dhnzka: March 2014

Sunday 30 March 2014

How to resume broken links with idm

We all know Internet Download Manager (IDM) is the most
powerful and popular downloader.But how
you feel when you have already downloaded a
large part of a big file (say 60% to 99%) and IDM
says…..ERROR-link broken..can’t resume etc…although it
was a resumeable download link?
Definitelyyou feel like throwing your system.Same was the
case with me
but I’ve discovered a trick
to resume broken IDM downloads.
Though sometime IDM
says ‘ERROR-link broken..can’t resume’ etc. for a
resumable link you can easily resume your broken downloads
(condition: file should be available
in the site form where you started your download/file
hosting server/mirrors) with this simple and effective trick.
Just follow the following steps.
Steps:
1.Double click the download name in main IDM window
that shows ERROR to resume.
2.Click the http link of file
(highlighted in blue colour)
3.Download link will open in the browser and a window
appears just after that.
4.Click ‘OK’ to resume.Most
probably the download will
resume. If it still doesn’t
resume then continue with following steps-
5.Open the
website/mirror site of the
same file that you were
downloading.
6.Start a new download of the same file again
which was showing ERROR
from website/mirror site).
7.After download starts-pause it.Double click new
download’s name.
8.Copy the address from ‘Address’ box of new download
(shown with blue colour).
9.Paste the copied address to old download’s similar
‘Address’ box and press ‘OK’.
10.Now from main IDM .download window select the
old download that
was showing ERROR and click on resume.
Now after the 10th step I expect a big smile on your
face.Yes…..that old file which was not resuming is
now again downloading with
full speed)
I hope u really happy
share if u it really helped you!!!!

Saturday 29 March 2014

Web Security and Information Society

What is cyber security?
It seems that everything relies on computers and the Internet now communication (email, cell phones), entertainment (digital cable, MP3's), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on computers? How much of your personal information is stored either on your own computer or on someone else's system?
Cyber security involves protecting that information by preventing, detecting, and responding to attacks.

What are the risks?
There are many risks, some more serious than others. Among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.

What can you do?
The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.

Hacker, attacker, or intruder - These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious (stealing or altering information).

Malicious code - This category includes code such as viruses, worms, and Trojan horses. Although some people use these terms interchangeably, they have unique characteristics.
Viruses - This type of malicious code requires you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular web page.
Worms - Worms propagate without user intervention. They typically start by exploiting a software vulnerability (a flaw that allows the software's intended security policy to be violated), then once the victim computer has been infected the worm will attempt to find and infect other computers. Similar to viruses, worms can propagate via email, web sites, or network-based software. The automated self-propagation of worms distinguishes them from viruses.
Trojan horses - A Trojan horse program is software that claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.

Useful Books on security & hacking

1. Hacking Exposed 6- It is a great book on computer security covering all aspects of hacking and security which include system hacking, network hacking, software hacking, windows hacks etc.

2. The Hacker’s Underground Handbook – This book covers all the fields of hacking along in a detailed and explicit fashion. It helps in making you familiar with a hacker’s frame of mind.

3. Spunkins Viruses Revealed – This covers A to Z of virus and malware. You can get the basic and practical idea of malwares after reading this book.

4. Networking Bible – This book has a step-by-step guide to networking, different architectures and hardware to security, diagnostics, Web services and a lot more.

5. The Art of Deception – The author of the book Kevin Mitnik shows how person and companies are vulnerable to social engineering along with elaborate concepts and a couple of real life examples.

6. Secrets of Super Hacker – This is one of the best books available online on hacking. It has detailed illustration of the techniques employed by hackers which include data stealing, guessing password etc.

7. Counter Hack Reloaded – This book is great in ensuring network security and undertakes valid and great counter measures against attack. You can read the book to get an idea of how to respond to different kinds of web attacks.

8. Byte of Python – It is an easy to learn language for someone who has a little bit know how about programming. The book is authored by Swaroop and is being used as an instructional material in many educational institution including Harvard, Boston etc.

9. Linux Newbie Administrator Guide – It covers the basic elements of Linux along with its installation in an easy manner. It provides explanation regarding why we need Linux and how it is different from windows.

10. HTML & XHTML: The Complete Reference (Osborne) – It is one of the great books on HTML and XHTML. It has a step by step process on how to create webpages, learn standard markups, improving layouts etc.

