px 0px 1px; color: #7f868c; font-family: inherit; font-style: inherit; margin: 0px 0px 10px; padding: 0px 0px 0px 10px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 15px; padding: 0px; vertical-align: baseline;">
We realized it would be easier to start afresh, using new technologies and processes than to try to patch up our existing environment to conform to Debian policies and standards.</div>
</blockquote>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 15px; padding: 0px; vertical-align: baseline;">
So the first <a href="http://www.kali.org/news/kali-linux-whats-new/" style="border: 0px; color: #003399; cursor: pointer; font-family: inherit; font-style: inherit; margin: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">big change was platform</a> — from Ubuntu to Debian. Debian-compliant packages and Filesystem Hierarchy Standard (FHS) compliance were two things that fed into this decision: “What this means is that instead of having to navigate through the <strong>/pentest</strong> tree, you will be able to call any tool from anywhere on the system as every application is included in the system path.”</div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 15px; padding: 0px; vertical-align: baseline;">
Here are some of the highlights of Kali:</div>
<ul style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px 0px 15px; padding: 0px 0px 0px 20px; vertical-align: baseline;">
<li style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px 0px 5px; padding: 0px; vertical-align: baseline;">More than 300 penetration testing tools included</li>
<li style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px 0px 5px; padding: 0px; vertical-align: baseline;">Still funded by <a href="https://www.offensive-security.com/" style="border: 0px; color: #003399; cursor: pointer; font-family: inherit; font-style: inherit; margin: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">Offensive Security</a></li>
<li style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px 0px 5px; padding: 0px; vertical-align: baseline;">ARMEL and ARMHF support, including for these arm devices: rk3306 mk/ss808, Raspberry Pi, ODROID U2/X2, and Samsung Chromebook</li>
<li style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px 0px 5px; padding: 0px; vertical-align: baseline;">Fully customizable</li>
<li style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px 0px 5px; padding: 0px; vertical-align: baseline;">Multilingual support</li>
<li style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px 0px 5px; padding: 0px; vertical-align: baseline;">Still free!</li>
</ul>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 15px; padding: 0px; vertical-align: baseline;">
Here is a <a href="http://docs.kali.org/downloading/download-official-kali-linux-images" style="border: 0px; color: #003399; cursor: pointer; font-family: inherit; font-style: inherit; margin: 0px; outline: none; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">link to the download page</a>, where you can read more about their recommendations and the versions available.</div>
</article></div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-85473276866988633062013-03-22T12:01:00.000+05:302013-03-22T12:03:26.332+05:30 Hack Gmail/ Yahoo /Facebook Password by brute force attack using Hydra - Backtrack<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm2db-Y54VeFgy_iG3TuC_vGg-qaPlxKJL8B6QKzMj4i-4uW0FbVRqCjf53PByXbV4uARdMylZaDs9Njy4rBMceUy72gwQpa_acpP41kJDNAFSKrGFnS3uWWT1ql2gFf9XDikWByYSpys/s1600/step+4.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBViGgTQHn8R90CmbXO-Lda4-3vRs_rynSA8dp6NfLMdLHDVqGIcChIlCeymzy2oKW90WTM2A1ZJ4dxHiTsUvRXg_LtKl2liLeGQGyRqOWZikHdi1KPQ2dNsQjxuFrHqD_9gVI5lmiIlI/s1600/step+3.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBelQ67nVx9wGcCXO0d7VvIX55KR006R9uQcFgv9degmpuD32j9j5txrmnX2Ga27PPSMKwZt3aMMCk8jjw0rQiKO1uPZsM_h0rw-fzGnVJsVOsRoVNQKGXPhXS04rXS-eGhDIC1uTPM2c/s1600/step+2.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><b>First</b>, lets take a quick overview about what we're going to do
here. We'll apply different passwords on the target's Gmail id from a
password list using Hydra which is available with Backtrack. That's why I
still love it. :) It'll easily get back the password on successful
login.<br />
<br />
<b><u>Requirements:</u></b><br />
<br />
<ul style="text-align: left;">
<li>A <b>password.txt</b> file with a list of expected passwords, Either write your own</li>
<li>Backtrack 5 (any version)</li>
<li>Internet Connection</li>
</ul>
Lets Hack something for real,<br />
<br />
Turn on your Backtrack machine :P<br />
Navigate to <b>Applications</b> > <b>Backtrack</b> > <b>Privilege Escalation</b> ><b> Password Attacks</b> > <b>Online Attacks</b> > <b>hydra-gtk</b> and launch the hydra tool<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihV0rO-5TO0nTddakP2OsV2UaQXsX6bocpeCYHBDFkHNJVyIVKQke0xOGCieUx_egDzv3KLYEOFwybDb_fZLf_iMFw6_ab7vCEcxGg9b9kOlZvSZaHrdzBfVp6L-qi5qXsM3BrdrLmHe8/s1600/step1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihV0rO-5TO0nTddakP2OsV2UaQXsX6bocpeCYHBDFkHNJVyIVKQke0xOGCieUx_egDzv3KLYEOFwybDb_fZLf_iMFw6_ab7vCEcxGg9b9kOlZvSZaHrdzBfVp6L-qi5qXsM3BrdrLmHe8/s1600/step1.jpg" /></a></div>
<br />
Now, under the <b>Target tab</b> set following parameters<br />
<i><code>Single target > smtp.gmail.com<br />
port > 465<br />
Protocol > smtp<br />
and check > use SSL, show attempts and Be Verbose</code></i><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDTQ0UqikjyHTv-oY6pUUvtb0HAXY9bxdM1bweLKkaUbO75UGAPwruWkg9OhzmZVLkFZHU6HP_l5wA4Valskcr12oy-k4sagXQBCimvxB9tgmORgBoPHKEO9C2biDIH_TZhowjD3bBnYM/s1600/step2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDTQ0UqikjyHTv-oY6pUUvtb0HAXY9bxdM1bweLKkaUbO75UGAPwruWkg9OhzmZVLkFZHU6HP_l5wA4Valskcr12oy-k4sagXQBCimvxB9tgmORgBoPHKEO9C2biDIH_TZhowjD3bBnYM/s1600/step2.jpg" /></a></div>
<br />
<br />
Click on <b>Password tab</b>, set these parameters<br />
<i><code>Username > target email address<br />
Password List > select the Password.txt file<br />
check the option > try Login as password</code></i><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVoXp4cGOo8h2wHixfZHsyjR1wI541ra70SbjFJaI8un4hnS8cDSF4vOFErljbrUGdHjfLuEQX02hj59plbnCaGO_bukmJ3s9S_qEDbrd9qOQpwVDnB1oSTfhWjOubiyLbdyU7rkzfmwU/s1600/step3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVoXp4cGOo8h2wHixfZHsyjR1wI541ra70SbjFJaI8un4hnS8cDSF4vOFErljbrUGdHjfLuEQX02hj59plbnCaGO_bukmJ3s9S_qEDbrd9qOQpwVDnB1oSTfhWjOubiyLbdyU7rkzfmwU/s1600/step3.jpg" /></a></div>
<br />
Now move to <b>start tab</b> and click on <b>start button</b> at the bottom to begin the attack.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm2db-Y54VeFgy_iG3TuC_vGg-qaPlxKJL8B6QKzMj4i-4uW0FbVRqCjf53PByXbV4uARdMylZaDs9Njy4rBMceUy72gwQpa_acpP41kJDNAFSKrGFnS3uWWT1ql2gFf9XDikWByYSpys/s1600/step+4.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBViGgTQHn8R90CmbXO-Lda4-3vRs_rynSA8dp6NfLMdLHDVqGIcChIlCeymzy2oKW90WTM2A1ZJ4dxHiTsUvRXg_LtKl2liLeGQGyRqOWZikHdi1KPQ2dNsQjxuFrHqD_9gVI5lmiIlI/s1600/step+3.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBelQ67nVx9wGcCXO0d7VvIX55KR006R9uQcFgv9degmpuD32j9j5txrmnX2Ga27PPSMKwZt3aMMCk8jjw0rQiKO1uPZsM_h0rw-fzGnVJsVOsRoVNQKGXPhXS04rXS-eGhDIC1uTPM2c/s1600/step+2.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-yv0I9gg3C2L3j2uqzS-6gy7G86dyaZTf6vJMPnbp9HsVXpAvQfWVTZxiVtnOgS9KCMv_pDvQtH5cXjLmTZWNC4V5lR-xWJBXneQSP1JLBumGKaYPGH-kjLRs_dB67nqx3K4tdQISodg/s1600/step4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-yv0I9gg3C2L3j2uqzS-6gy7G86dyaZTf6vJMPnbp9HsVXpAvQfWVTZxiVtnOgS9KCMv_pDvQtH5cXjLmTZWNC4V5lR-xWJBXneQSP1JLBumGKaYPGH-kjLRs_dB67nqx3K4tdQISodg/s1600/step4.jpg" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBelQ67nVx9wGcCXO0d7VvIX55KR006R9uQcFgv9degmpuD32j9j5txrmnX2Ga27PPSMKwZt3aMMCk8jjw0rQiKO1uPZsM_h0rw-fzGnVJsVOsRoVNQKGXPhXS04rXS-eGhDIC1uTPM2c/s1600/step+2.jpg" style="margin-left: 1em; margin-right: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBViGgTQHn8R90CmbXO-Lda4-3vRs_rynSA8dp6NfLMdLHDVqGIcChIlCeymzy2oKW90WTM2A1ZJ4dxHiTsUvRXg_LtKl2liLeGQGyRqOWZikHdi1KPQ2dNsQjxuFrHqD_9gVI5lmiIlI/s1600/step+3.jpg" style="margin-left: 1em; margin-right: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm2db-Y54VeFgy_iG3TuC_vGg-qaPlxKJL8B6QKzMj4i-4uW0FbVRqCjf53PByXbV4uARdMylZaDs9Njy4rBMceUy72gwQpa_acpP41kJDNAFSKrGFnS3uWWT1ql2gFf9XDikWByYSpys/s1600/step+4.jpg" style="margin-left: 1em; margin-right: 1em;"></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
If everything goes well, then you'll get the password.<br />
<br />
<br />
<br />
<b><u>Note:</u></b>
Using a brute force attack from a Password list will never guarantee
any successful result it depends how lucky you're. Hacking someones
account without their permission is a crime so do use at your own risk.
