http://breakthesecurity.cysecurity.org/2011/08/hacking-basics-hacking-and-security-tutorials-index.

html

Hacking Basics | Hacking and Security Tutorials Index

Hacking Basics

What is computer hacking? Introduction to Hacking

What is computer hacking?

In a cyber security world, the person who is able to discover weakness in a system and managed
to exploit it to accomplish his goal referred as a Hacker , and the process is referred as Hacking.

Now a days, People started think that hacking is only hijacking Facebook accounts or defacing
websites. Yes, it is also part of hacking field but it doesnt mean that it is the main part of
hacking.

So what is exactly hacking, what should i do to become a hacker?! Dont worry, you will learn it
from Break The Security. The main thing you need to become a hacker is self-interest. You
should always ready to learn something and learn to create something new.

Now , let me explain about different kind of hackers exist in the cyber security world.
Script Kiddie
Script Kiddies are the persons who use tools , scripts, methods and programs created by real
hackers. In a simple word, the one who doesnt know how a system works but still able to
exploit it with previously available tools.

White Hat Hacker:

White Hat hackers are good guys who does the hacking for defensing. The main aim of a
Whitehat hacker is to improve the security of a system by finding security flaws and fixing it.
They work for an organization or individually to make the cyber space more secure.

Break The Security only concentrates on white-hat hacking and help you to learn the Ethical
Hacking world.

Black Hat Hacker:

BlackHat hackers are really bad guys , cyber criminals , who have malicious intent. The hackers
who steal money, infect systems with malware, etc are referred as BlackHat hackers. They use
their hacking skills for illegal purposes.

GreyHat hackers:
The hackers who may work offensively or defensively, depending on the situation. Hackers who
dont have malicious intentions but still like to break into third-party system for fun or just for
showing the existence of vulnerability.

Hacktivists
The hackers who use their hacking skills for protesting against injustice and attack a target
system and websites to bring the justice. One of the popular hacktivists is Anonymous and
RedHack.

Hacking Using Doxing -Doxing Complete Hacking Tutorial

I hope you read my last article about What is Doxing?. Let me explain more about Doxing in
this article.

Use of Doxing:

Hackers can track Innocent peoples data and hack their accounts.
Security Experts can trace the Hackers(can trace some innocent hackers only,N00bs).
This will be helpful for solving Cyber Crime cases.

Definiton of Doxing:

Doxing is derived from Document Tracing. Doxing is tracing the information from internet
resources about particular person.

Usually internet users left their information(like gender,name,city,..) in some websites(like social
network,..). So using some searching Techniques, we can gather complete data about a person.
This type of searching(tracing) is known as Doxing. This data can be used to hack their account
or trace them.

What you can find using Doxing?

Real Name, age,gender

Email id, registered websites
Social Network Page(facebook,twitter links)
Address, Phone Number
Parents Names and their Jobs
Place of Education (School/University etc.)
Relatives
and more data

From where you are going to start?

Yes, if you know person real name, then start from his name. If you know the username then
start from there. or if you know any other data, start from there Using name or username , search
for other information in google.

How to do Doxing?
Just assume you want to gather information about one of forum member. Let us assume his
username is peter. If you search in google as peter , you will get thousands results about peter.
So what you are going to do?
You have to some other information about peter in that forum itself. For example , You got his
birthday. Now you can continue your searching with peter xx/xx/xxx. This will reduce the
resutls.

Not only birthday, you can use some other info like signature. For example if he put signature in
forum as Dare Devil. You can continue searching using Peter Dare Devil. This will reduce
the Results.

Sometime your target person registered in multiple forums, websites,social networks So while
searching ,you will get result of registered website of him using that username or info.

Read Each posts of target person, he might left some more information about him any one of
forums or websites.

Using Email Address for Tracing:

If you got the email address of target person, it is much easier to trace the person. You can search
using in the following sites. you may get some data.

Websites that will be useful for Doxing:

www.myspace.com
www.bebo.com
www.facebook.com
www.google.com
www.pipl.com
www.wink.com
www.123people.com
www.zabasearch.com

You can find any other site related to target person and search for his data.

Doxing needs Intelligence:

Doxing needs Intelligence and searching ability. You have to guess where to search and what to
search about person. Depending on searching ability, you will get what you required.

Security Question:

Hacker can get the victims security question answer using doxing.

For example, if your questions is What is your pet?, he may guess. He will search with email
or username . you may left your my pet is xxx. So now you are the victim.

Dictionary Attack:
Hackers can gather information about the victim and create a dictionary file(wordlist) for a target
person alone. Using that dictionary file , he can crack your passwords.
Conclusion:
Doxing is one of powerful hacking method.

Security Tips of Users:

Dont use Internet. This is best security tip because your data can be traced by anyone. sounds
crazy?! No one like to leave the Internet. So i am giving some other tips for you.

Becareful when you give information in internet.

Use very Strong passwords .
Dont set Stupid security Question for account.

