Tuesday 26 March 2013

PROXY SERVER

Proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.
A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server , looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.

Proxy servers:
1. TOR browse
2.Security kiss
3.cyber ghost

The best Anonymizers:

InCloak.com  

 

http://anonymouse.ws/

 

http://www.hidemyass.com/


http://www.shadowsurf.com/  

 

www.proxyforall.com


Easy Security Web Proxy


HotSurfLive Web Proxy


New Anonymous Web Proxy


Nu3ga Myspace Proxy 

 



Posted by at 1 comment:

Steps performed by hacker to attack the target

1. 1     R1econnaissance
2.      Scanni1
1.     STEPS PERFORMED BY HACKER :

     1.Reconnaissance
     2.Scanning
     3.Ganing Access
     4.Maintaining Access
     5.Clearing Logs 


RECONNAISSANCE:
It can describe as pre-attack phase and is systmatic attempt to laocate,gather,identify and record             information about target.


SCANNING:
Scanning and enumration is considered as second pre-attack  phase.this phase involves taking the information discovered during reconnaissance and using it to examine the network.In this step port scanning is done to determine open ports and vlurnable services.in this stage attacker can use different tools to discover system vulnerabilities.


GAINING ACCESS:
This is place where real hacking takes place.Vulnerabilites discovered during reconnaissance ans scanning are now exploited to gain access.The method of connection the hacker uses for an exploit can be local area network, local access to PC ,Internet or offline.


MAINTAINING ACCESS:
1.Once a hacker has gain access they want to keep that access for future exploitation and attacks.Hacker harden the system from other hackers or security personnel by securing their exclusive access with backdoors, root kits and trojans.
2.The attacker can use automated script s and automated tools for hiding attack evidence and also to create backdoors for future attacks.


CLEARING LOGS:
In this phase once a hacker have been able to gain and  maintain access,they cover their attacks to avoid detection by security personnel, to continue to use thier owned system,to remove  evidence of hacking or to avoid legal action.



FREELY AVAILABLE RESOURCES IN HIS ATTACK.

Websits:
1.who.is
2.whois.net 
 Tools:
1.nmap
2.netsparker
3.nettools
4.acunetics

2.      Scanning11.
3.      Gaining Access
4.      Maintaining Access
5.      Clearing Tracks
ng
3.      Gaining Access
4.      Maintaining Access
5.      Clearing Tracks
Posted by at No comments:

Hacking Conferences

The best way to learn new things and get into the InfoSec world is attending Security and Hacker Conferences.  You can meet lot of security Experts and Black Hat hackers.

Here is a list of International IT Security and Hacker conferences with a short description about the conference.

DEFCON Hacking Conference: 

DEF CON, one of the worlds largest and longest running hacking conferences, celebrates it's 20th year with an energetic and appropriately themed compilation, entitled "XX". Founder and head of the conference Jeff Moss, also known as Dark Tangent.

 

www.defcon.co.in

 

Black Hat hacker conference: 

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world - from the corporate and government sectors to academic and even underground researchers.

 

https://www.blackhat.com/ 

 

Nullcon : 

 The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform which caters to the needs of IT Security industry at large in a comprehensive way.

 

 http://www.nullcon.net/

 

ClubHack: 

ClubHack is a NOT-FOR-PROFIT initiative to bring security awareness in common people who use computers and internet in their daily life. It’s a member driven open community to make cyber security a common sense. The phenomenal growth of the Internet economy has led to a sharp increase in computer crimes and hacking incidents. ClubHack aims at making technology users aware of the risks associated with cyber transactions as well as the security measures.


http://www.clubhack.com/ 

 

C0C0N: 

c0c0n is aimed at providing a platform to discuss, showcase, educate, understand and spread awareness on the latest trends in information, cyber and hi-tech crimes. It also aims to provide a hand-shaking platform for various corporate, government organizations including the various investigation agencies, academia, research organizations and other industry leaders and players for better co-ordination in making the cyber world a better and safe place to be. It will also serve as a platform to devise strategies to prevent cyber crimes against women.

 

http://is-ra.org/c0c0n/ 

 

X.25 Ethical Hacking Conference :  

X.25 Ethical Hacking Conferences is performed every year in Mexico and one of the busiest in terms of computer security issues.

 

www.x25.org.mx

 

Intelligence-Sec: 

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

 

http://www.intelligence-sec.com/ 

 

Hackers Halted:  

The Hacker Halted APAC event annually gathers around 500 individuals; this consists of everyone, from ethical hackers to key C-level executives from corporates, government bodies and solution seekers. 