I'm not at all responsible in case you get your ass behind the
bars.<br />
<br />
<b><i><u>Happy Hacking. :)</u></i></b><br />
<br />
<i>"The quieter you become, the more you are able to hear."</i><br />
SOURCE: <a href="http://www.hackthedark.com/">www.hackthedark.com</a><br />
POSTED BY: INCR3DIBL3 H4CK3R </div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-60901014625640437042012-06-14T17:24:00.000+05:302012-06-14T18:20:40.525+05:30How to Format a Pen Drive in NTFS Type in Windows 7<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="color: #93c47d;">
<b><span style="font-family: Verdana,sans-serif; font-size: large;"><span style="color: #3d85c6;">W</span></span>e</b> all know that All Pen Drive Default Type is FAT/FAT32 but sometimes if we want to use Pen Drive as System Drive or for window installation purpose then we need some modification...</div>
<div style="color: #93c47d;">
In this Post i guide you how to convert a FAT Drive in NTFS(System)Type.....</div>
<div style="color: #93c47d;">
<span style="color: #e06666;">Step 1</span>:-Insert Pendrive and Run a Virus scan and delete all the Viruses,becauseVirus may effect ur USB drive efficiency.</div>
<div style="color: #93c47d;">
<span style="color: #e06666;">Step 2</span>:-Now BackUp all the Data of Pendrive.</div>
<div style="color: #93c47d;">
<span style="color: #e06666;">Step 3</span>:-Go to My Computer and press Right Click of Mouse on PenDrive icon.</div>
<div style="color: #93c47d;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjErrEKw3FE_mdqVvjZFgsbzjS1dIjqQnIK_Dtcfifg3Ny906cL_GqVgPI5YyOmIfCPYybneXxtx_d9slcnRS1_8t7pUXz5FuHwM4Z3GA235Nr8MGBg501O6dU8N6J2r1maIrxiKf_Q2c0/s1600/Fullscreen+capture+6142012+10914+PM.bmp.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="483" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjErrEKw3FE_mdqVvjZFgsbzjS1dIjqQnIK_Dtcfifg3Ny906cL_GqVgPI5YyOmIfCPYybneXxtx_d9slcnRS1_8t7pUXz5FuHwM4Z3GA235Nr8MGBg501O6dU8N6J2r1maIrxiKf_Q2c0/s640/Fullscreen+capture+6142012+10914+PM.bmp.jpg" width="640" /></a></div>
<span style="color: #e06666;">Step 4</span>:-Now go to <i><span style="color: #6fa8dc;">Format</span></i> Option and Click on '<i><span style="color: #3d85c6;">Restore Device Defaults</span></i>'.</div>
<div style="color: #93c47d;">
<br /></div>
<div style="color: #93c47d;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivB9jtkzkROfJtRchoIhAT9g0cUcfXctv4xmaF6jzQ1kTqrrg893dGP1D-lLfa1gx4uPq8OjyYO5lNJ4MSzO6kBntBAy3Cip2m2AdwKEh9RSaReDtlopUsKIB9Txf5YXGtbDrHS12cO04/s1600/Fullscreen+capture+6132012+53620+PM.bmp.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="484" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivB9jtkzkROfJtRchoIhAT9g0cUcfXctv4xmaF6jzQ1kTqrrg893dGP1D-lLfa1gx4uPq8OjyYO5lNJ4MSzO6kBntBAy3Cip2m2AdwKEh9RSaReDtlopUsKIB9Txf5YXGtbDrHS12cO04/s640/Fullscreen+capture+6132012+53620+PM.bmp.jpg" width="640" /></a></div>
<br /></div>
<div style="color: #93c47d;">
After This Open File System Coloumn and select NTFS,</div>
<div style="color: #93c47d;">
<br /></div>
<div style="color: #93c47d;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN39Q_Z2TGQOrCMB1ytfC_5kkUbUHjHpgE837DCjnDb5s3bdAyrt1XCuciYL1GxeLtXTVsdzk98PcSbugKARVoPwZR7DuSPcfPpQvE3EWI81Q9Kg91wz3gBTbZ1t5nQQYfDDKtFxQljL8/s1600/Fullscreen+capture+6132012+53635+PM.bmp.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="483" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN39Q_Z2TGQOrCMB1ytfC_5kkUbUHjHpgE837DCjnDb5s3bdAyrt1XCuciYL1GxeLtXTVsdzk98PcSbugKARVoPwZR7DuSPcfPpQvE3EWI81Q9Kg91wz3gBTbZ1t5nQQYfDDKtFxQljL8/s640/Fullscreen+capture+6132012+53635+PM.bmp.jpg" width="640" /></a></div>
<br /></div>
<div style="color: #93c47d;">
And Now Click on '<i><span style="color: #3d85c6;">Start</span></i>' and wait for few second....</div>
<div style="color: #93c47d;">
<br /></div>
<div style="color: #93c47d;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpCQz-QIPh7htIDspPPVUqEr5uqgrQCIw4Nn3TGbd1qSa0-5v9UkBrMlTWcWgB8FrDOqxlQpkKEIA7Fg4_fnElPh1Tknf2Hw5nrWh_WIhaZZvHjBqMiE0X92i9_SYXDvPpZ3Nt-rZH-wk/s1600/Fullscreen+capture+6132012+54025+PM.bmp.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="483" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpCQz-QIPh7htIDspPPVUqEr5uqgrQCIw4Nn3TGbd1qSa0-5v9UkBrMlTWcWgB8FrDOqxlQpkKEIA7Fg4_fnElPh1Tknf2Hw5nrWh_WIhaZZvHjBqMiE0X92i9_SYXDvPpZ3Nt-rZH-wk/s640/Fullscreen+capture+6132012+54025+PM.bmp.jpg" width="640" /></a></div>
After Formating Message Come "<i><span style="color: #3d85c6;">Format Complete</span></i>" and Press '<i><span style="color: #3d85c6;">Ok</span></i>'</div>
<div style="color: #93c47d;">
<br /></div>
<div style="color: #93c47d;">
<br /></div>
<div style="color: #93c47d;">
Your Device is ready for use and now you use device as System Device.</div>
<div style="color: #93c47d;">
<br /></div>
<div style="color: #93c47d;">
NOTE: If u want to format pendrive with NTFS and use as Bootable Device<span id="goog_1287254755"></span><span id="goog_1287254756"></span> using command Prompt.then view my earlier <a href="http://hackvirus.blogspot.in/2012/05/how-to-install-windows-7-from-usb.html" target="_blank">POST</a></div>
</div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-81632520667521782442012-06-12T15:54:00.002+05:302012-10-20T20:53:12.856+05:30SEARCH ENGINE OPTIMIZATION<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="color: #e06666; text-align: center;">
<i><span style="font-size: small;"><b>SEARCH ENGINE OPTIMIZATION</b></span></i></h2>
<span style="color: #6fa8dc; font-size: small;">Nowwards
we will moov 2 SEO[SEARCH ENGINE OPTIMIZATION],thenwards SOFTWARES ND
CRACKING ,THEN WARDS PROXY ND THENWARDS HACKING IN 2 OTHER'S COMUTER.<br />
THESE R D NEXTCHAPTERS.<br />
LET'S START learning seo.<br />
Well,SEO gives us d exact thing vch we want 2 get 4m google.suppose dt u
r searching 4 something on google then google gives u more than 100000
pages nd it is very much difficult 2 find ur exact needed thing in a
single shot.SEO gives u d exact thing vch u need exactly.let's start
SEO<br />
go here,<br />
http://newyears.noo.com/noo/m/browse...wevent/id/518/<br />
here u can see written dis line<br />
"New Years Eve at Pink Elephant"<br />
this is dCOLOR="RED"] "title"[/color] of dis web page<br />
d link vch i posted above is d "url"<br />
nd all d data vch has written der is "text"<br />
now,suppose dt u vant 2 search anything on google nd u want 2 search 4 forum then simpally type<br />
inurl:forum<br />
i mean wenever u hv 2 search anything in url ,write<br />
inurl:desired thing<br />
wenever u hv 2 search in text write<br />
intext:desired thing<br />
wenever u hv 2 search anything in text write<br />
intext:desired thing<br />
well, i know most of u r knowing these things already bt d ppl who r nt
knowing these,plz try 2 understand dis thing,vdout SEO,u ppl vl feel a
lot of problem while hacking a website 4 sql injection,searching
cracks on internet nd 4 deirectry transeversal ,it is very much
essential thing<br />
well, <br /><br />
Now do some practice vd d thing vch i wrote here </span><span style="color: #6fa8dc;">
</span><span style="color: #6fa8dc; font-size: small;"><br />
suppose dt u want 2 search d new year celebration then simpally write in google<br />
intitle:new year celebration<br />
if u vant 2 search any websit's login page then type<br />
intext:login inurl:website address<br />
nd search 4 .<br />
now suppose dt u want 2 find anything in a specific website then use dis syntax<br />
site:website fulll address d thing vch u want2 search in dt website<br />
dis syntax is really very good.<br />
NOW SUPPOSE DT U WANT 2 SEARCH ANY PDF TYPEFILE OR doc type file then simpally use dis syntax<br />
filetype:pdf<br />
d next thing in SEO IS<br />
RELATED NAMED STUFF,u know dt yahoo is a search</span>
<br />
<h4 style="color: #6fa8dc;">
<span style="font-size: small;"><span style="color: #e06666;"><b>D SUMMARY OF D CHAPTER</b></span></span></h4>
<div style="color: #6fa8dc;">
<span style="font-size: small;">[1]4 searching something in url use"inurl:"<br />
[2]4 srching in title use"intitle:"<br />
[3]4 srhcing in text use "intext:"<br />
[4]2 get a file of specific type use "filetype::<br />
[5]2 restrct ur search in a website use "site:websiteaddress urdesired seacrhing item"<br />
[6]2 get information about a website use"info:website full addres"<br />
[7]2 get related type sites type"related:website ful address"<br />
[8]2 nt appear a syntax in ur srch results use a minus[dash] sign.<br />
to d person who r reading this type thing first time,i m requsting them 2 do very much practice vd all of dese syntaxes.<br />
a good person always searches by dese techniques.u can find many books
related on google ,i hv read all of dem nd thenwards i hv written all d
results driven 4m dem.<br />
do a hell of practice plz</span></div>
<div style="color: #6fa8dc;">
<br /></div>
</div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-21886118856342125582012-06-11T15:06:00.004+05:302012-10-20T20:55:04.667+05:30How to view Private Facebook Profiles<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: center;">
<u><i><span style="font-size: large;"><span style="color: #e06666;">Learn </span><b style="color: #e06666;">how to view private facebook profiles</b></span></i></u></h2>
<div style="color: #6fa8dc;">
<span style="font-size: small;">
In post i will tell you <b>how to view private facebook profiles</b>,This
latest hack proves that anyone in the world is able to view anyone’s
private tagged pictures,This is why facebook is not privite is still
open even after such publicity all over the web.<span class="Apple-style-span" style="font-weight: bold;">Major security threat.</span><br />
Have you ever wanted to see pictures of an enemy but you couldn’t
because her or his facebook account was set to private. Well thats all
going to change because I will show you very simple way to <i><b>view private facebook profiles</b></i></span>
</div>
<div style="color: #6fa8dc;">
<span style="font-size: small;"><br /></span>
</div>
<div style="color: #6fa8dc;">
<span style="font-size: small;"><span style="color: #f6b26b;"><i><b>Method:</b></i></span><br /><br /><b>1.</b>
</span><span style="font-size: small;"> Login in your Facebook Account<br /><i style="color: #93c47d;">www.facebook.com</i><span style="color: #93c47d;">
</span></span><span style="font-size: small;"><br /><br /><b>2.</b>
</span><span style="font-size: small;"> Search for the person<br /><br /><b>3.</b>
</span><span style="font-size: small;"> Find the persons ID # by Clicking on Send messages</span></div>
<div style="color: #6fa8dc;">
<br /></div>
<div class="separator" style="clear: both; color: #6fa8dc; text-align: center;">
<span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB33xWUDXeUZKJLVZsIXifdEDRzVISz34L5Vh_693OYXmRWR_0jVxqBE-36aModrQNgEJwwjLqxR1hU9dRaZ8gm8yF2z_F19P1d3oWgn_YewqIUZ8RW_aFivDLtJXy5c8KgwyCmARQs_U/s1600/Facebook.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB33xWUDXeUZKJLVZsIXifdEDRzVISz34L5Vh_693OYXmRWR_0jVxqBE-36aModrQNgEJwwjLqxR1hU9dRaZ8gm8yF2z_F19P1d3oWgn_YewqIUZ8RW_aFivDLtJXy5c8KgwyCmARQs_U/s1600/Facebook.jpg" /></a></span></div>
<div style="color: #6fa8dc;">
<br /></div>
<div style="color: #6fa8dc;">
<span style="font-size: small;"><br /><b>5. </b>
</span><span style="font-size: small;">Copy and Replace the ID # to the link<br /><b style="color: #f6b26b;"><br />
</b><i style="color: #f6b26b;"><br /><b style="color: #93c47d;">http://www.facebook.com/photo.php?pid=1234567&id=[Person’s ID]&op=1&view=all&subj=[Person’s ID]</b></i>
</span><span style="font-size: small;"><span style="color: #93c47d;">
</span><br style="color: #93c47d;" /><br /><b>6. </b>
</span><span style="font-size: small;">Copy and paste the link in your browser<br /><br /><b>7.</b>
</span><span style="font-size: small;"> You should be able to see 10-20 pictures before facebook denies you access. </span></div>
</div>
Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com6tag:blogger.com,1999:blog-2440917673892632855.post-19464638616740939092012-06-09T14:30:00.000+05:302012-06-29T13:37:54.903+05:30Find email via brute force<div dir="ltr" style="text-align: left;" trbidi="on">
<h6 class="uiStreamMessage" data-ft="{"type":"msg"}" style="color: #ea9999; font-weight: normal;">
<span style="font-size: small;">Here is a tutorial Find email ids thru brute force,its not so
much efficient process because it takes a lot of time</span></h6>
<h4 style="color: #f6b26b;">
<i><span style="font-size: small;"><b>Procedure: </b></span></i></h4>
<span style="color: #e06666; font-size: small;"><br />
1.Download
</span><span style="color: #e06666; font-size: small;"><a href="http://www.hoobie.net/brutus/brutus-download.html">Brute Force</a> Software .</span><br />
<span style="color: #e06666; font-size: small;"><br /></span>
<br />
<span style="color: #e06666; font-size: small;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9txQ8qU5YnpXviPAOptt2WAajo2SQzQUpkmXzDqYxjL_8Oz9E3cJIqNmcZ2ftM-p3LJdCxUJ83jbC9kUVpm_Yr1m3eos_6leU65H8HAJPB17OFfC5Ky2f4tgrb227-v-Nn4sCCp7LzpQ/s1600/Untitled.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9txQ8qU5YnpXviPAOptt2WAajo2SQzQUpkmXzDqYxjL_8Oz9E3cJIqNmcZ2ftM-p3LJdCxUJ83jbC9kUVpm_Yr1m3eos_6leU65H8HAJPB17OFfC5Ky2f4tgrb227-v-Nn4sCCp7LzpQ/s1600/Untitled.png" /></a></div>
<h6 class="uiStreamMessage" data-ft="{"type":"msg"}" style="color: #e06666; font-weight: normal;">
<span style="font-size: small;">2.Excract on desktop and lets start/ ok run it<br />
<br />
3.To find email in target bar write:<br />
pop.mail.yahoo.com<br />
<br />
4.Type most be: POP3<br />
<br />
5.Put connections to 60 and timeout to 60<br />
<br />
6.Make sure you check a ''Single User''<br />
<br />
7.Then when you check that to single user write in that bar you victims
yahoo acc ID / explanation .. like googleboy@yahoo.com his ID will be
googleboy .. write that<br />
<br />
8.Password mod put on: ''Brute Force''<br />
<br />
9.Then click ''Range''(a new window will pop up)<br />
<br />
10. Then make sure you put ''Min Lenght'' 6 and ''Max Lenght'' to 16<br />
<br />
11.Then put custom range .. there will be default Abcd.. etc and some numbers ..<br />
<br />
12.Click OK<br />
<br />
if u have any problem then ask here i will try to remove it</span></h6>
<h6 class="uiStreamMessage" data-ft="{"type":"msg"}" style="color: #e06666; font-weight: normal;">
<span style="font-size: small;"></span><b>About the Author</b><br />
<a href="https://www.facebook.com/xeohacker" target="_blank" title="XEO Hacker">XEO Hacker</a>, the founder of <a href="https://www.hackwithstyle.com/" target="_blank" title="Hack With Style">Hack With Style</a>
(HWS).</h6>
</div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-88777500706078462102012-06-08T14:26:00.000+05:302012-06-12T16:00:56.223+05:30How Websites Get Hacked With FileUpload Vulnerability?<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="color: #6fa8dc;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlIQNpj6qI0lCxLYeedP0FDpN_SrQR91dcatDq3AShBJw88ioablQ0IbUTKTyr7xkIovm7pGjZO8yeyvVWaTRS2Juwq6UZHU6TSloEnj3rDDux-o3ZWVcme0N44_b49XX1FM6qGVuY9Dc/s1600/image_2315846.original.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlIQNpj6qI0lCxLYeedP0FDpN_SrQR91dcatDq3AShBJw88ioablQ0IbUTKTyr7xkIovm7pGjZO8yeyvVWaTRS2Juwq6UZHU6TSloEnj3rDDux-o3ZWVcme0N44_b49XX1FM6qGVuY9Dc/s200/image_2315846.original.jpg" width="200" /></a> <span style="color: #f6b26b; font-size: large;">H</span>i,In this Post i show you a another method of website hacking.........</div>
<div style="color: #6fa8dc;">
The <i><b><a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink1" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="color: blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">vulnerability</span></span></a></b></i> which we are about to demonstrate in my opinion is the number 1 reason why websites hacked and are <i><b><a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink2" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="color: blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">exploited</span></span></a></b></i> further to the server level. When a hacker performs a SQL Injection attack on a website he needs a way to get shell <i><b><a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink3" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="color: blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">level </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">access</span></span></a></b></i>
and install the PHP backdoor so he can touch other files on server or
compromise the server itself if it's vulnerable. If we could secure our
uploads and restrict our upload area so that they don't allow it does
not allow the upload of other files instead of images we can protect our
upload area.<br />
<a href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" name="more"></a><br />
However there is a problem, The PHP files can still be uploaded by
various methods. The most common method is by renaming the PHP backdoor
to the following and then uploading the shell.</div>
<blockquote class="tr_bq" style="color: #6fa8dc;">
<br />
<span style="background-color: #fce5cd;">shell.php;.jpg</span><br />
<span style="background-color: #fce5cd;">
shell.php.jpg</span><br />
<span style="background-color: #fce5cd;">
shell.php..jpg</span><br />
<span style="background-color: #fce5cd;">
shell.php.jpg</span><br />
<span style="background-color: #fce5cd;">
shell.php.jpg:;</span><br />
<span style="background-color: #fce5cd;">
shell.php.jpg%;</span><br />
<span style="background-color: #fce5cd;">
shell.php.jpg;</span><br />
<span style="background-color: #fce5cd;">
shell.php.jpg;</span><br />
<span style="background-color: #fce5cd;">
shell.php.jpg:;</span></blockquote>
<div style="color: #6fa8dc;">
However there is also a method to block the
upload of the above files. But there is also another way to bypass it
even if the uploading of the files name with the above extension is
blocked. We will use tamper data for this purpose.<br />
<br />
<b style="color: #f6b26b;">Step 1 </b><br />
<br />
Install <b>http live headers</b> firefox extention, then go to the
upload section. Open Live HTTP Headers and upload shell. Now if you try
to go to the link where you have your shell uploaded it will give you
error (only on some websites) so we will have to change that hidden
.php.jpg extension into the .php.<br />
<br />
So as we uploaded the shell and opened the Live HTTP Headers you should
find where you have uploaded your shell. You will have to find the line
where ti writes that you uploaded the shell. Select it and then click on
button reply.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT2ih6Oixt80_vqJWlPENofMe1Koa459ml3LJ23Myljb5SmpXx4YtSW5eBOKUz5rekRxAy-DmM76dP1Bexu2zsDs8jK0YvGiKKZichBRdZQwx376T7UnxQXM0xUHZWYM7p-rk5vxxcIho/s1600/image1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT2ih6Oixt80_vqJWlPENofMe1Koa459ml3LJ23Myljb5SmpXx4YtSW5eBOKUz5rekRxAy-DmM76dP1Bexu2zsDs8jK0YvGiKKZichBRdZQwx376T7UnxQXM0xUHZWYM7p-rk5vxxcIho/s1600/image1.png" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCj2_1oHWgeI5ulPeUODWtR-Z7bYvIFjY97qUSK3GQFVixypCkInEsPdrzXoR-FDi1J3W2gBT7M4tTI2wYMx9csheB7czdCRDbfRrQVnsQLXoBqxcGmHAdRGRjc2X2UPtwxeGXDEkbsUk/s1600/step1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCj2_1oHWgeI5ulPeUODWtR-Z7bYvIFjY97qUSK3GQFVixypCkInEsPdrzXoR-FDi1J3W2gBT7M4tTI2wYMx9csheB7czdCRDbfRrQVnsQLXoBqxcGmHAdRGRjc2X2UPtwxeGXDEkbsUk/s1600/step1.png" /></a> <b style="color: #f6b26b;">Step 2 - </b></div>
<br />
<span style="color: #6fa8dc;">After uploading, find the directory where your fle
uploaded, example if you uploaded it in images then it will be in
http://website/images/shell.php. The rest of the steps are self
explanatory.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIHsVRwAHSzJLbK5bA68xOGf6N5Frf5r6rwlWGTGPT7mvozf2zJQU4KevJyAcfuE-eN1XknT5fV_ePUVaE3QepNyzDFqjGtfHgRH_WSUbUK2uxgh8i66psmxuX2k96Rd7rwT6KBzUeh2U/s1600/step3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIHsVRwAHSzJLbK5bA68xOGf6N5Frf5r6rwlWGTGPT7mvozf2zJQU4KevJyAcfuE-eN1XknT5fV_ePUVaE3QepNyzDFqjGtfHgRH_WSUbUK2uxgh8i66psmxuX2k96Rd7rwT6KBzUeh2U/s1600/step3.png" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXzz6sBXTT0Ka76DKY4EneuqJTrMWZP6Y41Blt2sOEdtWASDl0-cLpshqFOFz6jca67fbdrDkubw99C1YHjjl3eF1pYA6q2gLmGbBCaQES-uY84fcNY_YS4thRYSN_378zKwLSYIYpgd0/s1600/step4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXzz6sBXTT0Ka76DKY4EneuqJTrMWZP6Y41Blt2sOEdtWASDl0-cLpshqFOFz6jca67fbdrDkubw99C1YHjjl3eF1pYA6q2gLmGbBCaQES-uY84fcNY_YS4thRYSN_378zKwLSYIYpgd0/s1600/step4.png" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4sR5ODZ36Kx5-XOuzMjNtJjWCMa5sUDPhsS-YGwOHizqb7m7y6ac01KwwN8ZkMzXHi3QD0wInj3fkHx9z09gGj2f4DycLyn5aKqvzsXJFZVxE-CQxsmvQ8AjJk5KsJrH7JX5oXFRCLuY/s1600/step6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4sR5ODZ36Kx5-XOuzMjNtJjWCMa5sUDPhsS-YGwOHizqb7m7y6ac01KwwN8ZkMzXHi3QD0wInj3fkHx9z09gGj2f4DycLyn5aKqvzsXJFZVxE-CQxsmvQ8AjJk5KsJrH7JX5oXFRCLuY/s1600/step6.png" /></a></div>
<br />
<br />
<br />
<br />
<div style="color: #f6b26b;">
<br /></div>
<b style="color: #f6b26b;">How To Protect Your Website from the FileUpload Vulnerability?</b><br />
<br />
<span style="color: #6fa8dc;">That's a separate topic and will be explained in
a separate post. However for now I would recommend you to
install a third party fileuploading service, Where the file get's
uploaded the fileuploading service's server not yours.</span><br />
<br />
<b style="color: #f6b26b;">About the author : </b><br />
<br />
<span style="color: #93c47d;">Minhal Mehdi is a Tech Blogger and Ethical Hacker, He runs a blog</span><a href="http://www.devilscafe.in/" style="color: #93c47d;"> http://www.devilscafe.in</a><span style="color: #93c47d;">. where he writes about Exploits and vulnerabllies </span><br />
<br />
<span style="color: #93c47d;">Source:-www.rafayhackingarticles.net </span></div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-57777253646147483322012-06-07T15:40:00.000+05:302012-06-12T16:02:49.682+05:30Make the Best Out Of A Vulnerability Scanner?<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="color: #999999;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYALHOcullef75wu_nLnXXS4hkRfdMVXLiCDPAcroYWTt8otph41by-RKqtu-9AW6J2ye6-2spQow8eeWQ54xXDHA9WwIcTSsygQEa5Ygv7Qjsruk4rVG8f-es5yJHKXxceJ-sEiHjWn8/s1600/BlogyMate.com46201155014.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYALHOcullef75wu_nLnXXS4hkRfdMVXLiCDPAcroYWTt8otph41by-RKqtu-9AW6J2ye6-2spQow8eeWQ54xXDHA9WwIcTSsygQEa5Ygv7Qjsruk4rVG8f-es5yJHKXxceJ-sEiHjWn8/s200/BlogyMate.com46201155014.jpg" width="200" /></a><span style="color: #444444; font-size: large;"><i><b> A</b></i></span>s
your knowledge and experience in security increases, you start looking
at a variety of security solutions that could help you do a better job
and automate many of the processes. One of the first products that you
would probably test is a vulnerability scanner. That’s an excellent
first step but now comes the harder part, if you are new to
vulnerability scanning, how do you go about making effective use of this
solution?</div>
<div style="color: #999999;">
Not all vulnerability scanners are the same and some of the
functionality mentioned in this article may or may not be available to
you; however I recommend that you go for a solution that gives you as
wide a range of features as possible.</div>
<div style="color: #999999;">
<a href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" name="more"></a></div>
<div style="color: #999999;">
<span id="goog_1924126241"></span><span id="goog_1924126242"></span></div>
<div style="color: #999999;">
<br /></div>
<div style="color: #666666;">
<b>Inventory</b></div>
<div style="color: #999999;">
<br /></div>
<div style="color: #999999;">
Most good vulnerability scanners will keep an eye on the hardware and
software deployed on your network. This is very valuable information.