Friday 28 March 2014

Microsoft Office 2013 Product Key

Microsoft® Office 2013 Professional Plus 32 Bit

Product Key : YFQXN-TCFV6-2DMY4-FFWM4-HQTXR

Microsoft® Office 2013 Professional Plus 64 Bit

Product Key : KXJH6-2NKRG-P438G-VY2BV-VT7T4

Thursday 27 March 2014

Andriod Secret Codes

Secret Codes For Your Android Mobile by Secret Codes For Your Android Mobile by

Hi friends, here is a wide collection of secret codes for your mobile with Android OS(Can be Called as Android Tricks). These codes enables you to access the hidden options which are not shown by default on your device, and can be used for testing the functions of various utilities used by your mobile.

Note: We Cannot guaranty that these codes will work on all Android mobiles!

These codes are used only by technicians, So be careful with them and use it at your own risk.

General Codes:

*#06# – Display's IMEI number.

*2767*3855# – This code will Format your device to factory state (will delete everything on phone).

*#*#4636#*#* – Display's Phone information, usage statistics and battery.

*#*#273282*255*663282*#*#* – This code will Immediately backup of all media files.

*#*#197328640#*#* – This code will Enable test mode for service.

*#*#1111#*#* – Will display FTA software version.

*#*#1234#*#* – Will show PDA and firmware version.

*#*#232339#*#* – Wireless LAN tests.

*#*#0842#*#* – This code is used for Backlight/vibration test.

*#12580*369# – Display's Software and hardware info.

*#*#2664#*#* – This code is used for Testing the touchscreen.

*#9900# – System dump mode.

*#9090# – Diagnostic configuration.

*#*#34971539#*#* – Will display Detailed camera information.

*#872564# – USB logging control.

*#301279# – HSDPA/HSUPA Control Menu.

*#7465625# – This code will display phone's lock status.

*#0*# – Enter the service menu on newer phones like Galaxy S III.

*#*#7780#*#* – Reset the /data partition to factory state.

Basic Codes:

*#*#7780#*#* - This code is used for factory restore setting.This will remove Google account setting and System and application data and settings.

*2767*3855# - This code is used for factory format, and will remove all files and settings including the internal memory storage. It will also re install the firmware.

*#*#4636#*#* - This code show information about your phone and battery.

*#*#273283*255*663282*#*#* - This code opens a File copy screen where you can backup your media files e.g. Images, Sound, Video and Voice memo.

*#*#197328640#*#* - This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

*#*#7594#*#* - This code enable your "End call / Power" button into direct power off button without asking for selecting any option(silent mode, aero plane and power-off).

*#*#8255#*#* - This code can be used to launch G Talk Service Monitor.

*#*#34971539#*#* - This code is used to get camera information. Please avoid update camera firmware option.

W-LAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* - W-LAN test (Use “Menu” button to start various tests).

*#*#232338#*#* - Shows WiFi MAC address.

*#*#1472365#*#* - GPS test.

*#*#1575#*#* - Another GPS test.

*#*#232331#*#* - Bluetooth test.

*#*#232337#*# - Shows Bluetooth device address.

Codes to launch various Factory Tests:

*#*#0842#*#* - Device test (Vibration test and BackLight test).

*#*#0588#*#* - Proximity sensor test.

*#*#0*#*#* - LCD test.

*#*#2664#*#* - Touch screen test.

*#*#2663#*#* - Touch screen version.

*#*#0283#*#* - Packet Loopback.

*#*#0673#*#* OR *#*#0289#*#* - Melody test.

*#*#3264#*#* - RAM version.

Code for firmware version information:

*#*#1111#*#* - FTA SW Version.

*#*#2222#*#* - FTA HW Version.

*#*#44336#*#* - PDA, Phone, CSC, Build Time, Changelist number.

*#*#4986*2650468#*#* - PDA, Phone, H/W, RFCallDate.

*#*#1234#*#* - PDA and Phone.

How to avoid getting adware

Adware, malware, spyware and viruses can bring your system to its knees. They are detrimental, lowering the performance of your computer. You might need to replace data. You might lose unique files. Keep the nasties away from your computer using these ten simple tips.

1. Use Firefox:
Internet Explorer is the most popular browser on the market, controlling over 50% of the market share. The virus and adware creators specifically look for exploitable vulnerabilities within IE because they know that they will receive the best return on investment. Your switch to Firefox prevents some adware from infecting your machine.

2. Scan your PC once a week:
Sometimes adware programmers take a sneaky approach. They will set up their programs to run quietly in the background to spy upon your activities. This once a week scan is necessary to remove any of those sneaky bugs.

