Subscribe:

Ads 468x60px

Featured Posts

Saturday, 8 March 2014

5 of the most common mistake made by beginners in hacking


5 most common mistake made by beginners in hacking



I decided to create tutorial for Novice Hack in, we all have gone through, we have committed mistake
without knowledge so I decided to share with you,


5 of the most common mistake made by beginners in hacking :

1) Never trust sites that ask you for money in exchange for Software piracy or claim Hack Email
Id in exchange for money . All these things are Scam . Fake software named : Fake :

2) There is no software DIRECT Hack Facebook , Google , Yahoo or any other important site .
All software that claim to do is scam . They are simply designed to take your money and
 in the worst cases , these software are : Trojans and keyloggers in them.
Therefore your account is hacked.

3 ) NEVER NEVER use keyloggers or Trojans that you find freeware on the Internet. The pirates are not
stupid . they compile keyloggers and trojans with almost all software and when you install them , you
are already hacked before trying to hack others.

4) You will never be a good hacker without knowledge of programming languages and scripting .
When you plan to use only the software ready and do not depend on them for all this piracy then your
functionality is limited to the functionality of the software. When you are not going to use your
brain , just do the right thing copy and paste , then?  how can you think you are a good hacker?


5) If you are a good hacker , you have to become a good programmer, writer good script , a
good web developer and an expert in excellent security . Well all good Hacker / must have a
good knowledge of the various aspects and programming languages . To XSS (Cross Site Scripting ) , PHP,
SQL injection , phishing attacks , etc. footprint ... , Must be good at programming and scripting . And
when you know the loop holes are different vulnerabilities and safety tips you have become an expert in
computer security . So Never Ever Under believes that the term Hacker.Not a hacker is a person who
just hacks email id or servers , but a real Hacker is a computer genius whose knowledge of computers

more than anyone.

Friday, 7 March 2014

How can you format your removable media or pen drive in NTFS file system.

How can you format your removable media or pen drive in NTFS file system.



Hi, I'm going to tell you that "how can you format your removable media or pen drive in NTFS file system instead of FAT or FAT32 ".
you can do it in just few steps.

step 1:-  plug in your removable media or pen drive in your pc or laptop.

step 2:-  after detecting it, open my computer and right click on your removable disk and select properties.

step 3:-  a dialog box will be open and go to the tab   and select your disk listed bellow.

step 4:-  after selecting  your disk, click on properties .

step 4:- a dialog box will appear again and go to the tab   and click on "optimize for performance".
             then click on ok and close the tab.

step 5:- now if you want to format your pen drive, simple right click on your disk in my computer and select format.

step 6:- now there you can choose your file system  NTFS.

Thursday, 6 March 2014

Software Collection



Software Collection





1 - PLAYSTATION EMULATOR 

You can play ps2 games on your pc with this utility,a very handy tool for gamers,its better than bleem in compatibility.


2 - Windows Admin Password Reset (Small Linux disk) 

Its a small linux image which can resets the admin password.


3 - RAPIDSHARE ACCOUNT CHECKER(New Mask Added) 

Title says it all.


4 - SQL FUZZER WITH VIDEO TUTORIAL(Only 1.5mb) 

Powerfull tool for sql injection.


5 - Ca0s SQL Perl Inj3ct0r v1

Good SQL injection tools source code.


6 - Milw0rm_Search_Utility_v1.0 

Small utility which can search exploits for you.


7 - Vaqxine Keylogger 

A very good tool by reputed member,it might not be FUD now but its a good tool.


8 - Hackers Tool Box

Many handy tools.


9 - Nathans Image Worm 

It replaces every image on victim's pc with your defined image


10 - HTTP Recon 7.3

Use it know weather an exe is backdoored or not.Basically its for Fingerprinting and vulnerability analysis.


11 - JKymmel's Crypter

For crypting you viruses.


12 - Icon changer

Change the icon of any file


ANONIMITY TOOLS


13 - Proximitron

It proxifies every program you use even the command prompt.


14 - RAT proxy

A tool to proxify yourself.Full info. attached.


15 - Multi Proxy 

Changes Your proxy on just one click or every few seconds.