What is Doxing? Trace Peoples with Doxing

Day 1:
John: Hey my account security question is so strong. No can find it. It is hard to guess it.

BreakTheSec: Nice to hear.

Day 2:
John: BreakTheSec , some one hacked my ID !
BreakTheSec: Dont worry John that someone is me.

John: How did you do that?

BreakTheSec: Using Doxing brother.

John: Doxing is special software?

BreakTheSec: No brother it is one of method to trace the information about particular peoples.

John: How did you do that?

BreakTheSec: simple , you left your confidential data(answer for security question) in your
social network account. I searched in google with your name and details. After lot of searching
, finally I find the answer for your security question.

John: I thought no one can guess my security question. But now only I come to know , I left
this info in some social network.

BreakTheSec: Not only you brother. All peoples in internet doing like this. They think it is
hard to trace their info. But they didnt know about Doxing Method.

John: Ok BreakTheSec! can you please give my account back.

BreakTheSec: Sure.

John: BreakTheSec! Can you please explain me more about Doxing ?

Why you should hide IP(Internet
protocol)address?
What is IP Address?
IP address is Unique Identification Number that is assigned to your Internet Connection.Each house has
unique address ,right? Likewise, In Internet each machine some unique Address . This will be used to
identify your computer in Internet. Using IP address, we can trace the location of the User.

IP(internet protocol) address traced

when you click or open webpage or send mail a request will be send to associate server with your
IP address in header of request. This IP address can be tracked by their server using the header.
So website owners can track your IP address easily. Intruders/attackers can get your IP address
by website logs.

What will do intruders?

if intruders track your IP address, they can access to your computer remotely and steal
confidential data(credit card details,accounts details and etc).

banned in forum or website

sometimes website/forums owners can ban your IP address(eg: 212.1.1.1) or your region/country
IP address(eg: 212.1.0.0 to 212.255.255.255) because of your or your region illegal activity . So
you may not able to access your favorite website.

Why i should hide ip address

To protect your computer from being hacked by attackers.

To stop being tracked your online surfing
To access blocked websites/forums/social network
Access websites/forums banned your IP address
Multiple registration in forum/websites

How to hide Ip address

Proxy servers are used to hide the IP.(read how proxy server working?)
In two ways , you can use proxy server IP address.

set it manually.
use IP hiding software tools

.in this method, easy to use proxy server than manual process.

Why you should learn hacking?

One of The most searching words in google is How to become a hacker? but have you ever
think why you should learn hacking?

you may like to learn hacking because of

for fun
for doing crime

if you learn it for fun(for hacking friends accounts), you will be surrounded by friends. If you are
doing crime(for hacking third persons accounts), you will be surrounde by police.

Recently one of my online little brother asked in hacking forum how to learn hacking and
deface a website. Now a days the most of kids interested to learn hacking without knowing the
purpose. Without knowledge, they do crime also. So i have planned to post this article to make
them clear about hacking.

why am i teaching hacking

Im not teaching the hacking for fun or crime. I want everyone to know what type of problem
you will face while using internet.

You know friends my forum is hacked by some budding hacker. Actually i have to thank him
because he notify the security flows of my forum. Now i know the security flows of forums and
how to protect it.

In order to become a best police, you have to know how thief will plan. Likewise you have to
know how hacking is done , to become a security expert. You got it?

you have to learn hacking to know the problem. Not to hack others. Know the wrong way so that you
can prevent from picking the wrong one.

once again learn hacking to protect yourself not to attack others.

How to Become a Penetration Tester/Ethical

Hacker/Security Professional?
I have been asked for tips to become Ethical Hacker or Penetration tester via email. So In this
article, i am going to guide you to get into the Penetration Testing world.

If you are seeing this article, then it means that you already heard about Ethical Hacking and
PenTesting. Anyway, i just like to give small definition about Ethical hacking.

What is Ethical Hacking and Ethical Hacker?

Ethical Hacking, also known as Penetration testing, is the process of vulnerability testing or
hacking the system with a permission from corresponding vendor. Normally, organization who
are in the need of security recruits Ethical Hacker or PenTester for improving their security.

Ok, let us come to the article.

How to Become an Ethical Hacker?