3. Download from known sites:
New sites for installing adware are popping up all the time. If you find something that you want to download, make sure that it is from a known site. A company like Amazon will not steer you wrong, but Bob’s House of Wares might be a little less trustable. If you are not sure whether you can trust a site, perform a quick search.

4. Install Adaware:
Ad-Aware is the most popular free adware removal program on the market. It detects, quarantines and removes adware. It searches for other programs which may have been installed, highlighting them in an easy to use interface. This program does not have an anti-virus attached.

5. Do not click on unsolicited email:
You are constantly receiving offers to increase this or improve that through unsolicited email. Your curiosity may be killing you, but don’t click on these emails. They accept your click as permission to install adware, spyware and malware on your PC.

6. Install Antivirus software:
Installing two programs for virus and adware protection is a smart idea. It caters to the strengths of each program, increasing the overall strength of your antiadware and antiviral campaign. Some of the best antivirus software is free, providing real time protection.

7. Don’t install toolbars:
Even some reputable sites install custom toolbars. They slow your system down and collect information about your surfing habits. While a toolbar might offer some perks, it may also diminish your experience by dragging your system to a halt. Toolbars from less reputable places install adware and sometimes infect your system outright.

8. Look at your task manager:
If anything seems out of place with your computer, take a look at your task manager. This tells you about all of the programs and processes which are running on your computer. Examine the processes tab for anything which you don’t immediately recognize. Perform a web search for unfamiliar processes.

9. Do not click on popups:
Clicking on a popup usually spells certain doom for your computer. It opens the door for the viruses and adware that want to infect your machine, telling these malicious applications to make themselves at home. Stay away from those constantly advertised screensavers and icons.

10. Trust your gut:
If you don’t feel right about a site, don’t go there. If you are receiving warnings from the antivirus and antiadware programs which you’ve installed, don’t go there. If you don’t like the layout of a site, don’t go there. Trust your instincts about sites.

With proper vigilance, you can keep aggravating adware, spyware and malware from your machine. Trust your instincts. Install Ad-Aware and an antivirus program. Play it safe. The care you spend in preventing adware from infecting your machine can save money and time

Best Password Cracking Methods

These are comman methods which hackers use to hack your accounts and get your personal information

1. Rainbow Table

A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm such as md5 and is transformed into something which is not recognizable. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very commonly used hashing algorithm to store passwords in website databases is MD5. It is almost similar to dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords.
Example: ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592 and zero length string ("") is d41d8cd98f00b204e9800998ecf8427e
Countermeasure: Make sure you choose password that is long and complex. Creating tables for long and complex password takes a very long time and a lot of resources

2. Social Engineering

Social engineering is process of manipulating someone to trust you and get information from them. For example, if the hacker was trying to get the password of a co-workers or friends computer, he could call him pretending to be from the IT department and simply ask for his login details. Sometime hackers call the victim pretending to be from bank and ask for their credit cards details. Social Engineering can be used to get someone password, to get bank credentials or any personal information.
Countermeasure: If someone tries to get your personal or bank details ask them few questions. Make sure the person calling you is legit. Never ever give your credit card details on phone.

3. BruteForce Attack

Any password can be cracked using Brute-force attack. Brute-force attacks try every possible combinations of numbers, letters and special characters until the right password is match. Brute-force attacks can take very long time depending upon the complexity of the password. The cracking time is determined by the speed of computer and complexity of the password.
Countermeasure: Use long and complex passwords. Try to use combination of upper and lowercase letters along with numbers. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.
Example: Passwords like "iloveu" or "password" can be cracked easily whereas computer will take years to crack passwords like "aN34lL00"

4. Rats And Keyloggers

In keylogging or RATing the hacker sends keylogger or rat to the victim. This allows hacker to monitor every thing victim do on his computer. Every keystroke is logged including passwords. Moreever hacker can even control the victims computer.
Countermeasure: Never login to your bank account from cyber cafe or someone else computer. If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated. Check out below article to know more about Rats and Keyloggers.

5. Phishing

Phishing is the most easiest and popular hacking method used by hackers to get someone account details. In Phishing attack hacker send fake page of real website like facebook, gmail to victim. When someone login through that fake page his details is send to the hacker. This fake pages can be easily created and hosted on free web-hosting sites.
Countermeasure: Phishing attacks are very easy to avoid. The url of this phishing pages are different from the real one. For example URL of phishing page of facebook might look like facbbook.com (As you can see There are two "b"). Always make sure that websites url is correct. Check out below article to know more about phishing.