Run an inventory on your network to ensure that you are aware of
everything that is installed and that it has been approved for use. Once
completed set your vulnerability scanner to notify you of any changes
from this baseline.</div>
<div style="color: #666666;">
<br /></div>
<div style="color: #666666;">
<b>Scheduled scans</b></div>
<div style="color: #999999;">
<br /></div>
<div style="color: #999999;">
If your vulnerability scanner allows you to configure a periodic scan,
create a schedule to scan your network daily. Select a time that least
impacts your organization because a vulnerability scan can be slightly
disruptive. </div>
<div style="color: #999999;">
<br /></div>
<div style="color: #666666;">
<b>Port scanning</b></div>
<div style="color: #999999;">
<br /></div>
<div style="color: #999999;">
Malware can be stealthy and hide itself in several ways, therefore the
more methods in use, the higher the rate of detection. Take note of any
open ports each system has and look out for ports that should not be
open and investigate further since this may indicate the presence of
malware. </div>
<div style="color: #999999;">
<br /></div>
<div style="color: #666666;">
<b>Patch management</b></div>
<div style="color: #999999;">
<br /></div>
<div style="color: #999999;">
A good vulnerability scanner will let you know what patches are missing
on your system. Most will also allow you to deploy the patches. Before
that, however, it is best practice to set up a testing environment that
mirrors your live environment. This test network can be based on the
inventory previously obtained using the vulnerability scanner. Test the
missing patches on this test environment to ensure that they do not
conflict with the current network setup – if all is well deploy them to
the live environment.</div>
<div style="color: #999999;">
<br /></div>
<div style="color: #666666;">
<b>Other vulnerabilities</b></div>
<div style="color: #999999;">
<br /></div>
<div style="color: #999999;">
Not all vulnerabilities can be addressed through patch management; some
do not have patches available and others are configuration related. A
good vulnerability scanner will point these out, give you information on
such vulnerabilities and provide you with information on how to address
them.</div>
<div style="color: #999999;">
<br /></div>
<div style="color: #666666;">
<b>Security policies and software</b></div>
<div style="color: #999999;">
<br /></div>
<div style="color: #999999;">
A good vulnerability scanner will outline the security policies set on
each of the scanned machines. It will also check if the antivirus
software installed is up to date. </div>
<div style="color: #999999;">
Monitoring these six basic items will ensure you have the necessary information to keep your network secure.</div>
<div style="color: #999999;">
<br /></div>
<div style="color: #999999;">
Always keep an eye on hardware and software changes and update the test
environment accordingly. Carry out frequent scheduled scans, look out
for open ports, and set notifications so that you are informed when a
new port is opened. Regularly apply patches and fix any vulnerabilities
that are detected as soon as possible. </div>
<div style="color: #666666;">
<br /></div>
<div style="color: #666666;">
<br /></div>
<div style="color: #666666;">
This guest post was provided by Emmanuel Carabott on behalf of GFI
Software Ltd. GFI is a leading software developer that provides a
single source for network administrators to address their network
security, content security and messaging need. Learn more on what to
look out for when choosing a <a href="http://www.gfi.com/lannetscan">vulnerability scanner</a>.<br />
<br />
Source:- www.rafayhackingarticles.net </div>
</div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-80250244440128836492012-06-06T13:39:00.000+05:302012-06-12T16:03:39.023+05:30Learn Website Hacking And Security With DVWA Tools<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="color: #f6b26b;">
hi i m deepesh and in this post i teach you How can you be good at website hacking and web
application security, The thing is that even if you have an idea of how
some popular website application attack work but still you need a safe
environment to practice what you have learned because you are not
allowed to access any website even for testing purposes unless and until
you are not authorized to do that, This is where Damn vulnerable web
app(DVWA) comes into play<br />
<a href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" name="more"></a>Basically Damn vulnerable web app(DVWA) PHP/MySQL web
app which is Damn vulnerable, DVWA web app allows you to learn and
practice web application attacks in a safe environment, It's latest
version is DVWA 1.7.<b> </b></div>
<br />
<b><i><span style="color: #a64d79;">Vulnerabilities </span></i></b>
<br />
<br />
<ul style="color: #f9cb9c;">
<li>SQL Injection</li>
<li>XSS (Cross Site Scripting)</li>
<li>LFI (Local File Inclusion)</li>
<li>RFI (Remote File Inclusion)</li>
<li>Command Execution</li>
<li>Upload Script</li>
<li>Login Brute Force</li>
<li>Blind SQL Injection </li>
</ul>
<div style="color: #cccccc;">
And much more.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVdatWSrRQqDfy6vQhMKHVRr9kr20RYog9MFwPoz-yL5ttjSyoUz5_20s3p0-GyLV0x5kMThGpxnYYi0Gl0V2v-FCG7DEI_t_pLP_FjAPhToi7brbP8y3AnCyhujzDZVef78izDb43f6U/s1600/dvwa-1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVdatWSrRQqDfy6vQhMKHVRr9kr20RYog9MFwPoz-yL5ttjSyoUz5_20s3p0-GyLV0x5kMThGpxnYYi0Gl0V2v-FCG7DEI_t_pLP_FjAPhToi7brbP8y3AnCyhujzDZVef78izDb43f6U/s1600/dvwa-1.jpg" /></a></div>
<br />
<br />
<b style="color: #c27ba0;">Official warning</b><br />
<br />
<blockquote style="background-color: #cccccc; color: #4c1130;">
<b>It should come as no shock..but this application is damn
vulnerable! Do not upload it to your hosting provider’s public html
folder or any working web server as it will be hacked. It’s recommend
that you download and install XAMP onto a local machine inside your LAN
which is used solely for testing.</b></blockquote>
<span style="color: #6fa8dc;">Open this Video for Installation....</span><br />
<a href="http://www.youtube.com/watch?v=GzIj07jt8rM%20" target="_blank">http://www.youtube.com/watch?v=GzIj07jt8rM </a><br />
<br />
<div style="color: #ea9999;">
NOW I PASTED THE INFORMATION FROM DVWA... </div>
<br />
<div style="color: #6fa8dc;">
<br /></div>
<div style="color: #666666;">
<br /></div>
<span style="color: #666666;">############################################################</span><br />
<span style="color: #666666;">################# DAMN VULNERABLE WEB APP ##################</span><br />
<span style="color: #666666;">############################################################</span><br />
<br />
<span style="color: #cccccc;">Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.</span><br />
<br />
<span style="color: #999999;">############</span><br />
<span style="color: #999999;"># WARNING! #</span><br />
<span style="color: #999999;">############</span><br />
<br />
<span style="color: #cccccc;">Damn Vulnerable Web App is damn vulnerable! Do not upload it to your hosting provider's public html folder or any working web</span><br />
<span style="color: #cccccc;">server as it will be hacked. I recommend downloading and installing XAMPP onto a local machine inside your LAN which is used solely for testing. </span><br />
<br />
<span style="color: #cccccc;">We do not take responsibility for the way in which any one uses Damn Vulnerable Web App (DVWA). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation of DVWA it is not our responsibility it is the responsibility of the person/s who uploaded and installed it.</span><br />
<br />
<span style="color: #999999;">###########</span><br />
<span style="color: #999999;"># License #</span><br />
<span style="color: #999999;">###########</span><br />
<br />
<span style="color: #cccccc;">This file is part of Damn Vulnerable Web App (DVWA).</span><br />
<br />
<span style="color: #cccccc;">Damn Vulnerable Web App (DVWA) is free software: you can redistribute it and/or modify</span><br />
<span style="color: #cccccc;">it under the terms of the GNU General Public License as published by</span><br />
<span style="color: #cccccc;">the Free Software Foundation, either version 3 of the License, or</span><br />
<span style="color: #cccccc;">(at your option) any later version.</span><br />
<br />
<span style="color: #cccccc;">Damn Vulnerable Web App (DVWA) is distributed in the hope that it will be useful,</span><br />
<span style="color: #cccccc;">but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br />
<span style="color: #cccccc;">MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br />
<span style="color: #cccccc;">GNU General Public License for more details.</span><br />
<br />
<span style="color: #cccccc;">You should have received a copy of the GNU General Public License</span><br />
<span style="color: #cccccc;">along with Damn Vulnerable Web App (DVWA). If not, see http://www.gnu.org/licenses/.</span><br />
<br />
<span style="color: #999999;">################</span><br />
<span style="color: #999999;"># Installation #</span><br />
<span style="color: #999999;">################</span><br />
<br />
<span style="color: #cccccc;">Default username = admin</span><br />
<span style="color: #cccccc;">Default password = password</span><br />
<br />
<br />
<span style="color: #cccccc;">The easiest way to install DVWA is to download and install 'XAMPP' if you do not already have a web server setup. </span><br />
<br />
<span style="color: #cccccc;">XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.</span><br />
<br />
<span style="color: #cccccc;">XAMPP can be downloaded from:</span><br />
<span style="color: #cccccc;">http://www.apachefriends.org/en/xampp.html</span><br />
<br />
<span style="color: #cccccc;">Simply unzip dvwa.zip, place the unzipped files in your public html folder, then point your browser to http://127.0.0.1/dvwa/index.php</span><br />
<br />
<br />
<span style="color: #999999;">##################</span><br />
<span style="color: #999999;"># Database Setup #</span><br />
<span style="color: #999999;">##################</span><br />
<br />
<span style="color: #cccccc;">To set up the database, simply click on the Setup button in the main menu, then click on the 'Create / Reset Database' button. This will create / reset the database for you with some data in.</span><br />
<br />
<span style="color: #cccccc;">If you receive an error while trying to create your database, make sure your database credentials are correct within /config/config.inc.php</span><br />
<br />
<span style="color: #cccccc;">The variables are set to the following by default: </span><br />
<br />
<span style="color: #6fa8dc;">$_DVWA[ 'db_user' ] = 'root';</span><br />
<span style="color: #6fa8dc;">$_DVWA[ 'db_password' ] = '';</span><br />
<span style="color: #6fa8dc;">$_DVWA[ 'db_database' ] = 'dvwa';</span><br />
<br />
<span style="color: #6fa8dc;">An explanation of these variables:</span><br />
<br />
<span style="color: #6fa8dc;">$_DVWA[ 'db_user' ] = 'your_database_username';</span><br />
<span style="color: #6fa8dc;">$_DVWA[ 'db_password' ] = 'your_database_password';</span><br />
<span style="color: #6fa8dc;">$_DVWA[ 'db_database' ] = 'your_database_name';</span><br />
<br />
<br />
<span style="color: #999999;">###################</span><br />
<span style="color: #999999;"># Troubleshooting #</span><br />
<span style="color: #999999;">###################</span><br />
<br />
<span style="color: #cccccc;">For the latest troubleshooting information please visit: http://www.dvwa.co.uk/forum/viewtopic.php?f=5&t=7</span><br />
<br />
<br />
<span style="color: #cccccc;">+Q. SQL Injection wont work on PHP version 5.2.6.</span><br />
<br />
<span style="color: #cccccc;">-A.If you are using PHP version 5.2.6 you will need to do the following in order for SQL injection and other vulnerabilities to work.</span><br />
<br />
<span style="color: #cccccc;">In .htaccess:</span><br />
<br />
<span style="color: #cccccc;"> Replace:</span><br />
<br />
<span style="color: #6fa8dc;"> <IfModule mod_php5.c></span><br />
<span style="color: #6fa8dc;"> php_flag magic_quotes_gpc off</span><br />
<span style="color: #6fa8dc;"> #php_flag allow_url_fopen on</span><br />
<span style="color: #6fa8dc;"> #php_flag allow_url_include on</span><br />
<span style="color: #6fa8dc;"> </IfModule></span><br />
<br />
<span style="color: #666666;"> With:</span><br />
<br />
<span style="color: #6fa8dc;"> <IfModule mod_php5.c></span><br />
<span style="color: #6fa8dc;"> magic_quotes_gpc = Off</span><br />
<span style="color: #6fa8dc;"> allow_url_fopen = On</span><br />
<span style="color: #6fa8dc;"> allow_url_include = On</span><br />
<span style="color: #6fa8dc;"> </IfModule></span><br />
<br />
<span style="color: #666666;">+Q. Command execution won't work.</span><br />
<br />
<span style="color: #cccccc;">-A. Apache may not have high enough priviledges to run commands on the web server. If you are running DVWA under linux make sure you are logged in as root. Under Windows log in as Administrator.</span><br />
<span style="color: #cccccc;"> </span><br />
<span style="color: #666666;">+Q. My XSS payload won't run in IE.</span><br />
<br />
<span style="color: #cccccc;">-A. If your running IE8 or above IE actively filters any XSS. To disable the filter you can do so by setting the HTTP header 'X-XSS-Protection: 0' or disable it from internet options. There may also be ways to bypass the filter.</span><br />
<br />
<br />
<span style="color: #6fa8dc;"># Contact: dvwa@dvwa.co.uk </span><br />
<span style="color: #6fa8dc;"># Website: http://www.dvwa.co.uk</span><br />
<span style="color: #6fa8dc;"># Download: http://sourceforge.net/projects/dvwa/</span><br />
<span style="color: #6fa8dc;"># SVN: http://dvwa.svn.sourceforge.net/svnroot/dvwa</span><br />
<br />
<span style="color: #6fa8dc;"># Created by: The DVWA team.</span><br />
<br />
<br />
Source:- www.rafayhackingarticles.net <span style="color: #6fa8dc;"><br /></span></div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-18474450175861129532012-06-05T08:55:00.000+05:302012-06-12T16:04:40.695+05:30Hack a website using Directory Transversal attack?<div dir="ltr" style="text-align: left;" trbidi="on">
<h3 style="color: #45818e;">
<i><b>What is <a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink0" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">root </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">directory</span></span></a> of web server ?</b></i></h3>
<div style="color: #e06666;">
It is a specific directory on server in which the web contents are
placed and can be seen by website visitors. The directories other that
root may contain any sensitive data which administrator do not want
visitors to see. Everything accessible by visitor on a website is
placed in root directory. The visitor can not step out of root
directory.</div>
<br />
<a href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" name="more"></a><i style="color: #76a5af;"><b>what does ../ or ..\ (dot dot slash) mean ? </b></i><br />
<br />
<div style="color: #e06666;">