1. Dedication : Dedication is the main key to become an ethical hacker. Dont plan to become
pentester because of money. If you really have interest, then go ahead.
2. Reading : Be a bookworm. Try to read books related to computer and its architecture. Buy
books related to Security and Ethical hacking.
3. Know how hackers hack into: You can not solve the problem until you know what is behind the
problem. So you have to learn method of hackers. How ??! Just read the articles provided in
our site.
4. Programming and Scripting: Learn Some programming or scripting languages because most of
time you will need to write a code to break into a system. Also, you have to know the coding for
understanding how a system works,then only you can penetrate into. Ok, which language?! My
suggestion is C. I Love C programming. It is one of best,powerful language and easy to learn.
Some peoples prefer python. As far as i am concerned, once you learned one language, it is
easy for you to learn any other languages. There are are plenty of online programming tutorial
sites are out there.
5. Linux: Ok, it is time to switch from Windows to Linux. Learn to work with Linux.
6. BackTrack Linux Distribution: Backtrack Linux is one of the famous Penetration Testing
Linux distribution. This backtrack is funded by Offensive Security. It has almost all penetration
testing tools required for security professionals.
7. Get Certification for Ethical Hackers: Some organization recruits based on security
certification. You can learn and get ethical certification from your nearest center. Search in
google for these keywords CEH,OSCP,security certifications. Anyway, if you have
dedication and confidence, you dont need a certificate and get into a firm easily.
8. BreakTheSecurity: In BreakTheSecurity , i have written plenty of articles related to Ethical
hacking and penetration testing. Hope it will help you to get some knowledge. Also, you can
find the latest ethical hacking techniques here.
9. Forums: Participate in any Security or ethical Hacking related forums.
10. Need help?! feel free to contact me

Opportunities for Ethical Hacker

There are plenty of jobs available in government organisations, banks, financial institutions,
military establishments and private companies. India requires more Ethical Hackers.

How Does Anti virus detects viruses?

I hope you know what is computer Anti Virus. But you may not know how the anti virus works.
Here i am sharing how the antivirus software works.
What you know about Anti Virus software?

Antivirus software gives protection against the viruses and Malware. Antivirus can detect the
malicious software ,then delete or put it in quarantine.

The process behind the Anti Virus

The Antivirus follows two methods to detect the malicious software. They are

Virus Dictionary Based Detection

Suspicious Activity Detection

Virus Dictionary Based Detection

In this method, Antivirus manage a dictionary file which has the identified virus signatures.
Whenever an executable is running, antivirus will check the executable file source code with the
dictionary. If the source code match with any virus signature, then antivirus will immediately
inform you that the virus is found.
Antivirus will check the executable file whenever file is opened or created or emailed or
downloading.

Example:
Let us assume the malicious code is 11010011 and this code is in dictionary file. If any
executable file runs with the above malicious code, the antivirus immediately block and alerts
the user.

Day to day the hackers can create new viruses, the source code of virus will vary. The antivirus
can not detect the virus with old Signature of viruses. You have to update the virus signature so
that it can detect new viruses.

Drawback of this Method

Hackers found a hacking trick to bypass this security method, The Crypter. Yes, hackers can
encrypt the source code into different source code such that it will look like safest source code.
So if the antivirus checks for the source code, it wont find the malicious code (because it is
another form). (I will give detailed explanation about the crypter in my next post.). The
drawback can be solved by including the crypted malicious code to dictionary file.

Suspicious Activity Detection

The suspicious activity detection method is more effective than the Dictionary based approach.
It can detect even a new virus. Antivirus observes the behavior of the executable file. If the
executable file does any illegal process or create any executable file, the antivirus will block the
executable file and alert the user .

Drawback
It is annoying process. The accuracy is less so it may detect any safe executable file as virus.

Importance of Mobile IMEI Number

What is an IMEI?
The IMEI (International Mobile Equipment Identity) is a unique 17 or 15 digit code used to
identify an individual mobile station to a GSM or UMTS network. The IMEI number provides an
important function; it uniquely identifies a specific mobile phone being used on a mobile
network. The IMEI is a useful tool to prevent a stolen handset from accessing a network and
being used to place calls. Mobile phone owners who have their phones stolen can contact their
mobile network provider and ask them disable a phone using its IMEI number. With an IMEI
number, the phone can be blocked from the network quickly and easily.

It is important to note that swapping a SIM card will not stop a phone from being banned. IMEI
numbers are stored in the phones themselves, not on the SIM cards.

An IMEI is only used to identify the device and does not relate to a specific individual or
organization. Other numbers such as the ESN (Electronic Serial Numbers) and MEID (Mobile
Equipment Identifiers) can link an individual to a phone. Usually, an IMSI number stored on a
SIM card can identify the subscriber on a network.
There are several ways in which you can locate your mobile phones IMEI number. The IMEI
can usually be found on the handset, beneath the battery, sometimes printed on a small white
label. Another way to easily locate your IMEI phone is to dial the following sequence of
numbers into the handset: *#06#. If you have a Sony Ericsson mobile phone, you can retrieve the
IMEI by pressing the following key sequence: right,*, left, left,*, left, *, left.

