Documente Academic
Documente Profesional
Documente Cultură
(A)
(B)
CAPTCHA
It short for “ COMPLETELY AUTOMATED PUBLIC TURING TEST TO
TELL
COMPUTERS AND HUMANS APART”. Capthcha is commonly used by
websites to distinguish between humans and automated computer scripts or
bots . At the bottom of web forms Capthcha displays an image with some
distorted text with various distracting colours, backgrounds, lines and marks.
Such text is usually only possible to be read by humans and cannot be read by
computers or automated scripts. It is commonly used on the internet to prevent ..
--Automated fake accounts and being created and entered.
--E-mail Spam.
--Brute Force Password Cracking Attacks.
CRACKING CAPTCHA
CAPTCHA as a technology is constantly being improved and slowly
becoming more and more foolproof.However,many researchers have devised
ways to break CAPTCHA systems used by various websites .Although none
of these cracking techniques have a 100% success rate.
GREG MORI & JITENDRA MALIK
(http://www.cs.sfu.ca/~mori/research/gimpy/)have devised an approach
to crack GIMPY,the CAPTCHA system that is used by Yahoo. There
cracking techniques has the following main steps:
• Locate possible letters at various positions using shape matching
techniques.
• Construct a graph of letters that could be used together in a word.
• Move through the graph looking for real words.
But such an approach may not work if.
1. Dictionary words are not used by CAPTCHA and instead random
characters are used.
2. If the captcha system requires user to recognize more than 1 word
(like reCAPTCHA),then the probability of cracking is reduced.
(C)
1. Use your password reset disk to recover the Windows password Vista
and Windows 7 allow you to create a password reset disk, which enables you to
reset your password without much hassle. The problem with this option is that
you have to create the reset disk before the password is lost. Thus if you don’t
have a password reset disk, this option is not for you. You can find a description
of how to create a
password reset disk here.
2. Restore Windows 7 or Windows Vista to a previous state If you
configured a new password recently and can still remember the password you
used before, then you can restore Windows to a point in time before you
changed the password. The Restore function of Windows 7 and Windows Vista
will make sure that you don’t lose personal data. However, programs that have
been installed since the corresponding restore point have to be installed again.
All you need for this procedure is a Windows 7 or Windows Vista setup DVD. If
you are uncertain what System Restore is doing with your computer, read this
first. This approach doesn’t work with Windows XP.
3. Boot up Windows XP in Safe Mode and log on with the built-in
administrator account When you installed Windows XP, you had to set a
password for the Administrator account. If you still know this password, you can
boot up in Safe Mode (by pressing F8 when your computer starts) and log on
with the Administrator account. Read this Microsoft Knowledge Base article for
more information about Safe Mode. Note that whenever you reset the password
for a user using another account, this user will no longer be able to access files
that have been encrypted with EFS (Encrypted File System). Stored credentials
in the Windows Vault and Internet Explorer will also no longer be available. This
method doesn’t work in Vista and Windows 7 because the administrator account
is disabled by default in Safe Mode with these Windows versions. Below you will
learn how to enable the built-in admin account in Windows 7 and Vista.
4. Use the Sticky Keys trick to reset the Windows 7, Windows Vista,
and Windows XP password The Sticky Keys trick to restore a forgotten
administrator password is reliable, easy to carry out, and does not require third-
party software. All you have to do is boot up from a Windows 7 or Windows Vista
setup DVD, launch the Windows Recovery Environment (RE), and then replace
the sethc.exe file with cmd.exe. You can also use this method for Windows XP,
but you have to use a Vista or Windows 7 DVD.
5. Offline enable the built-in administrator account in Windows 7 and Vista
This method is useful if no other user account on this machine has administrator
privileges. You also need a Windows setup DVD (Vista or Windows 7). With this
DVD you can boot up Windows RE and edit the Registry to offline enable the
built-in administrator account. Also read my article about the offline Registry
editor if you don’t know how to edit the Registry in offline mode. After you enable
the built-in Administrator, you can log on with this account without requiring a
password and then reset the Windows password of any user account.