16 - Jasager_Firmware_1.0 

Its a Wifi MitM Tool for faking Your Access Point,it has lots of deadly features.


17 - Hide my windows installer 

Hides your running programs instantly


SECURITY TOOLS


18 - TrueCrypt Setup 6.2a 

It uses a powerfull encryption system used by government and agencies to encrypt your data.


19 - NortOn GoBack

This tools has saved me lots of time from serious error,this is a must have tools,it can restore your pc to exact date and time.Its 1000 times better than system restore.


20 - Anti_keylogger_sheild_v3.0

Now you don't have to worry about keyloggers and stealers,very usefull to have.


21 - Process Explorer 

A utility for listing all the processes running.


REVERSE ENGINEERING TOOLS


22 - Resource Hacker

A good tool for reverse engg.


23 - xvi32

A easy to use hexing tools.Very handy tool.


24 - PE.Explorer for Reverse engg.

More advanced tool for hexing.


DDOS TOOLS


25 - ProDoS v1.0

Powerfull tool to ddos websites.Just like site hog


26 - Ddos any site in this WWW

Title says it all.


27 - Site_Hog_v1

One of the most powerfull ddos tool.


28 - BFF DoS (Ping) v1.0
A good ddoser by BFF Productions


29 - zDoS
Again a powerfull ddoser.


30 - Secret Downloader 

Makes your victim download a trojan and run it hidden.


NEWLY ADDED TOOLS


31 - MD5 CRACKER BY XDEMO 

A good md5 Cracker.


32 - PHISH GRABBER 

This tool will try to brute directories and files for the password log.In short it will hijack someone elses phishing log and their "hard work".
OCX and premade work list is included 


33 - MASSIVE XXX PASSWORDS DUMP

TITLE SAYS IT ALL


35 - KeyScrambler 
It encrypts all the keys you presses on the keyboard thereby protecting you from keyloggers,its a very usefull tool and it works great for me.


36 - FUD GMAIL HACKER 
Awesome tool to hack gmail passwords,just needed little social engg.It makes victim feel that he/she is hacking a gmail id.


37 - VNC CLIENT FOR YOUR MOBILE 

A VNC Client for J2ME (Java 2 Mobile Edition)

Acunetix Web Vulnerability



Acunetix Web Vulnerability 




Keeping personal and important business information private is just as important as having a strong defense against the many threats that may impact onto the functioning of a simple home computer. When the security needs involve protecting a web server, there are several possibilities to add supplemental safety measures.

First of all, the administrator should assess the current state of the network security and to do so, a utility like Acunetix Web Vulnerability Scanner may prove a gem. Mainly aimed at web applications and related content, the software is able to scan for and detect a wide range of exposures, many of which are common to several environments.

For instance, with Acunetix Web Vulnerability Scanner it is possible to find out if a system is exposed to various types of code injection and execution, as well as to the widespread cross-site scripting (XSS) attacks.

The program is also able to inspect folder permissions and discover potentially unsafe HTTP methods that may be active on the target web server. Port scanning is another activity you can try with this application because if it discovers open ports, Acunetix Web Vulnerability Scanner will immediately start testing in-depth the network security starting from that possible point of intrusion.

You can also check out the data that is being sent by your web apps. For this purpose you have at your disposal a HTTP Sniffer and a HTTP Fuzzer to intercept, capture and modify the traffic, as well as check for dangerous flaws that would allow for a buffer overflow attack.

Since it is packed with features and is accompanied by powerful technologies, Acunetix Web Vulnerability Scanner is a solid contender insofar as web server testing and network security examination are concerned. Quite user-friendly and not at all difficult to use, this software is indeed one that deserves a closer look if you have certain doubts that your environment is fool proof.


Backtrack 5


Backtrack



 

Backtrack is Linux Based Penetration Testing Operating system which provides many inbuilt tools which are used for vulnerability assessment, exploitation and penetration testing. Apart from using metasploit framework on backtrack there is a complete series of "Exploitation Tools". The tools in Backtrack are divided into following broad categories.