The Structure of an IMEI Number

IMEI numbers either come in a 17 digit or 15 digit sequences of numbers. The IMEI format
currently utilized is AA-BBBBBB-CCCCCC-D:

AA: These two digits are for the Reporting Body Identifier, indicating the GSMA approved group
that allocated the TAC (Type Allocation Code).
BBBBBB: The remainder of the TAC
CCCCCC: Serial sequence of the Model
D: Luhn check digit of the entire model or 0 (This is an algorithm that validates the ID number)

Central Equipment Identity Register (CEIR)

If a mobile handset is lost or stolen, the owner of the device can contact the CEIR (Central
Equipment Identity Register) which will blacklist the device in all currently operating switches.
This makes the lost or stolen handset unusable. The action of blacklisting stolen mobile handsets
is seen as a deterrent to crime. It is possible, however, to change an IMEI with special tools and
there are certain mobile networks that do not automatically blacklist handsets registered with the
CEIR. Current statistics state that approximately ten percent of IMEIs in use today are not
unique or have been reprogrammed (hacked).

CEIR Classification of Handsets

Color Meaning

White Valid Mobile Station

Grey Mobile Station to be tracked

Black Barred Mobile Station

What is Session in computer World? Magic

Cookies
What is Session?
HTTP communicates with lot of TCP connections, Server should create unique identifer for each
Connection.
A Session is a unique identifier that is generated and sent to the client from a server in order to
identify the Current Interaction Session.

Whenever you visit a webpage or login to website, the server will store the data about you in
your system as a cookie. This cookies will help to identify you.

For example , you are login to Facebook.com. when you login to your account, a cookie will be
generated and stored in your local system. if you click the logout, cookies will be destroyed.

Software Implementation:
TCP sessions are implemented using Multi threading concept. Whenever session is generated , a
new thread will be created.

HTTP sessions are typically not implemented using one thread per session, but by means of a
database with information about the state of each session.

Server side web sessions:

The sessions are stored in Server Machine.

Client side web sessions:

Client-side sessions use cookies . This will reduce the server side storage.

This is best method but there is one drawback. Sessions stored in client is vulnerable to
tampering by the hackers. This can be overcome by encrypting the session(but hackers are able
to decrypt it also).

HTTP session token

The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in
GET or POST queries.

The reason to use session tokens is that the client only has to handle the identifier. All session
data is stored on the server (usually in a database, to which the client does not have direct access)
linked to that identifier.

Magic cookie is simply a cookie that is used to authenticate the user on remote server or simply
computer. In general, cookies are used to maintain the sessions on the websites and store the
remote address of the website.

Convert ASCII characters to Binary 0r

Binary to Characters
You may need this website. Some websites may store the password in binary format. You can
view the password by decoding the Binary to ASCII. Also you can encode the ASCII character
to Binary digits.

Visit:

http://www.theskull.com/javascript/ascii-binary.html

How you are getting large number of spam

mail ? Know why
Are you getting lot of spam mails to your inbox? Do you know why it comes to your mail? The
mistake is yours only. Because of you only you are getting larger number of spam. How you
responsible for that? Go ahead to know what is your mistake.

Spam Mail Definition:

Also known as junk mail. Sending large number of identical message to numerous recipients .
Advertisers ,merchants sends large number of mail to recipients for advertising purpose using
softwares and some websites.

How they get your email id?

They get your mail id because of your mistakes only.

Social Networking Sites:

Most of you use social networking sites daily. I wont say using social networking sites is bad.
But sending request or accepting stranger is one of the major reason for getting spam mail.
Advertisers will gain your weakness. If you are blindly accepting the request means, spam mail
will be definitely in your mail. Sometimes they get your phone number and send advertisement
to your mobile or some other communication sources.

What you have to do?

Apply privacy setting for your contact information. Dont accept the request from strangers(in
order to attract you they may send you request like a girl).

Online Games and contests:

Some websites tell you that they will give prize if you win in the online game. This is also one
of the reason for getting spam mail.

Job /Career websites:

Job offering websites is the major reason for getting spam mail. But some website sell your mail
to advertisers. This will result in spam.

Forum:
Like i said for social networking site, in forum also you have to consider the privacy settings.
Select Dont show mail and Dont receive mail from members so that you can avoid of getting
spam mails.

Mail Searching:
Advertisers(spammers) search for mail id in internet using some softwares(like @mail.com )
If you are webmaster ,you may give contactus link with
mailto:mailid@domain.com.
Spammers can find your mail id if you give the mail id plainly like this.
tips:

Use 123 contact forms for hiding your mail id.

or show mail id like this : mailid[at]domain[dot]com
Use mail Badge Image(i mean show your mail id as image).

Overall suggestion:
Use two mail id. One is for contributing in online. Other one is personal.

Cookies Editing Web Developer Mozilla

Addon
Today i am going to introduce a mozilla add on which will very helpful for web developers (for
hackers also).

Features:

View/Add/Edit Cookies
Clear cookies
Disable image in website
Disable java script in website
Disable css in website
more

Download and install the add on from here:

https://addons.mozilla.org/en-US/firefox/addon/60

or try this

https://addons.mozilla.org/en-US/firefox/addon/web-developer/
Introduction to Social Engineering world |
Hack the people
What is Social Engineering?