 

http://hackerhaltedapac.org 

 

ISWec: 

Infosecurity World is an annual exhibition and conference dedicated to Asia Pacific information security marketplace. The event showcases latest innovation, products and services from established to emerging brands.

 

http://infosecurityworld.net/

Hackinthebox:  

Asia’s largest network security conference held annually in Kuala Lumpur, Malaysia and more recently the Middle East.

 

http://conference.hackinthebox.org


NOTACON:

 Not quite sure what hacker cons are really about? Do you like building and creating stuff? Are you tired of infosec focused conferences? Do you want to have fun while actively learning about cool stuff and meeting awesome people? NOTACON is the conference for you! No degree in computer science, nor job in IT is required to have a great time at Notacon. In fact, we believe some of the best hacks occur in areas outside of technology altogether.

 

http://www.notacon.org/


Posted by at No comments:

Hacking And Types of Hackers

Hacking is any act of trying to access any system for which any particular is not authorised.
 Types of Hackers.
 There are thee types of  hackers:
 1.White hat
 2.Grey hat
 3.Black hat
 4.Suicide hackers

White hat hackers :- they do hacking only for ethics they trace and monitor the malicious activity.they have the legal rights to do hack or related to hacking . they are also called ethical hackers.

Black hat hackers :- they do only malicious thing like making trojens ,hacking email id .they actually called crackers . they don't have the legal rights to do that. they are called non ethical hackers.

Grey hat hackers :-some time white hat hackers turn to black hat hackers those hackers are called grey hat hackers.

Suicide hackers :- that type of hackers do the illegal job without fear of police or law.






Posted by at No comments:

Thursday 21 March 2013

Email Hacking

hacking Email Spamming :
Email spamming refers to sending email to thousands and thousands of users – similar to a chain letter. Spamming is often done deliberately to use network resources. Email spamming may be combined with email spoofing, so that it is very difficult to determine the actual originating email address of the sender. Some email systems, including our Microsoft Exchange, have the ability to block incoming mail from a specific address. However, because these individuals change their email addresses frequently, it is difficult to prevent some spam from reaching your email inbox.


Download email spaamer from this link

http://www.sendspace.com/file/1rve3c

Email Spoofing :
E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately.  E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write.


 Download E-mail spoofer from this link

http://www.sendspace.com/file/wfyuhs

Email Tracing :
Email tracking is a method for monitoring the email delivery to intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date that an email was received or opened, as well the IP address of the recipient.

There are basically two steps involved in the process of tracking an email: find the IP address in the email header section and then look up the location of the IP address.

Finding the IP address of an email sender in GMail, Yahoo Mail, and Outlook:

Google’s Gmail
1. Log into your account and open the email in question.
2. Click on the down arrow that’s to the right of the Reply link. Choose Show Original from the list.
You need to look for the lines of text that start with “Received: from“. It might be easier to simply press Cntrl + F and perform a search for that phase. You’ll notice that there are several Received From’s in the message header. This is because the message header contains the IP addresses of all of servers involved in routing that email to you.


 

Yahoo Mail:
1. Log into your account and open the email (if you’re using Yahoo Mail Beta with the new preview interface, make sure you double-click on the email so that it opens in a new tab)
2. At the top right, you’ll see there is a drop-down option where Standard Header is selected by default.
3. Click on it and choose Full Header.


Again, you’ll see the same information as before, just in a different window:
 Email Security :
The protection of email from unauthorized access and inspection is known as electronic security


Some tips to for security:

  1. Have a secure password. Passwords are there to protect your account, without passwords we would be lost. Make sure you password is complicated do not use your name, or last name E.g DO NOT PUT "Jarry" because it will be the first thing that hackers will do is GUESS your password based on your name. Don't use a phrase or use a pet name that most people know about, E.g DO NOT PUT "MyPettomy" Try to use a complicated code like "mkael092" or use a code like this "09484M92" so it is impossible to guess.. A good password will contain a combination of uppercase and lowercase letters; numbers; and/or special characters such as %, $, and +. It is very important to keep your password private at all times. A password that contains a mixture of letters and numbers is a good way of securing your password.
  2. Protect your computer. If your computer is wireless or does not use any anti virus software and is used not just by you, your email address & password is completely at risk. Download  anti virus software . Using wireless isn't the safest form of using the internet, as it can be HACKED by people using "SNIFFERS" If you have no other choice make sure you have a WPA key on your wireless internet, you can change or add one by going into Connections>Your Wireless Network>Wireless Map>Your Router>Properties>Device Webpage then click Wireless Security Settings And then "WEP/WPA Key" It's best to have it set using a WPA key as it's the latest version of security.

