Saturday, July 19, 2014

How Can We Protect Our Website By Common Web Attacks ?

 


On this post i am telling about five types of common web attacks, which are used in most types of defacements or dumps of databases.
Following five exploits are listed SQL injection, XSS, RCE, RFI, and LFI. Most of the time, we missed out some website code tags. So that our website gets attack and allows the hacker for hijack the vulnerable website.

1. SQL Injection
       
Types ->

     Login Form Bypassing
     UNION SQL Injection

2. Cross Site Scripting ( XSS )

Types -> Cross Site Request Forgery

3: File Inclusion

Types -> Remote File Inclusion and Remote Code Execution


1. SQL Injection

>> Login Form Bypassing
Here is an example of the vulnerable code that we can bypass very easily:

    index.html file:
    <form action="login.php" method="POST" />
    <p>Password: <input type="text" name="pass" /><br />
    <input type="submit" value="Authenticate" /></p>
    </form>
    login.php file:
    <?php
    // EXAMPLE CODE
    $execute = "SELECT * from database WHERE password = '{$_POST['pass'])";
    $result = mysql_query($execute);
    ?>

We can simply bypass this by using ' or '1=1', which will execute "password = ''or '1=1'';".

Alternatively, the user can also delete the database by executing "' drop table database; --".


>> PREVENTION:

Use mysql_real_escape_string in your php code.

Example:

    <?php
    $badword = "' OR 1 '";
    $badword = mysql_real_escape_string($badword);
    $message = "SELECT * from database WHERE password = "'$badword'";
    echo "Blocked " . $message . ";
    ?>

>> UNION SQL Injection

UNION SQL injection is when the user uses the UNION command. The user checks for the vulnerability by adding a tick to the end of a ".php?id=" file.
If it comes back with a MySQL error, the site is most likely vulnerable to UNION SQL injection. They proceed to use ORDER BY to find the columns, and at the end, they use the UNION ALL SELECT command. An example is shown below.

http://www.site.com/website.php?id=1'

You have an error in your SQL syntax near '' at line 1 SELECT SUM(quantity)
as type FROM orders where (status='completed' OR status='confirmed' OR status='pending') AND user_id=1'


No error--> http://www.site.com/website.php?id=1 ORDER BY 1-- 

Two columns, and it comes back with an error! This means that there is one column.
 http://www.site.com/website.php?id=1 ORDER BY 2--


Selects the all the columns and executes the version() command on the only column.
http://www.site.com/website.php?id=-1 UNION SELECT ALL version()--



SOLUTION:

Add something like below to prevent UNION SQL injection.

    $evil = "(delete)|(update)|(union)|(insert)|(drop)|(http)|(--)|(/*)|(select)";
    $patch = eregi_replace($evil, "", $patch);



2. Cross Site Scripting

Cross site scripting is a type of vulnerability used by hackers to inject code into vulnerable web pages. If the site is vulnerable to cross site scripting, most likely users will try to inject the site with malicious javascript or try to scam users by creating a form where users have to type their information in.

There are two types of XSS (cross site scripting) are persistent XSS and non-persistent XSS.


Example:
http://www.site.com/search.php?q=">


SOLUTION

        function RemoveBad(strTemp) {
            strTemp = strTemp.replace(/\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-/g,"");
            return strTemp;
        }



3. File Inclusion
Types: Remote File Inclusion/Local File Inclusion, and Remote Code Execution

Remote File Inclusion allows a hacker to include a remote file through a script (usually PHP). This code is mostly patched on websites, but some websites are still vulnerable to the vulnerability. RFI usually leads to remote code execution or javascript execution.

Example of the vulnerable code:

    <?php
    include($_GET['page']);
    ?>

Exploiting would be something like as follows:
http://www.site.com/page.php?page=../../../../../etc/passwd or
http://www.site.com/page.php?page=http://www.site.com/xyz.txt?

SOLUTION:

    Validate the input.
    $page = $_GET['page'];
    $allowed = array('index.php', 'games.php' 'ip.php');
    $iplogger = ('ip.php');
    if (in_array $page, $pages)) {
    include $page {
    else
    {
    include $iplogger
    die("IP logged.");
    }


For remote code execution, the site would have to have a php executing command. You would patch this by about doing the same thing.

 Note: I hope this post will helpful for your website to get secure from above types of attacks.