Social engineering is the act of manipulating people into performing actions or divulging
confidential information, rather than by breaking in or using technical cracking techniques.[1]
While similar to a confidence trick or simple fraud, the term typically applies to trickery or
deception for the purpose of information gathering, fraud, or computer system access; in most
cases the attacker never comes face-to-face with the victim.

Social engineering as an act of psychological manipulation was popularized by hacker-turned-

consultant Kevin Mitnick. The term had previously been associated with the social sciences, but
its usage has caught on among computer professionals.
Example 1: You receive an e-mail where the sender and the manager or someone on behalf of
the support department of your bank.

In the message he says that the Internet Banking service is presenting a problem and that this
problem can be corrected if you run the application attached to this message.

The implementation of this application presents a screen similar the one you use to access bank
account, waiting for you to type your password. In fact, this application is prepared to steal your
password to access the bank account and sends it to the attacker.

skip to methods of Social Engineering

Some Examples
Example 1: You receive an e-mail where the sender and the manager or someone on behalf of
the support department of your bank.

In the message he says that the Internet Banking service is presenting a problem and that this
problem can be corrected if you run the application attached to this message.

The implementation of this application presents a screen similar the one you use to access bank
account, waiting for you to type your password. In fact, this application is prepared to steal your
password to access the bank account and sends it to the attacker

Example 2: You receive an e-mail saying that your computer is infected by a virus. The message
suggests that you install a tool available on an Internet site, to eliminate the virus from your
computer.

The real function of this tool and does not eliminate a virus, but I give someone access to your
computer and all data stored on it.
Example 3: a stranger calls your house and says it is the technical support of your ISP.
In this connection he says that his connection to the Internet is presenting a problem and then,
ask your password to fix it. If you give your password, this so-called technical can perform a
multitude of malicious activities, using your access account
Internet and therefore such activities relating to its name.

Practical Examples:

Retail Paging Systems

Wal-Mart store phones have clearly marked buttons for the paging system. Wal-Mart is
the exception, not the rule. So how do you get on the paging system to have a little
fun when youre bored out of your mind shopping with your girlfriend? Social
engineering, my whipped friend. Find a phone and dial an extension, preferably the
store op. The key here is to become a harried employee, saying something similar
toThis is Bill in shoes. Whats the paging extension? More often than not,
youll get the extension without another word. Now, get some by saying something
sweet over the intercom.

Airport White Courtesy Phones

Imagine youve already been stripped searched and youre waiting for your delayed
flight. Naturally, you gravitate to a phone. Is it white? Then youve got a free
call right in front of you. Just pick up to get the op. This is Bill at Southwest,
Gate A5. Were swamped and our phones are tied. Can I get an outside line? If
the phone does not have DTMF, or the op wants to dial the call for you, do not call
a number related to you.

Hotels

Hotels hold such promise. Some hotels have voice mail for each room, guests
receiving a PIN when they check in. Hotels also have guest phones; phones outside
of rooms that connect only to rooms or the front desk. Pick up a guest phone, make
like a friendly guest and say, I forgot my PIN. Could I get it again? Room XXX.
Knowing the registered name of the target room helps, for the Hotel and Restaurant
Management Degree Program graduate may ask for it.

Do not follow through with the next social engineering example. Or, like the author,
try it on a friend. Go to the front desk and tell the attendant that youve locked
your key (card) in the laundromat, in your room, lost it, etc. Do not try this with
the attendant that checked you in. And again, do not enter someones room without
permission.

Calling Technical Support

-
So youve found a new-fangled computerized phone and you want to learn more about it.
Do the same thing you do when you have trouble with your AOL call tech support.
First, do a little planning (after getting the tech support number off of the phone
or the web). Get some info on the phone, like phone number, model number, other
identifying numbers, etc. Also, know the name of the facility in which the phone is
located. Now that youve got some ammo, youre ready to make the call. Posing as an
employee of the facility, call tech support and make up a problem for the phone
youve identified. Act a little dumb and be apologetic, acting like you dont want
to waste their time. All the while, pumping them for information I hate to bug
you for this, but <insert problem here>. <Youll get some info from tech support
here.> <Build on what youve learned and curiously ask another question.> And so
on until you reach the point where you can feel that its time to end the call.
Occasionally acting amazed at their knowledge may be helpful.

Methods of Social Engineering

Phishing
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher
sends an e-mail that appears to come from a legitimate business a bank, or credit card
company requesting verification of information and warning of some dire consequence if it
is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate
with company logos and content and has a form requesting everything from a home
address to an ATM cards PIN.

For example, 2003 saw the proliferation of a phishing scam in which users received e-mails
supposedly from eBay claiming that the users account was about to be suspended unless a link
provided was clicked to update a credit card (information that the genuine eBay already had).
Because it is relatively simple to make a Web site resemble a legitimate organizations site by
mimicking the HTML code, the scam counted on people being tricked into thinking they were
being contacted by eBay and subsequently, were going to eBays site to update their account
information. By spamming large groups of people, the phisher counted on the e-mail being
read by a percentage of people who already had listed credit card numbers with eBay
legitimately, who might respond.