Sunday 23 March 2014

How to Protect Yourself From Hackers

Step 1 Social Profile
Change the privacy settings on your social profile (Facebook, MySpace, Friendster, Twitter, etc.) so that the following information can't be found by a random person who you didn't accept you as a friend:

Birthdate
E-mail address
Hometown
Pictures
A hacker can use this information to answer the security questions Facebook asks when you forget your password. The hacker can also use that information to answer the security question of your email account.

Step 2 Downloading
NEVER download any program that claims to have the ability to hack e-mail accounts, social profile accounts, etc. These programs are ALL malicious. They may look legitimate, but they are NOT. These programs are usually found on YouTube with a direct link in the description section. Also, the seemingly positive comments are fake ones, and the same goes for the number of views. It's staged to make everything look like it's credible.

Do NOT, no matter how realistic the video might look, do NOT download any program. Uploaders of these types of videos usually edit the video, so it may look like the program hacked an account when in all actuality, it was the wonders of video editing. There is no such thing as a 'one button' hack program!

Also, be careful with Torrent sites. Hackers are known to bind their malicious software with videos, music, pictures, etc. Only download from respected uploaders.

Tips
If you really can't resist the urge to download a program you saw on a Youtube video or somewhere else, scan it free through this website first: vscan.novirusthanks.org

It will scan it using 24 anti-virus engines. It'll only take a couple of seconds, depending on the size of the file. I am not affiliated with this website whatsoever. Leave the check box beneath 'Select file to scan' unchecked so that in the event of a malicious software, the website can add it to their database and so that the website can report it to the developers of the Anti-Virus programs used in the scan.

Step 3 E-mail
There are a couple of measures you can take to protect yourself from hackers trying to gain access to your e-mail account:

You should regularly change your password. I know this can be difficult for most people, because most people are lazy, but think of the potential situation that can occur when a hacker has his hands on your e-mail account, including all your pictures and personal messages you sent and received, respectively, to and from your friends and also, any account associated with your e-mail account (e.g. PayPal, Facebook, YouTube, Twitter).
Check your security question that your e-mail provider will ask to the person trying to reset your password. Make sure that you remember the answer to the question.
Use both letters and numbers in your password and use as many as you can of each! This will decrease the odds of the hacker trying to guess your password. Do NOT use your name as a password or other trivial passwords (e.g. computer or abc123).
Step 4 Anti-Virus
Get a decent Anti-Virus program. I suggest Malwarebyte's Anti-Malware, which you can download for free.

It's fairly easy to set up and performs really thorough scans. It should be noted that the free version of MBAM does not contain the real-time protection shield.

If you can afford to pay for one, ESET Nod32 is definitely the best antivirus program on the market. Google it and read the reviews.

I hope you found my article informative and I sincerely hope you will use these tips to protect your data on your computer and on the internet.

Friday 21 March 2014

How to safe online shopping

Online shopping has become very popular to purchase all things without leaving your home, and it is a convenient way to buy things like electronic appliances, furniture, cosmetics, and many more. We can avoid the traffic and crowds. There is no particular time to buy things we can buy at any time instead of waiting for the store to open. Apart from all these advantages risks are involved and there are unique internet risks so it is very important to take some safety measures before you go for online shopping.

Tips for safe online shopping

Before you go for online shopping make sure your PC is secured with all core protections like an antivirus, anti spyware, firewall, system updated with all patches and web browser security with the trusted sites and security level at high.
Before you buy things online research about the web site that you want to buy things from, since attackers try to trap with websites that appear to be legitimate, but they are not. So make a note of the telephone number’s physical address of the vendor and confirm that the website is a trusted site. Search for different web sites and compare the prices. Check the reviews of consumers and media of that particular web site or merchants.
If you are ready to buy something online check, whether the site is secure like https or padlock on the browser address bar or at the status bar and then proceed with financial transactions.
After finishing the transaction take a print or screenshot of the transaction records and details of product like price, confirmation receipt, terms and conditions of the sale.
Immediately check the credit card statements as soon as you finish and get them to know about the charges you paid were same, and if you find any changes immediately report to concerned authorities.
After finishing your online shopping clear all the web browser cookies and turn off your PC since spammers and phishers will be looking for the system connected to the internet and try to send spam e-Mails and try to install the malicious software that may collect your personal information.
Beware of the e-Mails like “please confirm of your payment, purchase and account detail for the product.” Remember legitimate business people never send such e-Mails. If you receive such e-Mails immediately call the merchant and inform the same.