Thursday, July 17, 2014

Type of attack on Web Based Application


 
[~]Sql Injection Attack
[~]Hibernate Query Language Injection
[~]Direct OS Code Injection
[~]XML Entity Injection
[~]Broken Authentication and Session Management
[~]Cross-Site Scripting (XSS)
[~]Insecure Direct Object References
[~]Security Misconfiguration
[~]Sensitive Data Exposure
[~]Missing Function Level Access Control
[~]Cross-Site Request Forgery (CSRF)
[~]Using Components with Known Vulnerabilities
[~]Unvalidated Redirects and Forwards
[~]Cross Site Scripting Attacks
[~]Clickjacking Attacks
[~]DNS Cache Poisoning
[~]Symlinking – An Insider Attack
[~]Cross Site Request Forgery Attacks
[~]Remote Code Execution Attacks
[~]Remote File inclusion
[~]Local file inclusion
[~]Evercookie
[~]Denial of Service Attack
[~]Cookie Eviction
[~]phpwn
[~]NAT Pinning
[~]XSHM
[~]MitM DNS Rebinding SSL/TLS Wildcards and XSS
[~]Quick Proxy Detection
[~]Improving HTTPS Side Channel Attacks
[~]Side Channel Attacks in SSL
[~]Turning XSS into Clickjacking
[~]Bypassing CSRF protections with ClickJacking and
[~]HTTP Parameter Pollution
[~]URL Hijacking
[~]Strokejacking
[~]Fooling B64_Encode(Payload) on WAFs and filters
[~]MySQL Stacked Queries with SQL Injection.
[~]Posting raw XML cross-domain
[~]Generic cross-browser cross-domain theft
[~]Attacking HTTPS with Cache Injection
[~]Tapjacking
[~]XSS-Track
[~]Next Generation Clickjacking
[~]XSSing client-side dynamic HTML.
[~]Stroke triggered XSS and StrokeJacking
[~]Lost in Translation
[~]Persistent Cross Interface Attacks
[~]Chronofeit Phishing
[~]SQLi filter evasion cheat sheet (MySQL)
[~]Tabnabbing
[~]UI Redressing
[~]Cookie Poisoning
[~]SSRF
[~]Bruteforce of PHPSESSID
[~]Blended Threats and JavaScript
[~]Cross-Site Port Attacks
[~]CAPTCHA Re-Riding Attack

Wednesday, July 16, 2014

32 Commands For Linux Users From All Levels!

Beginner Commands

1. find: Use this command when you need to search for files in a particular directory. It starts from the parent directory and then moves to the sub directories. The –name option makes the search case sensitive, while the –iname option searches irrespective of the case.

2. grep: You use the grep command in order to find lines in a particular file that match a given string or words.

3. man: The man command is used as the manual pager for the system. It brings online documentation for a particular command.

4. ps: This is the process command, which shows you the status of all the processes that are being run by a unique id, known as the PID.

5. kill: This command is used in order to kill a process that is not responding or is not being used. All you need is to known the process ID or PID. To find the process id, you need to run ps-A with the grep command (ps-A | grep processname).

6. whereis: When you need to locate the binary, sources and the manual page of a command you use the whereis command.

7. service: This is the command that is used in order to control the start, stop or restart function of a particular service. You do not have to restart your system in order to start, stop or restart the services.

8. alias: This is a built in shell command which is used in order to assign the name for a long command or for a frequently used command.

9. df: Use this command when you want to report the disk usage of a file system. It is quite useful for the user and also for the system admin.

10. rm: This command is used in order to remove complete files and directories from your system.

Intermediate Commands

1. find: Use this command when you need to search for files in a particular directory. It starts from the parent directory and then moves to the sub directories. The –name option makes the search case sensitive, while the –iname option searches irrespective of the case.

2. grep: You use the grep command in order to find lines in a particular file that match a given string or words.

3. man: The man command is used as the manual pager for the system. It brings online documentation for a particular command.

4. ps: This is the process command, which shows you the status of all the processes that are being run by a unique id, known as the PID.

5. kill: This command is used in order to kill a process that is not responding or is not being used. All you need is to known the process ID or PID. To find the process id, you need to run ps-A with the grep command (ps-A | grep processname).

6. whereis: When you need to locate the binary, sources and the manual page of a command you use the whereis command.

7. service: This is the command that is used in order to control the start, stop or restart function of a particular service. You do not have to restart your system in order to start, stop or restart the services.

8. alias: This is a built in shell command which is used in order to assign the name for a long command or for a frequently used command.

9. df: Use this command when you want to report the disk usage of a file system. It is quite useful for the user and also for the system admin.

10. rm: This command is used in order to remove complete files and directories from your system.

Advanced Commands

1. ifconfig: You will use the ifconfig command when you need to improve the kernel-resident network interfaces. The command is usually needed for system tuning and debugging, but it is also used during boot time in order to set up the interfaces.

2. netstat: This is an advanced command for Linux users that is used to display information related to the network. This includes information such as routing tables, network connections, masquerade connections, interface statistics and others.

3. nslookup: This command will be used when you need to find information about Internet servers. It finds you the name server information for the domains that are querying the DNS.

4. dig: The dig tool is used in order to query the DNS nameservers. If you need to find information on host addresses, mail exchanges, nameservers and other related information, then this is the tool for you. You can use the command from Linux and Mac OS X operating systems.

5. uptime: The uptime command is used in order to verify what all happened when a server has been left unattended. It is especially useful when you sit down in front of the server machine and see something gone awry.