Information Gathering
Vulnerability Assessment
Exploitation Tools
Privilege Escalation
Maintaining Access
Reverse Engineering
RFID Tools
Stress testing
Forensics
Reporting Tools
Services
Miscellaneous


Download Now

Wednesday, 5 March 2014

Anonymous-Os !!


Anonymous-Os !! 






Anonymous Hackers released their own Operating System with name "Anonymous-OS", is Live is an ubuntu-based distribution and created under Ubuntu 11.10 and uses Mate desktop. You can create the LiveUSB with Unetbootin.

Pre-installed apps on Anonymous-OS

ParolaPass Password Generator - Find Host IP - Anonymous HOIC - Ddosim - Pyloris - Slowloris - TorsHammer - Sqlmap - Havij - Sql Poison - Admin Finder - John the Ripper - Hash Identifier - Tor - XChat IRC - Pidgin - Vidalia - Polipo - JonDo - i2p - Wireshark - Zenmap …and more 

Warning : It is not developed by any Genuine Source, can be backdoored OS by any Law enforcement Company or Hacker. Use at your own Risk.

Another Live OS for anonymity available called "Tails". Which is a live CD or live USB that aims at preserving your privacy and anonymity.It helps you to use the Internet anonymously almost anywhere you go and on any computer:all connections to the Internet are forced to go through the Tor network or to leave no trace on the computer you're using unless you ask it explicitly, or use state-of-the-art cryptographic tools to encrypt your files, email and instant messaging. 


The password to log in is : anon

Kali Linux !!


Kali Linux !! 








Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni and Devon Kearns of Offensive Security developed it by rewriting BackTrack, their previous forensics Linux distribution.

Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs).Users may run Kali Linux from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

Kali Linux is distributed in 32- and 64-bit images for use on hosts based on the x86 instruction set, as well as an image for the ARM architecture for use on the Raspberry Pi computer and on Samsung's ARM Chromebook.










How To Choose The Best Linux Distribution For You

How To Choose The Best Linux Distribution For You







I saw that many people have problems choosing an linux distro that will suit them. 
So i found an exelent Linux quiz that tells you what linux distro will suit you the best Here are somescreen shots i took. The test is much more longer 









For the End Results You will get something like this





Dump Password Using Pwdump And Fgdump

Dump Password Using Pwdump And Fgdump



One of the crucial stage in hacking is dumping passwords. As we know passwords are stored in encrypted form in system, these encrypted passwords needs to be dumped to be cracked before using some good password cracking tool like Lopht Crack, John The Ripper etc. But before we crack passwords lets make our-self aware of two cool password hash dumping tools
.

Pwdump6:
It is modern version of pwdump3 program that was written to crack Windows 2k and Windows NT passwords few years back. It is able to extract passwords in-spite of syskey feature is enabled or not on system. At present pwdump can dump passwords for Windows 2k/XP/2003/Vista/2008. No matter how many OS it supports the tool comes handy when you want to dump password hashes from server OS. Pwdump works on remote system by running hash extraction as service because Windows NT systems allows services to be installed remotely.

Fgdump:
It is utility to dump passwords on Windows NT/2000/XP/2003/Vista systems. Fgdump was once started as wrapper to pwdump and now stands out as independent password dumping program.

Note: Both programs will get detected as virus or Trojans by any anti-virus so before using them you have to disable your anti-virus as well as firewall. Don't forget to read details about how to use them properly since sometimes improper use may lead to system reboot and that's why I am not personally providing any tutorial on how to use it. Be careful while using these programs.

Monday, 16 December 2013

Types Of Password Attack-2

Types Of Password Attack-2


In last section we covered basic types of password attacks. Here in this section we will cover them in little detail. But before you read this post if you haven't read the previous post on types of password attacks I urge you to read it. So now lets move on to the second part of types of password hacking.

Passive Online Attack Types:

Wire Sniffing:

Most of the time when we talk of passive online attack we consider it as sniffing the password on wired or wireless networks. The password is captured during authentication phase and then compared to dictionary file or word list. The majority of Sniffer tools are ideally suited to sniff data in hub environment. These tools are also known as passive sniffers as they passively wait for data to be sent before capturing the information. User account passwords are commonly hashed or encrypted when sent on the network to prevent unauthorized access and use. In such cases hacker uses his special tools to crack password.