The ..\ instructs <a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink1" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">the </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">system</span></span></a> to go one directory up. For example, we are at this location <b>C:\xx\yy\zz</b>. On typing ..\ , we would reach at C:\xx\yy.</div>
<div style="color: #e06666;">
<br /></div>
<div class="separator" style="clear: both; color: #e06666; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7HZm28jmJvJsbB8eSZWdyi4pSg3DrnFWnvS2AhDG8iqhwSrgy6bCnli2eKiydm7XF5aUp3LC56Kiml_udowbBNFhiS4r9MQVXIfwqrPJf4iM6SRTWB-m0kxnqwWmnQ3XaGnWLIpeufnM/s1600/d1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7HZm28jmJvJsbB8eSZWdyi4pSg3DrnFWnvS2AhDG8iqhwSrgy6bCnli2eKiydm7XF5aUp3LC56Kiml_udowbBNFhiS4r9MQVXIfwqrPJf4iM6SRTWB-m0kxnqwWmnQ3XaGnWLIpeufnM/s1600/d1.jpg" /></a></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
Again on typing<b> ..\ </b>, we would rech at <b>C:\xx </b>. </div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
Lets again go at locatio<b>n C:\xx\yy\zz</b>. Now suppose we want to access a text file abc.txt placed in folder xx. We can type<b> ..\..\abc.txt</b> . Typing ..\ two times would take us two directories up (that is to directory xx) where abc.txt is placed.</div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #cc0000;">
<b>Note : Its ..\ on windows and ../ on UNIX like operating syatem.</b></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #76a5af; text-align: left;">
<i><b>What is Directory Transversel attack?</b></i></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
Directory Traversal is an HTTP exploit which allows attackers to access
restricted directories and execute commands outside of the web <a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink2" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">server's </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">root</span></span></a> directory.</div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
The goal of this attack is to access sensitive files placed on <a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink3" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">web </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">server</span></span></a> by stepping out of the root directory using dot dot slash .</div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
The following example will make clear everything</div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
Visit this website vulnerable to directory transversal attack</div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<br /></div>
<blockquote style="color: #e06666;">
<b>http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=notification.php</b></blockquote>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
This webserver is running on UNIX like operating system. There is a
directory 'etc' on unix/linux which contains configration files of
programs that run on system. Some of the files are
passwd,shadow,profile,sbin placed in 'etc' directory. </div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
The file<b> etc/passwd</b> contain the <a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink4" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">login </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">names</span></span></a> of users and even passwords too.</div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
Lets try to access this file on webserver by stepping out of the root
directory. Carefully See the position of directories placed on the
webserver.</div>
<div style="color: #e06666;">
<br /></div>
<div class="separator" style="clear: both; color: #e06666; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjG-fhnxFIS5Pw152PNAwlrZ1-H9u2rzmuV9PRa_LtyHjbomx_wtXtb9G3LOu8VLcXVa0y6fTh51hcptnDI0ewUAYH13ZkVuo5SsMIjdLsUTrjgbBGOY4qCj_H8TIDDC_h5pcRhQl57sGo/s1600/d2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjG-fhnxFIS5Pw152PNAwlrZ1-H9u2rzmuV9PRa_LtyHjbomx_wtXtb9G3LOu8VLcXVa0y6fTh51hcptnDI0ewUAYH13ZkVuo5SsMIjdLsUTrjgbBGOY4qCj_H8TIDDC_h5pcRhQl57sGo/s1600/d2.jpg" /></a></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
We do not know the actual names and contents of directories except 'etc' which is default name , So I have</div>
<div style="color: #e06666;">
marked them as A,B,C,E or whatever. </div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
We are in directory in F accessing the webpages of website. </div>
<div style="color: #e06666;">
<a href="http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd" rel="nofollow" target="_blank"><br />
</a></div>
<div style="color: #e06666;">
Lets type this in URL field and <a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink5" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">press </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">enter</span></span></a></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<br /></div>
<blockquote style="color: #e06666;">
<b>http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=etc/passwd</b></blockquote>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
This will search the directory 'etc' in F. But obviously, there is nothing like this in F, so it will <a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink6" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">return </span><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">nothing</span></span></a></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<b>Now type</b></div>
<blockquote style="color: #e06666;">
<b>http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd</b></blockquote>
<div style="color: #e06666;">
Now this will step up one directory (to directory E ) and look for 'etc' but again it will return nothing.</div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<b>Now type </b></div>
<div style="color: #e06666;">
<br /></div>
<blockquote style="color: #e06666;">
<b>http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../etc/passwd</b></blockquote>
<div class="separator" style="clear: both; color: #e06666; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6hkphssrKZkTK4D5AbyRTO4JArO01kKLP7cpKqTdGEZcdbIcmzDt8aTS13vSvV-M5l4HIQrszTWbMHUo6OSWYEyOjZz35R5RzRif7GoeSfPReAhjxmfFi-3nfm7rwTf8n5AbtVvkT2JA/s1600/d3.jpg" style="margin-left: 1em; margin-right: 1em;"><br />
</a></div>
<div style="color: #e06666;">
Now this will step up two directories<b> (to directory D )</b> and look for 'etc' but again it will return nothing.</div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
So by proceeding like this, we we go for this URL </div>
<blockquote style="color: #e06666;">
<b>http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../../../../etc/passwd </b></blockquote>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
It takes us 5 directories up to the main drive and then to '<b>etc</b>' directory and show us contents of '<b>passwd</b>' file.</div>
<div style="color: #e06666;">
To understand the contents of 'passwd' file, visit http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format</div>
<div style="color: #e06666;">
<br /></div>
<div class="separator" style="clear: both; color: #e06666; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-tyVXq1TIqJT_W3YGRRKU6wbUcI3ASLD1qHqc-5w03lSD6aJ5fwrypTvO58fE4-Q0Pn1q2NSCbE583wYB8gl02LcGQcSLP6VtujFCHmw1u6-j3sUW4adao36wlCJpw4RB8RZgQUMSYrw/s1600/d3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-tyVXq1TIqJT_W3YGRRKU6wbUcI3ASLD1qHqc-5w03lSD6aJ5fwrypTvO58fE4-Q0Pn1q2NSCbE583wYB8gl02LcGQcSLP6VtujFCHmw1u6-j3sUW4adao36wlCJpw4RB8RZgQUMSYrw/s1600/d3.jpg" /></a></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
You can also view<b> etc/profile ,etc/services</b> and many others files
like backup files which may contain sensitive data. Some files like
etc/shadow may be not be accessible because they are accesible only by
privileged users.</div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #cc0000;">
<b>Note- If proc/self/environ would be accessible, you might upload a shell on server which is called as Local File Inclusion.</b></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #76a5af;">
<b>Counter Measures</b></div>
<div style="color: #e06666;">
<br /></div>
<div style="color: #e06666;">
<b>1.</b> Use the latest <a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink7" style="font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">web </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">server </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">software</span></span></a></div>
<div style="color: #e06666;">
<b>2. </b>Effectively filter the user's input
</div>
<br />
<br />
Source:- www.rafayhackingarticles.net </div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-78198989303271082912012-06-02T15:03:00.001+05:302012-06-02T15:03:35.521+05:30Protect Your Website Against SQL Injection<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjPNNM53Rgho4Eli9MIM4Xh7KxDJmaHyd5hW6zQBdtELx418bS65kw6KUnyW-bwOx7jusQfBpx7zfc5mTDe0RRL9X2Otz8ujoiRkzvMbo8CIIjszq4qm1YsHM5f_yCuQvMaHhfhhjhjYo/s1600/xss-attacks-300x220.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjPNNM53Rgho4Eli9MIM4Xh7KxDJmaHyd5hW6zQBdtELx418bS65kw6KUnyW-bwOx7jusQfBpx7zfc5mTDe0RRL9X2Otz8ujoiRkzvMbo8CIIjszq4qm1YsHM5f_yCuQvMaHhfhhjhjYo/s1600/xss-attacks-300x220.jpg" /></a></div>
<br />
<br />
<strong style="color: #6aa84f;">Hacker-one: “ YES, I DID IT !!! “</strong><br style="color: #6aa84f;" />
<br style="color: #6aa84f;" />
<strong style="color: #274e13;">Hacker-two: “What ? “</strong><br style="color: #d9ead3;" />
<br style="color: #6aa84f;" />
<strong style="color: #6aa84f;">Hacker-one:” I HACKED ANOTHER SITE!!! “</strong><br style="color: #6aa84f;" />
<br style="color: #6aa84f;" />
<strong style="color: #274e13;">Hacker-two: “Great!!! How did you do that? “</strong><br style="color: #6aa84f;" />
<br style="color: #274e13;" />
<strong style="color: #274e13;">Hacker-one:” SQL INJECTION !!! :p “</strong><br style="color: #274e13;" />
<br />
<span style="color: #ea9999;">Yes, one of the common methods that are being used by hackers is<i><u> </u></i></span><i style="color: #ea9999;"><u><strong>SQL INJECTION</strong>.</u></i><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
Sites get hacked by the sql injection due to the loop hole that is left
by developers most of the times while developing a web application.</span><br style="color: #ea9999;" />
<a href="" name="more" style="color: #ea9999;"></a><br style="color: #ea9999;" /><span style="color: #ea9999;">
I will be explaining you today how to avoid <u><i>SQL INJECTION </i></u>when you are developing a web application with <u><i>PHP.</i></u></span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
I will be explaining with the help of an example, suppose we have text fields on our form</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" />
<b style="color: #ea9999;">1.</b><span style="color: #ea9999;"> User Name</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" />
<b style="color: #ea9999;">2.</b><span style="color: #ea9999;"> Password</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
and a login button.</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
When we login, the validation for the valid user is checked on the
back-end. If the user is a valid user, he logs into the system else an
error message “incorrect username or password” is shown.</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
What happens on the back-end,</span><br />
<br style="color: #6aa84f;" />
<b style="color: #6aa84f;">$userName=$_POST[‘userName’];</b><br style="color: #6aa84f;" />
<b style="color: #6aa84f;"><br />
</b><br style="color: #6aa84f;" />
<b style="color: #6aa84f;">$password =$_POST[‘password’];</b><br style="color: #6aa84f;" />
<br style="color: #6aa84f;" />
<b style="color: #6aa84f;">$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password= ‘”.$password.”’ ; ”;</b><br />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
This is where the developer has left a loop hole if instead of password I enter </span><strong style="color: #ea9999;">‘ or ‘a’=’a </strong><span style="color: #ea9999;">the password field has the value</span><br style="color: #ea9999;" />
<b style="color: #ea9999;"><br />
</b><br style="color: #ea9999;" />
<b style="color: #6aa84f;">$password is ‘or ‘a’=’a</b><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
Lets place this value in query and the query becomes</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and </span><strong style="color: #ea9999;">user_password=’ ‘or ‘a’=’a’;</strong><span style="color: #ea9999;"> ”;</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
You can see clearly , password doesn’t match but the other statement </span><strong style="color: #ea9999;"> a=a</strong><span style="color: #ea9999;"> matches so </span><strong style="color: #ea9999;">OR </strong><span style="color: #ea9999;">operator
will work and the user will login into the system without knowing the
actual password. I can even give you the names of some </span><strong style="color: #ea9999;">famous websites</strong><span style="color: #ea9999;"> </span><strong style="color: #ea9999;">where you can inject sql or use this technique.</strong><br />
<br style="color: #6fa8dc;" />
<strong style="color: #6fa8dc;">HOW TO AVOID IT ???</strong><br />
<br style="color: #c27ba0;" />
<br />
<span style="color: #ea9999;">
Don’t treat the field values as mentioned above</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
Use this function</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" />
<strong style="color: #6aa84f;">function BlockSQL Injection($str){ </strong><br style="color: #6aa84f;" />
<br style="color: #6aa84f;" />
<strong style="color: #6aa84f;">return str_replace(array("'",""","'",'"'), array("&#39;","&quot;","&#39;","&quot;"), $str);</strong><br style="color: #6aa84f;" />
<br style="color: #6aa84f;" />
<strong style="color: #6aa84f;">}</strong><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
This will replace the characters( that can break the string) in the string.</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
So you can use this function as</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" />
<b style="color: #6aa84f;">$userName= BlockSQL Injection ($_POST[‘userName’]);</b><br style="color: #6aa84f;" />
<b style="color: #6aa84f;"><br />
</b><br style="color: #6aa84f;" />
<b style="color: #6aa84f;">$password = BlockSQL Injection ($_POST[‘password’]);</b><br style="color: #6aa84f;" />
<br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
Now the hacker wont be able to break the QUERY STRING.</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
We have many frameworks in PHP that provide this functionality such as quotes_to_entities($string) in CODE IGNITER.</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
Use some desgin pattern when you are building a big application, model,
controller, your view layers and DAO (data access object layer) must be
implemented to make it losely coupled and extensible.</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
A huge number of sites have been developed in core php, where we don’t
use any framework. Wordpress is very secure but when it comes to PLUGINS
(that we donwload and use), they can have the loop holes inside them.