6. wall: This command is used to send a message to all logged in users. You can only send the message to those with their message permission setting at ‘yes’ though. The message is given as an argument for the wall command.

7. mesg: Users can use the ‘write’ command in order to send messages to you. But as the server admin, you can use the mesg command in order to decide whether they can. You can choose from ‘n’ and ‘y’, which allow messages to not popup and popup on your screen respectively.

8. write: If the status for the ‘mesg’ command for a user is set to ‘y’ then the write command will allow you to send messages to that user.

9. talk: When a simple message is not enough, use the talk command to talk to users logged into the server.

10. w: This command is a combination of uptime and who commands, if they are given in that order and one after the other.

11. rename: When you need to rename certain specific files, the rename command comes in handy. This command renames files by replacing the first occurrence from that file.

12. top: Use this command in order to display the processes running in the CPU. The command will refresh automatically and keep displaying the processes until you use the interrupt command to stop it.


An SQL injection attack is a code injection attack that is used to exploit web applications and websites. It is one of the most common methods for hackers to get into your system. Learning such attacks are important for anyone looking to perform their own exploits. Here are 10 of the most powerful tools that aid in performing SQL Injection attacks.

1. BSQL Hacker
This is a useful tool for both experts and beginners that automates SQL Injection attacks on websites.

2. The Mole
This is an SQL Injection tool that uses the union technique or the boolean query-based technique.

3. Pangolin
This is a penetration testing tool developed by NOSEC. It is aimed at detecting and exploiting SQL injection vulnerabilities on websites.

4. Sqlmap
This is an open source penetration testing tool that security professionals can use. Like the BSQL Hacker tool, this one also automates SQL Injection attacks.

5. Havij
This is an automated SQL injection tool that can be used by penetration testers in order to detect vulnerabilities in web applications and exploit them.

6. Enema SQLi
This is a dynamic penetration testing tool for professionals. It is an auto-hacking software.

7. Sqlninja
This is a tool targeted at exploiting SQL injection vulnerabilities. It uses the Microsoft SQL server as its back end.

8. sqlsus
Written using the Perl programming language, this is an open source penetration testing tool for MySQL Injection and takeover.

9. Safe3 SQL Injector
This is a powerful penetration testing tool, which automates the process of detecting and exploiting SQL Injection vulnerabilities.

10. SQL Poizon
This tool includes php , asp , rfi , lf dorks that can be used for penetration testing.

Saturday, July 12, 2014

Hacker's Dictionary


Are you new to the realm of hacking?

Do you feel dumb when you don't know the meaning of a certain term?Well, then this will certainly help you out!If you are ever unsure about anything, simply scroll down and find that specific word, then read the definition.
Anything includes: Abbreviations, Phrases, Words, and Techniques.*The list is in alphabetical order for convenience!*


----------------------------------------------------------------------------------------------------------------------------------


Abbreviations


★ DDoS = Distributed Denial of Service

★ DrDoS = Distributed Reflected Denial of Service Attack, uses a list of reflection servers or other methods such as DNS to spoof an attack to look like it's coming from multiple ips. Amplification of power in the attack COULD occur.

★ FTP =File Transfer Protocol. Used for transferring files over an FTP server.

★ FUD = Fully Undetectable

★ Hex =In computer science, hexadecimal refers to base-16 numbers. These are numbers that use digits in the range: 0123456789ABCDEF. In the C programming language (as well as Java, JavaScript, C++, and other places), hexadecimal numbers are prefixed by a 0x. In this manner, one can tell that the number 0x80 is equivalent to 128 decimal, not 80 decimal.

★ HTTP =Hyper Text Transfer Protocol. The foundation of data communication for the World Wide Web.

★ IRC = Internet Relay Chat. Transmiting text messages in real time between online users.

★ JDB =Java drive-by, a very commonly used web-based exploit which allows an attacker to download and execute malicious code locally on a slave's machine through a widely known java vulnerability.

★ Malware =Malicious Software

★ Nix = Unix based operating system, usually refered to here when refering to DoS'ing.

★ POP3 =This is the most popular protocol for picking up e-mail from a server.

★ R.A.T = Remote Administration Tool

★ SDB = Silent drive-by, using a zero day web-based exploit to hiddenly and un-detectably download and execute malicious code on a slave's system. (similar to a JDB however no notification or warning is given to the user)

★ SE = Social Engineering

★ Skid =Script Kid/Script Kiddie

★ SMTP =A TCP/IP protocol used in sending and receiving e-mail.

★ SQL =Structured Query Language. It's a programming language, that used to communicate with databases and DBMS. Can go along with a word after it, such as "SQL Injection."

★ SSH =Secure Shell, used to connect to Virtual Private Servers.

★ TCP = Transmission Control Protocol, creates connections and exchanges packets of data.

★ UDP =User Datagram Protocol, An alternative data transport to TCP used for DNS, Voice over IP, and file sharing.

★ VPN =Virtual Private Network

★ VPS =Virtual Private Server

★ XSS (CSS) = Cross Site Scripting


Words


★Algorithm = A series of steps specifying which actions to take in which order.