Man In The Middle Attack:

In man in the middle attack an attacker intercepts the authentication server and then captures traffic and forwards it to server. To perform this attack a hacker inserts a sniffer between client and server, like this he is able to sniff from both sides and can also capture password.

Replay Attack:

It occurs when the hacker intercepts the password and en routes to the authentication server and then captures and resend the authentication packets for later authentication. In this manner, the hacker doesn’t have to break the password or learn the password through MITM but rather captures the password and reuses the password-authentication packets later to authenticate as the client.

Active Online Attack:

Password Guessing:

Password guessing is an active online attack. It relies on human factor involved in creating passwords and only works on weak passwords. In this method an attacker tries to build a dictionary of words and names to make all possible combination that can be used as password. The attacker performs this attack with help of program that gives hundreds and thousands of words per second. A good password is hard to guess and easy to remember, so you must have good password to protect yourself from this kind of attack.

Offline Attack:

Dictionary Attack:

A dictionary attack is the simplest and quickest of type of attack. It’s used to identify a password that is an actual word, which can be found in a dictionary. Most commonly, the attack uses a dictionary file of possible words, which is hashed using the same algorithm used by the authentication process. Then, the hashed dictionary words are compared with hashed passwords as the user logs on, or with passwords stored in a file on the server. The dictionary attack works only if the password is an actual dictionary word, therefore this type of attack has some limitations. It can’t be used against strong passwords containing numbers or other symbols.

Hybrid Attacks:

A hybrid attack is the next level of attack a hacker attempts if the password can’t be found using a dictionary attack. The hybrid attack starts with a dictionary file and substitutes numbers and symbols for characters in the password. For example, many users add the number 1 to the end of their password to meet strong password requirements. A hybrid attack is designed to find those types of anomalies in passwords.

Brute Force:

The most time-consuming type of attack is a brute-force attack, which tries every possible combination of uppercase and lowercase letters, numbers, and symbols. A brute-force attack is the slowest of the three types of attacks because of the many possible combination of characters in the password. However, brute force is effective; given enough time and processing power, all passwords can eventually be identified.

Pre-Computed Hash:

Encrypted password that are stored can prove useless against dictionary attacks. If the file contains the encrypted password in readable format, the attacker can easily detect the hash function. He/she can then decrypt each and every word in the dictionary using hash function an then compare with the encrypted password. Storage of hashes requires large memory space and hence time-space trade-off is used to reduce memory space required to store hashes.

Syllable Attack:

Syllable attack is combination of both brute force and dictionary attack. This cracking technique is used when the password is not an existing word. Attackers use the dictionary and other methods to crack it. It also uses the possible combination of every word present in the dictionary.

Rule Based Attack:

This type of attack is used when attacker gets some information about the password. This is the most powerful attack because the cracker knows about the type of password. This technique involves use of brute force, dictionary and syllable attacks.

Rainbow Attack:

Rainbow attack is nothing but a little advanced from of precomputed hash. It uses already calculated information stored in memory to crack the cryptography. In rainbow attack the same technique is used, the password hash table is created in advance and stored into the memory. Such a plain table is known as rainbow table. A rainbow table is a look-up table specially used in recovering the plain text password from a cipher-text.

Non-Technical Attack:

Social Engineering:

Social engineering is the art of interacting with people either face to face or over the telephone and getting them to give out valuable information such as passwords. Social engineering relies on people’s good nature and desire to help others. Many times, a help desk is the target of a social-engineering attack because their job is to help people—and recovering or resetting passwords is a common function of the help desk. The best defense against social engineering attacks is security awareness training for all employees and security procedures for resetting passwords.

Shoulder Surfing:

Shoulder surfing involves looking over someone’s shoulder as they type a password. This can be effective when the hacker is in close proximity to the user and the system. Special screens that make it difficult to see the computer screen from an angle can cut down on shoulder surfing. In addition, employee awareness and training can virtually eliminate this type of attack.

Dumpster Diving:

Dumpster diving hackers look through the trash for information such as passwords, which may be written down on a piece of paper. Again, security awareness training on shredding important documents can prevent a hacker from gathering passwords by dumpster diving.