Stay alert while developing web applications, you never know when you
are gonna get hacked. Stay blessed! :)</span><br style="color: #ea9999;" />
<br style="color: #ea9999;" /><span style="color: #ea9999;">
Good Luck !</span><br style="color: #ea9999;" />
<b style="color: #ea9999;"><br />
</b><br style="color: #ea9999;" />
<b style="color: #ea9999;">About The Author</b><br style="color: #ea9999;" />
<br style="color: #f4cccc;" /><span style="color: #f4cccc;">
Danyal Sandeelo is a Software Developer at </span><b style="color: #f4cccc;">"breezecom".</b></div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-33859465661928454502012-06-01T15:44:00.001+05:302012-06-12T16:08:52.900+05:30Flood/Hack a website with denial of service attack<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="color: #93c47d; text-align: left;">
<u><i><b>What is a Denial Of Service Attack?</b></i></u></h2>
<div style="text-align: left;">
<br />
<b style="color: #76a5af;">A denial of service attack</b><span style="color: #76a5af;"> (DOS) is an attack through which a
person can render a system unusable or significantly slow down the
system for legitimate users by overloading the resources, so that no one
can access it.</span><br />
<span style="color: #76a5af;">
If an attacker is unable to gain access to a machine, the attacker most
probably will just crash the machine to accomplish a denial of service
attack,this one of the most used method for </span><b style="color: #76a5af;">website hacking</b><br />
<a href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" name="more" style="color: #76a5af;"></a><br />
<b style="color: #f4cccc;">Types of denial of service attacks</b><br />
<br />
<span style="color: #76a5af;">
There are several general categories of </span><a class="kLink" href="http://www.blogger.com/blogger.g?blogID=2440917673892632855" id="KonaLink0" style="color: #76a5af; font-family: inherit ! important; font-size: inherit ! important; font-weight: inherit ! important; position: static; text-decoration: underline ! important;"><span style="color: blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">DoS </span><span class="kLink" style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">attacks</span></span></a><span style="color: #76a5af;">.Popularly, the attacks are divided into three classes:</span><br />
<br />
<b style="color: #9fc5e8;">bandwidth attacks,</b><br />
<b style="color: #9fc5e8;">protocol attacks</b><br />
<b style="color: #9fc5e8;">l</b><b style="color: #9fc5e8;">ogic attacks</b><br />
<br />
<br />
<b style="color: #f4cccc;">What is Distributed Denial of Service Attack?</b><br />
<br />
<span style="color: #a2c4c9;">In DDOS attack, The attacker launches the attack using several machines.
In this case, an attacker breaks into several machines, or coordinates
with several zombies to launch an attack against a target or network at
the same time.</span><br />
<span style="color: #a2c4c9;">
This makes it difficult to detect because attacks originate from several
IP addresses.If a single IP address is attacking a company, it can
block that address at its firewall. If it is 30000 this is extremely
difficult.</span><br />
<br />
<b style="color: #ea9999;">Damages made By Denial of service attack:</b><br />
<br />
<span style="color: #76a5af;">Over past years Denial of service attack has made huge amount of damage,Many of the have been victimed of this attack</span><br />
<span style="color: #76a5af;">
Its Real,On February 6th, 2000, </span><a href="http://www.yahoo.com/" style="color: #76a5af;">Yahoo</a><span style="color: #76a5af;">
portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was
hit the next day, hours after going public. By that evening, eBay
(EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the
morning, the mayhem continued with online broker E*Trade (EGRP) and
others having traffic to their sites virtually choked off.</span><br />
<br />
<span style="color: #76a5af;">
This attack also recently hit </span><a href="http://www.blogger.com/www.twitter.com" style="color: #76a5af;">twitter</a><span style="color: #76a5af;">
on 6th August 2009,lot of people had trouble on logging on twitter,It
was brought down by denial of service attack,They tired up there server
so no one can get on log on it.Websites like facebook,ebay etc have also
been victim of this attack.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYDPu96SvyA1iI_uromK-SYqgW94wmgDK9mfop7MiELj5g0rsbbKEDrnPsSm-ny4D9nF_mQkD9ZCEuVyjTh9unhQg1oEzKZkHo-UEb5MYF9vZW38i1zuegIblgMTFq12ppb7dfX-a5Se0/s1600/DoS_Frame_2.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="484" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYDPu96SvyA1iI_uromK-SYqgW94wmgDK9mfop7MiELj5g0rsbbKEDrnPsSm-ny4D9nF_mQkD9ZCEuVyjTh9unhQg1oEzKZkHo-UEb5MYF9vZW38i1zuegIblgMTFq12ppb7dfX-a5Se0/s640/DoS_Frame_2.gif" width="640" /></a></div>
<div style="color: #76a5af;">
</div>
<span style="color: #76a5af;"> Now i will show you how you can </span><b style="color: #76a5af;">flood a website with Denial of service attack</b><span style="color: #76a5af;">.
For this tutorial we will be using one of the most effective and one of
the least known tools called "Low Orbit Ion Cannon", created by
Anonymous members from 4chan.org, this program is one of the best for
DDoS'ing, and I have successfully used it to DDoS websites. An internet
connection as bad as mine (2,500 kb/s) was able to keep a site down for a
day with this program running. Remember that this tool will work best
with high internet speeds, and try not to go for impossible targets
(like Google, Myspace,Yahoo). LOIC is used on a single computer, but
with friends it's enough to give sites a great deal of downtime.</span><br />
<br />
<span style="color: #f6b26b;">Prerequisites: Download LOIC (Low Orbit Ion Cannon). Open up LOIC.</span><br />
<span style="color: #f6b26b; font-size: x-small;">(I am not giving a download link because then i will be accused for exiting hackers,try goggling)</span><span style="color: #f6b26b;">.</span><br />
<br />
<span style="color: #e06666;">
Step 1: Type the target URL in the URL box.</span><br />
<br />
<span style="color: #e06666;">
Step 2: Click lock on.</span><br />
<br />
<span style="color: #e06666;">
Step 3: Change the threads to 9001 for maximum efficiency.</span><br />
<br />
<span style="color: #e06666;">
Step 4: Click the big button "</span><b style="color: #e06666;">IMMA FIRIN MAH LAZAR!</b><span style="color: #e06666;">"</span><br />
<br />
<span style="color: #76a5af;">Feel free to tweak around with these settings and play around with the
program to get the best performance. Then minimize and go do whatever
you need to do, the program will take care of the rest! </span><br />
<br />
Source:- www.rafayhackingarticles.net <span style="color: #76a5af;"><br /></span></div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com1tag:blogger.com,1999:blog-2440917673892632855.post-44538381007429163792012-05-31T16:16:00.000+05:302012-06-12T16:10:50.730+05:30SQL Injection Filter Evasion Part 1<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="color: #45818e;">
<span style="font-size: large;">I</span>n this tutorial I will explain you some of the basics of SQL Injection
filter Evasion, This is the first part of the two of the articles I will
post on SQL Injection filter evasion and bypassing, In this post I am
not gonna teach you <b>Basics of SQL injection</b>, I will assume that
you already know them, because cmon every one talks about it, you will
find tons and tons of posts on forums related to basics of SQL
Injection, In this post I will talk about common methods of used by
hackers and pentesters for evading IDS, IPS, WAF's such as Modsecurity,
dotdefender etc.</div>
<br />
<br />
<h3 style="color: #ea9999; text-align: left;">
<b>WebApplication <a class="kLink" href="http://www.rafayhackingarticles.net/2011/10/sql-injection-filter-evasion-part-1.html#" id="KonaLink2" style="font-family: inherit !important; font-size: inherit !important; font-weight: inherit !important; position: static; text-decoration: underline !important;"><span style="font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">Firewalls</span></span></a>:</b></h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIe3-3EytMX0L4UOKY1ixT1vtIPXMMVSNWlxAn23XiHC9BR69U4c_MITDTCPEe7ZRnuPStl9RpnxIkCNkqJ_l7S174MpUIxrqz4UEEdC41ktWIFcj5_4rAECv2wL6ykTIyA8m-Y3dSWaY/s1600/dotlocked1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="149" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIe3-3EytMX0L4UOKY1ixT1vtIPXMMVSNWlxAn23XiHC9BR69U4c_MITDTCPEe7ZRnuPStl9RpnxIkCNkqJ_l7S174MpUIxrqz4UEEdC41ktWIFcj5_4rAECv2wL6ykTIyA8m-Y3dSWaY/s320/dotlocked1.jpg" width="320" /></a></div>
<h4 style="color: #8e7cc3; font-weight: normal;">
</h4>
<h4>
<span style="color: #8e7cc3; font-weight: normal;">According to webappsec "</span><i style="color: #8e7cc3; font-weight: normal;"><a class="kLink" href="http://www.rafayhackingarticles.net/2011/10/sql-injection-filter-evasion-part-1.html#" id="KonaLink3" style="font-family: inherit !important; font-size: inherit !important; font-weight: inherit !important; position: static; text-decoration: underline !important;"><span style="color: blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">Web </span><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">Application </span><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">Firewall</span></span></a>
(WAF): An intermediary device, sitting between a web-clientand a web
server, analyzing OSI Layer-7 messages for violations in the
programmedsecurity policy. A web <a class="kLink" href="http://www.rafayhackingarticles.net/2011/10/sql-injection-filter-evasion-part-1.html#" id="KonaLink4" style="font-family: inherit !important; font-size: inherit !important; font-weight: inherit !important; position: static; text-decoration: underline !important;"><span style="color: blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">application </span><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">firewall</span></span></a> is used as a <a class="kLink" href="http://www.rafayhackingarticles.net/2011/10/sql-injection-filter-evasion-part-1.html#" id="KonaLink5" style="font-family: inherit !important; font-size: inherit !important; font-weight: inherit !important; position: static; text-decoration: underline !important;"><span style="color: blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">security </span><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">device</span></span></a> protecting theweb server from attack</i><span style="color: #8e7cc3; font-weight: normal;">."</span><br style="color: #8e7cc3; font-weight: normal;" />
<br style="color: #8e7cc3; font-weight: normal;" /><span style="color: #8e7cc3; font-weight: normal;">
Almost all Webapplication </span><a class="kLink" href="http://www.rafayhackingarticles.net/2011/10/sql-injection-filter-evasion-part-1.html#" id="KonaLink6" style="color: #8e7cc3; font-family: inherit ! important; font-size: inherit ! important; font-weight: normal ! important; position: static; text-decoration: underline ! important;"><span style="color: blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;"><span class="kLink" style="background-color: transparent; border-bottom: 1px solid blue; font-family: inherit; font-size: inherit ! important; font-weight: inherit ! important; position: static;">firewalls</span></span></a><span style="color: #8e7cc3; font-weight: normal;"> and IDS use Signature based protection, where they are looking of common inputs such as </span><span style="color: #8e7cc3;">"'Or 1=1", "Or x=x" </span><span style="color: #8e7cc3; font-weight: normal;">etc.