★ANSI Bomb = ANSI.SYS key-remapping commands consist of cryptic-looking text that specifies, using ansi numeric codes to redefine keys.

★Back Door = Something a hacker leaves behind on a system in order to be able to get back in at a later time.

★Binary = A numbering system in which there are only two possible values for each digit: 0 and 1.

★Black Hat = A hacker who performs illegal actions to do with hacking online. (Bad guy, per se)

★Blue Hat =A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.

★Bot = A piece of malware that connects computer to an attacker commonly using the HTTP or IRC protocal to await malicous instructions.

★Botnet = Computers infected by worms or Trojans and taken over by hackers and brought into networks to send spam, more viruses, or launch denial of service attacks.

★Buffer Overflow = A classic exploit that sends more data than a programmer expects to receive. Buffer overflows are one of the most common programming errors, and the ones most likely to slip through quality assurance testing.

★Cracker = A specific type of hacker who decrypts passwords or breaks software copy protection schemes.

★DDoS = Distributed denial of service. Flooding someones connection with packets. Servers or web-hosted shells can send packets to a connection on a website usually from a booter.

★Deface =A website deface is an attack on a site that changes the appearance of the site or a certain webpage on the site.

★Dictionary Attack = A dictionary attack is an attack in which a cyber criminal can attempt to gain your account password. The attack uses a dictionary file, a simple list of possible passwords, and a program which fills them in. The program just fills in every single possible password on the list, untill it has found the correct one. Dictionary files usually contain the most common used passwords.

★DOX = Personal information about someone on the Internet usualy contains real name, address, phone number, SSN, credit card number, etc.

★E-Whore = A person who manipulates other people to believe that he/she is a beautiful girl doing cam shows or selling sexual pictures to make money.

★Encryption = In cryptography, encryption applies mathematical operations to data in order to render it incomprehensible. The only way to read the data is apply the reverse mathematical operations. In technical speak, encryption is applies mathematical algorithms with a key that converts plaintext to ciphertext. Only someone in possession of the key can decrypt the message.

★Exploit = A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it.

★FUD = Fully undetectable, can be used in many terms. Generally in combination with crypters, or when trying to infect someone.

★Grey Hat = A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee.Hacker (definition is widely disputed among people...) = A hacker is someone who is able to manipulate the inner workings of computers, information, and technology to work in his/her favor.

★Hacktivist = A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks.

★IP Address = On the Internet, your IP address is the unique number that others use to send you traffic.

★IP Grabber = A link that grabs someone's IP when they visit it.

★Keylogger = A software program that records all keystrokes on a computer's keyboard, used as a surveillance tool or covertly as spyware.Leach = A cultural term in the warez community referring to people who download lots of stuff but never give back to the community.

★LOIC/HOIC = Tool(s) used by many anonymous members to conduct DDoS attacks. It is not recommended to use these under any circumstances.

★Malware =Software designed to do all kinds of evil stuff like stealing identity information, running DDoS attacks, or soliciting money from the slave.

Neophyte = A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology, and hacking.

★smith = Somebody new to a forum/game.

★OldFag = Somebody who's been around a forum/game for a long time.

★Packet = Data that is sent across the Internet is broken up into packets, sent individually across the network, and reassembled back into the original data at the other end.

★Phreak =Phone Freaks. Hackers who hack cell phones for free calling. Free Long distance calling. Etc.

★Phreaking = The art and science of cracking the phone network.

★Proxy = A proxy is something that acts as a server, but when given requests from clients, acts itself as a client to the real servers.

★Rainbow Table = A rainbow table is a table of possible passwords and their hashes. It is way faster to crack a password using rainbow tables then using a dictionary attack (Bruteforce).

★Remote Administration Tool =A tool which is used to remotely control (an)other machine(s). These can be used for monitoring user actions, but often misused by cyber criminals as malware, to get their hands on valuable information, such as log in credentials.

★Resolver =Software created to get an IP address through IM (instant messenger, like Skype/MSN) programs.

★Reverse Engineering = A technique whereby the hacker attempts to discover secrets about a program. Often used by crackers, and in direct modifications to a process/application.

★Root = Highest permission level on a computer, able to modify anything on the system without restriction.

★Rootkit (ring3 ring0) =A powerful exploit used by malware to conceal all traces that it exists. Ring3 - Can be removed easily without booting in safemode. Ring0 - Very hard to remove and very rare in the wild, these can require you to format, it's very hard to remove certain ring0 rootkits without safemode.

★Script Kiddie = A script kid, or skid is a term used to describe those who use scripts created by others to hack computer systems and websites. Used as an insult, meaning that they know nothing about hacking.

★Shell = The common meaning here is a hacked web server with a DoS script uploaded to conduct DDoS attacks via a booter. OR A shell is an script-executing unit - Something you'd stick somewhere in order to execute commands of your choice.