6. Get Petter Nordhal-Hagen’s free ntpasswd tool to reset the Windows
password The downside of this option is that you have to create a password
reset CD first. Then you can boot up with this CD and manipulate the Security
Accounts Manager (SAM) database. Please note that resetting the password
with third-party tools can also cause data loss as described in option 4. Also note
that this tool comes without any warranty. However, I’ve been using it quite a few
times and never had
any problem with it. The latest version also supports Windows Vista and
Windows
7. The advantage of this method is that it is quick if you
already have the password CD in your tool box. Thus it is useful for
admins who have to perform this procedure often. In all other cases I
recommend option 4. You can download the tool from net.
(D)
www.dtdc.com is website in which sql injection work.
(E)
What is that Birthday Paradox ?
The birthday paradox gets its name from the "strange" fact that in a
gathering of
23 persons, it's likely that 2 of these persons will have the same
birthday date.
To understand it, no need to be an ace in mathematics.
You're in a party and you go to ask someone his birthday date, the
chances that you
not sharing the same birthday date with this person are 364/365 or
0.997, therefore
the probability that you do share the same birthday date is 1 - 0.997 = 0.003
Now if you ask somebody else, the chances that you don't share the same
birthday
date than him AND the guy before are (364/365) x (363/365) = 0.992 and so we
can
deduce that the probability that at least, 2 of all of you share the
same birthday
date is 1 - 0.992 = 0.008
If we carry on these computations for some time, we find out that in a group of
23 persons, the chances are 50% that you someone finds someone else who
has the
same birthday date than him. You can use the following C code snippet to see
how
chances are evoluating in function of the number of persons.
For people unable to compile this code, here's an interesting array of outputed
values :
People 2 9 16 23 30 37 44 65 79
Chances 0.0027 0.0946 0.2836 0.5073 0.7063 0.8487 0.9329 0.9977
0.9999
(F)
DNS Spoofing is the art of making a DNS entry to point to an another
IP than it would
be supposed to point to. To understand better, let's see an example.
You're on your web browser and wish to see the news on www.cnn.com,
without to think of
it, you just enter this URL in your address bar and press enter.
Now, what's happening behind the scenes ? Well... basically, your
browser is going to
send a request to a DNS Server to get the matching IP address for
www.cnn.com, then
the DNS server tells your browser the IP address of CNN, so your
browser to connect
to CNN's IP address and display the content of the main page.
Hold on a minute... You get a message saying that CNN's web site has
closed because
they don't have anymore money to pay for their web site. You're so
amazed, you call
and tell that to your best friend on the phone, of course he's
laughing at you, but
to be sure, he goes to CNN web site to check by himself.
You are surprised when he tells you he can see the news of the day as
usual and you
start to wonder what's going on. Are you sure you are talking to the
good IP address ?
Let's check. You ask your friend to fire up his favorite DNS resolving tool (or
simply ping) and to give you the IP address he's getting for www.cnn.com.
Once you got it, you put it in your browser URL bar : http://212.153.32.65
You feel ridiculous and frustrated when you see CNN's web page with
its daily news.
Well you've just been the witness of a DNS hijacking scenario. You're
wondering what
happened, did the DNS Server told you the wrong IP address ? Maybe...
At least this
is the most obvious answer coming to our mind.
In fact there are two techniques for accomplishing this DNS hijacking.
Let's see the
first one, the "DNS ID Spoofing" technique.
5) Now if you ask your DNS server, about www.cnn.com IP address it will give
you
172.50.50.50, where the attacker run his own web server. Or even
simple, the attacker
could just run a bouncer forwarding all packets to the real web site
and vice versa,
so you would see the real web site, but all your traffic would be
passing through the
attacker's web site.