Vishing or Phone Phishing:

This technique uses an Interactive Voice Response (IVR) system to recreate a legit sounding
copy of a bank or other institutions IVR system. The slave is prompted to call in to the bank
via a phone number provided in order to verify information.

Baiting
Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or
greed of the slave. In this attack, the attacker leaves a malware infected floppy disc, CD ROM, or
USB flash drive in a location sure to be found, gives it a legitimate looking and curiosity-piquing
label, and simply waits for the slave to use the device.

Quid pro quo

Quid pro quo means something for something:
* An attacker calls random numbers at a company claiming to be calling back from technical
support. Eventually they will hit someone with a legitimate problem, grateful that someone is
calling back to help them. The attacker will help solve the problem and in the process have the
user type commands that give the attacker access or launch malware.

* In a 2003 information security survey, 90% of office workers gave researchers what they
claimed was their password in answer to a survey question in exchange for a cheap pen. Similar
surveys in later years obtained similar results using chocolates and other cheap lures, although
they made no attempt to validate the passwords.

Introduction to Cryptography
Now a days Internet is important part of Life. We are using Internet for sending confidential
data also like password,for storing army secrets. But the Internet is insecure medium. Do you
know why?

Insecure Medium:
Imagine you are sending a data. In internet world data are separated as packets and send to
destination. Do you think the data directly reaching the destination? If you think so,you are
wrong. The packets are going through different routers. Finally the data is send to user. In this
gap, Intruders(i mean attackers) takes advantages. Intruders can see what you are sending.
Because your data are simple and easy to readable by anyone.

How to secure the data?

We can not stop the intruders and their activities. But we can make our data as Unreadable for
Intruders. For this purpose the Cryptography is introduced.

Introduction to Cryptography:
Julius Ceaser who introduce the Cryptography technology. Cryptography is technology in
which we are changing the plain text to unreadable text(known as cipher text) .

In your home you put money in locker, Isnt it? The locker probably has key to open. Imagine
thief is coming to your home to steal. if he want to open the locker,certainly he need the key.
Without the key he can not do. Yeah i can hear what you are saying, he can break the locker. If
the locker is very strong,he can not open it at all.

Likewise in cryptography also we are going to create a Key for our data. So that Intruders can
not read the data. It is possible to read the data, if the encryption(will explain later) is weak. So
we need to encryption method very strong.

Terminologies used In cryptography:

Plain Text:
original data or text is known as Plain text.
Cipher Text:
The encrypted message(unreadable message).
 Encryption:
Changing the Plain text to unreadable.
Decryption:
Changing the cipher text to plain text.

Traditional Encryption Methods:

Ceaser Cipher
Mono Alphabetic Cipher
Play Fair Cipher
Hill cipher
Poly Alphabetic Cipher
Rail Fence Technique.

Ceaser Cipher:
Most simplest encryption method. In this method we are going to replace the alphabets with
shifted alphabets.
Eg:
Consider Plain text is: break
if we use Key is 3, then the cipher text will be found by:

b+3 r+3 e+3 a+3 k+3

Shifted to three alphabets final cipher text is:

euhdn

If the intruders see the cipher text(here euhdn) ,he can not understand anything. But this
method is easily hackable . Because intruders can try 25 shifts and finally he can get the result.

Many encryption methods are introduced to make better security.

Today Encryption methods:

AES(Advanced Entyption Standard)

DES(Data Encryption Standard)
RSA(Name of the creators).
MD5(Message Digest -5)
SHA(Secure Hash Algorithm

For secure transaction , SSL (Secure Socket Layer ) is introduced. In next post ill give detailed
explanation for the SSL layer.

What is spyware ? How it comes to your pc?

Prevent it
Often you can heard a word spyware. Is it important to know about spyware ? Yes!
We are in advanced technology world. Day by day the technology is developing. At the same
time crime is also increasing. One of the crime is spyware method.

Spyware:

Spywareis software that resides on a computer and sends information to its creator. That
information may include surfing habits, system details or, in its most dangerous form, passwords
and login information for critical applications such as online banking. Many spyware programs
are more annoying than dangerous, serving up pop-up ads or gathering e-mail addresses for use
inspamcampaigns. Even those programs, however, can cost you valuable time and computing
resources.
According to a number of sources, the first use of the term spyware occurred in a 1994 posting
that made light of Microsofts business model. Later, the term was used to describe devices used
for spying, such as small cameras and microphones. In 2000, a press release from security
software provider Zone Labs used the current meaning of spyware for the first time and its been
used that way ever since.

How it comes to ur pc

Often, spyware comes along with a free software application, such as a game or a supposed
productivity booster. Once its downloaded to your computer, the functional element of the
software works exactly as promised, while the information-gathering system sets up shop behind
the scenes and begins feeding your personal data back to headquarters.