★Social Engineer = Social engineering is a form of hacking that targets people's minds rather than their computers. A typical example is sending out snail mail marketing materials with the words "You may already have won" emblazoned across the outside of the letter. As you can see, social engineering is not unique to hackers; it's main practitioners are the marketing departments of corporations.

★Spoof = The word spoof generally means the act of forging your identity. More specifically, it refers to forging the sender's IP address (IP spoofing). (Spoofing an extension for a RAT to change it from .exe to .jpg, etc.)

★SQL Injection =An SQL injection is a method often used to hack SQL databases via a website, and gain admin control (sometimes) of the site. You can attack programs with SQLi too.

★Trojan = A Trojan is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer.

★VPS = The term is used for emphasizing that the virtual machine, although running in software on the same physical computer as other customers' virtual machines, is in many respects functionallyequivalent to a separate physical computer, is dedicated to the individual customer's needs, has the privacy of a separate physical computer, and can be configured to run server software.

★Warez = Software piracy

★White Hat = A "white hat" refers to an ethical hacker, or a computer security expert, who specializes in penetration testing and in other testing methods to ensure the security of a businesses information systems. (Good guy, per se)

★Worm = Software designed to spread malware with little to no human interaction.

Zero Day Exploit = An attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability.

Hope we helped the new learners..............

Saturday, June 28, 2014

This tutorial is about adding shadow connection manually. Here in this tutorial you will know how to add shadow connection in any java MIDlet. This Tutorial has prepared by me.
 
How To Add Shadow Connection To Any Java MIDlet Manually
 
About Shadow Connection:
Shadow connection is used to keep the connection of your phone alive. It will help to solve the connection break problems in any Java app of phone.
Tools:
1. Blueftp,Mini Commander etc.
2. Bytecode editor
Procedures:
1. Download the below file.
http://upfile.mobi/536885
2. At first extract your java MIDlet to a folder.
3. Using Bytecode editor goto the folder where you have extracted your MIDlet and search for this code:
  1. javax/microedition/midlet/MIDlet
4. Few .Class files will pop up.Then open them one by one>constant pool>press 7>Replace:
  1. javax/microedition/midlet/MIDlet
with:
  1. javay/microedition/io/Connect
then press OK. do the same with the rest of .Class files that poped up after searching.
5. After that open attached file and there you will see javay folder.
5. Extract javay folder from attached file to the folder where you have extracted your MIDlet.
6. Then pack all files together using Mini commander.After that install your modified MIDlet.
   ------------------------  

Thursday, April 10, 2014

Hello friends,
This time I am here with a modded UC Browser v9.4 with free net from Aircel, unlimited browsing and download in Nokia s40 phones.
This have been checked in Assam and it works fine here.
Please check it in your state and let us know in the comment, whether it works or not.
I am 99% sure, that it will work.
Modding Credit: mahender424888
So, first download the modded UC Browser from below:

Download
after that download the prov file from here:
Download
If the files asks for password, enter as mob2web 
So, after downloading the prov file, sent it to any non supported prov phones, like samsung. Then send the prov file again to your phone. It will be received as a configuration message. Save it and set it as default.
Now, open the UC Browser, and enjoy!
If you face any problem, feel free to comment here.

Tuesday, April 8, 2014

When you first turn on you computer (BEFORE DIALING INTO YOUR ISP),
open a MS-DOS Prompt window (start/programs MS-DOS Prompt).
Then type netstat -arn and press the Enter key.
Your screen should display the following (without the dotted lines
which I added for clarification).

-----------------------------------------------------------------------------
Active Routes:

  Network Address          Netmask  Gateway Address        Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
  255.255.255.255  255.255.255.255  255.255.255.255          0.0.0.0      1

Route Table

Active Connections

  Proto  Local Address          Foreign Address        State

--------------------------------------------------------------------------------

If you see anything else, there might be a problem (more on that later).
Now dial into your ISP, once you are connected;
go back to the MS-DOS Prompt and run the same command as before
netstat -arn, this time it will look similar to the following (without
dotted lines).

-------------------------------------------------------------------------------------

Active Routes:

  Network Address          Netmask  Gateway Address        Interface  Metric
          0.0.0.0          0.0.0.0    216.1.104.70    216.1.104.70      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      216.1.104.0    255.255.255.0    216.1.104.70    216.1.104.70      1
    216.1.104.70  255.255.255.255        127.0.0.1        127.0.0.1      1
    216.1.104.255  255.255.255.255    216.1.104.70    216.1.104.70      1
        224.0.0.0        224.0.0.0    216.1.104.70    216.1.104.70      1
  255.255.255.255  255.255.255.255    216.1.104.70    216.1.104.70      1

Route Table

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:0              0.0.0.0:0              LISTENING
  TCP    216.1.104.70:137      0.0.0.0:0              LISTENING
  TCP    216.1.104.70:138      0.0.0.0:0              LISTENING
  TCP    216.1.104.70:139      0.0.0.0:0              LISTENING
  UDP    216.1.104.70:137      *:*      

--------------------------------------------------------------------------------

What you are seeing in the first section (Active Routes) under the heading of
Network Address are some additional lines. The only ones that should be there
are ones belonging to your ISP (more on that later). In the second section
(Route Table) under Local Address you are seeing the IP address that your ISP
assigned you (in this example 216.1.104.70).