Thursday 20 March 2014

How to Protect computer from Viruses

A computer virus is a program which can replicate and attach itself to a program or files infecting the system without its knowledge. A Computer virus can be spread from one host to another by sharing infected file or by downloading infected files from un-trusted sources .All computer viruses are man-made, they spread only with human assistance and support.

Possible ways to get virus into Computers

Virus can be installed in a computer by downloading applications from un-trusted sites, by a removable medium like USB, CD, DVD’s and sharing files from one infected computer to another also virus comes through attachments with e-mails.

By opening a e-mail attachments

Whenever you download files with extension .exe, vbs, shs, pif, cmd etc received via email attachment. There is a chance of virus getting into your system. Sometimes the attachments contain an executable code with double extension like hi.doc.exe. If you open such types of files, virus will enter into your system.

Check for extension of files and always scan the attached files before you download.

By downloading files from un-trusted sites

Generally, virus is hidden in the files or program and enters your system whenever you download softwares or applications from untrusted websites.

Set the browser to open web pages only from trusted web sites.

By Removable Medium

Whenever you copy files or download files from an infected removable medium like USB, CD, DVD drives then the virus may enter into your system.

Always scan the removable medium before you open.

While downloading games

Virus and worms may enter into a system when you try to download or install a game on your computer. The malicious program may be hidden in the files you download.

Always scan the file before and after sharing a file and downloading from another computer.

By sharing files

Virus will install into your system when ever you share files from one infected computer to another computer.

Scan the file before share a file

Signs of Computer Virus

Computer runs more slowly than normal
Computer stops responding or locks up often
Computer crashes and restarts every few minutes
Computer restarts on its own and then fails to run normally
Applications on your computer don't work correctly
Disks or disk drives are inaccessible
Can't print correctly
Unusual error messages
Distorted menus and dialog boxes

How to prevent virus?

Check for attachments

Always check the attachments by scanning before you open them and make sure that the attachments are received from the known user.

Check for Extensions

Always check the file extension before you download and avoid downloading the files with double extension.

By Browser settings

Always set the browser settings to allow the sites only from trusted websites.

Ignore e-mails from unknown users

Avoid downloading the files from unknown user, and it is always better to ignore or delete the files from unknown users.

By using software

Always use anti-virus software and update with latest patches and scan the files before you download.

Creditcard Fraud Protection

Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft.

The fraud begins with either the theft of the physical card or the compromise of data associated with the account, including the card account number or other information that would routinely and necessarily be available to a merchant during a legitimate transaction. The compromise can occur by many common routes and can usually be conducted without tipping off the card holder, the merchant or the issuer, at least until the account is ultimately used for fraud. A simple example is that of a store clerk copying sales receipts for later use. The rapid growth of credit card use on the Internet has made database security lapses particularly in some cases, millions of accounts have been compromised.

Tips:

Be cautious while using the creditcard.
Dont give your credit card pin number to unknown persons.
Avoid sending credit card details through e-mails.
Dont write pin number on the credit card, try to remember it.

Guidelines for Safe Downloading

While downloading any file close all the applications that are running on your computer, let only one set-up file run at a time of downloading.
Close all the important applications in order to be safe if something goes wrong while downloading.
Set firewalls, set antivirus to actively scan all the files you download.
Scan all the files after you download whether from websites or links received from e-mails.
Always use updated antivirus, spam filter and spyware to help detect and remove virus, spyware from the application you want to download.
Never download any files like music, video, games and many more from untrusted sites and don’t go by the recommendations given by your friends or made by any random website's comments.
Check that the URLs are same and always download games, music or videos from the secure websites like which use HTTPS websites instead of HTTP. In the web address, it replaces “http” to https”. The https refers to the hypertext transfer protocol secure.
Download anything only from thrust worthy websites. Don’t click links to download anything you see on unauthorized sites.
If any dirty words appear on the website just close the window no matter how important it is, because spyware may be installed on your PC from such websites.
Check the size of the file before you download, sometimes it shows a very small size but after you click it increases the size of the file.
Never believe anything which says click on this link and your computer settings will be changed and your PC can be turned into XBOX and can play unlimited games on your computer.
Don’t accept anything that offers you free download because that may contain malicious software.
Don’t click the link or file and let it start download automatically, download the file and save where you want save and then run on the application.
Set secure browser settings before you download anything.
Read carefully before you click on install or run application. That means read terms and conditions.
Don’t download anything until you know complete information of the website and know whether it is an original site of an original company.
Never download from the links that offer free antivirus or anti spyware software, always download from trusted sites, if you are not sure about the site you are downloading, enter the site into favourite search engine to see anyone posted or reported that it contains unwanted technologies.