Internet security
The Best way to avoid and remove spywares is installing a best internet security software or
spyware remover softwares. Get a original internet security and update it properly. Scan daily
your pc using internet security while scanning you better to avoid doing other things in your pc.
My advice is use KASPERSKY INTERNET SECURITYfor better security.

other than internet security, you prevent your system from getting infect. Becareful when you
download files from websites and mail.

What is Computer Worm?

A computer worm is a program which copies itself across a network.
A computer worm differs from a computer virus in that a computer worm can run itself. A virus
needs a host program to run, and the virus code runs as part of the host program. A computer
worm can spread without a host program, although some modern computer worms also use files
to hide inside.

Well known examples of the computer worm

The original computer worm was (perhaps accidentally) unleashed on the Internet by Robert
Tappan Morris in 1988. TheInternet Worm used send mail, fingerd, and rsh/rexec to spread itself
across the Internet.
The SQL Slammer Worm of 2003 used a vulnerability in Microsoft SQL Server 2000 to spread
itself across the Internet. The Blaster Worm, also of 2003, used a vulnerability in Microsoft
DCOM RPC to spread itself.
The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004 all spread
through e-mail. These worms shared some features of a trojan horse , in that they spread by
enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through thepeer-to-peer file sharingapplication KaZaA.
The Mydoom worms attempted aDenial of Service (DoS) attackagainst SCO and
Microsoft.Protecting yourself against computer worms

Computer worms which spread through vulnerabilities in network services can best be protected
against by keeping up-to-date in installing patches provided by operating system and application
vendors. This includes worms like SQL Slammer and Blaster.
Computer worms which spread like trojan horses can best be defended against by not opening
attachments in your e-mail. These infected attachments are not limited to .EXE files. Microsoft
Word and Excel files can contain macros which spread infection.

What is Malicious Softwares? What are the

type of Malicious Softwares.
What is Malware?:
Malware is a malicious software. This software include the program that exploit the
vulnerabilities in computing system. The purpose of malicious software is harm you or steal the
information from you.

Types of Malicious Softwares:

There are three characteristics of malwares:

1 Self-replicating malware actively attempts to propagate by creating new

copies, or instances, of itself. Malware may also be propagated passively,
by a user copying it accidentally, for example, but this isnt self-replication.

2 The population growth of malware describes the overall change in the number
of malware instances due to self-replication. Malware that doesnt selfreplicate
will always have a zero population growth, but malware with a
zero population growth may self-replicate.

3 Parasitic malware requires some other executable code in order to exist.

Executable in this context should be taken very broadly to include anything
that can be executed, such as boot block code on a disk, binary code
Trojan Horse:

Self-replicating: no
Population growth: zero
Parasitic: yes
The most famous malicious software is Trojan Horse.

There was no love lost between the Greeks and the Trojans. The Greeks had
besieged the Trojans, holed up in the city of Troy, for ten years. They finally
took the city by using a clever ploy: the Greeks built an enormous wooden horse,
concealing soldiers inside, and tricked the Trojans into bringing the horse into
Troy. When night fell, the soldiers exited the horse and much unpleasantness
ensued.

In computing, a Trojan horse is a program which purports to do some benign

task, but secretly performs some additional malicious task. A classic example is
a password-grabbing login program which prints authentic-looking username
and password prompts, and waits for a user to type in the information. When
this happens, the password grabber stashes the information away for its creator,
then prints out an invalid password message before running the real login
program. The unsuspecting user thinks they made a typing mistake and reenters
the information, none the wiser.

Logic Bomb:

Self-replicating: no
Population growth: zero
Parasitic: possibly
The oldest type of malicious software. This program is embedded with
some other program. When certain condition meets, the logic bomb will destroy your pc.
It also crash at particular date which is fixed by attacer. It will be included in legitimate or
authorized person like this:

legitimate code
if date is Friday the 13th:
crash_computerO
legitimate code

Eg:
if some antivirus trying to delete or clean the logic bomb. The logic bomb will destroy the pc.

Back Door or Trap Door:

 Self-replicating: no
Population growth: zero
Parasitic: possibly

A back door is any mechanism which bypasses a normal security check. Programmers
sometimes create back doors for legitimate reasons, such as skipping
a time-consuming authentication process when debugging a network server.
As with logic bombs, back doors can be placed into legitimate code or be
standalone programs.

username = read_username()
password = read_password()
if tisername i s 133t h4ck0r:
return ALLOW^LOGIN
if username and password are valid:
return ALLOW_LOGIN
e l s e:
return DENY^LOGIN

One special kind of back door is a RAT, which stands for Remote Administration
Tool or Remote Access Trojan, depending on whos asked. These programs
allow a computer to be monitored and controlled remotely;