The numbers are divided into four dot notations, the first three should be
the same for both sets, while in this case the .70 is the unique number
assigned for THIS session. Next time you dial in that number will more than
likely be different.

To make sure that the first three notation are as they should be, we will run
one more command from the MS-DOS window.
From the MS-DOS Prompt type tracert /www.yourispwebsite.com or .net
or whatever it ends in. Following is an example of the output you should see.

---------------------------------------------------------------------------------------

Tracing route to /www.motion.net [207.239.117.112]over a maximum of 30 hops:
1  128 ms  2084 ms  102 ms  chat-port.motion.net [216.1.104.4]
2  115 ms  188 ms  117 ms  chat-core.motion.net [216.1.104.1]
3  108 ms  116 ms  119 ms  www.motion.net [207.239.117.112]
Trace complete.

------------------------------------------------------------------------------------------

You will see that on lines with the 1 and 2 the first three notations of the
address match with what we saw above, which is a good thing. If it does not,
then some further investigation is needed.

If everything matches like above, you can almost breath easier. Another thing
which should you should check is programs launched during startup. To find
these, Click start/programs/startup, look at what shows up. You should be
able to recognize everything there, if not, once again more investigation is
needed.

-------------------------------------------------------------------------------------------

Now just because everything reported out like we expected (and demonstrated
above) we still are not out of the woods. How is this so, you ask? Do you use
Netmeeting? Do you get on IRC (Internet Relay Chat)? Or any other program
that makes use of the Internet. Have you every recieved an email with an
attachment that ended in .exe? The list goes on and on, basically anything
that you run could have become infected with a trojan. What this means, is
the program appears to do what you expect, but also does just a little more.
This little more could be blasting ebay.com or one of the other sites that
CNNlive was talking about.

What can you do? Well some anti-virus software will detect some trojans.
Another (tedious) thing is to start each of these "extra" Internet programs
one at a time and go through the last two steps above, looking at the routes
and connection the program uses. However, the tricky part will be figuring
out where to tracert to in order to find out if the addresses you see in
step 2 are "safe" or not. I should forewarn you, that running tracert after
tracert, after tracert might be considered "improper" by your ISP. The steps
outlined above may not work exactly as I have stated depending upon your ISP,
but with a true ISP it should work. Finally, this advise comes with NO
warranty and by following my "hints' you implicitly release me from ANY and
ALL liability which you may incur.


 Other options

Display protocol statistics and current TCP/IP network connections.
Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [intervals]

-a.. Display all connections and listening ports.
-e.. Display Ethernet statistics. This may be combined with the -s option.
-n.. Diplays address and port numbers in the numerical form.
-p proto..Shows connections for the protocol specified by proto; proto may be
TCP or UDP. If used with the -s option to display per-protocol statistics,
proto may be TCP, UDP, of IP.
-r.. Display the routing table.
-s.. Display per-protocol statistics. By default, statistics are shown for TCP
UDP and IP; the -p option may be used to specify a subset of the default
interval..Redisplay selected statistics, pausing intervals seconds between each
display. If omitted. netstat will print the current configuration information
once

Sunday, April 6, 2014

Caught A Virus?


If you've let your guard down--or even if you haven't--it can be hard to tell if your PC is infected. Here's what to do if you suspect the worst.


Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you'll lose all your data, and you'll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.

You know they're right. Yet for one reason or another, you're not running antivirus software, or you are but it's not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Antivirus. Or maybe your annual subscription of virus definitions recently expired, and you've put off renewing.

It happens. It's nothing to be ashamed of. But chances are, either you're infected right now, as we speak, or you will be very soon.

For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, "an unprotected [Windows] computer will become owned by a bot within 14 minutes."

Today's viruses, worms, and so-called bots--which turn your PC into a zombie that does the hacker's bidding (such as mass-mailing spam)--aren't going to announce their presence. Real viruses aren't like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you're not well protected.

Is Your PC "Owned?"


I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than malware. After all, people who write malware want to hide their program's presence. People who write commercial software put icons all over your desktop. Who's going to work harder to go unnoticed?

Other indicators that may, in fact, indicate that there's nothing that you need to worry about, include:


* An automated e-mail telling you that you're sending out infected mail. E-mail viruses and worms typically come from faked addresses.
* A frantic note from a friend saying they've been infected, and therefore so have you. This is likely a hoax. It's especially suspicious if the note tells you the virus can't be detected but you can get rid of it by deleting one simple file. Don't be fooled--and don't delete that file.

I'm not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.

Sniffing Out an Infection



There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you're not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability.

To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check "Show icon in notification area when connected," and click OK.