General Web Application Security Terms

Application Security Manager (ASM)

A web application firewall from F5 Networks that integrates with WhiteHat Security Sentinel's vulnerability management service. Sentinel users can update the security policy on a per-vulnerability basis to mitigate the risk of its exploitation while the vulnerability is being addressed in the Web application code.

Authentication

The process of verifying identity, ownership, and/or authorization.

Backdoor

Malicious code inserted into a program for the purposes of providing the author covert access to machines running the program.

Base 64

A method for encoding binary data into printable ASCII strings. Every byte of output maps to six bits of input (minus possible padding bytes).

Blacklist

When performing Input validation, the set of items that —if matched — result in the input being considered invalid. If no invalid items are found, the result is valid.

IP Address

A unique address assigned to a networked device, including computers, and servers.

Padding

Data added to a message that is not part of the message. For example, some block cipher modes require messages to be padded to a length that is evenly divisible by the block length of the cipher — i.e., the number of bytes that the cipher processes at once.

Policy

A set of rules employed by a Web application firewall that detect and block attempts to exploit a vulnerability in a Web application. All HTTP requests are assessed for strings that contain vulnerable parameters. Policy rules need to be maintained periodically.

Root User

A user with unlimited access to all operations on a computer.

Read Access

The ability to view the names of files in a directory, but not any other information such as file type, size, and so on.)

Web Application Firewall (WAF)

A device or software module that applies a set of policy rules to incoming traffic to block potential attacks on a Web application. Also known as a WAF.

Whitelist

When performing input validation, the set of items that, if matched, results in the input being accepted as valid. If there is no match to the whitelist, then the input is considered invalid. That is, a whitelist uses a ‘default deny’ policy.

Write Access

The ability to create, delete, change permissions, or rename files.

Wednesday 19 March 2014

How to Detect Viruses installed on your PC

In this tutorial, I'll show you the easiest way of finding out malicious applications installed on your PC that transfer data using the internet without you knowing it.

As stated in the title, we'll use TaskManager and CMD for the purposes of this tutorial.

Part I: Customizing Task Manager.

1. To get started, open up your TaskManager by right clicking your TaskBar and selecting TaskManager or just hit CTRL+ALT+DEL to get it open.
2. Once that is done, click the <Processes> tab of your TaskManager and click View > Select Columns > Make sure that <Process Identifier(PID)> is ticked.
3. Now click the PID column to make sure that all the processes are sorted in a specific order. This step is not necessary, but it will make it easier for you to detect processes using their IDs.

Part II: Using CMD.

Once you have done that right, we are going to use CMD to view established connections.

1. 1. Start > Run > CMD
Or just type 'cmd' in the searchbar if you are running a system powered by Windows7.

2. Once cmd is open, type:
netstat -ano
3. Now what we are interested in are only the connections with the state <ESTABLISHED>.
Isolate them out and look for the PID right next to them. There will be many connections with <ESTABLISHED> state, you will have to repeat the following steps for all of them.

Part III: The fun part

Now go back to the TaskManager and look for the name of the process(es) that has the same PID(s) as the one you found with the ESTABLISHED connection(s).

1. In the image number 1 you can see a safe and trusted application known as Dropbox, so we are good. But incase you find a process which you do not know, if it's something like 'svchost.exe' that you can be sure it is infected > right click the process and select <Open File Location>.
2. Now all you have to do is right click the file and scan it using your AV or upload it to online scanner such as VirusTotal.com and check if it's infected.

--
That's all in this tutorial.
Hope you found it useful!

How Hack (HTTP) Passwords With Wireshark

Most of the websites on the Internet use HTTP protocol for comunication which runs on Port 80, The data send to the server is Un-encrpypted and goes in plain text. If you are using HTTPS (Port 443), The data will be send to the server encrypted. When ever you enter the data in a Form, Your browser either sends a POST Or Get Request to the webserver, In most cases you will see POST methodused in forms. Now most of the websites on the internet use Http protocol for theauthentication, which enables an attacker on the local area network to sniff every thing that goes through that form, That's the reason why you see websites like Paypal, Ebay, Gmail with https.

In this tutorial, I will show you how a hacker can hack passwords sent via http to the server with wireshark. Wireshark is a network analysis tool used to capture and analyze all the packets being send from your computer to the server.
Attack Scenario
Let's suppose that you went to starbucks to have a coffee with your friend, You have connected to the wifi hotspot, An attacker comes in and starts wireshark and captures your HTTP Post passwords and therefore compromising your security.
How To Hack HTTP Passwords With Wireshark
Before, you i show you how to hack http passwords, i would like to let you know that for a successful capture, your network card should be in Promiscuous mode,which will enable to capture all the traffic going through your network.