Virus:
Self-replicating: yes
Population growth: positive
Parasitic: yes

A virus is malware that, when executed, tries to replicate itself into other executable
code; when it succeeds, the code is said to be infected. The infected
code, when run, can infect new code in turn. This self-replication into existing
executable code is the key defining characteristic of a virus.
Types of Virus
1.Parasitic virus:
Traditional and common virus. This will be attached with EXE files and search for other EXE
file to infect them.
2. Memory Resident Virus:
Present in your system memory as a system program. From here onwards it will infects all
program that executes.
3. Boot Sector Virus:
Infects the boot record and spread when the system is booted from the disk containing the
virus.
4. Stealth Virus:
This virus hides itself from detection of antivirus scanning.
Worm:

Self-replicating: yes
Population growth: positive
Parasitic: no

A worm shares several characteristics with a virus. The most important characteristic
is that worms are self-replicating too, but self-replication of a worm
is distinct in two ways. First, worms are standalone, and do not rely on other
executable code. Second, worms spread from machine to machine across networks.

Rabbit:
Self-replicating: yes
Population growth: zero
Parasitic: no
Rabbit is the term used to describe malware that multiplies rapidly. Rabbits
may also be called bacteria, for largely the same reason.

There are actually two kinds of rabbit.The first is a program which tries
to consume all of some system resource, like disk space. A fork bomb, a
program which creates new processes in an infinite loop, is a classic example
of this kind of rabbit. These tend to leave painfully obvious trails pointing to
the perpetrator, and are not of particular interest.

The second kind of rabbit, which the characteristics above describe, is a

special case of a worm. This kind of rabbit is a standalone program which
replicates itself across a network from machine to machine, but deletes the
original copy of itself after replication. In other words, there is only one copy
of a given rabbit on a network; it just hops from one computer to another.
Rabbits are rarely seen in practice.

Spyware:

Spyware is software which collects information from a computer and

transmits
it to someone else.

The exact information spyware gathers may vary, but can include anything
which potentially has value:
1 Usernames and passwords. These might be harvested from files on the
machine, or by recording what the user types using a key logger. A keylogger
differs from a Trojan horse in that a keylogger passively captures keystrokes
only; no active deception is involved.

2 Email addresses, which would have value to a spammer.

3 Bank account and credit card numbers.

4 Software license keys, to facilitate software pirating.

Definitions

Adware:

Self-replicating: no
Population growth: zero
Parasitic: no

Adware has similarities to spyware in that both are gathering information

about
the user and their habits. Adware is more marketing-focused, and may pop up
advertisements or redirect a users web browser to certain web sites in the hopes
of making a sale. Some adware will attempt to target the advertisement to fit
the context of what the user is doing. For example, a search for Calgary may
result in an unsolicited pop-up advertisement for books about Calgary.
Adware may also gather and transmit information about users which can be
used for marketing purposes. As with spyware, adware does not self-replicate.

Zombies:

Computers that have been compromised can be used by an attacker for a

variety of tasks, unbeknownst to the legitimate owner; computers used in this
way are called zombies. The most common tasks for zombies are sending spam
and participating in coordinated, large-scale denial-of-service attacks.

Signs that your system is Infected by Malware:

Slow down, malfunction, or display repeated error messages

Wont shut down or restart

Serve up a lot of pop-up ads, or display them when youre not surfing the web

Display web pages or programs you didnt intend to use, or send emails you didnt write.
Java Vulnerable Lab Learn to Hack and
secure Java based Web Applications
http://breakthesecurity.cysecurity.org/2015/03/hacking-java-web-applications.html

Trick to Browse Forums without Login or

register in forum
Got vexed with forums ah? whenever you visit new forum it will ask you to register or login to
view the post. For just seeing only one post ,we dont need to waste time with registering in that
forum. Here is simple trick or hack whatever you call to view the post of forum without
registering.

The simple logic is that All websites and forums will block unregistered users, but they wont
block Google Bot. we can change our userAgent with the google bot user agent and easily
browse the forums.

visit This site http://chrispederick.com/work/user-agent-switcher/ . It will provide you the

mozilla user agent add on for you. click the download add on. That will bring you to the mozila
add on page for user Agent

Download the addon and install it in mozila. now restart the browser.

*Now go to Tools menu and select Default User Agent

*Select User Agent Switcher
*Now select Options (for guide see the picture)

http://breakthesecurity.cysecurity.org/
It will open the small window like this:

click the new button and select New User Agent.

This will open another small window for adding new user agent like this:

Fill the Form with following values in corresponding field:

Description : crawl-66-249-66-1.googlebot.com
User Agent: Googlebot/2.1 (+http://www.googlebot.com/bot.html)

Left the all other fields as blank.

 click ok.
Restar the Browser.
Now go to Tools and select Default User Agent
You can find there option like this crawl-66-249-66-1.googlebot.com
select that option.
thats all finished

Now you can browse the forums without registering

Note:
after visiting forums set it to Default User agent.
whenever you want to see forums set crawl-66-249-66-1.googlebot.com as user agent.

I hope you this will useful for you..

Need any help just comment here.
want to say thanks just comment here.