If you're interested in being a PC detective, you can sniff around further for malware. By hitting Ctrl-Alt-Delete in Windows, you'll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is.

Want another place to look? In Windows XP, click Start, Run, type "services.msc" in the box, and press Enter. You'll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine.

Finally, you can do more detective work by selecting Start, Run, and typing "msconfig" in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird.

If any of these tools won't run--or if your security software won't run--that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.

What to Do Next


Once you're fairly sure your system is infected, don't panic. There are steps you can take to assess the damage, depending on your current level of protection.

* If you don't have any antivirus software on your system (shame on you), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There's McAfee FreeScan, Symantec Security Check, and Trend Micro's HouseCall. If one doesn't find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you're done, buy or download a real antivirus program.
* If you have antivirus software, but it isn't active, get offline, unplug wires-- whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software.
* If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out GriSOFT's Virus Encyclopedia, Eset's Virus Descriptions, McAffee's Virus Glossary, Symantec's Virus Encyclopedia, or Trend Micro's Virus Encyclopedia.

A Microgram of Prevention


Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer's security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro's PC-Cillin, which you can buy for $50.

Don't want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).

Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn't worth your money or your time.

Speaking of updating, the same goes for Windows. Use Windows Update (it's right there on your Start Menu) to make sure you're getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say "Service Pack 2."

Here are a few more pointers for a virus-free life:


* Be careful with e-mail. Set your e-mail software security settings to high. Don't open messages with generic-sounding subjects that don't apply specifically to you from people you don't know. Don't open an attachment unless you're expecting it.
* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.
* Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your ports' status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.

Friday, April 4, 2014


Remove Ads from Java Apps and Games

Its been always very tough to handle mobile apps and game with ads, specially in the Java phones. So, today I am here with a tutorial which will help you to remove ads from any Java Apps/Games.


Tools required: Opera Mini Mod and BlueFTP

Now, simply follow this simple steps
 
1. Open BlueFTP.


2. Go to your _jar file.

3. Rename it to .zip at the end.



4. Open the file.

5. Go to options and select all the files.

6. Go to options and select extract.

7. Press options and make a new folder.

8. Open that folder.

9. Press options and select extract here.

10. Now BlueFTP is extracting files.

11. After extraction is completed, a dialog box will come up.

12. Now press options and click search.

13. Type 'vserv' in the box.

14. Go down and tick unknown files.

15. Press accept.
16. Now BlueFTP is searching for the file.

17. After it is found, press options and select go to item.

18. Press back and remember the path where it is located.
19. Now close BlueFTP.

20. Open Opera Mini Mod.

21. Go to File Manager.

22. Scroll to the 'vserv' file.

23. Open it in HEX mode.

24. Go to page 2.

25. Go to options and select find/replace.

26. Type '99 00 05 04' in the find box and '9a 00 05 04' in the replace box with the spaces intact. Make sure you check the replace checkbox.

27. Now Opera Mini Mod will replace that binary.

28. Press options and save the file.

29. Close Opera Mini.
30. Open BlueFTP and open the folder.

31. Press options and select all files.

32. Press options and select compress files (jar).

33. Type a name and press ok.

34. The new _jar file is your cracked app.



So, here I finish it. If you get any problems, kindly post it in the comments.

Thursday, April 3, 2014

An alert for all our readers! A fake news about the missing Malaysian plane flight number MH370 is being circulated all over the Internet in which scammers are luring users to earn money by clicking a malicious video.

First it will ask you to verify your age, just to feel like link is trustworthy.
  First it will ask you to verify your age, just to feel like link is trustworthy.
Once you click the link, it redirects you too a malicious website.
This is how the preview of scam links looks like
This is how the preview of scam links looks like
Note the URL address in the screenshot given below:
This is how the fake video scam link look on Facebook
This is how the fake video scam link look on Facebook
According to AlArabia, several articles and posts have been made on Facebook, Twitter and other social media platforms with catchy headlines and images such as:
  • Malaysia Plane (MH-370) Has Been Found Near Bermuda Triangle. BBC News: Recent Video Released!” 
The scam goes viral on Twitter
The scam goes viral on Twitter
  • Shocking Video: Malaysian Airlines missing flight MH370 found at sea”
missing-malaysia-airlines-flight-mh370-plane-found-in-bermuda-triangle-viral-facebook-links-are-profiting-hackers-4
  • Malaysian Airplane MH370 Already Found. Shocking Video Release Today by CNN”
missing-malaysia-airlines-flight-mh370-plane-found-in-bermuda-triangle-viral-facebook-links-are-profiting-hackers-6
  • Plane has been spotted somewhere near Bermuda triangle. Shocking videos released today. CNN news”
That is how it's preview on Facebook looks like
That is how it’s preview on Facebook looks like
  • MH370 Malaysia plane has been found. Shocking videos released today. Last video of passengers crying released”
missing-malaysia-airlines-flight-mh370-plane-found-in-bermuda-triangle-viral-facebook-links-are-profiting-hackers--8
Christopher Boyd of Malwarebytes blog wrote a brief analysis on the ongoing scam, according to which:
  • Unfortunately, we have to warn you that scammers are looking to make some money off the back of the disappearance of Flight MH370 via the usual social media channels. The links typically lead to fake news / video sites, and encourage visitors to share the links to social media channels then either fill in surveys or click on adverts. It goes without saying that they won’t be shown a crash video at the end of this process, because there is no crash video – just a sick hoax,”
This is not the first time when thugs and scammers have taken advantage of a heartbreaking incident. During the Philippines earthquake last year and Japanese earthquake and tsunami of 2011, similar scams went viral.