Step 1 - First of all download wireshark from the official website and install it on your computer.

Step 2 - Next open up wireshark click on analyze and click on interfaces at the top.

Step 3 - Next choose the appropriate interface and click on start. Wireshark would start sniffing the network.

Step 4 - Continue sniffing for around 10 minutes. Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

In the mean time, Log into any website (For Testing Purposes), having httpAuthentication.

Step 6 - Next set the filter to http.request.method == "POST", This will enable it to capture all the HTTP Post request going through your computer. Start analyzing the packets and locate the website in which you logged in having http authentication.

Step 7 - Next click on Follow TCP stream. You will see the username and password that you entered. In this particular senario i logged in my wordpress account, where i entered the username:admin and password:rafayhackingarticles, Since wordpress uses http for authentication, The data that was entered was successfully captured.

Hide The Files In Image

1. Gather the file you wish to bind, and the image file, and place them in a folder. I will be using C:\New Folder

-The image will hereby be referred to in all examples as xyz.jpg
-The file will hereby be referred to in all examples as New Text Document.txt

2. Add the file/files you will be injecting into the image into a WinRar .rar or .zip. From here on this will be referred to as (secret.rar)

3. Open command prompt by going to Start > Run > cmd

4. In Command Prompt, navigate to the folder where your two files are by typing
cd location [ex: cd C:\New Folder]

5. Type [copy /b xyz.jpg + secret.rar xyz.jpg] (remove the brackets)

Congrats, as far as anyone viewing is concerned, this file looks like a JPEG, acts like a JPEG, and is a JPEG, yet it now contains your file.

In order to view/extract your file, there are two options that you can take

a) Change the file extension from xyz.jpg to xyz.rar, then open and your file is there
b) Leave the file extension as is, right click, open with WinRar and your file is there

Wifi Hacking Tool for Iphone

Four Best WiFi Cracking Applications For your Iphone
1. Aircrack-ng for IPhone:
It is the simple command line with graphical interface software which is used to crack wifi networks . It sends packets to the wifi network and then cracks the password file of the network .It is used widely and can be downloaded from here. ( http://www.filecrop.com/Aircrack-ng-for-iPhone.html )
2. IWep Lite:
It is an Iphone applications which let you crack wifi network in less than 30 minutes . It is easy in use and can be understood easily rather than Aircrack-ng . It is Graphical interface with best utility and dictionary . Apart from Aircrac-ng it uses dictionary and so it is less trustworthy than Aircrack and can not crack every key. It is used more widely than Aircrack but it uses dictionary that's why it is on 2nd number. It can be downloaded from here (http://www.filecrop.com/iWep-Lite.ipa.html)
3. WepGen:
WepGen is just another application which cracks the Wifi network by sending packets and it is rather easy in use than Aircrack but though it is on 3rd number due to it's popularity. It can be downloaded from here. (http://www.filecrop.com/wep-gen.ipa.html )
4. IWifi Hack:
It works on the same scene as other cracking softwares except iweplite means it sends packets and break in the security of a wifi network . It is easy in use and can easily be used by anyone. It can be download from here.
( http://www.filecrop.com/Iwifihack.ipa.html )