  3. Using Encrypted Connections to Your E-mail Servers.If you only access your e-mail through a Web browser, all you need to do is make sure the connection is secured with Secure Sockets Layer (SSL) encryption, in order to combat the client-server issue. The Web address should begin with https rather than http, and you should see a padlock icon displayed next to the address bar or on the status bar at the bottom of the browser.

      Creating Fake Email: To create Fake emails download tools from this link.http://www.sendspace.com/file/og2cp0, ,http://www.sendspace.com/file/ckwngm
Posted by at 2 comments:

Monday 11 March 2013

Active Password Changer


Lost Password Recovery easily!

Active@ Password Changer is designed for resetting local administrator and user passwords in case an Administrator's password is forgotten or lost. You do not need to re-install and re-configure the operating system.
With Active@ Password Changer you can log in as a particular user with a blank password. 

SYSTEM REQUIREMENTS
Active@ Password Changer for DOS requires:
- AT compatible CPU with 386 or greater processor
- 640 Kb of RAM
- 1.44 Mb floppy disk drive or CD- ROM drive
- EGA 640x480 or better screen resolution
- Bootable Floppy or CD-ROM containing DOS, or startup disk for Windows 95/98

Bootable floppy disk (startup disk) preparation
1. Preparing a DOS- Bootable Floppy Disk (Startup Disk).
If you do not have bootable floppy, you can prepare such disk from MS-DOS, Windows 95/98
the following ways:
- If you boot in MS-DOS or in Command Prompt mode of Windows 95/98, insert blank floppy
and type:
C:\> FORMAT A: /S
… and follow the instructions on a screen
- If you boot in Windows 95/98/ME, go to the "Control Panel" then "Add/Remove Programs",
then switch to tab "Startup Disk" and click button "Startup Disk..." and follow the instructions
- If you boot in Windows XP, insert blank floppy, right-click A: drive, choose "Format...", check
"Create an MS-DOS startup disk" option and click "Start" button
2. Copying Active@ Password Changer.
Copy Active@ Password Changer (PWD_CHNG.EXE) to the bootable floppy disk.

Program start
- Boot from the floppy or CD-ROM in DOS mode, or Command Prompt mode in Windows 95/98
- Run Active@ Password Changer by typing this command, along with [Enter]:
A:\> PWD_CHNG.EXE
- You will see the following options:

- Press [1], [2] or [3] key for the action you want to perform.
- Press [Esc] to exit the program.
Logical Drive Selection
- If you have chosen the first option on Options screen you may select a particular volume to
scan for SAM detection.
-

- Press [1]…[9] key for particular volume selection, or [A] key to scan all volumes
- Press [Enter] to perform default action (scan all volumes).
SAM Selection
- If the only SAM database is detected, press [ENTER] to get users information:

- If several SAM databases are detected you will be asked to choose the right one:


- Press [1] … [9] key for particular SAM database selection based on the appropriate
database location and volume information.

User Selection
- After SAM database is scanned for all users the list of local users will be detected:







- Press [1] … [9] key for particular user information display
- Press [PgUp], [PgDown] to scroll the users list.
Please note:
- Primary (built-in) Administrator is outlined by Cyan color,
- Other users having Administrator’s privileges are outlined by Green color,
- Users having Administrator’s privileges but disabled are outlined by Dark Green color,
- Disabled Users are outlined by Grey color.


Password Reset and changing account parameters
- After user account is chosen you see its information form SAM database




- Password changer shows Existing account’s parameters in one column and
recommended settings in another;
- If you defined this user as a user you need to change settings and reset password, just
press [Y] to do that.
- You can also change default recommended settings and make your own choice. To
choose desired option use arrows keys and [Space] key to mark or unmark it.


- To view and change permitted logon days and hours press [PgDn] key:




- To select and choose days and hours use arrow keys and [Space] bar. Please note that
hours are pointed in GMT (Greenwich Mean Time) and you should take into account
your time zone. NOTE: Default Windows system accounts may not have “permitted
logon hours” options;
- Press [Y] if you like to save your changes or press [Esc] to save account intact and
return to previous window (List of accounts)





Posted by at No comments:

Sunday 24 February 2013

Some Usefull Websites

Posted by at No comments:
Subscribe to: Posts (Atom)