But in my opinion webapplication firewalls are only good for detecting
automated tools and script kiddies. However if the tool you are using
for attacking a SQL Injection vulnerable database is an open source such
as</span><span style="color: #8e7cc3;"> SQLMAP</span><span style="color: #8e7cc3; font-weight: normal;">, You can easily modify it to evade a webapplication firewall.</span><b> </b></h4>
<h4>
<b><br /></b></h4>
<h4 style="color: #6fa8dc;">
<b>Detecting A WAF:</b></h4>
<span style="color: #8e7cc3;">Before learning about bypassing the WAF,
You must know how to detect a Webapplication firewall. There are
numerous methods of detecting if the target website is using a
Webapplication firewall.</span><br />
<br />
<b style="color: #6fa8dc;">Prompt Message:</b><br />
<br />
<b style="color: #8e7cc3;">1.</b><span style="color: #8e7cc3;"> If you are attacking a website and you get an error like</span><b style="color: #8e7cc3;"> "Hacking attempt detected"</b><span style="color: #8e7cc3;"> or </span><b style="color: #8e7cc3;">"Page not found"</b><span style="color: #8e7cc3;">, you are up against a WAF.</span><br />
<br />
<b style="color: #6fa8dc;">Cookies:</b><br />
<br />
<span style="color: #8e7cc3;">The most common method of detecting a webapplication firewall is by
capturing the http:// request, Lots of WAF's add their own cookie in the
HTTP communication.</span><br />
<br />
<span style="color: #8e7cc3;">
Here is a live brazilian website using WAF, The cookie value "WAT" shows that the target host is using a WAF:</span><br />
<br />
<div style="color: #f4cccc;">
<b> GET /news.asp?PageId=254 HTTP/1.1</b><b>Host: www.poupex.com.br</b><b>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.12)</b><b>Accept: image/png,*/*;q=0.5</b><b>Accept-Encoding: gzip,deflate</b><b>Keep-Alive: 300</b><b>Proxy-Connection: keep-alive</b><b>Referer: http://www.SomeSite.com</b><b>Cookie:ASPSESSIONCWKSPSVLTF=OUESYHFAPQLFMNBTKJHGQGXM;</b><b>ns_af=xL9sPs2RIJMF5GhtbxSnol+xU0uSx;</b><b>ns_af_.SomeSite.com_%2F_<i><u><span class="Apple-style-span" style="font-size: medium;">wat</span></u></i>=KXMhOJ7DvSHNDkBAHDwMSNsFHMSFHEmSr?nmEkaen19mlrw</b><b>Bio1/lsrzV810C&</b></div>
<div style="color: #f4cccc;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVWAmIhrPwE9OF7WQZQVRwLzTa_9Uc6NbwLB6apctXADNw1kDGeS-kcdJFiyEeS1FM9aIkKbb71Qr5sZQ9o_yPAHBL00QIRdhxMMmeh1ZZgsHFJJxMsokzI3KZXgGEsJnprWDe4biFcA4/s1600/poupex.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVWAmIhrPwE9OF7WQZQVRwLzTa_9Uc6NbwLB6apctXADNw1kDGeS-kcdJFiyEeS1FM9aIkKbb71Qr5sZQ9o_yPAHBL00QIRdhxMMmeh1ZZgsHFJJxMsokzI3KZXgGEsJnprWDe4biFcA4/s1600/poupex.png" /></a></div>
<br />
<br />
<b style="color: #6fa8dc;">Dotdefender:</b><br />
<br />
<span style="color: #8e7cc3;">If you are up against a Dotdefender you will get the following error message:</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBOVvs9q5RAboxl8im3xaRlP9xa3rQg3zKllivQWM_gIoay-wkTCRTmfyHDNEVkE-ZlbY85iQpQgXPi5_S8s0nPnHLZPd-cL6qllH9zjK8rl8C8sJL48hWCd43lLpwXqEk9UuifS99lI4/s1600/dotDefender-error-message.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="144" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBOVvs9q5RAboxl8im3xaRlP9xa3rQg3zKllivQWM_gIoay-wkTCRTmfyHDNEVkE-ZlbY85iQpQgXPi5_S8s0nPnHLZPd-cL6qllH9zjK8rl8C8sJL48hWCd43lLpwXqEk9UuifS99lI4/s320/dotDefender-error-message.png" width="320" /></a></div>
<br />
<br />
<br />
<b style="color: #6fa8dc;">Observing HTTP Response:</b><br />
<br />
<span style="color: #8e7cc3;">
If you see a similar http response whenever you make a malicious http request, you are probably up against a MOD secuirty WAF.</span><br />
<br />
<br />
<div style="color: #f4cccc;">
<br /></div>
<blockquote class="tr_bq" style="color: #f4cccc;">
<b>HTTP/1.1 501 Method Not Implemented</b><b>Date: Fri, 27 Jun 2008 23:30:54 GMT</b><b>Allow: TRACE</b><b>Content-Length: 279</b><b>Connection: close</b><b>Content-Type: text/html; charset=iso-8859-1</b><b>http://ws.</b></blockquote>
<br />
<br />
<br />
<br />
<h4 style="color: #6fa8dc;">
<b>WEBAPPLICATION Firewall Evasion:</b></h4>
<br />
<br />
<span style="color: #8e7cc3;">
There are tons and tone of methods to evade a webapplication firewall, Here is some of them:</span><br />
<br />
<b style="color: #8e7cc3;">1. </b><span style="color: #8e7cc3;">Comments.</span><br />
<b style="color: #8e7cc3;">2. </b><span style="color: #8e7cc3;">Changing Cases.</span><br />
<b style="color: #8e7cc3;">3. </b><span style="color: #8e7cc3;">Encoding.</span><br />
<br />
<span style="color: #8e7cc3;">
And much more.</span><br />
<br />
<b style="color: #f4cccc;">Example of a sample IDS and WAF Signature:</b><br />
<br />
<div style="color: #8e7cc3;">
<span class="Apple-style-span" style="font-family: monospace; font-size: 13px;">alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg: “SQL Injection attempt detected, Your IP has been logged”;</span></div>
<div style="color: #8e7cc3;">
<span class="Apple-style-span" style="font-family: monospace; font-size: 13px;">flow: to_server, established; content: “' or 1=1 --”; nocase; sid: 1; rev:1;</span></div>
<div style="color: #8e7cc3;">
<span class="Apple-style-span" style="font-family: monospace; font-size: 13px;"><br />
</span></div>
<span style="color: #8e7cc3;">The above signature is telling WAF that if the attackers inputs the
following content into the webpage "' OR 1=1" display the message</span> <b style="color: #f4cccc;">"SQL Injection attempt detected, Your IP has been logged".</b><br />
<b><br />
</b><br />
<div style="color: #6fa8dc;">
<b>Bypassing The Signature:</b></div>
<b><br />
</b><br />
<div style="color: #8e7cc3;">
Such poorly written signatures can be easily bypassed. Think for a second what if the attacker inputs ' OR <b>2=2, Isn't 2=2</b>, How about <b>OR 3=3</b> and
so on. So such poorly written signatures are good for nothing. You can
also add comments in order to bypass more complex signatures, e.g OR<b> 2/**/=/**/2.</b></div>
<br />
<div style="color: #6fa8dc;">
<b>Comments:</b></div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #8e7cc3;">
Comments are one of the most easiest ways to defeat a WAF, As lots of
signatures are not looking for the comments they are just looking for
the malicious keywords.</div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #6fa8dc;">
<b>Union statement against a WAF without comments:</b></div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #8e7cc3;">
<i>www.site.com/a.php?id=123 union select 1,2,3,4,5-- BLOCKED</i></div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #6fa8dc;">
<b>Union statement against a WAF with comments:</b></div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #8e7cc3;">
<i>www.site.com/a.php?id=123 union/*We are bypassing the WAF*/select/*Rafay Hacking Artcles*/1,2,3,4,5-- ALLOWED</i></div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #6fa8dc;">
<b>Changing Cases:</b></div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #8e7cc3;">
Some WAF's don't have any rule or signatures to detect upper cases, Here are some examples of a union statement with Uppercase.</div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #8e7cc3;">
<i>uNiOn aLl sElEcT </i></div>
<div style="color: #8e7cc3;">
<i>UnIoN aLL SELECT</i></div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #8e7cc3;">
You can combine uppercase statements with comments for more better results:</div>
<div style="color: #8e7cc3;">
<b>www.site.com/a.php?id=123 uNiOn All sEleCt/*We are bypassing the WAF*/select/*Rafay Hacking Artcles*/1,2,3,4,5--</b></div>
<div style="color: #8e7cc3;">
<br /></div>
<div style="color: #8e7cc3;">
Well I hope you have liked this post, In this post we talked about
detecting a WAF and some basic techniques on evading a webapplication
firewall, However in the next post we will look at some more advanced
techniques such as encoding, whitespaces etc to bypass a webapplication
firewall.
</div>
<br />
Source:- www.rafayhackingarticles.net </div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-8460960078373340042012-05-30T16:09:00.000+05:302012-06-12T16:12:28.209+05:30How to create Fake login page for any website<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="color: #d9ead3;">
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">A
Fake Login Page is a page that exactly resembles the original login
page of sites like Yahoo,Gmail etc.However, these Fake login pages are
created just for the purpose of stealing other’s passwords.</span></span></div>
<div style="color: #9fc5e8;">
<br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">So in this post i will show method to </span></span><b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">create Fake login page </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> for desired site:</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><br />
</span> </span><span class="Apple-style-span" style="font-size: x-small;"> </span></b><b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> </span></span></b><br />
<span class="Apple-style-span" style="color: #c27ba0;"><b><span class="Apple-style-span" style="font-size: x-small;"><span class="Apple-style-span" style="font-family: 'Trebuchet MS',sans-serif;">How to create fake login page - Procedure?</span></span></b></span><br />
<span class="Apple-style-span" style="font-weight: bold;"><span class="Apple-style-span"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><br />
</span> </span><span class="Apple-style-span" style="font-size: x-small;"> </span></span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Now it's easy to build a Fake Login Pages without any knowledge of Programming Languages. One can use </span></span><a href="http://www.jotform.com/"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">http<span id="goog_1905013452"></span>://www.jotform.com<span id="goog_1905013453"></span></span></span></a><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> to build the Sign Up page.</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><br />
</span> </span><span class="Apple-style-span" style="font-size: x-small;"> </span><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> </span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{1}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Open </span></span><b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">www.jotform.com </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">and Sign Up.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{2}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> then Login there with your newly registered account.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{3}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> now click on ‘ Create your first form’.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{4}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">
Now delete all the pre-defined entries, just leave ‘First Name:’ (To
delete entries, select the particular entry and then click on the cross
sign.)</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{5}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">
Now Click on ‘First Name:’ (Exactly on First Name). Now the option to
Edit the First Name is activated, type there “username:” (for Gmail) or
YahooId: (for Yahoo)</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{6}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Now Click on ‘Power Tool’ Option (In right hand side…)</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{7}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Double click on ‘Password Box’. Now Click the newly form password entry to edit it. Rename it as ‘Password:’</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{8} Now Click on ‘Properties’ Option (In right hand side…). These are the form properties.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{9} </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">You can give any title to your form. This title is used to distinguish your forms. This Title cannot be seen by the victim.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{10} </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Now
in Thank You URL you must put some link, like http://www.google.com or
anything. Actually after entering username & password, user will get
redirect to this url.(Don’t leave it blank…)</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{11}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Now Click on ‘Save’. After saving, click on ‘Source’ Option.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{12}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Now you can see two Options, namely ‘Option1′ & ‘Option2′. Copy the full code of ‘Option2′.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{13} </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Now open Notepad text editor and write the following code their.</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Paste the Option2 code here</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{14} </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">And
now save this as index.html. And then host it, mean you will have to
put it on the internet so that everyone can view it. Now i think that
you would be knowing it and if in case you do not know it please leave a
comment with your email-id and i will mail you how to do it.</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Now you can view it by typing the url in the address bar.</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><br />
</span> </span><span class="Apple-style-span" style="font-size: x-small;"> </span><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> </span></span><br />
<b style="color: #c27ba0;"><span class="Apple-style-span"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">NOTE</span></span></span></b><span class="Apple-style-span" style="color: #c27ba0;"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">: </span></span></span><b style="color: #c27ba0;"><span class="Apple-style-span"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">If
u want to send it to the internet, then first you will have to create a
hosting account which you can create on www.110mb.com and there are
many other sites which you can find on the internet very easily.<br />
I suppose that you created your account at 110mb.com<br />
now login to your account then click on “File Manager”, then click on