REMOTE ROUTER HACKING

REMOTE ROUTER HACKING
Introduction
Ok, Basically this tutorial deals with how to scan large amounts of addresses for telnet services, which we can then attempt to use default credentials to log in with surprising success.
Why Telnet? Isn't That Dead Now?
Your partly correct, telnet is dead now, it was superseded by SSH because telnet sends packets in plain text where as SSH encrypts packets. But telnet is still very much used on routers for simple administration by low tech management systems that come packaged with alot of off the shelf routers. Some of these routers allow remote clients to connect to telnet as well as local users - these are the boxes that we are looking for.
So what do i need ?
You'll need to run this perl script, (written by me, found below), this simply generates a random IP address, if the IP is in a scannable class (ie not a private, experimental or loop back address) the programme attempts to open a connection to the telnet port (23) of the random ip, if it succeeds the program logs the success in a local file for later analysis. The program then repeats -- so if you run a few instances of the program for a few hours you can end up with a list of around 200 telnet servers - ive left mine overnight before and collected 880 servers before.
Code:
#!/usr/bin/perl
use IO::Socket;
########################### IP GENERATOR ########################
sub ipgen(){
my $range1 = 223; #avoid experimental and multicast
my $range2 = 254;
$oct1 = int(rand($range1)) + 1; #generate random octects
$oct2 = int(rand($range2)) + 1;
$oct3 = int(rand($range2)) + 1;
$oct4 = int(rand($range2)) + 1;
if($oct1 == 127 || $oct1 == 172 || $oct1 == 192 || $oct1 == 10){#if gets rid of loopbacks and private ips
$ip = &ipgen(); #if local or private call again
}else{
$ip = "$oct1.$oct2.$oct3.$oct4"; # otherwise allocate the ip to return
}
return $ip; #return to caller
}
#################################################################
############################## MAIN #############################
print "########################################\n";
print "#---------Random Telnet Scanner--------#\n";
print "#-----------Written by 50LaR15---------#\n";
print "########################################\n";
while(1==1){ # keeps code running indefinatly
$target = &ipgen(); # get random ip to scan
print "*??* SCANNING: $target \n"; # output
my $sock = new IO::Socket::INET ( # try to create socket to chose random address
PeerAddr => $target,
PeerPort => '23', # change this number to change ports you want to detect
Proto => 'tcp',
Timeout => '3', # you can get away with a timeout of 1 second but i have 2 to be safe
);
if($sock){ # if socket opened (port open)
print "*!!* SUCCESS-: $target \n"; # print to screen
open(DAT, ">>telnet.txt") || die("Cannot Open Output File"); # open results file
print DAT "SUCCESS: $target \n"; # append findings to end of file
close(DAT); # close the file
}
close($sock); # close the socket
}################################################################
Youll also need need a telnet client - I recommend you use putty because it supports proxys, but you are dealing with people who dont know how to change there router passwords so you shouldnt be too worried so you can use the defauly OS telnet client - for windows XP/linux users you will already have one - for windows 7 users you will need to enable yours with this tutorial .
Ok - I'm Set Up - So Now What?
Youll need to start a few instances of the perl script, you can make your desktop look pretty like mine below if you wish.
[Image: 4185786.png]
You can just run one but it will take longer to get a decent sized list of servers. I run 5 for around half an hour and that gives me a list of around 50 telnet boxes.
Ok now you have your list of IP's with the telnet port open (called telnet.txt in the same directory as your perl script), what you need to do is take your telnet client and just start connecting to them, - you will be prompted for a username + password.
This is where it gets fun - because alarge amount of routers ship with default accounts - here are the most common.
Username:Password
_________________
admin : admin
admin : (blank password)
root : (blank)
root : root
To be honest alot of routers disclose there model number in the telnet banner when you connect so a simple google search often turns up the default username and password. Otherwise i try the top 3 and usually get disconnected and move on to the next in my list.
You will find out quiet fast how many ip's in your list you can actually log into with full admin rights
[Image: 4185900.png]
Who Exactly Am I Hacking?
This is half the fun for me - you dont really know - if your interested you can just do a quick whois -but around 90% of the time your dealing with home routers that people have bought from a shop and not configured properly but i have found business and offices that have succumb to the same laziness as the home user so the possibilities are endless.
Ok now what ?
From here its up to you what you do, but i enjoy using simple network tools like ipconfig and ping to map out the network, sometimes i have found routers that have nmap and telnet clients on etc. Today i found one that let me download any C code onto it i wanted - almost every router OS is different so some take a while to get used to what commands you can run but it is alot of fun finding out peoples network layout, i have compromised routers, made my way into the internal file servers of the network using brute forcers, or setting up port forwarding on the router to give me access externally to otherwise private internal resources - you can even port forward packets to printers and use them across the internet to print out hundreds of copys of the dictionary or what ever literature tickles your pickle.
A funny concept that i have got to work in the past is fucking with the routing tables and redirecting every web request to gay porn sites. So I would imagine that this could be useful for people trying to get RAT's spread, especially if you find a router with upwards of 100 PC's behind the router - but i dont deal much with rat's and botnets so dont quote me on that.
A Small Aside.
Ill be happy if a few people read this tutorial and explore a few networks because thats what used to drive hacking forwards, and its what used to motivate hackers, the thrill of exploring the unknown, the chance of coming across a really large network to explore and further your knowledge and skills of systems. I think people focus too much on making money from hacking, or getting there best friends fu**book password and the real fun somehow has been lost in the past 10 years to a new generation of kids that just want everything now. Lets keep some of the old skills and knowledge alive and not let it be lost in the archives of long since abandoned forums and irc rooms.
Thanks For Reading - Happy Hacking.
Special Thanks To SOLARIS