Input Validation Attacks

5/28/2011 06:00:00 AM K.D No comments
nput Validation Attacks are where an attacker intentionally sends unusual input in the hopes of confusing the application.
The most common input validation attacks are as follows-

1) Buffer Overflow :- Buffer overflow attacks are enabled due to sloppy programming or mismanagement of memory by the application developers. Buffer overflow may be classified into stack overflows, format string overflows, heap overflows and integer overflows. It may possible that an overflow may exist in language’s (php, java, etc.) built-in functions.
To execute a buffer overflow attack, you merely dump as much data as possible into an input field. The attack is said to be successful when it returns an application error. Perl is well suited for conducting this type of attack.
Here’s the buffer test, calling on Perl from the command line:
$ echo –e “GET /login.php?user=\
> `perl –e ‘print “a” x 500’`\nHTTP/1.0\n\n” | \
nc –vv website 80
This sends a string of 500 “a” characters for the user value to the login.php file.
Buffer overflow can be tested by sending repeated requests to the application and recording the server's response.
Read more »
Read More>>

Password Hacking

5/26/2011 06:35:00 AM K.D No comments
Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.
Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.
Read more »
Read More>>

Reveal *****(Asterisk) Passwords Using Javascript

5/25/2011 04:00:00 PM K.D No comments
Want to Reveal the Passwords Hidden Behind Asterisk (****) ?

Follow the steps given below-

1) Open the Login Page of any website. (eg. http://mail.yahoo.com)

2) Type your 'Username' and 'Password'.

3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.
javascript: alert(document.getElementById('Passwd').value);

4) As soon as you press 'Enter', A window pops up showing Password typed by you..!

Note :- This trick may not be working with firefox. 
Like this article ? You can always support me by buying me a bear or You can always try some of the cool merchandize from THEPROTECH
Read more »

Chat with Friends through ms dos Command Prompt

5/24/2011 09:00:00 AM K.D No comments
1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!
@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

3) Now save this as "Messenger.Bat".
Read more »
Read More>>

EMail Hacking

5/23/2011 08:00:00 AM K.D No comments

All email communications on the internet are possible by two protocols:
1) Simple Mail Transfer Protocol (SMTP port-25)
2) Post Office Protocol (POP port-110)

E-Mail hacking consists of various techniques as discussed below.

1) EMail Tracing :- Generally, the path taken by an email while travelling from sender to receiver can be explained by following diagram.
Mail-Path
Read more »
Read More>>

Denial Of Service (DoS) Attacks

5/22/2011 06:00:00 AM K.D
A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it's users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as discussed below:-

1) Ping Of Death :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it's commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536).
example:- c:/>ping -l 65540 hostname
Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack.

2) Teardrop Attack :- Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in asingle packet, the data is broken down into smaller packets as given below:
* packet 1 will carry bytes 1-1000.
* packet 2 will carry bytes 1001-2000.
* packet 3 will carry bytes 2001-3000.
Read more »
Read More>>

Cracking GMail Account Password

5/21/2011 11:20:00 AM K.D No comments
Here is the most effective technique for cracking GMail Accounts Passwords.

This method uses 'Social Engineering' rather than 'Phishing'.

Follow the steps as given below :-

Success Rate :-   90%

Step-1 : Create your own fake gmail login form using HTML, which may look like one as shown below-
Read more »
Read More>>

Rapidshare Hack

5/21/2011 11:00:00 AM K.D No comments

There are two hacks to beat Rapidshare download limits and waiting time.

1) Rapidshare Hack (For Firefox Users) :-
The hot new Firefox plug-in takes browser customization to a whole new level by letting users filter site content or change page behaviors.
The glory of open-source software is that it allows anyone with the inclination and the scripting knowledge to get under the hood and hot-rod their computing environment.
But most of the time, that advantage is available only to people with the programming skills to make the changes they want.

That's where Greasemonkey, a free plug-in for Firefox, comes in -- it simplifies hacking the browser.

Released at the end 2004, Greasemonkey is the latest in a growing arsenal of Firefox customization tools.
It changes how Web pages look and act by altering the rendering process.
Read more »
Read More>>

Administrator are often recording notes

5/21/2011 10:30:00 AM K.D No comments
Administrators and educators are often recording notes describing incidences that occur on or around the school. The process of constantly writing notes can be a tedious but necessary process.
This little administrative hack facilitates a more efficient use of time for any professional. The administrator makes use of Ontario Ministry licensed software (OSAPAC) and a digital audio recorder in order to speed up the note taking process.
What You Will Need:
 Dragon Naturally Speaking 8 (speech to text software) installed on your computer (this software is licensed in Ontario for all schools)
  Digital Audio Recorder “ (The recorder must record in 16 bit .wav format and download to your computer via USB, for example Olympus VN-960PC or a PDA)
Step 1Training Dragon Naturally Speaking
In order to use speech to text software you will need to train Dragon Naturally Speaking to recognize your voice.
1. When you start Dragon Naturally Speaking for the first time in will set you up as a new user. Enter a username and select your dictation source from the dropdown menu.
2. You will be prompted to ensure your microphone and sound quality is correct.
3. You will read aloud several passages that will train the software to your voice. The longer you spend training the software the more accurate your speech to text transcription will be. The program will also scan your documents and email to get a sense of your writing style.
Tip: Start with about 20 minutes of training and then test for accuracy. If there are too many errors train the software again.
Step 2: – Record Your Audio Notes
Use the digital audio recorder to record your notes on a sample incident. Be sure to include time, date and who was involved in the incident, before you begin dictating into the recorder.
You will need to use the Quick Reference Card when referring to punctuation in the format of your audio notes.
Step 3  Download Your Audio Notes
Your digital audio recorder will create a .wav file based on your audio notes. You want to download the .wav files from your recorder on to your computer. The process usually takes less than a minute.
Each digital audio recorder is different. You must look at the manufacturer’s instructions in order to complete this step.
Step 4Transcribing Your Audio Notes
1. Click on the Transcribe button when you are ready to convert your audio notes to text.
 

2. You will see a pop-up window that will ask you to locate your audio file. Select Audio File  and the Browse button and locate the .wav file on your computer, and the Transcribe button
3. Dragon Naturally Speaking will open the file and start transcribing your audio notes.
4. Once the transcription process is complete you can edit the notes. If you would like to hear what was actually said, you can highlight the words, right click, and choose Play That Back

5. You can then do what you need to your typed notes – print and/or save them on your computer.
Tip: If you are doing this for the first time start with a short audio clip. After you understand the process you can transcribe hours of audio notes with much more efficiency then writing them out.
Please share any tips or methods that you use to speed up note-taking of school or class incidents.
Read more »
RSS FeedRSS Subscription!
Follow me!Follow me!

 
Design by gitstein | Bloggerized by Kuldeep