Wednesday, April 2, 2014

 

Hacking & Security but Hacking is possible only when you're good in Programming. If you're champ in programming and Networking then Hacking is like a Piece of Cake for you, yeah it will take little long time, but it's really worthy.

Can I learn Hacking without Knowing Programming ?

Simply you can't, Listen guys daily I get many request to teach Hacking, Cracking, Defacing & Vulnerability hunting but basically I just tell them if you don't know Programming then you can't Hack anything, Yeah you can learn simple tricks, and some basic attacks only. But if you want to become Professional Hacker or Security Researcher then you'll have to become Champ in Programming and Networking. Guys Programming isn't too much hard just we need to concentrate and practice, practice & practice. If you'll understand Programming and Coding of Web-App, and Software then you'll simply understand weakness point of the App, You'll get to know HOW it works and you can create,explore, hack,learn and Earn.

Programming language is the base of Hacking, without Programming no one can learn Hacking, I mean Professional & Best Hacking methods like Vulnerability Hunting, Exploitation, Reverse Engineering, SQLi, XSS & Advance XSS methods etc.

So! How can I learn Programming ?

There're many ways to learn Programming languages, if you've passion in Hacking & Programming and you're Computer geek! then you can do it by yourself only : Yeah! you can use Google, E-books, Some Websites that teach us online Programming languages, or you can also learn in Group friendsJoin Classes.



What Should I learn ? to become Hacker ?

Well, this is our main Point of tutorial - So what should I learn ? First of all be passionate about Programming & Hacking. Trust in yourself & Be Passionate.

There are two fields in Hacking :

1. Web-Application Hacking
2. Software Cracking/Hacking

So, first of all make sure in which field you want to become best. If you'll ask me then I'll prefer you First Web Application Hacking & Programming, web Programming isn't too much Hard, you'll be able to understand Software Programming languages. Below is the Step by Step Languages Guide and Compulsory Programming languages for Hackers.

1. Web Application Hacking & Programming.

As you know that guys, Web Application are coded in different languages and methods using Advance Programming techniques and Codes, and if you'll learn all types of Web Programming and Coding then you'll be able to Hack it & find weakness point of Web App.

Important Programming languages for Hackers (Web App):
  •     HTML, JavaScript, & CSS (DHTML)
  •     PHP/ASP & SQL (Most Recommended - Server Side Scripting)
  •     Ajax, jQuery, & JSON - (Must know little bit)
  •     XML, DHTML.
  •     Networking - (TCP/IP, HTTP, SMPT, etc) Most recommended.
  •     Moving to advance stuffs like - (Python, C, Perl, and Ruby)


HTML is one of the famous and all time useful Web Programming languages, to develop website and contents it is strongly recommended you to learn HTML. Static and Dynamic generators. JavaScript and CSS is also useful for hackers to discover XSS flaws and Bypassing techniques.

PHP/ASP is strongly recommended you to learn because it is server side scripting languages. It's Dynamic Web-Apps Programming language. Now SQL, As you know that SQL Injection the technique of Injection attacks into DB, that can leak website sensitive data and also lead to Defacement. XML is also recommende to learn - Data transmission, SOAP technology etc.

AJAX, jQuery and JSON are lightweight fat client - programming languages, it's not highly recommended but you must know it's 50%.

Now Networking is also one of the mostly recommended thing you must learn. because without knowing it's flow, method, logic and Encoding/Decoding you won't understand how everything is going on. so the most important things you must know is - TCP/IP, SSL, HTTP, SMPT, Proxies and Other Protocols.

Unfortunately even i've not moved to advance stuffs like Python, Perl - Writing exploits, so no experience or knowledge. I'm still on programming, but i'll definitely post in future about Advance Scripting and writing Exploits.

2. Software Cracking/Hacking & Programming.

Okay! so now Software Cracking, Hacking & Programming is also very useful in Computer Hacking & Cracking Field. #Reverse Engineering, #Network, Adatpter, Wifi Cracking & Hacking, #Software Cracking #Virus #Trojan #Malware and etc methods used to hack , #Software and #Secret Service Information.

What you must know ?

  •     C Programmming
  •     C++
  •     Python
  •     UNIX/Linux
  •     VB & .Net
  •     Assembly Language (Most Important for Cracking & Hacking)
Add me on Facebook Follow me on Twitter!