“upload files” or just “upload”. Then select the file which you want to
send to the internet and click on upload. And you are done.<br />
Now you can access you file on the net by just typing the url of the file.<br />
And you will receive password of the users that login to your site
through email-id which you’ve entered while creating the form.</span></span></span></b><br />
<br />
<br />
Source:- www.rafayhackingarticles.net <b style="color: #c27ba0;"><span class="Apple-style-span"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> </span></span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><span style="color: #c27ba0;"> </span></span></span></div>
</div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com2tag:blogger.com,1999:blog-2440917673892632855.post-57195458769223144732012-05-29T15:14:00.000+05:302012-06-12T16:13:59.301+05:30Netbios Hacking<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="color: #f4cccc;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiL2f7OlCPL8jrnqcoc2kOO5gp5H64L-sdaC0Z_mrLhMLWGWtXpCBdCQvolFYuSEgI5oxeNLa8xP0jVwMc_qAR-qQIaley2kPMfkjO184NoiJkjLjPy_8-yS1A8tBrJqutlBNXT6gpLeoY/s1600/netbios-300x149.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiL2f7OlCPL8jrnqcoc2kOO5gp5H64L-sdaC0Z_mrLhMLWGWtXpCBdCQvolFYuSEgI5oxeNLa8xP0jVwMc_qAR-qQIaley2kPMfkjO184NoiJkjLjPy_8-yS1A8tBrJqutlBNXT6gpLeoY/s1600/netbios-300x149.jpg" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<i style="color: #f4cccc;"><u><b>THIS NETBIOS HACKING GUIDE WILL TELL YOU ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER. NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER.</b></u></i><br />
<br />
<span style="color: #fce5cd;">STEP-BY-STEP NETBIOS HACKING PROCEDURE</span><br />
<br />
<span style="color: #cfe2f3;">1.Open command prompt</span><br />
<br />
<span style="color: #cfe2f3;">2. In the command prompt use the “<b>net view</b>” command</span><br />
<span style="color: #cfe2f3;">( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “<u><b>IP TOOLS</b></u>” SOFTWARE BY ENTERING RANGE OF <u><b>IP ADDRESSS</b></u>. BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME).</span><br />
<br />
<span style="color: #eeeeee;"> </span><span style="color: #fff2cc;"> <span style="background-color: #eeeeee;"> <span style="background-color: #f3f3f3;"> </span></span></span><b style="background-color: #eeeeee; color: #6fa8dc;">Example: C:\>net view \\219.64.55.112</b><br />
<br />
<span style="color: #cfe2f3;">The above is an example for operation using command prompt. “net view” is one of the netbios command to view the shared resources of the remote computer. Here “219.64.55.112? is an IP address of remote computer that is to be hacked through <i><u><b>Netbios</b></u></i>. You have to substitute a vlaid IP address in it’s place. If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown. If not an error message is displayed. So repeat the procedure 2 with a different IP address.</span><br />
<br />
<span style="color: #cfe2f3;">3. After succeeding, use the “<b>net use</b>” command in the command prompt. The “net use” is another netbios command which makes it possible to hack remote drives or printers.</span><br />
<span style="color: #fff2cc;"> </span><b style="color: #fff2cc;"><span style="background-color: #eeeeee; color: #ead1dc;">Example-1:</span><br style="color: #ead1dc;" /><span style="color: #ead1dc;"> <span style="color: #6fa8dc;"> </span><span style="background-color: #eeeeee; color: #6fa8dc;">C:\>net use D: \\219.64.55.112\F</span></span><br style="color: #ead1dc;" /><span style="color: #ead1dc;"> <span style="color: #6fa8dc;"> </span><span style="background-color: #eeeeee; color: #6fa8dc;">Example-2:</span></span><br style="color: #ead1dc;" /><span style="color: #ead1dc;"> <span style="background-color: #d9ead3; color: #6fa8dc;"><span style="background-color: #eeeeee;">C:\>net use G: \\219.64.55.112\SharedDocs</span></span></span><br style="color: #6fa8dc;" /><span style="color: #ead1dc;"> <span style="background-color: #eeeeee;">Example-3:</span></span><br style="color: #6fa8dc;" /><span style="color: #ead1dc;"> <span style="background-color: #eeeeee;">C:\>net use I: \\219.64.55.112\Myprint</span></span><br style="color: #6fa8dc;" /><span style="color: #6fa8dc;"> </span></b><br />
<div style="color: #6fa8dc;">
<br /></div>
<div style="color: #6fa8dc;">
<b> <span style="background-color: #eeeeee;">NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk.</span></b></div>
<div style="color: #6fa8dc;">
<br /></div>
<b><span style="background-color: #d9ead3; color: #ead1dc;"><span style="background-color: #eeeeee;">NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES, FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER. THAT IS, IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DRIVE.</span> </span>AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT</b><br />
<span style="color: #cfe2f3;">F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer. These are displayed after giving “net use” command. “219.64.55.112? is the IP address of remote computer that you want to hack.</span><br />
<br />
<span style="color: #cfe2f3;">4. After succeeding your computer will give a message that “<b>The command completed successfully</b>“. Once you get the above message you are only one step away from hacking the computer.</span><br />
<br />
<span style="color: #cfe2f3;">Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name. You can open it and access remote computer’s Hard-Drive. You can copy files, music, folders etc. from victim’s hard-drive. You can delete/modify data on victim’s hard-drive only if <i><b>WRITE-ACCESS</b></i> is enabled on victim’s system. You can access files/folders quickly through “Command Prompt”.</span><br />
<br />
<b style="background-color: #d9ead3; color: #ead1dc;">NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios. That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed). So Repeat The Procedure 2,3 With Different IP Address.</b><br />
<br />
Source:- www.gohacking.com <b style="background-color: #d9ead3; color: #ead1dc;"><br /></b></div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0tag:blogger.com,1999:blog-2440917673892632855.post-47183148816523586812012-05-29T14:25:00.000+05:302012-06-12T16:15:23.153+05:30Facebook Hacking by Tabnapping<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="color: #8e7cc3;"><i><b><span style="font-size: large;">T</span></b></i>oday i will teach you how to hack Facebook account password using <b>Tabnapping. Tabnapping </b>is a modern type of phishing method used to hack websites passwords. As we all know normal Phishing attack is easily detectable on Facebook because Facebook has implemented an extra code that validates the previous arriving URL and some basic functions. If it founds that page from which you arrived is a Facebook Phish or fake page, it displays a warning message to user that You have been arrived from fraudulent or fake page. So please change you Facebook account password immediately. So user easily came to know that was made lol by someone and he changes his password again. So overall the hacking attempt is failed.</span><br />
<span style="color: #8e7cc3;">Ahhaha... The old Phishing methods are for novice users who are just script kiddie's and doesn't ABC of hacking.. As technology is changing, to survive as hacker you also need to change your hacking techniques with time. And key to this is coding and language knowledge.</span><br />
<h3 style="color: #cfe2f3; text-align: left;">
<i><u>What is Tabnapping and what advantage it provides over phishing ?</u></i></h3>
<div style="text-align: left;">
<span style="color: #8e7cc3;">As i already told friends, tabnapping is modern phishing technology that hacking experts to hack victims passwords.<b> Tabnapping</b> is same as Phishing, the only difference between them is Phishing redirects you to particular page while <b>Tabnapping</b> uses the meta refresh feature of web browsers to refresh the page after particular delay (delay is set by user). Meta refresh is just a meta tag that is used in header part of web pages for sending traffic from a source to destination website after few seconds delay depending upon setting. Since its a meta tag so its only processed but no data in cookies is stored. Here the advantage lies, when Facebook checks for the previous page or source from which we are arriving at Facebook, it founds none as we are dynamically refreshing the page which acts similar like we are opening a Facebook page in new tab. Now Facebook recognizes this as user intentionally opened Facebook and he hasn't arrived there through an script or automatic program. So we tab nabbed Facebook from the back end using the meta refresh tag.</span><br />
<b><i><u><span style="color: #cfe2f3;">Requirements:</span></u></i></b></div>
<ol style="color: #d9ead3; font-family: Times,"Times New Roman",serif; text-align: left;">
<li><b> </b><b> <i><a href="http://www.mediafire.com/download.php?mvaqu4cj4oqyzbq" target="_blank">Phishing Pages</a></i> </b></li>
<li><b> Register on </b><b><i><a href="http://www.my3gb.com/" target="_blank">My3gb</a></i> website and upload these to them.</b></li>
<li><b> Send the link to victim.</b></li>
</ol>
<div style="text-align: left;">
<br /></div>
<h3 style="color: #cfe2f3; text-align: left;">
<i><u>How to hack Facebook account password using Tabnapping:</u></i></h3>
<div style="text-align: left;">
<span style="color: #8e7cc3;">This technique hardly requires less than 5 minutes to hack the Facebook account password.This is the first version of this hack. I will tell you the improvement in this technique in further tutorials. <b>Follow these Steps...</b></span><br />
<b><br style="color: #d9ead3;" /></b></div>
<ol style="color: #d9ead3; text-align: left;">
<li><b> </b><b><a href="http://www.mediafire.com/download.php?mvaqu4cj4oqyzbq" target="_blank">Download</a> Phishing Pages </b></li>
<li><b> Unzip the folder ,these are total four files.</b></li>
<li><b> Now Register on</b><b> <a href="http://www.my3gb.com/" target="_blank">my3gb</a> website and upload these to them.</b></li>
<li><b> Now open the index file and send its link to victim.</b></li>
<li><b> Check the password file to get the password of victim.</b></li>
</ol>
<div style="text-align: left;">
<br />
<u style="color: #76a5af;">The only thing i not included in this tutorial is How to send Phishing emails. You all know the reason for this, we cannot discuss such things directly on internet because that can be <b style="color: #93c47d;">misused by newbies</b> and i don't want that anybody should use my tutorials for wrong way. <b style="color: #93c47d;">I write blogs just to guide you how hackers do the things</b>. My intention is to guide you latest things happening in security field and not to make you a cracker.<br />So Enjoy the tutorial and learn how tabnapping is done...</u><br />
<br />
<u style="color: #76a5af;">www.gohacking.com </u></div>
</div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com2tag:blogger.com,1999:blog-2440917673892632855.post-53710524541542207582012-05-24T16:33:00.002+05:302012-06-12T18:45:30.500+05:30Facebook Hacking With 007 facebook Hacker<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="color: #45818e;">
<b><span style="color: #a64d79;">007 Facebook hack v 1.0 is a special program designed to break into Facebook username and password. The software with a capacity of 11.8 MB.</span></b><br />
<br />
Here are the steps to run:<br />
<br />
1. Download <b>Facebook Hack</b><br />
<br />
2. <span style="color: #d9ead3;">Desktop.rar</span> file Ekstrack and run <b><span style="color: #d9ead3;">007_facebook_hack_v_10.exe</span></b><br />
<br />
3. Press the ENTER button and enter the password. Password on a password.txt file in the package of desktop.rar file.</div>
<div style="color: #45818e;">
<span id="goog_862649880"></span><span id="goog_862649881"></span></div>
<div style="color: #45818e;">
</div>
<div style="color: #45818e;">
</div>
<div style="color: #45818e;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVhB2TnGjJegumEKlXS_cezlC58q3veXyKr4VW9CXV3W1RUT7B7g1fQoVMB3aAnlxvVxjFWqO7ksNzDN5bAUhyphenhyphenvx64EGMe__wDMD2nM2sWg2kyTIRtR03yHRgGTsVsb_i9Er86kugNX4w/s1600/sa.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVhB2TnGjJegumEKlXS_cezlC58q3veXyKr4VW9CXV3W1RUT7B7g1fQoVMB3aAnlxvVxjFWqO7ksNzDN5bAUhyphenhyphenvx64EGMe__wDMD2nM2sWg2kyTIRtR03yHRgGTsVsb_i9Er86kugNX4w/s1600/sa.png" /></a></div>
<br />
4. If the above steps correctly, we'll go to the main page of hacking. Then press the Settings button<br />
<br />
5. In the server box, enter <span style="color: #d9ead3;">www.facebook.com</span><br />
<br />
6. In the<b> HTTP</b> Proxy field, fill in the proxy address. Use a bypass proxy address. So, we can make hacking as if from overseas servers. To search the proxy, visit http://www.aliveproxy.com/, then select a list of existing State. To find out the proxy that we can still in active conditions, change the proxy settings on your browser and point the browser to http://www.cmyip.com/. If the proxy address may appear, it means that the proxy can be used.<br />
<br />
7. Press the <b>Connect</b> button until the indicator on the right side of the green fields.<br />
<br />
8. Press the Back button, then enter the user <b>ID(Profile ID)</b> of a victim account.<br />
<br />
To be Success in this penetration by using this software is dependent on our internet connection speed. Try also to replace IP Proxy to find the appropriate address. There are colleagues who claim to successful penetration and also claiming to always fail.<br />
<br />
Facebook administrator has so far been updating his security system by applying a dynamic proxy system that can filter out proxy address that will go into the data server. For that, this hack facebook software works like a chase each other with facebook security system.<br />
<b><br /></b><br />
<b>This program also has viruses and facebook fake login page. Be careful using this program and do not use it for illegal activity. Good luck!!</b><br />
<b> And This is Fake Software which inject malware in ur PC.......In all over world there is no software which is able to hack fb id........</b></div>
</div>Anonymoushttp://www.blogger.com/profile/04785586283900994332noreply@blogger.com0